Lanmikeman/openvk
Lanmikeman/openvk
1
1
Fork 0
mirror of https://github.com/openvk/openvk synced 2025-07-07 00:09:48 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge 04dbede4c6 into 8ca3de8afa

Browse source
This commit is contained in:
n1rwana 2023-08-09 16:05:43 +03:00 committed by GitHub
commit 68900b89a6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 122 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
Web/Models/Entities/Note.php
View file

@ -2,12 +2,48 @@
namespace openvk\Web\Models\Entities; namespace openvk\Web\Models\Entities;
use HTMLPurifier_Config; use HTMLPurifier_Config;
use HTMLPurifier; use HTMLPurifier;
use HTMLPurifier_Filter;
class SecurityFilter extends HTMLPurifier_Filter
{
public function preFilter($html, $config, $context)
{
$html = preg_replace_callback(
'/<img[^>]*src\s*=\s*["\']([^"\']*)["\'][^>]*>/i',
function ($matches) {
$originalSrc = $matches[1];
$src = $originalSrc;
if (!str_contains($src, "/image.php?url=")) {
$src = '/image.php?url=' . base64_encode($originalSrc);
} else {
if (!OPENVK_ROOT_CONF["openvk"]["preferences"]["imagesProxy"]["replaceInNotes"]) {
$src = preg_replace_callback('/(.*)\/image\.php\?url=(.*)/i', function ($matches) {
return base64_decode($matches[2]);
}, $src);
}
}
return str_replace($originalSrc, $src, $matches[0]);
},
$html
);
return preg_replace_callback(
'/<a[^>]*href\s*=\s*["\']([^"\']*)["\'][^>]*>/i',
function ($matches) {
$originalHref = $matches[1];
$encodedHref = '/away.php?to=' . urlencode($originalHref);
return str_replace($originalHref, $encodedHref, $matches[0]);
},
$html
);
}
}
class Note extends Postable class Note extends Postable
{ {
protected $tableName = "notes"; protected $tableName = "notes";
protected function renderHTML(): string protected function renderHTML(?string $content = NULL): string
{ {
$config = HTMLPurifier_Config::createDefault(); $config = HTMLPurifier_Config::createDefault();
$config->set("Attr.AllowedClasses", []); $config->set("Attr.AllowedClasses", []);
@ -74,15 +110,18 @@ class Note extends Postable
$config->set("Attr.AllowedClasses", [ $config->set("Attr.AllowedClasses", [
"underline", "underline",
]); ]);
$config->set('Filter.Custom', [new SecurityFilter()]);
$source = NULL;
if(is_null($this->getRecord())) { $source = $content;
if(isset($this->changes["source"])) if (!$source) {
$source = $this->changes["source"]; if (is_null($this->getRecord())) {
else if (isset($this->changes["source"]))
throw new \LogicException("Can't render note without content set."); $source = $this->changes["source"];
} else { else
$source = $this->getRecord()->source; throw new \LogicException("Can't render note without content set.");
} else {
$source = $this->getRecord()->source;
}
} }
$purifier = new HTMLPurifier($config); $purifier = new HTMLPurifier($config);
@ -110,8 +149,8 @@ class Note extends Postable
$this->setCached_Content($cached); $this->setCached_Content($cached);
$this->save(); $this->save();
} }
return $cached; return $this->renderHTML($cached);
} }
function getSource(): string function getSource(): string

63
Web/Presenters/ImagesProxyPresenter.php Normal file
View file

@ -0,0 +1,63 @@
<?php declare(strict_types=1);
namespace openvk\Web\Presenters;
use openvk\Web\Models\Repositories\{Gifts, Users};
use openvk\Web\Models\Entities\Notifications\GiftNotification;
final class ImagesProxyPresenter extends OpenVKPresenter
{
const CACHE_EXPIRATION = 1210000;
private function image(string $contentType, $contentSize, string $raw): void
{
header("Content-Type: $contentType");
header("Content-Size: $contentSize");
header("Cache-Control: public, max-age=" . self::CACHE_EXPIRATION);
header("X-Accel-Expires: " . self::CACHE_EXPIRATION);
exit($raw);
}
private function placeholder(): void
{
$placeholder = file_get_contents(__DIR__ . "/../static/img/oof.apng");
$this->image("image/png", strlen($placeholder), $placeholder);
}
public function renderIndex(): void
{
$this->assertUserLoggedIn();
$url = $this->requestParam("url");
if (OPENVK_ROOT_CONF["openvk"]["preferences"]["imagesProxy"]["settings"]["base64_decode_url"]) {
$url = base64_decode($url);
}
$url = OPENVK_ROOT_CONF["openvk"]["preferences"]["imagesProxy"]["settings"]["url_prefix"] . $url;
if (!$url || !filter_var($url, FILTER_VALIDATE_URL)) {
$this->placeholder();
}
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_HEADER => 0,
CURLOPT_URL => $url,
CURLOPT_USERAGENT => OPENVK_ROOT_CONF["openvk"]["appearance"]["name"] . ' Images Proxy/1.0',
CURLOPT_REFERER => "https://$_SERVER[SERVER_NAME]/",
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_BINARYTRANSFER => 1,
]);
$raw = curl_exec($ch);
$contentType = curl_getinfo($ch, CURLINFO_CONTENT_TYPE);
$contentSize = curl_getinfo($ch, CURLINFO_CONTENT_LENGTH_DOWNLOAD);
curl_close($ch);
if ($raw && str_contains($contentType, "image")) {
$this->image($contentType, $contentSize, $raw);
} else {
$this->placeholder();
}
}
}

1
Web/di.yml
View file

@ -49,3 +49,4 @@ services:
- openvk\Web\Models\Repositories\BannedLinks - openvk\Web\Models\Repositories\BannedLinks
- openvk\Web\Models\Repositories\ChandlerGroups - openvk\Web\Models\Repositories\ChandlerGroups
- openvk\Web\Presenters\MaintenancePresenter - openvk\Web\Presenters\MaintenancePresenter
- openvk\Web\Presenters\ImagesProxyPresenter

2
Web/routes.yml
View file

@ -349,6 +349,8 @@ routes:
handler: "About->dev" handler: "About->dev"
- url: "/tour" - url: "/tour"
handler: "About->tour" handler: "About->tour"
- url: "/image.php"
handler: "ImagesProxy->index"
- url: "/{?shortCode}" - url: "/{?shortCode}"
handler: "UnknownTextRouteStrategy->delegate" handler: "UnknownTextRouteStrategy->delegate"
placeholders: placeholders:

5
openvk-example.yml
View file

@ -102,6 +102,11 @@ openvk:
fartscroll: false fartscroll: false
testLabel: false testLabel: false
defaultMobileTheme: "" defaultMobileTheme: ""
imagesProxy:
replaceInNotes: true
settings:
url_prefix: ""
base64_decode_url: true
telemetry: telemetry:
plausible: plausible: