Allow CURLOPT_FOLLOWLOCATION to be used with open_basedir.

Newer versions of libcurl prevent file:// location response headers by default,
which means that the open_basedir check is unnecessary — the fact
CURLOPT_REDIR_PROTOCOLS can't set CURLPROTO_FILE with open_basedir enabled
means that there's no possibility of breaching the open_basedir restriction,
and this allows HTTP redirects to be followed automatically.

Implements FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or
safe_mode).

Author: LawnGnome

NEWS

@@ -10,6 +10,10 @@ PHP                                                                        NEWS
     of E_STRICT (phase 1 of RFC: https://wiki.php.net/rfc/incompat_ctx).
 	(Gustavo)
 
+- cURL:
+  . Implemented FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir
+    or safe_mode). (Adam)
+
 - Session:
   . Fixed Bug #65315 (session.hash_function silently fallback to default md5)
     (Yasuo)

ext/curl/interface.c

@@ -2504,13 +2504,15 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
 
 		case CURLOPT_FOLLOWLOCATION:
 			convert_to_long_ex(zvalue);
+#if LIBCURL_VERSION_NUM < 0x071304
 			if (PG(open_basedir) && *PG(open_basedir)) {
 				if (Z_LVAL_PP(zvalue) != 0) {
 					php_error_docref(NULL TSRMLS_CC, E_WARNING, "CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set");
 					RETVAL_FALSE;
 					return 1;
 				}
 			}
+#endif
 			error = curl_easy_setopt(ch->cp, option, Z_LVAL_PP(zvalue));
 			break;
 

ext/curl/tests/bug65646.phpt

@@ -0,0 +1,15 @@
+--TEST--
+Bug #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or safe_mode): open_basedir disabled
+--SKIPIF--
+<?php
+if (!extension_loaded('curl')) exit("skip curl extension not loaded");
+if (ini_get('open_basedir')) exit("skip open_basedir is set");
+?>
+--FILE--
+<?php
+$ch = curl_init();
+var_dump(curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true));
+curl_close($ch);
+?>
+--EXPECT--
+bool(true)

ext/curl/tests/bug65646_open_basedir_new.phpt

@@ -0,0 +1,25 @@
+--TEST--
+Bug #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or safe_mode): open_basedir enabled; curl >= 7.19.4
+--INI--
+open_basedir=.
+--SKIPIF--
+<?php
+if (!extension_loaded('curl')) exit("skip curl extension not loaded");
+if (version_compare(curl_version()['version'], '7.19.4', '<')) exit("skip curl version is too old");
+?>
+--FILE--
+<?php
+$ch = curl_init();
+var_dump(curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true));
+var_dump(curl_setopt($ch, CURLOPT_PROTOCOLS, CURLPROTO_FILE));
+var_dump(curl_setopt($ch, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_FILE));
+curl_close($ch);
+?>
+--EXPECTF--
+bool(true)
+
+Warning: curl_setopt(): CURLPROTO_FILE cannot be activated when an open_basedir is set in %s on line %d
+bool(false)
+
+Warning: curl_setopt(): CURLPROTO_FILE cannot be activated when an open_basedir is set in %s on line %d
+bool(false)

ext/curl/tests/bug65646_open_basedir_old.phpt

@@ -0,0 +1,18 @@
+--TEST--
+Bug #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or safe_mode): open_basedir enabled; curl < 7.19.4
+--INI--
+open_basedir=.
+--SKIPIF--
+<?php
+if (!extension_loaded('curl')) exit("skip curl extension not loaded");
+if (version_compare(curl_version()['version'], '7.19.4', '>=')) exit("skip curl version is too new");
+?>
+--FILE--
+<?php
+$ch = curl_init();
+var_dump(curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true));
+curl_close($ch);
+?>
+--EXPECTF--
+Warning: curl_setopt(): CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set in %s on line %d
+bool(false)