Talon/chat_grid
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden media proxy for older PHP and missing curl

Browse Source
This commit is contained in:
Jage9
2026-02-22 02:24:32 -05:00
parent 53b16dbf36
commit 4027567f13
1 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
deploy/php/media_proxy.php
View File

@@ -18,6 +18,24 @@ header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, HEAD, OPTIONS'); header('Access-Control-Allow-Methods: GET, HEAD, OPTIONS');
header('Access-Control-Allow-Headers: Range'); header('Access-Control-Allow-Headers: Range');
/**
* PHP-version-safe suffix check (avoid str_ends_with dependency).
*/
function host_matches_suffix(string $host, string $suffix): bool
{
if ($suffix === '') {
return false;
}
if ($host === $suffix) {
return true;
}
$needle = '.' . $suffix;
if (strlen($host) < strlen($needle)) {
return false;
}
return substr($host, -strlen($needle)) === $needle;
}
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(204); http_response_code(204);
exit; exit;
@@ -78,7 +96,7 @@ if ($allowlistEnv !== false && trim($allowlistEnv) !== '') {
if ($suffix === '') { if ($suffix === '') {
continue; continue;
} }
if ($host === $suffix || str_ends_with($host, '.' . $suffix)) { if (host_matches_suffix($host, $suffix)) {
$allowed = true; $allowed = true;
break; break;
} }
@@ -109,6 +127,13 @@ foreach ($resolved as $ip) {
} }
} }
if (!function_exists('curl_init')) {
http_response_code(500);
header('Content-Type: text/plain; charset=utf-8');
echo "curl extension is required\n";
exit;
}
$ch = curl_init($rawUrl); $ch = curl_init($rawUrl);
if ($ch === false) { if ($ch === false) {
http_response_code(500); http_response_code(500);