|
|
My work around for the "MM_XSLTransform error on Servers with allow_url_fopen
set Off. I modified the function getRemoteFile() in MM_XSLTransform class
version 0.6.2 around line 162. I removed the if statement at line 173.
Here is my temp fix. Please note this is not complete, just playing with it;
not sure of any side effects yet.
My to do list:
1. find a function that will check if allow_url_fopen is set to off.
2. Set up a if or case statement to select the use fopen option or the cURL
option depending on the value return by step one.
3. Add some error checking, and figure out a good timeout time.
Does anybody see any security problems with the code below.
Thanks
David Pearson
function getRemoteFile(&$src) {
$fileContent = '';
$pos = strpos($src, '://');
$protocol = strtolower(substr($src, 0, $pos));
// avoid protocol upper case
$mySrc = $protocol . substr($src, $pos);
$magic_quotes_runtime_orig = get_magic_quotes_runtime();
set_magic_quotes_runtime(0);
$ch = curl_init();
$timeout = 0; // set to zero for no timeout
curl_setopt ($ch, CURLOPT_URL, $mySrc);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT,
$timeout);
$fileContent = curl_exec($ch);
curl_close($ch);
if ($protocol == 'https') {
$this->setError($this->getErrorFromCode('MM_HTTPS_OPEN_ERROR',
array($src)));
if ( (substr(PHP_VERSION, 0, 1) < 5) &&
(substr(PHP_VERSION, 2, 1) < 3) ) {
$this->setError($this->getErrorFromCode('MM_HTTPS_NOT_SUPPORTED_ERROR',
array($src)));
}
}
set_magic_quotes_runtime($magic_quotes_runtime_orig);
return $fileContent;
}
|
|