11665283087

Committed 04 Nov 2024 01:32PM UTC coverage: 81.776% (+0.2%) from 81.537%

Build Type

push

github

Committed by

Commit Message

IRequest, IResponse: added typehints, unification (BC break)

Run Details

2 of 2 new or added lines in 1 file covered. (100.0%)

24 existing lines in 2 files now uncovered.

875 of 1070 relevant lines covered (81.78%)

0.82 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.65

/src/Http/RequestFactory.php

<?php

/**
 * This file is part of the Nette Framework (https://nette.org)
 * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
 */

declare(strict_types=1);

namespace Nette\Http;

use Nette;
use Nette\Utils\Arrays;
use Nette\Utils\Strings;


/**
 * HTTP request factory.
 */
class RequestFactory
{
        /** @internal */
        private const ValidChars = '\x09\x0A\x0D\x20-\x7E\xA0-\x{10FFFF}';

        public array $urlFilters = [
                'path' => ['#//#' => '/'], // '%20' => ''
                'url' => [], // '#[.,)]$#D' => ''
        ];

        private bool $binary = false;

        /** @var string[] */
        private array $proxies = [];


        public function setBinary(bool $binary = true): static
        {
                $this->binary = $binary;
                return $this;
        }


        /**
         * @param  string|string[]  $proxy
         */
        public function setProxy($proxy): static
        {
                $this->proxies = (array) $proxy;
                return $this;
        }


        /**
         * Returns new Request instance, using values from superglobals.
         */
        public function fromGlobals(): Request
        {
                $url = new Url;
                $this->getServer($url);
                $this->getPathAndQuery($url);
                [$post, $cookies] = $this->getGetPostCookie($url);
                [$remoteAddr, $remoteHost] = $this->getClient($url);

                return new Request(
                        new UrlScript($url, $this->getScriptPath($url)),
                        $post,
                        $this->getFiles(),
                        $cookies,
                        $this->getHeaders(),
                        $this->getMethod(),
                        $remoteAddr,
                        $remoteHost,
                        fn(): string => file_get_contents('php://input')
                );
        }


        private function getServer(Url $url): void
        {
                $url->setScheme(!empty($_SERVER['HTTPS']) && strcasecmp($_SERVER['HTTPS'], 'off') ? 'https' : 'http');

                if (
                        (isset($_SERVER[$tmp = 'HTTP_HOST']) || isset($_SERVER[$tmp = 'SERVER_NAME']))
                        && ($pair = $this->parseHostAndPort($_SERVER[$tmp]))
                ) {
                        $url->setHost($pair[0]);
                        if (isset($pair[1])) {
                                $url->setPort($pair[1]);
                        } elseif ($tmp === 'SERVER_NAME' && isset($_SERVER['SERVER_PORT'])) {
                                $url->setPort((int) $_SERVER['SERVER_PORT']);
                        }
                }
        }


        private function getPathAndQuery(Url $url): void
        {
                $requestUrl = $_SERVER['REQUEST_URI'] ?? '/';
                $requestUrl = preg_replace('#^\w++://[^/]++#', '', $requestUrl);
                $requestUrl = Strings::replace($requestUrl, $this->urlFilters['url']);

                $tmp = explode('?', $requestUrl, 2);
                $path = Url::unescape($tmp[0], '%/?#');
                $path = Strings::fixEncoding(Strings::replace($path, $this->urlFilters['path']));
                $url->setPath($path);
                $url->setQuery($tmp[1] ?? '');
        }


        private function getScriptPath(Url $url): string
        {
                if (PHP_SAPI === 'cli-server') {
                        return '/';
                }

                $path = $url->getPath();
                $lpath = strtolower($path);
                $script = strtolower($_SERVER['SCRIPT_NAME'] ?? '');
                if ($lpath !== $script) {
                        $max = min(strlen($lpath), strlen($script));
                        for ($i = 0; $i < $max && $lpath[$i] === $script[$i]; $i++);
                        $path = $i
                                ? substr($path, 0, strrpos($path, '/', $i - strlen($path) - 1) + 1)
                                : '/';
                }

                return $path;
        }


        private function getGetPostCookie(Url $url): array
        {
                $useFilter = (!in_array((string) ini_get('filter.default'), ['', 'unsafe_raw'], true) || ini_get('filter.default_flags'));

