From 45a6214c1ee2b34aa9c78d537f56618e16892b23 Mon Sep 17 00:00:00 2001 From: Kevin Israel Date: Fri, 12 Sep 2014 06:40:00 -0400 Subject: [PATCH] CurlHttpRequest: Follow redirects even under open_basedir As of PHP 5.6.0, this is now allowed provided that libcurl is version 7.19.4 or newer (to not follow redirects to file:// URLs, which would circumvent the open_basedir restriction). https://bugs.php.net/bug.php?id=65646 https://github.com/php/php-src/commit/fba290c061027c24e4c8effdba37addd3430c3d4 Change-Id: I1233dca563a185d12923736d8d397a3acf87a71e --- includes/HttpFunctions.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php index d066df89e6..621692a75f 100644 --- a/includes/HttpFunctions.php +++ b/includes/HttpFunctions.php @@ -793,17 +793,19 @@ class CurlHttpRequest extends MWHttpRequest { * @return bool */ public function canFollowRedirects() { - if ( strval( ini_get( 'open_basedir' ) ) !== '' || wfIniGetBool( 'safe_mode' ) ) { - wfDebug( "Cannot follow redirects in safe mode\n" ); - return false; - } - $curlVersionInfo = curl_version(); if ( $curlVersionInfo['version_number'] < 0x071304 ) { wfDebug( "Cannot follow redirects with libcurl < 7.19.4 due to CVE-2009-0037\n" ); return false; } + if ( version_compare( PHP_VERSION, '5.6.0', '<' ) ) { + if ( strval( ini_get( 'open_basedir' ) ) !== '' || wfIniGetBool( 'safe_mode' ) ) { + wfDebug( "Cannot follow redirects in safe mode\n" ); + return false; + } + } + return true; } } -- 2.20.1