2015-08-17 17:00:26 -07:00
< ? php
/*
* This file is part of the Symfony package .
*
* ( c ) Fabien Potencier < fabien @ symfony . com >
*
* For the full copyright and license information , please view the LICENSE
* file that was distributed with this source code .
*/
namespace Symfony\Component\HttpFoundation ;
/**
* ServerBag is a container for HTTP headers from the $_SERVER variable .
*
* @ author Fabien Potencier < fabien @ symfony . com >
* @ author Bulat Shakirzyanov < mallluhuct @ gmail . com >
* @ author Robert Kiss < kepten @ gmail . com >
*/
class ServerBag extends ParameterBag
{
/**
* Gets the HTTP headers .
*
* @ return array
*/
public function getHeaders ()
{
$headers = array ();
$contentHeaders = array ( 'CONTENT_LENGTH' => true , 'CONTENT_MD5' => true , 'CONTENT_TYPE' => true );
foreach ( $this -> parameters as $key => $value ) {
if ( 0 === strpos ( $key , 'HTTP_' )) {
$headers [ substr ( $key , 5 )] = $value ;
}
// CONTENT_* are not prefixed with HTTP_
elseif ( isset ( $contentHeaders [ $key ])) {
$headers [ $key ] = $value ;
}
}
if ( isset ( $this -> parameters [ 'PHP_AUTH_USER' ])) {
$headers [ 'PHP_AUTH_USER' ] = $this -> parameters [ 'PHP_AUTH_USER' ];
$headers [ 'PHP_AUTH_PW' ] = isset ( $this -> parameters [ 'PHP_AUTH_PW' ]) ? $this -> parameters [ 'PHP_AUTH_PW' ] : '' ;
} else {
/*
* php - cgi under Apache does not pass HTTP Basic user / pass to PHP by default
* For this workaround to work , add these lines to your . htaccess file :
* RewriteCond % { HTTP : Authorization } ^ ( .+ ) $
* RewriteRule .* - [ E = HTTP_AUTHORIZATION :% { HTTP : Authorization }]
*
* A sample . htaccess file :
* RewriteEngine On
* RewriteCond % { HTTP : Authorization } ^ ( .+ ) $
* RewriteRule .* - [ E = HTTP_AUTHORIZATION :% { HTTP : Authorization }]
* RewriteCond % { REQUEST_FILENAME } !- f
* RewriteRule ^ ( .* ) $ app . php [ QSA , L ]
*/
$authorizationHeader = null ;
if ( isset ( $this -> parameters [ 'HTTP_AUTHORIZATION' ])) {
$authorizationHeader = $this -> parameters [ 'HTTP_AUTHORIZATION' ];
} elseif ( isset ( $this -> parameters [ 'REDIRECT_HTTP_AUTHORIZATION' ])) {
$authorizationHeader = $this -> parameters [ 'REDIRECT_HTTP_AUTHORIZATION' ];
}
if ( null !== $authorizationHeader ) {
if ( 0 === stripos ( $authorizationHeader , 'basic ' )) {
// Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic
$exploded = explode ( ':' , base64_decode ( substr ( $authorizationHeader , 6 )), 2 );
if ( count ( $exploded ) == 2 ) {
list ( $headers [ 'PHP_AUTH_USER' ], $headers [ 'PHP_AUTH_PW' ]) = $exploded ;
}
} elseif ( empty ( $this -> parameters [ 'PHP_AUTH_DIGEST' ]) && ( 0 === stripos ( $authorizationHeader , 'digest ' ))) {
// In some circumstances PHP_AUTH_DIGEST needs to be set
$headers [ 'PHP_AUTH_DIGEST' ] = $authorizationHeader ;
$this -> parameters [ 'PHP_AUTH_DIGEST' ] = $authorizationHeader ;
} elseif ( 0 === stripos ( $authorizationHeader , 'bearer ' )) {
/*
* XXX : Since there is no PHP_AUTH_BEARER in PHP predefined variables ,
* I 'll just set $headers[' AUTHORIZATION ' ] here .
* http :// php . net / manual / en / reserved . variables . server . php
*/
$headers [ 'AUTHORIZATION' ] = $authorizationHeader ;
}
}
}
2016-04-20 09:56:34 -07:00
if ( isset ( $headers [ 'AUTHORIZATION' ])) {
return $headers ;
}
2015-08-17 17:00:26 -07:00
// PHP_AUTH_USER/PHP_AUTH_PW
if ( isset ( $headers [ 'PHP_AUTH_USER' ])) {
$headers [ 'AUTHORIZATION' ] = 'Basic ' . base64_encode ( $headers [ 'PHP_AUTH_USER' ] . ':' . $headers [ 'PHP_AUTH_PW' ]);
} elseif ( isset ( $headers [ 'PHP_AUTH_DIGEST' ])) {
$headers [ 'AUTHORIZATION' ] = $headers [ 'PHP_AUTH_DIGEST' ];
}
return $headers ;
}
}
