against CSRF attacks ]); } else { setcookie($key, "", time() - 1000); } } if (isset($_REQUEST["save"]) || isset($_REQUEST["reset"])) { header("Location: ./"); die(); } require_once "misc/tools.php"; $instances_json = json_decode(file_get_contents("instances.json"), true); $librey_instances = array_filter($instances_json['instances'], fn($n) => !$n['librey']); function list_instances($instances) { echo "<p>" . TEXTS["api_unavailable"] . "</p>"; die(); } require_once "misc/tools.php"; $url = $_REQUEST["url"]; $requested_root_domain = get_root_domain($url); $allowed_domains = array("i.ytimg.com", "s2.qwant.com", "s1.qwant.com", "upload.wikimedia.org"); if (in_array($requested_root_domain, $allowed_domains)) { $image = $url; $image_src = request($image, $config->curl_settings); header("Content-Type: image/png"); echo $image_src; } ?> </div> </form> <?php fetch_search_results($opts, true); print_page_buttons($opts->type, $opts->query,