Merge pull request #3038 from Hypolite/bug/proxy_url_extension

proxy_url: Fix extension extraction for URLs containing a . after a ? redux
This commit is contained in:
Michael Vogel 2016-12-20 22:44:34 +01:00 committed by GitHub
commit 875110ab27
1 changed files with 153 additions and 146 deletions

View File

@ -1,20 +1,18 @@
<?php <?php
// Based upon "Privacy Image Cache" by Tobias Hößl <https://github.com/CatoTH/> // Based upon "Privacy Image Cache" by Tobias Hößl <https://github.com/CatoTH/>
define("PROXY_DEFAULT_TIME", 86400); // 1 Day define('PROXY_DEFAULT_TIME', 86400); // 1 Day
define("PROXY_SIZE_MICRO", "micro"); define('PROXY_SIZE_MICRO', 'micro');
define("PROXY_SIZE_THUMB", "thumb"); define('PROXY_SIZE_THUMB', 'thumb');
define("PROXY_SIZE_SMALL", "small"); define('PROXY_SIZE_SMALL', 'small');
define("PROXY_SIZE_MEDIUM", "medium"); define('PROXY_SIZE_MEDIUM', 'medium');
define("PROXY_SIZE_LARGE", "large"); define('PROXY_SIZE_LARGE', 'large');
require_once('include/security.php'); require_once 'include/security.php';
require_once("include/Photo.php"); require_once 'include/Photo.php';
function proxy_init() {
global $a, $_SERVER;
function proxy_init(App $a) {
// Pictures are stored in one of the following ways: // Pictures are stored in one of the following ways:
// 1. If a folder "proxy" exists and is writeable, then use this for caching // 1. If a folder "proxy" exists and is writeable, then use this for caching
// 2. If a cache path is defined, use this // 2. If a cache path is defined, use this
@ -24,11 +22,12 @@ function proxy_init() {
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) { if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
header('HTTP/1.1 304 Not Modified'); header('HTTP/1.1 304 Not Modified');
header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT"); header('Last-Modified: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
header('Etag: '.$_SERVER['HTTP_IF_NONE_MATCH']); header('Etag: ' . $_SERVER['HTTP_IF_NONE_MATCH']);
header("Expires: " . gmdate("D, d M Y H:i:s", time() + (31536000)) . " GMT"); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + (31536000)) . ' GMT');
header("Cache-Control: max-age=31536000"); header('Cache-Control: max-age=31536000');
if(function_exists('header_remove')) {
if (function_exists('header_remove')) {
header_remove('Last-Modified'); header_remove('Last-Modified');
header_remove('Expires'); header_remove('Expires');
header_remove('Cache-Control'); header_remove('Cache-Control');
@ -36,140 +35,149 @@ function proxy_init() {
exit; exit;
} }
if(function_exists('header_remove')) { if (function_exists('header_remove')) {
header_remove('Pragma'); header_remove('Pragma');
header_remove('pragma'); header_remove('pragma');
} }
$thumb = false; $thumb = false;
$size = 1024; $size = 1024;
$sizetype = ""; $sizetype = '';
$basepath = $a->get_basepath(); $basepath = $a->get_basepath();
// If the cache path isn't there, try to create it // If the cache path isn't there, try to create it
if (!is_dir($basepath."/proxy")) if (!is_dir($basepath . '/proxy') AND is_writable($basepath)) {
if (is_writable($basepath)) mkdir($basepath . '/proxy');
mkdir($basepath."/proxy"); }
// Checking if caching into a folder in the webroot is activated and working // Checking if caching into a folder in the webroot is activated and working
$direct_cache = (is_dir($basepath."/proxy") AND is_writable($basepath."/proxy")); $direct_cache = (is_dir($basepath . '/proxy') AND is_writable($basepath . '/proxy'));
// Look for filename in the arguments // Look for filename in the arguments
if ((isset($a->argv[1]) OR isset($a->argv[2]) OR isset($a->argv[3])) AND !isset($_REQUEST["url"])) { if ((isset($a->argv[1]) OR isset($a->argv[2]) OR isset($a->argv[3])) AND !isset($_REQUEST['url'])) {
if (isset($a->argv[3])) if (isset($a->argv[3])) {
$url = $a->argv[3]; $url = $a->argv[3];
elseif (isset($a->argv[2])) } elseif (isset($a->argv[2])) {
$url = $a->argv[2]; $url = $a->argv[2];
else } else {
$url = $a->argv[1]; $url = $a->argv[1];
if (isset($a->argv[3]) and ($a->argv[3] == "thumb"))
$size = 200;
// thumb, small, medium and large.
if (substr($url, -6) == ":micro") {
$size = 48;
$sizetype = ":micro";
$url = substr($url, 0, -6);
} elseif (substr($url, -6) == ":thumb") {
$size = 80;
$sizetype = ":thumb";
$url = substr($url, 0, -6);
} elseif (substr($url, -6) == ":small") {
$size = 175;
$url = substr($url, 0, -6);
$sizetype = ":small";
} elseif (substr($url, -7) == ":medium") {
$size = 600;
$url = substr($url, 0, -7);
$sizetype = ":medium";
} elseif (substr($url, -6) == ":large") {
$size = 1024;
$url = substr($url, 0, -6);
$sizetype = ":large";
} }
$pos = strrpos($url, "=."); if (isset($a->argv[3]) AND ($a->argv[3] == 'thumb')) {
if ($pos) $size = 200;
$url = substr($url, 0, $pos+1); }
$url = str_replace(array(".jpg", ".jpeg", ".gif", ".png"), array("","","",""), $url); // thumb, small, medium and large.
if (substr($url, -6) == ':micro') {
$size = 48;
$sizetype = ':micro';
$url = substr($url, 0, -6);
} elseif (substr($url, -6) == ':thumb') {
$size = 80;
$sizetype = ':thumb';
$url = substr($url, 0, -6);
} elseif (substr($url, -6) == ':small') {
$size = 175;
$url = substr($url, 0, -6);
$sizetype = ':small';
} elseif (substr($url, -7) == ':medium') {
$size = 600;
$url = substr($url, 0, -7);
$sizetype = ':medium';
} elseif (substr($url, -6) == ':large') {
$size = 1024;
$url = substr($url, 0, -6);
$sizetype = ':large';
}
$pos = strrpos($url, '=.');
if ($pos) {
$url = substr($url, 0, $pos + 1);
}
$url = str_replace(array('.jpg', '.jpeg', '.gif', '.png'), array('','','',''), $url);
$url = base64_decode(strtr($url, '-_', '+/'), true); $url = base64_decode(strtr($url, '-_', '+/'), true);
if ($url) if ($url) {
$_REQUEST['url'] = $url; $_REQUEST['url'] = $url;
} else }
} else {
$direct_cache = false; $direct_cache = false;
}
if (!$direct_cache) { if (!$direct_cache) {
$urlhash = 'pic:' . sha1($_REQUEST['url']); $urlhash = 'pic:' . sha1($_REQUEST['url']);
$cachefile = get_cachefile(hash("md5", $_REQUEST['url'])); $cachefile = get_cachefile(hash('md5', $_REQUEST['url']));
if ($cachefile != '') { if ($cachefile != '' AND file_exists($cachefile)) {
if (file_exists($cachefile)) { $img_str = file_get_contents($cachefile);
$img_str = file_get_contents($cachefile); $mime = image_type_to_mime_type(exif_imagetype($cachefile));
$mime = image_type_to_mime_type(exif_imagetype($cachefile));
header("Content-type: $mime"); header('Content-type: ' . $mime);
header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT"); header('Last-Modified: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
header('Etag: "'.md5($img_str).'"'); header('Etag: "' . md5($img_str) . '"');
header("Expires: " . gmdate("D, d M Y H:i:s", time() + (31536000)) . " GMT"); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + (31536000)) . ' GMT');
header("Cache-Control: max-age=31536000"); header('Cache-Control: max-age=31536000');
// reduce quality - if it isn't a GIF // reduce quality - if it isn't a GIF
if ($mime != "image/gif") { if ($mime != 'image/gif') {
$img = new Photo($img_str, $mime); $img = new Photo($img_str, $mime);
if($img->is_valid()) { if ($img->is_valid()) {
$img_str = $img->imageString(); $img_str = $img->imageString();
}
} }
echo $img_str;
killme();
} }
echo $img_str;
killme();
} }
} else } else {
$cachefile = ""; $cachefile = '';
}
$valid = true; $valid = true;
