[gh-450] Merge branch 'issue-450' into develop

sites/all/modules/unl/includes/common.php

@@ -187,7 +187,7 @@ function unl_user_is_administrator() {
  * @param string $url
  * @param resource $context
  */
-function unl_url_get_contents($url, $context = NULL)
+function unl_url_get_contents($url, $context = NULL, &$headers = array())
 {
   unl_load_zend_framework();
   if (!Zend_Uri::check($url)) {
@@ -203,12 +203,14 @@ function unl_url_get_contents($url, $context = NULL)
   
   // If cached in the static array, return it.
   if (array_key_exists($url, $static)) {
-    return $static[$url];
+    $headers = $static[$url]['headers'];
+    return $static[$url]['body'];
   }
   
   // If cached in the drupla cache, return it.
   $data = cache_get(__FUNCTION__ . $url);
   if ($data && time() < $data->data['expires']) {
+    $headers = $data->data['headers'];
     return $data->data['body'];
   }
 
@@ -224,19 +226,20 @@ function unl_url_get_contents($url, $context = NULL)
   
   $headers = array();
   foreach ($http_response_header as $rawHeader) {
-    $headerName = strtolower(trim(substr($rawHeader, 0, strpos($rawHeader, ':'))));
+    $headerName = trim(substr($rawHeader, 0, strpos($rawHeader, ':')));
     $headerValue = trim(substr($rawHeader, strpos($rawHeader, ':') + 1));
     if ($headerName && $headerValue) {
       $headers[$headerName] = $headerValue;
     }
   }
+  $lowercaseHeaders = array_change_key_case($headers);
   
   $cacheable = NULL;
   $expires = 0;
   
   // Check for a Cache-Control header and the max-age and/or private headers.
-  if (array_key_exists('cache-control', $headers)) {
-    $cacheControl = strtolower($headers['cache-control']);
+  if (array_key_exists('cache-control', $lowercaseHeaders)) {
+    $cacheControl = strtolower($lowercaseHeaders['cache-control']);
     $matches = array();
     if (preg_match('/max-age=([0-9]+)/', $cacheControl, $matches)) {
       $expires = time() + $matches[1];
@@ -250,22 +253,26 @@ function unl_url_get_contents($url, $context = NULL)
     }
   }
   // If there was no Cache-Control header, or if it wasn't helpful, check for an Expires header.
-  if ($cacheable === NULL && array_key_exists('expires', $headers)) {
+  if ($cacheable === NULL && array_key_exists('expires', $lowercaseHeaders)) {
     $cacheable = TRUE;
-    $expires = DateTime::createFromFormat(DateTime::RFC1123, $headers['expires'])->getTimestamp();
+    $expires = DateTime::createFromFormat(DateTime::RFC1123, $lowercaseHeaders['expires'])->getTimestamp();
   }
   
   // Save to the drupal cache if caching is ok
   if ($cacheable && time() < $expires) {
     $data = array(
       'body' => $body,
+      'headers' => $headers,
       'expires' => $expires,
     );
     cache_set(__FUNCTION__ . $url, $data, 'cache', $expires);
   }
   // Otherwise just save to the static per-request cache
   else {
-    $static[$url] = $body;
+    $static[$url] = array(
+        'body' => $body,
+        'headers' => $headers,
+    );
   }
   
   return $body;

sites/all/modules/unl/unl.module

@@ -1638,7 +1638,31 @@ function unl_filter_ssi_process($text, $filter, $format, $langcode, $cache, $cac
       $url .= '#' . $parts['fragment'];
     }
 
-    $content = unl_url_get_contents($url);
+    $ssiDepth = 0;
+    if (array_key_exists('HTTP_X_UNL_SSI_DEPTH', $_SERVER)) {
+      $ssiDepth = $_SERVER['HTTP_X_UNL_SSI_DEPTH'];
+    }
+    $ssiDepth++;
+    
+    $context = stream_context_create(array(
+      'http' => array(
+        'header' => "x-unl-ssi-depth: $ssiDepth\r\n",
+      ),
+    ));
+
+    if ($ssiDepth > 3) {
+      watchdog('unl', 'Server Side Include: Recursion depth limit reached.', array(), WATCHDOG_ERROR);
+      drupal_add_http_header('x-unl-ssi-error', 'Too deep!');
+      $content = '<!-- Error: Too many recursive includes! Content from ' . $url . ' was not included! -->';
+    }
+    else {
+      $headers = array();
+      $content = unl_url_get_contents($url, $context, $headers);
+      if (array_key_exists('x-unl-ssi-error', $headers)) {
+        watchdog('unl', 'Server Side Include: An included URL reached the depth limit.', array(), WATCHDOG_WARNING);
+        drupal_add_http_header('x-unl-ssi-error', 'The included URL caused recursion that was too deep!');
+      }
+    }
     $replacements[$full_match] = PHP_EOL
                                . '<!-- Begin content from ' . $url . ' -->' . PHP_EOL
                                . $content . PHP_EOL