/** * @Tag(expression="'item-'~id") */ public function itemAction(Request $request, $id) { if (!$request->isMethodSafe()) { $this->container->get('fos_http_cache.cache_manager')->invalidateTags(array('all-items')); } return new Response('Item ' . $id . ' invalidated'); }
/** * @param Request $request * @param bool $override */ public function setIntent(Request $request, $override = false) { if ($request->hasSession() && $request->isMethodSafe() && !$request->isXmlHttpRequest()) { if ($override || false === $this->hasIntent($request)) { $request->getSession()->set(self::SESSION_INTENT_KEY, $request->getUri()); } } }
protected function setTargetPath(Request $request) { if ($request->isXmlHttpRequest()) { return; } if ($request->hasSession() && ($request->isMethodSafe() || $request->get('_route') == 'engishop_front_cart_add')) { $request->getSession()->set('_security.' . $this->providerKey . '.target_path', $request->getUri()); } }
public function loginAction(Request $request) { if (!$this->hasRole('ROLE_USER')) { if ($request->hasSession() && $request->isMethodSafe()) { $referer = $request->headers->get('referer'); if (null !== $referer) { $request->getSession()->set('ddr.gitki.manuallogin.targetpath', $referer); } } throw new AuthenticationException(); } if ($request->hasSession() && $request->isMethodSafe()) { $targetPath = $request->getSession()->get('ddr.gitki.manuallogin.targetpath'); $request->getSession()->remove('ddr.gitki.manuallogin.targetpath'); if (null !== $targetPath) { return $this->redirect($targetPath); } } return $this->redirect($this->generateUrl('ddr_gitki_wiki_file', array('path' => '/index.md'))); }
public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true) { // Forbid direct AUTHENTICATE requests to get user hash if ($request->headers->get('X-HTTP-Override') === 'AUTHENTICATE' && $request->headers->get('Accept') === Kernel::USER_HASH_ACCEPT_HEADER) { return new Response('', 405); } if ($request->isMethodSafe()) { $request->headers->set('X-User-Hash', $this->kernel->generateUserHash($request)); } return parent::handle($request, $type, $catch); }
protected function validateRequest(Request $request) { // is the Request safe? if (!$request->isMethodSafe()) { throw new AccessDeniedHttpException(); } // is the Request signed? // we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering) if ($this->signer->check($request->getSchemeAndHttpHost() . $request->getBaseUrl() . $request->getPathInfo() . (null !== ($qs = $request->server->get('QUERY_STRING')) ? '?' . $qs : ''))) { return; } throw new AccessDeniedHttpException(); }
/** * Gets the base Twig context. * * @param Request $request * * @return array */ private function getContext(Request $request) : array { $context = ['title' => $this->title, 'description' => $this->description, 'formats' => $this->formats, 'shortName' => null, 'operationId' => null]; if (!$request->isMethodSafe() || null === ($resourceClass = $request->attributes->get('_api_resource_class'))) { return $context; } $metadata = $this->resourceMetadataFactory->create($resourceClass); $context['shortName'] = $metadata->getShortName(); if (null !== ($collectionOperationName = $request->attributes->get('_api_collection_operation_name'))) { $context['operationId'] = sprintf('%s%sCollection', $collectionOperationName, $context['shortName']); } elseif (null !== ($itemOperationName = $request->attributes->get('_api_item_operation_name'))) { $context['operationId'] = sprintf('%s%sItem', $itemOperationName, $context['shortName']); } return $context; }
protected function validateRequest(Request $request) { // is the Request safe? if (!$request->isMethodSafe()) { throw new AccessDeniedHttpException(); } // does the Request come from a trusted IP? $trustedIps = array_merge($this->getLocalIpAddresses(), $request->getTrustedProxies()); $remoteAddress = $request->server->get('REMOTE_ADDR'); if (IpUtils::checkIp($remoteAddress, $trustedIps)) { return; } // is the Request signed? // we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering) if ($this->signer->check($request->getSchemeAndHttpHost() . $request->getBaseUrl() . $request->getPathInfo() . (null !== ($qs = $request->server->get('QUERY_STRING')) ? '?' . $qs : ''))) { return; } throw new AccessDeniedHttpException(); }
/** * @param Request $request */ protected function setTargetPath(Request $request) { // session isn't required when using HTTP basic authentication mechanism for example if ($request->hasSession() && $request->isMethodSafe()) { $request->getSession()->set('_security.' . $this->providerKey . '.target_path', $request->getUri()); } }
/** * @dataProvider methodSafeProvider */ public function testMethodSafe($method, $safe) { $request = new Request(); $request->setMethod($method); $this->assertEquals($safe, $request->isMethodSafe()); }
