Fix CURLOPT_FOLLOWLOCATION bug with open_basedir or safe_mode restriction enabled.

Squashed commit of the following: commit eaf4f43f687db59137a0b00bc0e12ed4eb0d0943 Merge: 1e9c5be3 1e7d7bd Author: Thomas Müller <thomas.mueller@tmit.eu> Date: Fri Mar 28 11:49:04 2014 +0100 Merge branch 'master' of https://github.com/kev300/core into kev300-master commit 1e7d7bdd8b5c7f301501cb822cdf2ef0ad3f2872 Author: kev300 <admin@gadeco.de> Date: Tue Dec 17 14:11:42 2013 +0100 Update util.php commit 3f0723f054a27a506be7f26932ccb54fff6f2be9 Author: kev300 <admin@gadeco.de> Date: Tue Dec 17 14:09:15 2013 +0100 Update util.php commit 512176abdcfbe5b2b060b91033abc9608912d1f8 Author: kev300 <admin@gadeco.de> Date: Tue Dec 17 14:02:04 2013 +0100 Update util.php commit 6cbefd080188d287024e0b047b88dd4525d6c2c1 Author: kev300 <admin@gadeco.de> Date: Mon Dec 16 16:44:46 2013 +0100 Update util.php Fix CURLOPT_FOLLOWLOCATION bug with open_basedir or safe_mode restriction enabled.

Fix CURLOPT_FOLLOWLOCATION bug with open_basedir or safe_mode restriction enabled.
2d592ddc · Thomas Müller · 040f430f · 2d592ddc
Commit 2d592ddc authored 11 years ago by Thomas Müller
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -1072,13 +1072,13 @@ class OC_Util {
 	public static function getUrlContent($url) {
 		if (function_exists('curl_init')) {
 			$curl = curl_init();
+			$max_redirects = 10;
 			curl_setopt($curl, CURLOPT_HEADER, 0);
 			curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
 			curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
 			curl_setopt($curl, CURLOPT_URL, $url);
-			curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
-			curl_setopt($curl, CURLOPT_MAXREDIRS, 10);
 			curl_setopt($curl, CURLOPT_USERAGENT, "ownCloud Server Crawler");
 			if(OC_Config::getValue('proxy', '') != '') {
@@ -1087,9 +1087,50 @@ class OC_Util {
 			if(OC_Config::getValue('proxyuserpwd', '') != '') {
 				curl_setopt($curl, CURLOPT_PROXYUSERPWD, OC_Config::getValue('proxyuserpwd'));
 			}
-			$data = curl_exec($curl);
+			if (ini_get('open_basedir') === '' && ini_get('safe_mode' === 'Off')) { 
+				curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
+				curl_setopt($curl, CURLOPT_MAXREDIRS, $max_redirects);
+				$data = curl_exec($curl);
+			} else {
+				curl_setopt($curl, CURLOPT_FOLLOWLOCATION, false);
+				$mr = $max_redirects;
+				if ($mr > 0) { 
+					$newurl = curl_getinfo($curl, CURLINFO_EFFECTIVE_URL);
+					$rcurl = curl_copy_handle($curl);
+					curl_setopt($rcurl, CURLOPT_HEADER, true);
+					curl_setopt($rcurl, CURLOPT_NOBODY, true);
+					curl_setopt($rcurl, CURLOPT_FORBID_REUSE, false);
+					curl_setopt($rcurl, CURLOPT_RETURNTRANSFER, true);
+					do {
+						curl_setopt($rcurl, CURLOPT_URL, $newurl);
+						$header = curl_exec($rcurl);
+						if (curl_errno($rcurl)) {
+							$code = 0;
+						} else {
+							$code = curl_getinfo($rcurl, CURLINFO_HTTP_CODE);
+							if ($code == 301 || $code == 302) {
+								preg_match('/Location:(.*?)\n/', $header, $matches);
+								$newurl = trim(array_pop($matches));
+							} else {
+								$code = 0;
+							}
+						}
+					} while ($code && --$mr);
+					curl_close($rcurl);
+					if ($mr > 0) {
+						curl_setopt($curl, CURLOPT_URL, $newurl);
+					} 
+				}
+				if($mr == 0 && $max_redirects > 0) {
+					$data = false;
+				} else {
+					$data = curl_exec($curl);
+				}
+			}
 			curl_close($curl);
 		} else {
 			$contextArray = null;