protected function prepareRequestUri()
{
$requestUri = '';
if ($this->headers->has('X_REWRITE_URL') && false !== stripos(PHP_OS, 'WIN')) {
// check this first so IIS will catch
$requestUri = $this->headers->get('X_REWRITE_URL');
} elseif ($this->server->get('IIS_WasUrlRewritten') == '1' && $this->server->get('UNENCODED_URL') != '') {
// IIS7 with URL Rewrite: make sure we get the unencoded url (double slash problem)
$requestUri = $this->server->get('UNENCODED_URL');
} elseif ($this->server->has('REQUEST_URI')) {
$requestUri = $this->server->get('REQUEST_URI');
// HTTP proxy reqs setup request uri with scheme and host [and port] + the url path, only use url path
$schemeAndHttpHost = $this->getScheme() . '://' . $this->getHttpHost();
if (strpos($requestUri, $schemeAndHttpHost) === 0) {
$requestUri = substr($requestUri, strlen($schemeAndHttpHost));
}
} elseif ($this->server->has('ORIG_PATH_INFO')) {
// IIS 5.0, PHP as CGI
$requestUri = $this->server->get('ORIG_PATH_INFO');
if ($this->server->get('QUERY_STRING')) {
$requestUri .= '?' . $this->server->get('QUERY_STRING');
}
}
return $requestUri;
}
/**
* @covers Symfony\Component\HttpFoundation\HeaderBag::replace
*/
public function testReplace()
{
$bag = new HeaderBag(array('foo' => 'bar'));
$bag->replace(array('NOPE' => 'BAR'));
$this->assertEquals(array('nope' => array('BAR')), $bag->all(), '->replace() replaces the input with the argument');
$this->assertFalse($bag->has('foo'), '->replace() overrides previously set the input');
}
/**
* PHP does not include HTTP_AUTHORIZATION in the $_SERVER array, so this header is missing.
* We retrieve it from apache_request_headers()
*
* @see https://github.com/symfony/symfony/issues/7170
*
* @param HeaderBag $headers
*/
private static function fixAuthHeader(\Symfony\Component\HttpFoundation\HeaderBag $headers)
{
if (!$headers->has('Authorization') && function_exists('apache_request_headers')) {
$all = apache_request_headers();
if (isset($all['Authorization'])) {
$headers->set('Authorization', $all['Authorization']);
}
}
}
/**
* PHP does not include HTTP_AUTHORIZATION in the $_SERVER array, so this header is missing.
* We retrieve it from apache_request_headers()
*
* @param HeaderBag $headers
*/
protected function fixAuthHeader(HeaderBag $headers)
{
if (!$headers->has('Authorization') && function_exists('apache_request_headers')) {
$all = apache_request_headers();
if (isset($all['Authorization'])) {
$headers->set('Authorization', $all['Authorization']);
}
if (isset($all['authorization'])) {
$headers->set('Authorization', $all['authorization']);
}
}
}
/**
* Verifies that the provided header has the expected/mandatory fields.
*
* @param ParameterBag|HeaderBag $header object representation of the request header.
* @param string $fieldName Name of the header field to be validated.
*
* @return void
* @throws \Symfony\Component\HttpKernel\Exception\HttpException
*/
protected function validateField($header, $fieldName)
{
$passed = $header->has($fieldName);
// return without exception so we can return a dummy user
if (true === $passed) {
// get rid of anything not a valid character
$authInfo = filter_var($header->get($fieldName), FILTER_SANITIZE_STRING);
// get rid of whitespaces
$patterns = array("\r\n", "\n", "\r", "\\s", "\t");
$authInfo = str_replace($patterns, "", trim($authInfo));
// get rid of control characters
if (empty($authInfo) || $authInfo !== preg_replace('#[[:cntrl:]]#i', '', $authInfo)) {
throw new HttpException(Response::HTTP_NETWORK_AUTHENTICATION_REQUIRED, 'Mandatory header field (' . $fieldName . ') not provided or invalid.');
}
}
}
protected function prepareRequestUri()
{
$requestUri = '';
if ($this->headers->has('X_ORIGINAL_URL')) {
// IIS with Microsoft Rewrite Module
$requestUri = $this->headers->get('X_ORIGINAL_URL');
$this->headers->remove('X_ORIGINAL_URL');
$this->server->remove('HTTP_X_ORIGINAL_URL');
$this->server->remove('UNENCODED_URL');
$this->server->remove('IIS_WasUrlRewritten');
} elseif ($this->headers->has('X_REWRITE_URL')) {
// IIS with ISAPI_Rewrite
$requestUri = $this->headers->get('X_REWRITE_URL');
$this->headers->remove('X_REWRITE_URL');
} elseif ($this->server->get('IIS_WasUrlRewritten') == '1' && $this->server->get('UNENCODED_URL') != '') {
// IIS7 with URL Rewrite: make sure we get the unencoded url (double slash problem)
$requestUri = $this->server->get('UNENCODED_URL');
$this->server->remove('UNENCODED_URL');
$this->server->remove('IIS_WasUrlRewritten');
} elseif ($this->server->has('REQUEST_URI')) {
$requestUri = $this->server->get('REQUEST_URI');
// HTTP proxy reqs setup request uri with scheme and host [and port] + the url path, only use url path
$schemeAndHttpHost = $this->getSchemeAndHttpHost();
if (strpos($requestUri, $schemeAndHttpHost) === 0) {
$requestUri = substr($requestUri, strlen($schemeAndHttpHost));
}
} elseif ($this->server->has('ORIG_PATH_INFO')) {
// IIS 5.0, PHP as CGI
$requestUri = $this->server->get('ORIG_PATH_INFO');
if ('' != $this->server->get('QUERY_STRING')) {
$requestUri .= '?' . $this->server->get('QUERY_STRING');
}
$this->server->remove('ORIG_PATH_INFO');
}
// normalize the request URI to ease creating sub-requests from this request
$this->server->set('REQUEST_URI', $requestUri);
return $requestUri;
}
/**
* Returns true if the response includes headers that can be used to validate
* the response with the origin server using a conditional GET request.
*
* @return Boolean true if the response is validateable, false otherwise
*/
public function isValidateable()
{
return $this->headers->has('Last-Modified') || $this->headers->has('ETag');
}
/**
* Return the content digest from the headers.
* The content digest should be set by the Symfony HTTP cache before
* this method is invoked.
*
* If the content digest cannot be found then a \RuntimeException
* is thrown.
*
* @param HeaderBag $headers
*
* @throws RuntimeException
*
* @return string
*/
private function getContentDigestFromHeaders(HeaderBag $headers)
{
if (!$headers->has($this->options['header_content_digest'])) {
throw new \RuntimeException(sprintf('Could not find content digest header: "%s". Got headers: "%s"', $this->options['header_content_digest'], implode('", "', array_keys($headers->all()))));
}
return $headers->get($this->options['header_content_digest']);
}
/**
* Returns true if the response must be revalidated by caches.
*
* This method indicates that the response must not be served stale by a
* cache in any circumstance without first revalidating with the origin.
* When present, the TTL of the response should not be overridden to be
* greater than the value provided by the origin.
*
* @return Boolean true if the response must be revalidated by a cache, false otherwise
*/
public function mustRevalidate()
{
return $this->headers->hasCacheControlDirective('must-revalidate') || $this->headers->has('must-proxy-revalidate');
}
protected function getProgramByOrigin(HeaderBag $headers)
{
$program = null;
if ($headers->has('Origin')) {
$host = parse_url($headers->get('Origin'), PHP_URL_HOST);
/** @var \Petrosoft\LoyaltyBundle\Models\FrontSiteSettings\Collection $siteCol */
$siteCol = $this->meetz->collection('Loyalty:Models\\FrontSiteSettings');
$siteCol->addFieldToFilter('hosts', array($host), 'in');
$siteSettings = $siteCol->getFirstItem();
if (!$siteSettings->isObjectNew()) {
$program = $siteSettings->getData('loyalty_program_id');
if ($program instanceof \MongoId) {
$program = $program->{'$id'};
}
}
}
return $program;
}
/**
* Validate the Accept header of the Request
* @link http://jsonapi.org/format/#content-negotiation-servers
*
* - Accept MUST be `application/vnd.api+json`
* - Accept MUST NOT contain any media type parameters
*
* @param HeaderBag $headerBag The headers of the Request
* @throws \Symfony\Component\HttpKernel\Exception\HttpException If invalid request Accept
*/
private function validateRequestAccept(HeaderBag $headerBag)
{
if ($headerBag->has('Accept')) {
// Validate MediaType
$mediaType = $this->convertMediaType($headerBag->get('Accept'));
if ($mediaType && 'application/vnd.api+json' === $mediaType['type']) {
// Valid media type found
if (!empty($mediaType['parameters'])) {
// Media type parameters are not allowed
throw new HttpException('406', 'Accept header MUST NOT have any media type parameters.');
}
}
}
}
/**
* Returns the client IP addresses.
*
* In the returned array the most trusted IP address is first, and the
* least trusted one last. The "real" client IP address is the last one,
* but this is also the least trusted one. Trusted proxies are stripped.
*
* Use this method carefully; you should use getClientIp() instead.
