nextcloud/lib/request.php

<?php
/**
 * Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl>
 * This file is licensed under the Affero General Public License version 3 or
 * later.
 * See the COPYING-README file.
 */

class OC_Request {
	/**
	 * @brief Check overwrite condition
	 * @returns bool
	 */
	private static function isOverwriteCondition($type = '') {
		$regex = '/' . OC_Config::getValue('overwritecondaddr', '')  . '/';
		return $regex === '//' or preg_match($regex, $_SERVER['REMOTE_ADDR']) === 1
			or ($type !== 'protocol' and OC_Config::getValue('forcessl', false));
	}

	/**
	 * @brief Returns the server host
	 * @returns string the server host
	 *
	 * Returns the server host, even if the website uses one or more
	 * reverse proxies
	 */
	public static function serverHost() {
		if(OC::$CLI) {
			return 'localhost';
		}
		if(OC_Config::getValue('overwritehost', '') !== '' and self::isOverwriteCondition()) {
			return OC_Config::getValue('overwritehost');
		}
		if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
			if (strpos($_SERVER['HTTP_X_FORWARDED_HOST'], ",") !== false) {
				$host = trim(array_pop(explode(",", $_SERVER['HTTP_X_FORWARDED_HOST'])));
			}
			else{
				$host=$_SERVER['HTTP_X_FORWARDED_HOST'];
			}
		}
		else{
			if (isset($_SERVER['HTTP_HOST'])) {
				return $_SERVER['HTTP_HOST'];
			}
			if (isset($_SERVER['SERVER_NAME'])) {
				return $_SERVER['SERVER_NAME'];
			}
			return 'localhost';
		}
		return $host;
	}


	/**
	* @brief Returns the server protocol
	* @returns string the server protocol
	*
	* Returns the server protocol. It respects reverse proxy servers and load balancers
	*/
	public static function serverProtocol() {
		if(OC_Config::getValue('overwriteprotocol', '') !== '' and self::isOverwriteCondition('protocol')) {
			return OC_Config::getValue('overwriteprotocol');
		}
		if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
			$proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']);
		}else{
			if(isset($_SERVER['HTTPS']) and !empty($_SERVER['HTTPS']) and ($_SERVER['HTTPS']!='off')) {
				$proto = 'https';
			}else{
				$proto = 'http';
			}
		}
		return $proto;
	}

	/**
	 * @brief Returns the request uri
	 * @returns string the request uri
	 *
	 * Returns the request uri, even if the website uses one or more
	 * reverse proxies
	 */
	public static function requestUri() {
		$uri = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';
		if (OC_Config::getValue('overwritewebroot', '') !== '' and self::isOverwriteCondition()) {
			$uri = self::scriptName() . substr($uri, strlen($_SERVER['SCRIPT_NAME']));
		}
		return $uri;
	}

	/**
	 * @brief Returns the script name
	 * @returns string the script name
	 *
	 * Returns the script name, even if the website uses one or more
	 * reverse proxies
	 */
	public static function scriptName() {
		$name = $_SERVER['SCRIPT_NAME'];
		if (OC_Config::getValue('overwritewebroot', '') !== '' and self::isOverwriteCondition()) {
			$serverroot = str_replace("\\", '/', substr(__DIR__, 0, -4));
			$suburi = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen($serverroot)));
			$name = OC_Config::getValue('overwritewebroot', '') . $suburi;
		}
		return $name;
	}

	/**
	 * @brief get Path info from request
	 * @returns string Path info or false when not found
	 */
	public static function getPathInfo() {
		if (array_key_exists('PATH_INFO', $_SERVER)) {
			$path_info = $_SERVER['PATH_INFO'];
		}else{
			$path_info = self::getRawPathInfo();
			// following is taken from Sabre_DAV_URLUtil::decodePathSegment
			$path_info = rawurldecode($path_info);
			$encoding = mb_detect_encoding($path_info, array('UTF-8', 'ISO-8859-1'));

			switch($encoding) {

				case 'ISO-8859-1' :
					$path_info = utf8_encode($path_info);

			}
			// end copy
		}
		return $path_info;
	}

	/**
	 * @brief get Path info from request, not urldecoded
	 * @returns string Path info or false when not found
	 */
	public static function getRawPathInfo() {
		$path_info = substr($_SERVER['REQUEST_URI'], strlen($_SERVER['SCRIPT_NAME']));
		// Remove the query string from REQUEST_URI
		if ($pos = strpos($path_info, '?')) {
			$path_info = substr($path_info, 0, $pos);
		}
		return $path_info;
	}

	/**
	 * @brief Check if this is a no-cache request
	 * @returns boolean true for no-cache
	 */
	static public function isNoCache() {
		if (!isset($_SERVER['HTTP_CACHE_CONTROL'])) {
			return false;
		}
		return $_SERVER['HTTP_CACHE_CONTROL'] == 'no-cache';
	}

	/**
	 * @brief Check if the requestor understands gzip
	 * @returns boolean true for gzip encoding supported
	 */
	static public function acceptGZip() {
		if (!isset($_SERVER['HTTP_ACCEPT_ENCODING'])) {
			return false;
		}
		$HTTP_ACCEPT_ENCODING = $_SERVER["HTTP_ACCEPT_ENCODING"];
		if( strpos($HTTP_ACCEPT_ENCODING, 'x-gzip') !== false )
			return 'x-gzip';
		else if( strpos($HTTP_ACCEPT_ENCODING, 'gzip') !== false )
			return 'gzip';
		return false;
	}

	/**
	 * @brief Check if the requester sent along an mtime
	 * @returns false or an mtime
	 */
	static public function hasModificationTime () {
		if (isset($_SERVER['HTTP_X_OC_MTIME'])) {
			return $_SERVER['HTTP_X_OC_MTIME'];
		} else {
			return false;
		}
	}
}
Cache the minimized output also on the server 2012-06-15 14:07:31 +04:00			`<?php`
			`/**`
			`* Copyright (c) 2012 Bart Visscher <bartv@thisnet.nl>`
			`* This file is licensed under the Affero General Public License version 3 or`
			`* later.`
			`* See the COPYING-README file.`
			`*/`

			`class OC_Request {`
add SSL proxy support Add support for a reverse proxy that only forwards SSL connections unencrypted to the web server. This patch allows to detect the reverse proxy via regular expression for the remote IP address and conditional overwrite the host name, protocol and web root. 2013-01-06 15:24:40 +04:00			`/**`
			`* @brief Check overwrite condition`
use $_SERVER['SERVER_NAME'] in case $_SERVER['HTTP_HOST'] is not set 2013-07-02 01:51:43 +04:00			`* @returns bool`
add SSL proxy support Add support for a reverse proxy that only forwards SSL connections unencrypted to the web server. This patch allows to detect the reverse proxy via regular expression for the remote IP address and conditional overwrite the host name, protocol and web root. 2013-01-06 15:24:40 +04:00			`*/`
Overwrite host and webroot when forcessl is enabled This patch enables the use of forcessl together with a multiple domains reverse SSL proxy (owncloud/core#1099) which have different hostname and webroot for http and https access. The code assumes that the ssl proxy (https) hostname and webroot is configured via overwritehost and overwritewebroot. 2013-02-23 15:58:06 +04:00			`private static function isOverwriteCondition($type = '') {`
add SSL proxy support Add support for a reverse proxy that only forwards SSL connections unencrypted to the web server. This patch allows to detect the reverse proxy via regular expression for the remote IP address and conditional overwrite the host name, protocol and web root. 2013-01-06 15:24:40 +04:00			`$regex = '/' . OC_Config::getValue('overwritecondaddr', '') . '/';`
Overwrite host and webroot when forcessl is enabled This patch enables the use of forcessl together with a multiple domains reverse SSL proxy (owncloud/core#1099) which have different hostname and webroot for http and https access. The code assumes that the ssl proxy (https) hostname and webroot is configured via overwritehost and overwritewebroot. 2013-02-23 15:58:06 +04:00			`return $regex === '//' or preg_match($regex, $_SERVER['REMOTE_ADDR']) === 1`
request.php: add type check to the not empty check of a string The not equal comparison (<>) of a variable with an empty string could lead to false positive results as the compare do not check the type and thereby could not make sure that the checked variable is a string. The usage of the not identical comparison operator (!==) make sure that the variable is a string and not empty. 2013-03-09 14:39:20 +04:00			`or ($type !== 'protocol' and OC_Config::getValue('forcessl', false));`
add SSL proxy support Add support for a reverse proxy that only forwards SSL connections unencrypted to the web server. This patch allows to detect the reverse proxy via regular expression for the remote IP address and conditional overwrite the host name, protocol and web root. 2013-01-06 15:24:40 +04:00			`}`

