Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

modcss.inc 3.1KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
  1. <?php
  2. /**
  3. +-----------------------------------------------------------------------+
  4. | program/steps/utils/modcss.inc |
  5. | |
  6. | This file is part of the Roundcube Webmail client |
  7. | Copyright (C) 2007-2014, The Roundcube Dev Team |
  8. | |
  9. | Licensed under the GNU General Public License version 3 or |
  10. | any later version with exceptions for skins & plugins. |
  11. | See the README file for a full license statement. |
  12. | |
  13. | PURPOSE: |
  14. | Modify CSS source from a URL |
  15. | |
  16. +-----------------------------------------------------------------------+
  17. | Author: Thomas Bruederli <roundcube@gmail.com> |
  18. | Author: Aleksander Machniak <alec@alec.pl> |
  19. +-----------------------------------------------------------------------+
  20. */
  21. $url = preg_replace('![^a-z0-9.-]!i', '', $_GET['_u']);
  22. if ($url === null || !($realurl = $_SESSION['modcssurls'][$url])) {
  23. header('HTTP/1.1 403 Forbidden');
  24. exit("Unauthorized request");
  25. }
  26. // don't allow any other connections than http(s)
  27. if (!preg_match('~^(https?)://~i', $realurl, $matches)) {
  28. header('HTTP/1.1 403 Forbidden');
  29. exit("Invalid URL");
  30. }
  31. if (ini_get('allow_url_fopen')) {
  32. $scheme = strtolower($matches[1]);
  33. $options = array(
  34. $scheme => array(
  35. 'method' => 'GET',
  36. 'timeout' => 15,
  37. )
  38. );
  39. $context = stream_context_create($options);
  40. $source = @file_get_contents($realurl, false, $context);
  41. // php.net/manual/en/reserved.variables.httpresponseheader.php
  42. $headers = implode("\n", (array) $http_response_header);
  43. }
  44. else if (function_exists('curl_init')) {
  45. $curl = curl_init($realurl);
  46. curl_setopt($curl, CURLOPT_TIMEOUT, 15);
  47. curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 15);
  48. curl_setopt($curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
  49. curl_setopt($curl, CURLOPT_ENCODING, '');
  50. curl_setopt($curl, CURLOPT_HEADER, true);
  51. curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
  52. $data = curl_exec($curl);
  53. if ($data !== false) {
  54. list($headers, $source) = explode("\r\n\r\n", $data, 2);
  55. }
  56. else {
  57. $headers = false;
  58. $source = false;
  59. }
  60. }
  61. else {
  62. header('HTTP/1.1 403 Forbidden');
  63. exit("HTTP connections disabled");
  64. }
  65. $ctype_regexp = '~Content-Type:\s+text/(css|plain)~i';
  66. if ($source !== false && preg_match($ctype_regexp, $headers)) {
  67. header('Content-Type: text/css');
  68. echo rcube_utils::mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['_c']));
  69. exit;
  70. }
  71. header('HTTP/1.0 404 Not Found');
  72. exit("Invalid response returned by server");