|
Ellimatta
|
February 17, 2018 at 5:52 pm
Hi There,
I just spent quite some time trying to work out EE kept telling my my MailChimp API was invalid, when in fact I knew that it was valid and the same API key worked perfectly well in MailChimp for WP plugin on the same site….
An error has occurred:
Invalid_ApiKey
Mailchimp_Admin_Page – _update_mailchimp – 171
Sifting through the EE Mailchimp plugin class files I found the issue. It uses CURL_EXEC to register the API key, and CURL_EXEC is in the list of disable_functions on my server.
removing CURL_EXEC from the list immediately resolved the issue, however I don’t want to do that permanently as it potentially dangerous function.
Noting that this makeRequest function checks if CURL_INIT exists and runs the else clause if not, I tried adding that to the disable_functions list but this did not work. It seems function_exists returns TRUE even if the function is disabled via disable_functions.
I would suggest checking if this function exists and is enabled in this makeRequest function.
Just my two cents worth – I’m not a developer.
private function makeRequest($method, $args=array())
{
$args['apikey'] = $this->api_key;
$url = $this->api_endpoint.'/'.$method.'.json';
if (function_exists('curl_init') && function_exists('curl_setopt')){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
curl_setopt($ch, CURLOPT_USERAGENT, 'PHP-MCAPI/2.0');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $this->verify_ssl);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($args));
$result = curl_exec($ch);
curl_close($ch);
} else {
$json_data = json_encode($args);
$result = file_get_contents($url, null, stream_context_create(array(
'http' => array(
'protocol_version' => 1.1,
'user_agent' => 'PHP-MCAPI/2.0',
'method' => 'POST',
'header' => "Content-type: application/json\r\n".
"Connection: close\r\n" .
"Content-length: " . strlen($json_data) . "\r\n",
'content' => $json_data,
),
)));
}
return $result ? json_decode($result, true) : false;
}
|
|
Tony
|
February 19, 2018 at 7:47 am
Hi there,
It seems function_exists returns TRUE even if the function is disabled via disable_functions.
What version of PHP are you running? 5.2 would incorrectly return true for functions that are disabled, 5.3+ should not.
function_exists will return false for disabled_functions set in your php.ini file however not if you are using suhosin.executor.func.blacklist so it depends on your setup. If that is the case, then its likely this:
I would suggest checking if this function exists and is enabled in this makeRequest function.
Would also fail because:
if (
function_exists('curl_init') &&
function_exists('curl_exec') &&
function_exists('curl_setopt')
) {
Although we are then checking if the function_exists, if its ignoring disabled_functions then it will make no difference as they will return true anyway. You can try changing the above conditional to the above so it explicitly checks for curl_exec but from the above, I don’t think it will work.
Can I ask why you consider cURL dangerous?
|