                $query = $url->getQueryParameters();
                $post = $useFilter
                        ? filter_input_array(INPUT_POST, FILTER_UNSAFE_RAW)
                        : (empty($_POST) ? [] : $_POST);
                $cookies = $useFilter
                        ? filter_input_array(INPUT_COOKIE, FILTER_UNSAFE_RAW)
                        : (empty($_COOKIE) ? [] : $_COOKIE);

                // remove invalid characters
                $reChars = '#^[' . self::ValidChars . ']*+$#Du';
                if (!$this->binary) {
                        $list = [&$query, &$post, &$cookies];
                        foreach ($list as $key => &$val) {
                                foreach ($val as $k => $v) {
                                        if (is_string($k) && (!preg_match($reChars, $k) || preg_last_error())) {
                                                unset($list[$key][$k]);

                                        } elseif (is_array($v)) {
                                                $list[$key][$k] = $v;
                                                $list[] = &$list[$key][$k];

                                        } elseif (is_string($v)) {
                                                $list[$key][$k] = (string) preg_replace('#[^' . self::ValidChars . ']+#u', '', $v);

                                        } else {
                                                throw new Nette\InvalidStateException(sprintf('Invalid value in $_POST/$_COOKIE in key %s, expected string, %s given.', "'$k'", get_debug_type($v)));
                                        }
                                }
                        }

                        unset($list, $key, $val, $k, $v);
                }

                $url->setQuery($query);
                return [$post, $cookies];
        }


        private function getFiles(): array
        {
                $reChars = '#^[' . self::ValidChars . ']*+$#Du';
                $files = [];
                $list = [];
                foreach ($_FILES ?? [] as $k => $v) {
                        if (
                                !is_array($v)
                                || !isset($v['name'], $v['type'], $v['size'], $v['tmp_name'], $v['error'])
                                || (!$this->binary && is_string($k) && (!preg_match($reChars, $k) || preg_last_error()))
                        ) {
                                continue;
                        }

                        $v['@'] = &$files[$k];
                        $list[] = $v;
                }

                // create FileUpload objects
                foreach ($list as &$v) {
                        if (!isset($v['name'])) {
                                continue;

                        } elseif (!is_array($v['name'])) {
                                if (!$this->binary && (!preg_match($reChars, $v['name']) || preg_last_error())) {
                                        $v['name'] = '';
                                }

                                if ($v['error'] !== UPLOAD_ERR_NO_FILE) {
                                        $v['@'] = new FileUpload($v);
                                }

                                continue;
                        }

                        foreach ($v['name'] as $k => $foo) {
                                if (!$this->binary && is_string($k) && (!preg_match($reChars, $k) || preg_last_error())) {
                                        continue;
                                }

                                $list[] = [
                                        'name' => $v['name'][$k],
                                        'type' => $v['type'][$k],
                                        'size' => $v['size'][$k],
                                        'full_path' => $v['full_path'][$k] ?? null,
                                        'tmp_name' => $v['tmp_name'][$k],
                                        'error' => $v['error'][$k],
                                        '@' => &$v['@'][$k],
                                ];
                        }
                }

                return $files;
        }


        private function getHeaders(): array
        {
                if (function_exists('apache_request_headers')) {
                        $headers = apache_request_headers();
                } else {
                        $headers = [];
                        foreach ($_SERVER as $k => $v) {
                                if (strncmp($k, 'HTTP_', 5) === 0) {
                                        $k = substr($k, 5);
                                } elseif (strncmp($k, 'CONTENT_', 8)) {
                                        continue;
                                }

