Details
-
Type:
Improvement
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 4.7.22
-
Fix Version/s: None
-
Component/s: None
-
Labels:
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:None
-
Funding Source:Needs Funding
-
Verified?:No
-
Overview:file_get_contents, a less secure function is used in place of cUrl. file_get_contents is disabled by a lot of security-concious server managers.
-
How it should work:If it used cUrl instead this would sidestep the issue.
-
Acceptance Criteria:On a server with allow_url_fopen=0, does running the update check work without throwing a warning?
Description
To keep things nice and secure, a number of server operators disable file_get_contents by setting allow_url_fopen=0 in php.ini.
This causes the following warnings:
Warning: file_get_contents(https://latest.civicrm.org/stable.php?format=json): failed to open stream: no suitable wrapper could be found in CRM_Utils_VersionCheck->pingBack() (line 429 of /var/www/bedsafe_live/sites/all/modules/civicrm/CRM/Utils/VersionCheck.php).
Warning: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0 in CRM_Utils_VersionCheck->pingBack() (line 429 of /var/www/bedsafe_live/sites/all/modules/civicrm/CRM/Utils/VersionCheck.php).
Is this is replaced with a cUrl function, then that will sidestep this issue.
[I have marked this as major as it prevents CiviCRM checking for updates, which could be a security issue.]
Update
Changing it to a Post function allows the CiviCRM mothership pingback but breaks the unit test!
Can we add an entry for the pingback to the HTTP? Without a call to file_get_contents the unit test breaks. The files that file_get_contents references should be put on the http civicrm.org test subdomain, because cUrl cannot reference local files.
Attachments
Issue Links
- links to