valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

af_proxy_http: don't try to proxy back to ourselves

This commit is contained in:
Andrew Dolgov 2021-02-17 16:27:52 +03:00
parent 6ecee2abbd
commit 35b6d63289
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
plugins/af_proxy_http/init.php
View File

@ -50,8 +50,14 @@ class Af_Proxy_Http extends Plugin {
public function imgproxy() {
$url = UrlHelper::validate(clean($_REQUEST["url"]));
// called without user context, let's just redirect to original URL
if (!$_SESSION["uid"] || $_REQUEST['af_proxy_http_token'] != $_SESSION['af_proxy_http_token']) {
// immediately redirect to original URL if:
// - url points back to ourselves
// - called without user context
// - session-spefific token is invalid
if (
strpos($url, get_self_url_prefix()) === 0 ||
empty($_SESSION["uid"]) ||
$_REQUEST['af_proxy_http_token'] != $_SESSION['af_proxy_http_token']) {
header("Location: $url");
return;
}
@ -104,6 +110,11 @@ class Af_Proxy_Http extends Plugin {
}
private function rewrite_url_if_needed($url, $all_remote = false) {
/* don't rewrite urls pointing to ourselves */
if (strpos($url, get_self_url_prefix()) === 0)
return $url;
/* we don't need to handle URLs where local cache already exists, tt-rss rewrites those automatically */
if (!$this->cache->exists(sha1($url))) {