* All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * The names of the authors may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * @category HTTP * @package HTTP_Request2 * @author Alexey Borzov * @license http://opensource.org/licenses/bsd-license.php New BSD License * @version SVN: $Id: Exception.php 308629 2011-02-24 17:34:24Z avb $ * @link http://pear.php.net/package/HTTP_Request2 */ /** * Base class for exceptions in PEAR */ /** * Base exception class for HTTP_Request2 package * * @category HTTP * @package HTTP_Request2 * @version Release: 2.0.0 * @link http://pear.php.net/pepr/pepr-proposal-show.php?id=132 */ class HTTP_Request2_Exception extends PEAR_Exception { /** An invalid argument was passed to a method */ const INVALID_ARGUMENT = 1; /** Some required value was not available */ const MISSING_VALUE = 2; /** Request cannot be processed due to errors in PHP configuration */ const MISCONFIGURATION = 3; /** Error reading the local file */ const READ_ERROR = 4; /** Server returned a response that does not conform to HTTP protocol */ const MALFORMED_RESPONSE = 10; /** Failure decoding Content-Encoding or Transfer-Encoding of response */ const DECODE_ERROR = 20; /** Operation timed out */ const TIMEOUT = 30; /** Number of redirects exceeded 'max_redirects' configuration parameter */ const TOO_MANY_REDIRECTS = 40; /** Redirect to a protocol other than http(s):// */ const NON_HTTP_REDIRECT = 50; /** * Native error code * @var int */ private $_nativeCode; /** * Constructor, can set package error code and native error code * * @param string exception message * @param int package error code, one of class constants * @param int error code from underlying PHP extension */ public function __construct($message = null, $code = null, $nativeCode = null) { parent::__construct($message, $code); $this->_nativeCode = $nativeCode; } /** * Returns error code produced by underlying PHP extension * * For Socket Adapter this may contain error number returned by * stream_socket_client(), for Curl Adapter this will contain error number * returned by curl_errno() * * @return integer */ public function getNativeCode() { return $this->_nativeCode; } } /** * Exception thrown in case of missing features * * @category HTTP * @package HTTP_Request2 * @version Release: 2.0.0 */ class HTTP_Request2_NotImplementedException extends HTTP_Request2_Exception {} /** * Exception that represents error in the program logic * * This exception usually implies a programmer's error, like passing invalid * data to methods or trying to use PHP extensions that weren't installed or * enabled. Usually exceptions of this kind will be thrown before request even * starts. * * The exception will usually contain a package error code. * * @category HTTP * @package HTTP_Request2 * @version Release: 2.0.0 */ class HTTP_Request2_LogicException extends HTTP_Request2_Exception {} /** * Exception thrown when connection to a web or proxy server fails * * The exception will not contain a package error code, but will contain * native error code, as returned by stream_socket_client() or curl_errno(). * * @category HTTP * @package HTTP_Request2 * @version Release: 2.0.0 */ class HTTP_Request2_ConnectionException extends HTTP_Request2_Exception {} /** * Exception thrown when sending or receiving HTTP message fails * * The exception may contain both package error code and native error code. * * @category HTTP * @package HTTP_Request2 * @version Release: 2.0.0 */ class HTTP_Request2_MessageException extends HTTP_Request2_Exception {} /** * Socket-based adapter for HTTP_Request2 * * PHP version 5 * * LICENSE: * * Copyright (c) 2008-2011, Alexey Borzov * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * The names of the authors may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * @category HTTP * @package HTTP_Request2 * @author Alexey Borzov * @license http://opensource.org/licenses/bsd-license.php New BSD License * @version SVN: $Id: Socket.php 309921 2011-04-03 16:43:02Z avb $ * @link http://pear.php.net/package/HTTP_Request2 */ /** * Base class for HTTP_Request2 adapters */ /** * Socket-based adapter for HTTP_Request2 * * This adapter uses only PHP sockets and will work on almost any PHP * environment. Code is based on original HTTP_Request PEAR package. * * @category HTTP * @package HTTP_Request2 * @author Alexey Borzov * @version Release: 2.0.0 */ class HTTP_Request2_Adapter_Socket extends HTTP_Request2_Adapter { /** * Regular expression for 'token' rule from RFC 2616 */ const REGEXP_TOKEN = '[^\x00-\x1f\x7f-\xff()<>@,;:\\\\"/\[\]?={}\s]+'; /** * Regular expression for 'quoted-string' rule from RFC 2616 */ const REGEXP_QUOTED_STRING = '"(?:\\\\.|[^\\\\"])*"'; /** * Connected sockets, needed for Keep-Alive support * @var array * @see connect() */ protected static $sockets = array(); /** * Data for digest authentication scheme * * The keys for the array are URL prefixes. * * The values are associative arrays with data (realm, nonce, nonce-count, * opaque...) needed for digest authentication. Stored here to prevent making * duplicate requests to digest-protected resources after we have already * received the challenge. * * @var array */ protected static $challenges = array(); /** * Connected socket * @var resource * @see connect() */ protected $socket; /** * Challenge used for server digest authentication * @var array */ protected $serverChallenge; /** * Challenge used for proxy digest authentication * @var array */ protected $proxyChallenge; /** * Sum of start time and global timeout, exception will be thrown if request continues past this time * @var integer */ protected $deadline = null; /** * Remaining length of the current chunk, when reading chunked response * @var integer * @see readChunked() */ protected $chunkLength = 0; /** * Remaining amount of redirections to follow * * Starts at 'max_redirects' configuration parameter and is reduced on each * subsequent redirect. An Exception will be thrown once it reaches zero. * * @var integer */ protected $redirectCountdown = null; /** * Sends request to the remote server and returns its response * * @param HTTP_Request2 * @return HTTP_Request2_Response * @throws HTTP_Request2_Exception */ public function sendRequest(HTTP_Request2 $request) { $this->request = $request; // Use global request timeout if given, see feature requests #5735, #8964 if ($timeout = $request->getConfig('timeout')) { $this->deadline = time() + $timeout; } else { $this->deadline = null; } try { $keepAlive = $this->connect(); $headers = $this->prepareHeaders(); if (false === @fwrite($this->socket, $headers, strlen($headers))) { throw new HTTP_Request2_MessageException('Error writing request'); } // provide request headers to the observer, see request #7633 $this->request->setLastEvent('sentHeaders', $headers); $this->writeBody(); if ($this->deadline && time() > $this->deadline) { throw new HTTP_Request2_MessageException( 'Request timed out after ' . $request->getConfig('timeout') . ' second(s)', HTTP_Request2_Exception::TIMEOUT ); } $response = $this->readResponse(); if ($jar = $request->getCookieJar()) { $jar->addCookiesFromResponse($response, $request->getUrl()); } if (!$this->canKeepAlive($keepAlive, $response)) { $this->disconnect(); } if ($this->shouldUseProxyDigestAuth($response)) { return $this->sendRequest($request); } if ($this->shouldUseServerDigestAuth($response)) { return $this->sendRequest($request); } if ($authInfo = $response->getHeader('authentication-info')) { $this->updateChallenge($this->serverChallenge, $authInfo); } if ($proxyInfo = $response->getHeader('proxy-authentication-info')) { $this->updateChallenge($this->proxyChallenge, $proxyInfo); } } catch (Exception $e) { $this->disconnect(); } unset($this->request, $this->requestBody); if (!empty($e)) { $this->redirectCountdown = null; throw $e; } if (!$request->getConfig('follow_redirects') || !$response->isRedirect()) { $this->redirectCountdown = null; return $response; } else { return $this->handleRedirect($request, $response); } } /** * Connects to the remote server * * @return bool whether the connection can be persistent * @throws HTTP_Request2_Exception */ protected function connect() { $secure = 0 == strcasecmp($this->request->getUrl()->getScheme(), 'https'); $tunnel = HTTP_Request2::METHOD_CONNECT == $this->request->getMethod(); $headers = $this->request->getHeaders(); $reqHost = $this->request->getUrl()->getHost(); if (!($reqPort = $this->request->getUrl()->getPort())) { $reqPort = $secure? 443: 80; } if ($host = $this->request->getConfig('proxy_host')) { if (!($port = $this->request->getConfig('proxy_port'))) { throw new HTTP_Request2_LogicException( 'Proxy port not provided', HTTP_Request2_Exception::MISSING_VALUE ); } $proxy = true; } else { $host = $reqHost; $port = $reqPort; $proxy = false; } if ($tunnel && !$proxy) { throw new HTTP_Request2_LogicException( "Trying to perform CONNECT request without proxy", HTTP_Request2_Exception::MISSING_VALUE ); } if ($secure && !in_array('ssl', stream_get_transports())) { throw new HTTP_Request2_LogicException( 'Need OpenSSL support for https:// requests', HTTP_Request2_Exception::MISCONFIGURATION ); } // RFC 2068, section 19.7.1: A client MUST NOT send the Keep-Alive // connection token to a proxy server... if ($proxy && !$secure && !empty($headers['connection']) && 'Keep-Alive' == $headers['connection'] ) { $this->request->setHeader('connection'); } $keepAlive = ('1.1' == $this->request->getConfig('protocol_version') && empty($headers['connection'])) || (!empty($headers['connection']) && 'Keep-Alive' == $headers['connection']); $host = ((!$secure || $proxy)? 'tcp://': 'ssl://') . $host; $options = array(); if ($secure || $tunnel) { foreach ($this->request->getConfig() as $name => $value) { if ('ssl_' == substr($name, 0, 4) && null !== $value) { if ('ssl_verify_host' == $name) { if ($value) { $options['CN_match'] = $reqHost; } } else { $options[substr($name, 4)] = $value; } } } ksort($options); } // Changing SSL context options after connection is established does *not* // work, we need a new connection if options change $remote = $host . ':' . $port; $socketKey = $remote . (($secure && $proxy)? "->{$reqHost}:{$reqPort}": '') . (empty($options)? '': ':' . serialize($options)); unset($this->socket); // We use persistent connections and have a connected socket? // Ensure that the socket is still connected, see bug #16149 if ($keepAlive && !empty(self::$sockets[$socketKey]) && !feof(self::$sockets[$socketKey]) ) { $this->socket =& self::$sockets[$socketKey]; } elseif ($secure && $proxy && !$tunnel) { $this->establishTunnel(); $this->request->setLastEvent( 'connect', "ssl://{$reqHost}:{$reqPort} via {$host}:{$port}" ); self::$sockets[$socketKey] =& $this->socket; } else { // Set SSL context options if doing HTTPS request or creating a tunnel $context = stream_context_create(); foreach ($options as $name => $value) { if (!stream_context_set_option($context, 'ssl', $name, $value)) { throw new HTTP_Request2_LogicException( "Error setting SSL context option '{$name}'" ); } } $track = @ini_set('track_errors', 1); $this->socket = @stream_socket_client( $remote, $errno, $errstr, $this->request->getConfig('connect_timeout'), STREAM_CLIENT_CONNECT, $context ); if (!$this->socket) { $e = new HTTP_Request2_ConnectionException( "Unable to connect to {$remote}. Error: " . (empty($errstr)? $php_errormsg: $errstr), 0, $errno ); } @ini_set('track_errors', $track); if (isset($e)) { throw $e; } $this->request->setLastEvent('connect', $remote); self::$sockets[$socketKey] =& $this->socket; } return $keepAlive; } /** * Establishes a tunnel to a secure remote server via HTTP CONNECT request * * This method will fail if 'ssl_verify_peer' is enabled. Probably because PHP * sees that we are connected to a proxy server (duh!) rather than the server * that presents its certificate. * * @link http://tools.ietf.org/html/rfc2817#section-5.2 * @throws HTTP_Request2_Exception */ protected function establishTunnel() { $donor = new self; $connect = new HTTP_Request2( $this->request->getUrl(), HTTP_Request2::METHOD_CONNECT, array_merge($this->request->getConfig(), array('adapter' => $donor)) ); $response = $connect->send(); // Need any successful (2XX) response if (200 > $response->getStatus() || 300 <= $response->getStatus()) { throw new HTTP_Request2_ConnectionException( 'Failed to connect via HTTPS proxy. Proxy response: ' . $response->getStatus() . ' ' . $response->getReasonPhrase() ); } $this->socket = $donor->socket; $modes = array( STREAM_CRYPTO_METHOD_TLS_CLIENT, STREAM_CRYPTO_METHOD_SSLv3_CLIENT, STREAM_CRYPTO_METHOD_SSLv23_CLIENT, STREAM_CRYPTO_METHOD_SSLv2_CLIENT ); foreach ($modes as $mode) { if (stream_socket_enable_crypto($this->socket, true, $mode)) { return; } } throw new HTTP_Request2_ConnectionException( 'Failed to enable secure connection when connecting through proxy' ); } /** * Checks whether current connection may be reused or should be closed * * @param boolean whether connection could be persistent * in the first place * @param HTTP_Request2_Response response object to check * @return boolean */ protected function canKeepAlive($requestKeepAlive, HTTP_Request2_Response $response) { // Do not close socket on successful CONNECT request if (HTTP_Request2::METHOD_CONNECT == $this->request->getMethod() && 200 <= $response->getStatus() && 300 > $response->getStatus() ) { return true; } $lengthKnown = 'chunked' == strtolower($response->getHeader('transfer-encoding')) || null !== $response->getHeader('content-length') // no body possible for such responses, see also request #17031 || HTTP_Request2::METHOD_HEAD == $this->request->getMethod() || in_array($response->getStatus(), array(204, 304)); $persistent = 'keep-alive' == strtolower($response->getHeader('connection')) || (null === $response->getHeader('connection') && '1.1' == $response->getVersion()); return $requestKeepAlive && $lengthKnown && $persistent; } /** * Disconnects from the remote server */ protected function disconnect() { if (is_resource($this->socket)) { fclose($this->socket); $this->socket = null; $this->request->setLastEvent('disconnect'); } } /** * Handles HTTP redirection * * This method will throw an Exception if redirect to a non-HTTP(S) location * is attempted, also if number of redirects performed already is equal to * 'max_redirects' configuration parameter. * * @param HTTP_Request2 Original request * @param HTTP_Request2_Response Response containing redirect * @return HTTP_Request2_Response Response from a new location * @throws HTTP_Request2_Exception */ protected function handleRedirect(HTTP_Request2 $request, HTTP_Request2_Response $response) { if (is_null($this->redirectCountdown)) { $this->redirectCountdown = $request->getConfig('max_redirects'); } if (0 == $this->redirectCountdown) { $this->redirectCountdown = null; // Copying cURL behaviour throw new HTTP_Request2_MessageException ( 'Maximum (' . $request->getConfig('max_redirects') . ') redirects followed', HTTP_Request2_Exception::TOO_MANY_REDIRECTS ); } $redirectUrl = new Net_URL2( $response->getHeader('location'), array(Net_URL2::OPTION_USE_BRACKETS => $request->getConfig('use_brackets')) ); // refuse non-HTTP redirect if ($redirectUrl->isAbsolute() && !in_array($redirectUrl->getScheme(), array('http', 'https')) ) { $this->redirectCountdown = null; throw new HTTP_Request2_MessageException( 'Refusing to redirect to a non-HTTP URL ' . $redirectUrl->__toString(), HTTP_Request2_Exception::NON_HTTP_REDIRECT ); } // Theoretically URL should be absolute (see http://tools.ietf.org/html/rfc2616#section-14.30), // but in practice it is often not if (!$redirectUrl->isAbsolute()) { $redirectUrl = $request->getUrl()->resolve($redirectUrl); } $redirect = clone $request; $redirect->setUrl($redirectUrl); if (303 == $response->getStatus() || (!$request->getConfig('strict_redirects') && in_array($response->getStatus(), array(301, 302))) ) { $redirect->setMethod(HTTP_Request2::METHOD_GET); $redirect->setBody(''); } if (0 < $this->redirectCountdown) { $this->redirectCountdown--; } return $this->sendRequest($redirect); } /** * Checks whether another request should be performed with server digest auth * * Several conditions should be satisfied for it to return true: * - response status should be 401 * - auth credentials should be set in the request object * - response should contain WWW-Authenticate header with digest challenge * - there is either no challenge stored for this URL or new challenge * contains stale=true parameter (in other case we probably just failed * due to invalid username / password) * * The method stores challenge values in $challenges static property * * @param HTTP_Request2_Response response to check * @return boolean whether another request should be performed * @throws HTTP_Request2_Exception in case of unsupported challenge parameters */ protected function shouldUseServerDigestAuth(HTTP_Request2_Response $response) { // no sense repeating a request if we don't have credentials if (401 != $response->getStatus() || !$this->request->getAuth()) { return false; } if (!$challenge = $this->parseDigestChallenge($response->getHeader('www-authenticate'))) { return false; } $url = $this->request->getUrl(); $scheme = $url->getScheme(); $host = $scheme . '://' . $url->getHost(); if ($port = $url->getPort()) { if ((0 == strcasecmp($scheme, 'http') && 80 != $port) || (0 == strcasecmp($scheme, 'https') && 443 != $port) ) { $host .= ':' . $port; } } if (!empty($challenge['domain'])) { $prefixes = array(); foreach (preg_split('/\\s+/', $challenge['domain']) as $prefix) { // don't bother with different servers if ('/' == substr($prefix, 0, 1)) { $prefixes[] = $host . $prefix; } } } if (empty($prefixes)) { $prefixes = array($host . '/'); } $ret = true; foreach ($prefixes as $prefix) { if (!empty(self::$challenges[$prefix]) && (empty($challenge['stale']) || strcasecmp('true', $challenge['stale'])) ) { // probably credentials are invalid $ret = false; } self::$challenges[$prefix] =& $challenge; } return $ret; } /** * Checks whether another request should be performed with proxy digest auth * * Several conditions should be satisfied for it to return true: * - response status should be 407 * - proxy auth credentials should be set in the request object * - response should contain Proxy-Authenticate header with digest challenge * - there is either no challenge stored for this proxy or new challenge * contains stale=true parameter (in other case we probably just failed * due to invalid username / password) * * The method stores challenge values in $challenges static property * * @param HTTP_Request2_Response response to check * @return boolean whether another request should be performed * @throws HTTP_Request2_Exception in case of unsupported challenge parameters */ protected function shouldUseProxyDigestAuth(HTTP_Request2_Response $response) { if (407 != $response->getStatus() || !$this->request->getConfig('proxy_user')) { return false; } if (!($challenge = $this->parseDigestChallenge($response->getHeader('proxy-authenticate')))) { return false; } $key = 'proxy://' . $this->request->getConfig('proxy_host') . ':' . $this->request->getConfig('proxy_port'); if (!empty(self::$challenges[$key]) && (empty($challenge['stale']) || strcasecmp('true', $challenge['stale'])) ) { $ret = false; } else { $ret = true; } self::$challenges[$key] = $challenge; return $ret; } /** * Extracts digest method challenge from (WWW|Proxy)-Authenticate header value * * There is a problem with implementation of RFC 2617: several of the parameters * are defined as quoted-string there and thus may contain backslash escaped * double quotes (RFC 2616, section 2.2). However, RFC 2617 defines unq(X) as * just value of quoted-string X without surrounding quotes, it doesn't speak * about removing backslash escaping. * * Now realm parameter is user-defined and human-readable, strange things * happen when it contains quotes: * - Apache allows quotes in realm, but apparently uses realm value without * backslashes for digest computation * - Squid allows (manually escaped) quotes there, but it is impossible to * authorize with either escaped or unescaped quotes used in digest, * probably it can't parse the response (?) * - Both IE and Firefox display realm value with backslashes in * the password popup and apparently use the same value for digest * * HTTP_Request2 follows IE and Firefox (and hopefully RFC 2617) in * quoted-string handling, unfortunately that means failure to authorize * sometimes * * @param string value of WWW-Authenticate or Proxy-Authenticate header * @return mixed associative array with challenge parameters, false if * no challenge is present in header value * @throws HTTP_Request2_NotImplementedException in case of unsupported challenge parameters */ protected function parseDigestChallenge($headerValue) { $authParam = '(' . self::REGEXP_TOKEN . ')\\s*=\\s*(' . self::REGEXP_TOKEN . '|' . self::REGEXP_QUOTED_STRING . ')'; $challenge = "!(?<=^|\\s|,)Digest ({$authParam}\\s*(,\\s*|$))+!"; if (!preg_match($challenge, $headerValue, $matches)) { return false; } preg_match_all('!' . $authParam . '!', $matches[0], $params); $paramsAry = array(); $knownParams = array('realm', 'domain', 'nonce', 'opaque', 'stale', 'algorithm', 'qop'); for ($i = 0; $i < count($params[0]); $i++) { // section 3.2.1: Any unrecognized directive MUST be ignored. if (in_array($params[1][$i], $knownParams)) { if ('"' == substr($params[2][$i], 0, 1)) { $paramsAry[$params[1][$i]] = substr($params[2][$i], 1, -1); } else { $paramsAry[$params[1][$i]] = $params[2][$i]; } } } // we only support qop=auth if (!empty($paramsAry['qop']) && !in_array('auth', array_map('trim', explode(',', $paramsAry['qop']))) ) { throw new HTTP_Request2_NotImplementedException( "Only 'auth' qop is currently supported in digest authentication, " . "server requested '{$paramsAry['qop']}'" ); } // we only support algorithm=MD5 if (!empty($paramsAry['algorithm']) && 'MD5' != $paramsAry['algorithm']) { throw new HTTP_Request2_NotImplementedException( "Only 'MD5' algorithm is currently supported in digest authentication, " . "server requested '{$paramsAry['algorithm']}'" ); } return $paramsAry; } /** * Parses [Proxy-]Authentication-Info header value and updates challenge * * @param array challenge to update * @param string value of [Proxy-]Authentication-Info header * @todo validate server rspauth response */ protected function updateChallenge(&$challenge, $headerValue) { $authParam = '!(' . self::REGEXP_TOKEN . ')\\s*=\\s*(' . self::REGEXP_TOKEN . '|' . self::REGEXP_QUOTED_STRING . ')!'; $paramsAry = array(); preg_match_all($authParam, $headerValue, $params); for ($i = 0; $i < count($params[0]); $i++) { if ('"' == substr($params[2][$i], 0, 1)) { $paramsAry[$params[1][$i]] = substr($params[2][$i], 1, -1); } else { $paramsAry[$params[1][$i]] = $params[2][$i]; } } // for now, just update the nonce value if (!empty($paramsAry['nextnonce'])) { $challenge['nonce'] = $paramsAry['nextnonce']; $challenge['nc'] = 1; } } /** * Creates a value for [Proxy-]Authorization header when using digest authentication * * @param string user name * @param string password * @param string request URL * @param array digest challenge parameters * @return string value of [Proxy-]Authorization request header * @link http://tools.ietf.org/html/rfc2617#section-3.2.2 */ protected function createDigestResponse($user, $password, $url, &$challenge) { if (false !== ($q = strpos($url, '?')) && $this->request->getConfig('digest_compat_ie') ) { $url = substr($url, 0, $q); } $a1 = md5($user . ':' . $challenge['realm'] . ':' . $password); $a2 = md5($this->request->getMethod() . ':' . $url); if (empty($challenge['qop'])) { $digest = md5($a1 . ':' . $challenge['nonce'] . ':' . $a2); } else { $challenge['cnonce'] = 'Req2.' . rand(); if (empty($challenge['nc'])) { $challenge['nc'] = 1; } $nc = sprintf('%08x', $challenge['nc']++); $digest = md5($a1 . ':' . $challenge['nonce'] . ':' . $nc . ':' . $challenge['cnonce'] . ':auth:' . $a2); } return 'Digest username="' . str_replace(array('\\', '"'), array('\\\\', '\\"'), $user) . '", ' . 'realm="' . $challenge['realm'] . '", ' . 'nonce="' . $challenge['nonce'] . '", ' . 'uri="' . $url . '", ' . 'response="' . $digest . '"' . (!empty($challenge['opaque'])? ', opaque="' . $challenge['opaque'] . '"': '') . (!empty($challenge['qop'])? ', qop="auth", nc=' . $nc . ', cnonce="' . $challenge['cnonce'] . '"': ''); } /** * Adds 'Authorization' header (if needed) to request headers array * * @param array request headers * @param string request host (needed for digest authentication) * @param string request URL (needed for digest authentication) * @throws HTTP_Request2_NotImplementedException */ protected function addAuthorizationHeader(&$headers, $requestHost, $requestUrl) { if (!($auth = $this->request->getAuth())) { return; } switch ($auth['scheme']) { case HTTP_Request2::AUTH_BASIC: $headers['authorization'] = 'Basic ' . base64_encode($auth['user'] . ':' . $auth['password']); break; case HTTP_Request2::AUTH_DIGEST: unset($this->serverChallenge); $fullUrl = ('/' == $requestUrl[0])? $this->request->getUrl()->getScheme() . '://' . $requestHost . $requestUrl: $requestUrl; foreach (array_keys(self::$challenges) as $key) { if ($key == substr($fullUrl, 0, strlen($key))) { $headers['authorization'] = $this->createDigestResponse( $auth['user'], $auth['password'], $requestUrl, self::$challenges[$key] ); $this->serverChallenge =& self::$challenges[$key]; break; } } break; default: throw new HTTP_Request2_NotImplementedException( "Unknown HTTP authentication scheme '{$auth['scheme']}'" ); } } /** * Adds 'Proxy-Authorization' header (if needed) to request headers array * * @param array request headers * @param string request URL (needed for digest authentication) * @throws HTTP_Request2_NotImplementedException */ protected function addProxyAuthorizationHeader(&$headers, $requestUrl) { if (!$this->request->getConfig('proxy_host') || !($user = $this->request->getConfig('proxy_user')) || (0 == strcasecmp('https', $this->request->getUrl()->getScheme()) && HTTP_Request2::METHOD_CONNECT != $this->request->getMethod()) ) { return; } $password = $this->request->getConfig('proxy_password'); switch ($this->request->getConfig('proxy_auth_scheme')) { case HTTP_Request2::AUTH_BASIC: $headers['proxy-authorization'] = 'Basic ' . base64_encode($user . ':' . $password); break; case HTTP_Request2::AUTH_DIGEST: unset($this->proxyChallenge); $proxyUrl = 'proxy://' . $this->request->getConfig('proxy_host') . ':' . $this->request->getConfig('proxy_port'); if (!empty(self::$challenges[$proxyUrl])) { $headers['proxy-authorization'] = $this->createDigestResponse( $user, $password, $requestUrl, self::$challenges[$proxyUrl] ); $this->proxyChallenge =& self::$challenges[$proxyUrl]; } break; default: throw new HTTP_Request2_NotImplementedException( "Unknown HTTP authentication scheme '" . $this->request->getConfig('proxy_auth_scheme') . "'" ); } } /** * Creates the string with the Request-Line and request headers * * @return string * @throws HTTP_Request2_Exception */ protected function prepareHeaders() { $headers = $this->request->getHeaders(); $url = $this->request->getUrl(); $connect = HTTP_Request2::METHOD_CONNECT == $this->request->getMethod(); $host = $url->getHost(); $defaultPort = 0 == strcasecmp($url->getScheme(), 'https')? 443: 80; if (($port = $url->getPort()) && $port != $defaultPort || $connect) { $host .= ':' . (empty($port)? $defaultPort: $port); } // Do not overwrite explicitly set 'Host' header, see bug #16146 if (!isset($headers['host'])) { $headers['host'] = $host; } if ($connect) { $requestUrl = $host; } else { if (!$this->request->getConfig('proxy_host') || 0 == strcasecmp($url->getScheme(), 'https') ) { $requestUrl = ''; } else { $requestUrl = $url->getScheme() . '://' . $host; } $path = $url->getPath(); $query = $url->getQuery(); $requestUrl .= (empty($path)? '/': $path) . (empty($query)? '': '?' . $query); } if ('1.1' == $this->request->getConfig('protocol_version') && extension_loaded('zlib') && !isset($headers['accept-encoding']) ) { $headers['accept-encoding'] = 'gzip, deflate'; } if (($jar = $this->request->getCookieJar()) && ($cookies = $jar->getMatching($this->request->getUrl(), true)) ) { $headers['cookie'] = (empty($headers['cookie'])? '': $headers['cookie'] . '; ') . $cookies; } $this->addAuthorizationHeader($headers, $host, $requestUrl); $this->addProxyAuthorizationHeader($headers, $requestUrl); $this->calculateRequestLength($headers); $headersStr = $this->request->getMethod() . ' ' . $requestUrl . ' HTTP/' . $this->request->getConfig('protocol_version') . "\r\n"; foreach ($headers as $name => $value) { $canonicalName = implode('-', array_map('ucfirst', explode('-', $name))); $headersStr .= $canonicalName . ': ' . $value . "\r\n"; } return $headersStr . "\r\n"; } /** * Sends the request body * * @throws HTTP_Request2_MessageException */ protected function writeBody() { if (in_array($this->request->getMethod(), self::$bodyDisallowed) || 0 == $this->contentLength ) { return; } $position = 0; $bufferSize = $this->request->getConfig('buffer_size'); while ($position < $this->contentLength) { if (is_string($this->requestBody)) { $str = substr($this->requestBody, $position, $bufferSize); } elseif (is_resource($this->requestBody)) { $str = fread($this->requestBody, $bufferSize); } else { $str = $this->requestBody->read($bufferSize); } if (false === @fwrite($this->socket, $str, strlen($str))) { throw new HTTP_Request2_MessageException('Error writing request'); } // Provide the length of written string to the observer, request #7630 $this->request->setLastEvent('sentBodyPart', strlen($str)); $position += strlen($str); } $this->request->setLastEvent('sentBody', $this->contentLength); } /** * Reads the remote server's response * * @return HTTP_Request2_Response * @throws HTTP_Request2_Exception */ protected function readResponse() { $bufferSize = $this->request->getConfig('buffer_size'); do { $response = new HTTP_Request2_Response( $this->readLine($bufferSize), true, $this->request->getUrl() ); do { $headerLine = $this->readLine($bufferSize); $response->parseHeaderLine($headerLine); } while ('' != $headerLine); } while (in_array($response->getStatus(), array(100, 101))); $this->request->setLastEvent('receivedHeaders', $response); // No body possible in such responses if (HTTP_Request2::METHOD_HEAD == $this->request->getMethod() || (HTTP_Request2::METHOD_CONNECT == $this->request->getMethod() && 200 <= $response->getStatus() && 300 > $response->getStatus()) || in_array($response->getStatus(), array(204, 304)) ) { return $response; } $chunked = 'chunked' == $response->getHeader('transfer-encoding'); $length = $response->getHeader('content-length'); $hasBody = false; if ($chunked || null === $length || 0 < intval($length)) { // RFC 2616, section 4.4: // 3. ... If a message is received with both a // Transfer-Encoding header field and a Content-Length header field, // the latter MUST be ignored. $toRead = ($chunked || null === $length)? null: $length; $this->chunkLength = 0; while (!feof($this->socket) && (is_null($toRead) || 0 < $toRead)) { if ($chunked) { $data = $this->readChunked($bufferSize); } elseif (is_null($toRead)) { $data = $this->fread($bufferSize); } else { $data = $this->fread(min($toRead, $bufferSize)); $toRead -= strlen($data); } if ('' == $data && (!$this->chunkLength || feof($this->socket))) { break; } $hasBody = true; if ($this->request->getConfig('store_body')) { $response->appendBody($data); } if (!in_array($response->getHeader('content-encoding'), array('identity', null))) { $this->request->setLastEvent('receivedEncodedBodyPart', $data); } else { $this->request->setLastEvent('receivedBodyPart', $data); } } } if ($hasBody) { $this->request->setLastEvent('receivedBody', $response); } return $response; } /** * Reads until either the end of the socket or a newline, whichever comes first * * Strips the trailing newline from the returned data, handles global * request timeout. Method idea borrowed from Net_Socket PEAR package. * * @param int buffer size to use for reading * @return Available data up to the newline (not including newline) * @throws HTTP_Request2_MessageException In case of timeout */ protected function readLine($bufferSize) { $line = ''; while (!feof($this->socket)) { if ($this->deadline) { stream_set_timeout($this->socket, max($this->deadline - time(), 1)); } $line .= @fgets($this->socket, $bufferSize); $info = stream_get_meta_data($this->socket); if ($info['timed_out'] || $this->deadline && time() > $this->deadline) { $reason = $this->deadline ? 'after ' . $this->request->getConfig('timeout') . ' second(s)' : 'due to default_socket_timeout php.ini setting'; throw new HTTP_Request2_MessageException( "Request timed out {$reason}", HTTP_Request2_Exception::TIMEOUT ); } if (substr($line, -1) == "\n") { return rtrim($line, "\r\n"); } } return $line; } /** * Wrapper around fread(), handles global request timeout * * @param int Reads up to this number of bytes * @return Data read from socket * @throws HTTP_Request2_MessageException In case of timeout */ protected function fread($length) { if ($this->deadline) { stream_set_timeout($this->socket, max($this->deadline - time(), 1)); } $data = fread($this->socket, $length); $info = stream_get_meta_data($this->socket); if ($info['timed_out'] || $this->deadline && time() > $this->deadline) { $reason = $this->deadline ? 'after ' . $this->request->getConfig('timeout') . ' second(s)' : 'due to default_socket_timeout php.ini setting'; throw new HTTP_Request2_MessageException( "Request timed out {$reason}", HTTP_Request2_Exception::TIMEOUT ); } return $data; } /** * Reads a part of response body encoded with chunked Transfer-Encoding * * @param int buffer size to use for reading * @return string * @throws HTTP_Request2_MessageException */ protected function readChunked($bufferSize) { // at start of the next chunk? if (0 == $this->chunkLength) { $line = $this->readLine($bufferSize); if (!preg_match('/^([0-9a-f]+)/i', $line, $matches)) { throw new HTTP_Request2_MessageException( "Cannot decode chunked response, invalid chunk length '{$line}'", HTTP_Request2_Exception::DECODE_ERROR ); } else { $this->chunkLength = hexdec($matches[1]); // Chunk with zero length indicates the end if (0 == $this->chunkLength) { $this->readLine($bufferSize); return ''; } } } $data = $this->fread(min($this->chunkLength, $bufferSize)); $this->chunkLength -= strlen($data); if (0 == $this->chunkLength) { $this->readLine($bufferSize); // Trailing CRLF } return $data; } } /** * Adapter for HTTP_Request2 wrapping around cURL extension * * PHP version 5 * * LICENSE: * * Copyright (c) 2008-2011, Alexey Borzov * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * The names of the authors may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * @category HTTP * @package HTTP_Request2 * @author Alexey Borzov * @license http://opensource.org/licenses/bsd-license.php New BSD License * @version SVN: $Id: Curl.php 310800 2011-05-06 07:29:56Z avb $ * @link http://pear.php.net/package/HTTP_Request2 */ /** * Base class for HTTP_Request2 adapters */ /** * Adapter for HTTP_Request2 wrapping around cURL extension * * @category HTTP * @package HTTP_Request2 * @author Alexey Borzov * @version Release: 2.0.0 */ class HTTP_Request2_Adapter_Curl extends HTTP_Request2_Adapter { /** * Mapping of header names to cURL options * @var array */ protected static $headerMap = array( 'accept-encoding' => CURLOPT_ENCODING, 'cookie' => CURLOPT_COOKIE, 'referer' => CURLOPT_REFERER, 'user-agent' => CURLOPT_USERAGENT ); /** * Mapping of SSL context options to cURL options * @var array */ protected static $sslContextMap = array( 'ssl_verify_peer' => CURLOPT_SSL_VERIFYPEER, 'ssl_cafile' => CURLOPT_CAINFO, 'ssl_capath' => CURLOPT_CAPATH, 'ssl_local_cert' => CURLOPT_SSLCERT, 'ssl_passphrase' => CURLOPT_SSLCERTPASSWD ); /** * Mapping of CURLE_* constants to Exception subclasses and error codes * @var array */ protected static $errorMap = array( CURLE_UNSUPPORTED_PROTOCOL => array('HTTP_Request2_MessageException', HTTP_Request2_Exception::NON_HTTP_REDIRECT), CURLE_COULDNT_RESOLVE_PROXY => array('HTTP_Request2_ConnectionException'), CURLE_COULDNT_RESOLVE_HOST => array('HTTP_Request2_ConnectionException'), CURLE_COULDNT_CONNECT => array('HTTP_Request2_ConnectionException'), // error returned from write callback CURLE_WRITE_ERROR => array('HTTP_Request2_MessageException', HTTP_Request2_Exception::NON_HTTP_REDIRECT), CURLE_OPERATION_TIMEOUTED => array('HTTP_Request2_MessageException', HTTP_Request2_Exception::TIMEOUT), CURLE_HTTP_RANGE_ERROR => array('HTTP_Request2_MessageException'), CURLE_SSL_CONNECT_ERROR => array('HTTP_Request2_ConnectionException'), CURLE_LIBRARY_NOT_FOUND => array('HTTP_Request2_LogicException', HTTP_Request2_Exception::MISCONFIGURATION), CURLE_FUNCTION_NOT_FOUND => array('HTTP_Request2_LogicException', HTTP_Request2_Exception::MISCONFIGURATION), CURLE_ABORTED_BY_CALLBACK => array('HTTP_Request2_MessageException', HTTP_Request2_Exception::NON_HTTP_REDIRECT), CURLE_TOO_MANY_REDIRECTS => array('HTTP_Request2_MessageException', HTTP_Request2_Exception::TOO_MANY_REDIRECTS), CURLE_SSL_PEER_CERTIFICATE => array('HTTP_Request2_ConnectionException'), CURLE_GOT_NOTHING => array('HTTP_Request2_MessageException'), CURLE_SSL_ENGINE_NOTFOUND => array('HTTP_Request2_LogicException', HTTP_Request2_Exception::MISCONFIGURATION), CURLE_SSL_ENGINE_SETFAILED => array('HTTP_Request2_LogicException', HTTP_Request2_Exception::MISCONFIGURATION), CURLE_SEND_ERROR => array('HTTP_Request2_MessageException'), CURLE_RECV_ERROR => array('HTTP_Request2_MessageException'), CURLE_SSL_CERTPROBLEM => array('HTTP_Request2_LogicException', HTTP_Request2_Exception::INVALID_ARGUMENT), CURLE_SSL_CIPHER => array('HTTP_Request2_ConnectionException'), CURLE_SSL_CACERT => array('HTTP_Request2_ConnectionException'), CURLE_BAD_CONTENT_ENCODING => array('HTTP_Request2_MessageException'), ); /** * Response being received * @var HTTP_Request2_Response */ protected $response; /** * Whether 'sentHeaders' event was sent to observers * @var boolean */ protected $eventSentHeaders = false; /** * Whether 'receivedHeaders' event was sent to observers * @var boolean */ protected $eventReceivedHeaders = false; /** * Position within request body * @var integer * @see callbackReadBody() */ protected $position = 0; /** * Information about last transfer, as returned by curl_getinfo() * @var array */ protected $lastInfo; /** * Creates a subclass of HTTP_Request2_Exception from curl error data * * @param resource curl handle * @return HTTP_Request2_Exception */ protected static function wrapCurlError($ch) { $nativeCode = curl_errno($ch); $message = 'Curl error: ' . curl_error($ch); if (!isset(self::$errorMap[$nativeCode])) { return new HTTP_Request2_Exception($message, 0, $nativeCode); } else { $class = self::$errorMap[$nativeCode][0]; $code = empty(self::$errorMap[$nativeCode][1]) ? 0 : self::$errorMap[$nativeCode][1]; return new $class($message, $code, $nativeCode); } } /** * Sends request to the remote server and returns its response * * @param HTTP_Request2 * @return HTTP_Request2_Response * @throws HTTP_Request2_Exception */ public function sendRequest(HTTP_Request2 $request) { if (!extension_loaded('curl')) { throw new HTTP_Request2_LogicException( 'cURL extension not available', HTTP_Request2_Exception::MISCONFIGURATION ); } $this->request = $request; $this->response = null; $this->position = 0; $this->eventSentHeaders = false; $this->eventReceivedHeaders = false; try { if (false === curl_exec($ch = $this->createCurlHandle())) { $e = self::wrapCurlError($ch); } } catch (Exception $e) { } if (isset($ch)) { $this->lastInfo = curl_getinfo($ch); curl_close($ch); } $response = $this->response; unset($this->request, $this->requestBody, $this->response); if (!empty($e)) { throw $e; } if ($jar = $request->getCookieJar()) { $jar->addCookiesFromResponse($response, $request->getUrl()); } if (0 < $this->lastInfo['size_download']) { $request->setLastEvent('receivedBody', $response); } return $response; } /** * Returns information about last transfer * * @return array associative array as returned by curl_getinfo() */ public function getInfo() { return $this->lastInfo; } /** * Creates a new cURL handle and populates it with data from the request * * @return resource a cURL handle, as created by curl_init() * @throws HTTP_Request2_LogicException */ protected function createCurlHandle() { $ch = curl_init(); curl_setopt_array($ch, array( // setup write callbacks CURLOPT_HEADERFUNCTION => array($this, 'callbackWriteHeader'), CURLOPT_WRITEFUNCTION => array($this, 'callbackWriteBody'), // buffer size CURLOPT_BUFFERSIZE => $this->request->getConfig('buffer_size'), // connection timeout CURLOPT_CONNECTTIMEOUT => $this->request->getConfig('connect_timeout'), // save full outgoing headers, in case someone is interested CURLINFO_HEADER_OUT => true, // request url CURLOPT_URL => $this->request->getUrl()->getUrl() )); // set up redirects if (!$this->request->getConfig('follow_redirects')) { curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); } else { if (!@curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true)) { throw new HTTP_Request2_LogicException( 'Redirect support in curl is unavailable due to open_basedir or safe_mode setting', HTTP_Request2_Exception::MISCONFIGURATION ); } curl_setopt($ch, CURLOPT_MAXREDIRS, $this->request->getConfig('max_redirects')); // limit redirects to http(s), works in 5.2.10+ if (defined('CURLOPT_REDIR_PROTOCOLS')) { curl_setopt($ch, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); } // works in 5.3.2+, http://bugs.php.net/bug.php?id=49571 if ($this->request->getConfig('strict_redirects') && defined('CURLOPT_POSTREDIR')) { curl_setopt($ch, CURLOPT_POSTREDIR, 3); } } // request timeout if ($timeout = $this->request->getConfig('timeout')) { curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); } // set HTTP version switch ($this->request->getConfig('protocol_version')) { case '1.0': curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); break; case '1.1': curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); } // set request method switch ($this->request->getMethod()) { case HTTP_Request2::METHOD_GET: curl_setopt($ch, CURLOPT_HTTPGET, true); break; case HTTP_Request2::METHOD_POST: curl_setopt($ch, CURLOPT_POST, true); break; case HTTP_Request2::METHOD_HEAD: curl_setopt($ch, CURLOPT_NOBODY, true); break; case HTTP_Request2::METHOD_PUT: curl_setopt($ch, CURLOPT_UPLOAD, true); break; default: curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $this->request->getMethod()); } // set proxy, if needed if ($host = $this->request->getConfig('proxy_host')) { if (!($port = $this->request->getConfig('proxy_port'))) { throw new HTTP_Request2_LogicException( 'Proxy port not provided', HTTP_Request2_Exception::MISSING_VALUE ); } curl_setopt($ch, CURLOPT_PROXY, $host . ':' . $port); if ($user = $this->request->getConfig('proxy_user')) { curl_setopt($ch, CURLOPT_PROXYUSERPWD, $user . ':' . $this->request->getConfig('proxy_password')); switch ($this->request->getConfig('proxy_auth_scheme')) { case HTTP_Request2::AUTH_BASIC: curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_BASIC); break; case HTTP_Request2::AUTH_DIGEST: curl_setopt($ch, CURLOPT_PROXYAUTH, CURLAUTH_DIGEST); } } } // set authentication data if ($auth = $this->request->getAuth()) { curl_setopt($ch, CURLOPT_USERPWD, $auth['user'] . ':' . $auth['password']); switch ($auth['scheme']) { case HTTP_Request2::AUTH_BASIC: curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); break; case HTTP_Request2::AUTH_DIGEST: curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST); } } // set SSL options foreach ($this->request->getConfig() as $name => $value) { if ('ssl_verify_host' == $name && null !== $value) { curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $value? 2: 0); } elseif (isset(self::$sslContextMap[$name]) && null !== $value) { curl_setopt($ch, self::$sslContextMap[$name], $value); } } $headers = $this->request->getHeaders(); // make cURL automagically send proper header if (!isset($headers['accept-encoding'])) { $headers['accept-encoding'] = ''; } if (($jar = $this->request->getCookieJar()) && ($cookies = $jar->getMatching($this->request->getUrl(), true)) ) { $headers['cookie'] = (empty($headers['cookie'])? '': $headers['cookie'] . '; ') . $cookies; } // set headers having special cURL keys foreach (self::$headerMap as $name => $option) { if (isset($headers[$name])) { curl_setopt($ch, $option, $headers[$name]); unset($headers[$name]); } } $this->calculateRequestLength($headers); if (isset($headers['content-length'])) { $this->workaroundPhpBug47204($ch, $headers); } // set headers not having special keys $headersFmt = array(); foreach ($headers as $name => $value) { $canonicalName = implode('-', array_map('ucfirst', explode('-', $name))); $headersFmt[] = $canonicalName . ': ' . $value; } curl_setopt($ch, CURLOPT_HTTPHEADER, $headersFmt); return $ch; } /** * Workaround for PHP bug #47204 that prevents rewinding request body * * The workaround consists of reading the entire request body into memory * and setting it as CURLOPT_POSTFIELDS, so it isn't recommended for large * file uploads, use Socket adapter instead. * * @param resource cURL handle * @param array Request headers */ protected function workaroundPhpBug47204($ch, &$headers) { // no redirects, no digest auth -> probably no rewind needed if (!$this->request->getConfig('follow_redirects') && (!($auth = $this->request->getAuth()) || HTTP_Request2::AUTH_DIGEST != $auth['scheme']) ) { curl_setopt($ch, CURLOPT_READFUNCTION, array($this, 'callbackReadBody')); // rewind may be needed, read the whole body into memory } else { if ($this->requestBody instanceof HTTP_Request2_MultipartBody) { $this->requestBody = $this->requestBody->__toString(); } elseif (is_resource($this->requestBody)) { $fp = $this->requestBody; $this->requestBody = ''; while (!feof($fp)) { $this->requestBody .= fread($fp, 16384); } } // curl hangs up if content-length is present unset($headers['content-length']); curl_setopt($ch, CURLOPT_POSTFIELDS, $this->requestBody); } } /** * Callback function called by cURL for reading the request body * * @param resource cURL handle * @param resource file descriptor (not used) * @param integer maximum length of data to return * @return string part of the request body, up to $length bytes */ protected function callbackReadBody($ch, $fd, $length) { if (!$this->eventSentHeaders) { $this->request->setLastEvent( 'sentHeaders', curl_getinfo($ch, CURLINFO_HEADER_OUT) ); $this->eventSentHeaders = true; } if (in_array($this->request->getMethod(), self::$bodyDisallowed) || 0 == $this->contentLength || $this->position >= $this->contentLength ) { return ''; } if (is_string($this->requestBody)) { $string = substr($this->requestBody, $this->position, $length); } elseif (is_resource($this->requestBody)) { $string = fread($this->requestBody, $length); } else { $string = $this->requestBody->read($length); } $this->request->setLastEvent('sentBodyPart', strlen($string)); $this->position += strlen($string); return $string; } /** * Callback function called by cURL for saving the response headers * * @param resource cURL handle * @param string response header (with trailing CRLF) * @return integer number of bytes saved * @see HTTP_Request2_Response::parseHeaderLine() */ protected function callbackWriteHeader($ch, $string) { // we may receive a second set of headers if doing e.g. digest auth if ($this->eventReceivedHeaders || !$this->eventSentHeaders) { // don't bother with 100-Continue responses (bug #15785) if (!$this->eventSentHeaders || $this->response->getStatus() >= 200 ) { $this->request->setLastEvent( 'sentHeaders', curl_getinfo($ch, CURLINFO_HEADER_OUT) ); } $upload = curl_getinfo($ch, CURLINFO_SIZE_UPLOAD); // if body wasn't read by a callback, send event with total body size if ($upload > $this->position) { $this->request->setLastEvent( 'sentBodyPart', $upload - $this->position ); $this->position = $upload; } if ($upload && (!$this->eventSentHeaders || $this->response->getStatus() >= 200) ) { $this->request->setLastEvent('sentBody', $upload); } $this->eventSentHeaders = true; // we'll need a new response object if ($this->eventReceivedHeaders) { $this->eventReceivedHeaders = false; $this->response = null; } } if (empty($this->response)) { $this->response = new HTTP_Request2_Response( $string, false, curl_getinfo($ch, CURLINFO_EFFECTIVE_URL) ); } else { $this->response->parseHeaderLine($string); if ('' == trim($string)) { // don't bother with 100-Continue responses (bug #15785) if (200 <= $this->response->getStatus()) { $this->request->setLastEvent('receivedHeaders', $this->response); } if ($this->request->getConfig('follow_redirects') && $this->response->isRedirect()) { $redirectUrl = new Net_URL2($this->response->getHeader('location')); // for versions lower than 5.2.10, check the redirection URL protocol if (!defined('CURLOPT_REDIR_PROTOCOLS') && $redirectUrl->isAbsolute() && !in_array($redirectUrl->getScheme(), array('http', 'https')) ) { return -1; } if ($jar = $this->request->getCookieJar()) { $jar->addCookiesFromResponse($this->response, $this->request->getUrl()); if (!$redirectUrl->isAbsolute()) { $redirectUrl = $this->request->getUrl()->resolve($redirectUrl); } if ($cookies = $jar->getMatching($redirectUrl, true)) { curl_setopt($ch, CURLOPT_COOKIE, $cookies); } } } $this->eventReceivedHeaders = true; } } return strlen($string); } /** * Callback function called by cURL for saving the response body * * @param resource cURL handle (not used) * @param string part of the response body * @return integer number of bytes saved * @see HTTP_Request2_Response::appendBody() */ protected function callbackWriteBody($ch, $string) { // cURL calls WRITEFUNCTION callback without calling HEADERFUNCTION if // response doesn't start with proper HTTP status line (see bug #15716) if (empty($this->response)) { throw new HTTP_Request2_MessageException( "Malformed response: {$string}", HTTP_Request2_Exception::MALFORMED_RESPONSE ); } if ($this->request->getConfig('store_body')) { $this->response->appendBody($string); } $this->request->setLastEvent('receivedBodyPart', $string); return strlen($string); } } /** * Mock adapter intended for testing * * PHP version 5 * * LICENSE: * * Copyright (c) 2008-2011, Alexey Borzov * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * The names of the authors may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * @category HTTP * @package HTTP_Request2 * @author Alexey Borzov * @license http://opensource.org/licenses/bsd-license.php New BSD License * @version SVN: $Id: Mock.php 308322 2011-02-14 13:58:03Z avb $ * @link http://pear.php.net/package/HTTP_Request2 */ /** * Base class for HTTP_Request2 adapters */ /** * Mock adapter intended for testing * * Can be used to test applications depending on HTTP_Request2 package without * actually performing any HTTP requests. This adapter will return responses * previously added via addResponse() * * $mock = new HTTP_Request2_Adapter_Mock(); * $mock->addResponse("HTTP/1.1 ... "); * * $request = new HTTP_Request2(); * $request->setAdapter($mock); * * // This will return the response set above * $response = $req->send(); * * * @category HTTP * @package HTTP_Request2 * @author Alexey Borzov * @version Release: 2.0.0 */ class HTTP_Request2_Adapter_Mock extends HTTP_Request2_Adapter { /** * A queue of responses to be returned by sendRequest() * @var array */ protected $responses = array(); /** * Returns the next response from the queue built by addResponse() * * If the queue is empty it will return default empty response with status 400, * if an Exception object was added to the queue it will be thrown. * * @param HTTP_Request2 * @return HTTP_Request2_Response * @throws Exception */ public function sendRequest(HTTP_Request2 $request) { if (count($this->responses) > 0) { $response = array_shift($this->responses); if ($response instanceof HTTP_Request2_Response) { return $response; } else { // rethrow the exception $class = get_class($response); $message = $response->getMessage(); $code = $response->getCode(); throw new $class($message, $code); } } else { return self::createResponseFromString("HTTP/1.1 400 Bad Request\r\n\r\n"); } } /** * Adds response to the queue * * @param mixed either a string, a pointer to an open file, * an instance of HTTP_Request2_Response or Exception * @throws HTTP_Request2_Exception */ public function addResponse($response) { if (is_string($response)) { $response = self::createResponseFromString($response); } elseif (is_resource($response)) { $response = self::createResponseFromFile($response); } elseif (!$response instanceof HTTP_Request2_Response && !$response instanceof Exception ) { throw new HTTP_Request2_Exception('Parameter is not a valid response'); } $this->responses[] = $response; } /** * Creates a new HTTP_Request2_Response object from a string * * @param string * @return HTTP_Request2_Response * @throws HTTP_Request2_Exception */ public static function createResponseFromString($str) { $parts = preg_split('!(\r?\n){2}!m', $str, 2); $headerLines = explode("\n", $parts[0]); $response = new HTTP_Request2_Response(array_shift($headerLines)); foreach ($headerLines as $headerLine) { $response->parseHeaderLine($headerLine); } $response->parseHeaderLine(''); if (isset($parts[1])) { $response->appendBody($parts[1]); } return $response; } /** * Creates a new HTTP_Request2_Response object from a file * * @param resource file pointer returned by fopen() * @return HTTP_Request2_Response * @throws HTTP_Request2_Exception */ public static function createResponseFromFile($fp) { $response = new HTTP_Request2_Response(fgets($fp)); do { $headerLine = fgets($fp); $response->parseHeaderLine($headerLine); } while ('' != trim($headerLine)); while (!feof($fp)) { $response->appendBody(fread($fp, 8192)); } return $response; } } /** * Class representing a HTTP response * * PHP version 5 * * LICENSE: * * Copyright (c) 2008-2011, Alexey Borzov * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * The names of the authors may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * @category HTTP * @package HTTP_Request2 * @author Alexey Borzov * @license http://opensource.org/licenses/bsd-license.php New BSD License * @version SVN: $Id: Response.php 317591 2011-10-01 08:37:49Z avb $ * @link http://pear.php.net/package/HTTP_Request2 */ /** * Exception class for HTTP_Request2 package */ /** * Class representing a HTTP response * * The class is designed to be used in "streaming" scenario, building the * response as it is being received: * * $statusLine = read_status_line(); * $response = new HTTP_Request2_Response($statusLine); * do { * $headerLine = read_header_line(); * $response->parseHeaderLine($headerLine); * } while ($headerLine != ''); * * while ($chunk = read_body()) { * $response->appendBody($chunk); * } * * var_dump($response->getHeader(), $response->getCookies(), $response->getBody()); * * * * @category HTTP * @package HTTP_Request2 * @author Alexey Borzov * @version Release: 2.0.0 * @link http://tools.ietf.org/html/rfc2616#section-6 */ class HTTP_Request2_Response { /** * HTTP protocol version (e.g. 1.0, 1.1) * @var string */ protected $version; /** * Status code * @var integer * @link http://tools.ietf.org/html/rfc2616#section-6.1.1 */ protected $code; /** * Reason phrase * @var string * @link http://tools.ietf.org/html/rfc2616#section-6.1.1 */ protected $reasonPhrase; /** * Effective URL (may be different from original request URL in case of redirects) * @var string */ protected $effectiveUrl; /** * Associative array of response headers * @var array */ protected $headers = array(); /** * Cookies set in the response * @var array */ protected $cookies = array(); /** * Name of last header processed by parseHederLine() * * Used to handle the headers that span multiple lines * * @var string */ protected $lastHeader = null; /** * Response body * @var string */ protected $body = ''; /** * Whether the body is still encoded by Content-Encoding * * cURL provides the decoded body to the callback; if we are reading from * socket the body is still gzipped / deflated * * @var bool */ protected $bodyEncoded; /** * Associative array of HTTP status code / reason phrase. * * @var array * @link http://tools.ietf.org/html/rfc2616#section-10 */ protected static $phrases = array( // 1xx: Informational - Request received, continuing process 100 => 'Continue', 101 => 'Switching Protocols', // 2xx: Success - The action was successfully received, understood and // accepted 200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content', // 3xx: Redirection - Further action must be taken in order to complete // the request 300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', // 1.1 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect', // 4xx: Client Error - The request contains bad syntax or cannot be // fulfilled 400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Timeout', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Long', 415 => 'Unsupported Media Type', 416 => 'Requested Range Not Satisfiable', 417 => 'Expectation Failed', // 5xx: Server Error - The server failed to fulfill an apparently // valid request 500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Timeout', 505 => 'HTTP Version Not Supported', 509 => 'Bandwidth Limit Exceeded', ); /** * Returns the default reason phrase for the given code or all reason phrases * * @param int $code Response code * @return string|array|null Default reason phrase for $code if $code is given * (null if no phrase is available), array of all * reason phrases if $code is null * @link http://pear.php.net/bugs/18716 */ public static function getDefaultReasonPhrase($code = null) { if (null === $code) { return self::$phrases; } else { return isset(self::$phrases[$code]) ? self::$phrases[$code] : null; } } /** * Constructor, parses the response status line * * @param string Response status line (e.g. "HTTP/1.1 200 OK") * @param bool Whether body is still encoded by Content-Encoding * @param string Effective URL of the response * @throws HTTP_Request2_MessageException if status line is invalid according to spec */ public function __construct($statusLine, $bodyEncoded = true, $effectiveUrl = null) { if (!preg_match('!^HTTP/(\d\.\d) (\d{3})(?: (.+))?!', $statusLine, $m)) { throw new HTTP_Request2_MessageException( "Malformed response: {$statusLine}", HTTP_Request2_Exception::MALFORMED_RESPONSE ); } $this->version = $m[1]; $this->code = intval($m[2]); $this->reasonPhrase = !empty($m[3]) ? trim($m[3]) : self::getDefaultReasonPhrase($this->code); $this->bodyEncoded = (bool)$bodyEncoded; $this->effectiveUrl = (string)$effectiveUrl; } /** * Parses the line from HTTP response filling $headers array * * The method should be called after reading the line from socket or receiving * it into cURL callback. Passing an empty string here indicates the end of * response headers and triggers additional processing, so be sure to pass an * empty string in the end. * * @param string Line from HTTP response */ public function parseHeaderLine($headerLine) { $headerLine = trim($headerLine, "\r\n"); // empty string signals the end of headers, process the received ones if ('' == $headerLine) { if (!empty($this->headers['set-cookie'])) { $cookies = is_array($this->headers['set-cookie'])? $this->headers['set-cookie']: array($this->headers['set-cookie']); foreach ($cookies as $cookieString) { $this->parseCookie($cookieString); } unset($this->headers['set-cookie']); } foreach (array_keys($this->headers) as $k) { if (is_array($this->headers[$k])) { $this->headers[$k] = implode(', ', $this->headers[$k]); } } // string of the form header-name: header value } elseif (preg_match('!^([^\x00-\x1f\x7f-\xff()<>@,;:\\\\"/\[\]?={}\s]+):(.+)$!', $headerLine, $m)) { $name = strtolower($m[1]); $value = trim($m[2]); if (empty($this->headers[$name])) { $this->headers[$name] = $value; } else { if (!is_array($this->headers[$name])) { $this->headers[$name] = array($this->headers[$name]); } $this->headers[$name][] = $value; } $this->lastHeader = $name; // continuation of a previous header } elseif (preg_match('!^\s+(.+)$!', $headerLine, $m) && $this->lastHeader) { if (!is_array($this->headers[$this->lastHeader])) { $this->headers[$this->lastHeader] .= ' ' . trim($m[1]); } else { $key = count($this->headers[$this->lastHeader]) - 1; $this->headers[$this->lastHeader][$key] .= ' ' . trim($m[1]); } } } /** * Parses a Set-Cookie header to fill $cookies array * * @param string value of Set-Cookie header * @link http://web.archive.org/web/20080331104521/http://cgi.netscape.com/newsref/std/cookie_spec.html */ protected function parseCookie($cookieString) { $cookie = array( 'expires' => null, 'domain' => null, 'path' => null, 'secure' => false ); // Only a name=value pair if (!strpos($cookieString, ';')) { $pos = strpos($cookieString, '='); $cookie['name'] = trim(substr($cookieString, 0, $pos)); $cookie['value'] = trim(substr($cookieString, $pos + 1)); // Some optional parameters are supplied } else { $elements = explode(';', $cookieString); $pos = strpos($elements[0], '='); $cookie['name'] = trim(substr($elements[0], 0, $pos)); $cookie['value'] = trim(substr($elements[0], $pos + 1)); for ($i = 1; $i < count($elements); $i++) { if (false === strpos($elements[$i], '=')) { $elName = trim($elements[$i]); $elValue = null; } else { list ($elName, $elValue) = array_map('trim', explode('=', $elements[$i])); } $elName = strtolower($elName); if ('secure' == $elName) { $cookie['secure'] = true; } elseif ('expires' == $elName) { $cookie['expires'] = str_replace('"', '', $elValue); } elseif ('path' == $elName || 'domain' == $elName) { $cookie[$elName] = urldecode($elValue); } else { $cookie[$elName] = $elValue; } } } $this->cookies[] = $cookie; } /** * Appends a string to the response body * @param string */ public function appendBody($bodyChunk) { $this->body .= $bodyChunk; } /** * Returns the effective URL of the response * * This may be different from the request URL if redirects were followed. * * @return string * @link http://pear.php.net/bugs/bug.php?id=18412 */ public function getEffectiveUrl() { return $this->effectiveUrl; } /** * Returns the status code * @return integer */ public function getStatus() { return $this->code; } /** * Returns the reason phrase * @return string */ public function getReasonPhrase() { return $this->reasonPhrase; } /** * Whether response is a redirect that can be automatically handled by HTTP_Request2 * @return bool */ public function isRedirect() { return in_array($this->code, array(300, 301, 302, 303, 307)) && isset($this->headers['location']); } /** * Returns either the named header or all response headers * * @param string Name of header to return * @return string|array Value of $headerName header (null if header is * not present), array of all response headers if * $headerName is null */ public function getHeader($headerName = null) { if (null === $headerName) { return $this->headers; } else { $headerName = strtolower($headerName); return isset($this->headers[$headerName])? $this->headers[$headerName]: null; } } /** * Returns cookies set in response * * @return array */ public function getCookies() { return $this->cookies; } /** * Returns the body of the response * * @return string * @throws HTTP_Request2_Exception if body cannot be decoded */ public function getBody() { if (0 == strlen($this->body) || !$this->bodyEncoded || !in_array(strtolower($this->getHeader('content-encoding')), array('gzip', 'deflate')) ) { return $this->body; } else { if (extension_loaded('mbstring') && (2 & ini_get('mbstring.func_overload'))) { $oldEncoding = mb_internal_encoding(); mb_internal_encoding('iso-8859-1'); } try { switch (strtolower($this->getHeader('content-encoding'))) { case 'gzip': $decoded = self::decodeGzip($this->body); break; case 'deflate': $decoded = self::decodeDeflate($this->body); } } catch (Exception $e) { } if (!empty($oldEncoding)) { mb_internal_encoding($oldEncoding); } if (!empty($e)) { throw $e; } return $decoded; } } /** * Get the HTTP version of the response * * @return string */ public function getVersion() { return $this->version; } /** * Decodes the message-body encoded by gzip * * The real decoding work is done by gzinflate() built-in function, this * method only parses the header and checks data for compliance with * RFC 1952 * * @param string gzip-encoded data * @return string decoded data * @throws HTTP_Request2_LogicException * @throws HTTP_Request2_MessageException * @link http://tools.ietf.org/html/rfc1952 */ public static function decodeGzip($data) { $length = strlen($data); // If it doesn't look like gzip-encoded data, don't bother if (18 > $length || strcmp(substr($data, 0, 2), "\x1f\x8b")) { return $data; } if (!function_exists('gzinflate')) { throw new HTTP_Request2_LogicException( 'Unable to decode body: gzip extension not available', HTTP_Request2_Exception::MISCONFIGURATION ); } $method = ord(substr($data, 2, 1)); if (8 != $method) { throw new HTTP_Request2_MessageException( 'Error parsing gzip header: unknown compression method', HTTP_Request2_Exception::DECODE_ERROR ); } $flags = ord(substr($data, 3, 1)); if ($flags & 224) { throw new HTTP_Request2_MessageException( 'Error parsing gzip header: reserved bits are set', HTTP_Request2_Exception::DECODE_ERROR ); } // header is 10 bytes minimum. may be longer, though. $headerLength = 10; // extra fields, need to skip 'em if ($flags & 4) { if ($length - $headerLength - 2 < 8) { throw new HTTP_Request2_MessageException( 'Error parsing gzip header: data too short', HTTP_Request2_Exception::DECODE_ERROR ); } $extraLength = unpack('v', substr($data, 10, 2)); if ($length - $headerLength - 2 - $extraLength[1] < 8) { throw new HTTP_Request2_MessageException( 'Error parsing gzip header: data too short', HTTP_Request2_Exception::DECODE_ERROR ); } $headerLength += $extraLength[1] + 2; } // file name, need to skip that if ($flags & 8) { if ($length - $headerLength - 1 < 8) { throw new HTTP_Request2_MessageException( 'Error parsing gzip header: data too short', HTTP_Request2_Exception::DECODE_ERROR ); } $filenameLength = strpos(substr($data, $headerLength), chr(0)); if (false === $filenameLength || $length - $headerLength - $filenameLength - 1 < 8) { throw new HTTP_Request2_MessageException( 'Error parsing gzip header: data too short', HTTP_Request2_Exception::DECODE_ERROR ); } $headerLength += $filenameLength + 1; } // comment, need to skip that also if ($flags & 16) { if ($length - $headerLength - 1 < 8) { throw new HTTP_Request2_MessageException( 'Error parsing gzip header: data too short', HTTP_Request2_Exception::DECODE_ERROR ); } $commentLength = strpos(substr($data, $headerLength), chr(0)); if (false === $commentLength || $length - $headerLength - $commentLength - 1 < 8) { throw new HTTP_Request2_MessageException( 'Error parsing gzip header: data too short', HTTP_Request2_Exception::DECODE_ERROR ); } $headerLength += $commentLength + 1; } // have a CRC for header. let's check if ($flags & 2) { if ($length - $headerLength - 2 < 8) { throw new HTTP_Request2_MessageException( 'Error parsing gzip header: data too short', HTTP_Request2_Exception::DECODE_ERROR ); } $crcReal = 0xffff & crc32(substr($data, 0, $headerLength)); $crcStored = unpack('v', substr($data, $headerLength, 2)); if ($crcReal != $crcStored[1]) { throw new HTTP_Request2_MessageException( 'Header CRC check failed', HTTP_Request2_Exception::DECODE_ERROR ); } $headerLength += 2; } // unpacked data CRC and size at the end of encoded data $tmp = unpack('V2', substr($data, -8)); $dataCrc = $tmp[1]; $dataSize = $tmp[2]; // finally, call the gzinflate() function // don't pass $dataSize to gzinflate, see bugs #13135, #14370 $unpacked = gzinflate(substr($data, $headerLength, -8)); if (false === $unpacked) { throw new HTTP_Request2_MessageException( 'gzinflate() call failed', HTTP_Request2_Exception::DECODE_ERROR ); } elseif ($dataSize != strlen($unpacked)) { throw new HTTP_Request2_MessageException( 'Data size check failed', HTTP_Request2_Exception::DECODE_ERROR ); } elseif ((0xffffffff & $dataCrc) != (0xffffffff & crc32($unpacked))) { throw new HTTP_Request2_Exception( 'Data CRC check failed', HTTP_Request2_Exception::DECODE_ERROR ); } return $unpacked; } /** * Decodes the message-body encoded by deflate * * @param string deflate-encoded data * @return string decoded data * @throws HTTP_Request2_LogicException */ public static function decodeDeflate($data) { if (!function_exists('gzuncompress')) { throw new HTTP_Request2_LogicException( 'Unable to decode body: gzip extension not available', HTTP_Request2_Exception::MISCONFIGURATION ); } // RFC 2616 defines 'deflate' encoding as zlib format from RFC 1950, // while many applications send raw deflate stream from RFC 1951. // We should check for presence of zlib header and use gzuncompress() or // gzinflate() as needed. See bug #15305 $header = unpack('n', substr($data, 0, 2)); return (0 == $header[1] % 31)? gzuncompress($data): gzinflate($data); } } /** * An observer useful for debugging / testing. * * PHP version 5 * * LICENSE: * * Copyright (c) 2008-2011, Alexey Borzov * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * The names of the authors may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * @category HTTP * @package HTTP_Request2 * @author David Jean Louis * @author Alexey Borzov * @license http://opensource.org/licenses/bsd-license.php New BSD License * @version SVN: $Id: Log.php 308680 2011-02-25 17:40:17Z avb $ * @link http://pear.php.net/package/HTTP_Request2 */ /** * Exception class for HTTP_Request2 package */ /** * A debug observer useful for debugging / testing. * * This observer logs to a log target data corresponding to the various request * and response events, it logs by default to php://output but can be configured * to log to a file or via the PEAR Log package. * * A simple example: * * * $request = new HTTP_Request2('http://www.example.com'); * $observer = new HTTP_Request2_Observer_Log(); * $request->attach($observer); * $request->send(); * * * A more complex example with PEAR Log: * * * $request = new HTTP_Request2('http://www.example.com'); * // we want to log with PEAR log * $observer = new HTTP_Request2_Observer_Log(Log::factory('console')); * * // we only want to log received headers * $observer->events = array('receivedHeaders'); * * $request->attach($observer); * $request->send(); * * * @category HTTP * @package HTTP_Request2 * @author David Jean Louis * @author Alexey Borzov * @license http://opensource.org/licenses/bsd-license.php New BSD License * @version Release: 2.0.0 * @link http://pear.php.net/package/HTTP_Request2 */ class HTTP_Request2_Observer_Log implements SplObserver { // properties {{{ /** * The log target, it can be a a resource or a PEAR Log instance. * * @var resource|Log $target */ protected $target = null; /** * The events to log. * * @var array $events */ public $events = array( 'connect', 'sentHeaders', 'sentBody', 'receivedHeaders', 'receivedBody', 'disconnect', ); // }}} // __construct() {{{ /** * Constructor. * * @param mixed $target Can be a file path (default: php://output), a resource, * or an instance of the PEAR Log class. * @param array $events Array of events to listen to (default: all events) * * @return void */ public function __construct($target = 'php://output', array $events = array()) { if (!empty($events)) { $this->events = $events; } if (is_resource($target) || $target instanceof Log) { $this->target = $target; } elseif (false === ($this->target = @fopen($target, 'ab'))) { throw new HTTP_Request2_Exception("Unable to open '{$target}'"); } } // }}} // update() {{{ /** * Called when the request notifies us of an event. * * @param HTTP_Request2 $subject The HTTP_Request2 instance * * @return void */ public function update(SplSubject $subject) { $event = $subject->getLastEvent(); if (!in_array($event['name'], $this->events)) { return; } switch ($event['name']) { case 'connect': $this->log('* Connected to ' . $event['data']); break; case 'sentHeaders': $headers = explode("\r\n", $event['data']); array_pop($headers); foreach ($headers as $header) { $this->log('> ' . $header); } break; case 'sentBody': $this->log('> ' . $event['data'] . ' byte(s) sent'); break; case 'receivedHeaders': $this->log(sprintf('< HTTP/%s %s %s', $event['data']->getVersion(), $event['data']->getStatus(), $event['data']->getReasonPhrase())); $headers = $event['data']->getHeader(); foreach ($headers as $key => $val) { $this->log('< ' . $key . ': ' . $val); } $this->log('< '); break; case 'receivedBody': $this->log($event['data']->getBody()); break; case 'disconnect': $this->log('* Disconnected'); break; } } // }}} // log() {{{ /** * Logs the given message to the configured target. * * @param string $message Message to display * * @return void */ protected function log($message) { if ($this->target instanceof Log) { $this->target->debug($message); } elseif (is_resource($this->target)) { fwrite($this->target, $message . "\r\n"); } } // }}} } /** * Base class for HTTP_Request2 adapters * * PHP version 5 * * LICENSE: * * Copyright (c) 2008-2011, Alexey Borzov * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * The names of the authors may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * @category HTTP * @package HTTP_Request2 * @author Alexey Borzov * @license http://opensource.org/licenses/bsd-license.php New BSD License * @version SVN: $Id: Adapter.php 308322 2011-02-14 13:58:03Z avb $ * @link http://pear.php.net/package/HTTP_Request2 */ /** * Class representing a HTTP response */ /** * Base class for HTTP_Request2 adapters * * HTTP_Request2 class itself only defines methods for aggregating the request * data, all actual work of sending the request to the remote server and * receiving its response is performed by adapters. * * @category HTTP * @package HTTP_Request2 * @author Alexey Borzov * @version Release: 2.0.0 */ abstract class HTTP_Request2_Adapter { /** * A list of methods that MUST NOT have a request body, per RFC 2616 * @var array */ protected static $bodyDisallowed = array('TRACE'); /** * Methods having defined semantics for request body * * Content-Length header (indicating that the body follows, section 4.3 of * RFC 2616) will be sent for these methods even if no body was added * * @var array * @link http://pear.php.net/bugs/bug.php?id=12900 * @link http://pear.php.net/bugs/bug.php?id=14740 */ protected static $bodyRequired = array('POST', 'PUT'); /** * Request being sent * @var HTTP_Request2 */ protected $request; /** * Request body * @var string|resource|HTTP_Request2_MultipartBody * @see HTTP_Request2::getBody() */ protected $requestBody; /** * Length of the request body * @var integer */ protected $contentLength; /** * Sends request to the remote server and returns its response * * @param HTTP_Request2 * @return HTTP_Request2_Response * @throws HTTP_Request2_Exception */ abstract public function sendRequest(HTTP_Request2 $request); /** * Calculates length of the request body, adds proper headers * * @param array associative array of request headers, this method will * add proper 'Content-Length' and 'Content-Type' headers * to this array (or remove them if not needed) */ protected function calculateRequestLength(&$headers) { $this->requestBody = $this->request->getBody(); if (is_string($this->requestBody)) { $this->contentLength = strlen($this->requestBody); } elseif (is_resource($this->requestBody)) { $stat = fstat($this->requestBody); $this->contentLength = $stat['size']; rewind($this->requestBody); } else { $this->contentLength = $this->requestBody->getLength(); $headers['content-type'] = 'multipart/form-data; boundary=' . $this->requestBody->getBoundary(); $this->requestBody->rewind(); } if (in_array($this->request->getMethod(), self::$bodyDisallowed) || 0 == $this->contentLength ) { // No body: send a Content-Length header nonetheless (request #12900), // but do that only for methods that require a body (bug #14740) if (in_array($this->request->getMethod(), self::$bodyRequired)) { $headers['content-length'] = 0; } else { unset($headers['content-length']); // if the method doesn't require a body and doesn't have a // body, don't send a Content-Type header. (request #16799) unset($headers['content-type']); } } else { if (empty($headers['content-type'])) { $headers['content-type'] = 'application/x-www-form-urlencoded'; } $headers['content-length'] = $this->contentLength; } } } /** * Stores cookies and passes them between HTTP requests * * PHP version 5 * * LICENSE: * * Copyright (c) 2008-2011, Alexey Borzov * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * The names of the authors may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * @category HTTP * @package HTTP_Request2 * @author Alexey Borzov * @license http://opensource.org/licenses/bsd-license.php New BSD License * @version SVN: $Id: CookieJar.php 308629 2011-02-24 17:34:24Z avb $ * @link http://pear.php.net/package/HTTP_Request2 */ /** Class representing a HTTP request message */ /** * Stores cookies and passes them between HTTP requests * * @category HTTP * @package HTTP_Request2 * @author Alexey Borzov * @version Release: @package_version@ */ class HTTP_Request2_CookieJar implements Serializable { /** * Array of stored cookies * * The array is indexed by domain, path and cookie name * .example.com * / * some_cookie => cookie data * /subdir * other_cookie => cookie data * .example.org * ... * * @var array */ protected $cookies = array(); /** * Whether session cookies should be serialized when serializing the jar * @var bool */ protected $serializeSession = false; /** * Whether Public Suffix List should be used for domain matching * @var bool */ protected $useList = true; /** * Array with Public Suffix List data * @var array * @link http://publicsuffix.org/ */ protected static $psl = array(); /** * Class constructor, sets various options * * @param bool Controls serializing session cookies, see {@link serializeSessionCookies()} * @param bool Controls using Public Suffix List, see {@link usePublicSuffixList()} */ public function __construct($serializeSessionCookies = false, $usePublicSuffixList = true) { $this->serializeSessionCookies($serializeSessionCookies); $this->usePublicSuffixList($usePublicSuffixList); } /** * Returns current time formatted in ISO-8601 at UTC timezone * * @return string */ protected function now() { $dt = new DateTime(); $dt->setTimezone(new DateTimeZone('UTC')); return $dt->format(DateTime::ISO8601); } /** * Checks cookie array for correctness, possibly updating its 'domain', 'path' and 'expires' fields * * The checks are as follows: * - cookie array should contain 'name' and 'value' fields; * - name and value should not contain disallowed symbols; * - 'expires' should be either empty parseable by DateTime; * - 'domain' and 'path' should be either not empty or an URL where * cookie was set should be provided. * - if $setter is provided, then document at that URL should be allowed * to set a cookie for that 'domain'. If $setter is not provided, * then no domain checks will be made. * * 'expires' field will be converted to ISO8601 format from COOKIE format, * 'domain' and 'path' will be set from setter URL if empty. * * @param array cookie data, as returned by {@link HTTP_Request2_Response::getCookies()} * @param Net_URL2 URL of the document that sent Set-Cookie header * @return array Updated cookie array * @throws HTTP_Request2_LogicException * @throws HTTP_Request2_MessageException */ protected function checkAndUpdateFields(array $cookie, Net_URL2 $setter = null) { if ($missing = array_diff(array('name', 'value'), array_keys($cookie))) { throw new HTTP_Request2_LogicException( "Cookie array should contain 'name' and 'value' fields", HTTP_Request2_Exception::MISSING_VALUE ); } if (preg_match(HTTP_Request2::REGEXP_INVALID_COOKIE, $cookie['name'])) { throw new HTTP_Request2_LogicException( "Invalid cookie name: '{$cookie['name']}'", HTTP_Request2_Exception::INVALID_ARGUMENT ); } if (preg_match(HTTP_Request2::REGEXP_INVALID_COOKIE, $cookie['value'])) { throw new HTTP_Request2_LogicException( "Invalid cookie value: '{$cookie['value']}'", HTTP_Request2_Exception::INVALID_ARGUMENT ); } $cookie += array('domain' => '', 'path' => '', 'expires' => null, 'secure' => false); // Need ISO-8601 date @ UTC timezone if (!empty($cookie['expires']) && !preg_match('/^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\+0000$/', $cookie['expires']) ) { try { $dt = new DateTime($cookie['expires']); $dt->setTimezone(new DateTimeZone('UTC')); $cookie['expires'] = $dt->format(DateTime::ISO8601); } catch (Exception $e) { throw new HTTP_Request2_LogicException($e->getMessage()); } } if (empty($cookie['domain']) || empty($cookie['path'])) { if (!$setter) { throw new HTTP_Request2_LogicException( 'Cookie misses domain and/or path component, cookie setter URL needed', HTTP_Request2_Exception::MISSING_VALUE ); } if (empty($cookie['domain'])) { if ($host = $setter->getHost()) { $cookie['domain'] = $host; } else { throw new HTTP_Request2_LogicException( 'Setter URL does not contain host part, can\'t set cookie domain', HTTP_Request2_Exception::MISSING_VALUE ); } } if (empty($cookie['path'])) { $path = $setter->getPath(); $cookie['path'] = empty($path)? '/': substr($path, 0, strrpos($path, '/') + 1); } } if ($setter && !$this->domainMatch($setter->getHost(), $cookie['domain'])) { throw new HTTP_Request2_MessageException( "Domain " . $setter->getHost() . " cannot set cookies for " . $cookie['domain'] ); } return $cookie; } /** * Stores a cookie in the jar * * @param array cookie data, as returned by {@link HTTP_Request2_Response::getCookies()} * @param Net_URL2 URL of the document that sent Set-Cookie header * @throws HTTP_Request2_Exception */ public function store(array $cookie, Net_URL2 $setter = null) { $cookie = $this->checkAndUpdateFields($cookie, $setter); if (strlen($cookie['value']) && (is_null($cookie['expires']) || $cookie['expires'] > $this->now()) ) { if (!isset($this->cookies[$cookie['domain']])) { $this->cookies[$cookie['domain']] = array(); } if (!isset($this->cookies[$cookie['domain']][$cookie['path']])) { $this->cookies[$cookie['domain']][$cookie['path']] = array(); } $this->cookies[$cookie['domain']][$cookie['path']][$cookie['name']] = $cookie; } elseif (isset($this->cookies[$cookie['domain']][$cookie['path']][$cookie['name']])) { unset($this->cookies[$cookie['domain']][$cookie['path']][$cookie['name']]); } } /** * Adds cookies set in HTTP response to the jar * * @param HTTP_Request2_Response response * @param Net_URL2 original request URL, needed for setting * default domain/path */ public function addCookiesFromResponse(HTTP_Request2_Response $response, Net_URL2 $setter) { foreach ($response->getCookies() as $cookie) { $this->store($cookie, $setter); } } /** * Returns all cookies matching a given request URL * * The following checks are made: * - cookie domain should match request host * - cookie path should be a prefix for request path * - 'secure' cookies will only be sent for HTTPS requests * * @param Net_URL2 * @param bool Whether to return cookies as string for "Cookie: " header * @return array */ public function getMatching(Net_URL2 $url, $asString = false) { $host = $url->getHost(); $path = $url->getPath(); $secure = 0 == strcasecmp($url->getScheme(), 'https'); $matched = $ret = array(); foreach (array_keys($this->cookies) as $domain) { if ($this->domainMatch($host, $domain)) { foreach (array_keys($this->cookies[$domain]) as $cPath) { if (0 === strpos($path, $cPath)) { foreach ($this->cookies[$domain][$cPath] as $name => $cookie) { if (!$cookie['secure'] || $secure) { $matched[$name][strlen($cookie['path'])] = $cookie; } } } } } } foreach ($matched as $cookies) { krsort($cookies); $ret = array_merge($ret, $cookies); } if (!$asString) { return $ret; } else { $str = ''; foreach ($ret as $c) { $str .