You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

99 lines
3.9 KiB

3 years ago
  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. namespace Symfony\Component\HttpFoundation;
  11. /**
  12. * ServerBag is a container for HTTP headers from the $_SERVER variable.
  13. *
  14. * @author Fabien Potencier <fabien@symfony.com>
  15. * @author Bulat Shakirzyanov <mallluhuct@gmail.com>
  16. * @author Robert Kiss <kepten@gmail.com>
  17. */
  18. class ServerBag extends ParameterBag
  19. {
  20. /**
  21. * Gets the HTTP headers.
  22. *
  23. * @return array
  24. */
  25. public function getHeaders()
  26. {
  27. $headers = [];
  28. foreach ($this->parameters as $key => $value) {
  29. if (0 === strpos($key, 'HTTP_')) {
  30. $headers[substr($key, 5)] = $value;
  31. } elseif (\in_array($key, ['CONTENT_TYPE', 'CONTENT_LENGTH', 'CONTENT_MD5'], true)) {
  32. $headers[$key] = $value;
  33. }
  34. }
  35. if (isset($this->parameters['PHP_AUTH_USER'])) {
  36. $headers['PHP_AUTH_USER'] = $this->parameters['PHP_AUTH_USER'];
  37. $headers['PHP_AUTH_PW'] = $this->parameters['PHP_AUTH_PW'] ?? '';
  38. } else {
  39. /*
  40. * php-cgi under Apache does not pass HTTP Basic user/pass to PHP by default
  41. * For this workaround to work, add these lines to your .htaccess file:
  42. * RewriteCond %{HTTP:Authorization} .+
  43. * RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]
  44. *
  45. * A sample .htaccess file:
  46. * RewriteEngine On
  47. * RewriteCond %{HTTP:Authorization} .+
  48. * RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]
  49. * RewriteCond %{REQUEST_FILENAME} !-f
  50. * RewriteRule ^(.*)$ app.php [QSA,L]
  51. */
  52. $authorizationHeader = null;
  53. if (isset($this->parameters['HTTP_AUTHORIZATION'])) {
  54. $authorizationHeader = $this->parameters['HTTP_AUTHORIZATION'];
  55. } elseif (isset($this->parameters['REDIRECT_HTTP_AUTHORIZATION'])) {
  56. $authorizationHeader = $this->parameters['REDIRECT_HTTP_AUTHORIZATION'];
  57. }
  58. if (null !== $authorizationHeader) {
  59. if (0 === stripos($authorizationHeader, 'basic ')) {
  60. // Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic
  61. $exploded = explode(':', base64_decode(substr($authorizationHeader, 6)), 2);
  62. if (2 == \count($exploded)) {
  63. [$headers['PHP_AUTH_USER'], $headers['PHP_AUTH_PW']] = $exploded;
  64. }
  65. } elseif (empty($this->parameters['PHP_AUTH_DIGEST']) && (0 === stripos($authorizationHeader, 'digest '))) {
  66. // In some circumstances PHP_AUTH_DIGEST needs to be set
  67. $headers['PHP_AUTH_DIGEST'] = $authorizationHeader;
  68. $this->parameters['PHP_AUTH_DIGEST'] = $authorizationHeader;
  69. } elseif (0 === stripos($authorizationHeader, 'bearer ')) {
  70. /*
  71. * XXX: Since there is no PHP_AUTH_BEARER in PHP predefined variables,
  72. * I'll just set $headers['AUTHORIZATION'] here.
  73. * https://php.net/reserved.variables.server
  74. */
  75. $headers['AUTHORIZATION'] = $authorizationHeader;
  76. }
  77. }
  78. }
  79. if (isset($headers['AUTHORIZATION'])) {
  80. return $headers;
  81. }
  82. // PHP_AUTH_USER/PHP_AUTH_PW
  83. if (isset($headers['PHP_AUTH_USER'])) {
  84. $headers['AUTHORIZATION'] = 'Basic '.base64_encode($headers['PHP_AUTH_USER'].':'.$headers['PHP_AUTH_PW']);
  85. } elseif (isset($headers['PHP_AUTH_DIGEST'])) {
  86. $headers['AUTHORIZATION'] = $headers['PHP_AUTH_DIGEST'];
  87. }
  88. return $headers;
  89. }
  90. }