Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
 
 
 
 
 
 

2452 строки
100 KiB

  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. namespace Symfony\Component\HttpFoundation\Tests;
  11. use PHPUnit\Framework\TestCase;
  12. use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException;
  13. use Symfony\Component\HttpFoundation\Request;
  14. use Symfony\Component\HttpFoundation\Session\Session;
  15. use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
  16. class RequestTest extends TestCase
  17. {
  18. protected function tearDown()
  19. {
  20. Request::setTrustedProxies([], -1);
  21. Request::setTrustedHosts([]);
  22. }
  23. public function testInitialize()
  24. {
  25. $request = new Request();
  26. $request->initialize(['foo' => 'bar']);
  27. $this->assertEquals('bar', $request->query->get('foo'), '->initialize() takes an array of query parameters as its first argument');
  28. $request->initialize([], ['foo' => 'bar']);
  29. $this->assertEquals('bar', $request->request->get('foo'), '->initialize() takes an array of request parameters as its second argument');
  30. $request->initialize([], [], ['foo' => 'bar']);
  31. $this->assertEquals('bar', $request->attributes->get('foo'), '->initialize() takes an array of attributes as its third argument');
  32. $request->initialize([], [], [], [], [], ['HTTP_FOO' => 'bar']);
  33. $this->assertEquals('bar', $request->headers->get('FOO'), '->initialize() takes an array of HTTP headers as its sixth argument');
  34. }
  35. public function testGetLocale()
  36. {
  37. $request = new Request();
  38. $request->setLocale('pl');
  39. $locale = $request->getLocale();
  40. $this->assertEquals('pl', $locale);
  41. }
  42. public function testGetUser()
  43. {
  44. $request = Request::create('http://user:password@test.com');
  45. $user = $request->getUser();
  46. $this->assertEquals('user', $user);
  47. }
  48. public function testGetPassword()
  49. {
  50. $request = Request::create('http://user:password@test.com');
  51. $password = $request->getPassword();
  52. $this->assertEquals('password', $password);
  53. }
  54. public function testIsNoCache()
  55. {
  56. $request = new Request();
  57. $isNoCache = $request->isNoCache();
  58. $this->assertFalse($isNoCache);
  59. }
  60. public function testGetContentType()
  61. {
  62. $request = new Request();
  63. $contentType = $request->getContentType();
  64. $this->assertNull($contentType);
  65. }
  66. public function testSetDefaultLocale()
  67. {
  68. $request = new Request();
  69. $request->setDefaultLocale('pl');
  70. $locale = $request->getLocale();
  71. $this->assertEquals('pl', $locale);
  72. }
  73. public function testCreate()
  74. {
  75. $request = Request::create('http://test.com/foo?bar=baz');
  76. $this->assertEquals('http://test.com/foo?bar=baz', $request->getUri());
  77. $this->assertEquals('/foo', $request->getPathInfo());
  78. $this->assertEquals('bar=baz', $request->getQueryString());
  79. $this->assertEquals(80, $request->getPort());
  80. $this->assertEquals('test.com', $request->getHttpHost());
  81. $this->assertFalse($request->isSecure());
  82. $request = Request::create('http://test.com/foo', 'GET', ['bar' => 'baz']);
  83. $this->assertEquals('http://test.com/foo?bar=baz', $request->getUri());
  84. $this->assertEquals('/foo', $request->getPathInfo());
  85. $this->assertEquals('bar=baz', $request->getQueryString());
  86. $this->assertEquals(80, $request->getPort());
  87. $this->assertEquals('test.com', $request->getHttpHost());
  88. $this->assertFalse($request->isSecure());
  89. $request = Request::create('http://test.com/foo?bar=foo', 'GET', ['bar' => 'baz']);
  90. $this->assertEquals('http://test.com/foo?bar=baz', $request->getUri());
  91. $this->assertEquals('/foo', $request->getPathInfo());
  92. $this->assertEquals('bar=baz', $request->getQueryString());
  93. $this->assertEquals(80, $request->getPort());
  94. $this->assertEquals('test.com', $request->getHttpHost());
  95. $this->assertFalse($request->isSecure());
  96. $request = Request::create('https://test.com/foo?bar=baz');
  97. $this->assertEquals('https://test.com/foo?bar=baz', $request->getUri());
  98. $this->assertEquals('/foo', $request->getPathInfo());
  99. $this->assertEquals('bar=baz', $request->getQueryString());
  100. $this->assertEquals(443, $request->getPort());
  101. $this->assertEquals('test.com', $request->getHttpHost());
  102. $this->assertTrue($request->isSecure());
  103. $request = Request::create('test.com:90/foo');
  104. $this->assertEquals('http://test.com:90/foo', $request->getUri());
  105. $this->assertEquals('/foo', $request->getPathInfo());
  106. $this->assertEquals('test.com', $request->getHost());
  107. $this->assertEquals('test.com:90', $request->getHttpHost());
  108. $this->assertEquals(90, $request->getPort());
  109. $this->assertFalse($request->isSecure());
  110. $request = Request::create('https://test.com:90/foo');
  111. $this->assertEquals('https://test.com:90/foo', $request->getUri());
  112. $this->assertEquals('/foo', $request->getPathInfo());
  113. $this->assertEquals('test.com', $request->getHost());
  114. $this->assertEquals('test.com:90', $request->getHttpHost());
  115. $this->assertEquals(90, $request->getPort());
  116. $this->assertTrue($request->isSecure());
  117. $request = Request::create('https://127.0.0.1:90/foo');
  118. $this->assertEquals('https://127.0.0.1:90/foo', $request->getUri());
  119. $this->assertEquals('/foo', $request->getPathInfo());
  120. $this->assertEquals('127.0.0.1', $request->getHost());
  121. $this->assertEquals('127.0.0.1:90', $request->getHttpHost());
  122. $this->assertEquals(90, $request->getPort());
  123. $this->assertTrue($request->isSecure());
  124. $request = Request::create('https://[::1]:90/foo');
  125. $this->assertEquals('https://[::1]:90/foo', $request->getUri());
  126. $this->assertEquals('/foo', $request->getPathInfo());
  127. $this->assertEquals('[::1]', $request->getHost());
  128. $this->assertEquals('[::1]:90', $request->getHttpHost());
  129. $this->assertEquals(90, $request->getPort());
  130. $this->assertTrue($request->isSecure());
  131. $request = Request::create('https://[::1]/foo');
  132. $this->assertEquals('https://[::1]/foo', $request->getUri());
  133. $this->assertEquals('/foo', $request->getPathInfo());
  134. $this->assertEquals('[::1]', $request->getHost());
  135. $this->assertEquals('[::1]', $request->getHttpHost());
  136. $this->assertEquals(443, $request->getPort());
  137. $this->assertTrue($request->isSecure());
  138. $json = '{"jsonrpc":"2.0","method":"echo","id":7,"params":["Hello World"]}';
  139. $request = Request::create('http://example.com/jsonrpc', 'POST', [], [], [], [], $json);
  140. $this->assertEquals($json, $request->getContent());
  141. $this->assertFalse($request->isSecure());
  142. $request = Request::create('http://test.com');
  143. $this->assertEquals('http://test.com/', $request->getUri());
  144. $this->assertEquals('/', $request->getPathInfo());
  145. $this->assertEquals('', $request->getQueryString());
  146. $this->assertEquals(80, $request->getPort());
  147. $this->assertEquals('test.com', $request->getHttpHost());
  148. $this->assertFalse($request->isSecure());
  149. $request = Request::create('http://test.com?test=1');
  150. $this->assertEquals('http://test.com/?test=1', $request->getUri());
  151. $this->assertEquals('/', $request->getPathInfo());
  152. $this->assertEquals('test=1', $request->getQueryString());
  153. $this->assertEquals(80, $request->getPort());
  154. $this->assertEquals('test.com', $request->getHttpHost());
  155. $this->assertFalse($request->isSecure());
  156. $request = Request::create('http://test.com:90/?test=1');
  157. $this->assertEquals('http://test.com:90/?test=1', $request->getUri());
  158. $this->assertEquals('/', $request->getPathInfo());
  159. $this->assertEquals('test=1', $request->getQueryString());
  160. $this->assertEquals(90, $request->getPort());
  161. $this->assertEquals('test.com:90', $request->getHttpHost());
  162. $this->assertFalse($request->isSecure());
  163. $request = Request::create('http://username:password@test.com');
  164. $this->assertEquals('http://test.com/', $request->getUri());
  165. $this->assertEquals('/', $request->getPathInfo());
  166. $this->assertEquals('', $request->getQueryString());
  167. $this->assertEquals(80, $request->getPort());
  168. $this->assertEquals('test.com', $request->getHttpHost());
  169. $this->assertEquals('username', $request->getUser());
  170. $this->assertEquals('password', $request->getPassword());
  171. $this->assertFalse($request->isSecure());
  172. $request = Request::create('http://username@test.com');
  173. $this->assertEquals('http://test.com/', $request->getUri());
  174. $this->assertEquals('/', $request->getPathInfo());
  175. $this->assertEquals('', $request->getQueryString());
  176. $this->assertEquals(80, $request->getPort());
  177. $this->assertEquals('test.com', $request->getHttpHost());
  178. $this->assertEquals('username', $request->getUser());
  179. $this->assertSame('', $request->getPassword());
  180. $this->assertFalse($request->isSecure());
  181. $request = Request::create('http://test.com/?foo');
  182. $this->assertEquals('/?foo', $request->getRequestUri());
  183. $this->assertEquals(['foo' => ''], $request->query->all());
  184. // assume rewrite rule: (.*) --> app/app.php; app/ is a symlink to a symfony web/ directory
  185. $request = Request::create('http://test.com/apparthotel-1234', 'GET', [], [], [],
  186. [
  187. 'DOCUMENT_ROOT' => '/var/www/www.test.com',
  188. 'SCRIPT_FILENAME' => '/var/www/www.test.com/app/app.php',
  189. 'SCRIPT_NAME' => '/app/app.php',
  190. 'PHP_SELF' => '/app/app.php/apparthotel-1234',
  191. ]);
  192. $this->assertEquals('http://test.com/apparthotel-1234', $request->getUri());
  193. $this->assertEquals('/apparthotel-1234', $request->getPathInfo());
  194. $this->assertEquals('', $request->getQueryString());
  195. $this->assertEquals(80, $request->getPort());
  196. $this->assertEquals('test.com', $request->getHttpHost());
  197. $this->assertFalse($request->isSecure());
  198. // Fragment should not be included in the URI
  199. $request = Request::create('http://test.com/foo#bar');
  200. $this->assertEquals('http://test.com/foo', $request->getUri());
  201. }
  202. public function testCreateWithRequestUri()
  203. {
  204. $request = Request::create('http://test.com:80/foo');
  205. $request->server->set('REQUEST_URI', 'http://test.com:80/foo');
  206. $this->assertEquals('http://test.com/foo', $request->getUri());
  207. $this->assertEquals('/foo', $request->getPathInfo());
  208. $this->assertEquals('test.com', $request->getHost());
  209. $this->assertEquals('test.com', $request->getHttpHost());
  210. $this->assertEquals(80, $request->getPort());
  211. $this->assertFalse($request->isSecure());
  212. $request = Request::create('http://test.com:8080/foo');
  213. $request->server->set('REQUEST_URI', 'http://test.com:8080/foo');
  214. $this->assertEquals('http://test.com:8080/foo', $request->getUri());
  215. $this->assertEquals('/foo', $request->getPathInfo());
  216. $this->assertEquals('test.com', $request->getHost());
  217. $this->assertEquals('test.com:8080', $request->getHttpHost());
  218. $this->assertEquals(8080, $request->getPort());
  219. $this->assertFalse($request->isSecure());
  220. $request = Request::create('http://test.com/foo?bar=foo', 'GET', ['bar' => 'baz']);
  221. $request->server->set('REQUEST_URI', 'http://test.com/foo?bar=foo');
  222. $this->assertEquals('http://test.com/foo?bar=baz', $request->getUri());
  223. $this->assertEquals('/foo', $request->getPathInfo());
  224. $this->assertEquals('bar=baz', $request->getQueryString());
  225. $this->assertEquals('test.com', $request->getHost());
  226. $this->assertEquals('test.com', $request->getHttpHost());
  227. $this->assertEquals(80, $request->getPort());
  228. $this->assertFalse($request->isSecure());
  229. $request = Request::create('https://test.com:443/foo');
  230. $request->server->set('REQUEST_URI', 'https://test.com:443/foo');
  231. $this->assertEquals('https://test.com/foo', $request->getUri());
  232. $this->assertEquals('/foo', $request->getPathInfo());
  233. $this->assertEquals('test.com', $request->getHost());
  234. $this->assertEquals('test.com', $request->getHttpHost());
  235. $this->assertEquals(443, $request->getPort());
  236. $this->assertTrue($request->isSecure());
  237. // Fragment should not be included in the URI
  238. $request = Request::create('http://test.com/foo#bar');
  239. $request->server->set('REQUEST_URI', 'http://test.com/foo#bar');
  240. $this->assertEquals('http://test.com/foo', $request->getUri());
  241. }
  242. /**
  243. * @dataProvider getRequestUriData
  244. */
  245. public function testGetRequestUri($serverRequestUri, $expected, $message)
  246. {
  247. $request = new Request();
  248. $request->server->add([
  249. 'REQUEST_URI' => $serverRequestUri,
  250. // For having http://test.com
  251. 'SERVER_NAME' => 'test.com',
  252. 'SERVER_PORT' => 80,
  253. ]);
  254. $this->assertSame($expected, $request->getRequestUri(), $message);
  255. $this->assertSame($expected, $request->server->get('REQUEST_URI'), 'Normalize the request URI.');
  256. }
  257. public function getRequestUriData()
  258. {
  259. $message = 'Do not modify the path.';
  260. yield ['/foo', '/foo', $message];
  261. yield ['//bar/foo', '//bar/foo', $message];
  262. yield ['///bar/foo', '///bar/foo', $message];
  263. $message = 'Handle when the scheme, host are on REQUEST_URI.';
  264. yield ['http://test.com/foo?bar=baz', '/foo?bar=baz', $message];
  265. $message = 'Handle when the scheme, host and port are on REQUEST_URI.';
  266. yield ['http://test.com:80/foo', '/foo', $message];
  267. yield ['https://test.com:8080/foo', '/foo', $message];
  268. yield ['https://test.com:443/foo', '/foo', $message];
  269. $message = 'Fragment should not be included in the URI';
  270. yield ['http://test.com/foo#bar', '/foo', $message];
  271. yield ['/foo#bar', '/foo', $message];
  272. }
  273. public function testGetRequestUriWithoutRequiredHeader()
  274. {
  275. $expected = '';
  276. $request = new Request();
  277. $message = 'Fallback to empty URI when headers are missing.';
  278. $this->assertSame($expected, $request->getRequestUri(), $message);
  279. $this->assertSame($expected, $request->server->get('REQUEST_URI'), 'Normalize the request URI.');
  280. }
  281. public function testCreateCheckPrecedence()
  282. {
  283. // server is used by default
  284. $request = Request::create('/', 'DELETE', [], [], [], [
  285. 'HTTP_HOST' => 'example.com',
  286. 'HTTPS' => 'on',
  287. 'SERVER_PORT' => 443,
  288. 'PHP_AUTH_USER' => 'fabien',
  289. 'PHP_AUTH_PW' => 'pa$$',
  290. 'QUERY_STRING' => 'foo=bar',
  291. 'CONTENT_TYPE' => 'application/json',
  292. ]);
  293. $this->assertEquals('example.com', $request->getHost());
  294. $this->assertEquals(443, $request->getPort());
  295. $this->assertTrue($request->isSecure());
  296. $this->assertEquals('fabien', $request->getUser());
  297. $this->assertEquals('pa$$', $request->getPassword());
  298. $this->assertEquals('', $request->getQueryString());
  299. $this->assertEquals('application/json', $request->headers->get('CONTENT_TYPE'));
  300. // URI has precedence over server
  301. $request = Request::create('http://thomas:pokemon@example.net:8080/?foo=bar', 'GET', [], [], [], [
  302. 'HTTP_HOST' => 'example.com',
  303. 'HTTPS' => 'on',
  304. 'SERVER_PORT' => 443,
  305. ]);
  306. $this->assertEquals('example.net', $request->getHost());
  307. $this->assertEquals(8080, $request->getPort());
  308. $this->assertFalse($request->isSecure());
  309. $this->assertEquals('thomas', $request->getUser());
  310. $this->assertEquals('pokemon', $request->getPassword());
  311. $this->assertEquals('foo=bar', $request->getQueryString());
  312. }
  313. public function testDuplicate()
  314. {
  315. $request = new Request(['foo' => 'bar'], ['foo' => 'bar'], ['foo' => 'bar'], [], [], ['HTTP_FOO' => 'bar']);
  316. $dup = $request->duplicate();
  317. $this->assertEquals($request->query->all(), $dup->query->all(), '->duplicate() duplicates a request an copy the current query parameters');
  318. $this->assertEquals($request->request->all(), $dup->request->all(), '->duplicate() duplicates a request an copy the current request parameters');
  319. $this->assertEquals($request->attributes->all(), $dup->attributes->all(), '->duplicate() duplicates a request an copy the current attributes');
  320. $this->assertEquals($request->headers->all(), $dup->headers->all(), '->duplicate() duplicates a request an copy the current HTTP headers');
  321. $dup = $request->duplicate(['foo' => 'foobar'], ['foo' => 'foobar'], ['foo' => 'foobar'], [], [], ['HTTP_FOO' => 'foobar']);
  322. $this->assertEquals(['foo' => 'foobar'], $dup->query->all(), '->duplicate() overrides the query parameters if provided');
  323. $this->assertEquals(['foo' => 'foobar'], $dup->request->all(), '->duplicate() overrides the request parameters if provided');
  324. $this->assertEquals(['foo' => 'foobar'], $dup->attributes->all(), '->duplicate() overrides the attributes if provided');
  325. $this->assertEquals(['foo' => ['foobar']], $dup->headers->all(), '->duplicate() overrides the HTTP header if provided');
  326. }
  327. public function testDuplicateWithFormat()
  328. {
  329. $request = new Request([], [], ['_format' => 'json']);
  330. $dup = $request->duplicate();
  331. $this->assertEquals('json', $dup->getRequestFormat());
  332. $this->assertEquals('json', $dup->attributes->get('_format'));
  333. $request = new Request();
  334. $request->setRequestFormat('xml');
  335. $dup = $request->duplicate();
  336. $this->assertEquals('xml', $dup->getRequestFormat());
  337. }
  338. /**
  339. * @dataProvider getFormatToMimeTypeMapProviderWithAdditionalNullFormat
  340. */
  341. public function testGetFormatFromMimeType($format, $mimeTypes)
  342. {
  343. $request = new Request();
  344. foreach ($mimeTypes as $mime) {
  345. $this->assertEquals($format, $request->getFormat($mime));
  346. }
  347. $request->setFormat($format, $mimeTypes);
  348. foreach ($mimeTypes as $mime) {
  349. $this->assertEquals($format, $request->getFormat($mime));
  350. if (null !== $format) {
  351. $this->assertEquals($mimeTypes[0], $request->getMimeType($format));
  352. }
  353. }
  354. }
  355. public function getFormatToMimeTypeMapProviderWithAdditionalNullFormat()
  356. {
  357. return array_merge(
  358. [[null, [null, 'unexistent-mime-type']]],
  359. $this->getFormatToMimeTypeMapProvider()
  360. );
  361. }
  362. public function testGetFormatFromMimeTypeWithParameters()
  363. {
  364. $request = new Request();
  365. $this->assertEquals('json', $request->getFormat('application/json; charset=utf-8'));
  366. $this->assertEquals('json', $request->getFormat('application/json;charset=utf-8'));
  367. $this->assertEquals('json', $request->getFormat('application/json ; charset=utf-8'));
  368. $this->assertEquals('json', $request->getFormat('application/json ;charset=utf-8'));
  369. }
  370. /**
  371. * @dataProvider getFormatToMimeTypeMapProvider
  372. */
  373. public function testGetMimeTypeFromFormat($format, $mimeTypes)
  374. {
  375. $request = new Request();
  376. $this->assertEquals($mimeTypes[0], $request->getMimeType($format));
  377. }
  378. /**
  379. * @dataProvider getFormatToMimeTypeMapProvider
  380. */
  381. public function testGetMimeTypesFromFormat($format, $mimeTypes)
  382. {
  383. $this->assertEquals($mimeTypes, Request::getMimeTypes($format));
  384. }
  385. public function testGetMimeTypesFromInexistentFormat()
  386. {
  387. $request = new Request();
  388. $this->assertNull($request->getMimeType('foo'));
  389. $this->assertEquals([], Request::getMimeTypes('foo'));
  390. }
  391. public function testGetFormatWithCustomMimeType()
  392. {
  393. $request = new Request();
  394. $request->setFormat('custom', 'application/vnd.foo.api;myversion=2.3');
  395. $this->assertEquals('custom', $request->getFormat('application/vnd.foo.api;myversion=2.3'));
  396. }
  397. public function getFormatToMimeTypeMapProvider()
  398. {
  399. return [
  400. ['txt', ['text/plain']],
  401. ['js', ['application/javascript', 'application/x-javascript', 'text/javascript']],
  402. ['css', ['text/css']],
  403. ['json', ['application/json', 'application/x-json']],
  404. ['jsonld', ['application/ld+json']],
  405. ['xml', ['text/xml', 'application/xml', 'application/x-xml']],
  406. ['rdf', ['application/rdf+xml']],
  407. ['atom', ['application/atom+xml']],
  408. ];
  409. }
  410. public function testGetUri()
  411. {
  412. $server = [];
  413. // Standard Request on non default PORT
  414. // http://host:8080/index.php/path/info?query=string
  415. $server['HTTP_HOST'] = 'host:8080';
  416. $server['SERVER_NAME'] = 'servername';
  417. $server['SERVER_PORT'] = '8080';
  418. $server['QUERY_STRING'] = 'query=string';
  419. $server['REQUEST_URI'] = '/index.php/path/info?query=string';
  420. $server['SCRIPT_NAME'] = '/index.php';
  421. $server['PATH_INFO'] = '/path/info';
  422. $server['PATH_TRANSLATED'] = 'redirect:/index.php/path/info';
  423. $server['PHP_SELF'] = '/index_dev.php/path/info';
  424. $server['SCRIPT_FILENAME'] = '/some/where/index.php';
  425. $request = new Request();
  426. $request->initialize([], [], [], [], [], $server);
  427. $this->assertEquals('http://host:8080/index.php/path/info?query=string', $request->getUri(), '->getUri() with non default port');
  428. // Use std port number
  429. $server['HTTP_HOST'] = 'host';
  430. $server['SERVER_NAME'] = 'servername';
  431. $server['SERVER_PORT'] = '80';
  432. $request->initialize([], [], [], [], [], $server);
  433. $this->assertEquals('http://host/index.php/path/info?query=string', $request->getUri(), '->getUri() with default port');
  434. // Without HOST HEADER
  435. unset($server['HTTP_HOST']);
  436. $server['SERVER_NAME'] = 'servername';
  437. $server['SERVER_PORT'] = '80';
  438. $request->initialize([], [], [], [], [], $server);
  439. $this->assertEquals('http://servername/index.php/path/info?query=string', $request->getUri(), '->getUri() with default port without HOST_HEADER');
  440. // Request with URL REWRITING (hide index.php)
  441. // RewriteCond %{REQUEST_FILENAME} !-f
  442. // RewriteRule ^(.*)$ index.php [QSA,L]
  443. // http://host:8080/path/info?query=string
  444. $server = [];
  445. $server['HTTP_HOST'] = 'host:8080';
  446. $server['SERVER_NAME'] = 'servername';
  447. $server['SERVER_PORT'] = '8080';
  448. $server['REDIRECT_QUERY_STRING'] = 'query=string';
  449. $server['REDIRECT_URL'] = '/path/info';
  450. $server['SCRIPT_NAME'] = '/index.php';
  451. $server['QUERY_STRING'] = 'query=string';
  452. $server['REQUEST_URI'] = '/path/info?toto=test&1=1';
  453. $server['SCRIPT_NAME'] = '/index.php';
  454. $server['PHP_SELF'] = '/index.php';
  455. $server['SCRIPT_FILENAME'] = '/some/where/index.php';
  456. $request->initialize([], [], [], [], [], $server);
  457. $this->assertEquals('http://host:8080/path/info?query=string', $request->getUri(), '->getUri() with rewrite');
  458. // Use std port number
  459. // http://host/path/info?query=string
  460. $server['HTTP_HOST'] = 'host';
  461. $server['SERVER_NAME'] = 'servername';
  462. $server['SERVER_PORT'] = '80';
  463. $request->initialize([], [], [], [], [], $server);
  464. $this->assertEquals('http://host/path/info?query=string', $request->getUri(), '->getUri() with rewrite and default port');
  465. // Without HOST HEADER
  466. unset($server['HTTP_HOST']);
  467. $server['SERVER_NAME'] = 'servername';
  468. $server['SERVER_PORT'] = '80';
  469. $request->initialize([], [], [], [], [], $server);
  470. $this->assertEquals('http://servername/path/info?query=string', $request->getUri(), '->getUri() with rewrite, default port without HOST_HEADER');
  471. // With encoded characters
  472. $server = [
  473. 'HTTP_HOST' => 'host:8080',
  474. 'SERVER_NAME' => 'servername',
  475. 'SERVER_PORT' => '8080',
  476. 'QUERY_STRING' => 'query=string',
  477. 'REQUEST_URI' => '/ba%20se/index_dev.php/foo%20bar/in+fo?query=string',
  478. 'SCRIPT_NAME' => '/ba se/index_dev.php',
  479. 'PATH_TRANSLATED' => 'redirect:/index.php/foo bar/in+fo',
  480. 'PHP_SELF' => '/ba se/index_dev.php/path/info',
  481. 'SCRIPT_FILENAME' => '/some/where/ba se/index_dev.php',
  482. ];
  483. $request->initialize([], [], [], [], [], $server);
  484. $this->assertEquals(
  485. 'http://host:8080/ba%20se/index_dev.php/foo%20bar/in+fo?query=string',
  486. $request->getUri()
  487. );
  488. // with user info
  489. $server['PHP_AUTH_USER'] = 'fabien';
  490. $request->initialize([], [], [], [], [], $server);
  491. $this->assertEquals('http://host:8080/ba%20se/index_dev.php/foo%20bar/in+fo?query=string', $request->getUri());
  492. $server['PHP_AUTH_PW'] = 'symfony';
  493. $request->initialize([], [], [], [], [], $server);
  494. $this->assertEquals('http://host:8080/ba%20se/index_dev.php/foo%20bar/in+fo?query=string', $request->getUri());
  495. }
  496. public function testGetUriForPath()
  497. {
  498. $request = Request::create('http://test.com/foo?bar=baz');
  499. $this->assertEquals('http://test.com/some/path', $request->getUriForPath('/some/path'));
  500. $request = Request::create('http://test.com:90/foo?bar=baz');
  501. $this->assertEquals('http://test.com:90/some/path', $request->getUriForPath('/some/path'));
  502. $request = Request::create('https://test.com/foo?bar=baz');
  503. $this->assertEquals('https://test.com/some/path', $request->getUriForPath('/some/path'));
  504. $request = Request::create('https://test.com:90/foo?bar=baz');
  505. $this->assertEquals('https://test.com:90/some/path', $request->getUriForPath('/some/path'));
  506. $server = [];
  507. // Standard Request on non default PORT
  508. // http://host:8080/index.php/path/info?query=string
  509. $server['HTTP_HOST'] = 'host:8080';
  510. $server['SERVER_NAME'] = 'servername';
  511. $server['SERVER_PORT'] = '8080';
  512. $server['QUERY_STRING'] = 'query=string';
  513. $server['REQUEST_URI'] = '/index.php/path/info?query=string';
  514. $server['SCRIPT_NAME'] = '/index.php';
  515. $server['PATH_INFO'] = '/path/info';
  516. $server['PATH_TRANSLATED'] = 'redirect:/index.php/path/info';
  517. $server['PHP_SELF'] = '/index_dev.php/path/info';
  518. $server['SCRIPT_FILENAME'] = '/some/where/index.php';
  519. $request = new Request();
  520. $request->initialize([], [], [], [], [], $server);
  521. $this->assertEquals('http://host:8080/index.php/some/path', $request->getUriForPath('/some/path'), '->getUriForPath() with non default port');
  522. // Use std port number
  523. $server['HTTP_HOST'] = 'host';
  524. $server['SERVER_NAME'] = 'servername';
  525. $server['SERVER_PORT'] = '80';
  526. $request->initialize([], [], [], [], [], $server);
  527. $this->assertEquals('http://host/index.php/some/path', $request->getUriForPath('/some/path'), '->getUriForPath() with default port');
  528. // Without HOST HEADER
  529. unset($server['HTTP_HOST']);
  530. $server['SERVER_NAME'] = 'servername';
  531. $server['SERVER_PORT'] = '80';
  532. $request->initialize([], [], [], [], [], $server);
  533. $this->assertEquals('http://servername/index.php/some/path', $request->getUriForPath('/some/path'), '->getUriForPath() with default port without HOST_HEADER');
  534. // Request with URL REWRITING (hide index.php)
  535. // RewriteCond %{REQUEST_FILENAME} !-f
  536. // RewriteRule ^(.*)$ index.php [QSA,L]
  537. // http://host:8080/path/info?query=string
  538. $server = [];
  539. $server['HTTP_HOST'] = 'host:8080';
  540. $server['SERVER_NAME'] = 'servername';
  541. $server['SERVER_PORT'] = '8080';
  542. $server['REDIRECT_QUERY_STRING'] = 'query=string';
  543. $server['REDIRECT_URL'] = '/path/info';
  544. $server['SCRIPT_NAME'] = '/index.php';
  545. $server['QUERY_STRING'] = 'query=string';
  546. $server['REQUEST_URI'] = '/path/info?toto=test&1=1';
  547. $server['SCRIPT_NAME'] = '/index.php';
  548. $server['PHP_SELF'] = '/index.php';
  549. $server['SCRIPT_FILENAME'] = '/some/where/index.php';
  550. $request->initialize([], [], [], [], [], $server);
  551. $this->assertEquals('http://host:8080/some/path', $request->getUriForPath('/some/path'), '->getUri() with rewrite');
  552. // Use std port number
  553. // http://host/path/info?query=string
  554. $server['HTTP_HOST'] = 'host';
  555. $server['SERVER_NAME'] = 'servername';
  556. $server['SERVER_PORT'] = '80';
  557. $request->initialize([], [], [], [], [], $server);
  558. $this->assertEquals('http://host/some/path', $request->getUriForPath('/some/path'), '->getUriForPath() with rewrite and default port');
  559. // Without HOST HEADER
  560. unset($server['HTTP_HOST']);
  561. $server['SERVER_NAME'] = 'servername';
  562. $server['SERVER_PORT'] = '80';
  563. $request->initialize([], [], [], [], [], $server);
  564. $this->assertEquals('http://servername/some/path', $request->getUriForPath('/some/path'), '->getUriForPath() with rewrite, default port without HOST_HEADER');
  565. $this->assertEquals('servername', $request->getHttpHost());
  566. // with user info
  567. $server['PHP_AUTH_USER'] = 'fabien';
  568. $request->initialize([], [], [], [], [], $server);
  569. $this->assertEquals('http://servername/some/path', $request->getUriForPath('/some/path'));
  570. $server['PHP_AUTH_PW'] = 'symfony';
  571. $request->initialize([], [], [], [], [], $server);
  572. $this->assertEquals('http://servername/some/path', $request->getUriForPath('/some/path'));
  573. }
  574. /**
  575. * @dataProvider getRelativeUriForPathData()
  576. */
  577. public function testGetRelativeUriForPath($expected, $pathinfo, $path)
  578. {
  579. $this->assertEquals($expected, Request::create($pathinfo)->getRelativeUriForPath($path));
  580. }
  581. public function getRelativeUriForPathData()
  582. {
  583. return [
  584. ['me.png', '/foo', '/me.png'],
  585. ['../me.png', '/foo/bar', '/me.png'],
  586. ['me.png', '/foo/bar', '/foo/me.png'],
  587. ['../baz/me.png', '/foo/bar/b', '/foo/baz/me.png'],
  588. ['../../fooz/baz/me.png', '/foo/bar/b', '/fooz/baz/me.png'],
  589. ['baz/me.png', '/foo/bar/b', 'baz/me.png'],
  590. ];
  591. }
  592. public function testGetUserInfo()
  593. {
  594. $request = new Request();
  595. $server = ['PHP_AUTH_USER' => 'fabien'];
  596. $request->initialize([], [], [], [], [], $server);
  597. $this->assertEquals('fabien', $request->getUserInfo());
  598. $server['PHP_AUTH_USER'] = '0';
  599. $request->initialize([], [], [], [], [], $server);
  600. $this->assertEquals('0', $request->getUserInfo());
  601. $server['PHP_AUTH_PW'] = '0';
  602. $request->initialize([], [], [], [], [], $server);
  603. $this->assertEquals('0:0', $request->getUserInfo());
  604. }
  605. public function testGetSchemeAndHttpHost()
  606. {
  607. $request = new Request();
  608. $server = [];
  609. $server['SERVER_NAME'] = 'servername';
  610. $server['SERVER_PORT'] = '90';
  611. $request->initialize([], [], [], [], [], $server);
  612. $this->assertEquals('http://servername:90', $request->getSchemeAndHttpHost());
  613. $server['PHP_AUTH_USER'] = 'fabien';
  614. $request->initialize([], [], [], [], [], $server);
  615. $this->assertEquals('http://servername:90', $request->getSchemeAndHttpHost());
  616. $server['PHP_AUTH_USER'] = '0';
  617. $request->initialize([], [], [], [], [], $server);
  618. $this->assertEquals('http://servername:90', $request->getSchemeAndHttpHost());
  619. $server['PHP_AUTH_PW'] = '0';
  620. $request->initialize([], [], [], [], [], $server);
  621. $this->assertEquals('http://servername:90', $request->getSchemeAndHttpHost());
  622. }
  623. /**
  624. * @dataProvider getQueryStringNormalizationData
  625. */
  626. public function testGetQueryString($query, $expectedQuery, $msg)
  627. {
  628. $request = new Request();
  629. $request->server->set('QUERY_STRING', $query);
  630. $this->assertSame($expectedQuery, $request->getQueryString(), $msg);
  631. }
  632. public function getQueryStringNormalizationData()
  633. {
  634. return [
  635. ['foo', 'foo', 'works with valueless parameters'],
  636. ['foo=', 'foo=', 'includes a dangling equal sign'],
  637. ['bar=&foo=bar', 'bar=&foo=bar', '->works with empty parameters'],
  638. ['foo=bar&bar=', 'bar=&foo=bar', 'sorts keys alphabetically'],
  639. // GET parameters, that are submitted from a HTML form, encode spaces as "+" by default (as defined in enctype application/x-www-form-urlencoded).
  640. // PHP also converts "+" to spaces when filling the global _GET or when using the function parse_str.
  641. ['baz=Foo%20Baz&bar=Foo+Bar', 'bar=Foo%20Bar&baz=Foo%20Baz', 'normalizes spaces in both encodings "%20" and "+"'],
  642. ['foo[]=1&foo[]=2', 'foo%5B%5D=1&foo%5B%5D=2', 'allows array notation'],
  643. ['foo=1&foo=2', 'foo=1&foo=2', 'allows repeated parameters'],
  644. ['pa%3Dram=foo%26bar%3Dbaz&test=test', 'pa%3Dram=foo%26bar%3Dbaz&test=test', 'works with encoded delimiters'],
  645. ['0', '0', 'allows "0"'],
  646. ['Foo Bar&Foo%20Baz', 'Foo%20Bar&Foo%20Baz', 'normalizes encoding in keys'],
  647. ['bar=Foo Bar&baz=Foo%20Baz', 'bar=Foo%20Bar&baz=Foo%20Baz', 'normalizes encoding in values'],
  648. ['foo=bar&&&test&&', 'foo=bar&test', 'removes unneeded delimiters'],
  649. ['formula=e=m*c^2', 'formula=e%3Dm%2Ac%5E2', 'correctly treats only the first "=" as delimiter and the next as value'],
  650. // Ignore pairs with empty key, even if there was a value, e.g. "=value", as such nameless values cannot be retrieved anyway.
  651. // PHP also does not include them when building _GET.
  652. ['foo=bar&=a=b&=x=y', 'foo=bar', 'removes params with empty key'],
  653. ];
  654. }
  655. public function testGetQueryStringReturnsNull()
  656. {
  657. $request = new Request();
  658. $this->assertNull($request->getQueryString(), '->getQueryString() returns null for non-existent query string');
  659. $request->server->set('QUERY_STRING', '');
  660. $this->assertNull($request->getQueryString(), '->getQueryString() returns null for empty query string');
  661. }
  662. public function testGetHost()
  663. {
  664. $request = new Request();
  665. $request->initialize(['foo' => 'bar']);
  666. $this->assertEquals('', $request->getHost(), '->getHost() return empty string if not initialized');
  667. $request->initialize([], [], [], [], [], ['HTTP_HOST' => 'www.example.com']);
  668. $this->assertEquals('www.example.com', $request->getHost(), '->getHost() from Host Header');
  669. // Host header with port number
  670. $request->initialize([], [], [], [], [], ['HTTP_HOST' => 'www.example.com:8080']);
  671. $this->assertEquals('www.example.com', $request->getHost(), '->getHost() from Host Header with port number');
  672. // Server values
  673. $request->initialize([], [], [], [], [], ['SERVER_NAME' => 'www.example.com']);
  674. $this->assertEquals('www.example.com', $request->getHost(), '->getHost() from server name');
  675. $request->initialize([], [], [], [], [], ['SERVER_NAME' => 'www.example.com', 'HTTP_HOST' => 'www.host.com']);
  676. $this->assertEquals('www.host.com', $request->getHost(), '->getHost() value from Host header has priority over SERVER_NAME ');
  677. }
  678. public function testGetPort()
  679. {
  680. $request = Request::create('http://example.com', 'GET', [], [], [], [
  681. 'HTTP_X_FORWARDED_PROTO' => 'https',
  682. 'HTTP_X_FORWARDED_PORT' => '443',
  683. ]);
  684. $port = $request->getPort();
  685. $this->assertEquals(80, $port, 'Without trusted proxies FORWARDED_PROTO and FORWARDED_PORT are ignored.');
  686. Request::setTrustedProxies(['1.1.1.1'], Request::HEADER_X_FORWARDED_ALL);
  687. $request = Request::create('http://example.com', 'GET', [], [], [], [
  688. 'HTTP_X_FORWARDED_PROTO' => 'https',
  689. 'HTTP_X_FORWARDED_PORT' => '8443',
  690. ]);
  691. $this->assertEquals(80, $request->getPort(), 'With PROTO and PORT on untrusted connection server value takes precedence.');
  692. $request->server->set('REMOTE_ADDR', '1.1.1.1');
  693. $this->assertEquals(8443, $request->getPort(), 'With PROTO and PORT set PORT takes precedence.');
  694. $request = Request::create('http://example.com', 'GET', [], [], [], [
  695. 'HTTP_X_FORWARDED_PROTO' => 'https',
  696. ]);
  697. $this->assertEquals(80, $request->getPort(), 'With only PROTO set getPort() ignores trusted headers on untrusted connection.');
  698. $request->server->set('REMOTE_ADDR', '1.1.1.1');
  699. $this->assertEquals(443, $request->getPort(), 'With only PROTO set getPort() defaults to 443.');
  700. $request = Request::create('http://example.com', 'GET', [], [], [], [
  701. 'HTTP_X_FORWARDED_PROTO' => 'http',
  702. ]);
  703. $this->assertEquals(80, $request->getPort(), 'If X_FORWARDED_PROTO is set to HTTP getPort() ignores trusted headers on untrusted connection.');
  704. $request->server->set('REMOTE_ADDR', '1.1.1.1');
  705. $this->assertEquals(80, $request->getPort(), 'If X_FORWARDED_PROTO is set to HTTP getPort() returns port of the original request.');
  706. $request = Request::create('http://example.com', 'GET', [], [], [], [
  707. 'HTTP_X_FORWARDED_PROTO' => 'On',
  708. ]);
  709. $this->assertEquals(80, $request->getPort(), 'With only PROTO set and value is On, getPort() ignores trusted headers on untrusted connection.');
  710. $request->server->set('REMOTE_ADDR', '1.1.1.1');
  711. $this->assertEquals(443, $request->getPort(), 'With only PROTO set and value is On, getPort() defaults to 443.');
  712. $request = Request::create('http://example.com', 'GET', [], [], [], [
  713. 'HTTP_X_FORWARDED_PROTO' => '1',
  714. ]);
  715. $this->assertEquals(80, $request->getPort(), 'With only PROTO set and value is 1, getPort() ignores trusted headers on untrusted connection.');
  716. $request->server->set('REMOTE_ADDR', '1.1.1.1');
  717. $this->assertEquals(443, $request->getPort(), 'With only PROTO set and value is 1, getPort() defaults to 443.');
  718. $request = Request::create('http://example.com', 'GET', [], [], [], [
  719. 'HTTP_X_FORWARDED_PROTO' => 'something-else',
  720. ]);
  721. $port = $request->getPort();
  722. $this->assertEquals(80, $port, 'With only PROTO set and value is not recognized, getPort() defaults to 80.');
  723. }
  724. public function testGetHostWithFakeHttpHostValue()
  725. {
  726. $this->expectException('RuntimeException');
  727. $request = new Request();
  728. $request->initialize([], [], [], [], [], ['HTTP_HOST' => 'www.host.com?query=string']);
  729. $request->getHost();
  730. }
  731. public function testGetSetMethod()
  732. {
  733. $request = new Request();
  734. $this->assertEquals('GET', $request->getMethod(), '->getMethod() returns GET if no method is defined');
  735. $request->setMethod('get');
  736. $this->assertEquals('GET', $request->getMethod(), '->getMethod() returns an uppercased string');
  737. $request->setMethod('PURGE');
  738. $this->assertEquals('PURGE', $request->getMethod(), '->getMethod() returns the method even if it is not a standard one');
  739. $request->setMethod('POST');
  740. $this->assertEquals('POST', $request->getMethod(), '->getMethod() returns the method POST if no _method is defined');
  741. $request->setMethod('POST');
  742. $request->request->set('_method', 'purge');
  743. $this->assertEquals('POST', $request->getMethod(), '->getMethod() does not return the method from _method if defined and POST but support not enabled');
  744. $request = new Request();
  745. $request->setMethod('POST');
  746. $request->request->set('_method', 'purge');
  747. $this->assertFalse(Request::getHttpMethodParameterOverride(), 'httpMethodParameterOverride should be disabled by default');
  748. Request::enableHttpMethodParameterOverride();
  749. $this->assertTrue(Request::getHttpMethodParameterOverride(), 'httpMethodParameterOverride should be enabled now but it is not');
  750. $this->assertEquals('PURGE', $request->getMethod(), '->getMethod() returns the method from _method if defined and POST');
  751. $this->disableHttpMethodParameterOverride();
  752. $request = new Request();
  753. $request->setMethod('POST');
  754. $request->query->set('_method', 'purge');
  755. $this->assertEquals('POST', $request->getMethod(), '->getMethod() does not return the method from _method if defined and POST but support not enabled');
  756. $request = new Request();
  757. $request->setMethod('POST');
  758. $request->query->set('_method', 'purge');
  759. Request::enableHttpMethodParameterOverride();
  760. $this->assertEquals('PURGE', $request->getMethod(), '->getMethod() returns the method from _method if defined and POST');
  761. $this->disableHttpMethodParameterOverride();
  762. $request = new Request();
  763. $request->setMethod('POST');
  764. $request->headers->set('X-HTTP-METHOD-OVERRIDE', 'delete');
  765. $this->assertEquals('DELETE', $request->getMethod(), '->getMethod() returns the method from X-HTTP-Method-Override even though _method is set if defined and POST');
  766. $request = new Request();
  767. $request->setMethod('POST');
  768. $request->headers->set('X-HTTP-METHOD-OVERRIDE', 'delete');
  769. $this->assertEquals('DELETE', $request->getMethod(), '->getMethod() returns the method from X-HTTP-Method-Override if defined and POST');
  770. $request = new Request();
  771. $request->setMethod('POST');
  772. $request->query->set('_method', ['delete', 'patch']);
  773. $this->assertSame('POST', $request->getMethod(), '->getMethod() returns the request method if invalid type is defined in query');
  774. }
  775. /**
  776. * @dataProvider getClientIpsProvider
  777. */
  778. public function testGetClientIp($expected, $remoteAddr, $httpForwardedFor, $trustedProxies)
  779. {
  780. $request = $this->getRequestInstanceForClientIpTests($remoteAddr, $httpForwardedFor, $trustedProxies);
  781. $this->assertEquals($expected[0], $request->getClientIp());
  782. }
  783. /**
  784. * @dataProvider getClientIpsProvider
  785. */
  786. public function testGetClientIps($expected, $remoteAddr, $httpForwardedFor, $trustedProxies)
  787. {
  788. $request = $this->getRequestInstanceForClientIpTests($remoteAddr, $httpForwardedFor, $trustedProxies);
  789. $this->assertEquals($expected, $request->getClientIps());
  790. }
  791. /**
  792. * @dataProvider getClientIpsForwardedProvider
  793. */
  794. public function testGetClientIpsForwarded($expected, $remoteAddr, $httpForwarded, $trustedProxies)
  795. {
  796. $request = $this->getRequestInstanceForClientIpsForwardedTests($remoteAddr, $httpForwarded, $trustedProxies);
  797. $this->assertEquals($expected, $request->getClientIps());
  798. }
  799. public function getClientIpsForwardedProvider()
  800. {
  801. // $expected $remoteAddr $httpForwarded $trustedProxies
  802. return [
  803. [['127.0.0.1'], '127.0.0.1', 'for="_gazonk"', null],
  804. [['127.0.0.1'], '127.0.0.1', 'for="_gazonk"', ['127.0.0.1']],
  805. [['88.88.88.88'], '127.0.0.1', 'for="88.88.88.88:80"', ['127.0.0.1']],
  806. [['192.0.2.60'], '::1', 'for=192.0.2.60;proto=http;by=203.0.113.43', ['::1']],
  807. [['2620:0:1cfe:face:b00c::3', '192.0.2.43'], '::1', 'for=192.0.2.43, for=2620:0:1cfe:face:b00c::3', ['::1']],
  808. [['2001:db8:cafe::17'], '::1', 'for="[2001:db8:cafe::17]:4711', ['::1']],
  809. ];
  810. }
  811. public function getClientIpsProvider()
  812. {
  813. // $expected $remoteAddr $httpForwardedFor $trustedProxies
  814. return [
  815. // simple IPv4
  816. [['88.88.88.88'], '88.88.88.88', null, null],
  817. // trust the IPv4 remote addr
  818. [['88.88.88.88'], '88.88.88.88', null, ['88.88.88.88']],
  819. // simple IPv6
  820. [['::1'], '::1', null, null],
  821. // trust the IPv6 remote addr
  822. [['::1'], '::1', null, ['::1']],
