Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed download_fsockopen() fails with HTTPS and with redirections #2296

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fixed download_fsockopen() fails with HTTPS and with redirections #2296

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
23b1c42
Fixed function download_fsockopen()
lizardcrash Apr 17, 2019
25be5e4
Cleaning code
lizardcrash Apr 17, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 36 additions & 21 deletions oc-includes/osclass/utils.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -768,24 +768,42 @@ function download_fsockopen($sourceFile, $fileout = null, $post_data = null)
if ('localhost' == strtolower($host))
$host = '127.0.0.1';

$link = $aUrl['path'] . ( isset($aUrl['query']) ? '?' . $aUrl['query'] : '' );
$path = $aUrl['path'];
$query = $aUrl['query'];

$link = $aUrl['path'] . ( isset($aUrl['query']) ? '?' . $aUrl['query'] : '' );
if (empty($link))
$link .= '/';

$fp = @fsockopen($host, 80, $errno, $errstr, 30);
$port = 80;
if (preg_match("/^https:/i", $sourceFile)) {
$ishttps = true;
$host_ssl = "ssl://" .$host;
$port = 443;
$fp = @fsockopen($host_ssl, $port, $errno, $errstr, 30);
} else {
$fp = @fsockopen($host, $port, $errno, $errstr, 30);
}

if (!$fp) {
return false;
return false;
} else {
$ua = Params::getServerParam('HTTP_USER_AGENT') . ' Osclass (v.' . osc_version() . ')';
$out = ($post_data!=null && is_array($post_data)?"POST":"GET") . " $link HTTP/1.1\r\n";
//$out = ($post_data!=null && is_array($post_data)?"POST":"GET") . " $link HTTP/1.1\r\n";
$out = ($ishttps || $post_data!=null && is_array($post_data)?"POST":"GET") . ($ishttps ? " $path" : " $link") ." HTTP/1.1\r\n";
$out .= "Host: $host\r\n";
$out .= "User-Agent: $ua\r\n";

$out .= "Content-type: application/x-www-form-urlencoded\r\n";
$out .= "Content-length: ".strlen($query)."\r\n";

$out .= "Connection: Close\r\n\r\n";
$out .= "\r\n";
$out .= ($ishttps ? $query ."\r\n" : "");
$out .= "\r\n";
if($post_data!=null && is_array($post_data)) {
$out .= http_build_query($post_data);
}

fwrite($fp, $out);

$contents = '';
Expand All @@ -800,7 +818,8 @@ function download_fsockopen($sourceFile, $fileout = null, $post_data = null)
$aResult = processResponse($contents);
$headers = processHeaders($aResult['headers']);

$location = @$headers['location'];
$location = @$headers['location'];

if (isset($location) && $location != "") {
$aUrl = parse_url($headers['location']);

Expand All @@ -809,21 +828,20 @@ function download_fsockopen($sourceFile, $fileout = null, $post_data = null)
$host = '127.0.0.1';

$requestPath = $aUrl['path'] . ( isset($aUrl['query']) ? '?' . $aUrl['query'] : '' );

if (empty($requestPath))
$requestPath .= '/';

download_fsockopen($host, $requestPath, $fileout);
download_fsockopen($location, $fileout);
} else {
$body = $aResult['body'];
$transferEncoding = @$headers['transfer-encoding'];
$transferEncoding = @$headers['transfer-encoding'];
if($transferEncoding == 'chunked' ) {
$body = http_chunked_decode($aResult['body']);
}
if($fileout!=null) {
$ff = @fopen($fileout, 'w+');
if($ff!==FALSE) {
fwrite($ff, $body);
fwrite($ff, $body);
fclose($ff);
return true;
} else {
Expand All @@ -838,6 +856,7 @@ function download_fsockopen($sourceFile, $fileout = null, $post_data = null)

function osc_downloadFile($sourceFile, $downloadedFile, $post_data = null)
{

if(strpos($downloadedFile, "../")!==false || strpos($downloadedFile, "..\\")!==false) {
return false;
}
Expand Down Expand Up @@ -870,9 +889,9 @@ function osc_downloadFile($sourceFile, $downloadedFile, $post_data = null)
return false;
}
} else if (testFsockopen()) { // test curl/fsockopen
$downloadedFile = osc_content_path() . 'downloads/' . $downloadedFile;
$downloadedFile = osc_content_path() . 'downloads/' . $downloadedFile;
download_fsockopen($sourceFile, $downloadedFile);
return true;
return true;
}
return false;
}
Expand Down Expand Up @@ -981,10 +1000,9 @@ function osc_unzip_file($file, $to) {
return 0;
}

if (class_exists('ZipArchive')) {
if (class_exists('ZipArchive')) {
return _unzip_file_ziparchive($file, $to);
}

// if ZipArchive class doesn't exist, we use PclZip
return _unzip_file_pclzip($file, $to);
}
Expand All @@ -1004,9 +1022,9 @@ function _unzip_file_ziparchive($file, $to) {
$zip = new ZipArchive();
$zipopen = $zip->open($file, 4);

if ($zipopen !== true) {
if ($zipopen !== true) {
return 2;
}
}
// The zip is empty
if($zip->numFiles==0) {
return 2;
Expand Down Expand Up @@ -1045,7 +1063,6 @@ function _unzip_file_ziparchive($file, $to) {
@fwrite($fp, $content);
@fclose($fp);
}

$zip->close();

return 1;
Expand Down Expand Up @@ -2086,7 +2103,6 @@ function osc_market($section, $code) {
**** DOWNLOAD FILE ****
***********************/
if( isset($data['s_update_url']) && isset($data['s_source_file']) && isset($data['e_type'])) {

if($data['e_type']=='THEME') {
$folder = 'themes/';
} else if($data['e_type']=='LANGUAGE') {
Expand All @@ -2105,14 +2121,13 @@ function osc_market($section, $code) {

$filename = date('YmdHis')."_".osc_sanitize_string($data['s_title'])."_".$data['s_version'].".zip";
$url_source_file = $data['s_source_file'];

$result = osc_downloadFile($url_source_file, $filename, $download_post_data);

if ($result) { // Everything is OK, continue
/**********************
***** UNZIP FILE *****
**********************/
@mkdir(osc_content_path() . 'downloads/oc-temp/');

$res = osc_unzip_file(osc_content_path() . 'downloads/' . $filename, osc_content_path() . 'downloads/oc-temp/');
if ($res == 1) { // Everything is OK, continue
/**********************
Expand Down