MediaWiki  master
CurlHttpRequest.php
Go to the documentation of this file.
1 <?php
25  const SUPPORTS_FILE_POSTS = true;
26 
27  protected $curlOptions = [];
28  protected $headerText = "";
29 
33  public function __construct() {
34  if ( !function_exists( 'curl_init' ) ) {
35  throw new RuntimeException(
36  __METHOD__ . ': curl (https://www.php.net/curl) is not installed' );
37  }
38 
39  parent::__construct( ...func_get_args() );
40  }
41 
47  protected function readHeader( $fh, $content ) {
48  $this->headerText .= $content;
49  return strlen( $content );
50  }
51 
58  public function execute() {
59  $this->prepare();
60 
61  if ( !$this->status->isOK() ) {
62  return Status::wrap( $this->status ); // TODO B/C; move this to callers
63  }
64 
65  $this->curlOptions[CURLOPT_PROXY] = $this->proxy;
66  $this->curlOptions[CURLOPT_TIMEOUT] = $this->timeout;
67  $this->curlOptions[CURLOPT_CONNECTTIMEOUT_MS] = $this->connectTimeout * 1000;
68  $this->curlOptions[CURLOPT_HTTP_VERSION] = CURL_HTTP_VERSION_1_0;
69  $this->curlOptions[CURLOPT_WRITEFUNCTION] = $this->callback;
70  $this->curlOptions[CURLOPT_HEADERFUNCTION] = [ $this, "readHeader" ];
71  $this->curlOptions[CURLOPT_MAXREDIRS] = $this->maxRedirects;
72  $this->curlOptions[CURLOPT_ENCODING] = ""; # Enable compression
73 
74  $this->curlOptions[CURLOPT_USERAGENT] = $this->reqHeaders['User-Agent'];
75 
76  $this->curlOptions[CURLOPT_SSL_VERIFYHOST] = $this->sslVerifyHost ? 2 : 0;
77  $this->curlOptions[CURLOPT_SSL_VERIFYPEER] = $this->sslVerifyCert;
78 
79  if ( $this->caInfo ) {
80  $this->curlOptions[CURLOPT_CAINFO] = $this->caInfo;
81  }
82 
83  if ( $this->headersOnly ) {
84  $this->curlOptions[CURLOPT_NOBODY] = true;
85  $this->curlOptions[CURLOPT_HEADER] = true;
86  } elseif ( $this->method == 'POST' ) {
87  $this->curlOptions[CURLOPT_POST] = true;
89  // Don't interpret POST parameters starting with '@' as file uploads, because this
90  // makes it impossible to POST plain values starting with '@' (and causes security
91  // issues potentially exposing the contents of local files).
92  $this->curlOptions[CURLOPT_SAFE_UPLOAD] = true;
93  $this->curlOptions[CURLOPT_POSTFIELDS] = $postData;
94 
95  // Suppress 'Expect: 100-continue' header, as some servers
96  // will reject it with a 417 and Curl won't auto retry
97  // with HTTP 1.0 fallback
98  $this->reqHeaders['Expect'] = '';
99  } else {
100  $this->curlOptions[CURLOPT_CUSTOMREQUEST] = $this->method;
101  }
102 
103  $this->curlOptions[CURLOPT_HTTPHEADER] = $this->getHeaderList();
104 
105  $curlHandle = curl_init( $this->url );
106 
107  if ( !curl_setopt_array( $curlHandle, $this->curlOptions ) ) {
108  $this->status->fatal( 'http-internal-error' );
109  throw new InvalidArgumentException( "Error setting curl options." );
110  }
111 
112  if ( $this->followRedirects && $this->canFollowRedirects() ) {
113  Wikimedia\suppressWarnings();
114  if ( !curl_setopt( $curlHandle, CURLOPT_FOLLOWLOCATION, true ) ) {
115  $this->logger->debug( __METHOD__ . ": Couldn't set CURLOPT_FOLLOWLOCATION. " .
116  "Probably open_basedir is set.\n" );
117  // Continue the processing. If it were in curl_setopt_array,
118  // processing would have halted on its entry
119  }
120  Wikimedia\restoreWarnings();
121  }
122 
123  if ( $this->profiler ) {
124  $profileSection = $this->profiler->scopedProfileIn(
125  __METHOD__ . '-' . $this->profileName
126  );
127  }
128 
129  $curlRes = curl_exec( $curlHandle );
130  if ( curl_errno( $curlHandle ) == CURLE_OPERATION_TIMEOUTED ) {
131  $this->status->fatal( 'http-timed-out', $this->url );
132  } elseif ( $curlRes === false ) {
133  $this->status->fatal( 'http-curl-error', curl_error( $curlHandle ) );
134  } else {
135  $this->headerList = explode( "\r\n", $this->headerText );
136  }
137 
138  curl_close( $curlHandle );
139 
140  if ( $this->profiler ) {
141  $this->profiler->scopedProfileOut( $profileSection );
142  }
143 
144  $this->parseHeader();
145  $this->setStatus();
146 
147  return Status::wrap( $this->status ); // TODO B/C; move this to callers
148  }
149 
153  public function canFollowRedirects() {
154  $curlVersionInfo = curl_version();
155  if ( $curlVersionInfo['version_number'] < 0x071304 ) {
156  $this->logger->debug( "Cannot follow redirects with libcurl < 7.19.4 due to CVE-2009-0037\n" );
157  return false;
158  }
159 
160  return true;
161  }
162 }
callable $callback
getHeaderList()
Get an array of the headers.
setStatus()
Sets HTTPRequest status member to a fatal value with the error message if the returned integer value ...
readHeader( $fh, $content)
static wrap( $sv)
Succinct helper method to wrap a StatusValue.
Definition: Status.php:55
parseHeader()
Parses the headers, including the HTTP status code and any Set-Cookie headers.
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition: injection.txt:35
int string $timeout