From 40eba8bb579189dbd48269abbe0886b3114810bd Mon Sep 17 00:00:00 2001
From: Tim Starling <tstarling@users.mediawiki.org>
Date: Fri, 11 Jun 2010 06:10:54 +0000
Subject: [PATCH] * Fix for r67684: in the curl backend, don't redirect if
 canFollowRedirects() returns false. * Doxygen-compatible lists in
 Http::request() doc comment.

---
 includes/HttpFunctions.php | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php
index 121baadbcc..3023c3c9ec 100644
--- a/includes/HttpFunctions.php
+++ b/includes/HttpFunctions.php
@@ -14,18 +14,18 @@ class Http {
 	 * Perform an HTTP request
 	 * @param $method string HTTP method. Usually GET/POST
 	 * @param $url string Full URL to act on
-	 * @param $options options to pass to HttpRequest object
+	 * @param $options options to pass to HttpRequest object.
 	 *	Possible keys for the array:
-	 *		timeout             Timeout length in seconds
-	 *		postData            An array of key-value pairs or a url-encoded form data
-	 *		proxy               The proxy to use.
+	 *    - timeout             Timeout length in seconds
+	 *    - postData            An array of key-value pairs or a url-encoded form data
+	 *    - proxy               The proxy to use.
 	 *                          Will use $wgHTTPProxy (if set) otherwise.
-	 *		noProxy             Override $wgHTTPProxy (if set) and don't use any proxy at all.
-	 *		sslVerifyHost       (curl only) Verify hostname against certificate
-	 *		sslVerifyCert       (curl only) Verify SSL certificate
-	 *		caInfo              (curl only) Provide CA information
-	 *		maxRedirects        Maximum number of redirects to follow (defaults to 5)
-	 *		followRedirects     Whether to follow redirects (defaults to false). 
+	 *    - noProxy             Override $wgHTTPProxy (if set) and don't use any proxy at all.
+	 *    - sslVerifyHost       (curl only) Verify hostname against certificate
+	 *    - sslVerifyCert       (curl only) Verify SSL certificate
+	 *    - caInfo              (curl only) Provide CA information
+	 *    - maxRedirects        Maximum number of redirects to follow (defaults to 5)
+	 *    - followRedirects     Whether to follow redirects (defaults to false). 
 	 *		                    Note: this should only be used when the target URL is trusted,
 	 *		                    to avoid attacks on intranet services accessible by HTTP.
 	 * @returns mixed (bool)false on failure or a string on success
@@ -780,9 +780,13 @@ class CurlHttpRequest extends HttpRequest {
 		if ( !curl_setopt_array( $curlHandle, $this->curlOptions ) ) {
 			throw new MWException("Error setting curl options.");
 		}
-		if ( ! @curl_setopt( $curlHandle, CURLOPT_FOLLOWLOCATION, $this->followRedirects ) ) {
-			wfDebug("Couldn't set CURLOPT_FOLLOWLOCATION. Probably safe_mode or open_basedir is set.");
-			/* Continue the processing. If it were in curl_setopt_array, processing would have halted on its entry */
+		if ( $this->followRedirects && $this->canFollowRedirects() ) {
+			if ( ! @curl_setopt( $curlHandle, CURLOPT_FOLLOWLOCATION, true ) ) {
+				wfDebug( __METHOD__.": Couldn't set CURLOPT_FOLLOWLOCATION. " .
+					"Probably safe_mode or open_basedir is set. ");
+				// Continue the processing. If it were in curl_setopt_array, 
+				// processing would have halted on its entry
+			}
 		}
 
 		if ( false === curl_exec( $curlHandle ) ) {
-- 
2.20.1