Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.

Differences Between: [Versions 401 and 403]

   1  <?php
   2  
   3  namespace PhpXmlRpc\Helper;
   4  
   5  use PhpXmlRpc\Exception\HttpException;
   6  use PhpXmlRpc\PhpXmlRpc;
   7  use PhpXmlRpc\Traits\LoggerAware;
   8  
   9  class Http
  10  {
  11      use LoggerAware;
  12  
  13      /**
  14       * Decode a string that is encoded with "chunked" transfer encoding as defined in rfc2068 par. 19.4.6.
  15       * Code shamelessly stolen from nusoap library by Dietrich Ayala.
  16       * @internal this function will become protected in the future
  17       *
  18       * @param string $buffer the string to be decoded
  19       * @return string
  20       */
  21      public static function decodeChunked($buffer)
  22      {
  23          // length := 0
  24          $length = 0;
  25          $new = '';
  26  
  27          // read chunk-size, chunk-extension (if any) and crlf
  28          // get the position of the linebreak
  29          $chunkEnd = strpos($buffer, "\r\n") + 2;
  30          $temp = substr($buffer, 0, $chunkEnd);
  31          $chunkSize = hexdec(trim($temp));
  32          $chunkStart = $chunkEnd;
  33          while ($chunkSize > 0) {
  34              $chunkEnd = strpos($buffer, "\r\n", $chunkStart + $chunkSize);
  35  
  36              // just in case we got a broken connection
  37              if ($chunkEnd == false) {
  38                  $chunk = substr($buffer, $chunkStart);
  39                  // append chunk-data to entity-body
  40                  $new .= $chunk;
  41                  $length += strlen($chunk);
  42                  break;
  43              }
  44  
  45              // read chunk-data and crlf
  46              $chunk = substr($buffer, $chunkStart, $chunkEnd - $chunkStart);
  47              // append chunk-data to entity-body
  48              $new .= $chunk;
  49              // length := length + chunk-size
  50              $length += strlen($chunk);
  51              // read chunk-size and crlf
  52              $chunkStart = $chunkEnd + 2;
  53  
  54              $chunkEnd = strpos($buffer, "\r\n", $chunkStart) + 2;
  55              if ($chunkEnd == false) {
  56                  break; // just in case we got a broken connection
  57              }
  58              $temp = substr($buffer, $chunkStart, $chunkEnd - $chunkStart);
  59              $chunkSize = hexdec(trim($temp));
  60              $chunkStart = $chunkEnd;
  61          }
  62  
  63          return $new;
  64      }
  65  
  66      /**
  67       * Parses HTTP an http response's headers and separates them from the body.
  68       *
  69       * @param string $data the http response, headers and body. It will be stripped of headers
  70       * @param bool $headersProcessed when true, we assume that response inflating and dechunking has been already carried out
  71       * @param int $debug when > 0, logs to screen messages detailing info about the parsed data
  72       * @return array with keys 'headers', 'cookies', 'raw_data' and 'status_code'
  73       * @throws HttpException
  74       *
  75       * @todo if $debug is < 0, we could avoid populating 'raw_data' and 'headers' in the returned value - but that would
  76       *       be a weird API...
  77       */
  78      public function parseResponseHeaders(&$data, $headersProcessed = false, $debug = 0)
  79      {
  80          $httpResponse = array('raw_data' => $data, 'headers'=> array(), 'cookies' => array(), 'status_code' => null);
  81  
  82          // Support "web-proxy-tunnelling" connections for https through proxies
  83          if (preg_match('/^HTTP\/1\.[0-1] 200 Connection established/', $data)) {
  84              // Look for CR/LF or simple LF as line separator (even though it is not valid http)
  85              $pos = strpos($data, "\r\n\r\n");
  86              if ($pos || is_int($pos)) {
  87                  $bd = $pos + 4;
  88              } else {
  89                  $pos = strpos($data, "\n\n");
  90                  if ($pos || is_int($pos)) {
  91                      $bd = $pos + 2;
  92                  } else {
  93                      // No separation between response headers and body: fault?
  94                      $bd = 0;
  95                  }
  96              }
  97              if ($bd) {
  98                  // this filters out all http headers from proxy. maybe we could take them into account, too?
  99                  $data = substr($data, $bd);
 100              } else {
 101                  $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': HTTPS via proxy error, tunnel connection possibly failed');
 102                  throw new HttpException(PhpXmlRpc::$xmlrpcstr['http_error'] . ' (HTTPS via proxy error, tunnel connection possibly failed)', PhpXmlRpc::$xmlrpcerr['http_error']);
 103              }
 104          }
 105  
 106          // Strip HTTP 1.1 100 Continue header if present
 107          while (preg_match('/^HTTP\/1\.1 1[0-9]{2} /', $data)) {
 108              $pos = strpos($data, 'HTTP', 12);
 109              // server sent a Continue header without any (valid) content following...
