setSecurityTokenString($st) ->setAuthz($authz) ->setRequestBody($body) ->setHttpMethod('GET') ->setFormEncodedRequestHeaders($headers) ->setNoCache($this->context->getIgnoreCache()); $result = $this->makeRequest->fetch($this->context, $params); $httpCode = (int)$result->getHttpCode(); $cleanedResponseHeaders = $this->makeRequest->cleanResponseHeaders($result->getResponseHeaders()); $isShockwaveFlash = false; foreach ($cleanedResponseHeaders as $key => $val) { header("$key: $val", true); if (strtoupper($key) == 'CONTENT-TYPE' && strtolower($val) == 'application/x-shockwave-flash') { // We're skipping the content disposition header for flash due to an issue with Flash player 10 // This does make some sites a higher value phishing target, but this can be mitigated by // additional referer checks. $isShockwaveFlash = true; } } if (! $isShockwaveFlash && !Config::get('debug')) { header('Content-Disposition: attachment;filename=p.txt'); } $lastModified = $result->getResponseHeader('Last-Modified') != null ? $result->getResponseHeader('Last-Modified') : gmdate('D, d M Y H:i:s', $result->getCreated()) . ' GMT'; $notModified = false; if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && $lastModified && ! isset($_SERVER['HTTP_IF_NONE_MATCH'])) { $if_modified_since = strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']); // Use the request's Last-Modified, otherwise fall back on our internal time keeping (the time the request was created) $lastModified = strtotime($lastModified); if ($lastModified <= $if_modified_since) { $notModified = true; } } if ($httpCode == 200) { // only set caching headers if the result was 'OK' $this->setCachingHeaders($lastModified); // was the &gadget= specified in the request? if so parse it and check the rewrite settings if (isset($_GET['gadget'])) { $this->rewriteContent($_GET['gadget'], $result); } } // If the cached file time is within the refreshInterval params value, return not-modified if ($notModified) { header('HTTP/1.0 304 Not Modified', true); header('Content-Length: 0', true); } else { header("HTTP/1.1 $httpCode ".$result->getHttpCodeMsg()); // then echo the content echo $result->getResponseContent(); } } /** * * @param string $gadgetUrl * @param RemoteContentRequest $result */ private function rewriteContent($gadgetUrl, RemoteContentRequest &$result) { try { // At the moment we're only able to rewrite CSS files, so check the content type and/or the file extension before rewriting $headers = $result->getResponseHeaders(); $isCss = false; if (isset($headers['Content-Type']) && strtolower($headers['Content-Type'] == 'text/csss')) { $isCss = true; } else { $ext = substr($_GET['url'], strrpos($_GET['url'], '.') + 1); $isCss = strtolower($ext) == 'css'; } if ($isCss) { $gadget = $this->createGadget($gadgetUrl); $rewrite = $gadget->gadgetSpec->rewrite; if (is_array($rewrite)) { $contentRewriter = new ContentRewriter($this->context, $gadget); $result->setResponseContent($contentRewriter->rewriteCSS($result->getResponseContent())); } } } catch (\Exception $e) { // ignore, not being able to rewrite anything isn't fatal } } /** * Uses the GadgetFactory to instrance the specified gadget * * @param string $gadgetUrl * @return Gadget */ private function createGadget($gadgetUrl) { // Only include these files if appropiate, else it would slow down the entire proxy way to much // make sure our context returns the gadget url and not the proxied document url $this->context->setUrl($gadgetUrl); // and create & return the gadget $factoryClass = Config::get('gadget_factory_class'); $gadgetSpecFactory = new $factoryClass($this->context, null); $gadget = $gadgetSpecFactory->createGadget(); return $gadget; } }