dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Braces and spaces
[lhc/web/wiklou.git] / includes / HttpFunctions.php
1 <?php
2 /**
3 * @defgroup HTTP HTTP
4 */
5
6 /**
7 * Various HTTP related functions
8 * @ingroup HTTP
9 */
10 class Http {
11 static $httpEngine = false;
12
13 /**
14 * Perform an HTTP request
15 *
16 * @param $method String: HTTP method. Usually GET/POST
17 * @param $url String: full URL to act on
18 * @param $options Array: options to pass to HttpRequest object.
19 * Possible keys for the array:
20 * - timeout Timeout length in seconds
21 * - postData An array of key-value pairs or a url-encoded form data
22 * - proxy The proxy to use.
23 * Will use $wgHTTPProxy (if set) otherwise.
24 * - noProxy Override $wgHTTPProxy (if set) and don't use any proxy at all.
25 * - sslVerifyHost (curl only) Verify hostname against certificate
26 * - sslVerifyCert (curl only) Verify SSL certificate
27 * - caInfo (curl only) Provide CA information
28 * - maxRedirects Maximum number of redirects to follow (defaults to 5)
29 * - followRedirects Whether to follow redirects (defaults to false).
30 * Note: this should only be used when the target URL is trusted,
31 * to avoid attacks on intranet services accessible by HTTP.
32 * @return Mixed: (bool)false on failure or a string on success
33 */
34 public static function request( $method, $url, $options = array() ) {
35 $url = wfExpandUrl( $url );
36 wfDebug( "HTTP: $method: $url\n" );
37 $options['method'] = strtoupper( $method );
38 if ( !isset( $options['timeout'] ) ) {
39 $options['timeout'] = 'default';
40 }
41 $req = HttpRequest::factory( $url, $options );
42 $status = $req->execute();
43 if ( $status->isOK() ) {
44 return $req->getContent();
45 } else {
46 return false;
47 }
48 }
49
50 /**
51 * Simple wrapper for Http::request( 'GET' )
52 * @see Http::request()
53 */
54 public static function get( $url, $timeout = 'default', $options = array() ) {
55 $options['timeout'] = $timeout;
56 return Http::request( 'GET', $url, $options );
57 }
58
59 /**
60 * Simple wrapper for Http::request( 'POST' )
61 * @see Http::request()
62 */
63 public static function post( $url, $options = array() ) {
64 return Http::request( 'POST', $url, $options );
65 }
66
67 /**
68 * Check if the URL can be served by localhost
69 *
70 * @param $url String: full url to check
71 * @return Boolean
72 */
73 public static function isLocalURL( $url ) {
74 global $wgCommandLineMode, $wgConf;
75 if ( $wgCommandLineMode ) {
76 return false;
77 }
78
79 // Extract host part
80 $matches = array();
81 if ( preg_match( '!^http://([\w.-]+)[/:].*$!', $url, $matches ) ) {
82 $host = $matches[1];
83 // Split up dotwise
84 $domainParts = explode( '.', $host );
85 // Check if this domain or any superdomain is listed in $wgConf as a local virtual host
86 $domainParts = array_reverse( $domainParts );
87 for ( $i = 0; $i < count( $domainParts ); $i++ ) {
88 $domainPart = $domainParts[$i];
89 if ( $i == 0 ) {
90 $domain = $domainPart;
91 } else {
92 $domain = $domainPart . '.' . $domain;
93 }
94 if ( $wgConf->isLocalVHost( $domain ) ) {
95 return true;
96 }
97 }
98 }
99 return false;
100 }
101
102 /**
103 * A standard user-agent we can use for external requests.
104 * @return String
105 */
106 public static function userAgent() {
107 global $wgVersion;
108 return "MediaWiki/$wgVersion";
109 }
110
111 /**
112 * Checks that the given URI is a valid one
113 *
114 * @param $uri Mixed: URI to check for validity
115 * @returns Boolean
116 */
117 public static function isValidURI( $uri ) {
118 return preg_match(
119 '/(ftp|http|https):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/',
120 $uri,
121 $matches
122 );
123 }
124 }
125
126 /**
127 * This wrapper class will call out to curl (if available) or fallback
128 * to regular PHP if necessary for handling internal HTTP requests.
