index.php

<?php

class Defence {

  protected $url;

  protected $postData;

  protected $query_string;
}

class Shield extends Defence {

  public function __construct() {
    $this->url = filter_var($_GET['url'], FILTER_SANITIZE_URL);
    $this->postData = str_replace('\\', "", $_GET['postData']);
  }

  function runIt() {
    error_log("WORKING on: $this->url and _POST: " . $this->postToString() .
      " postData: " . $this->postData . "\n==========\n");

    if (isset($this->url) && !isset($this->postData)) {
      $this->getUrl($this->url);
    }
    else {
      error_log("=== postData: $this->postData");
      $this->runCurl($this->postData);
    }
  }

  function postToString() {
    $this->query_string = "";
    if ($_POST) {
      $kv = [];
      foreach ($_POST as $key => $value) {
        $kv[] = "$key=$value";
      }
      $this->query_string = join("&", $kv);
    }
    else {
      $this->query_string = $_SERVER['QUERY_STRING'];
    }
    return $this->query_string;
  }

  function getUrl($url) {
    error_log("Fetch:" . $this->url);
    $handle = fopen($url, "rb");
    $ret = stream_get_contents($handle);
    fclose($handle);

    error_log("simple GET ret:\n $ret \n");
    header("Content-Type: application/json");
    echo $ret;
  }

  function runCurl($params) {
    $postParams = "";
    if (isset($params) && strlen($params) > 1) {
      $postParams = "-d '" . $params . "'";
    }
    $runCmd = "curl -H 'content-type:application/json' {$postParams} " . $this->url;
    error_log("run cmd: " . $runCmd . "\n\n");
    $output = shell_exec($runCmd);
    error_log("exec ret: $output");
    header("Content-Type: application/json");
    echo "$output";
  }
}

// $shield = new Shield;
// $shield->runIt();