Mercurial > hg > isophonics-drupal-site

annotate vendor/symfony/http-kernel/HttpCache/SubRequestHandler.php @ 19:fa3358dc1485 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents 129ea1e6d783
children
rev   line source
Chris@17 1 <?php
Chris@17 2
Chris@17 3 /*
Chris@17 4 * This file is part of the Symfony package.
Chris@17 5 *
Chris@17 6 * (c) Fabien Potencier <fabien@symfony.com>
Chris@17 7 *
Chris@17 8 * For the full copyright and license information, please view the LICENSE
Chris@17 9 * file that was distributed with this source code.
Chris@17 10 */
Chris@17 11
Chris@17 12 namespace Symfony\Component\HttpKernel\HttpCache;
Chris@17 13
Chris@17 14 use Symfony\Component\HttpFoundation\IpUtils;
Chris@17 15 use Symfony\Component\HttpFoundation\Request;
Chris@17 16 use Symfony\Component\HttpFoundation\Response;
Chris@17 17 use Symfony\Component\HttpKernel\HttpKernelInterface;
Chris@17 18
Chris@17 19 /**
Chris@17 20 * @author Nicolas Grekas <p@tchwork.com>
Chris@17 21 *
Chris@17 22 * @internal
Chris@17 23 */
Chris@17 24 class SubRequestHandler
Chris@17 25 {
Chris@17 26 /**
Chris@17 27 * @return Response
Chris@17 28 */
Chris@17 29 public static function handle(HttpKernelInterface $kernel, Request $request, $type, $catch)
Chris@17 30 {
Chris@17 31 // save global state related to trusted headers and proxies
Chris@17 32 $trustedProxies = Request::getTrustedProxies();
Chris@17 33 $trustedHeaderSet = Request::getTrustedHeaderSet();
Chris@17 34 if (\method_exists(Request::class, 'getTrustedHeaderName')) {
Chris@17 35 Request::setTrustedProxies($trustedProxies, -1);
Chris@17 36 $trustedHeaders = [
Chris@17 37 Request::HEADER_FORWARDED => Request::getTrustedHeaderName(Request::HEADER_FORWARDED, false),
Chris@17 38 Request::HEADER_X_FORWARDED_FOR => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_FOR, false),
Chris@17 39 Request::HEADER_X_FORWARDED_HOST => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_HOST, false),
Chris@17 40 Request::HEADER_X_FORWARDED_PROTO => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_PROTO, false),
Chris@17 41 Request::HEADER_X_FORWARDED_PORT => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_PORT, false),
Chris@17 42 ];
Chris@17 43 Request::setTrustedProxies($trustedProxies, $trustedHeaderSet);
Chris@17 44 } else {
Chris@17 45 $trustedHeaders = [
Chris@17 46 Request::HEADER_FORWARDED => 'FORWARDED',
Chris@17 47 Request::HEADER_X_FORWARDED_FOR => 'X_FORWARDED_FOR',
Chris@17 48 Request::HEADER_X_FORWARDED_HOST => 'X_FORWARDED_HOST',
Chris@17 49 Request::HEADER_X_FORWARDED_PROTO => 'X_FORWARDED_PROTO',
Chris@17 50 Request::HEADER_X_FORWARDED_PORT => 'X_FORWARDED_PORT',
Chris@17 51 ];
Chris@17 52 }
Chris@17 53
Chris@17 54 // remove untrusted values
Chris@17 55 $remoteAddr = $request->server->get('REMOTE_ADDR');
Chris@17 56 if (!IpUtils::checkIp($remoteAddr, $trustedProxies)) {
Chris@17 57 foreach ($trustedHeaders as $key => $name) {
Chris@17 58 if ($trustedHeaderSet & $key) {
Chris@17 59 $request->headers->remove($name);
Chris@17 60 $request->server->remove('HTTP_'.strtoupper(str_replace('-', '_', $name)));
Chris@17 61 }
Chris@17 62 }
Chris@17 63 }
Chris@17 64
Chris@17 65 // compute trusted values, taking any trusted proxies into account
Chris@17 66 $trustedIps = [];
Chris@17 67 $trustedValues = [];
Chris@17 68 foreach (array_reverse($request->getClientIps()) as $ip) {
Chris@17 69 $trustedIps[] = $ip;
Chris@17 70 $trustedValues[] = sprintf('for="%s"', $ip);
Chris@17 71 }
Chris@17 72 if ($ip !== $remoteAddr) {
Chris@17 73 $trustedIps[] = $remoteAddr;
Chris@17 74 $trustedValues[] = sprintf('for="%s"', $remoteAddr);
Chris@17 75 }
Chris@17 76
Chris@17 77 // set trusted values, reusing as much as possible the global trusted settings
Chris@17 78 if (Request::HEADER_FORWARDED & $trustedHeaderSet) {
Chris@17 79 $trustedValues[0] .= sprintf(';host="%s";proto=%s', $request->getHttpHost(), $request->getScheme());
Chris@17 80 $request->headers->set($name = $trustedHeaders[Request::HEADER_FORWARDED], $v = implode(', ', $trustedValues));
Chris@17 81 $request->server->set('HTTP_'.strtoupper(str_replace('-', '_', $name)), $v);
Chris@17 82 }
Chris@17 83 if (Request::HEADER_X_FORWARDED_FOR & $trustedHeaderSet) {
Chris@17 84 $request->headers->set($name = $trustedHeaders[Request::HEADER_X_FORWARDED_FOR], $v = implode(', ', $trustedIps));
Chris@17 85 $request->server->set('HTTP_'.strtoupper(str_replace('-', '_', $name)), $v);
Chris@17 86 } elseif (!(Request::HEADER_FORWARDED & $trustedHeaderSet)) {
Chris@17 87 Request::setTrustedProxies($trustedProxies, $trustedHeaderSet | Request::HEADER_X_FORWARDED_FOR);
Chris@17 88 $request->headers->set($name = $trustedHeaders[Request::HEADER_X_FORWARDED_FOR], $v = implode(', ', $trustedIps));
Chris@17 89 $request->server->set('HTTP_'.strtoupper(str_replace('-', '_', $name)), $v);
Chris@17 90 }
Chris@17 91
Chris@17 92 // fix the client IP address by setting it to 127.0.0.1,
Chris@17 93 // which is the core responsibility of this method
Chris@17 94 $request->server->set('REMOTE_ADDR', '127.0.0.1');
Chris@17 95
Chris@17 96 // ensure 127.0.0.1 is set as trusted proxy
Chris@17 97 if (!IpUtils::checkIp('127.0.0.1', $trustedProxies)) {
Chris@17 98 Request::setTrustedProxies(array_merge($trustedProxies, ['127.0.0.1']), Request::getTrustedHeaderSet());
Chris@17 99 }
Chris@17 100
Chris@17 101 try {
Chris@17 102 return $kernel->handle($request, $type, $catch);
Chris@17 103 } finally {
Chris@17 104 // restore global state
Chris@17 105 Request::setTrustedProxies($trustedProxies, $trustedHeaderSet);
Chris@17 106 }
Chris@17 107 }
Chris@17 108 }