mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-05-14 10:13:52 -04:00
Code Issues Packages Projects Releases Wiki Activity

Limit cURL to protocols HTTP, HTTPS (#8713)

Browse Source
This commit is contained in:
Alexandre Alapetite
2026-04-22 22:27:17 +02:00
committed by GitHub
parent 3ec1920cc5
commit 497d6a7afb
4 changed files with 65 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/Controllers/updateController.php
View File

@@ -229,6 +229,24 @@ class FreshRSS_update_Controller extends FreshRSS_ActionController {
curl_setopt($curlResource, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curlResource, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curlResource, CURLOPT_SSL_VERIFYHOST, 2);
$curl_options = [];
if (defined('CURLOPT_PROTOCOLS_STR')) {
$curl_options[CURLOPT_PROTOCOLS_STR] = 'http,https';
if (defined('CURLOPT_REDIR_PROTOCOLS_STR')) {
$curl_options[CURLOPT_REDIR_PROTOCOLS_STR] = 'http,https';
}
} elseif (defined('CURLPROTO_HTTP') && defined('CURLPROTO_HTTPS')) {
// Legacy PHP 8.2-
if (defined('CURLOPT_PROTOCOLS')) {
$curl_options[CURLOPT_PROTOCOLS] = CURLPROTO_HTTP | CURLPROTO_HTTPS;
}
if (defined('CURLOPT_REDIR_PROTOCOLS')) {
$curl_options[CURLOPT_REDIR_PROTOCOLS] = CURLPROTO_HTTP | CURLPROTO_HTTPS;
}
}
curl_setopt_array($curlResource, $curl_options);
$result = curl_exec($curlResource);
$curlGetinfo = curl_getinfo($curlResource, CURLINFO_HTTP_CODE);
$curlError = curl_error($curlResource);

18
app/Models/Feed.php
View File

@@ -1455,6 +1455,24 @@ class FreshRSS_Feed extends Minz_Model {
CURLOPT_ACCEPT_ENCODING => '', //Enable all encodings
//CURLOPT_VERBOSE => 1, // To debug sent HTTP headers
]);
$curl_options = [];
if (defined('CURLOPT_PROTOCOLS_STR')) {
$curl_options[CURLOPT_PROTOCOLS_STR] = 'http,https';
if (defined('CURLOPT_REDIR_PROTOCOLS_STR')) {
$curl_options[CURLOPT_REDIR_PROTOCOLS_STR] = 'http,https';
}
} elseif (defined('CURLPROTO_HTTP') && defined('CURLPROTO_HTTPS')) {
// Legacy PHP 8.2-
if (defined('CURLOPT_PROTOCOLS')) {
$curl_options[CURLOPT_PROTOCOLS] = CURLPROTO_HTTP | CURLPROTO_HTTPS;
}
if (defined('CURLOPT_REDIR_PROTOCOLS')) {
$curl_options[CURLOPT_REDIR_PROTOCOLS] = CURLPROTO_HTTP | CURLPROTO_HTTPS;
}
}
curl_setopt_array($ch, $curl_options);
$response = curl_exec($ch);
$info = curl_getinfo($ch);
if (!is_array($info)) {

14
app/Models/SimplePieCustom.php
View File

@@ -44,6 +44,20 @@ final class FreshRSS_SimplePieCustom extends \SimplePie\SimplePie
unset($curl_options[CURLOPT_PROXY]);
}
}
if (defined('CURLOPT_PROTOCOLS_STR')) {
$curl_options[CURLOPT_PROTOCOLS_STR] = 'http,https';
if (defined('CURLOPT_REDIR_PROTOCOLS_STR')) {
$curl_options[CURLOPT_REDIR_PROTOCOLS_STR] = 'http,https';
}
} elseif (defined('CURLPROTO_HTTP') && defined('CURLPROTO_HTTPS')) {
// Legacy PHP 8.2-
if (defined('CURLOPT_PROTOCOLS')) {
$curl_options[CURLOPT_PROTOCOLS] = CURLPROTO_HTTP | CURLPROTO_HTTPS;
}
if (defined('CURLOPT_REDIR_PROTOCOLS')) {
$curl_options[CURLOPT_REDIR_PROTOCOLS] = CURLPROTO_HTTP | CURLPROTO_HTTPS;
}
}
$this->set_curl_options($curl_options);
$this->strip_comments(true);

15
app/Utils/httpUtil.php
View File

@@ -369,6 +369,21 @@ final class FreshRSS_http_Util {
}
}
if (defined('CURLOPT_PROTOCOLS_STR')) {
$curl_options[CURLOPT_PROTOCOLS_STR] = 'http,https';
if (defined('CURLOPT_REDIR_PROTOCOLS_STR')) {
$curl_options[CURLOPT_REDIR_PROTOCOLS_STR] = 'http,https';
}
} elseif (defined('CURLPROTO_HTTP') && defined('CURLPROTO_HTTPS')) {
// Legacy PHP 8.2-
if (defined('CURLOPT_PROTOCOLS')) {
$curl_options[CURLOPT_PROTOCOLS] = CURLPROTO_HTTP | CURLPROTO_HTTPS;
}
if (defined('CURLOPT_REDIR_PROTOCOLS')) {
$curl_options[CURLOPT_REDIR_PROTOCOLS] = CURLPROTO_HTTP | CURLPROTO_HTTPS;
}
}
curl_setopt_array($ch, $curl_options);
$body = curl_exec($ch);