1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 14:00:56 +01:00

Get rid of file_get_contents($uri)

Summary: It requires `allow_url_fopen` which we don't check in setup and our installation is about to disable it.

Test Plan:
Login with OAuth.
/oauth/facebook/diagnose/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D2787
This commit is contained in:
vrana 2012-06-18 15:11:47 -07:00
parent a5b5128be9
commit c762050b7c
10 changed files with 34 additions and 71 deletions

View file

@ -86,21 +86,9 @@ final class PhabricatorOAuthDiagnosticsController
'Application secret is set.'); 'Application secret is set.');
} }
$timeout = stream_context_create( $timeout = 5;
array(
'http' => array(
'ignore_errors' => true,
'timeout' => 5,
),
));
$timeout_strict = stream_context_create(
array(
'http' => array(
'timeout' => 5,
),
));
$internet = @file_get_contents("http://google.com/", false, $timeout); $internet = HTTPSFuture::loadContent("http://google.com/", $timeout);
if ($internet === false) { if ($internet === false) {
$results['internet'] = array( $results['internet'] = array(
$res_no, $res_no,
@ -116,7 +104,7 @@ final class PhabricatorOAuthDiagnosticsController
$test_uris = $provider->getTestURIs(); $test_uris = $provider->getTestURIs();
foreach ($test_uris as $uri) { foreach ($test_uris as $uri) {
$success = @file_get_contents($uri, false, $timeout); $success = HTTPSFuture::loadContent($uri, $timeout);
if ($success === false) { if ($success === false) {
$results[$uri] = array( $results[$uri] = array(
$res_no, $res_no,
@ -140,22 +128,23 @@ final class PhabricatorOAuthDiagnosticsController
'grant_type' => 'client_credentials', 'grant_type' => 'client_credentials',
)); ));
$token_value = @file_get_contents($test_uri, false, $timeout); $future = new HTTPSFuture($test_uri);
$token_strict = @file_get_contents($test_uri, false, $timeout_strict); $future->setTimeout($timeout);
if ($token_value === false) { try {
list($body) = $future->resolvex();
$results['App Login'] = array( $results['App Login'] = array(
$res_no, $res_ok,
null, '(A Valid Token)',
"Unable to perform an application login with your Application ID ". "Raw application login to {$name} works.");
"and Application Secret. You may have mistyped or misconfigured ". } catch (Exception $ex) {
"them; {$name} may have revoked your authorization; or {$name} may ". if ($ex instanceof HTTPFutureResponseStatusCURL) {
"be having technical problems.");
} else {
if ($token_strict) {
$results['App Login'] = array( $results['App Login'] = array(
$res_ok, $res_no,
'(A Valid Token)', null,
"Raw application login to {$name} works."); "Unable to perform an application login with your Application ID ".
"and Application Secret. You may have mistyped or misconfigured ".
"them; {$name} may have revoked your authorization; or {$name} ".
"may be having technical problems.");
} else { } else {
$data = json_decode($token_value, true); $data = json_decode($token_value, true);
if (!is_array($data)) { if (!is_array($data)) {

View file

@ -63,7 +63,7 @@ final class PhabricatorOAuthLoginController
$userinfo_uri = (string)$userinfo_uri; $userinfo_uri = (string)$userinfo_uri;
try { try {
$user_data = @file_get_contents($userinfo_uri); $user_data = HTTPSFuture::loadContent($userinfo_uri);
if ($user_data === false) { if ($user_data === false) {
throw new PhabricatorOAuthProviderException( throw new PhabricatorOAuthProviderException(
"Request to '{$userinfo_uri}' failed!"); "Request to '{$userinfo_uri}' failed!");
@ -262,34 +262,13 @@ final class PhabricatorOAuthLoginController
'code' => $code, 'code' => $code,
) + $provider->getExtraTokenParameters(); ) + $provider->getExtraTokenParameters();
$post_data = http_build_query($query_data, '', '&'); $future = new HTTPSFuture($auth_uri, $query_data);
$post_length = strlen($post_data); $future->setMethod('POST');
try {
$stream_context = stream_context_create( list($response) = $future->resolvex();
array( } catch (Exception $ex) {
'http' => array(
'method' => 'POST',
'header' =>
"Content-Type: application/x-www-form-urlencoded\r\n".
"Content-Length: {$post_length}\r\n",
'content' => $post_data,
),
));
$stream = fopen($auth_uri, 'r', false, $stream_context);
$response = false;
$meta = null;
if ($stream) {
$meta = stream_get_meta_data($stream);
$response = stream_get_contents($stream);
fclose($stream);
}
if ($response === false) {
return $this->buildErrorResponse(new PhabricatorOAuthFailureView()); return $this->buildErrorResponse(new PhabricatorOAuthFailureView());
} }
$data = $provider->decodeTokenResponse($response); $data = $provider->decodeTokenResponse($response);
$token = idx($data, 'access_token'); $token = idx($data, 'access_token');

