af_proxy_http: don't try to proxy back to ourselves

plugins/af_proxy_http/init.php

@@ -50,8 +50,14 @@ class Af_Proxy_Http extends Plugin {
 	public function imgproxy() {
 		$url = UrlHelper::validate(clean($_REQUEST["url"]));
 
-		// called without user context, let's just redirect to original URL
-		if (!$_SESSION["uid"] || $_REQUEST['af_proxy_http_token'] != $_SESSION['af_proxy_http_token']) {
+		// immediately redirect to original URL if:
+		// - url points back to ourselves
+		// - called without user context
+		// - session-spefific token is invalid
+		if (
+			strpos($url, get_self_url_prefix()) === 0 ||
+			empty($_SESSION["uid"]) ||
+			$_REQUEST['af_proxy_http_token'] != $_SESSION['af_proxy_http_token']) {
 			header("Location: $url");
 			return;
 		}
@@ -104,6 +110,11 @@ class Af_Proxy_Http extends Plugin {
 	}
 
 	private function rewrite_url_if_needed($url, $all_remote = false) {
+		/* don't rewrite urls pointing to ourselves */
+
+		if (strpos($url, get_self_url_prefix()) === 0)
+			return $url;
+
 		/* we don't need to handle URLs where local cache already exists, tt-rss rewrites those automatically */
 		if (!$this->cache->exists(sha1($url))) {