actionscript - Proxy script in PHP to circumvent missing crossdomain.xml - missing minor tweaks -

-

1st background - see, i'm not trying malicious: have flash app in russian social network vkontakte.ru displays user avatars. until .swf file has been hosted @ domain, fetching , scaling avatars worked well.

now i'd switch app iframe-type, .swf hosted @ domain , i'm not able scale avatars in .swf anymore: neither domain, nor "*" listed in http://vkontakte.ru/crossdomain.xml , .swf can download , display avatars, can't scale them anymore (accessing myloader.content throws securityerror).

i've decided write proxy script in php fetch image specified in scripts ?img= parameter , pass stdout (after checks , without storing anything):

<?php  define('max_size', 1024 * 1024);  $img = $_get['img']; if (strpos($img, '..') !== false ||     !preg_match(',^http://[\w.]*vkontakte\.ru/[\w./?]+$,i', $img))         exit();  $opts = array(         'http'=>array(                 'method' => 'get',                 'header' => "accept-language: en\r\n" .                             "cookie: foo=bar\r\n"         ) );  $ctx = stream_context_create($opts); stream_context_set_params($ctx, array('notification' => 'callback')); $fp = fopen($img, 'r', false, $ctx); fpassthru($fp); fclose($fp);  function callback($code, $severity, $message, $message_code, $bytes_transferred, $bytes_max) {         if ($code == stream_notify_file_size_is && $bytes_max > max_size)                 exit();          if ($code == stream_notify_progress && $bytes_transferred > max_size)                 exit();          if ($code == stream_notify_mime_type_is) {                 $mime = strtolower($message);                 switch($message) {                         case 'image/gif':                         case 'image/png':                         case 'image/jpg':                         case 'image/jpeg':                                 // xxx doesn't work xxx                                 header('content-type: ' . $mime);                                 break;                         default:                                 exit();                 }         } }  ?>

my problem $mime header never printed (or printed late?).

when fetch example avatar directly: http://cs971.vkontakte.ru/u59751265/a_7567890a.jpg see content-type: image/jpeg header being sent browser.

but when fetch through proxy script, don't see header.

maybe should better use different function instead of fopen()? i'm not proficient in php. i'm worried if fopen() can tricked serving local files web server.

and bonus question: i'm worried .swf not app calling proxy.php, can't figure out way secure (maybe there no such way) - can't store secret in .swf , in .php - because .swf can disassembled.

thank you, alex

i believe first assumption right, send header late or not getting mime headers expect.

first of try logging mimes using file_put_contents, if find out indeed late of use, can @ output buffering.

if dont header @ all, might in wrong context, http perhaps?

for bonus question; page of iframe hosted on server, on server running php, create session session_start(), set $_session['gotvisit'] = true (or that). retrieve session id using $id = session_id(), id can pass flash standard flash variables. have flash pass variable in request image, next in img script, do; 

session_id($_get['ses']); session_start(); if(!isset($_session['gotvisit']))     die('no access');

good luck you.


Comments

Post a Comment

Popular posts from this blog

ASP.NET/SQL find the element ID and update database -

-
basically i've got update query runs when click submit button. i have asp:repeater in page layer inside this <asp:repeater id="dgbookings" runat="server" onitemdatabound="itemdb"> <itemtemplate> <div class="bookingscontent"> <div class="bookingdetails" id="<%# databinder.eval(container.dataitem, "booking_ref") %>"> <p class="infotext"><%# databinder.eval(container.dataitem, "adults") %> <asp:linkbutton onclick="editdetails" text="edit..." runat="server"></asp:linkbutton></p> <p class="infotext"><asp:linkbutton onclick="submitdetails" text="submit..." runat="server"></asp:linkbutton></p> </div> </div> </itemtemplate> <asp:repeater> and outputs ...
Read more

jquery - appear modal windows bottom -

-
i have modal windows in application, work fine <div id="modal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="mymodallabel" aria-hidden="true"> but when modal appears, appear top of windows, , want appear bottom the application joomla 3.0! , using template of meet gavern any idea? i found solution i modified de css in bootstrap .modal.fade { top:-25%; -webkit-transition:opacity .3s linear, bottom .3s ease-out; -moz-transition:opacity .3s linear, bottom .3s ease-out; -ms-transition:opacity .3s linear, bottom .3s ease-out; -o-transition:opacity .3s linear, bottom .3s ease-out; transition:opacity .3s linear, bottom .3s ease-out; }
Read more

c++ - Compiling static TagLib 1.6.3 libraries for Windows -

-
i having super hard time compiling , using taglib 1.6.3 in qt project. i've tried can think of. taglib claims supported through cmake i'm not having luck. furthermore, i'm confused kinds of files need qt libs! i've built *.a files, *.lib, , *.dll. understand far... believe since i'm working in windows *.lib want. no matter do, end "undefined references" taglib functions try use when try compile qt project. have tried mingw32, msys, visual studio 2008, , cross-compiling windows on linux. turning nothing. what makes less sense me if compile same taglib source qt on mac (g++ think?) works fine! somewhere in windows compilation procedures have going wrong. have been smacking face on desk 30 (on , off) hours trying figure out. since qt uses mingw must compile taglib same compiler? if compile *.lib's visual studio not compatible? are *.a libraries usable in windows? (assuming mingw) i'm still trying handle on c++ stuff, after reading coun...
Read more