XH_isAccessProtected(): Port and Timeout

A place to report and discuss bugs - please mention CMSimple-version, server, platform and browser version
Post Reply
cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:
Contact cmb

XH_isAccessProtected(): Port and Timeout

Post by cmb » Thu Feb 13, 2014 11:42 pm

Hello Community,

stoa reported issues regarding the system info of CMSimple_XH 1.6 on Portable_XH. As it turned out these are caused by a bug, where port 80 is hard-coded in the function, and additionally stream_set_timeout() is not called to avoid a general PHP timeout (max_execution_time).

I suggest the following patch for XH 1.6.2:

Code: Select all

Index: adminfuncs.php
===================================================================
--- adminfuncs.php	(revision 3)
+++ adminfuncs.php	(working copy)
@@ -178,8 +178,9 @@
 function XH_isAccessProtected($path)
 {
     $host = $_SERVER['HTTP_HOST'];
-    $stream = fsockopen($host, 80, $errno, $errstr, 5);
+    $stream = fsockopen($host, $_SERVER['SERVER_PORT'], $errno, $errstr, 5);
     if ($stream) {
+        stream_set_timeout($stream, 5);
         $request = "HEAD $path HTTP/1.1\r\nHost: $host\r\n"
             . "User-Agent: CMSimple_XH\r\n\r\n";
         fwrite($stream, $request);
Using $_SERVER['SERVER_PORT'] should be reliable in this case, because this is part of the administration. The 5 seconds timeout for writing/reading the stream are somewhat arbitrary, but that should be sufficient to avoid general timeouts (XH_isAccessProtected() is only called twice at present) and also to cater for a rather busy server.

In the long run (1.7/2.0) it might be better to transfer this check to JavaScript, what shouldn't be a big deal, because there are no SOP issues involved.

Christoph

PS: done (r1275).
Last edited by cmb on Sat May 10, 2014 5:16 pm, edited 1 time in total.
Reason: added PS
Christoph M. Becker – Plugins for CMSimple_XH
Top
Post Reply

Return to “Bugs”