[Pkg-owncloud-commits] [owncloud] 09/16: Do only follow HTTP and HTTPS redirects

Wed Mar 11 15:49:30 UTC 2015

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v5.0.19
in repository owncloud.

commit cd6de9b8e41c584092821d0a0071351b6426ba32
Author: Lukas Reschke <lukas at owncloud.com>
Date:   Tue Sep 23 12:15:43 2014 +0200

    Do only follow HTTP and HTTPS redirects
    
    Backport of #11032 to stable5
---
 apps/files/ajax/newfile.php | 11 +++++-
 lib/user/http.php           |  3 +-
 lib/util.php                | 90 ++++++++++++++++++++++++---------------------
 3 files changed, 60 insertions(+), 44 deletions(-)

diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php
index a68716f..56b7415 100644
--- a/apps/files/ajax/newfile.php
+++ b/apps/files/ajax/newfile.php
@@ -60,7 +60,16 @@ if($source) {
 		exit();
 	}
 
-	$ctx = stream_context_create(null, array('notification' =>'progress'));
+	$contextArray = array(
+		'http' => array(
+			'timeout' => 10,
+			'follow_location' => false, // Do not follow the location since we can't limit the protocol
+		),
+		'ssl' => array(
+			'disable_compression' => true
+		)
+	);
+	$ctx = stream_context_create($contextArray, array('notification' =>'progress'));
 	$sourceStream=fopen($source, 'rb', false, $ctx);
 	$target=$dir.'/'.$filename;
 	$result=\OC\Files\Filesystem::file_put_contents($target, $sourceStream);
diff --git a/lib/user/http.php b/lib/user/http.php
index 944ede7..71e3fbd 100644
--- a/lib/user/http.php
+++ b/lib/user/http.php
@@ -72,7 +72,8 @@ class OC_User_HTTP extends OC_User_Backend {
 		curl_setopt($ch, CURLOPT_URL, $url);
 		curl_setopt($ch, CURLOPT_USERPWD, $user.':'.$password);
 		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-
+		curl_setopt($ch, CURLOPT_PROTOCOLS,  CURLPROTO_HTTP | CURLPROTO_HTTPS);
+		curl_setopt($ch, CURLOPT_REDIR_PROTOCOLS,  CURLPROTO_HTTP | CURLPROTO_HTTPS);
 		curl_exec($ch);
 
 		$status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
diff --git a/lib/util.php b/lib/util.php
index 13231b8..c486ff6 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -798,54 +798,60 @@ class OC_Util {
 	 */
 
 	public static function getUrlContent($url){
+		if(stripos($url, 'https://') === 0 || stripos($url, 'http://') === 0) {
+			if (function_exists('curl_init')) {
+
+				$curl = curl_init();
+
+				curl_setopt($curl, CURLOPT_HEADER, 0);
+				curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+				curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
+				curl_setopt($curl, CURLOPT_URL, $url);
+				curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
+				curl_setopt($curl, CURLOPT_MAXREDIRS, 10);
+				curl_setopt($curl, CURLOPT_PROTOCOLS,  CURLPROTO_HTTP | CURLPROTO_HTTPS);
+				curl_setopt($curl, CURLOPT_REDIR_PROTOCOLS,  CURLPROTO_HTTP | CURLPROTO_HTTPS);
+
+				curl_setopt($curl, CURLOPT_USERAGENT, "ownCloud Server Crawler");
+				if(OC_Config::getValue('proxy', '')<>'') {
+					curl_setopt($curl, CURLOPT_PROXY, OC_Config::getValue('proxy'));
+				}
+				if(OC_Config::getValue('proxyuserpwd', '')<>'') {
+					curl_setopt($curl, CURLOPT_PROXYUSERPWD, OC_Config::getValue('proxyuserpwd'));
+				}
+				$data = curl_exec($curl);
+				curl_close($curl);
 
-		if  (function_exists('curl_init')) {
-
-			$curl = curl_init();
-
-			curl_setopt($curl, CURLOPT_HEADER, 0);
-			curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
-			curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
-			curl_setopt($curl, CURLOPT_URL, $url);
-			curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
-			curl_setopt($curl, CURLOPT_MAXREDIRS, 10);
-
-			curl_setopt($curl, CURLOPT_USERAGENT, "ownCloud Server Crawler");
-			if(OC_Config::getValue('proxy', '')<>'') {
-				curl_setopt($curl, CURLOPT_PROXY, OC_Config::getValue('proxy'));
-			}
-			if(OC_Config::getValue('proxyuserpwd', '')<>'') {
-				curl_setopt($curl, CURLOPT_PROXYUSERPWD, OC_Config::getValue('proxyuserpwd'));
-			}
-			$data = curl_exec($curl);
-			curl_close($curl);
-
-		} else {
-			$contextArray = null;
-
-			if(OC_Config::getValue('proxy', '')<>'') {
-				$contextArray = array(
-					'http' => array(
-						'timeout' => 10,
-						'proxy' => OC_Config::getValue('proxy')
-					)
-				);
 			} else {
-				$contextArray = array(
-					'http' => array(
-						'timeout' => 10
-					)
-				);
-			}
+				$contextArray = null;
+
+				if(OC_Config::getValue('proxy', '')<>'') {
+					$contextArray = array(
+						'http' => array(
+							'follow_location' => false, // Do not follow the location since we can't limit the protocol
+							'timeout' => 10,
+							'proxy' => OC_Config::getValue('proxy')
+						)
+					);
+				} else {
+					$contextArray = array(
+						'http' => array(
+							'follow_location' => false, // Do not follow the location since we can't limit the protocol
+							'timeout' => 10
+						)
+					);
+				}
 
 
-			$ctx = stream_context_create(
-				$contextArray
-			);
-			$data=@file_get_contents($url, 0, $ctx);
+				$ctx = stream_context_create(
+					$contextArray
+				);
+				$data=@file_get_contents($url, 0, $ctx);
 
+			}
+			return $data;
 		}
-		return $data;
+		return false;
 	}
 
 	/**

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

