Mercurial > hg > isophonics-drupal-site

comparison vendor/symfony/http-kernel/HttpCache/SubRequestHandler.php @ 17:129ea1e6d783

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update, including to Drupal core 8.6.10
author Chris Cannam
date Thu, 28 Feb 2019 13:21:36 +0000
parents
children
comparison
equal deleted inserted replaced
16:c2387f117808 17:129ea1e6d783
1 <?php
2
3 /*
4 * This file is part of the Symfony package.
5 *
6 * (c) Fabien Potencier <fabien@symfony.com>
7 *
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
10 */
11
12 namespace Symfony\Component\HttpKernel\HttpCache;
13
14 use Symfony\Component\HttpFoundation\IpUtils;
15 use Symfony\Component\HttpFoundation\Request;
16 use Symfony\Component\HttpFoundation\Response;
17 use Symfony\Component\HttpKernel\HttpKernelInterface;
18
19 /**
20 * @author Nicolas Grekas <p@tchwork.com>
21 *
22 * @internal
23 */
24 class SubRequestHandler
25 {
26 /**
27 * @return Response
28 */
29 public static function handle(HttpKernelInterface $kernel, Request $request, $type, $catch)
30 {
31 // save global state related to trusted headers and proxies
32 $trustedProxies = Request::getTrustedProxies();
33 $trustedHeaderSet = Request::getTrustedHeaderSet();
34 if (\method_exists(Request::class, 'getTrustedHeaderName')) {
35 Request::setTrustedProxies($trustedProxies, -1);
36 $trustedHeaders = [
37 Request::HEADER_FORWARDED => Request::getTrustedHeaderName(Request::HEADER_FORWARDED, false),
38 Request::HEADER_X_FORWARDED_FOR => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_FOR, false),
39 Request::HEADER_X_FORWARDED_HOST => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_HOST, false),
40 Request::HEADER_X_FORWARDED_PROTO => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_PROTO, false),
41 Request::HEADER_X_FORWARDED_PORT => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_PORT, false),
42 ];
43 Request::setTrustedProxies($trustedProxies, $trustedHeaderSet);
44 } else {
45 $trustedHeaders = [
46 Request::HEADER_FORWARDED => 'FORWARDED',
47 Request::HEADER_X_FORWARDED_FOR => 'X_FORWARDED_FOR',
48 Request::HEADER_X_FORWARDED_HOST => 'X_FORWARDED_HOST',
49 Request::HEADER_X_FORWARDED_PROTO => 'X_FORWARDED_PROTO',
50 Request::HEADER_X_FORWARDED_PORT => 'X_FORWARDED_PORT',
51 ];
52 }
53
54 // remove untrusted values
55 $remoteAddr = $request->server->get('REMOTE_ADDR');
56 if (!IpUtils::checkIp($remoteAddr, $trustedProxies)) {
57 foreach ($trustedHeaders as $key => $name) {
58 if ($trustedHeaderSet & $key) {
59 $request->headers->remove($name);
60 $request->server->remove('HTTP_'.strtoupper(str_replace('-', '_', $name)));
61 }
62 }
63 }
64
65 // compute trusted values, taking any trusted proxies into account
66 $trustedIps = [];
67 $trustedValues = [];
68 foreach (array_reverse($request->getClientIps()) as $ip) {
69 $trustedIps[] = $ip;
70 $trustedValues[] = sprintf('for="%s"', $ip);
71 }
72 if ($ip !== $remoteAddr) {
73 $trustedIps[] = $remoteAddr;
74 $trustedValues[] = sprintf('for="%s"', $remoteAddr);
75 }
76
77 // set trusted values, reusing as much as possible the global trusted settings
78 if (Request::HEADER_FORWARDED & $trustedHeaderSet) {
79 $trustedValues[0] .= sprintf(';host="%s";proto=%s', $request->getHttpHost(), $request->getScheme());
80 $request->headers->set($name = $trustedHeaders[Request::HEADER_FORWARDED], $v = implode(', ', $trustedValues));
81 $request->server->set('HTTP_'.strtoupper(str_replace('-', '_', $name)), $v);
82 }
83 if (Request::HEADER_X_FORWARDED_FOR & $trustedHeaderSet) {
84 $request->headers->set($name = $trustedHeaders[Request::HEADER_X_FORWARDED_FOR], $v = implode(', ', $trustedIps));
85 $request->server->set('HTTP_'.strtoupper(str_replace('-', '_', $name)), $v);
86 } elseif (!(Request::HEADER_FORWARDED & $trustedHeaderSet)) {
87 Request::setTrustedProxies($trustedProxies, $trustedHeaderSet | Request::HEADER_X_FORWARDED_FOR);
88 $request->headers->set($name = $trustedHeaders[Request::HEADER_X_FORWARDED_FOR], $v = implode(', ', $trustedIps));
89 $request->server->set('HTTP_'.strtoupper(str_replace('-', '_', $name)), $v);
90 }
91
92 // fix the client IP address by setting it to 127.0.0.1,
93 // which is the core responsibility of this method
94 $request->server->set('REMOTE_ADDR', '127.0.0.1');
95
96 // ensure 127.0.0.1 is set as trusted proxy
97 if (!IpUtils::checkIp('127.0.0.1', $trustedProxies)) {
98 Request::setTrustedProxies(array_merge($trustedProxies, ['127.0.0.1']), Request::getTrustedHeaderSet());
99 }
100
101 try {
102 return $kernel->handle($request, $type, $catch);
103 } finally {
104 // restore global state
105 Request::setTrustedProxies($trustedProxies, $trustedHeaderSet);
106 }
107 }
108 }