My favorites | Sign in
Project Home Downloads Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
  Advanced search   Search tips   Subscriptions
Issue 6: PHP warnings on invalid domain
1 person starred this issue and may be notified of changes. Back to list
Status:  Fixed
Owner:  ----
Closed:  Sep 2010


 
Reported by HendrikU...@nexgo.de, Sep 26, 2010
If a user enters an invalid domain like http://not.exists the following PHP warnings are generated:

Warning: get_headers() [function.get-headers]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /srv/www/stendhal/lib/openid/lightopenid.php on line 148

Warning: get_headers(http://not.existing/) [function.get-headers]: failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in /srv/www/stendhal/lib/openid/lightopenid.php on line 148

Warning: file_get_contents() [function.file-get-contents]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /srv/www/stendhal/lib/openid/lightopenid.php on line 156

Warning: file_get_contents(http://not.existing/) [function.file-get-contents]: failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in /srv/www/stendhal/lib/openid/lightopenid.php on line 156

Warning: file_get_contents() [function.file-get-contents]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /srv/www/stendhal/lib/openid/lightopenid.php on line 156

Warning: file_get_contents(http://not.existing/) [function.file-get-contents]: failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in /srv/www/stendhal/lib/openid/lightopenid.php on line 156

Sep 27, 2010
Project Member #1 mewp...@gmail.com
I have thought about how to fix the problem, but have no idea so far.

I know of no method to check validity of the url without actually connecting to it, and therefore generating a warning.

There is checkdnsrr() function, but it only works for dns names (so for example "localhost" wouldn't work).

Suppressing the error with @ isn't a good solution either, because it will generate the error anyway (interfering with custom error handlers).

If you (or anyone else) have any idea how to do it, please tell me.
Status: Accepted
Sep 27, 2010
#2 HendrikU...@nexgo.de
Sorry, I don't have a good idea.

The following code handles the case of invalid domains by using gethostbynamel which supports both "localhost" and ip-addresses. 

But if the domain exists and there is just no webserver, it will still cause a silent error.

--- lightopenid.php     27 Sep 2010 17:46:37 -0000      1.5
+++ lightopenid.php     27 Sep 2010 18:32:10 -0000
@@ -148,8 +148,16 @@
             );
 
             $url = $url . ($params ? '?' . $params : '');
-            $headers_tmp = get_headers ($url);
-            
+
+            # connecting to server
+            if (!$this->doesServerExist($url)) {
+                return null;
+            }
+            $headers_tmp = @get_headers($url);
+            if (!isset($headers_tmp)) {
+                return null;
+            }
+
             # Parsing headers.
             $headers = array();
             foreach($headers_tmp as $header) {
@@ -225,6 +233,9 @@
         for ($i = 0; $i < 5; $i ++) {
             if ($yadis) {
                 $headers = $this->request($url, 'HEAD');
+                if (!isset($headers)) {
+                    throw new ErrorException('No servers found!');
+                }
 
                 $next = false;
                     if (isset($headers['x-xrds-location'])) {
@@ -602,4 +613,24 @@
         }
         return $this->getSregAttributes();
     }
+
+    /**
+     * checks if the server specified in the url exists.
+     *
+     * @param $url url to check
+     * @return true, if the server exists; false otherwise
+     */
+    function doesServerExist($url)
+    {
+        if (strpos($url, '/') === false) {
+            $server = $url;
+        } else {
+            $server = @parse_url($url, PHP_URL_HOST);
+        }
+        if ($server === false) {
+            return false;
+        }
+        $ip = gethostbynamel($server);
+        return ($ip !== false);
+    }
 }




phpunit:
<?php
require_once('lib/openid/lightopenid.php');

class LightOpenidTest extends PHPUnit_Framework_TestCase {

	public function testDoesServerExist() {
		$openid = new LightOpenID();
		$this->assertTrue($openid->doesServerExist("localhost"));
		$this->assertTrue($openid->doesServerExist("www.google.com"));
		$this->assertTrue($openid->doesServerExist("ip6-loopback"));
		$this->assertTrue($openid->doesServerExist("127.0.0.1"));
		$this->assertFalse($openid->doesServerExist("not.exists"));

		$this->assertTrue($openid->doesServerExist("http://me.yahoo.com"));
		$this->assertTrue($openid->doesServerExist("http://me.yahoo.com/"));
		$this->assertTrue($openid->doesServerExist("http://me.yahoo.com:80"));
		$this->assertTrue($openid->doesServerExist("http://me.yahoo.com:80/"));

		$this->assertFalse($openid->doesServerExist("http://not.exists"));
		$this->assertFalse($openid->doesServerExist("http://not.exists/"));
		$this->assertFalse($openid->doesServerExist("http://not.exists:80/"));
	}
}


PS: Thanks a lot for your fixes and providing lightopenid in the first place.
Sep 27, 2010
Project Member #3 mewp...@gmail.com
Thanks! I'll include the fix.

However, throwing an error after the first HEAD fails isn't correct behavior. 

From section 7.3 of the spec:
If the Yadis protocol fails [realized mostly by a HEAD request] and no valid XRDS document is retrieved, or no Service Elements are found in the XRDS document, the URL is retrieved and HTML-Based discovery SHALL be attempted.

And anyway, $headers would be set and equal to null, so that isset($headers) == true, and empty($headers) == true.

I would however throw an error if the server isn't found, because further discovery is impossible.
Status: Started
Sep 27, 2010
Project Member #4 mewp...@gmail.com
Ok, it's commited now, with some changes and unrelated bugfixes.

Also, I'm sure that you will test it, so please tell me if you find that everything works, so I can upload the current version as lightopenid-0.3.
Status: Fixed
Sep 27, 2010
#5 HendrikU...@nexgo.de
I successfully tested it with myopenid.com, delegation to myopenid.com, google and yahoo. And there are no more php warning on invalid domains.

Thanks a lot.

Powered by Google Project Hosting