36 lines
1.5 KiB
PHP
36 lines
1.5 KiB
PHP
<?php
|
|
// V88 hardened: limits + error handling
|
|
@set_time_limit(20);
|
|
@ini_set('memory_limit', '128M');
|
|
@ini_set('max_execution_time', 20);
|
|
|
|
|
|
// === INPUT SANITIZATION ===
|
|
function weval_input($key, $type='string', $method='GET') {
|
|
$src = $method === 'POST' ? INPUT_POST : INPUT_GET;
|
|
$val = filter_input($src, $key, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
|
if ($val === null || $val === false) {
|
|
$val = ($method === 'POST') ? ($_POST[$key] ?? '') : ($_GET[$key] ?? '');
|
|
$val = htmlspecialchars(strip_tags(trim($val)), ENT_QUOTES, 'UTF-8');
|
|
}
|
|
if ($type === 'int') return intval($val);
|
|
if ($type === 'email') return filter_var($val, FILTER_SANITIZE_EMAIL);
|
|
return $val;
|
|
}
|
|
|
|
// SearXNG proxy for internal use (S95 → S204)
|
|
header('Content-Type: application/json');
|
|
$key = $_GET['k'] ?? '';
|
|
if($key !== 'WEVSX2026') { http_response_code(403); echo '{"error":"forbidden"}'; exit; }
|
|
$q = $_GET['q'] ?? '';
|
|
if(!$q) { echo '{"error":"no query"}'; exit; }
|
|
$params = http_build_query(['q'=>$q,'format'=>'json','engines'=>$_GET['engines']??'google,bing','categories'=>'general','language'=>'fr','locale'=>'fr','safesearch'=>0]);
|
|
$ch = curl_init("http://127.0.0.1:8080/search?$params");
|
|
curl_setopt_array($ch, [CURLOPT_RETURNTRANSFER=>true, CURLOPT_TIMEOUT=>15]);
|
|
$r = curl_exec($ch);
|
|
$err = curl_error($ch);
|
|
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
|
curl_close($ch);
|
|
if ($r === false || $err) { echo json_encode(['error'=>'searxng down', 'curl_err'=>$err, 'http_code'=>$code]); exit; }
|
|
echo $r;
|