]> git.wh0rd.org Git - tt-rss.git/blob - plugins/af_zz_imgproxy/init.php
af_zz_imgproxy: redirect to caller url unless called in user context
[tt-rss.git] / plugins / af_zz_imgproxy / init.php
1 <?php
2 class Af_Zz_ImgProxy extends Plugin {
3         private $host;
4
5         function about() {
6                 return array(1.0,
7                         "Load insecure images via built-in proxy",
8                         "fox");
9         }
10
11         function is_public_method($method) {
12                 return $method === "imgproxy";
13         }
14
15         function init($host) {
16                 $this->host = $host;
17
18                 $host->add_hook($host::HOOK_RENDER_ARTICLE, $this);
19                 $host->add_hook($host::HOOK_RENDER_ARTICLE_CDM, $this);
20                 $host->add_hook($host::HOOK_RENDER_ARTICLE_API, $this);
21
22                 $host->add_hook($host::HOOK_PREFS_TAB, $this);
23         }
24
25         function hook_render_article($article) {
26                 return $this->hook_render_article_cdm($article);
27         }
28
29         function hook_render_article_api($headline) {
30                 return $this->hook_render_article_cdm($headline["headline"], true);
31         }
32
33         public function imgproxy() {
34
35                 $url = rewrite_relative_url(SELF_URL_PATH, $_REQUEST["url"]);
36                 $kind = (int) $_REQUEST["kind"]; // 1 = video
37
38                 // called without user context, let's just redirect to original URL
39                 if (!$_SESSION["uid"]) {
40                         header("Location: $url");
41                         return;
42                 }
43
44                 $extension = $kind == 1 ? '.mp4' : '.png';
45                 $local_filename = CACHE_DIR . "/images/" . sha1($url) . $extension;
46
47                 if ($_REQUEST["debug"] == "1") { print $url . "\n" . $local_filename; die; }
48
49                 header("Content-Disposition: inline; filename=\"".basename($local_filename)."\"");
50
51                 if (file_exists($local_filename)) {
52                         $mimetype = mime_content_type($local_filename);
53                         header("Content-type: $mimetype");
54
55                         $stamp = gmdate("D, d M Y H:i:s", filemtime($local_filename)). " GMT";
56                         header("Last-Modified: $stamp", true);
57
58                         readfile($local_filename);
59                 } else {
60                         $data = fetch_file_contents(array("url" => $url));
61
62                         if ($data) {
63                                 if (file_put_contents($local_filename, $data)) {
64                                         $mimetype = mime_content_type($local_filename);
65                                         header("Content-type: $mimetype");
66                                 }
67
68                                 print $data;
69                         }
70                 }
71         }
72
73         function rewrite_url_if_needed($url, $kind, $all_remote = false) {
74                 $scheme = parse_url($url, PHP_URL_SCHEME);
75
76                 if ($all_remote) {
77                         $host = parse_url($url, PHP_URL_HOST);
78                         $self_host = parse_url(SELF_URL_PATH, PHP_URL_HOST);
79
80                         $is_remote = $host != $self_host;
81                 } else {
82                         $is_remote = false;
83                 }
84
85                 if (($scheme != 'https' && $scheme != "") || $is_remote) {
86                         if (strpos($url, "data:") !== 0) {
87                                 $url = "public.php?op=pluginhandler&plugin=af_zz_imgproxy&pmethod=imgproxy&kind=$kind&url=" .
88                                         urlencode($url);
89                         }
90                 }
91
92                 return $url;
93         }
94
95         function hook_render_article_cdm($article, $api_mode = false) {
96
97                 $need_saving = false;
98                 $proxy_all = $this->host->get($this, "proxy_all");
99
100                 $doc = new DOMDocument();
101                 if (@$doc->loadHTML($article["content"])) {
102                         $xpath = new DOMXPath($doc);
103                         $imgs = $xpath->query("//img[@src]");
104
105                         foreach ($imgs as $img) {
106                                 $new_src = $this->rewrite_url_if_needed($img->getAttribute("src"), 0, $proxy_all);
107
108                                 if ($new_src != $img->getAttribute("src")) {
109                                         $img->setAttribute("src", $new_src);
110
111                                         $need_saving = true;
112                                 }
113                         }
114
115                         $vids = $xpath->query("//video");
116
117                         foreach ($vids as $vid) {
118                                 if ($vid->hasAttribute("poster")) {
119                                         $new_src = $this->rewrite_url_if_needed($vid->getAttribute("poster"), 0, $proxy_all);
120
121                                         if ($new_src != $vid->getAttribute("poster")) {
122                                                 $vid->setAttribute("poster", $new_src);
123
124                                                 $need_saving = true;
125                                         }
126                                 }
127
128                                 $vsrcs = $xpath->query("source", $vid);
129
130                                 foreach ($vsrcs as $vsrc) {
131                                         $new_src = $this->rewrite_url_if_needed($vsrc->getAttribute("src"), 1, $proxy_all);
132
133                                         if ($new_src != $vsrc->getAttribute("src")) {
134                                                 $vid->setAttribute("src", $new_src);
135
136                                                 $need_saving = true;
137                                         }
138                                 }
139                         }
140                 }
141
142                 if ($need_saving) $article["content"] = $doc->saveXML();
143
144                 return $article;
145         }
146
147         function hook_prefs_tab($args) {
148                 if ($args != "prefFeeds") return;
149
150                 print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Image proxy settings (af_zz_imgproxy)')."\">";
151
152                 print "<form dojoType=\"dijit.form.Form\">";
153
154                 print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
155                         evt.preventDefault();
156                         if (this.validate()) {
157                                 console.log(dojo.objectToQuery(this.getValues()));
158                                 new Ajax.Request('backend.php', {
159                                         parameters: dojo.objectToQuery(this.getValues()),
160                                         onComplete: function(transport) {
161                                                 notify_info(transport.responseText);
162                                         }
163                                 });
164                                 //this.reset();
165                         }
166                         </script>";
167
168                 print_hidden("op", "pluginhandler");
169                 print_hidden("method", "save");
170                 print_hidden("plugin", "af_zz_imgproxy");
171
172                 $proxy_all = $this->host->get($this, "proxy_all");
173                 print_checkbox("proxy_all", $proxy_all);
174
175                 print "&nbsp;<label for=\"proxy_all\">" . __("Enable proxy for all remote images.") . "</label>";
176
177                 print "<p>"; print_button("submit", __("Save"));
178
179                 print "</form>";
180
181                 print "</div>";
182         }
183
184         function save() {
185                 $proxy_all = checkbox_to_sql_bool($_POST["proxy_all"]) == "true";
186
187                 $this->host->set($this, "proxy_all", $proxy_all);
188
189                 echo __("Configuration saved");
190         }
191
192         function api_version() {
193                 return 2;
194         }
195 }