[GH-ISSUE #6] Return 403 when domain is not allowed #608

New issue

Closed

opened 2026-03-15 14:48:01 +03:00 by kerem · 1 comment

kerem commented

2026-03-15 14:48:01 +03:00

Owner

Originally created by @baamenabar on GitHub (Jun 15, 2016).
Original GitHub issue: https://github.com/flyimg/flyimg/issues/6

Currently only returning 500
Even if I try to exit with error code the framework seems to be catching me first.

public function saveNewFile($sourceFile, $newFileName, $options)
    {
        $newFilePath = TMP_DIR . $newFileName;
        try {
            $tmpFile = $this->saveToTemporaryFile($sourceFile);
        } catch (Exception $e) {
            http_response_code($e->getCode());
            exit($e->getMessage());
        }
        $commandStr = $this->generateCmdString($newFilePath, $tmpFile, $options);

        exec($commandStr, $output, $code);
        if (count($output) === 0) {
            $output = $code;
        } else {
            $output = implode(PHP_EOL, $output);
        }

        if ($code !== 0) {
            throw new \Exception($output . ' Command line: ' . $commandStr);
        }
        $this->filesystem->write($newFileName, stream_get_contents(fopen($newFilePath, 'r')));
        unlink($tmpFile);
        unlink($newFilePath);
    }

and then

public function saveToTemporaryFile($fileUrl)
    {
        //check restricted_domains is enabled
        if ($this->params['restricted_domains'] &&
            is_array($this->params['whitelist_domains']) &&
            !in_array(parse_url($fileUrl, PHP_URL_HOST), $this->params['whitelist_domains'])
        ) {
            throw  new \Exception('Restricted domains enabled, the domain your fetching from is not allowed: ' . parse_url($fileUrl, PHP_URL_HOST), 403);

        }

        if (!$resource = @fopen($fileUrl, "r")) {
            throw  new \Exception('Error occured while trying to read the file Url : ' . $fileUrl, 400);
        }
        $content = "";
        while ($line = fread($resource, 1024)) {
            $content .= $line;
        }
        $tmpFile = TMP_DIR . uniqid("", true);
        file_put_contents($tmpFile, $content);
        return $tmpFile;
    }

but it doesn't work

Originally created by @baamenabar on GitHub (Jun 15, 2016). Original GitHub issue: https://github.com/flyimg/flyimg/issues/6 Currently only returning 500 Even if I try to exit with error code the framework seems to be catching me first. ``` php public function saveNewFile($sourceFile, $newFileName, $options) { $newFilePath = TMP_DIR . $newFileName; try { $tmpFile = $this->saveToTemporaryFile($sourceFile); } catch (Exception $e) { http_response_code($e->getCode()); exit($e->getMessage()); } $commandStr = $this->generateCmdString($newFilePath, $tmpFile, $options); exec($commandStr, $output, $code); if (count($output) === 0) { $output = $code; } else { $output = implode(PHP_EOL, $output); } if ($code !== 0) { throw new \Exception($output . ' Command line: ' . $commandStr); } $this->filesystem->write($newFileName, stream_get_contents(fopen($newFilePath, 'r'))); unlink($tmpFile); unlink($newFilePath); } ``` and then ``` php public function saveToTemporaryFile($fileUrl) { //check restricted_domains is enabled if ($this->params['restricted_domains'] && is_array($this->params['whitelist_domains']) && !in_array(parse_url($fileUrl, PHP_URL_HOST), $this->params['whitelist_domains']) ) { throw new \Exception('Restricted domains enabled, the domain your fetching from is not allowed: ' . parse_url($fileUrl, PHP_URL_HOST), 403); } if (!$resource = @fopen($fileUrl, "r")) { throw new \Exception('Error occured while trying to read the file Url : ' . $fileUrl, 400); } $content = ""; while ($line = fread($resource, 1024)) { $content .= $line; } $tmpFile = TMP_DIR . uniqid("", true); file_put_contents($tmpFile, $content); return $tmpFile; } ``` but it doesn't work