From bdfc04b1d62c93db5cb68518a831f16c87764d4e Mon Sep 17 00:00:00 2001 From: hnhx Date: Sun, 28 Aug 2022 20:41:33 +0200 Subject: [PATCH] fixed an ssrf that was caused by the image proxy --- config.php | 53 +++++++++++++++++++++++++++++++++++++++++++++++++ image_proxy.php | 18 +++++++++++++---- search.php | 16 +++++++-------- 3 files changed, 75 insertions(+), 12 deletions(-) create mode 100644 config.php diff --git a/config.php b/config.php new file mode 100644 index 0000000..6c42f62 --- /dev/null +++ b/config.php @@ -0,0 +1,53 @@ + https://google.fr/ + "google_domain" => "com", + + // Google results will be in this language + "google_language" => "en", + + "disable_bittorent_search" => false, + "bittorent_trackers" => "&tr=http%3A%2F%2Fnyaa.tracker.wf%3A7777%2Fannounce&tr=udp%3A%2F%2Fopen.stealth.si%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337%2Fannounce&tr=udp%3A%2F%2Fexodus.desync.com%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.torrent.eu.org%3A451%2Fannounce", + + /* + Preset privacy friendly frontends for users, these can be overwritten by users in settings + e.g.: "invidious" => "https://yewtu.be", + */ + "invidious" => "", + "bibliogram" => "", + "nitter" => "", + "libreddit" => "", + "proxitok" => "", + "wikiless" => "", + + /* + To send requests trough a proxy uncomment CURLOPT_PROXY and CURLOPT_PROXYTYPE: + + CURLOPT_PROXYTYPE options: + + CURLPROXY_HTTP + CURLPROXY_SOCKS4 + CURLPROXY_SOCKS4A + CURLPROXY_SOCKS5 + CURLPROXY_SOCKS5_HOSTNAME + + !!! ONLY CHANGE THE OTHER OPTIONS IF YOU KNOW WHAT YOU ARE DOING !!! + */ + "curl_settings" => array( + // CURLOPT_PROXY => "ip:port", + // CURLOPT_PROXYTYPE => CURLPROXY_HTTP, + CURLOPT_RETURNTRANSFER => true, + CURLOPT_ENCODING => "", + CURLOPT_USERAGENT => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36", + CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4, + CURLOPT_CUSTOMREQUEST => "GET", + CURLOPT_PROTOCOLS => CURLPROTO_HTTPS | CURLPROTO_HTTP, + CURLOPT_REDIR_PROTOCOLS => CURLPROTO_HTTPS | CURLPROTO_HTTP, + CURLOPT_MAXREDIRS => 5, + CURLOPT_TIMEOUT => 8, + CURLOPT_VERBOSE => false + ) + + ); +?> diff --git a/image_proxy.php b/image_proxy.php index c5d65c5..c0d536f 100644 --- a/image_proxy.php +++ b/image_proxy.php @@ -3,10 +3,20 @@ $config = require "config.php"; require "misc/tools.php"; - $image = $_REQUEST["url"]; + $url = $_REQUEST["url"]; - $image_src = request($image); + $split_url = explode("/", $url); + $base_url = $split_url[2]; + + $base_url_main_split = explode(".", strrev($base_url)); + $base_url_main = strrev($base_url_main_split[1]) . "." . strrev($base_url_main_split[0]); - header("Content-Type: image/jpeg"); - echo $image_src; + if ($base_url_main == "qwant.com" || $base_url_main == "wikimedia.org") + { + $image = $url; + $image_src = request($image); + + header("Content-Type: image/jpeg"); + echo $image_src; + } ?> diff --git a/search.php b/search.php index 80cc9c1..4d1fb1d 100644 --- a/search.php +++ b/search.php @@ -6,7 +6,7 @@

LibreX

- > @@ -41,7 +41,7 @@ require "misc/tools.php"; $page = isset($_REQUEST["p"]) ? (int) $_REQUEST["p"] : 0; - + $start_time = microtime(true); switch ($type) { @@ -79,7 +79,7 @@ print_merged_torrent_results($results); break; } - + break; default: @@ -95,12 +95,12 @@ { echo "
"; - if ($page != 0) + if ($page != 0) { - print_next_page_button("<<", 0, $query, $type); + print_next_page_button("<<", 0, $query, $type); print_next_page_button("<", $page - 10, $query, $type); } - + for ($i=$page / 10; $page / 10 + 10 > $i; $i++) print_next_page_button($i + 1, $i * 10, $query, $type);