[ Index ]

PHP Cross Reference of YOURLS

title

Body

[close]

/includes/ -> functions-http.php (source)

   1  <?php
   2  
   3  /**
   4   * Functions that relate to HTTP requests
   5   *
   6   * On functions using the 3rd party library Requests:
   7   * Their goal here is to provide convenient wrapper functions to the Requests library. There are
   8   * 2 types of functions for each METHOD, where METHOD is 'get' or 'post' (implement more as needed)
   9   *     - yourls_http_METHOD() :
  10   *         Return a complete Response object (with ->body, ->headers, ->status_code, etc...) or
  11   *         a simple string (error message)
  12   *     - yourls_http_METHOD_body() :
  13   *         Return a string (response body) or null if there was an error
  14   *
  15   * @since 1.7
  16   */
  17  
  18  use WpOrg\Requests\Requests;
  19  
  20  /**
  21   * Perform a GET request, return response object or error string message
  22   *
  23   * Notable object properties: body, headers, status_code
  24   *
  25   * @since 1.7
  26   * @see yourls_http_request
  27   * @param string $url     URL to request
  28   * @param array $headers  HTTP headers to send
  29   * @param array $data     GET data
  30   * @param array $options  Options to pass to Requests
  31   * @return mixed Response object, or error string
  32   */
  33  function yourls_http_get( $url, $headers = array(), $data = array(), $options = array() ) {
  34      return yourls_http_request( 'GET', $url, $headers, $data, $options );
  35  }
  36  
  37  /**
  38   * Perform a GET request, return body or null if there was an error
  39   *
  40   * @since 1.7
  41   * @see yourls_http_request
  42   * @param string $url     URL to request
  43   * @param array $headers  HTTP headers to send
  44   * @param array $data     GET data
  45   * @param array $options  Options to pass to Requests
  46   * @return mixed String (page body) or null if error
  47   */
  48  function yourls_http_get_body( $url, $headers = array(), $data = array(), $options = array() ) {
  49      $return = yourls_http_get( $url, $headers, $data, $options );
  50      return isset( $return->body ) ? $return->body : null;
  51  }
  52  
  53  /**
  54   * Perform a POST request, return response object
  55   *
  56   * Notable object properties: body, headers, status_code
  57   *
  58   * @since 1.7
  59   * @see yourls_http_request
  60   * @param string $url     URL to request
  61   * @param array $headers  HTTP headers to send
  62   * @param array $data     POST data
  63   * @param array $options  Options to pass to Requests
  64   * @return mixed Response object, or error string
  65   */
  66  function yourls_http_post( $url, $headers = array(), $data = array(), $options = array() ) {
  67      return yourls_http_request( 'POST', $url, $headers, $data, $options );
  68  }
  69  
  70  /**
  71   * Perform a POST request, return body
  72   *
  73   * Wrapper for yourls_http_request()
  74   *
  75   * @since 1.7
  76   * @see yourls_http_request
  77   * @param string $url     URL to request
  78   * @param array $headers  HTTP headers to send
  79   * @param array $data     POST data
  80   * @param array $options  Options to pass to Requests
  81   * @return mixed String (page body) or null if error
  82   */
  83  function yourls_http_post_body( $url, $headers = array(), $data = array(), $options = array() ) {
  84      $return = yourls_http_post( $url, $headers, $data, $options );
  85      return isset( $return->body ) ? $return->body : null;
  86  }
  87  
  88  /**
  89   * Get proxy information
  90   *
  91   * @uses YOURLS_PROXY YOURLS_PROXY_USERNAME YOURLS_PROXY_PASSWORD
  92   * @since 1.7.1
  93   * @return mixed false if no proxy is defined, or string like '10.0.0.201:3128' or array like ('10.0.0.201:3128', 'username', 'password')
  94   */
  95  function yourls_http_get_proxy() {
  96      $proxy = false;
  97  
  98      if( defined( 'YOURLS_PROXY' ) ) {
  99          $proxy = YOURLS_PROXY;
 100          if( defined( 'YOURLS_PROXY_USERNAME' ) && defined( 'YOURLS_PROXY_PASSWORD' ) ) {
 101              $proxy = array( YOURLS_PROXY, YOURLS_PROXY_USERNAME, YOURLS_PROXY_PASSWORD );
 102          }
 103      }
 104  
 105      return yourls_apply_filter( 'http_get_proxy', $proxy );
 106  }
 107  
 108  /**
 109   * Get list of hosts that should bypass the proxy
 110   *
 111   * @uses YOURLS_PROXY_BYPASS_HOSTS
 112   * @since 1.7.1
