42 function getURLContent($url, $postorget =
'GET', $param =
'', $followlocation = 1, $addheaders = array(), $allowedschemes = array(
'http',
'https'), $localurl = 0, $ssl_verifypeer = -1)
46 $USE_PROXY = !
getDolGlobalString(
'MAIN_PROXY_USE') ? 0 : $conf->global->MAIN_PROXY_USE;
47 $PROXY_HOST = !
getDolGlobalString(
'MAIN_PROXY_HOST') ? 0 : $conf->global->MAIN_PROXY_HOST;
48 $PROXY_PORT = !
getDolGlobalString(
'MAIN_PROXY_PORT') ? 0 : $conf->global->MAIN_PROXY_PORT;
49 $PROXY_USER = !
getDolGlobalString(
'MAIN_PROXY_USER') ? 0 : $conf->global->MAIN_PROXY_USER;
50 $PROXY_PASS = !
getDolGlobalString(
'MAIN_PROXY_PASS') ? 0 : $conf->global->MAIN_PROXY_PASS;
52 dol_syslog(
"getURLContent postorget=".$postorget.
" URL=".$url.
" param=".$param);
61 curl_setopt($ch, CURLOPT_VERBOSE, 1);
62 curl_setopt($ch, CURLOPT_USERAGENT,
'Dolibarr geturl function');
66 @curl_setopt($ch, CURLOPT_FOLLOWLOCATION,
false);
68 if (is_array($addheaders) && count($addheaders)) {
69 curl_setopt($ch, CURLOPT_HTTPHEADER, $addheaders);
71 curl_setopt($ch, CURLINFO_HEADER_OUT,
true);
76 curl_setopt($ch, CURLOPT_SSLVERSION, $conf->global->MAIN_CURL_SSLVERSION);
81 if ($ssl_verifypeer < 0) {
82 global $dolibarr_main_prod;
83 $ssl_verifypeer = ($dolibarr_main_prod ? true :
false);
90 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, ($ssl_verifypeer ?
true :
false));
91 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, ($ssl_verifypeer ?
true :
false));
95 $redir_list = array();
96 if (is_array($allowedschemes)) {
97 foreach ($allowedschemes as $allowedscheme) {
98 if ($allowedscheme ==
'http') {
99 $protocols |= CURLPROTO_HTTP;
100 $redir_list[
"HTTP"] = 1;
101 } elseif ($allowedscheme ==
'https') {
102 $protocols |= CURLPROTO_HTTPS;
103 $redir_list[
"HTTPS"] = 1;
104 } elseif ($allowedscheme ==
'ftp') {
105 $protocols |= CURLPROTO_FTP;
106 $redir_list[
"FTP"] = 1;
107 } elseif ($allowedscheme ==
'ftps') {
108 $protocols |= CURLPROTO_FTPS;
109 $redir_list[
"FTPS"] = 1;
114 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,
getDolGlobalInt(
'MAIN_USE_CONNECT_TIMEOUT', 5));
115 curl_setopt($ch, CURLOPT_TIMEOUT,
getDolGlobalInt(
'MAIN_USE_RESPONSE_TIMEOUT', 30));
119 if ($maxsize && defined(
'CURLOPT_MAXFILESIZE_LARGE')) {
120 curl_setopt($ch, CURLOPT_MAXFILESIZE_LARGE, $maxsize);
122 if ($maxsize && defined(
'CURLOPT_MAXFILESIZE')) {
123 curl_setopt($ch, CURLOPT_MAXFILESIZE, $maxsize);
127 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
128 if ($postorget ==
'POST') {
129 curl_setopt($ch, CURLOPT_POST, 1);
130 curl_setopt($ch, CURLOPT_POSTFIELDS, $param);
131 } elseif ($postorget ==
'POSTALREADYFORMATED') {
132 curl_setopt($ch, CURLOPT_CUSTOMREQUEST,
'POST');
133 curl_setopt($ch, CURLOPT_POSTFIELDS, $param);
134 } elseif ($postorget ==
'PUT') {
136 curl_setopt($ch, CURLOPT_CUSTOMREQUEST,
'PUT');
137 if (!is_array($param)) {
138 parse_str($param, $array_param);
140 dol_syslog(
"parameter param must be a string", LOG_WARNING);
141 $array_param = $param;
143 curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($array_param));
144 } elseif ($postorget ==
'PUTALREADYFORMATED') {
145 curl_setopt($ch, CURLOPT_CUSTOMREQUEST,
'PUT');
146 curl_setopt($ch, CURLOPT_POSTFIELDS, $param);
147 } elseif ($postorget ==
'HEAD') {
148 curl_setopt($ch, CURLOPT_CUSTOMREQUEST,
'HEAD');
149 curl_setopt($ch, CURLOPT_NOBODY,
true);
150 } elseif ($postorget ==
'DELETE') {
151 curl_setopt($ch, CURLOPT_CUSTOMREQUEST,
'DELETE');
153 curl_setopt($ch, CURLOPT_POST, 0);
158 dol_syslog(
"getURLContent set proxy to ".$PROXY_HOST.
