Jump to:
| Project: | Web Links |
| Version: | 6.x-1.4 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
When you have allow_url_open disabled, as suggested for example at http://phpsec.org/projects/phpsecinfo/tests/allow_url_fopen.html , then the cron run for Pralexa will fail.
I changed the code to using curl:
function _pralexa_getalexa($url) {
$request_url = "http://data.alexa.com/data?cli=10&dat=snbamz&url=". $url;
$ch = curl_init($request_url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$xml_raw = curl_exec($ch);
$xml = simplexml_load_string($xml_raw);
return $xml->SD->POPULARITY['TEXT'];
}
That works fine for me, even it should be extended a bit.
I suggest to check for the status of allow_url_open - if its allowed, used simplexml_load_file, if not use curl.
Thanks for your great module.
Comments
#1
I think that "allow_url_include" closes the vulnerabilities that article references. Plus Drupal is very good about filtering input, which is not a problem in Pralexa. I will, however, see about putting this in.
#2
How does this look to you?
function _pralexa_getalexa($url) {$request_url = "http://data.alexa.com/data?cli=10&dat=snbamz&url=". $url;
if (init_get('allow_url_fopen')) {
$xml = simplexml_load_file($request_url);
}
else {
$ch = curl_init($request_url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$xml_raw = curl_exec($ch);
$xml = simplexml_load_string($xml_raw);
}
return $xml->SD->POPULARITY['TEXT'];
}
#3
committed to 6.x-2.x
#4
Clearing the issue list.