1 files changed, 60 insertions, 0 deletions

diff --git a/webapps/qooxdoo-0.6.5-sdk/frontend/application/feedreader/source/resource/proxy/proxy.php b/webapps/qooxdoo-0.6.5-sdk/frontend/application/feedreader/source/resource/proxy/proxy.php
new file mode 100644
index 0000000000..71853e9b86
--- /dev/null
+++ b/webapps/qooxdoo-0.6.5-sdk/frontend/application/feedreader/source/resource/proxy/proxy.php
@@ -0,0 +1,60 @@
+<?php
+
+$ALLOWED_URL_PREFIXES = array(
+    "http://feeds.feedburner.com",
+    "http://blog.dojotoolkit.org/feed",
+    "http://www.jackslocum.com/blog/feed/",
+    "http://portlets.blogspot.com",
+    "http://www.go-mono.com/monologue/index.rss",
+    "http://feeds.yuiblog.com/YahooUserInterfaceBlog",
+);
+
+$ALLOWED_URL_SUFFIXES = array(
+    ".rdf",
+    ".rss",
+    "atom.xml",
+    "rss2",
+    "rss.xml",
+    "feed/atom/",
+);
+
+$proxy_url = isset($_GET['proxy']) ? $_GET['proxy'] : false;
+
+if (!$proxy_url) {
+    header("HTTP/1.0 400 Bad Request");
+    echo "proxy.php failed because proxy parameter is missing";
+    exit();
+}
+
+$is_url_valid = false;
+foreach ($ALLOWED_URL_PREFIXES as $prefix) {
+    if (strpos($proxy_url, $prefix) === 0) {
+        $is_url_valid = true;
+        break;
+    }
+}
+
+foreach ($ALLOWED_URL_SUFFIXES as $suffix) {
+    if (strpos($proxy_url, $suffix) === strlen($proxy_url)-strlen($suffix)) {
+        $is_url_valid = true;
+        break;
+    }
+}
+
+if (!$is_url_valid) {
+    header("HTTP/1.0 400 Bad Request");
+    echo "Address is not allowed!";        
+    exit();
+}
+
+$session = curl_init($proxy_url);
+
+curl_setopt($session, CURLOPT_HEADER, false);
+curl_setopt($session, CURLOPT_RETURNTRANSFER, true);
+
+header("Content-Type: application/xml");
+echo(curl_exec($session));
+
+curl_close($session);
+
+?>
\ No newline at end of file