MDL-14659

Add bypass list for proxy usage.

lib/filelib.php

@@ -79,19 +79,24 @@ function download_file_content($url, $headers=null, $postdata=null, $fullrespons
         }
     }
 
+    // check if proxy (if used) should be bypassed for this url 
+    $proxybypass = is_proxybypass( $url );
 
     if (!extension_loaded('curl') or ($ch = curl_init($url)) === false) {
         require_once($CFG->libdir.'/snoopy/Snoopy.class.inc');
         $snoopy = new Snoopy();
         $snoopy->read_timeout = $timeout;
         $snoopy->_fp_timeout  = $connecttimeout;
-        $snoopy->proxy_host   = $CFG->proxyhost;
-        $snoopy->proxy_port   = $CFG->proxyport;
-        if (!empty($CFG->proxyuser) and !empty($CFG->proxypassword)) {
-            // this will probably fail, but let's try it anyway
-            $snoopy->proxy_user     = $CFG->proxyuser;
-            $snoopy->proxy_password = $CFG->proxypassword;
+        if (!$proxybypass) {
+            $snoopy->proxy_host   = $CFG->proxyhost;
+            $snoopy->proxy_port   = $CFG->proxyport;
+            if (!empty($CFG->proxyuser) and !empty($CFG->proxypassword)) {
+                // this will probably fail, but let's try it anyway
+                $snoopy->proxy_user     = $CFG->proxyuser;
+                $snoopy->proxy_password = $CFG->proxypassword;
+            }
         }
+
         if (is_array($headers) ) {
             $client->rawheaders = $headers;
         }
@@ -173,7 +178,7 @@ function download_file_content($url, $headers=null, $postdata=null, $fullrespons
         curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
     }
 
-    if (!empty($CFG->proxyhost)) {
+    if (!empty($CFG->proxyhost) and !$proxybypass) {
         // SOCKS supported in PHP5 only
         if (!empty($CFG->proxytype) and ($CFG->proxytype == 'SOCKS5')) {
             if (defined('CURLPROXY_SOCKS5')) {

lib/moodlelib.php

@@ -7893,6 +7893,52 @@ function setup_lang_from_browser() {
     return;
 }
 
+/**
+ * check if $url matches anything in proxybypass list
+ * @note any errors just result in the proxy being used (least bad)
+ * @param string $url - url to check
+ * @return boolean - true if we should bypass the proxy
+ */
+function is_proxybypass( $url ) {
+    global $CFG;
+
+    // sanity check
+    if (empty($CFG->proxyhost) or empty($CFG->proxybypass)) {
+        return false;
+    }
+
+    // get the host part out of the url
+    if (!$host = parse_url( $url, PHP_URL_HOST )) {
+        return false;
+    }
+
+    // get the possible bypass hosts into an array
+    $matches = explode( ',', $CFG->proxybypass );
+
+    // check for a match
+    // (IPs need to match the left hand side and hosts the right of the url,
+    // but we can recklessly check both as there can't be a false +ve)
+    $bypass = false;
+    foreach ($matches as $match) {
+        $match = trim($match);
+
+        // try for IP match (Left side)
+        $lhs = substr($host,0,strlen($match));
+        if (strcasecmp($match,$lhs)==0) {
+            return true;
+        }
+
+        // try for host match (Right side)
+        $rhs = substr($host,-strlen($match)); 
+        if (strcasecmp($match,$rhs)==0) {
+            return true;
+        }     
+    }
+
+    // nothing matched.
+    return false; 
+}
+
 
 ////////////////////////////////////////////////////////////////////////////////
 

mnet/lib.php

@@ -71,7 +71,7 @@ function mnet_get_public_key($uri, $application=null) {
     curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
 
     // check for proxy
-    if (!empty($CFG->proxyhost)) {
+    if (!empty($CFG->proxyhost) and !is_proxybypass($uri)) {
         // SOCKS supported in PHP5 only
         if (!empty($CFG->proxytype) and ($CFG->proxytype == 'SOCKS5')) {
             if (defined('CURLPROXY_SOCKS5')) {