diff --git a/htdocs/admin/system/filecheck.php b/htdocs/admin/system/filecheck.php
index 3869c37ce7d..0f77b9d9d41 100644
--- a/htdocs/admin/system/filecheck.php
+++ b/htdocs/admin/system/filecheck.php
@@ -110,7 +110,7 @@ print '';
print $langs->trans("MakeIntegrityAnalysisFrom").': ';
print ''."\n";
if (dol_is_file($xmlfile)) {
- print ' '.$langs->trans("LocalSignature").' = ';
+ print ' = ';
print '';
print ' ';
} else {
@@ -121,7 +121,7 @@ if (dol_is_file($xmlfile)) {
}
print ''."\n";
if ($enableremotecheck) {
- print ' '.$langs->trans("RemoteSignature").' = ';
+ print ' = ';
print ' ';
} else {
print ' '.$langs->trans("RemoteSignature").' = '.$xmlremote;
@@ -156,7 +156,7 @@ if (GETPOST('target') == 'local') {
}
}
if (GETPOST('target') == 'remote') {
- $xmlarray = getURLContent($xmlremote, 'GET', '', 1, array(), array('http', 'https'), 0); // Accept http or https links on external remote server only
+ $xmlarray = getURLContent($xmlremote, 'GET', '', 1, array(), array('http', 'https'), 0); // Accept http or https links on external remote server only. Same is used into api_setup.class.php.
// Return array('content'=>response,'curl_error_no'=>errno,'curl_error_msg'=>errmsg...)
if (!$xmlarray['curl_error_no'] && $xmlarray['http_code'] != '400' && $xmlarray['http_code'] != '404') {
@@ -164,7 +164,7 @@ if (GETPOST('target') == 'remote') {
//print "xmlfilestart".$xmlfile."xmlfileend";
$xml = simplexml_load_string($xmlfile);
} else {
- $errormsg = $langs->trans('XmlNotFound').': '.$xmlremote.' - '.$xmlarray['http_code'].' '.$xmlarray['curl_error_no'].' '.$xmlarray['curl_error_msg'];
+ $errormsg = $langs->trans('XmlNotFound').': '.$xmlremote.' - '.$xmlarray['http_code'].(($xmlarray['http_code'] == 400 && $xmlarray['content']) ? ' '.$xmlarray['content'] : '').' '.$xmlarray['curl_error_no'].' '.$xmlarray['curl_error_msg'];
setEventMessages($errormsg, null, 'errors');
$error++;
}
diff --git a/htdocs/api/class/api_setup.class.php b/htdocs/api/class/api_setup.class.php
index 0029d0fd110..689e87cca2a 100644
--- a/htdocs/api/class/api_setup.class.php
+++ b/htdocs/api/class/api_setup.class.php
@@ -1673,7 +1673,7 @@ class Setup extends DolibarrApi
throw new RestException(500, $langs->trans('XmlNotFound').': '.$xmlfile);
}
} else {
- $xmlarray = getURLContent($xmlremote, 'GET', '', 1, array(), array('http', 'https'), 0); // Accept http or https links on external remote server only
+ $xmlarray = getURLContent($xmlremote, 'GET', '', 1, array(), array('http', 'https'), 0); // Accept http or https links on external remote server only. Same is used into filecheck.php.
// Return array('content'=>response,'curl_error_no'=>errno,'curl_error_msg'=>errmsg...)
if (!$xmlarray['curl_error_no'] && $xmlarray['http_code'] != '400' && $xmlarray['http_code'] != '404') {
diff --git a/htdocs/core/lib/geturl.lib.php b/htdocs/core/lib/geturl.lib.php
index 531e366de77..6042226e828 100644
--- a/htdocs/core/lib/geturl.lib.php
+++ b/htdocs/core/lib/geturl.lib.php
@@ -165,14 +165,21 @@ function getURLContent($url, $postorget = 'GET', $param = '', $followlocation =
} elseif (in_array($hosttocheck, array('ip6-localhost', 'ip6-loopback'))) {
$iptocheck = '::1';
} else {
- // TODO Resolve $hosttocheck to get the IP $iptocheck and set CURLOPT_CONNECT_TO to use this ip
- $iptocheck = $hosttocheck;
+ // Resolve $hosttocheck to get the IP $iptocheck and set CURLOPT_CONNECT_TO to use this ip so curl will not try another resolution that may give a different result
+ if (function_exists('gethostbyname')) {
+ $iptocheck = gethostbyname($hosttocheck);
+ } else {
+ $iptocheck = $hosttocheck;
+ }
+ // TODO Resolve ip v6
}
- if (!filter_var($iptocheck, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6)) { // This is not an IP
+ // Check $iptocheck is an IP (v4 or v6), if not clear value.
+ if (!filter_var($iptocheck, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6)) { // This is not an IP, we clean data
$iptocheck = '0'; //
}
+ //var_dump($_SERVER);
if ($iptocheck) {
if ($localurl == 0) { // Only external url allowed (dangerous, may allow to get malware)
if (!filter_var($iptocheck, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
@@ -181,6 +188,11 @@ function getURLContent($url, $postorget = 'GET', $param = '', $followlocation =
$info['content'] = 'Error bad hostname IP (private or reserved range). Must be an external URL.';
break;
}
+ if ($iptocheck == $_SERVER["SERVER_ADDR"]) {
+ $info['http_code'] = 400;
+ $info['content'] = 'Error bad hostname IP (IP is a local IP). Must be an external URL.';
+ break;
+ }
if (in_array($iptocheck, array('100.100.100.200'))) {
$info['http_code'] = 400;
$info['content'] = 'Error bad hostname IP (Used by Alibaba metadata). Must be an external URL.';
@@ -194,6 +206,9 @@ function getURLContent($url, $postorget = 'GET', $param = '', $followlocation =
break;
}
}
+
+ // Set CURLOPT_CONNECT_TO so curl will not try another resolution that may give a different result
+ curl_setopt($ch, CURLOPT_CONNECT_TO, $iptocheck);
}
// Getting response from server
@@ -220,7 +235,7 @@ function getURLContent($url, $postorget = 'GET', $param = '', $followlocation =
$rep = array();
if (curl_errno($ch)) {
- // Ad keys to $rep
+ // Add keys to $rep
$rep['content'] = $response;
// moving to display page to display curl errors
@@ -231,14 +246,16 @@ function getURLContent($url, $postorget = 'GET', $param = '', $followlocation =
} else {
//$info = curl_getinfo($ch);
- // Ad keys to $rep
+ // Add keys to $rep
$rep = $info;
//$rep['header_size']=$info['header_size'];
//$rep['http_code']=$info['http_code'];
dol_syslog("getURLContent http_code=".$rep['http_code']);
// Add more keys to $rep
- $rep['content'] = $response;
+ if ($response) {
+ $rep['content'] = $response;
+ }
$rep['curl_error_no'] = '';
$rep['curl_error_msg'] = '';
}