function instantiateHttpProxy($decomposedForwardUrl, $relayedHeaders, $httpMethod)
{
global $cookieTransmissionAllowedFor;
$useHttps = $decomposedForwardUrl['scheme'] == 'https';
$host = $decomposedForwardUrl['host'];
$path = isset($decomposedForwardUrl['path']) ? $decomposedForwardUrl['path'] : '/';
$query = isset($decomposedForwardUrl['query']) ? $decomposedForwardUrl['query'] : '';
$proxyMethod = null;
$port = null;
$requestBody = '';
if (isset($decomposedForwardUrl['port'])) {
$port = $decomposedForwardUrl['port'];
} else {
$port = $useHttps ? 443 : 80;
}
switch ($httpMethod) {
case 'GET':
$proxyMethod = HttpProxy::METHOD_GET;
break;
case 'POST':
$proxyMethod = HttpProxy::METHOD_POST;
break;
case 'PUT':
$proxyMethod = HttpProxy::METHOD_PUT;
break;
case 'DELETE':
$proxyMethod = HttpProxy::METHOD_DELETE;
break;
}
// HttpProxy object instanciation.
$httpProxy = new HttpProxy($proxyMethod, $host, $port, $path, HttpProxy::VERSION_11, 4);
// HTTPS ?
$httpProxy->useHttps($useHttps);
// Do we include a request body ?
if ($httpMethod == 'POST' || $httpMethod == 'PUT') {
$httpProxy->setRequestBody(file_get_contents('php://input'));
}
// We forward request parameters. If the query contains other parameters, we have
// to append them to the Request URI.
foreach ($_GET as $getKey => $getValue) {
$httpProxy->setParameter($getKey, $getValue);
}
$params = explode('&', $query);
if ($params) {
foreach ($params as $p) {
$a = explode('=', $p);
// Take care of malform query strings ;) !
if (count($a) == 2) {
$httpProxy->setParameter($a[0], $a[1]);
}
}
}
// We set relayed response headers.
$httpProxy->setRelayedHeaders($relayedHeaders);
// Last, but not least (woooh ...), we set the headers that must be sent in
// in the proxified Request. Actually, all of them but user-agent, host, and connection
// that should be handled by the HttpProxy.
foreach ($_SERVER as $key => $value) {
$headerFound = false;
if (substr($key, 0, 4) == 'HTTP') {
$fieldName = strtolower(str_replace('_', '-', substr($key, 5, strlen($key))));
$fieldValue = $value;
if ($fieldName != 'host' && $fieldName != 'connection' && $fieldName != 'keep-alive' && $fieldName != 'user-agent' && $fieldName != 'x-forward-url' && $fieldName != 'x-method-emulation' && $fieldName != 'x-widget-authentication' && $fieldName != 'x-widget-id' && $fieldName != 'x-widget-locale') {
# Manage cookies special case
if ($fieldName == 'cookie') {
if (isset($_SERVER['HTTP_HOST']) && in_array($_SERVER['HTTP_HOST'], $cookieTransmissionAllowedFor)) {
$headerFound = true;
} else {
$headerFound = false;
}
} else {
$headerFound = true;
}
}
} else {
if ($key == 'CONTENT_TYPE') {
$headerFound = true;
$fieldName = 'content-type';
$fieldValue = $value;
}
}
if ($headerFound == true) {
$httpProxy->setRequestHeader($fieldName, $fieldValue);
}
}
// Relay the locale of the widget from the ajax queries, to enable the dynamic data localisation (for web services)
if (isset($_SERVER['HTTP_X_WIDGET_LOCALE'])) {
// Here HTTP_ACCEPT_LANGUAGE can be used but i prefere used another specific header to specify WS data requested,
// to avoid confusing in other part of the software (.cf Auth::getLanguage used into plugins)
$httpProxy->setRequestHeader('X-Widget-Locale', $_SERVER['HTTP_X_WIDGET_LOCALE']);
}
// HTTP Basic Authentication management.
if ((!isset($_SERVER['HTTP_X_WIDGET_AUTHENTICATION']) || $_SERVER['HTTP_X_WIDGET_AUTHENTICATION'] == 'disabled') && isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$httpProxy->setRequestHeader('Authorization', 'Basic ' . base64_encode($_SERVER['PHP_AUTH_USER'] . ':' . $_SERVER['PHP_AUTH_PW']));
}
// Widget authentication mechanism management.
if (isset($_SERVER['HTTP_X_WIDGET_AUTHENTICATION']) && $_SERVER['HTTP_X_WIDGET_AUTHENTICATION'] == 'enabled') {
$proof = Widgets::retrieveAuthenticationProof($_SERVER['HTTP_X_WIDGET_ID'], 'raw');
$httpProxy->setRequestHeader('Authorization', 'Basic ' . base64_encode($proof['identifier'] . ':' . $proof['signature']));
}
return $httpProxy;
}
