|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* This program is free software; you can redistribute it and/or modify |
|
4
|
|
|
* it under the terms of the GNU General Public License as published by |
|
5
|
|
|
* the Free Software Foundation; either version 2 of the License, or |
|
6
|
|
|
* (at your option) any later version. |
|
7
|
|
|
* |
|
8
|
|
|
* This program is distributed in the hope that it will be useful, |
|
9
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11
|
|
|
* GNU General Public License for more details. |
|
12
|
|
|
* |
|
13
|
|
|
* You should have received a copy of the GNU General Public License along |
|
14
|
|
|
* with this program; if not, write to the Free Software Foundation, Inc., |
|
15
|
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
16
|
|
|
* http://www.gnu.org/copyleft/gpl.html |
|
17
|
|
|
* |
|
18
|
|
|
* @file |
|
19
|
|
|
*/ |
|
20
|
|
|
|
|
21
|
|
|
/** |
|
22
|
|
|
* MWHttpRequest implemented using internal curl compiled into PHP |
|
23
|
|
|
*/ |
|
24
|
|
|
class CurlHttpRequest extends MWHttpRequest { |
|
25
|
|
|
const SUPPORTS_FILE_POSTS = true; |
|
26
|
|
|
|
|
27
|
|
|
protected $curlOptions = []; |
|
28
|
|
|
protected $headerText = ""; |
|
29
|
|
|
|
|
30
|
|
|
/** |
|
31
|
|
|
* @param resource $fh |
|
32
|
|
|
* @param string $content |
|
33
|
|
|
* @return int |
|
34
|
|
|
*/ |
|
35
|
|
|
protected function readHeader( $fh, $content ) { |
|
36
|
|
|
$this->headerText .= $content; |
|
37
|
|
|
return strlen( $content ); |
|
38
|
|
|
} |
|
39
|
|
|
|
|
40
|
|
|
public function execute() { |
|
41
|
|
|
|
|
42
|
|
|
parent::execute(); |
|
43
|
|
|
|
|
44
|
|
|
if ( !$this->status->isOK() ) { |
|
45
|
|
|
return $this->status; |
|
46
|
|
|
} |
|
47
|
|
|
|
|
48
|
|
|
$this->curlOptions[CURLOPT_PROXY] = $this->proxy; |
|
49
|
|
|
$this->curlOptions[CURLOPT_TIMEOUT] = $this->timeout; |
|
50
|
|
|
|
|
51
|
|
|
// Only supported in curl >= 7.16.2 |
|
52
|
|
|
if ( defined( 'CURLOPT_CONNECTTIMEOUT_MS' ) ) { |
|
53
|
|
|
$this->curlOptions[CURLOPT_CONNECTTIMEOUT_MS] = $this->connectTimeout * 1000; |
|
|
|
|
|
|
54
|
|
|
} |
|
55
|
|
|
|
|
56
|
|
|
$this->curlOptions[CURLOPT_HTTP_VERSION] = CURL_HTTP_VERSION_1_0; |
|
57
|
|
|
$this->curlOptions[CURLOPT_WRITEFUNCTION] = $this->callback; |
|
58
|
|
|
$this->curlOptions[CURLOPT_HEADERFUNCTION] = [ $this, "readHeader" ]; |
|
59
|
|
|
$this->curlOptions[CURLOPT_MAXREDIRS] = $this->maxRedirects; |
|
60
|
|
|
$this->curlOptions[CURLOPT_ENCODING] = ""; # Enable compression |
|
61
|
|
|
|
|
62
|
|
|
$this->curlOptions[CURLOPT_USERAGENT] = $this->reqHeaders['User-Agent']; |
|
63
|
|
|
|
|
64
|
|
|
$this->curlOptions[CURLOPT_SSL_VERIFYHOST] = $this->sslVerifyHost ? 2 : 0; |
|
65
|
|
|
$this->curlOptions[CURLOPT_SSL_VERIFYPEER] = $this->sslVerifyCert; |
|
66
|
|
|
|
|
67
|
|
|
if ( $this->caInfo ) { |
|
68
|
|
|
$this->curlOptions[CURLOPT_CAINFO] = $this->caInfo; |
|
69
|
|
|
} |
|
70
|
|
|
|
|
71
|
|
|
if ( $this->headersOnly ) { |
|
72
|
|
|
$this->curlOptions[CURLOPT_NOBODY] = true; |
|
73
|
|
|
$this->curlOptions[CURLOPT_HEADER] = true; |
|
74
|
|
|
} elseif ( $this->method == 'POST' ) { |
|
75
|
|
|
$this->curlOptions[CURLOPT_POST] = true; |
|
76
|
|
|
$postData = $this->postData; |
|
77
|
|
|
// Don't interpret POST parameters starting with '@' as file uploads, because this |
|
78
|
|
|
// makes it impossible to POST plain values starting with '@' (and causes security |
|
79
|
|
|
// issues potentially exposing the contents of local files). |
|
80
|
|
|
// The PHP manual says this option was introduced in PHP 5.5 defaults to true in PHP 5.6, |
|
81
|
|
|
// but we support lower versions, and the option doesn't exist in HHVM 5.6.99. |
|
82
|