  823. // forwarded for with remote IPv4 addr not trusted
  824. [['127.0.0.1'], '127.0.0.1', '88.88.88.88', null],
  825. // forwarded for with remote IPv4 addr trusted + comma
  826. [['88.88.88.88'], '127.0.0.1', '88.88.88.88,', ['127.0.0.1']],
  827. // forwarded for with remote IPv4 and all FF addrs trusted
  828. [['88.88.88.88'], '127.0.0.1', '88.88.88.88', ['127.0.0.1', '88.88.88.88']],
  829. // forwarded for with remote IPv4 range trusted
  830. [['88.88.88.88'], '123.45.67.89', '88.88.88.88', ['123.45.67.0/24']],
  831. // forwarded for with remote IPv6 addr not trusted
  832. [['1620:0:1cfe:face:b00c::3'], '1620:0:1cfe:face:b00c::3', '2620:0:1cfe:face:b00c::3', null],
  833. // forwarded for with remote IPv6 addr trusted
  834. [['2620:0:1cfe:face:b00c::3'], '1620:0:1cfe:face:b00c::3', '2620:0:1cfe:face:b00c::3', ['1620:0:1cfe:face:b00c::3']],
  835. // forwarded for with remote IPv6 range trusted
  836. [['88.88.88.88'], '2a01:198:603:0:396e:4789:8e99:890f', '88.88.88.88', ['2a01:198:603:0::/65']],
  837. // multiple forwarded for with remote IPv4 addr trusted
  838. [['88.88.88.88', '87.65.43.21', '127.0.0.1'], '123.45.67.89', '127.0.0.1, 87.65.43.21, 88.88.88.88', ['123.45.67.89']],
  839. // multiple forwarded for with remote IPv4 addr and some reverse proxies trusted
  840. [['87.65.43.21', '127.0.0.1'], '123.45.67.89', '127.0.0.1, 87.65.43.21, 88.88.88.88', ['123.45.67.89', '88.88.88.88']],
  841. // multiple forwarded for with remote IPv4 addr and some reverse proxies trusted but in the middle
  842. [['88.88.88.88', '127.0.0.1'], '123.45.67.89', '127.0.0.1, 87.65.43.21, 88.88.88.88', ['123.45.67.89', '87.65.43.21']],
  843. // multiple forwarded for with remote IPv4 addr and all reverse proxies trusted
  844. [['127.0.0.1'], '123.45.67.89', '127.0.0.1, 87.65.43.21, 88.88.88.88', ['123.45.67.89', '87.65.43.21', '88.88.88.88', '127.0.0.1']],
  845. // multiple forwarded for with remote IPv6 addr trusted
  846. [['2620:0:1cfe:face:b00c::3', '3620:0:1cfe:face:b00c::3'], '1620:0:1cfe:face:b00c::3', '3620:0:1cfe:face:b00c::3,2620:0:1cfe:face:b00c::3', ['1620:0:1cfe:face:b00c::3']],
  847. // multiple forwarded for with remote IPv6 addr and some reverse proxies trusted
  848. [['3620:0:1cfe:face:b00c::3'], '1620:0:1cfe:face:b00c::3', '3620:0:1cfe:face:b00c::3,2620:0:1cfe:face:b00c::3', ['1620:0:1cfe:face:b00c::3', '2620:0:1cfe:face:b00c::3']],
  849. // multiple forwarded for with remote IPv4 addr and some reverse proxies trusted but in the middle
  850. [['2620:0:1cfe:face:b00c::3', '4620:0:1cfe:face:b00c::3'], '1620:0:1cfe:face:b00c::3', '4620:0:1cfe:face:b00c::3,3620:0:1cfe:face:b00c::3,2620:0:1cfe:face:b00c::3', ['1620:0:1cfe:face:b00c::3', '3620:0:1cfe:face:b00c::3']],
  851. // client IP with port
  852. [['88.88.88.88'], '127.0.0.1', '88.88.88.88:12345, 127.0.0.1', ['127.0.0.1']],
  853. // invalid forwarded IP is ignored
  854. [['88.88.88.88'], '127.0.0.1', 'unknown,88.88.88.88', ['127.0.0.1']],
  855. [['88.88.88.88'], '127.0.0.1', '}__test|O:21:&quot;JDatabaseDriverMysqli&quot;:3:{s:2,88.88.88.88', ['127.0.0.1']],
  856. ];
  857. }
  858. /**
  859. * @dataProvider getClientIpsWithConflictingHeadersProvider
  860. */
  861. public function testGetClientIpsWithConflictingHeaders($httpForwarded, $httpXForwardedFor)
  862. {
  863. $this->expectException('Symfony\Component\HttpFoundation\Exception\ConflictingHeadersException');
  864. $request = new Request();
  865. $server = [
  866. 'REMOTE_ADDR' => '88.88.88.88',
  867. 'HTTP_FORWARDED' => $httpForwarded,
  868. 'HTTP_X_FORWARDED_FOR' => $httpXForwardedFor,
  869. ];
  870. Request::setTrustedProxies(['88.88.88.88'], Request::HEADER_X_FORWARDED_ALL | Request::HEADER_FORWARDED);
  871. $request->initialize([], [], [], [], [], $server);
  872. $request->getClientIps();
  873. }
  874. /**
  875. * @dataProvider getClientIpsWithConflictingHeadersProvider
  876. */
  877. public function testGetClientIpsOnlyXHttpForwardedForTrusted($httpForwarded, $httpXForwardedFor)
  878. {
  879. $request = new Request();
  880. $server = [
  881. 'REMOTE_ADDR' => '88.88.88.88',
  882. 'HTTP_FORWARDED' => $httpForwarded,
  883. 'HTTP_X_FORWARDED_FOR' => $httpXForwardedFor,
  884. ];
  885. Request::setTrustedProxies(['88.88.88.88'], Request::HEADER_X_FORWARDED_FOR);
  886. $request->initialize([], [], [], [], [], $server);
  887. $this->assertSame(array_reverse(explode(',', $httpXForwardedFor)), $request->getClientIps());
  888. }
  889. public function getClientIpsWithConflictingHeadersProvider()
  890. {
  891. // $httpForwarded $httpXForwardedFor
  892. return [
  893. ['for=87.65.43.21', '192.0.2.60'],
  894. ['for=87.65.43.21, for=192.0.2.60', '192.0.2.60'],
  895. ['for=192.0.2.60', '192.0.2.60,87.65.43.21'],
  896. ['for="::face", for=192.0.2.60', '192.0.2.60,192.0.2.43'],
  897. ['for=87.65.43.21, for=192.0.2.60', '192.0.2.60,87.65.43.21'],
  898. ];
  899. }
  900. /**
  901. * @dataProvider getClientIpsWithAgreeingHeadersProvider
  902. */
  903. public function testGetClientIpsWithAgreeingHeaders($httpForwarded, $httpXForwardedFor, $expectedIps)
  904. {
  905. $request = new Request();
  906. $server = [
  907. 'REMOTE_ADDR' => '88.88.88.88',
  908. 'HTTP_FORWARDED' => $httpForwarded,
  909. 'HTTP_X_FORWARDED_FOR' => $httpXForwardedFor,
  910. ];
  911. Request::setTrustedProxies(['88.88.88.88'], -1);
  912. $request->initialize([], [], [], [], [], $server);
  913. $clientIps = $request->getClientIps();
  914. $this->assertSame($expectedIps, $clientIps);
  915. }
  916. public function getClientIpsWithAgreeingHeadersProvider()
  917. {
  918. // $httpForwarded $httpXForwardedFor
  919. return [
  920. ['for="192.0.2.60"', '192.0.2.60', ['192.0.2.60']],
  921. ['for=192.0.2.60, for=87.65.43.21', '192.0.2.60,87.65.43.21', ['87.65.43.21', '192.0.2.60']],
  922. ['for="[::face]", for=192.0.2.60', '::face,192.0.2.60', ['192.0.2.60', '::face']],
  923. ['for="192.0.2.60:80"', '192.0.2.60', ['192.0.2.60']],
  924. ['for=192.0.2.60;proto=http;by=203.0.113.43', '192.0.2.60', ['192.0.2.60']],
  925. ['for="[2001:db8:cafe::17]:4711"', '2001:db8:cafe::17', ['2001:db8:cafe::17']],
  926. ];
  927. }
  928. public function testGetContentWorksTwiceInDefaultMode()
  929. {
  930. $req = new Request();
  931. $this->assertEquals('', $req->getContent());
  932. $this->assertEquals('', $req->getContent());
  933. }
  934. public function testGetContentReturnsResource()
  935. {
  936. $req = new Request();
  937. $retval = $req->getContent(true);
  938. $this->assertIsResource($retval);
  939. $this->assertEquals('', fread($retval, 1));
  940. $this->assertTrue(feof($retval));
  941. }
  942. public function testGetContentReturnsResourceWhenContentSetInConstructor()
  943. {
  944. $req = new Request([], [], [], [], [], [], 'MyContent');
  945. $resource = $req->getContent(true);
  946. $this->assertIsResource($resource);
  947. $this->assertEquals('MyContent', stream_get_contents($resource));
  948. }
  949. public function testContentAsResource()
  950. {
  951. $resource = fopen('php://memory', 'r+');
  952. fwrite($resource, 'My other content');
  953. rewind($resource);
  954. $req = new Request([], [], [], [], [], [], $resource);
  955. $this->assertEquals('My other content', stream_get_contents($req->getContent(true)));
  956. $this->assertEquals('My other content', $req->getContent());
  957. }
  958. /**
  959. * @dataProvider getContentCantBeCalledTwiceWithResourcesProvider
  960. */
  961. public function testGetContentCantBeCalledTwiceWithResources($first, $second)
  962. {
  963. $this->expectException('LogicException');
  964. if (\PHP_VERSION_ID >= 50600) {
  965. $this->markTestSkipped('PHP >= 5.6 allows to open php://input several times.');
  966. }
  967. $req = new Request();
  968. $req->getContent($first);
  969. $req->getContent($second);
  970. }
  971. public function getContentCantBeCalledTwiceWithResourcesProvider()
  972. {
  973. return [
  974. 'Resource then fetch' => [true, false],
  975. 'Resource then resource' => [true, true],
  976. ];
  977. }
  978. /**
  979. * @dataProvider getContentCanBeCalledTwiceWithResourcesProvider
  980. * @requires PHP 5.6
  981. */
  982. public function testGetContentCanBeCalledTwiceWithResources($first, $second)
  983. {
  984. $req = new Request();
  985. $a = $req->getContent($first);
  986. $b = $req->getContent($second);
  987. if ($first) {
  988. $a = stream_get_contents($a);
  989. }
  990. if ($second) {
  991. $b = stream_get_contents($b);
  992. }
  993. $this->assertSame($a, $b);
  994. }
  995. public function getContentCanBeCalledTwiceWithResourcesProvider()
  996. {
  997. return [
  998. 'Fetch then fetch' => [false, false],
  999. 'Fetch then resource' => [false, true],
  1000. 'Resource then fetch' => [true, false],
  1001. 'Resource then resource' => [true, true],
  1002. ];
  1003. }
  1004. public function provideOverloadedMethods()
  1005. {
  1006. return [
  1007. ['PUT'],
  1008. ['DELETE'],
  1009. ['PATCH'],
  1010. ['put'],
  1011. ['delete'],
  1012. ['patch'],
  1013. ];
  1014. }
  1015. /**
  1016. * @dataProvider provideOverloadedMethods
  1017. */
  1018. public function testCreateFromGlobals($method)
  1019. {
  1020. $normalizedMethod = strtoupper($method);
  1021. $_GET['foo1'] = 'bar1';
  1022. $_POST['foo2'] = 'bar2';
  1023. $_COOKIE['foo3'] = 'bar3';
  1024. $_FILES['foo4'] = ['bar4'];
  1025. $_SERVER['foo5'] = 'bar5';
  1026. $request = Request::createFromGlobals();
  1027. $this->assertEquals('bar1', $request->query->get('foo1'), '::fromGlobals() uses values from $_GET');
  1028. $this->assertEquals('bar2', $request->request->get('foo2'), '::fromGlobals() uses values from $_POST');
  1029. $this->assertEquals('bar3', $request->cookies->get('foo3'), '::fromGlobals() uses values from $_COOKIE');
  1030. $this->assertEquals(['bar4'], $request->files->get('foo4'), '::fromGlobals() uses values from $_FILES');
  1031. $this->assertEquals('bar5', $request->server->get('foo5'), '::fromGlobals() uses values from $_SERVER');
  1032. unset($_GET['foo1'], $_POST['foo2'], $_COOKIE['foo3'], $_FILES['foo4'], $_SERVER['foo5']);
  1033. $_SERVER['REQUEST_METHOD'] = $method;
  1034. $_SERVER['CONTENT_TYPE'] = 'application/x-www-form-urlencoded';
  1035. $request = RequestContentProxy::createFromGlobals();
  1036. $this->assertEquals($normalizedMethod, $request->getMethod());
  1037. $this->assertEquals('mycontent', $request->request->get('content'));
  1038. unset($_SERVER['REQUEST_METHOD'], $_SERVER['CONTENT_TYPE']);
  1039. Request::createFromGlobals();
  1040. Request::enableHttpMethodParameterOverride();
  1041. $_POST['_method'] = $method;
  1042. $_POST['foo6'] = 'bar6';
  1043. $_SERVER['REQUEST_METHOD'] = 'PoSt';
  1044. $request = Request::createFromGlobals();
  1045. $this->assertEquals($normalizedMethod, $request->getMethod());
  1046. $this->assertEquals('POST', $request->getRealMethod());
  1047. $this->assertEquals('bar6', $request->request->get('foo6'));
  1048. unset($_POST['_method'], $_POST['foo6'], $_SERVER['REQUEST_METHOD']);
  1049. $this->disableHttpMethodParameterOverride();
  1050. }
  1051. public function testOverrideGlobals()
  1052. {
  1053. $request = new Request();
  1054. $request->initialize(['foo' => 'bar']);
  1055. // as the Request::overrideGlobals really work, it erase $_SERVER, so we must backup it
  1056. $server = $_SERVER;
  1057. $request->overrideGlobals();
  1058. $this->assertEquals(['foo' => 'bar'], $_GET);
  1059. $request->initialize([], ['foo' => 'bar']);
  1060. $request->overrideGlobals();
  1061. $this->assertEquals(['foo' => 'bar'], $_POST);
  1062. $this->assertArrayNotHasKey('HTTP_X_FORWARDED_PROTO', $_SERVER);
  1063. $request->headers->set('X_FORWARDED_PROTO', 'https');
  1064. Request::setTrustedProxies(['1.1.1.1'], Request::HEADER_X_FORWARDED_ALL);
  1065. $this->assertFalse($request->isSecure());
  1066. $request->server->set('REMOTE_ADDR', '1.1.1.1');
  1067. $this->assertTrue($request->isSecure());
  1068. $request->overrideGlobals();
  1069. $this->assertArrayHasKey('HTTP_X_FORWARDED_PROTO', $_SERVER);
  1070. $request->headers->set('CONTENT_TYPE', 'multipart/form-data');
  1071. $request->headers->set('CONTENT_LENGTH', 12345);
  1072. $request->overrideGlobals();
  1073. $this->assertArrayHasKey('CONTENT_TYPE', $_SERVER);
  1074. $this->assertArrayHasKey('CONTENT_LENGTH', $_SERVER);
  1075. $request->initialize(['foo' => 'bar', 'baz' => 'foo']);
  1076. $request->query->remove('baz');
  1077. $request->overrideGlobals();
  1078. $this->assertEquals(['foo' => 'bar'], $_GET);
  1079. $this->assertEquals('foo=bar', $_SERVER['QUERY_STRING']);
  1080. $this->assertEquals('foo=bar', $request->server->get('QUERY_STRING'));
  1081. // restore initial $_SERVER array
  1082. $_SERVER = $server;
  1083. }
  1084. public function testGetScriptName()
  1085. {
  1086. $request = new Request();
  1087. $this->assertEquals('', $request->getScriptName());
  1088. $server = [];
  1089. $server['SCRIPT_NAME'] = '/index.php';
  1090. $request->initialize([], [], [], [], [], $server);
  1091. $this->assertEquals('/index.php', $request->getScriptName());
  1092. $server = [];
  1093. $server['ORIG_SCRIPT_NAME'] = '/frontend.php';
  1094. $request->initialize([], [], [], [], [], $server);
  1095. $this->assertEquals('/frontend.php', $request->getScriptName());
  1096. $server = [];
  1097. $server['SCRIPT_NAME'] = '/index.php';
  1098. $server['ORIG_SCRIPT_NAME'] = '/frontend.php';
  1099. $request->initialize([], [], [], [], [], $server);
  1100. $this->assertEquals('/index.php', $request->getScriptName());
  1101. }
  1102. public function testGetBasePath()
  1103. {
  1104. $request = new Request();
  1105. $this->assertEquals('', $request->getBasePath());
  1106. $server = [];
  1107. $server['SCRIPT_FILENAME'] = '/some/where/index.php';
  1108. $request->initialize([], [], [], [], [], $server);
  1109. $this->assertEquals('', $request->getBasePath());
  1110. $server = [];
  1111. $server['SCRIPT_FILENAME'] = '/some/where/index.php';
  1112. $server['SCRIPT_NAME'] = '/index.php';
  1113. $request->initialize([], [], [], [], [], $server);
  1114. $this->assertEquals('', $request->getBasePath());
  1115. $server = [];
  1116. $server['SCRIPT_FILENAME'] = '/some/where/index.php';
  1117. $server['PHP_SELF'] = '/index.php';
  1118. $request->initialize([], [], [], [], [], $server);
  1119. $this->assertEquals('', $request->getBasePath());
  1120. $server = [];
  1121. $server['SCRIPT_FILENAME'] = '/some/where/index.php';
  1122. $server['ORIG_SCRIPT_NAME'] = '/index.php';
  1123. $request->initialize([], [], [], [], [], $server);
  1124. $this->assertEquals('', $request->getBasePath());
  1125. }
  1126. public function testGetPathInfo()
  1127. {
  1128. $request = new Request();
  1129. $this->assertEquals('/', $request->getPathInfo());
  1130. $server = [];
  1131. $server['REQUEST_URI'] = '/path/info';
  1132. $request->initialize([], [], [], [], [], $server);
  1133. $this->assertEquals('/path/info', $request->getPathInfo());
  1134. $server = [];
  1135. $server['REQUEST_URI'] = '/path%20test/info';
  1136. $request->initialize([], [], [], [], [], $server);
  1137. $this->assertEquals('/path%20test/info', $request->getPathInfo());
  1138. $server = [];
  1139. $server['REQUEST_URI'] = '?a=b';
  1140. $request->initialize([], [], [], [], [], $server);
  1141. $this->assertEquals('/', $request->getPathInfo());
  1142. }
  1143. public function testGetParameterPrecedence()
  1144. {
  1145. $request = new Request();
  1146. $request->attributes->set('foo', 'attr');
  1147. $request->query->set('foo', 'query');
  1148. $request->request->set('foo', 'body');
  1149. $this->assertSame('attr', $request->get('foo'));
  1150. $request->attributes->remove('foo');
  1151. $this->assertSame('query', $request->get('foo'));
  1152. $request->query->remove('foo');
  1153. $this->assertSame('body', $request->get('foo'));
  1154. $request->request->remove('foo');
  1155. $this->assertNull($request->get('foo'));
  1156. }
  1157. public function testGetPreferredLanguage()
  1158. {
  1159. $request = new Request();
  1160. $this->assertNull($request->getPreferredLanguage());
  1161. $this->assertNull($request->getPreferredLanguage([]));
  1162. $this->assertEquals('fr', $request->getPreferredLanguage(['fr']));
  1163. $this->assertEquals('fr', $request->getPreferredLanguage(['fr', 'en']));
  1164. $this->assertEquals('en', $request->getPreferredLanguage(['en', 'fr']));
  1165. $this->assertEquals('fr-ch', $request->getPreferredLanguage(['fr-ch', 'fr-fr']));
  1166. $request = new Request();
  1167. $request->headers->set('Accept-language', 'zh, en-us; q=0.8, en; q=0.6');
  1168. $this->assertEquals('en', $request->getPreferredLanguage(['en', 'en-us']));
  1169. $request = new Request();
  1170. $request->headers->set('Accept-language', 'zh, en-us; q=0.8, en; q=0.6');
  1171. $this->assertEquals('en', $request->getPreferredLanguage(['fr', 'en']));
  1172. $request = new Request();
  1173. $request->headers->set('Accept-language', 'zh, en-us; q=0.8');
  1174. $this->assertEquals('en', $request->getPreferredLanguage(['fr', 'en']));
  1175. $request = new Request();
  1176. $request->headers->set('Accept-language', 'zh, en-us; q=0.8, fr-fr; q=0.6, fr; q=0.5');
  1177. $this->assertEquals('en', $request->getPreferredLanguage(['fr', 'en']));
  1178. }
  1179. public function testIsXmlHttpRequest()
  1180. {
  1181. $request = new Request();
  1182. $this->assertFalse($request->isXmlHttpRequest());
  1183. $request->headers->set('X-Requested-With', 'XMLHttpRequest');
  1184. $this->assertTrue($request->isXmlHttpRequest());
  1185. $request->headers->remove('X-Requested-With');
  1186. $this->assertFalse($request->isXmlHttpRequest());
  1187. }
  1188. /**
  1189. * @requires extension intl
  1190. */
  1191. public function testIntlLocale()
  1192. {
  1193. $request = new Request();
  1194. $request->setDefaultLocale('fr');
  1195. $this->assertEquals('fr', $request->getLocale());
  1196. $this->assertEquals('fr', \Locale::getDefault());
  1197. $request->setLocale('en');
  1198. $this->assertEquals('en', $request->getLocale());
  1199. $this->assertEquals('en', \Locale::getDefault());
  1200. $request->setDefaultLocale('de');
  1201. $this->assertEquals('en', $request->getLocale());
  1202. $this->assertEquals('en', \Locale::getDefault());
  1203. }
  1204. public function testGetCharsets()
  1205. {
  1206. $request = new Request();
  1207. $this->assertEquals([], $request->getCharsets());
  1208. $request->headers->set('Accept-Charset', 'ISO-8859-1, US-ASCII, UTF-8; q=0.8, ISO-10646-UCS-2; q=0.6');
  1209. $this->assertEquals([], $request->getCharsets()); // testing caching
  1210. $request = new Request();
  1211. $request->headers->set('Accept-Charset', 'ISO-8859-1, US-ASCII, UTF-8; q=0.8, ISO-10646-UCS-2; q=0.6');
  1212. $this->assertEquals(['ISO-8859-1', 'US-ASCII', 'UTF-8', 'ISO-10646-UCS-2'], $request->getCharsets());
  1213. $request = new Request();
  1214. $request->headers->set('Accept-Charset', 'ISO-8859-1,utf-8;q=0.7,*;q=0.7');
  1215. $this->assertEquals(['ISO-8859-1', 'utf-8', '*'], $request->getCharsets());
  1216. }
  1217. public function testGetEncodings()
  1218. {
  1219. $request = new Request();
  1220. $this->assertEquals([], $request->getEncodings());
  1221. $request->headers->set('Accept-Encoding', 'gzip,deflate,sdch');
  1222. $this->assertEquals([], $request->getEncodings()); // testing caching
  1223. $request = new Request();
  1224. $request->headers->set('Accept-Encoding', 'gzip,deflate,sdch');
  1225. $this->assertEquals(['gzip', 'deflate', 'sdch'], $request->getEncodings());
  1226. $request = new Request();
  1227. $request->headers->set('Accept-Encoding', 'gzip;q=0.4,deflate;q=0.9,compress;q=0.7');
  1228. $this->assertEquals(['deflate', 'compress', 'gzip'], $request->getEncodings());
  1229. }
  1230. public function testGetAcceptableContentTypes()
  1231. {
  1232. $request = new Request();
  1233. $this->assertEquals([], $request->getAcceptableContentTypes());
  1234. $request->headers->set('Accept', 'application/vnd.wap.wmlscriptc, text/vnd.wap.wml, application/vnd.wap.xhtml+xml, application/xhtml+xml, text/html, multipart/mixed, */*');
  1235. $this->assertEquals([], $request->getAcceptableContentTypes()); // testing caching
  1236. $request = new Request();
  1237. $request->headers->set('Accept', 'application/vnd.wap.wmlscriptc, text/vnd.wap.wml, application/vnd.wap.xhtml+xml, application/xhtml+xml, text/html, multipart/mixed, */*');
  1238. $this->assertEquals(['application/vnd.wap.wmlscriptc', 'text/vnd.wap.wml', 'application/vnd.wap.xhtml+xml', 'application/xhtml+xml', 'text/html', 'multipart/mixed', '*/*'], $request->getAcceptableContentTypes());
  1239. }
  1240. public function testGetLanguages()
  1241. {
  1242. $request = new Request();
  1243. $this->assertEquals([], $request->getLanguages());
  1244. $request = new Request();
  1245. $request->headers->set('Accept-language', 'zh, en-us; q=0.8, en; q=0.6');
  1246. $this->assertEquals(['zh', 'en_US', 'en'], $request->getLanguages());
  1247. $request = new Request();
  1248. $request->headers->set('Accept-language', 'zh, en-us; q=0.6, en; q=0.8');
  1249. $this->assertEquals(['zh', 'en', 'en_US'], $request->getLanguages()); // Test out of order qvalues
  1250. $request = new Request();
  1251. $request->headers->set('Accept-language', 'zh, en, en-us');
  1252. $this->assertEquals(['zh', 'en', 'en_US'], $request->getLanguages()); // Test equal weighting without qvalues
  1253. $request = new Request();
  1254. $request->headers->set('Accept-language', 'zh; q=0.6, en, en-us; q=0.6');
  1255. $this->assertEquals(['en', 'zh', 'en_US'], $request->getLanguages()); // Test equal weighting with qvalues
  1256. $request = new Request();
  1257. $request->headers->set('Accept-language', 'zh, i-cherokee; q=0.6');
  1258. $this->assertEquals(['zh', 'cherokee'], $request->getLanguages());
  1259. }
  1260. public function testGetRequestFormat()
  1261. {
  1262. $request = new Request();
  1263. $this->assertEquals('html', $request->getRequestFormat());
  1264. // Ensure that setting different default values over time is possible,
  1265. // aka. setRequestFormat determines the state.
  1266. $this->assertEquals('json', $request->getRequestFormat('json'));
  1267. $this->assertEquals('html', $request->getRequestFormat('html'));
  1268. $request = new Request();
  1269. $this->assertNull($request->getRequestFormat(null));
  1270. $request = new Request();
  1271. $this->assertNull($request->setRequestFormat('foo'));
  1272. $this->assertEquals('foo', $request->getRequestFormat(null));
  1273. $request = new Request(['_format' => 'foo']);
  1274. $this->assertEquals('html', $request->getRequestFormat());
  1275. }
  1276. public function testHasSession()
  1277. {
  1278. $request = new Request();
  1279. $this->assertFalse($request->hasSession());
  1280. $request->setSession(new Session(new MockArraySessionStorage()));
  1281. $this->assertTrue($request->hasSession());
  1282. }
  1283. public function testGetSession()
  1284. {
  1285. $request = new Request();
  1286. $request->setSession(new Session(new MockArraySessionStorage()));
  1287. $this->assertTrue($request->hasSession());
  1288. $session = $request->getSession();
  1289. $this->assertObjectHasAttribute('storage', $session);
  1290. $this->assertObjectHasAttribute('flashName', $session);
  1291. $this->assertObjectHasAttribute('attributeName', $session);
  1292. }
  1293. public function testHasPreviousSession()
  1294. {
  1295. $request = new Request();
  1296. $this->assertFalse($request->hasPreviousSession());
  1297. $request->cookies->set('MOCKSESSID', 'foo');
  1298. $this->assertFalse($request->hasPreviousSession());
  1299. $request->setSession(new Session(new MockArraySessionStorage()));
  1300. $this->assertTrue($request->hasPreviousSession());
  1301. }
  1302. public function testToString()
  1303. {
  1304. $request = new Request();
  1305. $request->headers->set('Accept-language', 'zh, en-us; q=0.8, en; q=0.6');
  1306. $request->cookies->set('Foo', 'Bar');
  1307. $asString = (string) $request;
  1308. $this->assertStringContainsString('Accept-Language: zh, en-us; q=0.8, en; q=0.6', $asString);
  1309. $this->assertStringContainsString('Cookie: Foo=Bar', $asString);
  1310. $request->cookies->set('Another', 'Cookie');
  1311. $asString = (string) $request;
  1312. $this->assertStringContainsString('Cookie: Foo=Bar; Another=Cookie', $asString);
  1313. }
  1314. public function testIsMethod()
  1315. {
  1316. $request = new Request();
  1317. $request->setMethod('POST');
  1318. $this->assertTrue($request->isMethod('POST'));
  1319. $this->assertTrue($request->isMethod('post'));
  1320. $this->assertFalse($request->isMethod('GET'));
  1321. $this->assertFalse($request->isMethod('get'));
  1322. $request->setMethod('GET');
  1323. $this->assertTrue($request->isMethod('GET'));
  1324. $this->assertTrue($request->isMethod('get'));
  1325. $this->assertFalse($request->isMethod('POST'));
  1326. $this->assertFalse($request->isMethod('post'));
  1327. }
  1328. /**
  1329. * @dataProvider getBaseUrlData
  1330. */
  1331. public function testGetBaseUrl($uri, $server, $expectedBaseUrl, $expectedPathInfo)
  1332. {
  1333. $request = Request::create($uri, 'GET', [], [], [], $server);
  1334. $this->assertSame($expectedBaseUrl, $request->getBaseUrl(), 'baseUrl');
  1335. $this->assertSame($expectedPathInfo, $request->getPathInfo(), 'pathInfo');
  1336. }
  1337. public function getBaseUrlData()
  1338. {
  1339. return [
  1340. [
  1341. '/fruit/strawberry/1234index.php/blah',
  1342. [
  1343. 'SCRIPT_FILENAME' => 'E:/Sites/cc-new/public_html/fruit/index.php',
  1344. 'SCRIPT_NAME' => '/fruit/index.php',
  1345. 'PHP_SELF' => '/fruit/index.php',
  1346. ],
  1347. '/fruit',
  1348. '/strawberry/1234index.php/blah',
  1349. ],
  1350. [
  1351. '/fruit/strawberry/1234index.php/blah',
  1352. [
  1353. 'SCRIPT_FILENAME' => 'E:/Sites/cc-new/public_html/index.php',
  1354. 'SCRIPT_NAME' => '/index.php',
  1355. 'PHP_SELF' => '/index.php',
  1356. ],
  1357. '',
  1358. '/fruit/strawberry/1234index.php/blah',
  1359. ],
  1360. [
  1361. '/foo%20bar/',
  1362. [
  1363. 'SCRIPT_FILENAME' => '/home/John Doe/public_html/foo bar/app.php',
  1364. 'SCRIPT_NAME' => '/foo bar/app.php',
  1365. 'PHP_SELF' => '/foo bar/app.php',
  1366. ],
  1367. '/foo%20bar',
  1368. '/',
  1369. ],
  1370. [
  1371. '/foo%20bar/home',
  1372. [
  1373. 'SCRIPT_FILENAME' => '/home/John Doe/public_html/foo bar/app.php',
  1374. 'SCRIPT_NAME' => '/foo bar/app.php',
  1375. 'PHP_SELF' => '/foo bar/app.php',
  1376. ],
  1377. '/foo%20bar',
  1378. '/home',
  1379. ],
  1380. [
  1381. '/foo%20bar/app.php/home',
  1382. [
  1383. 'SCRIPT_FILENAME' => '/home/John Doe/public_html/foo bar/app.php',
  1384. 'SCRIPT_NAME' => '/foo bar/app.php',
  1385. 'PHP_SELF' => '/foo bar/app.php',
  1386. ],
  1387. '/foo%20bar/app.php',
  1388. '/home',
  1389. ],
  1390. [
  1391. '/foo%20bar/app.php/home%3Dbaz',
  1392. [
  1393. 'SCRIPT_FILENAME' => '/home/John Doe/public_html/foo bar/app.php',
  1394. 'SCRIPT_NAME' => '/foo bar/app.php',
  1395. 'PHP_SELF' => '/foo bar/app.php',
  1396. ],
  1397. '/foo%20bar/app.php',
  1398. '/home%3Dbaz',
  1399. ],
  1400. [
  1401. '/foo/bar+baz',
  1402. [
  1403. 'SCRIPT_FILENAME' => '/home/John Doe/public_html/foo/app.php',
  1404. 'SCRIPT_NAME' => '/foo/app.php',
  1405. 'PHP_SELF' => '/foo/app.php',
  1406. ],
  1407. '/foo',
  1408. '/bar+baz',
  1409. ],
  1410. ];
  1411. }
  1412. /**
  1413. * @dataProvider urlencodedStringPrefixData
  1414. */
  1415. public function testUrlencodedStringPrefix($string, $prefix, $expect)
  1416. {
  1417. $request = new Request();
  1418. $me = new \ReflectionMethod($request, 'getUrlencodedPrefix');
  1419. $me->setAccessible(true);
  1420. $this->assertSame($expect, $me->invoke($request, $string, $prefix));
  1421. }
  1422. public function urlencodedStringPrefixData()
  1423. {
  1424. return [
  1425. ['foo', 'foo', 'foo'],
  1426. ['fo%6f', 'foo', 'fo%6f'],
  1427. ['foo/bar', 'foo', 'foo'],
  1428. ['fo%6f/bar', 'foo', 'fo%6f'],
  1429. ['f%6f%6f/bar', 'foo', 'f%6f%6f'],
  1430. ['%66%6F%6F/bar', 'foo', '%66%6F%6F'],
  1431. ['fo+o/bar', 'fo+o', 'fo+o'],
  1432. ['fo%2Bo/bar', 'fo+o', 'fo%2Bo'],
  1433. ];
  1434. }
  1435. private function disableHttpMethodParameterOverride()
  1436. {
  1437. $class = new \ReflectionClass('Symfony\\Component\\HttpFoundation\\Request');
  1438. $property = $class->getProperty('httpMethodParameterOverride');
  1439. $property->setAccessible(true);
  1440. $property->setValue(false);
  1441. }
  1442. private function getRequestInstanceForClientIpTests($remoteAddr, $httpForwardedFor, $trustedProxies)
  1443. {
  1444. $request = new Request();
  1445. $server = ['REMOTE_ADDR' => $remoteAddr];
  1446. if (null !== $httpForwardedFor) {
  1447. $server['HTTP_X_FORWARDED_FOR'] = $httpForwardedFor;
  1448. }
  1449. if ($trustedProxies) {
  1450. Request::setTrustedProxies($trustedProxies, Request::HEADER_X_FORWARDED_ALL);
  1451. }
  1452. $request->initialize([], [], [], [], [], $server);
  1453. return $request;
  1454. }
  1455. private function getRequestInstanceForClientIpsForwardedTests($remoteAddr, $httpForwarded, $trustedProxies)
  1456. {
  1457. $request = new Request();
  1458. $server = ['REMOTE_ADDR' => $remoteAddr];
  1459. if (null !== $httpForwarded) {
  1460. $server['HTTP_FORWARDED'] = $httpForwarded;
  1461. }
  1462. if ($trustedProxies) {
  1463. Request::setTrustedProxies($trustedProxies, Request::HEADER_FORWARDED);
  1464. }
  1465. $request->initialize([], [], [], [], [], $server);
  1466. return $request;
  1467. }
  1468. public function testTrustedProxiesXForwardedFor()
  1469. {
  1470. $request = Request::create('http://example.com/');
  1471. $request->server->set('REMOTE_ADDR', '3.3.3.3');
  1472. $request->headers->set('X_FORWARDED_FOR', '1.1.1.1, 2.2.2.2');
  1473. $request->headers->set('X_FORWARDED_HOST', 'foo.example.com:1234, real.example.com:8080');
  1474. $request->headers->set('X_FORWARDED_PROTO', 'https');
  1475. $request->headers->set('X_FORWARDED_PORT', 443);
  1476. // no trusted proxies
  1477. $this->assertEquals('3.3.3.3', $request->getClientIp());
  1478. $this->assertEquals('example.com', $request->getHost());
  1479. $this->assertEquals(80, $request->getPort());
  1480. $this->assertFalse($request->isSecure());
  1481. // disabling proxy trusting
  1482. Request::setTrustedProxies([], Request::HEADER_X_FORWARDED_ALL);
  1483. $this->assertEquals('3.3.3.3', $request->getClientIp());
  1484. $this->assertEquals('example.com', $request->getHost());
  1485. $this->assertEquals(80, $request->getPort());
  1486. $this->assertFalse($request->isSecure());
  1487. // request is forwarded by a non-trusted proxy
  1488. Request::setTrustedProxies(['2.2.2.2'], Request::HEADER_X_FORWARDED_ALL);
  1489. $this->assertEquals('3.3.3.3', $request->getClientIp());
  1490. $this->assertEquals('example.com', $request->getHost());
  1491. $this->assertEquals(80, $request->getPort());
  1492. $this->assertFalse($request->isSecure());
  1493. // trusted proxy via setTrustedProxies()
  1494. Request::setTrustedProxies(['3.3.3.3', '2.2.2.2'], Request::HEADER_X_FORWARDED_ALL);
  1495. $this->assertEquals('1.1.1.1', $request->getClientIp());
  1496. $this->assertEquals('foo.example.com', $request->getHost());
