Mercurial > hg > rc2
comparison program/steps/utils/modcss.inc @ 0:4681f974d28b
vanilla 1.3.3 distro, I hope
| author | Charlie Root |
|---|---|
| date | Thu, 04 Jan 2018 15:52:31 -0500 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:4681f974d28b |
|---|---|
| 1 <?php | |
| 2 | |
| 3 /** | |
| 4 +-----------------------------------------------------------------------+ | |
| 5 | program/steps/utils/modcss.inc | | |
| 6 | | | |
| 7 | This file is part of the Roundcube Webmail client | | |
| 8 | Copyright (C) 2007-2014, The Roundcube Dev Team | | |
| 9 | | | |
| 10 | Licensed under the GNU General Public License version 3 or | | |
| 11 | any later version with exceptions for skins & plugins. | | |
| 12 | See the README file for a full license statement. | | |
| 13 | | | |
| 14 | PURPOSE: | | |
| 15 | Modify CSS source from a URL | | |
| 16 | | | |
| 17 +-----------------------------------------------------------------------+ | |
| 18 | Author: Thomas Bruederli <roundcube@gmail.com> | | |
| 19 | Author: Aleksander Machniak <alec@alec.pl> | | |
| 20 +-----------------------------------------------------------------------+ | |
| 21 */ | |
| 22 | |
| 23 $url = preg_replace('![^a-z0-9.-]!i', '', $_GET['_u']); | |
| 24 | |
| 25 if ($url === null || !($realurl = $_SESSION['modcssurls'][$url])) { | |
| 26 header('HTTP/1.1 403 Forbidden'); | |
| 27 exit("Unauthorized request"); | |
| 28 } | |
| 29 | |
| 30 // don't allow any other connections than http(s) | |
| 31 if (!preg_match('~^(https?)://~i', $realurl, $matches)) { | |
| 32 header('HTTP/1.1 403 Forbidden'); | |
| 33 exit("Invalid URL"); | |
| 34 } | |
| 35 | |
| 36 if (ini_get('allow_url_fopen')) { | |
| 37 $scheme = strtolower($matches[1]); | |
| 38 $options = array( | |
| 39 $scheme => array( | |
| 40 'method' => 'GET', | |
| 41 'timeout' => 15, | |
| 42 ) | |
| 43 ); | |
| 44 | |
| 45 $context = stream_context_create($options); | |
| 46 $source = @file_get_contents($realurl, false, $context); | |
| 47 | |
| 48 // php.net/manual/en/reserved.variables.httpresponseheader.php | |
| 49 $headers = implode("\n", (array) $http_response_header); | |
| 50 } | |
| 51 else if (function_exists('curl_init')) { | |
| 52 $curl = curl_init($realurl); | |
| 53 curl_setopt($curl, CURLOPT_TIMEOUT, 15); | |
| 54 curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 15); | |
| 55 curl_setopt($curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); | |
| 56 curl_setopt($curl, CURLOPT_ENCODING, ''); | |
| 57 curl_setopt($curl, CURLOPT_HEADER, true); | |
| 58 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); | |
| 59 $data = curl_exec($curl); | |
| 60 | |
| 61 if ($data !== false) { | |
| 62 list($headers, $source) = explode("\r\n\r\n", $data, 2); | |
| 63 } | |
| 64 else { | |
| 65 $headers = false; | |
| 66 $source = false; | |
| 67 } | |
| 68 } | |
| 69 else { | |
| 70 header('HTTP/1.1 403 Forbidden'); | |
| 71 exit("HTTP connections disabled"); | |
| 72 } | |
| 73 | |
| 74 $ctype_regexp = '~Content-Type:\s+text/(css|plain)~i'; | |
| 75 | |
| 76 if ($source !== false && preg_match($ctype_regexp, $headers)) { | |
| 77 header('Content-Type: text/css'); | |
| 78 echo rcube_utils::mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['_c'])); | |
| 79 exit; | |
| 80 } | |
| 81 | |
| 82 header('HTTP/1.0 404 Not Found'); | |
| 83 exit("Invalid response returned by server"); |