SHARE
TWEET

2

a guest Oct 13th, 2019 127 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. /*
  4.  * Place here any hosts for which we are to be a proxy -
  5.  * e.g. the host on which the J2EE APIs we'll be proxying are running
  6.  * */
  7. @require_once('config.php');
  8. $ALLOWED_HOSTS = array();
  9. if(isset($SETTING_ALLOWED_HOSTS))
  10.     $ALLOWED_HOSTS = $SETTING_ALLOWED_HOSTS; # Override with setting from config.php
  11.  
  12. /**
  13.  * AJAX Cross Domain (PHP) Proxy 0.8
  14.  *    by Iacovos Constantinou (http://www.iacons.net)
  15.  *
  16.  * Released under CC-GNU GPL
  17.  */
  18.  
  19. /**
  20.  * Enables or disables filtering for cross domain requests.
  21.  * Recommended value: true
  22.  */
  23. define( 'CSAJAX_FILTERS', true );
  24.  
  25. /**
  26.  * If set to true, $valid_requests should hold only domains i.e. a.example.com, b.example.com, usethisdomain.com
  27.  * If set to false, $valid_requests should hold the whole URL ( without the parameters ) i.e. http://example.com/this/is/long/url/
  28.  * Recommended value: false (for security reasons - do not forget that anyone can access your proxy)
  29.  */
  30. define( 'CSAJAX_FILTER_DOMAIN', true );
  31.  
  32. /**
  33.  * Set debugging to true to receive additional messages - really helpful on development
  34.  */
  35. define( 'CSAJAX_DEBUG', true );
  36.  
  37. /**
  38.  * A set of valid cross domain requests
  39.  */
  40. /*$valid_requests = array(
  41.     'localhost'
  42. );*/
  43. $valid_requests = $ALLOWED_HOSTS;
  44.  
  45. /* * * STOP EDITING HERE UNLESS YOU KNOW WHAT YOU ARE DOING * * */
  46.  
  47. // identify request headers
  48. $request_headers = array( );
  49. $setContentType = true;
  50. $isMultiPart = false;
  51. foreach ( $_SERVER as $key => $value ) {
  52.     if(preg_match('/Content.Type/i', $key)){
  53.         $setContentType = false;
  54.         $content_type = explode(";", $value)[0];
  55.         $isMultiPart = preg_match('/multipart/i', $content_type);
  56.         $request_headers[] = "Content-Type: ".$content_type;
  57.         continue;
  58.     }
  59.     if ( substr( $key, 0, 5 ) == 'HTTP_' ) {
  60.         $headername = str_replace( '_', ' ', substr( $key, 5 ) );
  61.         $headername = str_replace( ' ', '-', ucwords( strtolower( $headername ) ) );
  62.         if ( !in_array( $headername, array( 'Host', 'X-Proxy-Url' ) ) ) {
  63.             $request_headers[] = "$headername: $value";
  64.         }
  65.     }
  66. }
  67.  
  68. if($setContentType)
  69.     $request_headers[] = "Content-Type: application/json";
  70.  
  71. // identify request method, url and params
  72. $request_method = $_SERVER['REQUEST_METHOD'];
  73. if ( 'GET' == $request_method ) {
  74.     $request_params = $_GET;
  75. } elseif ( 'POST' == $request_method ) {
  76.     $request_params = $_POST;
  77.     if ( empty( $request_params ) ) {
  78.         $data = file_get_contents( 'php://input' );
  79.         if ( !empty( $data ) ) {
  80.             $request_params = $data;
  81.         }
  82.     }
  83. } elseif ( 'PUT' == $request_method || 'DELETE' == $request_method ) {
  84.     $request_params = file_get_contents( 'php://input' );
  85. } else {
  86.     $request_params = null;
  87. }
  88.  
  89. // Get URL from `csurl` in GET or POST data, before falling back to X-Proxy-URL header.
  90. if ( isset( $_REQUEST['csurl'] ) ) {
  91.     $request_url = urldecode( $_REQUEST['csurl'] );
  92. } else if ( isset( $_SERVER['HTTP_X_PROXY_URL'] ) ) {
  93.     $request_url = urldecode( $_SERVER['HTTP_X_PROXY_URL'] );
  94. } else {
  95.     header( $_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');
  96.     header( 'Status: 404 Not Found' );
  97.     $_SERVER['REDIRECT_STATUS'] = 404;
  98.     exit;
  99. }
  100.  
  101. $p_request_url = parse_url( $request_url );
  102.  
  103. // csurl may exist in GET request methods
  104. if ( is_array( $request_params ) && array_key_exists('csurl', $request_params ) )
  105.     unset( $request_params['csurl'] );
  106.  
  107. // ignore requests for proxy :)
  108. if ( preg_match( '!' . $_SERVER['SCRIPT_NAME'] . '!', $request_url ) || empty( $request_url ) || count( $p_request_url ) == 1 ) {
  109.     csajax_debug_message( 'Invalid request - make sure that csurl variable is not empty' );
  110.     exit;
  111. }
  112.  
  113. // check against valid requests
  114. if ( CSAJAX_FILTERS ) {
  115.     $parsed = $p_request_url;
  116.     if ( CSAJAX_FILTER_DOMAIN ) {
  117.         if ( !in_array( $parsed['host'], $valid_requests ) ) {
  118.             csajax_debug_message( 'Invalid domain - ' . $parsed['host'] . ' is not included in valid request domains' );
  119.             exit;
  120.         }
  121.     } else {
  122.         $check_url = isset( $parsed['scheme'] ) ? $parsed['scheme'] . '://' : '';
  123.         $check_url .= isset( $parsed['user'] ) ? $parsed['user'] . ($parsed['pass'] ? ':' . $parsed['pass'] : '') . '@' : '';
  124.         $check_url .= isset( $parsed['host'] ) ? $parsed['host'] : '';
  125.         $check_url .= isset( $parsed['port'] ) ? ':' . $parsed['port'] : '';
  126.         $check_url .= isset( $parsed['path'] ) ? $parsed['path'] : '';
  127.         if ( !in_array( $check_url, $valid_requests ) ) {
  128.             csajax_debug_message( 'Invalid domain - ' . $request_url . ' is not included in valid request domain' );
  129.             exit;
  130.         }
  131.     }
  132. }
  133.  
  134. // append query string for GET requests
  135. if ( $request_method == 'GET' && count( $request_params ) > 0 && (!array_key_exists( 'query', $p_request_url ) || empty( $p_request_url['query'] ) ) ) {
  136.     $request_url .= '?' . http_build_query( $request_params );
  137. }
  138.  
  139.  
  140. // let the request begin
  141. $ch = curl_init( $request_url );
  142. curl_setopt( $ch, CURLOPT_HTTPHEADER, $request_headers );   // (re-)send headers
  143. curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );    // return response
  144. curl_setopt( $ch, CURLOPT_HEADER, true );      // enabled response headers
  145. // add data for POST, PUT or DELETE requests
  146. if ( 'POST' == $request_method ) {
  147.     $post_data = is_array( $request_params ) ? http_build_query( $request_params ) : $request_params;
  148.  
  149.     $has_files = false;
  150.     $file_params = array();
  151.  
  152.     foreach ($_FILES as $f => $file) {
  153.         if($file['size']){
  154.             $file_params[$f] = '@'. $file['tmp_name'] .";type=". $file['type'];
  155.             $has_files = true;
  156.         }
  157.     }
  158.  
  159.     if($isMultiPart || $has_files){
  160.         foreach(explode("&",$post_data) as $i => $param) {
  161.             $params = explode("=", $param);
  162.             $xvarname = $params[0];
  163.             if (!empty($xvarname))
  164.                 $file_params[$xvarname] = $params[1];
  165.         }
  166.     }
  167.  
  168.     curl_setopt( $ch, CURLOPT_POST, true );
  169.     curl_setopt( $ch, CURLOPT_POSTFIELDS,  $isMultiPart || $has_files ? $file_params : $post_data );
  170. } elseif ( 'PUT' == $request_method || 'DELETE' == $request_method ) {
  171.     curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, $request_method );
  172.     curl_setopt( $ch, CURLOPT_POSTFIELDS, $request_params );
  173. }
  174.  
  175. // retrieve response (headers and content)
  176. $response = curl_exec( $ch );
  177. curl_close( $ch );
  178.  
  179. // split response to header and content
  180. list($response_headers, $response_content) = preg_split( '/(\r\n){2}/', $response, 2 );
  181.  
  182. // (re-)send the headers
  183. $response_headers = preg_split( '/(\r\n){1}/', $response_headers );
  184. foreach ( $response_headers as $key => $response_header ) {
  185.     // Rewrite the `Location` header, so clients will also use the proxy for redirects.
  186.     if ( preg_match( '/^Location:/', $response_header ) ) {
  187.         list($header, $value) = preg_split( '/: /', $response_header, 2 );
  188.         $response_header = 'Location: ' . $_SERVER['REQUEST_URI'] . '?csurl=' . $value;
  189.     }
  190.     if ( !preg_match( '/^(Transfer-Encoding):/', $response_header ) ) {
  191.         header( $response_header, false );
  192.     }
  193. }
  194.  
  195. // finally, output the content
  196. print( $response_content );
  197.  
  198. function csajax_debug_message( $message )
  199. {
  200.     if ( true == CSAJAX_DEBUG ) {
  201.         print $message . PHP_EOL;
  202.     }
  203. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top