├── .gitignore ├── LICENSE.md ├── README.md ├── edit.php ├── files ├── .htaccess ├── css │ └── index.css ├── js │ └── index.js └── php │ ├── .htaccess │ ├── functions.inc.php │ ├── idna.class.php │ ├── index.inc.php │ ├── misc.override.php │ └── misc.php └── index.php /.gitignore: -------------------------------------------------------------------------------- 1 | files/php/misc.override.php 2 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | ========================== 3 | 4 | Version 3, 29 June 2007 5 | 6 | Copyright © 2007 Free Software Foundation, Inc. <> 7 | 8 | Everyone is permitted to copy and distribute verbatim copies of this license 9 | document, but changing it is not allowed. 10 | 11 | ## Preamble 12 | 13 | The GNU General Public License is a free, copyleft license for software and other 14 | kinds of works. 15 | 16 | The licenses for most software and other practical works are designed to take away 17 | your freedom to share and change the works. By contrast, the GNU General Public 18 | License is intended to guarantee your freedom to share and change all versions of a 19 | program--to make sure it remains free software for all its users. We, the Free 20 | Software Foundation, use the GNU General Public License for most of our software; it 21 | applies also to any other work released this way by its authors. You can apply it to 22 | your programs, too. 23 | 24 | When we speak of free software, we are referring to freedom, not price. Our General 25 | Public Licenses are designed to make sure that you have the freedom to distribute 26 | copies of free software (and charge for them if you wish), that you receive source 27 | code or can get it if you want it, that you can change the software or use pieces of 28 | it in new free programs, and that you know you can do these things. 29 | 30 | To protect your rights, we need to prevent others from denying you these rights or 31 | asking you to surrender the rights. Therefore, you have certain responsibilities if 32 | you distribute copies of the software, or if you modify it: responsibilities to 33 | respect the freedom of others. 34 | 35 | For example, if you distribute copies of such a program, whether gratis or for a fee, 36 | you must pass on to the recipients the same freedoms that you received. You must make 37 | sure that they, too, receive or can get the source code. And you must show them these 38 | terms so they know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: (1) assert 41 | copyright on the software, and (2) offer you this License giving you legal permission 42 | to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains that there is 45 | no warranty for this free software. For both users' and authors' sake, the GPL 46 | requires that modified versions be marked as changed, so that their problems will not 47 | be attributed erroneously to authors of previous versions. 48 | 49 | Some devices are designed to deny users access to install or run modified versions of 50 | the software inside them, although the manufacturer can do so. This is fundamentally 51 | incompatible with the aim of protecting users' freedom to change the software. The 52 | systematic pattern of such abuse occurs in the area of products for individuals to 53 | use, which is precisely where it is most unacceptable. Therefore, we have designed 54 | this version of the GPL to prohibit the practice for those products. If such problems 55 | arise substantially in other domains, we stand ready to extend this provision to 56 | those domains in future versions of the GPL, as needed to protect the freedom of 57 | users. 58 | 59 | Finally, every program is threatened constantly by software patents. States should 60 | not allow patents to restrict development and use of software on general-purpose 61 | computers, but in those that do, we wish to avoid the special danger that patents 62 | applied to a free program could make it effectively proprietary. To prevent this, the 63 | GPL assures that patents cannot be used to render the program non-free. 64 | 65 | The precise terms and conditions for copying, distribution and modification follow. 66 | 67 | ## TERMS AND CONDITIONS 68 | 69 | ### 0. Definitions. 70 | 71 | “This License” refers to version 3 of the GNU General Public License. 72 | 73 | “Copyright” also means copyright-like laws that apply to other kinds of 74 | works, such as semiconductor masks. 75 | 76 | “The Program” refers to any copyrightable work licensed under this 77 | License. Each licensee is addressed as “you”. “Licensees” and 78 | “recipients” may be individuals or organizations. 79 | 80 | To “modify” a work means to copy from or adapt all or part of the work in 81 | a fashion requiring copyright permission, other than the making of an exact copy. The 82 | resulting work is called a “modified version” of the earlier work or a 83 | work “based on” the earlier work. 84 | 85 | A “covered work” means either the unmodified Program or a work based on 86 | the Program. 87 | 88 | To “propagate” a work means to do anything with it that, without 89 | permission, would make you directly or secondarily liable for infringement under 90 | applicable copyright law, except executing it on a computer or modifying a private 91 | copy. Propagation includes copying, distribution (with or without modification), 92 | making available to the public, and in some countries other activities as well. 93 | 94 | To “convey” a work means any kind of propagation that enables other 95 | parties to make or receive copies. Mere interaction with a user through a computer 96 | network, with no transfer of a copy, is not conveying. 97 | 98 | An interactive user interface displays “Appropriate Legal Notices” to the 99 | extent that it includes a convenient and prominently visible feature that (1) 100 | displays an appropriate copyright notice, and (2) tells the user that there is no 101 | warranty for the work (except to the extent that warranties are provided), that 102 | licensees may convey the work under this License, and how to view a copy of this 103 | License. If the interface presents a list of user commands or options, such as a 104 | menu, a prominent item in the list meets this criterion. 105 | 106 | ### 1. Source Code. 107 | 108 | The “source code” for a work means the preferred form of the work for 109 | making modifications to it. “Object code” means any non-source form of a 110 | work. 111 | 112 | A “Standard Interface” means an interface that either is an official 113 | standard defined by a recognized standards body, or, in the case of interfaces 114 | specified for a particular programming language, one that is widely used among 115 | developers working in that language. 116 | 117 | The “System Libraries” of an executable work include anything, other than 118 | the work as a whole, that (a) is included in the normal form of packaging a Major 119 | Component, but which is not part of that Major Component, and (b) serves only to 120 | enable use of the work with that Major Component, or to implement a Standard 121 | Interface for which an implementation is available to the public in source code form. 122 | A “Major Component”, in this context, means a major essential component 123 | (kernel, window system, and so on) of the specific operating system (if any) on which 124 | the executable work runs, or a compiler used to produce the work, or an object code 125 | interpreter used to run it. 126 | 127 | The “Corresponding Source” for a work in object code form means all the 128 | source code needed to generate, install, and (for an executable work) run the object 129 | code and to modify the work, including scripts to control those activities. However, 130 | it does not include the work's System Libraries, or general-purpose tools or 131 | generally available free programs which are used unmodified in performing those 132 | activities but which are not part of the work. For example, Corresponding Source 133 | includes interface definition files associated with source files for the work, and 134 | the source code for shared libraries and dynamically linked subprograms that the work 135 | is specifically designed to require, such as by intimate data communication or 136 | control flow between those subprograms and other parts of the work. 137 | 138 | The Corresponding Source need not include anything that users can regenerate 139 | automatically from other parts of the Corresponding Source. 140 | 141 | The Corresponding Source for a work in source code form is that same work. 142 | 143 | ### 2. Basic Permissions. 144 | 145 | All rights granted under this License are granted for the term of copyright on the 146 | Program, and are irrevocable provided the stated conditions are met. This License 147 | explicitly affirms your unlimited permission to run the unmodified Program. The 148 | output from running a covered work is covered by this License only if the output, 149 | given its content, constitutes a covered work. This License acknowledges your rights 150 | of fair use or other equivalent, as provided by copyright law. 151 | 152 | You may make, run and propagate covered works that you do not convey, without 153 | conditions so long as your license otherwise remains in force. You may convey covered 154 | works to others for the sole purpose of having them make modifications exclusively 155 | for you, or provide you with facilities for running those works, provided that you 156 | comply with the terms of this License in conveying all material for which you do not 157 | control copyright. Those thus making or running the covered works for you must do so 158 | exclusively on your behalf, under your direction and control, on terms that prohibit 159 | them from making any copies of your copyrighted material outside their relationship 160 | with you. 161 | 162 | Conveying under any other circumstances is permitted solely under the conditions 163 | stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 164 | 165 | ### 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 166 | 167 | No covered work shall be deemed part of an effective technological measure under any 168 | applicable law fulfilling obligations under article 11 of the WIPO copyright treaty 169 | adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention 170 | of such measures. 171 | 172 | When you convey a covered work, you waive any legal power to forbid circumvention of 173 | technological measures to the extent such circumvention is effected by exercising 174 | rights under this License with respect to the covered work, and you disclaim any 175 | intention to limit operation or modification of the work as a means of enforcing, 176 | against the work's users, your or third parties' legal rights to forbid circumvention 177 | of technological measures. 178 | 179 | ### 4. Conveying Verbatim Copies. 180 | 181 | You may convey verbatim copies of the Program's source code as you receive it, in any 182 | medium, provided that you conspicuously and appropriately publish on each copy an 183 | appropriate copyright notice; keep intact all notices stating that this License and 184 | any non-permissive terms added in accord with section 7 apply to the code; keep 185 | intact all notices of the absence of any warranty; and give all recipients a copy of 186 | this License along with the Program. 187 | 188 | You may charge any price or no price for each copy that you convey, and you may offer 189 | support or warranty protection for a fee. 190 | 191 | ### 5. Conveying Modified Source Versions. 192 | 193 | You may convey a work based on the Program, or the modifications to produce it from 194 | the Program, in the form of source code under the terms of section 4, provided that 195 | you also meet all of these conditions: 196 | 197 | * **a)** The work must carry prominent notices stating that you modified it, and giving a 198 | relevant date. 199 | * **b)** The work must carry prominent notices stating that it is released under this 200 | License and any conditions added under section 7. This requirement modifies the 201 | requirement in section 4 to “keep intact all notices”. 202 | * **c)** You must license the entire work, as a whole, under this License to anyone who 203 | comes into possession of a copy. This License will therefore apply, along with any 204 | applicable section 7 additional terms, to the whole of the work, and all its parts, 205 | regardless of how they are packaged. This License gives no permission to license the 206 | work in any other way, but it does not invalidate such permission if you have 207 | separately received it. 208 | * **d)** If the work has interactive user interfaces, each must display Appropriate Legal 209 | Notices; however, if the Program has interactive interfaces that do not display 210 | Appropriate Legal Notices, your work need not make them do so. 211 | 212 | A compilation of a covered work with other separate and independent works, which are 213 | not by their nature extensions of the covered work, and which are not combined with 214 | it such as to form a larger program, in or on a volume of a storage or distribution 215 | medium, is called an “aggregate” if the compilation and its resulting 216 | copyright are not used to limit the access or legal rights of the compilation's users 217 | beyond what the individual works permit. Inclusion of a covered work in an aggregate 218 | does not cause this License to apply to the other parts of the aggregate. 219 | 220 | ### 6. Conveying Non-Source Forms. 221 | 222 | You may convey a covered work in object code form under the terms of sections 4 and 223 | 5, provided that you also convey the machine-readable Corresponding Source under the 224 | terms of this License, in one of these ways: 225 | 226 | * **a)** Convey the object code in, or embodied in, a physical product (including a 227 | physical distribution medium), accompanied by the Corresponding Source fixed on a 228 | durable physical medium customarily used for software interchange. 229 | * **b)** Convey the object code in, or embodied in, a physical product (including a 230 | physical distribution medium), accompanied by a written offer, valid for at least 231 | three years and valid for as long as you offer spare parts or customer support for 232 | that product model, to give anyone who possesses the object code either (1) a copy of 233 | the Corresponding Source for all the software in the product that is covered by this 234 | License, on a durable physical medium customarily used for software interchange, for 235 | a price no more than your reasonable cost of physically performing this conveying of 236 | source, or (2) access to copy the Corresponding Source from a network server at no 237 | charge. 238 | * **c)** Convey individual copies of the object code with a copy of the written offer to 239 | provide the Corresponding Source. This alternative is allowed only occasionally and 240 | noncommercially, and only if you received the object code with such an offer, in 241 | accord with subsection 6b. 242 | * **d)** Convey the object code by offering access from a designated place (gratis or for 243 | a charge), and offer equivalent access to the Corresponding Source in the same way 244 | through the same place at no further charge. You need not require recipients to copy 245 | the Corresponding Source along with the object code. If the place to copy the object 246 | code is a network server, the Corresponding Source may be on a different server 247 | (operated by you or a third party) that supports equivalent copying facilities, 248 | provided you maintain clear directions next to the object code saying where to find 249 | the Corresponding Source. Regardless of what server hosts the Corresponding Source, 250 | you remain obligated to ensure that it is available for as long as needed to satisfy 251 | these requirements. 252 | * **e)** Convey the object code using peer-to-peer transmission, provided you inform 253 | other peers where the object code and Corresponding Source of the work are being 254 | offered to the general public at no charge under subsection 6d. 255 | 256 | A separable portion of the object code, whose source code is excluded from the 257 | Corresponding Source as a System Library, need not be included in conveying the 258 | object code work. 259 | 260 | A “User Product” is either (1) a “consumer product”, which 261 | means any tangible personal property which is normally used for personal, family, or 262 | household purposes, or (2) anything designed or sold for incorporation into a 263 | dwelling. In determining whether a product is a consumer product, doubtful cases 264 | shall be resolved in favor of coverage. For a particular product received by a 265 | particular user, “normally used” refers to a typical or common use of 266 | that class of product, regardless of the status of the particular user or of the way 267 | in which the particular user actually uses, or expects or is expected to use, the 268 | product. A product is a consumer product regardless of whether the product has 269 | substantial commercial, industrial or non-consumer uses, unless such uses represent 270 | the only significant mode of use of the product. 271 | 272 | “Installation Information” for a User Product means any methods, 273 | procedures, authorization keys, or other information required to install and execute 274 | modified versions of a covered work in that User Product from a modified version of 275 | its Corresponding Source. The information must suffice to ensure that the continued 276 | functioning of the modified object code is in no case prevented or interfered with 277 | solely because modification has been made. 278 | 279 | If you convey an object code work under this section in, or with, or specifically for 280 | use in, a User Product, and the conveying occurs as part of a transaction in which 281 | the right of possession and use of the User Product is transferred to the recipient 282 | in perpetuity or for a fixed term (regardless of how the transaction is 283 | characterized), the Corresponding Source conveyed under this section must be 284 | accompanied by the Installation Information. But this requirement does not apply if 285 | neither you nor any third party retains the ability to install modified object code 286 | on the User Product (for example, the work has been installed in ROM). 287 | 288 | The requirement to provide Installation Information does not include a requirement to 289 | continue to provide support service, warranty, or updates for a work that has been 290 | modified or installed by the recipient, or for the User Product in which it has been 291 | modified or installed. Access to a network may be denied when the modification itself 292 | materially and adversely affects the operation of the network or violates the rules 293 | and protocols for communication across the network. 294 | 295 | Corresponding Source conveyed, and Installation Information provided, in accord with 296 | this section must be in a format that is publicly documented (and with an 297 | implementation available to the public in source code form), and must require no 298 | special password or key for unpacking, reading or copying. 299 | 300 | ### 7. Additional Terms. 301 | 302 | “Additional permissions” are terms that supplement the terms of this 303 | License by making exceptions from one or more of its conditions. Additional 304 | permissions that are applicable to the entire Program shall be treated as though they 305 | were included in this License, to the extent that they are valid under applicable 306 | law. If additional permissions apply only to part of the Program, that part may be 307 | used separately under those permissions, but the entire Program remains governed by 308 | this License without regard to the additional permissions. 309 | 310 | When you convey a copy of a covered work, you may at your option remove any 311 | additional permissions from that copy, or from any part of it. (Additional 312 | permissions may be written to require their own removal in certain cases when you 313 | modify the work.) You may place additional permissions on material, added by you to a 314 | covered work, for which you have or can give appropriate copyright permission. 315 | 316 | Notwithstanding any other provision of this License, for material you add to a 317 | covered work, you may (if authorized by the copyright holders of that material) 318 | supplement the terms of this License with terms: 319 | 320 | * **a)** Disclaiming warranty or limiting liability differently from the terms of 321 | sections 15 and 16 of this License; or 322 | * **b)** Requiring preservation of specified reasonable legal notices or author 323 | attributions in that material or in the Appropriate Legal Notices displayed by works 324 | containing it; or 325 | * **c)** Prohibiting misrepresentation of the origin of that material, or requiring that 326 | modified versions of such material be marked in reasonable ways as different from the 327 | original version; or 328 | * **d)** Limiting the use for publicity purposes of names of licensors or authors of the 329 | material; or 330 | * **e)** Declining to grant rights under trademark law for use of some trade names, 331 | trademarks, or service marks; or 332 | * **f)** Requiring indemnification of licensors and authors of that material by anyone 333 | who conveys the material (or modified versions of it) with contractual assumptions of 334 | liability to the recipient, for any liability that these contractual assumptions 335 | directly impose on those licensors and authors. 336 | 337 | All other non-permissive additional terms are considered “further 338 | restrictions” within the meaning of section 10. If the Program as you received 339 | it, or any part of it, contains a notice stating that it is governed by this License 340 | along with a term that is a further restriction, you may remove that term. If a 341 | license document contains a further restriction but permits relicensing or conveying 342 | under this License, you may add to a covered work material governed by the terms of 343 | that license document, provided that the further restriction does not survive such 344 | relicensing or conveying. 345 | 346 | If you add terms to a covered work in accord with this section, you must place, in 347 | the relevant source files, a statement of the additional terms that apply to those 348 | files, or a notice indicating where to find the applicable terms. 349 | 350 | Additional terms, permissive or non-permissive, may be stated in the form of a 351 | separately written license, or stated as exceptions; the above requirements apply 352 | either way. 353 | 354 | ### 8. Termination. 355 | 356 | You may not propagate or modify a covered work except as expressly provided under 357 | this License. Any attempt otherwise to propagate or modify it is void, and will 358 | automatically terminate your rights under this License (including any patent licenses 359 | granted under the third paragraph of section 11). 360 | 361 | However, if you cease all violation of this License, then your license from a 362 | particular copyright holder is reinstated (a) provisionally, unless and until the 363 | copyright holder explicitly and finally terminates your license, and (b) permanently, 364 | if the copyright holder fails to notify you of the violation by some reasonable means 365 | prior to 60 days after the cessation. 366 | 367 | Moreover, your license from a particular copyright holder is reinstated permanently 368 | if the copyright holder notifies you of the violation by some reasonable means, this 369 | is the first time you have received notice of violation of this License (for any 370 | work) from that copyright holder, and you cure the violation prior to 30 days after 371 | your receipt of the notice. 372 | 373 | Termination of your rights under this section does not terminate the licenses of 374 | parties who have received copies or rights from you under this License. If your 375 | rights have been terminated and not permanently reinstated, you do not qualify to 376 | receive new licenses for the same material under section 10. 377 | 378 | ### 9. Acceptance Not Required for Having Copies. 379 | 380 | You are not required to accept this License in order to receive or run a copy of the 381 | Program. Ancillary propagation of a covered work occurring solely as a consequence of 382 | using peer-to-peer transmission to receive a copy likewise does not require 383 | acceptance. However, nothing other than this License grants you permission to 384 | propagate or modify any covered work. These actions infringe copyright if you do not 385 | accept this License. Therefore, by modifying or propagating a covered work, you 386 | indicate your acceptance of this License to do so. 387 | 388 | ### 10. Automatic Licensing of Downstream Recipients. 389 | 390 | Each time you convey a covered work, the recipient automatically receives a license 391 | from the original licensors, to run, modify and propagate that work, subject to this 392 | License. You are not responsible for enforcing compliance by third parties with this 393 | License. 394 | 395 | An “entity transaction” is a transaction transferring control of an 396 | organization, or substantially all assets of one, or subdividing an organization, or 397 | merging organizations. If propagation of a covered work results from an entity 398 | transaction, each party to that transaction who receives a copy of the work also 399 | receives whatever licenses to the work the party's predecessor in interest had or 400 | could give under the previous paragraph, plus a right to possession of the 401 | Corresponding Source of the work from the predecessor in interest, if the predecessor 402 | has it or can get it with reasonable efforts. 403 | 404 | You may not impose any further restrictions on the exercise of the rights granted or 405 | affirmed under this License. For example, you may not impose a license fee, royalty, 406 | or other charge for exercise of rights granted under this License, and you may not 407 | initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging 408 | that any patent claim is infringed by making, using, selling, offering for sale, or 409 | importing the Program or any portion of it. 410 | 411 | ### 11. Patents. 412 | 413 | A “contributor” is a copyright holder who authorizes use under this 414 | License of the Program or a work on which the Program is based. The work thus 415 | licensed is called the contributor's “contributor version”. 416 | 417 | A contributor's “essential patent claims” are all patent claims owned or 418 | controlled by the contributor, whether already acquired or hereafter acquired, that 419 | would be infringed by some manner, permitted by this License, of making, using, or 420 | selling its contributor version, but do not include claims that would be infringed 421 | only as a consequence of further modification of the contributor version. For 422 | purposes of this definition, “control” includes the right to grant patent 423 | sublicenses in a manner consistent with the requirements of this License. 424 | 425 | Each contributor grants you a non-exclusive, worldwide, royalty-free patent license 426 | under the contributor's essential patent claims, to make, use, sell, offer for sale, 427 | import and otherwise run, modify and propagate the contents of its contributor 428 | version. 429 | 430 | In the following three paragraphs, a “patent license” is any express 431 | agreement or commitment, however denominated, not to enforce a patent (such as an 432 | express permission to practice a patent or covenant not to sue for patent 433 | infringement). To “grant” such a patent license to a party means to make 434 | such an agreement or commitment not to enforce a patent against the party. 435 | 436 | If you convey a covered work, knowingly relying on a patent license, and the 437 | Corresponding Source of the work is not available for anyone to copy, free of charge 438 | and under the terms of this License, through a publicly available network server or 439 | other readily accessible means, then you must either (1) cause the Corresponding 440 | Source to be so available, or (2) arrange to deprive yourself of the benefit of the 441 | patent license for this particular work, or (3) arrange, in a manner consistent with 442 | the requirements of this License, to extend the patent license to downstream 443 | recipients. “Knowingly relying” means you have actual knowledge that, but 444 | for the patent license, your conveying the covered work in a country, or your 445 | recipient's use of the covered work in a country, would infringe one or more 446 | identifiable patents in that country that you have reason to believe are valid. 447 | 448 | If, pursuant to or in connection with a single transaction or arrangement, you 449 | convey, or propagate by procuring conveyance of, a covered work, and grant a patent 450 | license to some of the parties receiving the covered work authorizing them to use, 451 | propagate, modify or convey a specific copy of the covered work, then the patent 452 | license you grant is automatically extended to all recipients of the covered work and 453 | works based on it. 454 | 455 | A patent license is “discriminatory” if it does not include within the 456 | scope of its coverage, prohibits the exercise of, or is conditioned on the 457 | non-exercise of one or more of the rights that are specifically granted under this 458 | License. You may not convey a covered work if you are a party to an arrangement with 459 | a third party that is in the business of distributing software, under which you make 460 | payment to the third party based on the extent of your activity of conveying the 461 | work, and under which the third party grants, to any of the parties who would receive 462 | the covered work from you, a discriminatory patent license (a) in connection with 463 | copies of the covered work conveyed by you (or copies made from those copies), or (b) 464 | primarily for and in connection with specific products or compilations that contain 465 | the covered work, unless you entered into that arrangement, or that patent license 466 | was granted, prior to 28 March 2007. 467 | 468 | Nothing in this License shall be construed as excluding or limiting any implied 469 | license or other defenses to infringement that may otherwise be available to you 470 | under applicable patent law. 471 | 472 | ### 12. No Surrender of Others' Freedom. 473 | 474 | If conditions are imposed on you (whether by court order, agreement or otherwise) 475 | that contradict the conditions of this License, they do not excuse you from the 476 | conditions of this License. If you cannot convey a covered work so as to satisfy 477 | simultaneously your obligations under this License and any other pertinent 478 | obligations, then as a consequence you may not convey it at all. For example, if you 479 | agree to terms that obligate you to collect a royalty for further conveying from 480 | those to whom you convey the Program, the only way you could satisfy both those terms 481 | and this License would be to refrain entirely from conveying the Program. 482 | 483 | ### 13. Use with the GNU Affero General Public License. 484 | 485 | Notwithstanding any other provision of this License, you have permission to link or 486 | combine any covered work with a work licensed under version 3 of the GNU Affero 487 | General Public License into a single combined work, and to convey the resulting work. 488 | The terms of this License will continue to apply to the part which is the covered 489 | work, but the special requirements of the GNU Affero General Public License, section 490 | 13, concerning interaction through a network will apply to the combination as such. 491 | 492 | ### 14. Revised Versions of this License. 493 | 494 | The Free Software Foundation may publish revised and/or new versions of the GNU 495 | General Public License from time to time. Such new versions will be similar in spirit 496 | to the present version, but may differ in detail to address new problems or concerns. 497 | 498 | Each version is given a distinguishing version number. If the Program specifies that 499 | a certain numbered version of the GNU General Public License “or any later 500 | version” applies to it, you have the option of following the terms and 501 | conditions either of that numbered version or of any later version published by the 502 | Free Software Foundation. If the Program does not specify a version number of the GNU 503 | General Public License, you may choose any version ever published by the Free 504 | Software Foundation. 505 | 506 | If the Program specifies that a proxy can decide which future versions of the GNU 507 | General Public License can be used, that proxy's public statement of acceptance of a 508 | version permanently authorizes you to choose that version for the Program. 509 | 510 | Later license versions may give you additional or different permissions. However, no 511 | additional obligations are imposed on any author or copyright holder as a result of 512 | your choosing to follow a later version. 513 | 514 | ### 15. Disclaimer of Warranty. 515 | 516 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. 517 | EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 518 | PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER 519 | EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 520 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE 521 | QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE 522 | DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 523 | 524 | ### 16. Limitation of Liability. 525 | 526 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY 527 | COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS 528 | PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, 529 | INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE 530 | PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE 531 | OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE 532 | WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 533 | POSSIBILITY OF SUCH DAMAGES. 534 | 535 | ### 17. Interpretation of Sections 15 and 16. 536 | 537 | If the disclaimer of warranty and limitation of liability provided above cannot be 538 | given local legal effect according to their terms, reviewing courts shall apply local 539 | law that most closely approximates an absolute waiver of all civil liability in 540 | connection with the Program, unless a warranty or assumption of liability accompanies 541 | a copy of the Program in return for a fee. 542 | 543 | END OF TERMS AND CONDITIONS 544 | 545 | ## How to Apply These Terms to Your New Programs 546 | 547 | If you develop a new program, and you want it to be of the greatest possible use to 548 | the public, the best way to achieve this is to make it free software which everyone 549 | can redistribute and change under these terms. 550 | 551 | To do so, attach the following notices to the program. It is safest to attach them 552 | to the start of each source file to most effectively state the exclusion of warranty; 553 | and each file should have at least the “copyright” line and a pointer to 554 | where the full notice is found. 555 | 556 | 557 | Copyright (C) 558 | 559 | This program is free software: you can redistribute it and/or modify 560 | it under the terms of the GNU General Public License as published by 561 | the Free Software Foundation, either version 3 of the License, or 562 | (at your option) any later version. 563 | 564 | This program is distributed in the hope that it will be useful, 565 | but WITHOUT ANY WARRANTY; without even the implied warranty of 566 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 567 | GNU General Public License for more details. 568 | 569 | You should have received a copy of the GNU General Public License 570 | along with this program. If not, see . 571 | 572 | Also add information on how to contact you by electronic and paper mail. 573 | 574 | If the program does terminal interaction, make it output a short notice like this 575 | when it starts in an interactive mode: 576 | 577 | Copyright (C) 578 | This program comes with ABSOLUTELY NO WARRANTY; for details type 'show w'. 579 | This is free software, and you are welcome to redistribute it 580 | under certain conditions; type 'show c' for details. 581 | 582 | The hypothetical commands 'show w' and 'show c' should show the appropriate parts of 583 | the General Public License. Of course, your program's commands might be different; 584 | for a GUI interface, you would use an “about box”. 585 | 586 | You should also get your employer (if you work as a programmer) or school, if any, to 587 | sign a “copyright disclaimer” for the program, if necessary. For more 588 | information on this, and how to apply and follow the GNU GPL, see 589 | <>. 590 | 591 | The GNU General Public License does not permit incorporating your program into 592 | proprietary programs. If your program is a subroutine library, you may consider it 593 | more useful to permit linking proprietary applications with the library. If this is 594 | what you want to do, use the GNU Lesser General Public License instead of this 595 | License. But first, please read 596 | <>. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## PHProxy 2 | [![AUR](https://img.shields.io/badge/style-GPL--3.0-blue.svg?style=flat&label=License)](https://github.com/azetrix/ShortLink/blob/master/LICENSE) 3 | 4 | PHProxy is a web HTTP proxy written in PHP. It is designed to bypass proxy restrictions through a web interface very similar to the popular [CGIProxy](http://www.jmarshall.com/tools/cgiproxy/). The only thing that PHProxy needs is a web server with PHP installed (see Requirements below). Be aware though, that the sever has to be able to access those resources to deliver them to you. 5 | 6 | Originaly developed in [SourceForge](http://www.sourceforge.net/projects/poxy/) during 2002-2007 and then abandoned. This project needs to live and it's development is continued here. 7 | 8 | ## Support 9 | 10 | * Create an issue: https://github.com/PHProxy/PHProxy/issues/new 11 | 12 | ## License 13 | 14 | This source code is released under the GPL. 15 | A copy of the license is provided in this package in the filename `LICENSE.md`. 16 | 17 | ## Requirements 18 | 19 | * PHP version > 5 20 | * `safe_mode` turned off or at least having the `fsockopen()` function not disabled 21 | * OpenSSL for support for secure connections (https) 22 | * Zlib for output compression 23 | * `file_uploads` turned On for HTTP file uploads. 24 | 25 | ## Installation 26 | 27 | Copy the files of the repository in your public web server folder or to a 28 | directory of your liking (prefrebly in its own directory). 29 | 30 | ``` 31 | cd /var/www/html/ 32 | git clone https://github.com/PHProxy/phproxy.git 33 | ``` 34 | 35 | ## How it Works 36 | 37 | You simply supply a URL to the form and click Browse. The script then 38 | accesses that URL, and if it has any HTML contents, it modifies 39 | any URLs so that they point back to the script. Of course, there is more 40 | to it than this, but if you would like to know more in 41 | detail, view the source code. 42 | 43 | ## Bugs and Limitations 44 | 45 | PHP is restrictive by nature, and as such, some problems arise that 46 | would have not if this project were otherwise coded in another programming 47 | language. The first example of this is the dots in incoming variable names 48 | from POST and GET methods. In a normal programming language, this wouldn't be 49 | a problem as these variables could be accessed normally as they are 50 | supplied, with dots included. In PHP, however, dots in GET, POST, and 51 | COOKIE variable names are magically transformed into underscores 52 | because of `register_globals`. Things like Yahoo! Mail which has dots 53 | in variable names will not work. There's no easy way around this, but 54 | luckily, I have provided the solutions right here: 55 | 56 | 1. I've already taken care of cookies by manually transforming 57 | the underscores manually into dots when needed. 58 | 2. For GET variables, this shouldn't be a huge problem since the URLs 59 | are URL-encoded into the url_var_name. The only time this should be 60 | an issue is when a GET form uses dots in input names, and this could 61 | be recitified by using $_SERVER['QUERY_STRING'], and parsing that 62 | variable. But this, luckily, doesn't happen too often. 63 | 3. As for POST data, one solution is to use $HTTP_RAW_POST_DATA. But then, 64 | this variable might not be available in certain PHP configurations, 65 | and it would need further parsing, and it still doesn't account 66 | for uploaded FILES. This is extremely impractical and ugly. 67 | 68 | The best thing you could do if you have enough control over your Web server 69 | and can compile custom builds of PHP is to delete a single line in a PHP source 70 | code file called "php_variables.c" located in the "main" directory. 71 | The function in question is called "php_register_variable_ex". I've only checked 72 | this with PHP v4.4.4 and the exact line to delete is 117th line which basically 73 | consists of this: 74 | 75 | case '.': 76 | 77 | Now just compile and install PHP and everything should be fine. Just make 78 | sure that you have register_globals off or something might get messed up. 79 | 80 | Another problem facing many Web proxies is support for JavaScript. 81 | The best thing you could do right now is to have the JavaScript 82 | disabled on your browsing options as most sites degrade gracefully, 83 | such as Gmail. 84 | 85 | A third limitation for Web proxies is content accessed from within proxied 86 | Flash and Java applications and such. Since the proxy script doesn't have access 87 | to the source code of these applications, the links which they may decide 88 | to stream or access will not be proxified. There's no easy solution for this 89 | right now. 90 | 91 | PHProxy also doesn't support FTP. This may or may not be introduced 92 | in future releases, but there are no current plans for FTP support. 93 | -------------------------------------------------------------------------------- /edit.php: -------------------------------------------------------------------------------- 1 | 10 | 11 | 12 | 13 | 14 | Settings 15 | 16 | 17 | 18 |
19 |
20 |
21 |

Settings

22 |
23 |
24 | 45 |
46 |
47 | 48 | 49 | Back 50 |
51 |
52 |
53 | 54 | 55 | -------------------------------------------------------------------------------- /files/.htaccess: -------------------------------------------------------------------------------- 1 | Options -Indexes -------------------------------------------------------------------------------- /files/css/index.css: -------------------------------------------------------------------------------- 1 | * { 2 | padding: 0; 3 | margin: 0 4 | } 5 | body { 6 | background: #f3f3f3; 7 | font: 400 16px sans-serif; 8 | color: #555; 9 | } 10 | .main { 11 | box-sizing: border-box; 12 | width: 100%; 13 | max-width: 500px; 14 | min-width: 350px; 15 | margin: 50px auto; 16 | padding: 55px; 17 | background-color: #fff; 18 | box-shadow: 6px 6px 20px 0px rgba(0, 0, 0, 0.5); 19 | font: 400 14px sans-serif; 20 | text-align: center; 21 | } 22 | .main-auth-box { 23 | box-shadow: 6px 6px 20px 0px rgba(255, 0, 0, 0.29)!important; 24 | } 25 | .form-title-row { 26 | margin: 0 auto 40px auto; 27 | text-align: left; 28 | } 29 | .form-title-row h1 { 30 | display: block; 31 | box-sizing: border-box; 32 | color: #4C565E; 33 | font-size: 24px; 34 | padding: 0 0 3px; 35 | margin: 0; 36 | border-bottom: 2px solid #6CAEE0; 37 | } 38 | .form-row { 39 | text-align: left; 40 | } 41 | .form-row label span { 42 | display: block; 43 | box-sizing: border-box; 44 | color: #5f5f5f; 45 | padding: 0 0 10px; 46 | font-weight: 700; 47 | } 48 | form input { 49 | color: #5f5f5f; 50 | box-sizing: border-box; 51 | box-shadow: 1px 2px 4px 0 rgba(0, 0, 0, .08); 52 | padding: 12px 18px; 53 | border: 1px solid #dbdbdb; 54 | margin-bottom: 10px; 55 | } 56 | form input[type=email], form input[type=username], form input[type=password], form input[type=text], form textarea { 57 | width: 100% 58 | } 59 | form input[type=number] { 60 | max-width: 100px 61 | } 62 | form input[type=checkbox], form input[type=radio] { 63 | box-shadow: none; 64 | width: auto 65 | } 66 | form textarea { 67 | color: #5f5f5f; 68 | box-sizing: border-box; 69 | box-shadow: 1px 2px 4px 0 rgba(0, 0, 0, .08); 70 | padding: 12px 18px; 71 | border: 1px solid #dbdbdb; 72 | resize: none; 73 | min-height: 80px; 74 | } 75 | form select { 76 | background-color: #fff; 77 | color: #5f5f5f; 78 | box-sizing: border-box; 79 | width: 240px; 80 | box-shadow: 1px 2px 4px 0 rgba(0, 0, 0, .08); 81 | padding: 12px 18px; 82 | border: 1px solid #dbdbdb 83 | } 84 | form .form-radio-buttons>div { 85 | margin-bottom: 10px 86 | } 87 | form .form-radio-buttons label span { 88 | margin-left: 8px; 89 | color: #5f5f5f 90 | } 91 | form .form-radio-buttons input { 92 | width: auto 93 | } 94 | .button-submit { 95 | border-radius: 2px; 96 | background-color: #6caee0; 97 | color: #fff; 98 | font: 700 13.3333px Arial; 99 | box-shadow: 1px 2px 4px 0 rgba(0, 0, 0, .08); 100 | padding: 14px 22px; 101 | border: 0; 102 | margin-top: 10px; 103 | cursor: pointer; 104 | text-decoration: none; 105 | } 106 | .button-cancel { 107 | border-radius: 2px; 108 | background-color: #a4bbcc; 109 | color: #fff; 110 | font: 700 13.3333px Arial; 111 | box-shadow: 1px 2px 4px 0 rgba(0, 0, 0, .08); 112 | padding: 14px 22px; 113 | border: 0; 114 | margin-top: 10px; 115 | cursor: pointer; 116 | text-decoration: none; 117 | } 118 | p.explanation { 119 | padding: 15px 20px; 120 | line-height: 1.5; 121 | background-color: #FFFFE0; 122 | font-size: 13px; 123 | text-align: center; 124 | margin-top: 40px; 125 | color: #6B6B48; 126 | border-radius: 3px; 127 | border-bottom: 2px solid #ECECD0; 128 | border-right: 2px solid #ECECD0; 129 | text-align: left 130 | } 131 | p.error { 132 | padding: 15px 20px; 133 | line-height: 1.5; 134 | background-color: #ff7272; 135 | font-size: 13px; 136 | text-align: center; 137 | margin-top: 40px; 138 | color: #ffffff; 139 | border-radius: 3px; 140 | border-bottom: 2px solid #fd3333; 141 | border-right: 2px solid #c1294c; 142 | text-align: left; 143 | } 144 | p.info { 145 | padding: 15px 20px; 146 | line-height: 1.5; 147 | background-color: #56dcb1; 148 | font-size: 13px; 149 | text-align: center; 150 | margin-top: 40px; 151 | color: #ffffff; 152 | border-radius: 3px; 153 | border-bottom: 2px solid #76dc75; 154 | border-right: 2px solid #30cc2e; 155 | text-align: left; 156 | } 157 | .auth-header { 158 | border-bottom: 2px solid #ff8100 !important; 159 | } 160 | .auth { 161 | margin-top: 10px; 162 | } 163 | .prx-opt-menu { 164 | list-style: none; 165 | text-align: initial; 166 | padding-left: 4%; 167 | } 168 | .option label input { 169 | margin-right: 10px; 170 | } 171 | @media (max-width:600px) { 172 | .main { 173 | padding: 30px 174 | } 175 | body { 176 | background: #fff; 177 | } 178 | .main { 179 | box-shadow: none; 180 | } 181 | } 182 | #proxopttogl { 183 | position: absolute; 184 | left: -12em; 185 | } 186 | #proxopttogl~#proxoptmenu { 187 | display: none; 188 | } 189 | #proxopttogl:checked~#proxoptmenu { 190 | display: block; 191 | } 192 | -------------------------------------------------------------------------------- /files/js/index.js: -------------------------------------------------------------------------------- 1 | "use strict"; 2 | document.addEventListener('DOMContentLoaded', function() { 3 | var x, l = document.getElementById("newWin"); 4 | if (l && (x = l.querySelector("input"))) { 5 | x.addEventListener('click', function() { 6 | // get the form above 7 | for (var x = this.parentNode; x; x = x.parentNode) { 8 | if (x.method && x.localName.toLowerCase() === "form") { 9 | (this.checked) ? x.setAttribute("target", "_blank"): x.removeAttribute("target"); 10 | break; 11 | } 12 | } 13 | }, false); 14 | l.style.removeProperty('display'); 15 | } 16 | }, false); 17 | -------------------------------------------------------------------------------- /files/php/.htaccess: -------------------------------------------------------------------------------- 1 | deny from all -------------------------------------------------------------------------------- /files/php/functions.inc.php: -------------------------------------------------------------------------------- 1 | $value) { 18 | $key = isset($parent_key) ? sprintf('%s[%s]', $parent_key, urlencode($key)) : urlencode($key); 19 | if (is_array($value)) { 20 | $temp = array_merge($temp, set_post_vars($value, $key)); 21 | } else { 22 | $temp[$key] = urlencode($value); 23 | } 24 | } 25 | 26 | return $temp; 27 | } 28 | 29 | function set_post_files($array, $parent_key = null) 30 | { 31 | $temp = array(); 32 | 33 | foreach ($array as $key => $value) { 34 | $key = isset($parent_key) ? sprintf('%s[%s]', $parent_key, urlencode($key)) : urlencode($key); 35 | if (is_array($value)) { 36 | $temp = array_merge_recursive($temp, set_post_files($value, $key)); 37 | } else if (preg_match('#^([^\[\]]+)\[(name|type|tmp_name)\]#', $key, $m)) { 38 | $temp[str_replace($m[0], $m[1], $key)][$m[2]] = $value; 39 | } 40 | } 41 | 42 | return $temp; 43 | } 44 | 45 | function url_parse($url, &$container) 46 | { 47 | $temp = @parse_url($url); 48 | 49 | if (!empty($temp)) { 50 | $temp['port_ext'] = ''; 51 | $temp['base'] = $temp['scheme'] . '://' . $temp['host']; 52 | 53 | if (isset($temp['port'])) { 54 | $temp['base'] .= $temp['port_ext'] = ':' . $temp['port']; 55 | } else { 56 | $temp['port'] = $temp['scheme'] === 'https' ? 443 : 80; 57 | } 58 | 59 | $temp['path'] = isset($temp['path']) ? $temp['path'] : '/'; 60 | $path = array(); 61 | $temp['path'] = explode('/', $temp['path']); 62 | 63 | foreach ($temp['path'] as $dir) { 64 | if ($dir === '..') { 65 | array_pop($path); 66 | } else if ($dir !== '.') { 67 | for ($dir = rawurldecode($dir), $new_dir = '', $i = 0, $count_i = strlen($dir); $i < $count_i; $new_dir .= strspn($dir{$i}, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789$-_.+!*\'(),?:@&;=') ? $dir{$i} : rawurlencode($dir{$i}), ++$i); 68 | $path[] = $new_dir; 69 | } 70 | } 71 | 72 | $temp['path'] = str_replace('/%7E', '/~', '/' . ltrim(implode('/', $path), '/')); 73 | $temp['file'] = substr($temp['path'], strrpos($temp['path'], '/') + 1); 74 | $temp['dir'] = substr($temp['path'], 0, strrpos($temp['path'], '/')); 75 | $temp['base'] .= $temp['dir']; 76 | $temp['prev_dir'] = substr_count($temp['path'], '/') > 1 ? substr($temp['base'], 0, strrpos($temp['base'], '/') + 1) : $temp['base'] . '/'; 77 | $container = $temp; 78 | 79 | return true; 80 | } 81 | 82 | return false; 83 | } 84 | 85 | function complete_url($url, $proxify = true) 86 | { 87 | $url = html_entity_decode(trim($url)); 88 | 89 | if ($url === '') { 90 | return ''; 91 | } 92 | 93 | if (substr($url, 0, 5) == 'data:' || 94 | substr($url, 0, 11) == 'javascript:' || 95 | substr($url, 0, 6) == 'about:' || 96 | substr($url, 0, 7) == 'magnet:' || 97 | substr($url, 0, 4) == 'tel:' || 98 | substr($url, 0, 8) == 'ios-app:' || 99 | substr($url, 0, 12) == 'android-app:' || 100 | substr($url, 0, 7) == 'mailto:' || 101 | substr($url, 0, 6) == 'rms://') { 102 | return $url; 103 | } 104 | 105 | $hash_pos = strrpos($url, '#'); 106 | $fragment = $hash_pos !