123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 |
- <?php
-
- /*
- * This file is part of the Symfony package.
- *
- * (c) Fabien Potencier <fabien@symfony.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
- namespace Symfony\Component\HttpFoundation;
-
- /**
- * ServerBag is a container for HTTP headers from the $_SERVER variable.
- *
- * @author Fabien Potencier <fabien@symfony.com>
- * @author Bulat Shakirzyanov <mallluhuct@gmail.com>
- * @author Robert Kiss <kepten@gmail.com>
- */
- class ServerBag extends ParameterBag
- {
- /**
- * Gets the HTTP headers.
- *
- * @return array
- */
- public function getHeaders()
- {
- $headers = [];
- foreach ($this->parameters as $key => $value) {
- if (str_starts_with($key, 'HTTP_')) {
- $headers[substr($key, 5)] = $value;
- } elseif (\in_array($key, ['CONTENT_TYPE', 'CONTENT_LENGTH', 'CONTENT_MD5'], true) && '' !== $value) {
- $headers[$key] = $value;
- }
- }
-
- if (isset($this->parameters['PHP_AUTH_USER'])) {
- $headers['PHP_AUTH_USER'] = $this->parameters['PHP_AUTH_USER'];
- $headers['PHP_AUTH_PW'] = $this->parameters['PHP_AUTH_PW'] ?? '';
- } else {
- /*
- * php-cgi under Apache does not pass HTTP Basic user/pass to PHP by default
- * For this workaround to work, add these lines to your .htaccess file:
- * RewriteCond %{HTTP:Authorization} .+
- * RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]
- *
- * A sample .htaccess file:
- * RewriteEngine On
- * RewriteCond %{HTTP:Authorization} .+
- * RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]
- * RewriteCond %{REQUEST_FILENAME} !-f
- * RewriteRule ^(.*)$ index.php [QSA,L]
- */
-
- $authorizationHeader = null;
- if (isset($this->parameters['HTTP_AUTHORIZATION'])) {
- $authorizationHeader = $this->parameters['HTTP_AUTHORIZATION'];
- } elseif (isset($this->parameters['REDIRECT_HTTP_AUTHORIZATION'])) {
- $authorizationHeader = $this->parameters['REDIRECT_HTTP_AUTHORIZATION'];
- }
-
- if (null !== $authorizationHeader) {
- if (0 === stripos($authorizationHeader, 'basic ')) {
- // Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic
- $exploded = explode(':', base64_decode(substr($authorizationHeader, 6)), 2);
- if (2 == \count($exploded)) {
- [$headers['PHP_AUTH_USER'], $headers['PHP_AUTH_PW']] = $exploded;
- }
- } elseif (empty($this->parameters['PHP_AUTH_DIGEST']) && (0 === stripos($authorizationHeader, 'digest '))) {
- // In some circumstances PHP_AUTH_DIGEST needs to be set
- $headers['PHP_AUTH_DIGEST'] = $authorizationHeader;
- $this->parameters['PHP_AUTH_DIGEST'] = $authorizationHeader;
- } elseif (0 === stripos($authorizationHeader, 'bearer ')) {
- /*
- * XXX: Since there is no PHP_AUTH_BEARER in PHP predefined variables,
- * I'll just set $headers['AUTHORIZATION'] here.
- * https://php.net/reserved.variables.server
- */
- $headers['AUTHORIZATION'] = $authorizationHeader;
- }
- }
- }
-
- if (isset($headers['AUTHORIZATION'])) {
- return $headers;
- }
-
- // PHP_AUTH_USER/PHP_AUTH_PW
- if (isset($headers['PHP_AUTH_USER'])) {
- $headers['AUTHORIZATION'] = 'Basic '.base64_encode($headers['PHP_AUTH_USER'].':'.($headers['PHP_AUTH_PW'] ?? ''));
- } elseif (isset($headers['PHP_AUTH_DIGEST'])) {
- $headers['AUTHORIZATION'] = $headers['PHP_AUTH_DIGEST'];
- }
-
- return $headers;
- }
- }
|