markus/finanzen
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Initial

Browse Source
This commit is contained in:
Markus
2022-04-28 09:40:10 +02:00
commit 795794f992
9586 changed files with 1146991 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

200
system/HTTP/CLIRequest.php Normal file
View File

@@ -0,0 +1,200 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use Config\App;
use RuntimeException;
/**
* Represents a request from the command-line. Provides additional
* tools to interact with that request since CLI requests are not
* static like HTTP requests might be.
*
* Portions of this code were initially from the FuelPHP Framework,
* version 1.7.x, and used here under the MIT license they were
* originally made available under.
*
* http://fuelphp.com
*/
class CLIRequest extends Request
{
/**
* Stores the segments of our cli "URI" command.
*
* @var array
*/
protected $segments = [];
/**
* Command line options and their values.
*
* @var array
*/
protected $options = [];
/**
* Set the expected HTTP verb
*
* @var string
*/
protected $method = 'cli';
/**
* Constructor
*/
public function __construct(App $config)
{
if (! is_cli()) {
throw new RuntimeException(static::class . ' needs to run from the command line.'); // @codeCoverageIgnore
}
parent::__construct($config);
// Don't terminate the script when the cli's tty goes away
ignore_user_abort(true);
$this->parseCommand();
}
/**
* Returns the "path" of the request script so that it can be used
* in routing to the appropriate controller/method.
*
* The path is determined by treating the command line arguments
* as if it were a URL - up until we hit our first option.
*
* Example:
* php index.php users 21 profile -foo bar
*
* // Routes to /users/21/profile (index is removed for routing sake)
* // with the option foo = bar.
*/
public function getPath(): string
{
$path = implode('/', $this->segments);
return empty($path) ? '' : $path;
}
/**
* Returns an associative array of all CLI options found, with
* their values.
*/
public function getOptions(): array
{
return $this->options;
}
/**
* Returns the path segments.
*/
public function getSegments(): array
{
return $this->segments;
}
/**
* Returns the value for a single CLI option that was passed in.
*
* @return string|null
*/
public function getOption(string $key)
{
return $this->options[$key] ?? null;
}
/**
* Returns the options as a string, suitable for passing along on
* the CLI to other commands.
*
* Example:
* $options = [
* 'foo' => 'bar',
* 'baz' => 'queue some stuff'
* ];
*
* getOptionString() = '-foo bar -baz "queue some stuff"'
*/
public function getOptionString(bool $useLongOpts = false): string
{
if (empty($this->options)) {
return '';
}
$out = '';
foreach ($this->options as $name => $value) {
if ($useLongOpts && mb_strlen($name) > 1) {
$out .= "--{$name} ";
} else {
$out .= "-{$name} ";
}
if ($value === null) {
continue;
}
if (mb_strpos($value, ' ') !== false) {
$out .= '"' . $value . '" ';
} else {
$out .= "{$value} ";
}
}
return trim($out);
}
/**
* Parses the command line it was called from and collects all options
* and valid segments.
*
* NOTE: I tried to use getopt but had it fail occasionally to find
* any options, where argv has always had our back.
*/
protected function parseCommand()
{
$args = $this->getServer('argv');
array_shift($args); // Scrap index.php
$optionValue = false;
foreach ($args as $i => $arg) {
if (mb_strpos($arg, '-') !== 0) {
if ($optionValue) {
$optionValue = false;
} else {
$this->segments[] = $arg;
}
continue;
}
$arg = ltrim($arg, '-');
$value = null;
if (isset($args[$i + 1]) && mb_strpos($args[$i + 1], '-') !== 0) {
$value = $args[$i + 1];
$optionValue = true;
}
$this->options[$arg] = $value;
}
}
/**
* Determines if this request was made from the command line (CLI).
*/
public function isCLI(): bool
{
return is_cli();
}
}

663
system/HTTP/CURLRequest.php Normal file
View File

@@ -0,0 +1,663 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use CodeIgniter\HTTP\Exceptions\HTTPException;
use Config\App;
use Config\CURLRequest as ConfigCURLRequest;
use InvalidArgumentException;
/**
* A lightweight HTTP client for sending synchronous HTTP requests via cURL.
*/
class CURLRequest extends Request
{
/**
* The response object associated with this request
*
* @var ResponseInterface|null
*/
protected $response;
/**
* The URI associated with this request
*
* @var URI
*/
protected $baseURI;
/**
* The setting values
*
* @var array
*/
protected $config;
/**
* The default setting values
*
* @var array
*/
protected $defaultConfig = [
'timeout' => 0.0,
'connect_timeout' => 150,
'debug' => false,
'verify' => true,
];
/**
* Default values for when 'allow_redirects'
* option is true.
*
* @var array
*/
protected $redirectDefaults = [
'max' => 5,
'strict' => true,
'protocols' => [
'http',
'https',
],
];
/**
* The number of milliseconds to delay before
* sending the request.
*
* @var float
*/
protected $delay = 0.0;
/**
* The default options from the constructor. Applied to all requests.
*
* @var array
*/
private $defaultOptions;
/**
* Whether share options between requests or not.
*
* If true, all the options won't be reset between requests.
* It may cause an error request with unnecessary headers.
*
* @var bool
*/
private $shareOptions;
/**
* Takes an array of options to set the following possible class properties:
*
* - baseURI
* - timeout
* - any other request options to use as defaults.
*
* @param ResponseInterface $response
*/
public function __construct(App $config, URI $uri, ?ResponseInterface $response = null, array $options = [])
{
if (! function_exists('curl_version')) {
throw HTTPException::forMissingCurl(); // @codeCoverageIgnore
}
parent::__construct($config);
$this->response = $response;
$this->baseURI = $uri->useRawQueryString();
$this->defaultOptions = $options;
/** @var ConfigCURLRequest|null $configCURLRequest */
$configCURLRequest = config('CURLRequest');
$this->shareOptions = $configCURLRequest->shareOptions ?? true;
$this->config = $this->defaultConfig;
$this->parseOptions($options);
}
/**
* Sends an HTTP request to the specified $url. If this is a relative
* URL, it will be merged with $this->baseURI to form a complete URL.
*
* @param string $method
*/
public function request($method, string $url, array $options = []): ResponseInterface
{
$this->parseOptions($options);
$url = $this->prepareURL($url);
$method = esc(strip_tags($method));
$this->send($method, $url);
if ($this->shareOptions === false) {
$this->resetOptions();
}
return $this->response;
}
/**
* Reset all options to default.
*/
protected function resetOptions()
{
// Reset headers
$this->headers = [];
$this->headerMap = [];
// Reset configs
$this->config = $this->defaultConfig;
// Set the default options for next request
$this->parseOptions($this->defaultOptions);
}
/**
* Convenience method for sending a GET request.
*/
public function get(string $url, array $options = []): ResponseInterface
{
return $this->request('get', $url, $options);
}
/**
* Convenience method for sending a DELETE request.
*/
public function delete(string $url, array $options = []): ResponseInterface
{
return $this->request('delete', $url, $options);
}
/**
* Convenience method for sending a HEAD request.
*/
public function head(string $url, array $options = []): ResponseInterface
{
return $this->request('head', $url, $options);
}
/**
* Convenience method for sending an OPTIONS request.
*/
public function options(string $url, array $options = []): ResponseInterface
{
return $this->request('options', $url, $options);
}
/**
* Convenience method for sending a PATCH request.
*/
public function patch(string $url, array $options = []): ResponseInterface
{
return $this->request('patch', $url, $options);
}
/**
* Convenience method for sending a POST request.
*/
public function post(string $url, array $options = []): ResponseInterface
{
return $this->request('post', $url, $options);
}
/**
* Convenience method for sending a PUT request.
*/
public function put(string $url, array $options = []): ResponseInterface
{
return $this->request('put', $url, $options);
}
/**
* Set the HTTP Authentication.
*
* @param string $type basic or digest
*
* @return $this
*/
public function setAuth(string $username, string $password, string $type = 'basic')
{
$this->config['auth'] = [
$username,
$password,
$type,
];
return $this;
}
/**
* Set form data to be sent.
*
* @param bool $multipart Set TRUE if you are sending CURLFiles
*
* @return $this
*/
public function setForm(array $params, bool $multipart = false)
{
if ($multipart) {
$this->config['multipart'] = $params;
} else {
$this->config['form_params'] = $params;
}
return $this;
}
/**
* Set JSON data to be sent.
*
* @param mixed $data
*
* @return $this
*/
public function setJSON($data)
{
$this->config['json'] = $data;
return $this;
}
/**
* Sets the correct settings based on the options array
* passed in.
*/
protected function parseOptions(array $options)
{
if (array_key_exists('baseURI', $options)) {
$this->baseURI = $this->baseURI->setURI($options['baseURI']);
unset($options['baseURI']);
}
if (array_key_exists('headers', $options) && is_array($options['headers'])) {
foreach ($options['headers'] as $name => $value) {
$this->setHeader($name, $value);
}
unset($options['headers']);
}
if (array_key_exists('delay', $options)) {
// Convert from the milliseconds passed in
// to the seconds that sleep requires.
$this->delay = (float) $options['delay'] / 1000;
unset($options['delay']);
}
foreach ($options as $key => $value) {
$this->config[$key] = $value;
}
}
/**
* If the $url is a relative URL, will attempt to create
* a full URL by prepending $this->baseURI to it.
*/
protected function prepareURL(string $url): string
{
// If it's a full URI, then we have nothing to do here...
if (strpos($url, '://') !== false) {
return $url;
}
$uri = $this->baseURI->resolveRelativeURI($url);
// Create the string instead of casting to prevent baseURL muddling
return URI::createURIString($uri->getScheme(), $uri->getAuthority(), $uri->getPath(), $uri->getQuery(), $uri->getFragment());
}
/**
* Get the request method. Overrides the Request class' method
* since users expect a different answer here.
*
* @param bool|false $upper Whether to return in upper or lower case.
*/
public function getMethod(bool $upper = false): string
{
return ($upper) ? strtoupper($this->method) : strtolower($this->method);
}
/**
* Fires the actual cURL request.
*
* @return ResponseInterface
*/
public function send(string $method, string $url)
{
// Reset our curl options so we're on a fresh slate.
$curlOptions = [];
if (! empty($this->config['query']) && is_array($this->config['query'])) {
// This is likely too naive a solution.
// Should look into handling when $url already
// has query vars on it.
$url .= '?' . http_build_query($this->config['query']);
unset($this->config['query']);
}
$curlOptions[CURLOPT_URL] = $url;
$curlOptions[CURLOPT_RETURNTRANSFER] = true;
$curlOptions[CURLOPT_HEADER] = true;
$curlOptions[CURLOPT_FRESH_CONNECT] = true;
// Disable @file uploads in post data.
$curlOptions[CURLOPT_SAFE_UPLOAD] = true;
$curlOptions = $this->setCURLOptions($curlOptions, $this->config);
$curlOptions = $this->applyMethod($method, $curlOptions);
$curlOptions = $this->applyRequestHeaders($curlOptions);
// Do we need to delay this request?
if ($this->delay > 0) {
sleep($this->delay);
}
$output = $this->sendRequest($curlOptions);
// Set the string we want to break our response from
$breakString = "\r\n\r\n";
if (strpos($output, 'HTTP/1.1 100 Continue') === 0) {
$output = substr($output, strpos($output, $breakString) + 4);
}
// If request and response have Digest
if (isset($this->config['auth'][2]) && $this->config['auth'][2] === 'digest' && strpos($output, 'WWW-Authenticate: Digest') !== false) {
$output = substr($output, strpos($output, $breakString) + 4);
}
// Split out our headers and body
$break = strpos($output, $breakString);
if ($break !== false) {
// Our headers
$headers = explode("\n", substr($output, 0, $break));
$this->setResponseHeaders($headers);
// Our body
$body = substr($output, $break + 4);
$this->response->setBody($body);
} else {
$this->response->setBody($output);
}
return $this->response;
}
/**
* Adds $this->headers to the cURL request.
*/
protected function applyRequestHeaders(array $curlOptions = []): array
{
if (empty($this->headers)) {
return $curlOptions;
}
$set = [];
foreach (array_keys($this->headers) as $name) {
$set[] = $name . ': ' . $this->getHeaderLine($name);
}
$curlOptions[CURLOPT_HTTPHEADER] = $set;
return $curlOptions;
}
/**
* Apply method
*/
protected function applyMethod(string $method, array $curlOptions): array
{
$method = strtoupper($method);
$this->method = $method;
$curlOptions[CURLOPT_CUSTOMREQUEST] = $method;
$size = strlen($this->body ?? '');
// Have content?
if ($size > 0) {
return $this->applyBody($curlOptions);
}
if ($method === 'PUT' || $method === 'POST') {
// See http://tools.ietf.org/html/rfc7230#section-3.3.2
if ($this->header('content-length') === null && ! isset($this->config['multipart'])) {
$this->setHeader('Content-Length', '0');
}
} elseif ($method === 'HEAD') {
$curlOptions[CURLOPT_NOBODY] = 1;
}
return $curlOptions;
}
/**
* Apply body
*/
protected function applyBody(array $curlOptions = []): array
{
if (! empty($this->body)) {
$curlOptions[CURLOPT_POSTFIELDS] = (string) $this->getBody();
}
return $curlOptions;
}
/**
* Parses the header retrieved from the cURL response into
* our Response object.
*/
protected function setResponseHeaders(array $headers = [])
{
foreach ($headers as $header) {
if (($pos = strpos($header, ':')) !== false) {
$title = substr($header, 0, $pos);
$value = substr($header, $pos + 1);
$this->response->setHeader($title, $value);
} elseif (strpos($header, 'HTTP') === 0) {
preg_match('#^HTTP\/([12](?:\.[01])?) (\d+) (.+)#', $header, $matches);
if (isset($matches[1])) {
$this->response->setProtocolVersion($matches[1]);
}
if (isset($matches[2])) {
$this->response->setStatusCode($matches[2], $matches[3] ?? null);
}
}
}
}
/**
* Set CURL options
*
* @throws InvalidArgumentException
*
* @return array
*/
protected function setCURLOptions(array $curlOptions = [], array $config = [])
{
// Auth Headers
if (! empty($config['auth'])) {
$curlOptions[CURLOPT_USERPWD] = $config['auth'][0] . ':' . $config['auth'][1];
if (! empty($config['auth'][2]) && strtolower($config['auth'][2]) === 'digest') {
$curlOptions[CURLOPT_HTTPAUTH] = CURLAUTH_DIGEST;
} else {
$curlOptions[CURLOPT_HTTPAUTH] = CURLAUTH_BASIC;
}
}
// Certificate
if (! empty($config['cert'])) {
$cert = $config['cert'];
if (is_array($cert)) {
$curlOptions[CURLOPT_SSLCERTPASSWD] = $cert[1];
$cert = $cert[0];
}
if (! is_file($cert)) {
throw HTTPException::forSSLCertNotFound($cert);
}
$curlOptions[CURLOPT_SSLCERT] = $cert;
}
// SSL Verification
if (isset($config['verify'])) {
if (is_string($config['verify'])) {
$file = realpath($config['ssl_key']) ?: $config['ssl_key'];
if (! is_file($file)) {
throw HTTPException::forInvalidSSLKey($config['ssl_key']);
}
$curlOptions[CURLOPT_CAINFO] = $file;
$curlOptions[CURLOPT_SSL_VERIFYPEER] = 1;
} elseif (is_bool($config['verify'])) {
$curlOptions[CURLOPT_SSL_VERIFYPEER] = $config['verify'];
}
}
// Debug
if ($config['debug']) {
$curlOptions[CURLOPT_VERBOSE] = 1;
$curlOptions[CURLOPT_STDERR] = is_string($config['debug']) ? fopen($config['debug'], 'a+b') : fopen('php://stderr', 'wb');
}
// Decode Content
if (! empty($config['decode_content'])) {
$accept = $this->getHeaderLine('Accept-Encoding');
if ($accept) {
$curlOptions[CURLOPT_ENCODING] = $accept;
} else {
$curlOptions[CURLOPT_ENCODING] = '';
$curlOptions[CURLOPT_HTTPHEADER] = 'Accept-Encoding';
}
}
// Allow Redirects
if (array_key_exists('allow_redirects', $config)) {
$settings = $this->redirectDefaults;
if (is_array($config['allow_redirects'])) {
$settings = array_merge($settings, $config['allow_redirects']);
}
if ($config['allow_redirects'] === false) {
$curlOptions[CURLOPT_FOLLOWLOCATION] = 0;
} else {
$curlOptions[CURLOPT_FOLLOWLOCATION] = 1;
$curlOptions[CURLOPT_MAXREDIRS] = $settings['max'];
if ($settings['strict'] === true) {
$curlOptions[CURLOPT_POSTREDIR] = 1 | 2 | 4;
}
$protocols = 0;
foreach ($settings['protocols'] as $proto) {
$protocols += constant('CURLPROTO_' . strtoupper($proto));
}
$curlOptions[CURLOPT_REDIR_PROTOCOLS] = $protocols;
}
}
// Timeout
$curlOptions[CURLOPT_TIMEOUT_MS] = (float) $config['timeout'] * 1000;
// Connection Timeout
$curlOptions[CURLOPT_CONNECTTIMEOUT_MS] = (float) $config['connect_timeout'] * 1000;
// Post Data - application/x-www-form-urlencoded
if (! empty($config['form_params']) && is_array($config['form_params'])) {
$postFields = http_build_query($config['form_params']);
$curlOptions[CURLOPT_POSTFIELDS] = $postFields;
// Ensure content-length is set, since CURL doesn't seem to
// calculate it when HTTPHEADER is set.
$this->setHeader('Content-Length', (string) strlen($postFields));
$this->setHeader('Content-Type', 'application/x-www-form-urlencoded');
}
// Post Data - multipart/form-data
if (! empty($config['multipart']) && is_array($config['multipart'])) {
// setting the POSTFIELDS option automatically sets multipart
$curlOptions[CURLOPT_POSTFIELDS] = $config['multipart'];
}
// HTTP Errors
$curlOptions[CURLOPT_FAILONERROR] = array_key_exists('http_errors', $config) ? (bool) $config['http_errors'] : true;
// JSON
if (isset($config['json'])) {
// Will be set as the body in `applyBody()`
$json = json_encode($config['json']);
$this->setBody($json);
$this->setHeader('Content-Type', 'application/json');
$this->setHeader('Content-Length', (string) strlen($json));
}
// version
if (! empty($config['version'])) {
if ($config['version'] === 1.0) {
$curlOptions[CURLOPT_HTTP_VERSION] = CURL_HTTP_VERSION_1_0;
} elseif ($config['version'] === 1.1) {
$curlOptions[CURLOPT_HTTP_VERSION] = CURL_HTTP_VERSION_1_1;
}
}
// Cookie
if (isset($config['cookie'])) {
$curlOptions[CURLOPT_COOKIEJAR] = $config['cookie'];
$curlOptions[CURLOPT_COOKIEFILE] = $config['cookie'];
}
// User Agent
if (isset($config['user_agent'])) {
$curlOptions[CURLOPT_USERAGENT] = $config['user_agent'];
}
return $curlOptions;
}
/**
* Does the actual work of initializing cURL, setting the options,
* and grabbing the output.
*
* @codeCoverageIgnore
*/
protected function sendRequest(array $curlOptions = []): string
{
$ch = curl_init();
curl_setopt_array($ch, $curlOptions);
// Send the request and wait for a response.
$output = curl_exec($ch);
if ($output === false) {
throw HTTPException::forCurlError((string) curl_errno($ch), curl_error($ch));
}
curl_close($ch);
return $output;
}
}

733
system/HTTP/ContentSecurityPolicy.php Normal file
View File

@@ -0,0 +1,733 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use Config\ContentSecurityPolicy as ContentSecurityPolicyConfig;
/**
* Provides tools for working with the Content-Security-Policy header
* to help defeat XSS attacks.
*
* @see http://www.w3.org/TR/CSP/
* @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/
* @see http://content-security-policy.com/
* @see https://www.owasp.org/index.php/Content_Security_Policy
*/
class ContentSecurityPolicy
{
/**
* Used for security enforcement
*
* @var array|string
*/
protected $baseURI = [];
/**
* Used for security enforcement
*
* @var array|string
*/
protected $childSrc = [];
/**
* Used for security enforcement
*
* @var array
*/
protected $connectSrc = [];
/**
* Used for security enforcement
*
* @var array|string
*/
protected $defaultSrc = [];
/**
* Used for security enforcement
*
* @var array|string
*/
protected $fontSrc = [];
/**
* Used for security enforcement
*
* @var array|string
*/
protected $formAction = [];
/**
* Used for security enforcement
*
* @var array|string
*/
protected $frameAncestors = [];
/**
* Used for security enforcement
*
* @var array|string
*/
protected $frameSrc = [];
/**
* Used for security enforcement
*
* @var array|string
*/
protected $imageSrc = [];
/**
* Used for security enforcement
*
* @var array|string
*/
protected $mediaSrc = [];
/**
* Used for security enforcement
*
* @var array|string
*/
protected $objectSrc = [];
/**
* Used for security enforcement
*
* @var array|string
*/
protected $pluginTypes = [];
/**
* Used for security enforcement
*
* @var string
*/
protected $reportURI;
/**
* Used for security enforcement
*
* @var array|string
*/
protected $sandbox = [];
/**
* Used for security enforcement
*
* @var array|string
*/
protected $scriptSrc = [];
/**
* Used for security enforcement
*
* @var array|string
*/
protected $styleSrc = [];
/**
* Used for security enforcement
*
* @var array|string
*/
protected $manifestSrc = [];
/**
* Used for security enforcement
*
* @var bool
*/
protected $upgradeInsecureRequests = false;
/**
* Used for security enforcement
*
* @var bool
*/
protected $reportOnly = false;
/**
* Used for security enforcement
*
* @var array
*/
protected $validSources = [
'self',
'none',
'unsafe-inline',
'unsafe-eval',
];
/**
* Used for security enforcement
*
* @var array
*/
protected $nonces = [];
/**
* An array of header info since we have
* to build ourself before passing to Response.
*
* @var array
*/
protected $tempHeaders = [];
/**
* An array of header info to build
* that should only be reported.
*
* @var array
*/
protected $reportOnlyHeaders = [];
/**
* Constructor.
*
* Stores our default values from the Config file.
*/
public function __construct(ContentSecurityPolicyConfig $config)
{
foreach (get_object_vars($config) as $setting => $value) {
if (property_exists($this, $setting)) {
$this->{$setting} = $value;
}
}
}
/**
* Compiles and sets the appropriate headers in the request.
*
* Should be called just prior to sending the response to the user agent.
*/
public function finalize(ResponseInterface &$response)
{
$this->generateNonces($response);
$this->buildHeaders($response);
}
/**
* If TRUE, nothing will be restricted. Instead all violations will
* be reported to the reportURI for monitoring. This is useful when
* you are just starting to implement the policy, and will help
* determine what errors need to be addressed before you turn on
* all filtering.
*
* @return $this
*/
public function reportOnly(bool $value = true)
{
$this->reportOnly = $value;
return $this;
}
/**
* Adds a new base_uri value. Can be either a URI class or a simple string.
*
* base_uri restricts the URLs that can appear in a pages <base> element.
*
* @see http://www.w3.org/TR/CSP/#directive-base-uri
*
* @param array|string $uri
*
* @return $this
*/
public function addBaseURI($uri, ?bool $explicitReporting = null)
{
$this->addOption($uri, 'baseURI', $explicitReporting ?? $this->reportOnly);
return $this;
}
/**
* Adds a new valid endpoint for a form's action. Can be either
* a URI class or a simple string.
*
* child-src lists the URLs for workers and embedded frame contents.
* For example: child-src https://youtube.com would enable embedding
* videos from YouTube but not from other origins.
*
* @see http://www.w3.org/TR/CSP/#directive-child-src
*
* @param array|string $uri
*
* @return $this
*/
public function addChildSrc($uri, ?bool $explicitReporting = null)
{
$this->addOption($uri, 'childSrc', $explicitReporting ?? $this->reportOnly);
return $this;
}
/**
* Adds a new valid endpoint for a form's action. Can be either
* a URI class or a simple string.
*
* connect-src limits the origins to which you can connect
* (via XHR, WebSockets, and EventSource).
*
* @see http://www.w3.org/TR/CSP/#directive-connect-src
*
* @param array|string $uri
*
* @return $this
*/
public function addConnectSrc($uri, ?bool $explicitReporting = null)
{
$this->addOption($uri, 'connectSrc', $explicitReporting ?? $this->reportOnly);
return $this;
}
/**
* Adds a new valid endpoint for a form's action. Can be either
* a URI class or a simple string.
*
* default_src is the URI that is used for many of the settings when
* no other source has been set.
*
* @see http://www.w3.org/TR/CSP/#directive-default-src
*
* @param array|string $uri
*
* @return $this
*/
public function setDefaultSrc($uri, ?bool $explicitReporting = null)
{
$this->defaultSrc = [(string) $uri => $explicitReporting ?? $this->reportOnly];
return $this;
}
/**
* Adds a new valid endpoint for a form's action. Can be either
* a URI class or a simple string.
*
* font-src specifies the origins that can serve web fonts.
*
* @see http://www.w3.org/TR/CSP/#directive-font-src
*
* @param array|string $uri
*
* @return $this
*/
public function addFontSrc($uri, ?bool $explicitReporting = null)
{
$this->addOption($uri, 'fontSrc', $explicitReporting ?? $this->reportOnly);
return $this;
}
/**
* Adds a new valid endpoint for a form's action. Can be either
* a URI class or a simple string.
*
* @see http://www.w3.org/TR/CSP/#directive-form-action
*
* @param array|string $uri
*
* @return $this
*/
public function addFormAction($uri, ?bool $explicitReporting = null)
{
$this->addOption($uri, 'formAction', $explicitReporting ?? $this->reportOnly);
return $this;
}
/**
* Adds a new resource that should allow embedding the resource using
* <frame>, <iframe>, <object>, <embed>, or <applet>
*
* @see http://www.w3.org/TR/CSP/#directive-frame-ancestors
*
* @param array|string $uri
*
* @return $this
*/
public function addFrameAncestor($uri, ?bool $explicitReporting = null)
{
$this->addOption($uri, 'frameAncestors', $explicitReporting ?? $this->reportOnly);
return $this;
}
/**
* Adds a new valid endpoint for valid frame sources. Can be either
* a URI class or a simple string.
*
* @see http://www.w3.org/TR/CSP/#directive-frame-src
*
* @param array|string $uri
*
* @return $this
*/
public function addFrameSrc($uri, ?bool $explicitReporting = null)
{
$this->addOption($uri, 'frameSrc', $explicitReporting ?? $this->reportOnly);
return $this;
}
/**
* Adds a new valid endpoint for valid image sources. Can be either
* a URI class or a simple string.
*
* @see http://www.w3.org/TR/CSP/#directive-img-src
*
* @param array|string $uri
*
* @return $this
*/
public function addImageSrc($uri, ?bool $explicitReporting = null)
{
$this->addOption($uri, 'imageSrc', $explicitReporting ?? $this->reportOnly);
return $this;
}
/**
* Adds a new valid endpoint for valid video and audio. Can be either
* a URI class or a simple string.
*
* @see http://www.w3.org/TR/CSP/#directive-media-src
*
* @param array|string $uri
*
* @return $this
*/
public function addMediaSrc($uri, ?bool $explicitReporting = null)
{
$this->addOption($uri, 'mediaSrc', $explicitReporting ?? $this->reportOnly);
return $this;
}
/**
* Adds a new valid endpoint for manifest sources. Can be either
* a URI class or simple string.
*
* @see https://www.w3.org/TR/CSP/#directive-manifest-src
*
* @param array|string $uri
*
* @return $this
*/
public function addManifestSrc($uri, ?bool $explicitReporting = null)
{
$this->addOption($uri, 'manifestSrc', $explicitReporting ?? $this->reportOnly);
return $this;
}
/**
* Adds a new valid endpoint for Flash and other plugin sources. Can be either
* a URI class or a simple string.
*
* @see http://www.w3.org/TR/CSP/#directive-object-src
*
* @param array|string $uri
*
* @return $this
*/
public function addObjectSrc($uri, ?bool $explicitReporting = null)
{
$this->addOption($uri, 'objectSrc', $explicitReporting ?? $this->reportOnly);
return $this;
}
/**
* Limits the types of plugins that can be used. Can be either
* a URI class or a simple string.
*
* @see http://www.w3.org/TR/CSP/#directive-plugin-types
*
* @param array|string $mime One or more plugin mime types, separate by spaces
*
* @return $this
*/
public function addPluginType($mime, ?bool $explicitReporting = null)
{
$this->addOption($mime, 'pluginTypes', $explicitReporting ?? $this->reportOnly);
return $this;
}
/**
* Specifies a URL where a browser will send reports when a content
* security policy is violated. Can be either a URI class or a simple string.
*
* @see http://www.w3.org/TR/CSP/#directive-report-uri
*
* @return $this
*/
public function setReportURI(string $uri)
{
$this->reportURI = $uri;
return $this;
}
/**
* specifies an HTML sandbox policy that the user agent applies to
* the protected resource.
*
* @see http://www.w3.org/TR/CSP/#directive-sandbox
*
* @param array|string $flags An array of sandbox flags that can be added to the directive.
*
* @return $this
*/
public function addSandbox($flags, ?bool $explicitReporting = null)
{
$this->addOption($flags, 'sandbox', $explicitReporting ?? $this->reportOnly);
return $this;
}
/**
* Adds a new valid endpoint for javascript file sources. Can be either
* a URI class or a simple string.
*
* @see http://www.w3.org/TR/CSP/#directive-connect-src
*
* @param array|string $uri
*
* @return $this
*/
public function addScriptSrc($uri, ?bool $explicitReporting = null)
{
$this->addOption($uri, 'scriptSrc', $explicitReporting ?? $this->reportOnly);
return $this;
}
/**
* Adds a new valid endpoint for CSS file sources. Can be either
* a URI class or a simple string.
*
* @see http://www.w3.org/TR/CSP/#directive-connect-src
*
* @param array|string $uri
*
* @return $this
*/
public function addStyleSrc($uri, ?bool $explicitReporting = null)
{
$this->addOption($uri, 'styleSrc', $explicitReporting ?? $this->reportOnly);
return $this;
}
/**
* Sets whether the user agents should rewrite URL schemes, changing
* HTTP to HTTPS.
*
* @return $this
*/
public function upgradeInsecureRequests(bool $value = true)
{
$this->upgradeInsecureRequests = $value;
return $this;
}
/**
* DRY method to add an string or array to a class property.
*
* @param array|string $options
*/
protected function addOption($options, string $target, ?bool $explicitReporting = null)
{
// Ensure we have an array to work with...
if (is_string($this->{$target})) {
$this->{$target} = [$this->{$target}];
}
if (is_array($options)) {
foreach ($options as $opt) {
$this->{$target}[$opt] = $explicitReporting ?? $this->reportOnly;
}
} else {
$this->{$target}[$options] = $explicitReporting ?? $this->reportOnly;
}
}
/**
* Scans the body of the request message and replaces any nonce
* placeholders with actual nonces, that we'll then add to our
* headers.
*/
protected function generateNonces(ResponseInterface &$response)
{
$body = $response->getBody();
if (empty($body)) {
return;
}
if (! is_array($this->styleSrc)) {
$this->styleSrc = [$this->styleSrc];
}
if (! is_array($this->scriptSrc)) {
$this->scriptSrc = [$this->scriptSrc];
}
// Replace style placeholders with nonces
$body = preg_replace_callback('/{csp-style-nonce}/', function () {
$nonce = bin2hex(random_bytes(12));
$this->styleSrc[] = 'nonce-' . $nonce;
return "nonce=\"{$nonce}\"";
}, $body);
// Replace script placeholders with nonces
$body = preg_replace_callback('/{csp-script-nonce}/', function () {
$nonce = bin2hex(random_bytes(12));
$this->scriptSrc[] = 'nonce-' . $nonce;
return "nonce=\"{$nonce}\"";
}, $body);
$response->setBody($body);
}
/**
* Based on the current state of the elements, will add the appropriate
* Content-Security-Policy and Content-Security-Policy-Report-Only headers
* with their values to the response object.
*/
protected function buildHeaders(ResponseInterface &$response)
{
/**
* Ensure both headers are available and arrays...
*
* @var Response $response
*/
$response->setHeader('Content-Security-Policy', []);
$response->setHeader('Content-Security-Policy-Report-Only', []);
$directives = [
'base-uri' => 'baseURI',
'child-src' => 'childSrc',
'connect-src' => 'connectSrc',
'default-src' => 'defaultSrc',
'font-src' => 'fontSrc',
'form-action' => 'formAction',
'frame-ancestors' => 'frameAncestors',
'frame-src' => 'frameSrc',
'img-src' => 'imageSrc',
'media-src' => 'mediaSrc',
'object-src' => 'objectSrc',
'plugin-types' => 'pluginTypes',
'script-src' => 'scriptSrc',
'style-src' => 'styleSrc',
'manifest-src' => 'manifestSrc',
'sandbox' => 'sandbox',
'report-uri' => 'reportURI',
];
// inject default base & default URIs if needed
if (empty($this->baseURI)) {
$this->baseURI = 'self';
}
if (empty($this->defaultSrc)) {
$this->defaultSrc = 'self';
}
foreach ($directives as $name => $property) {
if (! empty($this->{$property})) {
$this->addToHeader($name, $this->{$property});
}
}
// Compile our own header strings here since if we just
// append it to the response, it will be joined with
// commas, not semi-colons as we need.
if (! empty($this->tempHeaders)) {
$header = '';
foreach ($this->tempHeaders as $name => $value) {
$header .= " {$name} {$value};";
}
// add token only if needed
if ($this->upgradeInsecureRequests) {
$header .= ' upgrade-insecure-requests;';
}
$response->appendHeader('Content-Security-Policy', $header);
}
if (! empty($this->reportOnlyHeaders)) {
$header = '';
foreach ($this->reportOnlyHeaders as $name => $value) {
$header .= " {$name} {$value};";
}
$response->appendHeader('Content-Security-Policy-Report-Only', $header);
}
$this->tempHeaders = [];
$this->reportOnlyHeaders = [];
}
/**
* Adds a directive and it's options to the appropriate header. The $values
* array might have options that are geared toward either the regular or the
* reportOnly header, since it's viable to have both simultaneously.
*
* @param array|string|null $values
*/
protected function addToHeader(string $name, $values = null)
{
if (is_string($values)) {
$values = [$values => 0];
}
$sources = [];
$reportSources = [];
foreach ($values as $value => $reportOnly) {
if (is_numeric($value) && is_string($reportOnly) && ! empty($reportOnly)) {
$value = $reportOnly;
$reportOnly = 0;
}
if ($reportOnly === true) {
$reportSources[] = in_array($value, $this->validSources, true) ? "'{$value}'" : $value;
} elseif (strpos($value, 'nonce-') === 0) {
$sources[] = "'{$value}'";
} else {
$sources[] = in_array($value, $this->validSources, true) ? "'{$value}'" : $value;
}
}
if (! empty($sources)) {
$this->tempHeaders[$name] = implode(' ', $sources);
}
if (! empty($reportSources)) {
$this->reportOnlyHeaders[$name] = implode(' ', $reportSources);
}
}
}

335
system/HTTP/DownloadResponse.php Normal file
View File

@@ -0,0 +1,335 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use CodeIgniter\Exceptions\DownloadException;
use CodeIgniter\Files\File;
use Config\Mimes;
/**
* HTTP response when a download is requested.
*/
class DownloadResponse extends Response
{
/**
* Download file name
*
* @var string
*/
private $filename;
/**
* Download for file
*
* @var File|null
*/
private $file;
/**
* mime set flag
*
* @var bool
*/
private $setMime;
/**
* Download for binary
*
* @var string|null
*/
private $binary;
/**
* Download charset
*
* @var string
*/
private $charset = 'UTF-8';
/**
* Download reason
*
* @var string
*/
protected $reason = 'OK';
/**
* The current status code for this response.
*
* @var int
*/
protected $statusCode = 200;
/**
* Constructor.
*/
public function __construct(string $filename, bool $setMime)
{
parent::__construct(config('App'));
$this->filename = $filename;
$this->setMime = $setMime;
// Make sure the content type is either specified or detected
$this->removeHeader('Content-Type');
}
/**
* set download for binary string.
*/
public function setBinary(string $binary)
{
if ($this->file !== null) {
throw DownloadException::forCannotSetBinary();
}
$this->binary = $binary;
}
/**
* set download for file.
*/
public function setFilePath(string $filepath)
{
if ($this->binary !== null) {
throw DownloadException::forCannotSetFilePath($filepath);
}
$this->file = new File($filepath, true);
}
/**
* set name for the download.
*
* @return $this
*/
public function setFileName(string $filename)
{
$this->filename = $filename;
return $this;
}
/**
* get content length.
*/
public function getContentLength(): int
{
if (is_string($this->binary)) {
return strlen($this->binary);
}
if ($this->file instanceof File) {
return $this->file->getSize();
}
return 0;
}
/**
* Set content type by guessing mime type from file extension
*/
private function setContentTypeByMimeType()
{
$mime = null;
$charset = '';
if ($this->setMime === true && ($lastDotPosition = strrpos($this->filename, '.')) !== false) {
$mime = Mimes::guessTypeFromExtension(substr($this->filename, $lastDotPosition + 1));
$charset = $this->charset;
}
if (! is_string($mime)) {
// Set the default MIME type to send
$mime = 'application/octet-stream';
$charset = '';
}
$this->setContentType($mime, $charset);
}
/**
* get download filename.
*/
private function getDownloadFileName(): string
{
$filename = $this->filename;
$x = explode('.', $this->filename);
$extension = end($x);
/* It was reported that browsers on Android 2.1 (and possibly older as well)
* need to have the filename extension upper-cased in order to be able to
* download it.
*
* Reference: http://digiblog.de/2011/04/19/android-and-the-download-file-headers/
*/
// @todo: depend super global
if (count($x) !== 1 && isset($_SERVER['HTTP_USER_AGENT'])
&& preg_match('/Android\s(1|2\.[01])/', $_SERVER['HTTP_USER_AGENT'])) {
$x[count($x) - 1] = strtoupper($extension);
$filename = implode('.', $x);
}
return $filename;
}
/**
* get Content-Disposition Header string.
*/
private function getContentDisposition(): string
{
$downloadFilename = $this->getDownloadFileName();
$utf8Filename = $downloadFilename;
if (strtoupper($this->charset) !== 'UTF-8') {
$utf8Filename = mb_convert_encoding($downloadFilename, 'UTF-8', $this->charset);
}
$result = sprintf('attachment; filename="%s"', $downloadFilename);
if ($utf8Filename) {
$result .= '; filename*=UTF-8\'\'' . rawurlencode($utf8Filename);
}
return $result;
}
/**
* Disallows status changing.
*
* @throws DownloadException
*/
public function setStatusCode(int $code, string $reason = '')
{
throw DownloadException::forCannotSetStatusCode($code, $reason);
}
/**
* Sets the Content Type header for this response with the mime type
* and, optionally, the charset.
*
* @return ResponseInterface
*/
public function setContentType(string $mime, string $charset = 'UTF-8')
{
parent::setContentType($mime, $charset);
if ($charset !== '') {
$this->charset = $charset;
}
return $this;
}
/**
* Sets the appropriate headers to ensure this response
* is not cached by the browsers.
*/
public function noCache(): self
{
$this->removeHeader('Cache-control');
$this->setHeader('Cache-control', ['private', 'no-transform', 'no-store', 'must-revalidate']);
return $this;
}
/**
* Disables cache configuration.
*
* @throws DownloadException
*/
public function setCache(array $options = [])
{
throw DownloadException::forCannotSetCache();
}
/**
* {@inheritDoc}
*
* @todo Do downloads need CSP or Cookies? Compare with ResponseTrait::send()
*/
public function send()
{
$this->buildHeaders();
$this->sendHeaders();
$this->sendBody();
return $this;
}
/**
* set header for file download.
*/
public function buildHeaders()
{
if (! $this->hasHeader('Content-Type')) {
$this->setContentTypeByMimeType();
}
$this->setHeader('Content-Disposition', $this->getContentDisposition());
$this->setHeader('Expires-Disposition', '0');
$this->setHeader('Content-Transfer-Encoding', 'binary');
$this->setHeader('Content-Length', (string) $this->getContentLength());
$this->noCache();
}
/**
* output download file text.
*
* @throws DownloadException
*
* @return DownloadResponse
*/
public function sendBody()
{
if ($this->binary !== null) {
return $this->sendBodyByBinary();
}
if ($this->file !== null) {
return $this->sendBodyByFilePath();
}
throw DownloadException::forNotFoundDownloadSource();
}
/**
* output download text by file.
*
* @return DownloadResponse
*/
private function sendBodyByFilePath()
{
$splFileObject = $this->file->openFile('rb');
// Flush 1MB chunks of data
while (! $splFileObject->eof() && ($data = $splFileObject->fread(1048576)) !== false) {
echo $data;
}
return $this;
}
/**
* output download text by binary
*
* @return DownloadResponse
*/
private function sendBodyByBinary()
{
echo $this->binary;
return $this;
}
}

218
system/HTTP/Exceptions/HTTPException.php Normal file
View File

@@ -0,0 +1,218 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP\Exceptions;
use CodeIgniter\Exceptions\FrameworkException;
/**
* Things that can go wrong with HTTP
*/
class HTTPException extends FrameworkException
{
/**
* For CurlRequest
*
* @return HTTPException
*
* @codeCoverageIgnore
*/
public static function forMissingCurl()
{
return new static(lang('HTTP.missingCurl'));
}
/**
* For CurlRequest
*
* @return HTTPException
*/
public static function forSSLCertNotFound(string $cert)
{
return new static(lang('HTTP.sslCertNotFound', [$cert]));
}
/**
* For CurlRequest
*
* @return HTTPException
*/
public static function forInvalidSSLKey(string $key)
{
return new static(lang('HTTP.invalidSSLKey', [$key]));
}
/**
* For CurlRequest
*
* @return HTTPException
*
* @codeCoverageIgnore
*/
public static function forCurlError(string $errorNum, string $error)
{
return new static(lang('HTTP.curlError', [$errorNum, $error]));
}
/**
* For IncomingRequest
*
* @return HTTPException
*/
public static function forInvalidNegotiationType(string $type)
{
return new static(lang('HTTP.invalidNegotiationType', [$type]));
}
/**
* For Message
*
* @return HTTPException
*/
public static function forInvalidHTTPProtocol(string $protocols)
{
return new static(lang('HTTP.invalidHTTPProtocol', [$protocols]));
}
/**
* For Negotiate
*
* @return HTTPException
*/
public static function forEmptySupportedNegotiations()
{
return new static(lang('HTTP.emptySupportedNegotiations'));
}
/**
* For RedirectResponse
*
* @return HTTPException
*/
public static function forInvalidRedirectRoute(string $route)
{
return new static(lang('HTTP.invalidRoute', [$route]));
}
/**
* For Response
*
* @return HTTPException
*/
public static function forMissingResponseStatus()
{
return new static(lang('HTTP.missingResponseStatus'));
}
/**
* For Response
*
* @return HTTPException
*/
public static function forInvalidStatusCode(int $code)
{
return new static(lang('HTTP.invalidStatusCode', [$code]));
}
/**
* For Response
*
* @return HTTPException
*/
public static function forUnkownStatusCode(int $code)
{
return new static(lang('HTTP.unknownStatusCode', [$code]));
}
/**
* For URI
*
* @return HTTPException
*/
public static function forUnableToParseURI(string $uri)
{
return new static(lang('HTTP.cannotParseURI', [$uri]));
}
/**
* For URI
*
* @return HTTPException
*/
public static function forURISegmentOutOfRange(int $segment)
{
return new static(lang('HTTP.segmentOutOfRange', [$segment]));
}
/**
* For URI
*
* @return HTTPException
*/
public static function forInvalidPort(int $port)
{
return new static(lang('HTTP.invalidPort', [$port]));
}
/**
* For URI
*
* @return HTTPException
*/
public static function forMalformedQueryString()
{
return new static(lang('HTTP.malformedQueryString'));
}
/**
* For Uploaded file move
*
* @return HTTPException
*/
public static function forAlreadyMoved()
{
return new static(lang('HTTP.alreadyMoved'));
}
/**
* For Uploaded file move
*
* @return HTTPException
*/
public static function forInvalidFile(?string $path = null)
{
return new static(lang('HTTP.invalidFile'));
}
/**
* For Uploaded file move
*
* @return HTTPException
*/
public static function forMoveFailed(string $source, string $target, string $error)
{
return new static(lang('HTTP.moveFailed', [$source, $target, $error]));
}
/**
* For Invalid SameSite attribute setting
*
* @return HTTPException
*
* @deprecated Use `CookieException::forInvalidSameSite()` instead.
*
* @codeCoverageIgnore
*/
public static function forInvalidSameSiteSetting(string $samesite)
{
return new static(lang('Security.invalidSameSiteSetting', [$samesite]));
}
}

251
system/HTTP/Files/FileCollection.php Normal file
View File

@@ -0,0 +1,251 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP\Files;
use RecursiveArrayIterator;
use RecursiveIteratorIterator;
/**
* Class FileCollection
*
* Provides easy access to uploaded files for a request.
*/
class FileCollection
{
/**
* An array of UploadedFile instances for any files
* uploaded as part of this request.
* Populated the first time either files(), file(), or hasFile()
* is called.
*
* @var array|null
*/
protected $files;
/**
* Returns an array of all uploaded files that were found.
* Each element in the array will be an instance of UploadedFile.
* The key of each element will be the client filename.
*
* @return array|null
*/
public function all()
{
$this->populateFiles();
return $this->files;
}
/**
* Attempts to get a single file from the collection of uploaded files.
*
* @return UploadedFile|null
*/
public function getFile(string $name)
{
$this->populateFiles();
if ($this->hasFile($name)) {
if (strpos($name, '.') !== false) {
$name = explode('.', $name);
$uploadedFile = $this->getValueDotNotationSyntax($name, $this->files);
return $uploadedFile instanceof UploadedFile ? $uploadedFile : null;
}
if (array_key_exists($name, $this->files)) {
$uploadedFile = $this->files[$name];
return $uploadedFile instanceof UploadedFile ? $uploadedFile : null;
}
}
return null;
}
/**
* Verify if a file exist in the collection of uploaded files and is have been uploaded with multiple option.
*
* @return array|null
*/
public function getFileMultiple(string $name)
{
$this->populateFiles();
if ($this->hasFile($name)) {
if (strpos($name, '.') !== false) {
$name = explode('.', $name);
$uploadedFile = $this->getValueDotNotationSyntax($name, $this->files);
return (is_array($uploadedFile) && ($uploadedFile[array_key_first($uploadedFile)] instanceof UploadedFile)) ?
$uploadedFile : null;
}
if (array_key_exists($name, $this->files)) {
$uploadedFile = $this->files[$name];
return (is_array($uploadedFile) && ($uploadedFile[array_key_first($uploadedFile)] instanceof UploadedFile)) ?
$uploadedFile : null;
}
}
return null;
}
/**
* Checks whether an uploaded file with name $fileID exists in
* this request.
*
* @param string $fileID The name of the uploaded file (from the input)
*/
public function hasFile(string $fileID): bool
{
$this->populateFiles();
if (strpos($fileID, '.') !== false) {
$segments = explode('.', $fileID);
$el = $this->files;
foreach ($segments as $segment) {
if (! array_key_exists($segment, $el)) {
return false;
}
$el = $el[$segment];
}
return true;
}
return isset($this->files[$fileID]);
}
/**
* Taking information from the $_FILES array, it creates an instance
* of UploadedFile for each one, saving the results to this->files.
*
* Called by files(), file(), and hasFile()
*/
protected function populateFiles()
{
if (is_array($this->files)) {
return;
}
$this->files = [];
if (empty($_FILES)) {
return;
}
$files = $this->fixFilesArray($_FILES);
foreach ($files as $name => $file) {
$this->files[$name] = $this->createFileObject($file);
}
}
/**
* Given a file array, will create UploadedFile instances. Will
* loop over an array and create objects for each.
*
* @return array|UploadedFile
*/
protected function createFileObject(array $array)
{
if (! isset($array['name'])) {
$output = [];
foreach ($array as $key => $values) {
if (! is_array($values)) {
continue;
}
$output[$key] = $this->createFileObject($values);
}
return $output;
}
return new UploadedFile(
$array['tmp_name'] ?? null,
$array['name'] ?? null,
$array['type'] ?? null,
$array['size'] ?? null,
$array['error'] ?? null
);
}
/**
* Reformats the odd $_FILES array into something much more like
* we would expect, with each object having its own array.
*
* Thanks to Jack Sleight on the PHP Manual page for the basis
* of this method.
*
* @see http://php.net/manual/en/reserved.variables.files.php#118294
*/
protected function fixFilesArray(array $data): array
{
$output = [];
foreach ($data as $name => $array) {
foreach ($array as $field => $value) {
$pointer = &$output[$name];
if (! is_array($value)) {
$pointer[$field] = $value;
continue;
}
$stack = [&$pointer];
$iterator = new RecursiveIteratorIterator(
new RecursiveArrayIterator($value),
RecursiveIteratorIterator::SELF_FIRST
);
foreach ($iterator as $key => $val) {
array_splice($stack, $iterator->getDepth() + 1);
$pointer = &$stack[count($stack) - 1];
$pointer = &$pointer[$key];
$stack[] = &$pointer;
if (! $iterator->hasChildren()) {
$pointer[$field] = $val;
}
}
}
}
return $output;
}
/**
* Navigate through a array looking for a particular index
*
* @param array $index The index sequence we are navigating down
* @param array $value The portion of the array to process
*
* @return mixed
*/
protected function getValueDotNotationSyntax(array $index, array $value)
{
$currentIndex = array_shift($index);
if (isset($currentIndex) && is_array($index) && $index && is_array($value[$currentIndex]) && $value[$currentIndex]) {
return $this->getValueDotNotationSyntax($index, $value[$currentIndex]);
}
return $value[$currentIndex] ?? null;
}
}

345
system/HTTP/Files/UploadedFile.php Normal file
View File

@@ -0,0 +1,345 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP\Files;
use CodeIgniter\Files\File;
use CodeIgniter\HTTP\Exceptions\HTTPException;
use Config\Mimes;
use Exception;
use InvalidArgumentException;
use RuntimeException;
/**
* Value object representing a single file uploaded through an
* HTTP request. Used by the IncomingRequest class to
* provide files.
*
* Typically, implementors will extend the SplFileInfo class.
*/
class UploadedFile extends File implements UploadedFileInterface
{
/**
* The path to the temporary file.
*
* @var string
*/
protected $path;
/**
* The original filename as provided by the client.
*
* @var string
*/
protected $originalName;
/**
* The filename given to a file during a move.
*
* @var string
*/
protected $name;
/**
* The type of file as provided by PHP
*
* @var string
*/
protected $originalMimeType;
/**
* The error constant of the upload
* (one of PHP's UPLOADERRXXX constants)
*
* @var int
*/
protected $error;
/**
* Whether the file has been moved already or not.
*
* @var bool
*/
protected $hasMoved = false;
/**
* Accepts the file information as would be filled in from the $_FILES array.
*
* @param string $path The temporary location of the uploaded file.
* @param string $originalName The client-provided filename.
* @param string $mimeType The type of file as provided by PHP
* @param int $size The size of the file, in bytes
* @param int $error The error constant of the upload (one of PHP's UPLOADERRXXX constants)
*/
public function __construct(string $path, string $originalName, ?string $mimeType = null, ?int $size = null, ?int $error = null)
{
$this->path = $path;
$this->name = $originalName;
$this->originalName = $originalName;
$this->originalMimeType = $mimeType;
$this->size = $size;
$this->error = $error;
parent::__construct($path, false);
}
/**
* Move the uploaded file to a new location.
*
* $targetPath may be an absolute path, or a relative path. If it is a
* relative path, resolution should be the same as used by PHP's rename()
* function.
*
* The original file MUST be removed on completion.
*
* If this method is called more than once, any subsequent calls MUST raise
* an exception.
*
* When used in an SAPI environment where $_FILES is populated, when writing
* files via moveTo(), is_uploaded_file() and move_uploaded_file() SHOULD be
* used to ensure permissions and upload status are verified correctly.
*
* If you wish to move to a stream, use getStream(), as SAPI operations
* cannot guarantee writing to stream destinations.
*
* @see http://php.net/is_uploaded_file
* @see http://php.net/move_uploaded_file
*
* @param string $targetPath Path to which to move the uploaded file.
* @param string $name the name to rename the file to.
* @param bool $overwrite State for indicating whether to overwrite the previously generated file with the same
* name or not.
*
* @throws InvalidArgumentException if the $path specified is invalid.
* @throws RuntimeException on any error during the move operation.
* @throws RuntimeException on the second or subsequent call to the method.
*
* @return bool
*/
public function move(string $targetPath, ?string $name = null, bool $overwrite = false)
{
$targetPath = rtrim($targetPath, '/') . '/';
$targetPath = $this->setPath($targetPath); // set the target path
if ($this->hasMoved) {
throw HTTPException::forAlreadyMoved();
}
if (! $this->isValid()) {
throw HTTPException::forInvalidFile();
}
$name = $name ?? $this->getName();
$destination = $overwrite ? $targetPath . $name : $this->getDestination($targetPath . $name);
try {
$this->hasMoved = move_uploaded_file($this->path, $destination);
} catch (Exception $e) {
$error = error_get_last();
$message = strip_tags($error['message'] ?? '');
throw HTTPException::forMoveFailed(basename($this->path), $targetPath, $message);
}
if ($this->hasMoved === false) {
$message = 'move_uploaded_file() returned false';
throw HTTPException::forMoveFailed(basename($this->path), $targetPath, $message);
}
@chmod($targetPath, 0777 & ~umask());
// Success, so store our new information
$this->path = $targetPath;
$this->name = basename($destination);
return true;
}
/**
* create file target path if
* the set path does not exist
*
* @return string The path set or created.
*/
protected function setPath(string $path): string
{
if (! is_dir($path)) {
mkdir($path, 0777, true);
// create the index.html file
if (! is_file($path . 'index.html')) {
$file = fopen($path . 'index.html', 'x+b');
fclose($file);
}
}
return $path;
}
/**
* Returns whether the file has been moved or not. If it has,
* the move() method will not work and certain properties, like
* the tempName, will no longer be available.
*/
public function hasMoved(): bool
{
return $this->hasMoved;
}
/**
* Retrieve the error associated with the uploaded file.
*
* The return value MUST be one of PHP's UPLOAD_ERR_XXX constants.
*
* If the file was uploaded successfully, this method MUST return
* UPLOAD_ERR_OK.
*
* Implementations SHOULD return the value stored in the "error" key of
* the file in the $_FILES array.
*
* @see http://php.net/manual/en/features.file-upload.errors.php
*
* @return int One of PHP's UPLOAD_ERR_XXX constants.
*/
public function getError(): int
{
return $this->error ?? UPLOAD_ERR_OK;
}
/**
* Get error string
*/
public function getErrorString(): string
{
$errors = [
UPLOAD_ERR_OK => lang('HTTP.uploadErrOk'),
UPLOAD_ERR_INI_SIZE => lang('HTTP.uploadErrIniSize'),
UPLOAD_ERR_FORM_SIZE => lang('HTTP.uploadErrFormSize'),
UPLOAD_ERR_PARTIAL => lang('HTTP.uploadErrPartial'),
UPLOAD_ERR_NO_FILE => lang('HTTP.uploadErrNoFile'),
UPLOAD_ERR_CANT_WRITE => lang('HTTP.uploadErrCantWrite'),
UPLOAD_ERR_NO_TMP_DIR => lang('HTTP.uploadErrNoTmpDir'),
UPLOAD_ERR_EXTENSION => lang('HTTP.uploadErrExtension'),
];
$error = $this->error ?? UPLOAD_ERR_OK;
return sprintf($errors[$error] ?? lang('HTTP.uploadErrUnknown'), $this->getName());
}
/**
* Returns the mime type as provided by the client.
* This is NOT a trusted value.
* For a trusted version, use getMimeType() instead.
*
* @return string The media type sent by the client or null if none was provided.
*/
public function getClientMimeType(): string
{
return $this->originalMimeType;
}
/**
* Retrieve the filename. This will typically be the filename sent
* by the client, and should not be trusted. If the file has been
* moved, this will return the final name of the moved file.
*
* @return string The filename sent by the client or null if none was provided.
*/
public function getName(): string
{
return $this->name;
}
/**
* Returns the name of the file as provided by the client during upload.
*/
public function getClientName(): string
{
return $this->originalName;
}
/**
* Gets the temporary filename where the file was uploaded to.
*/
public function getTempName(): string
{
return $this->path;
}
/**
* Overrides SPLFileInfo's to work with uploaded files, since
* the temp file that's been uploaded doesn't have an extension.
*
* This method tries to guess the extension from the files mime
* type but will return the clientExtension if it fails to do so.
*
* This method will always return a more or less helpfull extension
* but might be insecure if the mime type is not machted. Consider
* using guessExtension for a more safe version.
*/
public function getExtension(): string
{
return $this->guessExtension() ?: $this->getClientExtension();
}
/**
* Attempts to determine the best file extension from the file's
* mime type. In contrast to getExtension, this method will return
* an empty string if it fails to determine an extension instead of
* falling back to the unsecure clientExtension.
*/
public function guessExtension(): string
{
return Mimes::guessExtensionFromType($this->getMimeType(), $this->getClientExtension()) ?? '';
}
/**
* Returns the original file extension, based on the file name that
* was uploaded. This is NOT a trusted source.
* For a trusted version, use guessExtension() instead.
*/
public function getClientExtension(): string
{
return pathinfo($this->originalName, PATHINFO_EXTENSION) ?? '';
}
/**
* Returns whether the file was uploaded successfully, based on whether
* it was uploaded via HTTP and has no errors.
*/
public function isValid(): bool
{
return is_uploaded_file($this->path) && $this->error === UPLOAD_ERR_OK;
}
/**
* Save the uploaded file to a new location.
*
* By default, upload files are saved in writable/uploads directory. The YYYYMMDD folder
* and random file name will be created.
*
* @param string $folderName the folder name to writable/uploads directory.
* @param string $fileName the name to rename the file to.
*
* @return string file full path
*/
public function store(?string $folderName = null, ?string $fileName = null): string
{
$folderName = rtrim($folderName ?? date('Ymd'), '/') . '/';
$fileName = $fileName ?? $this->getRandomName();
// Move the uploaded file to a new location.
$this->move(WRITEPATH . 'uploads/' . $folderName, $fileName);
return $folderName . $this->name;
}
}

140
system/HTTP/Files/UploadedFileInterface.php Normal file
View File

@@ -0,0 +1,140 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP\Files;
use InvalidArgumentException;
use RuntimeException;
/**
* Value object representing a single file uploaded through an
* HTTP request. Used by the IncomingRequest class to
* provide files.
*
* Typically, implementors will extend the SplFileInfo class.
*/
interface UploadedFileInterface
{
/**
* Accepts the file information as would be filled in from the $_FILES array.
*
* @param string $path The temporary location of the uploaded file.
* @param string $originalName The client-provided filename.
* @param string $mimeType The type of file as provided by PHP
* @param int $size The size of the file, in bytes
* @param int $error The error constant of the upload (one of PHP's UPLOADERRXXX constants)
*/
public function __construct(string $path, string $originalName, ?string $mimeType = null, ?int $size = null, ?int $error = null);
/**
* Move the uploaded file to a new location.
*
* $targetPath may be an absolute path, or a relative path. If it is a
* relative path, resolution should be the same as used by PHP's rename()
* function.
*
* The original file MUST be removed on completion.
*
* If this method is called more than once, any subsequent calls MUST raise
* an exception.
*
* When used in an SAPI environment where $_FILES is populated, when writing
* files via moveTo(), is_uploaded_file() and move_uploaded_file() SHOULD be
* used to ensure permissions and upload status are verified correctly.
*
* If you wish to move to a stream, use getStream(), as SAPI operations
* cannot guarantee writing to stream destinations.
*
* @see http://php.net/is_uploaded_file
* @see http://php.net/move_uploaded_file
*
* @param string $targetPath Path to which to move the uploaded file.
* @param string $name the name to rename the file to.
*
* @throws InvalidArgumentException if the $path specified is invalid.
* @throws RuntimeException on any error during the move operation.
* @throws RuntimeException on the second or subsequent call to the method.
*/
public function move(string $targetPath, ?string $name = null);
/**
* Returns whether the file has been moved or not. If it has,
* the move() method will not work and certain properties, like
* the tempName, will no longer be available.
*/
public function hasMoved(): bool;
/**
* Retrieve the error associated with the uploaded file.
*
* The return value MUST be one of PHP's UPLOAD_ERR_XXX constants.
*
* If the file was uploaded successfully, this method MUST return
* UPLOAD_ERR_OK.
*
* Implementations SHOULD return the value stored in the "error" key of
* the file in the $_FILES array.
*
* @see http://php.net/manual/en/features.file-upload.errors.php
*
* @return int One of PHP's UPLOAD_ERR_XXX constants.
*/
public function getError(): int;
/**
* Retrieve the filename sent by the client.
*
* Do not trust the value returned by this method. A client could send
* a malicious filename with the intention to corrupt or hack your
* application.
*
* Implementations SHOULD return the value stored in the "name" key of
* the file in the $_FILES array.
*
* @return string The filename sent by the client or null if none
* was provided.
*/
public function getName(): string;
/**
* Gets the temporary filename where the file was uploaded to.
*/
public function getTempName(): string;
/**
* Returns the original file extension, based on the file name that
* was uploaded. This is NOT a trusted source.
* For a trusted version, use guessExtension() instead.
*/
public function getClientExtension(): string;
/**
* Returns the mime type as provided by the client.
* This is NOT a trusted value.
* For a trusted version, use getMimeType() instead.
*/
public function getClientMimeType(): string;
/**
* Returns whether the file was uploaded successfully, based on whether
* it was uploaded via HTTP and has no errors.
*/
public function isValid(): bool;
/**
* Returns the destination path for the move operation where overwriting is not expected.
*
* First, it checks whether the delimiter is present in the filename, if it is, then it checks whether the
* last element is an integer as there may be cases that the delimiter may be present in the filename.
* For the all other cases, it appends an integer starting from zero before the file's extension.
*/
public function getDestination(string $destination, string $delimiter = '_', int $i = 0): string;
}

182
system/HTTP/Header.php Normal file
View File

@@ -0,0 +1,182 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
/**
* Class Header
*
* Represents a single HTTP header.
*/
class Header
{
/**
* The name of the header.
*
* @var string
*/
protected $name;
/**
* The value of the header. May have more than one
* value. If so, will be an array of strings.
*
* @var array|string
*/
protected $value;
/**
* Header constructor. name is mandatory, if a value is provided, it will be set.
*
* @param array|string|null $value
*/
public function __construct(string $name, $value = null)
{
$this->name = $name;
$this->setValue($value);
}
/**
* Returns the name of the header, in the same case it was set.
*/
public function getName(): string
{
return $this->name;
}
/**
* Gets the raw value of the header. This may return either a string
* of an array, depending on whether the header has multiple values or not.
*
* @return array|string
*/
public function getValue()
{
return $this->value;
}
/**
* Sets the name of the header, overwriting any previous value.
*
* @return $this
*/
public function setName(string $name)
{
$this->name = $name;
return $this;
}
/**
* Sets the value of the header, overwriting any previous value(s).
*
* @param array|string|null $value
*
* @return $this
*/
public function setValue($value = null)
{
$this->value = $value ?? '';
return $this;
}
/**
* Appends a value to the list of values for this header. If the
* header is a single value string, it will be converted to an array.
*
* @param array|string|null $value
*
* @return $this
*/
public function appendValue($value = null)
{
if ($value === null) {
return $this;
}
if (! is_array($this->value)) {
$this->value = [$this->value];
}
if (! in_array($value, $this->value, true)) {
$this->value[] = $value;
}
return $this;
}
/**
* Prepends a value to the list of values for this header. If the
* header is a single value string, it will be converted to an array.
*
* @param array|string|null $value
*
* @return $this
*/
public function prependValue($value = null)
{
if ($value === null) {
return $this;
}
if (! is_array($this->value)) {
$this->value = [$this->value];
}
array_unshift($this->value, $value);
return $this;
}
/**
* Retrieves a comma-separated string of the values for a single header.
*
* NOTE: Not all header values may be appropriately represented using
* comma concatenation. For such headers, use getHeader() instead
* and supply your own delimiter when concatenating.
*
* @see https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2
*/
public function getValueLine(): string
{
if (is_string($this->value)) {
return $this->value;
}
if (! is_array($this->value)) {
return '';
}
$options = [];
foreach ($this->value as $key => $value) {
if (is_string($key) && ! is_array($value)) {
$options[] = $key . '=' . $value;
} elseif (is_array($value)) {
$key = key($value);
$options[] = $key . '=' . $value[$key];
} elseif (is_numeric($key)) {
$options[] = $value;
}
}
return implode(', ', $options);
}
/**
* Returns a representation of the entire header string, including
* the header name and all values converted to the proper format.
*/
public function __toString(): string
{
return $this->name . ': ' . $this->getValueLine();
}
}

766
system/HTTP/IncomingRequest.php Normal file
View File

@@ -0,0 +1,766 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use CodeIgniter\HTTP\Exceptions\HTTPException;
use CodeIgniter\HTTP\Files\FileCollection;
use CodeIgniter\HTTP\Files\UploadedFile;
use Config\App;
use Config\Services;
use InvalidArgumentException;
use Locale;
/**
* Class IncomingRequest
*
* Represents an incoming, getServer-side HTTP request.
*
* Per the HTTP specification, this interface includes properties for
* each of the following:
*
* - Protocol version
* - HTTP method
* - URI
* - Headers
* - Message body
*
* Additionally, it encapsulates all data as it has arrived to the
* application from the CGI and/or PHP environment, including:
*
* - The values represented in $_SERVER.
* - Any cookies provided (generally via $_COOKIE)
* - Query string arguments (generally via $_GET, or as parsed via parse_str())
* - Upload files, if any (as represented by $_FILES)
* - Deserialized body binds (generally from $_POST)
*/
class IncomingRequest extends Request
{
/**
* Enable CSRF flag
*
* Enables a CSRF cookie token to be set.
* Set automatically based on Config setting.
*
* @var bool
*
* @deprecated Not used
*/
protected $enableCSRF = false;
/**
* The URI for this request.
*
* Note: This WILL NOT match the actual URL in the browser since for
* everything this cares about (and the router, etc) is the portion
* AFTER the script name. So, if hosted in a sub-folder this will
* appear different than actual URL. If you need that use getPath().
*
* @TODO should be protected. Use getUri() instead.
*
* @var URI
*/
public $uri;
/**
* The detected path (relative to SCRIPT_NAME).
*
* Note: current_url() uses this to build its URI,
* so this becomes the source for the "current URL"
* when working with the share request instance.
*
* @var string|null
*/
protected $path;
/**
* File collection
*
* @var FileCollection|null
*/
protected $files;
/**
* Negotiator
*
* @var Negotiate|null
*/
protected $negotiator;
/**
* The default Locale this request
* should operate under.
*
* @var string
*/
protected $defaultLocale;
/**
* The current locale of the application.
* Default value is set in Config\App.php
*
* @var string
*/
protected $locale;
/**
* Stores the valid locale codes.
*
* @var array
*/
protected $validLocales = [];
/**
* Configuration settings.
*
* @var App
*/
public $config;
/**
* Holds the old data from a redirect.
*
* @var array
*/
protected $oldInput = [];
/**
* The user agent this request is from.
*
* @var UserAgent
*/
protected $userAgent;
/**
* Constructor
*
* @param App $config
* @param URI $uri
* @param string|null $body
* @param UserAgent $userAgent
*/
public function __construct($config, ?URI $uri = null, $body = 'php://input', ?UserAgent $userAgent = null)
{
if (empty($uri) || empty($userAgent)) {
throw new InvalidArgumentException('You must supply the parameters: uri, userAgent.');
}
// Get our body from php://input
if ($body === 'php://input') {
$body = file_get_contents('php://input');
}
$this->config = $config;
$this->uri = $uri;
$this->body = ! empty($body) ? $body : null;
$this->userAgent = $userAgent;
$this->validLocales = $config->supportedLocales;
parent::__construct($config);
$this->populateHeaders();
$this->detectURI($config->uriProtocol, $config->baseURL);
$this->detectLocale($config);
}
/**
* Handles setting up the locale, perhaps auto-detecting through
* content negotiation.
*
* @param App $config
*/
public function detectLocale($config)
{
$this->locale = $this->defaultLocale = $config->defaultLocale;
if (! $config->negotiateLocale) {
return;
}
$this->setLocale($this->negotiate('language', $config->supportedLocales));
}
/**
* Sets up our URI object based on the information we have. This is
* either provided by the user in the baseURL Config setting, or
* determined from the environment as needed.
*/
protected function detectURI(string $protocol, string $baseURL)
{
// Passing the config is unnecessary but left for legacy purposes
$config = clone $this->config;
$config->baseURL = $baseURL;
$this->setPath($this->detectPath($protocol), $config);
}
/**
* Detects the relative path based on
* the URIProtocol Config setting.
*/
public function detectPath(string $protocol = ''): string
{
if (empty($protocol)) {
$protocol = 'REQUEST_URI';
}
switch ($protocol) {
case 'REQUEST_URI':
$this->path = $this->parseRequestURI();
break;
case 'QUERY_STRING':
$this->path = $this->parseQueryString();
break;
case 'PATH_INFO':
default:
$this->path = $this->fetchGlobal('server', $protocol) ?? $this->parseRequestURI();
break;
}
return $this->path;
}
/**
* Will parse the REQUEST_URI and automatically detect the URI from it,
* fixing the query string if necessary.
*
* @return string The URI it found.
*/
protected function parseRequestURI(): string
{
if (! isset($_SERVER['REQUEST_URI'], $_SERVER['SCRIPT_NAME'])) {
return '';
}
// parse_url() returns false if no host is present, but the path or query string
// contains a colon followed by a number. So we attach a dummy host since
// REQUEST_URI does not include the host. This allows us to parse out the query string and path.
$parts = parse_url('http://dummy' . $_SERVER['REQUEST_URI']);
$query = $parts['query'] ?? '';
$uri = $parts['path'] ?? '';
// Strip the SCRIPT_NAME path from the URI
if ($uri !== '' && isset($_SERVER['SCRIPT_NAME'][0]) && pathinfo($_SERVER['SCRIPT_NAME'], PATHINFO_EXTENSION) === 'php') {
// Compare each segment, dropping them until there is no match
$segments = $keep = explode('/', $uri);
foreach (explode('/', $_SERVER['SCRIPT_NAME']) as $i => $segment) {
// If these segments are not the same then we're done
if (! isset($segments[$i]) || $segment !== $segments[$i]) {
break;
}
array_shift($keep);
}
$uri = implode('/', $keep);
}
// This section ensures that even on servers that require the URI to contain the query string (Nginx) a correct
// URI is found, and also fixes the QUERY_STRING getServer var and $_GET array.
if (trim($uri, '/') === '' && strncmp($query, '/', 1) === 0) {
$query = explode('?', $query, 2);
$uri = $query[0];
$_SERVER['QUERY_STRING'] = $query[1] ?? '';
} else {
$_SERVER['QUERY_STRING'] = $query;
}
// Update our globals for values likely to been have changed
parse_str($_SERVER['QUERY_STRING'], $_GET);
$this->populateGlobals('server');
$this->populateGlobals('get');
$uri = URI::removeDotSegments($uri);
return ($uri === '/' || $uri === '') ? '/' : ltrim($uri, '/');
}
/**
* Parse QUERY_STRING
*
* Will parse QUERY_STRING and automatically detect the URI from it.
*/
protected function parseQueryString(): string
{
$uri = $_SERVER['QUERY_STRING'] ?? @getenv('QUERY_STRING');
if (trim($uri, '/') === '') {
return '';
}
if (strncmp($uri, '/', 1) === 0) {
$uri = explode('?', $uri, 2);
$_SERVER['QUERY_STRING'] = $uri[1] ?? '';
$uri = $uri[0];
}
// Update our globals for values likely to been have changed
parse_str($_SERVER['QUERY_STRING'], $_GET);
$this->populateGlobals('server');
$this->populateGlobals('get');
$uri = URI::removeDotSegments($uri);
return ($uri === '/' || $uri === '') ? '/' : ltrim($uri, '/');
}
/**
* Provides a convenient way to work with the Negotiate class
* for content negotiation.
*/
public function negotiate(string $type, array $supported, bool $strictMatch = false): string
{
if ($this->negotiator === null) {
$this->negotiator = Services::negotiator($this, true);
}
switch (strtolower($type)) {
case 'media':
return $this->negotiator->media($supported, $strictMatch);
case 'charset':
return $this->negotiator->charset($supported);
case 'encoding':
return $this->negotiator->encoding($supported);
case 'language':
return $this->negotiator->language($supported);
}
throw HTTPException::forInvalidNegotiationType($type);
}
/**
* Determines if this request was made from the command line (CLI).
*/
public function isCLI(): bool
{
return is_cli();
}
/**
* Test to see if a request contains the HTTP_X_REQUESTED_WITH header.
*/
public function isAJAX(): bool
{
return $this->hasHeader('X-Requested-With') && strtolower($this->header('X-Requested-With')->getValue()) === 'xmlhttprequest';
}
/**
* Attempts to detect if the current connection is secure through
* a few different methods.
*/
public function isSecure(): bool
{
if (! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') {
return true;
}
if ($this->hasHeader('X-Forwarded-Proto') && $this->header('X-Forwarded-Proto')->getValue() === 'https') {
return true;
}
return $this->hasHeader('Front-End-Https') && ! empty($this->header('Front-End-Https')->getValue()) && strtolower($this->header('Front-End-Https')->getValue()) !== 'off';
}
/**
* Sets the relative path and updates the URI object.
* Note: Since current_url() accesses the shared request
* instance, this can be used to change the "current URL"
* for testing.
*
* @param string $path URI path relative to SCRIPT_NAME
* @param App $config Optional alternate config to use
*
* @return $this
*/
public function setPath(string $path, ?App $config = null)
{
$this->path = $path;
$this->uri->setPath($path);
$config = $config ?? $this->config;
// It's possible the user forgot a trailing slash on their
// baseURL, so let's help them out.
$baseURL = $config->baseURL === '' ? $config->baseURL : rtrim($config->baseURL, '/ ') . '/';
// Based on our baseURL provided by the developer
// set our current domain name, scheme
if ($baseURL !== '') {
$this->uri->setScheme(parse_url($baseURL, PHP_URL_SCHEME));
$this->uri->setHost(parse_url($baseURL, PHP_URL_HOST));
$this->uri->setPort(parse_url($baseURL, PHP_URL_PORT));
// Ensure we have any query vars
$this->uri->setQuery($_SERVER['QUERY_STRING'] ?? '');
// Check if the baseURL scheme needs to be coerced into its secure version
if ($config->forceGlobalSecureRequests && $this->uri->getScheme() === 'http') {
$this->uri->setScheme('https');
}
} elseif (! is_cli()) {
// @codeCoverageIgnoreStart
exit('You have an empty or invalid base URL. The baseURL value must be set in Config\App.php, or through the .env file.');
// @codeCoverageIgnoreEnd
}
return $this;
}
/**
* Returns the path relative to SCRIPT_NAME,
* running detection as necessary.
*/
public function getPath(): string
{
if ($this->path === null) {
$this->detectPath($this->config->uriProtocol);
}
return $this->path;
}
/**
* Sets the locale string for this request.
*
* @return IncomingRequest
*/
public function setLocale(string $locale)
{
// If it's not a valid locale, set it
// to the default locale for the site.
if (! in_array($locale, $this->validLocales, true)) {
$locale = $this->defaultLocale;
}
$this->locale = $locale;
Locale::setDefault($locale);
return $this;
}
/**
* Gets the current locale, with a fallback to the default
* locale if none is set.
*/
public function getLocale(): string
{
return $this->locale ?? $this->defaultLocale;
}
/**
* Returns the default locale as set in Config\App.php
*/
public function getDefaultLocale(): string
{
return $this->defaultLocale;
}
/**
* Fetch an item from JSON input stream with fallback to $_REQUEST object. This is the simplest way
* to grab data from the request object and can be used in lieu of the
* other get* methods in most cases.
*
* @param array|string|null $index
* @param int|null $filter Filter constant
* @param mixed $flags
*
* @return mixed
*/
public function getVar($index = null, $filter = null, $flags = null)
{
if (strpos($this->getHeaderLine('Content-Type'), 'application/json') !== false && $this->body !== null) {
if ($index === null) {
return $this->getJSON();
}
if (is_array($index)) {
$output = [];
foreach ($index as $key) {
$output[$key] = $this->getJsonVar($key, false, $filter, $flags);
}
return $output;
}
return $this->getJsonVar($index, false, $filter, $flags);
}
return $this->fetchGlobal('request', $index, $filter, $flags);
}
/**
* A convenience method that grabs the raw input stream and decodes
* the JSON into an array.
*
* If $assoc == true, then all objects in the response will be converted
* to associative arrays.
*
* @param bool $assoc Whether to return objects as associative arrays
* @param int $depth How many levels deep to decode
* @param int $options Bitmask of options
*
* @see http://php.net/manual/en/function.json-decode.php
*
* @return mixed
*/
public function getJSON(bool $assoc = false, int $depth = 512, int $options = 0)
{
return json_decode($this->body ?? '', $assoc, $depth, $options);
}
/**
* Get a specific variable from a JSON input stream
*
* @param string $index The variable that you want which can use dot syntax for getting specific values.
* @param bool $assoc If true, return the result as an associative array.
* @param int|null $filter Filter Constant
* @param array|int|null $flags Option
*
* @return mixed
*/
public function getJsonVar(string $index, bool $assoc = false, ?int $filter = null, $flags = null)
{
helper('array');
$json = $this->getJSON(true);
if (! is_array($json)) {
return null;
}
$data = dot_array_search($index, $json);
if ($data === null) {
return null;
}
if (! is_array($data)) {
$filter = $filter ?? FILTER_DEFAULT;
$flags = is_array($flags) ? $flags : (is_numeric($flags) ? (int) $flags : 0);
return filter_var($data, $filter, $flags);
}
if (! $assoc) {
return json_decode(json_encode($data));
}
return $data;
}
/**
* A convenience method that grabs the raw input stream(send method in PUT, PATCH, DELETE) and decodes
* the String into an array.
*
* @return mixed
*/
public function getRawInput()
{
parse_str($this->body ?? '', $output);
return $output;
}
/**
* Fetch an item from GET data.
*
* @param array|string|null $index Index for item to fetch from $_GET.
* @param int|null $filter A filter name to apply.
* @param mixed|null $flags
*
* @return mixed
*/
public function getGet($index = null, $filter = null, $flags = null)
{
return $this->fetchGlobal('get', $index, $filter, $flags);
}
/**
* Fetch an item from POST.
*
* @param array|string|null $index Index for item to fetch from $_POST.
* @param int|null $filter A filter name to apply
* @param mixed $flags
*
* @return mixed
*/
public function getPost($index = null, $filter = null, $flags = null)
{
return $this->fetchGlobal('post', $index, $filter, $flags);
}
/**
* Fetch an item from POST data with fallback to GET.
*
* @param array|string|null $index Index for item to fetch from $_POST or $_GET
* @param int|null $filter A filter name to apply
* @param mixed $flags
*
* @return mixed
*/
public function getPostGet($index = null, $filter = null, $flags = null)
{
// Use $_POST directly here, since filter_has_var only
// checks the initial POST data, not anything that might
// have been added since.
return isset($_POST[$index]) ? $this->getPost($index, $filter, $flags) : (isset($_GET[$index]) ? $this->getGet($index, $filter, $flags) : $this->getPost($index, $filter, $flags));
}
/**
* Fetch an item from GET data with fallback to POST.
*
* @param array|string|null $index Index for item to be fetched from $_GET or $_POST
* @param int|null $filter A filter name to apply
* @param mixed $flags
*
* @return mixed
*/
public function getGetPost($index = null, $filter = null, $flags = null)
{
// Use $_GET directly here, since filter_has_var only
// checks the initial GET data, not anything that might
// have been added since.
return isset($_GET[$index]) ? $this->getGet($index, $filter, $flags) : (isset($_POST[$index]) ? $this->getPost($index, $filter, $flags) : $this->getGet($index, $filter, $flags));
}
/**
* Fetch an item from the COOKIE array.
*
* @param array|string|null $index Index for item to be fetched from $_COOKIE
* @param int|null $filter A filter name to be applied
* @param mixed $flags
*
* @return mixed
*/
public function getCookie($index = null, $filter = null, $flags = null)
{
return $this->fetchGlobal('cookie', $index, $filter, $flags);
}
/**
* Fetch the user agent string
*
* @return UserAgent
*/
public function getUserAgent()
{
return $this->userAgent;
}
/**
* Attempts to get old Input data that has been flashed to the session
* with redirect_with_input(). It first checks for the data in the old
* POST data, then the old GET data and finally check for dot arrays
*
* @return mixed
*/
public function getOldInput(string $key)
{
// If the session hasn't been started, or no
// data was previously saved, we're done.
if (empty($_SESSION['_ci_old_input'])) {
return null;
}
// Check for the value in the POST array first.
if (isset($_SESSION['_ci_old_input']['post'][$key])) {
return $_SESSION['_ci_old_input']['post'][$key];
}
// Next check in the GET array.
if (isset($_SESSION['_ci_old_input']['get'][$key])) {
return $_SESSION['_ci_old_input']['get'][$key];
}
helper('array');
// Check for an array value in POST.
if (isset($_SESSION['_ci_old_input']['post'])) {
$value = dot_array_search($key, $_SESSION['_ci_old_input']['post']);
if ($value !== null) {
return $value;
}
}
// Check for an array value in GET.
if (isset($_SESSION['_ci_old_input']['get'])) {
$value = dot_array_search($key, $_SESSION['_ci_old_input']['get']);
if ($value !== null) {
return $value;
}
}
// requested session key not found
return null;
}
/**
* Returns an array of all files that have been uploaded with this
* request. Each file is represented by an UploadedFile instance.
*/
public function getFiles(): array
{
if ($this->files === null) {
$this->files = new FileCollection();
}
return $this->files->all(); // return all files
}
/**
* Verify if a file exist, by the name of the input field used to upload it, in the collection
* of uploaded files and if is have been uploaded with multiple option.
*
* @return array|null
*/
public function getFileMultiple(string $fileID)
{
if ($this->files === null) {
$this->files = new FileCollection();
}
return $this->files->getFileMultiple($fileID);
}
/**
* Retrieves a single file by the name of the input field used
* to upload it.
*
* @return UploadedFile|null
*/
public function getFile(string $fileID)
{
if ($this->files === null) {
$this->files = new FileCollection();
}
return $this->files->getFile($fileID);
}
/**
* Remove relative directory (../) and multi slashes (///)
*
* Do some final cleaning of the URI and return it, currently only used in static::_parse_request_uri()
*
* @deprecated Use URI::removeDotSegments() directly
*/
protected function removeRelativeDirectory(string $uri): string
{
$uri = URI::removeDotSegments($uri);
return $uri === '/' ? $uri : ltrim($uri, '/');
}
}

