| 1 |
efrain |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
namespace PhpXmlRpc\Helper;
|
|
|
4 |
|
|
|
5 |
use PhpXmlRpc\Exception\HttpException;
|
|
|
6 |
use PhpXmlRpc\PhpXmlRpc;
|
|
|
7 |
use PhpXmlRpc\Traits\LoggerAware;
|
|
|
8 |
|
|
|
9 |
class Http
|
|
|
10 |
{
|
|
|
11 |
use LoggerAware;
|
|
|
12 |
|
|
|
13 |
/**
|
|
|
14 |
* Decode a string that is encoded with "chunked" transfer encoding as defined in rfc2068 par. 19.4.6.
|
|
|
15 |
* Code shamelessly stolen from nusoap library by Dietrich Ayala.
|
|
|
16 |
* @internal this function will become protected in the future
|
|
|
17 |
*
|
|
|
18 |
* @param string $buffer the string to be decoded
|
|
|
19 |
* @return string
|
|
|
20 |
*/
|
|
|
21 |
public static function decodeChunked($buffer)
|
|
|
22 |
{
|
|
|
23 |
// length := 0
|
|
|
24 |
$length = 0;
|
|
|
25 |
$new = '';
|
|
|
26 |
|
|
|
27 |
// read chunk-size, chunk-extension (if any) and crlf
|
|
|
28 |
// get the position of the linebreak
|
|
|
29 |
$chunkEnd = strpos($buffer, "\r\n") + 2;
|
|
|
30 |
$temp = substr($buffer, 0, $chunkEnd);
|
|
|
31 |
$chunkSize = hexdec(trim($temp));
|
|
|
32 |
$chunkStart = $chunkEnd;
|
|
|
33 |
while ($chunkSize > 0) {
|
|
|
34 |
$chunkEnd = strpos($buffer, "\r\n", $chunkStart + $chunkSize);
|
|
|
35 |
|
|
|
36 |
// just in case we got a broken connection
|
|
|
37 |
if ($chunkEnd == false) {
|
|
|
38 |
$chunk = substr($buffer, $chunkStart);
|
|
|
39 |
// append chunk-data to entity-body
|
|
|
40 |
$new .= $chunk;
|
|
|
41 |
$length += strlen($chunk);
|
|
|
42 |
break;
|
|
|
43 |
}
|
|
|
44 |
|
|
|
45 |
// read chunk-data and crlf
|
|
|
46 |
$chunk = substr($buffer, $chunkStart, $chunkEnd - $chunkStart);
|
|
|
47 |
// append chunk-data to entity-body
|
|
|
48 |
$new .= $chunk;
|
|
|
49 |
// length := length + chunk-size
|
|
|
50 |
$length += strlen($chunk);
|
|
|
51 |
// read chunk-size and crlf
|
|
|
52 |
$chunkStart = $chunkEnd + 2;
|
|
|
53 |
|
|
|
54 |
$chunkEnd = strpos($buffer, "\r\n", $chunkStart) + 2;
|
|
|
55 |
if ($chunkEnd == false) {
|
|
|
56 |
break; // just in case we got a broken connection
|
|
|
57 |
}
|
|
|
58 |
$temp = substr($buffer, $chunkStart, $chunkEnd - $chunkStart);
|
|
|
59 |
$chunkSize = hexdec(trim($temp));
|
|
|
60 |
$chunkStart = $chunkEnd;
|
|
|
61 |
}
|
|
|
62 |
|
|
|
63 |
return $new;
|
|
|
64 |
}
|
|
|
65 |
|
|
|
66 |
/**
|
|
|
67 |
* Parses HTTP an http response's headers and separates them from the body.
|
|
|
68 |
*
|
|
|
69 |
* @param string $data the http response, headers and body. It will be stripped of headers
|
|
|
70 |
* @param bool $headersProcessed when true, we assume that response inflating and dechunking has been already carried out
|
|
|
71 |
* @param int $debug when > 0, logs to screen messages detailing info about the parsed data
|
|
|
72 |
* @return array with keys 'headers', 'cookies', 'raw_data' and 'status_code'
|
|
|
73 |
* @throws HttpException
|
|
|
74 |
*
|
|
|
75 |
* @todo if $debug is < 0, we could avoid populating 'raw_data' and 'headers' in the returned value - but that would
|
|
|
76 |
* be a weird API...
