Support ⇒ Troubleshootings ⇒ [DF 9.4] Infinite Recursion Hazard in get_fileinfo() ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexTroubleshootings

[DF 9.4] Infinite Recursion Hazard in get_fileinfo() Reply to topic


Found a problem the other day with my Dragonfly 9.4.0.0 installation that was actually killing the server. What had happened was an RSS feed had changed, forcing a redirect from http:// to https:// that put the server in an infinite loop. The get_fileinfo() function that pulls the file (for this, and other modules), does not handle the HTTPS scheme, and assumes all URLs are HTTP.

What would happen is that get_fileinfo() would pull the URL, get a 301 Moved Permanently, and then recursively call itself, but it would attempt the http:// version of the URL, get a 301... and recursively call itself. Since get_fileinfo() doesn't track or limit its recursion, this would put the server in an infinite loop, and the server would become unresponsive.

I rewrote get_fileinfo(), using cURL to handle the protocol issues, and bolstered the animated GIF detection method. I retained the legacy method, for the (perhaps odd) case that cURL isn't installed. URLs with a HTTPS scheme are forced to cURL, since the legacy method doesn't support it at all.

The bugtracker no longer accepts DF <10 bugs, it appears, so I present the solution here in the form of an updated (/includes/functions/linking.php). Hopefully this'll prove useful to others.
Attachment: linking.php.zip
Description Added cURL support to handle HTTPs and improved animated GIF detection. Removed infinite recursion hazard from redirects.
Filename linking.php.zip
Filesize 3.74 KiB
Downloaded 2 Time(s)
You are not allowed to view/download this attachment

It is pitch black. You are likely to be eaten by a grue.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Ubuntu 12.04, Atom D525/Apache 2.2.22/MySQL 5.5.38/PHP 5.3.10/Dragonfly 9.4.0.0 CVS


Thanks darkgrue, I made a different fix using a while loop to stop redirects after 20 seconds.
See code.google.com/p/drag...mp;name=v9

Can you test if it works?
If so, then your curl part can be added

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial

Last edited by DJ Maze on Sat Jan 03, 2015 12:47 am; edited 1 time in total


DJ, tried the new file, isn't giving me results like I'd expect. It doesn't seem to be coming back from the while() like I'd expect, I get a blank page back from the CMS. Putting a cpg_error() call at the end of the while() seems to indicate it never gets there.

I completely forgot about some of the edge cases in the legacy code in my original fix, this one fixes that. I used a different approach to handle redirects, I added a counter to the callback so it can count how many recursions deep it is. It should be more reliable than a timer-based fail-safe, as it won't be affected by delays caused by other variances.

See what ya think... Very Happy
Attachment: linking.zip
Description
Filename linking.zip
Filesize 3.79 KiB
Downloaded 1 Time(s)
You are not allowed to view/download this attachment

It is pitch black. You are likely to be eaten by a grue.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Ubuntu 12.04, Atom D525/Apache 2.2.22/MySQL 5.5.38/PHP 5.3.10/Dragonfly 9.4.0.0 CVS


You have a link of the RSS feed so i can test?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


# HG changeset patch # User nanocaiordo # Date 1441718092 -7200 # Branch v9 # Node ID eb1821ee632834e95e8dd180cc29206450edda0b # Parent 41e2ff677df13144a6e39259c6e1889854850e5e Bugfix http://dragonflycms.org/Forums/viewtopic/t=25331.html diff -r 41e2ff677df1 -r eb1821ee6328 includes/functions/linking.php --- a/includes/functions/linking.php Mon Jan 19 12:25:54 2015 +0100 +++ b/includes/functions/linking.php Tue Sep 08 15:14:52 2015 +0200 @@ -105,14 +105,14 @@ if (!isset($rdf['host'])) return false; if (!isset($rdf['path'])) $rdf['path'] = '/'; if (!isset($rdf['port'])) { - if ('https' == $parts['scheme']) { + if ('https' == $rdf['scheme']) { $rdf['port'] = 443; - } else if ('http' == $parts['scheme']) { + } else if ('http' == $rdf['scheme']) { $rdf['port'] = 80; } } - if ('https' == $parts['scheme']) { - $parts['host'] = 'ssl://'.$parts['host']; + if ('https' == $rdf['scheme']) { + $rdf['host'] = 'ssl://'.$rdf['host']; } if (!isset($rdf['query'])) $rdf['query'] = ''; elseif ($rdf['query'] != '') $rdf['query'] = '?'.$rdf['query'];

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS

All times are UTC


Jump to: