Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
- Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
- PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.
/lib/phpxmlrpc/Helper/ -> Http.php (source)
Differences Between: [Versions 401 and 403]
1 <?php 2 3 namespace PhpXmlRpc\Helper; 4 5 use PhpXmlRpc\Exception\HttpException; 6 use PhpXmlRpc\PhpXmlRpc; 7 use PhpXmlRpc\Traits\LoggerAware; 8 9 class Http 10 { 11 use LoggerAware; 12 13 /** 14 * Decode a string that is encoded with "chunked" transfer encoding as defined in rfc2068 par. 19.4.6. 15 * Code shamelessly stolen from nusoap library by Dietrich Ayala. 16 * @internal this function will become protected in the future 17 * 18 * @param string $buffer the string to be decoded 19 * @return string 20 */ 21 public static function decodeChunked($buffer) 22 { 23 // length := 0 24 $length = 0; 25 $new = ''; 26 27 // read chunk-size, chunk-extension (if any) and crlf 28 // get the position of the linebreak 29 $chunkEnd = strpos($buffer, "\r\n") + 2; 30 $temp = substr($buffer, 0, $chunkEnd); 31 $chunkSize = hexdec(trim($temp)); 32 $chunkStart = $chunkEnd; 33 while ($chunkSize > 0) { 34 $chunkEnd = strpos($buffer, "\r\n", $chunkStart + $chunkSize); 35 36 // just in case we got a broken connection 37 if ($chunkEnd == false) { 38 $chunk = substr($buffer, $chunkStart); 39 // append chunk-data to entity-body 40 $new .= $chunk; 41 $length += strlen($chunk); 42 break; 43 } 44 45 // read chunk-data and crlf 46 $chunk = substr($buffer, $chunkStart, $chunkEnd - $chunkStart); 47 // append chunk-data to entity-body 48 $new .= $chunk; 49 // length := length + chunk-size 50 $length += strlen($chunk); 51 // read chunk-size and crlf 52 $chunkStart = $chunkEnd + 2; 53 54 $chunkEnd = strpos($buffer, "\r\n", $chunkStart) + 2; 55 if ($chunkEnd == false) { 56 break; // just in case we got a broken connection 57 } 58 $temp = substr($buffer, $chunkStart, $chunkEnd - $chunkStart); 59 $chunkSize = hexdec(trim($temp)); 60 $chunkStart = $chunkEnd; 61 } 62 63 return $new; 64 } 65 66 /** 67 * Parses HTTP an http response's headers and separates them from the body. 68 * 69 * @param string $data the http response, headers and body. It will be stripped of headers 70 * @param bool $headersProcessed when true, we assume that response inflating and dechunking has been already carried out 71 * @param int $debug when > 0, logs to screen messages detailing info about the parsed data 72 * @return array with keys 'headers', 'cookies', 'raw_data' and 'status_code' 73 * @throws HttpException 74 * 75 * @todo if $debug is < 0, we could avoid populating 'raw_data' and 'headers' in the returned value - but that would 76 * be a weird API... 77 */ 78 public function parseResponseHeaders(&$data, $headersProcessed = false, $debug = 0) 79 { 80 $httpResponse = array('raw_data' => $data, 'headers'=> array(), 'cookies' => array(), 'status_code' => null); 81 82 // Support "web-proxy-tunnelling" connections for https through proxies 83 if (preg_match('/^HTTP\/1\.[0-1] 200 Connection established/', $data)) { 84 // Look for CR/LF or simple LF as line separator (even though it is not valid http) 85 $pos = strpos($data, "\r\n\r\n"); 86 if ($pos || is_int($pos)) { 87 $bd = $pos + 4; 88 } else { 89 $pos = strpos($data, "\n\n"); 90 if ($pos || is_int($pos)) { 91 $bd = $pos + 2; 92 } else { 93 // No separation between response headers and body: fault? 94 $bd = 0; 95 } 96 } 97 if ($bd) { 98 // this filters out all http headers from proxy. maybe we could take them into account, too? 99 $data = substr($data, $bd); 100 } else { 101 $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': HTTPS via proxy error, tunnel connection possibly failed'); 102 throw new HttpException(PhpXmlRpc::$xmlrpcstr['http_error'] . ' (HTTPS via proxy error, tunnel connection possibly failed)', PhpXmlRpc::$xmlrpcerr['http_error']); 103 } 104 } 105 106 // Strip HTTP 1.1 100 Continue header if present 107 while (preg_match('/^HTTP\/1\.1 1[0-9]{2} /', $data)) { 108 $pos = strpos($data, 'HTTP', 12); 109 // server sent a Continue header without any (valid) content following... 