php/src/gadgets/ProxyHandler.php

   1 <?php
   2 /**
   3  * Licensed to the Apache Software Foundation (ASF) under one
   4  * or more contributor license agreements.  See the NOTICE file
   5  * distributed with this work for additional information
   6  * regarding copyright ownership.  The ASF licenses this file
   7  * to you under the Apache License, Version 2.0 (the
   8  * "License"); you may not use this file except in compliance
   9  * with the License.  You may obtain a copy of the License at
  10  *
  11  *     http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing,
  14  * software distributed under the License is distributed on an
  15  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  16  * KIND, either express or implied.  See the License for the
  17  * specific language governing permissions and limitations
  18  * under the License.
  19  */
  20
  21 // according to features/core/io.js, this is high on the list of things to scrap
  22 define('UNPARSEABLE_CRUFT', "throw 1; < don't be evil' >");
  23
  24 /**
  25  * The ProxyHandler class does the actual proxy'ing work. it deals both with
  26  * GET and POST based input, and peforms a request based on the input, headers and
  27  * httpmethod params.
  28  *
  29  */
  30 class ProxyHandler extends ProxyBase {
  31
  32   /**
  33    * Fetches the content and returns it as-is using the headers as returned
  34    * by the remote host.
  35    *
  36    * @param string $url the url to retrieve
  37    */
  38   public function fetch($url) {
  39     $url = $this->validateUrl($url);
  40     $result = $this->fetchContent($url, 'GET');
  41     $httpCode = (int)$result->getHttpCode();
  42     $isShockwaveFlash = false;
  43     foreach ($result->getResponseHeaders() as $key => $val) {
  44       if (! in_array($key, $this->disallowedHeaders)) {
  45         header("$key: $val", true);
  46       }
  47       if ($key == 'Content-Type' && strtolower($val) == 'application/x-shockwave-flash') {
  48         // We're skipping the content disposition header for flash due to an issue with Flash player 10
  49         // This does make some sites a higher value phishing target, but this can be mitigated by
  50         // additional referer checks.
  51         $isShockwaveFlash = true;
  52       }
  53     }
  54     if (! $isShockwaveFlash) {
  55       header('Content-Disposition: attachment;filename=p.txt');
  56     }
  57     $lastModified = $result->getResponseHeader('Last-Modified') != null ? $result->getResponseHeader('Last-Modified') : gmdate('D, d M Y H:i:s', $result->getCreated()) . ' GMT';
  58     $notModified = false;
  59     if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && $lastModified && ! isset($_SERVER['HTTP_IF_NONE_MATCH'])) {
  60       $if_modified_since = strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']);
  61       // Use the request's Last-Modified, otherwise fall back on our internal time keeping (the time the request was created)
  62       $lastModified = strtotime($lastModified);
  63       if ($lastModified <= $if_modified_since) {
  64         $notModified = true;
  65       }
  66     }
  67     if ($httpCode == 200) {
  68       // only set caching headers if the result was 'OK'
  69       $this->setCachingHeaders($lastModified);
  70     }
  71     // If the cached file time is within the refreshInterval params value, return not-modified
  72     if ($notModified) {
  73       header('HTTP/1.0 304 Not Modified', true);
  74       header('Content-Length: 0', true);
  75     } else {
  76       // then echo the content
  77       echo $result->getResponseContent();
  78     }
  79   }
  80 }