Home Explore Help
Sign In
poesty
/
librex-extra
forked from mirrors/librex
1
0
Fork 0
Files Pull Requests 0
Browse Source

fixed an ssrf that was caused by the image proxy

hnhx 2 years ago
parent
8879cb1144
commit
bdfc04b1d6
3 changed files with 75 additions and 12 deletions
Split View Show Diff Stats
  1. 53 0
      config.php
  2. 14 4
      image_proxy.php
  3. 8 8
      search.php

+ 53 - 0
config.php
View File 

@@ -0,0 +1,53 @@
 
+<?php
 
+    return (object) array(
 
+
 
+        // e.g.: fr -> https://google.fr/
 
+        "google_domain" => "com",
 
+
 
+        // Google results will be in this language
 
+        "google_language" => "en",
 
+
 
+        "disable_bittorent_search" => false,
 
+        "bittorent_trackers" => "&tr=http%3A%2F%2Fnyaa.tracker.wf%3A7777%2Fannounce&tr=udp%3A%2F%2Fopen.stealth.si%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337%2Fannounce&tr=udp%3A%2F%2Fexodus.desync.com%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.torrent.eu.org%3A451%2Fannounce",
 
+
 
+        /* 
+            Preset privacy friendly frontends for users, these can be overwritten by users in settings
 
+            e.g.: "invidious" => "https://yewtu.be",
 
+        */
 
+        "invidious" => "",
 
+        "bibliogram" => "",
 
+        "nitter" => "",
 
+        "libreddit" => "",
 
+        "proxitok" => "",
 
+        "wikiless" => "",
 
+
 
+        /*
 
+            To send requests trough a proxy uncomment CURLOPT_PROXY and CURLOPT_PROXYTYPE:
 
+
 
+            CURLOPT_PROXYTYPE options:
 
+
 
+                CURLPROXY_HTTP
 
+                CURLPROXY_SOCKS4
 
+                CURLPROXY_SOCKS4A
 
+                CURLPROXY_SOCKS5
 
+                CURLPROXY_SOCKS5_HOSTNAME
 
+
 
+            !!! ONLY CHANGE THE OTHER OPTIONS IF YOU KNOW WHAT YOU ARE DOING !!!
 
+        */
 
+        "curl_settings" => array(
 
+            // CURLOPT_PROXY => "ip:port",
 
+            // CURLOPT_PROXYTYPE => CURLPROXY_HTTP,
 
+            CURLOPT_RETURNTRANSFER => true,
 
+            CURLOPT_ENCODING => "",
 
+            CURLOPT_USERAGENT => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36",
 
+            CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4,
 
+            CURLOPT_CUSTOMREQUEST => "GET",
 
+            CURLOPT_PROTOCOLS => CURLPROTO_HTTPS | CURLPROTO_HTTP,
 
+            CURLOPT_REDIR_PROTOCOLS => CURLPROTO_HTTPS | CURLPROTO_HTTP,
 
+            CURLOPT_MAXREDIRS => 5,
 
+            CURLOPT_TIMEOUT => 8,
 
+            CURLOPT_VERBOSE => false
 
+        )
 
+
 
+    );
 
+?>

+ 14 - 4
image_proxy.php
View File 

@@ -3,10 +3,20 @@
 
     $config = require "config.php";
 
     require "misc/tools.php";
 
 
-    $image = $_REQUEST["url"];
 
+    $url = $_REQUEST["url"];
 
 
-    $image_src = request($image);
 
+    $split_url = explode("/", $url);
 
+    $base_url = $split_url[2];
 
+    
+    $base_url_main_split = explode(".", strrev($base_url));
 
+    $base_url_main = strrev($base_url_main_split[1]) . "." . strrev($base_url_main_split[0]);
 
 
-    header("Content-Type: image/jpeg");
 
-    echo $image_src;
 
+    if ($base_url_main == "qwant.com" || $base_url_main == "wikimedia.org")
 
+    {
 
+      $image = $url;
 
+      $image_src = request($image);
 
+
 
+      header("Content-Type: image/jpeg");
 
+      echo $image_src;
 
+    }
 
 ?>

+ 8 - 8
search.php
View File 

@@ -6,7 +6,7 @@
 
         <form class="sub-search-container" method="get" autocomplete="off">
 
             <h1 class="logomobile"><a class="noDecoration" href="./">Libre<span class="X">X</span></a></h1>
 
             <a href="./"><img class="logo" src="static/images/librex.png" alt="librex logo"></a>
 
-            <input type="text" name="q" 
+            <input type="text" name="q"
 
                 <?php
 
                     $query = htmlspecialchars(trim($_REQUEST["q"]));
 
                     $query_encoded = urlencode($query);
 
@@ -15,8 +15,8 @@
 
                     {
 
                         header("Location: ./");
 
                         die();
 
-                    } 
- 
+                    }
 
+
 
                     echo "value=\"$query\"";
 
                 ?>
 
             >
 
@@ -41,7 +41,7 @@
 
             require "misc/tools.php";
 
 
             $page = isset($_REQUEST["p"]) ? (int) $_REQUEST["p"] : 0;
 
-        
+
 
             $start_time = microtime(true);
 
             switch ($type)
 
             {
 
@@ -79,7 +79,7 @@
 
                         print_merged_torrent_results($results);
 
                         break;
 
                     }
 
-                    
+
 
                     break;
 
 
                 default:
 
@@ -95,12 +95,12 @@
 
             {
 
                 echo "<div class=\"next-page-button-wrapper\">";
 
 
-                    if ($page != 0) 
+                    if ($page != 0)
 
                     {
 
-                        print_next_page_button("&lt;&lt;", 0, $query, $type); 
+                        print_next_page_button("&lt;&lt;", 0, $query, $type);
 
                         print_next_page_button("&lt;", $page - 10, $query, $type);
 
                     }
 
-                    
+
 
                     for ($i=$page / 10; $page / 10 + 10 > $i; $i++)
 
                         print_next_page_button($i + 1, $i * 10, $query, $type);