Add URL validation to userBanner & profilePic editProfile.php

[VertyyBird]

First checks to see if submitted URL is in an image format. Then if it is, it uses curl to get the HTTP headers of the URLs and rejects them if the response code is anything besides 200.

This should fix the privacy issue I raised in #15

[Pinball3D]

This could be used to get @actuallyaridan IP address because he hosts the server on a computer at his house. Maybe not a huge deal but its possible

[VertyyBird]

That, plus just anyone who sees my profile. For example, just from this test, I can see that my profile pic got 94 loads and my banner got 15. Which is cool because I can roughly see the ratio of post views to profile views. But on the other hand, I can see the IP, OS, Browser, etc of all those loads.

For the minimal amount of computation to do these checks to prevent this, I think it's worth it.

[Pinball3D]

That, plus just anyone who sees my profile. For example, just from this test, I can see that my profile pic got 94 loads and my banner got 15. Which is cool because I can roughly see the ratio of post views to profile views. But on the other hand, I can see the IP, OS, Browser, etc of all those loads.

For the minimal amount of computation to do these checks to prevent this, I think it's worth it.

no that wasnt what i was saying. Someone could put in a link, and since all links are loaded on chirps server, his ip would be leaked. No matter if there are redirects etc

[VertyyBird]

Ohhhh I see what you mean. That's a possibility, but that info is already public since the DNS records for the site already expose his IP. If he wants to be more paranoid about it, he could always run the curl commands through a VPN.

Which he might be doing already since the IP for his domains lead to a datacentre, so it wouldn't really matter if someone grabs the machine's IP using this validation method.

[actuallyaridan]

I do NOT host Chirp on a computer in my house, I’ve said like 19 times now that Chirp is hosted on a server in Germany.