MediaWiki  master
CurlHttpRequest.php
Go to the documentation of this file.
1 <?php
25  const SUPPORTS_FILE_POSTS = true;
26 
27  protected $curlOptions = [];
28  protected $headerText = "";
29 
33  public function __construct() {
34  if ( !function_exists( 'curl_init' ) ) {
35  throw new RuntimeException(
36  __METHOD__ . ': curl (https://www.php.net/curl) is not installed' );
37  }
38 
39  parent::__construct( ...func_get_args() );
40  }
41 
47  protected function readHeader( $fh, $content ) {
48  $this->headerText .= $content;
49  return strlen( $content );
50  }
51 
58  public function execute() {
59  $this->prepare();
60 
61  if ( !$this->status->isOK() ) {
62  return Status::wrap( $this->status ); // TODO B/C; move this to callers
63  }
64 
65  $this->curlOptions[CURLOPT_PROXY] = $this->proxy;
66  $this->curlOptions[CURLOPT_TIMEOUT] = $this->timeout;
67  $this->curlOptions[CURLOPT_CONNECTTIMEOUT_MS] = $this->connectTimeout * 1000;
68  $this->curlOptions[CURLOPT_HTTP_VERSION] = CURL_HTTP_VERSION_1_0;
69  $this->curlOptions[CURLOPT_WRITEFUNCTION] = $this->callback;
70  $this->curlOptions[CURLOPT_HEADERFUNCTION] = [ $this, "readHeader" ];
71  $this->curlOptions[CURLOPT_MAXREDIRS] = $this->maxRedirects;
72  $this->curlOptions[CURLOPT_ENCODING] = ""; # Enable compression
73 
74  $this->curlOptions[CURLOPT_USERAGENT] = $this->reqHeaders['User-Agent'];
75 
76  $this->curlOptions[CURLOPT_SSL_VERIFYHOST] = $this->sslVerifyHost ? 2 : 0;
77  $this->curlOptions[CURLOPT_SSL_VERIFYPEER] = $this->sslVerifyCert;
78 
79  if ( $this->caInfo ) {
80  $this->curlOptions[CURLOPT_CAINFO] = $this->caInfo;
81  }
82 
83  if ( $this->headersOnly ) {
84  $this->curlOptions[CURLOPT_NOBODY] = true;
85  $this->curlOptions[CURLOPT_HEADER] = true;
86  } elseif ( $this->method == 'POST' ) {
87  $this->curlOptions[CURLOPT_POST] = true;
89  // Don't interpret POST parameters starting with '@' as file uploads, because this
90  // makes it impossible to POST plain values starting with '@' (and causes security
91  // issues potentially exposing the contents of local files).
92  $this->curlOptions[CURLOPT_SAFE_UPLOAD] = true;
93  $this->curlOptions[CURLOPT_POSTFIELDS] = $postData;
94 
95  // Suppress 'Expect: 100-continue' header, as some servers
96  // will reject it with a 417 and Curl won't auto retry
97  // with HTTP 1.0 fallback
98  $this->reqHeaders['Expect'] = '';
99  } else {
100  $this->curlOptions[CURLOPT_CUSTOMREQUEST] = $this->method;
101  }
102 
103  $this->curlOptions[CURLOPT_HTTPHEADER] = $this->getHeaderList();
104 
105  $curlHandle = curl_init( $this->url );
106 
107  if ( !curl_setopt_array( $curlHandle, $this->curlOptions ) ) {
108  $this->status->fatal( 'http-internal-error' );
109  throw new InvalidArgumentException( "Error setting curl options." );
110  }
111 
112  if ( $this->followRedirects && $this->canFollowRedirects() ) {
113  Wikimedia\suppressWarnings();
114  if ( !curl_setopt( $curlHandle, CURLOPT_FOLLOWLOCATION, true ) ) {
115  $this->logger->debug( __METHOD__ . ": Couldn't set CURLOPT_FOLLOWLOCATION. " .
116  "Probably open_basedir is set.\n" );
117  // Continue the processing. If it were in curl_setopt_array,
118  // processing would have halted on its entry
119  }
120  Wikimedia\restoreWarnings();
121  }
122 
123  if ( $this->profiler ) {
124  $profileSection = $this->profiler->scopedProfileIn(
125  __METHOD__ . '-' . $this->profileName
126  );
127  }
128 
129  $curlRes = curl_exec( $curlHandle );
130  if ( curl_errno( $curlHandle ) == CURLE_OPERATION_TIMEOUTED ) {
131  $this->status->fatal( 'http-timed-out', $this->url );
132  } elseif ( $curlRes === false ) {
133  $this->status->fatal( 'http-curl-error', curl_error( $curlHandle ) );
134  } else {
135  $this->headerList = explode( "\r\n", $this->headerText );
136  }
137 
138  curl_close( $curlHandle );
139 
140  if ( $this->profiler ) {
141  $this->profiler->scopedProfileOut( $profileSection );
142  }
143 
144  $this->parseHeader();
145  $this->setStatus();
146 
147  return Status::wrap( $this->status ); // TODO B/C; move this to callers
148  }
149 
153  public function canFollowRedirects() {
154  $curlVersionInfo = curl_version();
155  if ( $curlVersionInfo['version_number'] < 0x071304 ) {
156  $this->logger->debug( "Cannot follow redirects with libcurl < 7.19.4 due to CVE-2009-0037\n" );
157  return false;
158  }
159 
160  return true;
161  }
162 }
callable $callback
getHeaderList()
Get an array of the headers.
setStatus()
Sets HTTPRequest status member to a fatal value with the error message if the returned integer value ...
readHeader( $fh, $content)
static wrap( $sv)
Succinct helper method to wrap a StatusValue.
Definition: Status.php:55
parseHeader()
Parses the headers, including the HTTP status code and any Set-Cookie headers.
int string $timeout