|
0
|
1 <?php
|
|
|
2
|
|
|
3 /**
|
|
|
4 +-----------------------------------------------------------------------+
|
|
|
5 | program/steps/utils/modcss.inc |
|
|
|
6 | |
|
|
|
7 | This file is part of the Roundcube Webmail client |
|
|
|
8 | Copyright (C) 2007-2014, The Roundcube Dev Team |
|
|
|
9 | |
|
|
|
10 | Licensed under the GNU General Public License version 3 or |
|
|
|
11 | any later version with exceptions for skins & plugins. |
|
|
|
12 | See the README file for a full license statement. |
|
|
|
13 | |
|
|
|
14 | PURPOSE: |
|
|
|
15 | Modify CSS source from a URL |
|
|
|
16 | |
|
|
|
17 +-----------------------------------------------------------------------+
|
|
|
18 | Author: Thomas Bruederli <roundcube@gmail.com> |
|
|
|
19 | Author: Aleksander Machniak <alec@alec.pl> |
|
|
|
20 +-----------------------------------------------------------------------+
|
|
|
21 */
|
|
|
22
|
|
|
23 $url = preg_replace('![^a-z0-9.-]!i', '', $_GET['_u']);
|
|
|
24
|
|
|
25 if ($url === null || !($realurl = $_SESSION['modcssurls'][$url])) {
|
|
|
26 header('HTTP/1.1 403 Forbidden');
|
|
|
27 exit("Unauthorized request");
|
|
|
28 }
|
|
|
29
|
|
|
30 // don't allow any other connections than http(s)
|
|
|
31 if (!preg_match('~^(https?)://~i', $realurl, $matches)) {
|
|
|
32 header('HTTP/1.1 403 Forbidden');
|
|
|
33 exit("Invalid URL");
|
|
|
34 }
|
|
|
35
|
|
|
36 if (ini_get('allow_url_fopen')) {
|
|
|
37 $scheme = strtolower($matches[1]);
|
|
|
38 $options = array(
|
|
|
39 $scheme => array(
|
|
|
40 'method' => 'GET',
|
|
|
41 'timeout' => 15,
|
|
|
42 )
|
|
|
43 );
|
|
|
44
|
|
|
45 $context = stream_context_create($options);
|
|
|
46 $source = @file_get_contents($realurl, false, $context);
|
|
|
47
|
|
|
48 // php.net/manual/en/reserved.variables.httpresponseheader.php
|
|
|
49 $headers = implode("\n", (array) $http_response_header);
|
|
|
50 }
|
|
|
51 else if (function_exists('curl_init')) {
|
|
|
52 $curl = curl_init($realurl);
|
|
|
53 curl_setopt($curl, CURLOPT_TIMEOUT, 15);
|
|
|
54 curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 15);
|
|
|
55 curl_setopt($curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
|
|
|
56 curl_setopt($curl, CURLOPT_ENCODING, '');
|
|
|
57 curl_setopt($curl, CURLOPT_HEADER, true);
|
|
|
58 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
|
|
|
59 $data = curl_exec($curl);
|
|
|
60
|
|
|
61 if ($data !== false) {
|
|
|
62 list($headers, $source) = explode("\r\n\r\n", $data, 2);
|
|
|
63 }
|
|
|
64 else {
|
|
|
65 $headers = false;
|
|
|
66 $source = false;
|
|
|
67 }
|
|
|
68 }
|
|
|
69 else {
|
|
|
70 header('HTTP/1.1 403 Forbidden');
|
|
|
71 exit("HTTP connections disabled");
|
|
|
72 }
|
|
|
73
|
|
|
74 $ctype_regexp = '~Content-Type:\s+text/(css|plain)~i';
|
|
|
75
|
|
|
76 if ($source !== false && preg_match($ctype_regexp, $headers)) {
|
|
|
77 header('Content-Type: text/css');
|
|
|
78 echo rcube_utils::mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['_c']));
|
|
|
79 exit;
|
|
|
80 }
|
|
|
81
|
|
|
82 header('HTTP/1.0 404 Not Found');
|
|
|
83 exit("Invalid response returned by server");
|
