ImageProxy cannot handle html encode correctly.
Victrid opened this issue · 3 comments
When adding origin url with special characters like "&", ImageProxy will parse it into & , which is not as expected.
It's can be reproduced setting proxy url to https://example.com/proxy?token=abcdef&url=
I'm afraid you're either mistaken or something about your problem description is slightly incomplete. &url
is definitely expected and desired since &url
is invalid HTML.
If you input:
https://example.com/proxy?token=abcdef&url=
What you need to see in HTML is:
<img src="https://example.com/proxy?token=abcdef&url="
Umm, I'm confused.
When using
https://example.com/proxy?token=abcdef&url=
I get tags like
<img src="https://example.com/proxy?token=abcdef&amp;url=...">
and my nginx server error log says
invalid URL prefix in "", client: ..., server: example.com, request: "GET /proxy?token=abcdef&url=https://contoso.com/some.jpg HTTP/1.1", host: "rexample.com"
the browser should not send servers with escaped urls.
It seems that the &
is escaped twice.
Please see this:
Maybe php did the escape job automatically. As this Stack Overflow page described, setAttribute
will automatically escape the contents, which could cause the same problem.
I get tags like
<img src="https://example.com/proxy?token=abcdef&amp;url=...">
Well, there you go then. That's quite different from &
is turned into &
. ;-)
Please fix it like this instead:
diff --git a/xExtension-ImageProxy/extension.php b/xExtension-ImageProxy/extension.php
index 504248b..2e9e3c9 100644
--- a/xExtension-ImageProxy/extension.php
+++ b/xExtension-ImageProxy/extension.php
@@ -52,7 +52,7 @@ class ImageProxyExtension extends Minz_Extension {
$this->registerTranslates();
if (Minz_Request::isPost()) {
- FreshRSS_Context::$user_conf->image_proxy_url = Minz_Request::param('image_proxy_url', self::PROXY_URL);
+ FreshRSS_Context::$user_conf->image_proxy_url = Minz_Request::param('image_proxy_url', self::PROXY_URL, true);
FreshRSS_Context::$user_conf->image_proxy_scheme_http = Minz_Request::param('image_proxy_scheme_http', '');
FreshRSS_Context::$user_conf->image_proxy_scheme_https = Minz_Request::param('image_proxy_scheme_https', '');
FreshRSS_Context::$user_conf->image_proxy_scheme_default = Minz_Request::param('image_proxy_scheme_default', self::SCHEME_DEFAULT);