CURLOPT_FOLLOWLOCATION and open_basedir

Question

CURLOPT_FOLLOWLOCATION and open_basedir

jportoles opened this issue 8 years ago · comments

Hey, great work on the library, we've been testing it and it seems to be pretty robust. We ran into a minor issue and I'd like to propose a change:

Basically, BaseHTTPQRCodeProvider crashes if the open_basedir php directive is set, and it doesn't appear that a workaround exists:

http://stackoverflow.com/questions/19539922/php-can-curlopt-followlocation-and-open-basedir-be-used-together

And while "just turn the directive off" can be a solution for some, like the thread there suggests it can be a security liability to get rid of it. So I would vote to remove CURLOPT_FOLLOWLOCATION from the class, unless there's a compelling reason to keep it. Google Charts seems to work fine at least without redirects.

Rob Janssen · Answer 1 · Tue Jun 21 2016 05:04:53 GMT+0800 (China Standard Time)

I don't have a problem with removing the CURLOPT_FOLLOWLOCATION option. On it.

Rob Janssen · Answer 2 · Tue Jun 21 2016 05:17:40 GMT+0800 (China Standard Time)

Here you go! 😄

jportoles · Answer 3 · Tue Jun 21 2016 08:58:52 GMT+0800 (China Standard Time)

Hurray, thanks! We were already running this change in a hacky way, but it's always nicer to have it in the upstream version.