- Compare end of domains when checking known SSL whitelist.
- Respect ‘proxy_all’ during optional SSL whitelist rewrite
My GitLab username is wn_ if this looks okay and you’d like a pull request. I do see “Request Access” as mentioned in CONTRIBUTING.md.
[code]From 787cc2e6fc44ee79f99acdce125f828f20628401 Mon Sep 17 00:00:00 2001
From: wn_ [email protected]
Date: Sun, 23 Apr 2017 13:55:14 -0500
Subject: [PATCH 1/2] Compare end of domains when checking known SSL whitelist.
For example: “imgur.com.mysite.com” should not match the “imgur.com” whitelist entry.
plugins/af_zz_imgproxy/init.php | 2 ±
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plugins/af_zz_imgproxy/init.php b/plugins/af_zz_imgproxy/init.php
index 5fab3b7…8419b8a 100644
— a/plugins/af_zz_imgproxy/init.php
+++ b/plugins/af_zz_imgproxy/init.php
@@ -124,7 +124,7 @@ class Af_Zz_ImgProxy extends Plugin {
$parts = parse_url($url);
foreach (explode(" " , $this->ssl_known_whitelist) as $host) {
-
if (strpos($parts['host'], $host) !== FALSE) {
-
if (substr(strtolower($parts['host']), -strlen($host)) === strtolower($host)) { $parts['scheme'] = 'https'; return build_url($parts);
–
2.7.4
From aa2d529a06fcb2efd10e258a08b3a242ff2c5b29 Mon Sep 17 00:00:00 2001
From: wn_ [email protected]
Date: Sun, 23 Apr 2017 14:17:24 -0500
Subject: [PATCH 2/2] Respect ‘proxy_all’ during optional SSL whitelist rewrite
plugins/af_zz_imgproxy/init.php | 8 +++++±-
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/plugins/af_zz_imgproxy/init.php b/plugins/af_zz_imgproxy/init.php
index 8419b8a…86f79c6 100644
— a/plugins/af_zz_imgproxy/init.php
+++ b/plugins/af_zz_imgproxy/init.php
@@ -126,8 +126,12 @@ class Af_Zz_ImgProxy extends Plugin {
foreach (explode(" " , $this->ssl_known_whitelist) as $host) {
if (substr(strtolower($parts[‘host’]), -strlen($host)) === strtolower($host)) {
$parts[‘scheme’] = ‘https’;
-
return build_url($parts);
-
$url = build_url($parts);
-
if ($all_remote && $is_remote) {
-
break;
-
} else {
-
return $url;
-
} } }
–
2.7.4
[/code]