| blob | f35f3f12792c0c66b953b9fcf848da285a8de590 |
1 <?php
3 /**
4 * @task data Accessing Request Data
5 * @task cookie Managing Cookies
6 * @task cluster Working With a Phabricator Cluster
7 */
10 // NOTE: These magic request-type parameters are automatically included in
11 // certain requests (e.g., by phabricator_form(), JX.Request,
12 // JX.Workflow, and ConduitClient) and help us figure out what sort of
13 // response the client expects.
38 }
43 }
47 }
51 }
53 /**
54 * Read line range parameter data from the request.
55 *
56 * Applications like Paste, Diffusion, and Harbormaster use "$12-14" in the
57 * URI to allow users to link to particular lines.
58 *
59 * @param string URI data key to pull line range information from.
60 * @param int|null Maximum length of the range.
61 * @return null|pair<int, int> Null, or beginning and end of the range.
62 */
66 }
71 }
78 // If either value is "0", discard the range.
80 }
82 }
84 // If the range is like "$10", treat it like "$10-10".
87 }
89 // If the range is "$7-5", treat it like "$5-7".
92 }
94 // If the user specified something like "$1-999999999" and we have a limit,
95 // clamp it to a more reasonable range.
99 }
100 }
103 }
109 }
113 }
118 }
122 }
125 // The "Host" header may include a port number, or may be a malicious
126 // header in the form "realdomain.com:ignored@evil.com". Invoke the full
127 // parser to extract the real domain correctly. See here for coverage of
128 // a similar issue in Django:
129 //
130 // https://www.djangoproject.com/weblog/2012/oct/17/security/
133 }
138 }
142 }
147 }
151 }
154 /* -( Accessing Request Data )--------------------------------------------- */
157 /**
158 * @task data
159 */
163 }
166 /**
167 * @task data
168 */
171 }
174 /**
175 * @task data
176 */
179 // Converting from array to int is "undefined". Don't rely on whatever
180 // PHP decides to do.
183 }
187 }
188 }
191 /**
192 * @task data
193 */
202 }
205 }
206 }
209 /**
210 * @task data
211 */
215 // Normalize newline craziness.
223 }
224 }
227 /**
228 * @task data
229 */
233 }
239 }
247 }
258 }
261 }
264 /**
265 * @task data
266 */
273 }
274 }
277 /**
278 * @task data
279 */
283 }
287 }
290 /**
291 * @task data
292 */
295 }
300 }
304 }
308 }
312 }
316 }
320 }
324 }
328 }
332 }
336 }
342 // No token in the request, check the HTTP header which is added for Ajax
343 // requests.
346 }
351 // Add some diagnostic details so we can figure out if some CSRF issues
352 // are JS problems or people accessing Ajax URIs directly with their
353 // browsers.
365 }
371 }
373 // Give a more detailed explanation of how to avoid the exception
374 // in developer mode.
376 // TODO: Clean this up, see T1921.
395 }
399 // This should only be able to happen if you load a form, pull your
400 // internet for 6 hours, and then reconnect and immediately submit,
401 // but give the user some indication of what happened since the workflow
402 // is incredibly confusing otherwise.
407 }
410 }
419 }
422 }
430 }
431 }
439 }
442 }
448 }
455 }
456 }
462 // Internally, PHP deletes cookies by setting them to the value 'deleted'
463 // with an expiration date in the past.
465 // At least in Safari, the browser may send this cookie anyway in some
466 // circumstances. After logging out, the 302'd GET to /login/ consistently
467 // includes deleted cookies on my local install. If a cookie value is
468 // literally 'deleted', pretend it does not exist.
472 }
475 }
480 }
482 /**
483 * Get the domain which cookies should be set on for this request, or null
484 * if the request does not correspond to a valid cookie domain.
485 *
486 * @return PhutilURI|null Domain URI, or null if no valid domain exists.
487 *
488 * @task cookie
489 */
494 }
498 // If there's no base domain configured, just use whatever the request
499 // domain is. This makes setup easier, and we'll tell administrators to
500 // configure a base domain during the setup process.
504 }
515 }
516 }
519 }
521 /**
522 * Determine if security policy rules will allow cookies to be set when
523 * responding to the request.
524 *
525 * @return bool True if setCookie() will succeed. If this method returns
526 * false, setCookie() will throw.
527 *
528 * @task cookie
529 */
532 }
535 /**
536 * Set a cookie which does not expire for a long time.
537 *
538 * To set a temporary cookie, see @{method:setTemporaryCookie}.
539 *
540 * @param string Cookie name.
541 * @param string Cookie value.
542 * @return this
543 * @task cookie
544 */
548 }
551 /**
552 * Set a cookie which expires soon.