124
system/HTTP/Message.php Normal file
View File

@@ -0,0 +1,124 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
/**
* An HTTP message
*/
class Message implements MessageInterface
{
use MessageTrait;
/**
* Protocol version
*
* @var string
*/
protected $protocolVersion;
/**
* List of valid protocol versions
*
* @var array
*/
protected $validProtocolVersions = [
'1.0',
'1.1',
'2.0',
];
/**
* Message body
*
* @var mixed
*/
protected $body;
/**
* Returns the Message's body.
*
* @return mixed
*/
public function getBody()
{
return $this->body;
}
/**
* Returns an array containing all headers.
*
* @return array<string, Header> An array of the request headers
*
* @deprecated Use Message::headers() to make room for PSR-7
*
* @codeCoverageIgnore
*/
public function getHeaders(): array
{
return $this->headers();
}
/**
* Returns a single header object. If multiple headers with the same
* name exist, then will return an array of header objects.
*
* @return array|Header|null
*
* @deprecated Use Message::header() to make room for PSR-7
*
* @codeCoverageIgnore
*/
public function getHeader(string $name)
{
return $this->header($name);
}
/**
* Determines whether a header exists.
*/
public function hasHeader(string $name): bool
{
$origName = $this->getHeaderName($name);
return isset($this->headers[$origName]);
}
/**
* Retrieves a comma-separated string of the values for a single header.
*
* This method returns all of the header values of the given
* case-insensitive header name as a string concatenated together using
* a comma.
*
* NOTE: Not all header values may be appropriately represented using
* comma concatenation. For such headers, use getHeader() instead
* and supply your own delimiter when concatenating.
*/
public function getHeaderLine(string $name): string
{
$origName = $this->getHeaderName($name);
if (! array_key_exists($origName, $this->headers)) {
return '';
}
return $this->headers[$origName]->getValueLine();
}
/**
* Returns the HTTP Protocol Version.
*/
public function getProtocolVersion(): string
{
return $this->protocolVersion ?? '1.1';
}
}

101
system/HTTP/MessageInterface.php Normal file
View File

@@ -0,0 +1,101 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use CodeIgniter\HTTP\Exceptions\HTTPException;
/**
* Expected behavior of an HTTP request
*/
interface MessageInterface
{
/**
* Sets the body of the current message.
*
* @param mixed $data
*
* @return $this
*/
public function setBody($data);
/**
* Appends data to the body of the current message.
*
* @param mixed $data
*
* @return $this
*/
public function appendBody($data);
/**
* Populates the $headers array with any headers the getServer knows about.
*/
public function populateHeaders(): void;
/**
* Returns an array containing all Headers.
*
* @return array<string, Header> An array of the Header objects
*/
public function headers(): array;
/**
* Returns a single Header object. If multiple headers with the same
* name exist, then will return an array of header objects.
*
* @param string $name
*
* @return array|Header|null
*/
public function header($name);
/**
* Sets a header and it's value.
*
* @param array|string|null $value
*
* @return $this
*/
public function setHeader(string $name, $value);
/**
* Removes a header from the list of headers we track.
*
* @return $this
*/
public function removeHeader(string $name);
/**
* Adds an additional header value to any headers that accept
* multiple values (i.e. are an array or implement ArrayAccess)
*
* @return $this
*/
public function appendHeader(string $name, ?string $value);
/**
* Adds an additional header value to any headers that accept
* multiple values (i.e. are an array or implement ArrayAccess)
*
* @return $this
*/
public function prependHeader(string $name, string $value);
/**
* Sets the HTTP protocol version.
*
* @throws HTTPException For invalid protocols
*
* @return $this
*/
public function setProtocolVersion(string $version);
}

239
system/HTTP/MessageTrait.php Normal file
View File

@@ -0,0 +1,239 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use CodeIgniter\HTTP\Exceptions\HTTPException;
/**
* Message Trait
* Additional methods to make a PSR-7 Message class
* compliant with the framework's own MessageInterface.
*
* @see https://github.com/php-fig/http-message/blob/master/src/MessageInterface.php
*/
trait MessageTrait
{
/**
* List of all HTTP request headers.
*
* @var array<string, Header>
*/
protected $headers = [];
/**
* Holds a map of lower-case header names
* and their normal-case key as it is in $headers.
* Used for case-insensitive header access.
*
* @var array
*/
protected $headerMap = [];
//--------------------------------------------------------------------
// Body
//--------------------------------------------------------------------
/**
* Sets the body of the current message.
*
* @param mixed $data
*
* @return $this
*/
public function setBody($data): self
{
$this->body = $data;
return $this;
}
/**
* Appends data to the body of the current message.
*
* @param mixed $data
*
* @return $this
*/
public function appendBody($data): self
{
$this->body .= (string) $data;
return $this;
}
//--------------------------------------------------------------------
// Headers
//--------------------------------------------------------------------
/**
* Populates the $headers array with any headers the getServer knows about.
*/
public function populateHeaders(): void
{
$contentType = $_SERVER['CONTENT_TYPE'] ?? getenv('CONTENT_TYPE');
if (! empty($contentType)) {
$this->setHeader('Content-Type', $contentType);
}
unset($contentType);
foreach (array_keys($_SERVER) as $key) {
if (sscanf($key, 'HTTP_%s', $header) === 1) {
// take SOME_HEADER and turn it into Some-Header
$header = str_replace('_', ' ', strtolower($header));
$header = str_replace(' ', '-', ucwords($header));
$this->setHeader($header, $_SERVER[$key]);
// Add us to the header map so we can find them case-insensitively
$this->headerMap[strtolower($header)] = $header;
}
}
}
/**
* Returns an array containing all Headers.
*
* @return array<string, Header> An array of the Header objects
*/
public function headers(): array
{
// If no headers are defined, but the user is
// requesting it, then it's likely they want
// it to be populated so do that...
if (empty($this->headers)) {
$this->populateHeaders();
}
return $this->headers;
}
/**
* Returns a single Header object. If multiple headers with the same
* name exist, then will return an array of header objects.
*
* @param string $name
*
* @return array|Header|null
*/
public function header($name)
{
$origName = $this->getHeaderName($name);
return $this->headers[$origName] ?? null;
}
/**
* Sets a header and it's value.
*
* @param array|string|null $value
*
* @return $this
*/
public function setHeader(string $name, $value): self
{
$origName = $this->getHeaderName($name);
if (isset($this->headers[$origName]) && is_array($this->headers[$origName]->getValue())) {
if (! is_array($value)) {
$value = [$value];
}
foreach ($value as $v) {
$this->appendHeader($origName, $v);
}
} else {
$this->headers[$origName] = new Header($origName, $value);
$this->headerMap[strtolower($origName)] = $origName;
}
return $this;
}
/**
* Removes a header from the list of headers we track.
*
* @return $this
*/
public function removeHeader(string $name): self
{
$origName = $this->getHeaderName($name);
unset($this->headers[$origName], $this->headerMap[strtolower($name)]);
return $this;
}
/**
* Adds an additional header value to any headers that accept
* multiple values (i.e. are an array or implement ArrayAccess)
*
* @return $this
*/
public function appendHeader(string $name, ?string $value): self
{
$origName = $this->getHeaderName($name);
array_key_exists($origName, $this->headers)
? $this->headers[$origName]->appendValue($value)
: $this->setHeader($name, $value);
return $this;
}
/**
* Adds an additional header value to any headers that accept
* multiple values (i.e. are an array or implement ArrayAccess)
*
* @return $this
*/
public function prependHeader(string $name, string $value): self
{
$origName = $this->getHeaderName($name);
$this->headers[$origName]->prependValue($value);
return $this;
}
/**
* Takes a header name in any case, and returns the
* normal-case version of the header.
*/
protected function getHeaderName(string $name): string
{
return $this->headerMap[strtolower($name)] ?? $name;
}
/**
* Sets the HTTP protocol version.
*
* @throws HTTPException For invalid protocols
*
* @return $this
*/
public function setProtocolVersion(string $version): self
{
if (! is_numeric($version)) {
$version = substr($version, strpos($version, '/') + 1);
}
// Make sure that version is in the correct format
$version = number_format((float) $version, 1);
if (! in_array($version, $this->validProtocolVersions, true)) {
throw HTTPException::forInvalidHTTPProtocol(implode(', ', $this->validProtocolVersions));
}
$this->protocolVersion = $version;
return $this;
}
}

346
system/HTTP/Negotiate.php Normal file
View File

@@ -0,0 +1,346 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use CodeIgniter\HTTP\Exceptions\HTTPException;
/**
* Class Negotiate
*
* Provides methods to negotiate with the HTTP headers to determine the best
* type match between what the application supports and what the requesting
* getServer wants.
*
* @see http://tools.ietf.org/html/rfc7231#section-5.3
*/
class Negotiate
{
/**
* Request
*
* @var IncomingRequest|RequestInterface
*/
protected $request;
/**
* Constructor
*/
public function __construct(?RequestInterface $request = null)
{
if ($request !== null) {
$this->request = $request;
}
}
/**
* Stores the request instance to grab the headers from.
*
* @return $this
*/
public function setRequest(RequestInterface $request)
{
$this->request = $request;
return $this;
}
/**
* Determines the best content-type to use based on the $supported
* types the application says it supports, and the types requested
* by the client.
*
* If no match is found, the first, highest-ranking client requested
* type is returned.
*
* @param bool $strictMatch If TRUE, will return an empty string when no match found.
* If FALSE, will return the first supported element.
*/
public function media(array $supported, bool $strictMatch = false): string
{
return $this->getBestMatch($supported, $this->request->getHeaderLine('accept'), true, $strictMatch);
}
/**
* Determines the best charset to use based on the $supported
* types the application says it supports, and the types requested
* by the client.
*
* If no match is found, the first, highest-ranking client requested
* type is returned.
*/
public function charset(array $supported): string
{
$match = $this->getBestMatch($supported, $this->request->getHeaderLine('accept-charset'), false, true);
// If no charset is shown as a match, ignore the directive
// as allowed by the RFC, and tell it a default value.
if (empty($match)) {
return 'utf-8';
}
return $match;
}
/**
* Determines the best encoding type to use based on the $supported
* types the application says it supports, and the types requested
* by the client.
*
* If no match is found, the first, highest-ranking client requested
* type is returned.
*/
public function encoding(array $supported = []): string
{
$supported[] = 'identity';
return $this->getBestMatch($supported, $this->request->getHeaderLine('accept-encoding'));
}
/**
* Determines the best language to use based on the $supported
* types the application says it supports, and the types requested
* by the client.
*
* If no match is found, the first, highest-ranking client requested
* type is returned.
*/
public function language(array $supported): string
{
return $this->getBestMatch($supported, $this->request->getHeaderLine('accept-language'), false, false, true);
}
//--------------------------------------------------------------------
// Utility Methods
//--------------------------------------------------------------------
/**
* Does the grunt work of comparing any of the app-supported values
* against a given Accept* header string.
*
* Portions of this code base on Aura.Accept library.
*
* @param array $supported App-supported values
* @param string $header header string
* @param bool $enforceTypes If TRUE, will compare media types and sub-types.
* @param bool $strictMatch If TRUE, will return empty string on no match.
* If FALSE, will return the first supported element.
* @param bool $matchLocales If TRUE, will match locale sub-types to a broad type (fr-FR = fr)
*
* @return string Best match
*/
protected function getBestMatch(array $supported, ?string $header = null, bool $enforceTypes = false, bool $strictMatch = false, bool $matchLocales = false): string
{
if (empty($supported)) {
throw HTTPException::forEmptySupportedNegotiations();
}
if (empty($header)) {
return $strictMatch ? '' : $supported[0];
}
$acceptable = $this->parseHeader($header);
foreach ($acceptable as $accept) {
// if acceptable quality is zero, skip it.
if ($accept['q'] === 0.0) {
continue;
}
// if acceptable value is "anything", return the first available
if ($accept['value'] === '*' || $accept['value'] === '*/*') {
return $supported[0];
}
// If an acceptable value is supported, return it
foreach ($supported as $available) {
if ($this->match($accept, $available, $enforceTypes, $matchLocales)) {
return $available;
}
}
}
// No matches? Return the first supported element.
return $strictMatch ? '' : $supported[0];
}
/**
* Parses an Accept* header into it's multiple values.
*
* This is based on code from Aura.Accept library.
*/
public function parseHeader(string $header): array
{
$results = [];
$acceptable = explode(',', $header);
foreach ($acceptable as $value) {
$pairs = explode(';', $value);
$value = $pairs[0];
unset($pairs[0]);
$parameters = [];
foreach ($pairs as $pair) {
if (preg_match(
'/^(?P<name>.+?)=(?P<quoted>"|\')?(?P<value>.*?)(?:\k<quoted>)?$/',
$pair,
$param
)) {
$parameters[trim($param['name'])] = trim($param['value']);
}
}
$quality = 1.0;
if (array_key_exists('q', $parameters)) {
$quality = $parameters['q'];
unset($parameters['q']);
}
$results[] = [
'value' => trim($value),
'q' => (float) $quality,
'params' => $parameters,
];
}
// Sort to get the highest results first
usort($results, static function ($a, $b) {
if ($a['q'] === $b['q']) {
$aAst = substr_count($a['value'], '*');
$bAst = substr_count($b['value'], '*');
// '*/*' has lower precedence than 'text/*',
// and 'text/*' has lower priority than 'text/plain'
//
// This seems backwards, but needs to be that way
// due to the way PHP7 handles ordering or array
// elements created by reference.
if ($aAst > $bAst) {
return 1;
}
// If the counts are the same, but one element
// has more params than another, it has higher precedence.
//
// This seems backwards, but needs to be that way
// due to the way PHP7 handles ordering or array
// elements created by reference.
if ($aAst === $bAst) {
return count($b['params']) - count($a['params']);
}
return 0;
}
// Still here? Higher q values have precedence.
return ($a['q'] > $b['q']) ? -1 : 1;
});
return $results;
}
/**
* Match-maker
*
* @param bool $matchLocales
*/
protected function match(array $acceptable, string $supported, bool $enforceTypes = false, $matchLocales = false): bool
{
$supported = $this->parseHeader($supported);
if (is_array($supported) && count($supported) === 1) {
$supported = $supported[0];
}
// Is it an exact match?
if ($acceptable['value'] === $supported['value']) {
return $this->matchParameters($acceptable, $supported);
}
// Do we need to compare types/sub-types? Only used
// by negotiateMedia().
if ($enforceTypes) {
return $this->matchTypes($acceptable, $supported);
}
// Do we need to match locales against broader locales?
if ($matchLocales) {
return $this->matchLocales($acceptable, $supported);
}
return false;
}
/**
* Checks two Accept values with matching 'values' to see if their
* 'params' are the same.
*/
protected function matchParameters(array $acceptable, array $supported): bool
{
if (count($acceptable['params']) !== count($supported['params'])) {
return false;
}
foreach ($supported['params'] as $label => $value) {
if (! isset($acceptable['params'][$label])
|| $acceptable['params'][$label] !== $value
) {
return false;
}
}
return true;
}
/**
* Compares the types/subtypes of an acceptable Media type and
* the supported string.
*/
public function matchTypes(array $acceptable, array $supported): bool
{
// PHPDocumentor v2 cannot parse yet the shorter list syntax,
// causing no API generation for the file.
[$aType, $aSubType] = explode('/', $acceptable['value']);
[$sType, $sSubType] = explode('/', $supported['value']);
// If the types don't match, we're done.
if ($aType !== $sType) {
return false;
}
// If there's an asterisk, we're cool
if ($aSubType === '*') {
return true;
}
// Otherwise, subtypes must match also.
return $aSubType === $sSubType;
}
/**
* Will match locales against their broader pairs, so that fr-FR would
* match a supported localed of fr
*/
public function matchLocales(array $acceptable, array $supported): bool
{
$aBroad = mb_strpos($acceptable['value'], '-') > 0
? mb_substr($acceptable['value'], 0, mb_strpos($acceptable['value'], '-'))
: $acceptable['value'];
$sBroad = mb_strpos($supported['value'], '-') > 0
? mb_substr($supported['value'], 0, mb_strpos($supported['value'], '-'))
: $supported['value'];
return strtolower($aBroad) === strtolower($sBroad);
}
}

