public function match(Request $request)
{
if (in_array($request->method, ['GET', 'DELETE', 'HEAD', 'OPTIONS'])) {
return true;
}
$contentType = HttpHelper::cleanContentType($request->server('CONTENT_TYPE'));
if (!$contentType) {
return true;
}
return in_array($contentType, $this->types);
}
public function action_suggest_alias()
{
$this->jsonResponse(['alias' => HttpHelper::clearUrlSegment($this->request->get('alias'))]);
}
/**
* @throws \App\Exception\HttpException
*/
protected function prepareContentType()
{
$format = $this->request->get('_format');
if (in_array($format, ['xml', 'json'])) {
if ($format == 'xml') {
$this->responseFormat = 'application/xml';
} else {
$this->responseFormat = 'application/json';
}
return;
}
if ($this->request->server('HTTP_ACCEPT')) {
$accepts = $this->request->server('HTTP_ACCEPT');
$accepts = preg_split('/\\s*,\\s*/', $accepts, -1, PREG_SPLIT_NO_EMPTY);
$formats = [];
foreach ($accepts as $accept) {
$cleaned = HttpHelper::cleanContentType($accept);
$formats[] = $cleaned;
if (in_array($cleaned, $this->acceptedFormats)) {
// Temporarily forbid html format.
if ($cleaned == self::FORMAT_HTML) {
$cleaned = self::FORMAT_JSON;
}
$this->responseFormat = $cleaned;
return;
}
}
if (in_array('*/*', $formats)) {
$this->responseFormat = self::FORMAT_JSON;
return;
}
throw new HttpException('Please use another value for Accept header.', 406, null, 'Not Acceptable');
}
}
/**
* Changes request body to array if it is not url-encoded (but in json, xml formats).
*/
public function adjustRequestContentType()
{
if (in_array($this->method, ['GET', 'DELETE', 'HEAD', 'OPTIONS'])) {
return;
}
if ($this->method == 'POST') {
$fieldName = '_post';
} else {
$fieldName = 'adjustedRawInputData';
}
$contentType = HttpHelper::cleanContentType($this->server('CONTENT_TYPE'));
if ($contentType == 'application/json') {
$this->{$fieldName} = json_decode($this->rawRequestData(), true);
if ($this->{$fieldName} === null) {
throw new HttpException('Request data are malformed. Please check it.', 400, null, 'Bad Request');
}
} else {
if ($contentType == 'application/xml') {
$requestBody = $this->rawRequestData();
// Inject XMLExternalEntity vulnerability
if ($protected = !$this->pixie->vulnService->isVulnerableTo('XMLExternalEntity')) {
libxml_disable_entity_loader(true);
} else {
libxml_disable_entity_loader(false);
}
try {
$xml = simplexml_load_string($requestBody);
} catch (\Exception $e) {
if ($protected) {
throw new HttpException('Invalid XML Body.', 400, $e, 'Bad Request');
} else {
throw $e;
}
}
if ($requestBody && $xml === false) {
throw new HttpException('Request data are malformed. Please check it.', 400, null, 'Bad Request');
}
$this->{$fieldName} = json_decode(json_encode($xml), true);
} else {
if ($fieldName == 'adjustedRawInputData') {
$this->rawRequestData();
$this->{$fieldName} = $this->parseRawHttpRequest();
}
}
}
$this->{$fieldName} = is_array($this->{$fieldName}) ? $this->{$fieldName} : [];
}
