* @package Surrogator
* @author Christian Weiske <cweiske@cweiske.de>
* @license http://www.gnu.org/licenses/agpl.html AGPLv3 or later
- * @link http://git.cweiske.de/?p=surrogator.git
+ * @link https://sourceforge.net/p/surrogator/
*/
namespace surrogator;
$cfgFile = __DIR__ . '/../data/surrogator.config.php';
if (!file_exists($cfgFile)) {
err(
500,
- "Configuration file does not exist.\n"
- . "Copy data/surrogator.config.php.dist to data/surrogator.config.php"
+ "Configuration file does not exist.",
+ "Copy data/surrogator.config.php.dist to data/surrogator.config.php"
);
exit(2);
}
*
* @return void
*/
-function err($statusCode, $msg)
+function err($statusCode, $msg, $more = '')
{
header('HTTP/1.0 ' . $statusCode . ' ' . $msg);
header('Content-Type: text/plain');
- echo $msg . "\n";
+ echo $msg . "\n" . $more;
exit(1);
}
if ($_GET['default'] == '404') {
$defaultMode = '404';
$default = '404';
+ } else if ($_GET['default'] == 'mm') {
+ //mystery man fallback image
+ $defaultMode = 'local';
+ $default = 'mm.png';
} else {
- //FIXME: support mm
//local default image
$defaultMode = 'local';
$default = 'default.png';
//url
$defaultMode = 'redirect';
$default = $_GET['default'];
- //FIXME: validate?
+
+ $allowed = false;
+ foreach ($trustedDefaultUrls ?? [] as $urlPrefix) {
+ if (substr($default, 0, strlen($urlPrefix)) == $urlPrefix) {
+ $allowed = true;
+ break;
+ }
+ }
+ if (!$allowed) {
+ header('X-Info: default parameter URL not allowed');
+ $defaultMode = 'local';
+ $default = 'default.png';
+ }
}
}
header('Content-Length:' . $stat['size']);
readfile($imgFile);
-?>
\ No newline at end of file
+?>