X-Git-Url: http://aleph1.co.uk/gitweb/?a=blobdiff_plain;f=vendor%2Fsymfony%2Fhttp-foundation%2FRequest.php;h=e84e0ba6e5c1ecfa7eef6bfcf99e2057c277c3e3;hb=4e1bfbf98b844da83b18aca92ef00f11a4735806;hp=da17df90aa9695fb242e1e63322ce2ab8857e60b;hpb=9e65bae52407293a5182f19dc57b5628b09e92f4;p=yaffs-website diff --git a/vendor/symfony/http-foundation/Request.php b/vendor/symfony/http-foundation/Request.php index da17df90a..e84e0ba6e 100644 --- a/vendor/symfony/http-foundation/Request.php +++ b/vendor/symfony/http-foundation/Request.php @@ -302,7 +302,7 @@ class Request // stores the Content-Type and Content-Length header values in // HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH fields. $server = $_SERVER; - if ('cli-server' === PHP_SAPI) { + if ('cli-server' === \PHP_SAPI) { if (array_key_exists('HTTP_CONTENT_LENGTH', $_SERVER)) { $server['CONTENT_LENGTH'] = $_SERVER['HTTP_CONTENT_LENGTH']; } @@ -314,7 +314,7 @@ class Request $request = self::createRequestFromFactory($_GET, $_POST, array(), $_COOKIE, $_FILES, $server); if (0 === strpos($request->headers->get('CONTENT_TYPE'), 'application/x-www-form-urlencoded') - && in_array(strtoupper($request->server->get('REQUEST_METHOD', 'GET')), array('PUT', 'DELETE', 'PATCH')) + && \in_array(strtoupper($request->server->get('REQUEST_METHOD', 'GET')), array('PUT', 'DELETE', 'PATCH')) ) { parse_str($request->getContent(), $data); $request->request = new ParameterBag($data); @@ -377,7 +377,7 @@ class Request if (isset($components['port'])) { $server['SERVER_PORT'] = $components['port']; - $server['HTTP_HOST'] = $server['HTTP_HOST'].':'.$components['port']; + $server['HTTP_HOST'] .= ':'.$components['port']; } if (isset($components['user'])) { @@ -566,7 +566,7 @@ class Request foreach ($this->headers->all() as $key => $value) { $key = strtoupper(str_replace('-', '_', $key)); - if (in_array($key, array('CONTENT_TYPE', 'CONTENT_LENGTH'))) { + if (\in_array($key, array('CONTENT_TYPE', 'CONTENT_LENGTH'))) { $_SERVER[$key] = implode(', ', $value); } else { $_SERVER['HTTP_'.$key] = implode(', ', $value); @@ -598,7 +598,7 @@ class Request { self::$trustedProxies = $proxies; - if (2 > func_num_args()) { + if (2 > \func_num_args()) { @trigger_error(sprintf('The %s() method expects a bit field of Request::HEADER_* as second argument since Symfony 3.3. Defining it will be required in 4.0. ', __METHOD__), E_USER_DEPRECATED); return; @@ -718,7 +718,7 @@ class Request */ public static function getTrustedHeaderName($key) { - if (2 > func_num_args() || func_get_arg(1)) { + if (2 > \func_num_args() || func_get_arg(1)) { @trigger_error(sprintf('The "%s()" method is deprecated since Symfony 3.3 and will be removed in 4.0. Use the Request::getTrustedHeaderSet() method instead.', __METHOD__), E_USER_DEPRECATED); } @@ -1186,7 +1186,7 @@ class Request } $sourceDirs = explode('/', isset($basePath[0]) && '/' === $basePath[0] ? substr($basePath, 1) : $basePath); - $targetDirs = explode('/', isset($path[0]) && '/' === $path[0] ? substr($path, 1) : $path); + $targetDirs = explode('/', substr($path, 1)); array_pop($sourceDirs); $targetFile = array_pop($targetDirs); @@ -1199,7 +1199,7 @@ class Request } $targetDirs[] = $targetFile; - $path = str_repeat('../', count($sourceDirs)).implode('/', $targetDirs); + $path = str_repeat('../', \count($sourceDirs)).implode('/', $targetDirs); // A reference to the same base directory or an empty subdirectory must be prefixed with "./". // This also applies to a segment with a colon character (e.g., "file:colon") that cannot be used @@ -1242,7 +1242,7 @@ class Request public function isSecure() { if ($this->isFromTrustedProxy() && $proto = $this->getTrustedValues(self::HEADER_CLIENT_PROTO)) { - return in_array(strtolower($proto[0]), array('https', 'on', 'ssl', '1'), true); + return \in_array(strtolower($proto[0]), array('https', 'on', 'ssl', '1'), true); } $https = $this->server->get('HTTPS'); @@ -1292,10 +1292,10 @@ class Request throw new SuspiciousOperationException(sprintf('Invalid Host "%s".', $host)); } - if (count(self::$trustedHostPatterns) > 0) { + if (\count(self::$trustedHostPatterns) > 0) { // to avoid host header injection attacks, you should provide a list of trusted host patterns - if (in_array($host, self::$trustedHosts)) { + if (\in_array($host, self::$trustedHosts)) { return $host; } @@ -1353,7 +1353,10 @@ class Request if ($method = $this->headers->get('X-HTTP-METHOD-OVERRIDE')) { $this->method = strtoupper($method); } elseif (self::$httpMethodParameterOverride) { - $this->method = strtoupper($this->request->get('_method', $this->query->get('_method', 'POST'))); + $method = $this->request->get('_method', $this->query->get('_method', 'POST')); + if (\is_string($method)) { + $this->method = strtoupper($method); + } } } } @@ -1424,10 +1427,10 @@ class Request } foreach (static::$formats as $format => $mimeTypes) { - if (in_array($mimeType, (array) $mimeTypes)) { + if (\in_array($mimeType, (array) $mimeTypes)) { return $format; } - if (null !== $canonicalMimeType && in_array($canonicalMimeType, (array) $mimeTypes)) { + if (null !== $canonicalMimeType && \in_array($canonicalMimeType, (array) $mimeTypes)) { return $format; } } @@ -1445,7 +1448,7 @@ class Request static::initializeFormats(); } - static::$formats[$format] = is_array($mimeTypes) ? $mimeTypes : array($mimeTypes); + static::$formats[$format] = \is_array($mimeTypes) ? $mimeTypes : array($mimeTypes); } /** @@ -1457,7 +1460,7 @@ class Request * * _format request attribute * * $default * - * @param string $default The default format + * @param string|null $default The default format * * @return string The request format */ @@ -1557,15 +1560,15 @@ class Request */ public function isMethodSafe(/* $andCacheable = true */) { - if (!func_num_args() || func_get_arg(0)) { + if (!\func_num_args() || func_get_arg(0)) { // This deprecation should be turned into a BadMethodCallException in 4.0 (without adding the argument in the signature) // then setting $andCacheable to false should be deprecated in 4.1 @trigger_error('Checking only for cacheable HTTP methods with Symfony\Component\HttpFoundation\Request::isMethodSafe() is deprecated since Symfony 3.2 and will throw an exception in 4.0. Disable checking only for cacheable methods by calling the method with `false` as first argument or use the Request::isMethodCacheable() instead.', E_USER_DEPRECATED); - return in_array($this->getMethod(), array('GET', 'HEAD')); + return \in_array($this->getMethod(), array('GET', 'HEAD')); } - return in_array($this->getMethod(), array('GET', 'HEAD', 'OPTIONS', 'TRACE')); + return \in_array($this->getMethod(), array('GET', 'HEAD', 'OPTIONS', 'TRACE')); } /** @@ -1575,7 +1578,7 @@ class Request */ public function isMethodIdempotent() { - return in_array($this->getMethod(), array('HEAD', 'GET', 'PUT', 'DELETE', 'TRACE', 'OPTIONS', 'PURGE')); + return \in_array($this->getMethod(), array('HEAD', 'GET', 'PUT', 'DELETE', 'TRACE', 'OPTIONS', 'PURGE')); } /** @@ -1587,7 +1590,7 @@ class Request */ public function isMethodCacheable() { - return in_array($this->getMethod(), array('GET', 'HEAD')); + return \in_array($this->getMethod(), array('GET', 'HEAD')); } /** @@ -1625,7 +1628,7 @@ class Request */ public function getContent($asResource = false) { - $currentContentIsResource = is_resource($this->content); + $currentContentIsResource = \is_resource($this->content); if (\PHP_VERSION_ID < 50600 && false === $this->content) { throw new \LogicException('getContent() can only be called once when using the resource return type and PHP below 5.6.'); } @@ -1638,7 +1641,7 @@ class Request } // Content passed in parameter (test) - if (is_string($this->content)) { + if (\is_string($this->content)) { $resource = fopen('php://temp', 'r+'); fwrite($resource, $this->content); rewind($resource); @@ -1706,7 +1709,7 @@ class Request $extendedPreferredLanguages[] = $language; if (false !== $position = strpos($language, '_')) { $superLanguage = substr($language, 0, $position); - if (!in_array($superLanguage, $preferredLanguages)) { + if (!\in_array($superLanguage, $preferredLanguages)) { $extendedPreferredLanguages[] = $superLanguage; } } @@ -1737,11 +1740,11 @@ class Request // Language not listed in ISO 639 that are not variants // of any listed language, which can be registered with the // i-prefix, such as i-cherokee - if (count($codes) > 1) { + if (\count($codes) > 1) { $lang = $codes[1]; } } else { - for ($i = 0, $max = count($codes); $i < $max; ++$i) { + for ($i = 0, $max = \count($codes); $i < $max; ++$i) { if (0 === $i) { $lang = strtolower($codes[0]); } else { @@ -1826,18 +1829,7 @@ class Request { $requestUri = ''; - if ($this->headers->has('X_ORIGINAL_URL')) { - // IIS with Microsoft Rewrite Module - $requestUri = $this->headers->get('X_ORIGINAL_URL'); - $this->headers->remove('X_ORIGINAL_URL'); - $this->server->remove('HTTP_X_ORIGINAL_URL'); - $this->server->remove('UNENCODED_URL'); - $this->server->remove('IIS_WasUrlRewritten'); - } elseif ($this->headers->has('X_REWRITE_URL')) { - // IIS with ISAPI_Rewrite - $requestUri = $this->headers->get('X_REWRITE_URL'); - $this->headers->remove('X_REWRITE_URL'); - } elseif ('1' == $this->server->get('IIS_WasUrlRewritten') && '' != $this->server->get('UNENCODED_URL')) { + if ('1' == $this->server->get('IIS_WasUrlRewritten') && '' != $this->server->get('UNENCODED_URL')) { // IIS7 with URL Rewrite: make sure we get the unencoded URL (double slash problem) $requestUri = $this->server->get('UNENCODED_URL'); $this->server->remove('UNENCODED_URL'); @@ -1847,7 +1839,7 @@ class Request // HTTP proxy reqs setup request URI with scheme and host [and port] + the URL path, only use URL path $schemeAndHttpHost = $this->getSchemeAndHttpHost(); if (0 === strpos($requestUri, $schemeAndHttpHost)) { - $requestUri = substr($requestUri, strlen($schemeAndHttpHost)); + $requestUri = substr($requestUri, \strlen($schemeAndHttpHost)); } } elseif ($this->server->has('ORIG_PATH_INFO')) { // IIS 5.0, PHP as CGI @@ -1887,7 +1879,7 @@ class Request $segs = explode('/', trim($file, '/')); $segs = array_reverse($segs); $index = 0; - $last = count($segs); + $last = \count($segs); $baseUrl = ''; do { $seg = $segs[$index]; @@ -1907,9 +1899,9 @@ class Request return $prefix; } - if ($baseUrl && false !== $prefix = $this->getUrlencodedPrefix($requestUri, rtrim(dirname($baseUrl), '/'.DIRECTORY_SEPARATOR).'/')) { + if ($baseUrl && false !== $prefix = $this->getUrlencodedPrefix($requestUri, rtrim(\dirname($baseUrl), '/'.\DIRECTORY_SEPARATOR).'/')) { // directory portion of $baseUrl matches - return rtrim($prefix, '/'.DIRECTORY_SEPARATOR); + return rtrim($prefix, '/'.\DIRECTORY_SEPARATOR); } $truncatedRequestUri = $requestUri; @@ -1926,11 +1918,11 @@ class Request // If using mod_rewrite or ISAPI_Rewrite strip the script filename // out of baseUrl. $pos !== 0 makes sure it is not matching a value // from PATH_INFO or QUERY_STRING - if (strlen($requestUri) >= strlen($baseUrl) && (false !== $pos = strpos($requestUri, $baseUrl)) && 0 !== $pos) { - $baseUrl = substr($requestUri, 0, $pos + strlen($baseUrl)); + if (\strlen($requestUri) >= \strlen($baseUrl) && (false !== $pos = strpos($requestUri, $baseUrl)) && 0 !== $pos) { + $baseUrl = substr($requestUri, 0, $pos + \strlen($baseUrl)); } - return rtrim($baseUrl, '/'.DIRECTORY_SEPARATOR); + return rtrim($baseUrl, '/'.\DIRECTORY_SEPARATOR); } /** @@ -1947,12 +1939,12 @@ class Request $filename = basename($this->server->get('SCRIPT_FILENAME')); if (basename($baseUrl) === $filename) { - $basePath = dirname($baseUrl); + $basePath = \dirname($baseUrl); } else { $basePath = $baseUrl; } - if ('\\' === DIRECTORY_SEPARATOR) { + if ('\\' === \DIRECTORY_SEPARATOR) { $basePath = str_replace('\\', '/', $basePath); } @@ -1982,7 +1974,7 @@ class Request return $requestUri; } - $pathInfo = substr($requestUri, strlen($baseUrl)); + $pathInfo = substr($requestUri, \strlen($baseUrl)); if (false === $pathInfo || '' === $pathInfo) { // If substr() returns false then PATH_INFO is set to an empty string return '/'; @@ -2044,7 +2036,7 @@ class Request return false; } - $len = strlen($prefix); + $len = \strlen($prefix); if (preg_match(sprintf('#^(%%[[:xdigit:]]{2}|.){%d}#', $len), $string, $match)) { return $match[0]; @@ -2056,7 +2048,7 @@ class Request private static function createRequestFromFactory(array $query = array(), array $request = array(), array $attributes = array(), array $cookies = array(), array $files = array(), array $server = array(), $content = null) { if (self::$requestFactory) { - $request = call_user_func(self::$requestFactory, $query, $request, $attributes, $cookies, $files, $server, $content); + $request = \call_user_func(self::$requestFactory, $query, $request, $attributes, $cookies, $files, $server, $content); if (!$request instanceof self) { throw new \LogicException('The Request factory must return an instance of Symfony\Component\HttpFoundation\Request.'); @@ -2094,7 +2086,15 @@ class Request if (self::$trustedHeaders[self::HEADER_FORWARDED] && $this->headers->has(self::$trustedHeaders[self::HEADER_FORWARDED])) { $forwardedValues = $this->headers->get(self::$trustedHeaders[self::HEADER_FORWARDED]); - $forwardedValues = preg_match_all(sprintf('{(?:%s)=(?:"?\[?)([a-zA-Z0-9\.:_\-/]*+)}', self::$forwardedParams[$type]), $forwardedValues, $matches) ? $matches[1] : array(); + $forwardedValues = preg_match_all(sprintf('{(?:%s)="?([a-zA-Z0-9\.:_\-/\[\]]*+)}', self::$forwardedParams[$type]), $forwardedValues, $matches) ? $matches[1] : array(); + if (self::HEADER_CLIENT_PORT === $type) { + foreach ($forwardedValues as $k => $v) { + if (']' === substr($v, -1) || false === $v = strrchr($v, ':')) { + $v = $this->isSecure() ? ':443' : ':80'; + } + $forwardedValues[$k] = '0.0.0.0'.$v; + } + } } if (null !== $ip) { @@ -2127,9 +2127,17 @@ class Request $firstTrustedIp = null; foreach ($clientIps as $key => $clientIp) { - // Remove port (unfortunately, it does happen) - if (preg_match('{((?:\d+\.){3}\d+)\:\d+}', $clientIp, $match)) { - $clientIps[$key] = $clientIp = $match[1]; + if (strpos($clientIp, '.')) { + // Strip :port from IPv4 addresses. This is allowed in Forwarded + // and may occur in X-Forwarded-For. + $i = strpos($clientIp, ':'); + if ($i) { + $clientIps[$key] = $clientIp = substr($clientIp, 0, $i); + } + } elseif (0 === strpos($clientIp, '[')) { + // Strip brackets and :port from IPv6 addresses. + $i = strpos($clientIp, ']', 1); + $clientIps[$key] = $clientIp = substr($clientIp, 1, $i - 1); } if (!filter_var($clientIp, FILTER_VALIDATE_IP)) {