Make parrameters configurable

2024-05-24 08:24:56 +02:00 · 2024-05-24 08:24:56 +02:00 · 7779d71711
parent 405bb04c7c
commit 7779d71711
4 changed files with 19 additions and 15 deletions
--- a/de.systopia.civiproxy-0.6.0.tar.gz
+++ b/de.systopia.civiproxy-0.6.0.tar.gz
--- a/proxy/config.dist.php
+++ b/proxy/config.dist.php
@ -52,7 +52,6 @@ $target_open      = $target_civicrm . '/civicrm/mailing/open';
 #$target_url       = $target_civicrm . '/sites/all/modules/civicrm/extern/url.php';
 #$target_open      = $target_civicrm . '/sites/all/modules/civicrm/extern/open.php';

-
 /****************************************************************
 **                    GENERAL OPTIONS                         **
 ****************************************************************/
@ -91,6 +90,23 @@ if (file_exists(dirname(__FILE__)."/secrets.php")) {
  require "secrets.php";
 }

+// Parameter whitelisting for open tracking and URL tracking
+// basic civicrm URL/open parameter are u, q and qid (as int)
+// If additional parameters are needed, best practise would be to whitelist each one as needed in
+// $valid_url_parameters and/or $valid_open_parameters.
+// Alternatively it is also possible to allow all parameters with the wildcard parameter '*' => 'string'
+$valid_url_parameters = [
+    'u'   => 'int',
+    'q'   => 'int',
+    'qid' => 'int',
+//    '*'   => 'string'     // whildcard, whitelist all url parameters
+];
+$valid_open_parameters = [
+    'u'   => 'int',
+    'q'   => 'int',
+    'qid' => 'int',
+//    '*'   => 'string'     // wildcard, whitelist *all* open parameters
+];

 /****************************************************************
 **                   File Caching Options                     **
--- a/proxy/open.php
+++ b/proxy/open.php
@ -16,11 +16,5 @@ if (!$target_open) civiproxy_http_error("Feature disabled", 405);
 // basic check
 civiproxy_security_check('open');

-// basic restraints
-$valid_parameters = [
-  'q'   => 'int',
-  'qid' => 'int',
-];
-
-$parameters = civiproxy_get_parameters($valid_parameters);
+$parameters = civiproxy_get_parameters($valid_open_parameters);
 civiproxy_redirect($target_open, $parameters);
--- a/proxy/url.php
+++ b/proxy/url.php
@ -16,11 +16,5 @@ if (!$target_url) civiproxy_http_error("Feature disabled", 405);
 // basic check
 civiproxy_security_check('url');

-// basic restraints
-$valid_parameters = array(  'u'   => 'int',
-                            'q'   => 'int',
-                            'qid' => 'int',
-                            '*'   => 'string');
-
-$parameters = civiproxy_get_parameters($valid_parameters);
+$parameters = civiproxy_get_parameters($valid_url_parameters);
 civiproxy_redirect($target_url, $parameters);