php 当启用 safe_mode 或设置了 open_basedir 时,无法激活 CURLOPT_FOLLOWLOCATION
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10835255/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set in
提问by Yannick
When I run this script (http://bizonbytes.com/miscellaneous/sharrre.php?url=https://bizonbytes.com&type=googlePlus):
当我运行这个脚本时(http://bizonbytes.com/miscellaneous/sharrre.php?url=https://bizonbytes.com&type=googlePlus):
<?php
//Sharrre by Julien Hany
$json = array('url'=>'','count'=>0);
$json['url'] = $_GET['url'];
$url = urlencode($_GET['url']);
$type = urlencode($_GET['type']);
if(filter_var($_GET['url'], FILTER_VALIDATE_URL)){
if($type == 'googlePlus'){ //source http://www.helmutgranda.com/2011/11/01/get-a-url-google-count-via-php/
$content = parse("https://plusone.google.com/u/0/_/+1/fastbutton?url=".$url."&count=true");
$dom = new DOMDocument;
$dom->preserveWhiteSpace = false;
@$dom->loadHTML($content);
$domxpath = new DOMXPath($dom);
$newDom = new DOMDocument;
$newDom->formatOutput = true;
$filtered = $domxpath->query("//div[@id='aggregateCount']");
$json['count'] = str_replace('>', '', $filtered->item(0)->nodeValue);
}
else if($type == 'stumbleupon'){
$content = parse("http://www.stumbleupon.com/services/1.01/badge.getinfo?url=$url");
$result = json_decode($content);
$json['count'] = $result->result->views;
if( !isset($json['count']) ) $json['count'] = 0;
}
else if($type == 'pinterest'){
$content = parse("http://api.pinterest.com/v1/urls/count.json?callback=&url=$url");
$result = json_decode(str_replace(array('(', ')'), array('', ''), $content));
$json['count'] = $result->count;
if( !isset($json['count']) ) $json['count'] = 0;
}
}
echo str_replace('\/','/',json_encode($json));
function parse($encUrl){
$options = array(
CURLOPT_RETURNTRANSFER => true, // return web page
CURLOPT_HEADER => false, // don't return headers
CURLOPT_FOLLOWLOCATION => true, // follow redirects
CURLOPT_ENCODING => "", // handle all encodings
CURLOPT_USERAGENT => 'sharrre', // who am i
CURLOPT_AUTOREFERER => true, // set referer on redirect
CURLOPT_CONNECTTIMEOUT => 5, // timeout on connect
CURLOPT_TIMEOUT => 10, // timeout on response
CURLOPT_MAXREDIRS => 3, // stop after 10 redirects
CURLOPT_SSL_VERIFYHOST => 0,
CURLOPT_SSL_VERIFYPEER => false,
);
$ch = curl_init();
$options[CURLOPT_URL] = $encUrl;
curl_setopt_array($ch, $options);
$content = curl_exec($ch);
$err = curl_errno($ch);
$errmsg = curl_error($ch);
curl_close($ch);
if ($errmsg != '' || $err != '') {
/*print_r($errmsg);
print_r($errmsg);*/
}
return $content;
}
?>
I get the following error:
我收到以下错误:
Warning: curl_setopt_array() [function.curl-setopt-array]: CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set in C:\Inetpub\vhosts\bizonbytes.com\httpdocs\miscellaneous\sharrre.php on line 56
{"url":"https://bizonbytes.com","count":""}
Important notes
重要笔记
- I have NO experience with PHP I just need to run this script (sharrre.php)
- I've look at other similar case but could figure out the problem.
- I have open the windows/php.ini and made sure that safe_mode = Off
- I Notice that open_basedir is set like this ;open_basedir =
- Do I need to add something in the open_basedir?
- This is the link for the detail info about the php version installed. See http://bizonbytes.com/miscellaneous/test.php
- 我没有 PHP 经验,我只需要运行这个脚本 (sharrre.php)
- 我看过其他类似的案例,但可以找出问题所在。
- 我已经打开 windows/php.ini 并确保 safe_mode = Off
- 我注意到 open_basedir 是这样设置的;open_basedir =
- 我需要在 open_basedir 中添加一些东西吗?
- 这是有关安装的 php 版本的详细信息的链接。见http://bizonbytes.com/miscellaneous/test.php
Thanks everyone for your help in that matter
谢谢大家在这件事上的帮助
回答by alganet
Please note that this is a security warning. Using cURL, a website could redirect the script to something like file:///etc/passwdand mess with things around. To prevent this, whenever open_basedir is set cURL doesn't follow locations. You'll have to follow them manually, and manually check if all followed locations are safe as well.
请注意,这是一个安全警告。使用 cURL,网站可以将脚本重定向到类似的东西file:///etc/passwd,并把周围的东西弄乱。为了防止这种情况,无论何时设置 open_basedir,cURL 都不会跟随位置。您必须手动跟踪它们,并手动检查所有跟踪的位置是否也安全。
This comment on php.netimplements a sample implementation of that:
php.net 上的这个评论实现了一个示例实现:
function curl_exec_follow(/*resource*/ $ch, /*int*/ &$maxredirect = null) {
$mr = $maxredirect === null ? 5 : intval($maxredirect);
if (ini_get('open_basedir') == '' && ini_get('safe_mode' == 'Off')) {
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, $mr > 0);
curl_setopt($ch, CURLOPT_MAXREDIRS, $mr);
} else {
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
if ($mr > 0) {
$newurl = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
$rch = curl_copy_handle($ch);
curl_setopt($rch, CURLOPT_HEADER, true);
curl_setopt($rch, CURLOPT_NOBODY, true);
curl_setopt($rch, CURLOPT_FORBID_REUSE, false);
curl_setopt($rch, CURLOPT_RETURNTRANSFER, true);
do {
curl_setopt($rch, CURLOPT_URL, $newurl);
$header = curl_exec($rch);
if (curl_errno($rch)) {
$code = 0;
} else {
$code = curl_getinfo($rch, CURLINFO_HTTP_CODE);
if ($code == 301 || $code == 302) {
preg_match('/Location:(.*?)\n/', $header, $matches);
$newurl = trim(array_pop($matches));
} else {
$code = 0;
}
}
} while ($code && --$mr);
curl_close($rch);
if (!$mr) {
if ($maxredirect === null) {
trigger_error('Too many redirects. When following redirects, libcurl hit the maximum amount.', E_USER_WARNING);
} else {
$maxredirect = 0;
}
return false;
}
curl_setopt($ch, CURLOPT_URL, $newurl);
}
}
return curl_exec($ch);
}
