1 | <?php |
||
2 | /** |
||
3 | * Functions that relate to HTTP requests |
||
4 | * |
||
5 | * On functions using the 3rd party library Requests: |
||
6 | * Their goal here is to provide convenient wrapper functions to the Requests library. There are |
||
7 | * 2 types of functions for each METHOD, where METHOD is 'get' or 'post' (implement more as needed) |
||
8 | * - yourls_http_METHOD() : |
||
9 | * Return a complete Response object (with ->body, ->headers, ->status_code, etc...) or |
||
10 | * a simple string (error message) |
||
11 | * - yourls_http_METHOD_body() : |
||
12 | * Return a string (response body) or null if there was an error |
||
13 | * |
||
14 | * @since 1.7 |
||
15 | */ |
||
16 | |||
17 | /** |
||
18 | * Perform a GET request, return response object or error string message |
||
19 | * |
||
20 | * Notable object properties: body, headers, status_code |
||
21 | * |
||
22 | * @since 1.7 |
||
23 | * @see yourls_http_request |
||
24 | * @return mixed Response object, or error string |
||
25 | */ |
||
26 | function yourls_http_get( $url, $headers = array(), $data = array(), $options = array() ) { |
||
27 | 3 | return yourls_http_request( 'GET', $url, $headers, $data, $options ); |
|
28 | } |
||
29 | |||
30 | /** |
||
31 | * Perform a GET request, return body or null if there was an error |
||
32 | * |
||
33 | * @since 1.7 |
||
34 | * @see yourls_http_request |
||
35 | * @return mixed String (page body) or null if error |
||
36 | */ |
||
37 | function yourls_http_get_body( $url, $headers = array(), $data = array(), $options = array() ) { |
||
38 | 1 | $return = yourls_http_get( $url, $headers, $data, $options ); |
|
39 | 1 | return isset( $return->body ) ? $return->body : null; |
|
40 | } |
||
41 | |||
42 | /** |
||
43 | * Perform a POST request, return response object |
||
44 | * |
||
45 | * Notable object properties: body, headers, status_code |
||
46 | * |
||
47 | * @since 1.7 |
||
48 | * @see yourls_http_request |
||
49 | * @return mixed Response object, or error string |
||
50 | */ |
||
51 | function yourls_http_post( $url, $headers = array(), $data = array(), $options = array() ) { |
||
52 | 12 | return yourls_http_request( 'POST', $url, $headers, $data, $options ); |
|
53 | } |
||
54 | |||
55 | /** |
||
56 | * Perform a POST request, return body |
||
57 | * |
||
58 | * Wrapper for yourls_http_request() |
||
59 | * |
||
60 | * @since 1.7 |
||
61 | * @see yourls_http_request |
||
62 | * @return mixed String (page body) or null if error |
||
63 | */ |
||
64 | function yourls_http_post_body( $url, $headers = array(), $data = array(), $options = array() ) { |
||
65 | 1 | $return = yourls_http_post( $url, $headers, $data, $options ); |
|
66 | 1 | return isset( $return->body ) ? $return->body : null; |
|
67 | } |
||
68 | |||
69 | /** |
||
70 | * Get proxy information |
||
71 | * |
||
72 | * @uses YOURLS_PROXY YOURLS_PROXY_USERNAME YOURLS_PROXY_PASSWORD |
||
73 | * @since 1.7.1 |
||
74 | * @return mixed false if no proxy is defined, or string like '10.0.0.201:3128' or array like ('10.0.0.201:3128', 'username', 'password') |
||
75 | */ |
||
76 | function yourls_http_get_proxy() { |
||
77 | 8 | $proxy = false; |
|
78 | |||
79 | 8 | if( defined( 'YOURLS_PROXY' ) ) { |
|
