Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F222940
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
3 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/program/steps/utils/modcss.inc b/program/steps/utils/modcss.inc
index c8a7cb524..749f01829 100644
--- a/program/steps/utils/modcss.inc
+++ b/program/steps/utils/modcss.inc
@@ -1,63 +1,80 @@
<?php
/*
+-----------------------------------------------------------------------+
| program/steps/utils/modcss.inc |
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2007-2012, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
| See the README file for a full license statement. |
| |
| PURPOSE: |
| Modify CSS source from a URL |
| |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
| Author: Aleksander Machniak <alec@alec.pl> |
+-----------------------------------------------------------------------+
*/
$url = preg_replace('![^a-z0-9.-]!i', '', $_GET['_u']);
if ($url === null || !($realurl = $_SESSION['modcssurls'][$url])) {
header('HTTP/1.1 403 Forbidden');
exit("Unauthorized request");
}
// don't allow any other connections than http(s)
if (!preg_match('~^(https?)://~i', $realurl, $matches)) {
header('HTTP/1.1 403 Forbidden');
exit("Invalid URL");
}
-if (!ini_get('allow_url_fopen')) {
+if (ini_get('allow_url_fopen')) {
+ $scheme = strtolower($matches[1]);
+ $options = array(
+ $scheme => array(
+ 'method' => 'GET',
+ 'timeout' => 15,
+ )
+ );
+
+ $context = stream_context_create($options);
+ $source = @file_get_contents($realurl, false, $context);
+
+ // php.net/manual/en/reserved.variables.httpresponseheader.php
+ $headers = implode("\n", (array)$http_response_header);
+} else if (function_exists('curl_init')) {
+ $curl = curl_init($realurl);
+ curl_setopt($curl, CURLOPT_TIMEOUT, 15);
+ curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 15);
+ curl_setopt($curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
+ curl_setopt($curl, CURLOPT_ENCODING, '');
+ curl_setopt($curl, CURLOPT_HEADER, true);
+ curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+ $data = curl_exec($curl);
+
+ if ($data !== false) {
+ list($headers, $source) = explode("\r\n\r\n", $data, 2);
+ } else {
+ $headers = false;
+ $source = false;
+ }
+} else {
header('HTTP/1.1 403 Forbidden');
exit("HTTP connections disabled");
}
-$scheme = strtolower($matches[1]);
-$options = array(
- $scheme => array(
- 'method' => 'GET',
- 'timeout' => 15,
- )
-);
-
-$context = stream_context_create($options);
-$source = @file_get_contents($realurl, false, $context);
-
-// php.net/manual/en/reserved.variables.httpresponseheader.php
-$headers = implode("\n", (array)$http_response_header);
$ctype = '~Content-Type:\s+text/(css|plain)~i';
if ($source !== false && preg_match($ctype, $headers)) {
header('Content-Type: text/css');
echo rcube_utils::mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['_c']));
exit;
}
header('HTTP/1.0 404 Not Found');
exit("Invalid response returned by server");
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sat, Mar 1, 12:21 AM (1 h, 32 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
165231
Default Alt Text
(3 KB)
Attached To
Mode
R3 roundcubemail
Attached
Detach File
Event Timeline
Log In to Comment