public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 10:25:56 +00:00
Code Issues Releases Wiki Activity

af_proxy_http: don't try to proxy back to ourselves

Browse Source
This commit is contained in:
Andrew Dolgov
2021-02-17 16:27:52 +03:00
parent 6ecee2abbd
commit 35b6d63289
1 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
plugins/af_proxy_http/init.php
View File

@@ -50,8 +50,14 @@ class Af_Proxy_Http extends Plugin {
public function imgproxy() { public function imgproxy() {
$url = UrlHelper::validate(clean($_REQUEST["url"])); $url = UrlHelper::validate(clean($_REQUEST["url"]));
// called without user context, let's just redirect to original URL // immediately redirect to original URL if:
if (!$_SESSION["uid"] || $_REQUEST['af_proxy_http_token'] != $_SESSION['af_proxy_http_token']) { // - url points back to ourselves
// - called without user context
// - session-spefific token is invalid
if (
strpos($url, get_self_url_prefix()) === 0 ||
empty($_SESSION["uid"]) ||
$_REQUEST['af_proxy_http_token'] != $_SESSION['af_proxy_http_token']) {
header("Location: $url"); header("Location: $url");
return; return;
} }
@@ -104,6 +110,11 @@ class Af_Proxy_Http extends Plugin {
} }
private function rewrite_url_if_needed($url, $all_remote = false) { private function rewrite_url_if_needed($url, $all_remote = false) {
/* don't rewrite urls pointing to ourselves */
if (strpos($url, get_self_url_prefix()) === 0)
return $url;
/* we don't need to handle URLs where local cache already exists, tt-rss rewrites those automatically */ /* we don't need to handle URLs where local cache already exists, tt-rss rewrites those automatically */
if (!$this->cache->exists(sha1($url))) { if (!$this->cache->exists(sha1($url))) {