X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fnetwork.php;h=759e53670770752871a571c4e5350e098c024556;hb=56ee734b00aead633d5d213a6b140b75bc17ba96;hp=b0e71fab7f8b93ecbc520c9af4e14e05c713992d;hpb=187a81f159c26faa0b135a38a655de019f99d337;p=friendica.git diff --git a/include/network.php b/include/network.php index b0e71fab7f..759e536707 100644 --- a/include/network.php +++ b/include/network.php @@ -4,7 +4,7 @@ * @file include/network.php */ -use \Friendica\Core\Config; +use Friendica\Core\Config; require_once("include/xml.php"); require_once('include/Probe.php'); @@ -62,22 +62,27 @@ function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_ * string 'header' => HTTP headers * string 'body' => fetched content */ -function z_fetch_url($url,$binary = false, &$redirects = 0, $opts=array()) { - - $ret = array('return_code' => 0, 'success' => false, 'header' => "", 'body' => ""); - +function z_fetch_url($url, $binary = false, &$redirects = 0, $opts = array()) { + $ret = array('return_code' => 0, 'success' => false, 'header' => '', 'body' => ''); $stamp1 = microtime(true); $a = get_app(); + if (blocked_url($url)) { + logger('z_fetch_url: domain of ' . $url . ' is blocked', LOGGER_DATA); + return $ret; + } + $ch = @curl_init($url); - if(($redirects > 8) || (! $ch)) - return false; + + if (($redirects > 8) || (!$ch)) { + return $ret; + } @curl_setopt($ch, CURLOPT_HEADER, true); - if(x($opts,"cookiejar")) { + if (x($opts, "cookiejar")) { curl_setopt($ch, CURLOPT_COOKIEJAR, $opts["cookiejar"]); curl_setopt($ch, CURLOPT_COOKIEFILE, $opts["cookiejar"]); } @@ -86,52 +91,61 @@ function z_fetch_url($url,$binary = false, &$redirects = 0, $opts=array()) { // @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); // @curl_setopt($ch, CURLOPT_MAXREDIRS, 5); - if (x($opts,'accept_content')){ - curl_setopt($ch,CURLOPT_HTTPHEADER, array ( - "Accept: " . $opts['accept_content'] + if (x($opts, 'accept_content')) { + curl_setopt($ch, CURLOPT_HTTPHEADER, array( + 'Accept: ' . $opts['accept_content'] )); } - @curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); + @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); @curl_setopt($ch, CURLOPT_USERAGENT, $a->get_useragent()); $range = intval(Config::get('system', 'curl_range_bytes', 0)); + if ($range > 0) { - @curl_setopt($ch, CURLOPT_RANGE, '0-'.$range); + @curl_setopt($ch, CURLOPT_RANGE, '0-' . $range); } - if(x($opts,'headers')){ + if (x($opts, 'headers')) { @curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']); } - if(x($opts,'nobody')){ + + if (x($opts, 'nobody')) { @curl_setopt($ch, CURLOPT_NOBODY, $opts['nobody']); } - if(x($opts,'timeout')){ + + if (x($opts, 'timeout')) { @curl_setopt($ch, CURLOPT_TIMEOUT, $opts['timeout']); } else { - $curl_time = intval(get_config('system','curl_timeout')); + $curl_time = intval(get_config('system', 'curl_timeout')); @curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60)); } // by default we will allow self-signed certs // but you can override this - $check_cert = get_config('system','verifyssl'); + $check_cert = get_config('system', 'verifyssl'); @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false)); + if ($check_cert) { @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); } - $prx = get_config('system','proxy'); - if(strlen($prx)) { + $proxy = get_config('system', 'proxy'); + + if (strlen($proxy)) { @curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); - @curl_setopt($ch, CURLOPT_PROXY, $prx); - $prxusr = @get_config('system','proxyuser'); - if(strlen($prxusr)) - @curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); + @curl_setopt($ch, CURLOPT_PROXY, $proxy); + $proxyuser = @get_config('system', 'proxyuser'); + + if (strlen($proxyuser)) { + @curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyuser); + } + } + + if ($binary) { + @curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1); } - if($binary) - @curl_setopt($ch, CURLOPT_BINARYTRANSFER,1); $a->set_curl_code(0); @@ -139,8 +153,9 @@ function z_fetch_url($url,$binary = false, &$redirects = 0, $opts=array()) { // if it throws any errors. $s = @curl_exec($ch); + if (curl_errno($ch) !== CURLE_OK) { - logger('fetch_url error fetching '.$url.': '.curl_error($ch), LOGGER_NORMAL); + logger('fetch_url error fetching ' . $url . ': ' . curl_error($ch), LOGGER_NORMAL); } $ret['errno'] = curl_errno($ch); @@ -149,136 +164,151 @@ function z_fetch_url($url,$binary = false, &$redirects = 0, $opts=array()) { $curl_info = @curl_getinfo($ch); $http_code = $curl_info['http_code']; - logger('fetch_url '.$url.': '.$http_code." ".