Make WordPress Core

Opened 14 years ago

Closed 14 years ago

Last modified 13 years ago

#11305 closed defect (bug) (fixed)

WP_Http won't follow redirects if open_basedir is in effect

Reported by: calin's profile calin Owned by: dd32's profile dd32
Milestone: 3.0 Priority: low
Severity: minor Version: 2.8.5
Component: HTTP API Keywords: reporter-feedback
Focuses: Cc:

Description

None of the existing transport methods (tested with all methods) follow the location header if PHP setting open_basedir is in effect. This further affects the SimplePie RSS, triggering errors for redirected feeds with the error: A feed could not be found at http://thebl.og/feed/ in /wp-includes/class-simplepie.php on line 1680.

Attachments (2)

http.php.diff (1.1 KB) - added by calin 14 years ago.
11305.diff (823 bytes) - added by dd32 14 years ago.
Updated patch based on Fsockopen's syntax, to keep the logic constant throughout the file.

Download all attachments as: .zip

Change History (18)

#1 @calin
14 years ago

  • Cc calin added

#2 @Denis-de-Bernardy
14 years ago

  • Milestone changed from Unassigned to Future Release
  • Priority changed from normal to low
  • Severity changed from normal to minor
  • Version set to 2.8.5

Isn't open_basedir supposed to go away with php6?

@calin
14 years ago

#3 @calin
14 years ago

I attached the patch to fix the issue.

#4 @scribu
14 years ago

  • Keywords has-patch needs-testing added
  • Milestone changed from Future Release to 3.0

#5 @dd32
14 years ago

This doesnt affect all transports.

Specifically, This affects Curl only, When Running under safe mode, or when open_basedir is set - http://core.trac.wordpress.org/browser/trunk/wp-includes/http.php#L1329 redirection is specifically disabled in the event of either.

I dont think the proposed location in the patch is the best place for it. Patch forthcoming which moves this check into the Curl handler and only activates if Follow location was disabled.

#6 @dd32
14 years ago

This doesnt affect all transports.

Although i've said that, I realise that the OP has stated that it does..

I've tested all the transports aside from the PHP HTTP Extension, and they all seem to play ball with the attached patch.. Taking into account #11557 & the fact that the Fsockopen transport also manually follows redirects.. The original statement didnt seem correct to me.

@dd32
14 years ago

Updated patch based on Fsockopen's syntax, to keep the logic constant throughout the file.

#7 @dd32
14 years ago

Closed #10417 as Duplicate of this.

According to Sivel on that ticket:

When safe_mode or open_basedir are set it seems that the only transport that can "follow" the redirects is fsockopen. All others stop after the initial request.

So it could potentially just be my system that Streams and Fopen are following the redirects.. Can someone else confirm that?

#8 @hakre
14 years ago

your redirect test-script would be really helpfull for this ticket as well :)

#9 @dd32
14 years ago

your redirect test-script would be really helpfull for this ticket as well :)

http://tools.dd32.id.au/redirect/

#10 @dd32
14 years ago

(In [12747]) Allow cURL to follow redirects when running under safe_mode or open_basedir. See #11305

#11 @dd32
14 years ago

  • Keywords reporter-feedback added; has-patch needs-testing removed

I commited the changes that affect curl.

Could someone please report under what specific conditions streams/fopen are affected?

PHP Version, and possibly a print of phpinfo() could be very useful.

#12 @dd32
14 years ago

(In [12749]) Fix Typo in r12747, Move cURL Redirection check higher. See #11305

#13 @dd32
14 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Closing as fixed due to lack of feedback. If other transports are affected, please open a new ticket with full system information and reference this ticket.

#14 @hakre
13 years ago

Related: #16889

#15 @hakre
13 years ago

Related: #16890

#16 @cogmios
13 years ago

see my comment on this in #16855 when redirect = 0

Last edited 13 years ago by cogmios (previous) (diff)
Note: See TracTickets for help on using tickets.