mirror of
https://github.com/php/php-src.git
synced 2024-10-04 08:16:11 +00:00
fba290c061
Newer versions of libcurl prevent file:// location response headers by default, which means that the open_basedir check is unnecessary — the fact CURLOPT_REDIR_PROTOCOLS can't set CURLPROTO_FILE with open_basedir enabled means that there's no possibility of breaching the open_basedir restriction, and this allows HTTP redirects to be followed automatically. Implements FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or safe_mode).
26 lines
840 B
PHP
26 lines
840 B
PHP
--TEST--
|
|
Bug #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or safe_mode): open_basedir enabled; curl >= 7.19.4
|
|
--INI--
|
|
open_basedir=.
|
|
--SKIPIF--
|
|
<?php
|
|
if (!extension_loaded('curl')) exit("skip curl extension not loaded");
|
|
if (version_compare(curl_version()['version'], '7.19.4', '<')) exit("skip curl version is too old");
|
|
?>
|
|
--FILE--
|
|
<?php
|
|
$ch = curl_init();
|
|
var_dump(curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true));
|
|
var_dump(curl_setopt($ch, CURLOPT_PROTOCOLS, CURLPROTO_FILE));
|
|
var_dump(curl_setopt($ch, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_FILE));
|
|
curl_close($ch);
|
|
?>
|
|
--EXPECTF--
|
|
bool(true)
|
|
|
|
Warning: curl_setopt(): CURLPROTO_FILE cannot be activated when an open_basedir is set in %s on line %d
|
|
bool(false)
|
|
|
|
Warning: curl_setopt(): CURLPROTO_FILE cannot be activated when an open_basedir is set in %s on line %d
|
|
bool(false)
|