Skip to content

SimplePie: Fix HTTP 301 permanent redirection#3180

Merged
Alkarex merged 2 commits intoFreshRSS:masterfrom
Alkarex:fix_301
Sep 17, 2020
Merged

SimplePie: Fix HTTP 301 permanent redirection#3180
Alkarex merged 2 commits intoFreshRSS:masterfrom
Alkarex:fix_301

Conversation

@Alkarex
Copy link
Copy Markdown
Member

@Alkarex Alkarex commented Sep 16, 2020
edited
Loading

When adding feeds it worked fine, but detecting permanent redirects for existing feeds was sometimes broken (only when PHP open_basedir was not set).

Indeed, using the built-in CURLOPT_FOLLOWLOCATION instead of the manual method in SimplePie hides the list of HTTP redirects along the way, and prevents the distinction of e.g. 301 vs. 302 redirects.

This patch disables CURLOPT_FOLLOWLOCATION in SimplePie, and fixes the manual method at the same time.
The use of CURLOPT_FOLLOWLOCATION was nevertheless not systematic (only when open_basedir was not set), so now there is only one logic independent of open_basedir.

I will send a PR upstream to SimplePie.

How to test: pick a feed with 301 redirection such as HTTP to HTTPS, e.g. http://ing.dk/rss/term/341
Manually change back to previous address (to simulate a feed that is changing address)
Refresh feed and observe whether the 301 redirect is obeyed.

@Alkarex
SimplePie: Fix HTTP 301 permanent redirection
477c771 
When adding feeds it worked fine, but detecting permanent redirects for
existing feeds was sometimes broken (only when PHP open_basedir was not
set).

Indeed, using the built-in CURLOPT_FOLLOWLOCATION instead of the manual
method in SimplePie hides the list of HTTP redirects along the way, and
prevents the distinction of e.g. 301 vs. 302 redirects.

This patch disables CURLOPT_FOLLOWLOCATION in SimplePie, and fixes the
manual method at the same time.
The use of CURLOPT_FOLLOWLOCATION was nevertheless not systematic (only
when open_basedir was not set), so now there is only one logic
independent of open_basedir.

I will send a PR upstream to SimplePie.

How to test: pick a feed with 301 redirection such as HTTP to HTTPS,
e.g. http://ing.dk/rss/term/341
Manually change back to previous address (to simulate a feed that is
changing address)
Refresh feed and observe whether the 301 redirect is obeyed.
@Alkarex Alkarex added this to the 1.17.0 milestone Sep 16, 2020
Alkarex
Alkarex commented Sep 16, 2020
View reviewed changes
Comment thread lib/SimplePie/SimplePie/File.php
curl_setopt($fp, CURLOPT_REFERER, SimplePie_Misc::url_remove_credentials($url));
curl_setopt($fp, CURLOPT_USERAGENT, $useragent);
curl_setopt($fp, CURLOPT_HTTPHEADER, $headers2);
if (!ini_get('open_basedir') && !ini_get('safe_mode') && version_compare(SimplePie_Misc::get_curl_version(), '7.15.2', '>='))
Copy link
Copy Markdown
Member Author

@Alkarex Alkarex Sep 16, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This logic was used sometimes, in which case it was problematic. Removed.

@Alkarex Alkarex mentioned this pull request Sep 16, 2020
Merged
@Alkarex
Copy link
Copy Markdown
Member Author

Alkarex commented Sep 17, 2020

Let's merge and continue testing in /master

@Alkarex Alkarex merged commit 1c0e7b4 into FreshRSS:master Sep 17, 2020
@Alkarex Alkarex deleted the fix_301 branch September 17, 2020 08:36
@Alkarex Alkarex mentioned this pull request Sep 17, 2020
Closed
SuperSandro2000
SuperSandro2000 reviewed Sep 17, 2020
View reviewed changes
Comment thread lib/SimplePie/SimplePie/File.php
Comment on lines +116 to +120
//if (!ini_get('open_basedir') && !ini_get('safe_mode') && version_compare(SimplePie_Misc::get_curl_version(), '7.15.2', '>='))
//{
// curl_setopt($fp, CURLOPT_FOLLOWLOCATION, 1);
// curl_setopt($fp, CURLOPT_MAXREDIRS, $redirects);
//}
Copy link
Copy Markdown
Contributor

@SuperSandro2000 SuperSandro2000 Sep 17, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In git leaving commented code is not a good practise. This should probably be removed.

Copy link
Copy Markdown
Member Author

@Alkarex Alkarex Sep 17, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See simplepie/simplepie#660 (which I will merge back when accepted)

Copy link
Copy Markdown
Member Author

@Alkarex Alkarex Oct 3, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#3206

Alkarex added a commit to Alkarex/FreshRSS that referenced this pull request Oct 3, 2020
@Alkarex
Update SimplePie (PHP8)
197fa45 
Contributes to FreshRSS#3082
Includes FreshRSS#3180
Differences:
simplepie/simplepie@aaad78e...692e8bc
@Alkarex Alkarex mentioned this pull request Oct 3, 2020
Merged
Alkarex added a commit that referenced this pull request Oct 3, 2020
@Alkarex
Update SimplePie (PHP8) (#3206)
8ec2b25 
Contributes to #3082
Includes #3180
Differences:
simplepie/simplepie@aaad78e...692e8bc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@SuperSandro2000 SuperSandro2000 SuperSandro2000 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

SimplePie 🍰

Projects

None yet

Milestone

1.17.0

Development

Successfully merging this pull request may close these issues.

2 participants

@Alkarex @SuperSandro2000