vendor/symfony/http-foundation/ServerBag.php line 21

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\HttpFoundation;
  14. /**
  15.  * ServerBag is a container for HTTP headers from the $_SERVER variable.
  16.  *
  17.  * @author Fabien Potencier <fabien@symfony.com>
  18.  * @author Bulat Shakirzyanov <mallluhuct@gmail.com>
  19.  * @author Robert Kiss <kepten@gmail.com>
  20.  */
  21. class ServerBag extends ParameterBag
  22. {
  23.     /**
  24.      * Gets the HTTP headers.
  25.      *
  26.      * @return array
  27.      */
  28.     public function getHeaders()
  29.     {
  30.         $headers = [];
  31.         foreach ($this->parameters as $key => $value) {
  32.             if (str_starts_with($key'HTTP_')) {
  33.                 $headers[substr($key5)] = $value;
  34.             } elseif (\in_array($key, ['CONTENT_TYPE''CONTENT_LENGTH''CONTENT_MD5'], true)) {
  35.                 $headers[$key] = $value;
  36.             }
  37.         }
  39.         if (isset($this->parameters['PHP_AUTH_USER'])) {
  40.             $headers['PHP_AUTH_USER'] = $this->parameters['PHP_AUTH_USER'];
  41.             $headers['PHP_AUTH_PW'] = $this->parameters['PHP_AUTH_PW'] ?? '';
  42.         } else {
  43.             /*
  44.              * php-cgi under Apache does not pass HTTP Basic user/pass to PHP by default
  45.              * For this workaround to work, add these lines to your .htaccess file:
  46.              * RewriteCond %{HTTP:Authorization} .+
  47.              * RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]
  48.              *
  49.              * A sample .htaccess file:
  50.              * RewriteEngine On
  51.              * RewriteCond %{HTTP:Authorization} .+
  52.              * RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]
  53.              * RewriteCond %{REQUEST_FILENAME} !-f
  54.              * RewriteRule ^(.*)$ app.php [QSA,L]
  55.              */
  57.             $authorizationHeader null;
  58.             if (isset($this->parameters['HTTP_AUTHORIZATION'])) {
  59.                 $authorizationHeader $this->parameters['HTTP_AUTHORIZATION'];
  60.             } elseif (isset($this->parameters['REDIRECT_HTTP_AUTHORIZATION'])) {
  61.                 $authorizationHeader $this->parameters['REDIRECT_HTTP_AUTHORIZATION'];
  62.             }
  64.             if (null !== $authorizationHeader) {
  65.                 if (=== stripos($authorizationHeader'basic ')) {
  66.                     // Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic
  67.                     $exploded explode(':'base64_decode(substr($authorizationHeader6)), 2);
  68.                     if (== \count($exploded)) {
  69.                         [$headers['PHP_AUTH_USER'], $headers['PHP_AUTH_PW']] = $exploded;
  70.                     }
  71.                 } elseif (empty($this->parameters['PHP_AUTH_DIGEST']) && (=== stripos($authorizationHeader'digest '))) {
  72.                     // In some circumstances PHP_AUTH_DIGEST needs to be set
  73.                     $headers['PHP_AUTH_DIGEST'] = $authorizationHeader;
  74.                     $this->parameters['PHP_AUTH_DIGEST'] = $authorizationHeader;
  75.                 } elseif (=== stripos($authorizationHeader'bearer ')) {
  76.                     /*
  77.                      * XXX: Since there is no PHP_AUTH_BEARER in PHP predefined variables,
  78.                      *      I'll just set $headers['AUTHORIZATION'] here.
  79.                      *      https://php.net/reserved.variables.server
  80.                      */
  81.                     $headers['AUTHORIZATION'] = $authorizationHeader;
  82.                 }
  83.             }
  84.         }
  86.         if (isset($headers['AUTHORIZATION'])) {
  87.             return $headers;
  88.         }
  90.         // PHP_AUTH_USER/PHP_AUTH_PW
  91.         if (isset($headers['PHP_AUTH_USER'])) {
  92.             $headers['AUTHORIZATION'] = 'Basic '.base64_encode($headers['PHP_AUTH_USER'].':'.($headers['PHP_AUTH_PW'] ?? ''));
  93.         } elseif (isset($headers['PHP_AUTH_DIGEST'])) {
  94.             $headers['AUTHORIZATION'] = $headers['PHP_AUTH_DIGEST'];
  95.         }
  97.         return $headers;
  98.     }
  99. }