$s, LOGGER_DATA); + logger('fetch_url ' . $url . ': ' . $http_code . " " . $s, LOGGER_DATA); $header = ''; // Pull out multiple headers, e.g. proxy and continuation headers // allow for HTTP/2.x without fixing code - while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) { - $chunk = substr($base,0,strpos($base,"\r\n\r\n")+4); + while (preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/', $base)) { + $chunk = substr($base, 0, strpos($base, "\r\n\r\n") + 4); $header .= $chunk; - $base = substr($base,strlen($chunk)); + $base = substr($base, strlen($chunk)); } $a->set_curl_code($http_code); $a->set_curl_content_type($curl_info['content_type']); $a->set_curl_headers($header); - if($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) { - $new_location_info = @parse_url($curl_info["redirect_url"]); - $old_location_info = @parse_url($curl_info["url"]); + if ($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) { + $new_location_info = @parse_url($curl_info['redirect_url']); + $old_location_info = @parse_url($curl_info['url']); - $newurl = $curl_info["redirect_url"]; + $newurl = $curl_info['redirect_url']; - if (($new_location_info["path"] == "") AND ($new_location_info["host"] != "")) - $newurl = $new_location_info["scheme"]."://".$new_location_info["host"].$old_location_info["path"]; + if (($new_location_info['path'] == '') AND ( $new_location_info['host'] != '')) { + $newurl = $new_location_info['scheme'] . '://' . $new_location_info['host'] . $old_location_info['path']; + } $matches = array(); + if (preg_match('/(Location:|URI:)(.*?)\n/i', $header, $matches)) { $newurl = trim(array_pop($matches)); } - if(strpos($newurl,'/') === 0) - $newurl = $old_location_info["scheme"]."://".$old_location_info["host"].$newurl; + + if (strpos($newurl, '/') === 0) { + $newurl = $old_location_info['scheme'] . '://' . $old_location_info['host'] . $newurl; + } + if (filter_var($newurl, FILTER_VALIDATE_URL)) { $redirects++; @curl_close($ch); - return z_fetch_url($newurl,$binary, $redirects, $opts); + return z_fetch_url($newurl, $binary, $redirects, $opts); } } - $a->set_curl_code($http_code); $a->set_curl_content_type($curl_info['content_type']); - $body = substr($s,strlen($header)); - - + $body = substr($s, strlen($header)); $rc = intval($http_code); $ret['return_code'] = $rc; $ret['success'] = (($rc >= 200 && $rc <= 299) ? true : false); $ret['redirect_url'] = $url; - if(! $ret['success']) { + + if (!$ret['success']) { $ret['error'] = curl_error($ch); $ret['debug'] = $curl_info; logger('z_fetch_url: error: ' . $url . ': ' . $ret['error'], LOGGER_DEBUG); - logger('z_fetch_url: debug: ' . print_r($curl_info,true), LOGGER_DATA); + logger('z_fetch_url: debug: ' . print_r($curl_info, true), LOGGER_DATA); } - $ret['body'] = substr($s,strlen($header)); + + $ret['body'] = substr($s, strlen($header)); $ret['header'] = $header; - if(x($opts,'debug')) { + + if (x($opts, 'debug')) { $ret['debug'] = $curl_info; } + @curl_close($ch); - $a->save_timestamp($stamp1, "network"); + $a->save_timestamp($stamp1, 'network'); return($ret); - } -// post request to $url. $params is an array of post variables. - /** - * @brief Post request to $url + * @brief Send POST request to $url * * @param string $url URL to post - * @param mixed $params + * @param mixed $params array of POST variables * @param string $headers HTTP headers * @param integer $redirects Recursion counter for internal use - default = 0 * @param integer $timeout The timeout in seconds, default system config value or 60 seconds * * @return string The content */ -function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0) { +function post_url($url, $params, $headers = null, &$redirects = 0, $timeout = 0) { $stamp1 = microtime(true); + if (blocked_url($url)) { + logger('post_url: domain of ' . $url . ' is blocked', LOGGER_DATA); + return false; + } + $a = get_app(); $ch = curl_init($url); - if(($redirects > 8) || (! $ch)) + + if (($redirects > 8) || (!$ch)) { return false; + } - logger("post_url: start ".$url, LOGGER_DATA); + logger('post_url: start ' . $url, LOGGER_DATA); curl_setopt($ch, CURLOPT_HEADER, true); - curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); - curl_setopt($ch, CURLOPT_POST,1); - curl_setopt($ch, CURLOPT_POSTFIELDS,$params); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_POST, 1); + curl_setopt($ch, CURLOPT_POSTFIELDS, $params); curl_setopt($ch, CURLOPT_USERAGENT, $a->get_useragent()); - if(intval($timeout)) { + if (intval($timeout)) { curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); - } - else { - $curl_time = intval(get_config('system','curl_timeout')); + } else { + $curl_time = intval(get_config('system', 'curl_timeout')); curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60)); } - if(defined('LIGHTTPD')) { - if(!is_array($headers)) { + if (defined('LIGHTTPD')) { + if (!is_array($headers)) { $headers = array('Expect:'); } else { - if(!in_array('Expect:', $headers)) { + if (!in_array('Expect:', $headers)) { array_push($headers, 'Expect:'); } } } - if($headers) + + if ($headers) { curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); + } - $check_cert = get_config('system','verifyssl'); + $check_cert = get_config('system', 'verifyssl'); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false)); + if ($check_cert) { @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); } - $prx = get_config('system','proxy'); - if(strlen($prx)) { + + $proxy = get_config('system', 'proxy'); + + if (strlen($proxy)) { curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); - curl_setopt($ch, CURLOPT_PROXY, $prx); - $prxusr = get_config('system','proxyuser'); - if(strlen($prxusr)) - curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); + curl_setopt($ch, CURLOPT_PROXY, $proxy); + $proxyuser = get_config('system', 'proxyuser'); + if (strlen($proxyuser)) { + curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyuser); + } } $a->set_curl_code(0); @@ -292,44 +322,48 @@ function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0) $curl_info = curl_getinfo($ch); $http_code = $curl_info['http_code']; - logger("post_url: result ".$http_code." - ".$url, LOGGER_DATA); + logger('post_url: result ' . $http_code . ' - ' . $url, LOGGER_DATA); $header = ''; // Pull out multiple headers, e.g. proxy and continuation headers // allow for HTTP/2.x without fixing code - while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) { - $chunk = substr($base,0,strpos($base,"\r\n\r\n")+4); + while (preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/', $base)) { + $chunk = substr($base, 0, strpos($base, "\r\n\r\n") + 4); $header .= $chunk; - $base = substr($base,strlen($chunk)); + $base = substr($base, strlen($chunk)); } - if($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) { + if ($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) { $matches = array(); preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches); $newurl = trim(array_pop($matches)); - if(strpos($newurl,'/') === 0) - $newurl = $old_location_info["scheme"] . "://" . $old_location_info["host"] . $newurl; + + if (strpos($newurl, '/') === 0) { + $newurl = $old_location_info['scheme'] . '://' . $old_location_info['host'] . $newurl; + } + if (filter_var($newurl, FILTER_VALIDATE_URL)) { $redirects++; - logger("post_url: redirect ".$url." to ".$newurl); - return post_url($newurl,$params, $headers, $redirects, $timeout); - //return fetch_url($newurl,false,$redirects,$timeout); + logger('post_url: redirect ' . $url . ' to ' . $newurl); + return post_url($newurl, $params, $headers, $redirects, $timeout); } } + $a->set_curl_code($http_code); - $body = substr($s,strlen($header)); + + $body = substr($s, strlen($header)); $a->set_curl_headers($header); curl_close($ch); - $a->save_timestamp($stamp1, "network"); + $a->save_timestamp($stamp1, 'network'); - logger("post_url: end ".$url, LOGGER_DATA); + logger('post_url: end ' . $url, LOGGER_DATA); - return($body); + return $body; } // Generic XML return @@ -453,13 +487,14 @@ function allowed_url($url) { $h = @parse_url($url); - if(! $h) { + if (! $h) { return false; } - $str_allowed = get_config('system','allowed_sites'); - if(! $str_allowed) + $str_allowed = Config::get('system', 'allowed_sites'); + if (! $str_allowed) { return true; + } $found = false; @@ -467,16 +502,17 @@ function allowed_url($url) { // always allow our own site - if($host == strtolower($_SERVER['SERVER_NAME'])) + if ($host == strtolower($_SERVER['SERVER_NAME'])) { return true; + } $fnmatch = function_exists('fnmatch'); - $allowed = explode(',',$str_allowed); + $allowed = explode(',', $str_allowed); - if(count($allowed)) { - foreach($allowed as $a) { + if (count($allowed)) { + foreach ($allowed as $a) { $pat = strtolower(trim($a)); - if(($fnmatch && fnmatch($pat,$host)) || ($pat == $host)) { + if (($fnmatch && fnmatch($pat, $host)) || ($pat == $host)) { $found = true; break; } @@ -485,6 +521,36 @@ function allowed_url($url) { return $found; } +/** + * Checks if the provided url domain is on the domain blocklist. + * Returns true if it is or malformed URL, false if not. + * + * @param string $url The url to check the domain from + * @return boolean + */ +function blocked_url($url) { + $h = @parse_url($url); + + if (! $h) { + return true; + } + + $domain_blocklist = Config::get('system', 'blocklist', array()); + if (! $domain_blocklist) { + return false; + } + + $host = strtolower($h['host']); + + foreach ($domain_blocklist as $domain_block) { + if (strtolower($domain_block['domain']) == $host) { + return true; + } + } + + return false; +} + /** * @brief Check if email address is allowed to register here. *