public static function handleRequest()
{
if (extension_loaded('newrelic')) {
newrelic_disable_autorum();
}
if (!Site::getConfig('inheritance_key')) {
Site::respondUnauthorized('Remote emergence access is disabled');
} elseif (empty($_REQUEST['accessKey']) || $_REQUEST['accessKey'] != Site::getConfig('inheritance_key')) {
// attempt to authenticate via developer session
if (!UserSession::getFromRequest()->hasAccountLevel('Developer')) {
Site::respondUnauthorized('Remote emergence access denied');
}
}
if ($_REQUEST['remote'] == 'parent') {
set_time_limit(1800);
$remoteParams = array();
if (!empty($_REQUEST['exclude'])) {
$remoteParams['exclude'] = $_REQUEST['exclude'];
}
HttpProxy::relayRequest(array('url' => static::buildUrl(Site::$pathStack, $remoteParams), 'autoAppend' => false, 'autoQuery' => false, 'timeout' => 500));
}
if (empty(Site::$pathStack[0])) {
return static::handleTreeRequest();
} elseif ($node = Site::resolvePath(Site::$pathStack)) {
if (method_exists($node, 'outputAsResponse')) {
$node->outputAsResponse(true);
} elseif (is_a($node, 'SiteCollection')) {
return static::handleTreeRequest($node);
} else {
Site::respondBadRequest();
}
} else {
header('HTTP/1.0 404 Not Found');
die('File not found');
}
}
function http_proxy_post($uri, $data, $pattern, $timeout = 20, $cfg = "proxy.cfg", $headers = array())
{
$http = new HttpProxy($cfg);
return $http->post($uri, $data, $pattern, $timeout, $headers);
}
function instantiateHttpProxy($decomposedForwardUrl, $relayedHeaders, $httpMethod)
{
global $cookieTransmissionAllowedFor;
$useHttps = $decomposedForwardUrl['scheme'] == 'https';
$host = $decomposedForwardUrl['host'];
$path = isset($decomposedForwardUrl['path']) ? $decomposedForwardUrl['path'] : '/';
$query = isset($decomposedForwardUrl['query']) ? $decomposedForwardUrl['query'] : '';
$proxyMethod = null;
$port = null;
$requestBody = '';
if (isset($decomposedForwardUrl['port'])) {
$port = $decomposedForwardUrl['port'];
} else {
$port = $useHttps ? 443 : 80;
}
switch ($httpMethod) {
case 'GET':
$proxyMethod = HttpProxy::METHOD_GET;
break;
case 'POST':
$proxyMethod = HttpProxy::METHOD_POST;
break;
case 'PUT':
$proxyMethod = HttpProxy::METHOD_PUT;
break;
case 'DELETE':
$proxyMethod = HttpProxy::METHOD_DELETE;
break;
}
// HttpProxy object instanciation.
$httpProxy = new HttpProxy($proxyMethod, $host, $port, $path, HttpProxy::VERSION_11, 4);
// HTTPS ?
$httpProxy->useHttps($useHttps);
// Do we include a request body ?
if ($httpMethod == 'POST' || $httpMethod == 'PUT') {
$httpProxy->setRequestBody(file_get_contents('php://input'));
}
// We forward request parameters. If the query contains other parameters, we have
// to append them to the Request URI.
foreach ($_GET as $getKey => $getValue) {
$httpProxy->setParameter($getKey, $getValue);
}
$params = explode('&', $query);
if ($params) {
foreach ($params as $p) {
$a = explode('=', $p);
// Take care of malform query strings ;) !
if (count($a) == 2) {
$httpProxy->setParameter($a[0], $a[1]);
}
}
}
// We set relayed response headers.
$httpProxy->setRelayedHeaders($relayedHeaders);
// Last, but not least (woooh ...), we set the headers that must be sent in
// in the proxified Request. Actually, all of them but user-agent, host, and connection
// that should be handled by the HttpProxy.
foreach ($_SERVER as $key => $value) {
$headerFound = false;
if (substr($key, 0, 4) == 'HTTP') {
$fieldName = strtolower(str_replace('_', '-', substr($key, 5, strlen($key))));
$fieldValue = $value;
if ($fieldName != 'host' && $fieldName != 'connection' && $fieldName != 'keep-alive' && $fieldName != 'user-agent' && $fieldName != 'x-forward-url' && $fieldName != 'x-method-emulation' && $fieldName != 'x-widget-authentication' && $fieldName != 'x-widget-id' && $fieldName != 'x-widget-locale') {
# Manage cookies special case
if ($fieldName == 'cookie') {
if (isset($_SERVER['HTTP_HOST']) && in_array($_SERVER['HTTP_HOST'], $cookieTransmissionAllowedFor)) {
$headerFound = true;
} else {
$headerFound = false;
}
} else {
$headerFound = true;
}
}
} else {
if ($key == 'CONTENT_TYPE') {
$headerFound = true;
$fieldName = 'content-type';
$fieldValue = $value;
}
}
if ($headerFound == true) {
$httpProxy->setRequestHeader($fieldName, $fieldValue);
}
}
// Relay the locale of the widget from the ajax queries, to enable the dynamic data localisation (for web services)
if (isset($_SERVER['HTTP_X_WIDGET_LOCALE'])) {
// Here HTTP_ACCEPT_LANGUAGE can be used but i prefere used another specific header to specify WS data requested,
// to avoid confusing in other part of the software (.cf Auth::getLanguage used into plugins)
$httpProxy->setRequestHeader('X-Widget-Locale', $_SERVER['HTTP_X_WIDGET_LOCALE']);
}
// HTTP Basic Authentication management.