80 | $proxy = YOURLS_PROXY; |
||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
81 | if( defined( 'YOURLS_PROXY_USERNAME' ) && defined( 'YOURLS_PROXY_PASSWORD' ) ) { |
||
82 | $proxy = array( YOURLS_PROXY, YOURLS_PROXY_USERNAME, YOURLS_PROXY_PASSWORD ); |
||
0 ignored issues
–
show
|
|||
83 | } |
||
84 | } |
||
85 | |||
86 | 8 | return yourls_apply_filter( 'http_get_proxy', $proxy ); |
|
87 | } |
||
88 | |||
89 | /** |
||
90 | * Get list of hosts that should bypass the proxy |
||
91 | * |
||
92 | * @uses YOURLS_PROXY_BYPASS_HOSTS |
||
93 | * @since 1.7.1 |
||
94 | * @return mixed false if no host defined, or string like "example.com, *.mycorp.com" |
||
95 | */ |
||
96 | function yourls_http_get_proxy_bypass_host() { |
||
97 | 15 | $hosts = defined( 'YOURLS_PROXY_BYPASS_HOSTS' ) ? YOURLS_PROXY_BYPASS_HOSTS : false; |
|
0 ignored issues
–
show
|
|||
98 | |||
99 | 15 | return yourls_apply_filter( 'http_get_proxy_bypass_host', $hosts ); |
|
100 | } |
||
101 | |||
102 | /** |
||
103 | * Default HTTP requests options for YOURLS |
||
104 | * |
||
105 | * For a list of all available options, see function request() in /includes/Requests/Requests.php |
||
106 | * |
||
107 | * @since 1.7 |
||
108 | * @return array Options |
||
109 | */ |
||
110 | function yourls_http_default_options() { |
||
111 | $options = array( |
||
112 | 7 | 'timeout' => yourls_apply_filter( 'http_default_options_timeout', 3 ), |
|
113 | 7 | 'useragent' => yourls_http_user_agent(), |
|
114 | 'follow_redirects' => true, |
||
115 | 7 | 'redirects' => 3, |
|
116 | ); |
||
117 | |||
118 | 7 | if( yourls_http_get_proxy() ) { |
|
119 | 1 | $options['proxy'] = yourls_http_get_proxy(); |
|
120 | } |
||
121 | |||
122 | 7 | return yourls_apply_filter( 'http_default_options', $options ); |
|
123 | } |
||
124 | |||
125 | /** |
||
126 | * Whether URL should be sent through the proxy server. |
||
127 | * |
||
128 | * Concept stolen from WordPress. The idea is to allow some URLs, including localhost and the YOURLS install itself, |
||
129 | * to be requested directly and bypassing any defined proxy. |
||
130 | * |
||
131 | * @uses YOURLS_PROXY |
||
132 | * @uses YOURLS_PROXY_BYPASS_HOSTS |
||
133 | * @since 1.7 |
||
134 | * @param string $url URL to check |
||
135 | * @return bool true to request through proxy, false to request directly |
||
136 | */ |
||
137 | function yourls_send_through_proxy( $url ) { |
||
138 | |||
139 | // Allow plugins to short-circuit the whole function |
||
140 | 26 | $pre = yourls_apply_filter( 'shunt_send_through_proxy', null, $url ); |
|
141 | 26 | if ( null !== $pre ) |
|
142 | return $pre; |
||
143 | |||
144 | 26 | $check = @parse_url( $url ); |
|
145 | |||
146 | 26 | if( !isset( $check['host'] ) ) { |
|
147 | 2 | return false; |
|
148 | } |
||
149 | |||
150 | // Malformed URL, can not process, but this could mean ssl, so let through anyway. |
||
151 | 24 | if ( $check === false ) |
|
152 | return true; |
||
153 | |||
154 | // Self and loopback URLs are considered local (':' is parse_url() host on '::1') |
||
155 | 24 | $home = parse_url( yourls_get_yourls_site() ); |
|
156 | 24 | $local = array( 'localhost', '127.0.0.1', '127.1', '[::1]', ':', $home['host'] ); |
|
157 | |||
158 | 24 | if( in_array( $check['host'], $local ) ) |
|
159 | 10 | return false; |
|
160 | |||
161 | 14 | $bypass = yourls_http_get_proxy_bypass_host(); |
|
162 | |||
163 | 14 | if( $bypass === false OR $bypass === '' ) { |
|
164 | 3 | return true; |
|
165 | } |
||
166 | |||
167 | // Build array of hosts to bypass |
||
168 | 11 | static $bypass_hosts; |
|
169 | 11 | static $wildcard_regex = false; |
|
170 | 11 | if ( null == $bypass_hosts ) { |
|
171 | 1 | $bypass_hosts = preg_split( '|\s*,\s*|', $bypass ); |
|
172 | |||
173 | 1 | if ( false !== strpos( $bypass, '*' ) ) { |
|
174 | 1 | $wildcard_regex = array(); |
|
175 | 1 | foreach ( $bypass_hosts as $host ) { |
|
176 | 1 | $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) ); |
|
177 | 1 | if ( false !== strpos( $host, '*' ) ) { |
|
178 | 1 | $wildcard_regex[] = str_replace( '\*\.', '', preg_quote( $host, '/' ) ); |
|
179 | } |
||
180 | } |
||
181 | 1 | $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i'; |
|
182 | } |
||
183 | } |
||
184 | |||
185 | 11 | if ( !empty( $wildcard_regex ) ) |
|
186 | 11 | return !preg_match( $wildcard_regex, $check['host'] ); |
|
187 | else |
||
188 | return !in_array( $check['host'], $bypass_hosts ); |
||
189 | } |
||
190 | |||
191 | /** |
||
192 | * Perform a HTTP request, return response object |
||
193 | * |
||
194 | * @since 1.7 |
||
195 | * @param string $type HTTP request type (GET, POST) |
||
196 | * @param string $url URL to request |
||
197 | * @param array $headers Extra headers to send with the request |
||
198 | * @param array $data Data to send either as a query string for GET requests, or in the body for POST requests |
||
199 | * @param array $options Options for the request (see /includes/Requests/Requests.php:request()) |
||
200 | * @return object Requests_Response object |
||
201 | */ |
||
202 | function yourls_http_request( $type, $url, $headers, $data, $options ) { |
||
203 | |||
204 | // Allow plugins to short-circuit the whole function |
||
205 | 15 | $pre = yourls_apply_filter( 'shunt_yourls_http_request', null, $type, $url, $headers, $data, $options ); |
|
206 | 15 | if ( null !== $pre ) |
|
207 | 10 | return $pre; |
|
208 | |||
209 | 5 | yourls_http_load_library(); |
|
210 | |||
211 | 5 | $options = array_merge( yourls_http_default_options(), $options ); |
|
212 | |||
213 | 5 | if( yourls_http_get_proxy() && !yourls_send_through_proxy( $url ) ) { |
|
214 | unset( $options['proxy'] ); |
||
215 | } |
||
216 | |||
217 | try { |
||
218 | 5 | $result = Requests::request( $url, $headers, $data, $type, $options ); |
|
219 | 1 | } catch( Requests_Exception $e ) { |
|
220 | 1 | $result = yourls_debug_log( $e->getMessage() . ' (' . $type . ' on ' . $url . ')' ); |
|
221 | }; |
||
222 | |||
223 | 5 | return $result; |
|
0 ignored issues
–
show
|
|||
224 | } |
||
225 | |||
226 | /** |
||
227 | * Include Requests library if need be |
||
228 | * |
||
229 | * This is to avoid include()-ing all the Requests files on every YOURLS instance |
||
230 | * disregarding whether needed or not. |
||
231 | * |
||
232 | * @since 1.7 |
||
233 | */ |
||
234 | function yourls_http_load_library() { |
||
235 | 5 | Requests::register_autoloader(); |
|
236 | 5 | } |
|
237 | |||
238 | /** |
||
239 | * Return funky user agent string |
