vendor/symfony/http-kernel/HttpCache/SubRequestHandler.php line 26

  1. <?php
  2. /*
  3.  * This file is part of the Symfony package.
  4.  *
  5.  * (c) Fabien Potencier <fabien@symfony.com>
  6.  *
  7.  * For the full copyright and license information, please view the LICENSE
  8.  * file that was distributed with this source code.
  9.  */
  10. namespace Symfony\Component\HttpKernel\HttpCache;
  11. use Symfony\Component\HttpFoundation\IpUtils;
  12. use Symfony\Component\HttpFoundation\Request;
  13. use Symfony\Component\HttpFoundation\Response;
  14. use Symfony\Component\HttpKernel\HttpKernelInterface;
  15. /**
  16.  * @author Nicolas Grekas <p@tchwork.com>
  17.  *
  18.  * @internal
  19.  */
  20. class SubRequestHandler
  21. {
  22.     public static function handle(HttpKernelInterface $kernelRequest $requestint $typebool $catch): Response
  23.     {
  24.         // save global state related to trusted headers and proxies
  25.         $trustedProxies Request::getTrustedProxies();
  26.         $trustedHeaderSet Request::getTrustedHeaderSet();
  27.         // remove untrusted values
  28.         $remoteAddr $request->server->get('REMOTE_ADDR');
  29.         if (!$remoteAddr || !IpUtils::checkIp($remoteAddr$trustedProxies)) {
  30.             $trustedHeaders = [
  31.                 'FORWARDED' => $trustedHeaderSet Request::HEADER_FORWARDED,
  32.                 'X_FORWARDED_FOR' => $trustedHeaderSet Request::HEADER_X_FORWARDED_FOR,
  33.                 'X_FORWARDED_HOST' => $trustedHeaderSet Request::HEADER_X_FORWARDED_HOST,
  34.                 'X_FORWARDED_PROTO' => $trustedHeaderSet Request::HEADER_X_FORWARDED_PROTO,
  35.                 'X_FORWARDED_PORT' => $trustedHeaderSet Request::HEADER_X_FORWARDED_PORT,
  36.                 'X_FORWARDED_PREFIX' => $trustedHeaderSet Request::HEADER_X_FORWARDED_PREFIX,
  37.             ];
  38.             foreach (array_filter($trustedHeaders) as $name => $key) {
  39.                 $request->headers->remove($name);
  40.                 $request->server->remove('HTTP_'.$name);
  41.             }
  42.         }
  43.         // compute trusted values, taking any trusted proxies into account
  44.         $trustedIps = [];
  45.         $trustedValues = [];
  46.         foreach (array_reverse($request->getClientIps()) as $ip) {
  47.             $trustedIps[] = $ip;
  48.             $trustedValues[] = sprintf('for="%s"'$ip);
  49.         }
  50.         if ($ip !== $remoteAddr) {
  51.             $trustedIps[] = $remoteAddr;
  52.             $trustedValues[] = sprintf('for="%s"'$remoteAddr);
  53.         }
  54.         // set trusted values, reusing as much as possible the global trusted settings
  55.         if (Request::HEADER_FORWARDED $trustedHeaderSet) {
  56.             $trustedValues[0] .= sprintf(';host="%s";proto=%s'$request->getHttpHost(), $request->getScheme());
  57.             $request->headers->set('Forwarded'$v implode(', '$trustedValues));
  58.             $request->server->set('HTTP_FORWARDED'$v);
  59.         }
  60.         if (Request::HEADER_X_FORWARDED_FOR $trustedHeaderSet) {
  61.             $request->headers->set('X-Forwarded-For'$v implode(', '$trustedIps));
  62.             $request->server->set('HTTP_X_FORWARDED_FOR'$v);
  63.         } elseif (!(Request::HEADER_FORWARDED $trustedHeaderSet)) {
  64.             Request::setTrustedProxies($trustedProxies$trustedHeaderSet Request::HEADER_X_FORWARDED_FOR);
  65.             $request->headers->set('X-Forwarded-For'$v implode(', '$trustedIps));
  66.             $request->server->set('HTTP_X_FORWARDED_FOR'$v);
  67.         }
  68.         // fix the client IP address by setting it to 127.0.0.1,
  69.         // which is the core responsibility of this method
  70.         $request->server->set('REMOTE_ADDR''127.0.0.1');
  71.         // ensure 127.0.0.1 is set as trusted proxy
  72.         if (!IpUtils::checkIp('127.0.0.1'$trustedProxies)) {
  73.             Request::setTrustedProxies(array_merge($trustedProxies, ['127.0.0.1']), Request::getTrustedHeaderSet());
  74.         }
  75.         try {
  76.             return $kernel->handle($request$type$catch);
  77.         } finally {
  78.             // restore global state
  79.             Request::setTrustedProxies($trustedProxies$trustedHeaderSet);
  80.         }
  81.     }
  82. }