Added X-out of blank boxes for security.
[openemr.git] / library / plugins / function.fetch.php
bloba3273a1e43e7336ee00852b3d43220e44727ca7d
1 <?php
2 /**
3 * Smarty plugin
4 * @package Smarty
5 * @subpackage plugins
6 */
9 /**
10 * Smarty {fetch} plugin
12 * Type: function<br>
13 * Name: fetch<br>
14 * Purpose: fetch file, web or ftp data and display results
15 * @link http://smarty.php.net/manual/en/language.function.fetch.php {fetch}
16 * (Smarty online manual)
17 * @param array
18 * @param Smarty
19 * @return string|null if the assign parameter is passed, Smarty assigns the
20 * result to a template variable
22 function smarty_function_fetch($params, &$smarty)
24 if (empty($params['file'])) {
25 $smarty->_trigger_fatal_error("[plugin] parameter 'file' cannot be empty");
26 return;
29 if ($smarty->security && !preg_match('!^(http|ftp)://!i', $params['file'])) {
30 $_params = array('resource_type' => 'file', 'resource_name' => $params['file']);
31 require_once(SMARTY_DIR . 'core' . DIRECTORY_SEPARATOR . 'core.is_secure.php');
32 if(!smarty_core_is_secure($_params, $smarty)) {
33 $smarty->_trigger_fatal_error('[plugin] (secure mode) fetch \'' . $params['file'] . '\' is not allowed');
34 return;
37 // fetch the file
38 if($fp = @fopen($params['file'],'r')) {
39 while(!feof($fp)) {
40 $content .= fgets ($fp,4096);
42 fclose($fp);
43 } else {
44 $smarty->_trigger_fatal_error('[plugin] fetch cannot read file \'' . $params['file'] . '\'');
45 return;
47 } else {
48 // not a local file
49 if(preg_match('!^http://!i',$params['file'])) {
50 // http fetch
51 if($uri_parts = parse_url($params['file'])) {
52 // set defaults
53 $host = $server_name = $uri_parts['host'];
54 $timeout = 30;
55 $accept = "image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*";
56 $agent = "Smarty Template Engine ".$smarty->_version;
57 $referer = "";
58 $uri = !empty($uri_parts['path']) ? $uri_parts['path'] : '/';
59 $uri .= !empty($uri_parts['query']) ? '?' . $uri_parts['query'] : '';
60 $_is_proxy = false;
61 if(empty($uri_parts['port'])) {
62 $port = 80;
63 } else {
64 $port = $uri_parts['port'];
66 if(empty($uri_parts['user'])) {
67 $user = '';
69 // loop through parameters, setup headers
70 foreach($params as $param_key => $param_value) {
71 switch($param_key) {
72 case "file":
73 case "assign":
74 case "assign_headers":
75 break;
76 case "user":
77 if(!empty($param_value)) {
78 $user = $param_value;
80 break;
81 case "pass":
82 if(!empty($param_value)) {
83 $pass = $param_value;
85 break;
86 case "accept":
87 if(!empty($param_value)) {
88 $accept = $param_value;
90 break;
91 case "header":
92 if(!empty($param_value)) {
93 if(!preg_match('![\w\d-]+: .+!',$param_value)) {
94 $smarty->_trigger_fatal_error("[plugin] invalid header format '".$param_value."'");
95 return;
96 } else {
97 $extra_headers[] = $param_value;
100 break;
101 case "proxy_host":
102 if(!empty($param_value)) {
103 $proxy_host = $param_value;
105 break;
106 case "proxy_port":
107 if(!preg_match('!\D!', $param_value)) {
108 $proxy_port = (int) $param_value;
109 } else {
110 $smarty->_trigger_fatal_error("[plugin] invalid value for attribute '".$param_key."'");
111 return;
113 break;
114 case "agent":
115 if(!empty($param_value)) {
116 $agent = $param_value;
118 break;
119 case "referer":
120 if(!empty($param_value)) {
121 $referer = $param_value;
123 break;
124 case "timeout":
125 if(!preg_match('!\D!', $param_value)) {
126 $timeout = (int) $param_value;
127 } else {
128 $smarty->_trigger_fatal_error("[plugin] invalid value for attribute '".$param_key."'");
129 return;
131 break;
132 default:
133 $smarty->_trigger_fatal_error("[plugin] unrecognized attribute '".$param_key."'");
134 return;
137 if(!empty($proxy_host) && !empty($proxy_port)) {
138 $_is_proxy = true;
139 $fp = fsockopen($proxy_host,$proxy_port,$errno,$errstr,$timeout);
140 } else {
141 $fp = fsockopen($server_name,$port,$errno,$errstr,$timeout);
144 if(!$fp) {
145 $smarty->_trigger_fatal_error("[plugin] unable to fetch: $errstr ($errno)");
146 return;
147 } else {
148 if($_is_proxy) {
149 fputs($fp, 'GET ' . $params['file'] . " HTTP/1.0\r\n");
150 } else {
151 fputs($fp, "GET $uri HTTP/1.0\r\n");
153 if(!empty($host)) {
154 fputs($fp, "Host: $host\r\n");
156 if(!empty($accept)) {
157 fputs($fp, "Accept: $accept\r\n");
159 if(!empty($agent)) {
160 fputs($fp, "User-Agent: $agent\r\n");
162 if(!empty($referer)) {
163 fputs($fp, "Referer: $referer\r\n");
165 if(isset($extra_headers) && is_array($extra_headers)) {
166 foreach($extra_headers as $curr_header) {
167 fputs($fp, $curr_header."\r\n");
170 if(!empty($user) && !empty($pass)) {
171 fputs($fp, "Authorization: BASIC ".base64_encode("$user:$pass")."\r\n");
174 $content = '';
175 fputs($fp, "\r\n");
176 while(!feof($fp)) {
177 $content .= fgets($fp,4096);
179 fclose($fp);
180 $csplit = split("\r\n\r\n",$content,2);
182 $content = $csplit[1];
184 if(!empty($params['assign_headers'])) {
185 $smarty->assign($params['assign_headers'],split("\r\n",$csplit[0]));
188 } else {
189 $smarty->_trigger_fatal_error("[plugin] unable to parse URL, check syntax");
190 return;
192 } else {
193 // ftp fetch
194 if($fp = @fopen($params['file'],'r')) {
195 while(!feof($fp)) {
196 $content .= fgets ($fp,4096);
198 fclose($fp);
199 } else {
200 $smarty->_trigger_fatal_error('[plugin] fetch cannot read file \'' . $params['file'] .'\'');
201 return;
208 if (!empty($params['assign'])) {
209 $smarty->assign($params['assign'],$content);
210 } else {
211 return $content;
215 /* vim: set expandtab: */