Flyspray - The bug killer!

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category User Interface
  • Assigned To No-one
  • Operating System All
  • Severity High
  • Priority Very Low
  • Reported Version 1.0-rc7
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Flyspray - The bug killer!
Opened by dave - 18.09.2018

FS#2499 - Change recaptcha from using file_get_contents to Curl

The issue with many servers now and the reason that recaptcha does not work is because it requires servers to enable allow_url_fopen which is a huge security risk. That is why you get the warning message when you try to run recaptcha that file_get_contents failed to connect.

So the solution is to use Curl to do that job.

Here is the fixed file, excuse my mess i had not cleaned up my code yet... but recaptcha now works.

this file goes in the includes dir... you can clean up the file if you like again sorry about that.

Project Manager
peterdd commented on 02.11.2018 07:06

So trade one dependency (allow_url_fopen) for another (php curl extension)?

We should identify all uses for loading/making requests to outside within Flyspray first. curl is currently an optional requirement during setup (only for OAuth), I used file_get_contents() several times in Flyspray, and I even found function Flyspray::remote_request() in includes/class.flyspray.php that is used only once to retrieve www.flyspray.org/version.txt .

Maybe also evaluate updating our guzzle requirement in composer.json and use guzzle for that? Used currently only for OAuth2-client 0.12, but current oauth2-client is php5.6+

Have to try if Guzzle works if curl extension is not installed. Does it have its own fallbacks? How it behaves on restricted servers like Dave described?

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing