php - CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set in

Question

When I run this script (http://bizonbytes.com/miscellaneous/sharrre.php?url=https://bizonbytes.com&type=googlePlus):

<?php
  //Sharrre by Julien Hany
  $json = array('url'=>'','count'=>0);
  $json['url'] = $_GET['url'];
  $url = urlencode($_GET['url']);
  $type = urlencode($_GET['type']);

  if(filter_var($_GET['url'], FILTER_VALIDATE_URL)){
    if($type == 'googlePlus'){  //source http://www.helmutgranda.com/2011/11/01/get-a-url-google-count-via-php/
      $content = parse("https://plusone.google.com/u/0/_/+1/fastbutton?url=".$url."&count=true");

      $dom = new DOMDocument;
      $dom->preserveWhiteSpace = false;
      @$dom->loadHTML($content);
      $domxpath = new DOMXPath($dom);
      $newDom = new DOMDocument;
      $newDom->formatOutput = true;

      $filtered = $domxpath->query("//div[@id='aggregateCount']");
      $json['count'] = str_replace('>', '', $filtered->item(0)->nodeValue);
    }
    else if($type == 'stumbleupon'){
      $content = parse("http://www.stumbleupon.com/services/1.01/badge.getinfo?url=$url");

      $result = json_decode($content);
      $json['count'] = $result->result->views;
      if( !isset($json['count']) ) $json['count'] = 0;
    }
    else if($type == 'pinterest'){
      $content = parse("http://api.pinterest.com/v1/urls/count.json?callback=&url=$url");

      $result = json_decode(str_replace(array('(', ')'), array('', ''), $content));
      $json['count'] = $result->count;
      if( !isset($json['count']) ) $json['count'] = 0;
    }
  }
  echo str_replace('\/','/',json_encode($json));

  function parse($encUrl){
    $options = array(
      CURLOPT_RETURNTRANSFER => true, // return web page
      CURLOPT_HEADER => false, // don't return headers
      CURLOPT_FOLLOWLOCATION => true, // follow redirects
      CURLOPT_ENCODING => "", // handle all encodings
      CURLOPT_USERAGENT => 'sharrre', // who am i
      CURLOPT_AUTOREFERER => true, // set referer on redirect
      CURLOPT_CONNECTTIMEOUT => 5, // timeout on connect
      CURLOPT_TIMEOUT => 10, // timeout on response
      CURLOPT_MAXREDIRS => 3, // stop after 10 redirects
      CURLOPT_SSL_VERIFYHOST => 0,
      CURLOPT_SSL_VERIFYPEER => false,
    );
    $ch = curl_init();

    $options[CURLOPT_URL] = $encUrl;  
    curl_setopt_array($ch, $options);

    $content = curl_exec($ch);
    $err = curl_errno($ch);
    $errmsg = curl_error($ch);

    curl_close($ch);

    if ($errmsg != '' || $err != '') {
      /*print_r($errmsg);
      print_r($errmsg);*/
    }
    return $content;
  }
?>

I get the following error:

Warning: curl_setopt_array() [function.curl-setopt-array]: CURLOPT_FOLLOWLOCATION cannot be activated when safe_mode is enabled or an open_basedir is set in C:Inetpubvhostsizonbytes.comhttpdocsmiscellaneoussharrre.php on line 56
{"url":"https://bizonbytes.com","count":""}

Important notes

• I have NO experience with PHP I just need to run this script (sharrre.php)
• I've look at other similar case but could figure out the problem.
• I have open the windows/php.ini and made sure that safe_mode = Off
• I Notice that open_basedir is set like this ;open_basedir =
• Do I need to add something in the open_basedir?
• This is the link for the detail info about the php version installed. See http://bizonbytes.com/miscellaneous/test.php

Thanks everyone for your help in that matter

Answer 1

Please note that this is a security warning. Using cURL, a website could redirect the script to something like file:///etc/passwd and mess with things around. To prevent this, whenever open_basedir is set cURL doesn't follow locations. You'll have to follow them manually, and manually check if all followed locations are safe as well.

This comment on php.net implements a sample implementation of that:

function curl_exec_follow(/*resource*/ $ch, /*int*/ &$maxredirect = null) {
    $mr = $maxredirect === null ? 5 : intval($maxredirect);
    if (ini_get('open_basedir') == '' && ini_get('safe_mode' == 'Off')) {
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, $mr > 0);
        curl_setopt($ch, CURLOPT_MAXREDIRS, $mr);
    } else {
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
        if ($mr > 0) {
            $newurl = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);

            $rch = curl_copy_handle($ch);
            curl_setopt($rch, CURLOPT_HEADER, true);
            curl_setopt($rch, CURLOPT_NOBODY, true);
            curl_setopt($rch, CURLOPT_FORBID_REUSE, false);
            curl_setopt($rch, CURLOPT_RETURNTRANSFER, true);
            do {
                curl_setopt($rch, CURLOPT_URL, $newurl);
                $header = curl_exec($rch);
                if (curl_errno($rch)) {
                    $code = 0;
                } else {
                    $code = curl_getinfo($rch, CURLINFO_HTTP_CODE);
                    if ($code == 301 || $code == 302) {
                        preg_match('/Location:(.*?)
/', $header, $matches);
                        $newurl = trim(array_pop($matches));
                    } else {
                        $code = 0;
                    }
                }
            } while ($code && --$mr);
            curl_close($rch);
            if (!$mr) {
                if ($maxredirect === null) {
                    trigger_error('Too many redirects. When following redirects, libcurl hit the maximum amount.', E_USER_WARNING);
                } else {
                    $maxredirect = 0;
                }
                return false;
            }
            curl_setopt($ch, CURLOPT_URL, $newurl);
        }
    }
    return curl_exec($ch);
}