| | Author: Aleksander Machniak | +-----------------------------------------------------------------------+ */ $url = preg_replace('![^a-z0-9.-]!i', '', $_GET['_u']); if ($url === null || !($realurl = $_SESSION['modcssurls'][$url])) { header('HTTP/1.1 403 Forbidden'); exit("Unauthorized request"); } // don't allow any other connections than http(s) if (!preg_match('~^(https?)://~i', $realurl, $matches)) { header('HTTP/1.1 403 Forbidden'); exit("Invalid URL"); } if (!ini_get('allow_url_fopen')) { header('HTTP/1.1 403 Forbidden'); exit("HTTP connections disabled"); } $scheme = strtolower($matches[1]); $options = array( $scheme => array( 'method' => 'GET', 'timeout' => 15, ) ); $context = stream_context_create($options); $source = @file_get_contents($realurl, false, $context); // php.net/manual/en/reserved.variables.httpresponseheader.php $headers = implode("\n", (array)$http_response_header); $ctype = '~Content-Type:\s+text/(css|plain)~i'; if ($source !== false && preg_match($ctype, $headers)) { header('Content-Type: text/css'); echo rcmail_mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['_c'])); exit; } header('HTTP/1.0 404 Not Found'); exit("Invalid response returned by server");