||
240 | * |
||
241 | * @since 1.5 |
||
242 | * @return string UA string |
||
243 | */ |
||
244 | function yourls_http_user_agent() { |
||
245 | 8 | return yourls_apply_filter( 'http_user_agent', 'YOURLS v'.YOURLS_VERSION.' +http://yourls.org/ (running on '.yourls_get_yourls_site().')' ); |
|
246 | } |
||
247 | |||
248 | /** |
||
249 | * Check api.yourls.org if there's a newer version of YOURLS |
||
250 | * |
||
251 | * This function collects various stats to help us improve YOURLS. See the blog post about it: |
||
252 | * http://blog.yourls.org/2014/01/on-yourls-1-7-and-api-yourls-org/ |
||
253 | * Results of requests sent to api.yourls.org are stored in option 'core_version_checks' and is an object |
||
254 | * with the following properties: |
||
255 | * - failed_attempts : number of consecutive failed attempts |
||
256 | * - last_attempt : time() of last attempt |
||
257 | * - last_result : content retrieved from api.yourls.org during previous check |
||
258 | * - version_checked : installed YOURLS version that was last checked |
||
259 | * |
||
260 | * @since 1.7 |
||
261 | * @return mixed JSON data if api.yourls.org successfully requested, false otherwise |
||
262 | */ |
||
263 | function yourls_check_core_version() { |
||
264 | |||
265 | 10 | global $yourls_user_passwords; |
|
266 | |||
267 | 10 | $checks = yourls_get_option( 'core_version_checks' ); |
|
268 | |||
269 | // Invalidate check data when YOURLS version changes |
||
270 | 10 | if ( is_object( $checks ) && YOURLS_VERSION != $checks->version_checked ) { |
|
271 | 4 | $checks = false; |
|
272 | } |
||
273 | |||
274 | 10 | if( !is_object( $checks ) ) { |
|
275 | 6 | $checks = new stdClass; |
|
276 | 6 | $checks->failed_attempts = 0; |
|
277 | 6 | $checks->last_attempt = 0; |
|
278 | 6 | $checks->last_result = ''; |
|
279 | 6 | $checks->version_checked = YOURLS_VERSION; |
|
280 | } |
||
281 | |||
282 | // Config file location ('u' for '/user' or 'i' for '/includes') |
||
283 | 10 | $conf_loc = str_replace( YOURLS_ABSPATH, '', YOURLS_CONFIGFILE ); |
|
284 | 10 | $conf_loc = str_replace( '/config.php', '', $conf_loc ); |
|
285 | 10 | $conf_loc = ( $conf_loc == '/user' ? 'u' : 'i' ); |
|
286 | |||
287 | // The collection of stuff to report |
||
288 | $stuff = array( |
||
289 | // Globally uniquish site identifier |
||
290 | // This uses const YOURLS_SITE and not yourls_get_yourls_site() to prevent creating another id for an already known install |
||
291 | 10 | 'md5' => md5( YOURLS_SITE . YOURLS_ABSPATH ), |
|
292 | |||
293 | // Install information |
||
294 | 10 | 'failed_attempts' => $checks->failed_attempts, |
|
295 | 10 | 'yourls_site' => defined( 'YOURLS_SITE' ) ? yourls_get_yourls_site() : 'unknown', |
|
296 | 10 | 'yourls_version' => defined( 'YOURLS_VERSION' ) ? YOURLS_VERSION : 'unknown', |
|
297 | 'php_version' => PHP_VERSION, |
||
298 | 10 | 'mysql_version' => yourls_get_db()->mysql_version(), |
|
299 | 10 | 'locale' => yourls_get_locale(), |
|
300 | |||
301 | // custom DB driver if any, and useful common PHP extensions |
||
302 | 10 | 'db_driver' => defined( 'YOURLS_DB_DRIVER' ) ? YOURLS_DB_DRIVER : 'unset', |
|
0 ignored issues
–
show
|
|||
303 | 10 | 'db_ext_pdo' => extension_loaded( 'PDO' ) ? 1 : 0, |