|
|
if ( defined( 'CURLOPT_SAFE_UPLOAD' ) ) { |
|
83
|
|
|
$this->curlOptions[CURLOPT_SAFE_UPLOAD] = true; |
|
84
|
|
|
} elseif ( is_array( $postData ) ) { |
|
85
|
|
|
// In PHP 5.2 and later, '@' is interpreted as a file upload if POSTFIELDS |
|
86
|
|
|
// is an array, but not if it's a string. So convert $req['body'] to a string |
|
87
|
|
|
// for safety. |
|
88
|
|
|
$postData = wfArrayToCgi( $postData ); |
|
89
|
|
|
} |
|
90
|
|
|
$this->curlOptions[CURLOPT_POSTFIELDS] = $postData; |
|
91
|
|
|
|
|
92
|
|
|
// Suppress 'Expect: 100-continue' header, as some servers |
|
93
|
|
|
// will reject it with a 417 and Curl won't auto retry |
|
94
|
|
|
// with HTTP 1.0 fallback |
|
95
|
|
|
$this->reqHeaders['Expect'] = ''; |
|
96
|
|
|
} else { |
|
97
|
|
|
$this->curlOptions[CURLOPT_CUSTOMREQUEST] = $this->method; |
|
98
|
|
|
} |
|
99
|
|
|
|
|
100
|
|
|
$this->curlOptions[CURLOPT_HTTPHEADER] = $this->getHeaderList(); |
|
101
|
|
|
|
|
102
|
|
|
$curlHandle = curl_init( $this->url ); |
|
103
|
|
|
|
|
104
|
|
|
if ( !curl_setopt_array( $curlHandle, $this->curlOptions ) ) { |
|
105
|
|
|
throw new MWException( "Error setting curl options." ); |
|
106
|
|
|
} |
|
107
|
|
|
|
|
108
|
|
|
if ( $this->followRedirects && $this->canFollowRedirects() ) { |
|
109
|
|
|
MediaWiki\suppressWarnings(); |
|
110
|
|
|
if ( !curl_setopt( $curlHandle, CURLOPT_FOLLOWLOCATION, true ) ) { |
|
111
|
|
|
$this->logger->debug( __METHOD__ . ": Couldn't set CURLOPT_FOLLOWLOCATION. " . |
|
112
|
|
|
"Probably open_basedir is set.\n" ); |
|
113
|
|
|
// Continue the processing. If it were in curl_setopt_array, |
|
114
|
|
|
// processing would have halted on its entry |
|
115
|
|
|
} |
|
116
|
|
|
MediaWiki\restoreWarnings(); |
|
117
|
|
|
} |
|
118
|
|
|
|
|
119
|
|
|
if ( $this->profiler ) { |
|
120
|
|
|
$profileSection = $this->profiler->scopedProfileIn( |
|
121
|
|
|
__METHOD__ . '-' . $this->profileName |
|
122
|
|
|
); |
|
123
|
|
|
} |
|
124
|
|
|
|
|
125
|
|
|
$curlRes = curl_exec( $curlHandle ); |
|
126
|
|
|
if ( curl_errno( $curlHandle ) == CURLE_OPERATION_TIMEOUTED ) { |
|
127
|
|
|
$this->status->fatal( 'http-timed-out', $this->url ); |
|
128
|
|
|
} elseif ( $curlRes === false ) { |
|
129
|
|
|
$this->status->fatal( 'http-curl-error', curl_error( $curlHandle ) ); |
|
130
|
|
|
} else { |
|
131
|
|
|
$this->headerList = explode( "\r\n", $this->headerText ); |
|
132
|
|
|
} |
|
133
|
|
|
|
|
134
|
|
|
curl_close( $curlHandle ); |
|
135
|
|
|
|
|
136
|
|
|
if ( $this->profiler ) { |
|
137
|
|
|
$this->profiler->scopedProfileOut( $profileSection ); |
|
|
|
|
|
|
138
|
|
|
} |
|
139
|
|
|
|
|
140
|
|
|
$this->parseHeader(); |
|
141
|
|
|
$this->setStatus(); |
|
142
|
|
|
|
|
143
|
|
|
return $this->status; |
|
144
|
|
|
} |
|
145
|
|
|
|
|
146
|
|
|
/** |
|
147
|
|
|
* @return bool |
|
148
|
|
|
*/ |
|
149
|
|
|
public function canFollowRedirects() { |
|
150
|
|
|
$curlVersionInfo = curl_version(); |
|
151
|
|
|
if ( $curlVersionInfo['version_number'] < 0x071304 ) { |
|
152
|
|
|
$this->logger->debug( "Cannot follow redirects with libcurl < 7.19.4 due to CVE-2009-0037\n" ); |
|
153
|
|
|
return false; |
|
154
|
|
|
} |
|
155
|
|
|
|
|
156
|
|
|
if ( version_compare( PHP_VERSION, '5.6.0', '<' ) ) { |
|
157
|
|
|
if ( strval( ini_get( 'open_basedir' ) ) !== '' ) { |
|
158
|
|
|
$this->logger->debug( "Cannot follow redirects when open_basedir is set\n" ); |
|
159
|
|
|
return false; |
|
160
|
|
|
} |
|
161
|
|
|
} |
|
162
|
|
|
|
|
163
|
|
|
return true; |
|
164
|
|
|
} |
|
165
|
|
|
} |
|
166
|
|
|
|
wikimedia /
mediawiki
Loading history...
An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name.
If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading.