Consolidate HTTP header access

Summary: Route all `$_SERVER['HTTP_...']` stuff through AphrontRequest (it would be nice to make this non-static, but the stack is a bit tangled right now...) Test Plan: Verified CSRF and cascading profiling. `var_dump()`'d User-Agent and Referer and verified they are populated and returned correct values when accessed. Restarted server to trigger setup checks. Reviewers: vrana Reviewed By: vrana CC: aran Differential Revision: https://secure.phabricator.com/D4888
2025-03-19 15:50:17 +01:00 · 2013-02-09 15:01:57 -08:00 · 2013-02-09 15:01:57 -08:00 · 879c14e13a
commit 879c14e13a
parent f5827871d5
7 changed files with 20 additions and 21 deletions
--- a/src/aphront/AphrontRequest.php
+++ b/src/aphront/AphrontRequest.php
@ -199,15 +199,7 @@ final class AphrontRequest {
    // No token in the request, check the HTTP header which is added for Ajax
    // requests.
    if (empty($token)) {
-
-      // PHP mangles HTTP headers by uppercasing them and replacing hyphens with
-      // underscores, then prepending 'HTTP_'.
-      $php_index = self::getCSRFHeaderName();
-      $php_index = strtoupper($php_index);
-      $php_index = str_replace('-', '_', $php_index);
-      $php_index = 'HTTP_'.$php_index;
-
-      $token = idx($_SERVER, $php_index);
+      $token = self::getHTTPHeader(self::getCSRFHeaderName());
    }

    $valid = $this->getUser()->validateCSRFToken($token);
@ -430,4 +422,14 @@ final class AphrontRequest {
  }


+  public static function getHTTPHeader($name, $default = null) {
+    // PHP mangles HTTP headers by uppercasing them and replacing hyphens with
+    // underscores, then prepending 'HTTP_'.
+    $php_index = strtoupper($name);
+    $php_index = str_replace('-', '_', $php_index);
+    $php_index = 'HTTP_'.$php_index;
+
+    return idx($_SERVER, $php_index, $default);
+  }
+
 }
--- a/src/aphront/console/plugin/xhprof/DarkConsoleXHProfPluginAPI.php
+++ b/src/aphront/console/plugin/xhprof/DarkConsoleXHProfPluginAPI.php
@ -22,12 +22,9 @@ final class DarkConsoleXHProfPluginAPI {
      return $_REQUEST['__profile__'];
    }

-    $header = self::getProfilerHeader();
-    $header = strtoupper($header);
-    $header = str_replace('-', '_', $header);
-    $header = 'HTTP_'.$header;
-    if (!empty($_SERVER[$header])) {
-      return $_SERVER[$header];
+    $header = AphrontRequest::getHTTPHeader(self::getProfilerHeader());
+    if ($header) {
+      return $header;
    }

    static $profilerRequested = null;
--- a/src/applications/config/check/PhabricatorSetupCheckBaseURI.php
+++ b/src/applications/config/check/PhabricatorSetupCheckBaseURI.php
@ -5,7 +5,7 @@ final class PhabricatorSetupCheckBaseURI extends PhabricatorSetupCheck {
  protected function executeChecks() {
    $base_uri = PhabricatorEnv::getEnvConfig('phabricator.base-uri');

-    if (strpos($_SERVER['HTTP_HOST'], '.') === false) {
+    if (strpos(AphrontRequest::getHTTPHeader('Host'), '.') === false) {
      $summary = pht(
        'The domain does not contain a dot. This is necessary for some web '.
        'browsers to be able to set cookies.');
--- a/src/applications/people/storage/PhabricatorUserLog.php
+++ b/src/applications/people/storage/PhabricatorUserLog.php
@ -75,7 +75,7 @@ final class PhabricatorUserLog extends PhabricatorUserDAO {
      $this->setSession(idx($_COOKIE, 'phsid'));
    }
    $this->details['host'] = php_uname('n');
-    $this->details['user_agent'] = idx($_SERVER, 'HTTP_USER_AGENT');
+    $this->details['user_agent'] = AphrontRequest::getHTTPHeader('User-Agent');

    return parent::save();
  }
--- a/src/infrastructure/celerity/CelerityResourceController.php
+++ b/src/infrastructure/celerity/CelerityResourceController.php
@ -34,7 +34,7 @@ abstract class CelerityResourceController extends PhabricatorController {
      throw new Exception("Only static resources may be served.");
    }

-    if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) &&
+    if (AphrontRequest::getHTTPHeader('If-Modified-Since') &&
        !PhabricatorEnv::getEnvConfig('phabricator.developer-mode')) {
      // Return a "304 Not Modified". We don't care about the value of this
      // field since we never change what resource is served by a given URI.
--- a/src/view/page/PhabricatorStandardPageView.php
+++ b/src/view/page/PhabricatorStandardPageView.php
@ -367,7 +367,7 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView {
      $classes[] = 'phabricator-chromeless-page';
    }

-    $agent = idx($_SERVER, 'HTTP_USER_AGENT');
+    $agent = AphrontRequest::getHTTPHeader('User-Agent');

    // Try to guess the device resolution based on UA strings to avoid a flash
    // of incorrectly-styled content.
--- a/webroot/index.php
+++ b/webroot/index.php
@ -15,7 +15,7 @@ try {
    PhabricatorStartup::setGlobal('log.access', $access_log);
    $access_log->setData(
      array(
-        'R' => idx($_SERVER, 'HTTP_REFERER', '-'),
+        'R' => AphrontRequest::getHTTPHeader('Referer', '-'),
        'r' => idx($_SERVER, 'REMOTE_ADDR', '-'),
        'M' => idx($_SERVER, 'REQUEST_METHOD', '-'),
      ));
@ -34,7 +34,7 @@ try {
    return;
  }

-  $host = $_SERVER['HTTP_HOST'];
+  $host = AphrontRequest::getHTTPHeader('Host');
  $path = $_REQUEST['__path__'];

  switch ($host) {