banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use file_get_contents() to make code simpler and to fix possible infinite loop

Browse Source
pull/13/head
Aleksander Machniak 12 years ago
parent 3efc74654a
commit 2b21b97ef0
2 changed files with 26 additions and 59 deletions
Show Stats Download Patch File Download Diff File

4
installer/check.php
Unescape Escape View File

@ -45,7 +45,9 @@ $ini_checks = array(
);
$optional_checks = array(
'date.timezone' => '-NOTEMPTY-',
// required for utils/modcss.inc, should we require this?
'allow_url_fopen' => 1,
'date.timezone' => '-NOTEMPTY-',
);
$source_urls = array(

81
program/steps/utils/modcss.inc
Unescape Escape View File

@ -5,7 +5,7 @@
| program/steps/utils/modcss.inc |
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2007-2011, The Roundcube Dev Team |
| Copyright (C) 2007-2012, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@ -16,83 +16,48 @@
| |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
| Author: Aleksander Machniak <alec@alec.pl> |
+-----------------------------------------------------------------------+
*/
$source = '';
$url = preg_replace('![^a-z0-9.-]!i', '', $_GET['_u']);
if ($url === null || !($realurl = $_SESSION['modcssurls'][$url])) {
header('HTTP/1.1 403 Forbidden');
echo "Unauthorized request";
exit;
exit("Unauthorized request");
}
$a_uri = parse_url($realurl);
$port = $a_uri['port'] ? $a_uri['port'] : 80;
$host = $a_uri['host'];
$path = $a_uri['path'] . ($a_uri['query'] ? '?'.$a_uri['query'] : '');
// don't allow any other connections than http(s)
if (strtolower(substr($a_uri['scheme'], 0, 4)) != 'http') {
if (!preg_match('~^(https?)://~i', $realurl, $matches)) {
header('HTTP/1.1 403 Forbidden');
echo "Invalid URL";
exit;
exit("Invalid URL");
}
// try to open socket connection
if (!($fp = fsockopen($host, $port, $errno, $error, 15))) {
header('HTTP/1.1 500 Internal Server Error');
echo $error;
exit;
if (!ini_get('allow_url_fopen')) {
header('HTTP/1.1 403 Forbidden');
exit("HTTP connections disabled");
}
// set timeout for socket
stream_set_timeout($fp, 30);
// send request
$out = "GET $path HTTP/1.0\r\n";
$out .= "Host: $host\r\n";
$out .= "Connection: Close\r\n\r\n";
fwrite($fp, $out);
$scheme = strtolower($matches[1]);
$options = array(
$scheme => array(
'method' => 'GET',
'timeout' => 15,
)
);
// read response
$header = true;
$headers = array();
while (!feof($fp)) {
$line = trim(fgets($fp, 4048));
$context = stream_context_create($options);
$source = @file_get_contents($realurl, false, $context);
if ($header) {
if (preg_match('/^HTTP\/1\..\s+(\d+)/', $line, $regs)
&& intval($regs[1]) != 200) {
break;
}
else if (empty($line)) {
$header = false;
}
else {
list($key, $value) = explode(': ', $line);
$headers[strtolower($key)] = $value;
}
}
else {
$source .= "$line\n";
}
}
fclose($fp);
// php.net/manual/en/reserved.variables.httpresponseheader.php
$headers = implode("\n", (array)$http_response_header);
$ctype = '~Content-Type:\s+text/(css|plain)~i';
// check content-type header and mod styles
$mimetype = strtolower($headers['content-type']);
if (!empty($source) && in_array($mimetype, array('text/css','text/plain'))) {
if ($source !== false && preg_match($ctype, $headers)) {
header('Content-Type: text/css');
echo rcmail_mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['_c']));
exit;
}
else
$error = "Invalid response returned by server";
header('HTTP/1.0 404 Not Found');
echo $error;
exit;
exit("Invalid response returned by server");

Write Preview
Loading…
Cancel
Save