From 74519e25683f7a7b024995ad759911a7ea82b0ee Mon Sep 17 00:00:00 2001 From: Lucas <83518257+luqaska@users.noreply.github.com> Date: Fri, 4 Mar 2022 22:49:05 +0000 Subject: [PATCH] v1.2.0 more sec. updates lol --- index.php | 67 ++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 52 insertions(+), 15 deletions(-) diff --git a/index.php b/index.php index 390d841..880b204 100644 --- a/index.php +++ b/index.php @@ -6,18 +6,29 @@ if (isset($_GET["url"]) && ($_GET["url"] != "")) { if (!url_exists($_GET["url"])) { - die("404"); + die("404. Feed not found"); +} + +/* Check if URL contents a text */ +file_put_contents(".env", file_get_contents($_GET["url"])); +$mime = mime_content_type(".env"); +unlink(".env"); +if ($mime != "text/plain") { + die("Invalid document. It isn't a text".$mime); } // á[ ]á => á\[\s\]á +// Feed parser $feed = file_get_contents($_GET["url"]); $feed = explode("\n", $feed); $dates = []; $posts = []; -//$i = 0; foreach($feed as $line) { if (str_starts_with($line, "#")) { + // Link pattern + $link_pattern = "/(?i)\b((?:https?:\/\/|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'\".,<>?«»“”‘’]))/"; + //$line = preg_replace("/\s/", "", $line); $line = preg_replace("/\s+/", "á[ ]á", $line); $line = preg_replace("/\t+/", "á[ ]á", $line); @@ -34,8 +45,12 @@ if (isset($nick) && isset($url)) { $user = parse_url($url); + if (strtolower(parse_url($_GET["url"])["host"]) != strtolower($user["host"])) { + die("sus feed"); + } $user = "@" . $nick . "@" . $user["host"]; } + /* Avatar */ @@ -71,32 +86,54 @@ if (str_starts_with($line, "#á[ ]ádescriptioná[ ]á=")) { $description = preg_replace("/#á\[\s\]ádescriptioná\[\s\]á=/", "", $line); $description = preg_replace("/á\[\s\]á/", " ", $description); - $description = preg_replace("/(?i)\b((?:https?:\/\/|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'\".,<>?«»“”‘’]))/", "$1", $description); + $description = preg_replace("/\t/", " ", $description); $description = explode(" ", $description); - foreach($description as $num => $message) { - if ($message == "") { + foreach($description as $num => $section) { + if ($section == "") { unset($description[$num]); } - } + if (preg_match($link_pattern, $section)) { + $description[$num] = preg_replace($link_pattern, "$1", $section); + } else { + $description[$num] = htmlentities($section); + } + } $description = implode(" ", $description); - $description = preg_replace("/\t/", " ", $description); } } elseif($line == "") { } else { $entry = explode("\t", $line, 2); array_push($dates, $entry[0]); + $entry[1] = preg_replace("/\t/", " ", $entry[1]); $entry[1] = explode(" ", $entry[1]); - foreach($entry[1] as $num => $post) { - if ($post == "") { + foreach($entry[1] as $num => $section) { + if ($section == "") { unset($entry[1][$num]); } - } + if (preg_match($link_pattern, $section)) { + $entry[1][$num] = preg_replace($link_pattern, "$1", $section); + } else { + $entry[1][$num] = htmlentities($section); + } + } $entry[1] = implode(" ", $entry[1]); - $entry[1] = preg_replace("/\t/", " ", $entry[1]); array_push($posts, $entry[1]); //print_r($dates); } -} ?> +} + +if ($user == "") { + $user = $_GET["url"]; +} + +/* Checkmark +$check = explode("\n", file_get_contents("https://raw.githubusercontent.com/luqaska/twtxt-verified/main/list.txt")); +$checkmark = ""; +foreach($check as $u) { + if (($u == $user)) { + $checkmark = '☑️'; + } +} */ ?> <?= $user ?> | twtxtExplorer