Mercurial > hg > isophonics-drupal-site
view core/modules/ban/src/BanMiddleware.php @ 13:5fb285c0d0e3
Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've
been lucky to get away with this so far, as we don't support self-registration
which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5
was vulnerable to.
| author | Chris Cannam |
|---|---|
| date | Mon, 23 Apr 2018 09:33:26 +0100 |
| parents | 4c8ae668cc8c |
| children | 129ea1e6d783 |
line wrap: on
line source
<?php namespace Drupal\ban; use Drupal\Component\Utility\SafeMarkup; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\HttpKernelInterface; /** * Provides a HTTP middleware to implement IP based banning. */ class BanMiddleware implements HttpKernelInterface { /** * The decorated kernel. * * @var \Symfony\Component\HttpKernel\HttpKernelInterface */ protected $httpKernel; /** * The ban IP manager. * * @var \Drupal\ban\BanIpManagerInterface */ protected $banIpManager; /** * Constructs a BanMiddleware object. * * @param \Symfony\Component\HttpKernel\HttpKernelInterface $http_kernel * The decorated kernel. * @param \Drupal\ban\BanIpManagerInterface $manager * The ban IP manager. */ public function __construct(HttpKernelInterface $http_kernel, BanIpManagerInterface $manager) { $this->httpKernel = $http_kernel; $this->banIpManager = $manager; } /** * {@inheritdoc} */ public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = TRUE) { $ip = $request->getClientIp(); if ($this->banIpManager->isBanned($ip)) { return new Response(SafeMarkup::format('@ip has been banned', ['@ip' => $ip]), 403); } return $this->httpKernel->handle($request, $type, $catch); } }