1 | <?php |
||
2 | |||
3 | /** |
||
4 | * This is a lightweight proxy for serving images, generally meant to be used alongside SSL |
||
5 | * |
||
6 | * Simple Machines Forum (SMF) |
||
7 | * |
||
8 | * @package SMF |
||
9 | * @author Simple Machines https://www.simplemachines.org |
||
10 | * @copyright 2022 Simple Machines and individual contributors |
||
11 | * @license https://www.simplemachines.org/about/smf/license.php BSD |
||
12 | * |
||
13 | * @version 2.1.2 |
||
14 | */ |
||
15 | |||
16 | if (!defined('SMF')) |
||
17 | define('SMF', 'PROXY'); |
||
18 | |||
19 | if (!defined('SMF_VERSION')) |
||
20 | define('SMF_VERSION', '2.1.2'); |
||
21 | |||
22 | if (!defined('SMF_FULL_VERSION')) |
||
23 | define('SMF_FULL_VERSION', 'SMF ' . SMF_VERSION); |
||
24 | |||
25 | if (!defined('SMF_SOFTWARE_YEAR')) |
||
26 | define('SMF_SOFTWARE_YEAR', '2022'); |
||
27 | |||
28 | if (!defined('JQUERY_VERSION')) |
||
29 | define('JQUERY_VERSION', '3.6.0'); |
||
30 | |||
31 | if (!defined('POSTGRE_TITLE')) |
||
32 | define('POSTGRE_TITLE', 'PostgreSQL'); |
||
33 | |||
34 | if (!defined('MYSQL_TITLE')) |
||
35 | define('MYSQL_TITLE', 'MySQL'); |
||
36 | |||
37 | if (!defined('SMF_USER_AGENT')) |
||
38 | define('SMF_USER_AGENT', 'Mozilla/5.0 (' . php_uname('s') . ' ' . php_uname('m') . ') AppleWebKit/605.1.15 (KHTML, like Gecko) SMF/' . strtr(SMF_VERSION, ' ', '.')); |
||
39 | |||
40 | /** |
||
41 | * Class ProxyServer |
||
42 | */ |
||
43 | class ProxyServer |
||
44 | { |
||
45 | /** @var bool $enabled Whether or not this is enabled */ |
||
46 | protected $enabled; |
||
47 | |||
48 | /** @var int $maxSize The maximum size for files to cache */ |
||
49 | protected $maxSize; |
||
50 | |||
51 | /** @var string $secret A secret code used for hashing */ |
||
52 | protected $secret; |
||
53 | |||
54 | /** @var string The cache directory */ |
||
55 | protected $cache; |
||
56 | |||
57 | /** @var int $maxDays until entries get deleted */ |
||
58 | protected $maxDays; |
||
59 | |||
60 | /** @var int $cachedtime time object cached */ |
||
61 | protected $cachedtime; |
||
62 | |||
63 | /** @var string $cachedtype type of object cached */ |
||
64 | protected $cachedtype; |
||
65 | |||
66 | /** @var int $cachedsize size of object cached */ |
||
67 | protected $cachedsize; |
||
68 | |||
69 | /** @var string $cachedbody body of object cached */ |
||
70 | protected $cachedbody; |
||
71 | |||
72 | /** |
||
73 | * Constructor, loads up the Settings for the proxy |
||
74 | * |
||
75 | * @access public |
||
76 | */ |
||
77 | public function __construct() |
||
78 | { |
||
79 | global $image_proxy_enabled, $image_proxy_maxsize, $image_proxy_secret, $cachedir, $sourcedir; |
||
80 | |||
81 | require_once(dirname(__FILE__) . '/Settings.php'); |
||
82 | require_once($sourcedir . '/Subs.php'); |
||
83 | |||
84 | // Ensure we don't trip over disabled internal functions |
||
85 | if (version_compare(PHP_VERSION, '8.0.0', '>=')) |
||
86 | require_once($sourcedir . '/Subs-Compat.php'); |
||
87 | |||
88 | // Make absolutely sure the cache directory is defined and writable. |
||
89 | if (empty($cachedir) || !is_dir($cachedir) || !is_writable($cachedir)) |
||
90 | { |
||
91 | if (is_dir($boarddir . '/cache') && is_writable($boarddir . '/cache')) |
||
92 | $cachedir = $boarddir . '/cache'; |
||
93 | else |
||
94 | { |
||
95 | $cachedir = sys_get_temp_dir() . '/smf_cache_' . md5($boarddir); |
||
96 | @mkdir($cachedir, 0750); |
||
97 | } |
||
98 | } |
||
99 | |||
100 | // Turn off all error reporting; any extra junk makes for an invalid image. |
||
101 | error_reporting(0); |
||
102 | |||
103 | $this->enabled = (bool) $image_proxy_enabled; |
||
104 | $this->maxSize = (int) $image_proxy_maxsize; |
||
105 | $this->secret = (string) $image_proxy_secret; |
||
106 | $this->cache = $cachedir . '/images'; |
||
107 | $this->maxDays = 5; |
||
108 | } |
||
109 | |||
110 | /** |
||
111 | * Checks whether the request is valid or not |
||
112 | * |
||
113 | * @access public |
||
114 | * @return bool Whether the request is valid |
||
115 | */ |
||
116 | public function checkRequest() |
||
117 | { |
||
118 | if (!$this->enabled) |
||
119 | return false; |
||
120 | |||
121 | // Try to create the image cache directory if it doesn't exist |
||
122 | if (!file_exists($this->cache)) |
||
123 | if (!mkdir($this->cache) || !copy(dirname($this->cache) . '/index.php', $this->cache . '/index.php')) |
||
124 | return false; |
||
125 | |||
126 | // Basic sanity check |
||
127 | $_GET['request'] = validate_iri($_GET['request']); |
||
128 | |||
129 | // We aren't going anywhere without these |
||
130 | if (empty($_GET['hash']) || empty($_GET['request'])) |
||
131 | return false; |
||
132 | |||
133 | $hash = $_GET['hash']; |
||
134 | $request = $_GET['request']; |
||
135 | |||
136 | if (hash_hmac('sha1', $request, $this->secret) != $hash) |
||
137 | return false; |
||
138 | |||
139 | // Ensure any non-ASCII characters in the URL are encoded correctly |
||
140 | $request = iri_to_url($request); |
||
141 | |||
142 | // Attempt to cache the request if it doesn't exist |
||
143 | if (!$this->isCached($request)) |
||
144 | return $this->cacheImage($request); |
||
145 | |||
146 | return true; |
||
147 | } |
||
148 | |||
149 | /** |
||
150 | * Serves the request |
||
151 | * |
||
152 | * @access public |
||
153 | */ |
||
154 | public function serve() |
||
155 | { |
||
156 | $request = $_GET['request']; |
||
157 | // Did we get an error when trying to fetch the image |
||
158 | $response = $this->checkRequest(); |
||
159 | if (!$response) |
||
160 | { |
||
161 | // Throw a 404 |
||
162 | send_http_status(404); |
||
163 | exit; |
||
0 ignored issues
–
show
|
|||
164 | } |
||
165 | |||
166 | // We should have a cached image at this point |
||
167 | $cached_file = $this->getCachedPath($request); |
||
168 | |||
169 | // Read from cache if you need to... |
||
170 | if ($this->cachedbody === null) |
||
171 | { |
||
172 | $cached = json_decode(file_get_contents($cached_file), true); |
||
173 | $this->cachedtime = $cached['time']; |
||
174 | $this->cachedtype = $cached['content_type']; |
||
175 | $this->cachedsize = $cached['size']; |
||
176 | $this->cachedbody = $cached['body']; |
||
177 | } |
||
178 | |||
179 | $time = time(); |
||
180 | |||
181 | // Is the cache expired? Delete and reload. |
||
182 | if ($time - $this->cachedtime > ($this->maxDays * 86400)) |
||
183 | { |
||
184 | @unlink($cached_file); |
||
185 | if ($this->checkRequest()) |
||
186 | $this->serve(); |
||
187 | $this->redirectexit($request); |
||
188 | } |
||
189 | |||
190 | $eTag = '"' . substr(sha1($request) . $this->cachedtime, 0, 64) . '"'; |
||
191 | if (!empty($_SERVER['HTTP_IF_NONE_MATCH']) && strpos($_SERVER['HTTP_IF_NONE_MATCH'], $eTag) !== false) |
||
192 | { |
||
193 | send_http_status(304); |
||
194 | exit; |
||
195 | } |
||
196 | |||
197 | // Make sure we're serving an image |
||
198 | $contentParts = explode('/', !empty($this->cachedtype) ? $this->cachedtype : ''); |
||
199 | if ($contentParts[0] != 'image') |
||
200 | exit; |
||
201 | |||
202 | $max_age = $time - $this->cachedtime + (5 * 86400); |
||
203 | header('content-type: ' . $this->cachedtype); |
||
204 | header('content-length: ' . $this->cachedsize); |
||
205 | header('cache-control: public, max-age=' . $max_age); |
||
206 | header('last-modified: ' . gmdate('D, d M Y H:i:s', $this->cachedtime) . ' GMT'); |
||
207 | header('etag: ' . $eTag); |
||
208 | echo base64_decode($this->cachedbody); |
||
209 | } |
||
210 | |||
211 | /** |
||
212 | * Returns the request's hashed filepath |
||
213 | * |
||
214 | * @access public |
||
215 | * @param string $request The request to get the path for |
||
216 | * @return string The hashed filepath for the specified request |
||
217 | */ |
||
218 | protected function getCachedPath($request) |
||
219 | { |
||