/** * @param Request $request */ protected function setTargetPath(Request $request) { // session isn't required when using HTTP basic authentication mechanism for example if ($request->hasSession() && $request->isMethodSafe() && !$request->isXmlHttpRequest()) { $this->saveTargetPath($request->getSession(), $this->providerKey, $request->getUri()); } }
/** * Handles a Request. * * @param Request $request A Request instance * @param integer $type The type of the request (one of HttpKernelInterface::MASTER_REQUEST or HttpKernelInterface::SUB_REQUEST) * @param Boolean $raw Whether to catch exceptions or not (this is NOT used in this context) * * @return Symfony\Component\HttpFoundation\Response A Response instance */ public function handle(Request $request = null, $type = HttpKernelInterface::MASTER_REQUEST, $raw = false) { // FIXME: catch exceptions and implement a 500 error page here? -> in Varnish, there is a built-in error page mechanism if (null === $request) { $request = new Request(); } if (HttpKernelInterface::MASTER_REQUEST === $type) { $this->traces = array(); $this->request = $request; } $this->traces[$request->getMethod() . ' ' . $request->getPathInfo()] = array(); if (!$request->isMethodSafe($request)) { $response = $this->invalidate($request); } elseif ($request->headers->has('expect')) { $response = $this->pass($request); } else { $response = $this->lookup($request); } $response->isNotModified($request); if ('head' === strtolower($request->getMethod())) { $response->setContent(''); } else { $this->restoreResponseBody($response); } if (HttpKernelInterface::MASTER_REQUEST === $type && $this->options['debug']) { $response->headers->set('X-Symfony-Cache', $this->getLog()); } return $response; }
/** * Decide whether to even look for matching rules with the current request. * * @param Request $request * * @return bool True if the request is safe and headers can be set */ protected function isRequestSafe(Request $request) { return $request->isMethodSafe(); }
/** * @group legacy * @expectedDeprecation Checking only for cacheable HTTP methods with Symfony\Component\HttpFoundation\Request::isMethodSafe() is deprecated since version 3.2 and will throw an exception in 4.0. Disable checking only for cacheable methods by calling the method with `false` as first argument or use the Request::isMethodCacheable() instead. */ public function testMethodSafeChecksCacheable() { $request = new Request(); $request->setMethod('OPTIONS'); $this->assertFalse($request->isMethodSafe()); }
/** * {@inheritdoc} */ public function check(Request $request) { if ($this->isCli() || !$request->isMethodSafe()) { return static::DENY; } }
/** * {@inheritdoc} */ public function prepare(\Symfony\Component\HttpFoundation\Request $request) { $this->headers->set('Content-Length', $this->file->getSize()); if (!$this->headers->has('Accept-Ranges')) { // Only accept ranges on safe HTTP methods $this->headers->set('Accept-Ranges', $request->isMethodSafe() ? 'bytes' : 'none'); } if (!$this->headers->has('Content-Type')) { $this->headers->set('Content-Type', $this->file->getMimetype() ?: 'application/octet-stream'); } if ('HTTP/1.0' != $request->server->get('SERVER_PROTOCOL')) { $this->setProtocolVersion('1.1'); } $this->ensureIEOverSSLCompatibility($request); $this->offset = 0; $this->maxlen = -1; if ($request->headers->has('Range')) { // Process the range headers. if (!$request->headers->has('If-Range') || $this->getEtag() == $request->headers->get('If-Range')) { $range = $request->headers->get('Range'); $fileSize = $this->file->getSize(); list($start, $end) = explode('-', substr($range, 6), 2) + array(0); $end = '' === $end ? $fileSize - 1 : (int) $end; if ('' === $start) { $start = $fileSize - $end; $end = $fileSize - 1; } else { $start = (int) $start; } if ($start <= $end) { if ($start < 0 || $end > $fileSize - 1) { $this->setStatusCode(416); } elseif ($start !== 0 || $end !== $fileSize - 1) { $this->maxlen = $end < $fileSize ? $end - $start + 1 : -1; $this->offset = $start; $this->setStatusCode(206); $this->headers->set('Content-Range', sprintf('bytes %s-%s/%s', $start, $end, $fileSize)); $this->headers->set('Content-Length', $end - $start + 1); } } } } return $this; }