 113   * @return mixed false if no host defined, or string like "example.com, *.mycorp.com"
 114   */
 115  function yourls_http_get_proxy_bypass_host() {
 116      $hosts = defined( 'YOURLS_PROXY_BYPASS_HOSTS' ) ? YOURLS_PROXY_BYPASS_HOSTS : false;
 117  
 118      return yourls_apply_filter( 'http_get_proxy_bypass_host', $hosts );
 119  }
 120  
 121  /**
 122   * Default HTTP requests options for YOURLS
 123   *
 124   * For a list of all available options, see function request() in /includes/Requests/Requests.php
 125   *
 126   * @since 1.7
 127   * @return array Options
 128   */
 129  function yourls_http_default_options() {
 130      $options = array(
 131          'timeout'          => yourls_apply_filter( 'http_default_options_timeout', 3 ),
 132          'useragent'        => yourls_http_user_agent(),
 133          'follow_redirects' => true,
 134          'redirects'        => 3,
 135      );
 136  
 137      if( yourls_http_get_proxy() ) {
 138          $options['proxy'] = yourls_http_get_proxy();
 139      }
 140  
 141      return yourls_apply_filter( 'http_default_options', $options );
 142  }
 143  
 144  /**
 145   * Whether URL should be sent through the proxy server.
 146   *
 147   * Concept stolen from WordPress. The idea is to allow some URLs, including localhost and the YOURLS install itself,
 148   * to be requested directly and bypassing any defined proxy.
 149   *
 150   * @uses YOURLS_PROXY
 151   * @uses YOURLS_PROXY_BYPASS_HOSTS
 152   * @since 1.7
 153   * @param string $url URL to check
 154   * @return bool true to request through proxy, false to request directly
 155   */
 156  function yourls_send_through_proxy( $url ) {
 157  
 158      // Allow plugins to short-circuit the whole function
 159      $pre = yourls_apply_filter( 'shunt_send_through_proxy', null, $url );
 160      if ( null !== $pre )
 161          return $pre;
 162  
 163      $check = @parse_url( $url );
 164  
 165      if( !isset( $check['host'] ) ) {
 166          return false;
 167      }
 168  
 169      // Malformed URL, can not process, but this could mean ssl, so let through anyway.
 170      if ( $check === false )
 171          return true;
 172  
 173      // Self and loopback URLs are considered local (':' is parse_url() host on '::1')
 174      $home = parse_url( yourls_get_yourls_site() );
 175      $local = array( 'localhost', '127.0.0.1', '127.1', '[::1]', ':', $home['host'] );
 176  
 177      if( in_array( $check['host'], $local ) )
 178          return false;
 179  
 180      $bypass = yourls_http_get_proxy_bypass_host();
 181  
 182      if( $bypass === false OR $bypass === '' ) {
 183          return true;
 184      }
 185  
 186      // Build array of hosts to bypass
 187      static $bypass_hosts;
 188      static $wildcard_regex = false;
 189      if ( null == $bypass_hosts ) {
 190          $bypass_hosts = preg_split( '|\s*,\s*|', $bypass );
 191  
 192          if ( false !== strpos( $bypass, '*' ) ) {
 193              $wildcard_regex = array();
 194              foreach ( $bypass_hosts as $host ) {
 195                  $wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) );
 196                  if ( false !== strpos( $host, '*' ) ) {
 197                      $wildcard_regex[] = str_replace( '\*\.', '', preg_quote( $host, '/' ) );
 198                  }
 199              }
 200              $wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i';
 201          }
 202      }
 203  
 204      if ( !empty( $wildcard_regex ) )
 205          return !preg_match( $wildcard_regex, $check['host'] );
 206      else
 207          return !in_array( $check['host'], $bypass_hosts );
 208  }
 209  
 210  /**
 211   * Perform a HTTP request, return response object
 212   *
 213   * @since 1.7
 214   * @param string $type HTTP request type (GET, POST)
 215   * @param string $url URL to request
 216   * @param array $headers Extra headers to send with the request
 217   * @param array $data Data to send either as a query string for GET requests, or in the body for POST requests
 218   * @param array $options Options for the request (see /includes/Requests/Requests.php:request())
 219   * @return object WpOrg\Requests\Response object
 220   */
 221  function yourls_http_request( $type, $url, $headers, $data, $options ) {
 222  
 223      // Allow plugins to short-circuit the whole function
 224      $pre = yourls_apply_filter( 'shunt_yourls_http_request', null, $type, $url, $headers, $data, $options );
 225      if ( null !== $pre )
 226          return $pre;
 227  
 228      $options = array_merge( yourls_http_default_options(), $options );
 229  
 230      if( yourls_http_get_proxy() && !yourls_send_through_proxy( $url ) ) {
 231          unset( $options['proxy'] );
 232      }
 233  
 234      // filter everything
 235      $type    = yourls_apply_filter('http_request_type', $type);
 236      $url     = yourls_apply_filter('http_request_url', $url);
 237      $headers = yourls_apply_filter('http_request_headers', $headers);
 238      $data    = yourls_apply_filter('http_request_data', $data);
 239      $options = yourls_apply_filter('http_request_options', $options);
 240  
 241      try {
 242          $result = Requests::request( $url, $headers, $data, $type, $options );
 243      } catch( \WpOrg\Requests\Exception $e ) {
 244          $result = yourls_debug_log( $e->getMessage() . ' (' . $type . ' on ' . $url . ')' );
 245      };
 246  
 247      return $result;
 248  }
 249  
 250  /**
 251   * Return funky user agent string
 252   *
 253   * @since 1.5
 254   * @return string UA string
 255   */
 256  function yourls_http_user_agent() {
 257      return yourls_apply_filter( 'http_user_agent', 'YOURLS v'.YOURLS_VERSION.' +http://yourls.org/ (running on '.yourls_get_yourls_site().')' );
 258  }
 259  
 260  /**
 261   * Check api.yourls.org if there's a newer version of YOURLS
 262   *
 263   * This function collects various stats to help us improve YOURLS. See the blog post about it:
 264   * http://blog.yourls.org/2014/01/on-yourls-1-7-and-api-yourls-org/
 265   * Results of requests sent to api.yourls.org are stored in option 'core_version_checks' and is an object
 266   * with the following properties:
 267   *    - failed_attempts : number of consecutive failed attempts
 268   *    - last_attempt    : time() of last attempt
 269   *    - last_result     : content retrieved from api.yourls.org during previous check
 270   *    - version_checked : installed YOURLS version that was last checked
 271   *
 272   * @since 1.7
 273   * @return mixed JSON data if api.yourls.org successfully requested, false otherwise
 274   */
 275  function yourls_check_core_version() {
 276  
 277      global $yourls_user_passwords;
 278  
 279      $checks = yourls_get_option( 'core_version_checks' );
 280  
 281      // Invalidate check data when YOURLS version changes
 282      if ( is_object( $checks ) && YOURLS_VERSION != $checks->version_checked ) {
 283          $checks = false;
 284      }
 285  
 286      if( !is_object( $checks ) ) {
 287          $checks = new stdClass;
 288          $checks->failed_attempts = 0;
 289          $checks->last_attempt    = 0;
 290          $checks->last_result     = '';
 291          $checks->version_checked = YOURLS_VERSION;
 292      }
 293  
 294      // Total number of links and clicks
 295      list( $total_urls, $total_clicks ) = array_values(yourls_get_db_stats());
 296  
 297      // The collection of stuff to report
 298      $stuff = array(
 299          // Globally uniquish site identifier
 300          // This uses const YOURLS_SITE and not yourls_get_yourls_site() to prevent creating another id for an already known install
 301          'md5'                => md5( YOURLS_SITE . YOURLS_ABSPATH ),
 302  
 303          // Install information
 304          'failed_attempts'    => $checks->failed_attempts,
 305          'yourls_site'        => defined( 'YOURLS_SITE' ) ? yourls_get_yourls_site() : 'unknown',
 306          'yourls_version'     => defined( 'YOURLS_VERSION' ) ? YOURLS_VERSION : 'unknown',
 307          'php_version'        => PHP_VERSION,
 308          'mysql_version'      => yourls_get_db()->mysql_version(),
 309          'locale'             => yourls_get_locale(),
 310  
 311          // custom DB driver if any, and useful common PHP extensions
 312          'db_driver'          => defined( 'YOURLS_DB_DRIVER' ) ? YOURLS_DB_DRIVER : 'unset',
 313          'db_ext_pdo'         => extension_loaded( 'PDO' )     ? 1 : 0,
 314          'db_ext_mysql'       => extension_loaded( 'mysql' )   ? 1 : 0,
 315          'db_ext_mysqli'      => extension_loaded( 'mysqli' )  ? 1 : 0,
 316          'ext_curl'           => extension_loaded( 'curl' )    ? 1 : 0,
 317  
 318          // Config information
 319          'yourls_private'     => defined( 'YOURLS_PRIVATE' ) && YOURLS_PRIVATE ? 1 : 0,
 320          'yourls_unique'      => defined( 'YOURLS_UNIQUE_URLS' ) && YOURLS_UNIQUE_URLS ? 1 : 0,
 321          'yourls_url_convert' => defined( 'YOURLS_URL_CONVERT' ) ? YOURLS_URL_CONVERT : 'unknown',
 322  
 323          // Usage information
 324          'num_users'          => count( $yourls_user_passwords ),
 325          'num_active_plugins' => yourls_has_active_plugins(),
 326          'num_pages'          => defined( 'YOURLS_PAGEDIR' ) ? count( (array) glob( YOURLS_PAGEDIR .'/*.php') ) : 0,
 327          'num_links'          => $total_urls,
 328          'num_clicks'         => $total_clicks,
 329      );
 330  
 331      $stuff = yourls_apply_filter( 'version_check_stuff', $stuff );
 332  
 333      // Send it in
 334      $url = 'http://api.yourls.org/core/version/1.1/';
 335      if( yourls_can_http_over_ssl() ) {
 336          $url = yourls_set_url_scheme($url, 'https');
 337      }
 338      $req = yourls_http_post( $url, array(), $stuff );
 339  
 340      $checks->last_attempt = time();
 341      $checks->version_checked = YOURLS_VERSION;
 342  
 343      // Unexpected results ?
 344      if( is_string( $req ) or !$req->success ) {
 345          $checks->failed_attempts = $checks->failed_attempts + 1;
 346          yourls_update_option( 'core_version_checks', $checks );
 347          if( is_string($req) ) {
 348              yourls_debug_log('Version check failed: ' . $req);
 349          }
 350          return false;
 351      }
 352  
 353      // Parse response
 354      $json = json_decode( trim( $req->body ) );
 355  
 356      if( yourls_validate_core_version_response($json) ) {
 357          // All went OK - mark this down
 358          $checks->failed_attempts = 0;
 359          $checks->last_result     = $json;
 360          yourls_update_option( 'core_version_checks', $checks );
 361  
 362          return $json;
 363      }
 364  
 365      // Request returned actual result, but not what we expected
 366      return false;
 367  }
 368  
 369  /**
 370   *  Make sure response from api.yourls.org is valid
 371   *
 372   *  1) we should get a json object with two following properties:
 373   *    'latest' => a string representing a YOURLS version number, eg '1.2.3'
 374   *    'zipurl' => a string for a zip package URL, from github, eg 'https://api.github.com/repos/YOURLS/YOURLS/zipball/1.2.3'
 375   *  2) 'latest' and version extracted from 'zipurl' should match
 376   *  3) the object should not contain any other key
 377   *
 378   *  @since 1.7.7
 379   *  @param object $json  JSON object to check
 380   *  @return bool   true if seems legit, false otherwise
 381   */
 382  function yourls_validate_core_version_response($json) {
 383      return (
 384          yourls_validate_core_version_response_keys($json)
 385       && $json->latest === yourls_sanitize_version($json->latest)
 386       && $json->zipurl === yourls_sanitize_url($json->zipurl)
 387       && $json->latest === yourls_get_version_from_zipball_url($json->zipurl)
 388       && yourls_is_valid_github_repo_url($json->zipurl)
 389      );
 390  }
 391  
 392  /**
 393   * Get version number from Github zipball URL (last part of URL, really)
 394   *
 395   * @since 1.8.3
 396   * @param string $zipurl eg 'https://api.github.com/repos/YOURLS/YOURLS/zipball/1.2.3'
 397   * @return string
 398   */
 399  function yourls_get_version_from_zipball_url($zipurl) {
 400      $version = '';
 401      $parts = explode('/', parse_url(yourls_sanitize_url($zipurl), PHP_URL_PATH) ?? '');
 402      // expect at least 1 slash in path, return last part
 403      if( count($parts) > 1 ) {
 404          $version = end($parts);
 405      }
 406      return $version;
 407  }
 408  
 409  /**
 410   * Check if URL is from YOURLS/YOURLS repo on github
 411   *
 412   * @since 1.8.3
 413   * @param string $url  URL to check
 414   * @return bool
 415   */
 416  function yourls_is_valid_github_repo_url($url) {
 417      $url = yourls_sanitize_url($url);
 418      return (
 419          join('.',array_slice(explode('.', parse_url($url, PHP_URL_HOST) ?? ''), -2, 2)) === 'github.com'
 420              // explodes on '.' (['api','github','com']) and keeps the last two elements
 421              // to make sure domain is either github.com or one of its subdomain (api.github.com for instance)
 422              // TODO: keep an eye on Github API to make sure it doesn't change some day to another domain (githubapi.com, ...)
 423          && substr( parse_url($url, PHP_URL_PATH), 0, 21 ) === '/repos/YOURLS/YOURLS/'
 424              // make sure path starts with '/repos/YOURLS/YOURLS/'
 425      );
 426  }
 427  
 428  /**
 429   * Check if object has only expected keys 'latest' and 'zipurl' containing strings
 430   *
 431   * @since 1.8.3
 432   * @param object $json
 433   * @return bool
 434   */
 435  function yourls_validate_core_version_response_keys($json) {
 436      $keys = array('latest', 'zipurl');
 437      return (
 438          count(array_diff(array_keys((array)$json), $keys)) === 0
 439          && isset($json->latest)
 440          && isset($json->zipurl)
 441          && is_string($json->latest)
 442          && is_string($json->zipurl)
 443      );
 444  }
 445  
 446  /**
 447   * Determine if we want to check for a newer YOURLS version (and check if applicable)
 448   *
 449   * Currently checks are performed every 24h and only when someone is visiting an admin page.
 450   * In the future (1.8?) maybe check with cronjob emulation instead.
 451   *
 452   * @since 1.7
 453   * @return bool true if a check was needed and successfully performed, false otherwise
 454   */
 455  function yourls_maybe_check_core_version() {
 456      // Allow plugins to short-circuit the whole function
 457      $pre = yourls_apply_filter('shunt_maybe_check_core_version', null);
 458      if (null !== $pre) {
 459          return $pre;
 460      }
 461  
 462      if (yourls_skip_version_check()) {
 463          return false;
 464      }
 465  
 466      if (!yourls_is_admin()) {
 467          return false;
 468      }
 469  
 470      $checks = yourls_get_option( 'core_version_checks' );
 471  
 472      /* We don't want to check if :
 473       - last_result is set (a previous check was performed)
 474       - and it was less than 24h ago (or less than 2h ago if it wasn't successful)
 475       - and version checked matched version running
 476       Otherwise, we want to check.
 477      */
 478      if( !empty( $checks->last_result )
 479          AND
 480          (
 481              ( $checks->failed_attempts == 0 && ( ( time() - $checks->last_attempt ) < 24 * 3600 ) )
 482              OR
 483              ( $checks->failed_attempts > 0  && ( ( time() - $checks->last_attempt ) <  2 * 3600 ) )
 484          )
 485          AND ( $checks->version_checked == YOURLS_VERSION )
 486      )
 487          return false;
 488  
 489      // We want to check if there's a new version
 490      $new_check = yourls_check_core_version();
 491  
 492      // Could not check for a new version, and we don't have ancient data
 493      if( false == $new_check && !isset( $checks->last_result->latest ) )
 494          return false;
 495  
 496      return true;
 497  }
 498  
 499  /**
 500   * Check if user setting for skipping version check is set
 501   *
 502   * @since 1.8.2
 503   * @return bool
 504   */
 505  function yourls_skip_version_check() {
 506      return yourls_apply_filter('skip_version_check', defined('YOURLS_NO_VERSION_CHECK') && YOURLS_NO_VERSION_CHECK);
 507  }
 508  
 509  /**
 510   * Check if server can perform HTTPS requests, return bool
 511   *
 512   * @since 1.7.1
 513   * @return bool whether the server can perform HTTP requests over SSL
 514   */
 515  function yourls_can_http_over_ssl() {
 516      $ssl_curl = $ssl_socket = false;
 517  
 518      if( function_exists( 'curl_exec' ) ) {
 519          $curl_version  = curl_version();
 520          $ssl_curl = ( $curl_version['features'] & CURL_VERSION_SSL );
 521      }
 522  
 523      if( function_exists( 'stream_socket_client' ) ) {
 524          $ssl_socket = extension_loaded( 'openssl' ) && function_exists( 'openssl_x509_parse' );
 525      }
 526  
 527      return ( $ssl_curl OR $ssl_socket );
 528  }


Generated: Wed Sep 28 05:10:02 2022 Cross-referenced by PHPXref 0.7.1