AbstractSurrogate.php
1 year ago
Esi.php
1 year ago
HttpCache.php
1 year ago
ResponseCacheStrategy.php
1 year ago
ResponseCacheStrategyInterface.php
2 years ago
Ssi.php
1 year ago
Store.php
1 year ago
StoreInterface.php
2 years ago
SubRequestHandler.php
2 years ago
SurrogateInterface.php
1 year ago
SubRequestHandler.php
78 lines
| 1 | <?php |
| 2 | |
| 3 | /* |
| 4 | * This file is part of the Symfony package. |
| 5 | * |
| 6 | * (c) Fabien Potencier <fabien@symfony.com> |
| 7 | * |
| 8 | * For the full copyright and license information, please view the LICENSE |
| 9 | * file that was distributed with this source code. |
| 10 | */ |
| 11 | namespace Matomo\Dependencies\Symfony\Component\HttpKernel\HttpCache; |
| 12 | |
| 13 | use Matomo\Dependencies\Symfony\Component\HttpFoundation\IpUtils; |
| 14 | use Matomo\Dependencies\Symfony\Component\HttpFoundation\Request; |
| 15 | use Matomo\Dependencies\Symfony\Component\HttpFoundation\Response; |
| 16 | use Matomo\Dependencies\Symfony\Component\HttpKernel\HttpKernelInterface; |
| 17 | /** |
| 18 | * @author Nicolas Grekas <p@tchwork.com> |
| 19 | * |
| 20 | * @internal |
| 21 | */ |
| 22 | class SubRequestHandler |
| 23 | { |
| 24 | public static function handle(HttpKernelInterface $kernel, Request $request, int $type, bool $catch) : Response |
| 25 | { |
| 26 | // save global state related to trusted headers and proxies |
| 27 | $trustedProxies = Request::getTrustedProxies(); |
| 28 | $trustedHeaderSet = Request::getTrustedHeaderSet(); |
| 29 | // remove untrusted values |
| 30 | $remoteAddr = $request->server->get('REMOTE_ADDR'); |
| 31 | if (!$remoteAddr || !IpUtils::checkIp($remoteAddr, $trustedProxies)) { |
| 32 | $trustedHeaders = ['FORWARDED' => $trustedHeaderSet & Request::HEADER_FORWARDED, 'X_FORWARDED_FOR' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_FOR, 'X_FORWARDED_HOST' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_HOST, 'X_FORWARDED_PROTO' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_PROTO, 'X_FORWARDED_PORT' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_PORT, 'X_FORWARDED_PREFIX' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_PREFIX]; |
| 33 | foreach (array_filter($trustedHeaders) as $name => $key) { |
| 34 | $request->headers->remove($name); |
| 35 | $request->server->remove('HTTP_' . $name); |
| 36 | } |
| 37 | } |
| 38 | // compute trusted values, taking any trusted proxies into account |
| 39 | $trustedIps = []; |
| 40 | $trustedValues = []; |
| 41 | foreach (array_reverse($request->getClientIps()) as $ip) { |
| 42 | $trustedIps[] = $ip; |
| 43 | $trustedValues[] = sprintf('for="%s"', $ip); |
| 44 | } |
| 45 | if ($ip !== $remoteAddr) { |
| 46 | $trustedIps[] = $remoteAddr; |
| 47 | $trustedValues[] = sprintf('for="%s"', $remoteAddr); |
| 48 | } |
| 49 | // set trusted values, reusing as much as possible the global trusted settings |
| 50 | if (Request::HEADER_FORWARDED & $trustedHeaderSet) { |
| 51 | $trustedValues[0] .= sprintf(';host="%s";proto=%s', $request->getHttpHost(), $request->getScheme()); |
| 52 | $request->headers->set('Forwarded', $v = implode(', ', $trustedValues)); |
| 53 | $request->server->set('HTTP_FORWARDED', $v); |
| 54 | } |
| 55 | if (Request::HEADER_X_FORWARDED_FOR & $trustedHeaderSet) { |
| 56 | $request->headers->set('X-Forwarded-For', $v = implode(', ', $trustedIps)); |
| 57 | $request->server->set('HTTP_X_FORWARDED_FOR', $v); |
| 58 | } elseif (!(Request::HEADER_FORWARDED & $trustedHeaderSet)) { |
| 59 | Request::setTrustedProxies($trustedProxies, $trustedHeaderSet | Request::HEADER_X_FORWARDED_FOR); |
| 60 | $request->headers->set('X-Forwarded-For', $v = implode(', ', $trustedIps)); |
| 61 | $request->server->set('HTTP_X_FORWARDED_FOR', $v); |
| 62 | } |
| 63 | // fix the client IP address by setting it to 127.0.0.1, |
| 64 | // which is the core responsibility of this method |
| 65 | $request->server->set('REMOTE_ADDR', '127.0.0.1'); |
| 66 | // ensure 127.0.0.1 is set as trusted proxy |
| 67 | if (!IpUtils::checkIp('127.0.0.1', $trustedProxies)) { |
| 68 | Request::setTrustedProxies(array_merge($trustedProxies, ['127.0.0.1']), Request::getTrustedHeaderSet()); |
| 69 | } |
| 70 | try { |
| 71 | return $kernel->handle($request, $type, $catch); |
| 72 | } finally { |
| 73 | // restore global state |
| 74 | Request::setTrustedProxies($trustedProxies, $trustedHeaderSet); |
| 75 | } |
| 76 | } |
| 77 | } |
| 78 |