r67840 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r67839‎ \| r67840 \| r67841 >
Date:	06:10, 11 June 2010
Author:	tstarling
Status:	ok
Tags:
Comment:	* Fix for r67684: in the curl backend, don't redirect if canFollowRedirects() returns false. * Doxygen-compatible lists in Http::request() doc comment.
Modified paths:	/trunk/phase3/includes/HttpFunctions.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/HttpFunctions.php
—	—	@@ -14,18 +14,18 @@
15	15	* Perform an HTTP request
16	16	* @param $method string HTTP method. Usually GET/POST
17	17	* @param $url string Full URL to act on
18		~~- * @param $options options to pass to HttpRequest object~~
	18	+ * @param $options options to pass to HttpRequest object.
19	19	* Possible keys for the array:
20		~~- * timeout Timeout length in seconds~~
21		~~- * postData An array of key-value pairs or a url-encoded form data~~
22		~~- * proxy The proxy to use.~~
	20	+ * - timeout Timeout length in seconds
	21	+ * - postData An array of key-value pairs or a url-encoded form data
	22	+ * - proxy The proxy to use.
23	23	* Will use $wgHTTPProxy (if set) otherwise.
24		~~- * noProxy Override $wgHTTPProxy (if set) and don't use any proxy at all.~~
25		~~- * sslVerifyHost (curl only) Verify hostname against certificate~~
26		~~- * sslVerifyCert (curl only) Verify SSL certificate~~
27		~~- * caInfo (curl only) Provide CA information~~
28		~~- * maxRedirects Maximum number of redirects to follow (defaults to 5)~~
29		~~- * followRedirects Whether to follow redirects (defaults to false).~~
	24	+ * - noProxy Override $wgHTTPProxy (if set) and don't use any proxy at all.
	25	+ * - sslVerifyHost (curl only) Verify hostname against certificate
	26	+ * - sslVerifyCert (curl only) Verify SSL certificate
	27	+ * - caInfo (curl only) Provide CA information
	28	+ * - maxRedirects Maximum number of redirects to follow (defaults to 5)
	29	+ * - followRedirects Whether to follow redirects (defaults to false).
30	30	* Note: this should only be used when the target URL is trusted,
31	31	* to avoid attacks on intranet services accessible by HTTP.
32	32	* @returns mixed (bool)false on failure or a string on success
—	—	@@ -780,9 +780,13 @@
781	781	if ( !curl_setopt_array( $curlHandle, $this->curlOptions ) ) {
782	782	throw new MWException("Error setting curl options.");
783	783	}
784		~~- if ( ! @curl_setopt( $curlHandle, CURLOPT_FOLLOWLOCATION, $this->followRedirects ) ) {~~
785		~~- wfDebug("Couldn't set CURLOPT_FOLLOWLOCATION. Probably safe_mode or open_basedir is set.");~~
786		~~- /* Continue the processing. If it were in curl_setopt_array, processing would have halted on its entry */~~
	784	+ if ( $this->followRedirects && $this->canFollowRedirects() ) {
	785	+ if ( ! @curl_setopt( $curlHandle, CURLOPT_FOLLOWLOCATION, true ) ) {
	786	+ wfDebug( __METHOD__.": Couldn't set CURLOPT_FOLLOWLOCATION. " .
	787	+ "Probably safe_mode or open_basedir is set. ");
	788	+ // Continue the processing. If it were in curl_setopt_array,
	789	+ // processing would have halted on its entry
	790	+ }
787	791	}
788	792
789	793	if ( false === curl_exec( $curlHandle ) ) {

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r67684	Fixes for r61911:...	tstarling	06:39, 9 June 2010

Status & tagging log

16:34, 24 November 2011 Hashar (talk | contribs) changed the tags for r67840 [removed: 1.16]
00:38, 9 August 2010 Tim Starling (talk | contribs) changed the tags for r67840 [added: 1.16]
06:22, 11 June 2010 Platonides (talk | contribs) changed the status of r67840 [removed: new added: ok]