|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* This is a lightweight proxy for serving images, generally meant to be used alongside SSL |
|
5
|
|
|
* |
|
6
|
|
|
* Simple Machines Forum (SMF) |
|
7
|
|
|
* |
|
8
|
|
|
* @package SMF |
|
9
|
|
|
* @author Simple Machines https://www.simplemachines.org |
|
10
|
|
|
* @copyright 2022 Simple Machines and individual contributors |
|
11
|
|
|
* @license https://www.simplemachines.org/about/smf/license.php BSD |
|
12
|
|
|
* |
|
13
|
|
|
* @version 2.1.2 |
|
14
|
|
|
*/ |
|
15
|
|
|
|
|
16
|
|
|
if (!defined('SMF')) |
|
17
|
|
|
define('SMF', 'PROXY'); |
|
18
|
|
|
|
|
19
|
|
|
if (!defined('SMF_VERSION')) |
|
20
|
|
|
define('SMF_VERSION', '2.1.2'); |
|
21
|
|
|
|
|
22
|
|
|
if (!defined('SMF_FULL_VERSION')) |
|
23
|
|
|
define('SMF_FULL_VERSION', 'SMF ' . SMF_VERSION); |
|
24
|
|
|
|
|
25
|
|
|
if (!defined('SMF_SOFTWARE_YEAR')) |
|
26
|
|
|
define('SMF_SOFTWARE_YEAR', '2022'); |
|
27
|
|
|
|
|
28
|
|
|
if (!defined('JQUERY_VERSION')) |
|
29
|
|
|
define('JQUERY_VERSION', '3.6.0'); |
|
30
|
|
|
|
|
31
|
|
|
if (!defined('POSTGRE_TITLE')) |
|
32
|
|
|
define('POSTGRE_TITLE', 'PostgreSQL'); |
|
33
|
|
|
|
|
34
|
|
|
if (!defined('MYSQL_TITLE')) |
|
35
|
|
|
define('MYSQL_TITLE', 'MySQL'); |
|
36
|
|
|
|
|
37
|
|
|
if (!defined('SMF_USER_AGENT')) |
|
38
|
|
|
define('SMF_USER_AGENT', 'Mozilla/5.0 (' . php_uname('s') . ' ' . php_uname('m') . ') AppleWebKit/605.1.15 (KHTML, like Gecko) SMF/' . strtr(SMF_VERSION, ' ', '.')); |
|
39
|
|
|
|
|
40
|
|
|
/** |
|
41
|
|
|
* Class ProxyServer |
|
42
|
|
|
*/ |
|
43
|
|
|
class ProxyServer |
|
44
|
|
|
{ |
|
45
|
|
|
/** @var bool $enabled Whether or not this is enabled */ |
|
46
|
|
|
protected $enabled; |
|
47
|
|
|
|
|
48
|
|
|
/** @var int $maxSize The maximum size for files to cache */ |
|
49
|
|
|
protected $maxSize; |
|
50
|
|
|
|
|
51
|
|
|
/** @var string $secret A secret code used for hashing */ |
|
52
|
|
|
protected $secret; |
|
53
|
|
|
|
|
54
|
|
|
/** @var string The cache directory */ |
|
55
|
|
|
protected $cache; |
|
56
|
|
|
|
|
57
|
|
|
/** @var int $maxDays until entries get deleted */ |
|
58
|
|
|
protected $maxDays; |
|
59
|
|
|
|
|
60
|
|
|
/** @var int $cachedtime time object cached */ |
|
61
|
|
|
protected $cachedtime; |
|
62
|
|
|
|
|
63
|
|
|
/** @var string $cachedtype type of object cached */ |
|
64
|
|
|
protected $cachedtype; |
|
65
|
|
|
|
|
66
|
|
|
/** @var int $cachedsize size of object cached */ |
|
67
|
|
|
protected $cachedsize; |
|
68
|
|
|
|
|
69
|
|
|
/** @var string $cachedbody body of object cached */ |
|
70
|
|
|
protected $cachedbody; |
|
71
|
|
|
|
|
72
|
|
|
/** |
|
73
|
|
|
* Constructor, loads up the Settings for the proxy |
|
74
|
|
|
* |
|
75
|
|
|
* @access public |
|
76
|
|
|
*/ |
|
77
|
|
|
public function __construct() |
|
78
|
|
|
{ |
|
79
|
|
|
global $image_proxy_enabled, $image_proxy_maxsize, $image_proxy_secret, $cachedir, $sourcedir; |
|
80
|
|
|
|
|
81
|
|
|
require_once(dirname(__FILE__) . '/Settings.php'); |
|
82
|
|
|
require_once($sourcedir . '/Subs.php'); |
|
83
|
|
|
|
|
84
|
|
|
// Ensure we don't trip over disabled internal functions |
|
85
|
|
|
if (version_compare(PHP_VERSION, '8.0.0', '>=')) |
|
86
|
|
|
require_once($sourcedir . '/Subs-Compat.php'); |
|
87
|
|
|
|
|
88
|
|
|
// Make absolutely sure the cache directory is defined and writable. |
|
89
|
|
|
if (empty($cachedir) || !is_dir($cachedir) || !is_writable($cachedir)) |
|
90
|
|
|
{ |
|
91
|
|
|
if (is_dir($boarddir . '/cache') && is_writable($boarddir . '/cache')) |
|
|
|
|
|
|
92
|
|
|
$cachedir = $boarddir . '/cache'; |
|
93
|
|
|
else |
|
94
|
|
|
{ |
|
95
|
|
|
$cachedir = sys_get_temp_dir() . '/smf_cache_' . md5($boarddir); |
|
96
|
|
|
@mkdir($cachedir, 0750); |
|
97
|
|
|
} |
|
98
|
|
|
} |
|
99
|
|
|
|
|
100
|
|
|
// Turn off all error reporting; any extra junk makes for an invalid image. |
|
101
|
|
|
error_reporting(0); |
|
102
|
|
|
|
|
103
|
|
|
$this->enabled = (bool) $image_proxy_enabled; |
|
104
|
|
|
$this->maxSize = (int) $image_proxy_maxsize; |
|
105
|
|
|
$this->secret = (string) $image_proxy_secret; |
|
106
|
|
|
$this->cache = $cachedir . '/images'; |
|
107
|
|
|
$this->maxDays = 5; |
|
108
|
|
|
} |
|
109
|
|
|
|
|
110
|
|
|
/** |
|
111
|
|
|
* Checks whether the request is valid or not |
|
112
|
|
|
* |
|
113
|
|
|
* @access public |
|
114
|
|
|
* @return bool Whether the request is valid |
|
115
|
|
|
*/ |
|
116
|
|
|
public function checkRequest() |
|
117
|
|
|
{ |
|
118
|
|
|
if (!$this->enabled) |
|
119
|
|
|
return false; |
|
120
|
|
|
|
|
121
|
|
|
// Try to create the image cache directory if it doesn't exist |
|
122
|
|
|
if (!file_exists($this->cache)) |
|
123
|
|
|
if (!mkdir($this->cache) || !copy(dirname($this->cache) . '/index.php', $this->cache . '/index.php')) |
|
124
|
|
|
return false; |
|
125
|
|
|
|
|
126
|
|
|
// Basic sanity check |
|
127
|
|
|
$_GET['request'] = validate_iri($_GET['request']); |
|
128
|
|
|
|
|
129
|
|
|
// We aren't going anywhere without these |
|
130
|
|
|
if (empty($_GET['hash']) || empty($_GET['request'])) |
|
131
|
|
|
return false; |
|
132
|
|
|
|
|
133
|
|
|
$hash = $_GET['hash']; |
|
134
|
|
|
$request = $_GET['request']; |
|
135
|
|
|
|
|
136
|
|
|
if (hash_hmac('sha1', $request, $this->secret) != $hash) |
|
137
|
|
|
return false; |
|
138
|
|
|
|
|
139
|
|
|
// Ensure any non-ASCII characters in the URL are encoded correctly |
|
140
|
|
|
$request = iri_to_url($request); |
|
141
|
|
|
|
|
142
|
|
|
// Attempt to cache the request if it doesn't exist |
|
143
|
|
|
if (!$this->isCached($request)) |
|
144
|
|
|
return $this->cacheImage($request); |
|
145
|
|
|
|
|
146
|
|
|
return true; |
|
147
|
|
|
} |
|
148
|
|
|
|
|
149
|
|
|
/** |
|
150
|
|
|
* Serves the request |
|
151
|
|
|
* |
|
152
|
|
|
* @access public |
|
153
|
|
|
*/ |
|
154
|
|
|
public function serve() |
|
155
|
|
|
{ |
|
156
|
|
|
$request = $_GET['request']; |
|
157
|
|
|
// Did we get an error when trying to fetch the image |
|
158
|
|
|
$response = $this->checkRequest(); |
|
159
|
|
|
if (!$response) |
|
160
|
|
|
{ |
|
161
|
|
|
// Throw a 404 |
|
162
|
|
|
send_http_status(404); |
|
163
|
|
|
exit; |
|
|
|
|
|
|
164
|
|
|
} |
|
165
|
|
|
|
|
166
|
|
|
// We should have a cached image at this point |
|
167
|
|
|
$cached_file = $this->getCachedPath($request); |
|
168
|
|
|
|
|
169
|
|
|
// Read from cache if you need to... |
|
170
|
|
|
if ($this->cachedbody === null) |
|
171
|
|
|
{ |
|
172
|
|
|
$cached = json_decode(file_get_contents($cached_file), true); |
|
173
|
|
|
$this->cachedtime = $cached['time']; |
|
174
|
|
|
$this->cachedtype = $cached['content_type']; |
|
175
|
|
|
$this->cachedsize = $cached['size']; |
|
176
|
|
|
$this->cachedbody = $cached['body']; |
|
177
|
|
|
} |
|
178
|
|
|
|
|
179
|
|
|
$time = time(); |
|
180
|
|
|
|
|
181
|
|
|
// Is the cache expired? Delete and reload. |
|
182
|
|
|
if ($time - $this->cachedtime > ($this->maxDays * 86400)) |
|
183
|
|
|
{ |
|
184
|
|
|
@unlink($cached_file); |
|
185
|
|
|
if ($this->checkRequest()) |
|
186
|
|
|
$this->serve(); |
|
187
|
|
|
$this->redirectexit($request); |
|
188
|
|
|
} |
|
189
|
|
|
|
|
190
|
|
|
$eTag = '"' . substr(sha1($request) . $this->cachedtime, 0, 64) . '"'; |
|
191
|
|
|
if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) && strpos($_SERVER['HTTP_IF_NONE_MATCH'], $eTag) !== false) |
|
192
|
|
|
{ |
|
193
|
|
|
send_http_status(304); |
|
194
|
|
|
exit; |
|
|
|
|
|
|
195
|
|
|
} |
|
196
|
|
|
|
|
197
|
|
|
// Make sure we're serving an image |
|
198
|
|
|
$contentParts = explode('/', !empty($this->cachedtype) ? $this->cachedtype : ''); |
|
199
|
|
|
if ($contentParts[0] != 'image') |
|
200
|
|
|
exit; |
|
|
|
|
|
|
201
|
|
|
|
|
202
|
|
|
$max_age = $time - $this->cachedtime + (5 * 86400); |
|
203
|
|
|
header('content-type: ' . $this->cachedtype); |
|
204
|
|
|
header('content-length: ' . $this->cachedsize); |
|
205
|
|
|
header('cache-control: public, max-age=' . $max_age); |
|
206
|
|
|
header('last-modified: ' . gmdate('D, d M Y H:i:s', $this->cachedtime) . ' GMT'); |
|
207
|
|
|
header('etag: ' . $eTag); |
|
208
|
|
|
echo base64_decode($this->cachedbody); |
|
209
|
|
|
} |
|
210
|
|
|
|
|
211
|
|
|
/** |
|
212
|
|
|
* Returns the request's hashed filepath |
|
213
|
|
|
* |
|
214
|
|
|
* @access public |
|
215
|
|
|
* @param string $request The request to get the path for |
|
216
|
|
|
* @return string The hashed filepath for the specified request |
|
217
|
|
|
*/ |
|
218
|
|
|
protected function getCachedPath($request) |
|
219
|
|
|
{ |
|
220
|
|
|
return $this->cache . '/' . sha1($request . $this->secret); |
|
221
|
|
|
} |
|
222
|
|
|
|
|
223
|
|
|
/** |
|
224
|
|
|
* Check whether the image exists in local cache or not |
|
225
|
|
|
* |
|
226
|
|
|
* @access protected |
|
227
|
|
|
* @param string $request The image to check for in the cache |
|
228
|
|
|
* @return bool Whether or not the requested image is cached |
|
229
|
|
|
*/ |
|
230
|
|
|
protected function isCached($request) |
|
231
|
|
|
{ |
|
232
|
|
|
return file_exists($this->getCachedPath($request)); |
|
233
|
|
|
} |
|
234
|
|
|
|
|
235
|
|
|
/** |
|
236
|
|
|
* Attempts to cache the image while validating it |
|
237
|
|
|
* |
|
238
|
|
|
* Redirects to the origin if |
|
239
|
|
|
* - the image couldn't be fetched |
|
240
|
|
|
* - the MIME type doesn't indicate an image |
|
241
|
|
|
* - the image is too large |
|
242
|
|
|
* |
|
243
|
|
|
* @access protected |
|
244
|
|
|
* @param string $request The image to cache/validate |
|
245
|
|
|
* @return bool Whether the specified image was cached |
|
246
|
|
|
*/ |
|
247
|
|
|
protected function cacheImage($request) |
|
248
|
|
|
{ |
|
249
|
|
|
$dest = $this->getCachedPath($request); |
|
250
|
|
|
$ext = strtolower(pathinfo(parse_iri($request, PHP_URL_PATH), PATHINFO_EXTENSION)); |
|
|
|
|
|
|
251
|
|
|
|
|
252
|
|
|
$image = fetch_web_data($request); |
|
253
|
|
|
|
|
254
|
|
|
// Looks like nobody was home |
|
255
|
|
|
if (empty($image)) |
|
256
|
|
|
$this->redirectexit($request); |
|
257
|
|
|
|
|
258
|
|
|
// What kind of file did they give us? |
|
259
|
|
|
$finfo = finfo_open(FILEINFO_MIME_TYPE); |
|
260
|
|
|
$mime_type = finfo_buffer($finfo, $image); |
|
261
|
|
|
|
|
262
|
|
|
// SVG needs a little extra care |
|
263
|
|
|
if ($ext == 'svg' && in_array($mime_type, array('text/plain', 'text/xml')) && strpos($image, '<svg') !== false && strpos($image, '</svg>') !== false) |
|
264
|
|
|
$mime_type = 'image/svg+xml'; |
|
265
|
|
|
|
|
266
|
|
|
// Make sure the url is returning an image |
|
267
|
|
|
if (strpos($mime_type, 'image/') !== 0) |
|
268
|
|
|
$this->redirectexit($request); |
|
269
|
|
|
|
|
270
|
|
|
// Validate the filesize |
|
271
|
|
|
$size = strlen($image); |
|
272
|
|
|
if ($size > ($this->maxSize * 1024)) |
|
273
|
|
|
$this->redirectexit($request); |
|
274
|
|
|
|
|
275
|
|
|
// Populate object for current serve execution (so you don't have to read it again...) |
|
276
|
|
|
$this->cachedtime = time(); |
|
277
|
|
|
$this->cachedtype = $mime_type; |
|
278
|
|
|
$this->cachedsize = $size; |
|
279
|
|
|
$this->cachedbody = base64_encode($image); |
|
280
|
|
|
|
|
281
|
|
|
// Cache it for later |
|
282
|
|
|
return file_put_contents($dest, json_encode(array( |
|
283
|
|
|
'content_type' => $this->cachedtype, |
|
284
|
|
|
'size' => $this->cachedsize, |
|
285
|
|
|
'time' => $this->cachedtime, |
|
286
|
|
|
'body' => $this->cachedbody, |
|
287
|
|
|
))) !== false; |
|
288
|
|
|
} |
|
289
|
|
|
|
|
290
|
|
|
/** |
|
291
|
|
|
* A helper function to redirect a request |
|
292
|
|
|
* |
|
293
|
|
|
* @access private |
|
294
|
|
|
* @param string $request |
|
295
|
|
|
*/ |
|
296
|
|
|
private function redirectexit($request) |
|
297
|
|
|
{ |
|
298
|
|
|
header('Location: ' . un_htmlspecialchars($request), false, 301); |
|
299
|
|
|
exit; |
|
300
|
|
|
} |
|
301
|
|
|
|
|
302
|
|
|
/** |
|
303
|
|
|
* Delete all old entries |
|
304
|
|
|
* |
|
305
|
|
|
* @access public |
|
306
|
|
|
*/ |
|
307
|
|
|
public function housekeeping() |
|
308
|
|
|
{ |
|
309
|
|
|
$path = $this->cache . '/'; |
|
310
|
|
|
if ($handle = opendir($path)) |
|
311
|
|
|
{ |
|
312
|
|
|
while (false !== ($file = readdir($handle))) |
|
313
|
|
|
{ |
|
314
|
|
|
if (is_file($path . $file) && !in_array($file, array('index.php', '.htaccess')) && time() - filemtime($path . $file) > $this->maxDays * 86400) |
|
315
|
|
|
unlink($path . $file); |
|
316
|
|
|
} |
|
317
|
|
|
|
|
318
|
|
|
closedir($handle); |
|
319
|
|
|
} |
|
320
|
|
|
} |
|
321
|
|
|
} |
|
322
|
|
|
|
|
323
|
|
|
if (SMF == 'PROXY') |
|
|
|
|
|
|
324
|
|
|
{ |
|
325
|
|
|
$proxy = new ProxyServer(); |
|
326
|
|
|
$proxy->serve(); |
|
327
|
|
|
} |
|
328
|
|
|
|
|
329
|
|
|
?> |
SimpleMachines /
SMF2.1
Loading history...
