Merge branch 'master' into future

* master: (162 commits) fixed revision JS for images upgraded SimplePie to 1.3.1 FS#2708 removed obsolete browser plugin (migrate does it) adjust spacing to match standard 1.4em grid added comment on use of whitelist vs blacklist Updated idfilter() function for IIS use var and remove suggestions when needed Use variable for maximum number of suggestions for quicksearch. And hide suggestions when search field is emptied, or when no suggestion are found. added 'home' class to first link in hierarchical breadcrumbs reduced required max width to go into tablet mode re-added linear gradients for firefox added missing styling for disabled form elements (FS#2705) fixed acronyms in italics (FS#2684) improved print styles (includes fixes for FS#2645 and FS#2707) basic styles improvements Greek language update Use list in acl help text, for more structure Galician language update touch the config on save, even if no changes were made unwind the width narrowing commit put some whitespace between form submit button and fieldset bottom border ... Conflicts: lib/plugins/config/admin.php lib/plugins/config/settings/config.class.php
author: Andreas Gohr <andi@splitbrain.org> 2013-02-03 22:57:45 +0100
committer: Andreas Gohr <andi@splitbrain.org> 2013-02-03 22:57:45 +0100
commit: 3da7921f08ecdda929466921ecc50698f1adf99e (patch)
tree: 0e179e504399e874bfd785d0a95eec44b76d5952 /inc/HTTPClient.php
parent: 6cf2bbfa12b776cf47cb69ae40fb8862f715ad01 (diff)
parent: cc4bb766fdac23358d7b586aa3830b9650eed7a8 (diff)
download: rpg-3da7921f08ecdda929466921ecc50698f1adf99e.tar.gz
rpg-3da7921f08ecdda929466921ecc50698f1adf99e.tar.bz2
1 files changed, 61 insertions, 5 deletions
diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php
index c4cfcbf7c..51c1de875 100644
--- a/inc/HTTPClient.php
+++ b/inc/HTTPClient.php
@@ -254,11 +254,7 @@ class HTTPClient {
         if(!empty($uri['port'])) $headers['Host'].= ':'.$uri['port'];
         $headers['User-Agent'] = $this->agent;
         $headers['Referer']    = $this->referer;
-        if ($this->keep_alive) {
-            $headers['Connection'] = 'Keep-Alive';
-        } else {
-            $headers['Connection'] = 'Close';
-        }
+
         if($method == 'POST'){
             if(is_array($data)){
                 if($headers['Content-Type'] == 'multipart/form-data'){
@@ -299,6 +295,14 @@ class HTTPClient {
                 return false;
             }
 
+            // try establish a CONNECT tunnel for SSL
+            if($this->_ssltunnel($socket, $request_url)){
+                // no keep alive for tunnels
+                $this->keep_alive = false;
+                // tunnel is authed already
+                if(isset($headers['Proxy-Authentication'])) unset($headers['Proxy-Authentication']);
+            }
+
             // keep alive?
             if ($this->keep_alive) {
                 self::$connections[$connectionId] = $socket;
@@ -307,6 +311,15 @@ class HTTPClient {
             }
         }
 
+        if ($this->keep_alive && !$this->proxy_host) {
+            // RFC 2068, section 19.7.1: A client MUST NOT send the Keep-Alive
+            // connection token to a proxy server. We still do keep the connection the
+            // proxy alive (well except for CONNECT tunnels)
+            $headers['Connection'] = 'Keep-Alive';
+        } else {
+            $headers['Connection'] = 'Close';
+        }
+
         try {
             //set non-blocking
             stream_set_blocking($socket, false);
@@ -485,6 +498,49 @@ class HTTPClient {
     }
 
     /**
+     * Tries to establish a CONNECT tunnel via Proxy
+     *
+     * Protocol, Servername and Port will be stripped from the request URL when a successful CONNECT happened
+     *
+     * @param ressource &$socket
+     * @param string &$requesturl
+     * @return bool true if a tunnel was established
+     */
+    function _ssltunnel(&$socket, &$requesturl){
+        if(!$this->proxy_host) return false;
+        $requestinfo = parse_url($requesturl);
+        if($requestinfo['scheme'] != 'https') return false;
+        if(!$requestinfo['port']) $requestinfo['port'] = 443;
+
+        // build request
+        $request  = "CONNECT {$requestinfo['host']}:{$requestinfo['port']} HTTP/1.0".HTTP_NL;
+        $request .= "Host: {$requestinfo['host']}".HTTP_NL;
+        if($this->proxy_user) {
+                'Proxy-Authorization Basic '.base64_encode($this->proxy_user.':'.$this->proxy_pass).HTTP_NL;
+        }
+        $request .= HTTP_NL;
+
+        $this->_debug('SSL Tunnel CONNECT',$request);
+        $this->_sendData($socket, $request, 'SSL Tunnel CONNECT');
+
+        // read headers from socket
+        $r_headers = '';
+        do{
+            $r_line = $this->_readLine($socket, 'headers');
+            $r_headers .= $r_line;
+        }while($r_line != "\r\n" && $r_line != "\n");
+
+        $this->_debug('SSL Tunnel Response',$r_headers);
+        if(preg_match('/^HTTP\/1\.0 200/i',$r_headers)){
+            if (stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)) {
+                $requesturl = $requestinfo['path'];
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
      * Safely write data to a socket
      *
      * @param  handle $socket     An open socket handle
author	Andreas Gohr <andi@splitbrain.org>	2013-02-03 22:57:45 +0100
committer	Andreas Gohr <andi@splitbrain.org>	2013-02-03 22:57:45 +0100
commit	3da7921f08ecdda929466921ecc50698f1adf99e (patch)
tree	0e179e504399e874bfd785d0a95eec44b76d5952 /inc/HTTPClient.php
parent	6cf2bbfa12b776cf47cb69ae40fb8862f715ad01 (diff)
parent	cc4bb766fdac23358d7b586aa3830b9650eed7a8 (diff)
download	rpg-3da7921f08ecdda929466921ecc50698f1adf99e.tar.gz rpg-3da7921f08ecdda929466921ecc50698f1adf99e.tar.bz2