]> git.wh0rd.org Git - tt-rss.git/commitdiff
projects / tt-rss.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b8f23d6)
af_zz_imgproxy: implement a whitelist of known sites that have optional SSL
authorAndrew Dolgov <noreply@fakecake.org>
Thu, 20 Apr 2017 06:09:00 +0000 (09:09 +0300)
committerAndrew Dolgov <noreply@fakecake.org>
Thu, 20 Apr 2017 06:09:00 +0000 (09:09 +0300)
plugins/af_zz_imgproxy/init.php patch | blob | history

diff --git a/plugins/af_zz_imgproxy/init.php b/plugins/af_zz_imgproxy/init.php
index a07ff5614b8d67c1ca42eb6cbf8a384df194616c..43b3fe7f1715eeabe50400e35171272514e17d1a 100644 (file)
--- a/plugins/af_zz_imgproxy/init.php
+++ b/plugins/af_zz_imgproxy/init.php
@@ -8,6 +8,8 @@ class Af_Zz_ImgProxy extends Plugin {
                        "fox");
        }
 
+       private $ssl_known_whitelist = "imgur.com i.reddituploads.com pbs.twimg.com i.redd.it i.sli.mg media.tumblr.com";
+
        function is_public_method($method) {
                return $method === "imgproxy";
        }
@@ -119,7 +121,17 @@ class Af_Zz_ImgProxy extends Plugin {
 
                if (($scheme != 'https' && $scheme != "") || $is_remote) {
                        if (strpos($url, "data:") !== 0) {
-                               $url = get_self_url_prefix() . "/public.php?op=pluginhandler&plugin=af_zz_imgproxy&pmethod=imgproxy&url=" .
+                               $parts = parse_url($url);
+
+                               foreach (explode(" " , $this->ssl_known_whitelist) as $host) {
+                                       if (strpos($parts['host'], $host) !== FALSE) {
+                                               $parts['scheme'] = 'https';
+
+                                               return build_url($parts);
+                                       }
+                               }
+
+                               return get_self_url_prefix() . "/public.php?op=pluginhandler&plugin=af_zz_imgproxy&pmethod=imgproxy&url=" .
                                        urlencode($url);
                        }
                }
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/