X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=includes%2FHttpFunctions.php;h=697391b6d020b27c52ca490d24257b8d25561292;hp=bc5a9570e2951360e9b5603ab9c8494d2b2b5659;hb=6ae9367cddf8565c948f4d9458b07bb688f2ddc2;hpb=f1a890c34cebd8744bf3a6277734275fb975575a diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php index bc5a9570e2..697391b6d0 100644 --- a/includes/HttpFunctions.php +++ b/includes/HttpFunctions.php @@ -193,6 +193,26 @@ class Http { $uri ); } + + /** + * Gets the relevant proxy from $wgHTTPProxy/http_proxy (when set). + * + * @return mixed The proxy address or an empty string if not set. + */ + public static function getProxy() { + global $wgHTTPProxy; + + if ( $wgHTTPProxy ) { + return $wgHTTPProxy; + } + + $envHttpProxy = getenv( "http_proxy" ); + if ( $envHttpProxy ) { + return $envHttpProxy; + } + + return ""; + } } /** @@ -250,7 +270,9 @@ class MWHttpRequest { * @param string $caller The method making this request, for profiling * @param Profiler $profiler An instance of the profiler for profiling, or null */ - protected function __construct( $url, $options = array(), $caller = __METHOD__, $profiler = null ) { + protected function __construct( + $url, $options = array(), $caller = __METHOD__, $profiler = null + ) { global $wgHTTPTimeout, $wgHTTPConnectTimeout; $this->url = wfExpandUrl( $url, PROTO_HTTP ); @@ -367,8 +389,6 @@ class MWHttpRequest { * @return void */ public function proxySetup() { - global $wgHTTPProxy; - // If there is an explicit proxy set and proxies are not disabled, then use it if ( $this->proxy && !$this->noProxy ) { return; @@ -378,10 +398,8 @@ class MWHttpRequest { // local URL and proxies are not disabled if ( Http::isLocalURL( $this->url ) || $this->noProxy ) { $this->proxy = ''; - } elseif ( $wgHTTPProxy ) { - $this->proxy = $wgHTTPProxy; - } elseif ( getenv( "http_proxy" ) ) { - $this->proxy = getenv( "http_proxy" ); + } else { + $this->proxy = Http::getProxy(); } } @@ -678,7 +696,7 @@ class MWHttpRequest { public function getFinalUrl() { $headers = $this->getResponseHeaders(); - //return full url (fix for incorrect but handled relative location) + // return full url (fix for incorrect but handled relative location) if ( isset( $headers['location'] ) ) { $locations = $headers['location']; $domain = ''; @@ -690,7 +708,7 @@ class MWHttpRequest { if ( isset( $url['host'] ) ) { $domain = $url['scheme'] . '://' . $url['host']; - break; //found correct URI (with host) + break; // found correct URI (with host) } else { $foundRelativeURI = true; } @@ -838,17 +856,19 @@ class CurlHttpRequest extends MWHttpRequest { * @return bool */ public function canFollowRedirects() { - if ( strval( ini_get( 'open_basedir' ) ) !== '' || wfIniGetBool( 'safe_mode' ) ) { - wfDebug( "Cannot follow redirects in safe mode\n" ); - return false; - } - $curlVersionInfo = curl_version(); if ( $curlVersionInfo['version_number'] < 0x071304 ) { wfDebug( "Cannot follow redirects with libcurl < 7.19.4 due to CVE-2009-0037\n" ); return false; } + if ( version_compare( PHP_VERSION, '5.6.0', '<' ) ) { + if ( strval( ini_get( 'open_basedir' ) ) !== '' || wfIniGetBool( 'safe_mode' ) ) { + wfDebug( "Cannot follow redirects in safe mode\n" ); + return false; + } + } + return true; } } @@ -868,8 +888,10 @@ class PhpHttpRequest extends MWHttpRequest { } /** - * Returns an array with a 'capath' or 'cafile' key that is suitable to be merged into the 'ssl' sub-array of a - * stream context options array. Uses the 'caInfo' option of the class if it is provided, otherwise uses the system + * Returns an array with a 'capath' or 'cafile' key + * that is suitable to be merged into the 'ssl' sub-array of + * a stream context options array. + * Uses the 'caInfo' option of the class if it is provided, otherwise uses the system * default CA bundle if PHP supports that, or searches a few standard locations. * @return array * @throws DomainException @@ -880,10 +902,13 @@ class PhpHttpRequest extends MWHttpRequest { if ( $this->caInfo ) { $certLocations = array( 'manual' => $this->caInfo ); } elseif ( version_compare( PHP_VERSION, '5.6.0', '<' ) ) { + // @codingStandardsIgnoreStart Generic.Files.LineLength // Default locations, based on // https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/ - // PHP 5.5 and older doesn't have any defaults, so we try to guess ourselves. PHP 5.6+ gets the CA location - // from OpenSSL as long as it is not set manually, so we should leave capath/cafile empty there. + // PHP 5.5 and older doesn't have any defaults, so we try to guess ourselves. + // PHP 5.6+ gets the CA location from OpenSSL as long as it is not set manually, + // so we should leave capath/cafile empty there. + // @codingStandardsIgnoreEnd $certLocations = array_filter( array( getenv( 'SSL_CERT_DIR' ), getenv( 'SSL_CERT_PATH' ), @@ -895,7 +920,7 @@ class PhpHttpRequest extends MWHttpRequest { ) ); } - foreach( $certLocations as $key => $cert ) { + foreach ( $certLocations as $key => $cert ) { if ( is_dir( $cert ) ) { $certOptions['capath'] = $cert; break; @@ -912,8 +937,10 @@ class PhpHttpRequest extends MWHttpRequest { } /** - * Custom error handler for dealing with fopen() errors. fopen() tends to fire multiple errors in succession, and the last one - * is completely useless (something like "fopen: failed to open stream") so normal methods of handling errors programmatically + * Custom error handler for dealing with fopen() errors. + * fopen() tends to fire multiple errors in succession, and the last one + * is completely useless (something like "fopen: failed to open stream") + * so normal methods of handling errors programmatically * like get_last_error() don't work. */ public function errorHandler( $errno, $errstr ) { @@ -960,6 +987,8 @@ class PhpHttpRequest extends MWHttpRequest { 'ssl' => array( 'verify_peer' => $this->sslVerifyCert, 'SNI_enabled' => true, + 'ciphers' => 'HIGH:!SSLv2:!SSLv3:-ADH:-kDH:-kECDH:-DSS', + 'disable_compression' => true, ), );