if (!$direct_cache AND ($cachefile == "")) { if (!$direct_cache AND ($cachefile == '')) {
$r = qu("SELECT * FROM `photo` WHERE `resource-id` = '%s' LIMIT 1", $urlhash); $r = qu("SELECT * FROM `photo` WHERE `resource-id` = '%s' LIMIT 1", $urlhash);
if (dbm::is_result($r)) { if (dbm::is_result($r)) {
$img_str = $r[0]['data']; $img_str = $r[0]['data'];
$mime = $r[0]["desc"]; $mime = $r[0]['desc'];
if ($mime == "") $mime = "image/jpeg"; if ($mime == '') {
$mime = 'image/jpeg';
}
} }
} else } else {
$r = array(); $r = array();
}
if (!dbm::is_result($r)) { if (!dbm::is_result($r)) {
// It shouldn't happen but it does - spaces in URL // It shouldn't happen but it does - spaces in URL
$_REQUEST['url'] = str_replace(" ", "+", $_REQUEST['url']); $_REQUEST['url'] = str_replace(' ', '+', $_REQUEST['url']);
$redirects = 0; $redirects = 0;
$img_str = fetch_url($_REQUEST['url'],true, $redirects, 10); $img_str = fetch_url($_REQUEST['url'], true, $redirects, 10);
$tempfile = tempnam(get_temppath(), "cache"); $tempfile = tempnam(get_temppath(), 'cache');
file_put_contents($tempfile, $img_str); file_put_contents($tempfile, $img_str);
$mime = image_type_to_mime_type(exif_imagetype($tempfile)); $mime = image_type_to_mime_type(exif_imagetype($tempfile));
unlink($tempfile); unlink($tempfile);
// If there is an error then return a blank image // If there is an error then return a blank image
if ((substr($a->get_curl_code(), 0, 1) == "4") or (!$img_str)) { if ((substr($a->get_curl_code(), 0, 1) == '4') OR (!$img_str)) {
$img_str = file_get_contents("images/blank.png"); $img_str = file_get_contents('images/blank.png');
$mime = "image/png"; $mime = 'image/png';
$cachefile = ""; // Clear the cachefile so that the dummy isn't stored $cachefile = ''; // Clear the cachefile so that the dummy isn't stored
$valid = false; $valid = false;
$img = new Photo($img_str, "image/png"); $img = new Photo($img_str, 'image/png');
if($img->is_valid()) { if ($img->is_valid()) {
$img->scaleImage(10); $img->scaleImage(10);
$img_str = $img->imageString(); $img_str = $img->imageString();
} }
} else if (($mime != "image/jpeg") AND !$direct_cache AND ($cachefile == "")) { } elseif ($mime != 'image/jpeg' AND !$direct_cache AND $cachefile == '') {
$image = @imagecreatefromstring($img_str); $image = @imagecreatefromstring($img_str);
if($image === FALSE) die(); if ($image === FALSE) {
die();
}
q("INSERT INTO `photo` q("INSERT INTO `photo`
( `uid`, `contact-id`, `guid`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `desc`, `data`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` ) ( `uid`, `contact-id`, `guid`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `desc`, `data`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` )
@ -177,7 +185,7 @@ function proxy_init() {
0, 0, get_guid(), dbesc($urlhash), 0, 0, get_guid(), dbesc($urlhash),
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc(basename(dbesc($_REQUEST["url"]))), dbesc(basename(dbesc($_REQUEST['url']))),
dbesc(''), dbesc(''),
intval(imagesy($image)), intval(imagesy($image)),
intval(imagesx($image)), intval(imagesx($image)),
@ -190,9 +198,8 @@ function proxy_init() {
} else { } else {
$img = new Photo($img_str, $mime); $img = new Photo($img_str, $mime);
if($img->is_valid()) { if ($img->is_valid() AND !$direct_cache AND ($cachefile == '')) {
