Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
- Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
- PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.
/lib/classes/local/guzzle/ -> check_request.php (source)
Differences Between: [Versions 402 and 403]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 namespace core\local\guzzle; 18 19 use core\files\curl_security_helper_base; 20 use GuzzleHttp\Exception\RequestException; 21 use Psr\Http\Message\RequestInterface; 22 use GuzzleHttp\Promise\PromiseInterface; 23 24 /** 25 * Class to check request against curl security helper. 26 * 27 * @package core 28 * @copyright 2022 Andrew Lyons <andrew@nicols.co.uk> 29 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 30 */ 31 class check_request { 32 33 /** @var curl_security_helper_base The helper to use */ 34 protected $securityhelper; 35 36 /** @var array The settings for the request */ 37 protected $settings; 38 39 /** 40 * Initial setup for the request. 41 * 42 * @param array $settings 43 * @return callable 44 */ 45 public static function setup(array $settings): callable { 46 return static function (callable $handler) use ($settings): self { 47 return new self($handler, $settings); 48 }; 49 } 50 51 /** 52 * The following handler. 53 * 54 * @var callable(RequestInterface, array): PromiseInterface 55 */ 56 private $nexthandler; 57 58 /** 59 * Check request constructor. 60 * 61 * @param callable $next The following handler 62 * @param array $settings The settings of the request 63 */ 64 public function __construct(callable $next, array $settings) { 65 $this->nexthandler = $next; 66 $this->settings = $settings; 67 } 68 69 /** 70 * Set the security according to the settings. 71 * 72 * @param curl_security_helper_base $securityhelper The security helper to use 73 * @return void 74 */ 75 protected function set_security(curl_security_helper_base $securityhelper): void { 76 $this->securityhelper = $securityhelper; 77 } 78 79 /** 80 * Curl security setup. 81 * 82 * @param RequestInterface $request The request interface 83 * @param array $options The options from the request 84 * @return PromiseInterface 85 */ 86 public function __invoke(RequestInterface $request, array $options): PromiseInterface { 87 global $USER; 88 89 $fn = $this->nexthandler; 90 $settings = $this->settings; 91 92 if (!empty($settings['ignoresecurity'])) { 93 return $fn($request, $options); 94 } 95 96 // Curl security setup. Allow injection of a security helper, but if not found, default to the core helper. 97 if (isset($settings['securityhelper']) && $settings['securityhelper'] instanceof \core\files\curl_security_helper_base) { 98 $this->set_security($settings['securityhelper']); 99 } else { 100 $this->set_security(new \core\files\curl_security_helper()); 101 } 102 103 if ($this->securityhelper->url_is_blocked((string) $request->getUri())) { 104 $msg = $this->securityhelper->get_blocked_url_string(); 105 debugging( 106 sprintf('Blocked %s [user %d]', $msg, $USER->id), 107 DEBUG_NONE 108 ); 109 110 throw new RequestException($msg, $request); 111 } 112 113 return $fn($request, $options); 114 } 115 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