                                $headers[strtr($k, '_', '-')] = $v;
                        }
                }

                if (!isset($headers['Authorization'])) {
                        if (isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
                                $headers['Authorization'] = 'Basic ' . base64_encode($_SERVER['PHP_AUTH_USER'] . ':' . $_SERVER['PHP_AUTH_PW']);
                        } elseif (isset($_SERVER['PHP_AUTH_DIGEST'])) {
                                $headers['Authorization'] = 'Digest ' . $_SERVER['PHP_AUTH_DIGEST'];
                        }
                }

                return $headers;
        }


        private function getMethod(): string
        {
                $method = $_SERVER['REQUEST_METHOD'] ?? 'GET';
                if (
                        $method === 'POST'
                        && preg_match('#^[A-Z]+$#D', $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] ?? '')
                ) {
                        $method = $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'];
                }

                return $method;
        }


        private function getClient(Url $url): array
        {
                $remoteAddr = !empty($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : null;

                // use real client address and host if trusted proxy is used
                $usingTrustedProxy = $remoteAddr && Arrays::some($this->proxies, fn(string $proxy): bool => Helpers::ipMatch($remoteAddr, $proxy));
                if ($usingTrustedProxy) {
                        $remoteHost = null;
                        $remoteAddr = empty($_SERVER['HTTP_FORWARDED'])
                                ? $this->useNonstandardProxy($url)
                                : $this->useForwardedProxy($url);

                } else {
                        $remoteHost = !empty($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : null;
                }

                return [$remoteAddr, $remoteHost];
        }


        private function useForwardedProxy(Url $url): ?string
        {
                $forwardParams = preg_split('/[,;]/', $_SERVER['HTTP_FORWARDED']);
                foreach ($forwardParams as $forwardParam) {
                        [$key, $value] = explode('=', $forwardParam, 2) + [1 => ''];
                        $proxyParams[strtolower(trim($key))][] = trim($value, " \t\"");
                }

                if (isset($proxyParams['for'])) {
                        $address = $proxyParams['for'][0];
                        $remoteAddr = str_contains($address, '[')
                                ? substr($address, 1, strpos($address, ']') - 1) // IPv6
                                : explode(':', $address)[0];  // IPv4
                }

                if (isset($proxyParams['proto']) && count($proxyParams['proto']) === 1) {
                        $url->setScheme(strcasecmp($proxyParams['proto'][0], 'https') === 0 ? 'https' : 'http');
                        $url->setPort($url->getScheme() === 'https' ? 443 : 80);
                }

                if (
                        isset($proxyParams['host']) && count($proxyParams['host']) === 1
                        && ($pair = $this->parseHostAndPort($proxyParams['host'][0]))
                ) {
                        $url->setHost($pair[0]);
                        if (isset($pair[1])) {
                                $url->setPort($pair[1]);
                        }
                }
                return $remoteAddr ?? null;
        }


        private function useNonstandardProxy(Url $url): ?string
        {
                if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
                        $url->setScheme(strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0 ? 'https' : 'http');
                        $url->setPort($url->getScheme() === 'https' ? 443 : 80);
                }

                if (!empty($_SERVER['HTTP_X_FORWARDED_PORT'])) {
                        $url->setPort((int) $_SERVER['HTTP_X_FORWARDED_PORT']);
                }

                if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
                        $xForwardedForWithoutProxies = array_filter(
                                explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']),
                                fn(string $ip): bool => filter_var($ip = trim($ip), FILTER_VALIDATE_IP) === false
                                        || !Arrays::some($this->proxies, fn(string $proxy): bool => Helpers::ipMatch($ip, $proxy)),
                        );
                        if ($xForwardedForWithoutProxies) {
                                $remoteAddr = trim(end($xForwardedForWithoutProxies));
                                $xForwardedForRealIpKey = key($xForwardedForWithoutProxies);
                        }
                }

                if (isset($xForwardedForRealIpKey) && !empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
                        $xForwardedHost = explode(',', $_SERVER['HTTP_X_FORWARDED_HOST']);
                        if (
                                isset($xForwardedHost[$xForwardedForRealIpKey])
                                && ($pair = $this->parseHostAndPort(trim($xForwardedHost[$xForwardedForRealIpKey])))
                        ) {
                                $url->setHost($pair[0]);
                                if (isset($pair[1])) {
                                        $url->setPort($pair[1]);
                                }
                        }
                }

