As of PHP 5.6.0, this is now allowed provided that libcurl is version
7.19.4 or newer (to not follow redirects to file:// URLs, which would
circumvent the open_basedir restriction).
https://bugs.php.net/bug.php?id=65646
https://github.com/php/php-src/commit/
fba290c061027c24e4c8effdba37addd3430c3d4
Change-Id: I1233dca563a185d12923736d8d397a3acf87a71e
* @return bool
*/
public function canFollowRedirects() {
* @return bool
*/
public function canFollowRedirects() {
- if ( strval( ini_get( 'open_basedir' ) ) !== '' || wfIniGetBool( 'safe_mode' ) ) {
- wfDebug( "Cannot follow redirects in safe mode\n" );
- return false;
- }
-
$curlVersionInfo = curl_version();
if ( $curlVersionInfo['version_number'] < 0x071304 ) {
wfDebug( "Cannot follow redirects with libcurl < 7.19.4 due to CVE-2009-0037\n" );
return false;
}
$curlVersionInfo = curl_version();
if ( $curlVersionInfo['version_number'] < 0x071304 ) {
wfDebug( "Cannot follow redirects with libcurl < 7.19.4 due to CVE-2009-0037\n" );
return false;
}
+ if ( version_compare( PHP_VERSION, '5.6.0', '<' ) ) {
+ if ( strval( ini_get( 'open_basedir' ) ) !== '' || wfIniGetBool( 'safe_mode' ) ) {
+ wfDebug( "Cannot follow redirects in safe mode\n" );
+ return false;
+ }
+ }
+