1 | <?php |
||
2 | |||
3 | /* For licensing terms, see /license.txt */ |
||
4 | |||
5 | /** |
||
6 | * Script needed in order to avoid mixed content in links inside a learning path |
||
7 | * In order to use this file you have to: |
||
8 | * |
||
9 | * 1. Modify configuration.php and add this setting: $_configuration['lp_fix_embed_content'] = true; |
||
10 | * 2. Copy this file in app/courses/proxy.php |
||
11 | * 3. Change your .htaccess in order to let the proxy.php to be read inside app/courses |
||
12 | * |
||
13 | */ |
||
14 | |||
15 | require_once '../config/configuration.php'; |
||
16 | |||
17 | if (!isset($_configuration['lp_fix_embed_content'])) { |
||
18 | exit; |
||
19 | } |
||
20 | |||
21 | if (true !== $_configuration['lp_fix_embed_content']) { |
||
22 | exit; |
||
23 | } |
||
24 | |||
25 | /** |
||
26 | * Returns "%" or "px" |
||
27 | * |
||
28 | * 800px => function returns "px" |
||
29 | * 800% => function returns % |
||
30 | * |
||
31 | * @param string $value |
||
32 | * @return string |
||
33 | */ |
||
34 | function addPixelOrPercentage($value) |
||
35 | { |
||
36 | $addPixel = strpos($value, 'px'); |
||
37 | $addPixel = !($addPixel === false); |
||
38 | $addCharacter = ''; |
||
39 | if ($addPixel == false) { |
||
40 | $addPercentage = strpos($value, '%'); |
||
41 | $addPercentage = !($addPercentage === false); |
||
42 | if ($addPercentage) { |
||
43 | $addCharacter = '%'; |
||
44 | } |
||
45 | } else { |
||
46 | $addCharacter = 'px'; |
||
47 | } |
||
48 | |||
49 | return $addCharacter; |
||
50 | } |
||
51 | |||
52 | function get_http_response_code($theURL) |
||
53 | { |
||
54 | $headers = get_headers($theURL); |
||
55 | |||
56 | return substr($headers[0], 9, 3); |
||
57 | } |
||
58 | |||
59 | |||
60 | $height = isset($_GET['height']) ? (int) $_GET['height'].addPixelOrPercentage($_GET['height']) : ''; |
||
61 | $width = isset($_GET['width']) ? (int) $_GET['width'].addPixelOrPercentage($_GET['width']) : ''; |
||
62 | $vars = isset($_GET['flashvars']) ? htmlentities($_GET['flashvars']) : ''; |
||
63 | $src = isset($_GET['src']) ? htmlentities($_GET['src']) : ''; |
||
64 | $id = isset($_GET['id']) ? htmlentities($_GET['id']) : ''; |
||
65 | $type = isset($_GET['type']) ? $_GET['type'] : 'flash'; |
||
66 | |||
67 | // Fixes URL like: https://www.vopspsy.ugent.be/pdfs/download.php?own=mvsteenk&file=caleidoscoop.pdf |
||
68 | if (strpos($src, 'download.php') !== false) { |
||
69 | $src = str_replace('download.php', 'download.php?', $src); |
||
70 | $src .= isset($_GET['own']) ? '&own='.htmlentities($_GET['own']) : ''; |
||
71 | $src .= isset($_GET['file']) ? '&file='.htmlentities($_GET['file']) : ''; |
||
72 | } |
||
73 | |||
74 | $result = get_http_response_code($src); |
||
75 | $urlToTest = parse_url($src, PHP_URL_HOST); |
||
76 | $g = stream_context_create (array('ssl' => array('capture_peer_cert' => true))); |
||
77 | $r = @stream_socket_client("ssl://$urlToTest:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $g); |
||
78 | $cont = stream_context_get_params($r); |
||
79 | $convertToSecure = false; |
||
80 | |||
81 | $certinfo = openssl_x509_parse($cont['options']['ssl']['peer_certificate']); |
||
82 | if (isset($certinfo) && isset($certinfo['subject']) && isset($certinfo['subject']['CN'])) { |
||
83 | $certUrl = $certinfo['subject']['CN']; |
||
84 | $parsed = parse_url($certUrl); |
||
85 | |||
86 | // Remove www from URL |
||
87 | $parsedUrl = preg_replace('#^(http(s)?://)?w{3}\.#', '$1', $certUrl); |
||
88 | |||
89 | if ($urlToTest == $certUrl || $parsedUrl == $urlToTest) { |
||
90 | $convertToSecure = true; |
||
91 | } |
||
92 | |||
93 | if ($urlToTest != $certUrl) { |
||
94 | // url and cert url are different this will show a warning in browsers |
||
95 | // use normal "http" version |
||
96 | $result = false; |
||
97 | } |
||
98 | } |
||
99 | |||
100 | if ($result == false) { |
||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
101 | $src = str_replace('https', 'http', $src); |
||
102 | } |
||
103 | |||
104 | if ($convertToSecure) { |
||
105 | $src = str_replace('http', 'https', $src); |
||
106 | } |
||
107 | |||
108 | $result = ''; |
||
109 | switch ($type) { |
||
110 | case 'link': |
||
111 | // Check if links comes from a course |
||
112 | $srcParts = explode('/', $src); |
||
113 | $srcParts = array_filter($srcParts); |
||
114 | $srcParts = array_values($srcParts); |
||
115 | |||
116 | if (isset($srcParts[0], $srcParts[2]) && $srcParts[0] === 'courses' && $srcParts[2] === 'document') { |
||
117 | $src = $_configuration['root_web'].$src; |
||
118 | } |
||
119 | |||
120 | if (strpos($src, 'http') === false) { |
||
121 | $src = "http://$src"; |
||
122 | } |
||
123 | header('Location: '.$src); |
||
124 | exit; |
||
125 | break; |
||
126 | case 'iframe': |
||
127 | $result = '<iframe src="'.$src.'" width="'.$width.'" height="'.$height.'" ></iframe>'; |
||
128 | break; |
||
129 | case 'flash': |
||
130 | $result = ' |
||
131 | <object |
||
132 | id="'.$id.'" width="'.$width.'" height="'.$height.'" align="center" |
||
133 | codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0"> |
||
134 | <param name="id" value="'.$id.'"> |
||
135 | <param name="width" value="'.$width.'"> |
||
136 | <param name="height" value="'.$height.'"> |
||
137 | <param name="bgcolor" value="#ffffff"> |
||
138 | <param name="align" value="center"> |
||
139 | <param name="allowfullscreen" value="true"> |
||
140 | <param name="allowscriptaccess" value="always"> |
||
141 | <param name="quality" value="high"> |
||
142 | <param name="wmode" value="transparent"> |
||
143 | <param name="flashvars" value="'.$vars.'"> |
||
144 | <param name="src" value="'.$src.'"> |
||
145 | <embed |
||
146 | id="'.$id.'" width="'.$width.'" height="'.$height.'" bgcolor="#ffffff" align="center" |
||
147 | allowfullscreen="true" allowscriptaccess="always" quality="high" wmode="transparent" |
||
148 | flashvars="'.$vars.'" src="'.$src.'" |
||
149 | type="application/x-shockwave-flash" |
||
150 | > |
||
151 | </object>'; |
||
152 | } |
||
153 | |||
154 | echo $result; |
||
155 |