1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 05:50:55 +01:00

Get rid of file_get_contents($uri)

Summary: It requires `allow_url_fopen` which we don't check in setup and our installation is about to disable it.

Test Plan:
Login with OAuth.
/oauth/facebook/diagnose/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D2787
This commit is contained in:
vrana 2012-06-18 15:11:47 -07:00
parent a5b5128be9
commit c762050b7c
10 changed files with 34 additions and 71 deletions

View file

@ -86,21 +86,9 @@ final class PhabricatorOAuthDiagnosticsController
'Application secret is set.');
}
$timeout = stream_context_create(
array(
'http' => array(
'ignore_errors' => true,
'timeout' => 5,
),
));
$timeout_strict = stream_context_create(
array(
'http' => array(
'timeout' => 5,
),
));
$timeout = 5;
$internet = @file_get_contents("http://google.com/", false, $timeout);
$internet = HTTPSFuture::loadContent("http://google.com/", $timeout);
if ($internet === false) {
$results['internet'] = array(
$res_no,
@ -116,7 +104,7 @@ final class PhabricatorOAuthDiagnosticsController
$test_uris = $provider->getTestURIs();
foreach ($test_uris as $uri) {
$success = @file_get_contents($uri, false, $timeout);
$success = HTTPSFuture::loadContent($uri, $timeout);
if ($success === false) {
$results[$uri] = array(
$res_no,
@ -140,22 +128,23 @@ final class PhabricatorOAuthDiagnosticsController
'grant_type' => 'client_credentials',
));
$token_value = @file_get_contents($test_uri, false, $timeout);
$token_strict = @file_get_contents($test_uri, false, $timeout_strict);
if ($token_value === false) {
$future = new HTTPSFuture($test_uri);
$future->setTimeout($timeout);
try {
list($body) = $future->resolvex();
$results['App Login'] = array(
$res_no,
null,
"Unable to perform an application login with your Application ID ".
"and Application Secret. You may have mistyped or misconfigured ".
"them; {$name} may have revoked your authorization; or {$name} may ".
"be having technical problems.");
} else {
if ($token_strict) {
$res_ok,
'(A Valid Token)',
"Raw application login to {$name} works.");
} catch (Exception $ex) {
if ($ex instanceof HTTPFutureResponseStatusCURL) {
$results['App Login'] = array(
$res_ok,
'(A Valid Token)',
"Raw application login to {$name} works.");
$res_no,
null,
"Unable to perform an application login with your Application ID ".
"and Application Secret. You may have mistyped or misconfigured ".
"them; {$name} may have revoked your authorization; or {$name} ".
"may be having technical problems.");
} else {
$data = json_decode($token_value, true);
if (!is_array($data)) {

View file

@ -63,7 +63,7 @@ final class PhabricatorOAuthLoginController
$userinfo_uri = (string)$userinfo_uri;
try {
$user_data = @file_get_contents($userinfo_uri);
$user_data = HTTPSFuture::loadContent($userinfo_uri);
if ($user_data === false) {
throw new PhabricatorOAuthProviderException(
"Request to '{$userinfo_uri}' failed!");
@ -262,34 +262,13 @@ final class PhabricatorOAuthLoginController
'code' => $code,
) + $provider->getExtraTokenParameters();
$post_data = http_build_query($query_data, '', '&');
$post_length = strlen($post_data);
$stream_context = stream_context_create(
array(
'http' => array(
'method' => 'POST',
'header' =>
"Content-Type: application/x-www-form-urlencoded\r\n".
"Content-Length: {$post_length}\r\n",
'content' => $post_data,
),
));
$stream = fopen($auth_uri, 'r', false, $stream_context);
$response = false;
$meta = null;
if ($stream) {
$meta = stream_get_meta_data($stream);
$response = stream_get_contents($stream);
fclose($stream);
}
if ($response === false) {
$future = new HTTPSFuture($auth_uri, $query_data);
$future->setMethod('POST');
try {
list($response) = $future->resolvex();
} catch (Exception $ex) {
return $this->buildErrorResponse(new PhabricatorOAuthFailureView());
}
$data = $provider->decodeTokenResponse($response);
$token = idx($data, 'access_token');

View file

@ -124,7 +124,7 @@ final class PhabricatorOAuthProviderDisqus extends PhabricatorOAuthProvider {
if ($avatar) {
$uri = idx($avatar, 'permalink');
if ($uri) {
return @file_get_contents($uri);
return HTTPSFuture::loadContent($uri);
}
}
return null;

View file

@ -111,7 +111,7 @@ final class PhabricatorOAuthProviderFacebook extends PhabricatorOAuthProvider {
public function retrieveUserProfileImage() {
$uri = 'https://graph.facebook.com/me/picture?access_token=';
return @file_get_contents($uri.$this->getAccessToken());
return HTTPSFuture::loadContent($uri.$this->getAccessToken());
}
public function retrieveUserAccountURI() {

View file

@ -105,7 +105,7 @@ final class PhabricatorOAuthProviderGitHub extends PhabricatorOAuthProvider {
public function retrieveUserProfileImage() {
$uri = idx($this->userData, 'avatar_url');
if ($uri) {
return @file_get_contents($uri);
return HTTPSFuture::loadContent($uri);
}
return null;
}

View file

@ -126,7 +126,7 @@ extends PhabricatorOAuthProvider {
public function retrieveUserProfileImage() {
$uri = $this->userData['image'];
return @file_get_contents($uri);
return HTTPSFuture::loadContent($uri);
}
public function retrieveUserAccountURI() {

View file

@ -203,14 +203,9 @@ final class PhabricatorFile extends PhabricatorFileDAO {
return null;
}
$timeout = stream_context_create(
array(
'http' => array(
'timeout' => 5,
),
));
$timeout = 5;
$file_data = @file_get_contents($uri, false, $timeout);
$file_data = HTTPSFuture::loadContent($uri, $timeout);
if ($file_data === false) {
return null;
}

View file

@ -206,7 +206,7 @@ final class PhabricatorUserOAuthSettingsPanelController
$token = $oauth_info->getToken();
try {
$userinfo_uri->setQueryParam('access_token', $token);
$user_data = @file_get_contents($userinfo_uri);
$user_data = HTTPSFuture::loadContent($userinfo_uri);
$provider->setUserData($user_data);
$provider->setAccessToken($token);
$image = $provider->retrieveUserProfileImage();

View file

@ -155,8 +155,8 @@ final class PhabricatorSetup {
'iconv',
// There is a chance we might not need this, but some configurations (like
// Amazon SES) will require it. Just mark it 'required' since it's widely
// available and relatively core.
// OAuth or Amazon SES) will require it. Just mark it 'required' since
// it's widely available and relatively core.
'curl',
);
foreach ($extensions as $extension) {

View file

@ -119,7 +119,7 @@ final class PhabricatorIRCMacroHandler extends PhabricatorIRCHandler {
}
public function rasterize($macro, $size, $aspect) {
$image = @file_get_contents($macro['uri']);
$image = HTTPSFuture::loadContent($macro['uri']);
if (!$image) {
return false;
}