revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-03-20 00:00:10 +01:00
Code Issues Releases Wiki Activity

Consolidate HTTP header access

Browse source 
Summary: Route all `$_SERVER['HTTP_...']` stuff through AphrontRequest (it would be nice to make this non-static, but the stack is a bit tangled right now...)

Test Plan: Verified CSRF and cascading profiling. `var_dump()`'d User-Agent and Referer and verified they are populated and returned correct values when accessed. Restarted server to trigger setup checks.

Reviewers: vrana

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4888
This commit is contained in:
epriestley 2013-02-09 15:01:57 -08:00
parent f5827871d5
commit 879c14e13a
7 changed files with 20 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
src/aphront/AphrontRequest.php
View file

@ -199,15 +199,7 @@ final class AphrontRequest {
// No token in the request, check the HTTP header which is added for Ajax // No token in the request, check the HTTP header which is added for Ajax
// requests. // requests.
if (empty($token)) { if (empty($token)) {
$token = self::getHTTPHeader(self::getCSRFHeaderName());
// PHP mangles HTTP headers by uppercasing them and replacing hyphens with
// underscores, then prepending 'HTTP_'.
$php_index = self::getCSRFHeaderName();
$php_index = strtoupper($php_index);
$php_index = str_replace('-', '_', $php_index);
$php_index = 'HTTP_'.$php_index;
$token = idx($_SERVER, $php_index);
} }
$valid = $this->getUser()->validateCSRFToken($token); $valid = $this->getUser()->validateCSRFToken($token);
@ -430,4 +422,14 @@ final class AphrontRequest {
} }
public static function getHTTPHeader($name, $default = null) {
// PHP mangles HTTP headers by uppercasing them and replacing hyphens with
// underscores, then prepending 'HTTP_'.
$php_index = strtoupper($name);
$php_index = str_replace('-', '_', $php_index);
$php_index = 'HTTP_'.$php_index;
return idx($_SERVER, $php_index, $default);
}
} }

9
src/aphront/console/plugin/xhprof/DarkConsoleXHProfPluginAPI.php
View file

@ -22,12 +22,9 @@ final class DarkConsoleXHProfPluginAPI {
return $_REQUEST['__profile__']; return $_REQUEST['__profile__'];
} }
$header = self::getProfilerHeader(); $header = AphrontRequest::getHTTPHeader(self::getProfilerHeader());
$header = strtoupper($header); if ($header) {
$header = str_replace('-', '_', $header); return $header;
$header = 'HTTP_'.$header;
if (!empty($_SERVER[$header])) {
return $_SERVER[$header];
} }
static $profilerRequested = null; static $profilerRequested = null;

2
src/applications/config/check/PhabricatorSetupCheckBaseURI.php
View file

@ -5,7 +5,7 @@ final class PhabricatorSetupCheckBaseURI extends PhabricatorSetupCheck {
protected function executeChecks() { protected function executeChecks() {
$base_uri = PhabricatorEnv::getEnvConfig('phabricator.base-uri'); $base_uri = PhabricatorEnv::getEnvConfig('phabricator.base-uri');
if (strpos($_SERVER['HTTP_HOST'], '.') === false) { if (strpos(AphrontRequest::getHTTPHeader('Host'), '.') === false) {
$summary = pht( $summary = pht(
'The domain does not contain a dot. This is necessary for some web '. 'The domain does not contain a dot. This is necessary for some web '.
'browsers to be able to set cookies.'); 'browsers to be able to set cookies.');

2
src/applications/people/storage/PhabricatorUserLog.php
View file

@ -75,7 +75,7 @@ final class PhabricatorUserLog extends PhabricatorUserDAO {
$this->setSession(idx($_COOKIE, 'phsid')); $this->setSession(idx($_COOKIE, 'phsid'));
} }
$this->details['host'] = php_uname('n'); $this->details['host'] = php_uname('n');
$this->details['user_agent'] = idx($_SERVER, 'HTTP_USER_AGENT'); $this->details['user_agent'] = AphrontRequest::getHTTPHeader('User-Agent');
return parent::save(); return parent::save();
} }

2
src/infrastructure/celerity/CelerityResourceController.php
View file

@ -34,7 +34,7 @@ abstract class CelerityResourceController extends PhabricatorController {
throw new Exception("Only static resources may be served."); throw new Exception("Only static resources may be served.");
} }
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && if (AphrontRequest::getHTTPHeader('If-Modified-Since') &&
!PhabricatorEnv::getEnvConfig('phabricator.developer-mode')) { !PhabricatorEnv::getEnvConfig('phabricator.developer-mode')) {
// Return a "304 Not Modified". We don't care about the value of this // Return a "304 Not Modified". We don't care about the value of this
// field since we never change what resource is served by a given URI. // field since we never change what resource is served by a given URI.

2
src/view/page/PhabricatorStandardPageView.php
View file

@ -367,7 +367,7 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView {
$classes[] = 'phabricator-chromeless-page'; $classes[] = 'phabricator-chromeless-page';
} }
$agent = idx($_SERVER, 'HTTP_USER_AGENT'); $agent = AphrontRequest::getHTTPHeader('User-Agent');
// Try to guess the device resolution based on UA strings to avoid a flash // Try to guess the device resolution based on UA strings to avoid a flash
// of incorrectly-styled content. // of incorrectly-styled content.

4
webroot/index.php
View file

@ -15,7 +15,7 @@ try {
PhabricatorStartup::setGlobal('log.access', $access_log); PhabricatorStartup::setGlobal('log.access', $access_log);
$access_log->setData( $access_log->setData(
array( array(
'R' => idx($_SERVER, 'HTTP_REFERER', '-'), 'R' => AphrontRequest::getHTTPHeader('Referer', '-'),
'r' => idx($_SERVER, 'REMOTE_ADDR', '-'), 'r' => idx($_SERVER, 'REMOTE_ADDR', '-'),
'M' => idx($_SERVER, 'REQUEST_METHOD', '-'), 'M' => idx($_SERVER, 'REQUEST_METHOD', '-'),
)); ));
@ -34,7 +34,7 @@ try {
return; return;
} }
$host = $_SERVER['HTTP_HOST']; $host = AphrontRequest::getHTTPHeader('Host');
$path = $_REQUEST['__path__']; $path = $_REQUEST['__path__'];
switch ($host) { switch ($host) {