[Patch] af_zz_imgproxy optional SSL whitelist tweaks

  • Compare end of domains when checking known SSL whitelist.
  • Respect ‘proxy_all’ during optional SSL whitelist rewrite

My GitLab username is wn_ if this looks okay and you’d like a pull request. I do see “Request Access” as mentioned in CONTRIBUTING.md.

[code]From 787cc2e6fc44ee79f99acdce125f828f20628401 Mon Sep 17 00:00:00 2001
From: wn_ [email protected]
Date: Sun, 23 Apr 2017 13:55:14 -0500
Subject: [PATCH 1/2] Compare end of domains when checking known SSL whitelist.

For example: “imgur.com.mysite.com” should not match the “imgur.com” whitelist entry.

plugins/af_zz_imgproxy/init.php | 2 ±
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/af_zz_imgproxy/init.php b/plugins/af_zz_imgproxy/init.php
index 5fab3b7…8419b8a 100644
— a/plugins/af_zz_imgproxy/init.php
+++ b/plugins/af_zz_imgproxy/init.php
@@ -124,7 +124,7 @@ class Af_Zz_ImgProxy extends Plugin {
$parts = parse_url($url);

    foreach (explode(" " , $this->ssl_known_whitelist) as $host) {
  •     if (strpos($parts['host'], $host) !== FALSE) {
    
  •     if (substr(strtolower($parts['host']), -strlen($host)) === strtolower($host)) {
          $parts['scheme'] = 'https';
    
          return build_url($parts);
    


2.7.4

From aa2d529a06fcb2efd10e258a08b3a242ff2c5b29 Mon Sep 17 00:00:00 2001
From: wn_ [email protected]
Date: Sun, 23 Apr 2017 14:17:24 -0500
Subject: [PATCH 2/2] Respect ‘proxy_all’ during optional SSL whitelist rewrite


plugins/af_zz_imgproxy/init.php | 8 +++++±-
1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/plugins/af_zz_imgproxy/init.php b/plugins/af_zz_imgproxy/init.php
index 8419b8a…86f79c6 100644
— a/plugins/af_zz_imgproxy/init.php
+++ b/plugins/af_zz_imgproxy/init.php
@@ -126,8 +126,12 @@ class Af_Zz_ImgProxy extends Plugin {
foreach (explode(" " , $this->ssl_known_whitelist) as $host) {
if (substr(strtolower($parts[‘host’]), -strlen($host)) === strtolower($host)) {
$parts[‘scheme’] = ‘https’;

  •       return build_url($parts);
    
  •       $url = build_url($parts);
    
  •       if ($all_remote && $is_remote) {
    
  •         break;
    
  •       } else {
    
  •         return $url;
    
  •       }
        }
      }
    


2.7.4

[/code]

since you’re here now can i use you as a guinea pig for a second? thanks.

instead of me adding you manually can you try requesting access to the project ? i’ve updated gitlab yesterday and i think that was one of the added features.

e: ok i can’t read, do request access, thanks

  1. Had to recreate my “wn_” account on GitLab
  2. Logged in and navigated to https://tt-rss.org/fox/tt-rss
  3. Clicked the “Request Access” button ( https://tt-rss.org/fox/tt-rss/project_members/request_access )
  4. The page reloaded and I saw the notification “Your request for access has been queued for review.”, with the “Request Access” button replaced with “Withdraw Access Request” ( https://tt-rss.org/fox/tt-rss/project_members/leave ).

cool, i’ve updated the contribution guide with this workflow in mind. makes it a bit easier for me. :slight_smile: