183 lines
5.2 KiB
PHP
183 lines
5.2 KiB
PHP
<?php
|
|
/**
|
|
* Copyright 2017 Facebook, Inc.
|
|
*
|
|
* You are hereby granted a non-exclusive, worldwide, royalty-free license to
|
|
* use, copy, modify, and distribute this software in source code or binary
|
|
* form for use in connection with the web services and APIs provided by
|
|
* Facebook.
|
|
*
|
|
* As with any software that integrates with the Facebook platform, your use
|
|
* of this software is subject to the Facebook Developer Principles and
|
|
* Policies [http://developers.facebook.com/policy/]. This copyright notice
|
|
* shall be included in all copies or substantial portions of the software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
|
* DEALINGS IN THE SOFTWARE.
|
|
*
|
|
*/
|
|
namespace Facebook\Url;
|
|
|
|
/**
|
|
* Class FacebookUrlDetectionHandler
|
|
*
|
|
* @package Facebook
|
|
*/
|
|
class FacebookUrlDetectionHandler implements UrlDetectionInterface
|
|
{
|
|
/**
|
|
* @inheritdoc
|
|
*/
|
|
public function getCurrentUrl()
|
|
{
|
|
return $this->getHttpScheme() . '://' . $this->getHostName() . $this->getServerVar('REQUEST_URI');
|
|
}
|
|
|
|
/**
|
|
* Get the currently active URL scheme.
|
|
*
|
|
* @return string
|
|
*/
|
|
protected function getHttpScheme()
|
|
{
|
|
return $this->isBehindSsl() ? 'https' : 'http';
|
|
}
|
|
|
|
/**
|
|
* Tries to detect if the server is running behind an SSL.
|
|
*
|
|
* @return boolean
|
|
*/
|
|
protected function isBehindSsl()
|
|
{
|
|
// Check for proxy first
|
|
$protocol = $this->getHeader('X_FORWARDED_PROTO');
|
|
if ($protocol) {
|
|
return $this->protocolWithActiveSsl($protocol);
|
|
}
|
|
|
|
$protocol = $this->getServerVar('HTTPS');
|
|
if ($protocol) {
|
|
return $this->protocolWithActiveSsl($protocol);
|
|
}
|
|
|
|
return (string)$this->getServerVar('SERVER_PORT') === '443';
|
|
}
|
|
|
|
/**
|
|
* Detects an active SSL protocol value.
|
|
*
|
|
* @param string $protocol
|
|
*
|
|
* @return boolean
|
|
*/
|
|
protected function protocolWithActiveSsl($protocol)
|
|
{
|
|
$protocol = strtolower((string)$protocol);
|
|
|
|
return in_array($protocol, ['on', '1', 'https', 'ssl'], true);
|
|
}
|
|
|
|
/**
|
|
* Tries to detect the host name of the server.
|
|
*
|
|
* Some elements adapted from
|
|
*
|
|
* @see https://github.com/symfony/HttpFoundation/blob/master/Request.php
|
|
*
|
|
* @return string
|
|
*/
|
|
protected function getHostName()
|
|
{
|
|
// Check for proxy first
|
|
$header = $this->getHeader('X_FORWARDED_HOST');
|
|
if ($header && $this->isValidForwardedHost($header)) {
|
|
$elements = explode(',', $header);
|
|
$host = $elements[count($elements) - 1];
|
|
} elseif (!$host = $this->getHeader('HOST')) {
|
|
if (!$host = $this->getServerVar('SERVER_NAME')) {
|
|
$host = $this->getServerVar('SERVER_ADDR');
|
|
}
|
|
}
|
|
|
|
// trim and remove port number from host
|
|
// host is lowercase as per RFC 952/2181
|
|
$host = strtolower(preg_replace('/:\d+$/', '', trim($host)));
|
|
|
|
// Port number
|
|
$scheme = $this->getHttpScheme();
|
|
$port = $this->getCurrentPort();
|
|
$appendPort = ':' . $port;
|
|
|
|
// Don't append port number if a normal port.
|
|
if (($scheme == 'http' && $port == '80') || ($scheme == 'https' && $port == '443')) {
|
|
$appendPort = '';
|
|
}
|
|
|
|
return $host . $appendPort;
|
|
}
|
|
|
|
protected function getCurrentPort()
|
|
{
|
|
// Check for proxy first
|
|
$port = $this->getHeader('X_FORWARDED_PORT');
|
|
if ($port) {
|
|
return (string)$port;
|
|
}
|
|
|
|
$protocol = (string)$this->getHeader('X_FORWARDED_PROTO');
|
|
if ($protocol === 'https') {
|
|
return '443';
|
|
}
|
|
|
|
return (string)$this->getServerVar('SERVER_PORT');
|
|
}
|
|
|
|
/**
|
|
* Returns the a value from the $_SERVER super global.
|
|
*
|
|
* @param string $key
|
|
*
|
|
* @return string
|
|
*/
|
|
protected function getServerVar($key)
|
|
{
|
|
return isset($_SERVER[$key]) ? $_SERVER[$key] : '';
|
|
}
|
|
|
|
/**
|
|
* Gets a value from the HTTP request headers.
|
|
*
|
|
* @param string $key
|
|
*
|
|
* @return string
|
|
*/
|
|
protected function getHeader($key)
|
|
{
|
|
return $this->getServerVar('HTTP_' . $key);
|
|
}
|
|
|
|
/**
|
|
* Checks if the value in X_FORWARDED_HOST is a valid hostname
|
|
* Could prevent unintended redirections
|
|
*
|
|
* @param string $header
|
|
*
|
|
* @return boolean
|
|
*/
|
|
protected function isValidForwardedHost($header)
|
|
{
|
|
$elements = explode(',', $header);
|
|
$host = $elements[count($elements) - 1];
|
|
|
|
return preg_match("/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i", $host) //valid chars check
|
|
&& 0 < strlen($host) && strlen($host) < 254 //overall length check
|
|
&& preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $host); //length of each label
|
|
}
|
|
}
|