Issues in functions-http.php (master) - Issues in master - YOURLS/YOURLS - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2756)

includes/functions-http.php (7 issues)

Labels

Severity

<?php
/**
 * Functions that relate to HTTP requests
 *
 * On functions using the 3rd party library Requests:
 * Their goal here is to provide convenient wrapper functions to the Requests library. There are
 * 2 types of functions for each METHOD, where METHOD is 'get' or 'post' (implement more as needed)
 *     - yourls_http_METHOD() :
 *         Return a complete Response object (with ->body, ->headers, ->status_code, etc...) or
 *         a simple string (error message)
 *     - yourls_http_METHOD_body() :
 *         Return a string (response body) or null if there was an error
 *
 * @since 1.7
 */

/**
 * Perform a GET request, return response object or error string message
 *
 * Notable object properties: body, headers, status_code
 *
 * @since 1.7
 * @see yourls_http_request
 * @return mixed Response object, or error string
 */
function yourls_http_get( $url, $headers = array(), $data = array(), $options = array() ) {
	return yourls_http_request( 'GET', $url, $headers, $data, $options );
}

/**
 * Perform a GET request, return body or null if there was an error
 *
 * @since 1.7
 * @see yourls_http_request
 * @return mixed String (page body) or null if error
 */
function yourls_http_get_body( $url, $headers = array(), $data = array(), $options = array() ) {
	$return = yourls_http_get( $url, $headers, $data, $options );
	return isset( $return->body ) ? $return->body : null;
}

/**
 * Perform a POST request, return response object
 *
 * Notable object properties: body, headers, status_code
 *
 * @since 1.7
 * @see yourls_http_request
 * @return mixed Response object, or error string
 */
function yourls_http_post( $url, $headers = array(), $data = array(), $options = array() ) {
	return yourls_http_request( 'POST', $url, $headers, $data, $options );
}

/**
 * Perform a POST request, return body
 *
 * Wrapper for yourls_http_request()
 *
 * @since 1.7
 * @see yourls_http_request
 * @return mixed String (page body) or null if error
 */
function yourls_http_post_body( $url, $headers = array(), $data = array(), $options = array() ) {
	$return = yourls_http_post( $url, $headers, $data, $options );
	return isset( $return->body ) ? $return->body : null;
}

/**
 * Get proxy information
 *
 * @uses YOURLS_PROXY YOURLS_PROXY_USERNAME YOURLS_PROXY_PASSWORD
 * @since 1.7.1
 * @return mixed false if no proxy is defined, or string like '10.0.0.201:3128' or array like ('10.0.0.201:3128', 'username', 'password')
 */
function yourls_http_get_proxy() {
    $proxy = false;

    if( defined( 'YOURLS_PROXY' ) ) {
        $proxy = YOURLS_PROXY;

        if( defined( 'YOURLS_PROXY_USERNAME' ) && defined( 'YOURLS_PROXY_PASSWORD' ) ) {
            $proxy = array( YOURLS_PROXY, YOURLS_PROXY_USERNAME, YOURLS_PROXY_PASSWORD );

        }
    }

    return yourls_apply_filter( 'http_get_proxy', $proxy );
}

/**
 * Get list of hosts that should bypass the proxy
 *
 * @uses YOURLS_PROXY_BYPASS_HOSTS
 * @since 1.7.1
 * @return mixed false if no host defined, or string like "example.com, *.mycorp.com"
 */
function yourls_http_get_proxy_bypass_host() {
    $hosts = defined( 'YOURLS_PROXY_BYPASS_HOSTS' ) ? YOURLS_PROXY_BYPASS_HOSTS : false;


    return yourls_apply_filter( 'http_get_proxy_bypass_host', $hosts );
}

/**
 * Default HTTP requests options for YOURLS
 *
 * For a list of all available options, see function request() in /includes/Requests/Requests.php
 *
 * @since 1.7
 * @return array Options
 */
function yourls_http_default_options() {
	$options = array(
		'timeout'          => yourls_apply_filter( 'http_default_options_timeout', 3 ),
		'useragent'        => yourls_http_user_agent(),
		'follow_redirects' => true,
		'redirects'        => 3,
	);

	if( yourls_http_get_proxy() ) {
        $options['proxy'] = yourls_http_get_proxy();
	}

	return yourls_apply_filter( 'http_default_options', $options );
}

/**
 * Whether URL should be sent through the proxy server.
 *
 * Concept stolen from WordPress. The idea is to allow some URLs, including localhost and the YOURLS install itself,
 * to be requested directly and bypassing any defined proxy.
 *
 * @uses YOURLS_PROXY
 * @uses YOURLS_PROXY_BYPASS_HOSTS
 * @since 1.7
 * @param string $url URL to check
 * @return bool true to request through proxy, false to request directly
 */
function yourls_send_through_proxy( $url ) {

	// Allow plugins to short-circuit the whole function
	$pre = yourls_apply_filter( 'shunt_send_through_proxy', null, $url );
	if ( null !== $pre )
		return $pre;

	$check = @parse_url( $url );

    if( !isset( $check['host'] ) ) {
        return false;
    }

	// Malformed URL, can not process, but this could mean ssl, so let through anyway.
	if ( $check === false )
		return true;

	// Self and loopback URLs are considered local (':' is parse_url() host on '::1')
	$home = parse_url( yourls_get_yourls_site() );
	$local = array( 'localhost', '127.0.0.1', '127.1', '[::1]', ':', $home['host'] );

	if( in_array( $check['host'], $local ) )
		return false;

    $bypass = yourls_http_get_proxy_bypass_host();

    if( $bypass === false OR $bypass === '' ) {
        return true;
    }

	// Build array of hosts to bypass
	static $bypass_hosts;
	static $wildcard_regex = false;
	if ( null == $bypass_hosts ) {
        $bypass_hosts = preg_split( '|\s*,\s*|', $bypass );

        if ( false !== strpos( $bypass, '*' ) ) {
            $wildcard_regex = array();
            foreach ( $bypass_hosts as $host ) {
                $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) );
                if ( false !== strpos( $host, '*' ) ) {
                    $wildcard_regex[] = str_replace( '\*\.', '', preg_quote( $host, '/' ) );
                }
            }
            $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i';
        }
	}

	if ( !empty( $wildcard_regex ) )
		return !preg_match( $wildcard_regex, $check['host'] );
	else
		return !in_array( $check['host'], $bypass_hosts );
}

/**
 * Perform a HTTP request, return response object
 *
 * @since 1.7
 * @param string $type HTTP request type (GET, POST)
 * @param string $url URL to request
 * @param array $headers Extra headers to send with the request
 * @param array $data Data to send either as a query string for GET requests, or in the body for POST requests
 * @param array $options Options for the request (see /includes/Requests/Requests.php:request())
 * @return object Requests_Response object
 */
function yourls_http_request( $type, $url, $headers, $data, $options ) {

	// Allow plugins to short-circuit the whole function
	$pre = yourls_apply_filter( 'shunt_yourls_http_request', null, $type, $url, $headers, $data, $options );
	if ( null !== $pre )
		return $pre;

	yourls_http_load_library();

	$options = array_merge( yourls_http_default_options(), $options );

	if( yourls_http_get_proxy() && !yourls_send_through_proxy( $url ) ) {
		unset( $options['proxy'] );
	}

	try {
		$result = Requests::request( $url, $headers, $data, $type, $options );
	} catch( Requests_Exception $e ) {
		$result = yourls_debug_log( $e->getMessage() . ' (' . $type . ' on ' . $url . ')' );
	};

	return $result;

}

/**
 * Include Requests library if need be
 *
 * This is to avoid include()-ing all the Requests files on every YOURLS instance
 * disregarding whether needed or not.
 *
 * @since 1.7
 */
function yourls_http_load_library() {
    Requests::register_autoloader();
}

/**
 * Return funky user agent string
 *
 * @since 1.5
 * @return string UA string
 */
function yourls_http_user_agent() {
	return yourls_apply_filter( 'http_user_agent', 'YOURLS v'.YOURLS_VERSION.' +http://yourls.org/ (running on '.yourls_get_yourls_site().')' );
}

/**
 * Check api.yourls.org if there's a newer version of YOURLS
 *
 * This function collects various stats to help us improve YOURLS. See the blog post about it:
 * http://blog.yourls.org/2014/01/on-yourls-1-7-and-api-yourls-org/
 * Results of requests sent to api.yourls.org are stored in option 'core_version_checks' and is an object
 * with the following properties:
 *    - failed_attempts : number of consecutive failed attempts
 *    - last_attempt    : time() of last attempt
 *    - last_result     : content retrieved from api.yourls.org during previous check
 *    - version_checked : installed YOURLS version that was last checked
 *
 * @since 1.7
 * @return mixed JSON data if api.yourls.org successfully requested, false otherwise
 */
function yourls_check_core_version() {

	global $yourls_user_passwords;

	$checks = yourls_get_option( 'core_version_checks' );

	// Invalidate check data when YOURLS version changes
	if ( is_object( $checks ) && YOURLS_VERSION != $checks->version_checked ) {
		$checks = false;
	}

	if( !is_object( $checks ) ) {
		$checks = new stdClass;
		$checks->failed_attempts = 0;
		$checks->last_attempt    = 0;
		$checks->last_result     = '';
		$checks->version_checked = YOURLS_VERSION;
	}

	// Config file location ('u' for '/user' or 'i' for '/includes')
	$conf_loc = str_replace( YOURLS_ABSPATH, '', YOURLS_CONFIGFILE );
	$conf_loc = str_replace( '/config.php', '', $conf_loc );
	$conf_loc = ( $conf_loc == '/user' ? 'u' : 'i' );

	// The collection of stuff to report
	$stuff = array(
		// Globally uniquish site identifier
        // This uses const YOURLS_SITE and not yourls_get_yourls_site() to prevent creating another id for an already known install
		'md5'                => md5( YOURLS_SITE . YOURLS_ABSPATH ),

		// Install information
		'failed_attempts'    => $checks->failed_attempts,
		'yourls_site'        => defined( 'YOURLS_SITE' ) ? yourls_get_yourls_site() : 'unknown',
		'yourls_version'     => defined( 'YOURLS_VERSION' ) ? YOURLS_VERSION : 'unknown',
		'php_version'        => PHP_VERSION,
		'mysql_version'      => yourls_get_db()->mysql_version(),
		'locale'             => yourls_get_locale(),

		// custom DB driver if any, and useful common PHP extensions
		'db_driver'          => defined( 'YOURLS_DB_DRIVER' ) ? YOURLS_DB_DRIVER : 'unset',

		'db_ext_pdo'         => extension_loaded( 'PDO' )     ? 1 : 0,
		'db_ext_mysql'       => extension_loaded( 'mysql' )   ? 1 : 0,
		'db_ext_mysqli'      => extension_loaded( 'mysqli' )  ? 1 : 0,
		'ext_curl'           => extension_loaded( 'curl' )    ? 1 : 0,

		// Config information
		'num_users'          => count( $yourls_user_passwords ),
		'config_location'    => $conf_loc,
		'yourls_private'     => defined( 'YOURLS_PRIVATE' ) && YOURLS_PRIVATE ? 1 : 0,
		'yourls_unique'      => defined( 'YOURLS_UNIQUE_URLS' ) && YOURLS_UNIQUE_URLS ? 1 : 0,
		'yourls_url_convert' => defined( 'YOURLS_URL_CONVERT' ) ? YOURLS_URL_CONVERT : 'unknown',
		'num_active_plugins' => yourls_has_active_plugins(),
		'num_pages'          => defined( 'YOURLS_PAGEDIR' ) ? count( (array) glob( YOURLS_PAGEDIR .'/*.php') ) : 0,
	);

	$stuff = yourls_apply_filter( 'version_check_stuff', $stuff );

	// Send it in
	$url = 'http://api.yourls.org/core/version/1.0/';
    if( yourls_can_http_over_ssl() )
        $url = yourls_set_url_scheme( $url, 'https' );
	$req = yourls_http_post( $url, array(), $stuff );

	$checks->last_attempt = time();
	$checks->version_checked = YOURLS_VERSION;

	// Unexpected results ?
	if( is_string( $req ) or !$req->success ) {
		$checks->failed_attempts = $checks->failed_attempts + 1;
		yourls_update_option( 'core_version_checks', $checks );
		return false;
	}

	// Parse response
	$json = json_decode( trim( $req->body ) );

	if( yourls_validate_core_version_response($json) ) {
		// All went OK - mark this down
		$checks->failed_attempts = 0;
		$checks->last_result     = $json;
		yourls_update_option( 'core_version_checks', $checks );

