fixed arbitrary file read and XSS vulnerabilities, fixed some issues with settings

config.php.example

@@ -39,9 +39,13 @@
             // CURLOPT_PROXYTYPE => CURLPROXY_HTTP,
             CURLOPT_RETURNTRANSFER => true,
             CURLOPT_ENCODING => "",
-            CURLOPT_USERAGENT => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36",
+            CURLOPT_USERAGENT => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36",
             CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4,
             CURLOPT_CUSTOMREQUEST => "GET",
+            CURLOPT_PROTOCOLS => CURLPROTO_HTTPS | CURLPROTO_HTTP,
+            CURLOPT_REDIR_PROTOCOLS => CURLPROTO_HTTPS | CURLPROTO_HTTP,
+            CURLOPT_MAXREDIRS => 5,
+            CURLOPT_TIMEOUT => 8,
             CURLOPT_VERBOSE => false
         )
 

engines/bittorrent/nyaa.php

@@ -20,11 +20,11 @@
 
             array_push($results, 
                 array (
-                    "name" => $name,
+                    "name" => htmlspecialchars($name),
                     "seeders" => (int) $seeders,
                     "leechers" => (int) $leechers,
-                    "magnet" => $magnet,
-                    "size" => $size,
+                    "magnet" => htmlspecialchars($magnet),
+                    "size" => htmlspecialchars($size),
                     "source" => "nyaa.si"
                 )
             );
@@ -32,4 +32,4 @@
 
         return $results;
     }
-?>
+?>

engines/bittorrent/rutor.php

@@ -21,11 +21,11 @@
 
             array_push($results, 
                 array (
-                    "name" => $name,
+                    "name" => htmlspecialchars($name),
                     "seeders" => (int) remove_special($seeders),
                     "leechers" => (int) remove_special($leechers),
-                    "magnet" => $magnet,
-                    "size" => $size,
+                    "magnet" => htmlspecialchars($magnet),
+                    "size" => htmlspecialchars($size),
                     "source" => "rutor.info"
                 )
             );
@@ -33,4 +33,4 @@
 
         return $results;
     }
-?>
+?>

engines/bittorrent/thepiratebay.php

@@ -24,11 +24,11 @@
 
             array_push($results, 
                 array (
-                    "size" => $size,
-                    "name" => $name,
-                    "seeders" => $seeders,
-                    "leechers" => $leechers,
-                    "magnet" => $magnet,
+                    "size" => htmlspecialchars($size),
+                    "name" => htmlspecialchars($name),
+                    "seeders" => htmlspecialchars($seeders),
+                    "leechers" => htmlspecialchars($leechers),
+                    "magnet" => htmlspecialchars($magnet),
                     "source" => "thepiratebay.org"
                 )
             );
@@ -37,4 +37,4 @@
         return $results;
        
     }
-?>
+?>

engines/bittorrent/torrentgalaxy.php

@@ -19,11 +19,11 @@
 
             array_push($results, 
                 array (
-                    "name" => $name,
+                    "name" => htmlspecialchars($name),
                     "seeders" => (int) $seeders,
                     "leechers" => (int) $leechers,
-                    "magnet" => $magnet,
-                    "size" => $size,
+                    "magnet" => htmlspecialchars($magnet),
+                    "size" => htmlspecialchars($size),
                     "source" => "torrentgalaxy.to"
                 )
             );

engines/bittorrent/yts.php

@@ -26,11 +26,11 @@
 
                         array_push($results, 
                         array (
-                            "size" => $size,
-                            "name" => $name,
-                            "seeders" => $seeders,
-                            "leechers" => $leechers,
-                            "magnet" => $magnet,
+                            "size" => htmlspecialchars($size),
+                            "name" => htmlspecialchars($name),
+                            "seeders" => htmlspecialchars($seeders),
+                            "leechers" => htmlspecialchars($leechers),
+                            "magnet" => htmlspecialchars($magnet),
                             "source" => "yts.mx"
                         )
                     );
@@ -42,4 +42,4 @@
         return $results;
        
     }
-?>
+?>

engines/google/image.php

@@ -61,4 +61,4 @@
 
         echo "</div>";
     }
-?>
+?>

engines/special/currency.php

@@ -22,10 +22,10 @@
             $source = "https://moneyconvert.net/";
             return array(
                 "special_response" => array(
-                    "response" => $formatted_response,
+                    "response" => htmlspecialchars($formatted_response),
                     "source" => $source
                 )
             );
         }                    
     }
-?>
+?>

engines/special/definition.php

@@ -14,11 +14,11 @@
                 $source = "https://dictionaryapi.dev";
                 return array(
                     "special_response" => array(
-                        "response" => $definition,
+                        "response" => htmlspecialchars($definition),
                         "source" => $source
                     )
                 );
             }
         