*
* @return array The client IP addresses
*
* @see getClientIp()
*/
public function getClientIps()
{
$ip = $this->server->get('REMOTE_ADDR');
if (!self::$trustedProxies) {
return array($ip);
}
if (!self::$trustedHeaders[self::HEADER_CLIENT_IP] || !$this->headers->has(self::$trustedHeaders[self::HEADER_CLIENT_IP])) {
return array($ip);
}
$clientIps = array_map('trim', explode(',', $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_IP])));
$clientIps[] = $ip;
// Complete the IP chain with the IP the request actually came from
$ip = $clientIps[0];
// Fallback to this when the client IP falls into the range of trusted proxies
// Eliminate all IPs from the forwarded IP chain which are trusted proxies
foreach ($clientIps as $key => $clientIp) {
if (IpUtils::checkIp($clientIp, self::$trustedProxies)) {
unset($clientIps[$key]);
}
}
// Now the IP chain contains only untrusted proxies and the client IP
return $clientIps ? array_reverse($clientIps) : array($ip);
}
/**
* Returns the client IP addresses.
*
* In the returned array the most trusted IP address is first, and the
* least trusted one last. The "real" client IP address is the last one,
* but this is also the least trusted one. Trusted proxies are stripped.
*
* Use this method carefully; you should use getClientIp() instead.
*
* @return array The client IP addresses
*
* @see getClientIp()
*/
public function getClientIps()
{
$clientIps = array();
$ip = $this->server->get('REMOTE_ADDR');
if (!$this->isFromTrustedProxy()) {
return array($ip);
}
if (self::$trustedHeaders[self::HEADER_FORWARDED] && $this->headers->has(self::$trustedHeaders[self::HEADER_FORWARDED])) {
$forwardedHeader = $this->headers->get(self::$trustedHeaders[self::HEADER_FORWARDED]);
preg_match_all('{(for)=("?\\[?)([a-z0-9\\.:_\\-/]*)}', $forwardedHeader, $matches);
$clientIps = $matches[3];
} elseif (self::$trustedHeaders[self::HEADER_CLIENT_IP] && $this->headers->has(self::$trustedHeaders[self::HEADER_CLIENT_IP])) {
$clientIps = array_map('trim', explode(',', $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_IP])));
}
$clientIps[] = $ip;
// Complete the IP chain with the IP the request actually came from
$ip = $clientIps[0];
// Fallback to this when the client IP falls into the range of trusted proxies
foreach ($clientIps as $key => $clientIp) {
// Remove port (unfortunately, it does happen)
if (preg_match('{((?:\\d+\\.){3}\\d+)\\:\\d+}', $clientIp, $match)) {
$clientIps[$key] = $clientIp = $match[1];
}
if (IpUtils::checkIp($clientIp, self::$trustedProxies)) {
unset($clientIps[$key]);
}
}
// Now the IP chain contains only untrusted proxies and the client IP
return $clientIps ? array_reverse($clientIps) : array($ip);
}
/**
* Returns the client IP addresses.
*
* In the returned array the most trusted IP address is first, and the
* least trusted one last. The "real" client IP address is the last one,
* but this is also the least trusted one. Trusted proxies are stripped.
*
* Use this method carefully; you should use getClientIp() instead.
*
* @return array The client IP addresses
*
* @see getClientIp()
*/
public function getClientIps()
{
$ip = $this->server->get('REMOTE_ADDR');
if (!$this->isFromTrustedProxy()) {
return array($ip);
}
if (!self::$trustedHeaders[self::HEADER_CLIENT_IP] || !$this->headers->has(self::$trustedHeaders[self::HEADER_CLIENT_IP])) {
return array($ip);
}
$clientIps = array_map('trim', explode(',', $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_IP])));
$clientIps[] = $ip;
// Complete the IP chain with the IP the request actually came from
$ip = $clientIps[0];
// Fallback to this when the client IP falls into the range of trusted proxies
// Eliminate all IPs from the forwarded IP chain which are trusted proxies
foreach ($clientIps as $key => $clientIp) {
// Remove port on IPv4 address (unfortunately, it does happen)
if (preg_match('{((?:\\d+\\.){3}\\d+)\\:\\d+}', $clientIp, $match)) {
$clientIps[$key] = $clientIp = $match[1];
}
if (IpUtils::checkIp($clientIp, self::$trustedProxies)) {
unset($clientIps[$key]);
}
}
// Now the IP chain contains only untrusted proxies and the client IP
return $clientIps ? array_reverse($clientIps) : array($ip);
}
/**
* @param HeaderBag $headers
*/
public function fixHeaderBag(HeaderBag $headers)
{
if (!$headers->has('Authorization')) {
$headers->set('Authorization', $this->getAuthorizationHeader());
}
}
