forked from aatje92/p2pool-node-status
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathjsonp.php
35 lines (29 loc) · 849 Bytes
/
jsonp.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<?php
// Recommended to force host, otherwise anyone can shoot out web requests on your servers behalf.
$force_host = false;
$force_host_address = "http://p2pool.org:9332";
if (!isset($_GET['report']) || !isset($_GET['host']))
{
die("Invalid Request.");
}
$report = $_GET['report'];
$host = $_GET['host'];
$web_url = $host . $report;
// Make sure the file isn't a local file, otherwise an attacker could fetch any file off your server.
if (file_exists($web_url))
{
die("Access Denied.");
}
// Parse the URL to make sure its valid.
if (!filter_var($web_url, FILTER_VALIDATE_URL))
{
die("Invalid Host.");
}
// Check if the host is whitelisted.
if ($force_host && $host != $force_host_address)
{
die("Invalid Host.");
}
$json = file_get_contents($web_url);
echo sprintf('%s(%s);', $_GET['callback'], $json);
?>