diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2006-10-17 19:53:29 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2006-10-17 19:53:29 +0200 |
| commit | 894a80cc56d188b10cc78bb4c088bea731f991a2 (patch) | |
| tree | f02c800c5f2872bf614ca8161ca07f69ddd9b35f /lib/exe/fetch.php | |
| parent | 5b8fbc22b64a916716a97745d645316f213db374 (diff) | |
| download | rpg-894a80cc56d188b10cc78bb4c088bea731f991a2.tar.gz rpg-894a80cc56d188b10cc78bb4c088bea731f991a2.tar.bz2 | |
restrict fetch.php's download abilities
This patch changes fetch.php ability to download external files. It now checks
for the returned MIME type and will only download images. For all other
MIME types a redirect is sent back to the browser. This reduces the risc of
being misused as open proxy.
Additionally the download facility is disabled completly by default by setting
the fetchsize option to 0. Users who want the feature need to overwrite the option
in their local.php.
Background: The ability to download external files is needed to resize external
images on the server side. When disabled, a redirect is sent to the browser which
will download the fullsize image and rescale it on the client side which is more
bandwidth and CPU intensive.
darcs-hash:20061017175329-7ad00-cd1b1bfa043a04540c51ca8380d28deaa14147d1.gz
Diffstat (limited to 'lib/exe/fetch.php')
| -rw-r--r-- | lib/exe/fetch.php | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index f33f7b0cc..1f854b338 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -237,7 +237,7 @@ function get_from_URL($url,$ext,$cache){ if( ($mtime == 0) || // cache does not exist ($cache != -1 && $mtime < time()-$cache) // 'recache' and cache has expired ){ - if(io_download($url,$local,false,'',$conf['fetchsize'])){ + if(image_download($url,$local)){ return $local; }else{ return false; @@ -252,6 +252,30 @@ function get_from_URL($url,$ext,$cache){ } /** + * Download image files + * + * @author Andreas Gohr <andi@splitbrain.org> + */ +function image_download($url,$file){ + global $conf; + $http = new DokuHTTPClient(); + $http->max_bodysize = $conf['fetchsize']; + $http->timeout = 25; //max. 25 sec + $http->header_regexp = '!\r\nContent-Type: image/(jpe?g|gif|png)!i'; + + $data = $http->get($url); + if(!$data) return false; + + $fileexists = @file_exists($file); + $fp = @fopen($file,"w"); + if(!$fp) return false; + fwrite($fp,$data); + fclose($fp); + if(!$fileexists and $conf['fperm']) chmod($file, $conf['fperm']); + return true; +} + +/** * resize images using external ImageMagick convert program * * @author Pavel Vitis <Pavel.Vitis@seznam.cz> |