129 */
130 class HttpRequest {
131 protected $content;
132 protected $timeout = 'default';
133 protected $headersOnly = null;
134 protected $postData = null;
135 protected $proxy = null;
136 protected $noProxy = false;
137 protected $sslVerifyHost = true;
138 protected $sslVerifyCert = true;
139 protected $caInfo = null;
140 protected $method = "GET";
141 protected $reqHeaders = array();
142 protected $url;
143 protected $parsedUrl;
144 protected $callback;
145 protected $maxRedirects = 5;
146 protected $followRedirects = false;
147
148 protected $cookieJar;
149
150 protected $headerList = array();
151 protected $respVersion = "0.9";
152 protected $respStatus = "200 Ok";
153 protected $respHeaders = array();
154
155 public $status;
156
157 /**
158 * @param $url String: url to use
159 * @param $options Array: (optional) extra params to pass (see Http::request())
160 */
161 function __construct( $url, $options = array() ) {
162 global $wgHTTPTimeout;
163
164 $this->url = $url;
165 $this->parsedUrl = parse_url( $url );
166
167 if ( !Http::isValidURI( $this->url ) ) {
168 $this->status = Status::newFatal('http-invalid-url');
169 } else {
170 $this->status = Status::newGood( 100 ); // continue
171 }
172
173 if ( isset($options['timeout']) && $options['timeout'] != 'default' ) {
174 $this->timeout = $options['timeout'];
175 } else {
176 $this->timeout = $wgHTTPTimeout;
177 }
178
179 $members = array( "postData", "proxy", "noProxy", "sslVerifyHost", "caInfo",
180 "method", "followRedirects", "maxRedirects", "sslVerifyCert" );
181 foreach ( $members as $o ) {
182 if ( isset($options[$o]) ) {
183 $this->$o = $options[$o];
184 }
185 }
186 }
187
188 /**
189 * Generate a new request object
190 * @see HttpRequest::__construct
191 */
192 public static function factory( $url, $options = null ) {
193 if ( !Http::$httpEngine ) {
194 Http::$httpEngine = function_exists( 'curl_init' ) ? 'curl' : 'php';
195 } elseif ( Http::$httpEngine == 'curl' && !function_exists( 'curl_init' ) ) {
196 throw new MWException( __METHOD__.': curl (http://php.net/curl) is not installed, but'.
197 ' Http::$httpEngine is set to "curl"' );
198 }
199
200 switch( Http::$httpEngine ) {
201 case 'curl':
202 return new CurlHttpRequest( $url, $options );
203 case 'php':
204 if ( !wfIniGetBool( 'allow_url_fopen' ) ) {
205 throw new MWException( __METHOD__.': allow_url_fopen needs to be enabled for pure PHP'.
206 ' http requests to work. If possible, curl should be used instead. See http://php.net/curl.' );
207 }
208 return new PhpHttpRequest( $url, $options );
209 default:
210 throw new MWException( __METHOD__.': The setting of Http::$httpEngine is not valid.' );
211 }
212 }
213
214 /**
215 * Get the body, or content, of the response to the request
216 *
217 * @return String
218 */
219 public function getContent() {
220 return $this->content;
221 }
222
223 /**
224 * Set the parameters of the request
225
226 * @param $args Array
227 * @todo overload the args param
228 */
229 public function setData($args) {
230 $this->postData = $args;
231 }
232
233 /**
234 * Take care of setting up the proxy
235 * (override in subclass)
236 *
237 * @return String
238 */
239 public function proxySetup() {
240 global $wgHTTPProxy;
241
242 if ( $this->proxy ) {
243 return;
244 }
245 if ( Http::isLocalURL( $this->url ) ) {
246 $this->proxy = 'http://localhost:80/';
247 } elseif ( $wgHTTPProxy ) {
248 $this->proxy = $wgHTTPProxy ;
249 } elseif ( getenv( "http_proxy" ) ) {
250 $this->proxy = getenv( "http_proxy" );
251 }
252 }
253
254 /**
255 * Set the refererer header
256 */
257 public function setReferer( $url ) {
258 $this->setHeader('Referer', $url);
259 }
260
261 /**
262 * Set the user agent
263 */
264 public function setUserAgent( $UA ) {
265 $this->setHeader('User-Agent', $UA);
266 }
267
268 /**
269 * Set an arbitrary header
270 */
271 public function setHeader($name, $value) {
272 // I feel like I should normalize the case here...
