// stores the Content-Type and Content-Length header values in
// HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH fields.
$server = $_SERVER;
- if ('cli-server' === PHP_SAPI) {
+ if ('cli-server' === \PHP_SAPI) {
if (array_key_exists('HTTP_CONTENT_LENGTH', $_SERVER)) {
$server['CONTENT_LENGTH'] = $_SERVER['HTTP_CONTENT_LENGTH'];
}
$request = self::createRequestFromFactory($_GET, $_POST, array(), $_COOKIE, $_FILES, $server);
if (0 === strpos($request->headers->get('CONTENT_TYPE'), 'application/x-www-form-urlencoded')
- && in_array(strtoupper($request->server->get('REQUEST_METHOD', 'GET')), array('PUT', 'DELETE', 'PATCH'))
+ && \in_array(strtoupper($request->server->get('REQUEST_METHOD', 'GET')), array('PUT', 'DELETE', 'PATCH'))
) {
parse_str($request->getContent(), $data);
$request->request = new ParameterBag($data);
if (isset($components['port'])) {
$server['SERVER_PORT'] = $components['port'];
- $server['HTTP_HOST'] = $server['HTTP_HOST'].':'.$components['port'];
+ $server['HTTP_HOST'] .= ':'.$components['port'];
}
if (isset($components['user'])) {
foreach ($this->headers->all() as $key => $value) {
$key = strtoupper(str_replace('-', '_', $key));
- if (in_array($key, array('CONTENT_TYPE', 'CONTENT_LENGTH'))) {
+ if (\in_array($key, array('CONTENT_TYPE', 'CONTENT_LENGTH'))) {
$_SERVER[$key] = implode(', ', $value);
} else {
$_SERVER['HTTP_'.$key] = implode(', ', $value);
{
self::$trustedProxies = $proxies;
- if (2 > func_num_args()) {
+ if (2 > \func_num_args()) {
@trigger_error(sprintf('The %s() method expects a bit field of Request::HEADER_* as second argument since Symfony 3.3. Defining it will be required in 4.0. ', __METHOD__), E_USER_DEPRECATED);
return;
*/
public static function getTrustedHeaderName($key)
{
- if (2 > func_num_args() || func_get_arg(1)) {
+ if (2 > \func_num_args() || func_get_arg(1)) {
@trigger_error(sprintf('The "%s()" method is deprecated since Symfony 3.3 and will be removed in 4.0. Use the Request::getTrustedHeaderSet() method instead.', __METHOD__), E_USER_DEPRECATED);
}
}
$sourceDirs = explode('/', isset($basePath[0]) && '/' === $basePath[0] ? substr($basePath, 1) : $basePath);
- $targetDirs = explode('/', isset($path[0]) && '/' === $path[0] ? substr($path, 1) : $path);
+ $targetDirs = explode('/', substr($path, 1));
array_pop($sourceDirs);
$targetFile = array_pop($targetDirs);
}
$targetDirs[] = $targetFile;
- $path = str_repeat('../', count($sourceDirs)).implode('/', $targetDirs);
+ $path = str_repeat('../', \count($sourceDirs)).implode('/', $targetDirs);
// A reference to the same base directory or an empty subdirectory must be prefixed with "./".
// This also applies to a segment with a colon character (e.g., "file:colon") that cannot be used
public function isSecure()
{
if ($this->isFromTrustedProxy() && $proto = $this->getTrustedValues(self::HEADER_CLIENT_PROTO)) {
- return in_array(strtolower($proto[0]), array('https', 'on', 'ssl', '1'), true);
+ return \in_array(strtolower($proto[0]), array('https', 'on', 'ssl', '1'), true);
}
$https = $this->server->get('HTTPS');
throw new SuspiciousOperationException(sprintf('Invalid Host "%s".', $host));
}
- if (count(self::$trustedHostPatterns) > 0) {
+ if (\count(self::$trustedHostPatterns) > 0) {
// to avoid host header injection attacks, you should provide a list of trusted host patterns
- if (in_array($host, self::$trustedHosts)) {
+ if (\in_array($host, self::$trustedHosts)) {
return $host;
}
if ($method = $this->headers->get('X-HTTP-METHOD-OVERRIDE')) {
$this->method = strtoupper($method);
} elseif (self::$httpMethodParameterOverride) {
- $this->method = strtoupper($this->request->get('_method', $this->query->get('_method', 'POST')));
+ $method = $this->request->get('_method', $this->query->get('_method', 'POST'));
+ if (\is_string($method)) {
+ $this->method = strtoupper($method);
+ }
}
}
}
}
foreach (static::$formats as $format => $mimeTypes) {
- if (in_array($mimeType, (array) $mimeTypes)) {
+ if (\in_array($mimeType, (array) $mimeTypes)) {
return $format;
}
- if (null !== $canonicalMimeType && in_array($canonicalMimeType, (array) $mimeTypes)) {
+ if (null !== $canonicalMimeType && \in_array($canonicalMimeType, (array) $mimeTypes)) {
return $format;
}
}
static::initializeFormats();
}
- static::$formats[$format] = is_array($mimeTypes) ? $mimeTypes : array($mimeTypes);
+ static::$formats[$format] = \is_array($mimeTypes) ? $mimeTypes : array($mimeTypes);
}
/**
* * _format request attribute
* * $default
*
- * @param string $default The default format
+ * @param string|null $default The default format
*
* @return string The request format
*/
*/
public function isMethodSafe(/* $andCacheable = true */)
{
- if (!func_num_args() || func_get_arg(0)) {
+ if (!\func_num_args() || func_get_arg(0)) {
// This deprecation should be turned into a BadMethodCallException in 4.0 (without adding the argument in the signature)
// then setting $andCacheable to false should be deprecated in 4.1
@trigger_error('Checking only for cacheable HTTP methods with Symfony\Component\HttpFoundation\Request::isMethodSafe() is deprecated since Symfony 3.2 and will throw an exception in 4.0. Disable checking only for cacheable methods by calling the method with `false` as first argument or use the Request::isMethodCacheable() instead.', E_USER_DEPRECATED);
- return in_array($this->getMethod(), array('GET', 'HEAD'));
+ return \in_array($this->getMethod(), array('GET', 'HEAD'));
}
- return in_array($this->getMethod(), array('GET', 'HEAD', 'OPTIONS', 'TRACE'));
+ return \in_array($this->getMethod(), array('GET', 'HEAD', 'OPTIONS', 'TRACE'));
}
/**
*/
public function isMethodIdempotent()
{
- return in_array($this->getMethod(), array('HEAD', 'GET', 'PUT', 'DELETE', 'TRACE', 'OPTIONS', 'PURGE'));
+ return \in_array($this->getMethod(), array('HEAD', 'GET', 'PUT', 'DELETE', 'TRACE', 'OPTIONS', 'PURGE'));
}
/**
*/
public function isMethodCacheable()
{
- return in_array($this->getMethod(), array('GET', 'HEAD'));
+ return \in_array($this->getMethod(), array('GET', 'HEAD'));
}
/**
*/
