Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 3.11.x will end 14 Nov 2022 (12 months plus 6 months extension).
- Bug fixes for security issues in 3.11.x will end 13 Nov 2023 (18 months plus 12 months extension).
- PHP version: minimum PHP 7.3.0 Note: minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is supported too.
1 <?php 2 3 /** 4 * Licensed to Jasig under one or more contributor license 5 * agreements. See the NOTICE file distributed with this work for 6 * additional information regarding copyright ownership. 7 * 8 * Jasig licenses this file to you under the Apache License, 9 * Version 2.0 (the "License"); you may not use this file except in 10 * compliance with the License. You may obtain a copy of the License at: 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, 16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 * See the License for the specific language governing permissions and 18 * limitations under the License. 19 * 20 * PHP Version 7 21 * 22 * @file CAS/ServiceBaseUrl/AllowedListDiscovery.php 23 * @category Authentication 24 * @package PhpCAS 25 * @author Henry Pan <git@phy25.com> 26 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 27 * @link https://wiki.jasig.org/display/CASC/phpCAS 28 */ 29 30 31 /** 32 * Class that gets the service base URL of the PHP server by HTTP header 33 * discovery and allowlist check. This is used to generate service URL 34 * and PGT callback URL. 35 * 36 * @class CAS_ServiceBaseUrl_AllowedListDiscovery 37 * @category Authentication 38 * @package PhpCAS 39 * @author Henry Pan <git@phy25.com> 40 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 41 * @link https://wiki.jasig.org/display/CASC/phpCAS 42 */ 43 44 class CAS_ServiceBaseUrl_AllowedListDiscovery 45 extends CAS_ServiceBaseUrl_Base 46 { 47 private $_list = array(); 48 49 public function __construct($list) { 50 if (is_array($list)) { 51 if (count($list) === 0) { 52 throw new CAS_InvalidArgumentException('$list should not be empty'); 53 } 54 foreach ($list as $value) { 55 $this->allow($value); 56 } 57 } else { 58 throw new CAS_TypeMismatchException($list, '$list', 'array'); 59 } 60 } 61 62 /** 63 * Add a base URL to the allowed list. 64 * 65 * @param $url protocol, host name and port to add to the allowed list 66 * 67 * @return void 68 */ 69 public function allow($url) 70 { 71 $this->_list[] = $this->removeStandardPort($url); 72 } 73 74 /** 75 * Check if the server name is allowed by configuration. 76 * 77 * @param $name server name to check 78 * 79 * @return bool whether the allowed list contains the server name 80 */ 81 protected function isAllowed($name) 82 { 83 return in_array($name, $this->_list); 84 } 85 86 /** 87 * Discover the server name through HTTP headers. 88 * 89 * We read: 90 * - HTTP header X-Forwarded-Host 91 * - HTTP header X-Forwarded-Server and X-Forwarded-Port 92 * - HTTP header Host and SERVER_PORT 93 * - PHP SERVER_NAME (which can change based on the HTTP server used) 94 * 95 * The standard port will be omitted (80 for HTTP, 443 for HTTPS). 96 * 97 * @return string the discovered, unsanitized server protocol, hostname and port 98 */ 99 protected function discover() 100 { 101 $isHttps = $this->isHttps(); 102 $protocol = $isHttps ? 'https' : 'http'; 103 $protocol .= '://'; 104 if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) { 105 // explode the host list separated by comma and use the first host 106 $hosts = explode(',', $_SERVER['HTTP_X_FORWARDED_HOST']); 107 // see rfc7239#5.3 and rfc7230#2.7.1: port is in HTTP_X_FORWARDED_HOST if non default 108 return $protocol . $hosts[0]; 109 } else if (!empty($_SERVER['HTTP_X_FORWARDED_SERVER'])) { 110 $server_url = $_SERVER['HTTP_X_FORWARDED_SERVER']; 111 } else { 112 if (empty($_SERVER['SERVER_NAME'])) { 113 $server_url = $_SERVER['HTTP_HOST']; 114 } else { 115 $server_url = $_SERVER['SERVER_NAME']; 116 } 117 } 118 if (!strpos($server_url, ':')) { 119 if (empty($_SERVER['HTTP_X_FORWARDED_PORT'])) { 120 $server_port = $_SERVER['SERVER_PORT']; 121 } else { 122 $ports = explode(',', $_SERVER['HTTP_X_FORWARDED_PORT']); 123 $server_port = $ports[0]; 124 } 125 126 $server_url .= ':'; 127 $server_url .= $server_port; 128 } 129 return $protocol . $server_url; 130 } 131 132 /** 133 * Get PHP server base URL. 134 * 135 * @return string the server protocol, hostname and port 136 */ 137 public function get() 138 { 139 phpCAS::traceBegin(); 140 $result = $this->removeStandardPort($this->discover()); 141 phpCAS::trace("Discovered server base URL: " . $result); 142 if ($this->isAllowed($result)) { 143 phpCAS::trace("Server base URL is allowed"); 144 phpCAS::traceEnd(true); 145 } else { 146 $result = $this->_list[0]; 147 phpCAS::trace("Server base URL is not allowed, using default: " . $result); 148 phpCAS::traceEnd(false); 149 } 150 return $result; 151 } 152 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
