This is mainly useful when you need to override the Request class
to keep BC with an existing system. It should not be used for any
other purpose.
| public static setFactory ( callable | null $callable ) | ||
| $callable | callable | null | A PHP callable |
/**
* @param string $type
*/
private static function configureFactory($type)
{
if (version_compare(Kernel::VERSION, '2.5', '<')) {
// nothing to configure as Request::setFactory require SF > 2.5
return;
}
if (!in_array($type, array('host_with_path', 'host_with_path_by_locale'))) {
return;
}
Request::setFactory(function (array $query = array(), array $request = array(), array $attributes = array(), array $cookies = array(), array $files = array(), array $server = array(), $content = null) {
return new SiteRequest($query, $request, $attributes, $cookies, $files, $server, $content);
});
}
/**
* Tests hostname validation with settings.
*
* @covers ::setupTrustedHosts
* @dataProvider providerTestTrustedHosts
*/
public function testTrustedHosts($host, $server_name, $message, $expected = FALSE)
{
$request = new Request();
$trusted_host_patterns = ['^example\\.com$', '^.+\\.example\\.com$', '^example\\.org', '^.+\\.example\\.org'];
if (!empty($host)) {
$request->headers->set('HOST', $host);
}
$request->server->set('SERVER_NAME', $server_name);
$method = new \ReflectionMethod('Drupal\\Core\\DrupalKernel', 'setupTrustedHosts');
$method->setAccessible(TRUE);
$valid_host = $method->invoke(null, $request, $trusted_host_patterns);
$this->assertSame($expected, $valid_host, $message);
// Reset the trusted hosts because it is statically stored on the request.
$method->invoke(null, $request, []);
// Reset the request factory because it is statically stored on the request.
Request::setFactory(NULL);
}
public function testFactory()
{
Request::setFactory(function (array $query = array(), array $request = array(), array $attributes = array(), array $cookies = array(), array $files = array(), array $server = array(), $content = null) {
return new NewRequest();
});
$this->assertEquals('foo', Request::create('/')->getFoo());
Request::setFactory(null);
}
/**
* Sets up the lists of trusted HTTP Host headers.
*
* Since the HTTP Host header can be set by the user making the request, it
* is possible to create an attack vectors against a site by overriding this.
* Symfony provides a mechanism for creating a list of trusted Host values.
*
* Host patterns (as regular expressions) can be configured throught
* settings.php for multisite installations, sites using ServerAlias without
* canonical redirection, or configurations where the site responds to default
* requests. For example,
*
* @code
* $settings['trusted_host_patterns'] = array(
* '^example\.com$',
* '^*.example\.com$',
* );
* @endcode
*
* @param \Symfony\Component\HttpFoundation\Request $request
* The request object.
* @param array $host_patterns
* The array of trusted host patterns.
*
* @return boolean
* TRUE if the Host header is trusted, FALSE otherwise.
*
* @see https://www.drupal.org/node/1992030
* @see \Drupal\Core\Http\TrustedHostsRequestFactory
*/
protected static function setupTrustedHosts(Request $request, $host_patterns)
{
$request->setTrustedHosts($host_patterns);
// Get the host, which will validate the current request.
try {
$host = $request->getHost();
// Fake requests created through Request::create() without passing in the
// server variables from the main request have a default host of
// 'localhost'. If 'localhost' does not match any of the trusted host
// patterns these fake requests would fail the host verification. Instead,
// TrustedHostsRequestFactory makes sure to pass in the server variables
// from the main request.
$request_factory = new TrustedHostsRequestFactory($host);
Request::setFactory([$request_factory, 'createRequest']);
} catch (\UnexpectedValueException $e) {
return FALSE;
}
return TRUE;
}
public function tearDown()
{
if ($this->hasFactory) {
Request::setFactory(null);
}
}