Move serverHost and serverProtocol functions to OC_Request 2012-08-07 00:16:45 +04:00			`/**`
			`* @brief Returns the server host`
in case $_SERVER['HTTP_HOST']) is not set let's return localhost - better than nothing 2013-06-17 02:02:42 +04:00			`* @returns string the server host`
Move serverHost and serverProtocol functions to OC_Request 2012-08-07 00:16:45 +04:00			`*`
			`* Returns the server host, even if the website uses one or more`
			`* reverse proxies`
			`*/`
			`public static function serverHost() {`
adding space between) and { 2012-09-07 17:22:01 +04:00			`if(OC::$CLI) {`
Move serverHost and serverProtocol functions to OC_Request 2012-08-07 00:16:45 +04:00			`return 'localhost';`
			`}`
request.php: add type check to the not empty check of a string The not equal comparison (<>) of a variable with an empty string could lead to false positive results as the compare do not check the type and thereby could not make sure that the checked variable is a string. The usage of the not identical comparison operator (!==) make sure that the variable is a string and not empty. 2013-03-09 14:39:20 +04:00			`if(OC_Config::getValue('overwritehost', '') !== '' and self::isOverwriteCondition()) {`
Whitespace cleanup 2013-01-14 23:30:39 +04:00			`return OC_Config::getValue('overwritehost');`
make it possible to manually override the hostname and protocol if the automatic detection from ownCloud fails. This can happen in reverse proxy situations or with loadbalancers setups. 2012-11-22 22:22:00 +04:00			`}`
Move serverHost and serverProtocol functions to OC_Request 2012-08-07 00:16:45 +04:00			`if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {`
			`if (strpos($_SERVER['HTTP_X_FORWARDED_HOST'], ",") !== false) {`
			`$host = trim(array_pop(explode(",", $_SERVER['HTTP_X_FORWARDED_HOST'])));`
			`}`
			`else{`
			`$host=$_SERVER['HTTP_X_FORWARDED_HOST'];`
			`}`
			`}`
			`else{`
use $_SERVER['SERVER_NAME'] in case $_SERVER['HTTP_HOST'] is not set 2013-07-02 01:51:43 +04:00			`if (isset($_SERVER['HTTP_HOST'])) {`
			`return $_SERVER['HTTP_HOST'];`
			`}`
			`if (isset($_SERVER['SERVER_NAME'])) {`
			`return $_SERVER['SERVER_NAME'];`
			`}`
			`return 'localhost';`
Move serverHost and serverProtocol functions to OC_Request 2012-08-07 00:16:45 +04:00			`}`
			`return $host;`
			`}`


			`/**`
			`* @brief Returns the server protocol`
in case $_SERVER['HTTP_HOST']) is not set let's return localhost - better than nothing 2013-06-17 02:02:42 +04:00			`* @returns string the server protocol`
Move serverHost and serverProtocol functions to OC_Request 2012-08-07 00:16:45 +04:00			`*`
			`* Returns the server protocol. It respects reverse proxy servers and load balancers`
			`*/`
			`public static function serverProtocol() {`
request.php: add type check to the not empty check of a string The not equal comparison (<>) of a variable with an empty string could lead to false positive results as the compare do not check the type and thereby could not make sure that the checked variable is a string. The usage of the not identical comparison operator (!==) make sure that the variable is a string and not empty. 2013-03-09 14:39:20 +04:00			`if(OC_Config::getValue('overwriteprotocol', '') !== '' and self::isOverwriteCondition('protocol')) {`
Whitespace cleanup 2013-01-14 23:30:39 +04:00			`return OC_Config::getValue('overwriteprotocol');`
make it possible to manually override the hostname and protocol if the automatic detection from ownCloud fails. This can happen in reverse proxy situations or with loadbalancers setups. 2012-11-22 22:22:00 +04:00			`}`
Move serverHost and serverProtocol functions to OC_Request 2012-08-07 00:16:45 +04:00			`if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {`
			`$proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']);`
			`}else{`
			`if(isset($_SERVER['HTTPS']) and !empty($_SERVER['HTTPS']) and ($_SERVER['HTTPS']!='off')) {`
			`$proto = 'https';`
			`}else{`
			`$proto = 'http';`
			`}`
			`}`
Remove () from return statement 2012-09-04 10:18:28 +04:00			`return $proto;`
Move serverHost and serverProtocol functions to OC_Request 2012-08-07 00:16:45 +04:00			`}`

