public function match(Request $request) { if (in_array($request->method, ['GET', 'DELETE', 'HEAD', 'OPTIONS'])) { return true; } $contentType = HttpHelper::cleanContentType($request->server('CONTENT_TYPE')); if (!$contentType) { return true; } return in_array($contentType, $this->types); }
/** * @throws \App\Exception\HttpException */ protected function prepareContentType() { $format = $this->request->get('_format'); if (in_array($format, ['xml', 'json'])) { if ($format == 'xml') { $this->responseFormat = 'application/xml'; } else { $this->responseFormat = 'application/json'; } return; } if ($this->request->server('HTTP_ACCEPT')) { $accepts = $this->request->server('HTTP_ACCEPT'); $accepts = preg_split('/\\s*,\\s*/', $accepts, -1, PREG_SPLIT_NO_EMPTY); $formats = []; foreach ($accepts as $accept) { $cleaned = HttpHelper::cleanContentType($accept); $formats[] = $cleaned; if (in_array($cleaned, $this->acceptedFormats)) { // Temporarily forbid html format. if ($cleaned == self::FORMAT_HTML) { $cleaned = self::FORMAT_JSON; } $this->responseFormat = $cleaned; return; } } if (in_array('*/*', $formats)) { $this->responseFormat = self::FORMAT_JSON; return; } throw new HttpException('Please use another value for Accept header.', 406, null, 'Not Acceptable'); } }
/** * Changes request body to array if it is not url-encoded (but in json, xml formats). */ public function adjustRequestContentType() { if (in_array($this->method, ['GET', 'DELETE', 'HEAD', 'OPTIONS'])) { return; } if ($this->method == 'POST') { $fieldName = '_post'; } else { $fieldName = 'adjustedRawInputData'; } $contentType = HttpHelper::cleanContentType($this->server('CONTENT_TYPE')); if ($contentType == 'application/json') { $this->{$fieldName} = json_decode($this->rawRequestData(), true); if ($this->{$fieldName} === null) { throw new HttpException('Request data are malformed. Please check it.', 400, null, 'Bad Request'); } } else { if ($contentType == 'application/xml') { $requestBody = $this->rawRequestData(); // Inject XMLExternalEntity vulnerability if ($protected = !$this->pixie->vulnService->isVulnerableTo('XMLExternalEntity')) { libxml_disable_entity_loader(true); } else { libxml_disable_entity_loader(false); } try { $xml = simplexml_load_string($requestBody); } catch (\Exception $e) { if ($protected) { throw new HttpException('Invalid XML Body.', 400, $e, 'Bad Request'); } else { throw $e; } } if ($requestBody && $xml === false) { throw new HttpException('Request data are malformed. Please check it.', 400, null, 'Bad Request'); } $this->{$fieldName} = json_decode(json_encode($xml), true); } else { if ($fieldName == 'adjustedRawInputData') { $this->rawRequestData(); $this->{$fieldName} = $this->parseRawHttpRequest(); } } } $this->{$fieldName} = is_array($this->{$fieldName}) ? $this->{$fieldName} : []; }