     }
-?>
+?>

engines/special/wikipedia.php

@@ -14,7 +14,7 @@
             $source = check_for_privacy_frontend("https://wikipedia.org/wiki/$query");
             $response = array(
                 "special_response" => array(
-                    "response" => $description,
+                    "response" => htmlspecialchars($description),
                     "source" => $source
                 )
             );
@@ -30,4 +30,4 @@
             return $response;
         }
     }
-?>
+?>

index.php

@@ -15,4 +15,4 @@
                 </div>
         </form>
 
-<?php require "misc/footer.php"; ?>
+<?php require "misc/footer.php"; ?>

misc/header.php

@@ -11,7 +11,7 @@
         <link rel="stylesheet" type="text/css" href="<?php
                 echo "static/css/";
                 if (isset($_COOKIE["theme"]) || isset($_REQUEST["theme"]))
-                    echo (isset($_COOKIE["theme"]) ? $_COOKIE["theme"] : $_REQUEST["theme"]) . ".css";
+                    echo htmlspecialchars((isset($_COOKIE["theme"]) ? $_COOKIE["theme"] : $_REQUEST["theme"]) . ".css");
                 else
                 echo "dark.css";
         ?>"/>

search.php

@@ -7,7 +7,7 @@
             <a href="./"><img class="logo" src="static/images/librex.png" alt="librex logo"></a>
             <input type="text" name="q" 
                 <?php
-                    $query = trim($_REQUEST["q"]);
+                    $query = htmlspecialchars(trim($_REQUEST["q"]));
                     $query_encoded = urlencode($query);
 
                     if (1 > strlen($query) || strlen($query) > 256)
@@ -107,4 +107,4 @@
             }
         ?>
 
-<?php require "misc/footer.php"; ?>
+<?php require "misc/footer.php"; ?>

settings.php

@@ -1,20 +1,36 @@
-
 <?php
-                require "misc/header.php";
                 $config = require "config.php";
-
+                
+                
+                if (isset($_REQUEST["save"]) || isset($_REQUEST["reset"]))
+                {
+                    if (isset($_SERVER["HTTP_COOKIE"])) 
+                    {
+                            $cookies = explode(";", $_SERVER["HTTP_COOKIE"]);
+                            foreach($cookies as $cookie) 
+                            {
+                                $parts = explode("=", $cookie);
+                                $name = trim($parts[0]);
+                                setcookie($name, "", time() - 1000);
+                            }
+                    }
+                    
+                } 
+                
                 function better_setcookie($name)
                 {
                     if (!empty($_REQUEST[$name]))
-                        setcookie($name, $_REQUEST[$name], time() + (86400 * 90));
-                    else if (isset($_COOKIE[$name]))
-                        setcookie($name, "", time() - 1000); 
+                    {
+                        setcookie($name, $_REQUEST[$name], time() + (86400 * 90), '/');
+                        $_COOKIE[$name] = $_REQUEST[$name];
+                    }
                 }
-
+                
                 if (isset($_REQUEST["save"]))
                 {
+                
                     better_setcookie("theme");
-
+                    
                     better_setcookie("disable_special");
 
                     better_setcookie("invidious");
@@ -23,25 +39,16 @@
                     better_setcookie("libreddit");
                     better_setcookie("proxitok");
                     better_setcookie("wikiless");
-                    
-                    header("Location: ./settings.php");
-                    die();
                 }
-                else if (isset($_REQUEST["reset"]))
+               
+                if (isset($_REQUEST["save"]) || isset($_REQUEST["reset"]))
                 {
-                    if (isset($_SERVER["HTTP_COOKIE"])) {
-                        $cookies = explode(";", $_SERVER["HTTP_COOKIE"]);
-                        foreach($cookies as $cookie) {
-                            $parts = explode("=", $cookie);
-                            $name = trim($parts[0]);
-                            setcookie($name, "", time() - 1000);
-                        }
-
-                        header("Location: ./settings.php");
-                        die();
-                    }
+                    header("Location: ./settings.php");
+                    die();
                 }
-            ?>
+                
+                require "misc/header.php";
+?>
 
     <title>LibreX - Settings</title>
     </head>