Closed firstred closed 6 years ago
That's a really weird limitation! I guess it is to prevent reading files by redirecting to the file://
scheme.
We don't need to follow redirects for this API endpoint. Can you remove this call to curl_setop()
competely.
Indeed, it looks like it could be used to circumvent basedir restrictions by using symlinks. Perhaps the cURL extension team didn't have enough time/knowledge to patch the cURL library enough to make it secure. I'll remove the call in a sec!
Removed!
Thanks @firstred. Though I am surprised that anyone is still using this.
It is configured by default on Plesk.
When the
open_basedir
restriction is in effect, theCURLOPT_FOLLOWLOCATION
option cannot be set. This line would previously generate a warning withopen_
basedir` restrictions.