CURL_FOLLOWLOCATION

[ilikemath2002]

Ok so the server I'm running PHP on won't do CURL_FOLLOWLOCATION due to a security exploit, so I'm using a script someone posted, that isn't doing quite what I'd like it to do. Can someone please show me how to fix this.

 

The function:

<?php
    function curl_redir_exec($ch)
    {
        static $curl_loops = 0;
        static $curl_max_loops = 20;
        if ($curl_loops++ >= $curl_max_loops)
        {
            $curl_loops = 0;
            return FALSE;
        }
        curl_setopt($ch, CURLOPT_HEADER, true);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $data = curl_exec($ch);
        list($header, $data) = explode("\r\n", $data, 2);
        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        if ($http_code == 301 || $http_code == 302)
        {
            $matches = array();
            preg_match('/Location:(.*?)\n/', $header, $matches);
            $url = @parse_url(trim(array_pop($matches)));
            if (!$url)
            {
                //couldn't process the url to redirect to
                $curl_loops = 0;
                return $data;
            }
            $last_url = parse_url(curl_getinfo($ch, CURLINFO_EFFECTIVE_URL));
            if (!$url['scheme'])
                $url['scheme'] = $last_url['scheme'];
            if (!$url['host'])
                $url['host'] = $last_url['host'];
            if (!$url['path'])
                $url['path'] = $last_url['path'];
            $new_url = $url['scheme'] . '://' . $url['host'] . $url['path'] . ($url['query']?'?'.$url['query']:'');
            curl_setopt($ch, CURLOPT_URL, $new_url);
            debug('Redirecting to', $new_url);
            return curl_redir_exec($ch);
        } else {
            $curl_loops=0;
            return $data;
        }
    }
?> 

 

The file that I'm running:

<?php 
ini_set('display_errors', 1);
error_reporting(E_ALL);
include 'functions.php';
$user    = $_POST['username'];
$pass   = $_POST['password'];
$ch = curl_init();
   curl_setopt($ch, CURLOPT_URL,"WEBSITEURLHERE");
   curl_redir_exec($ch);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
   curl_setopt($ch, CURLOPT_POST, 1);
   curl_setopt($ch, CURLOPT_POSTFIELDS,"username=" . $user . "&password=" . $pass");

   $pagedata = curl_exec($ch);


echo $pagedata;
curl_close($ch);
?>

What I get back

HTTP/1.1 100 Continue HTTP/1.1 302 MOVED Location: https://SITEURL/p=kKmok3kJqOeN6D3mDdihco3oPeYN2KFy6W5--vZUbNA/s=t2ihfibEVNhEBup85mAxbMthF42vmwHpvLBtPi4MIzs Set-Cookie: session=t2ihfibEVNhEBup85mAxbMthF42vmwHpvLBtPi4MIzs; version=1; path=/; domain=.SITEURL.com Set-Cookie: settings=kKmok3kJqOeN6D3mDdihco3oPeYN2KFy6W5--vZUbNA; version=1; path=/; domain=.SITEURL.com; Expires=Sun, 29-Jan-2012 04:22:57 GMT; Max-Age=94608000 Connection: Close Content-length: 0

 

I'm pretty sure CURL_FOLLOWLOCATION wouldn't do that.

 

Sorry but I'm somewhat a noob about this stuff :S.

[ilikemath2002]

Ok so I removed the return and it isn't doing anything. How do I view the exact code of the CURL_FOLLOWLOCATION?

 

[sKunKbad]

Followlocation allows curl to follow redirects. I don't think there is much that you can do to duplicate this behavior. I'm curious about the security exploit. I've never heard of this, and not being able to use Followlocation really hurts the way I use cURL. I'd change hosts.

[ilikemath2002]

Followlocation allows curl to follow redirects. I don't think there is much that you can do to duplicate this behavior. I'm curious about the security exploit. I've never heard of this, and not being able to use Followlocation really hurts the way I use cURL. I'd change hosts.

I've changed hosts 3 or 4 times. They all use latest PHP which has it set so that FOLLOWLOCATION can't be used when safe_mode or open_basedir is on. It's because someone could CURL to a script on their server which says <?php header("Location: ..."); ?> which displays files on that server(it's an LFI)

[ilikemath2002]

If I can isolate the specific URL, it'd be a lot easier, how can I do that?

[ilikemath2002]

Has anyone found a way around this yet?

[sKunKbad]

Followlocation allows curl to follow redirects. I don't think there is much that you can do to duplicate this behavior. I'm curious about the security exploit. I've never heard of this, and not being able to use Followlocation really hurts the way I use cURL. I'd change hosts.

I've changed hosts 3 or 4 times. They all use latest PHP which has it set so that FOLLOWLOCATION can't be used when safe_mode or open_basedir is on. It's because someone could CURL to a script on their server which says <?php header("Location: ..."); ?> which displays files on that server(it's an LFI)

 

I'm on an InMotion Hosting server (inmotionhosting.com), and am using FOLLOWLOCATION. I'm on their biz30 server, and php runs as CGI, and I believe with SuPHP enabled, but I might be wrong. They put me on this server because I needed php sendmail enabled, and by default it is disabled. I guess if scripts turn an account into a spam relay or something, then they can easily identify it and shut it down. You can view the phpinfo if you are interested:

 

http://biz30.inmotionhosting.com/phpinfo.php

 

I use FOLLOWLOCATION because my contact forms post to a mail processing script through cURL, and the result is output after redirection. I am really pleased with this host, but after changing hosts 3 or 4 times, I can see why you'd be reluctant to change again.

[mrmark]

The reason this fails is that the server sending the response has keep-alive turned off. Notice the "Connection: close" header that was sent? This tells cURL to stop what it's doing and not attempt to follow the redirect, even though it got the "location" header. In short, cURL is perhaps a bit too polite, by respectfully honoring the server's request to close the connection, rather than requesting the location specified in the header anyways.

 

If anyone has a solution to this problem, I'd love to hear it.