View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 3854 | Composr | core | public | 2019-07-22 16:24 | 2022-08-18 14:55 |
| Reporter | Chris Graham | Assigned To | Guest | ||
| Priority | normal | Severity | feature | ||
| Status | new | Resolution | open | ||
| Summary | 3854: Auto-tracked/proxied linking via Tempcode | ||||
| Description | New Tempcode symbols for redirecting URLs or proxying static content, in a secure way. Purposes: - Tracking - Obscuring where a link will go - Referrer stripping - Putting file downloads under any security umbrella you like 1) REDIRECTING URLS... {$REDIRECTED_URL*,http://example.com/,86400} This ends up linking to http://example.com/, but it does it in a very indirect way: - A database row to a new table (redirect_tokens?) is added with the URL, and expiry timestamp (current time + 86400 seconds), current session ID, and a crypto token - We link through a script, data/url_redirect.php, with the token passed as a parameter - The script checks the token and that it is valid for the session and not expired - Any expired rows are deleted (cleanup) - This script tracks the click into the link_tracker table - The user is redirected to the URL specified in the row We actually have a function simple_tracker_script in misc_scripts.php that currently isn't hooked up anything for security reasons (drive-by attacks to random URLs). We can now hook it up to the above securely. We might need to do some work to make sure link_tracker data is easily accessible, I'm not sure it's in the admin UI currently. Should be CSV downloadable, and have some kind of basic stats tabular view. Note that there is an especially useful case, which we should document, of using this for 'mailto' URLs. 2) PROXYING LOCAL FILES... {$PROXIED_LOCAL_FILE*,example.png,86400,image/png,1} This is similar, except it outputs a local file (proxying, not via redirect); using data/internal_file_proxy.php. As it is a file we can specify the mime-type and '1' to force download rather than displaying inline. If the mime type is not given it's detected from the filename. 3) PROXIED URLS... {$PROXIED_URL,http://example.com/some-video,video/mp4} The purpose is a way to copy remote URLs locally using Tempcode, and serve them locally (maybe for speed, maybe to avoid hammering someone else's server, maybe as an automatic backup). You pass it a URL and the first time it runs it copies that URL to a local file using an algorithmicly-defined filename (i.e. if the local file does not exist yet). A second optional parameter would force a particular mime type, if the original URL does not provide one or if we want to force one for security/integrity reasons. The mime type detected/provided is turned into a file extension, so we can serve a file directly from disk. This example would download the file at "http://example.com/some-video" and save it in something like "uploads/localised_remote_urls/some-video.mp4". In this example the URL has no file extension, so I am forcing one so I know it will have the correct mime type served by Apache. The symbol would most likely be used in catalogue templates, when people enter URLs to media. | ||||
| Steps To Reproduce | If we need access control on the links, we simply make use of Composr permissions in terms of where we put the link, or in terms of the Tempcode we surround the link with to determine who can get it. | ||||
| Tags | No tags attached. | ||||
| Attach Tags | |||||
| Time estimation (hours) | 4 | ||||
| Sponsorship open | |||||
| has duplicate | 4029 | Closed | Chris Graham | SERVE_LOCALLY symbol (to serve self cached versions of third party hosted URLs) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-07-22 16:24 | Chris Graham | New Issue | |
| 2019-07-22 16:27 | Chris Graham | Description Updated | |
| 2019-07-22 16:29 | Chris Graham | Description Updated | |
| 2019-07-22 16:53 | Chris Graham | Description Updated | |
| 2022-08-15 00:58 | Chris Graham | Relationship added | related to 4029 |
| 2022-08-15 00:59 | Chris Graham | Summary | Temporary linking via Comcode => Auto-tracked/proxied linking via Comcode |
| 2022-08-15 01:00 | Chris Graham | Relationship deleted | related to 4029 |
| 2022-08-18 14:53 | Chris Graham | Description Updated | |
| 2022-08-18 14:53 | Chris Graham | Time estimation (hours) | 3 => 4 |
| 2022-08-18 14:53 | Chris Graham | Relationship added | has duplicate 4029 |
| 2022-08-18 14:55 | Chris Graham | Summary | Auto-tracked/proxied linking via Comcode => Auto-tracked/proxied linking via Tempcode |