273 $this->reqHeaders[$name] = $value;
274 }
275
276 /**
277 * Get an array of the headers
278 */
279 public function getHeaderList() {
280 $list = array();
281
282 if( $this->cookieJar ) {
283 $this->reqHeaders['Cookie'] =
284 $this->cookieJar->serializeToHttpRequest($this->parsedUrl['path'],
285 $this->parsedUrl['host']);
286 }
287 foreach($this->reqHeaders as $name => $value) {
288 $list[] = "$name: $value";
289 }
290 return $list;
291 }
292
293 /**
294 * Set the callback
295 *
296 * @param $callback Callback
297 */
298 public function setCallback( $callback ) {
299 $this->callback = $callback;
300 }
301
302 /**
303 * A generic callback to read the body of the response from a remote
304 * server.
305 *
306 * @param $fh handle
307 * @param $content String
308 */
309 public function read( $fh, $content ) {
310 $this->content .= $content;
311 return strlen( $content );
312 }
313
314 /**
315 * Take care of whatever is necessary to perform the URI request.
316 *
317 * @return Status
318 */
319 public function execute() {
320 global $wgTitle;
321
322 $this->content = "";
323
324 if( strtoupper($this->method) == "HEAD" ) {
325 $this->headersOnly = true;
326 }
327
328 if ( is_array( $this->postData ) ) {
329 $this->postData = wfArrayToCGI( $this->postData );
330 }
331
332 if ( is_object( $wgTitle ) && !isset($this->reqHeaders['Referer']) ) {
333 $this->setReferer( $wgTitle->getFullURL() );
334 }
335
336 if ( !$this->noProxy ) {
337 $this->proxySetup();
338 }
339
340 if ( !$this->callback ) {
341 $this->setCallback( array( $this, 'read' ) );
342 }
343
344 if ( !isset($this->reqHeaders['User-Agent']) ) {
345 $this->setUserAgent(Http::userAgent());
346 }
347 }
348
349 /**
350 * Parses the headers, including the HTTP status code and any
351 * Set-Cookie headers. This function expectes the headers to be
352 * found in an array in the member variable headerList.
353 *
354 * @return nothing
355 */
356 protected function parseHeader() {
357 $lastname = "";
358 foreach( $this->headerList as $header ) {
359 if( preg_match( "#^HTTP/([0-9.]+) (.*)#", $header, $match ) ) {
360 $this->respVersion = $match[1];
361 $this->respStatus = $match[2];
362 } elseif( preg_match( "#^[ \t]#", $header ) ) {
363 $last = count($this->respHeaders[$lastname]) - 1;
364 $this->respHeaders[$lastname][$last] .= "\r\n$header";
365 } elseif( preg_match( "#^([^:]*):[\t ]*(.*)#", $header, $match ) ) {
366 $this->respHeaders[strtolower( $match[1] )][] = $match[2];
367 $lastname = strtolower( $match[1] );
368 }
369 }
370
371 $this->parseCookies();
372 }
373
374 /**
375 * Sets the member variable status to a fatal status if the HTTP
376 * status code was not 200.
377 *
378 * @return nothing
379 */
380 protected function setStatus() {
381 if( !$this->respHeaders ) {
382 $this->parseHeader();
383 }
384
385 if((int)$this->respStatus !== 200) {
386 list( $code, $message ) = explode(" ", $this->respStatus, 2);
387 $this->status->fatal("http-bad-status", $code, $message );
388 }
389 }
390
391
392 /**
393 * Returns true if the last status code was a redirect.
394 *
395 * @return Boolean
396 */
397 public function isRedirect() {
398 if( !$this->respHeaders ) {
399 $this->parseHeader();
400 }
401
402 $status = (int)$this->respStatus;
403 if ( $status >= 300 && $status <= 303 ) {
404 return true;
405 }
406 return false;
407 }
408
409 /**
410 * Returns an associative array of response headers after the
411 * request has been executed. Because some headers
412 * (e.g. Set-Cookie) can appear more than once the, each value of
413 * the associative array is an array of the values given.
414 *
415 * @return Array
416 */
417 public function getResponseHeaders() {
418 if( !$this->respHeaders ) {
419 $this->parseHeader();
420 }
421 return $this->respHeaders;
422 }
423
424 /**
425 * Returns the value of the given response header.
426 *
427 * @param $header String
428 * @return String
429 */
430 public function getResponseHeader($header) {
431 if( !$this->respHeaders ) {
432 $this->parseHeader();
433 }
434 if ( isset( $this->respHeaders[strtolower ( $header ) ] ) ) {
435 $v = $this->respHeaders[strtolower ( $header ) ];
436 return $v[count( $v ) - 1];
437 }
438 return null;
439 }
440
441 /**
442 * Tells the HttpRequest object to use this pre-loaded CookieJar.
443 *
444 * @param $jar CookieJar
445 */
446 public function setCookieJar( $jar ) {
447 $this->cookieJar = $jar;
448 }
449
450 /**
451 * Returns the cookie jar in use.
452 *
453 * @returns CookieJar
454 */
455 public function getCookieJar() {
456 if( !$this->respHeaders ) {
457 $this->parseHeader();
458 }
459 return $this->cookieJar;
460 }
461
462 /**
463 * Sets a cookie. Used before a request to set up any individual
464 * cookies. Used internally after a request to parse the
465 * Set-Cookie headers.
466 * @see Cookie::set
467 */
468 public function setCookie( $name, $value = null, $attr = null) {
469 if( !$this->cookieJar ) {
470 $this->cookieJar = new CookieJar;
471 }
472 $this->cookieJar->setCookie($name, $value, $attr);
473 }
474
475 /**
476 * Parse the cookies in the response headers and store them in the cookie jar.
477 */
478 protected function parseCookies() {
479 if( !$this->cookieJar ) {
480 $this->cookieJar = new CookieJar;
481 }
482 if( isset( $this->respHeaders['set-cookie'] ) ) {
483 $url = parse_url( $this->getFinalUrl() );
484 foreach( $this->respHeaders['set-cookie'] as $cookie ) {
485 $this->cookieJar->parseCookieResponseHeader( $cookie, $url['host'] );
486 }
487 }
488 }
489
490 /**
491 * Returns the final URL after all redirections.
492 *
493 * @return String
494 */
495 public function getFinalUrl() {
496 $location = $this->getResponseHeader("Location");
497 if ( $location ) {
498 return $location;
499 }
500
501 return $this->url;
502 }
503
504 /**
505 * Returns true if the backend can follow redirects. Overridden by the
506 * child classes.
507 */
508 public function canFollowRedirects() {
509 return true;
510 }
511 }
512
513
514 class Cookie {
515 protected $name;
516 protected $value;
517 protected $expires;
518 protected $path;
519 protected $domain;
520 protected $isSessionKey = true;
521 // TO IMPLEMENT protected $secure
522 // TO IMPLEMENT? protected $maxAge (add onto expires)
523 // TO IMPLEMENT? protected $version
524 // TO IMPLEMENT? protected $comment
525
526 function __construct( $name, $value, $attr ) {
527 $this->name = $name;
528 $this->set( $value, $attr );
529 }
530
531 /**
532 * Sets a cookie. Used before a request to set up any individual
533 * cookies. Used internally after a request to parse the
534 * Set-Cookie headers.
