function instantiateHttpProxy($decomposedForwardUrl, $relayedHeaders, $httpMethod) { global $cookieTransmissionAllowedFor; $useHttps = $decomposedForwardUrl['scheme'] == 'https'; $host = $decomposedForwardUrl['host']; $path = isset($decomposedForwardUrl['path']) ? $decomposedForwardUrl['path'] : '/'; $query = isset($decomposedForwardUrl['query']) ? $decomposedForwardUrl['query'] : ''; $proxyMethod = null; $port = null; $requestBody = ''; if (isset($decomposedForwardUrl['port'])) { $port = $decomposedForwardUrl['port']; } else { $port = $useHttps ? 443 : 80; } switch ($httpMethod) { case 'GET': $proxyMethod = HttpProxy::METHOD_GET; break; case 'POST': $proxyMethod = HttpProxy::METHOD_POST; break; case 'PUT': $proxyMethod = HttpProxy::METHOD_PUT; break; case 'DELETE': $proxyMethod = HttpProxy::METHOD_DELETE; break; } // HttpProxy object instanciation. $httpProxy = new HttpProxy($proxyMethod, $host, $port, $path, HttpProxy::VERSION_11, 4); // HTTPS ? $httpProxy->useHttps($useHttps); // Do we include a request body ? if ($httpMethod == 'POST' || $httpMethod == 'PUT') { $httpProxy->setRequestBody(file_get_contents('php://input')); } // We forward request parameters. If the query contains other parameters, we have // to append them to the Request URI. foreach ($_GET as $getKey => $getValue) { $httpProxy->setParameter($getKey, $getValue); } $params = explode('&', $query); if ($params) { foreach ($params as $p) { $a = explode('=', $p); // Take care of malform query strings ;) ! if (count($a) == 2) { $httpProxy->setParameter($a[0], $a[1]); } } } // We set relayed response headers. $httpProxy->setRelayedHeaders($relayedHeaders); // Last, but not least (woooh ...), we set the headers that must be sent in // in the proxified Request. Actually, all of them but user-agent, host, and connection // that should be handled by the HttpProxy. foreach ($_SERVER as $key => $value) { $headerFound = false; if (substr($key, 0, 4) == 'HTTP') { $fieldName = strtolower(str_replace('_', '-', substr($key, 5, strlen($key)))); $fieldValue = $value; if ($fieldName != 'host' && $fieldName != 'connection' && $fieldName != 'keep-alive' && $fieldName != 'user-agent' && $fieldName != 'x-forward-url' && $fieldName != 'x-method-emulation' && $fieldName != 'x-widget-authentication' && $fieldName != 'x-widget-id' && $fieldName != 'x-widget-locale') { # Manage cookies special case if ($fieldName == 'cookie') { if (isset($_SERVER['HTTP_HOST']) && in_array($_SERVER['HTTP_HOST'], $cookieTransmissionAllowedFor)) { $headerFound = true; } else { $headerFound = false; } } else { $headerFound = true; } } } else { if ($key == 'CONTENT_TYPE') { $headerFound = true; $fieldName = 'content-type'; $fieldValue = $value; } } if ($headerFound == true) { $httpProxy->setRequestHeader($fieldName, $fieldValue); } } // Relay the locale of the widget from the ajax queries, to enable the dynamic data localisation (for web services) if (isset($_SERVER['HTTP_X_WIDGET_LOCALE'])) { // Here HTTP_ACCEPT_LANGUAGE can be used but i prefere used another specific header to specify WS data requested, // to avoid confusing in other part of the software (.cf Auth::getLanguage used into plugins) $httpProxy->setRequestHeader('X-Widget-Locale', $_SERVER['HTTP_X_WIDGET_LOCALE']); } // HTTP Basic Authentication management. if ((!isset($_SERVER['HTTP_X_WIDGET_AUTHENTICATION']) || $_SERVER['HTTP_X_WIDGET_AUTHENTICATION'] == 'disabled') && isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { $httpProxy->setRequestHeader('Authorization', 'Basic ' . base64_encode($_SERVER['PHP_AUTH_USER'] . ':' . $_SERVER['PHP_AUTH_PW'])); } // Widget authentication mechanism management. if (isset($_SERVER['HTTP_X_WIDGET_AUTHENTICATION']) && $_SERVER['HTTP_X_WIDGET_AUTHENTICATION'] == 'enabled') { $proof = Widgets::retrieveAuthenticationProof($_SERVER['HTTP_X_WIDGET_ID'], 'raw'); $httpProxy->setRequestHeader('Authorization', 'Basic ' . base64_encode($proof['identifier'] . ':' . $proof['signature'])); } return $httpProxy; }