 110              // give the client a chance to know it
 111              if (!$pos && !is_int($pos)) {
 112                  /// @todo this construct works fine in php 3, 4 and 5 - 8; would it not be enough to have !== false now ?
 113  
 114                  break;
 115              }
 116              $data = substr($data, $pos);
 117          }
 118  
 119          // When using Curl to query servers using Digest Auth, we get back a double set of http headers.
 120          // Same when following redirects
 121          // We strip out the 1st...
 122          /// @todo we should let the caller know that there was a redirect involved
 123          if ($headersProcessed && preg_match('/^HTTP\/[0-9](?:\.[0-9])? (?:401|30[1278]) /', $data)) {
 124              if (preg_match('/(\r?\n){2}HTTP\/[0-9](?:\.[0-9])? 200 /', $data)) {
 125                  $data = preg_replace('/^HTTP\/[0-9](?:\.[0-9])? (?:401|30[1278]) .+?(?:\r?\n){2}(HTTP\/[0-9.]+ 200 )/s', '$1', $data, 1);
 126              }
 127          }
 128  
 129          if (preg_match('/^HTTP\/([0-9](?:\.[0-9])?) ([0-9]{3}) /', $data, $matches)) {
 130              $httpResponse['protocol_version'] = $matches[1];
 131              $httpResponse['status_code'] = $matches[2];
 132          }
 133  
 134          if ($httpResponse['status_code'] !== '200') {
 135              $errstr = substr($data, 0, strpos($data, "\n") - 1);
 136              $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': HTTP error, got response: ' . $errstr);
 137              throw new HttpException(PhpXmlRpc::$xmlrpcstr['http_error'] . ' (' . $errstr . ')', PhpXmlRpc::$xmlrpcerr['http_error'], null, $httpResponse['status_code']);
 138          }
 139  
 140          // be tolerant to usage of \n instead of \r\n to separate headers and data (even though it is not valid http)
 141          $pos = strpos($data, "\r\n\r\n");
 142          if ($pos || is_int($pos)) {
 143              $bd = $pos + 4;
 144          } else {
 145              $pos = strpos($data, "\n\n");
 146              if ($pos || is_int($pos)) {
 147                  $bd = $pos + 2;
 148              } else {
 149                  // No separation between response headers and body: fault?
 150                  // we could take some action here instead of going on...
 151                  $bd = 0;
 152              }
 153          }
 154  
 155          // be tolerant to line endings, and extra empty lines
 156          $ar = preg_split("/\r?\n/", trim(substr($data, 0, $pos)));
 157  
 158          foreach ($ar as $line) {
 159              // take care of (multi-line) headers and cookies
 160              $arr = explode(':', $line, 2);
 161              if (count($arr) > 1) {
 162                  /// @todo according to https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4, we should reject with error
 163                  ///       400 any messages where a space is present between the header name and colon
 164                  $headerName = strtolower(trim($arr[0]));
 165                  if ($headerName == 'set-cookie') {
 166                      $cookie = $arr[1];
 167                      // glue together all received cookies, using a comma to separate them (same as php does with getallheaders())
 168                      if (isset($httpResponse['headers'][$headerName])) {
 169                          $httpResponse['headers'][$headerName] .= ', ' . trim($cookie);
 170                      } else {
 171                          $httpResponse['headers'][$headerName] = trim($cookie);
 172                      }
 173                      // parse cookie attributes, in case user wants to correctly honour them
 174                      // @todo support for server sending multiple time cookie with same name, but using different PATHs
 175                      $cookie = explode(';', $cookie);
 176                      foreach ($cookie as $pos => $val) {
 177                          $val = explode('=', $val, 2);
 178                          $tag = trim($val[0]);
 179                          $val = isset($val[1]) ? trim($val[1]) : '';
 180                          if ($pos === 0) {
 181                              $cookieName = $tag;
 182                              // if present, we have strip leading and trailing " chars from $val
 183                              if (preg_match('/^"(.*)"$/', $val, $matches)) {
 184                                  $val = $matches[1];
 185                              }
 186                              $httpResponse['cookies'][$cookieName] = array('value' => urldecode($val));
 187                          } else {
 188                              $httpResponse['cookies'][$cookieName][$tag] = $val;
 189                          }
 190                      }
 191                  } else {
 192                      /// @todo some other headers (the ones that allow a CSV list of values) do allow many values to be
 193                      ///       passed using multiple header lines.
 194                      ///       We should add content to $xmlrpc->_xh['headers'][$headerName] instead of replacing it for those...
 195                      $httpResponse['headers'][$headerName] = trim($arr[1]);
 196                  }
 197              } elseif (isset($headerName)) {
 198                  /// @todo improve this: 1. check that the line starts with a space or tab; 2. according to
 199                  ///       https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4, we should flat out refuse these messages
 200                  $httpResponse['headers'][$headerName] .= ' ' . trim($line);
 201              }
 202          }
 203  
 204          $data = substr($data, $bd);
 205  
 206          if ($debug && count($httpResponse['headers'])) {
 207              $msg = '';
 208              foreach ($httpResponse['headers'] as $header => $value) {
 209                  $msg .= "HEADER: $header: $value\n";
 210              }
 211              foreach ($httpResponse['cookies'] as $header => $value) {
 212                  $msg .= "COOKIE: $header={$value['value']}\n";
 213              }
 214              $this->getLogger()->debug($msg);
 215          }
 216  
 217          // if CURL was used for the call, http headers have been processed, and dechunking + reinflating have been carried out
 218          if (!$headersProcessed) {
 219  
 220              // Decode chunked encoding sent by http 1.1 servers
 221              if (isset($httpResponse['headers']['transfer-encoding']) && $httpResponse['headers']['transfer-encoding'] == 'chunked') {
 222                  if (!$data = static::decodeChunked($data)) {
 223                      $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': errors occurred when trying to rebuild the chunked data received from server');
 224                      throw new HttpException(PhpXmlRpc::$xmlrpcstr['dechunk_fail'], PhpXmlRpc::$xmlrpcerr['dechunk_fail'], null, $httpResponse['status_code']);
 225                  }
 226              }
 227  
 228              // Decode gzip-compressed stuff
 229              // code shamelessly inspired from nusoap library by Dietrich Ayala
 230              if (isset($httpResponse['headers']['content-encoding'])) {
 231                  $httpResponse['headers']['content-encoding'] = str_replace('x-', '', $httpResponse['headers']['content-encoding']);
 232                  if ($httpResponse['headers']['content-encoding'] == 'deflate' || $httpResponse['headers']['content-encoding'] == 'gzip') {
 233                      // if decoding works, use it. else assume data wasn't gzencoded
 234                      if (function_exists('gzinflate')) {
 235                          if ($httpResponse['headers']['content-encoding'] == 'deflate' && $degzdata = @gzuncompress($data)) {
 236                              $data = $degzdata;
 237                              if ($debug) {
 238                                  $this->getLogger()->debug("---INFLATED RESPONSE---[" . strlen($data) . " chars]---\n$data\n---END---");
 239                              }
 240                          } elseif ($httpResponse['headers']['content-encoding'] == 'gzip' && $degzdata = @gzinflate(substr($data, 10))) {
 241                              $data = $degzdata;
 242                              if ($debug) {
 243                                  $this->getLogger()->debug("---INFLATED RESPONSE---[" . strlen($data) . " chars]---\n$data\n---END---");
 244                              }
 245                          } else {
 246                              $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': errors occurred when trying to decode the deflated data received from server');
 247                              throw new HttpException(PhpXmlRpc::$xmlrpcstr['decompress_fail'], PhpXmlRpc::$xmlrpcerr['decompress_fail'], null, $httpResponse['status_code']);
 248                          }
 249                      } else {
 250                          $this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': the server sent deflated data. Your php install must have the Zlib extension compiled in to support this.');
 251                          throw new HttpException(PhpXmlRpc::$xmlrpcstr['cannot_decompress'], PhpXmlRpc::$xmlrpcerr['cannot_decompress'], null, $httpResponse['status_code']);
 252                      }
 253                  }
 254              }
 255          } // end of 'if needed, de-chunk, re-inflate response'
 256  
 257          return $httpResponse;
 258      }
 259  
 260      /**
 261       * Parses one of the http headers which can have a list of values with quality param.
 262       * @see https://www.rfc-editor.org/rfc/rfc7231#section-5.3.1
 263       *
 264       * @param string $header
 265       * @return string[]
 266       */
 267      public function parseAcceptHeader($header)
 268      {
 269          $accepted = array();
 270          foreach(explode(',', $header) as $c) {
 271              if (preg_match('/^([^;]+); *q=([0-9.]+)/', $c, $matches)) {
 272                  $c = $matches[1];
 273                  $w = $matches[2];
 274              } else {
 275                  $c = preg_replace('/;.*/', '', $c);
 276                  $w = 1;
 277              }
 278              $accepted[(trim($c))] = $w;
 279          }
 280          arsort($accepted);
 281          return array_keys($accepted);
 282      }
 283  }