| Issue 6: | PHP warnings on invalid domain | |
| 1 person starred this issue and may be notified of changes. | Back to list |
If a user enters an invalid domain like http://not.exists the following PHP warnings are generated: Warning: get_headers() [function.get-headers]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /srv/www/stendhal/lib/openid/lightopenid.php on line 148 Warning: get_headers(http://not.existing/) [function.get-headers]: failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in /srv/www/stendhal/lib/openid/lightopenid.php on line 148 Warning: file_get_contents() [function.file-get-contents]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /srv/www/stendhal/lib/openid/lightopenid.php on line 156 Warning: file_get_contents(http://not.existing/) [function.file-get-contents]: failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in /srv/www/stendhal/lib/openid/lightopenid.php on line 156 Warning: file_get_contents() [function.file-get-contents]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /srv/www/stendhal/lib/openid/lightopenid.php on line 156 Warning: file_get_contents(http://not.existing/) [function.file-get-contents]: failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in /srv/www/stendhal/lib/openid/lightopenid.php on line 156
Sep 27, 2010
Project Member
#1
mewp...@gmail.com
Status:
Accepted
Sep 27, 2010
Sorry, I don't have a good idea.
The following code handles the case of invalid domains by using gethostbynamel which supports both "localhost" and ip-addresses.
But if the domain exists and there is just no webserver, it will still cause a silent error.
--- lightopenid.php 27 Sep 2010 17:46:37 -0000 1.5
+++ lightopenid.php 27 Sep 2010 18:32:10 -0000
@@ -148,8 +148,16 @@
);
$url = $url . ($params ? '?' . $params : '');
- $headers_tmp = get_headers ($url);
-
+
+ # connecting to server
+ if (!$this->doesServerExist($url)) {
+ return null;
+ }
+ $headers_tmp = @get_headers($url);
+ if (!isset($headers_tmp)) {
+ return null;
+ }
+
# Parsing headers.
$headers = array();
foreach($headers_tmp as $header) {
@@ -225,6 +233,9 @@
for ($i = 0; $i < 5; $i ++) {
if ($yadis) {
$headers = $this->request($url, 'HEAD');
+ if (!isset($headers)) {
+ throw new ErrorException('No servers found!');
+ }
$next = false;
if (isset($headers['x-xrds-location'])) {
@@ -602,4 +613,24 @@
}
return $this->getSregAttributes();
}
+
+ /**
+ * checks if the server specified in the url exists.
+ *
+ * @param $url url to check
+ * @return true, if the server exists; false otherwise
+ */
+ function doesServerExist($url)
+ {
+ if (strpos($url, '/') === false) {
+ $server = $url;
+ } else {
+ $server = @parse_url($url, PHP_URL_HOST);
+ }
+ if ($server === false) {
+ return false;
+ }
+ $ip = gethostbynamel($server);
+ return ($ip !== false);
+ }
}
phpunit:
<?php
require_once('lib/openid/lightopenid.php');
class LightOpenidTest extends PHPUnit_Framework_TestCase {
public function testDoesServerExist() {
$openid = new LightOpenID();
$this->assertTrue($openid->doesServerExist("localhost"));
$this->assertTrue($openid->doesServerExist("www.google.com"));
$this->assertTrue($openid->doesServerExist("ip6-loopback"));
$this->assertTrue($openid->doesServerExist("127.0.0.1"));
$this->assertFalse($openid->doesServerExist("not.exists"));
$this->assertTrue($openid->doesServerExist("http://me.yahoo.com"));
$this->assertTrue($openid->doesServerExist("http://me.yahoo.com/"));
$this->assertTrue($openid->doesServerExist("http://me.yahoo.com:80"));
$this->assertTrue($openid->doesServerExist("http://me.yahoo.com:80/"));
$this->assertFalse($openid->doesServerExist("http://not.exists"));
$this->assertFalse($openid->doesServerExist("http://not.exists/"));
$this->assertFalse($openid->doesServerExist("http://not.exists:80/"));
}
}
PS: Thanks a lot for your fixes and providing lightopenid in the first place.
Sep 27, 2010
Thanks! I'll include the fix. However, throwing an error after the first HEAD fails isn't correct behavior. From section 7.3 of the spec: If the Yadis protocol fails [realized mostly by a HEAD request] and no valid XRDS document is retrieved, or no Service Elements are found in the XRDS document, the URL is retrieved and HTML-Based discovery SHALL be attempted. And anyway, $headers would be set and equal to null, so that isset($headers) == true, and empty($headers) == true. I would however throw an error if the server isn't found, because further discovery is impossible.
Status:
Started
Sep 27, 2010
Ok, it's commited now, with some changes and unrelated bugfixes. Also, I'm sure that you will test it, so please tell me if you find that everything works, so I can upload the current version as lightopenid-0.3.
Status:
Fixed
Sep 27, 2010
I successfully tested it with myopenid.com, delegation to myopenid.com, google and yahoo. And there are no more php warning on invalid domains. Thanks a lot. |