                return $remoteAddr ?? null;
        }


        /** @return array{string, ?int}|null */
        private function parseHostAndPort(string $s): ?array
        {
                return preg_match('#^([a-z0-9_.-]+|\[[a-f0-9:]+])(:\d+)?$#Di', $s, $matches)
                        ? [
                                rtrim(strtolower($matches[1]), '.'),
                                isset($matches[2]) ? (int) substr($matches[2], 1) : null,
                        ]
                        : null;
        }


        /** @deprecated use fromGlobals() */
        public function createHttpRequest(): Request
        {
                trigger_error(__METHOD__ . '() is deprecated, use fromGlobals()', E_USER_DEPRECATED);
                return $this->fromGlobals();
        }
}

1	<?php
2
3	/**
4	* This file is part of the Nette Framework (https://nette.org)
5	* Copyright (c) 2004 David Grudl (https://davidgrudl.com)
6	*/
7
8	declare(strict_types=1);
9
10	namespace Nette\Http;
11
12	use Nette;
13	use Nette\Utils\Arrays;
14	use Nette\Utils\Strings;
15
16
17	/**
18	* HTTP request factory.
19	*/
20	class RequestFactory
21	{
22	/** @internal */
23	private const ValidChars = '\x09\x0A\x0D\x20-\x7E\xA0-\x{10FFFF}';
24
25	public array $urlFilters = [
26	'path' => ['#//#' => '/'], // '%20' => ''
27	'url' => [], // '#[.,)]$#D' => ''
28	];
29
30	private bool $binary = false;
31
32	/** @var string[] */
33	private array $proxies = [];
34
35
36	public function setBinary(bool $binary = true): static	1✔
37	{
38	$this->binary = $binary;	1✔
39	return $this;	1✔
40	}
41
42
43	/**
44	* @param string\|string[] $proxy
45	*/
46	public function setProxy($proxy): static
47	{
48	$this->proxies = (array) $proxy;	1✔
49	return $this;	1✔
50	}
51
52
53	/**
54	* Returns new Request instance, using values from superglobals.
55	*/
56	public function fromGlobals(): Request
57	{
58	$url = new Url;	1✔
59	$this->getServer($url);	1✔
60	$this->getPathAndQuery($url);	1✔
61	[$post, $cookies] = $this->getGetPostCookie($url);	1✔
62	[$remoteAddr, $remoteHost] = $this->getClient($url);	1✔
63
64	return new Request(	1✔
65	new UrlScript($url, $this->getScriptPath($url)),	1✔
66	$post,
67	$this->getFiles(),	1✔
68	$cookies,
69	$this->getHeaders(),	1✔
70	$this->getMethod(),	1✔
71	$remoteAddr,
72	$remoteHost,
73	fn(): string => file_get_contents('php://input')	1✔
74	);	1✔
75	}
76
77
78	private function getServer(Url $url): void	1✔
79	{
80	$url->setScheme(!empty($_SERVER['HTTPS']) && strcasecmp($_SERVER['HTTPS'], 'off') ? 'https' : 'http');	1✔
81
82	if (
83	(isset($_SERVER[$tmp = 'HTTP_HOST']) \|\| isset($_SERVER[$tmp = 'SERVER_NAME']))	1✔
84	&& ($pair = $this->parseHostAndPort($_SERVER[$tmp]))	1✔
85	) {
86	$url->setHost($pair[0]);	1✔
87	if (isset($pair[1])) {	1✔
88	$url->setPort($pair[1]);	1✔
89	} elseif ($tmp === 'SERVER_NAME' && isset($_SERVER['SERVER_PORT'])) {	1✔
90	$url->setPort((int) $_SERVER['SERVER_PORT']);	1✔
91	}
92	}
93	}	1✔
94
95
96	private function getPathAndQuery(Url $url): void	1✔
97	{
98	$requestUrl = $_SERVER['REQUEST_URI'] ?? '/';	1✔
99	$requestUrl = preg_replace('#^\w++://[^/]++#', '', $requestUrl);	1✔
100	$requestUrl = Strings::replace($requestUrl, $this->urlFilters['url']);	1✔
101
102	$tmp = explode('?', $requestUrl, 2);	1✔
103	$path = Url::unescape($tmp[0], '%/?#');	1✔
104	$path = Strings::fixEncoding(Strings::replace($path, $this->urlFilters['path']));	1✔
105	$url->setPath($path);	1✔
106	$url->setQuery($tmp[1] ?? '');	1✔
107	}	1✔
108
109
110	private function getScriptPath(Url $url): string	1✔
111	{
112	if (PHP_SAPI === 'cli-server') {	1✔
113	return '/';	×
114	}
115
116	$path = $url->getPath();	1✔
117	$lpath = strtolower($path);	1✔
118	$script = strtolower($_SERVER['SCRIPT_NAME'] ?? '');	1✔
119	if ($lpath !== $script) {	1✔
120	$max = min(strlen($lpath), strlen($script));	1✔
121	for ($i = 0; $i < $max && $lpath[$i] === $script[$i]; $i++);	1✔
122	$path = $i	1✔
123	? substr($path, 0, strrpos($path, '/', $i - strlen($path) - 1) + 1)	1✔
124	: '/';	1✔
125	}
126
127	return $path;	1✔
128	}
129
130
131	private function getGetPostCookie(Url $url): array	1✔
132	{
133	$useFilter = (!in_array((string) ini_get('filter.default'), ['', 'unsafe_raw'], true) \|\| ini_get('filter.default_flags'));	1✔
134
135	$query = $url->getQueryParameters();	1✔
136	$post = $useFilter	1✔
137	? filter_input_array(INPUT_POST, FILTER_UNSAFE_RAW)	×
138	: (empty($_POST) ? [] : $_POST);	1✔
139	$cookies = $useFilter	1✔
140	? filter_input_array(INPUT_COOKIE, FILTER_UNSAFE_RAW)	×
141	: (empty($_COOKIE) ? [] : $_COOKIE);	1✔
142
143	// remove invalid characters
144	$reChars = '#^[' . self::ValidChars . ']*+$#Du';	1✔
145	if (!$this->binary) {	1✔
146	$list = [&$query, &$post, &$cookies];	1✔
147	foreach ($list as $key => &$val) {	1✔
148	foreach ($val as $k => $v) {	1✔
149	if (is_string($k) && (!preg_match($reChars, $k) \|\| preg_last_error())) {	1✔
150	unset($list[$key][$k]);	1✔
151
152	} elseif (is_array($v)) {	1✔
153	$list[$key][$k] = $v;	1✔
154	$list[] = &$list[$key][$k];	1✔
155
156	} elseif (is_string($v)) {	1✔
157	$list[$key][$k] = (string) preg_replace('#[^' . self::ValidChars . ']+#u', '', $v);	1✔
158
159	} else {
160	throw new Nette\InvalidStateException(sprintf('Invalid value in $_POST/$_COOKIE in key %s, expected string, %s given.', "'$k'", get_debug_type($v)));	1✔
161	}
162	}
163	}
164
165	unset($list, $key, $val, $k, $v);	1✔
166	}
167
168	$url->setQuery($query);	1✔
169	return [$post, $cookies];	1✔
170	}
171
172
173	private function getFiles(): array
174	{
175	$reChars = '#^[' . self::ValidChars . ']*+$#Du';	1✔
176	$files = [];	1✔
177	$list = [];	1✔
178	foreach ($_FILES ?? [] as $k => $v) {	1✔
179	if (
180	!is_array($v)	1✔
181	\|\| !isset($v['name'], $v['type'], $v['size'], $v['tmp_name'], $v['error'])	1✔
182	\|\| (!$this->binary && is_string($k) && (!preg_match($reChars, $k) \|\| preg_last_error()))	1✔
183	) {
184	continue;	1✔
185	}
186
187	$v['@'] = &$files[$k];	1✔
188	$list[] = $v;	1✔
189	}
190
191	// create FileUpload objects
192	foreach ($list as &$v) {	1✔
193	if (!isset($v['name'])) {	1✔
194	continue;	×
195
196	} elseif (!is_array($v['name'])) {	1✔
197	if (!$this->binary && (!preg_match($reChars, $v['name']) \|\| preg_last_error())) {	1✔
198	$v['name'] = '';	1✔
199	}
200
201	if ($v['error'] !== UPLOAD_ERR_NO_FILE) {	1✔
202	$v['@'] = new FileUpload($v);	1✔
203	}
204
205	continue;	1✔
206	}
207
208	foreach ($v['name'] as $k => $foo) {	1✔
209	if (!$this->binary && is_string($k) && (!preg_match($reChars, $k) \|\| preg_last_error())) {	1✔
210	continue;	×
211	}
212
213	$list[] = [	1✔
214	'name' => $v['name'][$k],	1✔
215	'type' => $v['type'][$k],	1✔
216	'size' => $v['size'][$k],	1✔
217	'full_path' => $v['full_path'][$k] ?? null,	1✔
218	'tmp_name' => $v['tmp_name'][$k],	1✔
219	'error' => $v['error'][$k],	1✔
220	'@' => &$v['@'][$k],	1✔
221	];
222	}
223	}
224
225	return $files;	1✔
226	}
227
228
229	private function getHeaders(): array
230	{
231	if (function_exists('apache_request_headers')) {	1✔
232	$headers = apache_request_headers();	×
233	} else {
234	$headers = [];	1✔
235	foreach ($_SERVER as $k => $v) {	1✔
236	if (strncmp($k, 'HTTP_', 5) === 0) {	1✔
237	$k = substr($k, 5);	1✔
238	} elseif (strncmp($k, 'CONTENT_', 8)) {	1✔
239	continue;	1✔
240	}
241
242	$headers[strtr($k, '_', '-')] = $v;	1✔
243	}
244	}
245
246	if (!isset($headers['Authorization'])) {	1✔
247	if (isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {	1✔
248	$headers['Authorization'] = 'Basic ' . base64_encode($_SERVER['PHP_AUTH_USER'] . ':' . $_SERVER['PHP_AUTH_PW']);	1✔
249	} elseif (isset($_SERVER['PHP_AUTH_DIGEST'])) {	1✔
250	$headers['Authorization'] = 'Digest ' . $_SERVER['PHP_AUTH_DIGEST'];	1✔
251	}
252	}
253
254	return $headers;	1✔
255	}
256
257
258	private function getMethod(): string
259	{
260	$method = $_SERVER['REQUEST_METHOD'] ?? 'GET';	1✔
261	if (
262	$method === 'POST'	1✔
263	&& preg_match('#^[A-Z]+$#D', $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] ?? '')	1✔
264	) {
265	$method = $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'];	1✔
266	}
267
268	return $method;	1✔
269	}
270
271
272	private function getClient(Url $url): array	1✔
273	{
274	$remoteAddr = !empty($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : null;	1✔
275
276	// use real client address and host if trusted proxy is used
277	$usingTrustedProxy = $remoteAddr && Arrays::some($this->proxies, fn(string $proxy): bool => Helpers::ipMatch($remoteAddr, $proxy));	1✔
278	if ($usingTrustedProxy) {	1✔
279	$remoteHost = null;	1✔
280	$remoteAddr = empty($_SERVER['HTTP_FORWARDED'])	1✔
281	? $this->useNonstandardProxy($url)	1✔
282	: $this->useForwardedProxy($url);	1✔
283
284	} else {
285	$remoteHost = !empty($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : null;	1✔
286	}
287
288	return [$remoteAddr, $remoteHost];	1✔
289	}
290
291
292	private function useForwardedProxy(Url $url): ?string	1✔
293	{
294	$forwardParams = preg_split('/[,;]/', $_SERVER['HTTP_FORWARDED']);	1✔
295	foreach ($forwardParams as $forwardParam) {	1✔
296	[$key, $value] = explode('=', $forwardParam, 2) + [1 => ''];	1✔
297	$proxyParams[strtolower(trim($key))][] = trim($value, " \t\"");	1✔
