This new version features numerous improvements, bugfixes and also a new feature.
Fixes since 0.5.1:
- Basic authorisation was not working properly due as a result of the cURL settings applied to the transfer. The script now checks for the corresponding error afterwards (since 401 is considered an error code) instead of trying to find a non-existent 401 in the read headers function.
- The username and password supplied as the user details for the Basic auth was being saved in a cookie inaccessible to the main browse.php script, rendering the feature useless. The cookie is now properly set and basic auth should now be working fine.
- Injected javascript can now sit inside the <head> tag, even if the tag has attributes. Previously it would have been appended to the top of the document in those cases. Thanks to almecho for pointing this out.
- Hotlinking was still a little dodgy but the code has been looked over again and should be working fine.
- The updated plugin system attempted to load plugins even if none existed (essentially it was calling "include false;" which would have caused a PHP warning each time. The include now only occurs if a file to include has been found.
- CSS using the string src='
http://www.some.url/pie.gif' for IE specific filters was not previously recognised. The parser now caters for this type of image loading. Thanks to steven for pointing this out.
- AJAX requests would previously have been replaced with a simple proxifyURL() statement around the supposed URL. This exact location of the URL was very difficult to find precisely when presented with statements such as request.open(e,this.getURL(var,'pie'));. There was also no way of determining the difference between an ajax request and any other method named "open". The call to a suspected ajax function is now rerouted through our own javascript function. I would not go as far as saying AJAX will now work perfectly but it does mean the script is much less likely to break javascript code by messing up the syntax.
- Identifying framesets used to be case sensitive, which may have prevent these pages displaying correctly or even at all. This is now case insensitive for better compatibility.
Changes:
- The cURL options regarding timeouts have had the defaults moved into the settings.php file and can be set in the setup.php script, as suggested by lanmonkey.
- Regexes have had the infinite quantifiers (* and +) replaced with finite values. This means the regex engine will not need to search all the way to the end of the document in cases of malformed HTML. There will be no/little effect on parsing valid HTML.
- The optURL configuration option has been removed from the setup.php script. There have been no (reported) problems with the function that automatically determines the URL, making hardcoding a value for this a waste of time.
Features:
- Despite the clear warnings, setup.php was being left online for anyone to use. You're still advised to delete the script but for those who do consider an admin control panel available 24/7 more important than security, there's now the ability to put a password on it.
- The index page can now be encoded server-side, sent to the user and decoded with javascript. Filters will find it a lot harder to detect the proxy form. This will increase load and bandwidth usage slightly.
- Proxified pages can also be encoded in the same way as the above. This will increase increase load considerably more and bandwidth usage will triple for HTML pages.
The encoding features are very much experimental and disabled by default. Very brief testing indicates it seems to work without a problem in FireFox but causes some layout and javascript problems in IE. It's also likely that these are going to be slow. If there are no major problems and it's worth keeping the encoding, I'll look into better ways of applying it.
Plugins:
- myspace.com has been updated with a fix for Friend Updates in IE, courtesy of almecho.
- facebook.com has a new plugin included with this release. This plugin allows the parser to deal with the widely used objects in Facebook javascript that previously would have been confused with line delimiters (as in a closing } from an if/while/for statement). I don't know if there are any benefits to it but it means I can now load Facebook without Firebug giving me 20+ javascript errors.
Notes:
This is released as a beta and is not available on the main site. I would like upgrade it to Final and give it a full release asap. If anyone is interested in trying out the beta, it's included as an attachment. Feedback is appreciated but please only report genuine bugs with the script. And by that I mean incompatibilities (problems on specific sites) that have always existed and occur in all proxy scripts (excluding plugins/mods) are not usually bugs. There may be some other changes as well that I've forgotten atm.
Updating from 0.5.1:
Instructions are included in the INSTALL file.
0.5.2 Public Beta Testing
Linear Mode
