]>
Commit | Line | Data |
---|---|---|
451314eb V |
1 | <?php |
2 | /** | |
3 | * GET an HTTP URL to retrieve its content | |
634783f9 | 4 | * Uses the cURL library or a fallback method |
451314eb | 5 | * |
d65342e3 A |
6 | * @param string $url URL to get (http://...) |
7 | * @param int $timeout network timeout (in seconds) | |
8 | * @param int $maxBytes maximum downloaded bytes (default: 4 MiB) | |
9 | * @param callable|string $curlWriteFunction Optional callback called during the download (cURL CURLOPT_WRITEFUNCTION). | |
10 | * Can be used to add download conditions on the headers (response code, content type, etc.). | |
451314eb V |
11 | * |
12 | * @return array HTTP response headers, downloaded content | |
13 | * | |
14 | * Output format: | |
15 | * [0] = associative array containing HTTP response headers | |
16 | * [1] = URL content (downloaded data) | |
17 | * | |
18 | * Example: | |
1557cefb | 19 | * list($headers, $data) = get_http_response('http://sebauvage.net/'); |
451314eb V |
20 | * if (strpos($headers[0], '200 OK') !== false) { |
21 | * echo 'Data type: '.htmlspecialchars($headers['Content-Type']); | |
22 | * } else { | |
23 | * echo 'There was an error: '.htmlspecialchars($headers[0]); | |
24 | * } | |
25 | * | |
634783f9 | 26 | * @see https://secure.php.net/manual/en/ref.curl.php |
27 | * @see https://secure.php.net/manual/en/functions.anonymous.php | |
28 | * @see https://secure.php.net/manual/en/function.preg-split.php | |
29 | * @see https://secure.php.net/manual/en/function.explode.php | |
30 | * @see http://stackoverflow.com/q/17641073 | |
31 | * @see http://stackoverflow.com/q/9183178 | |
32 | * @see http://stackoverflow.com/q/1462720 | |
451314eb | 33 | */ |
d65342e3 | 34 | function get_http_response($url, $timeout = 30, $maxBytes = 4194304, $curlWriteFunction = null) |
451314eb | 35 | { |
1557cefb | 36 | $urlObj = new Url($url); |
caa69b58 | 37 | $cleanUrl = $urlObj->idnToAscii(); |
ce7b0b64 | 38 | |
634783f9 | 39 | if (!filter_var($cleanUrl, FILTER_VALIDATE_URL) || !$urlObj->isHttp()) { |
1557cefb A |
40 | return array(array(0 => 'Invalid HTTP Url'), false); |
41 | } | |
42 | ||
634783f9 | 43 | $userAgent = |
44 | 'Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:45.0)' | |
45 | . ' Gecko/20100101 Firefox/45.0'; | |
46 | $acceptLanguage = | |
47 | substr(setlocale(LC_COLLATE, 0), 0, 2) . ',en-US;q=0.7,en;q=0.3'; | |
48 | $maxRedirs = 3; | |
49 | ||
50 | if (!function_exists('curl_init')) { | |
51 | return get_http_response_fallback( | |
52 | $cleanUrl, | |
53 | $timeout, | |
54 | $maxBytes, | |
55 | $userAgent, | |
56 | $acceptLanguage, | |
57 | $maxRedirs | |
58 | ); | |
59 | } | |
60 | ||
61 | $ch = curl_init($cleanUrl); | |
62 | if ($ch === false) { | |
63 | return array(array(0 => 'curl_init() error'), false); | |
64 | } | |
65 | ||
66 | // General cURL settings | |
67 | curl_setopt($ch, CURLOPT_AUTOREFERER, true); | |
68 | curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); | |
69 | curl_setopt($ch, CURLOPT_HEADER, true); | |
70 | curl_setopt( | |
71 | $ch, | |
72 | CURLOPT_HTTPHEADER, | |
73 | array('Accept-Language: ' . $acceptLanguage) | |
74 | ); | |
75 | curl_setopt($ch, CURLOPT_MAXREDIRS, $maxRedirs); | |
76 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); | |
77 | curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); | |
78 | curl_setopt($ch, CURLOPT_USERAGENT, $userAgent); | |
79 | ||
d65342e3 A |
80 | if (is_callable($curlWriteFunction)) { |
81 | curl_setopt($ch, CURLOPT_WRITEFUNCTION, $curlWriteFunction); | |
82 | } | |
83 | ||
634783f9 | 84 | // Max download size management |
91c807d2 | 85 | curl_setopt($ch, CURLOPT_BUFFERSIZE, 1024*16); |
634783f9 | 86 | curl_setopt($ch, CURLOPT_NOPROGRESS, false); |
87 | curl_setopt($ch, CURLOPT_PROGRESSFUNCTION, | |
88 | function($arg0, $arg1, $arg2, $arg3, $arg4 = 0) use ($maxBytes) | |
89 | { | |
90 | if (version_compare(phpversion(), '5.5', '<')) { | |
91 | // PHP version lower than 5.5 | |
92 | // Callback has 4 arguments | |
93 | $downloaded = $arg1; | |
94 | } else { | |
95 | // Callback has 5 arguments | |
96 | $downloaded = $arg2; | |
97 | } | |
98 | // Non-zero return stops downloading | |
99 | return ($downloaded > $maxBytes) ? 1 : 0; | |
100 | } | |
101 | ); | |
102 | ||
103 | $response = curl_exec($ch); | |
104 | $errorNo = curl_errno($ch); | |
105 | $errorStr = curl_error($ch); | |
106 | $headSize = curl_getinfo($ch, CURLINFO_HEADER_SIZE); | |
107 | curl_close($ch); | |
108 | ||
109 | if ($response === false) { | |
110 | if ($errorNo == CURLE_COULDNT_RESOLVE_HOST) { | |
111 | /* | |
112 | * Workaround to match fallback method behaviour | |
113 | * Removing this would require updating | |
114 | * GetHttpUrlTest::testGetInvalidRemoteUrl() | |
115 | */ | |
116 | return array(false, false); | |
117 | } | |
118 | return array(array(0 => 'curl_exec() error: ' . $errorStr), false); | |
119 | } | |
120 | ||
121 | // Formatting output like the fallback method | |
122 | $rawHeaders = substr($response, 0, $headSize); | |
123 | ||
124 | // Keep only headers from latest redirection | |
125 | $rawHeadersArrayRedirs = explode("\r\n\r\n", trim($rawHeaders)); | |
126 | $rawHeadersLastRedir = end($rawHeadersArrayRedirs); | |
127 | ||
128 | $content = substr($response, $headSize); | |
129 | $headers = array(); | |
130 | foreach (preg_split('~[\r\n]+~', $rawHeadersLastRedir) as $line) { | |
ee6f4b64 | 131 | if (empty($line) || ctype_space($line)) { |
634783f9 | 132 | continue; |
133 | } | |
134 | $splitLine = explode(': ', $line, 2); | |
135 | if (count($splitLine) > 1) { | |
136 | $key = $splitLine[0]; | |
137 | $value = $splitLine[1]; | |
138 | if (array_key_exists($key, $headers)) { | |
139 | if (!is_array($headers[$key])) { | |
140 | $headers[$key] = array(0 => $headers[$key]); | |
141 | } | |
142 | $headers[$key][] = $value; | |
143 | } else { | |
144 | $headers[$key] = $value; | |
145 | } | |
146 | } else { | |
147 | $headers[] = $splitLine[0]; | |
148 | } | |
149 | } | |
150 | ||
151 | return array($headers, $content); | |
152 | } | |
153 | ||
154 | /** | |
155 | * GET an HTTP URL to retrieve its content (fallback method) | |
156 | * | |
157 | * @param string $cleanUrl URL to get (http://... valid and in ASCII form) | |
158 | * @param int $timeout network timeout (in seconds) | |
159 | * @param int $maxBytes maximum downloaded bytes | |
160 | * @param string $userAgent "User-Agent" header | |
161 | * @param string $acceptLanguage "Accept-Language" header | |
162 | * @param int $maxRedr maximum amount of redirections followed | |
163 | * | |
164 | * @return array HTTP response headers, downloaded content | |
165 | * | |
166 | * Output format: | |
167 | * [0] = associative array containing HTTP response headers | |
168 | * [1] = URL content (downloaded data) | |
169 | * | |
170 | * @see http://php.net/manual/en/function.file-get-contents.php | |
