SubRequestHandler.php 3.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. namespace Symfony\Component\HttpKernel\HttpCache;
  11. use Symfony\Component\HttpFoundation\IpUtils;
  12. use Symfony\Component\HttpFoundation\Request;
  13. use Symfony\Component\HttpFoundation\Response;
  14. use Symfony\Component\HttpKernel\HttpKernelInterface;
  15. /**
  16. * @author Nicolas Grekas <p@tchwork.com>
  17. *
  18. * @internal
  19. */
  20. class SubRequestHandler
  21. {
  22. public static function handle(HttpKernelInterface $kernel, Request $request, $type, $catch): Response
  23. {
  24. // save global state related to trusted headers and proxies
  25. $trustedProxies = Request::getTrustedProxies();
  26. $trustedHeaderSet = Request::getTrustedHeaderSet();
  27. // remove untrusted values
  28. $remoteAddr = $request->server->get('REMOTE_ADDR');
  29. if (!IpUtils::checkIp($remoteAddr, $trustedProxies)) {
  30. $trustedHeaders = [
  31. 'FORWARDED' => $trustedHeaderSet & Request::HEADER_FORWARDED,
  32. 'X_FORWARDED_FOR' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_FOR,
  33. 'X_FORWARDED_HOST' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_HOST,
  34. 'X_FORWARDED_PROTO' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_PROTO,
  35. 'X_FORWARDED_PORT' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_PORT,
  36. ];
  37. foreach (array_filter($trustedHeaders) as $name => $key) {
  38. $request->headers->remove($name);
  39. $request->server->remove('HTTP_'.$name);
  40. }
  41. }
  42. // compute trusted values, taking any trusted proxies into account
  43. $trustedIps = [];
  44. $trustedValues = [];
  45. foreach (array_reverse($request->getClientIps()) as $ip) {
  46. $trustedIps[] = $ip;
  47. $trustedValues[] = sprintf('for="%s"', $ip);
  48. }
  49. if ($ip !== $remoteAddr) {
  50. $trustedIps[] = $remoteAddr;
  51. $trustedValues[] = sprintf('for="%s"', $remoteAddr);
  52. }
  53. // set trusted values, reusing as much as possible the global trusted settings
  54. if (Request::HEADER_FORWARDED & $trustedHeaderSet) {
  55. $trustedValues[0] .= sprintf(';host="%s";proto=%s', $request->getHttpHost(), $request->getScheme());
  56. $request->headers->set('Forwarded', $v = implode(', ', $trustedValues));
  57. $request->server->set('HTTP_FORWARDED', $v);
  58. }
  59. if (Request::HEADER_X_FORWARDED_FOR & $trustedHeaderSet) {
  60. $request->headers->set('X-Forwarded-For', $v = implode(', ', $trustedIps));
  61. $request->server->set('HTTP_X_FORWARDED_FOR', $v);
  62. } elseif (!(Request::HEADER_FORWARDED & $trustedHeaderSet)) {
  63. Request::setTrustedProxies($trustedProxies, $trustedHeaderSet | Request::HEADER_X_FORWARDED_FOR);
  64. $request->headers->set('X-Forwarded-For', $v = implode(', ', $trustedIps));
  65. $request->server->set('HTTP_X_FORWARDED_FOR', $v);
  66. }
  67. // fix the client IP address by setting it to 127.0.0.1,
  68. // which is the core responsibility of this method
  69. $request->server->set('REMOTE_ADDR', '127.0.0.1');
  70. // ensure 127.0.0.1 is set as trusted proxy
  71. if (!IpUtils::checkIp('127.0.0.1', $trustedProxies)) {
  72. Request::setTrustedProxies(array_merge($trustedProxies, ['127.0.0.1']), Request::getTrustedHeaderSet());
  73. }
  74. try {
  75. return $kernel->handle($request, $type, $catch);
  76. } finally {
  77. // restore global state
  78. Request::setTrustedProxies($trustedProxies, $trustedHeaderSet);
  79. }
  80. }
  81. }