535 *
536 * @param $value String: the value of the cookie
537 * @param $attr Array: possible key/values:
538 * expires A date string
539 * path The path this cookie is used on
540 * domain Domain this cookie is used on
541 */
542 public function set( $value, $attr ) {
543 $this->value = $value;
544 if( isset( $attr['expires'] ) ) {
545 $this->isSessionKey = false;
546 $this->expires = strtotime( $attr['expires'] );
547 }
548 if( isset( $attr['path'] ) ) {
549 $this->path = $attr['path'];
550 } else {
551 $this->path = "/";
552 }
553 if( isset( $attr['domain'] ) ) {
554 if( self::validateCookieDomain( $attr['domain'] ) ) {
555 $this->domain = $attr['domain'];
556 }
557 } else {
558 throw new MWException("You must specify a domain.");
559 }
560 }
561
562 /**
563 * Return the true if the cookie is valid is valid. Otherwise,
564 * false. The uses a method similar to IE cookie security
565 * described here:
566 * http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html
567 * A better method might be to use a blacklist like
568 * http://publicsuffix.org/
569 *
570 * @param $domain String: the domain to validate
571 * @param $originDomain String: (optional) the domain the cookie originates from
572 * @return Boolean
573 */
574 public static function validateCookieDomain( $domain, $originDomain = null) {
575 // Don't allow a trailing dot
576 if( substr( $domain, -1 ) == "." ) return false;
577
578 $dc = explode(".", $domain);
579
580 // Only allow full, valid IP addresses
581 if( preg_match( '/^[0-9.]+$/', $domain ) ) {
582 if( count( $dc ) != 4 ) return false;
583
584 if( ip2long( $domain ) === false ) return false;
585
586 if( $originDomain == null || $originDomain == $domain ) return true;
587
588 }
589
590 // Don't allow cookies for "co.uk" or "gov.uk", etc, but allow "supermarket.uk"
591 if( strrpos( $domain, "." ) - strlen( $domain ) == -3 ) {
592 if( (count($dc) == 2 && strlen( $dc[0] ) <= 2 )
593 || (count($dc) == 3 && strlen( $dc[0] ) == "" && strlen( $dc[1] ) <= 2 ) ) {
594 return false;
595 }
596 if( (count($dc) == 2 || (count($dc) == 3 && $dc[0] == "") )
597 && preg_match( '/(com|net|org|gov|edu)\...$/', $domain) ) {
598 return false;
599 }
600 }
601
602 if( $originDomain != null ) {
603 if( substr( $domain, 0, 1 ) != "." && $domain != $originDomain ) {
604 return false;
605 }
606 if( substr( $domain, 0, 1 ) == "."
607 && substr_compare( $originDomain, $domain, -strlen( $domain ),
608 strlen( $domain ), TRUE ) != 0 ) {
609 return false;
610 }
611 }
612
613 return true;
614 }
615
616 /**
617 * Serialize the cookie jar into a format useful for HTTP Request headers.
618 *
619 * @param $path String: the path that will be used. Required.
620 * @param $domain String: the domain that will be used. Required.
621 * @return String
622 */
623 public function serializeToHttpRequest( $path, $domain ) {
624 $ret = "";
625
626 if( $this->canServeDomain( $domain )
627 && $this->canServePath( $path )
628 && $this->isUnExpired() ) {
629 $ret = $this->name ."=". $this->value;
630 }
631
632 return $ret;
633 }
634
635 protected function canServeDomain( $domain ) {
636 if( $domain == $this->domain
637 || ( strlen( $domain) > strlen( $this->domain )
638 && substr( $this->domain, 0, 1) == "."
