yaffs.net Git - yaffs-website/blob - vendor/symfony/http-kernel/HttpCache/SubRequestHandler.php

   1 <?php
   2
   3 /*
   4  * This file is part of the Symfony package.
   5  *
   6  * (c) Fabien Potencier <fabien@symfony.com>
   7  *
   8  * For the full copyright and license information, please view the LICENSE
   9  * file that was distributed with this source code.
  10  */
  11
  12 namespace Symfony\Component\HttpKernel\HttpCache;
  13
  14 use Symfony\Component\HttpFoundation\IpUtils;
  15 use Symfony\Component\HttpFoundation\Request;
  16 use Symfony\Component\HttpFoundation\Response;
  17 use Symfony\Component\HttpKernel\HttpKernelInterface;
  18
  19 /**
  20  * @author Nicolas Grekas <p@tchwork.com>
  21  *
  22  * @internal
  23  */
  24 class SubRequestHandler
  25 {
  26     /**
  27      * @return Response
  28      */
  29     public static function handle(HttpKernelInterface $kernel, Request $request, $type, $catch)
  30     {
  31         // save global state related to trusted headers and proxies
  32         $trustedProxies = Request::getTrustedProxies();
  33         $trustedHeaderSet = Request::getTrustedHeaderSet();
  34         if (\method_exists(Request::class, 'getTrustedHeaderName')) {
  35             Request::setTrustedProxies($trustedProxies, -1);
  36             $trustedHeaders = array(
  37                 Request::HEADER_FORWARDED => Request::getTrustedHeaderName(Request::HEADER_FORWARDED, false),
  38                 Request::HEADER_X_FORWARDED_FOR => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_FOR, false),
  39                 Request::HEADER_X_FORWARDED_HOST => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_HOST, false),
  40                 Request::HEADER_X_FORWARDED_PROTO => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_PROTO, false),
  41                 Request::HEADER_X_FORWARDED_PORT => Request::getTrustedHeaderName(Request::HEADER_X_FORWARDED_PORT, false),
  42             );
  43             Request::setTrustedProxies($trustedProxies, $trustedHeaderSet);
  44         } else {
  45             $trustedHeaders = array(
  46                 Request::HEADER_FORWARDED => 'FORWARDED',
  47                 Request::HEADER_X_FORWARDED_FOR => 'X_FORWARDED_FOR',
  48                 Request::HEADER_X_FORWARDED_HOST => 'X_FORWARDED_HOST',
  49                 Request::HEADER_X_FORWARDED_PROTO => 'X_FORWARDED_PROTO',
  50                 Request::HEADER_X_FORWARDED_PORT => 'X_FORWARDED_PORT',
  51             );
  52         }
  53
  54         // remove untrusted values
  55         $remoteAddr = $request->server->get('REMOTE_ADDR');
  56         if (!IpUtils::checkIp($remoteAddr, $trustedProxies)) {
  57             foreach ($trustedHeaders as $key => $name) {
  58                 if ($trustedHeaderSet & $key) {
  59                     $request->headers->remove($name);
  60                     $request->server->remove('HTTP_'.strtoupper(str_replace('-', '_', $name)));
  61                 }
  62             }
  63         }
  64
  65         // compute trusted values, taking any trusted proxies into account
  66         $trustedIps = array();
  67         $trustedValues = array();
  68         foreach (array_reverse($request->getClientIps()) as $ip) {
  69             $trustedIps[] = $ip;
  70             $trustedValues[] = sprintf('for="%s"', $ip);
  71         }
  72         if ($ip !== $remoteAddr) {
  73             $trustedIps[] = $remoteAddr;
  74             $trustedValues[] = sprintf('for="%s"', $remoteAddr);
  75         }
  76
  77         // set trusted values, reusing as much as possible the global trusted settings
  78         if (Request::HEADER_FORWARDED & $trustedHeaderSet) {
  79             $trustedValues[0] .= sprintf(';host="%s";proto=%s', $request->getHttpHost(), $request->getScheme());
  80             $request->headers->set($name = $trustedHeaders[Request::HEADER_FORWARDED], $v = implode(', ', $trustedValues));
  81             $request->server->set('HTTP_'.strtoupper(str_replace('-', '_', $name)), $v);
  82         }
  83         if (Request::HEADER_X_FORWARDED_FOR & $trustedHeaderSet) {
  84             $request->headers->set($name = $trustedHeaders[Request::HEADER_X_FORWARDED_FOR], $v = implode(', ', $trustedIps));
  85             $request->server->set('HTTP_'.strtoupper(str_replace('-', '_', $name)), $v);
  86         } elseif (!(Request::HEADER_FORWARDED & $trustedHeaderSet)) {
  87             Request::setTrustedProxies($trustedProxies, $trustedHeaderSet | Request::HEADER_X_FORWARDED_FOR);
  88             $request->headers->set($name = $trustedHeaders[Request::HEADER_X_FORWARDED_FOR], $v = implode(', ', $trustedIps));
  89             $request->server->set('HTTP_'.strtoupper(str_replace('-', '_', $name)), $v);
  90         }
  91
  92         // fix the client IP address by setting it to 127.0.0.1,
  93         // which is the core responsibility of this method
  94         $request->server->set('REMOTE_ADDR', '127.0.0.1');
  95
  96         // ensure 127.0.0.1 is set as trusted proxy
  97         if (!IpUtils::checkIp('127.0.0.1', $trustedProxies)) {
  98             Request::setTrustedProxies(array_merge($trustedProxies, array('127.0.0.1')), Request::getTrustedHeaderSet());
  99         }
 100
 101         try {
 102             return $kernel->handle($request, $type, $catch);
 103         } finally {
 104             // restore global state
 105             Request::setTrustedProxies($trustedProxies, $trustedHeaderSet);
 106         }
 107     }
 108 }