public function getContent($asResource = false)
{
- $currentContentIsResource = is_resource($this->content);
+ $currentContentIsResource = \is_resource($this->content);
if (\PHP_VERSION_ID < 50600 && false === $this->content) {
throw new \LogicException('getContent() can only be called once when using the resource return type and PHP below 5.6.');
}
}
// Content passed in parameter (test)
- if (is_string($this->content)) {
+ if (\is_string($this->content)) {
$resource = fopen('php://temp', 'r+');
fwrite($resource, $this->content);
rewind($resource);
$extendedPreferredLanguages[] = $language;
if (false !== $position = strpos($language, '_')) {
$superLanguage = substr($language, 0, $position);
- if (!in_array($superLanguage, $preferredLanguages)) {
+ if (!\in_array($superLanguage, $preferredLanguages)) {
$extendedPreferredLanguages[] = $superLanguage;
}
}
// Language not listed in ISO 639 that are not variants
// of any listed language, which can be registered with the
// i-prefix, such as i-cherokee
- if (count($codes) > 1) {
+ if (\count($codes) > 1) {
$lang = $codes[1];
}
} else {
- for ($i = 0, $max = count($codes); $i < $max; ++$i) {
+ for ($i = 0, $max = \count($codes); $i < $max; ++$i) {
if (0 === $i) {
$lang = strtolower($codes[0]);
} else {
{
$requestUri = '';
- if ($this->headers->has('X_ORIGINAL_URL')) {
- // IIS with Microsoft Rewrite Module
- $requestUri = $this->headers->get('X_ORIGINAL_URL');
- $this->headers->remove('X_ORIGINAL_URL');
- $this->server->remove('HTTP_X_ORIGINAL_URL');
- $this->server->remove('UNENCODED_URL');
- $this->server->remove('IIS_WasUrlRewritten');
- } elseif ($this->headers->has('X_REWRITE_URL')) {
- // IIS with ISAPI_Rewrite
- $requestUri = $this->headers->get('X_REWRITE_URL');
- $this->headers->remove('X_REWRITE_URL');
- } elseif ('1' == $this->server->get('IIS_WasUrlRewritten') && '' != $this->server->get('UNENCODED_URL')) {
+ if ('1' == $this->server->get('IIS_WasUrlRewritten') && '' != $this->server->get('UNENCODED_URL')) {
// IIS7 with URL Rewrite: make sure we get the unencoded URL (double slash problem)
$requestUri = $this->server->get('UNENCODED_URL');
$this->server->remove('UNENCODED_URL');
// HTTP proxy reqs setup request URI with scheme and host [and port] + the URL path, only use URL path
$schemeAndHttpHost = $this->getSchemeAndHttpHost();
if (0 === strpos($requestUri, $schemeAndHttpHost)) {
- $requestUri = substr($requestUri, strlen($schemeAndHttpHost));
+ $requestUri = substr($requestUri, \strlen($schemeAndHttpHost));
}
} elseif ($this->server->has('ORIG_PATH_INFO')) {
// IIS 5.0, PHP as CGI
$segs = explode('/', trim($file, '/'));
$segs = array_reverse($segs);
$index = 0;
- $last = count($segs);
+ $last = \count($segs);
$baseUrl = '';
do {
$seg = $segs[$index];
return $prefix;
}
- if ($baseUrl && false !== $prefix = $this->getUrlencodedPrefix($requestUri, rtrim(dirname($baseUrl), '/'.DIRECTORY_SEPARATOR).'/')) {
+ if ($baseUrl && false !== $prefix = $this->getUrlencodedPrefix($requestUri, rtrim(\dirname($baseUrl), '/'.\DIRECTORY_SEPARATOR).'/')) {
// directory portion of $baseUrl matches
- return rtrim($prefix, '/'.DIRECTORY_SEPARATOR);
+ return rtrim($prefix, '/'.\DIRECTORY_SEPARATOR);
}
$truncatedRequestUri = $requestUri;
// If using mod_rewrite or ISAPI_Rewrite strip the script filename
// out of baseUrl. $pos !== 0 makes sure it is not matching a value
// from PATH_INFO or QUERY_STRING
- if (strlen($requestUri) >= strlen($baseUrl) && (false !== $pos = strpos($requestUri, $baseUrl)) && 0 !== $pos) {
- $baseUrl = substr($requestUri, 0, $pos + strlen($baseUrl));
+ if (\strlen($requestUri) >= \strlen($baseUrl) && (false !== $pos = strpos($requestUri, $baseUrl)) && 0 !== $pos) {
+ $baseUrl = substr($requestUri, 0, $pos + \strlen($baseUrl));
}
- return rtrim($baseUrl, '/'.DIRECTORY_SEPARATOR);
+ return rtrim($baseUrl, '/'.\DIRECTORY_SEPARATOR);
}
/**
$filename = basename($this->server->get('SCRIPT_FILENAME'));
if (basename($baseUrl) === $filename) {
- $basePath = dirname($baseUrl);
+ $basePath = \dirname($baseUrl);
} else {
$basePath = $baseUrl;
}
- if ('\\' === DIRECTORY_SEPARATOR) {
+ if ('\\' === \DIRECTORY_SEPARATOR) {
$basePath = str_replace('\\', '/', $basePath);
}
return $requestUri;
}
- $pathInfo = substr($requestUri, strlen($baseUrl));
+ $pathInfo = substr($requestUri, \strlen($baseUrl));
if (false === $pathInfo || '' === $pathInfo) {
// If substr() returns false then PATH_INFO is set to an empty string
return '/';
return false;
}
- $len = strlen($prefix);
+ $len = \strlen($prefix);
if (preg_match(sprintf('#^(%%[[:xdigit:]]{2}|.){%d}#', $len), $string, $match)) {
return $match[0];
private static function createRequestFromFactory(array $query = array(), array $request = array(), array $attributes = array(), array $cookies = array(), array $files = array(), array $server = array(), $content = null)
{
if (self::$requestFactory) {
- $request = call_user_func(self::$requestFactory, $query, $request, $attributes, $cookies, $files, $server, $content);
+ $request = \call_user_func(self::$requestFactory, $query, $request, $attributes, $cookies, $files, $server, $content);
if (!$request instanceof self) {
throw new \LogicException('The Request factory must return an instance of Symfony\Component\HttpFoundation\Request.');
if (self::$trustedHeaders[self::HEADER_FORWARDED] && $this->headers->has(self::$trustedHeaders[self::HEADER_FORWARDED])) {
$forwardedValues = $this->headers->get(self::$trustedHeaders[self::HEADER_FORWARDED]);
- $forwardedValues = preg_match_all(sprintf('{(?:%s)=(?:"?\[?)([a-zA-Z0-9\.:_\-/]*+)}', self::$forwardedParams[$type]), $forwardedValues, $matches) ? $matches[1] : array();
+ $forwardedValues = preg_match_all(sprintf('{(?:%s)="?([a-zA-Z0-9\.:_\-/\[\]]*+)}', self::$forwardedParams[$type]), $forwardedValues, $matches) ? $matches[1] : array();
+ if (self::HEADER_CLIENT_PORT === $type) {
+ foreach ($forwardedValues as $k => $v) {
+ if (']' === substr($v, -1) || false === $v = strrchr($v, ':')) {
+ $v = $this->isSecure() ? ':443' : ':80';
+ }
+ $forwardedValues[$k] = '0.0.0.0'.$v;
+ }
+ }
}
if (null !== $ip) {
$firstTrustedIp = null;
foreach ($clientIps as $key => $clientIp) {
- // Remove port (unfortunately, it does happen)
- if (preg_match('{((?:\d+\.){3}\d+)\:\d+}', $clientIp, $match)) {
- $clientIps[$key] = $clientIp = $match[1];
+ if (strpos($clientIp, '.')) {
+ // Strip :port from IPv4 addresses. This is allowed in Forwarded
+ // and may occur in X-Forwarded-For.
+ $i = strpos($clientIp, ':');
+ if ($i) {
+ $clientIps[$key] = $clientIp = substr($clientIp, 0, $i);
+ }
+ } elseif (0 === strpos($clientIp, '[')) {
+ // Strip brackets and :port from IPv6 addresses.
+ $i = strpos($clientIp, ']', 1);
+ $clientIps[$key] = $clientIp = substr($clientIp, 1, $i - 1);
}
if (!filter_var($clientIp, FILTER_VALIDATE_IP)) {