From f2fbb4ee7ef1c3cafefc7c78f57b685644996667 Mon Sep 17 00:00:00 2001 From: wn_ Date: Sun, 23 Apr 2017 13:55:14 -0500 Subject: [PATCH 1/2] Compare end of domains when checking known SSL whitelist. For example: "imgur.com.mysite.com" should not match the "imgur.com" whitelist entry. --- plugins/af_zz_imgproxy/init.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/af_zz_imgproxy/init.php b/plugins/af_zz_imgproxy/init.php index 5fab3b7b8..8419b8a87 100644 --- a/plugins/af_zz_imgproxy/init.php +++ b/plugins/af_zz_imgproxy/init.php @@ -124,7 +124,7 @@ class Af_Zz_ImgProxy extends Plugin { $parts = parse_url($url); foreach (explode(" " , $this->ssl_known_whitelist) as $host) { - if (strpos($parts['host'], $host) !== FALSE) { + if (substr(strtolower($parts['host']), -strlen($host)) === strtolower($host)) { $parts['scheme'] = 'https'; return build_url($parts); From c7360f4a54e9470fc36105f5a4289769ca402889 Mon Sep 17 00:00:00 2001 From: wn_ Date: Sun, 23 Apr 2017 14:17:24 -0500 Subject: [PATCH 2/2] Respect 'proxy_all' during optional SSL whitelist rewrite --- plugins/af_zz_imgproxy/init.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/plugins/af_zz_imgproxy/init.php b/plugins/af_zz_imgproxy/init.php index 8419b8a87..86f79c694 100644 --- a/plugins/af_zz_imgproxy/init.php +++ b/plugins/af_zz_imgproxy/init.php @@ -126,8 +126,12 @@ class Af_Zz_ImgProxy extends Plugin { foreach (explode(" " , $this->ssl_known_whitelist) as $host) { if (substr(strtolower($parts['host']), -strlen($host)) === strtolower($host)) { $parts['scheme'] = 'https'; - - return build_url($parts); + $url = build_url($parts); + if ($all_remote && $is_remote) { + break; + } else { + return $url; + } } }