Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-33955

Make download_file_content()/class curl to observe "moved" headers with open_basedir or safe_mode in effect

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 2.6
    • 2.1, 2.2, 2.3
    • Libraries
    • MOODLE_21_STABLE, MOODLE_22_STABLE, MOODLE_23_STABLE
    • MOODLE_26_STABLE
    • w25_MDL-33955_m26_curlredir
    • Hide

      1/ execute phpunit tests
      2/ try all repository plugins that load stuff from external servers via curl without open_basedir restriction

      Please note that 3rd party libs that use curl extension directly are not fixed by this hack.

      Show
      1/ execute phpunit tests 2/ try all repository plugins that load stuff from external servers via curl without open_basedir restriction Please note that 3rd party libs that use curl extension directly are not fixed by this hack.

    Description

      This was discovered while fixing MDLSITE-1810

      Right now, sites with open_basedir and/or safe_mode in effect have one severe limitation in their download_file_content() implementation. They simply are not allowed to follow 30x response headers.

          if (!ini_get('open_basedir') and !ini_get('safe_mode')) {
      		 
              // TODO: add version test for '7.10.5'
      		 
              curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
      		 
              curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
      		 
          }

      We should take rid of that limitation ASAP, for all supported branches, there are a lot of alternatives out there to "manually" follow them in a transparent way:

      Ciao

      Attachments

        Issue Links

          caused a regression

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-42951 curl class doesn't format header correctly

          • Critical - Crashes server, loss of data, severe memory leak
          • Closed

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-42985 The curl rule proxybypass is never applied

          • Minor - Minor loss of function where workaround is possible
          • Closed
          has been marked as being related by

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-33749 URL downloader does not follow redirects

          • Minor - Minor loss of function where workaround is possible
          • Closed
          is blocked by

          New Feature - A new Moodle feature which has yet to be developed. MDLSITE-2306 new curl redirection test files

          • Low - Cosmetic problems, nice-to-have features
          • Closed
          is duplicated by

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-39215 Moodle throws exception in Cronjob E-Mail because of curl_setopt() in lib/filelib.php

          • Minor - Minor loss of function where workaround is possible
          • Closed
          will help resolve

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDLSITE-1810 Cannot install french/Deutsch language pack

          • High - Customer/Partner Issue, GDPR removal, priority Features
          • Closed

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-36973 curl class doesn't respect is_proxybypass

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Improvement - An enhancement to an existing Moodle feature. MDLSITE-1828 Add github tag downloader repository to speed up developers life

          • Low - Cosmetic problems, nice-to-have features
          • Closed

          Activity

            People

              skodak Petr Skoda
              stronk7 Eloy Lafuente (stronk7)
              Sam Hemelryk Sam Hemelryk
              Damyon Wiese Damyon Wiese
              Votes:
              4 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                18/Nov/13