From ecab435420438e355d45a4adea33aeee26b9ca0d Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Thu, 20 Apr 2017 09:09:00 +0300
Subject: [PATCH] af_zz_imgproxy: implement a whitelist of known sites that
 have optional SSL

---
 plugins/af_zz_imgproxy/init.php | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/plugins/af_zz_imgproxy/init.php b/plugins/af_zz_imgproxy/init.php
index a07ff5614..43b3fe7f1 100644
--- a/plugins/af_zz_imgproxy/init.php
+++ b/plugins/af_zz_imgproxy/init.php
@@ -8,6 +8,8 @@ class Af_Zz_ImgProxy extends Plugin {
 			"fox");
 	}
 
+	private $ssl_known_whitelist = "imgur.com i.reddituploads.com pbs.twimg.com i.redd.it i.sli.mg media.tumblr.com";
+
 	function is_public_method($method) {
 		return $method === "imgproxy";
 	}
@@ -119,7 +121,17 @@ class Af_Zz_ImgProxy extends Plugin {
 
 		if (($scheme != 'https' && $scheme != "") || $is_remote) {
 			if (strpos($url, "data:") !== 0) {
-				$url = get_self_url_prefix() . "/public.php?op=pluginhandler&plugin=af_zz_imgproxy&pmethod=imgproxy&url=" .
+				$parts = parse_url($url);
+
+				foreach (explode(" " , $this->ssl_known_whitelist) as $host) {
+					if (strpos($parts['host'], $host) !== FALSE) {
+						$parts['scheme'] = 'https';
+
+						return build_url($parts);
+					}
+				}
+
+				return get_self_url_prefix() . "/public.php?op=pluginhandler&plugin=af_zz_imgproxy&pmethod=imgproxy&url=" .
 					urlencode($url);
 			}
 		}