1
0
Fork 0

Merge remote-tracking branch 'cs278/follow-redirects'

pull/4775/head
Jordi Boggiano 2016-01-25 17:26:05 +00:00
commit a574d5ef76
1 changed files with 70 additions and 2 deletions

View File

@ -38,6 +38,8 @@ class RemoteFilesystem
private $lastHeaders; private $lastHeaders;
private $storeAuth; private $storeAuth;
private $degradedMode = false; private $degradedMode = false;
private $redirects;
private $maxRedirects = 20;
/** /**
* Constructor. * Constructor.
@ -198,6 +200,7 @@ class RemoteFilesystem
$this->lastProgress = null; $this->lastProgress = null;
$this->retryAuthFailure = true; $this->retryAuthFailure = true;
$this->lastHeaders = array(); $this->lastHeaders = array();
$this->redirects = 1; // The first request counts.
// capture username/password from URL if there is one // capture username/password from URL if there is one
if (preg_match('{^https?://(.+):(.+)@([^/]+)}i', $fileUrl, $match)) { if (preg_match('{^https?://(.+):(.+)@([^/]+)}i', $fileUrl, $match)) {
@ -210,7 +213,14 @@ class RemoteFilesystem
unset($additionalOptions['retry-auth-failure']); unset($additionalOptions['retry-auth-failure']);
} }
if (isset($additionalOptions['redirects'])) {
$this->redirects = $additionalOptions['redirects'];
unset($additionalOptions['redirects']);
}
$options = $this->getOptionsForUrl($originUrl, $additionalOptions); $options = $this->getOptionsForUrl($originUrl, $additionalOptions);
$userlandFollow = isset($options['http']['follow_location']) && !$options['http']['follow_location'];
if ($this->io->isDebug()) { if ($this->io->isDebug()) {
$this->io->writeError((substr($fileUrl, 0, 4) === 'http' ? 'Downloading ' : 'Reading ') . $fileUrl); $this->io->writeError((substr($fileUrl, 0, 4) === 'http' ? 'Downloading ' : 'Reading ') . $fileUrl);
@ -285,6 +295,49 @@ class RemoteFilesystem
$statusCode = $this->findStatusCode($http_response_header); $statusCode = $this->findStatusCode($http_response_header);
} }
if ($userlandFollow && $statusCode >= 300 && $statusCode <= 399 && $this->redirects < $this->maxRedirects) {
if ($locationHeader = $this->findHeaderValue($http_response_header, 'location')) {
if (parse_url($locationHeader, PHP_URL_SCHEME)) {
// Absolute URL; e.g. https://example.com/composer
$targetUrl = $locationHeader;
} elseif (parse_url($locationHeader, PHP_URL_HOST)) {
// Scheme relative; e.g. //example.com/foo
$targetUrl = $this->scheme.':'.$locationHeader;
} elseif ('/' === $locationHeader[0]) {
// Absolute path; e.g. /foo
$urlHost = parse_url($this->fileUrl, PHP_URL_HOST);
// Replace path using hostname as an anchor.
$targetUrl = preg_replace('{^(.+(?://|@)'.preg_quote($urlHost).'(?::\d+)?)(?:[/\?].*)?$}', '\1'.$locationHeader, $this->fileUrl);
} else {
// Relative path; e.g. foo
// This actually differs from PHP which seems to add duplicate slashes.
$targetUrl = preg_replace('{^(.+/)[^/?]*(?:\?.*)?$}', '\1'.$locationHeader, $this->fileUrl);
}
}
if (!empty($targetUrl)) {
$this->redirects++;
if ($this->io->isDebug()) {
$this->io->writeError(sprintf('Following redirect (%u)', $this->redirects));
}
$additionalOptions['redirects'] = $this->redirects;
// TODO: Not so sure about preserving origin here...
return $this->get($this->originUrl, $targetUrl, $additionalOptions, $this->fileName, $this->progress);
}
if (!$this->retry) {
$e = new TransportException('The "'.$this->fileUrl.'" file could not be downloaded, got redirect without Location ('.$http_response_header[0].')');
$e->setHeaders($http_response_header);
$e->setResponse($result);
throw $e;
}
$result = false;
}
// fail 4xx and 5xx responses and capture the response // fail 4xx and 5xx responses and capture the response
if ($statusCode && $statusCode >= 400 && $statusCode <= 599) { if ($statusCode && $statusCode >= 400 && $statusCode <= 599) {
if (!$this->retry) { if (!$this->retry) {
@ -521,9 +574,20 @@ class RemoteFilesystem
$host = parse_url($this->fileUrl, PHP_URL_HOST); $host = parse_url($this->fileUrl, PHP_URL_HOST);
} }
if (PHP_VERSION_ID >= 50304) {
// Must manually follow when setting CN_match because this causes all
// redirects to be validated against the same CN_match value.
$userlandFollow = true;
} else {
// PHP < 5.3.4 does not support follow_location, for those people
// do some really nasty hard coded transformations. These will
// still breakdown if the site redirects to a domain we don't
// expect.
if ($host === 'github.com' || $host === 'api.github.com') { if ($host === 'github.com' || $host === 'api.github.com') {
$host = '*.github.com'; $host = '*.github.com';
} }
}
$tlsOptions['ssl']['CN_match'] = $host; $tlsOptions['ssl']['CN_match'] = $host;
$tlsOptions['ssl']['SNI_server_name'] = $host; $tlsOptions['ssl']['SNI_server_name'] = $host;
@ -543,6 +607,10 @@ class RemoteFilesystem
$headers[] = 'Connection: close'; $headers[] = 'Connection: close';
} }
if (isset($userlandFollow)) {
$options['http']['follow_location'] = 0;
}
if ($this->io->hasAuthentication($originUrl)) { if ($this->io->hasAuthentication($originUrl)) {
$auth = $this->io->getAuthentication($originUrl); $auth = $this->io->getAuthentication($originUrl);
if ('github.com' === $originUrl && 'x-oauth-basic' === $auth['password']) { if ('github.com' === $originUrl && 'x-oauth-basic' === $auth['password']) {