search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Make LBFactorySingle external LB methods throw exceptions
[mediawiki.git] / includes / http / CurlHttpRequest.php
blobf58c3a9a5b7783008f655d6309893d96fbcbeda9
1 <?php
2 /**
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License along
14 * with this program; if not, write to the Free Software Foundation, Inc.,
15 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 * http://www.gnu.org/copyleft/gpl.html
17 *
18 * @file
19 */
20
21 /**
22 * MWHttpRequest implemented using internal curl compiled into PHP
23 */
24 class CurlHttpRequest extends MWHttpRequest {
25 const SUPPORTS_FILE_POSTS = true;
26
27 protected $curlOptions = [];
28 protected $headerText = "";
29
30 /**
31 * @param resource $fh
32 * @param string $content
33 * @return int
34 */
35 protected function readHeader( $fh, $content ) {
36 $this->headerText .= $content;
37 return strlen( $content );
38 }
39
40 public function execute() {
41
42 parent::execute();
43
44 if ( !$this->status->isOK() ) {
45 return $this->status;
46 }
47
48 $this->curlOptions[CURLOPT_PROXY] = $this->proxy;
49 $this->curlOptions[CURLOPT_TIMEOUT] = $this->timeout;
50
51 // Only supported in curl >= 7.16.2
52 if ( defined( 'CURLOPT_CONNECTTIMEOUT_MS' ) ) {
53 $this->curlOptions[CURLOPT_CONNECTTIMEOUT_MS] = $this->connectTimeout * 1000;
54 }
55
56 $this->curlOptions[CURLOPT_HTTP_VERSION] = CURL_HTTP_VERSION_1_0;
57 $this->curlOptions[CURLOPT_WRITEFUNCTION] = $this->callback;
58 $this->curlOptions[CURLOPT_HEADERFUNCTION] = [ $this, "readHeader" ];
59 $this->curlOptions[CURLOPT_MAXREDIRS] = $this->maxRedirects;
60 $this->curlOptions[CURLOPT_ENCODING] = ""; # Enable compression
61
62 $this->curlOptions[CURLOPT_USERAGENT] = $this->reqHeaders['User-Agent'];
63
64 $this->curlOptions[CURLOPT_SSL_VERIFYHOST] = $this->sslVerifyHost ? 2 : 0;
65 $this->curlOptions[CURLOPT_SSL_VERIFYPEER] = $this->sslVerifyCert;
66
67 if ( $this->caInfo ) {
68 $this->curlOptions[CURLOPT_CAINFO] = $this->caInfo;
69 }
70
71 if ( $this->headersOnly ) {
72 $this->curlOptions[CURLOPT_NOBODY] = true;
73 $this->curlOptions[CURLOPT_HEADER] = true;
74 } elseif ( $this->method == 'POST' ) {
75 $this->curlOptions[CURLOPT_POST] = true;
76 $postData = $this->postData;
77 // Don't interpret POST parameters starting with '@' as file uploads, because this
78 // makes it impossible to POST plain values starting with '@' (and causes security
79 // issues potentially exposing the contents of local files).
80 // The PHP manual says this option was introduced in PHP 5.5 defaults to true in PHP 5.6,
81 // but we support lower versions, and the option doesn't exist in HHVM 5.6.99.
82 if ( defined( 'CURLOPT_SAFE_UPLOAD' ) ) {
83 $this->curlOptions[CURLOPT_SAFE_UPLOAD] = true;
84 } elseif ( is_array( $postData ) ) {
85 // In PHP 5.2 and later, '@' is interpreted as a file upload if POSTFIELDS
86 // is an array, but not if it's a string. So convert $req['body'] to a string
87 // for safety.
88 $postData = wfArrayToCgi( $postData );
89 }
90 $this->curlOptions[CURLOPT_POSTFIELDS] = $postData;
91
92 // Suppress 'Expect: 100-continue' header, as some servers
93 // will reject it with a 417 and Curl won't auto retry
94 // with HTTP 1.0 fallback
95 $this->reqHeaders['Expect'] = '';
96 } else {
97 $this->curlOptions[CURLOPT_CUSTOMREQUEST] = $this->method;
98 }
99
100 $this->curlOptions[CURLOPT_HTTPHEADER] = $this->getHeaderList();
101
102 $curlHandle = curl_init( $this->url );
103
104 if ( !curl_setopt_array( $curlHandle, $this->curlOptions ) ) {
105 throw new MWException( "Error setting curl options." );
106 }
107
108 if ( $this->followRedirects && $this->canFollowRedirects() ) {
109 MediaWiki\suppressWarnings();
110 if ( !curl_setopt( $curlHandle, CURLOPT_FOLLOWLOCATION, true ) ) {
111 $this->logger->debug( __METHOD__ . ": Couldn't set CURLOPT_FOLLOWLOCATION. " .
112 "Probably open_basedir is set.\n" );
113 // Continue the processing. If it were in curl_setopt_array,
114 // processing would have halted on its entry
115 }
116 MediaWiki\restoreWarnings();
117 }
118
119 if ( $this->profiler ) {
120 $profileSection = $this->profiler->scopedProfileIn(
121 __METHOD__ . '-' . $this->profileName
122 );
123 }
124
125 $curlRes = curl_exec( $curlHandle );
126 if ( curl_errno( $curlHandle ) == CURLE_OPERATION_TIMEOUTED ) {
127 $this->status->fatal( 'http-timed-out', $this->url );
128 } elseif ( $curlRes === false ) {
129 $this->status->fatal( 'http-curl-error', curl_error( $curlHandle ) );
130 } else {
131 $this->headerList = explode( "\r\n", $this->headerText );
132 }
133
134 curl_close( $curlHandle );
135
136 if ( $this->profiler ) {
137 $this->profiler->scopedProfileOut( $profileSection );
138 }
139
140 $this->parseHeader();
141 $this->setStatus();
142
143 return $this->status;
144 }
145
146 /**
147 * @return bool
148 */
149 public function canFollowRedirects() {
150 $curlVersionInfo = curl_version();
151 if ( $curlVersionInfo['version_number'] < 0x071304 ) {
152 $this->logger->debug( "Cannot follow redirects with libcurl < 7.19.4 due to CVE-2009-0037\n" );
153 return false;
154 }
155
156 if ( version_compare( PHP_VERSION, '5.6.0', '<' ) ) {
157 if ( strval( ini_get( 'open_basedir' ) ) !== '' ) {
158 $this->logger->debug( "Cannot follow redirects when open_basedir is set\n" );
159 return false;
160 }
161 }
162
163 return true;
164 }
165 }
MediaWiki Core