|
|
|
77 |
*/
|
|
|
78 |
public function parseResponseHeaders(&$data, $headersProcessed = false, $debug = 0)
|
|
|
79 |
{
|
|
|
80 |
$httpResponse = array('raw_data' => $data, 'headers'=> array(), 'cookies' => array(), 'status_code' => null);
|
|
|
81 |
|
|
|
82 |
// Support "web-proxy-tunnelling" connections for https through proxies
|
|
|
83 |
if (preg_match('/^HTTP\/1\.[0-1] 200 Connection established/', $data)) {
|
|
|
84 |
// Look for CR/LF or simple LF as line separator (even though it is not valid http)
|
|
|
85 |
$pos = strpos($data, "\r\n\r\n");
|
|
|
86 |
if ($pos || is_int($pos)) {
|
|
|
87 |
$bd = $pos + 4;
|
|
|
88 |
} else {
|
|
|
89 |
$pos = strpos($data, "\n\n");
|
|
|
90 |
if ($pos || is_int($pos)) {
|
|
|
91 |
$bd = $pos + 2;
|
|
|
92 |
} else {
|
|
|
93 |
// No separation between response headers and body: fault?
|
|
|
94 |
$bd = 0;
|
|
|
95 |
}
|
|
|
96 |
}
|
|
|
97 |
if ($bd) {
|
|
|
98 |
// this filters out all http headers from proxy. maybe we could take them into account, too?
|
|
|
99 |
$data = substr($data, $bd);
|
|
|
100 |
} else {
|
|
|
101 |
$this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': HTTPS via proxy error, tunnel connection possibly failed');
|
|
|
102 |
throw new HttpException(PhpXmlRpc::$xmlrpcstr['http_error'] . ' (HTTPS via proxy error, tunnel connection possibly failed)', PhpXmlRpc::$xmlrpcerr['http_error']);
|
|
|
103 |
}
|
|
|
104 |
}
|
|
|
105 |
|
|
|
106 |
// Strip HTTP 1.1 100 Continue header if present
|
|
|
107 |
while (preg_match('/^HTTP\/1\.1 1[0-9]{2} /', $data)) {
|
|
|
108 |
$pos = strpos($data, 'HTTP', 12);
|
|
|
109 |
// server sent a Continue header without any (valid) content following...
|
|
|
110 |
// give the client a chance to know it
|
|
|
111 |
if (!$pos && !is_int($pos)) {
|
|
|
112 |
/// @todo this construct works fine in php 3, 4 and 5 - 8; would it not be enough to have !== false now ?
|
|
|
113 |
|
|
|
114 |
break;
|
|
|
115 |
}
|
|
|
116 |
$data = substr($data, $pos);
|
|
|
117 |
}
|
|
|
118 |
|
|
|
119 |
// When using Curl to query servers using Digest Auth, we get back a double set of http headers.
|
|
|
120 |
// Same when following redirects
|
|
|
121 |
// We strip out the 1st...
|
|
|
122 |
/// @todo we should let the caller know that there was a redirect involved
|
|
|
123 |
if ($headersProcessed && preg_match('/^HTTP\/[0-9](?:\.[0-9])? (?:401|30[1278]) /', $data)) {
|
|
|
124 |
if (preg_match('/(\r?\n){2}HTTP\/[0-9](?:\.[0-9])? 200 /', $data)) {
|
|
|
125 |
$data = preg_replace('/^HTTP\/[0-9](?:\.[0-9])? (?:401|30[1278]) .+?(?:\r?\n){2}(HTTP\/[0-9.]+ 200 )/s', '$1', $data, 1);
|
|
|
126 |
}
|
|
|
127 |
}
|
|
|
128 |
|
|
|
129 |
if (preg_match('/^HTTP\/([0-9](?:\.[0-9])?) ([0-9]{3}) /', $data, $matches)) {
|
|
|
130 |
$httpResponse['protocol_version'] = $matches[1];
|
|
|
131 |
$httpResponse['status_code'] = $matches[2];
|
|
|
132 |
}
|
|
|
133 |
|
|
|
134 |
if ($httpResponse['status_code'] !== '200') {
|
|
|
135 |
$errstr = substr($data, 0, strpos($data, "\n") - 1);
|
|
|
136 |
$this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': HTTP error, got response: ' . $errstr);
|
|
|
137 |
throw new HttpException(PhpXmlRpc::$xmlrpcstr['http_error'] . ' (' . $errstr . ')', PhpXmlRpc::$xmlrpcerr['http_error'], null, $httpResponse['status_code']);
|
|
|
138 |
}
|
|
|
139 |
|
|
|
140 |
// be tolerant to usage of \n instead of \r\n to separate headers and data (even though it is not valid http)
|
|
|
141 |
$pos = strpos($data, "\r\n\r\n");
|
|
|
142 |
if ($pos || is_int($pos)) {
|
|
|
143 |
$bd = $pos + 4;
|
|
|
144 |
} else {
|
|
|
145 |
$pos = strpos($data, "\n\n");
|
|
|
146 |
if ($pos || is_int($pos)) {
|
|
|
147 |
$bd = $pos + 2;
|
|
|
148 |
} else {
|
|
|
149 |
// No separation between response headers and body: fault?
