public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 17:05:56 +00:00
Code Issues Releases Wiki Activity

af_proxy_http: require separate token to access imgproxy

Browse Source
This commit is contained in:
Andrew Dolgov
2020-09-15 10:59:57 +03:00
parent 1621abcffc
commit 91e1542a82
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/af_proxy_http/init.php
View File

@@ -28,6 +28,9 @@ class Af_Proxy_Http extends Plugin {
$host->add_hook($host::HOOK_ENCLOSURE_ENTRY, $this); $host->add_hook($host::HOOK_ENCLOSURE_ENTRY, $this);
$host->add_hook($host::HOOK_PREFS_TAB, $this); $host->add_hook($host::HOOK_PREFS_TAB, $this);
if (!$_SESSION['af_proxy_http_token'])
$_SESSION['af_proxy_http_token'] = uniqid_short();
} }
function hook_enclosure_entry($enc) { function hook_enclosure_entry($enc) {
@@ -48,7 +51,7 @@ class Af_Proxy_Http extends Plugin {
$url = validate_url(clean($_REQUEST["url"])); $url = validate_url(clean($_REQUEST["url"]));
// called without user context, let's just redirect to original URL // called without user context, let's just redirect to original URL
if (!$_SESSION["uid"]) { if (!$_SESSION["uid"] || $_REQUEST['af_proxy_http_token'] != $_SESSION['af_proxy_http_token']) {
header("Location: $url"); header("Location: $url");
return; return;
} }
@@ -131,7 +134,8 @@ class Af_Proxy_Http extends Plugin {
} }
} }
return $this->host->get_public_method_url($this, "imgproxy", ["url" => $url]); return $this->host->get_public_method_url($this, "imgproxy",
["url" => $url, "af_proxy_http_token" => $_SESSION["af_proxy_http_token"]]);
} }
} }
} }