Commit 392f9936 authored by mattl's avatar mattl

Check for (and demand HTTPS archive.org URLs)

parent 5784e50a
...@@ -82,17 +82,17 @@ if (isset($_POST['submit'])) { ...@@ -82,17 +82,17 @@ if (isset($_POST['submit'])) {
$errors[] = 'A streaming URL must be specified.'; $errors[] = 'A streaming URL must be specified.';
} }
$streaming_url = $_POST['streaming_url']; $streaming_url = $_POST['streaming_url'];
if (substr($streaming_url, 0, 7) != 'http://') { if (substr($streaming_url, 0, 7) != 'https://') {
$streaming_url = 'http://' . $streaming_url; $streaming_url = 'https://' . $streaming_url;
} }
if (preg_match('@http://[^/]*archive.org/.*/items/([^/]*)/([^/]*)@', $streaming_url, $matches)) { if (preg_match('@https://[^/]*archive.org/.*/items/([^/]*)/([^/]*)@', $streaming_url, $matches)) {
// Convert mirror URL into canonical URL // Convert mirror URL into canonical URL
$streaming_url = 'http://www.archive.org/download/' . $matches[1] . '/' . $matches[2]; $streaming_url = 'https://www.archive.org/download/' . $matches[1] . '/' . $matches[2];
} }
if (!preg_match('@http://(www.)?archive.org/download/([^\/]*)/.*@', $streaming_url, $matches)) { if (!preg_match('@https://(www.)?archive.org/download/([^\/]*)/.*@', $streaming_url, $matches)) {
$errors[] = 'Sorry, the streaming URL must be hosted at archive.org.'; $errors[] = 'Sorry, the streaming URL must be hosted at archive.org and be HTTPS';
} else { } else {
// Check we've been given correct file types // Check we've been given correct file types
$finfo = new finfo(FILEINFO_MIME_TYPE); $finfo = new finfo(FILEINFO_MIME_TYPE);
...@@ -134,7 +134,7 @@ if (isset($_POST['submit'])) { ...@@ -134,7 +134,7 @@ if (isset($_POST['submit'])) {
// Check the license // Check the license
$archive_name = $matches[2]; $archive_name = $matches[2];
$meta_url = 'http://www.archive.org/download/' . $archive_name . '/' . $archive_name . '_meta.xml'; $meta_url = 'https://www.archive.org/download/' . $archive_name . '/' . $archive_name . '_meta.xml';
try { try {
$meta = simplexml_load_file($meta_url); $meta = simplexml_load_file($meta_url);
$license = $meta->licenseurl; $license = $meta->licenseurl;
...@@ -165,4 +165,4 @@ if (isset($_POST['submit'])) { ...@@ -165,4 +165,4 @@ if (isset($_POST['submit'])) {
} }
} }
$smarty->display('track-add.tpl'); $smarty->display('track-add.tpl');
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment