php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69461 No file_get_contents() timeout if follow_location=false
Submitted: 2015-04-15 10:17 UTC Modified: 2021-08-08 04:22 UTC
From: marc at gutt dot it Assigned: cmb (profile)
Status: No Feedback Package: Streams related
PHP Version: 5.4.39 OS: Debian
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
24 + 40 = ?
Subscribe to this entry?

 
 [2015-04-15 10:17 UTC] marc at gutt dot it
Description:
------------
I loaded several thousand http/https URLs through file_get_contents(). By that a very tiny amount of URLs did not respect the timeout setting of file_get_contents() and not the PHP max_execution_time as well. It results after 10 minutes an Internal Server Error.

The problematic URL is a https://-URL that answers with a 301 redirect to a http://-URL. I tested it through cURL (CURLOPT_FOLLOWLOCATION=false,CURLOPT_SSL_VERIFYPEER=0), and this was the answer:
###############################################
string(138) "HTTP/1.1 301 Moved Permanently
Location: http://www.example.com/
Content-Length: 0
Content-Type: text/html; charset=UTF-8

"
###############################################

More details here:
http://stackoverflow.com/q/29628594/318765

Test script:
---------------
this results "Internal Server Error"
###############################################
$context = stream_context_create(array(
	'http' => array(
		'follow_location' => false,
		'timeout' => 2,
	),
	'ssl' => array(
		'verify_peer' => false,
	),
));
echo file_get_contents($url, false, $context);
###############################################

this returns "Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /usr/www/users//t051.php on line 12":
###############################################
		'verify_peer' => true,
###############################################

And now the strange part. This returns the website?!
###############################################
$context = stream_context_create(array(
	'http' => array(
		'follow_location' => true,
		'timeout' => 2,
	),
	'ssl' => array(
		'verify_peer' => false,
	),
));
echo file_get_contents($url, false, $context);
###############################################



Expected result:
----------------
As verify_peer and follow_location are set to false it should return the websites header.

Actual result:
--------------
It returns "Internal Server Error 500" after 10 minutes.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-04-15 10:18 UTC] marc at gutt dot it
Only for your information: This problem appears with PHP 5.3, 5.4 and 5.5.
 [2015-04-15 13:44 UTC] rdlowrey@php.net
-Package: URL related +Package: Streams related
 [2021-07-27 14:12 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-07-27 14:12 UTC] cmb@php.net
Does this still happen with any of the actively supported PHP
versions[1]?

[1] <https://www.php.net/supported-versions.php>
 [2021-08-08 04:22 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 06:01:29 2024 UTC