220 | return $this->cache . '/' . sha1($request . $this->secret); |
||
221 | } |
||
222 | |||
223 | /** |
||
224 | * Check whether the image exists in local cache or not |
||
225 | * |
||
226 | * @access protected |
||
227 | * @param string $request The image to check for in the cache |
||
228 | * @return bool Whether or not the requested image is cached |
||
229 | */ |
||
230 | protected function isCached($request) |
||
231 | { |
||
232 | return file_exists($this->getCachedPath($request)); |
||
233 | } |
||
234 | |||
235 | /** |
||
236 | * Attempts to cache the image while validating it |
||
237 | * |
||
238 | * Redirects to the origin if |
||
239 | * - the image couldn't be fetched |
||
240 | * - the MIME type doesn't indicate an image |
||
241 | * - the image is too large |
||
242 | * |
||
243 | * @access protected |
||
244 | * @param string $request The image to cache/validate |
||
245 | * @return bool Whether the specified image was cached |
||
246 | */ |
||
247 | protected function cacheImage($request) |
||
248 | { |
||
249 | $dest = $this->getCachedPath($request); |
||
250 | $ext = strtolower(pathinfo(parse_iri($request, PHP_URL_PATH), PATHINFO_EXTENSION)); |
||
251 | |||
252 | $image = fetch_web_data($request); |
||
253 | |||
254 | // Looks like nobody was home |
||
255 | if (empty($image)) |
||
256 | $this->redirectexit($request); |
||
257 | |||
258 | // What kind of file did they give us? |
||
259 | $finfo = finfo_open(FILEINFO_MIME_TYPE); |
||
260 | $mime_type = finfo_buffer($finfo, $image); |
||
261 | |||
262 | // SVG needs a little extra care |
||
263 | if ($ext == 'svg' && in_array($mime_type, array('text/plain', 'text/xml')) && strpos($image, '<svg') !== false && strpos($image, '</svg>') !== false) |
||
264 | $mime_type = 'image/svg+xml'; |
||
265 | |||
266 | // Make sure the url is returning an image |
||
267 | if (strpos($mime_type, 'image/') !== 0) |
||
268 | $this->redirectexit($request); |
||
269 | |||
270 | // Validate the filesize |
||
271 | $size = strlen($image); |
||
272 | if ($size > ($this->maxSize * 1024)) |
||
273 | $this->redirectexit($request); |
||
274 | |||
275 | // Populate object for current serve execution (so you don't have to read it again...) |
||
276 | $this->cachedtime = time(); |
||
277 | $this->cachedtype = $mime_type; |
||
278 | $this->cachedsize = $size; |
||
279 | $this->cachedbody = base64_encode($image); |
||
280 | |||
281 | // Cache it for later |
||
282 | return file_put_contents($dest, json_encode(array( |
||
283 | 'content_type' => $this->cachedtype, |
||
284 | 'size' => $this->cachedsize, |
||
285 | 'time' => $this->cachedtime, |
||
286 | 'body' => $this->cachedbody, |
||
287 | ))) !== false; |
||
288 | } |
||
289 | |||
290 | /** |
||
291 | * A helper function to redirect a request |
||
292 | * |
||
293 | * @access private |
||
294 | * @param string $request |
||
295 | */ |
||
296 | private function redirectexit($request) |
||
297 | { |
||
298 | header('Location: ' . un_htmlspecialchars($request), false, 301); |
||
299 | exit; |
||
300 | } |
||
301 | |||
302 | /** |
||
303 | * Delete all old entries |
||
304 | * |
||
305 | * @access public |
||
306 | */ |
||
307 | public function housekeeping() |
||
308 | { |
||
309 | $path = $this->cache . '/'; |
||
310 | if ($handle = opendir($path)) |
||
311 | { |
||
312 | while (false !== ($file = readdir($handle))) |
||
313 | { |
||
314 | if (is_file($path . $file) && !in_array($file, array('index.php', '.htaccess')) && time() - filemtime($path . $file) > $this->maxDays * 86400) |
||
315 | unlink($path . $file); |
||
316 | } |
||
317 | |||
318 | closedir($handle); |
||
319 | } |
||
320 | } |
||
321 | } |
||
322 | |||
323 | if (SMF == 'PROXY') |
||
324 | { |
||
325 | $proxy = new ProxyServer(); |
||
326 | $proxy->serve(); |
||
327 | } |
||
328 | |||
329 | ?> |
In general, usage of exit should be done with care and only when running in a scripting context like a CLI script.