Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-33955

Make download_file_content()/class curl to observe "moved" headers with open_basedir or safe_mode in effect

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.1, 2.2, 2.3
    • Fix Version/s: 2.6
    • Component/s: Libraries
    • Labels:
    • Testing Instructions:
      Hide

      1/ execute phpunit tests
      2/ try all repository plugins that load stuff from external servers via curl without open_basedir restriction

      Please note that 3rd party libs that use curl extension directly are not fixed by this hack.

      Show
      1/ execute phpunit tests 2/ try all repository plugins that load stuff from external servers via curl without open_basedir restriction Please note that 3rd party libs that use curl extension directly are not fixed by this hack.
    • Affected Branches:
      MOODLE_21_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_26_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      w25_MDL-33955_m26_curlredir

      Description

      This was discovered while fixing MDLSITE-1810

      Right now, sites with open_basedir and/or safe_mode in effect have one severe limitation in their download_file_content() implementation. They simply are not allowed to follow 30x response headers.

          if (!ini_get('open_basedir') and !ini_get('safe_mode')) {
              // TODO: add version test for '7.10.5'
              curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
              curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
          }

      We should take rid of that limitation ASAP, for all supported branches, there are a lot of alternatives out there to "manually" follow them in a transparent way:

      Ciao

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              skodak Petr Skoda
              Reporter:
              stronk7 Eloy Lafuente (stronk7)
              Integrator:
              Sam Hemelryk
              Tester:
              Damyon Wiese
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
              Votes:
              4 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                18/Nov/13