/** * {@inheritdoc} * * @api */ public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true) { // FIXME: catch exceptions and implement a 500 error page here? -> in Varnish, there is a built-in error page mechanism if (HttpKernelInterface::MASTER_REQUEST === $type) { $this->traces = array(); $this->request = $request; if (null !== $this->surrogate) { $this->surrogateCacheStrategy = $this->surrogate->createCacheStrategy(); } } $path = $request->getPathInfo(); if ($qs = $request->getQueryString()) { $path .= '?' . $qs; } $this->traces[$request->getMethod() . ' ' . $path] = array(); if (!$request->isMethodSafe()) { $response = $this->invalidate($request, $catch); } elseif ($request->headers->has('expect')) { $response = $this->pass($request, $catch); } else { $response = $this->lookup($request, $catch); } $this->restoreResponseBody($request, $response); $response->setDate(new \DateTime(null, new \DateTimeZone('UTC'))); if (HttpKernelInterface::MASTER_REQUEST === $type && $this->options['debug']) { $response->headers->set('X-Symfony-Cache', $this->getLog()); } if (null !== $this->surrogate) { if (HttpKernelInterface::MASTER_REQUEST === $type) { $this->surrogateCacheStrategy->update($response); } else { $this->surrogateCacheStrategy->add($response); } } $response->prepare($request); $response->isNotModified($request); return $response; }
/** * {@inheritdoc} */ public function prepare(Request $request) { $this->headers->set('Content-Length', $this->file->getSize()); if (!$this->headers->has('Accept-Ranges')) { // Only accept ranges on safe HTTP methods $this->headers->set('Accept-Ranges', $request->isMethodSafe() ? 'bytes' : 'none'); } if (!$this->headers->has('Content-Type')) { $this->headers->set('Content-Type', $this->file->getMimeType() ?: 'application/octet-stream'); } if ('HTTP/1.0' != $request->server->get('SERVER_PROTOCOL')) { $this->setProtocolVersion('1.1'); } $this->ensureIEOverSSLCompatibility($request); $this->offset = 0; $this->maxlen = -1; if (self::$trustXSendfileTypeHeader && $request->headers->has('X-Sendfile-Type')) { // Use X-Sendfile, do not send any content. $type = $request->headers->get('X-Sendfile-Type'); $path = $this->file->getRealPath(); // Fall back to scheme://path for stream wrapped locations. if (false === $path) { $path = $this->file->getPathname(); } if (strtolower($type) == 'x-accel-redirect') { // Do X-Accel-Mapping substitutions. // @link http://wiki.nginx.org/X-accel#X-Accel-Redirect foreach (explode(',', $request->headers->get('X-Accel-Mapping', '')) as $mapping) { $mapping = explode('=', $mapping, 2); if (2 == count($mapping)) { $pathPrefix = trim($mapping[0]); $location = trim($mapping[1]); if (substr($path, 0, strlen($pathPrefix)) == $pathPrefix) { $path = $location . substr($path, strlen($pathPrefix)); break; } } } } $this->headers->set($type, $path); $this->maxlen = 0; } elseif ($request->headers->has('Range')) { // Process the range headers. if (!$request->headers->has('If-Range') || $this->getEtag() == $request->headers->get('If-Range')) { $range = $request->headers->get('Range'); $fileSize = $this->file->getSize(); list($start, $end) = explode('-', substr($range, 6), 2) + array(0); $end = '' === $end ? $fileSize - 1 : (int) $end; if ('' === $start) { $start = $fileSize - $end; $end = $fileSize - 1; } else { $start = (int) $start; } if ($start <= $end) { if ($start < 0 || $end > $fileSize - 1) { $this->setStatusCode(416); } elseif ($start !== 0 || $end !== $fileSize - 1) { $this->maxlen = $end < $fileSize ? $end - $start + 1 : -1; $this->offset = $start; $this->setStatusCode(206); $this->headers->set('Content-Range', sprintf('bytes %s-%s/%s', $start, $end, $fileSize)); $this->headers->set('Content-Length', $end - $start + 1); } } } } return $this; }
/** * Determines the format to respond in. * * Respects the requested format if one is specified. However, it is common to * forget to specify a request format in case of a POST or PATCH. Rather than * simply throwing an error, we apply the robustness principle: when POSTing * or PATCHing using a certain format, you probably expect a response in that * same format. * * @param \Drupal\Core\Routing\RouteMatchInterface $route_match * The current route match. * @param \Symfony\Component\HttpFoundation\Request $request * The current request. * * @return string * The response format. */ protected function getResponseFormat(RouteMatchInterface $route_match, Request $request) { $route = $route_match->getRouteObject(); $acceptable_request_formats = $route->hasRequirement('_format') ? explode('|', $route->getRequirement('_format')) : []; $acceptable_content_type_formats = $route->hasRequirement('_content_type_format') ? explode('|', $route->getRequirement('_content_type_format')) : []; $acceptable_formats = $request->isMethodSafe() ? $acceptable_request_formats : $acceptable_content_type_formats; $requested_format = $request->getRequestFormat(); $content_type_format = $request->getContentType(); // If an acceptable format is requested, then use that. Otherwise, including // and particularly when the client forgot to specify a format, then use // heuristics to select the format that is most likely expected. if (in_array($requested_format, $acceptable_formats)) { return $requested_format; } elseif (!empty($request->getContent()) && in_array($content_type_format, $acceptable_content_type_formats)) { return $content_type_format; } elseif (!empty($acceptable_formats)) { return $acceptable_formats[0]; } else { return NULL; } }