110 // give the client a chance to know it 111 if (!$pos && !is_int($pos)) { 112 /// @todo this construct works fine in php 3, 4 and 5 - 8; would it not be enough to have !== false now ? 113 114 break; 115 } 116 $data = substr($data, $pos); 117 } 118 119 // When using Curl to query servers using Digest Auth, we get back a double set of http headers. 120 // Same when following redirects 121 // We strip out the 1st... 122 /// @todo we should let the caller know that there was a redirect involved 123 if ($headersProcessed && preg_match('/^HTTP\/[0-9](?:\.[0-9])? (?:401|30[1278]) /', $data)) { 124 if (preg_match('/(\r?\n){2}HTTP\/[0-9](?:\.[0-9])? 200 /', $data)) { 125 $data = preg_replace('/^HTTP\/[0-9](?:\.[0-9])? (?:401|30[1278]) .+?(?:\r?\n){2}(HTTP\/[0-9.]+ 200 )/s', '$1', $data, 1); 126 } 127 } 128 129 if (preg_match('/^HTTP\/([0-9](?:\.[0-9])?) ([0-9]{3}) /', $data, $matches)) { 130 $httpResponse['protocol_version'] = $matches[1]; 131 $httpResponse['status_code'] = $matches[2]; 132 } 133 134 if ($httpResponse['status_code'] !== '200') { 135 $errstr = substr($data, 0, strpos($data, "\n") - 1); 136 $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': HTTP error, got response: ' . $errstr); 137 throw new HttpException(PhpXmlRpc::$xmlrpcstr['http_error'] . ' (' . $errstr . ')', PhpXmlRpc::$xmlrpcerr['http_error'], null, $httpResponse['status_code']); 138 } 139 140 // be tolerant to usage of \n instead of \r\n to separate headers and data (even though it is not valid http) 141 $pos = strpos($data, "\r\n\r\n"); 142 if ($pos || is_int($pos)) { 143 $bd = $pos + 4; 144 } else { 145 $pos = strpos($data, "\n\n"); 146 if ($pos || is_int($pos)) { 147 $bd = $pos + 2; 148 } else { 149 // No separation between response headers and body: fault? 150 // we could take some action here instead of going on... 151 $bd = 0; 152 } 153 } 154 155 // be tolerant to line endings, and extra empty lines 156 $ar = preg_split("/\r?\n/", trim(substr($data, 0, $pos))); 157 158 foreach ($ar as $line) { 159 // take care of (multi-line) headers and cookies 160 $arr = explode(':', $line, 2); 161 if (count($arr) > 1) { 162 /// @todo according to https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4, we should reject with error 163 /// 400 any messages where a space is present between the header name and colon 164 $headerName = strtolower(trim($arr[0])); 165 if ($headerName == 'set-cookie') { 166 $cookie = $arr[1]; 167 // glue together all received cookies, using a comma to separate them (same as php does with getallheaders()) 168 if (isset($httpResponse['headers'][$headerName])) { 169 $httpResponse['headers'][$headerName] .= ', ' . trim($cookie); 170 } else { 171 $httpResponse['headers'][$headerName] = trim($cookie); 172 } 173 // parse cookie attributes, in case user wants to correctly honour them 174 // @todo support for server sending multiple time cookie with same name, but using different PATHs 175 $cookie = explode(';', $cookie); 176 foreach ($cookie as $pos => $val) { 177 $val = explode('=', $val, 2); 178 $tag = trim($val[0]); 179 $val = isset($val[1]) ? trim($val[1]) : ''; 180 if ($pos === 0) { 181 $cookieName = $tag; 182 // if present, we have strip leading and trailing " chars from $val 183 if (preg_match('/^"(.*)"$/', $val, $matches)) { 184 $val = $matches[1]; 185 } 186 $httpResponse['cookies'][$cookieName] = array('value' => urldecode($val)); 187 } else { 188 $httpResponse['cookies'][$cookieName][$tag] = $val; 189 } 190 } 191 } else { 192 /// @todo some other headers (the ones that allow a CSV list of values) do allow many values to be 193 /// passed using multiple header lines. 194 /// We should add content to $xmlrpc->_xh['headers'][$headerName] instead of replacing it for those... 195 $httpResponse['headers'][$headerName] = trim($arr[1]); 196 } 197 } elseif (isset($headerName)) { 198 /// @todo improve this: 1. check that the line starts with a space or tab; 2. according to 199 /// https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4, we should flat out refuse these messages 200 $httpResponse['headers'][$headerName] .= ' ' . trim($line); 201 } 202 } 203 204 $data = substr($data, $bd); 205 206 if ($debug && count($httpResponse['headers'])) { 207 $msg = ''; 208 foreach ($httpResponse['headers'] as $header => $value) { 209 $msg .= "HEADER: $header: $value\n"; 210 } 211 foreach ($httpResponse['cookies'] as $header => $value) { 212 $msg .= "COOKIE: $header={$value['value']}\n"; 213 } 214 $this->getLogger()->debug($msg); 215 } 216 217 // if CURL was used for the call, http headers have been processed, and dechunking + reinflating have been carried out 218 if (!$headersProcessed) { 219 220 // Decode chunked encoding sent by http 1.1 servers 221 if (isset($httpResponse['headers']['transfer-encoding']) && $httpResponse['headers']['transfer-encoding'] == 'chunked') { 222 if (!$data = static::decodeChunked($data)) { 223 $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': errors occurred when trying to rebuild the chunked data received from server'); 224 throw new HttpException(PhpXmlRpc::$xmlrpcstr['dechunk_fail'], PhpXmlRpc::$xmlrpcerr['dechunk_fail'], null, $httpResponse['status_code']); 225 } 226 } 227 228 // Decode gzip-compressed stuff 229 // code shamelessly inspired from nusoap library by Dietrich Ayala 230 if (isset($httpResponse['headers']['content-encoding'])) { 231 $httpResponse['headers']['content-encoding'] = str_replace('x-', '', $httpResponse['headers']['content-encoding']); 232 if ($httpResponse['headers']['content-encoding'] == 'deflate' || $httpResponse['headers']['content-encoding'] == 'gzip') { 233 // if decoding works, use it. else assume data wasn't gzencoded 234 if (function_exists('gzinflate')) { 235 if ($httpResponse['headers']['content-encoding'] == 'deflate' && $degzdata = @gzuncompress($data)) { 236 $data = $degzdata; 237 if ($debug) { 238 $this->getLogger()->debug("---INFLATED RESPONSE---[" . strlen($data) . " chars]---\n$data\n---END---"); 239 } 240 } elseif ($httpResponse['headers']['content-encoding'] == 'gzip' && $degzdata = @gzinflate(substr($data, 10))) { 241 $data = $degzdata; 242 if ($debug) { 243 $this->getLogger()->debug("---INFLATED RESPONSE---[" . strlen($data) . " chars]---\n$data\n---END---"); 244 } 245 } else { 246 $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': errors occurred when trying to decode the deflated data received from server'); 247 throw new HttpException(PhpXmlRpc::$xmlrpcstr['decompress_fail'], PhpXmlRpc::$xmlrpcerr['decompress_fail'], null, $httpResponse['status_code']); 248 } 249 } else { 250 $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': the server sent deflated data. Your php install must have the Zlib extension compiled in to support this.'); 251 throw new HttpException(PhpXmlRpc::$xmlrpcstr['cannot_decompress'], PhpXmlRpc::$xmlrpcerr['cannot_decompress'], null, $httpResponse['status_code']); 252 } 253 } 254 } 255 } // end of 'if needed, de-chunk, re-inflate response' 256 257 return $httpResponse; 258 } 259 260 /** 261 * Parses one of the http headers which can have a list of values with quality param. 262 * @see https://www.rfc-editor.org/rfc/rfc7231#section-5.3.1 263 * 264 * @param string $header 265 * @return string[] 266 */ 267 public function parseAcceptHeader($header) 268 { 269 $accepted = array(); 270 foreach(explode(',', $header) as $c) { 271 if (preg_match('/^([^;]+); *q=([0-9.]+)/', $c, $matches)) { 272 $c = $matches[1]; 273 $w = $matches[2]; 274 } else { 275 $c = preg_replace('/;.*/', '', $c); 276 $w = 1; 277 } 278 $accepted[(trim($c))] = $w; 279 } 280 arsort($accepted); 281 return array_keys($accepted); 282 } 283 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