if (!$direct_cache AND ($cachefile == "")) $img->store(0, 0, $urlhash, $_REQUEST['url'], '', 100);
$img->store(0, 0, $urlhash, $_REQUEST['url'], '', 100);
} }
} }
} }
@ -200,9 +207,9 @@ function proxy_init() {
$img_str_orig = $img_str; $img_str_orig = $img_str;
// reduce quality - if it isn't a GIF // reduce quality - if it isn't a GIF
if ($mime != "image/gif") { if ($mime != 'image/gif') {
$img = new Photo($img_str, $mime); $img = new Photo($img_str, $mime);
if($img->is_valid()) { if ($img->is_valid()) {
$img->scaleImage($size); $img->scaleImage($size);
$img_str = $img->imageString(); $img_str = $img->imageString();
} }
@ -212,20 +219,22 @@ function proxy_init() {
// advantage: real file access is really fast // advantage: real file access is really fast
// Otherwise write in cachefile // Otherwise write in cachefile
if ($valid AND $direct_cache) { if ($valid AND $direct_cache) {
file_put_contents($basepath."/proxy/".proxy_url($_REQUEST['url'], true), $img_str_orig); file_put_contents($basepath . '/proxy/' . proxy_url($_REQUEST['url'], true), $img_str_orig);
if ($sizetype <> '') if ($sizetype != '') {
file_put_contents($basepath."/proxy/".proxy_url($_REQUEST['url'], true).$sizetype, $img_str); file_put_contents($basepath . '/proxy/' . proxy_url($_REQUEST['url'], true) . $sizetype, $img_str);
} elseif ($cachefile != '') }
} elseif ($cachefile != '') {
file_put_contents($cachefile, $img_str_orig); file_put_contents($cachefile, $img_str_orig);
}
header("Content-type: $mime"); header('Content-type: ' . $mime);
// Only output the cache headers when the file is valid // Only output the cache headers when the file is valid
if ($valid) { if ($valid) {
header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT"); header('Last-Modified: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
header('Etag: "'.md5($img_str).'"'); header('Etag: "' . md5($img_str) . '"');
header("Expires: " . gmdate("D, d M Y H:i:s", time() + (31536000)) . " GMT"); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + (31536000)) . ' GMT');
header("Cache-Control: max-age=31536000"); header('Cache-Control: max-age=31536000');
} }
echo $img_str; echo $img_str;
@ -272,24 +281,15 @@ function proxy_url($url, $writemode = false, $size = '') {
$shortpath = hash('md5', $url); $shortpath = hash('md5', $url);
$longpath = substr($shortpath, 0, 2); $longpath = substr($shortpath, 0, 2);
if (is_dir($basepath) and $writemode) { if (is_dir($basepath) AND $writemode AND !is_dir($basepath . '/' . $longpath)) {
if (!is_dir($basepath . '/' . $longpath)) { mkdir($basepath . '/' . $longpath);
mkdir($basepath . '/' . $longpath); chmod($basepath . '/' . $longpath, 0777);
chmod($basepath . '/' . $longpath, 0777);
}
} }
$longpath .= '/' . strtr(base64_encode($url), '+/', '-_'); $longpath .= '/' . strtr(base64_encode($url), '+/', '-_');
// Extract the URL extension, disregarding GET parameters starting with ? // Extract the URL extension
$question_mark_pos = strpos($url, '?'); $extension = pathinfo(parse_url($url, PHP_URL_PATH), PATHINFO_EXTENSION);
if ($question_mark_pos === false) {
$question_mark_pos = strlen($url);
}
$dot_pos = strrpos($url, '.', $question_mark_pos - strlen($url));
if ($dot_pos !== false) {
$extension = strtolower(substr($url, $dot_pos + 1, $question_mark_pos - ($dot_pos + 1)));
