Remove safe_mode check in curl client (#435)

sunkan · web-flow · commit 3cfe1943c972 · 2026-05-11T16:51:05.000+02:00
* Remove safe_mode check in curl client

INI directive 'safe_mode' is deprecated since PHP 5.3 and removed since PHP 5.4

* Update Dockerfile to make it build

* Remove upload to scrutinizer-ci

We no longer seem to have access to it

* Fix ci BC action

At the moment the code gets checked out by a user with the uid 1001 but
the nyholm/roave-bc-check-ga runs as root which triggers the fatal:
detected dubious ownership in repository at '/github/workspace' error.
Running the commands in that container as a user with the user id 1001
is, to my understanding, not possible using default GitHub Actions
config so the workaround of using addnab/docker-run-action@v3 is used
to allow for defining the user id uding -u 1001 (and setting then not
available, GITHUB_REPOSITORY variable).

* Add missing symfony and php version to test matrix
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -12,4 +12,8 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Roave BC Check
-        uses: docker://nyholm/roave-bc-check-ga
+        uses: "addnab/docker-run-action@v3"
+        with:
+          image: "nyholm/roave-bc-check-ga"
+          options: "--env GITHUB_REPOSITORY=${{ github.repository }} --user 1001 --volume ${{ github.workspace }}:/app"
+          run: "/entrypoint.sh"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,8 +10,8 @@ jobs:
     strategy:
       max-parallel: 10
       matrix:
-        php: ['7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3']
-        sf_version: ['3.4.*', '4.4.*', '5.0.*', '6.4.*', '7.0.*']
+        php: ['7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4', '8.5']
+        sf_version: ['3.4.*', '4.4.*', '5.0.*', '6.4.*', '7.4.*', '8.0.*']
 
     steps:
       - name: Set up PHP
@@ -91,11 +91,6 @@ jobs:
       - name: Run tests
         run: ./vendor/bin/phpunit --coverage-text --coverage-clover=coverage.xml
 
-      - name: Upload coverage
-        run: |
-          wget https://scrutinizer-ci.com/ocular.phar
-          php ocular.phar code-coverage:upload --format=php-clover coverage.xml || true
-
   h2push:
     name: HTTP/2 Server Push
     runs-on: ubuntu-latest
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:7.4-fpm-buster
+FROM php:7.4-fpm-bullseye
 
 # Install Nginx
 RUN apt-get update -qq && apt-get install -y --no-install-recommends -qq nginx
diff --git a/composer.json b/composer.json
@@ -22,7 +22,7 @@
         "psr/http-message": "^1.1 || ^2.0",
         "psr/http-client": "^1.0",
         "php-http/httplug": "^1.1 || ^2.0",
-        "symfony/options-resolver": "^3.4 || ^4.0 || ^5.0 || ^6.0 || ^7.0",
+        "symfony/options-resolver": "^3.4 || ^4.0 || ^5.0 || ^6.0 || ^7.0 || ^8.0",
         "psr/http-factory": "^1.0"
     },
     "require-dev": {
diff --git a/lib/Client/AbstractCurl.php b/lib/Client/AbstractCurl.php
@@ -193,7 +193,7 @@ private function setOptionsFromParameterBag($curl, ParameterBag $options): void
             curl_setopt($curl, \CURLOPT_PROXY, $proxy);
         }
 
-        $canFollow = !\ini_get('safe_mode') && !\ini_get('open_basedir') && $options->get('allow_redirects');
+        $canFollow = !\ini_get('open_basedir') && $options->get('allow_redirects');
         curl_setopt($curl, \CURLOPT_FOLLOWLOCATION, $canFollow);
         curl_setopt($curl, \CURLOPT_MAXREDIRS, $canFollow ? $options->get('max_redirects') : 0);
         curl_setopt($curl, \CURLOPT_SSL_VERIFYPEER, $options->get('verify') ? 1 : 0);

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM php:7.4-fpm-buster`
	`1`	`+FROM php:7.4-fpm-bullseye`
`2`	`2`
`3`	`3`	`# Install Nginx`
`4`	`4`	`RUN apt-get update -qq && apt-get install -y --no-install-recommends -qq nginx`
Original file line number	Diff line number	Diff line change
`@@ -193,7 +193,7 @@ private function setOptionsFromParameterBag($curl, ParameterBag $options): void`
`193`	`193`	`curl_setopt($curl, \CURLOPT_PROXY, $proxy);`
`194`	`194`	`}`
`195`	`195`
`196`		`- $canFollow = !\ini_get('safe_mode') && !\ini_get('open_basedir') && $options->get('allow_redirects');`
	`196`	`+ $canFollow = !\ini_get('open_basedir') && $options->get('allow_redirects');`
`197`	`197`	`curl_setopt($curl, \CURLOPT_FOLLOWLOCATION, $canFollow);`
`198`	`198`	`curl_setopt($curl, \CURLOPT_MAXREDIRS, $canFollow ? $options->get('max_redirects') : 0);`
`199`	`199`	`curl_setopt($curl, \CURLOPT_SSL_VERIFYPEER, $options->get('verify') ? 1 : 0);`