public static function applyReverse(&$body)
{
foreach (RedirectWhenBlockedFull::getAltBaseUrls() as $alt_base_url) {
$searches = array($alt_base_url . 'http://' => 'http://', $alt_base_url . 'https://' => 'https://', $alt_base_url => Conf::getDefaultUpstreamBaseUrlComponent('scheme') . '://' . Conf::getDefaultUpstreamBaseUrlComponent('host') . '/');
// Add url-encoded versions.
foreach ($searches as $search => $replace) {
$search = urlencode($search);
if (!isset($searches[$search])) {
$searches[$search] = urlencode($replace);
}
}
// Special case when only first colon is encoded.
// Should be moved to site-specific config.
foreach ($searches as $search => $replace) {
$search = str_replace('://', urlencode(':') . '//', $search);
if (!isset($searches[$search])) {
$searches[$search] = str_replace('://', urlencode(':') . '//', $replace);
}
}
foreach ($searches as $search => $replace) {
$body = str_replace($search, $replace, $body);
}
}
}
public function getUrl()
{
static $url;
if (!isset($url)) {
if (isset($_GET[RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME]) && $_GET[RedirectWhenBlockedFull::QUERY_STRING_PARAM_NAME] == Conf::OUTPUT_TYPE_APK && Conf::$apk_url) {
$url = Conf::$apk_url;
$filename = basename(parse_url($url, PHP_URL_PATH));
header('Content-Disposition: attachment; filename=' . $filename);
// Run after all other code to override other content-type header.
register_shutdown_function(function () {
header('Content-Type: application/vnd.android.package-archive');
});
} else {
$url = RedirectWhenBlockedFull::getRequestUriWithoutQueryStringParam();
$this->removeThisScriptDirFromUrl($url);
if (startsWith($url, '/http://') || startsWith($url, '/https://')) {
$url = substr($url, 1);
if (!TextExternalUrlFilters::matchesUrl($url)) {
header('HTTP/1.0 403 Forbidden');
exit;
}
// If we for some reason have the default upstream host and scheme in the URL, remove them.
$url_components = parse_url($url);
if ($url_components['host'] == Conf::getDefaultUpstreamBaseUrlComponent('host') && $url_components['scheme'] == Conf::getDefaultUpstreamBaseUrlComponent('scheme')) {
$new_url = http_build_path_query_fragment($url_components);
$new_url = RedirectWhenBlockedFull::getBaseUrl() . ltrim($new_url, '/');
header('Location: ' . $new_url);
exit;
}
// Use in DomUtlFilters for relative URLs.
$base_url_suffix = rtrim(http_build_scheme_host($url), '/') . '/';
RedirectWhenBlockedFull::setBaseUrlSuffix($base_url_suffix);
} else {
if ($url == '/') {
if (Conf::$default_upstream_url) {
$url = Conf::$default_upstream_url;
}
}
$url = Conf::$default_upstream_base_url . $url;
}
}
}
// Reverse rewrites of parameters inside URL.
TextExternalUrlFilters::applyReverse($url);
Log::add($url, 'url');
return $url;
}
require 'conf-local.inc.php';
function getCacheControlHeader($max_age, $stale_while_revalidate, $stale_if_error)
{
return 'max-age=' . $max_age . ', stale-while-revalidate=' . $stale_while_revalidate . ', stale-if-error=' . $stale_if_error;
}
function getDownstreamOrigin()
{
static $downstream_origin_verified;
if (!isset($downstream_origin_verified)) {
$downstream_origin_verified = NULL;
if (isset($_SERVER['HTTP_ORIGIN'])) {
$downstream_origin = $_SERVER['HTTP_ORIGIN'];
} elseif (isset($_SERVER['HTTP_REFERER'])) {
$downstream_origin = http_build_scheme_host($_SERVER['HTTP_REFERER']);
}
if (isset($downstream_origin)) {
foreach (RedirectWhenBlockedFull::getAltBaseUrls() as $alt_url_base) {
if ($downstream_origin == http_build_scheme_host($alt_url_base)) {
$downstream_origin_verified = $downstream_origin;
break;
}
}
}
}
return $downstream_origin_verified;
}
RedirectWhenBlockedFull::addUrlsFromConfDir();
TextExternalUrlFilters::addHost(Conf::getDefaultUpstreamBaseUrlComponent('host'));
DomUrlFilters::addAttribute('action');
DomUrlFilters::addAttribute('href');
DomUrlFilters::addAttribute('src');
