source: subversion/trunk/roundcubemail/program/steps/utils/modcss.inc @ 4488

Last change on this file since 4488 was 4488, checked in by thomasb, 2 years ago

Prevent from relaying arbitrary requests through modcss.inc (security issue)
  • Property svn:keywords set to Id Author
File size: 2.8 KB
Line 
1<?php
2
3/*
4 +-----------------------------------------------------------------------+
5 | program/steps/utils/modcss.inc                                        |
6 |                                                                       |
7 | This file is part of the Roundcube Webmail client                     |
8 | Copyright (C) 2007-2011, The Roundcube Dev Team                       |
9 | Licensed under the GNU GPL                                            |
10 |                                                                       |
11 | PURPOSE:                                                              |
12 |   Modify CSS source from a URL                                        |
13 |                                                                       |
14 +-----------------------------------------------------------------------+
15 | Author: Thomas Bruederli <roundcube@gmail.com>                        |
16 +-----------------------------------------------------------------------+
17
18 $Id$
19
20*/
21
22$source = '';
23
24$url = preg_replace('![^a-z0-9.-]!i', '', $_GET['_u']);
25if ($url === null || !($realurl = $_SESSION['modcssurls'][$url])) {
26    header('HTTP/1.1 403 Forbidden');
27    echo "Unauthorized request";
28    exit;
29}
30
31$a_uri = parse_url($realurl);
32$port  = $a_uri['port'] ? $a_uri['port'] : 80;
33$host  = $a_uri['host'];
34$path  = $a_uri['path'] . ($a_uri['query'] ? '?'.$a_uri['query'] : '');
35
36// don't allow any other connections than http(s)
37if (strtolower(substr($a_uri['scheme'], 0, 4)) != 'http') {
38    header('HTTP/1.1 403 Forbidden');
39    echo "Invalid URL";
40    exit;
41}
42
43// try to open socket connection
44if (!($fp = fsockopen($host, $port, $errno, $error, 15))) {
45    header('HTTP/1.1 500 Internal Server Error');
46    echo $error;
47    exit;
48}
49
50// set timeout for socket
51stream_set_timeout($fp, 30);
52
53// send request
54$out  = "GET $path HTTP/1.0\r\n";
55$out .= "Host: $host\r\n";
56$out .= "Connection: Close\r\n\r\n";
57fwrite($fp, $out);
58
59// read response
60$header = true;
61$headers = array();
62while (!feof($fp)) {
63    $line = trim(fgets($fp, 4048));
64
65    if ($header) {
66        if (preg_match('/^HTTP\/1\..\s+(\d+)/', $line, $regs)
67            && intval($regs[1]) != 200) {
68            break;
69        }
70        else if (empty($line)) {
71            $header = false;
72        }
73        else {
74            list($key, $value) = explode(': ', $line);
75            $headers[strtolower($key)] = $value;
76        }
77    }
78    else {
79        $source .= "$line\n";
80    }
81}
82fclose($fp);
83
84// check content-type header and mod styles
85$mimetype = strtolower($headers['content-type']);
86if (!empty($source) && in_array($mimetype, array('text/css','text/plain'))) {
87    header('Content-Type: text/css');
88    echo rcmail_mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['_c']));
89    exit;
90}
91else
92    $error = "Invalid response returned by server";
93
94header('HTTP/1.0 404 Not Found');
95echo $error;
96exit;
97
98
Note: See TracBrowser for help on using the repository browser.