View file

@ -124,7 +124,7 @@ final class PhabricatorOAuthProviderDisqus extends PhabricatorOAuthProvider {
if ($avatar) { if ($avatar) {
$uri = idx($avatar, 'permalink'); $uri = idx($avatar, 'permalink');
if ($uri) { if ($uri) {
return @file_get_contents($uri); return HTTPSFuture::loadContent($uri);
} }
} }
return null; return null;

View file

@ -111,7 +111,7 @@ final class PhabricatorOAuthProviderFacebook extends PhabricatorOAuthProvider {
public function retrieveUserProfileImage() { public function retrieveUserProfileImage() {
$uri = 'https://graph.facebook.com/me/picture?access_token='; $uri = 'https://graph.facebook.com/me/picture?access_token=';
return @file_get_contents($uri.$this->getAccessToken()); return HTTPSFuture::loadContent($uri.$this->getAccessToken());
} }
public function retrieveUserAccountURI() { public function retrieveUserAccountURI() {

View file

@ -105,7 +105,7 @@ final class PhabricatorOAuthProviderGitHub extends PhabricatorOAuthProvider {
public function retrieveUserProfileImage() { public function retrieveUserProfileImage() {
$uri = idx($this->userData, 'avatar_url'); $uri = idx($this->userData, 'avatar_url');
if ($uri) { if ($uri) {
return @file_get_contents($uri); return HTTPSFuture::loadContent($uri);
} }
return null; return null;
} }

View file

@ -126,7 +126,7 @@ extends PhabricatorOAuthProvider {
public function retrieveUserProfileImage() { public function retrieveUserProfileImage() {
$uri = $this->userData['image']; $uri = $this->userData['image'];
return @file_get_contents($uri); return HTTPSFuture::loadContent($uri);
} }
public function retrieveUserAccountURI() { public function retrieveUserAccountURI() {

View file

@ -203,14 +203,9 @@ final class PhabricatorFile extends PhabricatorFileDAO {
return null; return null;
} }
$timeout = stream_context_create( $timeout = 5;
array(
'http' => array(
'timeout' => 5,
),
));
$file_data = @file_get_contents($uri, false, $timeout); $file_data = HTTPSFuture::loadContent($uri, $timeout);
if ($file_data === false) { if ($file_data === false) {
return null; return null;
} }

View file

@ -206,7 +206,7 @@ final class PhabricatorUserOAuthSettingsPanelController
$token = $oauth_info->getToken(); $token = $oauth_info->getToken();
try { try {
$userinfo_uri->setQueryParam('access_token', $token); $userinfo_uri->setQueryParam('access_token', $token);
$user_data = @file_get_contents($userinfo_uri); $user_data = HTTPSFuture::loadContent($userinfo_uri);
$provider->setUserData($user_data); $provider->setUserData($user_data);
$provider->setAccessToken($token); $provider->setAccessToken($token);
$image = $provider->retrieveUserProfileImage(); $image = $provider->retrieveUserProfileImage();

View file

@ -155,8 +155,8 @@ final class PhabricatorSetup {
'iconv', 'iconv',
// There is a chance we might not need this, but some configurations (like // There is a chance we might not need this, but some configurations (like
// Amazon SES) will require it. Just mark it 'required' since it's widely // OAuth or Amazon SES) will require it. Just mark it 'required' since
// available and relatively core. // it's widely available and relatively core.
'curl', 'curl',
); );
foreach ($extensions as $extension) { foreach ($extensions as $extension) {

View file

@ -119,7 +119,7 @@ final class PhabricatorIRCMacroHandler extends PhabricatorIRCHandler {
} }
public function rasterize($macro, $size, $aspect) { public function rasterize($macro, $size, $aspect) {
$image = @file_get_contents($macro['uri']); $image = HTTPSFuture::loadContent($macro['uri']);
if (!$image) { if (!$image) {
return false; return false;
} }