TYPO3 CMS  TYPO3_6-2
ParanoidHTTPFetcher.php
Go to the documentation of this file.
1 <?php
2 
19 require_once "Auth/Yadis/HTTPFetcher.php";
20 
21 require_once "Auth/OpenID.php";
22 
31  {
32  $this->reset();
33  }
34 
35  function reset()
36  {
37  $this->headers = array();
38  $this->data = "";
39  }
40 
44  function _writeHeader($ch, $header)
45  {
46  array_push($this->headers, rtrim($header));
47  return strlen($header);
48  }
49 
53  function _writeData($ch, $data)
54  {
55  if (strlen($this->data) > 1024*Auth_OpenID_FETCHER_MAX_RESPONSE_KB) {
56  return 0;
57  } else {
58  $this->data .= $data;
59  return strlen($data);
60  }
61  }
62 
66  function supportsSSL()
67  {
68  $v = curl_version();
69  if(is_array($v)) {
70  return in_array('https', $v['protocols']);
71  } elseif (is_string($v)) {
72  return preg_match('/OpenSSL/i', $v);
73  } else {
74  return 0;
75  }
76  }
77 
78  function get($url, $extra_headers = null)
79  {
80  if (!$this->canFetchURL($url)) {
81  return null;
82  }
83 
84  $stop = time() + $this->timeout;
85  $off = $this->timeout;
86 
87  $redir = true;
88 
89  while ($redir && ($off > 0)) {
90  $this->reset();
91 
92  $c = curl_init();
93  if (defined('Auth_OpenID_DISABLE_SSL_VERIFYPEER')
94  && Auth_OpenID_DISABLE_SSL_VERIFYPEER === true) {
95  trigger_error(
96  'You have disabled SSL verifcation, this is a TERRIBLE ' .
97  'idea in almost all cases. Set Auth_OpenID_DISABLE_SSL_' .
98  'VERIFYPEER to false if you want to be safe again',
99  E_USER_WARNING);
100  curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
101  }
102 
103  if ($c === false) {
105  "curl_init returned false; could not " .
106  "initialize for URL '%s'", $url);
107  return null;
108  }
109 
110  if (defined('CURLOPT_NOSIGNAL')) {
111  curl_setopt($c, CURLOPT_NOSIGNAL, true);
112  }
113 
114  if (!$this->allowedURL($url)) {
115  Auth_OpenID::log("Fetching URL not allowed: %s",
116  $url);
117  return null;
118  }
119 
120  curl_setopt($c, CURLOPT_WRITEFUNCTION,
121  array($this, "_writeData"));
122  curl_setopt($c, CURLOPT_HEADERFUNCTION,
123  array($this, "_writeHeader"));
124 
125  if ($extra_headers) {
126  curl_setopt($c, CURLOPT_HTTPHEADER, $extra_headers);
127  }
128 
129  $cv = curl_version();
130  if(is_array($cv)) {
131  $curl_user_agent = 'curl/'.$cv['version'];
132  } else {
133  $curl_user_agent = $cv;
134  }
135  curl_setopt($c, CURLOPT_USERAGENT,
136  Auth_OpenID_USER_AGENT.' '.$curl_user_agent);
137  curl_setopt($c, CURLOPT_TIMEOUT, $off);
138  curl_setopt($c, CURLOPT_URL, $url);
139 
140  if (defined('Auth_OpenID_VERIFY_HOST')) {
141  // set SSL verification options only if Auth_OpenID_VERIFY_HOST
142  // is explicitly set, otherwise use system default.
143  if (Auth_OpenID_VERIFY_HOST) {
144  curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
145  curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
146  if (defined('Auth_OpenID_CAINFO')) {
147  curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
148  }
149  } else {
150  curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
151  }
152  }
153  if (defined('Auth_OpenID_HTTP_PROXY')) {
154  curl_setopt($c, CURLOPT_PROXY, Auth_OpenID_HTTP_PROXY);
155  }
156 
157  // <TYPO3-specific>
158  if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyServer']) {
159  curl_setopt($c, CURLOPT_PROXY, $GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyServer']);
160 
161  if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyTunnel']) {
162  curl_setopt($c, CURLOPT_HTTPPROXYTUNNEL, $GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyTunnel']);
163  }
164  if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyUserPass']) {
165  curl_setopt($c, CURLOPT_PROXYUSERPWD, $GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyUserPass']);
166  }
167  }
168  // </TYPO3-specific>
169 
170  curl_exec($c);
171 
172  $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
173  $body = $this->data;
174  $headers = $this->headers;
175 
176  if (!$code) {
177  Auth_OpenID::log("Got no response code when fetching %s", $url);
178  Auth_OpenID::log("CURL error (%s): %s",
179  curl_errno($c), curl_error($c));
180  return null;
181  }
182 
183  if (in_array($code, array(301, 302, 303, 307))) {
184  $url = $this->_findRedirect($headers, $url);
185  $redir = true;
186  } else {
187  $redir = false;
188  curl_close($c);
