Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php /* +-----------------------------------------------------------------------+ | Th..

Decoded Output download

<?php

/*
 +-----------------------------------------------------------------------+
 | This file is part of the Roundcube Webmail client                     |
 |                                                                       |
 | Copyright (C) The Roundcube Dev Team                                  |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
 | See the README file for a full license statement.                     |
 |                                                                       |
 | PURPOSE:                                                              |
 |   Modify CSS source from a URL                                        |
 +-----------------------------------------------------------------------+
 | Author: Thomas Bruederli <[email protected]>                        |
 | Author: Aleksander Machniak <[email protected]>                            |
 +-----------------------------------------------------------------------+
*/

class rcmail_action_utils_modcss extends rcmail_action
{
    /**
     * Request handler.
     *
     * @param array $args Arguments from the previous step(s)
     */
    #[Override]
    public function run($args = [])
    {
        $rcmail = rcmail::get_instance();

        $url = rcube_utils::get_input_string('_u', rcube_utils::INPUT_GET);
        $url = preg_replace('![^a-z0-9.-]!i', '', $url);

        if ($url === null || empty($_SESSION['modcssurls'][$url])) {
            $rcmail->output->sendExitError(403, 'Unauthorized request');
        }

        $realurl = $_SESSION['modcssurls'][$url];

        // don't allow any other connections than http(s)
        if (!preg_match('~^https?://~i', $realurl, $matches)) {
            $rcmail->output->sendExitError(403, 'Invalid URL');
        }

        $source = false;
        $ctype = null;

        try {
            $client = rcube::get_instance()->get_http_client();
            $response = $client->get($realurl);

            $source = $response->getBody();

            $ctype = $response->getHeader('Content-Type');
            $ctype = !empty($ctype) ? $ctype[0] : '';
        } catch (Exception $e) {
            rcube::raise_error($e, true, false);
        }

        $cid = rcube_utils::get_input_string('_c', rcube_utils::INPUT_GET);
        $prefix = rcube_utils::get_input_string('_p', rcube_utils::INPUT_GET);

        $container_id = preg_replace('/[^a-z0-9]/i', '', $cid);
        $css_prefix = preg_replace('/[^a-z0-9]/i', '', $prefix);
        $ctype_regexp = '~^text/(css|plain)~i';

        if ($source !== false && $ctype && preg_match($ctype_regexp, $ctype)) {
            $rcmail->output->sendExit(
                rcube_utils::mod_css_styles($source, $container_id, false, $css_prefix),
                ['Content-Type: text/css']
            );
        }

        $rcmail->output->sendExitError(404, 'Invalid response returned by server');
    }
}
 ?>

Did this file decode correctly?

Original Code

<?php

/*
 +-----------------------------------------------------------------------+
 | This file is part of the Roundcube Webmail client                     |
 |                                                                       |
 | Copyright (C) The Roundcube Dev Team                                  |
 |                                                                       |
 | Licensed under the GNU General Public License version 3 or            |
 | any later version with exceptions for skins & plugins.                |
 | See the README file for a full license statement.                     |
 |                                                                       |
 | PURPOSE:                                                              |
 |   Modify CSS source from a URL                                        |
 +-----------------------------------------------------------------------+
 | Author: Thomas Bruederli <[email protected]>                        |
 | Author: Aleksander Machniak <[email protected]>                            |
 +-----------------------------------------------------------------------+
*/

class rcmail_action_utils_modcss extends rcmail_action
{
    /**
     * Request handler.
     *
     * @param array $args Arguments from the previous step(s)
     */
    #[Override]
    public function run($args = [])
    {
        $rcmail = rcmail::get_instance();

        $url = rcube_utils::get_input_string('_u', rcube_utils::INPUT_GET);
        $url = preg_replace('![^a-z0-9.-]!i', '', $url);

        if ($url === null || empty($_SESSION['modcssurls'][$url])) {
            $rcmail->output->sendExitError(403, 'Unauthorized request');
        }

        $realurl = $_SESSION['modcssurls'][$url];

        // don't allow any other connections than http(s)
        if (!preg_match('~^https?://~i', $realurl, $matches)) {
            $rcmail->output->sendExitError(403, 'Invalid URL');
        }

        $source = false;
        $ctype = null;

        try {
            $client = rcube::get_instance()->get_http_client();
            $response = $client->get($realurl);

            $source = $response->getBody();

            $ctype = $response->getHeader('Content-Type');
            $ctype = !empty($ctype) ? $ctype[0] : '';
        } catch (Exception $e) {
            rcube::raise_error($e, true, false);
        }

        $cid = rcube_utils::get_input_string('_c', rcube_utils::INPUT_GET);
        $prefix = rcube_utils::get_input_string('_p', rcube_utils::INPUT_GET);

        $container_id = preg_replace('/[^a-z0-9]/i', '', $cid);
        $css_prefix = preg_replace('/[^a-z0-9]/i', '', $prefix);
        $ctype_regexp = '~^text/(css|plain)~i';

        if ($source !== false && $ctype && preg_match($ctype_regexp, $ctype)) {
            $rcmail->output->sendExit(
                rcube_utils::mod_css_styles($source, $container_id, false, $css_prefix),
                ['Content-Type: text/css']
            );
        }

        $rcmail->output->sendExitError(404, 'Invalid response returned by server');
    }
}

Function Calls

None

Variables

None

Stats

MD5 f3d57df04de38f863615768bb16ebc47
Eval Count 0
Decode Time 90 ms