From c739d7b1b3641cd9cfde390a5783efd413ec2db2 Mon Sep 17 00:00:00 2001
From: Julian Prieber <60265788+JulianPrieber@users.noreply.github.com>
Date: Thu, 16 Jun 2022 09:56:36 +0200
Subject: [PATCH] Fixed cURL error 7 on proxied server
---
resources/views/layouts/sidebar.blade.php | 28 +++++++++++++++++------
resources/views/panel/diagnose.blade.php | 26 ++++++++++++++++-----
2 files changed, 41 insertions(+), 13 deletions(-)
diff --git a/resources/views/layouts/sidebar.blade.php b/resources/views/layouts/sidebar.blade.php
index 9578f35..94b1c81 100755
--- a/resources/views/layouts/sidebar.blade.php
+++ b/resources/views/layouts/sidebar.blade.php
@@ -74,12 +74,26 @@ function has_sslsb( $domain ) {
$actual_linksb = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
}
+function getUrlSatusCodesb($urlsb, $timeoutsb = 3)
+ {
+ $chsb = curl_init();
+ $optssb = array(CURLOPT_RETURNTRANSFER => true, // do not output to browser
+ CURLOPT_URL => $urlsb,
+ CURLOPT_NOBODY => true, // do a HEAD request only
+ CURLOPT_TIMEOUT => $timeoutsb);
+ curl_setopt_array($chsb, $optssb);
+ curl_exec($chsb);
+ $status = curl_getinfo($chsb, CURLINFO_HTTP_CODE);
+ curl_close($chsb);
+ return $status;
+ }
+
// Files or directories to test if accessible externally
-$url1sb = Http::get($actual_linksb . '/../../.env');
-$url2sb = Http::get($actual_linksb . '/../../database/database.sqlite');
+$url1sb = getUrlSatusCodesb($actual_linksb . '/../../.env');
+$url2sb = getUrlSatusCodesb($actual_linksb . '/../../database/database.sqlite');
// sets compromised to true if config files got compromised
-if ($url1sb->successful() or $url2sb->successful()) {
+if($url1sb == '200' or $url2sb == '200') {
$compromised = "true";
} else {
$compromised = "false";
@@ -223,9 +237,9 @@ if ($url1sb->successful() or $url2sb->successful()) {
@elseif(env('NOTIFY_UPDATES') == 'true' or env('NOTIFY_UPDATES') === 'major' or env('NOTIFY_UPDATES') === 'all')
<?php // Checks if URL exists
try {
- function URL_exists(string $url): bool
+ function URL_exists(string $urlsb): bool
{
- return str_contains(get_headers($url)[0], "200 OK");
+ return str_contains(get_headers($urlsb)[0], "200 OK");
}
// Sets $ServerExists to true if URL exists
if (URL_exists("https://julianprieber.github.io/littlelink-custom/version.json")){
@@ -283,9 +297,9 @@ if ($url1sb->successful() or $url2sb->successful()) {
<! –– #### begin event detection #### ––>
<?php
try {
- function URL_event_exists(string $url): bool
+ function URL_event_exists(string $urlsb): bool
{
- return str_contains(get_headers($url)[0], "200 OK");
+ return str_contains(get_headers($urlsb)[0], "200 OK");
}
if (URL_event_exists("https://julianprieber.github.io/littlelink-custom-events/event.json")){
$EventServerExists = "true";
diff --git a/resources/views/panel/diagnose.blade.php b/resources/views/panel/diagnose.blade.php
index 06af2e2..b1a5fb3 100644
--- a/resources/views/panel/diagnose.blade.php
+++ b/resources/views/panel/diagnose.blade.php
@@ -10,6 +10,8 @@ $wfalse = "<td style=\"text-align: center; cursor: help;\" title=\"This file can
$utrue = "<td style=\"text-align: center; cursor: help;\" title=\"Your security is at risk. This file can be accessed by everyone. Immediate action is required!\">❗</td>";
$ufalse = "<td style=\"text-align: center; cursor: help;\" title=\"Everything is working as expected!\">✔️</td>";
+$unull = "<td style=\"text-align: center; cursor: help;\" title=\"Something went wrong. This might be normal if you're running behind a proxy or docker container.\">➖</td>";
+
$server = $_SERVER['SERVER_NAME'];
$uri = $_SERVER['REQUEST_URI'];
@@ -29,21 +31,33 @@ if (has_ssl($server)) {
$actual_link = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
}
+function getUrlSatusCode($url, $timeout = 3)
+ {
+ $ch = curl_init();
+ $opts = array(CURLOPT_RETURNTRANSFER => true, // do not output to browser
+ CURLOPT_URL => $url,
+ CURLOPT_NOBODY => true, // do a HEAD request only
+ CURLOPT_TIMEOUT => $timeout);
+ curl_setopt_array($ch, $opts);
+ curl_exec($ch);
+ $status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+ curl_close($ch);
+ return $status;
+ }
//Files or directories to test if writable
$wrt1 = is_writable('.env');
$wrt2 = is_writable('database/database.sqlite');
//Files or directories to test if accessible externally
-$url1 = Http::get($actual_link . '/../../.env');
-$url2 = Http::get($actual_link . '/../../database/database.sqlite');
-
+$url1 = getUrlSatusCode($actual_link . '/../../.env');
+$url2 = getUrlSatusCode($actual_link . '/../../database/database.sqlite');
?>
<h2 class="mb-4"><i class="bi bi-braces-asterisk"> Debugging information</i></h2>
- @if($url1->successful() or $url2->successful())
+ @if($url1 == '200' or $url2 == '200')
<a href="https://docs.littlelink-custom.com/d/installation-requirements/" target="_blank"><h4 style="color:tomato;">Your security is at risk. Some files can be accessed by everyone. Immediate action is required! <br> Click this message to learn more.</h4></a>
@endif
@@ -83,11 +97,11 @@ $url2 = Http::get($actual_link . '/../../database/database.sqlite');
<tbody>
<tr>
<td title="">{{ url('/.env') }}</td>
- <?php if ($url1->successful()) {echo "$utrue";} else {echo "$ufalse";} ?>
+ <?php if($url1 == '200'){echo "$utrue";} elseif($url1 == '0'){echo "$unull";} else{echo "$ufalse";} ?>
</tr>
<tr>
<td title="">{{ url('/database/database.sqlite') }}</td>
- <?php if ($url2->successful()) {echo "$utrue";} else {echo "$ufalse";} ?>
+ <?php if($url2 == '200'){echo "$utrue";} elseif($url2 == '0'){echo "$unull";} else{echo "$ufalse";} ?>
</tr>
</tbody>
</table>