Humbug Get Contents Laravel Package

Getting Started

Install the package via Composer to add a secure HTTPS wrapper around file_get_contents():

composer require padraic/humbug_get_contents

Begin by replacing existing file_get_contents() calls that target HTTPS URLs with Humbug\get_contents()—no config needed. This is most valuable when maintaining legacy PHP <5.6 applications (e.g., WordPress plugins, old Laravel 4/5 apps on PHP 5.4–5.5) where SSL verification is disabled by default. Example first use case: fetching a JSON API response securely in a deployment script or CLI tool:

use Humbug\get_contents;

$apiData = get_contents('https://status.example.com/health.json');
$data = json_decode($apiData, true);

Implementation Patterns

• Minimal Security Lift in Legacy Code: Use as a drop-in replacement in controllers, services, or cron jobs where file_get_contents() is used for HTTPS—especially when upgrading PHP is blocked. No code refactoring beyond the function call is required.
• Composer or PHAR Tooling: Integrate into deployment hooks, updater scripts, or PHAR-based utilities (e.g., humbug/box) where lightweight, secure HTTP fetching is needed without external dependencies.
• Header Management for Authenticated Requests: Since set_headers() applies only to the next call, set headers just before get_contents() in tight scopes:

  Humbug\set_headers([
      'Authorization: Bearer ' . $this->token,
      'Accept: application/json'
  ]);
  $response = Humbug\get_contents('https://api.secure.com/v1/data');
  

• Debugging & Logging: Capture response headers to inspect rate limits or cache hits:

  $content = Humbug\get_contents($url);
  $headers = Humbug\get_headers(); // Returns array like ['Content-Type: application/json', ...]
  

• Testing Context: In tests, redeclare the function only in isolation (e.g., using runkit_function_redefine() or runtime prefixing). Prefer mocking dependencies at the class level where possible.

Gotchas and Tips

• ⚠️ Last Updated in 2018, Archived: This package is unmaintained and relies on Composer’s CA bundle (likely outdated for modern TLS suites). Avoid in new projects—use Guzzle or Symfony HttpClient instead.
• Silent Function Conflicts: If Humbug\get_contents() is already declared (e.g., from another package), it will skip redeclaration silently. Use composer require --with-all-dependencies and ensure no other dependencies pull in a conflicting fork.
• Errors Are intentional: Warnings like Failed to enable crypto or verify failure mean certificate verification failed. Don’t suppress with @ or disable verify_peer. Fix the root cause: install/update CA bundle (ca-certificates package), or configure openssl.cafile/openssl.capath in php.ini.
• Headers reset per request: set_headers() does not persist—call it before every get_contents() that needs custom headers. Forgotten headers cause subtle auth failures.
• No HTTP/2, No Pipeline: Uses PHP’s legacy stream_context, which lacks HTTP/2 support and advanced features (pipelining, trailers, retry logic).
• Deprecation warnings may appear: On PHP 7.2+, you may see Function Humbug\set_headers is deprecated. Suppressing them is discouraged—plan to remove this dependency during PHP/HTTP-stack modernization.
• Not a content safeguard: Only secures transport (MITM), not tampering or replay. Always validate response integrity (e.g., hash_equals() on signatures, PHAR verification).