boringrgb · October 6, 2025 07:24 · Jan 5, 2017 · Jan 5, 2017 · Jan 5, 2017 · Jan 5, 2017
diff --git a/corsproxy.php b/corsproxy.php
@@ -2,7 +2,7 @@
 
 error_reporting( error_reporting() & ~E_NOTICE ); // evil
 
-// internal config, huh mysterious
+// config
 $enable_jsonp    = false;
 $enable_native   = false;
 $valid_url_regex = '/.*/';

diff --git a/corsproxy.php b/corsproxy.php
@@ -52,7 +52,7 @@
   curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
   curl_setopt( $ch, CURLOPT_HEADER, true );
   curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
-  curl_setopt( $ch, CURLOPT_ENCODING ,"");
+  curl_setopt( $ch, CURLOPT_ENCODING ,""); // @lf guess encoding automagically
 
   curl_setopt( $ch, CURLOPT_USERAGENT, $_GET['user_agent'] ? $_GET['user_agent'] : $_SERVER['HTTP_USER_AGENT'] );
 

diff --git a/corsproxy.php b/corsproxy.php
@@ -1,6 +1,6 @@
 <?php
 
-error_reporting( error_reporting() & ~E_NOTICE ); // i know that this is evil
+error_reporting( error_reporting() & ~E_NOTICE ); // evil
 
 // internal config, huh mysterious
 $enable_jsonp    = false;

diff --git a/corsproxy.php b/corsproxy.php
@@ -0,0 +1,137 @@
+<?php
+
+error_reporting( error_reporting() & ~E_NOTICE ); // i know that this is evil
+
+// internal config, huh mysterious
+$enable_jsonp    = false;
+$enable_native   = false;
+$valid_url_regex = '/.*/';
+
+// ############################################################################
+
+$url = $_GET['url'];
+
+if ( !$url ) {
+
+  // Passed url not specified.
+  $contents = 'ERROR: url not specified';
+  $status = array( 'http_code' => 'ERROR' );
+
+} else if ( !preg_match( $valid_url_regex, $url ) ) {
+
+  // Passed url doesn't match $valid_url_regex.
+  $contents = 'ERROR: invalid url';
+  $status = array( 'http_code' => 'ERROR' );
+
+} else {
+
+  $ch = curl_init( $url );
+
+  // @lf get domain from url and keep it around
+  $parts = parse_url( $url );
+  $domain = $parts['scheme']."://".$parts['host'];
+
+  if ( strtolower($_SERVER['REQUEST_METHOD']) == 'post' ) {
+    curl_setopt( $ch, CURLOPT_POST, true );
+    curl_setopt( $ch, CURLOPT_POSTFIELDS, $_POST );
+  }
+
+  if ( $_GET['send_cookies'] ) {
+    $cookie = array();
+    foreach ( $_COOKIE as $key => $value ) {
+      $cookie[] = $key . '=' . $value;
+    }
+    if ( $_GET['send_session'] ) {
+      $cookie[] = SID;
+    }
+    $cookie = implode( '; ', $cookie );
+
+    curl_setopt( $ch, CURLOPT_COOKIE, $cookie );
+  }
+
+  curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
+  curl_setopt( $ch, CURLOPT_HEADER, true );
+  curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
+  curl_setopt( $ch, CURLOPT_ENCODING ,"");
+
+  curl_setopt( $ch, CURLOPT_USERAGENT, $_GET['user_agent'] ? $_GET['user_agent'] : $_SERVER['HTTP_USER_AGENT'] );
+
+  list( $header, $contents ) = preg_split( '/([\r\n][\r\n])\\1/', curl_exec( $ch ), 2 );
+
+  // @lf filter any relative urls and replace them with absolute urls
+  $rep['/href="(?!https?:\/\/)(?!data:)(?!#)/'] = 'href="'.$domain;
+  $rep['/src="(?!https?:\/\/)(?!data:)(?!#)/'] = 'src="'.$domain;
+  $rep['/href=\'(?!https?:\/\/)(?!data:)(?!#)/'] = 'href="'.$domain;
+  $rep['/src=\'(?!https?:\/\/)(?!data:)(?!#)/'] = 'src="'.$domain;
+  $rep['/@import[\n+\s+]"\//'] = '@import "'.$domain;
+  $rep['/@import[\n+\s+]"\./'] = '@import "'.$domain;
+  // @lf warning: clears previous contents
+  $contents = preg_replace(array_keys($rep), array_values($rep), $contents);
+
+  $status = curl_getinfo( $ch );
+
+  curl_close( $ch );
+}
+
+// Split header text into an array.
+$header_text = preg_split( '/[\r\n]+/', $header );
+
+if ( $_GET['mode'] == 'native' ) {
+  if ( !$enable_native ) {
+    $contents = 'ERROR: invalid mode';
+    $status = array( 'http_code' => 'ERROR' );
+  }
+
+  // Propagate headers to response.
+  foreach ( $header_text as $header ) {
+    if ( preg_match( '/^(?:Content-Type|Content-Language|Set-Cookie):/i', $header ) ) {
+      header( $header );
+    }
+  }
+
+  print $contents;
+
+} else {
+
+  // $data will be serialized into JSON data.
+  $data = array();
+
+  // Propagate all HTTP headers into the JSON data object.
+  if ( $_GET['full_headers'] ) {
+    $data['headers'] = array();
+
+    foreach ( $header_text as $header ) {
+      preg_match( '/^(.+?):\s+(.*)$/', $header, $matches );
+      if ( $matches ) {
+        $data['headers'][ $matches[1] ] = $matches[2];
+      }
+    }
+  }
+
+  // Propagate all cURL request / response info to the JSON data object.
+  if ( $_GET['full_status'] ) {
+    $data['status'] = $status;
+  } else {
+    $data['status'] = array();
+    $data['status']['http_code'] = $status['http_code'];
+  }
+
+  // Set the JSON data object contents, decoding it from JSON if possible.
+  $decoded_json = json_decode( $contents );
+  $data['contents'] = $decoded_json ? $decoded_json : $contents;
+
+  // Generate appropriate content-type header.
+  $is_xhr = strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest';
+  header( 'Content-type: application/' . ( $is_xhr ? 'json' : 'x-javascript' ) );
+
+  // Get JSONP callback.
+  $jsonp_callback = $enable_jsonp && isset($_GET['callback']) ? $_GET['callback'] : null;
+
+  // Generate JSON/JSONP string
+  $json = json_encode( $data );
+
+  print $jsonp_callback ? "$jsonp_callback($json)" : $json;
+
+}
+
+?>
No results found