}
$extensions = array('jpg', 'jpeg', 'gif', 'png'); $extensions = array('jpg', 'jpeg', 'gif', 'png');
if (in_array($extension, $extensions)) { if (in_array($extension, $extensions)) {
@ -321,9 +321,13 @@ function proxy_url($url, $writemode = false, $size = '') {
* @return boolean * @return boolean
*/ */
function proxy_is_local_image($url) { function proxy_is_local_image($url) {
if ($url[0] == '/') return true; if ($url[0] == '/') {
return true;
}
if (strtolower(substr($url, 0, 5)) == "data:") return true; if (strtolower(substr($url, 0, 5)) == 'data:') {
return true;
}
// links normalised - bug #431 // links normalised - bug #431
$baseurl = normalise_link(get_app()->get_baseurl()); $baseurl = normalise_link(get_app()->get_baseurl());
@ -331,42 +335,45 @@ function proxy_is_local_image($url) {
return (substr($url, 0, strlen($baseurl)) == $baseurl); return (substr($url, 0, strlen($baseurl)) == $baseurl);
} }
function proxy_parse_query($var) { /**
/** * @brief Return the array of query string parameters from a URL
* Use this function to parse out the query array element from *
* the output of parse_url(). * @param string $url
*/ * @return array Associative array of query string parameters
$var = parse_url($var, PHP_URL_QUERY); */
$var = html_entity_decode($var); function proxy_parse_query($url) {
$var = explode('&', $var); $query = parse_url($url, PHP_URL_QUERY);
$arr = array(); $query = html_entity_decode($query);
$query_list = explode('&', $query);
$arr = array();
foreach($var as $val) { foreach ($query_list as $key_value) {
$x = explode('=', $val); $key_value_list = explode('=', $key_value);
$arr[$x[0]] = $x[1]; $arr[$key_value_list[0]] = $key_value_list[1];
} }
unset($val, $x, $var); unset($url, $query_list, $url);
return $arr; return $arr;
} }
function proxy_img_cb($matches) { function proxy_img_cb($matches) {
// if the picture seems to be from another picture cache then take the original source // if the picture seems to be from another picture cache then take the original source
$queryvar = proxy_parse_query($matches[2]); $queryvar = proxy_parse_query($matches[2]);
if (($queryvar['url'] != "") AND (substr($queryvar['url'], 0, 4) == "http")) if (($queryvar['url'] != '') AND (substr($queryvar['url'], 0, 4) == 'http')) {
$matches[2] = urldecode($queryvar['url']); $matches[2] = urldecode($queryvar['url']);
}
// following line changed per bug #431 // following line changed per bug #431
if (proxy_is_local_image($matches[2])) if (proxy_is_local_image($matches[2])) {
return $matches[1] . $matches[2] . $matches[3]; return $matches[1] . $matches[2] . $matches[3];
}
return $matches[1].proxy_url(htmlspecialchars_decode($matches[2])).$matches[3]; return $matches[1] . proxy_url(htmlspecialchars_decode($matches[2])) . $matches[3];
} }
function proxy_parse_html($html) { function proxy_parse_html($html) {
$a = get_app(); $a = get_app();
$html = str_replace(normalise_link($a->get_baseurl())."/", $a->get_baseurl()."/", $html); $html = str_replace(normalise_link($a->get_baseurl()) . '/', $a->get_baseurl() . '/', $html);
return preg_replace_callback("/(<img [^>]*src *= *[\"'])([^\"']+)([\"'][^>]*>)/siU", "proxy_img_cb", $html); return preg_replace_callback('/(<img [^>]*src *= *["\'])([^"\']+)(["\'][^>]*>)/siU', 'proxy_img_cb', $html);
} }