From f0dfdc72c46ee93ae0ce38d561f3c243e65747db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Samuel=20Gro=C3=9F?= Date: Sun, 24 Aug 2014 18:37:52 +0200 Subject: [PATCH 1/5] Don't encode '/' in the path part of the URL --- src/fin1te/SafeCurl/Url.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fin1te/SafeCurl/Url.php b/src/fin1te/SafeCurl/Url.php index 911d482..995edfe 100644 --- a/src/fin1te/SafeCurl/Url.php +++ b/src/fin1te/SafeCurl/Url.php @@ -199,7 +199,7 @@ public static function buildUrl($parts) { : ''; $url .= (!empty($parts['path'])) - ? '/' . rawurlencode(substr($parts['path'], 1)) + ? str_replace('%2F', '/', rawurlencode($parts['path'])) : ''; //The query string is difficult to encode properly From 60ade6f61237c3921c4a7e0a799d480620b9f1dc Mon Sep 17 00:00:00 2001 From: Matt Barry Date: Fri, 27 Jan 2017 11:11:03 -0500 Subject: [PATCH 2/5] Updated composer. --- composer.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 9ec0df1..e588cc7 100644 --- a/composer.json +++ b/composer.json @@ -1,9 +1,12 @@ { - "name": "fin1te/safecurl", + "name": "barmat/safecurl", "description": "A drop-in replacement for 'curl_exec', designed to prevent SSRF attacks.", "keywords": ["curl", "safecurl", "safe", "ssrf", "websec"], "license": "MIT", "authors": [ + { + "name": "Matt Barry" + }, { "name": "Jack W", "email": "jack@fin1te.net" From 3a90ee777bc33fcc1b405b8577a484ff9db7d6f1 Mon Sep 17 00:00:00 2001 From: Matt Barry Date: Wed, 12 Jul 2017 10:45:13 -0400 Subject: [PATCH 3/5] Removed $this from static method. --- composer.json | 3 ++- src/fin1te/SafeCurl/SafeCurl.php | 23 +++++++---------------- 2 files changed, 9 insertions(+), 17 deletions(-) diff --git a/composer.json b/composer.json index e588cc7..4d80a28 100644 --- a/composer.json +++ b/composer.json @@ -5,7 +5,8 @@ "license": "MIT", "authors": [ { - "name": "Matt Barry" + "name": "Matt Barry", + "email": "mattbarrah@gmail.com" }, { "name": "Jack W", diff --git a/src/fin1te/SafeCurl/SafeCurl.php b/src/fin1te/SafeCurl/SafeCurl.php index b7dbef4..2ace9d6 100644 --- a/src/fin1te/SafeCurl/SafeCurl.php +++ b/src/fin1te/SafeCurl/SafeCurl.php @@ -64,7 +64,7 @@ public function setCurlHandle($curlHandle) { /** * Gets Options * - * @return SafeCurl\Options + * @return Options */ public function getOptions() { return $this->options; @@ -73,7 +73,7 @@ public function getOptions() { /** * Sets Options * - * @param $options SafeCurl\Options + * @param $options Options */ public function setOptions(Options $options) { $this->options = $options; @@ -97,27 +97,18 @@ protected function init() { } /** - * Exectutes a cURL request, whilst checking that the + * Exectutes a cURL request, whilst checking that the * URL abides by our whitelists/blacklists * * @param $url string * @param $curlHandle resource optional - Incase called on an object rather than statically - * @param $options SafeCurl\Options optional - * + * @param $options Options optional * @return bool + * @throws InvalidURLException + * @throws \fin1te\SafeCurl\Exception */ public static function execute($url, $curlHandle = null, Options $options = null) { - //Check if we've been called staticly or not - if (isset($this) && get_class($this) == __CLASS__) { - $safeCurl = $this; - //Get the cURL handle, if it wasn't passed in - if (!is_resource($curlHandle) || get_resource_type($curlHandle) != 'curl') { - $curlHandle = $this->getCurlHandle(); - } - } else { - $safeCurl = new SafeCurl($curlHandle, $options); - } - + $safeCurl = new SafeCurl($curlHandle, $options); //Backup the existing URL $originalUrl = $url; From 93db7ba17c91db5c78423c92bef133d209a51615 Mon Sep 17 00:00:00 2001 From: Matt Barry Date: Thu, 27 Apr 2023 14:58:06 -0400 Subject: [PATCH 4/5] Added option to pass CurlHandle object instead of resource. --- src/fin1te/SafeCurl/SafeCurl.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/fin1te/SafeCurl/SafeCurl.php b/src/fin1te/SafeCurl/SafeCurl.php index 2ace9d6..b250951 100644 --- a/src/fin1te/SafeCurl/SafeCurl.php +++ b/src/fin1te/SafeCurl/SafeCurl.php @@ -1,6 +1,7 @@ Date: Mon, 15 May 2023 11:28:33 -0400 Subject: [PATCH 5/5] Refactor for conditional. --- src/fin1te/SafeCurl/SafeCurl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fin1te/SafeCurl/SafeCurl.php b/src/fin1te/SafeCurl/SafeCurl.php index b250951..6f3a2a7 100644 --- a/src/fin1te/SafeCurl/SafeCurl.php +++ b/src/fin1te/SafeCurl/SafeCurl.php @@ -55,7 +55,7 @@ public function getCurlHandle() { * @param $curlHandle resource */ public function setCurlHandle($curlHandle) { - if (!(is_resource($curlHandle) && get_resource_type($curlHandle) !== 'curl') && !($curlHandle instanceof CurlHandle)) { + if (!((is_resource($curlHandle) && get_resource_type($curlHandle) === 'curl') || (class_exists('CurlHandle') && $curlHandle instanceof CurlHandle))) { //Need a valid cURL resource, throw exception throw new Exception("SafeCurl expects a valid cURL resource - '" . gettype($curlHandle) . "' provided."); }