== false ? substr($url, $hash_pos) : ''; 107 | $sep_pos = strpos($url, '://'); 108 | $BASE_ORIGIN = parse_url($GLOBALS['_url']); 109 | $GLOBALS['_base']['scheme'] = empty($GLOBALS['_base']['scheme']) ? $BASE_ORIGIN['scheme'] : $GLOBALS['_base']['scheme']; 110 | $GLOBALS['_base']['host'] = empty($GLOBALS['_base']['host']) ? $BASE_ORIGIN['host'] : $GLOBALS['_base']['host']; 111 | 112 | if ($sep_pos === false || $sep_pos > 5) { 113 | switch ($url[0]) { 114 | case '/': 115 | $url = substr($url, 0, 2) === '//' ? $GLOBALS['_base']['scheme'] . ':' . $url : $GLOBALS['_base']['scheme'] . '://' . $GLOBALS['_base']['host'] . $GLOBALS['_base']['port_ext'] . $url; 116 | break; 117 | case '?': 118 | $url = $GLOBALS['_base']['base'] . '/' . $GLOBALS['_base']['file'] . $url; 119 | break; 120 | case '#': 121 | $proxify = false; 122 | break; 123 | default: 124 | $url = $GLOBALS['_base']['base'] . '/' . $url; 125 | } 126 | } 127 | 128 | return $proxify ? "{$GLOBALS['_script_url']}?{$GLOBALS['_config']['url_var_name']}=" . encode_url($url) . $fragment : $url; 129 | } 130 | 131 | function proxify_inline_css($css) 132 | { 133 | preg_match_all('#url\s*\(\s*(.+?(?=\)[f;,}!\s*]))\)#i', $css, $matches, PREG_SET_ORDER); 134 | 135 | for ($i = 0, $count = count($matches); $i < $count; ++$i) { 136 | $css = str_replace($matches[$i][0], 'url(' . proxify_css_url($matches[$i][1]) . ')', $css); 137 | } 138 | 139 | return $css; 140 | } 141 | 142 | function proxify_css($css) 143 | { 144 | $css = proxify_inline_css($css); 145 | 146 | preg_match_all("#@import\s*(?:\"([^\">]*)\"?|'([^'>]*)'?)([^;]*)(;|$)#i", $css, $matches, PREG_SET_ORDER); 147 | 148 | for ($i = 0, $count = count($matches); $i < $count; ++$i) { 149 | $delim = '"'; 150 | $url = $matches[$i][2]; 151 | 152 | if (isset($matches[$i][3])) { 153 | $delim = "'"; 154 | $url = $matches[$i][3]; 155 | } 156 | 157 | $css = str_replace($matches[$i][0], '@import ' . $delim . proxify_css_url($matches[$i][1]) . $delim . (isset($matches[$i][4]) ? $matches[$i][4] : ''), $css); 158 | } 159 | 160 | return $css; 161 | } 162 | 163 | function proxify_css_url($url) 164 | { 165 | $url = trim($url); 166 | $delim = strpos($url, '"') === 0 ? '"' : (strpos($url, "'") === 0 ? "'" : ''); 167 | if ($delim !== '') { 168 | $url = trim($url, $delim); 169 | } 170 | if (substr($url, 0, 5) == 'data:' || 171 | substr($url, 0, 11) == 'javascript:' || 172 | substr($url, 0, 6) == 'about:' || 173 | substr($url, 0, 7) == 'magnet:' || 174 | substr($url, 0, 4) == 'tel:' || 175 | substr($url, 0, 8) == 'ios-app:' || 176 | substr($url, 0, 12) == 'android-app:' || 177 | substr($url, 0, 7) == 'mailto:' || 178 | substr($url, 0, 6) == 'rms://') { 179 | return $delim . $url . $delim; 180 | } 181 | 182 | return $delim . preg_replace('#([\(\),\s\'"\\\])#', '\\$1', complete_url(trim(preg_replace('#\\\(.)#', '$1', $url)))) . $delim; 183 | } 184 | 185 | function encode_url($url) 186 | { 187 | global $_flags; 188 | 189 | if ($_flags['rotate13']) { 190 | $url = str_rot13($url); 191 | } elseif ($_flags['base64_encode']) { 192 | $url = base64_encode($url); 193 | } 194 | 195 | return rawurlencode($url); 196 | } 197 | 198 | function decode_url($url) 199 | { 200 | global $_flags; 201 | $url = rawurldecode($url); 202 | 203 | if ($_flags['rotate13']) { 204 | $url = str_rot13($url); 205 | } elseif ($_flags['base64_encode']) { 206 | $url = base64_decode($url); 207 | } 208 | 209 | return str_replace(array('&', '&'), '&', $url); 210 | } 211 | -------------------------------------------------------------------------------- /files/php/idna.class.php: -------------------------------------------------------------------------------- 1 | 0, 'b' => 1, 'c' => 2, 'd' => 3, 'e' => 4, 'f' => 5, 66 | 'g' => 6, 'h' => 7, 'i' => 8, 'j' => 9, 'k' => 10, 'l' => 11, 67 | 'm' => 12, 'n' => 13, 'o' => 14, 'p' => 15, 'q' => 16, 'r' => 17, 68 | 's' => 18, 't' => 19, 'u' => 20, 'v' => 21, 'w' => 22, 'x' => 23, 69 | 'y' => 24, 'z' => 25, '0' => 26, '1' => 27, '2' => 28, '3' => 29, 70 | '4' => 30, '5' => 31, '6' => 32, '7' => 33, '8' => 34, '9' => 35 71 | ); 72 | 73 | /** 74 | * Character encoding 75 | * 76 | * @param string 77 | */ 78 | protected $encoding; 79 | 80 | /** 81 | * Constructor 82 | * 83 | * @param string $encoding Character encoding 84 | */ 85 | public function __construct($encoding = 'UTF-8') 86 | { 87 | $this->encoding = $encoding; 88 | } 89 | 90 | /** 91 | * Encode a domain to its Punycode version 92 | * 93 | * @param string $input Domain name in Unicode to be encoded 94 | * @return string Punycode representation in ASCII 95 | */ 96 | public function encode($input) 97 | { 98 | $parts = explode('.', $input); 99 | foreach ($parts as &$part) { 100 | $part = $this->encodePart($part); 101 | } 102 | 103 | return implode('.', $parts); 104 | } 105 | 106 | /** 107 | * Encode a part of a domain name, such as tld, to its Punycode version 108 | * 109 | * @param string $input Part of a domain name 110 | * @return string Punycode representation of a domain part 111 | */ 112 | protected function encodePart($input) 113 | { 114 | $codePoints = $this->listCodePoints($input); 115 | 116 | $n = static::INITIAL_N; 117 | $bias = static::INITIAL_BIAS; 118 | $delta = 0; 119 | $h = $b = count($codePoints['basic']); 120 | 121 | $output = ''; 122 | foreach ($codePoints['basic'] as $code) { 123 | $output .= $this->codePointToChar($code); 124 | } 125 | if ($input === $output) { 126 | return $output; 127 | } 128 | if ($b > 0) { 129 | $output .= static::DELIMITER; 130 | } 131 | 132 | $codePoints['nonBasic'] = array_unique($codePoints['nonBasic']); 133 | sort($codePoints['nonBasic']); 134 | 135 | $i = 0; 136 | $length = mb_strlen($input, $this->encoding); 137 | while ($h < $length) { 138 | $m = $codePoints['nonBasic'][$i++]; 139 | $delta = $delta + ($m - $n) * ($h + 1); 140 | $n = $m; 141 | 142 | foreach ($codePoints['all'] as $c) { 143 | if ($c < $n || $c < static::INITIAL_N) { 144 | $delta++; 145 | } 146 | if ($c === $n) { 147 | $q = $delta; 148 | for ($k = static::BASE;; $k += static::BASE) { 149 | $t = $this->calculateThreshold($k, $bias); 150 | if ($q < $t) { 151 | break; 152 | } 153 | 154 | $code = $t + (($q - $t) % (static::BASE - $t)); 155 | $output .= static::$encodeTable[$code]; 156 | 157 | $q = ($q - $t) / (static::BASE - $t); 158 | } 159 | 160 | $output .= static::$encodeTable[$q]; 161 | $bias = $this->adapt($delta, $h + 1, ($h === $b)); 162 | $delta = 0; 163 | $h++; 164 | } 165 | } 166 | 167 | $delta++; 168 | $n++; 169 | } 170 | 171 | return static::PREFIX . $output; 172 | } 173 | 174 | /** 175 | * Decode a Punycode domain name to its Unicode counterpart 176 | * 177 | * @param string $input Domain name in Punycode 178 | * @return string Unicode domain name 179 | */ 180 | public function decode($input) 181 | { 182 | $parts = explode('.', $input); 183 | foreach ($parts as &$part) { 184 | if (strpos($part, static::PREFIX) !== 0) { 185 | continue; 186 | } 187 | 188 | $part = substr($part, strlen(static::PREFIX)); 189 | $part = $this->decodePart($part); 190 | } 191 | 192 | return implode('.', $parts); 193 | } 194 | 195 | /** 196 | * Decode a part of domain name, such as tld 197 | * 198 | * @param string $input Part of a domain name 199 | * @return string Unicode domain part 200 | */ 201 | protected function decodePart($input) 202 | { 203 | $n = static::INITIAL_N; 204 | $i = 0; 205 | $bias = static::INITIAL_BIAS; 206 | $output = ''; 207 | 208 | $pos = strrpos($input, static::DELIMITER); 209 | if ($pos !== false) { 210 | $output = substr($input, 0, $pos++); 211 | } else { 212 | $pos = 0; 213 | } 214 | 215 | $outputLength = strlen($output); 216 | $inputLength = strlen($input); 217 | while ($pos < $inputLength) { 218 | $oldi = $i; 219 | $w = 1; 220 | 221 | for ($k = static::BASE;; $k += static::BASE) { 222 | $digit = static::$decodeTable[$input[$pos++]]; 223 | $i = $i + ($digit * $w); 224 | $t = $this->calculateThreshold($k, $bias); 225 | 226 | if ($digit < $t) { 227 | break; 228 | } 229 | 230 | $w = $w * (static::BASE - $t); 231 | } 232 | 233 | $bias = $this->adapt($i - $oldi, ++$outputLength, ($oldi === 0)); 234 | $n = $n + (int) ($i / $outputLength); 235 | $i = $i % ($outputLength); 236 | $output = mb_substr($output, 0, $i, $this->encoding) . $this->codePointToChar($n) . mb_substr($output, $i, $outputLength - 1, $this->encoding); 237 | 238 | $i++; 239 | } 240 | 241 | return $output; 242 | } 243 | 244 | /** 245 | * Calculate the bias threshold to fall between TMIN and TMAX 246 | * 247 | * @param integer $k 248 | * @param integer $bias 249 | * @return integer 250 | */ 251 | protected function calculateThreshold($k, $bias) 252 | { 253 | if ($k <= $bias + static::TMIN) { 254 | return static::TMIN; 255 | } elseif ($k >= $bias + static::TMAX) { 256 | return static::TMAX; 257 | } 258 | return $k - $bias; 259 | } 260 | 261 | /** 262 | * Bias adaptation 263 | * 264 | * @param integer $delta 265 | * @param integer $numPoints 266 | * @param boolean $firstTime 267 | * @return integer 268 | */ 269 | protected function adapt($delta, $numPoints, $firstTime) 270 | { 271 | $delta = (int) ( 272 | ($firstTime) 273 | ? $delta / static::DAMP 274 | : $delta / 2 275 | ); 276 | $delta += (int) ($delta / $numPoints); 277 | 278 | $k = 0; 279 | while ($delta > ((static::BASE - static::TMIN) * static::TMAX) / 2) { 280 | $delta = (int) ($delta / (static::BASE - static::TMIN)); 281 | $k = $k + static::BASE; 282 | } 283 | $k = $k + (int) (((static::BASE - static::TMIN + 1) * $delta) / ($delta + static::SKEW)); 284 | 285 | return $k; 286 | } 287 | 288 | /** 289 | * List code points for a given input 290 | * 291 | * @param string $input 292 | * @return array Multi-dimension array with basic, non-basic and aggregated code points 293 | */ 294 | protected function listCodePoints($input) 295 | { 296 | $codePoints = array( 297 | 'all' => array(), 298 | 'basic' => array(), 299 | 'nonBasic' => array(), 300 | ); 301 | 302 | $length = mb_strlen($input, $this->encoding); 303 | for ($i = 0; $i < $length; $i++) { 304 | $char = mb_substr($input, $i, 1, $this->encoding); 305 | $code = $this->charToCodePoint($char); 306 | if ($code < 128) { 307 | $codePoints['all'][] = $codePoints['basic'][] = $code; 308 | } else { 309 | $codePoints['all'][] = $codePoints['nonBasic'][] = $code; 310 | } 311 | } 312 | 313 | return $codePoints; 314 | } 315 | 316 | /** 317 | * Convert a single or multi-byte character to its code point 318 | * 319 | * @param string $char 320 | * @return integer 321 | */ 322 | protected function charToCodePoint($char) 323 | { 324 | $code = ord($char[0]); 325 | if ($code < 128) { 326 | return $code; 327 | } elseif ($code < 224) { 328 | return (($code - 192) * 64) + (ord($char[1]) - 128); 329 | } elseif ($code < 240) { 330 | return (($code - 224) * 4096) + ((ord($char[1]) - 128) * 64) + (ord($char[2]) - 128); 331 | } else { 332 | return (($code - 240) * 262144) + ((ord($char[1]) - 128) * 4096) + ((ord($char[2]) - 128) * 64) + (ord($char[3]) - 128); 333 | } 334 | } 335 | 336 | /** 337 | * Convert a code point to its single or multi-byte character 338 | * 339 | * @param integer $code 340 | * @return string 341 | */ 342 | protected function codePointToChar($code) 343 | { 344 | if ($code <= 0x7F) { 345 | return chr($code); 346 | } elseif ($code <= 0x7FF) { 347 | return chr(($code >> 6) + 192) . chr(($code & 63) + 128); 348 | } elseif ($code <= 0xFFFF) { 349 | return chr(($code >> 12) + 224) . chr((($code >> 6) & 63) + 128) . chr(($code & 63) + 128); 350 | } else { 351 | return chr(($code >> 18) + 240) . chr((($code >> 12) & 63) + 128) . chr((($code >> 6) & 63) + 128) . chr(($code & 63) + 128); 352 | } 353 | } 354 | } -------------------------------------------------------------------------------- /files/php/index.inc.php: -------------------------------------------------------------------------------- 1 | 6 | 7 | 8 | 9 | <?php echo htmlspecialchars($GLOBALS['_config']['site_name']); ?> 10 | 224 | 225 | 226 | 227 | 228 | 229 |
230 |
231 |
232 |

233 |
234 |
235 | 239 |
240 |
241 | 242 | 243 |
244 | '; 248 | 249 | switch ($data['group']) { 250 | case 'url': 251 | echo 'URL Error (' . htmlspecialchars($data['error']) . '): '; 252 | switch ($data['type']) { 253 | case 'internal': 254 | $message = 'Failed to connect to the specified host. ' 255 | . 'Possible problems are that the server was not found, the connection timed out, or the connection refused by the host. ' 256 | . 'Try connecting again and check if the address is correct.'; 257 | break; 258 | case 'external': 259 | switch ($data['error']) { 260 | case 1: 261 | $message = 'The URL you\'re attempting to access is blacklisted by this server. Please select another URL.'; 262 | break; 263 | case 2: 264 | $message = 'The URL you entered is malformed. Please check whether you entered the correct URL or not.'; 265 | break; 266 | } 267 | break; 268 | } 269 | break; 270 | case 'resource': 271 | echo 'Resource Error: '; 272 | switch ($data['type']) { 273 | case 'file_size': 274 | $message = 'The file your are attempting to download is too large.
' 275 | . 'Maxiumum permissible file size is ' . number_format($GLOBALS['_config']['max_file_size'] / 1048576, 2) . ' MB
' 276 | . 'Requested file size is ' . number_format($GLOBALS['_content_length'] / 1048576, 2) . ' MB'; 277 | break; 278 | case 'hotlinking': 279 | $message = 'It appears that you are trying to access a resource through this proxy from a remote Website.
' 280 | . 'For security reasons, please use the form below to do so.'; 281 | break; 282 | } 283 | break; 284 | } 285 | 286 | echo 'An error has occured while trying to browse through the proxy.
' . $message . '

'; 287 | break; 288 | } 289 | ?> 290 |
291 | 292 | 293 |
294 |
295 |

Options

296 |
297 |
298 | 299 | $flag_value) { 301 | if (!$GLOBALS['_frozen_flags'][$flag_name]) { 302 | echo '
  • ' . "\n"; 303 | } 304 | } 305 | ?> 306 |
    307 | MORE... 308 |
    309 | 310 |
    311 | 312 | 313 |
    314 |
    315 |
    316 |

    Authentication Required

    317 |
    318 | 319 |
    320 | 324 | 328 |
    329 | 330 |
    331 | 332 | Cancel 333 |
    334 | 335 |

    Authentication Required: The supplied credentials were unauthorized to access the specified content.

    336 | 337 |

    Authentication Required: Enter your username and password for "" on

    338 | 339 |
    340 |
    341 | 342 |
    PHProxy
    343 | 344 | 345 | -------------------------------------------------------------------------------- /files/php/misc.override.php: -------------------------------------------------------------------------------- 1 | '_proxurl', 27 | 'flags_var_name' => '_proxfl', 28 | 'get_form_name' => '_proxgfn', 29 | 'basic_auth_var_name' => '_proxba', 30 | 'site_name' => 'PHProxy', 31 | 'max_file_size' => -1, 32 | 'allow_hotlinking' => 0, 33 | 'upon_hotlink' => 1, 34 | 'compress_output' => 0 35 | ); 36 | $_flags = array 37 | ( 38 | 'include_form' => 0, 39 | 'remove_scripts' => 1, 40 | 'accept_cookies' => 1, 41 | 'show_images' => 1, 42 | 'show_referer' => 1, 43 | 'rotate13' => 0, 44 | 'base64_encode' => 1, 45 | 'strip_meta' => 0, 46 | 'strip_title' => 1, 47 | 'session_cookies' => 1 48 | ); 49 | $_frozen_flags = array 50 | ( 51 | 'include_form' => 0, 52 | 'remove_scripts' => 0, 53 | 'accept_cookies' => 0, 54 | 'show_images' => 0, 55 | 'show_referer' => 0, 56 | 'rotate13' => 0, 57 | 'base64_encode' => 0, 58 | 'strip_meta' => 0, 59 | 'strip_title' => 0, 60 | 'session_cookies' => 0 61 | ); 62 | $_labels = array 63 | ( 64 | 'include_form' => array('Include Form', 'Include mini URL-form on every page'), 65 | 'remove_scripts' => array('Remove Scripts', 'Remove client-side scripting (i.e JavaScript)'), 66 | 'accept_cookies' => array('Accept Cookies', 'Allow cookies to be stored'), 67 | 'show_images' => array('Show Images', 'Show images on browsed pages'), 68 | 'show_referer' => array('Show Referer', 'Show actual referring Website'), 69 | 'rotate13' => array('Rotate13', 'Use ROT13 encoding on the address'), 70 | 'base64_encode' => array('Base64', 'Use base64 encoding on the address'), 71 | 'strip_meta' => array('Strip Meta', 'Strip meta information tags from pages'), 72 | 'strip_title' => array('Strip Title', 'Strip page title'), 73 | 'session_cookies' => array('Session Cookies', 'Store cookies for this session only') 74 | ); 75 | 76 | $_hosts = array 77 | ( 78 | '#^127\.|192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[01])\.|localhost#i' 79 | ); 80 | $_hotlink_domains = array(); 81 | $_insert = array(); 82 | 83 | // 84 | // END CONFIGURABLE OPTIONS. The ride for you ends here. Close the file. 85 | // 86 | 87 | $_iflags = ''; 88 | $_system = array 89 | ( 90 | 'ssl' => extension_loaded('openssl') && version_compare(PHP_VERSION, '4.3.0', '>='), 91 | 'uploads' => ini_get('file_uploads'), 92 | 'gzip' => extension_loaded('zlib') && !ini_get('zlib.output_compression'), 93 | 'stripslashes' => get_magic_quotes_gpc() 94 | ); 95 | $_proxify = array('text/html' => 1, 'application/xml+xhtml' => 1, 'application/xhtml+xml' => 1, 'text/css' => 1); 96 | $_version = 'v1.1.1'; 97 | $_http_host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'localhost'); 98 | // https://stackoverflow.com/questions/4504831/serverhttp-host-contains-port-number-too 99 | $pos = strpos($_http_host, ':'); 100 | if ($pos) { 101 | $_http_host = substr($_http_host, 0, $pos); 102 | } 103 | $_script_url = 'http' . ((isset($_ENV['HTTPS']) && $_ENV['HTTPS'] == 'on') || $_SERVER['SERVER_PORT'] == 443 ? 's' : '') . '://' . $_http_host . ($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443 ? ':' . $_SERVER['SERVER_PORT'] : '') . $_SERVER['PHP_SELF']; 104 | $_script_base = substr($_script_url, 0, strrpos($_script_url, '/')+1); 105 | $_url = ''; 106 | $_url_parts = array(); 107 | $_base = array(); 108 | $_socket = null; 109 | $_request_method = $_SERVER['REQUEST_METHOD']; 110 | $_request_headers = ''; 111 | $_cookie = ''; 112 | $_post_body = ''; 113 | $_response_headers = array(); 114 | $_response_keys = array(); 115 | $_http_version = ''; 116 | $_response_code = 0; 117 | $_content_type = 'text/html'; 118 | $_content_length = false; 119 | $_content_disp = ''; 120 | $_set_cookie = array(); 121 | $_retry = false; 122 | $_quit = false; 123 | $_basic_auth_header = ''; 124 | $_basic_auth_realm = ''; 125 | $_auth_creds = array(); 126 | $_response_body = ''; 127 | $pos = $_COOKIE['userAgent']; 128 | if(!isset($pos) || $pos == ""){ // empty means old method 129 | $_user_agent = isset($_SERVER['HTTP_X_IORG_FBS']) ? 'SamsungI8910/SymbianOS/6.1 PHProxy/'.$_version : $_SERVER['HTTP_USER_AGENT']; 130 | }else if($pos == '.'){ // dot means use the browsers UA 131 | $_user_agent = $_SERVER['HTTP_USER_AGENT']; 132 | }else if($pos == '-'){ // dash means dont set UA 133 | $_user_agent = null; 134 | }else{ 135 | $_user_agent = $pos; 136 | } 137 | 138 | # to bind to a specific ip set $_bindip to desired IP 139 | # if you do not need to set a specific port use 0 as default 140 | # example: 141 | # $_bindip = '192.168.1.100:0'; 142 | # for default ip set value to default 143 | # $_bindip = 'default'; 144 | $_bindip = 'default'; 145 | 146 | // Functions declaration 147 | require_once("./files/php/functions.inc.php"); 148 | 149 | // 150 | // SET FLAGS 151 | // 152 | 153 | if (isset($_POST[$_config['url_var_name']]) && !isset($_GET[$_config['url_var_name']]) && isset($_POST[$_config['flags_var_name']])) 154 | { 155 | foreach ($_flags as $flag_name => $flag_value) 156 | { 157 | $_iflags .= isset($_POST[$_config['flags_var_name']][$flag_name]) ? (string)(int)(bool)$_POST[$_config['flags_var_name']][$flag_name] : ($_frozen_flags[$flag_name] ? $flag_value : '0'); 158 | 159 | } 160 | 161 | $_iflags = base_convert(($_iflags != '' ? $_iflags : '0'), 2, 16); 162 | } 163 | else if (isset($_GET[$_config['flags_var_name']]) && !isset($_GET[$_config['get_form_name']]) && ctype_alnum($_GET[$_config['flags_var_name']])) 164 | { 165 | $_iflags = $_GET[$_config['flags_var_name']]; 166 | } 167 | else if (isset($_COOKIE['flags']) && ctype_alnum($_COOKIE['flags'])) 168 | { 169 | $_iflags = $_COOKIE['flags']; 170 | } 171 | 172 | if ($_iflags !== '') 173 | { 174 | $_set_cookie[] = add_cookie('flags', $_iflags, time()+2419200); 175 | $_iflags = str_pad(base_convert($_iflags, 16, 2), count($_flags), '0', STR_PAD_LEFT); 176 | $i = 0; 177 | 178 | foreach ($_flags as $flag_name => $flag_value) 179 | { 180 | $_flags[$flag_name] = $_frozen_flags[$flag_name] ? $flag_value : (int)(bool)$_iflags{$i}; 181 | $i++; 182 | } 183 | } 184 | 185 | // 186 | // COMPRESS OUTPUT IF INSTRUCTED 187 | // 188 | 189 | if ($_config['compress_output'] && $_system['gzip']) 190 | { 191 | ob_start('ob_gzhandler'); 192 | } 193 | 194 | // 195 | // STRIP SLASHES FROM GPC IF NECESSARY 196 | // 197 | 198 | if ($_system['stripslashes']) 199 | { 200 | function _stripslashes($value) 201 | { 202 | return is_array($value) ? array_map('_stripslashes', $value) : (is_string($value) ? stripslashes($value) : $value); 203 | } 204 | 205 | $_GET = _stripslashes($_GET); 206 | $_POST = _stripslashes($_POST); 207 | $_COOKIE = _stripslashes($_COOKIE); 208 | } 209 | 210 | // 211 | // FIGURE OUT WHAT TO DO (POST URL-form submit, GET form request, regular request, basic auth, cookie manager, show URL-form) 212 | // 213 | 214 | if (isset($_POST[$_config['url_var_name']]) && !isset($_GET[$_config['url_var_name']])) 215 | { 216 | header('Location: ' . $_script_url . '?' . $_config['url_var_name'] . '=' . encode_url($_POST[$_config['url_var_name']]) . '&' . $_config['flags_var_name'] . '=' . base_convert($_iflags, 2, 16)); 217 | exit(0); 218 | } 219 | 220 | if (isset($_GET[$_config['get_form_name']])) 221 | { 222 | $_url = decode_url($_GET[$_config['get_form_name']]); 223 | $qstr = strpos($_url, '?') !== false ? (strpos($_url, '?') === strlen($_url)-1 ? '' : '&') : '?'; 224 | $arr = explode('&', $_SERVER['QUERY_STRING']); 225 | 226 | if (preg_match('#^\Q' . $_config['get_form_name'] . '\E#', $arr[0])) 227 | { 228 | array_shift($arr); 229 | } 230 | 231 | $_url .= $qstr . implode('&', $arr); 232 | } 233 | else if (isset($_GET[$_config['url_var_name']])) 234 | { 235 | $_url = decode_url($_GET[$_config['url_var_name']]); 236 | } 237 | else 238 | { 239 | show_report(array('which' => 'index', 'category' => 'entry_form')); 240 | } 241 | 242 | if (isset($_GET[$_config['url_var_name']], $_POST[$_config['basic_auth_var_name']], $_POST['username'], $_POST['password'])) 243 | { 244 | $_request_method = 'GET'; 245 | $_basic_auth_realm = base64_decode($_POST[$_config['basic_auth_var_name']]); 246 | $_basic_auth_header = base64_encode($_POST['username'] . ':' . $_POST['password']); 247 | } 248 | 249 | // 250 | // SET URL 251 | // 252 | 253 | if (strpos($_url, '://') === false) 254 | { 255 | $_url = 'http://' . $_url; 256 | } 257 | 258 | if (url_parse($_url, $_url_parts)) 259 | { 260 | $_base = $_url_parts; 261 | 262 | if (!empty($_hosts)) 263 | { 264 | foreach ($_hosts as $host) 265 | { 266 | if (preg_match($host, $_url_parts['host'])) 267 | { 268 | show_report(array('which' => 'index', 'category' => 'error', 'group' => 'url', 'type' => 'external', 'error' => 1)); 269 | } 270 | } 271 | } 272 | } 273 | else 274 | { 275 | show_report(array('which' => 'index', 'category' => 'error', 'group' => 'url', 'type' => 'external', 'error' => 2)); 276 | } 277 | 278 | 279 | /* 280 | * Check if the hostname is valid otherwise try to convert to idna 281 | */ 282 | $chars = str_split($_url_parts['host']); 283 | foreach($chars as $char){ 284 | if(ord($char)>122){ 285 | require_once("./files/php/idna.class.php"); 286 | $php_idna = new php_idna(); 287 | $_url_parts['host'] = $php_idna->encode($_url_parts['host']); 288 | break; 289 | } 290 | } 291 | 292 | 293 | // 294 | // HOTLINKING PREVENTION 295 | // 296 | 297 | if (!$_config['allow_hotlinking'] && isset($_SERVER['HTTP_REFERER'])) 298 | { 299 | $_hotlink_domains[] = $_http_host; 300 | $is_hotlinking = true; 301 | 302 | foreach ($_hotlink_domains as $host) 303 | { 304 | if (preg_match('#^https?\:\/\/(www)?\Q' . $host . '\E(\/|\:|$)#i', trim($_SERVER['HTTP_REFERER']))) 305 | { 306 | $is_hotlinking = false; 307 | break; 308 | } 309 | } 310 | 311 | if ($is_hotlinking) 312 | { 313 | switch ($_config['upon_hotlink']) 314 | { 315 | case 1: 316 | show_report(array('which' => 'index', 'category' => 'error', 'group' => 'resource', 'type' => 'hotlinking')); 317 | break; 318 | case 2: 319 | header('HTTP/1.0 404 Not Found'); 320 | exit(0); 321 | default: 322 | header('Location: ' . $_config['upon_hotlink']); 323 | exit(0); 324 | } 325 | } 326 | } 327 | 328 | // 329 | // OPEN SOCKET TO SERVER 330 | // 331 | 332 | do 333 | { 334 | $context = stream_context_create(); 335 | if ( $_bindip != 'default') { 336 | $opts = array('socket' => array('bindto' => $_bindip)); 337 | $context = stream_context_create($opts); 338 | } 339 | 340 | $_retry = false; 341 | $_socket = @stream_socket_client(($_url_parts['scheme'] === 'https' && $_system['ssl'] ? 'ssl://' : 'tcp://') . $_url_parts['host']. ":". $_url_parts['port'], $err_no, $err_str, 30,STREAM_CLIENT_CONNECT, $context); 342 | 343 | if ($_socket === false) 344 | { 345 | show_report(array('which' => 'index', 'category' => 'error', 'group' => 'url', 'type' => 'internal', 'error' => $err_no)); 346 | } 347 | 348 | // 349 | // SET REQUEST HEADERS 350 | // 351 | 352 | $_request_headers = $_request_method . ' ' . $_url_parts['path']; 353 | 354 | if (isset($_url_parts['query'])) 355 | { 356 | $_request_headers .= '?'; 357 | $query = preg_split('#([&;])#', $_url_parts['query'], -1, PREG_SPLIT_DELIM_CAPTURE); 358 | for ($i = 0, $count = count($query); $i < $count; $_request_headers .= implode('=', array_map('urlencode', array_map('urldecode', explode('=', $query[$i])))) . (isset($query[++$i]) ? $query[$i] : ''), $i++); 359 | } 360 | 361 | $_request_headers .= " HTTP/1.0\r\n"; 362 | $_request_headers .