PHP :: Bug #39817 :: curl_setopt/curl_setopt_array returns true for CURLOPT

Bug #39817	curl_setopt/curl_setopt_array returns true for CURLOPT_FOLLOWLOCATION => true i
Submitted:	2006-12-13 14:30 UTC	Modified:	2006-12-13 16:31 UTC
From:	php_dot_net at edelhost dot de	Assigned:	iliaa (profile)
Status:	Closed	Package:	cURL related
PHP Version:	5.2.0	OS:	Linux 2.6.18.k7
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	php_dot_net at edelhost dot de
New email:
PHP Version:		OS:

New Comment:

[2006-12-13 14:30 UTC] php_dot_net at edelhost dot de

Description:
------------
Summary:
curl_setopt/curl_setopt_array returns true for CURLOPT_FOLLOWLOCATION => true in safe_mode and/or with open_basedir

Description:
If safe_mode was activated and/or an open_basedir restriction was set, the cURL option CURLOPT_FOLLOWLOCATION can't be switched to true. You will be informed about this with a warning from PHP. So far so well.

But docu says, if an option can not be set by curl_setopt() it will return false, alternatively curl_setopt_array() will immediately return false, if one of the options can not be set.

Reproduce code:
---------------
<?php
$ch_opts = array(CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_MAXREDIRS      => 5,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_URL=>'http://tinyurl.com/yhor2h'#redir 2 http://de.php.net/news.rss
);
$ch = curl_init();
var_dump(curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true));
var_dump($opts_set = curl_setopt_array($ch, $ch_opts));
if (!$opts_set) {
    curl_close($ch);
    die('failed to set options');
}
if (!($response = curl_exec($ch))) {
    $errmsg = sprintf("curl_exec error: code: %d; message: %s",
        curl_errno($ch), curl_error($ch));
    curl_close($ch);
    die($errmsg);
}
curl_close($ch);
echo $response;
?>


Expected result:
----------------
bool(false)
bool(false)
failed to set options

Actual result:
--------------
bool(true)
bool(true)
curl_exec error: code: 0; message:

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-12-13 15:50 UTC] iliaa@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

I've just tried in latest CVS and as long either safe_mode or 
open_basedir is set the options are set to FALSE and return 
errors when you try to change and certainly do not follow the 
redirect.

[2006-12-13 16:23 UTC] php_dot_net at edelhost dot de

Tested with PHP 5.2.1-dev from php5.2-200612131530:

Actual result, as expected:
bool(false)
bool(false)
failed to set options

Thanks.

BTW: What is about CURLOPT_FAILONERROR? Should this option, if activated, handle 3xx HTTP codes (redirection) as error if safe_mode and/or is active?

[2006-12-13 16:31 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

No, I don't think it should. This is an explicit PHP limit 
which circumvents cURL in a way.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon May 12 15:01:27 2025 UTC