Skip to content

Option for valid request matching via regular expressions #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Option for valid request matching via regular expressions #35

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 41 additions & 6 deletions proxy.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,13 @@
*/
define('CSAJAX_FILTER_DOMAIN', false);

/**
* If set to true, $valid_requests will be compared as regular expressions
* If set to false, $valid_requests will be compared as exact strings
* Recommended value: false (for security reasons, why use it if your don't need it)
*/
define('CSAJAX_FILTER_REGEXP', false);

/**
* Enables or disables Expect: 100-continue header. Some webservers don't
* handle this header correctly.
Expand Down Expand Up @@ -120,19 +127,33 @@
if (CSAJAX_FILTERS) {
$parsed = $p_request_url;
if (CSAJAX_FILTER_DOMAIN) {
if (!in_array($parsed['host'], $valid_requests)) {
csajax_debug_message('Invalid domain - ' . $parsed['host'] . ' does not included in valid requests');
exit;
if (CSAJAX_FILTER_REGEXP) {
if (1 !== csajax_preg_match_pattern_array($valid_requests, $parsed['host'])) {
csajax_debug_message('Invalid domain - ' . $parsed['host'] . ' is not matched by valid requests');
exit;
}
} else {
if (!in_array($parsed['host'], $valid_requests)) {
csajax_debug_message('Invalid domain - ' . $parsed['host'] . ' is not included in valid requests');
exit;
}
}
} else {
$check_url = isset($parsed['scheme']) ? $parsed['scheme'] . '://' : '';
$check_url .= isset($parsed['user']) ? $parsed['user'] . ($parsed['pass'] ? ':' . $parsed['pass'] : '') . '@' : '';
$check_url .= isset($parsed['host']) ? $parsed['host'] : '';
$check_url .= isset($parsed['port']) ? ':' . $parsed['port'] : '';
$check_url .= isset($parsed['path']) ? $parsed['path'] : '';
if (!in_array($check_url, $valid_requests)) {
csajax_debug_message('Invalid domain - ' . $request_url . ' does not included in valid requests');
exit;
if (CSAJAX_FILTER_REGEXP) {
if (1 !== csajax_preg_match_pattern_array($valid_requests, $check_url)) {
csajax_debug_message('Invalid domain - ' . $request_url . ' is not matched by valid requests');
exit;
}
} else {
if (!in_array($check_url, $valid_requests)) {
csajax_debug_message('Invalid domain - ' . $request_url . ' is not included in valid requests');
exit;
}
}
}
}
Expand Down Expand Up @@ -197,3 +218,17 @@ function csajax_debug_message($message)
print $message . PHP_EOL;
}
}

function csajax_preg_match_pattern_array($pattern_array, $subject)
{
foreach ($pattern_array as $pattern) {
$match_result = preg_match($pattern, $subject);
if (1 === $match_result) {
return 1;
} elseif (false === $match_result) {
csajax_debug_message('Invalid preg_match pattern - ' . $pattern);
return false;
}
}
return 0;
}