<defaultvalue>0</defaultvalue>
<enableoptions><![CDATA[image_proxy_secret]]></enableoptions>
</option>
- <option name="image_proxy_secret">
- <categoryname>message.general.image</categoryname>
- <optiontype>text</optiontype>
- <allowemptyvalue>0</allowemptyvalue>
- </option>
<option name="image_proxy_expiration">
<categoryname>message.general.image</categoryname>
<optiontype>integer</optiontype>
$statement->execute(array($timezone, 'timezone'));
}
}
-
-// set image proxy secret
-$sql = "UPDATE wcf".WCF_N."_option
- SET optionValue = ?
- WHERE optionName = ?";
-$statement = WCF::getDB()->prepareStatement($sql);
-$statement->execute([
- StringUtil::getRandomID(),
- 'image_proxy_secret'
-]);
-
namespace wcf\action;
use wcf\system\exception\IllegalLinkException;
use wcf\system\exception\SystemException;
+use wcf\util\exception\CryptoException;
+use wcf\util\CryptoUtil;
use wcf\util\FileUtil;
use wcf\util\HTTPRequest;
-use wcf\util\PasswordUtil;
use wcf\util\StringUtil;
/**
*/
class ImageProxyAction extends AbstractAction {
/**
- * hashed image proxy secret and image url
+ * The image key created by CryptoUtil::createSignedString()
* @var string
*/
- public $hash = '';
-
- /**
- * image url
- * @var string
- */
- public $url = '';
+ public $key = '';
/**
* @see \wcf\action\IAction::readParameters()
public function readParameters() {
parent::readParameters();
- if (isset($_REQUEST['url'])) $this->url = rawurldecode(StringUtil::trim($_REQUEST['url']));
- if (isset($_REQUEST['hash'])) $this->hash = StringUtil::trim($_REQUEST['hash']);
+ if (isset($_REQUEST['key'])) $this->key = StringUtil::trim($_REQUEST['key']);
}
/**
public function execute() {
parent::execute();
- $hash = sha1(IMAGE_PROXY_SECRET.$this->url);
- if (!PasswordUtil::secureCompare($this->hash, $hash)) {
- throw new IllegalLinkException();
- }
-
try {
- $request = new HTTPRequest($this->url);
+ $url = CryptoUtil::getValueFromSignedString($this->key);
+ if ($url === null) throw new IllegalLinkException();
+
+ $fileName = sha1($this->key);
+
+ $request = new HTTPRequest($url);
$request->execute();
$image = $request->getReply()['body'];
}
// save image
- $fileExtension = pathinfo($this->url, PATHINFO_EXTENSION);
- $fileLocation = WCF_DIR.'images/proxy/'.substr($hash, 0, 2).'/'.$hash.($fileExtension ? '.'.$fileExtension : '');
+ $fileExtension = pathinfo($url, PATHINFO_EXTENSION);
+ $fileLocation = WCF_DIR.'images/proxy/'.substr($fileName, 0, 2).'/'.$fileName.($fileExtension ? '.'.$fileExtension : '');
$dir = dirname($fileLocation);
if (!@file_exists($dir)) {
FileUtil::makePath($dir, 0777);
catch (SystemException $e) {
throw new IllegalLinkException();
}
+ catch (CryptoException $e) {
+ throw new IllegalLinkException();
+ }
}
}
<?php
namespace wcf\system\bbcode;
+use wcf\util\exception\CryptoException;
+use wcf\util\CryptoUtil;
use wcf\util\StringUtil;
use wcf\system\WCF;
use wcf\system\request\LinkHandler;
* @return string
*/
protected function getProxyLink($link) {
- $hash = sha1(IMAGE_PROXY_SECRET.$link);
- $fileExtension = '';
- if (($position = mb_strrpos($link, '.')) !== false) {
- $fileExtension = mb_strtolower(mb_substr($link, $position + 1));
+ try {
+ $key = CryptoUtil::createSignedString($link);
+ // does not need to be secure, just sufficiently "random"
+ $fileName = sha1($key);
+
+ $fileExtension = pathinfo($this->url, PATHINFO_EXTENSION);
+
+ $path = 'images/proxy/'.substr($fileName, 0, 2).'/'.$fileName.($fileExtension ? '.'.$fileExtension : '');
+
+ $fileLocation = WCF_DIR.$path;
+ if (file_exists($fileLocation)) {
+ return WCF::getPath().$path;
+ }
+
+ return LinkHandler::getInstance()->getLink('ImageProxy', [
+ 'key' => $key
+ ]);
}
-
- $path = 'images/proxy/'.substr($hash, 0, 2).'/'.$hash.($fileExtension ? '.'.$fileExtension : '');
-
- $fileLocation = WCF_DIR.$path;
- if (file_exists($fileLocation)) {
- return WCF::getPath().$path;
+ catch (CryptoException $e) {
+ return $link;
}
-
- return LinkHandler::getInstance()->getLink('ImageProxy', [
- 'hash' => $hash,
- 'url' => rawurlencode($link)
- ]);
}
}
projects / GitHub / WoltLab / WCF.git / commitdiff