151
system/HTTP/RedirectResponse.php Normal file
View File

@@ -0,0 +1,151 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use CodeIgniter\Cookie\CookieStore;
use CodeIgniter\HTTP\Exceptions\HTTPException;
use Config\Services;
/**
* Handle a redirect response
*/
class RedirectResponse extends Response
{
/**
* Sets the URI to redirect to and, optionally, the HTTP status code to use.
* If no code is provided it will be automatically determined.
*
* @param string $uri The URI to redirect to
* @param int|null $code HTTP status code
*
* @return $this
*/
public function to(string $uri, ?int $code = null, string $method = 'auto')
{
// If it appears to be a relative URL, then convert to full URL
// for better security.
if (strpos($uri, 'http') !== 0) {
$uri = site_url($uri);
}
return $this->redirect($uri, $method, $code);
}
/**
* Sets the URI to redirect to but as a reverse-routed or named route
* instead of a raw URI.
*
* @throws HTTPException
*
* @return $this
*/
public function route(string $route, array $params = [], int $code = 302, string $method = 'auto')
{
$route = Services::routes()->reverseRoute($route, ...$params);
if (! $route) {
throw HTTPException::forInvalidRedirectRoute($route);
}
return $this->redirect(site_url($route), $method, $code);
}
/**
* Helper function to return to previous page.
*
* Example:
* return redirect()->back();
*
* @return $this
*/
public function back(?int $code = null, string $method = 'auto')
{
Services::session();
return $this->redirect(previous_url(), $method, $code);
}
/**
* Specifies that the current $_GET and $_POST arrays should be
* packaged up with the response.
*
* It will then be available via the 'old()' helper function.
*
* @return $this
*/
public function withInput()
{
$session = Services::session();
$session->setFlashdata('_ci_old_input', [
'get' => $_GET ?? [],
'post' => $_POST ?? [],
]);
// If the validation has any errors, transmit those back
// so they can be displayed when the validation is handled
// within a method different than displaying the form.
$validation = Services::validation();
if ($validation->getErrors()) {
$session->setFlashdata('_ci_validation_errors', serialize($validation->getErrors()));
}
return $this;
}
/**
* Adds a key and message to the session as Flashdata.
*
* @param array|string $message
*
* @return $this
*/
public function with(string $key, $message)
{
Services::session()->setFlashdata($key, $message);
return $this;
}
/**
* Copies any cookies from the global Response instance
* into this RedirectResponse. Useful when you've just
* set a cookie but need ensure that's actually sent
* with the response instead of lost.
*
* @return $this|RedirectResponse
*/
public function withCookies()
{
$this->cookieStore = new CookieStore(Services::response()->getCookies());
return $this;
}
/**
* Copies any headers from the global Response instance
* into this RedirectResponse. Useful when you've just
* set a header be need to ensure its actually sent
* with the redirect response.
*
* @return $this|RedirectResponse
*/
public function withHeaders()
{
foreach (Services::response()->headers() as $name => $header) {
$this->setHeader($name, $header->getValue());
}
return $this;
}
}

139
system/HTTP/Request.php Normal file
View File

@@ -0,0 +1,139 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use CodeIgniter\Validation\FormatRules;
/**
* Representation of an HTTP request.
*/
class Request extends Message implements MessageInterface, RequestInterface
{
use RequestTrait;
/**
* Proxy IPs
*
* @var array|string
*
* @deprecated Check the App config directly
*/
protected $proxyIPs;
/**
* Request method.
*
* @var string
*/
protected $method;
/**
* A URI instance.
*
* @var URI
*/
protected $uri;
/**
* Constructor.
*
* @param object $config
*
* @deprecated The $config is no longer needed and will be removed in a future version
*/
public function __construct($config = null)
{
/**
* @deprecated $this->proxyIps property will be removed in the future
*/
$this->proxyIPs = $config->proxyIPs;
if (empty($this->method)) {
$this->method = $this->getServer('REQUEST_METHOD') ?? 'GET';
}
if (empty($this->uri)) {
$this->uri = new URI();
}
}
/**
* Validate an IP address
*
* @param string $ip IP Address
* @param string $which IP protocol: 'ipv4' or 'ipv6'
*
* @deprecated Use Validation instead
*
* @codeCoverageIgnore
*/
public function isValidIP(?string $ip = null, ?string $which = null): bool
{
return (new FormatRules())->valid_ip($ip, $which);
}
/**
* Get the request method.
*
* @param bool $upper Whether to return in upper or lower case.
*
* @deprecated The $upper functionality will be removed and this will revert to its PSR-7 equivalent
*
* @codeCoverageIgnore
*/
public function getMethod(bool $upper = false): string
{
return ($upper) ? strtoupper($this->method) : strtolower($this->method);
}
/**
* Sets the request method. Used when spoofing the request.
*
* @return Request
*
* @deprecated Use withMethod() instead for immutability
*
* @codeCoverageIgnore
*/
public function setMethod(string $method)
{
$this->method = $method;
return $this;
}
/**
* Returns an instance with the specified method.
*
* @param string $method
*
* @return static
*/
public function withMethod($method)
{
$request = clone $this;
$request->method = $method;
return $request;
}
/**
* Retrieves the URI instance.
*
* @return URI
*/
public function getUri()
{
return $this->uri;
}
}

61
system/HTTP/RequestInterface.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
/**
* Expected behavior of an HTTP request
*
* @mixin IncomingRequest
* @mixin CLIRequest
* @mixin CURLRequest
*/
interface RequestInterface
{
/**
* Gets the user's IP address.
* Supplied by RequestTrait.
*
* @return string IP address
*/
public function getIPAddress(): string;
/**
* Validate an IP address
*
* @param string $ip IP Address
* @param string $which IP protocol: 'ipv4' or 'ipv6'
*
* @deprecated Use Validation instead
*/
public function isValidIP(string $ip, ?string $which = null): bool;
/**
* Get the request method.
* An extension of PSR-7's getMethod to allow casing.
*
* @param bool $upper Whether to return in upper or lower case.
*
* @deprecated The $upper functionality will be removed and this will revert to its PSR-7 equivalent
*/
public function getMethod(bool $upper = false): string;
/**
* Fetch an item from the $_SERVER array.
* Supplied by RequestTrait.
*
* @param string $index Index for item to be fetched from $_SERVER
* @param null $filter A filter name to be applied
*
* @return mixed
*/
public function getServer($index = null, $filter = null);
}

335
system/HTTP/RequestTrait.php Normal file
View File

@@ -0,0 +1,335 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use CodeIgniter\Validation\FormatRules;
/**
* Request Trait
*
* Additional methods to make a PSR-7 Request class
* compliant with the framework's own RequestInterface.
*
* @see https://github.com/php-fig/http-message/blob/master/src/RequestInterface.php
*/
trait RequestTrait
{
/**
* IP address of the current user.
*
* @var string
*
* @deprecated Will become private in a future release
*/
protected $ipAddress = '';
/**
* Stores values we've retrieved from
* PHP globals.
*
* @var array
*/
protected $globals = [];
/**
* Gets the user's IP address.
*
* @return string IP address
*/
public function getIPAddress(): string
{
if ($this->ipAddress) {
return $this->ipAddress;
}
$ipValidator = [
new FormatRules(),
'valid_ip',
];
/**
* @deprecated $this->proxyIPs property will be removed in the future
*/
$proxyIPs = $this->proxyIPs ?? config('App')->proxyIPs;
if (! empty($proxyIPs) && ! is_array($proxyIPs)) {
$proxyIPs = explode(',', str_replace(' ', '', $proxyIPs));
}
$this->ipAddress = $this->getServer('REMOTE_ADDR');
if ($proxyIPs) {
foreach (['HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP'] as $header) {
if (($spoof = $this->getServer($header)) !== null) {
// Some proxies typically list the whole chain of IP
// addresses through which the client has reached us.
// e.g. client_ip, proxy_ip1, proxy_ip2, etc.
sscanf($spoof, '%[^,]', $spoof);
if (! $ipValidator($spoof)) {
$spoof = null;
} else {
break;
}
}
}
if ($spoof) {
foreach ($proxyIPs as $proxyIP) {
// Check if we have an IP address or a subnet
if (strpos($proxyIP, '/') === false) {
// An IP address (and not a subnet) is specified.
// We can compare right away.
if ($proxyIP === $this->ipAddress) {
$this->ipAddress = $spoof;
break;
}
continue;
}
// We have a subnet ... now the heavy lifting begins
if (! isset($separator)) {
$separator = $ipValidator($this->ipAddress, 'ipv6') ? ':' : '.';
}
// If the proxy entry doesn't match the IP protocol - skip it
if (strpos($proxyIP, $separator) === false) {
continue;
}
// Convert the REMOTE_ADDR IP address to binary, if needed
if (! isset($ip, $sprintf)) {
if ($separator === ':') {
// Make sure we're have the "full" IPv6 format
$ip = explode(':', str_replace('::', str_repeat(':', 9 - substr_count($this->ipAddress, ':')), $this->ipAddress));
for ($j = 0; $j < 8; $j++) {
$ip[$j] = intval($ip[$j], 16);
}
$sprintf = '%016b%016b%016b%016b%016b%016b%016b%016b';
} else {
$ip = explode('.', $this->ipAddress);
$sprintf = '%08b%08b%08b%08b';
}
$ip = vsprintf($sprintf, $ip);
}
// Split the netmask length off the network address
sscanf($proxyIP, '%[^/]/%d', $netaddr, $masklen);
// Again, an IPv6 address is most likely in a compressed form
if ($separator === ':') {
$netaddr = explode(':', str_replace('::', str_repeat(':', 9 - substr_count($netaddr, ':')), $netaddr));
for ($i = 0; $i < 8; $i++) {
$netaddr[$i] = intval($netaddr[$i], 16);
}
} else {
$netaddr = explode('.', $netaddr);
}
// Convert to binary and finally compare
if (strncmp($ip, vsprintf($sprintf, $netaddr), $masklen) === 0) {
$this->ipAddress = $spoof;
break;
}
}
}
}
if (! $ipValidator($this->ipAddress)) {
return $this->ipAddress = '0.0.0.0';
}
return empty($this->ipAddress) ? '' : $this->ipAddress;
}
/**
* Fetch an item from the $_SERVER array.
*
* @param array|string|null $index Index for item to be fetched from $_SERVER
* @param int|null $filter A filter name to be applied
* @param null $flags
*
* @return mixed
*/
public function getServer($index = null, $filter = null, $flags = null)
{
return $this->fetchGlobal('server', $index, $filter, $flags);
}
/**
* Fetch an item from the $_ENV array.
*
* @param null $index Index for item to be fetched from $_ENV
* @param null $filter A filter name to be applied
* @param null $flags
*
* @return mixed
*/
public function getEnv($index = null, $filter = null, $flags = null)
{
return $this->fetchGlobal('env', $index, $filter, $flags);
}
/**
* Allows manually setting the value of PHP global, like $_GET, $_POST, etc.
*
* @param mixed $value
*
* @return $this
*/
public function setGlobal(string $method, $value)
{
$this->globals[$method] = $value;
return $this;
}
/**
* Fetches one or more items from a global, like cookies, get, post, etc.
* Can optionally filter the input when you retrieve it by passing in
* a filter.
*
* If $type is an array, it must conform to the input allowed by the
* filter_input_array method.
*
* http://php.net/manual/en/filter.filters.sanitize.php
*
* @param string $method Input filter constant
* @param array|string|null $index
* @param int|null $filter Filter constant
* @param array|int|null $flags Options
*
* @return mixed
*/
public function fetchGlobal(string $method, $index = null, ?int $filter = null, $flags = null)
{
$method = strtolower($method);
if (! isset($this->globals[$method])) {
$this->populateGlobals($method);
}
// Null filters cause null values to return.
$filter = $filter ?? FILTER_DEFAULT;
$flags = is_array($flags) ? $flags : (is_numeric($flags) ? (int) $flags : 0);
// Return all values when $index is null
if ($index === null) {
$values = [];
foreach ($this->globals[$method] as $key => $value) {
$values[$key] = is_array($value)
? $this->fetchGlobal($method, $key, $filter, $flags)
: filter_var($value, $filter, $flags);
}
return $values;
}
// allow fetching multiple keys at once
if (is_array($index)) {
$output = [];
foreach ($index as $key) {
$output[$key] = $this->fetchGlobal($method, $key, $filter, $flags);
}
return $output;
}
// Does the index contain array notation?
if (($count = preg_match_all('/(?:^[^\[]+)|\[[^]]*\]/', $index, $matches)) > 1) {
$value = $this->globals[$method];
for ($i = 0; $i < $count; $i++) {
$key = trim($matches[0][$i], '[]');
if ($key === '') { // Empty notation will return the value as array
break;
}
if (isset($value[$key])) {
$value = $value[$key];
} else {
return null;
}
}
}
if (! isset($value)) {
$value = $this->globals[$method][$index] ?? null;
}
if (is_array($value)
&& (
$filter !== FILTER_DEFAULT
|| (
(is_numeric($flags) && $flags !== 0)
|| is_array($flags) && $flags !== []
)
)
) {
// Iterate over array and append filter and flags
array_walk_recursive($value, static function (&$val) use ($filter, $flags) {
$val = filter_var($val, $filter, $flags);
});
return $value;
}
// Cannot filter these types of data automatically...
if (is_array($value) || is_object($value) || $value === null) {
return $value;
}
return filter_var($value, $filter, $flags);
}
/**
* Saves a copy of the current state of one of several PHP globals
* so we can retrieve them later.
*/
protected function populateGlobals(string $method)
{
if (! isset($this->globals[$method])) {
$this->globals[$method] = [];
}
// Don't populate ENV as it might contain
// sensitive data that we don't want to get logged.
switch ($method) {
case 'get':
$this->globals['get'] = $_GET;
break;
case 'post':
$this->globals['post'] = $_POST;
break;
case 'request':
$this->globals['request'] = $_REQUEST;
break;
case 'cookie':
$this->globals['cookie'] = $_COOKIE;
break;
case 'server':
$this->globals['server'] = $_SERVER;
break;
}
}
}