|
304 | 10 | 'db_ext_mysql' => extension_loaded( 'mysql' ) ? 1 : 0, |
|
305 | 10 | 'db_ext_mysqli' => extension_loaded( 'mysqli' ) ? 1 : 0, |
|
306 | 10 | 'ext_curl' => extension_loaded( 'curl' ) ? 1 : 0, |
|
307 | |||
308 | // Config information |
||
309 | 10 | 'num_users' => count( $yourls_user_passwords ), |
|
310 | 10 | 'config_location' => $conf_loc, |
|
311 | 10 | 'yourls_private' => defined( 'YOURLS_PRIVATE' ) && YOURLS_PRIVATE ? 1 : 0, |
|
312 | 10 | 'yourls_unique' => defined( 'YOURLS_UNIQUE_URLS' ) && YOURLS_UNIQUE_URLS ? 1 : 0, |
|
313 | 10 | 'yourls_url_convert' => defined( 'YOURLS_URL_CONVERT' ) ? YOURLS_URL_CONVERT : 'unknown', |
|
314 | 10 | 'num_active_plugins' => yourls_has_active_plugins(), |
|
315 | 10 | 'num_pages' => defined( 'YOURLS_PAGEDIR' ) ? count( (array) glob( YOURLS_PAGEDIR .'/*.php') ) : 0, |
|
316 | ); |
||
317 | |||
318 | 10 | $stuff = yourls_apply_filter( 'version_check_stuff', $stuff ); |
|
319 | |||
320 | // Send it in |
||
321 | 10 | $url = 'http://api.yourls.org/core/version/1.0/'; |
|
322 | 10 | if( yourls_can_http_over_ssl() ) |
|
323 | 10 | $url = yourls_set_url_scheme( $url, 'https' ); |
|
324 | 10 | $req = yourls_http_post( $url, array(), $stuff ); |
|
325 | |||
326 | 10 | $checks->last_attempt = time(); |
|
327 | 10 | $checks->version_checked = YOURLS_VERSION; |
|
328 | |||
329 | // Unexpected results ? |
||
330 | 10 | if( is_string( $req ) or !$req->success ) { |
|
331 | 2 | $checks->failed_attempts = $checks->failed_attempts + 1; |
|
332 | 2 | yourls_update_option( 'core_version_checks', $checks ); |
|
333 | 2 | return false; |
|
334 | } |
||
335 | |||
336 | // Parse response |
||
337 | 8 | $json = json_decode( trim( $req->body ) ); |
|
338 | |||
339 | 8 | if( yourls_validate_core_version_response($json) ) { |
|
340 | // All went OK - mark this down |
||
341 | 8 | $checks->failed_attempts = 0; |
|
342 | 8 | $checks->last_result = $json; |
|
343 | 8 | yourls_update_option( 'core_version_checks', $checks ); |
|
344 | |||
345 | 8 | return $json; |
|
346 | } |
||
347 | |||
348 | // Request returned actual result, but not what we expected |
||
349 | return false; |
||
350 | } |
||
351 | |||
352 | /** |
||
353 | * Make sure response from api.yourls.org is valid |
||
354 | * |
||
355 | * we should get a json object with two following properties: |
||
356 | * 'latest' => a string representing a YOURLS version number, eg '1.2.3' |
||
357 | * 'zipurl' => a string for a zip package URL, from github, eg 'https://api.github.com/repos/YOURLS/YOURLS/zipball/1.2.3' |
||
358 | * |
||
359 | * @since 1.7.7 |
||
360 | * @param $json JSON object to check |
||
361 | * @return bool true if seems legit, false otherwise |
||
362 | */ |
||
363 | function yourls_validate_core_version_response($json) { |
||
364 | return ( |
||
365 | 13 | isset($json->latest) |
|
366 | 13 | && isset($json->zipurl) |
|
367 | 13 | && $json->latest === yourls_sanitize_version($json->latest) |
|
368 | 13 | && $json->zipurl === yourls_sanitize_url($json->zipurl) |
|
369 | 13 | && join('.',array_slice(explode('.',parse_url($json->zipurl, PHP_URL_HOST)), -2, 2)) === 'github.com' |
|
370 | // this last bit get the host ('api.github.com'), explodes on '.' (['api','github','com']) and keeps the last two elements |
