Proposed workaround for PHP servers that have disabled allow_url_fopen


#1

Hi all,

I’ve been working with Blublocker to try and pin down the error that was causing the WooCommerce plugin to fail on their site. Turns out the error was thrown when the Electroneum Vendor PHP library tried to get the live exchange rates (line 149 of Vendor.php file on Github) in order to convert the native store currency to ETN.

The function file_get_contents() fails whenever the host has set allow_url_fopen to 0 in their PHP configuration file. I know quite a number of hosts want to keep this option disabled, as it could pose security threats.

So I’m proposing a slight change to the Vendor.php library. The workaround checks if curl is installed and uses that as a priority. If it’s not installed, it checks if allow_url_fopen is enabled and tries to use it. If both of them fail, it throws an exception. Lastly, it checks of the returned $json variable does indeed contain something, and throws an error if it doesn’t.

So I’m proposing to change lines 48 to 51, which currently contains:

// Get the JSON conversion data.
if (!$json = file_get_contents(Vendor::URL_SUPPLY)) {
    throw new VendorException("Could not load currency conversion JSON");
}

…and replace it with something like this…

// Get the JSON conversion data.
if (function_exists('curl_version')) {
	$ch = curl_init(Vendor::URL_SUPPLY);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
	$json = curl_exec($ch);
	curl_close($ch);
} else if (file_get_contents(__FILE__) && ini_get('allow_url_fopen')) {
	$json = file_get_contents(Vendor::URL_SUPPLY);
} else {
	throw new VendorException("Could not load currency conversion JSON");
}

// Check if the JSON data has been received.
if (empty($json)) {
	throw new VendorException("Could not load currency conversion JSON");
}

The code above has been running on both Electroneum101 and Blublocker for a while now, with allow_url_fopen turned off on both servers, and it seems to work well!

I’m not an expert in CURL by any means, so feel free to critique my curl options as much as you want.

Any suggestions are welcomed.

@Egg @Corentin @SteveElliott @BegaMutex


#2

Hi @benjaminoo,

Great catch, your solution would have been my approach (with some adjustments) :slight_smile:

Would you like to submit this as a pull-request to give you full recognition, or are you OK for me to tweak this into the library and add a link to this topic (to give you credit)?

Egg