Mercurial > hg > cmmr2012-drupal-site

annotate vendor/symfony/http-kernel/HttpCache/SubRequestHandler.php @ 5:12f9dff5fda9 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to Drupal core 8.7.1
author Chris Cannam
date Thu, 09 May 2019 15:34:47 +0100
parents a9cd425dd02b
children
rev   line source
Chris@4 1 <?php
Chris@4 2
Chris@4 3 /*
Chris@4 4 * This file is part of the Symfony package.
Chris@4 5 *
Chris@4 6 * (c) Fabien Potencier <fabien@symfony.com>
Chris@4 7 *
Chris@4 8 * For the full copyright and license information, please view the LICENSE
Chris@4 9 * file that was distributed with this source code.
Chris@4 10 */
Chris@4 11
Chris@4 12 namespace Symfony\Component\HttpKernel\HttpCache;
Chris@4 13
Chris@4 14 use Symfony\Component\HttpFoundation\IpUtils;
Chris@4 15 use Symfony\Component\HttpFoundation\Request;
Chris@4 16 use Symfony\Component\HttpFoundation\Response;
Chris@4 17 use Symfony\Component\HttpKernel\HttpKernelInterface;
Chris@4 18
Chris@4 19 /**
Chris@4 20 * @author Nicolas Grekas <p@tchwork.com>
Chris@4 21 *
Chris@4 22 * @internal
Chris@4 23 */
Chris@4 24 class SubRequestHandler
Chris@4 25 {
Chris@4 26 /**
Chris@4 27 * @return Response
Chris@4 28 */
Chris@4 29 public static function handle(HttpKernelInterface $kernel, Request $request, $type, $catch)
Chris@4 30 {
Chris@4 31 // save global state related to trusted headers and proxies
Chris@4 32 $trustedProxies = Request::getTrustedProxies();
Chris@4 33 $trustedHeaderSet = Request::getTrustedHeaderSet();
Chris@4 34 if (\method_exists(Request::class, 'getTrustedHeaderName')) {
Chris@4 35 Request::setTrustedProxies($trustedProxies, -1);
Chris@4 36 $trustedHeaders = [
Chris@4 37 Request::HEADER_FORWARDED => Request::getTrustedHeaderName(Request::HEADER_FORWARDED, false),
Chris@4 38 Request::HEADER_X_FORWARDED_FOR => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_FOR, false),
Chris@4 39 Request::HEADER_X_FORWARDED_HOST => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_HOST, false),
Chris@4 40 Request::HEADER_X_FORWARDED_PROTO => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_PROTO, false),
Chris@4 41 Request::HEADER_X_FORWARDED_PORT => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_PORT, false),
Chris@4 42 ];
Chris@4 43 Request::setTrustedProxies($trustedProxies, $trustedHeaderSet);
Chris@4 44 } else {
Chris@4 45 $trustedHeaders = [
Chris@4 46 Request::HEADER_FORWARDED => 'FORWARDED',
Chris@4 47 Request::HEADER_X_FORWARDED_FOR => 'X_FORWARDED_FOR',
Chris@4 48 Request::HEADER_X_FORWARDED_HOST => 'X_FORWARDED_HOST',
Chris@4 49 Request::HEADER_X_FORWARDED_PROTO => 'X_FORWARDED_PROTO',
Chris@4 50 Request::HEADER_X_FORWARDED_PORT => 'X_FORWARDED_PORT',
Chris@4 51 ];
Chris@4 52 }
Chris@4 53
Chris@4 54 // remove untrusted values
Chris@4 55 $remoteAddr = $request->server->get('REMOTE_ADDR');
Chris@4 56 if (!IpUtils::checkIp($remoteAddr, $trustedProxies)) {
Chris@4 57 foreach ($trustedHeaders as $key => $name) {
Chris@4 58 if ($trustedHeaderSet & $key) {
Chris@4 59 $request->headers->remove($name);
Chris@4 60 $request->server->remove('HTTP_'.strtoupper(str_replace('-', '_', $name)));
Chris@4 61 }
Chris@4 62 }
Chris@4 63 }
Chris@4 64
Chris@4 65 // compute trusted values, taking any trusted proxies into account
Chris@4 66 $trustedIps = [];
Chris@4 67 $trustedValues = [];
Chris@4 68 foreach (array_reverse($request->getClientIps()) as $ip) {
Chris@4 69 $trustedIps[] = $ip;
Chris@4 70 $trustedValues[] = sprintf('for="%s"', $ip);
Chris@4 71 }
Chris@4 72 if ($ip !== $remoteAddr) {
Chris@4 73 $trustedIps[] = $remoteAddr;
Chris@4 74 $trustedValues[] = sprintf('for="%s"', $remoteAddr);
Chris@4 75 }
Chris@4 76
Chris@4 77 // set trusted values, reusing as much as possible the global trusted settings
Chris@4 78 if (Request::HEADER_FORWARDED & $trustedHeaderSet) {
Chris@4 79 $trustedValues[0] .= sprintf(';host="%s";proto=%s', $request->getHttpHost(), $request->getScheme());
Chris@4 80 $request->headers->set($name = $trustedHeaders[Request::HEADER_FORWARDED], $v = implode(', ', $trustedValues));
Chris@4 81 $request->server->set('HTTP_'.strtoupper(str_replace('-', '_', $name)), $v);
Chris@4 82 }
Chris@4 83 if (Request::HEADER_X_FORWARDED_FOR & $trustedHeaderSet) {
Chris@4 84 $request->headers->set($name = $trustedHeaders[Request::HEADER_X_FORWARDED_FOR], $v = implode(', ', $trustedIps));
Chris@4 85 $request->server->set('HTTP_'.strtoupper(str_replace('-', '_', $name)), $v);
Chris@4 86 } elseif (!(Request::HEADER_FORWARDED & $trustedHeaderSet)) {
Chris@4 87 Request::setTrustedProxies($trustedProxies, $trustedHeaderSet | Request::HEADER_X_FORWARDED_FOR);
Chris@4 88 $request->headers->set($name = $trustedHeaders[Request::HEADER_X_FORWARDED_FOR], $v = implode(', ', $trustedIps));
Chris@4 89 $request->server->set('HTTP_'.strtoupper(str_replace('-', '_', $name)), $v);
Chris@4 90 }
Chris@4 91
Chris@4 92 // fix the client IP address by setting it to 127.0.0.1,
Chris@4 93 // which is the core responsibility of this method
Chris@4 94 $request->server->set('REMOTE_ADDR', '127.0.0.1');
Chris@4 95
Chris@4 96 // ensure 127.0.0.1 is set as trusted proxy
Chris@4 97 if (!IpUtils::checkIp('127.0.0.1', $trustedProxies)) {
Chris@4 98 Request::setTrustedProxies(array_merge($trustedProxies, ['127.0.0.1']), Request::getTrustedHeaderSet());
Chris@4 99 }
Chris@4 100
Chris@4 101 try {
Chris@4 102 return $kernel->handle($request, $type, $catch);
Chris@4 103 } finally {
Chris@4 104 // restore global state
Chris@4 105 Request::setTrustedProxies($trustedProxies, $trustedHeaderSet);
Chris@4 106 }
Chris@4 107 }
Chris@4 108 }