":".$PROXY_PORT.
" - ".$PROXY_USER.
":".$PROXY_PASS);
160 curl_setopt($ch, CURLOPT_PROXY, $PROXY_HOST.
":".$PROXY_PORT);
162 curl_setopt($ch, CURLOPT_PROXYUSERPWD, $PROXY_USER.
":".$PROXY_PASS);
172 if ($maxRedirection < 1) {
176 curl_setopt($ch, CURLOPT_URL, $newUrl);
179 $newUrlArray = parse_url($newUrl);
180 $hosttocheck = $newUrlArray[
'host'];
181 $hosttocheck = str_replace(array(
'[',
']'),
'', $hosttocheck);
184 if (in_array($hosttocheck, array(
'metadata.google.internal'))) {
185 $info[
'http_code'] = 400;
186 $info[
'content'] =
'Error bad hostname '.$hosttocheck.
' (Used by Google metadata). This value for hostname is not allowed.';
191 if (in_array($hosttocheck, array(
'localhost',
'localhost.domain'))) {
192 $iptocheck =
'127.0.0.1';
193 } elseif (in_array($hosttocheck, array(
'ip6-localhost',
'ip6-loopback'))) {
197 if (function_exists(
'gethostbyname')) {
198 $iptocheck = gethostbyname($hosttocheck);
200 $iptocheck = $hosttocheck;
206 if (!filter_var($iptocheck, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6)) {
213 $info[
'http_code'] = 400;
214 $info[
'content'] = $tmpresult;
221 if (defined(
'CURLOPT_CONNECT_TO')) {
222 $connect_to = array(sprintf(
"%s:%d:%s:%d", $newUrlArray[
'host'], empty($newUrlArray[
'port']) ?
'' : $newUrlArray[
'port'], $iptocheck, empty($newUrlArray[
'port']) ?
'' : $newUrlArray[
'port']));
225 curl_setopt($ch, CURLOPT_CONNECT_TO, $connect_to);
231 curl_setopt($ch, CURLOPT_PROTOCOLS, $protocols);
232 curl_setopt($ch, CURLOPT_REDIR_PROTOCOLS, $protocols);
240 $response = curl_exec($ch);
242 $info = curl_getinfo($ch);
243 $http_code = $info[
'http_code'];
245 if ($followlocation && ($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307)) {
246 $newUrl = $info[
'redirect_url'];
253 }
while ($http_code);
255 $request = curl_getinfo($ch, CURLINFO_HEADER_OUT);
257 dol_syslog(
"getURLContent request=".$request);
260 dol_syslog(
"getURLContent request=".$request, LOG_DEBUG, 0,
'_curl');
261 dol_syslog(
"getURLContent response =".$response, LOG_DEBUG, 0,
'_curl');
263 dol_syslog(
"getURLContent response size=".strlen($response));
266 if (curl_errno($ch)) {
268 $rep[
'content'] = $response;
271 $rep[
'curl_error_no'] = curl_errno($ch);
272 $rep[
'curl_error_msg'] = curl_error($ch);
274 dol_syslog(
"getURLContent response array is ".implode(
',', $rep));
282 dol_syslog(
"getURLContent http_code=".$rep[
'http_code']);
286 $rep[
'content'] = $response;
288 $rep[
'curl_error_no'] =
'';
289 $rep[
'curl_error_msg'] =
'';
307 if ($localurl == 0) {
308 if (!filter_var($iptocheck, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
310 $errormsg =
'Error bad hostname IP (private or reserved range). Must be an external URL.';
313 if (!empty($_SERVER[
"SERVER_ADDR"]) && $iptocheck == $_SERVER[
"SERVER_ADDR"]) {
314 $errormsg =
'Error bad hostname IP (IP is a local IP). Must be an external URL.';
318 $errormsg =
'Error bad hostname IP (IP is a local IP defined into MAIN_SECURITY_SERVER_IP). Must be an external URL.';
322 if ($localurl == 1) {
324 if (filter_var($iptocheck, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
325 $errormsg =
'Error bad hostname '.$iptocheck.