256
system/HTTP/Response.php Normal file
View File

@@ -0,0 +1,256 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use CodeIgniter\Cookie\Cookie;
use CodeIgniter\Cookie\CookieStore;
use CodeIgniter\Cookie\Exceptions\CookieException;
use CodeIgniter\HTTP\Exceptions\HTTPException;
use Config\App;
use Config\ContentSecurityPolicy as CSPConfig;
/**
* Representation of an outgoing, getServer-side response.
*
* Per the HTTP specification, this interface includes properties for
* each of the following:
*
* - Protocol version
* - Status code and reason phrase
* - Headers
* - Message body
*/
class Response extends Message implements MessageInterface, ResponseInterface
{
use ResponseTrait;
/**
* HTTP status codes
*
* @var array
*/
protected static $statusCodes = [
// 1xx: Informational
100 => 'Continue',
101 => 'Switching Protocols',
102 => 'Processing', // http://www.iana.org/go/rfc2518
103 => 'Early Hints', // http://www.ietf.org/rfc/rfc8297.txt
// 2xx: Success
200 => 'OK',
201 => 'Created',
202 => 'Accepted',
203 => 'Non-Authoritative Information', // 1.1
204 => 'No Content',
205 => 'Reset Content',
206 => 'Partial Content',
207 => 'Multi-Status', // http://www.iana.org/go/rfc4918
208 => 'Already Reported', // http://www.iana.org/go/rfc5842
226 => 'IM Used', // 1.1; http://www.ietf.org/rfc/rfc3229.txt
// 3xx: Redirection
300 => 'Multiple Choices',
301 => 'Moved Permanently',
302 => 'Found', // Formerly 'Moved Temporarily'
303 => 'See Other', // 1.1
304 => 'Not Modified',
305 => 'Use Proxy', // 1.1
306 => 'Switch Proxy', // No longer used
307 => 'Temporary Redirect', // 1.1
308 => 'Permanent Redirect', // 1.1; Experimental; http://www.ietf.org/rfc/rfc7238.txt
// 4xx: Client error
400 => 'Bad Request',
401 => 'Unauthorized',
402 => 'Payment Required',
403 => 'Forbidden',
404 => 'Not Found',
405 => 'Method Not Allowed',
406 => 'Not Acceptable',
407 => 'Proxy Authentication Required',
408 => 'Request Timeout',
409 => 'Conflict',
410 => 'Gone',
411 => 'Length Required',
412 => 'Precondition Failed',
413 => 'Content Too Large', // https://www.iana.org/assignments/http-status-codes/http-status-codes.xml
414 => 'URI Too Long', // https://www.iana.org/assignments/http-status-codes/http-status-codes.xml
415 => 'Unsupported Media Type',
416 => 'Requested Range Not Satisfiable',
417 => 'Expectation Failed',
418 => "I'm a teapot", // April's Fools joke; http://www.ietf.org/rfc/rfc2324.txt
// 419 (Authentication Timeout) is a non-standard status code with unknown origin
421 => 'Misdirected Request', // http://www.iana.org/go/rfc7540 Section 9.1.2
422 => 'Unprocessable Content', // https://www.iana.org/assignments/http-status-codes/http-status-codes.xml
423 => 'Locked', // http://www.iana.org/go/rfc4918
424 => 'Failed Dependency', // http://www.iana.org/go/rfc4918
425 => 'Too Early', // https://datatracker.ietf.org/doc/draft-ietf-httpbis-replay/
426 => 'Upgrade Required',
428 => 'Precondition Required', // 1.1; http://www.ietf.org/rfc/rfc6585.txt
429 => 'Too Many Requests', // 1.1; http://www.ietf.org/rfc/rfc6585.txt
431 => 'Request Header Fields Too Large', // 1.1; http://www.ietf.org/rfc/rfc6585.txt
451 => 'Unavailable For Legal Reasons', // http://tools.ietf.org/html/rfc7725
499 => 'Client Closed Request', // http://lxr.nginx.org/source/src/http/ngx_http_request.h#0133
// 5xx: Server error
500 => 'Internal Server Error',
501 => 'Not Implemented',
502 => 'Bad Gateway',
503 => 'Service Unavailable',
504 => 'Gateway Timeout',
505 => 'HTTP Version Not Supported',
506 => 'Variant Also Negotiates', // 1.1; http://www.ietf.org/rfc/rfc2295.txt
507 => 'Insufficient Storage', // http://www.iana.org/go/rfc4918
508 => 'Loop Detected', // http://www.iana.org/go/rfc5842
510 => 'Not Extended', // http://www.ietf.org/rfc/rfc2774.txt
511 => 'Network Authentication Required', // http://www.ietf.org/rfc/rfc6585.txt
599 => 'Network Connect Timeout Error', // https://httpstatuses.com/599
];
/**
* The current reason phrase for this response.
* If empty string, will use the default provided for the status code.
*
* @var string
*/
protected $reason = '';
/**
* The current status code for this response.
* The status code is a 3-digit integer result code of the server's attempt
* to understand and satisfy the request.
*
* @var int
*/
protected $statusCode = 200;
/**
* If true, will not write output. Useful during testing.
*
* @var bool
*
* @internal Used for framework testing, should not be relied on otherwise
*/
protected $pretend = false;
/**
* Constructor
*
* @param App $config
*
* @todo Recommend removing reliance on config injection
*/
public function __construct($config)
{
// Default to a non-caching page.
// Also ensures that a Cache-control header exists.
$this->noCache();
// We need CSP object even if not enabled to avoid calls to non existing methods
$this->CSP = new ContentSecurityPolicy(new CSPConfig());
$this->CSPEnabled = $config->CSPEnabled;
// DEPRECATED COOKIE MANAGEMENT
$this->cookiePrefix = $config->cookiePrefix;
$this->cookieDomain = $config->cookieDomain;
$this->cookiePath = $config->cookiePath;
$this->cookieSecure = $config->cookieSecure;
$this->cookieHTTPOnly = $config->cookieHTTPOnly;
$this->cookieSameSite = $config->cookieSameSite ?? Cookie::SAMESITE_LAX;
$config->cookieSameSite = $config->cookieSameSite ?? Cookie::SAMESITE_LAX;
if (! in_array(strtolower($config->cookieSameSite ?: Cookie::SAMESITE_LAX), Cookie::ALLOWED_SAMESITE_VALUES, true)) {
throw CookieException::forInvalidSameSite($config->cookieSameSite);
}
$this->cookieStore = new CookieStore([]);
Cookie::setDefaults(config('Cookie') ?? [
// @todo Remove this fallback when deprecated `App` members are removed
'prefix' => $config->cookiePrefix,
'path' => $config->cookiePath,
'domain' => $config->cookieDomain,
'secure' => $config->cookieSecure,
'httponly' => $config->cookieHTTPOnly,
'samesite' => $config->cookieSameSite ?? Cookie::SAMESITE_LAX,
]);
// Default to an HTML Content-Type. Devs can override if needed.
$this->setContentType('text/html');
}
/**
* Turns "pretend" mode on or off to aid in testing.
* Note that this is not a part of the interface so
* should not be relied on outside of internal testing.
*
* @return $this
*/
public function pretend(bool $pretend = true)
{
$this->pretend = $pretend;
return $this;
}
/**
* Gets the response status code.
*
* The status code is a 3-digit integer result code of the getServer's attempt
* to understand and satisfy the request.
*
* @return int Status code.
*/
public function getStatusCode(): int
{
if (empty($this->statusCode)) {
throw HTTPException::forMissingResponseStatus();
}
return $this->statusCode;
}
/**
* Gets the response response phrase associated with the status code.
*
* @see http://tools.ietf.org/html/rfc7231#section-6
* @see http://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
* @deprecated Use getReasonPhrase()
*
* @codeCoverageIgnore
*/
public function getReason(): string
{
return $this->getReasonPhrase();
}
/**
* Gets the response reason phrase associated with the status code.
*
* Because a reason phrase is not a required element in a response
* status line, the reason phrase value MAY be null. Implementations MAY
* choose to return the default RFC 7231 recommended reason phrase (or those
* listed in the IANA HTTP Status Code Registry) for the response's
* status code.
*
* @see http://tools.ietf.org/html/rfc7231#section-6
* @see http://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
*
* @return string Reason phrase; must return an empty string if none present.
*/
public function getReasonPhrase()
{
if ($this->reason === '') {
return ! empty($this->statusCode) ? static::$statusCodes[$this->statusCode] : '';
}
return $this->reason;
}
}

382
system/HTTP/ResponseInterface.php Normal file
View File

@@ -0,0 +1,382 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use CodeIgniter\Cookie\Cookie;
use CodeIgniter\HTTP\Exceptions\HTTPException;
use CodeIgniter\Pager\PagerInterface;
use DateTime;
use InvalidArgumentException;
/**
* Representation of an outgoing, getServer-side response.
* Most of these methods are supplied by ResponseTrait.
*
* Per the HTTP specification, this interface includes properties for
* each of the following:
*
* - Protocol version
* - Status code and reason phrase
* - Headers
* - Message body
*
* @mixin RedirectResponse
*/
interface ResponseInterface
{
/**
* Constants for status codes.
* From https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
*/
// Informational
public const HTTP_CONTINUE = 100;
public const HTTP_SWITCHING_PROTOCOLS = 101;
public const HTTP_PROCESSING = 102;
public const HTTP_EARLY_HINTS = 103;
public const HTTP_OK = 200;
public const HTTP_CREATED = 201;
public const HTTP_ACCEPTED = 202;
public const HTTP_NONAUTHORITATIVE_INFORMATION = 203;
public const HTTP_NO_CONTENT = 204;
public const HTTP_RESET_CONTENT = 205;
public const HTTP_PARTIAL_CONTENT = 206;
public const HTTP_MULTI_STATUS = 207;
public const HTTP_ALREADY_REPORTED = 208;
public const HTTP_IM_USED = 226;
public const HTTP_MULTIPLE_CHOICES = 300;
public const HTTP_MOVED_PERMANENTLY = 301;
public const HTTP_FOUND = 302;
public const HTTP_SEE_OTHER = 303;
public const HTTP_NOT_MODIFIED = 304;
public const HTTP_USE_PROXY = 305;
public const HTTP_SWITCH_PROXY = 306;
public const HTTP_TEMPORARY_REDIRECT = 307;
public const HTTP_PERMANENT_REDIRECT = 308;
public const HTTP_BAD_REQUEST = 400;
public const HTTP_UNAUTHORIZED = 401;
public const HTTP_PAYMENT_REQUIRED = 402;
public const HTTP_FORBIDDEN = 403;
public const HTTP_NOT_FOUND = 404;
public const HTTP_METHOD_NOT_ALLOWED = 405;
public const HTTP_NOT_ACCEPTABLE = 406;
public const HTTP_PROXY_AUTHENTICATION_REQUIRED = 407;
public const HTTP_REQUEST_TIMEOUT = 408;
public const HTTP_CONFLICT = 409;
public const HTTP_GONE = 410;
public const HTTP_LENGTH_REQUIRED = 411;
public const HTTP_PRECONDITION_FAILED = 412;
public const HTTP_PAYLOAD_TOO_LARGE = 413;
public const HTTP_URI_TOO_LONG = 414;
public const HTTP_UNSUPPORTED_MEDIA_TYPE = 415;
public const HTTP_RANGE_NOT_SATISFIABLE = 416;
public const HTTP_EXPECTATION_FAILED = 417;
public const HTTP_IM_A_TEAPOT = 418;
public const HTTP_MISDIRECTED_REQUEST = 421;
public const HTTP_UNPROCESSABLE_ENTITY = 422;
public const HTTP_LOCKED = 423;
public const HTTP_FAILED_DEPENDENCY = 424;
public const HTTP_TOO_EARLY = 425;
public const HTTP_UPGRADE_REQUIRED = 426;
public const HTTP_PRECONDITION_REQUIRED = 428;
public const HTTP_TOO_MANY_REQUESTS = 429;
public const HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE = 431;
public const HTTP_UNAVAILABLE_FOR_LEGAL_REASONS = 451;
public const HTTP_CLIENT_CLOSED_REQUEST = 499;
public const HTTP_INTERNAL_SERVER_ERROR = 500;
public const HTTP_NOT_IMPLEMENTED = 501;
public const HTTP_BAD_GATEWAY = 502;
public const HTTP_SERVICE_UNAVAILABLE = 503;
public const HTTP_GATEWAY_TIMEOUT = 504;
public const HTTP_HTTP_VERSION_NOT_SUPPORTED = 505;
public const HTTP_VARIANT_ALSO_NEGOTIATES = 506;
public const HTTP_INSUFFICIENT_STORAGE = 507;
public const HTTP_LOOP_DETECTED = 508;
public const HTTP_NOT_EXTENDED = 510;
public const HTTP_NETWORK_AUTHENTICATION_REQUIRED = 511;
public const HTTP_NETWORK_CONNECT_TIMEOUT_ERROR = 599;
/**
* Gets the response status code.
*
* The status code is a 3-digit integer result code of the getServer's attempt
* to understand and satisfy the request.
*
* @return int Status code.
*
* @deprecated To be replaced by the PSR-7 version (compatible)
*/
public function getStatusCode(): int;
/**
* Return an instance with the specified status code and, optionally, reason phrase.
*
* If no reason phrase is specified, will default recommended reason phrase for
* the response's status code.
*
* @see http://tools.ietf.org/html/rfc7231#section-6
* @see http://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
*
* @param int $code The 3-digit integer result code to set.
* @param string $reason The reason phrase to use with the
* provided status code; if none is provided, will
* default to the IANA name.
*
* @throws InvalidArgumentException For invalid status code arguments.
*
* @return self
*/
public function setStatusCode(int $code, string $reason = '');
/**
* Gets the response response phrase associated with the status code.
*
* @see http://tools.ietf.org/html/rfc7231#section-6
* @see http://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
* @deprecated Use getReasonPhrase()
*/
public function getReason(): string;
//--------------------------------------------------------------------
// Convenience Methods
//--------------------------------------------------------------------
/**
* Sets the date header
*
* @return ResponseInterface
*/
public function setDate(DateTime $date);
/**
* Sets the Last-Modified date header.
*
* $date can be either a string representation of the date or,
* preferably, an instance of DateTime.
*
* @param DateTime|string $date
*/
public function setLastModified($date);
/**
* Set the Link Header
*
* @see http://tools.ietf.org/html/rfc5988
*
* @return Response
*
* @todo Recommend moving to Pager
*/
public function setLink(PagerInterface $pager);
/**
* Sets the Content Type header for this response with the mime type
* and, optionally, the charset.
*
* @return ResponseInterface
*/
public function setContentType(string $mime, string $charset = 'UTF-8');
//--------------------------------------------------------------------
// Formatter Methods
//--------------------------------------------------------------------
/**
* Converts the $body into JSON and sets the Content Type header.
*
* @param array|string $body
*
* @return $this
*/
public function setJSON($body, bool $unencoded = false);
/**
* Returns the current body, converted to JSON is it isn't already.
*
* @throws InvalidArgumentException If the body property is not array.
*
* @return mixed|string
*/
public function getJSON();
/**
* Converts $body into XML, and sets the correct Content-Type.
*
* @param array|string $body
*
* @return $this
*/
public function setXML($body);
/**
* Retrieves the current body into XML and returns it.
*
* @throws InvalidArgumentException If the body property is not array.
*
* @return mixed|string
*/
public function getXML();
//--------------------------------------------------------------------
// Cache Control Methods
//
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
//--------------------------------------------------------------------
/**
* Sets the appropriate headers to ensure this response
* is not cached by the browsers.
*/
public function noCache();
/**
* A shortcut method that allows the developer to set all of the
* cache-control headers in one method call.
*
* The options array is used to provide the cache-control directives
* for the header. It might look something like:
*
* $options = [
* 'max-age' => 300,
* 's-maxage' => 900
* 'etag' => 'abcde',
* ];
*
* Typical options are:
* - etag
* - last-modified
* - max-age
* - s-maxage
* - private
* - public
* - must-revalidate
* - proxy-revalidate
* - no-transform
*
* @return ResponseInterface
*/
public function setCache(array $options = []);
//--------------------------------------------------------------------
// Output Methods
//--------------------------------------------------------------------
/**
* Sends the output to the browser.
*
* @return ResponseInterface
*/
public function send();
/**
* Sends the headers of this HTTP request to the browser.
*
* @return Response
*/
public function sendHeaders();
/**
* Sends the Body of the message to the browser.
*
* @return Response
*/
public function sendBody();
//--------------------------------------------------------------------
// Cookie Methods
//--------------------------------------------------------------------
/**
* Set a cookie
*
* Accepts an arbitrary number of binds (up to 7) or an associative
* array in the first parameter containing all the values.
*
* @param array|string $name Cookie name or array containing binds
* @param string $value Cookie value
* @param string $expire Cookie expiration time in seconds
* @param string $domain Cookie domain (e.g.: '.yourdomain.com')
* @param string $path Cookie path (default: '/')
* @param string $prefix Cookie name prefix
* @param bool $secure Whether to only transfer cookies via SSL
* @param bool $httponly Whether only make the cookie accessible via HTTP (no javascript)
* @param string|null $samesite
*
* @return $this
*/
public function setCookie(
$name,
$value = '',
$expire = '',
$domain = '',
$path = '/',
$prefix = '',
$secure = false,
$httponly = false,
$samesite = null
);
/**
* Checks to see if the Response has a specified cookie or not.
*/
public function hasCookie(string $name, ?string $value = null, string $prefix = ''): bool;
/**
* Returns the cookie
*
* @return Cookie|Cookie[]|null
*/
public function getCookie(?string $name = null, string $prefix = '');
/**
* Sets a cookie to be deleted when the response is sent.
*
* @return $this
*/
public function deleteCookie(string $name = '', string $domain = '', string $path = '/', string $prefix = '');
/**
* Returns all cookies currently set.
*
* @return Cookie[]
*/
public function getCookies();
//--------------------------------------------------------------------
// Response Methods
//--------------------------------------------------------------------
/**
* Perform a redirect to a new URL, in two flavors: header or location.
*
* @param string $uri The URI to redirect to
* @param int $code The type of redirection, defaults to 302
*
* @throws HTTPException For invalid status code.
*
* @return $this
*/
public function redirect(string $uri, string $method = 'auto', ?int $code = null);
/**
* Force a download.
*
* Generates the headers that force a download to happen. And
* sends the file to the browser.
*
* @param string $filename The path to the file to send
* @param string|null $data The data to be downloaded
* @param bool $setMime Whether to try and send the actual MIME type
*
* @return DownloadResponse|null
*/
public function download(string $filename = '', $data = '', bool $setMime = false);
}

