Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 5 years ago

#11305 closed defect (bug) (fixed)

WP_Http won't follow redirects if open_basedir is in effect

Reported by: calin Owned by: dd32
Milestone: 3.0 Priority: low
Severity: minor Version: 2.8.5
Component: HTTP API Keywords: reporter-feedback
Focuses: Cc:


None of the existing transport methods (tested with all methods) follow the location header if PHP setting open_basedir is in effect. This further affects the SimplePie RSS, triggering errors for redirected feeds with the error: A feed could not be found at http://thebl.og/feed/ in /wp-includes/class-simplepie.php on line 1680.

Attachments (2)

http.php.diff (1.1 KB) - added by calin 6 years ago.
11305.diff (823 bytes) - added by dd32 6 years ago.
Updated patch based on Fsockopen's syntax, to keep the logic constant throughout the file.

Download all attachments as: .zip

Change History (18)

comment:1 @calin6 years ago

  • Cc calin added

comment:2 @Denis-de-Bernardy6 years ago

  • Milestone changed from Unassigned to Future Release
  • Priority changed from normal to low
  • Severity changed from normal to minor
  • Version set to 2.8.5

Isn't open_basedir supposed to go away with php6?

@calin6 years ago

comment:3 @calin6 years ago

I attached the patch to fix the issue.

comment:4 @scribu6 years ago

  • Keywords has-patch needs-testing added
  • Milestone changed from Future Release to 3.0

comment:5 @dd326 years ago

This doesnt affect all transports.

Specifically, This affects Curl only, When Running under safe mode, or when open_basedir is set - http://core.trac.wordpress.org/browser/trunk/wp-includes/http.php#L1329 redirection is specifically disabled in the event of either.

I dont think the proposed location in the patch is the best place for it. Patch forthcoming which moves this check into the Curl handler and only activates if Follow location was disabled.

comment:6 @dd326 years ago

This doesnt affect all transports.

Although i've said that, I realise that the OP has stated that it does..

I've tested all the transports aside from the PHP HTTP Extension, and they all seem to play ball with the attached patch.. Taking into account #11557 & the fact that the Fsockopen transport also manually follows redirects.. The original statement didnt seem correct to me.

@dd326 years ago

Updated patch based on Fsockopen's syntax, to keep the logic constant throughout the file.

comment:7 @dd326 years ago

Closed #10417 as Duplicate of this.

According to Sivel on that ticket:

When safe_mode or open_basedir are set it seems that the only transport that can "follow" the redirects is fsockopen. All others stop after the initial request.

So it could potentially just be my system that Streams and Fopen are following the redirects.. Can someone else confirm that?

comment:8 @hakre6 years ago

your redirect test-script would be really helpfull for this ticket as well :)

comment:9 @dd326 years ago

your redirect test-script would be really helpfull for this ticket as well :)


comment:10 @dd326 years ago

(In [12747]) Allow cURL to follow redirects when running under safe_mode or open_basedir. See #11305

comment:11 @dd326 years ago

  • Keywords reporter-feedback added; has-patch needs-testing removed

I commited the changes that affect curl.

Could someone please report under what specific conditions streams/fopen are affected?

PHP Version, and possibly a print of phpinfo() could be very useful.

comment:12 @dd326 years ago

(In [12749]) Fix Typo in r12747, Move cURL Redirection check higher. See #11305

comment:13 @dd326 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Closing as fixed due to lack of feedback. If other transports are affected, please open a new ticket with full system information and reference this ticket.

comment:14 @hakre5 years ago

Related: #16889

comment:15 @hakre5 years ago

Related: #16890

comment:16 @cogmios5 years ago

see my comment on this in #16890 when redirect = 0

Version 1, edited 5 years ago by cogmios (previous) (next) (diff)
Note: See TracTickets for help on using tickets.