projects / GitHub / WoltLab / WCF.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix path of HTTP request if both a proxy and SSL are used
[GitHub/WoltLab/WCF.git] / wcfsetup / install / files / lib / util / HTTPRequest.class.php
1 <?php
2 namespace wcf\util;
3 use wcf\system\exception\HTTPNotFoundException;
4 use wcf\system\exception\HTTPServerErrorException;
5 use wcf\system\exception\HTTPUnauthorizedException;
6 use wcf\system\exception\SystemException;
7 use wcf\system\io\RemoteFile;
8 use wcf\system\Regex;
9 use wcf\system\WCF;
10
11 /**
12 * Sends HTTP/1.1 requests.
13 * It supports POST, SSL, Basic Auth etc.
14 *
15 * @author Tim Duesterhus
16 * @copyright 2001-2015 WoltLab GmbH
17 * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
18 * @package com.woltlab.wcf
19 * @subpackage util
20 * @category Community Framework
21 */
22 final class HTTPRequest {
23 /**
24 * given options
25 * @var array
26 */
27 private $options = array();
28
29 /**
30 * given post parameters
31 * @var array
32 */
33 private $postParameters = array();
34
35 /**
36 * given files
37 * @var array
38 */
39 private $files = array();
40
41 /**
42 * indicates if request will be made via SSL
43 * @var boolean
44 */
45 private $useSSL = false;
46
47 /**
48 * indicates if the connection to the proxy target will be made via SSL
49 * @var boolean
50 */
51 private $originUseSSL = false;
52
53 /**
54 * target host
55 * @var string
56 */
57 private $host;
58
59 /**
60 * target host if a proxy is used
61 * @var string
62 */
63 private $originHost;
64
65 /**
66 * target port
67 * @var integer
68 */
69 private $port;
70
71 /**
72 * target port if a proxy is used
73 * @var integer
74 */
75 private $originPort;
76
77 /**
78 * target path
79 * @var string
80 */
81 private $path;
82
83 /**
84 * target query string
85 * @var string
86 */
87 private $query;
88
89 /**
90 * request URL
91 * @var string
92 */
93 private $url = '';
94
95 /**
96 * request headers
97 * @var array<string>
98 */
99 private $headers = array();
100
101 /**
102 * legacy headers
103 * @var array<string>
104 */
105 private $legacyHeaders = array();
106
107 /**
108 * request body
109 * @var string
110 */
111 private $body = '';
112
113 /**
114 * reply headers
115 * @var array<string>
116 */
117 private $replyHeaders = array();
118
119 /**
120 * reply body
121 * @var string
122 */
123 private $replyBody = '';
124
125 /**
126 * reply status code
127 * @var integer
128 */
129 private $statusCode = 0;
130
131 /**
132 * Constructs a new instance of HTTPRequest.
133 *
134 * @param string $url URL to connect to
135 * @param array<string> $options
136 * @param mixed $postParameters Parameters to send via POST
137 * @param array $files Files to attach to the request
138 */
139 public function __construct($url, array $options = array(), $postParameters = array(), array $files = array()) {
140 $this->setURL($url);
141
142 $this->postParameters = $postParameters;
143 $this->files = $files;
144
145 $this->setOptions($options);
146
147 // set default headers
148 $this->addHeader('user-agent', "HTTP.PHP (HTTPRequest.class.php; WoltLab Community Framework/".WCF_VERSION."; ".WCF::getLanguage()->languageCode.")");
149 $this->addHeader('accept', '*/*');
150 $this->addHeader('accept-language', WCF::getLanguage()->getFixedLanguageCode());
151
152 if (isset($this->options['maxLength'])) {
153 $this->addHeader('Range', 'bytes=0-'.($this->options['maxLength'] - 1));
154 }
155
156 if ($this->options['method'] !== 'GET') {