781
system/HTTP/ResponseTrait.php Normal file
View File

@@ -0,0 +1,781 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use CodeIgniter\Cookie\Cookie;
use CodeIgniter\Cookie\CookieStore;
use CodeIgniter\Cookie\Exceptions\CookieException;
use CodeIgniter\HTTP\Exceptions\HTTPException;
use CodeIgniter\Pager\PagerInterface;
use CodeIgniter\Security\Exceptions\SecurityException;
use Config\Services;
use DateTime;
use DateTimeZone;
use InvalidArgumentException;
/**
* Response Trait
*
* Additional methods to make a PSR-7 Response class
* compliant with the framework's own ResponseInterface.
*
* @property array $statusCodes
*
* @see https://github.com/php-fig/http-message/blob/master/src/ResponseInterface.php
*/
trait ResponseTrait
{
/**
* Whether Content Security Policy is being enforced.
*
* @var bool
*/
protected $CSPEnabled = false;
/**
* Content security policy handler
*
* @var ContentSecurityPolicy
*/
public $CSP;
/**
* CookieStore instance.
*
* @var CookieStore
*/
protected $cookieStore;
/**
* Set a cookie name prefix if you need to avoid collisions
*
* @var string
*
* @deprecated Use the dedicated Cookie class instead.
*/
protected $cookiePrefix = '';
/**
* Set to .your-domain.com for site-wide cookies
*
* @var string
*
* @deprecated Use the dedicated Cookie class instead.
*/
protected $cookieDomain = '';
/**
* Typically will be a forward slash
*
* @var string
*
* @deprecated Use the dedicated Cookie class instead.
*/
protected $cookiePath = '/';
/**
* Cookie will only be set if a secure HTTPS connection exists.
*
* @var bool
*
* @deprecated Use the dedicated Cookie class instead.
*/
protected $cookieSecure = false;
/**
* Cookie will only be accessible via HTTP(S) (no javascript)
*
* @var bool
*
* @deprecated Use the dedicated Cookie class instead.
*/
protected $cookieHTTPOnly = false;
/**
* Cookie SameSite setting
*
* @var string
*
* @deprecated Use the dedicated Cookie class instead.
*/
protected $cookieSameSite = Cookie::SAMESITE_LAX;
/**
* Stores all cookies that were set in the response.
*
* @var array
*
* @deprecated Use the dedicated Cookie class instead.
*/
protected $cookies = [];
/**
* Type of format the body is in.
* Valid: html, json, xml
*
* @var string
*/
protected $bodyFormat = 'html';
/**
* Return an instance with the specified status code and, optionally, reason phrase.
*
* If no reason phrase is specified, will default recommended reason phrase for
* the response's status code.
*
* @see http://tools.ietf.org/html/rfc7231#section-6
* @see http://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
*
* @param int $code The 3-digit integer result code to set.
* @param string $reason The reason phrase to use with the
* provided status code; if none is provided, will
* default to the IANA name.
*
* @throws HTTPException For invalid status code arguments.
*
* @return $this
*/
public function setStatusCode(int $code, string $reason = '')
{
// Valid range?
if ($code < 100 || $code > 599) {
throw HTTPException::forInvalidStatusCode($code);
}
// Unknown and no message?
if (! array_key_exists($code, static::$statusCodes) && empty($reason)) {
throw HTTPException::forUnkownStatusCode($code);
}
$this->statusCode = $code;
$this->reason = ! empty($reason) ? $reason : static::$statusCodes[$code];
return $this;
}
//--------------------------------------------------------------------
// Convenience Methods
//--------------------------------------------------------------------
/**
* Sets the date header
*
* @return Response
*/
public function setDate(DateTime $date)
{
$date->setTimezone(new DateTimeZone('UTC'));
$this->setHeader('Date', $date->format('D, d M Y H:i:s') . ' GMT');
return $this;
}
/**
* Set the Link Header
*
* @see http://tools.ietf.org/html/rfc5988
*
* @return Response
*
* @todo Recommend moving to Pager
*/
public function setLink(PagerInterface $pager)
{
$links = '';
if ($previous = $pager->getPreviousPageURI()) {
$links .= '<' . $pager->getPageURI($pager->getFirstPage()) . '>; rel="first",';
$links .= '<' . $previous . '>; rel="prev"';
}
if (($next = $pager->getNextPageURI()) && $previous) {
$links .= ',';
}
if ($next) {
$links .= '<' . $next . '>; rel="next",';
$links .= '<' . $pager->getPageURI($pager->getLastPage()) . '>; rel="last"';
}
$this->setHeader('Link', $links);
return $this;
}
/**
* Sets the Content Type header for this response with the mime type
* and, optionally, the charset.
*
* @return Response
*/
public function setContentType(string $mime, string $charset = 'UTF-8')
{
// add charset attribute if not already there and provided as parm
if ((strpos($mime, 'charset=') < 1) && ! empty($charset)) {
$mime .= '; charset=' . $charset;
}
$this->removeHeader('Content-Type'); // replace existing content type
$this->setHeader('Content-Type', $mime);
return $this;
}
/**
* Converts the $body into JSON and sets the Content Type header.
*
* @param array|string $body
*
* @return $this
*/
public function setJSON($body, bool $unencoded = false)
{
$this->body = $this->formatBody($body, 'json' . ($unencoded ? '-unencoded' : ''));
return $this;
}
/**
* Returns the current body, converted to JSON is it isn't already.
*
* @throws InvalidArgumentException If the body property is not array.
*
* @return mixed|string
*/
public function getJSON()
{
$body = $this->body;
if ($this->bodyFormat !== 'json') {
$body = Services::format()->getFormatter('application/json')->format($body);
}
return $body ?: null;
}
/**
* Converts $body into XML, and sets the correct Content-Type.
*
* @param array|string $body
*
* @return $this
*/
public function setXML($body)
{
$this->body = $this->formatBody($body, 'xml');
return $this;
}
/**
* Retrieves the current body into XML and returns it.
*
* @throws InvalidArgumentException If the body property is not array.
*
* @return mixed|string
*/
public function getXML()
{
$body = $this->body;
if ($this->bodyFormat !== 'xml') {
$body = Services::format()->getFormatter('application/xml')->format($body);
}
return $body;
}
/**
* Handles conversion of the of the data into the appropriate format,
* and sets the correct Content-Type header for our response.
*
* @param array|string $body
* @param string $format Valid: json, xml
*
* @throws InvalidArgumentException If the body property is not string or array.
*
* @return mixed
*/
protected function formatBody($body, string $format)
{
$this->bodyFormat = ($format === 'json-unencoded' ? 'json' : $format);
$mime = "application/{$this->bodyFormat}";
$this->setContentType($mime);
// Nothing much to do for a string...
if (! is_string($body) || $format === 'json-unencoded') {
$body = Services::format()->getFormatter($mime)->format($body);
}
return $body;
}
//--------------------------------------------------------------------
// Cache Control Methods
//
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
//--------------------------------------------------------------------
/**
* Sets the appropriate headers to ensure this response
* is not cached by the browsers.
*
* @return Response
*
* @todo Recommend researching these directives, might need: 'private', 'no-transform', 'no-store', 'must-revalidate'
*
* @see DownloadResponse::noCache()
*/
public function noCache()
{
$this->removeHeader('Cache-control');
$this->setHeader('Cache-control', ['no-store', 'max-age=0', 'no-cache']);
return $this;
}
/**
* A shortcut method that allows the developer to set all of the
* cache-control headers in one method call.
*
* The options array is used to provide the cache-control directives
* for the header. It might look something like:
*
* $options = [
* 'max-age' => 300,
* 's-maxage' => 900
* 'etag' => 'abcde',
* ];
*
* Typical options are:
* - etag
* - last-modified
* - max-age
* - s-maxage
* - private
* - public
* - must-revalidate
* - proxy-revalidate
* - no-transform
*
* @return Response
*/
public function setCache(array $options = [])
{
if (empty($options)) {
return $this;
}
$this->removeHeader('Cache-Control');
$this->removeHeader('ETag');
// ETag
if (isset($options['etag'])) {
$this->setHeader('ETag', $options['etag']);
unset($options['etag']);
}
// Last Modified
if (isset($options['last-modified'])) {
$this->setLastModified($options['last-modified']);
unset($options['last-modified']);
}
$this->setHeader('Cache-control', $options);
return $this;
}
/**
* Sets the Last-Modified date header.
*
* $date can be either a string representation of the date or,
* preferably, an instance of DateTime.
*
* @param DateTime|string $date
*
* @return Response
*/
public function setLastModified($date)
{
if ($date instanceof DateTime) {
$date->setTimezone(new DateTimeZone('UTC'));
$this->setHeader('Last-Modified', $date->format('D, d M Y H:i:s') . ' GMT');
} elseif (is_string($date)) {
$this->setHeader('Last-Modified', $date);
}
return $this;
}
//--------------------------------------------------------------------
// Output Methods
//--------------------------------------------------------------------
/**
* Sends the output to the browser.
*
* @return Response
*/
public function send()
{
// If we're enforcing a Content Security Policy,
// we need to give it a chance to build out it's headers.
if ($this->CSPEnabled === true) {
$this->CSP->finalize($this);
} else {
$this->body = str_replace(['{csp-style-nonce}', '{csp-script-nonce}'], '', $this->body ?? '');
}
$this->sendHeaders();
$this->sendCookies();
$this->sendBody();
return $this;
}
/**
* Sends the headers of this HTTP response to the browser.
*
* @return Response
*/
public function sendHeaders()
{
// Have the headers already been sent?
if ($this->pretend || headers_sent()) {
return $this;
}
// Per spec, MUST be sent with each request, if possible.
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html
if (! isset($this->headers['Date']) && PHP_SAPI !== 'cli-server') {
$this->setDate(DateTime::createFromFormat('U', (string) time()));
}
// HTTP Status
header(sprintf('HTTP/%s %s %s', $this->getProtocolVersion(), $this->getStatusCode(), $this->getReason()), true, $this->getStatusCode());
// Send all of our headers
foreach (array_keys($this->getHeaders()) as $name) {
header($name . ': ' . $this->getHeaderLine($name), false, $this->getStatusCode());
}
return $this;
}
/**
* Sends the Body of the message to the browser.
*
* @return Response
*/
public function sendBody()
{
echo $this->body;
return $this;
}
/**
* Perform a redirect to a new URL, in two flavors: header or location.
*
* @param string $uri The URI to redirect to
* @param int $code The type of redirection, defaults to 302
*
* @throws HTTPException For invalid status code.
*
* @return $this
*/
public function redirect(string $uri, string $method = 'auto', ?int $code = null)
{
// Assume 302 status code response; override if needed
if (empty($code)) {
$code = 302;
}
// IIS environment likely? Use 'refresh' for better compatibility
if ($method === 'auto' && isset($_SERVER['SERVER_SOFTWARE']) && strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false) {
$method = 'refresh';
}
// override status code for HTTP/1.1 & higher
// reference: http://en.wikipedia.org/wiki/Post/Redirect/Get
if (isset($_SERVER['SERVER_PROTOCOL'], $_SERVER['REQUEST_METHOD']) && $this->getProtocolVersion() >= 1.1 && $method !== 'refresh') {
$code = ($_SERVER['REQUEST_METHOD'] !== 'GET') ? 303 : ($code === 302 ? 307 : $code);
}
switch ($method) {
case 'refresh':
$this->setHeader('Refresh', '0;url=' . $uri);
break;
default:
$this->setHeader('Location', $uri);
break;
}
$this->setStatusCode($code);
return $this;
}
/**
* Set a cookie
*
* Accepts an arbitrary number of binds (up to 7) or an associative
* array in the first parameter containing all the values.
*
* @param array|Cookie|string $name Cookie name / array containing binds / Cookie object
* @param string $value Cookie value
* @param string $expire Cookie expiration time in seconds
* @param string $domain Cookie domain (e.g.: '.yourdomain.com')
* @param string $path Cookie path (default: '/')
* @param string $prefix Cookie name prefix
* @param bool $secure Whether to only transfer cookies via SSL
* @param bool $httponly Whether only make the cookie accessible via HTTP (no javascript)
* @param string|null $samesite
*
* @return $this
*/
public function setCookie(
$name,
$value = '',
$expire = '',
$domain = '',
$path = '/',
$prefix = '',
$secure = false,
$httponly = false,
$samesite = null
) {
if ($name instanceof Cookie) {
$this->cookieStore = $this->cookieStore->put($name);
return $this;
}
if (is_array($name)) {
// always leave 'name' in last place, as the loop will break otherwise, due to $$item
foreach (['samesite', 'value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name'] as $item) {
if (isset($name[$item])) {
${$item} = $name[$item];
}
}
}
if (is_numeric($expire)) {
$expire = $expire > 0 ? time() + $expire : 0;
}
$cookie = new Cookie($name, $value, [
'expires' => $expire ?: 0,
'domain' => $domain,
'path' => $path,
'prefix' => $prefix,
'secure' => $secure,
'httponly' => $httponly,
'samesite' => $samesite ?? '',
]);
$this->cookieStore = $this->cookieStore->put($cookie);
return $this;
}
/**
* Returns the `CookieStore` instance.
*
* @return CookieStore
*/
public function getCookieStore()
{
return $this->cookieStore;
}
/**
* Checks to see if the Response has a specified cookie or not.
*/
public function hasCookie(string $name, ?string $value = null, string $prefix = ''): bool
{
$prefix = $prefix ?: Cookie::setDefaults()['prefix']; // to retain BC
return $this->cookieStore->has($name, $prefix, $value);
}
/**
* Returns the cookie
*
* @return Cookie|Cookie[]|null
*/
public function getCookie(?string $name = null, string $prefix = '')
{
if ((string) $name === '') {
return $this->cookieStore->display();
}
try {
$prefix = $prefix ?: Cookie::setDefaults()['prefix']; // to retain BC
return $this->cookieStore->get($name, $prefix);
} catch (CookieException $e) {
log_message('error', $e->getMessage());
return null;
}
}
/**
* Sets a cookie to be deleted when the response is sent.
*
* @return $this
*/
public function deleteCookie(string $name = '', string $domain = '', string $path = '/', string $prefix = '')
{
if ($name === '') {
return $this;
}
$prefix = $prefix ?: Cookie::setDefaults()['prefix']; // to retain BC
$prefixed = $prefix . $name;
$store = $this->cookieStore;
$found = false;
foreach ($store as $cookie) {
if ($cookie->getPrefixedName() === $prefixed) {
if ($domain !== $cookie->getDomain()) {
continue;
}
if ($path !== $cookie->getPath()) {
continue;
}
$cookie = $cookie->withValue('')->withExpired();
$found = true;
$this->cookieStore = $store->put($cookie);
break;
}
}
if (! $found) {
$this->setCookie($name, '', '', $domain, $path, $prefix);
}
return $this;
}
/**
* Returns all cookies currently set.
*
* @return Cookie[]
*/
public function getCookies()
{
return $this->cookieStore->display();
}
/**
* Actually sets the cookies.
*/
protected function sendCookies()
{
if ($this->pretend) {
return;
}
$this->dispatchCookies();
}
private function dispatchCookies(): void
{
/** @var IncomingRequest $request */
$request = Services::request();
foreach ($this->cookieStore->display() as $cookie) {
if ($cookie->isSecure() && ! $request->isSecure()) {
throw SecurityException::forDisallowedAction();
}
$name = $cookie->getPrefixedName();
$value = $cookie->getValue();
$options = $cookie->getOptions();
if ($cookie->isRaw()) {
$this->doSetRawCookie($name, $value, $options);
} else {
$this->doSetCookie($name, $value, $options);
}
}
$this->cookieStore->clear();
}
/**
* Extracted call to `setrawcookie()` in order to run unit tests on it.
*
* @codeCoverageIgnore
*/
private function doSetRawCookie(string $name, string $value, array $options): void
{
setrawcookie($name, $value, $options);
}
/**
* Extracted call to `setcookie()` in order to run unit tests on it.
*
* @codeCoverageIgnore
*/
private function doSetCookie(string $name, string $value, array $options): void
{
setcookie($name, $value, $options);
}
/**
* Force a download.
*
* Generates the headers that force a download to happen. And
* sends the file to the browser.
*
* @param string $filename The path to the file to send
* @param string|null $data The data to be downloaded
* @param bool $setMime Whether to try and send the actual MIME type
*
* @return DownloadResponse|null
*/
public function download(string $filename = '', $data = '', bool $setMime = false)
{
if ($filename === '' || $data === '') {
return null;
}
$filepath = '';
if ($data === null) {
$filepath = $filename;
$filename = explode('/', str_replace(DIRECTORY_SEPARATOR, '/', $filename));
$filename = end($filename);
}
$response = new DownloadResponse($filename, $setMime);
if ($filepath !== '') {
$response->setFilePath($filepath);
} elseif ($data !== null) {
$response->setBinary($data);
}
return $response;
}
}

1045
system/HTTP/URI.php Normal file
View File

File diff suppressed because it is too large Load Diff

371
system/HTTP/UserAgent.php Normal file
View File

@@ -0,0 +1,371 @@
<?php
/**
* This file is part of CodeIgniter 4 framework.
*
* (c) CodeIgniter Foundation <admin@codeigniter.com>
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace CodeIgniter\HTTP;
use Config\UserAgents;
/**
* Abstraction for an HTTP user agent
*/
class UserAgent
{
/**
* Current user-agent
*
* @var string
*/
protected $agent = '';
/**
* Flag for if the user-agent belongs to a browser
*
* @var bool
*/
protected $isBrowser = false;
/**
* Flag for if the user-agent is a robot
*
* @var bool
*/
protected $isRobot = false;
/**
* Flag for if the user-agent is a mobile browser
*
* @var bool
*/
protected $isMobile = false;
/**
* Holds the config file contents.
*
* @var UserAgents
*/
protected $config;
/**
* Current user-agent platform
*
* @var string
*/
protected $platform = '';
/**
* Current user-agent browser
*
* @var string
*/
protected $browser = '';
/**
* Current user-agent version
*
* @var string
*/
protected $version = '';
/**
* Current user-agent mobile name
*
* @var string
*/
protected $mobile = '';
/**
* Current user-agent robot name
*
* @var string
*/
protected $robot = '';
/**
* HTTP Referer
*
* @var mixed
*/
protected $referrer;
/**
* Constructor
*
* Sets the User Agent and runs the compilation routine
*/
public function __construct(?UserAgents $config = null)
{
$this->config = $config ?? new UserAgents();
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$this->agent = trim($_SERVER['HTTP_USER_AGENT']);
$this->compileData();
}
}
/**
* Is Browser
*
* @param string $key
*/
public function isBrowser(?string $key = null): bool
{
if (! $this->isBrowser) {
return false;
}
// No need to be specific, it's a browser
if ($key === null) {
return true;
}
// Check for a specific browser
return isset($this->config->browsers[$key]) && $this->browser === $this->config->browsers[$key];
}
/**
* Is Robot
*
* @param string $key
*/
public function isRobot(?string $key = null): bool
{
if (! $this->isRobot) {
return false;
}
// No need to be specific, it's a robot
if ($key === null) {
return true;
}
// Check for a specific robot
return isset($this->config->robots[$key]) && $this->robot === $this->config->robots[$key];
}
/**
* Is Mobile
*
* @param string $key
*/
public function isMobile(?string $key = null): bool
{
if (! $this->isMobile) {
return false;
}
// No need to be specific, it's a mobile
if ($key === null) {
return true;
}
// Check for a specific robot
return isset($this->config->mobiles[$key]) && $this->mobile === $this->config->mobiles[$key];
}
/**
* Is this a referral from another site?
*/
public function isReferral(): bool
{
if (! isset($this->referrer)) {
if (empty($_SERVER['HTTP_REFERER'])) {
$this->referrer = false;
} else {
$refererHost = @parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
$ownHost = parse_url(\base_url(), PHP_URL_HOST);
$this->referrer = ($refererHost && $refererHost !== $ownHost);
}
}
return $this->referrer;
}
/**
* Agent String
*/
public function getAgentString(): string
{
return $this->agent;
}
/**
* Get Platform
*/
public function getPlatform(): string
{
return $this->platform;
}
/**
* Get Browser Name
*/
public function getBrowser(): string
{
return $this->browser;
}
/**
* Get the Browser Version
*/
public function getVersion(): string
{
return $this->version;
}
/**
* Get The Robot Name
*/
public function getRobot(): string
{
return $this->robot;
}
/**
* Get the Mobile Device
*/
public function getMobile(): string
{
return $this->mobile;
}
/**
* Get the referrer
*/
public function getReferrer(): string
{
return empty($_SERVER['HTTP_REFERER']) ? '' : trim($_SERVER['HTTP_REFERER']);
}
/**
* Parse a custom user-agent string
*/
public function parse(string $string)
{
// Reset values
$this->isBrowser = false;
$this->isRobot = false;
$this->isMobile = false;
$this->browser = '';
$this->version = '';
$this->mobile = '';
$this->robot = '';
// Set the new user-agent string and parse it, unless empty
$this->agent = $string;
if (! empty($string)) {
$this->compileData();
}
}
/**
* Compile the User Agent Data
*/
protected function compileData()
{
$this->setPlatform();
foreach (['setRobot', 'setBrowser', 'setMobile'] as $function) {
if ($this->{$function}() === true) {
break;
}
}
}
/**
* Set the Platform
*/
protected function setPlatform(): bool
{
if (is_array($this->config->platforms) && $this->config->platforms) {
foreach ($this->config->platforms as $key => $val) {
if (preg_match('|' . preg_quote($key, '|') . '|i', $this->agent)) {
$this->platform = $val;
return true;
}
}
}
$this->platform = 'Unknown Platform';
return false;
}
/**
* Set the Browser
*/
protected function setBrowser(): bool
{
if (is_array($this->config->browsers) && $this->config->browsers) {
foreach ($this->config->browsers as $key => $val) {
if (preg_match('|' . $key . '.*?([0-9\.]+)|i', $this->agent, $match)) {
$this->isBrowser = true;
$this->version = $match[1];
$this->browser = $val;
$this->setMobile();
return true;
}
}
}
return false;
}
/**
* Set the Robot
*/
protected function setRobot(): bool
{
if (is_array($this->config->robots) && $this->config->robots) {
foreach ($this->config->robots as $key => $val) {
if (preg_match('|' . preg_quote($key, '|') . '|i', $this->agent)) {
$this->isRobot = true;
$this->robot = $val;
$this->setMobile();
return true;
}
}
}
return false;
}
/**
* Set the Mobile Device
*/
protected function setMobile(): bool
{
if (is_array($this->config->mobiles) && $this->config->mobiles) {
foreach ($this->config->mobiles as $key => $val) {
if (false !== (stripos($this->agent, $key))) {
$this->isMobile = true;
$this->mobile = $val;
return true;
}
}
}
return false;
}
/**
* Outputs the original Agent String when cast as a string.
*/
public function __toString(): string
{
return $this->getAgentString();
}
}