From 72b14f38360619194a487ac7594d6d473a6b1d40 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Wed, 3 Jul 2013 06:52:32 -0700
Subject: [PATCH] CRM-12783 - CRM_Extension_Browser - Get content via HTTPS

Note: I did a simulation with enable_ssl=false, and it degraded well.

----------------------------------------
* CRM-12783: As of 4.3, civicrm pulls in content by default from non-authenticated web site (http instead of https)
  http://issues.civicrm.org/jira/browse/CRM-12783
---
 CRM/Extension/Browser.php                   | 12 +++++++-----
 tests/phpunit/CRM/Extension/BrowserTest.php | 12 ++++++------
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/CRM/Extension/Browser.php b/CRM/Extension/Browser.php
index c8e37223c9..70eaba90b6 100644
--- a/CRM/Extension/Browser.php
+++ b/CRM/Extension/Browser.php
@@ -39,7 +39,7 @@ class CRM_Extension_Browser {
   /**
    * An URL for public extensions repository
    */
-  const DEFAULT_EXTENSIONS_REPOSITORY = 'http://civicrm.org/extdir/ver={ver}|cms={uf}';
+  const DEFAULT_EXTENSIONS_REPOSITORY = 'https://civicrm.org/extdir/ver={ver}|cms={uf}';
 
   /**
    * @param string $repoUrl URL of the remote repository
@@ -217,9 +217,8 @@ class CRM_Extension_Browser {
       return array();
     }
 
-    $extdir = file_get_contents($this->getRepositoryUrl() . $this->indexPath);
-
-    if ($extdir === FALSE) {
+    list ($status, $extdir) = CRM_Utils_HttpClient::singleton()->get($this->getRepositoryUrl() . $this->indexPath);
+    if ($extdir === FALSE || $status !== CRM_Utils_HttpClient::STATUS_OK) {
       CRM_Core_Session::setStatus(ts('The CiviCRM public extensions directory at %1 could not be contacted - please check your webserver can make external HTTP requests or contact CiviCRM team on <a href="http://forum.civicrm.org/">CiviCRM forum</a>.<br />', array(1 => $this->getRepositoryUrl())), ts('Connection Error'), 'error');
     }
 
@@ -267,7 +266,10 @@ class CRM_Extension_Browser {
     $url      = $this->getRepositoryUrl() . '/' . $key . '.xml';
 
     if (!$cached || !file_exists($filename)) {
-      file_put_contents($filename, file_get_contents($url));
+      $fetchStatus = CRM_Utils_HttpClient::singleton()->fetch($url, $filename);
+      if ($fetchStatus != CRM_Utils_HttpClient::STATUS_OK) {
+        return NULL;
+      }
     }
 
     if (file_exists($filename)) {
diff --git a/tests/phpunit/CRM/Extension/BrowserTest.php b/tests/phpunit/CRM/Extension/BrowserTest.php
index 1f3897e158..b64babff65 100644
--- a/tests/phpunit/CRM/Extension/BrowserTest.php
+++ b/tests/phpunit/CRM/Extension/BrowserTest.php
@@ -12,28 +12,28 @@ class CRM_Extension_BrowserTest extends CiviUnitTestCase {
   }
 
   function testDisabled() {
-    $browser = new CRM_Extension_Browser(FALSE, '/index.html', '/itd/oesn/tmat/ter');
+    $browser = new CRM_Extension_Browser(FALSE, '/index.html', 'file:///itd/oesn/tmat/ter');
     $this->assertEquals(FALSE, $browser->isEnabled());
     $this->assertEquals(array(), $browser->checkRequirements());
     $this->assertEquals(array(), $browser->getExtensions());
   }
 
   function testCheckRequirements_BadCachedir_false() {
-    $browser = new CRM_Extension_Browser(dirname(__FILE__) .'/dataset/good-repository', '/index.html', FALSE);
+    $browser = new CRM_Extension_Browser('file://' . dirname(__FILE__) .'/dataset/good-repository', '/index.html', FALSE);
     $this->assertEquals(TRUE, $browser->isEnabled());
     $reqs = $browser->checkRequirements();
     $this->assertEquals(1, count($reqs));
   }
 
   function testCheckRequirements_BadCachedir_nonexistent() {
-    $browser = new CRM_Extension_Browser(dirname(__FILE__) .'/dataset/good-repository', '/index.html', '/tot/all/yin/v/alid');
+    $browser = new CRM_Extension_Browser('file://' . dirname(__FILE__) .'/dataset/good-repository', '/index.html', '/tot/all/yin/v/alid');
     $this->assertEquals(TRUE, $browser->isEnabled());
     $reqs = $browser->checkRequirements();
     $this->assertEquals(1, count($reqs));
   }
 
   function testGetExtensions_good() {
-    $browser = new CRM_Extension_Browser(dirname(__FILE__) .'/dataset/good-repository', '/index.html', $this->createTempDir('ext-cache-'));
+    $browser = new CRM_Extension_Browser('file://' . dirname(__FILE__) .'/dataset/good-repository', '/index.html', $this->createTempDir('ext-cache-'));
     $this->assertEquals(TRUE, $browser->isEnabled());
     $this->assertEquals(array(), $browser->checkRequirements());
     $exts = $browser->getExtensions();
@@ -47,7 +47,7 @@ class CRM_Extension_BrowserTest extends CiviUnitTestCase {
   }
 
   function testGetExtension_good() {
-    $browser = new CRM_Extension_Browser(dirname(__FILE__) .'/dataset/good-repository', '/index.html', $this->createTempDir('ext-cache-'));
+    $browser = new CRM_Extension_Browser('file://' . dirname(__FILE__) .'/dataset/good-repository', '/index.html', $this->createTempDir('ext-cache-'));
     $this->assertEquals(TRUE, $browser->isEnabled());
     $this->assertEquals(array(), $browser->checkRequirements());
 
@@ -57,7 +57,7 @@ class CRM_Extension_BrowserTest extends CiviUnitTestCase {
   }
 
   function testGetExtension_nonexistent() {
-    $browser = new CRM_Extension_Browser(dirname(__FILE__) .'/dataset/good-repository', '/index.html', $this->createTempDir('ext-cache-'));
+    $browser = new CRM_Extension_Browser('file://' . dirname(__FILE__) .'/dataset/good-repository', '/index.html', $this->createTempDir('ext-cache-'));
     $this->assertEquals(TRUE, $browser->isEnabled());
     $this->assertEquals(array(), $browser->checkRequirements());
 
-- 
2.25.1