From 184f9e06812ed33556366a1db34611dd7aba85e5 Mon Sep 17 00:00:00 2001 From: Christian Schneider Date: Mon, 15 Aug 2022 14:02:08 +0200 Subject: Add protocols parameter to allow other protocols for it_url::get*(), e.g. 'file' --- it_url.class | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/it_url.class b/it_url.class index 851c1d9..d718201 100644 --- a/it_url.class +++ b/it_url.class @@ -111,6 +111,7 @@ static function _postprocess($data, $p) * @param $p['retrysleep'] Number of seconds to wait before retry (additional to fetchsleep), fractions ok * @param $p['accept_encoding'] Contents of the "Accept-Encoding: " header. Enables decoding of the response. Set to null to disable, "" (default) for all supported encodings. * @param $p['postprocess'] function called with content and $p which has it_error. returns content or null (which triggers retry) + * @param $p['protocols'] Array of protocols to accept, defaults to ['http', 'https'], @see curl_opts for other values * @return Content of resulting page (considering redirects, excluding headers or false on error) or array (empty on error) if 'assoc' => true */ static function get($p = [], $timeout = null) @@ -200,7 +201,18 @@ static function curl_opts($p=array()) 'timeout' => 5, 'followlocation' => !$p['files'], # disallow redirects for file uploads as recommended by https://curl.se/libcurl/security.html 'accept_encoding' => '', # set header to accept any supported encoding and enable automatic decompression + 'protocols' => ['http', 'https'], # Array with allowed protocols, see list below ]; + $protocols = [ + 'file' => CURLPROTO_FILE, + 'ftp' => CURLPROTO_FTP, + 'ftps' => CURLPROTO_FTPS, + 'http' => CURLPROTO_HTTP, + 'https' => CURLPROTO_HTTPS, + 'scp' => CURLPROTO_SCP, + 'sftp' => CURLPROTO_SFTP, + ]; + $add = []; if (it::grep("[\n\r]", it::map('"$k$v"', $p['headers']))) @@ -253,7 +265,7 @@ static function curl_opts($p=array()) CURLOPT_CUSTOMREQUEST => $p['method'] ?: null, CURLOPT_NOBODY => $p['method'] == 'HEAD', CURLOPT_SAFE_UPLOAD => true, # disable special meaning of @value in POST forms (security) - CURLOPT_PROTOCOLS => CURLPROTO_HTTP | CURLPROTO_HTTPS, + CURLOPT_PROTOCOLS => array_reduce($p['protocols'], fn($c, $v) => $c | $protocols[$v], 0), CURLOPT_CAPATH => '/etc/ssl/certs/', CURLOPT_SSL_VERIFYPEER => !$p['allow_insecure_ssl'], -- cgit v1.2.3