From e5b7b145e53915b8ff026f8caaa92fa2f7c833aa Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Mon, 25 Nov 2019 09:48:24 +0300
Subject: cache media: set referrer to source URL when fetching images

---
 classes/rssutils.php  | 21 ++++++++++++++++++---
 include/functions.php |  8 +++++++-
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/classes/rssutils.php b/classes/rssutils.php
index 1482e6ea9..66008899b 100755
--- a/classes/rssutils.php
+++ b/classes/rssutils.php
@@ -739,7 +739,7 @@ class RSSUtils {
 				if (count($matched_filter_ids) > 0) {
 					$filter_ids_qmarks = arr_qmarks($matched_filter_ids);
 
-					$fsth = $pdo->prepare("UPDATE ttrss_filters2 SET last_triggered = NOW() WHERE 
+					$fsth = $pdo->prepare("UPDATE ttrss_filters2 SET last_triggered = NOW() WHERE
 							   id IN ($filter_ids_qmarks) AND owner_uid = ?");
 
 					$fsth->execute(array_merge($matched_filter_ids, [$owner_uid]));
@@ -1200,10 +1200,18 @@ class RSSUtils {
 					Debug::log("cache_enclosures: downloading: $src to $local_filename", Debug::$LOG_VERBOSE);
 
 					if (!$cache->exists($local_filename)) {
-						$file_content = fetch_file_contents(array("url" => $src, "max_size" => MAX_CACHE_FILE_SIZE));
+
+						global $fetch_last_error_code;
+						global $fetch_last_error;
+
+						$file_content = fetch_file_contents(array("url" => $src,
+							"http_referrer" => $src,
+							"max_size" => MAX_CACHE_FILE_SIZE));
 
 						if ($file_content) {
 							$cache->put($local_filename, $file_content);
+						} else {
+							Debug::log("cache_enclosures: failed with $fetch_last_error_code: $fetch_last_error");
 						}
 					} else if (is_writable($local_filename)) {
 						$cache->touch($local_filename);
@@ -1234,10 +1242,17 @@ class RSSUtils {
 						if (!$cache->exists($local_filename)) {
 							Debug::log("cache_media: downloading: $src to $local_filename", Debug::$LOG_VERBOSE);
 
-							$file_content = fetch_file_contents(array("url" => $src, "max_size" => MAX_CACHE_FILE_SIZE));
+							global $fetch_last_error_code;
+							global $fetch_last_error;
+
+							$file_content = fetch_file_contents(array("url" => $src,
+								"http_referrer" => $src,
+								"max_size" => MAX_CACHE_FILE_SIZE));
 
 							if ($file_content) {
 								$cache->put($local_filename, $file_content);
+							} else {
+								Debug::log("cache_media: failed with $fetch_last_error_code: $fetch_last_error");
 							}
 						} else if ($cache->isWritable($local_filename)) {
 							$cache->touch($local_filename);
diff --git a/include/functions.php b/include/functions.php
index c6d33d2fd..c152454b9 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -230,6 +230,7 @@
 		$followlocation = isset($options["followlocation"]) ? $options["followlocation"] : true;
 		$max_size = isset($options["max_size"]) ? $options["max_size"] : MAX_DOWNLOAD_FILE_SIZE; // in bytes
 		$http_accept = isset($options["http_accept"]) ? $options["http_accept"] : false;
+		$http_referrer = isset($options["http_referrer"]) ? $options["http_referrer"] : false;
 
 		$url = ltrim($url, ' ');
 		$url = str_replace(' ', '%20', $url);
@@ -273,7 +274,9 @@
 			curl_setopt($ch, CURLOPT_USERAGENT, $useragent ? $useragent :
 				SELF_USER_AGENT);
 			curl_setopt($ch, CURLOPT_ENCODING, "");
-			//curl_setopt($ch, CURLOPT_REFERER, $url);
+
+			if  ($http_referrer)
+				curl_setopt($ch, CURLOPT_REFERER, $http_referrer);
 
 			if ($max_size) {
 				curl_setopt($ch, CURLOPT_NOPROGRESS, false);
@@ -401,6 +404,9 @@
 			if ($http_accept)
 				array_push($context_options['http']['header'], "Accept: $http_accept");
 
+			if ($http_referrer)
+				array_push($context_options['http']['header'], "Referer: $http_referrer");
+
 			if (defined('_HTTP_PROXY')) {
 				$context_options['http']['request_fulluri'] = true;
 				$context_options['http']['proxy'] = _HTTP_PROXY;
-- 
cgit v1.2.3