639 && substr_compare( $domain, $this->domain, -strlen( $this->domain ),
640 strlen( $this->domain ), TRUE ) == 0 ) ) {
641 return true;
642 }
643 return false;
644 }
645
646 protected function canServePath( $path ) {
647 if( $this->path && substr_compare( $this->path, $path, 0, strlen( $this->path ) ) == 0 ) {
648 return true;
649 }
650 return false;
651 }
652
653 protected function isUnExpired() {
654 if( $this->isSessionKey || $this->expires > time() ) {
655 return true;
656 }
657 return false;
658 }
659
660 }
661
662 class CookieJar {
663 private $cookie = array();
664
665 /**
666 * Set a cookie in the cookie jar. Make sure only one cookie per-name exists.
667 * @see Cookie::set()
668 */
669 public function setCookie ($name, $value, $attr) {
670 /* cookies: case insensitive, so this should work.
671 * We'll still send the cookies back in the same case we got them, though.
672 */
673 $index = strtoupper($name);
674 if( isset( $this->cookie[$index] ) ) {
675 $this->cookie[$index]->set( $value, $attr );
676 } else {
677 $this->cookie[$index] = new Cookie( $name, $value, $attr );
678 }
679 }
680
681 /**
682 * @see Cookie::serializeToHttpRequest
683 */
684 public function serializeToHttpRequest( $path, $domain ) {
685 $cookies = array();
686
687 foreach( $this->cookie as $c ) {
688 $serialized = $c->serializeToHttpRequest( $path, $domain );
689 if ( $serialized ) $cookies[] = $serialized;
690 }
691
692 return implode("; ", $cookies);
693 }
694
695 /**
696 * Parse the content of an Set-Cookie HTTP Response header.
697 *
698 * @param $cookie String
699 * @param $domain String: cookie's domain
700 */
701 public function parseCookieResponseHeader ( $cookie, $domain ) {
702 $len = strlen( "Set-Cookie:" );
703 if ( substr_compare( "Set-Cookie:", $cookie, 0, $len, TRUE ) === 0 ) {
704 $cookie = substr( $cookie, $len );
705 }
706
707 $bit = array_map( 'trim', explode( ";", $cookie ) );
708 if ( count($bit) >= 1 ) {
709 list($name, $value) = explode( "=", array_shift( $bit ), 2 );
710 $attr = array();
711 foreach( $bit as $piece ) {
712 $parts = explode( "=", $piece );
713 if( count( $parts ) > 1 ) {
714 $attr[strtolower( $parts[0] )] = $parts[1];
715 } else {
716 $attr[strtolower( $parts[0] )] = true;
717 }
718 }
719
720 if( !isset( $attr['domain'] ) ) {
721 $attr['domain'] = $domain;
722 } elseif ( !Cookie::validateCookieDomain( $attr['domain'], $domain ) ) {
723 return null;
724 }
725 $this->setCookie( $name, $value, $attr );
726 }
727 }
728 }
729
730
731 /**
732 * HttpRequest implemented using internal curl compiled into PHP
733 */
734 class CurlHttpRequest extends HttpRequest {
735 static $curlMessageMap = array(
736 6 => 'http-host-unreachable',
737 28 => 'http-timed-out'
738 );
739
740 protected $curlOptions = array();
741 protected $headerText = "";
742
743 protected function readHeader( $fh, $content ) {
744 $this->headerText .= $content;
745 return strlen( $content );
746 }
747
748 public function execute() {
749 parent::execute();
750 if ( !$this->status->isOK() ) {
751 return $this->status;
752 }
753 $this->curlOptions[CURLOPT_PROXY] = $this->proxy;
754 $this->curlOptions[CURLOPT_TIMEOUT] = $this->timeout;
755 $this->curlOptions[CURLOPT_HTTP_VERSION] = CURL_HTTP_VERSION_1_0;
756 $this->curlOptions[CURLOPT_WRITEFUNCTION] = $this->callback;
757 $this->curlOptions[CURLOPT_HEADERFUNCTION] = array($this, "readHeader");
758 $this->curlOptions[CURLOPT_MAXREDIRS] = $this->maxRedirects;
759 $this->curlOptions[CURLOPT_ENCODING] = ""; # Enable compression
760
761 /* not sure these two are actually necessary */
762 if(isset($this->reqHeaders['Referer'])) {
763 $this->curlOptions[CURLOPT_REFERER] = $this->reqHeaders['Referer'];
764 }
765 $this->curlOptions[CURLOPT_USERAGENT] = $this->reqHeaders['User-Agent'];
766
767 if ( isset( $this->sslVerifyHost ) ) {
768 $this->curlOptions[CURLOPT_SSL_VERIFYHOST] = $this->sslVerifyHost;
769 }
770
771 if ( isset( $this->sslVerifyCert ) ) {
772 $this->curlOptions[CURLOPT_SSL_VERIFYPEER] = $this->sslVerifyCert;
773 }
774
775 if ( $this->caInfo ) {
776 $this->curlOptions[CURLOPT_CAINFO] = $this->caInfo;
777 }
778
779 if ( $this->headersOnly ) {
780 $this->curlOptions[CURLOPT_NOBODY] = true;
781 $this->curlOptions[CURLOPT_HEADER] = true;
782 } elseif ( $this->method == 'POST' ) {
783 $this->curlOptions[CURLOPT_POST] = true;
784 $this->curlOptions[CURLOPT_POSTFIELDS] = $this->postData;
785 // Suppress 'Expect: 100-continue' header, as some servers
786 // will reject it with a 417 and Curl won't auto retry
787 // with HTTP 1.0 fallback
788 $this->reqHeaders['Expect'] = '';
789 } else {
790 $this->curlOptions[CURLOPT_CUSTOMREQUEST] = $this->method;
791 }
792
793 $this->curlOptions[CURLOPT_HTTPHEADER] = $this->getHeaderList();
794
795 $curlHandle = curl_init( $this->url );
796 if ( !curl_setopt_array( $curlHandle, $this->curlOptions ) ) {
797 throw new MWException("Error setting curl options.");
798 }
799 if ( $this->followRedirects && $this->canFollowRedirects() ) {
800 if ( ! @curl_setopt( $curlHandle, CURLOPT_FOLLOWLOCATION, true ) ) {
801 wfDebug( __METHOD__.": Couldn't set CURLOPT_FOLLOWLOCATION. " .
802 "Probably safe_mode or open_basedir is set.\n");
803 // Continue the processing. If it were in curl_setopt_array,
804 // processing would have halted on its entry
805 }
806 }
807
808 if ( false === curl_exec( $curlHandle ) ) {
809 $code = curl_error( $curlHandle );
810
811 if ( isset( self::$curlMessageMap[$code] ) ) {
812 $this->status->fatal( self::$curlMessageMap[$code] );
813 } else {
814 $this->status->fatal( 'http-curl-error', curl_error( $curlHandle ) );
815 }
816 } else {
817 $this->headerList = explode("\r\n", $this->headerText);
818 }
819
820 curl_close( $curlHandle );
821
822 $this->parseHeader();
823 $this->setStatus();
824 return $this->status;
825 }
826
827 public function canFollowRedirects() {
828 if ( strval( ini_get( 'open_basedir' ) ) !== '' || wfIniGetBool( 'safe_mode' ) ) {
829 wfDebug( "Cannot follow redirects in safe mode\n" );
830 return false;
831 }
832 if ( !defined( 'CURLOPT_REDIR_PROTOCOLS' ) ) {
833 wfDebug( "Cannot follow redirects with libcurl < 7.19.4 due to CVE-2009-0037\n" );
834 return false;
835 }
836 return true;
837 }
838 }
839
840 class PhpHttpRequest extends HttpRequest {
841 protected function urlToTcp( $url ) {
842 $parsedUrl = parse_url( $url );
843
844 return 'tcp://' . $parsedUrl['host'] . ':' . $parsedUrl['port'];
845 }
846
847 public function execute() {
848 parent::execute();
849