add multiple domains reverse proxy support Add support for a reverse proxy that handles multiple domains via different web roots (http[s]://proxy.tld/domain.tld/owncloud). As the reverse proxy web root is transparent for the web server the REQUEST_URI and SCRIPT_NAME need manual adjustments. This patch replace the direct use of this _SERVER variables with function calls and extend this functions to overwrite the web root. Additionally it adds a Sabre request backend that extends the Sabre_HTTP_Request to use the same functions. 2012-09-09 14:54:47 +04:00			`/**`
			`* @brief Returns the request uri`
in case $_SERVER['HTTP_HOST']) is not set let's return localhost - better than nothing 2013-06-17 02:02:42 +04:00			`* @returns string the request uri`
add multiple domains reverse proxy support Add support for a reverse proxy that handles multiple domains via different web roots (http[s]://proxy.tld/domain.tld/owncloud). As the reverse proxy web root is transparent for the web server the REQUEST_URI and SCRIPT_NAME need manual adjustments. This patch replace the direct use of this _SERVER variables with function calls and extend this functions to overwrite the web root. Additionally it adds a Sabre request backend that extends the Sabre_HTTP_Request to use the same functions. 2012-09-09 14:54:47 +04:00			`*`
			`* Returns the request uri, even if the website uses one or more`
			`* reverse proxies`
			`*/`
			`public static function requestUri() {`
			`$uri = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';`
request.php: add type check to the not empty check of a string The not equal comparison (<>) of a variable with an empty string could lead to false positive results as the compare do not check the type and thereby could not make sure that the checked variable is a string. The usage of the not identical comparison operator (!==) make sure that the variable is a string and not empty. 2013-03-09 14:39:20 +04:00			`if (OC_Config::getValue('overwritewebroot', '') !== '' and self::isOverwriteCondition()) {`
add multiple domains reverse proxy support Add support for a reverse proxy that handles multiple domains via different web roots (http[s]://proxy.tld/domain.tld/owncloud). As the reverse proxy web root is transparent for the web server the REQUEST_URI and SCRIPT_NAME need manual adjustments. This patch replace the direct use of this _SERVER variables with function calls and extend this functions to overwrite the web root. Additionally it adds a Sabre request backend that extends the Sabre_HTTP_Request to use the same functions. 2012-09-09 14:54:47 +04:00			`$uri = self::scriptName() . substr($uri, strlen($_SERVER['SCRIPT_NAME']));`
			`}`
			`return $uri;`
			`}`

			`/**`
			`* @brief Returns the script name`
in case $_SERVER['HTTP_HOST']) is not set let's return localhost - better than nothing 2013-06-17 02:02:42 +04:00			`* @returns string the script name`
add multiple domains reverse proxy support Add support for a reverse proxy that handles multiple domains via different web roots (http[s]://proxy.tld/domain.tld/owncloud). As the reverse proxy web root is transparent for the web server the REQUEST_URI and SCRIPT_NAME need manual adjustments. This patch replace the direct use of this _SERVER variables with function calls and extend this functions to overwrite the web root. Additionally it adds a Sabre request backend that extends the Sabre_HTTP_Request to use the same functions. 2012-09-09 14:54:47 +04:00			`*`
			`* Returns the script name, even if the website uses one or more`
			`* reverse proxies`
			`*/`
			`public static function scriptName() {`
			`$name = $_SERVER['SCRIPT_NAME'];`
request.php: add type check to the not empty check of a string The not equal comparison (<>) of a variable with an empty string could lead to false positive results as the compare do not check the type and thereby could not make sure that the checked variable is a string. The usage of the not identical comparison operator (!==) make sure that the variable is a string and not empty. 2013-03-09 14:39:20 +04:00			`if (OC_Config::getValue('overwritewebroot', '') !== '' and self::isOverwriteCondition()) {`
add multiple domains reverse proxy support Add support for a reverse proxy that handles multiple domains via different web roots (http[s]://proxy.tld/domain.tld/owncloud). As the reverse proxy web root is transparent for the web server the REQUEST_URI and SCRIPT_NAME need manual adjustments. This patch replace the direct use of this _SERVER variables with function calls and extend this functions to overwrite the web root. Additionally it adds a Sabre request backend that extends the Sabre_HTTP_Request to use the same functions. 2012-09-09 14:54:47 +04:00			`$serverroot = str_replace("\\", '/', substr(__DIR__, 0, -4));`
			`$suburi = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen($serverroot)));`
			`$name = OC_Config::getValue('overwritewebroot', '') . $suburi;`
			`}`
			`return $name;`
			`}`

