What is the history behind us using the Snoopy library to fetch URLs (e.g. rss feeds)?
The people who run our servers want to get rid of it becuase of security worries. (It sits on top of command line CURL, and there are known vunlerabilites which lets the attacher run arbritrary commands on your server. e.g. http://www.sec-consult.com/216.html. Moodle is running an old version of the library, which does not help.)
The alternative seems to be to use the PHP built-in CURL functions, which have been there since PHP 4.0.2. Why did we choose Snoopy.
Snoopy is only used in a few places, so switching over would not be a big job. Grep for Snoopy only finds 25 matches in 4 code files (and 15 matches in various documentation files).
The reason is that PHP curl functions are not included in PHP by default, they have to be specified during compilation. Snoopy is a popular alternative.
We are using the latest version of Snoopy, 1.2.3 (since January). I don't think there are any outstanding security issues but if you see one, please report it to http://security.moodle.org.
We are using the latest version of Snoopy, 1.2.3 (since January). I don't think there are any outstanding security issues but if you see one, please report it to http://security.moodle.org.
Thanks, that makes sense.