= 'Host: ' . $_url_parts['host'] . $_url_parts['port_ext'] . "\r\n"; 363 | 364 | if (!empty($_user_agent)) 365 | { 366 | $_request_headers .= 'User-Agent: ' . $_user_agent . "\r\n"; 367 | } 368 | if (isset($_SERVER['HTTP_ACCEPT'])) 369 | { 370 | $_request_headers .= 'Accept: ' . $_SERVER['HTTP_ACCEPT'] . "\r\n"; 371 | } 372 | else 373 | { 374 | $_request_headers .= "Accept: */*;q=0.1\r\n"; 375 | } 376 | if ($_flags['show_referer'] && isset($_SERVER['HTTP_REFERER']) && preg_match('#^\Q' . $_script_url . '?' . $_config['url_var_name'] . '=\E([^&]+)#', $_SERVER['HTTP_REFERER'], $matches)) 377 | { 378 | $_request_headers .= 'Referer: ' . decode_url($matches[1]) . "\r\n"; 379 | } 380 | if (!empty($_COOKIE)) 381 | { 382 | $_cookie = ''; 383 | $_auth_creds = array(); 384 | 385 | foreach ($_COOKIE as $cookie_id => $cookie_content) 386 | { 387 | $cookie_id = explode(';', rawurldecode($cookie_id)); 388 | $cookie_content = explode(';', rawurldecode($cookie_content)); 389 | 390 | if ($cookie_id[0] === 'COOKIE') 391 | { 392 | $cookie_id[3] = str_replace('_', '.', $cookie_id[3]); //stupid PHP can't have dots in var names 393 | 394 | if (count($cookie_id) < 4 || ($cookie_content[1] == 'secure' && $_url_parts['scheme'] != 'https')) 395 | { 396 | continue; 397 | } 398 | 399 | if ((preg_match('#\Q' . $cookie_id[3] . '\E$#i', $_url_parts['host']) || strtolower($cookie_id[3]) == strtolower('.' . $_url_parts['host'])) && preg_match('#^\Q' . $cookie_id[2] . '\E#', $_url_parts['path'])) 400 | { 401 | $_cookie .= ($_cookie != '' ? '; ' : '') . (empty($cookie_id[1]) ? '' : $cookie_id[1] . '=') . $cookie_content[0]; 402 | } 403 | } 404 | else if ($cookie_id[0] === 'AUTH' && count($cookie_id) === 3) 405 | { 406 | $cookie_id[2] = str_replace('_', '.', $cookie_id[2]); 407 | 408 | if ($_url_parts['host'] . ':' . $_url_parts['port'] === $cookie_id[2]) 409 | { 410 | $_auth_creds[$cookie_id[1]] = $cookie_content[0]; 411 | } 412 | } 413 | } 414 | 415 | if ($_cookie != '') 416 | { 417 | $_request_headers .= "Cookie: $_cookie\r\n"; 418 | } 419 | } 420 | if (isset($_url_parts['user'], $_url_parts['pass'])) 421 | { 422 | $_basic_auth_header = base64_encode($_url_parts['user'] . ':' . $_url_parts['pass']); 423 | } 424 | if (!empty($_basic_auth_header)) 425 | { 426 | $_set_cookie[] = add_cookie("AUTH;{$_basic_auth_realm};{$_url_parts['host']}:{$_url_parts['port']}", $_basic_auth_header); 427 | $_request_headers .= "Authorization: Basic {$_basic_auth_header}\r\n"; 428 | } 429 | else if (!empty($_basic_auth_realm) && isset($_auth_creds[$_basic_auth_realm])) 430 | { 431 | $_request_headers .= "Authorization: Basic {$_auth_creds[$_basic_auth_realm]}\r\n"; 432 | } 433 | else if (list($_basic_auth_realm, $_basic_auth_header) = each($_auth_creds)) 434 | { 435 | $_request_headers .= "Authorization: Basic {$_basic_auth_header}\r\n"; 436 | } 437 | if ($_request_method == 'POST') 438 | { 439 | if (!empty($_FILES) && $_system['uploads']) 440 | { 441 | $_data_boundary = '----' . md5(uniqid(rand(), true)); 442 | $array = set_post_vars($_POST); 443 | 444 | foreach ($array as $key => $value) 445 | { 446 | $_post_body .= "--{$_data_boundary}\r\n"; 447 | $_post_body .= "Content-Disposition: form-data; name=\"$key\"\r\n\r\n"; 448 | $_post_body .= urldecode($value) . "\r\n"; 449 | } 450 | 451 | $array = set_post_files($_FILES); 452 | 453 | foreach ($array as $key => $file_info) 454 | { 455 | $_post_body .= "--{$_data_boundary}\r\n"; 456 | $_post_body .= "Content-Disposition: form-data; name=\"$key\"; filename=\"{$file_info['name']}\"\r\n"; 457 | $_post_body .= 'Content-Type: ' . (empty($file_info['type']) ? 'application/octet-stream' : $file_info['type']) . "\r\n\r\n"; 458 | 459 | if (is_readable($file_info['tmp_name'])) 460 | { 461 | $handle = fopen($file_info['tmp_name'], 'rb'); 462 | $_post_body .= fread($handle, filesize($file_info['tmp_name'])); 463 | fclose($handle); 464 | } 465 | 466 | $_post_body .= "\r\n"; 467 | } 468 | 469 | $_post_body .= "--{$_data_boundary}--\r\n"; 470 | $_request_headers .= "Content-Type: multipart/form-data; boundary={$_data_boundary}\r\n"; 471 | $_request_headers .= "Content-Length: " . strlen($_post_body) . "\r\n\r\n"; 472 | $_request_headers .= $_post_body; 473 | } 474 | else 475 | { 476 | $array = set_post_vars($_POST); 477 | 478 | foreach ($array as $key => $value) 479 | { 480 | $_post_body .= !empty($_post_body) ? '&' : ''; 481 | $_post_body .= $key . '=' . $value; 482 | } 483 | $_request_headers .= "Content-Type: application/x-www-form-urlencoded\r\n"; 484 | $_request_headers .= "Content-Length: " . strlen($_post_body) . "\r\n\r\n"; 485 | $_request_headers .= $_post_body; 486 | $_request_headers .= "\r\n"; 487 | } 488 | 489 | $_post_body = ''; 490 | } 491 | else 492 | { 493 | $_request_headers .= "\r\n"; 494 | } 495 | 496 | fwrite($_socket, $_request_headers); 497 | 498 | // 499 | // PROCESS RESPONSE HEADERS 500 | // 501 | 502 | $_response_headers = $_response_keys = array(); 503 | 504 | $line = fgets($_socket, 8192); 505 | 506 | while (strspn($line, "\r\n") !== strlen($line)) 507 | { 508 | @list($name, $value) = explode(':', $line, 2); 509 | $name = trim($name); 510 | $_response_headers[strtolower($name)][] = trim($value); 511 | $_response_keys[strtolower($name)] = $name; 512 | $line = fgets($_socket, 8192); 513 | } 514 | 515 | sscanf(current($_response_keys), '%s %s', $_http_version, $_response_code); 516 | 517 | if (isset($_response_headers['content-type'])) 518 | { 519 | list($_content_type, ) = explode(';', str_replace(' ', '', strtolower($_response_headers['content-type'][0])), 2); 520 | } 521 | if (isset($_response_headers['content-length'])) 522 | { 523 | $_content_length = $_response_headers['content-length'][0]; 524 | unset($_response_headers['content-length'], $_response_keys['content-length']); 525 | } 526 | if (isset($_response_headers['content-disposition'])) 527 | { 528 | $_content_disp = $_response_headers['content-disposition'][0]; 529 | unset($_response_headers['content-disposition'], $_response_keys['content-disposition']); 530 | } 531 | if (isset($_response_headers['set-cookie']) && $_flags['accept_cookies']) 532 | { 533 | foreach ($_response_headers['set-cookie'] as $cookie) 534 | { 535 | $name = $value = $expires = $path = $domain = $secure = $expires_time = ''; 536 | 537 | preg_match('#^\s*([^=;,\s]*)\s*=?\s*([^;]*)#', $cookie, $match) && list(, $name, $value) = $match; 538 | preg_match('#;\s*expires\s*=\s*([^;]*)#i', $cookie, $match) && list(, $expires) = $match; 539 | preg_match('#;\s*path\s*=\s*([^;,\s]*)#i', $cookie, $match) && list(, $path) = $match; 540 | preg_match('#;\s*domain\s*=\s*([^;,\s]*)#i', $cookie, $match) && list(, $domain) = $match; 541 | preg_match('#;\s*(secure\b)#i', $cookie, $match) && list(, $secure) = $match; 542 | 543 | $expires_time = empty($expires) ? 0 : intval(@strtotime($expires)); 544 | $expires = ($_flags['session_cookies'] && !empty($expires) && time()-$expires_time < 0) ? '' : $expires; 545 | $path = empty($path) ? '/' : $path; 546 | 547 | if (empty($domain)) 548 | { 549 | $domain = $_url_parts['host']; 550 | } 551 | else 552 | { 553 | $domain = '.' . strtolower(str_replace('..', '.', trim($domain, '.'))); 554 | 555 | if ((!preg_match('#\Q' . $domain . '\E$#i', $_url_parts['host']) && $domain != '.' . $_url_parts['host']) || (substr_count($domain, '.') < 2 && $domain[0] == '.')) 556 | { 557 | continue; 558 | } 559 | } 560 | if (count($_COOKIE) >= 15 && time()-$expires_time <= 0) 561 | { 562 | $_set_cookie[] = add_cookie(current($_COOKIE), '', 1); 563 | } 564 | 565 | $_set_cookie[] = add_cookie("COOKIE;$name;$path;$domain", "$value;$secure", $expires_time); 566 | } 567 | } 568 | if (isset($_response_headers['set-cookie'])) 569 | { 570 | unset($_response_headers['set-cookie'], $_response_keys['set-cookie']); 571 | } 572 | if (!empty($_set_cookie)) 573 | { 574 | $_response_keys['set-cookie'] = 'Set-Cookie'; 575 | $_response_headers['set-cookie'] = $_set_cookie; 576 | } 577 | if (isset($_response_headers['p3p']) && preg_match('#policyref\s*=\s*[\'"]?([^\'"\s]*)[\'"]?#i', $_response_headers['p3p'][0], $matches)) 578 | { 579 | $_response_headers['p3p'][0] = str_replace($matches[0], 'policyref="' . complete_url($matches[1]) . '"', $_response_headers['p3p'][0]); 580 | } 581 | if (isset($_response_headers['refresh']) && preg_match('#([0-9\s]*;\s*URL\s*=)\s*(\S*)#i', $_response_headers['refresh'][0], $matches)) 582 | { 583 | $_response_headers['refresh'][0] = $matches[1] . complete_url($matches[2]); 584 | } 585 | if (isset($_response_headers['location'])) 586 | { 587 | $_response_headers['location'][0] = complete_url($_response_headers['location'][0]); 588 | } 589 | if (isset($_response_headers['uri'])) 590 | { 591 | $_response_headers['uri'][0] = complete_url($_response_headers['uri'][0]); 592 | } 593 | if (isset($_response_headers['content-location'])) 594 | { 595 | $_response_headers['content-location'][0] = complete_url($_response_headers['content-location'][0]); 596 | } 597 | if (isset($_response_headers['connection'])) 598 | { 599 | unset($_response_headers['connection'], $_response_keys['connection']); 600 | } 601 | if (isset($_response_headers['keep-alive'])) 602 | { 603 | unset($_response_headers['keep-alive'], $_response_keys['keep-alive']); 604 | } 605 | if ($_response_code == 401 && isset($_response_headers['www-authenticate']) && preg_match('#basic\s+(?:realm="(.*?)")?#i', $_response_headers['www-authenticate'][0], $matches)) 606 | { 607 | if (isset($_auth_creds[$matches[1]]) && !$_quit) 608 | { 609 | $_basic_auth_realm = $matches[1]; 610 | $_basic_auth_header = ''; 611 | $_retry = $_quit = true; 612 | } 613 | else 614 | { 615 | show_report(array('which' => 'index', 'category' => 'auth', 'realm' => $matches[1])); 616 | } 617 | } 618 | } 619 | while ($_retry); 620 | 621 | // 622 | // OUTPUT RESPONSE IF NO PROXIFICATION IS NEEDED 623 | // 624 | 625 | if (!isset($_proxify[$_content_type])) 626 | { 627 | @set_time_limit(0); 628 | 629 | $_response_keys['content-disposition'] = 'Content-Disposition'; 630 | $_response_headers['content-disposition'][0] = empty($_content_disp) ? ($_content_type == 'application/octet_stream' ? 'attachment' : 'inline') . '; filename="' . $_url_parts['file'] . '"' : $_content_disp; 631 | 632 | if ($_content_length !== false) 633 | { 634 | if ($_config['max_file_size'] != -1 && $_content_length > $_config['max_file_size']) 635 | { 636 | show_report(array('which' => 'index', 'category' => 'error', 'group' => 'resource', 'type' => 'file_size')); 637 | } 638 | 639 | $_response_keys['content-length'] = 'Content-Length'; 640 | $_response_headers['content-length'][0] = $_content_length; 641 | } 642 | 643 | $_response_headers = array_filter($_response_headers); 644 | $_response_keys = array_filter($_response_keys); 645 | 646 | header(array_shift($_response_keys)); 647 | array_shift($_response_headers); 648 | 649 | foreach ($_response_headers as $name => $array) 650 | { 651 | foreach ($array as $value) 652 | { 653 | header($_response_keys[$name] . ': ' . $value, false); 654 | } 655 | } 656 | 657 | do 658 | { 659 | $data = fread($_socket, 8192); 660 | echo $data; 661 | } 662 | while (isset($data[0])); 663 | 664 | fclose($_socket); 665 | exit(0); 666 | } 667 | 668 | do 669 | { 670 | $data = @fread($_socket, 8192); // silenced to avoid the "normal" warning by a faulty SSL connection 671 | $_response_body .= $data; 672 | } 673 | while (isset($data[0])); 674 | 675 | unset($data); 676 | fclose($_socket); 677 | 678 | // 679 | // MODIFY AND DUMP RESOURCE 680 | // 681 | 682 | if ($_content_type == 'text/css') 683 | { 684 | $_response_body = proxify_css($_response_body); 685 | } 686 | else 687 | { 688 | if ($_flags['strip_title']) 689 | { 690 | $_response_body = preg_replace('#(<\s*title[^>]*>)(.*?)(<\s*/title[^>]*>)#is', '$1$3', $_response_body); 691 | } 692 | if ($_flags['remove_scripts']) 693 | { 694 | $_response_body = preg_replace('#<\s*script[^>]*?><\s*\/\s*script\s*>#si', '', $_response_body); 695 | $_response_body = preg_replace('#<\s*script[^>]*?>(.+?(?=<\/script>))?<\s*\/\s*script\s*>#si', '', $_response_body); 696 | $_response_body = preg_replace("#([\s])?(onload|onsubmit|onclick|onmouseover|onmouseout|onkeydown|onload)=\"([^\"]*)\"([\s])?#i", ' ', $_response_body); 697 | $_response_body = preg_replace("/([\s])?href=\"javascript:.+?(?=\")\"([\s])?/", ' ', $_response_body); 698 | $_response_body = preg_replace('##si', "$1", $_response_body); 699 | } 700 | if (!$_flags['show_images']) 701 | { 702 | $_response_body = preg_replace('#<(img|image)[^>]*?>#si', '', $_response_body); 703 | } 704 | 705 | // 706 | // PROXIFY HTML RESOURCE 707 | // 708 | 709 | $tags = array 710 | ( 711 | 'a' => array('href', 'data-inbound-url', 'data-href-url'), 712 | 'img' => array('src', 'longdesc', 'srcset', 'data-src'), 713 | 'image' => array('src', 'longdesc'), 714 | 'body' => array('background'), 715 | 'base' => array('href'), 716 | 'frame' => array('src', 'longdesc'), 717 | 'iframe' => array('src', 'longdesc'), 718 | 'head' => array('profile'), 719 | 'layer' => array('src'), 720 | 'input' => array('src', 'usemap'), 721 | 'form' => array('action'), 722 | 'area' => array('href'), 723 | 'link' => array('href', 'src', 'urn', 'integrity'), 724 | 'meta' => array('content'), 725 | 'param' => array('value'), 726 | 'applet' => array('codebase', 'code', 'object', 'archive'), 727 | 'object' => array('usermap', 'codebase', 'classid', 'archive', 'data'), 728 | 'script' => array('src'), 729 | 'select' => array('src'), 730 | 'hr' => array('src'), 731 | 'table' => array('background'), 732 | 'tr' => array('background'), 733 | 'th' => array('background'), 734 | 'td' => array('background'), 735 | 'bgsound' => array('src'), 736 | 'blockquote' => array('cite'), 737 | 'del' => array('cite'), 738 | 'embed' => array('src'), 739 | 'fig' => array('src', 'imagemap'), 740 | 'ilayer' => array('src'), 741 | 'ins' => array('cite'), 742 | 'note' => array('src'), 743 | 'overlay' => array('src', 'imagemap'), 744 | 'q' => array('cite'), 745 | 'ul' => array('src'), 746 | 'use' => array('xlink:href'), 747 | 'source' => array('srcset') 748 | ); 749 | 750 | preg_match_all('#(<\s*style[^>]*>)(.*?)(<\s*/\s*style[^>]*>)#is', $_response_body, $matches, PREG_SET_ORDER); 751 | 752 | for ($i = 0, $count_i = count($matches); $i < $count_i; ++$i) 753 | { 754 | $_response_body = str_replace($matches[$i][0], $matches[$i][1]. proxify_css($matches[$i][2]) .$matches[$i][3], $_response_body); 755 | } 756 | 757 | preg_match_all("#<\s*([a-zA-Z0-9\?-]+)(((?:\s+[a-zA-Z0-9:\-\/]+(?:\s*=\s*(?:(?:\"[^\"]*\")|(?:'[^']*')|[^>\s]+))?)*)\s*(>|\/>))#s", $_response_body, $matches); 758 | 759 | for ($i = 0, $count_i = count($matches[0]); $i < $count_i; ++$i) 760 | { 761 | if (!preg_match_all("#([a-zA-Z0-9:\-\/]+)\s*(?:=\s*(?:\"([^\"]*)\"?|'([^']*)'?|([^'\"\s>]*)))?#s", $matches[2][$i], $m, PREG_SET_ORDER)) 762 | { 763 | continue; 764 | } 765 | 766 | $rebuild = false; 767 | $extra_html = $temp = ''; 768 | $attrs = array(); 769 | 770 | for ($j = 0, $count_j = count($m); $j < $count_j; $attrs[strtolower($m[$j][1])] = (isset($m[$j][4]) ? $m[$j][4] : (isset($m[$j][3]) ? $m[$j][3] : (isset($m[$j][2]) ? $m[$j][2] : false))), ++$j); 771 | 772 | if (isset($attrs['style'])) 773 | { 774 | $rebuild = true; 775 | $attrs['style'] = proxify_inline_css($attrs['style']); 776 | } 777 | 778 | $tag = strtolower($matches[1][$i]); 779 | 780 | if (isset($tags[$tag])) 781 | { 782 | switch ($tag) 783 | { 784 | case 'a': 785 | if (isset($attrs['href'])) 786 | { 787 | $rebuild = true; 788 | $attrs['href'] = complete_url($attrs['href']); 789 | } 790 | if (isset($attrs['data-inbound-url'])) 791 | { 792 | $rebuild = true; 793 | $attrs['data-inbound-url'] = complete_url($attrs['data-inbound-url']); 794 | } 795 | if (isset($attrs['data-href-url'])) 796 | { 797 | $rebuild = true; 798 | $attrs['data-href-url'] = complete_url($attrs['data-href-url']); 799 | } 800 | break; 801 | case 'link': 802 | if (isset($attrs['href'])) 803 | { 804 | $rebuild = true; 805 | $attrs['href'] = complete_url($attrs['href']); 806 | } 807 | if (isset($attrs['src'])) 808 | { 809 | $rebuild = true; 810 | $attrs['src'] = complete_url($attrs['src']); 811 | } 812 | if (isset($attrs['urn'])) 813 | { 814 | $rebuild = true; 815 | $attrs['urn'] = complete_url($attrs['urn']); 816 | } 817 | if (isset($attrs['integrity'])) 818 | { 819 | $rebuild = true; 820 | $attrs['integrity'] = ''; 821 | } 822 | break; 823 | case 'img': 824 | if (isset($attrs['src'])) 825 | { 826 | $rebuild = true; 827 | $attrs['src'] = complete_url($attrs['src']); 828 | } 829 | if (isset($attrs['longdesc'])) 830 | { 831 | $rebuild = true; 832 | $attrs['longdesc'] = complete_url($attrs['longdesc']); 833 | } 834 | if (isset($attrs['srcset'])) 835 | { 836 | $rebuild = true; 837 | $str = preg_replace('/\s+/', ' ', $attrs['srcset']); 838 | $src_set_data = explode(',', $attrs['srcset']); 839 | foreach($src_set_data as $item) { 840 | $item = trim($item); 841 | $_data_ = explode(' ', $item); 842 | $src_set_data_2[] = $_data_; 843 | } 844 | foreach($src_set_data_2 as $item) { 845 | foreach($item as $item_2) { 846 | if($item_2 == $item[0]) { 847 | $final .= complete_url($item_2); 848 | } else { 849 | $final .= ' '.$item_2; 850 | } 851 | } 852 | $final = trim($final).', '; 853 | } 854 | $attrs['srcset'] = trim(trim($final), ','); 855 | unset($final, $src_set_data_2); 856 | } 857 | if (isset($attrs['data-srcset'])) 858 | { 859 | $rebuild = true; 860 | $str = preg_replace('/\s+/', ' ', $attrs['data-srcset']); 861 | $src_set_data = explode(',', $attrs['data-srcset']); 862 | foreach($src_set_data as $item) { 863 | $item = trim($item); 864 | $_data_ = explode(' ', $item); 865 | $src_set_data_2[] = $_data_; 866 | } 867 | foreach($src_set_data_2 as $item) { 868 | foreach($item as $item_2) { 869 | if($item_2 == $item[0]) { 870 | $final .= complete_url($item_2); 871 | } else { 872 | $final .= ' '.$item_2; 873 | } 874 | } 875 | $final = trim($final).', '; 876 | } 877 | $attrs['data-srcset'] = trim(trim($final), ','); 878 | unset($final, $src_set_data_2); 879 | } 880 | if (isset($attrs['data-src'])) 881 | { 882 | $rebuild = true; 883 | $attrs['data-src'] = complete_url($attrs['data-src']); 884 | } 885 | if (isset($attrs['data-cfsrc'])) 886 | { 887 | $rebuild = true; 888 | $attrs['data-cfsrc'] = complete_url($attrs['data-cfsrc']); 889 | } 890 | if (!isset($attrs['src']) && isset($attrs['data-src'])) 891 | { 892 | $rebuild = true; 893 | $attrs['src'] = complete_url($attrs['data-src']); 894 | } 895 | break; 896 | case 'form': 897 | if (isset($attrs['action'])) 898 | { 899 | $rebuild = true; 900 | 901 | if (trim($attrs['action']) === '' || trim($attrs['action'])[0] === '#') 902 | { 903 | $attrs['action'] = $_url_parts['path']; 904 | } 905 | if (!isset($attrs['method']) || strtolower(trim($attrs['method'])) === 'get') 906 | { 907 | $extra_html = ''; 908 | $attrs['action'] = complete_url($_url); 909 | break; 910 | } 911 | 912 | $attrs['action'] = complete_url($attrs['action']); 913 | } else { 914 | $rebuild = true; 915 | if (!isset($attrs['method']) || strtolower(trim($attrs['method'])) === 'get') 916 | { 917 | $extra_html = ''; 918 | $attrs['action'] = complete_url($_url); 919 | break; 920 | } 921 | } 922 | break; 923 | case 'base': 924 | if (isset($attrs['href'])) 925 | { 926 | $rebuild = true; 927 | url_parse($attrs['href'], $_base); 928 | $attrs['href'] = complete_url($attrs['href']); 929 | } 930 | break; 931 | case 'meta': 932 | if ($_flags['strip_meta'] && isset($attrs['name'])) 933 | { 934 | $_response_body = str_replace($matches[0][$i], '', $_response_body); 935 | } 936 | if (isset($attrs['http-equiv'], $attrs['content']) && preg_match('#\s*refresh\s*#i', $attrs['http-equiv'])) 937 | { 938 | if (preg_match('#^(\s*[0-9]*\s*;\s*url=)(.*)#i', $attrs['content'], $content)) 939 | { 940 | $rebuild = true; 941 | $attrs['content'] = $content[1] . complete_url(trim($content[2], '"\'')); 942 | } 943 | } 944 | break; 945 | case 'head': 946 | if (isset($attrs['profile'])) 947 | { 948 | $rebuild = true; 949 | $attrs['profile'] = implode(' ', array_map('complete_url', explode(' ', $attrs['profile']))); 950 | } 951 | break; 952 | case 'applet': 953 | if (isset($attrs['codebase'])) 954 | { 955 | $rebuild = true; 956 | $temp = $_base; 957 | url_parse(complete_url(rtrim($attrs['codebase'], '/') . '/', false), $_base); 958 | unset($attrs['codebase']); 959 | } 960 | if (isset($attrs['code']) && strpos($attrs['code'], '/') !== false) 961 | { 962 | $rebuild = true; 963 | $attrs['code'] = complete_url($attrs['code']); 964 | } 965 | if (isset($attrs['object'])) 966 | { 967 | $rebuild = true; 968 | $attrs['object'] = complete_url($attrs['object']); 969 | } 970 | if (isset($attrs['archive'])) 971 | { 972 | $rebuild = true; 973 | $attrs['archive'] = implode(',', array_map('complete_url', preg_split('#\s*,\s*#', $attrs['archive']))); 974 | } 975 | if (!empty($temp)) 976 | { 977 | $_base = $temp; 978 | } 979 | break; 980 | case 'object': 981 | if (isset($attrs['usemap'])) 982 | { 983 | $rebuild = true; 984 | $attrs['usemap'] = complete_url($attrs['usemap']); 985 | } 986 | if (isset($attrs['codebase'])) 987 | { 988 | $rebuild = true; 989 | $temp = $_base; 990 | url_parse(complete_url(rtrim($attrs['codebase'], '/') . '/', false), $_base); 991 | unset($attrs['codebase']); 992 | } 993 | if (isset($attrs['data'])) 994 | { 995 | $rebuild = true; 996 | $attrs['data'] = complete_url($attrs['data']); 997 | } 998 | if (isset($attrs['classid']) && !preg_match('#^clsid:#i', $attrs['classid'])) 999 | { 1000 | $rebuild = true; 1001 | $attrs['classid'] = complete_url($attrs['classid']); 1002 | } 1003 | if (isset($attrs['archive'])) 1004 | { 1005 | $rebuild = true; 1006 | $attrs['archive'] = implode(' ', array_map('complete_url', explode(' ', $attrs['archive']))); 1007 | } 1008 | if (!empty($temp)) 1009 | { 1010 | $_base = $temp; 1011 | } 1012 | break; 1013 | case 'param': 1014 | if (isset($attrs['valuetype'], $attrs['value']) && strtolower($attrs['valuetype']) == 'ref' && preg_match('#^[\w.+-]+://#', $attrs['value'])) 1015 | { 1016 | $rebuild = true; 1017 | $attrs['value'] = complete_url($attrs['value']); 1018 | } 1019 | break; 1020 | case 'frame': 1021 | case 'iframe': 1022 | if (isset($attrs['src'])) 1023 | { 1024 | $rebuild = true; 1025 | $attrs['src'] = complete_url($attrs['src']) . '&nf=1'; 1026 | } 1027 | if (isset($attrs['longdesc'])) 1028 | { 1029 | $rebuild = true; 1030 | $attrs['longdesc'] = complete_url($attrs['longdesc']); 1031 | } 1032 | break; 1033 | case 'source': 1034 | if (isset($attrs['srcset'])) 1035 | { 1036 | $rebuild = true; 1037 | $str = preg_replace('/\s+/', ' ', $attrs['srcset']); 1038 | $src_set_data = explode(',', $attrs['srcset']); 1039 | foreach($src_set_data as $item) { 1040 | $item = trim($item); 1041 | $_data_ = explode(' ', $item); 1042 | $src_set_data_2[] = $_data_; 1043 | } 1044 | foreach($src_set_data_2 as $item) { 1045 | foreach($item as $item_2) { 1046 | if($item_2 == $item[0]) { 1047 | $final .= complete_url($item_2); 1048 | } else { 1049 | $final .= ' '.$item_2; 1050 | } 1051 | } 1052 | $final = trim($final).', '; 1053 | } 1054 | $attrs['srcset'] = trim(trim($final), ','); 1055 | unset($final, $src_set_data_2); 1056 | } 1057 | break; 1058 | default: 1059 | foreach ($tags[$tag] as $attr) 1060 | { 1061 | if (isset($attrs[$attr])) 1062 | { 1063 | $rebuild = true; 1064 | $attrs[$attr] = complete_url($attrs[$attr]); 1065 | } 1066 | } 1067 | break; 1068 | } 1069 | } 1070 | 1071 | if ($rebuild) 1072 | { 1073 | $new_tag = "<$tag"; 1074 | $unpaired_slash = array_key_exists('/', $attrs) ? true : false ; 1075 | foreach ($attrs as $name => $value) 1076 | { 1077 | if($name !== '/') { 1078 | $delim = strpos($value, '"') && !strpos($value, "'") ? "'" : '"'; 1079 | $new_tag .= ' ' . $name . ($value !== false ? '=' . $delim . $value . $delim : ''); 1080 | } 1081 | } 1082 | $_response_body = str_replace($matches[0][$i], $new_tag . ($unpaired_slash ? '/>' : '>') . $extra_html, $_response_body); 1083 | } 1084 | } 1085 | 1086 | include('./files/php/misc.php'); 1087 | require_once("./files/php/misc.override.php"); 1088 | if ($_flags['include_form'] && !isset($_GET['nf'])) 1089 | { 1090 | $_url_form = '
    ' 1091 | . '
    ' 1092 | . ' ' 1093 | . ' ' 1094 | . ' [go: up one dir, main page]' 1095 | . '

    '; 1096 | 1097 | foreach ($_flags as $flag_name => $flag_value) 1098 | { 1099 | if (!$_frozen_flags[$flag_name]) 1100 | { 1101 | $_url_form .= ' '; 1102 | } 1103 | } 1104 | 1105 | $_url_form .= '
    '; 1106 | $_response_body = preg_replace('#\<\s*body(.*?)\>#si', "$0\n$_url_form" , $_response_body, 1); 1107 | } 1108 | } 1109 | $_response_keys['content-disposition'] = 'Content-Disposition'; 1110 | $_response_headers['content-disposition'][0] = empty($_content_disp) ? ($_content_type == 'application/octet_stream' ? 'attachment' : 'inline') . '; filename="' . $_url_parts['file'] . '"' : $_content_disp; 1111 | $_response_keys['content-length'] = 'Content-Length'; 1112 | $_response_headers['content-length'][0] = strlen($_response_body); 1113 | $_response_keys['proxx-orig-url'] = 'Proxx-Orig-URL'; 1114 | $_response_headers['proxx-orig-url'][0] = $_url; 1115 | $_response_headers = array_filter($_response_headers); 1116 | $_response_keys = array_filter($_response_keys); 1117 | 1118 | header(array_shift($_response_keys)); 1119 | array_shift($_response_headers); 1120 | 1121 | foreach ($_response_headers as $name => $array) 1122 | { 1123 | foreach ($array as $value) 1124 | { 1125 | $h_name = $_response_keys[$name]; 1126 | if(strtolower($h_name) != 'content-security-policy' && 1127 | strtolower($h_name) != 'content-security-policy-report-only' && 1128 | strtolower($h_name) != 'x-xss-protection') { 1129 | header($h_name . ': ' . $value, false); 1130 | } 1131 | } 1132 | } 1133 | 1134 | echo $_response_body; 1135 | --------------------------------------------------------------------------------