		return $json;
	}

	// Request returned actual result, but not what we expected
	return false;
}

/**
 *  Make sure response from api.yourls.org is valid
 *
 *  we should get a json object with two following properties:
 *    'latest' => a string representing a YOURLS version number, eg '1.2.3'
 *    'zipurl' => a string for a zip package URL, from github, eg 'https://api.github.com/repos/YOURLS/YOURLS/zipball/1.2.3'
 *
 *  @since 1.7.7
 *  @param $json  JSON object to check
 *  @return bool  true if seems legit, false otherwise
 */
function yourls_validate_core_version_response($json) {
    return (
        isset($json->latest)
     && isset($json->zipurl)
     && $json->latest === yourls_sanitize_version($json->latest)
     && $json->zipurl === yourls_sanitize_url($json->zipurl)
     && join('.',array_slice(explode('.',parse_url($json->zipurl, PHP_URL_HOST)), -2, 2)) === 'github.com'
     // this last bit get the host ('api.github.com'), explodes on '.' (['api','github','com']) and keeps the last two elements
     // to make sure domain is either github.com or one of its subdomain (api.github.com for instance)
     // TODO: keep an eye on Github API to make sure it doesn't change some day to another domain (githubapi.com, ...)
    );
}

/**
 * Determine if we want to check for a newer YOURLS version (and check if applicable)
 *
 * Currently checks are performed every 24h and only when someone is visiting an admin page.
 * In the future (1.8?) maybe check with cronjob emulation instead.
 *
 * @since 1.7
 * @return bool true if a check was needed and successfully performed, false otherwise
 */
function yourls_maybe_check_core_version() {

	// Allow plugins to short-circuit the whole function
	$pre = yourls_apply_filter( 'shunt_maybe_check_core_version', null );
	if ( null !== $pre )
		return $pre;

	if( defined( 'YOURLS_NO_VERSION_CHECK' ) && YOURLS_NO_VERSION_CHECK )

		return false;

	if( !yourls_is_admin() )
		return false;

	$checks = yourls_get_option( 'core_version_checks' );

	/* We don't want to check if :
	 - last_result is set (a previous check was performed)
	 - and it was less than 24h ago (or less than 2h ago if it wasn't successful)
	 - and version checked matched version running
	 Otherwise, we want to check.
	*/
	if( !empty( $checks->last_result )
		AND
		(
			( $checks->failed_attempts == 0 && ( ( time() - $checks->last_attempt ) < 24 * 3600 ) )
			OR
			( $checks->failed_attempts > 0  && ( ( time() - $checks->last_attempt ) <  2 * 3600 ) )
		)
		AND ( $checks->version_checked == YOURLS_VERSION )
	)
		return false;

	// We want to check if there's a new version
	$new_check = yourls_check_core_version();

	// Could not check for a new version, and we don't have ancient data
	if( false == $new_check && !isset( $checks->last_result->latest ) )
		return false;

	return true;
}

/**
 * Check if server can perform HTTPS requests, return bool
 *
 * @since 1.7.1
 * @return bool whether the server can perform HTTP requests over SSL
 */
function yourls_can_http_over_ssl() {
    $ssl_curl = $ssl_socket = false;

    if( function_exists( 'curl_exec' ) ) {
        $curl_version  = curl_version();
        $ssl_curl = ( $curl_version['features'] & CURL_VERSION_SSL );
    }

    if( function_exists( 'stream_socket_client' ) ) {
        $ssl_socket = extension_loaded( 'openssl' ) && function_exists( 'openssl_x509_parse' );
    }

    return ( $ssl_curl OR $ssl_socket );
}



1		<?php
2		/**
3		* Functions that relate to HTTP requests
4		*
5		* On functions using the 3rd party library Requests:
6		* Their goal here is to provide convenient wrapper functions to the Requests library. There are
7		* 2 types of functions for each METHOD, where METHOD is 'get' or 'post' (implement more as needed)
8		* - yourls_http_METHOD() :
9		* Return a complete Response object (with ->body, ->headers, ->status_code, etc...) or
10		* a simple string (error message)
11		* - yourls_http_METHOD_body() :
12		* Return a string (response body) or null if there was an error
13		*
14		* @since 1.7
15		*/
16
17		/**
18		* Perform a GET request, return response object or error string message
19		*
20		* Notable object properties: body, headers, status_code
21		*
22		* @since 1.7
23		* @see yourls_http_request
24		* @return mixed Response object, or error string
25		*/
26		function yourls_http_get( $url, $headers = array(), $data = array(), $options = array() ) {
27	3	return yourls_http_request( 'GET', $url, $headers, $data, $options );
28		}
29
30		/**
31		* Perform a GET request, return body or null if there was an error
32		*
33		* @since 1.7
34		* @see yourls_http_request
35		* @return mixed String (page body) or null if error
36		*/
37		function yourls_http_get_body( $url, $headers = array(), $data = array(), $options = array() ) {
38	1	$return = yourls_http_get( $url, $headers, $data, $options );
39	1	return isset( $return->body ) ? $return->body : null;
40		}
41
42		/**
43		* Perform a POST request, return response object
44		*
45		* Notable object properties: body, headers, status_code
46		*
47		* @since 1.7
48		* @see yourls_http_request
49		* @return mixed Response object, or error string
50		*/
51		function yourls_http_post( $url, $headers = array(), $data = array(), $options = array() ) {
52	12	return yourls_http_request( 'POST', $url, $headers, $data, $options );
53		}
54
55		/**
56		* Perform a POST request, return body
57		*
58		* Wrapper for yourls_http_request()
59		*
60		* @since 1.7
61		* @see yourls_http_request
62		* @return mixed String (page body) or null if error
63		*/
64		function yourls_http_post_body( $url, $headers = array(), $data = array(), $options = array() ) {
65	1	$return = yourls_http_post( $url, $headers, $data, $options );
66	1	return isset( $return->body ) ? $return->body : null;
67		}
68
69		/**
70		* Get proxy information
71		*
72		* @uses YOURLS_PROXY YOURLS_PROXY_USERNAME YOURLS_PROXY_PASSWORD
73		* @since 1.7.1
74		* @return mixed false if no proxy is defined, or string like '10.0.0.201:3128' or array like ('10.0.0.201:3128', 'username', 'password')
75		*/
76		function yourls_http_get_proxy() {
77	8	$proxy = false;
78
79	8	if( defined( 'YOURLS_PROXY' ) ) {
80		$proxy = YOURLS_PROXY;
		0 ignored issues – show Bug introduced 2020-03-22 17:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `YOURLS_PROXY` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
81		if( defined( 'YOURLS_PROXY_USERNAME' ) && defined( 'YOURLS_PROXY_PASSWORD' ) ) {
82		$proxy = array( YOURLS_PROXY, YOURLS_PROXY_USERNAME, YOURLS_PROXY_PASSWORD );
		0 ignored issues – show Bug introduced 2020-03-22 17:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `YOURLS_PROXY_USERNAME` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history... Bug introduced 2020-03-22 17:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `YOURLS_PROXY_PASSWORD` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
83		}
84		}
85
86	8	return yourls_apply_filter( 'http_get_proxy', $proxy );
87		}
88
89		/**
90		* Get list of hosts that should bypass the proxy
91		*
92		* @uses YOURLS_PROXY_BYPASS_HOSTS
93		* @since 1.7.1
94		* @return mixed false if no host defined, or string like "example.com, *.mycorp.com"
95		*/
96		function yourls_http_get_proxy_bypass_host() {
97	15	$hosts = defined( 'YOURLS_PROXY_BYPASS_HOSTS' ) ? YOURLS_PROXY_BYPASS_HOSTS : false;
		0 ignored issues – show Bug introduced 2020-03-22 17:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `YOURLS_PROXY_BYPASS_HOSTS` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
98
99	15	return yourls_apply_filter( 'http_get_proxy_bypass_host', $hosts );
100		}
101
102		/**
103		* Default HTTP requests options for YOURLS
104		*
105		* For a list of all available options, see function request() in /includes/Requests/Requests.php
106		*
107		* @since 1.7
108		* @return array Options
109		*/
110		function yourls_http_default_options() {
111		$options = array(
112	7	'timeout' => yourls_apply_filter( 'http_default_options_timeout', 3 ),
113	7	'useragent' => yourls_http_user_agent(),
114		'follow_redirects' => true,
115	7	'redirects' => 3,
116		);
117
118	7	if( yourls_http_get_proxy() ) {
119	1	$options['proxy'] = yourls_http_get_proxy();
120		}
121
122	7	return yourls_apply_filter( 'http_default_options', $options );
123		}
124
125		/**
126		* Whether URL should be sent through the proxy server.
127		*
128		* Concept stolen from WordPress. The idea is to allow some URLs, including localhost and the YOURLS install itself,
129		* to be requested directly and bypassing any defined proxy.
130		*
131		* @uses YOURLS_PROXY
132		* @uses YOURLS_PROXY_BYPASS_HOSTS
133		* @since 1.7
134		* @param string $url URL to check
135		* @return bool true to request through proxy, false to request directly
136		*/
137		function yourls_send_through_proxy( $url ) {
138
139		// Allow plugins to short-circuit the whole function
140	26	$pre = yourls_apply_filter( 'shunt_send_through_proxy', null, $url );
141	26	if ( null !== $pre )
142		return $pre;
143
144	26	$check = @parse_url( $url );
145
146	26	if( !isset( $check['host'] ) ) {
147	2	return false;
148		}
149
150		// Malformed URL, can not process, but this could mean ssl, so let through anyway.
151	24	if ( $check === false )
152		return true;
153
154		// Self and loopback URLs are considered local (':' is parse_url() host on '::1')
155	24	$home = parse_url( yourls_get_yourls_site() );
156	24	$local = array( 'localhost', '127.0.0.1', '127.1', '[::1]', ':', $home['host'] );
157
158	24	if( in_array( $check['host'], $local ) )
159	10	return false;
160
161	14	$bypass = yourls_http_get_proxy_bypass_host();
162
163	14	if( $bypass === false OR $bypass === '' ) {
164	3	return true;
165		}
166
167		// Build array of hosts to bypass
168	11	static $bypass_hosts;
169	11	static $wildcard_regex = false;
170	11	if ( null == $bypass_hosts ) {
171	1	$bypass_hosts = preg_split( '\|\s,\s\|', $bypass );
172
173	1	if ( false !== strpos( $bypass, '*' ) ) {
174	1	$wildcard_regex = array();
175	1	foreach ( $bypass_hosts as $host ) {
176	1	$wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) );
177	1	if ( false !== strpos( $host, '*' ) ) {
178	1	$wildcard_regex[] = str_replace( '\*\.', '', preg_quote( $host, '/' ) );
179		}
180		}
181	1	$wildcard_regex = '/^(' . implode( '\|', $wildcard_regex ) . ')$/i';
182		}
183		}
184
185	11	if ( !empty( $wildcard_regex ) )
186	11	return !preg_match( $wildcard_regex, $check['host'] );
187		else
188		return !in_array( $check['host'], $bypass_hosts );
189		}
190
191		/**
192		* Perform a HTTP request, return response object
193		*
194		* @since 1.7
195		* @param string $type HTTP request type (GET, POST)
196		* @param string $url URL to request
197		* @param array $headers Extra headers to send with the request
198		* @param array $data Data to send either as a query string for GET requests, or in the body for POST requests
199		* @param array $options Options for the request (see /includes/Requests/Requests.php:request())
200		* @return object Requests_Response object
201		*/
202		function yourls_http_request( $type, $url, $headers, $data, $options ) {
203
204		// Allow plugins to short-circuit the whole function
205	15	$pre = yourls_apply_filter( 'shunt_yourls_http_request', null, $type, $url, $headers, $data, $options );
206	15	if ( null !== $pre )
207	10	return $pre;
208
209	5	yourls_http_load_library();
210
211	5	$options = array_merge( yourls_http_default_options(), $options );
212
213	5	if( yourls_http_get_proxy() && !yourls_send_through_proxy( $url ) ) {
214		unset( $options['proxy'] );
215		}
216
217		try {
218	5	$result = Requests::request( $url, $headers, $data, $type, $options );
219	1	} catch( Requests_Exception $e ) {
220	1	$result = yourls_debug_log( $e->getMessage() . ' (' . $type . ' on ' . $url . ')' );
221		};
222
223	5	return $result;
		0 ignored issues – show Bug Best Practice introduced 2020-03-22 17:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $result` also could return the type `string` which is incompatible with the documented return type `object`. Loading history...
224		}
225
226		/**
227		* Include Requests library if need be
228		*
229		* This is to avoid include()-ing all the Requests files on every YOURLS instance
230		* disregarding whether needed or not.