157 if (empty($this->files)) {
158 if (is_array($postParameters)) {
159 $this->body = http_build_query($this->postParameters, '', '&');
160 }
161 else if (is_string($postParameters) && !empty($postParameters)) {
162 $this->body = $postParameters;
163 }
164
165 $this->addHeader('content-type', 'application/x-www-form-urlencoded');
166 }
167 else {
168 $boundary = StringUtil::getRandomID();
169 $this->addHeader('content-type', 'multipart/form-data; boundary='.$boundary);
170
171 // source of the iterators: http://stackoverflow.com/a/7623716/782822
172 if (!empty($this->postParameters)) {
173 $iterator = new \RecursiveIteratorIterator(new \RecursiveArrayIterator($this->postParameters), \RecursiveIteratorIterator::SELF_FIRST);
174 foreach ($iterator as $k => $v) {
175 if (!$iterator->hasChildren()) {
176 $key = '';
177 for ($i = 0, $max = $iterator->getDepth(); $i <= $max; $i++) {
178 if ($i === 0) $key .= $iterator->getSubIterator($i)->key();
179 else $key .= '['.$iterator->getSubIterator($i)->key().']';
180 }
181
182 $this->body .= "--".$boundary."\r\n";
183 $this->body .= 'Content-Disposition: form-data; name="'.$key.'"'."\r\n\r\n";
184 $this->body .= $v."\r\n";
185 }
186 }
187 }
188
189 $iterator = new \RecursiveIteratorIterator(new \RecursiveArrayIterator($this->files), \RecursiveIteratorIterator::SELF_FIRST);
190 foreach ($iterator as $k => $v) {
191 if (!$iterator->hasChildren()) {
192 $key = '';
193 for ($i = 0, $max = $iterator->getDepth(); $i <= $max; $i++) {
194 if ($i === 0) $key .= $iterator->getSubIterator($i)->key();
195 else $key .= '['.$iterator->getSubIterator($i)->key().']';
196 }
197
198 $this->body .= "--".$boundary."\r\n";
199 $this->body .= 'Content-Disposition: form-data; name="'.$k.'"; filename="'.basename($v).'"'."\r\n";
200 $this->body .= 'Content-Type: '.(FileUtil::getMimeType($v) ?: 'application/octet-stream.')."\r\n\r\n";
201 $this->body .= file_get_contents($v)."\r\n";
202 }
203 }
204
205 $this->body .= "--".$boundary."--";
206 }
207 $this->addHeader('content-length', strlen($this->body));
208 }
209 if (isset($this->options['auth'])) {
210 $this->addHeader('authorization', "Basic ".base64_encode($options['auth']['username'].":".$options['auth']['password']));
211 }
212 $this->addHeader('connection', 'Close');
213 }
214
215 /**
216 * Parses the given URL and applies PROXY_SERVER_HTTP.
217 *
218 * @param string $url
219 */
220 private function setURL($url) {
221 $parsedUrl = $originUrl = parse_url($url);
222
223 $this->originUseSSL = $originUrl['scheme'] === 'https';
224 $this->originHost = $originUrl['host'];
225 $this->originPort = isset($originUrl['port']) ? $originUrl['port'] : ($this->originUseSSL ? 443 : 80);
226
227 if (PROXY_SERVER_HTTP) {
228 $parsedUrl = parse_url(PROXY_SERVER_HTTP);
229 }
230
231 if (PROXY_SERVER_HTTP && !$this->originUseSSL) {
232 $this->path = $url;
233 }
234 else {
235 $this->path = isset($parsedUrl['path']) ? $parsedUrl['path'] : '/';
236 }
237
238 $this->useSSL = $parsedUrl['scheme'] === 'https';
239 $this->host = $parsedUrl['host'];
240 $this->port = isset($parsedUrl['port']) ? $parsedUrl['port'] : ($this->useSSL ? 443 : 80);
241 $this->query = isset($parsedUrl['query']) ? $parsedUrl['query'] : '';
242
243 // update the 'Host:' header if URL has changed
244 if ($this->url != $url) {
245 $this->addHeader('host', $this->originHost.($this->originPort != ($this->originUseSSL ? 443 : 80) ? ':'.$this->originPort : ''));
246 }
247
248 $this->url = $url;
249 }
250
251 /**
252 * Executes the HTTP request.
253 */
254 public function execute() {
255 // connect
256 $remoteFile = new RemoteFile(($this->useSSL ? 'ssl://' : '').$this->host, $this->port, $this->options['timeout'], array(
257 'ssl' => array(
258 'peer_name' => $this->originHost
259 )
260 ));
261
262 if ($this->originUseSSL && PROXY_SERVER_HTTP) {
263 if ($this->useSSL) throw new SystemException("Unable to proxy HTTPS when using TLS for proxy connection");
264
265 $request = "CONNECT ".$this->originHost.":".$this->originPort." HTTP/1.0\r\n";
266 if (isset($this->headers['user-agent'])) {
267 $request .= 'user-agent: '.reset($this->headers['user-agent'])."\r\n";
268 }
269 $request .= "Host: ".$this->originHost.":".$this->originPort."\r\n";
270 $request .= "\r\n";
271 $remoteFile->puts($request);
272 $this->replyHeaders = array();
273 while (!$remoteFile->eof()) {
274 $line = $remoteFile->gets();
275 if (rtrim($line) === '') {
276 $this->parseReplyHeaders();
277
278 break;
279 }
280 $this->replyHeaders[] = $line;
281 }
282 if ($this->statusCode != 200) throw new SystemException("Expected 200 Ok as reply to my CONNECT, got '".$this->statusCode."'");
283 $remoteFile->setTLS(true);
284 }
285
286 $request = $this->options['method']." ".$this->path.($this->query ? '?'.$this->query : '')." HTTP/1.1\r\n";
287
288 // add headers
289 foreach ($this->headers as $name => $values) {
290 foreach ($values as $value) {
291 $request .= $name.": ".$value."\r\n";
292 }
293 }
294 $request .= "\r\n";
295
296 // add post parameters
297 if ($this->options['method'] !== 'GET') $request .= $this->body."\r\n\r\n";
298
299 $remoteFile->puts($request);
300
301 $inHeader = true;
302 $this->replyHeaders = array();
303 $this->replyBody = '';
304 $chunkLength = 0;
305 $bodyLength = 0;
306
307 $chunkedTransferRegex = new Regex('(^|,)[ \t]*chunked[ \t]*$', Regex::CASE_INSENSITIVE);
308 // read http response, until one of is true
309 // a) EOF is reached
310 // b) bodyLength is at least maxLength
311 // c) bodyLength is at least Content-Length
312 while (!(
313 $remoteFile->eof() ||
314 (isset($this->options['maxLength']) && $bodyLength >= $this->options['maxLength']) ||
315 (isset($this->replyHeaders['content-length']) && $bodyLength >= end($this->replyHeaders['content-length']))
316 )) {
317
318 if ($chunkLength) {
319 if (isset($this->options['maxLength'])) $chunkLength = min($chunkLength, $this->options['maxLength'] - $bodyLength);
320 $line = $remoteFile->read($chunkLength);
321 }
322 else if (!$inHeader && (!isset($this->replyHeaders['transfer-encoding']) || !$chunkedTransferRegex->match(end($this->replyHeaders['transfer-encoding'])))) {
323 $length = 1024;
324 if (isset($this->options['maxLength'])) $length = min($length, $this->options['maxLength'] - $bodyLength);
325 if (isset($this->replyHeaders['content-length'])) $length = min($length, end($this->replyHeaders['content-length']) - $bodyLength);
326
327 $line = $remoteFile->read($length);
328 }
329 else {
330 $line = $remoteFile->gets();
331 }
332
333 if ($inHeader) {
334 if (rtrim($line) === '') {
335 $inHeader = false;
336 $this->parseReplyHeaders();
337
338 continue;
339 }
340 $this->replyHeaders[] = $line;
341 }
342 else {
343 if (isset($this->replyHeaders['transfer-encoding']) && $chunkedTransferRegex->match(end($this->replyHeaders['transfer-encoding']))) {
344 // last chunk finished
345 if ($chunkLength === 0) {
346 // read hex data and trash chunk-extension
347 list($hex) = explode(';', $line, 2);
348 $chunkLength = hexdec($hex);
349
350 // $chunkLength === 0 -> no more data
351 if ($chunkLength === 0) {
352 // clear remaining response
353 while (!$remoteFile->gets(1024));
354
355 // remove chunked from transfer-encoding
356 $this->replyHeaders['transfer-encoding'] = array_filter(array_map(function ($element) use ($chunkedTransferRegex) {
357 return $chunkedTransferRegex->replace($element, '');
358 }, $this->replyHeaders['transfer-encoding']), 'trim');
359 if (empty($this->replyHeaders['transfer-encoding'])) unset($this->replyHeaders['transfer-encoding']);
360
361 // break out of main reading loop
362 break;
363 }
364 }
365 else {
366 $this->replyBody .= $line;
367 $chunkLength -= strlen($line);
368 $bodyLength += strlen($line);
369 if ($chunkLength === 0) $remoteFile->read(2); // CRLF
370 }
371 }
372 else {
373 $this->replyBody .= $line;
374 $bodyLength += strlen($line);
375 }
376 }
377 }
378
379 if (isset($this->options['maxLength'])) $this->replyBody = substr($this->replyBody, 0, $this->options['maxLength']);
380
381 $remoteFile->close();
382
383 $this->parseReply();
384 }
385
386 /**
387 * Parses the reply headers.
388 */
389 private function parseReplyHeaders() {
390 $headers = array();
391 $lastKey = '';
392 foreach ($this->replyHeaders as $header) {
393 if (strpos($header, ':') === false) {
394 $headers[trim($header)] = array(trim($header));
395 continue;
396 }
397
398 // 4.2 Header fields can be
399 // extended over multiple lines by preceding each extra line with at
400 // least one SP or HT.
401 if (ltrim($header, "\t ") !== $header) {
402 $headers[$lastKey][] = array_pop($headers[$lastKey]).' '.trim($header);
403 }
404 else {
405 list($key, $value) = explode(':', $header, 2);
406
407 $lastKey = $key;
408 if (!isset($headers[$key])) $headers[$key] = array();
409 $headers[$key][] = trim($value);
410 }
411 }
412 // 4.2 Field names are case-insensitive.
413 $this->replyHeaders = array_change_key_case($headers);
414 if (isset($this->replyHeaders['transfer-encoding'])) $this->replyHeaders['transfer-encoding'] = array(implode(',', $this->replyHeaders['transfer-encoding']));
415 $this->legacyHeaders = array_map('end', $headers);
416
417 // get status code
418 $statusLine = reset($this->replyHeaders);
419 $regex = new Regex('^HTTP/1.\d+ +(\d{3})');
420 if (!$regex->match($statusLine[0])) throw new SystemException("Unexpected status '".$statusLine."'");
421 $matches = $regex->getMatches();
422 $this->statusCode = $matches[1];
423 }
424
425 /**
426 * Parses the reply.
427 */
428 private function parseReply() {
429 // 4.4 Messages MUST NOT include both a Content-Length header field and a
430 // non-identity transfer-coding. If the message does include a non-
431 // identity transfer-coding, the Content-Length MUST be ignored.
432 if (isset($this->replyHeaders['content-length']) && (!isset($this->replyHeaders['transfer-encoding']) || strtolower(end($this->replyHeaders['transfer-encoding'])) !== 'identity') && !isset($this->options['maxLength'])) {
433 if (strlen($this->replyBody) != end($this->replyHeaders['content-length'])) {
434 throw new SystemException('Body length does not match length given in header');
435 }
436 }
437
438 // validate status code
439 switch ($this->statusCode) {
440 case '301':
441 case '302':
442 case '303':
443 case '307':
444 // redirect
445 if ($this->options['maxDepth'] <= 0) throw new SystemException("Received status code '".$this->statusCode."' from server, but recursion level is exhausted");
446
447 $newRequest = clone $this;
448 $newRequest->options['maxDepth']--;
449
450 // 10.3.4 The response to the request can be found under a different URI and SHOULD
451 // be retrieved using a GET method on that resource.
