-
Notifications
You must be signed in to change notification settings - Fork 0
/
cacheduser.php
41 lines (38 loc) · 1.24 KB
/
cacheduser.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?php
require('cache_funcs.php');
$user = $_GET['u'];
$cbFunc = $_GET['callback'];
//$len = strlen($user);
// Remove characters that could be used to access arbitrary URLs
// For some reason, anything with % including %20 or a space will cause either 400 Bad Request
// Worse, %aa or above will cause 500 Internal Server Error
// This doesn't happen when you try to access the URL in Chrome, so may be specific to PHP.
// And catching '%' doesn't work since that refers to an ascii/unicode
//$user = str_replace(array('.', '/', '?', '&', '=', '%', '#', ' '), '', $user);
$count = 0;
// Remove invalid chars, limit 1. If any invalid found, reject.
$user = strtolower(preg_replace('/[^A-Za-z0-9_]/', '', $user, 1, $count));
if ($cbFunc) {
$prefix = "$cbFunc(";
$suffix = ")";
} else {
$prefix = "";
$suffix = "";
}
// Reject any string that contained disallowed characters
if ($count > 0 || !$user) {
echo $prefix.'null'.$suffix;
}
else {
/* Uncached version
echo "userBadges = ";
$url = 'http://www.kongregate.com/accounts/' . $user . '/badges.json';
readfile($url);
*/
$localfile = "cache/$user.js";
if (!cachedGet("http://www.kongregate.com/accounts/$user/badges.json",
$localfile, $prefix, $suffix, $debug)) {
// echo "userBadges = null;";
}
}
?>