diff options
author | Andrew Dolgov <[email protected]> | 2017-04-20 09:09:00 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2017-04-20 09:09:00 +0300 |
commit | ecab435420438e355d45a4adea33aeee26b9ca0d (patch) | |
tree | f9f4f7d79c672236a68125283f12fc0f0aa97af1 /plugins/af_zz_imgproxy | |
parent | b8f23d68484d8c0672d6c01a1344804dd5aba17f (diff) |
af_zz_imgproxy: implement a whitelist of known sites that have optional SSL
Diffstat (limited to 'plugins/af_zz_imgproxy')
-rw-r--r-- | plugins/af_zz_imgproxy/init.php | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/plugins/af_zz_imgproxy/init.php b/plugins/af_zz_imgproxy/init.php index a07ff5614..43b3fe7f1 100644 --- a/plugins/af_zz_imgproxy/init.php +++ b/plugins/af_zz_imgproxy/init.php @@ -8,6 +8,8 @@ class Af_Zz_ImgProxy extends Plugin { "fox"); } + private $ssl_known_whitelist = "imgur.com i.reddituploads.com pbs.twimg.com i.redd.it i.sli.mg media.tumblr.com"; + function is_public_method($method) { return $method === "imgproxy"; } @@ -119,7 +121,17 @@ class Af_Zz_ImgProxy extends Plugin { if (($scheme != 'https' && $scheme != "") || $is_remote) { if (strpos($url, "data:") !== 0) { - $url = get_self_url_prefix() . "/public.php?op=pluginhandler&plugin=af_zz_imgproxy&pmethod=imgproxy&url=" . + $parts = parse_url($url); + + foreach (explode(" " , $this->ssl_known_whitelist) as $host) { + if (strpos($parts['host'], $host) !== FALSE) { + $parts['scheme'] = 'https'; + + return build_url($parts); + } + } + + return get_self_url_prefix() . "/public.php?op=pluginhandler&plugin=af_zz_imgproxy&pmethod=imgproxy&url=" . urlencode($url); } } |