||
371 | // to make sure domain is either github.com or one of its subdomain (api.github.com for instance) |
||
372 | // TODO: keep an eye on Github API to make sure it doesn't change some day to another domain (githubapi.com, ...) |
||
373 | ); |
||
374 | } |
||
375 | |||
376 | /** |
||
377 | * Determine if we want to check for a newer YOURLS version (and check if applicable) |
||
378 | * |
||
379 | * Currently checks are performed every 24h and only when someone is visiting an admin page. |
||
380 | * In the future (1.8?) maybe check with cronjob emulation instead. |
||
381 | * |
||
382 | * @since 1.7 |
||
383 | * @return bool true if a check was needed and successfully performed, false otherwise |
||
384 | */ |
||
385 | function yourls_maybe_check_core_version() { |
||
386 | |||
387 | // Allow plugins to short-circuit the whole function |
||
388 | 10 | $pre = yourls_apply_filter( 'shunt_maybe_check_core_version', null ); |
|
389 | 10 | if ( null !== $pre ) |
|
390 | return $pre; |
||
391 | |||
392 | 10 | if( defined( 'YOURLS_NO_VERSION_CHECK' ) && YOURLS_NO_VERSION_CHECK ) |
|
0 ignored issues
–
show
|
|||
393 | return false; |
||
394 | |||
395 | 10 | if( !yourls_is_admin() ) |
|
396 | 1 | return false; |
|
397 | |||
398 | 9 | $checks = yourls_get_option( 'core_version_checks' ); |
|
399 | |||
400 | /* We don't want to check if : |
||
401 | - last_result is set (a previous check was performed) |
||
402 | - and it was less than 24h ago (or less than 2h ago if it wasn't successful) |
||
403 | - and version checked matched version running |
||
404 | Otherwise, we want to check. |
||
405 | */ |
||
406 | 9 | if( !empty( $checks->last_result ) |
|
407 | AND |
||
408 | ( |
||
409 | 8 | ( $checks->failed_attempts == 0 && ( ( time() - $checks->last_attempt ) < 24 * 3600 ) ) |
|
410 | OR |
||
411 | 9 | ( $checks->failed_attempts > 0 && ( ( time() - $checks->last_attempt ) < 2 * 3600 ) ) |
|
412 | ) |
||
413 | 9 | AND ( $checks->version_checked == YOURLS_VERSION ) |
|
414 | ) |
||
415 | 2 | return false; |
|
416 | |||
417 | // We want to check if there's a new version |
||
418 | 7 | $new_check = yourls_check_core_version(); |
|
419 | |||
420 | // Could not check for a new version, and we don't have ancient data |
||
421 | 7 | if( false == $new_check && !isset( $checks->last_result->latest ) ) |
|
422 | return false; |
||
423 | |||
424 | 7 | return true; |
|
425 | } |
||
426 | |||
427 | /** |
||
428 | * Check if server can perform HTTPS requests, return bool |
||
429 | * |
||
430 | * @since 1.7.1 |
||
431 | * @return bool whether the server can perform HTTP requests over SSL |
||
432 | */ |
||
433 | function yourls_can_http_over_ssl() { |
||
434 | 11 | $ssl_curl = $ssl_socket = false; |
|
435 | |||
436 | 11 | if( function_exists( 'curl_exec' ) ) { |
|
437 | 11 | $curl_version = curl_version(); |
|
438 | 11 | $ssl_curl = ( $curl_version['features'] & CURL_VERSION_SSL ); |
|
439 | } |
||
440 | |||
441 | 11 | if( function_exists( 'stream_socket_client' ) ) { |
|
442 | 11 | $ssl_socket = extension_loaded( 'openssl' ) && function_exists( 'openssl_x509_parse' ); |
|
443 | } |
||
444 | |||
445 | 11 | return ( $ssl_curl OR $ssl_socket ); |
|
446 | } |
||
447 | |||
448 |