171 | * @see http://php.net/manual/en/function.stream-context-create.php | |
172 | * @see http://php.net/manual/en/function.get-headers.php | |
173 | */ | |
174 | function get_http_response_fallback( | |
175 | $cleanUrl, | |
176 | $timeout, | |
177 | $maxBytes, | |
178 | $userAgent, | |
179 | $acceptLanguage, | |
180 | $maxRedr | |
181 | ) { | |
451314eb V |
182 | $options = array( |
183 | 'http' => array( | |
184 | 'method' => 'GET', | |
185 | 'timeout' => $timeout, | |
634783f9 | 186 | 'user_agent' => $userAgent, |
187 | 'header' => "Accept: */*\r\n" | |
188 | . 'Accept-Language: ' . $acceptLanguage | |
451314eb V |
189 | ) |
190 | ); | |
191 | ||
1557cefb | 192 | stream_context_set_default($options); |
634783f9 | 193 | list($headers, $finalUrl) = get_redirected_headers($cleanUrl, $maxRedr); |
ce7b0b64 A |
194 | if (! $headers || strpos($headers[0], '200 OK') === false) { |
195 | $options['http']['request_fulluri'] = true; | |
196 | stream_context_set_default($options); | |
634783f9 | 197 | list($headers, $finalUrl) = get_redirected_headers($cleanUrl, $maxRedr); |
ce7b0b64 | 198 | } |
1557cefb | 199 | |
634783f9 | 200 | if (! $headers) { |
1557cefb A |
201 | return array($headers, false); |
202 | } | |
451314eb V |
203 | |
204 | try { | |
205 | // TODO: catch Exception in calling code (thumbnailer) | |
ce7b0b64 | 206 | $context = stream_context_create($options); |
1557cefb | 207 | $content = file_get_contents($finalUrl, false, $context, -1, $maxBytes); |
451314eb V |
208 | } catch (Exception $exc) { |
209 | return array(array(0 => 'HTTP Error'), $exc->getMessage()); | |
210 | } | |
211 | ||
1557cefb A |
212 | return array($headers, $content); |
213 | } | |
214 | ||
215 | /** | |
ce7b0b64 | 216 | * Retrieve HTTP headers, following n redirections (temporary and permanent ones). |
1557cefb | 217 | * |
ce7b0b64 | 218 | * @param string $url initial URL to reach. |
caa69b58 | 219 | * @param int $redirectionLimit max redirection follow. |
1557cefb | 220 | * |
ce7b0b64 | 221 | * @return array HTTP headers, or false if it failed. |
1557cefb A |
222 | */ |
223 | function get_redirected_headers($url, $redirectionLimit = 3) | |
224 | { | |
225 | $headers = get_headers($url, 1); | |
ce7b0b64 A |
226 | if (!empty($headers['location']) && empty($headers['Location'])) { |
227 | $headers['Location'] = $headers['location']; | |
228 | } | |
1557cefb A |
229 | |
230 | // Headers found, redirection found, and limit not reached. | |
231 | if ($redirectionLimit-- > 0 | |
232 | && !empty($headers) | |
233 | && (strpos($headers[0], '301') !== false || strpos($headers[0], '302') !== false) | |
234 | && !empty($headers['Location'])) { | |
235 | ||
236 | $redirection = is_array($headers['Location']) ? end($headers['Location']) : $headers['Location']; | |
237 | if ($redirection != $url) { | |
ce7b0b64 | 238 | $redirection = getAbsoluteUrl($url, $redirection); |
1557cefb A |
239 | return get_redirected_headers($redirection, $redirectionLimit); |
240 | } | |
451314eb V |
241 | } |
242 | ||
1557cefb | 243 | return array($headers, $url); |
451314eb | 244 | } |
482d67bd | 245 | |
ce7b0b64 A |
246 | /** |
247 | * Get an absolute URL from a complete one, and another absolute/relative URL. | |
248 | * | |
249 | * @param string $originalUrl The original complete URL. | |
250 | * @param string $newUrl The new one, absolute or relative. | |
251 | * | |
252 | * @return string Final URL: | |
253 | * - $newUrl if it was already an absolute URL. | |
