|
|
|
@ -5,7 +5,7 @@
|
|
|
|
|
| program/steps/utils/modcss.inc |
|
|
|
|
|
| |
|
|
|
|
|
| This file is part of the Roundcube Webmail client |
|
|
|
|
|
| Copyright (C) 2007-2011, The Roundcube Dev Team |
|
|
|
|
|
| Copyright (C) 2007-2012, The Roundcube Dev Team |
|
|
|
|
|
| |
|
|
|
|
|
| Licensed under the GNU General Public License version 3 or |
|
|
|
|
|
| any later version with exceptions for skins & plugins. |
|
|
|
|
@ -16,83 +16,48 @@
|
|
|
|
|
| |
|
|
|
|
|
+-----------------------------------------------------------------------+
|
|
|
|
|
| Author: Thomas Bruederli <roundcube@gmail.com> |
|
|
|
|
|
| Author: Aleksander Machniak <alec@alec.pl> |
|
|
|
|
|
+-----------------------------------------------------------------------+
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
$source = '';
|
|
|
|
|
|
|
|
|
|
$url = preg_replace('![^a-z0-9.-]!i', '', $_GET['_u']);
|
|
|
|
|
|
|
|
|
|
if ($url === null || !($realurl = $_SESSION['modcssurls'][$url])) {
|
|
|
|
|
header('HTTP/1.1 403 Forbidden');
|
|
|
|
|
echo "Unauthorized request";
|
|
|
|
|
exit;
|
|
|
|
|
exit("Unauthorized request");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$a_uri = parse_url($realurl);
|
|
|
|
|
$port = $a_uri['port'] ? $a_uri['port'] : 80;
|
|
|
|
|
$host = $a_uri['host'];
|
|
|
|
|
$path = $a_uri['path'] . ($a_uri['query'] ? '?'.$a_uri['query'] : '');
|
|
|
|
|
|
|
|
|
|
// don't allow any other connections than http(s)
|
|
|
|
|
if (strtolower(substr($a_uri['scheme'], 0, 4)) != 'http') {
|
|
|
|
|
if (!preg_match('~^(https?)://~i', $realurl, $matches)) {
|
|
|
|
|
header('HTTP/1.1 403 Forbidden');
|
|
|
|
|
echo "Invalid URL";
|
|
|
|
|
exit;
|
|
|
|
|
exit("Invalid URL");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// try to open socket connection
|
|
|
|
|
if (!($fp = fsockopen($host, $port, $errno, $error, 15))) {
|
|
|
|
|
header('HTTP/1.1 500 Internal Server Error');
|
|
|
|
|
echo $error;
|
|
|
|
|
exit;
|
|
|
|
|
if (!ini_get('allow_url_fopen')) {
|
|
|
|
|
header('HTTP/1.1 403 Forbidden');
|
|
|
|
|
exit("HTTP connections disabled");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// set timeout for socket
|
|
|
|
|
stream_set_timeout($fp, 30);
|
|
|
|
|
|
|
|
|
|
// send request
|
|
|
|
|
$out = "GET $path HTTP/1.0\r\n";
|
|
|
|
|
$out .= "Host: $host\r\n";
|
|
|
|
|
$out .= "Connection: Close\r\n\r\n";
|
|
|
|
|
fwrite($fp, $out);
|
|
|
|
|
$scheme = strtolower($matches[1]);
|
|
|
|
|
$options = array(
|
|
|
|
|
$scheme => array(
|
|
|
|
|
'method' => 'GET',
|
|
|
|
|
'timeout' => 15,
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
// read response
|
|
|
|
|
$header = true;
|
|
|
|
|
$headers = array();
|
|
|
|
|
while (!feof($fp)) {
|
|
|
|
|
$line = trim(fgets($fp, 4048));
|
|
|
|
|
$context = stream_context_create($options);
|
|
|
|
|
$source = @file_get_contents($realurl, false, $context);
|
|
|
|
|
|
|
|
|
|
if ($header) {
|
|
|
|
|
if (preg_match('/^HTTP\/1\..\s+(\d+)/', $line, $regs)
|
|
|
|
|
&& intval($regs[1]) != 200) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
else if (empty($line)) {
|
|
|
|
|
$header = false;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
list($key, $value) = explode(': ', $line);
|
|
|
|
|
$headers[strtolower($key)] = $value;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$source .= "$line\n";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
fclose($fp);
|
|
|
|
|
// php.net/manual/en/reserved.variables.httpresponseheader.php
|
|
|
|
|
$headers = implode("\n", (array)$http_response_header);
|
|
|
|
|
$ctype = '~Content-Type:\s+text/(css|plain)~i';
|
|
|
|
|
|
|
|
|
|
// check content-type header and mod styles
|
|
|
|
|
$mimetype = strtolower($headers['content-type']);
|
|
|
|
|
if (!empty($source) && in_array($mimetype, array('text/css','text/plain'))) {
|
|
|
|
|
if ($source !== false && preg_match($ctype, $headers)) {
|
|
|
|
|
header('Content-Type: text/css');
|
|
|
|
|
echo rcmail_mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['_c']));
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
$error = "Invalid response returned by server";
|
|
|
|
|
|
|
|
|
|
header('HTTP/1.0 404 Not Found');
|
|
|
|
|
echo $error;
|
|
|
|
|
exit;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
exit("Invalid response returned by server");
|
|
|
|
|