<?php /* * url.php * * Using SafeCurl\Url to only valid a URL */ require '../vendor/autoload.php'; use fin1te\SafeCurl\Options; use fin1te\SafeCurl\Url; try { $safeUrl = Url::validateUrl('http://google.com', new Options()); } catch (Exception $e) { //Handle exception }
/** * Exectutes a cURL request, whilst checking that the * URL abides by our whitelists/blacklists * * @param $url string * @param $curlHandle resource optional - Incase called on an object rather than statically * @param $options SafeCurl\Options optional * * @return bool */ public static function execute($url, $curlHandle = null, Options $options = null) { //Check if we've been called staticly or not if (isset($this) && get_class($this) == __CLASS__) { $safeCurl = $this; //Get the cURL handle, if it wasn't passed in if (!is_resource($curlHandle) || get_resource_type($curlHandle) != 'curl') { $curlHandle = $this->getCurlHandle(); } } else { $safeCurl = new SafeCurl($curlHandle, $options); } //Backup the existing URL $originalUrl = $url; //Execute, catch redirects and validate the URL $redirected = false; $redirectCount = 0; $redirectLimit = $safeCurl->getOptions()->getFollowLocationLimit(); $followLocation = $safeCurl->getOptions()->getFollowLocation(); do { //Validate the URL $url = Url::validateUrl($url, $safeCurl->getOptions()); //Are there credentials, but we don't want to send them? if (!$safeCurl->getOptions()->getSendCredentials() && (array_key_exists('user', $url) || array_key_exists('pass', $url))) { throw new InvalidURLException("Credentials passed in but 'sendCredentials' is set to false"); } if ($safeCurl->getOptions()->getPinDns()) { //Send a Host header curl_setopt($curlHandle, CURLOPT_HTTPHEADER, array('Host: ' . $url['parts']['host'])); //The "fake" URL curl_setopt($curlHandle, CURLOPT_URL, $url['cleanUrl']); //We also have to disable SSL cert verfication, which is not great //Might be possible to manually check the certificate ourselves? curl_setopt($curlHandle, CURLOPT_SSL_VERIFYPEER, false); } else { curl_setopt($curlHandle, CURLOPT_URL, $url['cleanUrl']); } //Execute the cURL request $response = curl_exec($curlHandle); //Check for any errors if (curl_errno($curlHandle)) { throw new Exception("cURL Error: " . curl_error($curlHandle)); } //Check for an HTTP redirect if ($followLocation) { $statusCode = curl_getinfo($curlHandle, CURLINFO_HTTP_CODE); switch ($statusCode) { case 301: case 302: case 303: case 307: case 308: if ($redirectLimit == 0 || ++$redirectCount < $redirectLimit) { //Redirect received, so rinse and repeat $url = curl_getinfo($curlHandle, CURLINFO_REDIRECT_URL); $redirected = true; } else { throw new Exception("Redirect limit '{$redirectLimit}' hit"); } break; default: $redirected = false; } } } while ($redirected); return $response; }