553 *
554 * To set a durable cookie, see @{method:setCookie}.
555 *
556 * @param string Cookie name.
557 * @param string Cookie value.
558 * @return this
559 * @task cookie
560 */
563 }
566 /**
567 * Set a cookie with a given expiration policy.
568 *
569 * @param string Cookie name.
570 * @param string Cookie value.
571 * @param int Epoch timestamp for cookie expiration.
572 * @return this
573 * @task cookie
574 */
598 }
606 // Do nothing, to avoid triggering "Cannot modify header information"
607 // warnings.
609 // TODO: This is effectively a test for whether we're running in a unit
610 // test or not. Move this actual call to HTTPSink?
620 }
625 }
630 }
634 }
638 }
646 }
656 }
660 // If the request used a nonstandard port, preserve it while building the
661 // absolute URI.
663 // First, get the default port for the request protocol.
667 // NOTE: See note in getHost() about malicious "Host" headers. This
668 // construction defuses some obscure potential attacks.
674 }
677 }
681 }
688 }
691 }
696 }
699 }
701 }
705 }
709 }
711 /**
712 * Get application request parameters in a flattened form suitable for
713 * inclusion in an HTTP request, excluding parameters with special meanings.
714 * This is primarily useful if you want to ask the user for more input and
715 * then resubmit their request.
716 *
717 * @return dict<string, string> Original request parameters.
718 */
722 }
724 /**
725 * Get request data other than "magic" parameters.
726 *
727 * @return dict<string, wild> Request data, with magic filtered out.
728 */
732 // Remove magic parameters like __dialog__ and __ajax__.
736 }
739 }
740 }
743 }
746 /**
747 * Flatten an array of key-value pairs (possibly including arrays as values)
748 * into a list of key-value pairs suitable for submitting via HTTP request
749 * (with arrays flattened).
750 *
751 * @param dict<string, wild> Data to flatten.
752 * @return dict<string, string> Flat data suitable for inclusion in an HTTP
753 * request.
754 */
762 }
765 }
766 }
771 }
774 /**
775 * Read the value of an HTTP header from `$_SERVER`, or a similar datasource.
776 *
777 * This function accepts a canonical header name, like `"Accept-Encoding"`,
778 * and looks up the appropriate value in `$_SERVER` (in this case,
779 * `"HTTP_ACCEPT_ENCODING"`).
780 *
781 * @param string Canonical header name, like `"Accept-Encoding"`.
782 * @param wild Default value to return if header is not present.
783 * @param array? Read this instead of `$_SERVER`.
784 * @return string|wild Header value if present, or `$default` if not.
785 */
787 // PHP mangles HTTP headers by uppercasing them and replacing hyphens with
788 // underscores, then prepending 'HTTP_'.
796 // These headers may be available under alternate names. See
797 // http://www.php.net/manual/en/reserved.variables.server.php#110763
799 }
803 }
808 }
809 }
812 }
815 /* -( Working With a Phabricator Cluster )--------------------------------- */
818 /**
819 * Is this a proxied request originating from within the Phabricator cluster?
820 *
821 * IMPORTANT: This means the request is dangerous!
822 *
823 * These requests are **more dangerous** than normal requests (they can not
824 * be safely proxied, because proxying them may cause a loop). Cluster
825 * requests are not guaranteed to come from a trusted source, and should
826 * never be treated as safer than normal requests. They are strictly less
827 * safe.
828 */
831 }
834 /**
835 * Build a new @{class:HTTPSFuture} which proxies this request to another
836 * node in the cluster.
837 *
838 * IMPORTANT: This is very dangerous!
839 *
840 * The future forwards authentication information present in the request.
841 * Proxied requests must only be sent to trusted hosts. (We attempt to
842 * enforce this.)
843 *
844 * This is not a general-purpose proxying method; it is a specialized
845 * method with niche applications and severe security implications.
846 *
847 * @param string URI identifying the host we are proxying the request to.
848 * @return HTTPSFuture New proxy future.
849 *
850 * @phutil-external-symbol class PhabricatorStartup
851 */
862 }
872 }
878 }
892 }
897 // NOTE: apache_request_headers() might provide a nicer way to do this,
898 // but isn't available under FCGI until PHP 5.4.0.
902 }
904 // Unmangle the header as best we can.
911 // By default, do not forward headers.
914 // Forward "X-Hgarg-..." headers.
917 }
922 }
923 }
925 // In some situations, this may not be mapped into the HTTP_X constants.
926 // CONTENT_LENGTH is similarly affected, but we trust cURL to take care
927 // of that if it matters, since we're handing off a request body.
931 }
932 }
939 // Don't forward these headers, we've already handled them elsewhere.
944 }
945 }
950 }
953 }
962 }
964 }
968 }
970 }