Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-03 06:44:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
545a1569f115b5c8aa0be78061258d5f116d7b4b
roundcubemail/program/actions/utils/modcss.php
Aleksander Machniak 545a1569f1 Steps -> Actions refactoring (#7688) 
* Move action handling code to rcmail class
* Add rcmail_action class
* Add action aliases
* Get rid of $OUTPUT global
* Move some methods from rcmail to rcmail_action
* PHP8 compat. fixes
* Add framework for testing actions
* Fix obvious code mistakes
2020-11-01 11:25:38 +01:00

95 lines
3.6 KiB
PHP
Raw Blame History

<?php
/**
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
| |
| Copyright (C) The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
| See the README file for a full license statement. |
| |
| PURPOSE: |
| Modify CSS source from a URL |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
| Author: Aleksander Machniak <alec@alec.pl> |
+-----------------------------------------------------------------------+
*/
class rcmail_action_utils_modcss extends rcmail_action
{
/**
* Request handler.
*
* @param array $args Arguments from the previous step(s)
*/
public function run($args = [])
{
$url = preg_replace('![^a-z0-9.-]!i', '', $_GET['_u']);
if ($url === null || !($realurl = $_SESSION['modcssurls'][$url])) {
header('HTTP/1.1 403 Forbidden');
exit("Unauthorized request");
}
// don't allow any other connections than http(s)
if (!preg_match('~^(https?)://~i', $realurl, $matches)) {
header('HTTP/1.1 403 Forbidden');
exit("Invalid URL");
}
if (ini_get('allow_url_fopen')) {
$scheme = strtolower($matches[1]);
$options = [
$scheme => [
'method' => 'GET',
'timeout' => 15,
]
];
$context = stream_context_create($options);
$source = @file_get_contents($realurl, false, $context);
// php.net/manual/en/reserved.variables.httpresponseheader.php
$headers = implode("\n", (array) $http_response_header);
}
else if (function_exists('curl_init')) {
$curl = curl_init($realurl);
curl_setopt($curl, CURLOPT_TIMEOUT, 15);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 15);
curl_setopt($curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
curl_setopt($curl, CURLOPT_ENCODING, '');
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$data = curl_exec($curl);
if ($data !== false) {
list($headers, $source) = explode("\r\n\r\n", $data, 2);
}
else {
$headers = false;
$source = false;
}
}
else {
header('HTTP/1.1 403 Forbidden');
exit("HTTP connections disabled");
}
$ctype_regexp = '~Content-Type:\s+text/(css|plain)~i';
$container_id = preg_replace('/[^a-z0-9]/i', '', $_GET['_c']);
$css_prefix = preg_replace('/[^a-z0-9]/i', '', $_GET['_p']);
if ($source !== false && preg_match($ctype_regexp, $headers)) {
header('Content-Type: text/css');
echo rcube_utils::mod_css_styles($source, $container_id, false, $css_prefix);
exit;
}
header('HTTP/1.0 404 Not Found');
exit("Invalid response returned by server");
}
}
Reference in New Issue View Git Blame Copy Permalink