|
|
|
150 |
// we could take some action here instead of going on...
|
|
|
151 |
$bd = 0;
|
|
|
152 |
}
|
|
|
153 |
}
|
|
|
154 |
|
|
|
155 |
// be tolerant to line endings, and extra empty lines
|
|
|
156 |
$ar = preg_split("/\r?\n/", trim(substr($data, 0, $pos)));
|
|
|
157 |
|
|
|
158 |
foreach ($ar as $line) {
|
|
|
159 |
// take care of (multi-line) headers and cookies
|
|
|
160 |
$arr = explode(':', $line, 2);
|
|
|
161 |
if (count($arr) > 1) {
|
|
|
162 |
/// @todo according to https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4, we should reject with error
|
|
|
163 |
/// 400 any messages where a space is present between the header name and colon
|
|
|
164 |
$headerName = strtolower(trim($arr[0]));
|
|
|
165 |
if ($headerName == 'set-cookie') {
|
|
|
166 |
$cookie = $arr[1];
|
|
|
167 |
// glue together all received cookies, using a comma to separate them (same as php does with getallheaders())
|
|
|
168 |
if (isset($httpResponse['headers'][$headerName])) {
|
|
|
169 |
$httpResponse['headers'][$headerName] .= ', ' . trim($cookie);
|
|
|
170 |
} else {
|
|
|
171 |
$httpResponse['headers'][$headerName] = trim($cookie);
|
|
|
172 |
}
|
|
|
173 |
// parse cookie attributes, in case user wants to correctly honour them
|
|
|
174 |
// @todo support for server sending multiple time cookie with same name, but using different PATHs
|
|
|
175 |
$cookie = explode(';', $cookie);
|
|
|
176 |
foreach ($cookie as $pos => $val) {
|
|
|
177 |
$val = explode('=', $val, 2);
|
|
|
178 |
$tag = trim($val[0]);
|
|
|
179 |
$val = isset($val[1]) ? trim($val[1]) : '';
|
|
|
180 |
if ($pos === 0) {
|
|
|
181 |
$cookieName = $tag;
|
|
|
182 |
// if present, we have strip leading and trailing " chars from $val
|
|
|
183 |
if (preg_match('/^"(.*)"$/', $val, $matches)) {
|
|
|
184 |
$val = $matches[1];
|
|
|
185 |
}
|
|
|
186 |
$httpResponse['cookies'][$cookieName] = array('value' => urldecode($val));
|
|
|
187 |
} else {
|
|
|
188 |
$httpResponse['cookies'][$cookieName][$tag] = $val;
|
|
|
189 |
}
|
|
|
190 |
}
|
|
|
191 |
} else {
|
|
|
192 |
/// @todo some other headers (the ones that allow a CSV list of values) do allow many values to be
|
|
|
193 |
/// passed using multiple header lines.
|
|
|
194 |
/// We should add content to $xmlrpc->_xh['headers'][$headerName] instead of replacing it for those...
|
|
|
195 |
$httpResponse['headers'][$headerName] = trim($arr[1]);
|
|
|
196 |
}
|
|
|
197 |
} elseif (isset($headerName)) {
|
|
|
198 |
/// @todo improve this: 1. check that the line starts with a space or tab; 2. according to
|
|
|
199 |
/// https://www.rfc-editor.org/rfc/rfc7230#section-3.2.4, we should flat out refuse these messages
|
|
|
200 |
$httpResponse['headers'][$headerName] .= ' ' . trim($line);
|
|
|
201 |
}
|
|
|
202 |
}
|
|
|
203 |
|
|
|
204 |
$data = substr($data, $bd);
|
|
|
205 |
|
|
|
206 |
if ($debug && count($httpResponse['headers'])) {
|
|
|
207 |
$msg = '';
|
|
|
208 |
foreach ($httpResponse['headers'] as $header => $value) {
|
|
|
209 |
$msg .= "HEADER: $header: $value\n";
|
|
|
210 |
}
|
|
|
211 |
foreach ($httpResponse['cookies'] as $header => $value) {
|
|
|
212 |
$msg .= "COOKIE: $header={$value['value']}\n";
|
|
|
213 |
}
|
|
|
214 |
$this->getLogger()->debug($msg);
|
|
|
215 |
}
|
|
|
216 |
|
|
|
217 |
// if CURL was used for the call, http headers have been processed, and dechunking + reinflating have been carried out
|
|
|
218 |
if (!$headersProcessed) {
|
|
|
219 |
|
|
|
220 |
