cdransf/coryd.dev
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(oembed.php + og-image.php): route oembed images through proxy

Browse source
This commit is contained in:
Cory Dransfeldt 2025-05-10 17:37:14 -07:00
parent ec03d7ccef
commit df63ad1799
No known key found for this signature in database
5 changed files with 17 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

4
api/oembed.php
View file

@ -29,7 +29,7 @@ class OembedHandler extends BaseHandler
'author_name' => $globals['author'],
'provider_name' => $globals['site_name'],
'provider_url' => $globals['url'],
'thumbnail_url' => $globals['url'] . $item['image_url'],
'thumbnail_url' => $globals['url'] . '/og/w800' . $item['image_url'],
'html' => '<a href="' . htmlspecialchars($item['url']) . '">' . htmlspecialchars($item['title']) . '</a>',
]);
}
@ -44,7 +44,7 @@ class OembedHandler extends BaseHandler
'author_name' => $globals['author'],
'provider_name' => $globals['site_name'],
'provider_url' => $globals['url'],
'thumbnail_url' => $globals['url'] . $globals['avatar'],
'thumbnail_url' => $globals['url'] . '/og/w800' . $globals['avatar'],
'html' => '<a href="' . htmlspecialchars($relativePath) . '">' . htmlspecialchars($title) . '</a>',
]);
}

20
api/og-image.php
View file

@ -1,10 +1,12 @@
<?php
$id = $_GET['id'] ?? null;
$class = $_GET['class'] ?? null;
$extension = $_GET['extension'] ?? 'png';
$isValidId = is_string($id) && preg_match('/^[a-f0-9\-]{36}$/', $id);
$isValidClass = is_string($class) && preg_match('/^w\d{2,4}$/', $class);
if (!$isValidId || !$class) {
if (!$isValidId || !$isValidClass) {
header("Location: /404", true, 302);
exit;
}
@ -22,19 +24,11 @@
curl_close($ch);
error_log("CDN response code: $httpCode, Content-Type: $contentType");
if ($httpCode !== 200 || $image === false) {
error_log("Failed to fetch image: $cdnUrl");
if ($httpCode !== 200 || $image === false || strpos($contentType, 'image/') !== 0) {
error_log("Failed to fetch image: $cdnUrl ($httpCode - $contentType)");
header("Location: /404", true, 302);
exit;
}
if (strpos($contentType, 'image/') === 0) {
header("Content-Type: $contentType");
echo $image;
} else {
error_log("Invalid content type: $contentType");
header("Location: /404", true, 302);
exit;
}
header("Content-Type: $contentType");
echo $image;