231		*
232		* @since 1.7
233		*/
234		function yourls_http_load_library() {
235	5	Requests::register_autoloader();
236	5	}
237
238		/**
239		* Return funky user agent string
240		*
241		* @since 1.5
242		* @return string UA string
243		*/
244		function yourls_http_user_agent() {
245	8	return yourls_apply_filter( 'http_user_agent', 'YOURLS v'.YOURLS_VERSION.' +http://yourls.org/ (running on '.yourls_get_yourls_site().')' );
246		}
247
248		/**
249		* Check api.yourls.org if there's a newer version of YOURLS
250		*
251		* This function collects various stats to help us improve YOURLS. See the blog post about it:
252		* http://blog.yourls.org/2014/01/on-yourls-1-7-and-api-yourls-org/
253		* Results of requests sent to api.yourls.org are stored in option 'core_version_checks' and is an object
254		* with the following properties:
255		* - failed_attempts : number of consecutive failed attempts
256		* - last_attempt : time() of last attempt
257		* - last_result : content retrieved from api.yourls.org during previous check
258		* - version_checked : installed YOURLS version that was last checked
259		*
260		* @since 1.7
261		* @return mixed JSON data if api.yourls.org successfully requested, false otherwise
262		*/
263		function yourls_check_core_version() {
264
265	10	global $yourls_user_passwords;
266
267	10	$checks = yourls_get_option( 'core_version_checks' );
268
269		// Invalidate check data when YOURLS version changes
270	10	if ( is_object( $checks ) && YOURLS_VERSION != $checks->version_checked ) {
271	4	$checks = false;
272		}
273
274	10	if( !is_object( $checks ) ) {
275	6	$checks = new stdClass;
276	6	$checks->failed_attempts = 0;
277	6	$checks->last_attempt = 0;
278	6	$checks->last_result = '';
279	6	$checks->version_checked = YOURLS_VERSION;
280		}
281
282		// Config file location ('u' for '/user' or 'i' for '/includes')
283	10	$conf_loc = str_replace( YOURLS_ABSPATH, '', YOURLS_CONFIGFILE );
284	10	$conf_loc = str_replace( '/config.php', '', $conf_loc );
285	10	$conf_loc = ( $conf_loc == '/user' ? 'u' : 'i' );
286
287		// The collection of stuff to report
288		$stuff = array(
289		// Globally uniquish site identifier
290		// This uses const YOURLS_SITE and not yourls_get_yourls_site() to prevent creating another id for an already known install
291	10	'md5' => md5( YOURLS_SITE . YOURLS_ABSPATH ),
292
293		// Install information
294	10	'failed_attempts' => $checks->failed_attempts,
295	10	'yourls_site' => defined( 'YOURLS_SITE' ) ? yourls_get_yourls_site() : 'unknown',
296	10	'yourls_version' => defined( 'YOURLS_VERSION' ) ? YOURLS_VERSION : 'unknown',
297		'php_version' => PHP_VERSION,
298	10	'mysql_version' => yourls_get_db()->mysql_version(),
299	10	'locale' => yourls_get_locale(),
300
301		// custom DB driver if any, and useful common PHP extensions
302	10	'db_driver' => defined( 'YOURLS_DB_DRIVER' ) ? YOURLS_DB_DRIVER : 'unset',
		0 ignored issues – show Bug introduced 2020-03-22 17:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `YOURLS_DB_DRIVER` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
303	10	'db_ext_pdo' => extension_loaded( 'PDO' ) ? 1 : 0,
304	10	'db_ext_mysql' => extension_loaded( 'mysql' ) ? 1 : 0,
305	10	'db_ext_mysqli' => extension_loaded( 'mysqli' ) ? 1 : 0,
306	10	'ext_curl' => extension_loaded( 'curl' ) ? 1 : 0,
307
308		// Config information
309	10	'num_users' => count( $yourls_user_passwords ),
310	10	'config_location' => $conf_loc,
311	10	'yourls_private' => defined( 'YOURLS_PRIVATE' ) && YOURLS_PRIVATE ? 1 : 0,
312	10	'yourls_unique' => defined( 'YOURLS_UNIQUE_URLS' ) && YOURLS_UNIQUE_URLS ? 1 : 0,
313	10	'yourls_url_convert' => defined( 'YOURLS_URL_CONVERT' ) ? YOURLS_URL_CONVERT : 'unknown',
314	10	'num_active_plugins' => yourls_has_active_plugins(),
315	10	'num_pages' => defined( 'YOURLS_PAGEDIR' ) ? count( (array) glob( YOURLS_PAGEDIR .'/*.php') ) : 0,
316		);
317
318	10	$stuff = yourls_apply_filter( 'version_check_stuff', $stuff );
319
320		// Send it in
321	10	$url = 'http://api.yourls.org/core/version/1.0/';
322	10	if( yourls_can_http_over_ssl() )
323	10	$url = yourls_set_url_scheme( $url, 'https' );
324	10	$req = yourls_http_post( $url, array(), $stuff );
325
326	10	$checks->last_attempt = time();
327	10	$checks->version_checked = YOURLS_VERSION;
328
329		// Unexpected results ?
330	10	if( is_string( $req ) or !$req->success ) {
331	2	$checks->failed_attempts = $checks->failed_attempts + 1;
332	2	yourls_update_option( 'core_version_checks', $checks );
333	2	return false;
334		}
335
336		// Parse response
337	8	$json = json_decode( trim( $req->body ) );
338
339	8	if( yourls_validate_core_version_response($json) ) {
340		// All went OK - mark this down
341	8	$checks->failed_attempts = 0;
342	8	$checks->last_result = $json;
343	8	yourls_update_option( 'core_version_checks', $checks );
344
345	8	return $json;
346		}
347
348		// Request returned actual result, but not what we expected
349		return false;
350		}
351
352		/**
353		* Make sure response from api.yourls.org is valid
354		*
355		* we should get a json object with two following properties:
356		* 'latest' => a string representing a YOURLS version number, eg '1.2.3'
357		* 'zipurl' => a string for a zip package URL, from github, eg 'https://api.github.com/repos/YOURLS/YOURLS/zipball/1.2.3'
358		*
359		* @since 1.7.7
360		* @param $json JSON object to check
361		* @return bool true if seems legit, false otherwise
362		*/
363		function yourls_validate_core_version_response($json) {
364		return (
365	13	isset($json->latest)
366	13	&& isset($json->zipurl)
367	13	&& $json->latest === yourls_sanitize_version($json->latest)
368	13	&& $json->zipurl === yourls_sanitize_url($json->zipurl)
369	13	&& join('.',array_slice(explode('.',parse_url($json->zipurl, PHP_URL_HOST)), -2, 2)) === 'github.com'
370		// this last bit get the host ('api.github.com'), explodes on '.' (['api','github','com']) and keeps the last two elements
371		// to make sure domain is either github.com or one of its subdomain (api.github.com for instance)
372		// TODO: keep an eye on Github API to make sure it doesn't change some day to another domain (githubapi.com, ...)
373		);
374		}
375
376		/**
377		* Determine if we want to check for a newer YOURLS version (and check if applicable)
378		*
379		* Currently checks are performed every 24h and only when someone is visiting an admin page.
380		* In the future (1.8?) maybe check with cronjob emulation instead.
381		*
382		* @since 1.7
383		* @return bool true if a check was needed and successfully performed, false otherwise
384		*/
385		function yourls_maybe_check_core_version() {
386
387		// Allow plugins to short-circuit the whole function
388	10	$pre = yourls_apply_filter( 'shunt_maybe_check_core_version', null );
389	10	if ( null !== $pre )
390		return $pre;
391
392	10	if( defined( 'YOURLS_NO_VERSION_CHECK' ) && YOURLS_NO_VERSION_CHECK )
		0 ignored issues – show Bug introduced 2020-03-22 17:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `YOURLS_NO_VERSION_CHECK` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
393		return false;
394
395	10	if( !yourls_is_admin() )
396	1	return false;
397
398	9	$checks = yourls_get_option( 'core_version_checks' );
399
400		/* We don't want to check if :
401		- last_result is set (a previous check was performed)
402		- and it was less than 24h ago (or less than 2h ago if it wasn't successful)
403		- and version checked matched version running
404		Otherwise, we want to check.
405		*/
406	9	if( !empty( $checks->last_result )
407		AND
408		(
409	8	( $checks->failed_attempts == 0 && ( ( time() - $checks->last_attempt ) < 24 * 3600 ) )
410		OR
411	9	( $checks->failed_attempts > 0 && ( ( time() - $checks->last_attempt ) < 2 * 3600 ) )
412		)
413	9	AND ( $checks->version_checked == YOURLS_VERSION )
414		)
415	2	return false;
416
417		// We want to check if there's a new version
418	7	$new_check = yourls_check_core_version();
419
420		// Could not check for a new version, and we don't have ancient data
421	7	if( false == $new_check && !isset( $checks->last_result->latest ) )
422		return false;
423
424	7	return true;
425		}
426
427		/**
428		* Check if server can perform HTTPS requests, return bool
429		*
430		* @since 1.7.1
431		* @return bool whether the server can perform HTTP requests over SSL
432		*/
433		function yourls_can_http_over_ssl() {
434	11	$ssl_curl = $ssl_socket = false;
435
436	11	if( function_exists( 'curl_exec' ) ) {
437	11	$curl_version = curl_version();
438	11	$ssl_curl = ( $curl_version['features'] & CURL_VERSION_SSL );
439		}
440
441	11	if( function_exists( 'stream_socket_client' ) ) {
442	11	$ssl_socket = extension_loaded( 'openssl' ) && function_exists( 'openssl_x509_parse' );
443		}
444
445	11	return ( $ssl_curl OR $ssl_socket );
446		}
447
448

YOURLS / YOURLS

Issues (2756)

includes/functions-http.php (7 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like