// Decode chunked encoding sent by http 1.1 servers
|
|
|
221 |
if (isset($httpResponse['headers']['transfer-encoding']) && $httpResponse['headers']['transfer-encoding'] == 'chunked') {
|
|
|
222 |
if (!$data = static::decodeChunked($data)) {
|
|
|
223 |
$this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': errors occurred when trying to rebuild the chunked data received from server');
|
|
|
224 |
throw new HttpException(PhpXmlRpc::$xmlrpcstr['dechunk_fail'], PhpXmlRpc::$xmlrpcerr['dechunk_fail'], null, $httpResponse['status_code']);
|
|
|
225 |
}
|
|
|
226 |
}
|
|
|
227 |
|
|
|
228 |
// Decode gzip-compressed stuff
|
|
|
229 |
// code shamelessly inspired from nusoap library by Dietrich Ayala
|
|
|
230 |
if (isset($httpResponse['headers']['content-encoding'])) {
|
|
|
231 |
$httpResponse['headers']['content-encoding'] = str_replace('x-', '', $httpResponse['headers']['content-encoding']);
|
|
|
232 |
if ($httpResponse['headers']['content-encoding'] == 'deflate' || $httpResponse['headers']['content-encoding'] == 'gzip') {
|
|
|
233 |
// if decoding works, use it. else assume data wasn't gzencoded
|
|
|
234 |
if (function_exists('gzinflate')) {
|
|
|
235 |
if ($httpResponse['headers']['content-encoding'] == 'deflate' && $degzdata = @gzuncompress($data)) {
|
|
|
236 |
$data = $degzdata;
|
|
|
237 |
if ($debug) {
|
|
|
238 |
$this->getLogger()->debug("---INFLATED RESPONSE---[" . strlen($data) . " chars]---\n$data\n---END---");
|
|
|
239 |
}
|
|
|
240 |
} elseif ($httpResponse['headers']['content-encoding'] == 'gzip' && $degzdata = @gzinflate(substr($data, 10))) {
|
|
|
241 |
$data = $degzdata;
|
|
|
242 |
if ($debug) {
|
|
|
243 |
$this->getLogger()->debug("---INFLATED RESPONSE---[" . strlen($data) . " chars]---\n$data\n---END---");
|
|
|
244 |
}
|
|
|
245 |
} else {
|
|
|
246 |
$this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': errors occurred when trying to decode the deflated data received from server');
|
|
|
247 |
throw new HttpException(PhpXmlRpc::$xmlrpcstr['decompress_fail'], PhpXmlRpc::$xmlrpcerr['decompress_fail'], null, $httpResponse['status_code']);
|
|
|
248 |
}
|
|
|
249 |
} else {
|
|
|
250 |
$this->getLogger()->error('XML-RPC: ' . __METHOD__ . ': the server sent deflated data. Your php install must have the Zlib extension compiled in to support this.');
|
|
|
251 |
throw new HttpException(PhpXmlRpc::$xmlrpcstr['cannot_decompress'], PhpXmlRpc::$xmlrpcerr['cannot_decompress'], null, $httpResponse['status_code']);
|
|
|
252 |
}
|
|
|
253 |
}
|
|
|
254 |
}
|
|
|
255 |
} // end of 'if needed, de-chunk, re-inflate response'
|
|
|
256 |
|
|
|
257 |
return $httpResponse;
|
|
|
258 |
}
|
|
|
259 |
|
|
|
260 |
/**
|
|
|
261 |
* Parses one of the http headers which can have a list of values with quality param.
|
|
|
262 |
* @see https://www.rfc-editor.org/rfc/rfc7231#section-5.3.1
|
|
|
263 |
*
|
|
|
264 |
* @param string $header
|
|
|
265 |
* @return string[]
|
|
|
266 |
*/
|
|
|
267 |
public function parseAcceptHeader($header)
|
|
|
268 |
{
|
|
|
269 |
$accepted = array();
|
|
|
270 |
foreach(explode(',', $header) as $c) {
|
|
|
271 |
if (preg_match('/^([^;]+); *q=([0-9.]+)/', $c, $matches)) {
|
|
|
272 |
$c = $matches[1];
|
|
|
273 |
$w = $matches[2];
|
|
|
274 |
} else {
|
|
|
275 |
$c = preg_replace('/;.*/', '', $c);
|
|
|
276 |
$w = 1;
|
|
|
277 |
}
|
|
|
278 |
$accepted[(trim($c))] = $w;
|
|
|
279 |
}
|
|
|
280 |
arsort($accepted);
|
|
|
281 |
return array_keys($accepted);
|
|
|
282 |
}
|
|
|
283 |
}
|