254 | * - if it was relative, absolute URL from $originalUrl path. | |
255 | */ | |
256 | function getAbsoluteUrl($originalUrl, $newUrl) | |
257 | { | |
258 | $newScheme = parse_url($newUrl, PHP_URL_SCHEME); | |
259 | // Already an absolute URL. | |
260 | if (!empty($newScheme)) { | |
261 | return $newUrl; | |
262 | } | |
263 | ||
264 | $parts = parse_url($originalUrl); | |
265 | $final = $parts['scheme'] .'://'. $parts['host']; | |
266 | $final .= (!empty($parts['port'])) ? $parts['port'] : ''; | |
267 | $final .= '/'; | |
268 | if ($newUrl[0] != '/') { | |
269 | $final .= substr(ltrim($parts['path'], '/'), 0, strrpos($parts['path'], '/')); | |
270 | } | |
271 | $final .= ltrim($newUrl, '/'); | |
272 | return $final; | |
273 | } | |
274 | ||
482d67bd V |
275 | /** |
276 | * Returns the server's base URL: scheme://domain.tld[:port] | |
277 | * | |
278 | * @param array $server the $_SERVER array | |
279 | * | |
280 | * @return string the server's base URL | |
281 | * | |
282 | * @see http://www.ietf.org/rfc/rfc7239.txt | |
283 | * @see http://www.ietf.org/rfc/rfc6648.txt | |
284 | * @see http://stackoverflow.com/a/3561399 | |
285 | * @see http://stackoverflow.com/q/452375 | |
286 | */ | |
287 | function server_url($server) | |
288 | { | |
289 | $scheme = 'http'; | |
290 | $port = ''; | |
291 | ||
292 | // Shaarli is served behind a proxy | |
293 | if (isset($server['HTTP_X_FORWARDED_PROTO'])) { | |
294 | // Keep forwarded scheme | |
85244fa0 A |
295 | if (strpos($server['HTTP_X_FORWARDED_PROTO'], ',') !== false) { |
296 | $schemes = explode(',', $server['HTTP_X_FORWARDED_PROTO']); | |
297 | $scheme = trim($schemes[0]); | |
298 | } else { | |
299 | $scheme = $server['HTTP_X_FORWARDED_PROTO']; | |
300 | } | |
482d67bd V |
301 | |
302 | if (isset($server['HTTP_X_FORWARDED_PORT'])) { | |
303 | // Keep forwarded port | |
85244fa0 A |
304 | if (strpos($server['HTTP_X_FORWARDED_PORT'], ',') !== false) { |
305 | $ports = explode(',', $server['HTTP_X_FORWARDED_PORT']); | |
8e4be773 | 306 | $port = trim($ports[0]); |
85244fa0 | 307 | } else { |
8e4be773 A |
308 | $port = $server['HTTP_X_FORWARDED_PORT']; |
309 | } | |
310 | ||
8e9fc6f6 A |
311 | // This is a workaround for proxies that don't forward the scheme properly. |
312 | // Connecting over port 443 has to be in HTTPS. | |
313 | // See https://github.com/shaarli/Shaarli/issues/1022 | |
314 | if ($port == '443') { | |
315 | $scheme = 'https'; | |
316 | } | |
317 | ||
8e4be773 A |
318 | if (($scheme == 'http' && $port != '80') |
319 | || ($scheme == 'https' && $port != '443') | |
320 | ) { | |
321 | $port = ':' . $port; | |
322 | } else { | |
323 | $port = ''; | |
85244fa0 | 324 | } |
482d67bd V |
325 | } |
326 | ||
b80315e2 SM |
327 | if (isset($server['HTTP_X_FORWARDED_HOST'])) { |
328 | // Keep forwarded host | |
329 | if (strpos($server['HTTP_X_FORWARDED_HOST'], ',') !== false) { | |
330 | $hosts = explode(',', $server['HTTP_X_FORWARDED_HOST']); | |
331 | $host = trim($hosts[0]); | |
332 | } else { | |
333 | $host = $server['HTTP_X_FORWARDED_HOST']; | |
334 | } | |
335 | } else { | |
336 | $host = $server['SERVER_NAME']; | |
337 | } | |
338 | ||
339 | return $scheme.'://'.$host.$port; | |
482d67bd V |
340 | } |
341 | ||
342 | // SSL detection | |
343 | if ((! empty($server['HTTPS']) && strtolower($server['HTTPS']) == 'on') | |
344 | || (isset($server['SERVER_PORT']) && $server['SERVER_PORT'] == '443')) { | |
345 | $scheme = 'https'; | |
346 | } | |
347 | ||
348 | // Do not append standard port values | |
349 | if (($scheme == 'http' && $server['SERVER_PORT'] != '80') | |
350 | || ($scheme == 'https' && $server['SERVER_PORT'] != '443')) { | |
351 | $port = ':'.$server['SERVER_PORT']; | |
352 | } | |
353 | ||
354 | return $scheme.'://'.$server['SERVER_NAME'].$port; | |
355 | } | |
356 | ||
357 | /** | |
358 | * Returns the absolute URL of the current script, without the query | |
359 | * | |
360 | * If the resource is "index.php", then it is removed (for better-looking URLs) | |
361 | * | |
362 | * @param array $server the $_SERVER array | |
363 | * | |
364 | * @return string the absolute URL of the current script, without the query | |
365 | */ | |
366 | function index_url($server) | |
367 | { | |
368 | $scriptname = $server['SCRIPT_NAME']; | |
5046bcb6 | 369 | if (endsWith($scriptname, 'index.php')) { |
482d67bd V |
370 | $scriptname = substr($scriptname, 0, -9); |
371 | } | |
372 | return server_url($server) . $scriptname; | |
373 | } | |
374 | ||
375 | /** | |
376 | * Returns the absolute URL of the current script, with the query | |
377 | * | |
378 | * If the resource is "index.php", then it is removed (for better-looking URLs) | |
379 | * | |
380 | * @param array $server the $_SERVER array | |
381 | * | |
382 | * @return string the absolute URL of the current script, with the query | |
383 | */ | |
384 | function page_url($server) | |
385 | { | |
386 | if (! empty($server['QUERY_STRING'])) { | |
387 | return index_url($server).'?'.$server['QUERY_STRING']; | |
388 | } | |
389 | return index_url($server); | |
390 | } | |
50d17918 A |
391 | |
392 | /** | |
393 | * Retrieve the initial IP forwarded by the reverse proxy. | |
394 | * | |
395 | * Inspired from: https://github.com/zendframework/zend-http/blob/master/src/PhpEnvironment/RemoteAddress.php | |
396 | * | |
397 | * @param array $server $_SERVER array which contains HTTP headers. | |
398 | * @param array $trustedIps List of trusted IP from the configuration. | |
399 | * | |
400 | * @return string|bool The forwarded IP, or false if none could be extracted. | |
401 | */ | |
402 | function getIpAddressFromProxy($server, $trustedIps) | |
403 | { | |
404 | $forwardedIpHeader = 'HTTP_X_FORWARDED_FOR'; | |
405 | if (empty($server[$forwardedIpHeader])) { | |
406 | return false; | |
407 | } | |
408 | ||
409 | $ips = preg_split('/\s*,\s*/', $server[$forwardedIpHeader]); | |
410 | $ips = array_diff($ips, $trustedIps); | |
411 | if (empty($ips)) { | |
412 | return false; | |
413 | } | |
414 | ||
415 | return array_pop($ips); | |
416 | } | |
a3130d2c A |
417 | |
418 | /** | |
419 | * Returns true if Shaarli's currently browsed in HTTPS. | |
420 | * Supports reverse proxies (if the headers are correctly set). | |
421 | * | |
422 | * @param array $server $_SERVER. | |
423 | * | |
424 | * @return bool true if HTTPS, false otherwise. | |
425 | */ | |
426 | function is_https($server) | |
427 | { | |
428 | ||
429 | if (isset($server['HTTP_X_FORWARDED_PORT'])) { | |
430 | // Keep forwarded port | |
431 | if (strpos($server['HTTP_X_FORWARDED_PORT'], ',') !== false) { | |
432 | $ports = explode(',', $server['HTTP_X_FORWARDED_PORT']); | |
433 | $port = trim($ports[0]); | |
434 | } else { | |
435 | $port = $server['HTTP_X_FORWARDED_PORT']; | |
436 | } | |
437 | ||
438 | if ($port == '443') { | |
439 | return true; | |
440 | } | |
441 | } | |
442 | ||
443 | return ! empty($server['HTTPS']); | |
444 | } |