Commit: fba290c061027c24e4c8effdba37addd3430c3d4 Author: Adam Harvey <ahar...@php.net> Tue, 10 Sep 2013 11:42:42 -0700 Parents: b8beb657ca725913ab8568eb218691bdd2f838c5 Branches: master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=fba290c061027c24e4c8effdba37addd3430c3d4 Log: Allow CURLOPT_FOLLOWLOCATION to be used with open_basedir. Newer versions of libcurl prevent file:// location response headers by default, which means that the open_basedir check is unnecessary — the fact CURLOPT_REDIR_PROTOCOLS can't set CURLPROTO_FILE with open_basedir enabled means that there's no possibility of breaching the open_basedir restriction, and this allows HTTP redirects to be followed automatically. Implements FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or safe_mode). Bugs: https://bugs.php.net/65646 Changed paths: M NEWS M ext/curl/interface.c A ext/curl/tests/bug65646.phpt A ext/curl/tests/bug65646_open_basedir_new.phpt A ext/curl/tests/bug65646_open_basedir_old.phpt D ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt Diff: diff --git a/NEWS b/NEWS index 29b5c9c..bc39126 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,10 @@ PHP NEWS of E_STRICT (phase 1 of RFC: https://wiki.php.net/rfc/incompat_ctx). (Gustavo) +- cURL: + . Implemented FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir + or safe_mode). (Adam) + - Session: . Fixed Bug #65315 (session.hash_function silently fallback to default md5) (Yasuo) diff --git a/ext/curl/interface.c b/ext/curl/interface.c index ac872df..5913159 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -2504,6 +2504,7 @@ string_copy: case CURLOPT_FOLLOWLOCATION: convert_to_long_ex(zvalue); +#if LIBCURL_VERSION_NUM < 0x071304 if (PG(open_basedir) && *PG(open_basedir)) { if (Z_LVAL_PP(zvalue) != 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set"); @@ -2511,6 +2512,7 @@ string_copy: return 1; } } +#endif error = curl_easy_setopt(ch->cp, option, Z_LVAL_PP(zvalue)); break; diff --git a/ext/curl/tests/bug65646.phpt b/ext/curl/tests/bug65646.phpt new file mode 100644 index 0000000..f244f72 --- /dev/null +++ b/ext/curl/tests/bug65646.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or safe_mode): open_basedir disabled +--SKIPIF-- +<?php +if (!extension_loaded('curl')) exit("skip curl extension not loaded"); +if (ini_get('open_basedir')) exit("skip open_basedir is set"); +?> +--FILE-- +<?php +$ch = curl_init(); +var_dump(curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true)); +curl_close($ch); +?> +--EXPECT-- +bool(true) diff --git a/ext/curl/tests/bug65646_open_basedir_new.phpt b/ext/curl/tests/bug65646_open_basedir_new.phpt new file mode 100644 index 0000000..991c4a2 --- /dev/null +++ b/ext/curl/tests/bug65646_open_basedir_new.phpt @@ -0,0 +1,25 @@ +--TEST-- +Bug #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or safe_mode): open_basedir enabled; curl >= 7.19.4 +--INI-- +open_basedir=. +--SKIPIF-- +<?php +if (!extension_loaded('curl')) exit("skip curl extension not loaded"); +if (version_compare(curl_version()['version'], '7.19.4', '<')) exit("skip curl version is too old"); +?> +--FILE-- +<?php +$ch = curl_init(); +var_dump(curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true)); +var_dump(curl_setopt($ch, CURLOPT_PROTOCOLS, CURLPROTO_FILE)); +var_dump(curl_setopt($ch, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_FILE)); +curl_close($ch); +?> +--EXPECTF-- +bool(true) + +Warning: curl_setopt(): CURLPROTO_FILE cannot be activated when an open_basedir is set in %s on line %d +bool(false) + +Warning: curl_setopt(): CURLPROTO_FILE cannot be activated when an open_basedir is set in %s on line %d +bool(false) diff --git a/ext/curl/tests/bug65646_open_basedir_old.phpt b/ext/curl/tests/bug65646_open_basedir_old.phpt new file mode 100644 index 0000000..cf11d21 --- /dev/null +++ b/ext/curl/tests/bug65646_open_basedir_old.phpt @@ -0,0 +1,18 @@ +--TEST-- +Bug #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or safe_mode): open_basedir enabled; curl < 7.19.4 +--INI-- +open_basedir=. +--SKIPIF-- +<?php +if (!extension_loaded('curl')) exit("skip curl extension not loaded"); +if (version_compare(curl_version()['version'], '7.19.4', '>=')) exit("skip curl version is too new"); +?> +--FILE-- +<?php +$ch = curl_init(); +var_dump(curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true)); +curl_close($ch); +?> +--EXPECTF-- +Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set in %s on line %d +bool(false) diff --git a/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt b/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt deleted file mode 100644 index 7a778f3..0000000 --- a/ext/curl/tests/curl_setopt_CURLOPT_FOLLOWLOCATION_open_basedir.phpt +++ /dev/null @@ -1,22 +0,0 @@ ---TEST-- -CURLOPT_FOLLOWLOCATION case check open_basedir ---CREDITS-- -WHITE new media architects - Dennis ---INI-- -open_basedir = DIRECTORY_SEPARATOR."tmp"; ---SKIPIF-- -<?php -if (!extension_loaded("curl")) print "skip cURL not loaded"; -?> ---FILE-- -<?php -print (ini_get("OPEN_BASEDIR")); -$ch = curl_init(); -$succes = curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); -curl_close($ch); -var_dump($succes); -?> ---EXPECTF-- -Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set in %s.php on line %d -bool(false) - -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php