PHP :: Bug #39817 :: curl_setopt/curl_setopt_array returns true for CURLOPT

Bug #39817	curl_setopt/curl_setopt_array returns true for CURLOPT_FOLLOWLOCATION => true i
Submitted:	2006-12-13 14:30 UTC	Modified:	2006-12-13 16:31 UTC
From:	php_dot_net at edelhost dot de	Assigned:	iliaa (profile)
Status:	Closed	Package:	cURL related
PHP Version:	5.2.0	OS:	Linux 2.6.18.k7
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	php_dot_net at edelhost dot de
New email:
PHP Version:		OS:

New/Additional Comment:

[2006-12-13 14:30 UTC] php_dot_net at edelhost dot de

Description:
------------
Summary:
curl_setopt/curl_setopt_array returns true for CURLOPT_FOLLOWLOCATION => true in safe_mode and/or with open_basedir

Description:
If safe_mode was activated and/or an open_basedir restriction was set, the cURL option CURLOPT_FOLLOWLOCATION can't be switched to true. You will be informed about this with a warning from PHP. So far so well.

But docu says, if an option can not be set by curl_setopt() it will return false, alternatively curl_setopt_array() will immediately return false, if one of the options can not be set.

Reproduce code:
---------------
<?php
$ch_opts = array(CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_MAXREDIRS      => 5,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_URL=>'http://tinyurl.com/yhor2h'#redir 2 http://de.php.net/news.rss
);
$ch = curl_init();
var_dump(curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true));
var_dump($opts_set = curl_setopt_array($ch, $ch_opts));
if (!$opts_set) {
    curl_close($ch);
    die('failed to set options');
}
if (!($response = curl_exec($ch))) {
    $errmsg = sprintf("curl_exec error: code: %d; message: %s",
        curl_errno($ch), curl_error($ch));
    curl_close($ch);
    die($errmsg);
}
curl_close($ch);
echo $response;
?>


Expected result:
----------------
bool(false)
bool(false)
failed to set options

Actual result:
--------------
bool(true)
bool(true)
curl_exec error: code: 0; message:

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-12-13 15:50 UTC] iliaa@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

I've just tried in latest CVS and as long either safe_mode or 
open_basedir is set the options are set to FALSE and return 
errors when you try to change and certainly do not follow the 
redirect.

[2006-12-13 16:23 UTC] php_dot_net at edelhost dot de

Tested with PHP 5.2.1-dev from php5.2-200612131530:

Actual result, as expected:
bool(false)
bool(false)
failed to set options

Thanks.

BTW: What is about CURLOPT_FAILONERROR? Should this option, if activated, handle 3xx HTTP codes (redirection) as error if safe_mode and/or is active?

[2006-12-13 16:31 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

No, I don't think it should. This is an explicit PHP limit 
which circumvents cURL in a way.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon May 27 20:01:32 2024 UTC