if ((!isset($_SERVER['HTTP_X_WIDGET_AUTHENTICATION']) || $_SERVER['HTTP_X_WIDGET_AUTHENTICATION'] == 'disabled') && isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$httpProxy->setRequestHeader('Authorization', 'Basic ' . base64_encode($_SERVER['PHP_AUTH_USER'] . ':' . $_SERVER['PHP_AUTH_PW']));
}
// Widget authentication mechanism management.
if (isset($_SERVER['HTTP_X_WIDGET_AUTHENTICATION']) && $_SERVER['HTTP_X_WIDGET_AUTHENTICATION'] == 'enabled') {
$proof = Widgets::retrieveAuthenticationProof($_SERVER['HTTP_X_WIDGET_ID'], 'raw');
$httpProxy->setRequestHeader('Authorization', 'Basic ' . base64_encode($proof['identifier'] . ':' . $proof['signature']));
}
return $httpProxy;
}
/**
* To set up curl instance based on options, before invoking the request.
*
* @throws InvalidOperation
*/
protected function _finalize()
{
curl_setopt($this->_curlHandle, CURLOPT_URL, $this->_url);
switch ($this->_httpMethod) {
case HttpVerb::GET:
curl_setopt($this->_curlHandle, CURLOPT_HTTPGET, true);
break;
case HttpVerb::POST:
curl_setopt($this->_curlHandle, CURLOPT_POST, true);
break;
case HttpVerb::PUT:
curl_setopt($this->_curlHandle, CURLOPT_PUT, true);
break;
default:
/*To handle MERGE, DELETE, HEAD etc..*/
curl_setopt($this->_curlHandle, CURLOPT_CUSTOMREQUEST, $this->_httpMethod);
break;
}
if (isset($this->_credential)) {
if ($this->_credential->getCredentialType() == CredentialType::WINDOWS) {
$userNamePwd = $this->_credential->getUserName() . ":" . $this->_credential->getPassword();
curl_setopt($this->_curlHandle, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($this->_curlHandle, CURLOPT_USERPWD, $userNamePwd);
} else {
$this->_credential->SetProxy($this->_proxy);
$headers = $this->_credential->GetSingedHeaders($this->_url);
$this->Headers->CopyFrom($headers);
}
}
if (isset($this->_proxy)) {
$proxyip_port = $this->_proxy->getProxyAddress() . ":" . $this->_proxy->getProxyPort();
curl_setopt($this->_curlHandle, CURLOPT_PROXY, $proxyip_port);
$proxyUserName = $this->_proxy->getUserName();
if ($proxyUserName) {
curl_setopt($this->_curlHandle, CURLOPT_PROXYUSERPWD, $proxyUserName . ":" . $this->_proxy->getPassword());
curl_setopt($this->_curlHandle, CURLOPT_HTTPPROXYTUNNEL, 1);
}
}
if (!is_null($this->_requestBody)) {
if ($this->_isPostBody) {
if ($this->_httpMethod != HttpVerb::POST && $this->_httpMethod != HttpVerb::MERGE) {
throw new InvalidOperation(Resource::InvalidHttpVerbForSetPostBody);
}
curl_setopt($this->_curlHandle, CURLOPT_POSTFIELDS, $this->_requestBody);
//Here we should to set 'Content-Length' Header which is equal to
//the length of POST body. But setting this header explicitly
//cause server to return 'HTTP Error 400. The request verb is invalid'
//if we pass credential. Might be in cURL credential may be passed
//along with POST body, so the length we specifed not be correct.
//So do not specifiy this header. cURL will set this field based
//on correct post size
} else {
$this->_putFileHandle = tmpfile();
fwrite($this->_putFileHandle, $this->_requestBody);
fseek($this->_putFileHandle, 0);
curl_setopt($this->_curlHandle, CURLOPT_INFILE, $this->_putFileHandle);
curl_setopt($this->_curlHandle, CURLOPT_INFILESIZE, strlen($this->_requestBody));
}
}
$headers1 = array();
$headers2 = $this->Headers->GetAll();
foreach ($headers2 as $key => $value) {
$headers1[] = $key . ': ' . $value;
}
if (!empty($headers1)) {
curl_setopt($this->_curlHandle, CURLOPT_HTTPHEADER, $headers1);
}
}
