Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 4.2.x will end 22 April 2024 (12 months).
- Bug fixes for security issues in 4.2.x will end 7 October 2024 (18 months).
- PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.1.x is supported too.
/lib/classes/local/guzzle/ -> check_request.php (source)
Differences Between: [Versions 402 and 403]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 namespace core\local\guzzle; 18 19 use core\files\curl_security_helper_base; 20 use GuzzleHttp\Exception\RequestException; 21 use Psr\Http\Message\RequestInterface; 22 use GuzzleHttp\Promise\PromiseInterface; 23 24 /** 25 * Class to check request against curl security helper. 26 * 27 * @package core 28 * @copyright 2022 Andrew Lyons <andrew@nicols.co.uk> 29 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 30 */ 31 class check_request { 32 33 /** @var curl_security_helper_base The helper to use */ 34 protected $securityhelper; 35 36 /** @var array The settings for the request */ 37 protected $settings; 38 39 /** 40 * Initial setup for the request. 41 * 42 * @param array $settings 43 * @return callable 44 */ 45 public static function setup(array $settings): callable { 46 return static function (callable $handler) use ($settings): self { 47 return new self($handler, $settings); 48 }; 49 } 50 51 /** 52 * The following handler. 53 * 54 * @var callable(RequestInterface, array): PromiseInterface 55 */ 56 private $nexthandler; 57 58 /** 59 * Check request constructor. 60 * 61 * @param callable $next The following handler 62 * @param array $settings The settings of the request 63 */ 64 public function __construct(callable $next, array $settings) { 65 $this->nexthandler = $next; 66 $this->settings = $settings; 67 } 68 69 /** 70 * Set the security according to the settings. 71 * 72 * @param curl_security_helper_base $securityhelper The security helper to use 73 * @return void 74 */ 75 protected function set_security(curl_security_helper_base $securityhelper): void { 76 $this->securityhelper = $securityhelper; 77 } 78 79 /** 80 * Curl security setup. 81 * 82 * @param RequestInterface $request The request interface 83 * @param array $options The options from the request 84 * @return PromiseInterface 85 */ 86 public function __invoke(RequestInterface $request, array $options): PromiseInterface { 87 $fn = $this->nexthandler; 88 $settings = $this->settings; 89 90 if (!empty($settings['ignoresecurity'])) { 91 return $fn($request, $options); 92 } 93 94 // Curl security setup. Allow injection of a security helper, but if not found, default to the core helper. 95 if (isset($settings['securityhelper']) && $settings['securityhelper'] instanceof \core\files\curl_security_helper_base) { 96 $this->set_security($settings['securityhelper']); 97 } else { 98 $this->set_security(new \core\files\curl_security_helper()); 99 } 100 101 if ($this->securityhelper->url_is_blocked((string) $request->getUri())) { 102 throw new RequestException($this->securityhelper->get_blocked_url_string(), $request); 103 } 104 105 return $fn($request, $options); 106 } 107 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
