Hardened the PHP.
This commit is contained in:
110
index.php
110
index.php
@@ -1,33 +1,101 @@
|
||||
<?php
|
||||
|
||||
$sites = file("sites.txt", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
|
||||
declare(strict_types=1);
|
||||
|
||||
$current = $_GET['site'] ?? '';
|
||||
|
||||
if (!$current) {
|
||||
echo "No site specified.";
|
||||
exit;
|
||||
header("Content-Type: text/html; charset=UTF-8");
|
||||
header("X-Content-Type-Options: nosniff");
|
||||
header("Referrer-Policy: strict-origin-when-cross-origin");
|
||||
header("Permissions-Policy: geolocation=(), microphone=(), camera=()");
|
||||
header(
|
||||
"Content-Security-Policy: default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors *",
|
||||
);
|
||||
if (function_exists("header_remove")) {
|
||||
header_remove("X-Frame-Options");
|
||||
}
|
||||
|
||||
$index = array_search($current, $sites);
|
||||
function normalizeHost(string $value): ?string
|
||||
{
|
||||
$value = trim(strtolower($value));
|
||||
|
||||
if ($value === "") {
|
||||
return null;
|
||||
}
|
||||
|
||||
if (preg_match("#^https?://#", $value) === 1) {
|
||||
$parsedHost = parse_url($value, PHP_URL_HOST);
|
||||
if (!is_string($parsedHost) || $parsedHost === "") {
|
||||
return null;
|
||||
}
|
||||
$value = strtolower($parsedHost);
|
||||
}
|
||||
|
||||
$value = explode("/", $value, 2)[0];
|
||||
|
||||
if (
|
||||
preg_match(
|
||||
"/\A(?=.{1,253}\z)(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z]{2,63}\z/",
|
||||
$value,
|
||||
) !== 1
|
||||
) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
|
||||
$rawSites = file(
|
||||
__DIR__ . "/sites.txt",
|
||||
FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES,
|
||||
);
|
||||
if ($rawSites === false) {
|
||||
http_response_code(500);
|
||||
echo ";_;";
|
||||
exit();
|
||||
}
|
||||
|
||||
$sites = [];
|
||||
foreach ($rawSites as $rawSite) {
|
||||
$normalized = normalizeHost($rawSite);
|
||||
if ($normalized !== null) {
|
||||
$sites[] = $normalized;
|
||||
}
|
||||
}
|
||||
$sites = array_values(array_unique($sites));
|
||||
|
||||
if (count($sites) < 2) {
|
||||
http_response_code(500);
|
||||
echo "did't find at least two sites to ring among";
|
||||
exit();
|
||||
}
|
||||
|
||||
$current = normalizeHost((string) ($_GET["site"] ?? ""));
|
||||
if ($current === null) {
|
||||
http_response_code(400);
|
||||
echo "genuinely what are we doing here";
|
||||
exit();
|
||||
}
|
||||
|
||||
$index = array_search($current, $sites, true);
|
||||
if ($index === false) {
|
||||
echo "Site not in ring.";
|
||||
exit;
|
||||
http_response_code(404);
|
||||
echo "This site isn't actually part of the ringularity ;-;";
|
||||
exit();
|
||||
}
|
||||
|
||||
$total = count($sites);
|
||||
|
||||
$prevIndex = ($index - 1 + $total) % $total;
|
||||
$nextIndex = ($index + 1) % $total;
|
||||
|
||||
$prev = $sites[$prevIndex];
|
||||
$next = $sites[$nextIndex];
|
||||
|
||||
$prev = $sites[($index - 1 + $total) % $total];
|
||||
$next = $sites[($index + 1) % $total];
|
||||
?>
|
||||
|
||||
<div class="webring">
|
||||
<a href="//<?= htmlspecialchars($prev) ?>">← Previous</a>
|
||||
|
|
||||
<a href="//<?= htmlspecialchars($next) ?>">Next →</a>
|
||||
<div class="webring" role="navigation" aria-label="Webring navigation">
|
||||
<a href="https://<?= htmlspecialchars(
|
||||
$prev,
|
||||
ENT_QUOTES | ENT_SUBSTITUTE,
|
||||
"UTF-8",
|
||||
) ?>" target="_top" rel="noopener noreferrer">← PREV</a>
|
||||
<span aria-hidden="true"> | </span>
|
||||
<a href="https://<?= htmlspecialchars(
|
||||
$next,
|
||||
ENT_QUOTES | ENT_SUBSTITUTE,
|
||||
"UTF-8",
|
||||
) ?>" target="_top" rel="noopener noreferrer">NEXT →</a>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user