private static function apply(simple_html_dom $dom, $attribute, $elements, ProxyHttpRequest $request) { foreach ($dom->find($elements . '[' . $attribute . ']') as $element) { $attr_val = $element->getAttribute($attribute); if ($attr_val) { // Ignore these links. if (startsWith($attr_val, array('data:', 'javascript:', 'mailto:', '.'))) { continue; } // Turn protocol relative URLs into HTTPS. if (isset($attr_val[1]) && $attr_val[1] == '/' && $attr_val[0] == '/') { $attr_val = 'https:' . $attr_val; $element->setAttribute($attribute, $attr_val); } else { $attr_val_components = parse_url($attr_val); // Nothing to do without paths. if (isset($attr_val_components['path'])) { // Remove current host. if (isset($attr_val_components['host']) && $attr_val_components['host'] == $request->getUrlComponent('host')) { unset($attr_val_components['host']); } // If URL without host. if (!isset($attr_val_components['host'])) { // If path does not start with a slash, prepend current path directory. if ($attr_val_components['path'][0] != '/') { $attr_val_components['path'] = dirname($request->getUrlComponent('path')) . '/' . $attr_val_components['path']; } $attr_val = '.' . http_build_path_query_fragment($attr_val_components); $element->setAttribute($attribute, $attr_val); } } } /* * Special for existing base href values. They should always end with a slash, * but browsers are lenient if it's eg http://example.com. But since we may rewrite * the value later, it might have a path and without the slash it will fail. */ if ($element->tag == 'base') { $last_char = $attr_val[strlen($attr_val) - 1]; if ($last_char != '/') { $attr_val .= '/'; $element->setAttribute($attribute, $attr_val); } } } } }
public function getUrl() { static $url; if (!isset($url)) { if (isset($_GET[RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME]) && $_GET[RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME] == Conf::OUTPUT_TYPE_APK && Conf::$apk_url) { $url = Conf::$apk_url; $filename = basename(parse_url($url, PHP_URL_PATH)); header('Content-Disposition: attachment; filename=' . $filename); // Run after all other code to override other content-type header. register_shutdown_function(function () { header('Content-Type: application/vnd.android.package-archive'); }); } else { $url = RedirectWhenBlockedFull::getRequestUriWithoutQueryStringParam(); $this->removeThisScriptDirFromUrl($url); if (startsWith($url, '/http://') || startsWith($url, '/https://')) { $url = substr($url, 1); if (!TextExternalUrlFilters::matchesUrl($url)) { header('HTTP/1.0 403 Forbidden'); exit; } // If we for some reason have the default upstream host and scheme in the URL, remove them. $url_components = parse_url($url); if ($url_components['host'] == Conf::getDefaultUpstreamBaseUrlComponent('host') && $url_components['scheme'] == Conf::getDefaultUpstreamBaseUrlComponent('scheme')) { $new_url = http_build_path_query_fragment($url_components); $new_url = RedirectWhenBlockedFull::getBaseUrl() . ltrim($new_url, '/'); header('Location: ' . $new_url); exit; } // Use in DomUtlFilters for relative URLs. $base_url_suffix = rtrim(http_build_scheme_host($url), '/') . '/'; RedirectWhenBlockedFull::setBaseUrlSuffix($base_url_suffix); } else { if ($url == '/') { if (Conf::$default_upstream_url) { $url = Conf::$default_upstream_url; } } $url = Conf::$default_upstream_base_url . $url; } } } // Reverse rewrites of parameters inside URL. TextExternalUrlFilters::applyReverse($url); Log::add($url, 'url'); return $url; }