850 // At least on Centos 4.8 with PHP 5.1.6, using max_redirects to follow redirects
851 // causes a segfault
852 $manuallyRedirect = version_compare( phpversion(), '5.1.7', '<' );
853
854 if ( $this->parsedUrl['scheme'] != 'http' ) {
855 $this->status->fatal( 'http-invalid-scheme', $this->parsedUrl['scheme'] );
856 }
857
858 $this->reqHeaders['Accept'] = "*/*";
859 if ( $this->method == 'POST' ) {
860 // Required for HTTP 1.0 POSTs
861 $this->reqHeaders['Content-Length'] = strlen( $this->postData );
862 $this->reqHeaders['Content-type'] = "application/x-www-form-urlencoded";
863 }
864
865 $options = array();
866 if ( $this->proxy && !$this->noProxy ) {
867 $options['proxy'] = $this->urlToTCP( $this->proxy );
868 $options['request_fulluri'] = true;
869 }
870
871 if ( !$this->followRedirects || $manuallyRedirect ) {
872 $options['max_redirects'] = 0;
873 } else {
874 $options['max_redirects'] = $this->maxRedirects;
875 }
876
877 $options['method'] = $this->method;
878 $options['header'] = implode("\r\n", $this->getHeaderList());
879 // Note that at some future point we may want to support
880 // HTTP/1.1, but we'd have to write support for chunking
881 // in version of PHP < 5.3.1
882 $options['protocol_version'] = "1.0";
883
884 // This is how we tell PHP we want to deal with 404s (for example) ourselves.
885 // Only works on 5.2.10+
886 $options['ignore_errors'] = true;
887
888 if ( $this->postData ) {
889 $options['content'] = $this->postData;
890 }
891
892 $oldTimeout = false;
893 if ( version_compare( '5.2.1', phpversion(), '>' ) ) {
894 $oldTimeout = ini_set('default_socket_timeout', $this->timeout);
895 } else {
896 $options['timeout'] = $this->timeout;
897 }
898
899 $context = stream_context_create( array( 'http' => $options ) );
900
901 $this->headerList = array();
902 $reqCount = 0;
903 $url = $this->url;
904 do {
905 $reqCount++;
906 wfSuppressWarnings();
907 $fh = fopen( $url, "r", false, $context );
908 wfRestoreWarnings();
909 if ( !$fh ) {
910 break;
911 }
912 $result = stream_get_meta_data( $fh );
913 $this->headerList = $result['wrapper_data'];
914 $this->parseHeader();
915 if ( !$manuallyRedirect || !$this->followRedirects ) {
916 break;
917 }
918
919 # Handle manual redirection
920 if ( !$this->isRedirect() || $reqCount > $this->maxRedirects ) {
921 break;
922 }
923 # Check security of URL
924 $url = $this->getResponseHeader("Location");
925 if ( substr( $url, 0, 7 ) !== 'http://' ) {
926 wfDebug( __METHOD__.": insecure redirection\n" );
927 break;
928 }
929 } while ( true );
930
931 if ( $oldTimeout !== false ) {
932 ini_set('default_socket_timeout', $oldTimeout);
933 }
934 $this->setStatus();
935
936 if ( $fh === false ) {
937 $this->status->fatal( 'http-request-error' );
938 return $this->status;
939 }
940
941 if ( $result['timed_out'] ) {
942 $this->status->fatal( 'http-timed-out', $this->url );
943 return $this->status;
944 }
945
946 if($this->status->isOK()) {
947 while ( !feof( $fh ) ) {
948 $buf = fread( $fh, 8192 );
949 if ( $buf === false ) {
950 $this->status->fatal( 'http-read-error' );
951 break;
952 }
953 if ( strlen( $buf ) ) {
954 call_user_func( $this->callback, $fh, $buf );
955 }
956 }
957 }
958 fclose( $fh );
959
960 return $this->status;
961 }
962 }
Wiklou, le Wiki du Wiklou