php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69461 No file_get_contents() timeout if follow_location=false
Submitted: 2015-04-15 10:17 UTC Modified: 2021-08-08 04:22 UTC
From: marc at gutt dot it Assigned: cmb (profile)
Status: No Feedback Package: Streams related
PHP Version: 5.4.39 OS: Debian
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: marc at gutt dot it
New email:
PHP Version: OS:

 

 [2015-04-15 10:17 UTC] marc at gutt dot it
Description:
------------
I loaded several thousand http/https URLs through file_get_contents(). By that a very tiny amount of URLs did not respect the timeout setting of file_get_contents() and not the PHP max_execution_time as well. It results after 10 minutes an Internal Server Error.

The problematic URL is a https://-URL that answers with a 301 redirect to a http://-URL. I tested it through cURL (CURLOPT_FOLLOWLOCATION=false,CURLOPT_SSL_VERIFYPEER=0), and this was the answer:
###############################################
string(138) "HTTP/1.1 301 Moved Permanently
Location: http://www.example.com/
Content-Length: 0
Content-Type: text/html; charset=UTF-8

"
###############################################

More details here:
http://stackoverflow.com/q/29628594/318765

Test script:
---------------
this results "Internal Server Error"
###############################################
$context = stream_context_create(array(
	'http' => array(
		'follow_location' => false,
		'timeout' => 2,
	),
	'ssl' => array(
		'verify_peer' => false,
	),
));
echo file_get_contents($url, false, $context);
###############################################

this returns "Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /usr/www/users//t051.php on line 12":
###############################################
		'verify_peer' => true,
###############################################

And now the strange part. This returns the website?!
###############################################
$context = stream_context_create(array(
	'http' => array(
		'follow_location' => true,
		'timeout' => 2,
	),
	'ssl' => array(
		'verify_peer' => false,
	),
));
echo file_get_contents($url, false, $context);
###############################################



Expected result:
----------------
As verify_peer and follow_location are set to false it should return the websites header.

Actual result:
--------------
It returns "Internal Server Error 500" after 10 minutes.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-04-15 10:18 UTC] marc at gutt dot it
Only for your information: This problem appears with PHP 5.3, 5.4 and 5.5.
 [2015-04-15 13:44 UTC] rdlowrey@php.net
-Package: URL related +Package: Streams related
 [2021-07-27 14:12 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-07-27 14:12 UTC] cmb@php.net
Does this still happen with any of the actively supported PHP
versions[1]?

[1] <https://www.php.net/supported-versions.php>
 [2021-08-08 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 04:01:29 2024 UTC