CurlHttpRequest: Follow redirects even under open_basedir

As of PHP 5.6.0, this is now allowed provided that libcurl is version
7.19.4 or newer (to not follow redirects to file:// URLs, which would
circumvent the open_basedir restriction).

https://bugs.php.net/bug.php?id=65646
https://github.com/php/php-src/commit/fba290c061027c24e4c8effdba37addd3430c3d4

Change-Id: I1233dca563a185d12923736d8d397a3acf87a71e

diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php
index d066df8..621692a 100644 (file)
--- a/includes/HttpFunctions.php
+++ b/includes/HttpFunctions.php
@@ -793,17 +793,19 @@ class CurlHttpRequest extends MWHttpRequest {
         * @return bool
         */
        public function canFollowRedirects() {
-               if ( strval( ini_get( 'open_basedir' ) ) !== '' || wfIniGetBool( 'safe_mode' ) ) {
-                       wfDebug( "Cannot follow redirects in safe mode\n" );
-                       return false;
-               }
-
                $curlVersionInfo = curl_version();
                if ( $curlVersionInfo['version_number'] < 0x071304 ) {
                        wfDebug( "Cannot follow redirects with libcurl < 7.19.4 due to CVE-2009-0037\n" );
                        return false;
                }
 
+               if ( version_compare( PHP_VERSION, '5.6.0', '<' ) ) {
+                       if ( strval( ini_get( 'open_basedir' ) ) !== '' || wfIniGetBool( 'safe_mode' ) ) {
+                               wfDebug( "Cannot follow redirects in safe mode\n" );
+                               return false;
+                       }
+               }
+
                return true;
        }
 }