diff --git a/classes/App.php b/classes/App.php index 69a110a..0d3f235 100644 --- a/classes/App.php +++ b/classes/App.php @@ -94,7 +94,7 @@ class App extends \Slim\App $this->any( '/watch', - [$frontController, 'info'] + [$frontController, 'watch'] ); $this->any( diff --git a/classes/Controller/BaseController.php b/classes/Controller/BaseController.php index 3279708..9562bc3 100644 --- a/classes/Controller/BaseController.php +++ b/classes/Controller/BaseController.php @@ -169,10 +169,8 @@ abstract class BaseController */ protected function getVideoPageUrl(Request $request): string { - $url = $request->getQueryParam('url') ?: $request->getQueryParam('v'); - // Prevent SSRF attacks. - $parts = Url::validateUrl($url, new Options()); + $parts = Url::validateUrl($request->getQueryParam('url'), new Options()); return $parts['url']; } diff --git a/classes/Controller/FrontController.php b/classes/Controller/FrontController.php index 15e1428..ac46137 100644 --- a/classes/Controller/FrontController.php +++ b/classes/Controller/FrontController.php @@ -14,6 +14,7 @@ use Alltube\Middleware\CspMiddleware; use Exception; use Graby\HttpClient\Plugin\ServerSideRequestForgeryProtection\Exception\InvalidURLException; use Slim\Http\StatusCode; +use Slim\Http\Uri; use stdClass; use Symfony\Component\ErrorHandler\ErrorRenderer\HtmlErrorRenderer; use Throwable; @@ -345,4 +346,24 @@ class FrontController extends BaseController return $this->displayError($request, $response, $message); } } + + /** + * Route that mimics YouTube video URLs ("/watch?v=foo") + * + * @param Request $request + * @param Response $response + * @return Response + */ + public function watch(Request $request, Response $response): Response + { + // We build a full YouTube URL from the video ID. + $youtubeUri = Uri::createFromString('https://www.youtube.com/watch') + ->withQuery(http_build_query(['v' => $request->getQueryParam('v')])); + + // Then pass it to the info route. + return $response->withRedirect( + Uri::createFromString($this->router->pathFor('info')) + ->withQuery(http_build_query(['url' => strval($youtubeUri)])) + ); + } }