189 
190  if (defined('Auth_OpenID_VERIFY_HOST') &&
191  Auth_OpenID_VERIFY_HOST == true &&
192  $this->isHTTPS($url)) {
193  Auth_OpenID::log('OpenID: Verified SSL host %s using '.
194  'curl/get', $url);
195  }
196  $new_headers = array();
197 
198  foreach ($headers as $header) {
199  if (strpos($header, ': ')) {
200  list($name, $value) = explode(': ', $header, 2);
201  $new_headers[$name] = $value;
202  }
203  }
204 
205  return new Auth_Yadis_HTTPResponse($url, $code,
206  $new_headers, $body);
207  }
208 
209  $off = $stop - time();
210  }
211 
212  return null;
213  }
214 
215  function post($url, $body, $extra_headers = null)
216  {
217  if (!$this->canFetchURL($url)) {
218  return null;
219  }
220 
221  $this->reset();
222 
223  $c = curl_init();
224 
225  if (defined('CURLOPT_NOSIGNAL')) {
226  curl_setopt($c, CURLOPT_NOSIGNAL, true);
227  }
228 
229  if (defined('Auth_OpenID_HTTP_PROXY')) {
230  curl_setopt($c, CURLOPT_PROXY, Auth_OpenID_HTTP_PROXY);
231  }
232 
233  // <TYPO3-specific>
234  if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyServer']) {
235  curl_setopt($c, CURLOPT_PROXY, $GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyServer']);
236 
237  if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyTunnel']) {
238  curl_setopt($c, CURLOPT_HTTPPROXYTUNNEL, $GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyTunnel']);
239  }
240  if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyUserPass']) {
241  curl_setopt($c, CURLOPT_PROXYUSERPWD, $GLOBALS['TYPO3_CONF_VARS']['SYS']['curlProxyUserPass']);
242  }
243  }
244  // </TYPO3-specific>
245 
246  curl_setopt($c, CURLOPT_POST, true);
247  curl_setopt($c, CURLOPT_POSTFIELDS, $body);
248  curl_setopt($c, CURLOPT_TIMEOUT, $this->timeout);
249  curl_setopt($c, CURLOPT_URL, $url);
250  curl_setopt($c, CURLOPT_WRITEFUNCTION,
251  array($this, "_writeData"));
252 
253  if (defined('Auth_OpenID_VERIFY_HOST')) {
254  // set SSL verification options only if Auth_OpenID_VERIFY_HOST
255  // is explicitly set, otherwise use system default.
256  if (Auth_OpenID_VERIFY_HOST) {
257  curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
258  curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
259  if (defined('Auth_OpenID_CAINFO')) {
260  curl_setopt($c, CURLOPT_CAINFO, Auth_OpenID_CAINFO);
261  }
262  } else {
263  curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
264  }
265  }
266 
267  curl_exec($c);
268 
269  $code = curl_getinfo($c, CURLINFO_HTTP_CODE);
270 
271  if (!$code) {
272  Auth_OpenID::log("Got no response code when fetching %s", $url);
273  Auth_OpenID::log("CURL error (%s): %s",
274  curl_errno($c), curl_error($c));
275  return null;
276  }
277 
278  if (defined('Auth_OpenID_VERIFY_HOST') &&
279  Auth_OpenID_VERIFY_HOST == true &&
280  $this->isHTTPS($url)) {
281  Auth_OpenID::log('OpenID: Verified SSL host %s using '.
282  'curl/post', $url);
283  }
284  $body = $this->data;
285 
286  curl_close($c);
287 
288  $new_headers = $extra_headers;
289 
290  foreach ($this->headers as $header) {
291  if (strpos($header, ': ')) {
292  list($name, $value) = explode(': ', $header, 2);
293  $new_headers[$name] = $value;
294  }
295 
296  }
297 
298  return new Auth_Yadis_HTTPResponse($url, $code,
299  $new_headers, $body);
300  }
301 }
302 
const Auth_OpenID_FETCHER_MAX_RESPONSE_KB
Definition: HTTPFetcher.php:21
const Auth_OpenID_USER_AGENT
Definition: HTTPFetcher.php:22
_findRedirect($headers, $url)
post($url, $body, $extra_headers=null)
static log($format_string)
Definition: OpenID.php:525
if(!defined('TYPO3_MODE')) $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'][]