298	}
299
300	if (isset($proxyParams['for'])) {	1✔
301	$address = $proxyParams['for'][0];	1✔
302	$remoteAddr = str_contains($address, '[')	1✔
303	? substr($address, 1, strpos($address, ']') - 1) // IPv6	1✔
304	: explode(':', $address)[0]; // IPv4	1✔
305	}
306
307	if (isset($proxyParams['proto']) && count($proxyParams['proto']) === 1) {	1✔
308	$url->setScheme(strcasecmp($proxyParams['proto'][0], 'https') === 0 ? 'https' : 'http');	1✔
309	$url->setPort($url->getScheme() === 'https' ? 443 : 80);	1✔
310	}
311
312	if (
313	isset($proxyParams['host']) && count($proxyParams['host']) === 1	1✔
314	&& ($pair = $this->parseHostAndPort($proxyParams['host'][0]))	1✔
315	) {
316	$url->setHost($pair[0]);	1✔
317	if (isset($pair[1])) {	1✔
318	$url->setPort($pair[1]);	1✔
319	}
320	}
321	return $remoteAddr ?? null;	1✔
322	}
323
324
325	private function useNonstandardProxy(Url $url): ?string	1✔
326	{
327	if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO'])) {	1✔
328	$url->setScheme(strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0 ? 'https' : 'http');	1✔
329	$url->setPort($url->getScheme() === 'https' ? 443 : 80);	1✔
330	}
331
332	if (!empty($_SERVER['HTTP_X_FORWARDED_PORT'])) {	1✔
333	$url->setPort((int) $_SERVER['HTTP_X_FORWARDED_PORT']);	1✔
334	}
335
336	if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {	1✔
337	$xForwardedForWithoutProxies = array_filter(	1✔
338	explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']),	1✔
339	fn(string $ip): bool => filter_var($ip = trim($ip), FILTER_VALIDATE_IP) === false	1✔
340	\|\| !Arrays::some($this->proxies, fn(string $proxy): bool => Helpers::ipMatch($ip, $proxy)),	1✔
341	);
342	if ($xForwardedForWithoutProxies) {	1✔
343	$remoteAddr = trim(end($xForwardedForWithoutProxies));	1✔
344	$xForwardedForRealIpKey = key($xForwardedForWithoutProxies);	1✔
345	}
346	}
347
348	if (isset($xForwardedForRealIpKey) && !empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {	1✔
349	$xForwardedHost = explode(',', $_SERVER['HTTP_X_FORWARDED_HOST']);	1✔
350	if (
351	isset($xForwardedHost[$xForwardedForRealIpKey])	1✔
352	&& ($pair = $this->parseHostAndPort(trim($xForwardedHost[$xForwardedForRealIpKey])))	1✔
353	) {
354	$url->setHost($pair[0]);	1✔
355	if (isset($pair[1])) {	1✔
356	$url->setPort($pair[1]);	1✔
357	}
358	}
359	}
360
361	return $remoteAddr ?? null;	1✔
362	}
363
364
365	/** @return array{string, ?int}\|null */
366	private function parseHostAndPort(string $s): ?array	1✔
367	{
368	return preg_match('#^([a-z0-9_.-]+\|\[[a-f0-9:]+])(:\d+)?$#Di', $s, $matches)	1✔
369	? [
370	rtrim(strtolower($matches[1]), '.'),	1✔
371	isset($matches[2]) ? (int) substr($matches[2], 1) : null,	1✔
372	]
373	: null;	1✔
374	}
375
376
377	/** @deprecated use fromGlobals() */
378	public function createHttpRequest(): Request
379	{
UNCOV 380	trigger_error(__METHOD__ . '() is deprecated, use fromGlobals()', E_USER_DEPRECATED);	×
UNCOV 381	return $this->fromGlobals();	×
382	}
383	}

nette / http / 11665283087

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous