public static function applyReverse(&$body) { foreach (RedirectWhenBlockedFull::getAltBaseUrls() as $alt_base_url) { $searches = array($alt_base_url . 'http://' => 'http://', $alt_base_url . 'https://' => 'https://', $alt_base_url => Conf::getDefaultUpstreamBaseUrlComponent('scheme') . '://' . Conf::getDefaultUpstreamBaseUrlComponent('host') . '/'); // Add url-encoded versions. foreach ($searches as $search => $replace) { $search = urlencode($search); if (!isset($searches[$search])) { $searches[$search] = urlencode($replace); } } // Special case when only first colon is encoded. // Should be moved to site-specific config. foreach ($searches as $search => $replace) { $search = str_replace('://', urlencode(':') . '//', $search); if (!isset($searches[$search])) { $searches[$search] = str_replace('://', urlencode(':') . '//', $replace); } } foreach ($searches as $search => $replace) { $body = str_replace($search, $replace, $body); } } }
public function getUrl() { static $url; if (!isset($url)) { if (isset($_GET[RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME]) && $_GET[RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME] == Conf::OUTPUT_TYPE_APK && Conf::$apk_url) { $url = Conf::$apk_url; $filename = basename(parse_url($url, PHP_URL_PATH)); header('Content-Disposition: attachment; filename=' . $filename); // Run after all other code to override other content-type header. register_shutdown_function(function () { header('Content-Type: application/vnd.android.package-archive'); }); } else { $url = RedirectWhenBlockedFull::getRequestUriWithoutQueryStringParam(); $this->removeThisScriptDirFromUrl($url); if (startsWith($url, '/http://') || startsWith($url, '/https://')) { $url = substr($url, 1); if (!TextExternalUrlFilters::matchesUrl($url)) { header('HTTP/1.0 403 Forbidden'); exit; } // If we for some reason have the default upstream host and scheme in the URL, remove them. $url_components = parse_url($url); if ($url_components['host'] == Conf::getDefaultUpstreamBaseUrlComponent('host') && $url_components['scheme'] == Conf::getDefaultUpstreamBaseUrlComponent('scheme')) { $new_url = http_build_path_query_fragment($url_components); $new_url = RedirectWhenBlockedFull::getBaseUrl() . ltrim($new_url, '/'); header('Location: ' . $new_url); exit; } // Use in DomUtlFilters for relative URLs. $base_url_suffix = rtrim(http_build_scheme_host($url), '/') . '/'; RedirectWhenBlockedFull::setBaseUrlSuffix($base_url_suffix); } else { if ($url == '/') { if (Conf::$default_upstream_url) { $url = Conf::$default_upstream_url; } } $url = Conf::$default_upstream_base_url . $url; } } } // Reverse rewrites of parameters inside URL. TextExternalUrlFilters::applyReverse($url); Log::add($url, 'url'); return $url; }
require 'conf-local.inc.php'; function getCacheControlHeader($max_age, $stale_while_revalidate, $stale_if_error) { return 'max-age=' . $max_age . ', stale-while-revalidate=' . $stale_while_revalidate . ', stale-if-error=' . $stale_if_error; } function getDownstreamOrigin() { static $downstream_origin_verified; if (!isset($downstream_origin_verified)) { $downstream_origin_verified = NULL; if (isset($_SERVER['HTTP_ORIGIN'])) { $downstream_origin = $_SERVER['HTTP_ORIGIN']; } elseif (isset($_SERVER['HTTP_REFERER'])) { $downstream_origin = http_build_scheme_host($_SERVER['HTTP_REFERER']); } if (isset($downstream_origin)) { foreach (RedirectWhenBlockedFull::getAltBaseUrls() as $alt_url_base) { if ($downstream_origin == http_build_scheme_host($alt_url_base)) { $downstream_origin_verified = $downstream_origin; break; } } } } return $downstream_origin_verified; } RedirectWhenBlockedFull::addUrlsFromConfDir(); TextExternalUrlFilters::addHost(Conf::getDefaultUpstreamBaseUrlComponent('host')); DomUrlFilters::addAttribute('action'); DomUrlFilters::addAttribute('href'); DomUrlFilters::addAttribute('src');