From ca58194e57bb908bd3d26442e72cd6e94d554181 Mon Sep 17 00:00:00 2001 From: kenjis Date: Sat, 23 Mar 2024 17:13:34 +0900 Subject: [PATCH 1/3] docs: fix incorrect description and add warning --- user_guide_src/source/libraries/curlrequest.rst | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/user_guide_src/source/libraries/curlrequest.rst b/user_guide_src/source/libraries/curlrequest.rst index bc2a7e3ab36a..15fb7e1eceef 100644 --- a/user_guide_src/source/libraries/curlrequest.rst +++ b/user_guide_src/source/libraries/curlrequest.rst @@ -157,16 +157,19 @@ or any of the shortcut methods. allow_redirects =============== -By default, cURL will follow all "Location:" headers the remote servers send back. The ``allow_redirects`` option -allows you to modify how that works. +By default, cURL will not follow all "Location:" headers the remote servers send +back. The ``allow_redirects`` option allows you to modify how that works. -If you set the value to ``false``, then it will not follow any redirects at all: +If you set the value to ``true``, then it will follow redirects: -.. literalinclude:: curlrequest/013.php +.. literalinclude:: curlrequest/014.php -Setting it to ``true`` will apply the default settings to the request: +.. warning:: Please note that enabling redirects may redirect to a URL that you + do not expect and may enable SSRF attacks. -.. literalinclude:: curlrequest/014.php +Setting it to ``false`` will apply the default settings to the request: + +.. literalinclude:: curlrequest/013.php You can pass in array as the value of the ``allow_redirects`` option to specify new settings in place of the defaults: From fa6cb5489eab7c662451953ea43aec210bd3af7e Mon Sep 17 00:00:00 2001 From: kenjis Date: Sat, 23 Mar 2024 17:14:35 +0900 Subject: [PATCH 2/3] docs: improve readability of comments --- user_guide_src/source/libraries/curlrequest/014.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/user_guide_src/source/libraries/curlrequest/014.php b/user_guide_src/source/libraries/curlrequest/014.php index 410ed9980e34..25e3176b0a5a 100644 --- a/user_guide_src/source/libraries/curlrequest/014.php +++ b/user_guide_src/source/libraries/curlrequest/014.php @@ -3,7 +3,7 @@ $client->request('GET', 'http://example.com', ['allow_redirects' => true]); /* * Sets the following defaults: - * 'max' => 5, // Maximum number of redirects to follow before stopping - * 'strict' => true, // Ensure POST requests stay POST requests through redirects - * 'protocols' => ['http', 'https'] // Restrict redirects to one or more protocols + * 'max' => 5, // Maximum number of redirects to follow before stopping + * 'strict' => true, // Ensure POST requests stay POST requests through redirects + * 'protocols' => ['http', 'https'] // Restrict redirects to one or more protocols */ From fc02e49c33893efc1ef888b76fa1516b7fd15461 Mon Sep 17 00:00:00 2001 From: kenjis Date: Sat, 23 Mar 2024 17:22:42 +0900 Subject: [PATCH 3/3] docs: fix wording --- user_guide_src/source/libraries/curlrequest.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user_guide_src/source/libraries/curlrequest.rst b/user_guide_src/source/libraries/curlrequest.rst index 15fb7e1eceef..30c5e2bf4d88 100644 --- a/user_guide_src/source/libraries/curlrequest.rst +++ b/user_guide_src/source/libraries/curlrequest.rst @@ -157,7 +157,7 @@ or any of the shortcut methods. allow_redirects =============== -By default, cURL will not follow all "Location:" headers the remote servers send +By default, cURL will not follow any "Location:" headers the remote servers send back. The ``allow_redirects`` option allows you to modify how that works. If you set the value to ``true``, then it will follow redirects: