Permalink
Cannot retrieve contributors at this time
Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upGitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
| <?php | |
| /* | |
| * This file is part of the Symfony package. | |
| * | |
| * (c) Fabien Potencier <fabien@symfony.com> | |
| * | |
| * For the full copyright and license information, please view the LICENSE | |
| * file that was distributed with this source code. | |
| */ | |
| namespace Symfony\Component\HttpKernel\EventListener; | |
| use Symfony\Component\HttpFoundation\Request; | |
| use Symfony\Component\HttpKernel\Event\GetResponseEvent; | |
| use Symfony\Component\HttpKernel\KernelEvents; | |
| use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; | |
| use Symfony\Component\HttpKernel\UriSigner; | |
| use Symfony\Component\EventDispatcher\EventSubscriberInterface; | |
| /** | |
| * Handles content fragments represented by special URIs. | |
| * | |
| * All URL paths starting with /_fragment are handled as | |
| * content fragments by this listener. | |
| * | |
| * If throws an AccessDeniedHttpException exception if the request | |
| * is not signed or if it is not an internal sub-request. | |
| * | |
| * @author Fabien Potencier <fabien@symfony.com> | |
| */ | |
| class FragmentListener implements EventSubscriberInterface | |
| { | |
| private $signer; | |
| private $fragmentPath; | |
| /** | |
| * Constructor. | |
| * | |
| * @param UriSigner $signer A UriSigner instance | |
| * @param string $fragmentPath The path that triggers this listener | |
| */ | |
| public function __construct(UriSigner $signer, $fragmentPath = '/_fragment') | |
| { | |
| $this->signer = $signer; | |
| $this->fragmentPath = $fragmentPath; | |
| } | |
| /** | |
| * Fixes request attributes when the path is '/_fragment'. | |
| * | |
| * @param GetResponseEvent $event A GetResponseEvent instance | |
| * | |
| * @throws AccessDeniedHttpException if the request does not come from a trusted IP. | |
| */ | |
| public function onKernelRequest(GetResponseEvent $event) | |
| { | |
| $request = $event->getRequest(); | |
| if ($this->fragmentPath !== rawurldecode($request->getPathInfo())) { | |
| return; | |
| } | |
| if ($request->attributes->has('_controller')) { | |
| // Is a sub-request: no need to parse _path but it should still be removed from query parameters as below. | |
| $request->query->remove('_path'); | |
| return; | |
| } | |
| if ($event->isMasterRequest()) { | |
| $this->validateRequest($request); | |
| } | |
| parse_str($request->query->get('_path', ''), $attributes); | |
| $request->attributes->add($attributes); | |
| $request->attributes->set('_route_params', array_replace($request->attributes->get('_route_params', array()), $attributes)); | |
| $request->query->remove('_path'); | |
| } | |
| protected function validateRequest(Request $request) | |
| { | |
| // is the Request safe? | |
| if (!$request->isMethodSafe()) { | |
| throw new AccessDeniedHttpException(); | |
| } | |
| // is the Request signed? | |
| // we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering) | |
| if ($this->signer->check($request->getSchemeAndHttpHost().$request->getBaseUrl().$request->getPathInfo().(null !== ($qs = $request->server->get('QUERY_STRING')) ? '?'.$qs : ''))) { | |
| return; | |
| } | |
| throw new AccessDeniedHttpException(); | |
| } | |
| public static function getSubscribedEvents() | |
| { | |
| return array( | |
| KernelEvents::REQUEST => array(array('onKernelRequest', 48)), | |
| ); | |
| } | |
| } |