= (empty($str)? '': '; ') . $c['name'] . '=' . $c['value']; } return $str; } } /** * Returns all cookies stored in a jar * * @return array */ public function getAll() { $cookies = array(); foreach (array_keys($this->cookies) as $domain) { foreach (array_keys($this->cookies[$domain]) as $path) { foreach ($this->cookies[$domain][$path] as $name => $cookie) { $cookies[] = $cookie; } } } return $cookies; } /** * Sets whether session cookies should be serialized when serializing the jar * * @param boolean */ public function serializeSessionCookies($serialize) { $this->serializeSession = (bool)$serialize; } /** * Sets whether Public Suffix List should be used for restricting cookie-setting * * Without PSL {@link domainMatch()} will only prevent setting cookies for * top-level domains like '.com' or '.org'. However, it will not prevent * setting a cookie for '.co.uk' even though only third-level registrations * are possible in .uk domain. * * With the List it is possible to find the highest level at which a domain * may be registered for a particular top-level domain and consequently * prevent cookies set for '.co.uk' or '.msk.ru'. The same list is used by * Firefox, Chrome and Opera browsers to restrict cookie setting. * * Note that PSL is licensed differently to HTTP_Request2 package (refer to * the license information in public-suffix-list.php), so you can disable * its use if this is an issue for you. * * @param boolean * @link http://publicsuffix.org/learn/ */ public function usePublicSuffixList($useList) { $this->useList = (bool)$useList; } /** * Returns string representation of object * * @return string * @see Serializable::serialize() */ public function serialize() { $cookies = $this->getAll(); if (!$this->serializeSession) { for ($i = count($cookies) - 1; $i >= 0; $i--) { if (empty($cookies[$i]['expires'])) { unset($cookies[$i]); } } } return serialize(array( 'cookies' => $cookies, 'serializeSession' => $this->serializeSession, 'useList' => $this->useList )); } /** * Constructs the object from serialized string * * @param string string representation * @see Serializable::unserialize() */ public function unserialize($serialized) { $data = unserialize($serialized); $now = $this->now(); $this->serializeSessionCookies($data['serializeSession']); $this->usePublicSuffixList($data['useList']); foreach ($data['cookies'] as $cookie) { if (!empty($cookie['expires']) && $cookie['expires'] <= $now) { continue; } if (!isset($this->cookies[$cookie['domain']])) { $this->cookies[$cookie['domain']] = array(); } if (!isset($this->cookies[$cookie['domain']][$cookie['path']])) { $this->cookies[$cookie['domain']][$cookie['path']] = array(); } $this->cookies[$cookie['domain']][$cookie['path']][$cookie['name']] = $cookie; } } /** * Checks whether a cookie domain matches a request host. * * The method is used by {@link store()} to check for whether a document * at given URL can set a cookie with a given domain attribute and by * {@link getMatching()} to find cookies matching the request URL. * * @param string request host * @param string cookie domain * @return bool match success */ public function domainMatch($requestHost, $cookieDomain) { if ($requestHost == $cookieDomain) { return true; } // IP address, we require exact match if (preg_match('/^(?:\d{1,3}\.){3}\d{1,3}$/', $requestHost)) { return false; } if ('.' != $cookieDomain[0]) { $cookieDomain = '.' . $cookieDomain; } // prevents setting cookies for '.com' and similar domains if (!$this->useList && substr_count($cookieDomain, '.') < 2 || $this->useList && !self::getRegisteredDomain($cookieDomain) ) { return false; } return substr('.' . $requestHost, -strlen($cookieDomain)) == $cookieDomain; } /** * Removes subdomains to get the registered domain (the first after top-level) * * The method will check Public Suffix List to find out where top-level * domain ends and registered domain starts. It will remove domain parts * to the left of registered one. * * @param string domain name * @return string|bool registered domain, will return false if $domain is * either invalid or a TLD itself */ public static function getRegisteredDomain($domain) { $domainParts = explode('.', ltrim($domain, '.')); // load the list if needed if (empty(self::$psl)) { $path = '@data_dir@' . DIRECTORY_SEPARATOR . 'HTTP_Request2'; if (0 === strpos($path, '@' . 'data_dir@')) { $path = realpath(dirname(__FILE__) . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'data'); } self::$psl = include_once $path . DIRECTORY_SEPARATOR . 'public-suffix-list.php'; } if (!($result = self::checkDomainsList($domainParts, self::$psl))) { // known TLD, invalid domain name return false; } // unknown TLD if (!strpos($result, '.')) { // fallback to checking that domain "has at least two dots" if (2 > ($count = count($domainParts))) { return false; } return $domainParts[$count - 2] . '.' . $domainParts[$count - 1]; } return $result; } /** * Recursive helper method for {@link getRegisteredDomain()} * * @param array remaining domain parts * @param mixed node in {@link HTTP_Request2_CookieJar::$psl} to check * @return string|null concatenated domain parts, null in case of error */ protected static function checkDomainsList(array $domainParts, $listNode) { $sub = array_pop($domainParts); $result = null; if (!is_array($listNode) || is_null($sub) || array_key_exists('!' . $sub, $listNode) ) { return $sub; } elseif (array_key_exists($sub, $listNode)) { $result = self::checkDomainsList($domainParts, $listNode[$sub]); } elseif (array_key_exists('*', $listNode)) { $result = self::checkDomainsList($domainParts, $listNode['*']); } else { return $sub; } return (strlen($result) > 0) ? ($result . '.' . $sub) : null; } } /** * Helper class for building multipart/form-data request body * * PHP version 5 * * LICENSE: * * Copyright (c) 2008-2011, Alexey Borzov * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * The names of the authors may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * @category HTTP * @package HTTP_Request2 * @author Alexey Borzov * @license http://opensource.org/licenses/bsd-license.php New BSD License * @version SVN: $Id: MultipartBody.php 308322 2011-02-14 13:58:03Z avb $ * @link http://pear.php.net/package/HTTP_Request2 */ /** * Class for building multipart/form-data request body * * The class helps to reduce memory consumption by streaming large file uploads * from disk, it also allows monitoring of upload progress (see request #7630) * * @category HTTP * @package HTTP_Request2 * @author Alexey Borzov * @version Release: 2.0.0 * @link http://tools.ietf.org/html/rfc1867 */ class HTTP_Request2_MultipartBody { /** * MIME boundary * @var string */ private $_boundary; /** * Form parameters added via {@link HTTP_Request2::addPostParameter()} * @var array */ private $_params = array(); /** * File uploads added via {@link HTTP_Request2::addUpload()} * @var array */ private $_uploads = array(); /** * Header for parts with parameters * @var string */ private $_headerParam = "--%s\r\nContent-Disposition: form-data; name=\"%s\"\r\n\r\n"; /** * Header for parts with uploads * @var string */ private $_headerUpload = "--%s\r\nContent-Disposition: form-data; name=\"%s\"; filename=\"%s\"\r\nContent-Type: %s\r\n\r\n"; /** * Current position in parameter and upload arrays * * First number is index of "current" part, second number is position within * "current" part * * @var array */ private $_pos = array(0, 0); /** * Constructor. Sets the arrays with POST data. * * @param array values of form fields set via {@link HTTP_Request2::addPostParameter()} * @param array file uploads set via {@link HTTP_Request2::addUpload()} * @param bool whether to append brackets to array variable names */ public function __construct(array $params, array $uploads, $useBrackets = true) { $this->_params = self::_flattenArray('', $params, $useBrackets); foreach ($uploads as $fieldName => $f) { if (!is_array($f['fp'])) { $this->_uploads[] = $f + array('name' => $fieldName); } else { for ($i = 0; $i < count($f['fp']); $i++) { $upload = array( 'name' => ($useBrackets? $fieldName . '[' . $i . ']': $fieldName) ); foreach (array('fp', 'filename', 'size', 'type') as $key) { $upload[$key] = $f[$key][$i]; } $this->_uploads[] = $upload; } } } } /** * Returns the length of the body to use in Content-Length header * * @return integer */ public function getLength() { $boundaryLength = strlen($this->getBoundary()); $headerParamLength = strlen($this->_headerParam) - 4 + $boundaryLength; $headerUploadLength = strlen($this->_headerUpload) - 8 + $boundaryLength; $length = $boundaryLength + 6; foreach ($this->_params as $p) { $length += $headerParamLength + strlen($p[0]) + strlen($p[1]) + 2; } foreach ($this->_uploads as $u) { $length += $headerUploadLength + strlen($u['name']) + strlen($u['type']) + strlen($u['filename']) + $u['size'] + 2; } return $length; } /** * Returns the boundary to use in Content-Type header * * @return string */ public function getBoundary() { if (empty($this->_boundary)) { $this->_boundary = '--' . md5('PEAR-HTTP_Request2-' . microtime()); } return $this->_boundary; } /** * Returns next chunk of request body * * @param integer Amount of bytes to read * @return string Up to $length bytes of data, empty string if at end */ public function read($length) { $ret = ''; $boundary = $this->getBoundary(); $paramCount = count($this->_params); $uploadCount = count($this->_uploads); while ($length > 0 && $this->_pos[0] <= $paramCount + $uploadCount) { $oldLength = $length; if ($this->_pos[0] < $paramCount) { $param = sprintf($this->_headerParam, $boundary, $this->_params[$this->_pos[0]][0]) . $this->_params[$this->_pos[0]][1] . "\r\n"; $ret .= substr($param, $this->_pos[1], $length); $length -= min(strlen($param) - $this->_pos[1], $length); } elseif ($this->_pos[0] < $paramCount + $uploadCount) { $pos = $this->_pos[0] - $paramCount; $header = sprintf($this->_headerUpload, $boundary, $this->_uploads[$pos]['name'], $this->_uploads[$pos]['filename'], $this->_uploads[$pos]['type']); if ($this->_pos[1] < strlen($header)) { $ret .= substr($header, $this->_pos[1], $length); $length -= min(strlen($header) - $this->_pos[1], $length); } $filePos = max(0, $this->_pos[1] - strlen($header)); if ($length > 0 && $filePos < $this->_uploads[$pos]['size']) { $ret .= fread($this->_uploads[$pos]['fp'], $length); $length -= min($length, $this->_uploads[$pos]['size'] - $filePos); } if ($length > 0) { $start = $this->_pos[1] + ($oldLength - $length) - strlen($header) - $this->_uploads[$pos]['size']; $ret .= substr("\r\n", $start, $length); $length -= min(2 - $start, $length); } } else { $closing = '--' . $boundary . "--\r\n"; $ret .= substr($closing, $this->_pos[1], $length); $length -= min(strlen($closing) - $this->_pos[1], $length); } if ($length > 0) { $this->_pos = array($this->_pos[0] + 1, 0); } else { $this->_pos[1] += $oldLength; } } return $ret; } /** * Sets the current position to the start of the body * * This allows reusing the same body in another request */ public function rewind() { $this->_pos = array(0, 0); foreach ($this->_uploads as $u) { rewind($u['fp']); } } /** * Returns the body as string * * Note that it reads all file uploads into memory so it is a good idea not * to use this method with large file uploads and rely on read() instead. * * @return string */ public function __toString() { $this->rewind(); return $this->read($this->getLength()); } /** * Helper function to change the (probably multidimensional) associative array * into the simple one. * * @param string name for item * @param mixed item's values * @param bool whether to append [] to array variables' names * @return array array with the following items: array('item name', 'item value'); */ private static function _flattenArray($name, $values, $useBrackets) { if (!is_array($values)) { return array(array($name, $values)); } else { $ret = array(); foreach ($values as $k => $v) { if (empty($name)) { $newName = $k; } elseif ($useBrackets) { $newName = $name . '[' . $k . ']'; } else { $newName = $name; } $ret = array_merge($ret, self::_flattenArray($newName, $v, $useBrackets)); } return $ret; } } }