452 if ($this->statusCode == '303') {
453 $newRequest->options['method'] = 'GET';
454 $newRequest->postParameters = array();
455 $newRequest->addHeader('content-length', '');
456 $newRequest->addHeader('content-type', '');
457 }
458
459 try {
460 $newRequest->setURL(end($this->replyHeaders['location']));
461 }
462 catch (SystemException $e) {
463 throw new SystemException("Received 'Location: ".end($this->replyHeaders['location'])."' from server, which is invalid.", 0, $e);
464 }
465
466 try {
467 $newRequest->execute();
468
469 // update data with data from the inner request
470 $this->url = $newRequest->url;
471 $this->statusCode = $newRequest->statusCode;
472 $this->replyHeaders = $newRequest->replyHeaders;
473 $this->legacyHeaders = $newRequest->legacyHeaders;
474 $this->replyBody = $newRequest->replyBody;
475 }
476 catch (SystemException $e) {
477 // update data with data from the inner request
478 $this->url = $newRequest->url;
479 $this->statusCode = $newRequest->statusCode;
480 $this->replyHeaders = $newRequest->replyHeaders;
481 $this->legacyHeaders = $newRequest->legacyHeaders;
482 $this->replyBody = $newRequest->replyBody;
483
484 throw $e;
485 }
486
487 return;
488 break;
489
490 case '206':
491 // check, if partial content was expected
492 if (!isset($this->headers['range'])) {
493 throw new HTTPServerErrorException("Received unexpected status code '206' from server");
494 }
495 else if (!isset($this->replyHeaders['content-range'])) {
496 throw new HTTPServerErrorException("Content-Range is missing in reply header");
497 }
498 break;
499
500 case '401':
501 case '402':
502 case '403':
503 throw new HTTPUnauthorizedException("Received status code '".$this->statusCode."' from server");
504 break;
505
506 case '404':
507 throw new HTTPNotFoundException("Received status code '404' from server");
508 break;
509
510 default:
511 // 6.1.1 However, applications MUST
512 // understand the class of any status code, as indicated by the first
513 // digit, and treat any unrecognized response as being equivalent to the
514 // x00 status code of that class, with the exception that an
515 // unrecognized response MUST NOT be cached.
516 switch (substr($this->statusCode, 0, 1)) {
517 case '2': // 200 and unknown 2XX
518 case '3': // 300 and unknown 3XX
519 // we are fine
520 break;
521 case '5': // 500 and unknown 5XX
522 throw new HTTPServerErrorException("Received status code '".$this->statusCode."' from server");
523 break;
524 default:
525 throw new SystemException("Received unhandled status code '".$this->statusCode."' from server");
526 break;
527 }
528 break;
529 }
530 }
531
532 /**
533 * Returns an array with the replied data.
534 * Note that the 'headers' element is deprecated and may be removed in the future.
535 *
536 * @return array
537 */
538 public function getReply() {
539 return array(
540 'statusCode' => $this->statusCode,
541 'headers' => $this->legacyHeaders,
542 'httpHeaders' => $this->replyHeaders,
543 'body' => $this->replyBody,
544 'url' => $this->url
545 );
546 }
547
548 /**
549 * Sets options and applies default values when an option is omitted.
550 *
551 * @param array $options
552 */
553 private function setOptions(array $options) {
554 if (!isset($options['timeout'])) {
555 $options['timeout'] = 10;
556 }
557
558 if (!isset($options['method'])) {
559 $options['method'] = (!empty($this->postParameters) || !empty($this->files) ? 'POST' : 'GET');
560 }
561
562 if (!isset($options['maxDepth'])) {
563 $options['maxDepth'] = 2;
564 }
565
566 if (isset($options['auth'])) {
567 if (!isset($options['auth']['username'])) {
568 throw new SystemException('Username is missing in authentification data.');
569 }
570 if (!isset($options['auth']['password'])) {
571 throw new SystemException('Password is missing in authentification data.');
572 }
573 }
574
575 $this->options = $options;
576 }
577
578 /**
579 * Adds a header to this request.
580 * When an empty value is given existing headers of this name will be removed. When append
581 * is set to false existing values will be overwritten.
582 *
583 * @param string $name
584 * @param string $value
585 * @param boolean $append
586 */
587 public function addHeader($name, $value, $append = false) {
588 // 4.2 Field names are case-insensitive.
589 $name = strtolower($name);
590
591 if ($value === '') {
592 unset($this->headers[$name]);
593 return;
594 }
595
596 if ($append && isset($this->headers[$name])) {
597 $this->headers[$name][] = $value;
598 }
599 else {
600 $this->headers[$name] = array($value);
601 }
602 }
603
604 /**
605 * Resets reply data when cloning.
606 */
607 private function __clone() {
608 $this->replyHeaders = array();
609 $this->replyBody = '';
610 $this->statusCode = 0;
611 }
612 }
WoltLab Suite Core (previously WoltLab Community Framework)