[MediaWiki-commits] [Gerrit] CurlHttpRequest: Follow redirects even under open_basedir - change (mediawiki/core)

Sat, 20 Sep 2014 05:32:57 -0700 

PleaseStand has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/161656

Change subject: CurlHttpRequest: Follow redirects even under open_basedir
......................................................................

CurlHttpRequest: Follow redirects even under open_basedir

As of PHP 5.6.0, this is now allowed provided that libcurl is version
7.19.4 or newer (to not follow redirects to file:// URLs, which would
circumvent the open_basedir restriction).

https://bugs.php.net/bug.php?id=65646
https://github.com/php/php-src/commit/fba290c061027c24e4c8effdba37addd3430c34

Change-Id: I1233dca563a185d12923736d8d397a3acf87a71e
---
M includes/HttpFunctions.php
1 file changed, 7 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/56/161656/1

diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php
index 8302124..ac8ef0e 100644
--- a/includes/HttpFunctions.php
+++ b/includes/HttpFunctions.php
@@ -804,17 +804,19 @@
         * @return bool
         */
        public function canFollowRedirects() {
-               if ( strval( ini_get( 'open_basedir' ) ) !== '' || 
wfIniGetBool( 'safe_mode' ) ) {
-                       wfDebug( "Cannot follow redirects in safe mode\n" );
-                       return false;
-               }
-
                $curlVersionInfo = curl_version();
                if ( $curlVersionInfo['version_number'] < 0x071304 ) {
                        wfDebug( "Cannot follow redirects with libcurl < 7.19.4 
due to CVE-2009-0037\n" );
                        return false;
                }
 
+               if ( version_compare( PHP_VERSION, '5.6.0', '<' ) ) {
+                       if ( strval( ini_get( 'open_basedir' ) ) !== '' || 
wfIniGetBool( 'safe_mode' ) ) {
+                               wfDebug( "Cannot follow redirects in safe 
mode\n" );
+                               return false;
+                       }
+               }
+
                return true;
        }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/161656
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1233dca563a185d12923736d8d397a3acf87a71e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: PleaseStand <pleasest...@live.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to