Move getting the path info to OC_Request 2012-08-07 22:33:25 +04:00			`/**`
			`* @brief get Path info from request`
			`* @returns string Path info or false when not found`
			`*/`
			`public static function getPathInfo() {`
adding space between) and { 2012-09-07 17:22:01 +04:00			`if (array_key_exists('PATH_INFO', $_SERVER)) {`
Move getting the path info to OC_Request 2012-08-07 22:33:25 +04:00			`$path_info = $_SERVER['PATH_INFO'];`
			`}else{`
Use the plain urlencoded path info for the routing matching 2013-02-28 00:38:58 +04:00			`$path_info = self::getRawPathInfo();`
Decode the alternative path_info 2012-08-07 22:42:54 +04:00			`// following is taken from Sabre_DAV_URLUtil::decodePathSegment`
			`$path_info = rawurldecode($path_info);`
Checkstyle fixes: NoSpaceAfterComma 2012-11-04 14:10:46 +04:00			`$encoding = mb_detect_encoding($path_info, array('UTF-8', 'ISO-8859-1'));`
Decode the alternative path_info 2012-08-07 22:42:54 +04:00
			`switch($encoding) {`

Whitespace indent fixes 2013-02-10 01:44:11 +04:00			`case 'ISO-8859-1' :`
			`$path_info = utf8_encode($path_info);`
Decode the alternative path_info 2012-08-07 22:42:54 +04:00
			`}`
			`// end copy`
Move getting the path info to OC_Request 2012-08-07 22:33:25 +04:00			`}`
			`return $path_info;`
			`}`

Use the plain urlencoded path info for the routing matching 2013-02-28 00:38:58 +04:00			`/**`
			`* @brief get Path info from request, not urldecoded`
			`* @returns string Path info or false when not found`
			`*/`
			`public static function getRawPathInfo() {`
			`$path_info = substr($_SERVER['REQUEST_URI'], strlen($_SERVER['SCRIPT_NAME']));`
			`// Remove the query string from REQUEST_URI`
			`if ($pos = strpos($path_info, '?')) {`
			`$path_info = substr($path_info, 0, $pos);`
			`}`
			`return $path_info;`
			`}`

Add comments the other functions in OC_Request 2012-08-07 00:17:10 +04:00			`/**`
			`* @brief Check if this is a no-cache request`
in case $_SERVER['HTTP_HOST']) is not set let's return localhost - better than nothing 2013-06-17 02:02:42 +04:00			`* @returns boolean true for no-cache`
Add comments the other functions in OC_Request 2012-08-07 00:17:10 +04:00			`*/`
Cache the minimized output also on the server 2012-06-15 14:07:31 +04:00			`static public function isNoCache() {`
			`if (!isset($_SERVER['HTTP_CACHE_CONTROL'])) {`
			`return false;`
			`}`
			`return $_SERVER['HTTP_CACHE_CONTROL'] == 'no-cache';`
			`}`

Add comments the other functions in OC_Request 2012-08-07 00:17:10 +04:00			`/**`
			`* @brief Check if the requestor understands gzip`
in case $_SERVER['HTTP_HOST']) is not set let's return localhost - better than nothing 2013-06-17 02:02:42 +04:00			`* @returns boolean true for gzip encoding supported`
Add comments the other functions in OC_Request 2012-08-07 00:17:10 +04:00			`*/`
Cache the minimized output also on the server 2012-06-15 14:07:31 +04:00			`static public function acceptGZip() {`
Fix errors for minimizer 2012-06-18 13:33:24 +04:00			`if (!isset($_SERVER['HTTP_ACCEPT_ENCODING'])) {`
			`return false;`
			`}`
Cache the minimized output also on the server 2012-06-15 14:07:31 +04:00			`$HTTP_ACCEPT_ENCODING = $_SERVER["HTTP_ACCEPT_ENCODING"];`
			`if( strpos($HTTP_ACCEPT_ENCODING, 'x-gzip') !== false )`
			`return 'x-gzip';`
Checkstyle fixes: NoSpaceAfterComma 2012-11-04 14:10:46 +04:00			`else if( strpos($HTTP_ACCEPT_ENCODING, 'gzip') !== false )`
Cache the minimized output also on the server 2012-06-15 14:07:31 +04:00			`return 'gzip';`
			`return false;`
			`}`
Whitespace fixes 2013-02-22 20:21:57 +04:00
add a custom header clients can use to skip a n additional propset request 2013-02-10 14:05:43 +04:00			`/**`
			`* @brief Check if the requester sent along an mtime`
			`* @returns false or an mtime`
			`*/`
			`static public function hasModificationTime () {`
			`if (isset($_SERVER['HTTP_X_OC_MTIME'])) {`
			`return $_SERVER['HTTP_X_OC_MTIME'];`
			`} else {`
			`return false;`
			`}`
			`}`
Cache the minimized output also on the server 2012-06-15 14:07:31 +04:00			`}`