I'm not sure. This is an issue in Setup, not UpgradeMODX. UGM just puts the files in place and launches Setup.
It's possible to detect open_basedir and do the follow in the code rather than using CURLOPT_FOLLOWLOCATION. This code in UGM, does that (which is why UGM works on that site):
if (filter_var(ini_get('open_basedir'), FILTER_VALIDATE_BOOLEAN) === false && filter_var(ini_get('safe_mode'), FILTER_VALIDATE_BOOLEAN) === false) {
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
} else {
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
$rch = curl_copy_handle($ch);
$newurl = $url;
curl_setopt($rch, CURLOPT_URL, $newurl);
$header = curl_exec($rch);
if (curl_errno($rch)) {
$code = 0;
} else {
$code = curl_getinfo($rch, CURLINFO_HTTP_CODE);
if ($code == 301 || $code == 302) {
preg_match('/Location:(.*?)\n/i', $header, $matches);
$newurl = trim(array_pop($matches));
}
curl_close($rch);
curl_setopt($ch, CURLOPT_URL, $newurl);
}
}
Unfortunately, Setup's config_check doesn't do this (though it probably should).
I think more recent versions of PHP avoid this problem, so upgrading PHP might solve it. If not, it's fairly easy to disable that part of the configuration check, which you probably don't really need.
I think this would do it:
Change this line (line 76) in the core\model\modx\processors\system\config_check.inc.php file:
if ( function_exists( 'curl_init' )) {
to this:
if (false && function_exists( 'curl_init' )) {
