phorge-phorge/src/applications/files/controller/proxy/PhabricatorFileProxyController.php

<?php

/*
 * Copyright 2011 Facebook, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

class PhabricatorFileProxyController extends PhabricatorFileController {

  private $uri;

  public function processRequest() {

    if (!PhabricatorEnv::getEnvConfig('files.enable-proxy')) {
      return new Aphront400Response();
    }

    $request = $this->getRequest();
    $uri = $request->getStr('uri');

    $proxy = id(new PhabricatorFileProxyImage())->loadOneWhere(
      'uri = %s',
      $uri);

    if (!$proxy) {
      // This write is fine to skip CSRF checks for, we're just building a
      // cache of some remote image.
      $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();

      $file = PhabricatorFile::newFromFileDownload(
        $uri,
        nonempty(basename($uri), 'proxied-file'));
      if ($file) {
        $proxy = new PhabricatorFileProxyImage();
        $proxy->setURI($uri);
        $proxy->setFilePHID($file->getPHID());
        $proxy->save();
      }

      unset($unguarded);
    }

    if ($proxy) {
      $view_uri = PhabricatorFileURI::getViewURIForPHID($proxy->getFilePHID());
      return id(new AphrontRedirectResponse())->setURI($view_uri);
    }

    return new Aphront400Response();
  }
}
Restore image proxying to Remarkup Summary: Previously, Remarkup allowed you to paste in an image URI and get an inline image. However, it did this by hotlinking the image which isn't so hot in an open source product. Restore this feature, but use image proxying instead. The existing image macro code does most of the work. There is a mild security risk depending on the network setup so I've left this default-disabled and made a note about it. It should be safe to enable for Facebook. Test Plan: Pasted in image and non-image links, got reasonable behavior. Verified proxying appears to work. Verified that file:// shenanigans produce 400. Reviewed By: tuomaspelkonen Reviewers: aran, jungejason, tuomaspelkonen Commenters: cpiro CC: aran, cpiro, tuomaspelkonen Differential Revision: 214 2011-05-02 23:20:24 +02:00			`<?php`

			`/*`
			`* Copyright 2011 Facebook, Inc.`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

			`class PhabricatorFileProxyController extends PhabricatorFileController {`

			`private $uri;`

			`public function processRequest() {`

			`if (!PhabricatorEnv::getEnvConfig('files.enable-proxy')) {`
			`return new Aphront400Response();`
			`}`

			`$request = $this->getRequest();`
			`$uri = $request->getStr('uri');`

			`$proxy = id(new PhabricatorFileProxyImage())->loadOneWhere(`
			`'uri = %s',`
			`$uri);`

			`if (!$proxy) {`
Fix CSRF issue with image proxying Summary: This got caught in the CSRF filter but is a safe write. Test Plan: Pasted the URI for a picture of a goat into a diff, saw a goat. Reviewers: aran, jungejason Reviewed By: aran CC: aran Differential Revision: 910 2011-09-08 23:09:25 +02:00			`// This write is fine to skip CSRF checks for, we're just building a`
			`// cache of some remote image.`
			`$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();`

Restore image proxying to Remarkup Summary: Previously, Remarkup allowed you to paste in an image URI and get an inline image. However, it did this by hotlinking the image which isn't so hot in an open source product. Restore this feature, but use image proxying instead. The existing image macro code does most of the work. There is a mild security risk depending on the network setup so I've left this default-disabled and made a note about it. It should be safe to enable for Facebook. Test Plan: Pasted in image and non-image links, got reasonable behavior. Verified proxying appears to work. Verified that file:// shenanigans produce 400. Reviewed By: tuomaspelkonen Reviewers: aran, jungejason, tuomaspelkonen Commenters: cpiro CC: aran, cpiro, tuomaspelkonen Differential Revision: 214 2011-05-02 23:20:24 +02:00			`$file = PhabricatorFile::newFromFileDownload(`
			`$uri,`
			`nonempty(basename($uri), 'proxied-file'));`
			`if ($file) {`
			`$proxy = new PhabricatorFileProxyImage();`
			`$proxy->setURI($uri);`
			`$proxy->setFilePHID($file->getPHID());`
			`$proxy->save();`
			`}`
Fix CSRF issue with image proxying Summary: This got caught in the CSRF filter but is a safe write. Test Plan: Pasted the URI for a picture of a goat into a diff, saw a goat. Reviewers: aran, jungejason Reviewed By: aran CC: aran Differential Revision: 910 2011-09-08 23:09:25 +02:00
			`unset($unguarded);`
Restore image proxying to Remarkup Summary: Previously, Remarkup allowed you to paste in an image URI and get an inline image. However, it did this by hotlinking the image which isn't so hot in an open source product. Restore this feature, but use image proxying instead. The existing image macro code does most of the work. There is a mild security risk depending on the network setup so I've left this default-disabled and made a note about it. It should be safe to enable for Facebook. Test Plan: Pasted in image and non-image links, got reasonable behavior. Verified proxying appears to work. Verified that file:// shenanigans produce 400. Reviewed By: tuomaspelkonen Reviewers: aran, jungejason, tuomaspelkonen Commenters: cpiro CC: aran, cpiro, tuomaspelkonen Differential Revision: 214 2011-05-02 23:20:24 +02:00			`}`

			`if ($proxy) {`
			`$view_uri = PhabricatorFileURI::getViewURIForPHID($proxy->getFilePHID());`
			`return id(new AphrontRedirectResponse())->setURI($view_uri);`
			`}`

			`return new Aphront400Response();`
			`}`
			`}`