PleaseStand has uploaded a new change for review. https://gerrit.wikimedia.org/r/161656
Change subject: CurlHttpRequest: Follow redirects even under open_basedir ...................................................................... CurlHttpRequest: Follow redirects even under open_basedir As of PHP 5.6.0, this is now allowed provided that libcurl is version 7.19.4 or newer (to not follow redirects to file:// URLs, which would circumvent the open_basedir restriction). https://bugs.php.net/bug.php?id=65646 https://github.com/php/php-src/commit/fba290c061027c24e4c8effdba37addd3430c34 Change-Id: I1233dca563a185d12923736d8d397a3acf87a71e --- M includes/HttpFunctions.php 1 file changed, 7 insertions(+), 5 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/56/161656/1 diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php index 8302124..ac8ef0e 100644 --- a/includes/HttpFunctions.php +++ b/includes/HttpFunctions.php @@ -804,17 +804,19 @@ * @return bool */ public function canFollowRedirects() { - if ( strval( ini_get( 'open_basedir' ) ) !== '' || wfIniGetBool( 'safe_mode' ) ) { - wfDebug( "Cannot follow redirects in safe mode\n" ); - return false; - } - $curlVersionInfo = curl_version(); if ( $curlVersionInfo['version_number'] < 0x071304 ) { wfDebug( "Cannot follow redirects with libcurl < 7.19.4 due to CVE-2009-0037\n" ); return false; } + if ( version_compare( PHP_VERSION, '5.6.0', '<' ) ) { + if ( strval( ini_get( 'open_basedir' ) ) !== '' || wfIniGetBool( 'safe_mode' ) ) { + wfDebug( "Cannot follow redirects in safe mode\n" ); + return false; + } + } + return true; } } -- To view, visit https://gerrit.wikimedia.org/r/161656 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I1233dca563a185d12923736d8d397a3acf87a71e Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: PleaseStand <pleasest...@live.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits