X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=includes%2FHttpFunctions.php;h=e6801e3b433fcaf7d25c888c1f12508f5c2b462b;hb=82a861c5bf032acd1cd3e582efd482afa8e760ab;hp=bc5a9570e2951360e9b5603ab9c8494d2b2b5659;hpb=a5bafc48de78cba682d5670db9395bfa93c42cc8;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php index bc5a9570e2..e6801e3b43 100644 --- a/includes/HttpFunctions.php +++ b/includes/HttpFunctions.php @@ -80,7 +80,8 @@ class Http { } else { $errors = $status->getErrorsByType( 'error' ); $logger = LoggerFactory::getInstance( 'http' ); - $logger->warning( $status->getWikiText(), array( 'caller' => $caller ) ); + $logger->warning( $status->getWikiText(), + array( 'error' => $errors, 'caller' => $caller, 'content' => $req->getContent() ) ); return false; } } @@ -250,7 +251,9 @@ class MWHttpRequest { * @param string $caller The method making this request, for profiling * @param Profiler $profiler An instance of the profiler for profiling, or null */ - protected function __construct( $url, $options = array(), $caller = __METHOD__, $profiler = null ) { + protected function __construct( + $url, $options = array(), $caller = __METHOD__, $profiler = null + ) { global $wgHTTPTimeout, $wgHTTPConnectTimeout; $this->url = wfExpandUrl( $url, PROTO_HTTP ); @@ -678,7 +681,7 @@ class MWHttpRequest { public function getFinalUrl() { $headers = $this->getResponseHeaders(); - //return full url (fix for incorrect but handled relative location) + // return full url (fix for incorrect but handled relative location) if ( isset( $headers['location'] ) ) { $locations = $headers['location']; $domain = ''; @@ -690,7 +693,7 @@ class MWHttpRequest { if ( isset( $url['host'] ) ) { $domain = $url['scheme'] . '://' . $url['host']; - break; //found correct URI (with host) + break; // found correct URI (with host) } else { $foundRelativeURI = true; } @@ -838,17 +841,19 @@ class CurlHttpRequest extends MWHttpRequest { * @return bool */ public function canFollowRedirects() { - if ( strval( ini_get( 'open_basedir' ) ) !== '' || wfIniGetBool( 'safe_mode' ) ) { - wfDebug( "Cannot follow redirects in safe mode\n" ); - return false; - } - $curlVersionInfo = curl_version(); if ( $curlVersionInfo['version_number'] < 0x071304 ) { wfDebug( "Cannot follow redirects with libcurl < 7.19.4 due to CVE-2009-0037\n" ); return false; } + if ( version_compare( PHP_VERSION, '5.6.0', '<' ) ) { + if ( strval( ini_get( 'open_basedir' ) ) !== '' || wfIniGetBool( 'safe_mode' ) ) { + wfDebug( "Cannot follow redirects in safe mode\n" ); + return false; + } + } + return true; } } @@ -868,8 +873,10 @@ class PhpHttpRequest extends MWHttpRequest { } /** - * Returns an array with a 'capath' or 'cafile' key that is suitable to be merged into the 'ssl' sub-array of a - * stream context options array. Uses the 'caInfo' option of the class if it is provided, otherwise uses the system + * Returns an array with a 'capath' or 'cafile' key + * that is suitable to be merged into the 'ssl' sub-array of + * a stream context options array. + * Uses the 'caInfo' option of the class if it is provided, otherwise uses the system * default CA bundle if PHP supports that, or searches a few standard locations. * @return array * @throws DomainException @@ -880,10 +887,13 @@ class PhpHttpRequest extends MWHttpRequest { if ( $this->caInfo ) { $certLocations = array( 'manual' => $this->caInfo ); } elseif ( version_compare( PHP_VERSION, '5.6.0', '<' ) ) { + // @codingStandardsIgnoreStart Generic.Files.LineLength // Default locations, based on // https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/ - // PHP 5.5 and older doesn't have any defaults, so we try to guess ourselves. PHP 5.6+ gets the CA location - // from OpenSSL as long as it is not set manually, so we should leave capath/cafile empty there. + // PHP 5.5 and older doesn't have any defaults, so we try to guess ourselves. + // PHP 5.6+ gets the CA location from OpenSSL as long as it is not set manually, + // so we should leave capath/cafile empty there. + // @codingStandardsIgnoreEnd $certLocations = array_filter( array( getenv( 'SSL_CERT_DIR' ), getenv( 'SSL_CERT_PATH' ), @@ -895,7 +905,7 @@ class PhpHttpRequest extends MWHttpRequest { ) ); } - foreach( $certLocations as $key => $cert ) { + foreach ( $certLocations as $key => $cert ) { if ( is_dir( $cert ) ) { $certOptions['capath'] = $cert; break; @@ -912,8 +922,10 @@ class PhpHttpRequest extends MWHttpRequest { } /** - * Custom error handler for dealing with fopen() errors. fopen() tends to fire multiple errors in succession, and the last one - * is completely useless (something like "fopen: failed to open stream") so normal methods of handling errors programmatically + * Custom error handler for dealing with fopen() errors. + * fopen() tends to fire multiple errors in succession, and the last one + * is completely useless (something like "fopen: failed to open stream") + * so normal methods of handling errors programmatically * like get_last_error() don't work. */ public function errorHandler( $errno, $errstr ) { @@ -960,6 +972,8 @@ class PhpHttpRequest extends MWHttpRequest { 'ssl' => array( 'verify_peer' => $this->sslVerifyCert, 'SNI_enabled' => true, + 'ciphers' => 'HIGH:!SSLv2:!SSLv3:-ADH:-kDH:-kECDH:-DSS', + 'disable_compression' => true, ), );