vendor/symfony/http-foundation/ServerBag.php line 21

Open in your IDE?
  1. <?php
  2. /*
  3.  * This file is part of the Symfony package.
  4.  *
  5.  * (c) Fabien Potencier <fabien@symfony.com>
  6.  *
  7.  * For the full copyright and license information, please view the LICENSE
  8.  * file that was distributed with this source code.
  9.  */
  10. namespace Symfony\Component\HttpFoundation;
  11. /**
  12.  * ServerBag is a container for HTTP headers from the $_SERVER variable.
  13.  *
  14.  * @author Fabien Potencier <fabien@symfony.com>
  15.  * @author Bulat Shakirzyanov <mallluhuct@gmail.com>
  16.  * @author Robert Kiss <kepten@gmail.com>
  17.  */
  18. class ServerBag extends ParameterBag
  19. {
  20.     /**
  21.      * Gets the HTTP headers.
  22.      *
  23.      * @return array
  24.      */
  25.     public function getHeaders()
  26.     {
  27.         $headers = [];
  28.         foreach ($this->parameters as $key => $value) {
  29.             if (str_starts_with($key'HTTP_')) {
  30.                 $headers[substr($key5)] = $value;
  31.             } elseif (\in_array($key, ['CONTENT_TYPE''CONTENT_LENGTH''CONTENT_MD5'], true)) {
  32.                 $headers[$key] = $value;
  33.             }
  34.         }
  35.         if (isset($this->parameters['PHP_AUTH_USER'])) {
  36.             $headers['PHP_AUTH_USER'] = $this->parameters['PHP_AUTH_USER'];
  37.             $headers['PHP_AUTH_PW'] = $this->parameters['PHP_AUTH_PW'] ?? '';
  38.         } else {
  39.             /*
  40.              * php-cgi under Apache does not pass HTTP Basic user/pass to PHP by default
  41.              * For this workaround to work, add these lines to your .htaccess file:
  42.              * RewriteCond %{HTTP:Authorization} .+
  43.              * RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]
  44.              *
  45.              * A sample .htaccess file:
  46.              * RewriteEngine On
  47.              * RewriteCond %{HTTP:Authorization} .+
  48.              * RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]
  49.              * RewriteCond %{REQUEST_FILENAME} !-f
  50.              * RewriteRule ^(.*)$ app.php [QSA,L]
  51.              */
  52.             $authorizationHeader null;
  53.             if (isset($this->parameters['HTTP_AUTHORIZATION'])) {
  54.                 $authorizationHeader $this->parameters['HTTP_AUTHORIZATION'];
  55.             } elseif (isset($this->parameters['REDIRECT_HTTP_AUTHORIZATION'])) {
  56.                 $authorizationHeader $this->parameters['REDIRECT_HTTP_AUTHORIZATION'];
  57.             }
  58.             if (null !== $authorizationHeader) {
  59.                 if (=== stripos($authorizationHeader'basic ')) {
  60.                     // Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic
  61.                     $exploded explode(':'base64_decode(substr($authorizationHeader6)), 2);
  62.                     if (== \count($exploded)) {
  63.                         [$headers['PHP_AUTH_USER'], $headers['PHP_AUTH_PW']] = $exploded;
  64.                     }
  65.                 } elseif (empty($this->parameters['PHP_AUTH_DIGEST']) && (=== stripos($authorizationHeader'digest '))) {
  66.                     // In some circumstances PHP_AUTH_DIGEST needs to be set
  67.                     $headers['PHP_AUTH_DIGEST'] = $authorizationHeader;
  68.                     $this->parameters['PHP_AUTH_DIGEST'] = $authorizationHeader;
  69.                 } elseif (=== stripos($authorizationHeader'bearer ')) {
  70.                     /*
  71.                      * XXX: Since there is no PHP_AUTH_BEARER in PHP predefined variables,
  72.                      *      I'll just set $headers['AUTHORIZATION'] here.
  73.                      *      https://php.net/reserved.variables.server
  74.                      */
  75.                     $headers['AUTHORIZATION'] = $authorizationHeader;
  76.                 }
  77.             }
  78.         }
  79.         if (isset($headers['AUTHORIZATION'])) {
  80.             return $headers;
  81.         }
  82.         // PHP_AUTH_USER/PHP_AUTH_PW
  83.         if (isset($headers['PHP_AUTH_USER'])) {
  84.             $headers['AUTHORIZATION'] = 'Basic '.base64_encode($headers['PHP_AUTH_USER'].':'.($headers['PHP_AUTH_PW'] ?? ''));
  85.         } elseif (isset($headers['PHP_AUTH_DIGEST'])) {
  86.             $headers['AUTHORIZATION'] = $headers['PHP_AUTH_DIGEST'];
  87.         }
  88.         return $headers;
  89.     }
  90. }