Mercurial > hg > isophonics-drupal-site

view core/lib/Drupal/Core/PageCache/ChainResponsePolicy.php @ 13:5fb285c0d0e3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've been lucky to get away with this so far, as we don't support self-registration which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5 was vulnerable to.
author Chris Cannam
date Mon, 23 Apr 2018 09:33:26 +0100
parents 4c8ae668cc8c
children
line wrap: on
line source
<?php

namespace Drupal\Core\PageCache;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

/**
 * Implements a compound response policy.
 *
 * When evaluating the compound policy, all of the contained rules are applied
 * to the response. The overall result is computed according to the following
 * rules:
 *
 * <ol>
 *   <li>Returns static::DENY if any of the rules evaluated to static::DENY</li>
 *   <li>Otherwise returns NULL</li>
 * </ol>
 */
class ChainResponsePolicy implements ChainResponsePolicyInterface {

  /**
   * A list of policy rules to apply when this policy is checked.
   *
   * @var \Drupal\Core\PageCache\ResponsePolicyInterface[]
   */
  protected $rules = [];

  /**
   * {@inheritdoc}
   */
  public function check(Response $response, Request $request) {
    foreach ($this->rules as $rule) {
      $result = $rule->check($response, $request);
      if ($result === static::DENY) {
        return $result;
      }
      elseif (isset($result)) {
        throw new \UnexpectedValueException('Return value of ResponsePolicyInterface::check() must be one of ResponsePolicyInterface::DENY or NULL');
      }
    }
  }

  /**
   * {@inheritdoc}
   */
  public function addPolicy(ResponsePolicyInterface $policy) {
    $this->rules[] = $policy;
    return $this;
  }

}