'. Must be a local URL.';
329 $errormsg =
'Error bad hostname IP (IP is not a local IP defined into list MAIN_SECURITY_SERVER_IP). Must be a local URL in allowed list.';
337 $arrayofmetadataserver = array(
338 '100.100.100.200' =>
'Alibaba',
339 '192.0.0.192' =>
'Oracle',
340 '192.80.8.124' =>
'Packet',
341 '100.88.222.5' =>
'Tencent cloud',
343 foreach ($arrayofmetadataserver as $ipofmetadataserver => $nameofmetadataserver) {
344 if ($iptocheck == $ipofmetadataserver) {
345 $errormsg =
'Error bad hostname IP (Used by '.$nameofmetadataserver.
' metadata server). This IP is forbidden.';
363 $arrayof2levetopdomain = array(
364 'co.at',
'or.at',
'gv.at',
365 'avocat.fr',
'aeroport.fr',
'veterinaire.fr',
366 'com.ng',
'gov.ng',
'gov.ua',
'com.ua',
'in.ua',
'org.ua',
'edu.ua',
'net.ua',
367 'net.uk',
'org.uk',
'gov.uk',
'co.uk',
373 $parts = array_reverse(explode(
'.', $url));
374 if (!empty($parts[1]) && in_array($parts[1].
'.'.$parts[0], $arrayof2levetopdomain)) {
378 if ($tldon2level && $mode > 0) {
382 $tmpdomain = preg_replace(
'/^https?:\/\//i',
'', $url);
383 $tmpdomain = preg_replace(
'/\/.*$/i',
'', $tmpdomain);
385 $tmpdomain = preg_replace(
'/^.*\.([^\.]+)\.([^\.]+)\.([^\.]+)\.([^\.]+)$/',
'\1.\2.\3.\4', $tmpdomain);
386 } elseif ($mode == 2) {
387 $tmpdomain = preg_replace(
'/^.*\.([^\.]+)\.([^\.]+)\.([^\.]+)$/',
'\1.\2.\3', $tmpdomain);
388 } elseif ($mode == 1) {
389 $tmpdomain = preg_replace(
'/^.*\.([^\.]+)\.([^\.]+)$/',
'\1.\2', $tmpdomain);
394 $tmpdomain = preg_replace(
'/^.*\.([^\.]+)\.([^\.]+)\.([^\.]+)$/',
'\1.\2.\3', $tmpdomain);
395 $tmpdomain = preg_replace(
'/\.[^\.]+\.[^\.]+$/',
'', $tmpdomain);
397 $tmpdomain = preg_replace(
'/^.*\.([^\.]+)\.([^\.]+)$/',
'\1.\2', $tmpdomain);
398 $tmpdomain = preg_replace(
'/\.[^\.]+$/',
'', $tmpdomain);
416 return preg_replace(
'/^([a-z]*:\/\/[^\/]*).*/i',
'$1', $url);
427 $content = preg_replace(
'/<!--[^\-]+-->/',
'', $content);
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
getDomainFromURL($url, $mode=0)
Function get second level domain name.
isIPAllowed($iptocheck, $localurl)
Is IP allowed.
getRootURLFromURL($url)
Function root url from a long url For example: https://www.abc.mydomain.com/dir/page....
getURLContent($url, $postorget='GET', $param='', $followlocation=1, $addheaders=array(), $allowedschemes=array('http', 'https'), $localurl=0, $ssl_verifypeer=-1)
Function to get a content from an URL (use proxy if proxy defined).
removeHtmlComment($content)
Function to remove comments into HTML content.