  1497. $this->assertEquals(443, $request->getPort());
  1498. $this->assertTrue($request->isSecure());
  1499. // trusted proxy via setTrustedProxies()
  1500. Request::setTrustedProxies(['3.3.3.4', '2.2.2.2'], Request::HEADER_X_FORWARDED_ALL);
  1501. $this->assertEquals('3.3.3.3', $request->getClientIp());
  1502. $this->assertEquals('example.com', $request->getHost());
  1503. $this->assertEquals(80, $request->getPort());
  1504. $this->assertFalse($request->isSecure());
  1505. // check various X_FORWARDED_PROTO header values
  1506. Request::setTrustedProxies(['3.3.3.3', '2.2.2.2'], Request::HEADER_X_FORWARDED_ALL);
  1507. $request->headers->set('X_FORWARDED_PROTO', 'ssl');
  1508. $this->assertTrue($request->isSecure());
  1509. $request->headers->set('X_FORWARDED_PROTO', 'https, http');
  1510. $this->assertTrue($request->isSecure());
  1511. }
  1512. /**
  1513. * @group legacy
  1514. * @expectedDeprecation The "Symfony\Component\HttpFoundation\Request::setTrustedHeaderName()" method is deprecated since Symfony 3.3 and will be removed in 4.0. Use the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
  1515. */
  1516. public function testLegacyTrustedProxies()
  1517. {
  1518. $request = Request::create('http://example.com/');
  1519. $request->server->set('REMOTE_ADDR', '3.3.3.3');
  1520. $request->headers->set('X_FORWARDED_FOR', '1.1.1.1, 2.2.2.2');
  1521. $request->headers->set('X_FORWARDED_HOST', 'foo.example.com, real.example.com:8080');
  1522. $request->headers->set('X_FORWARDED_PROTO', 'https');
  1523. $request->headers->set('X_FORWARDED_PORT', 443);
  1524. $request->headers->set('X_MY_FOR', '3.3.3.3, 4.4.4.4');
  1525. $request->headers->set('X_MY_HOST', 'my.example.com');
  1526. $request->headers->set('X_MY_PROTO', 'http');
  1527. $request->headers->set('X_MY_PORT', 81);
  1528. Request::setTrustedProxies(['3.3.3.3', '2.2.2.2'], Request::HEADER_X_FORWARDED_ALL);
  1529. // custom header names
  1530. Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, 'X_MY_FOR');
  1531. Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, 'X_MY_HOST');
  1532. Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, 'X_MY_PORT');
  1533. Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, 'X_MY_PROTO');
  1534. $this->assertEquals('4.4.4.4', $request->getClientIp());
  1535. $this->assertEquals('my.example.com', $request->getHost());
  1536. $this->assertEquals(81, $request->getPort());
  1537. $this->assertFalse($request->isSecure());
  1538. // disabling via empty header names
  1539. Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, null);
  1540. Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, null);
  1541. Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, null);
  1542. Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, null);
  1543. $this->assertEquals('3.3.3.3', $request->getClientIp());
  1544. $this->assertEquals('example.com', $request->getHost());
  1545. $this->assertEquals(80, $request->getPort());
  1546. $this->assertFalse($request->isSecure());
  1547. //reset
  1548. Request::setTrustedHeaderName(Request::HEADER_FORWARDED, 'FORWARDED');
  1549. Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, 'X_FORWARDED_FOR');
  1550. Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, 'X_FORWARDED_HOST');
  1551. Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, 'X_FORWARDED_PORT');
  1552. Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, 'X_FORWARDED_PROTO');
  1553. }
  1554. public function testTrustedProxiesForwarded()
  1555. {
  1556. $request = Request::create('http://example.com/');
  1557. $request->server->set('REMOTE_ADDR', '3.3.3.3');
  1558. $request->headers->set('FORWARDED', 'for=1.1.1.1, host=foo.example.com:8080, proto=https, for=2.2.2.2, host=real.example.com:8080');
  1559. // no trusted proxies
  1560. $this->assertEquals('3.3.3.3', $request->getClientIp());
  1561. $this->assertEquals('example.com', $request->getHost());
  1562. $this->assertEquals(80, $request->getPort());
  1563. $this->assertFalse($request->isSecure());
  1564. // disabling proxy trusting
  1565. Request::setTrustedProxies([], Request::HEADER_FORWARDED);
  1566. $this->assertEquals('3.3.3.3', $request->getClientIp());
  1567. $this->assertEquals('example.com', $request->getHost());
  1568. $this->assertEquals(80, $request->getPort());
  1569. $this->assertFalse($request->isSecure());
  1570. // request is forwarded by a non-trusted proxy
  1571. Request::setTrustedProxies(['2.2.2.2'], Request::HEADER_FORWARDED);
  1572. $this->assertEquals('3.3.3.3', $request->getClientIp());
  1573. $this->assertEquals('example.com', $request->getHost());
  1574. $this->assertEquals(80, $request->getPort());
  1575. $this->assertFalse($request->isSecure());
  1576. // trusted proxy via setTrustedProxies()
  1577. Request::setTrustedProxies(['3.3.3.3', '2.2.2.2'], Request::HEADER_FORWARDED);
  1578. $this->assertEquals('1.1.1.1', $request->getClientIp());
  1579. $this->assertEquals('foo.example.com', $request->getHost());
  1580. $this->assertEquals(8080, $request->getPort());
  1581. $this->assertTrue($request->isSecure());
  1582. // trusted proxy via setTrustedProxies()
  1583. Request::setTrustedProxies(['3.3.3.4', '2.2.2.2'], Request::HEADER_FORWARDED);
  1584. $this->assertEquals('3.3.3.3', $request->getClientIp());
  1585. $this->assertEquals('example.com', $request->getHost());
  1586. $this->assertEquals(80, $request->getPort());
  1587. $this->assertFalse($request->isSecure());
  1588. // check various X_FORWARDED_PROTO header values
  1589. Request::setTrustedProxies(['3.3.3.3', '2.2.2.2'], Request::HEADER_FORWARDED);
  1590. $request->headers->set('FORWARDED', 'proto=ssl');
  1591. $this->assertTrue($request->isSecure());
  1592. $request->headers->set('FORWARDED', 'proto=https, proto=http');
  1593. $this->assertTrue($request->isSecure());
  1594. }
  1595. /**
  1596. * @group legacy
  1597. */
  1598. public function testSetTrustedProxiesInvalidHeaderName()
  1599. {
  1600. $this->expectException('InvalidArgumentException');
  1601. Request::create('http://example.com/');
  1602. Request::setTrustedHeaderName('bogus name', 'X_MY_FOR');
  1603. }
  1604. /**
  1605. * @group legacy
  1606. */
  1607. public function testGetTrustedProxiesInvalidHeaderName()
  1608. {
  1609. $this->expectException('InvalidArgumentException');
  1610. Request::create('http://example.com/');
  1611. Request::getTrustedHeaderName('bogus name');
  1612. }
  1613. /**
  1614. * @dataProvider iisRequestUriProvider
  1615. */
  1616. public function testIISRequestUri($headers, $server, $expectedRequestUri)
  1617. {
  1618. $request = new Request();
  1619. $request->headers->replace($headers);
  1620. $request->server->replace($server);
  1621. $this->assertEquals($expectedRequestUri, $request->getRequestUri(), '->getRequestUri() is correct');
  1622. $subRequestUri = '/bar/foo';
  1623. $subRequest = Request::create($subRequestUri, 'get', [], [], [], $request->server->all());
  1624. $this->assertEquals($subRequestUri, $subRequest->getRequestUri(), '->getRequestUri() is correct in sub request');
  1625. }
  1626. public function iisRequestUriProvider()
  1627. {
  1628. return [
  1629. [
  1630. [],
  1631. [
  1632. 'IIS_WasUrlRewritten' => '1',
  1633. 'UNENCODED_URL' => '/foo/bar',
  1634. ],
  1635. '/foo/bar',
  1636. ],
  1637. [
  1638. [],
  1639. [
  1640. 'ORIG_PATH_INFO' => '/foo/bar',
  1641. ],
  1642. '/foo/bar',
  1643. ],
  1644. [
  1645. [],
  1646. [
  1647. 'ORIG_PATH_INFO' => '/foo/bar',
  1648. 'QUERY_STRING' => 'foo=bar',
  1649. ],
  1650. '/foo/bar?foo=bar',
  1651. ],
  1652. ];
  1653. }
  1654. public function testTrustedHosts()
  1655. {
  1656. // create a request
  1657. $request = Request::create('/');
  1658. // no trusted host set -> no host check
  1659. $request->headers->set('host', 'evil.com');
  1660. $this->assertEquals('evil.com', $request->getHost());
  1661. // add a trusted domain and all its subdomains
  1662. Request::setTrustedHosts(['^([a-z]{9}\.)?trusted\.com$']);
  1663. // untrusted host
  1664. $request->headers->set('host', 'evil.com');
  1665. try {
  1666. $request->getHost();
  1667. $this->fail('Request::getHost() should throw an exception when host is not trusted.');
  1668. } catch (SuspiciousOperationException $e) {
  1669. $this->assertEquals('Untrusted Host "evil.com".', $e->getMessage());
  1670. }
  1671. // trusted hosts
  1672. $request->headers->set('host', 'trusted.com');
  1673. $this->assertEquals('trusted.com', $request->getHost());
  1674. $this->assertEquals(80, $request->getPort());
  1675. $request->server->set('HTTPS', true);
  1676. $request->headers->set('host', 'trusted.com');
  1677. $this->assertEquals('trusted.com', $request->getHost());
  1678. $this->assertEquals(443, $request->getPort());
  1679. $request->server->set('HTTPS', false);
  1680. $request->headers->set('host', 'trusted.com:8000');
  1681. $this->assertEquals('trusted.com', $request->getHost());
  1682. $this->assertEquals(8000, $request->getPort());
  1683. $request->headers->set('host', 'subdomain.trusted.com');
  1684. $this->assertEquals('subdomain.trusted.com', $request->getHost());
  1685. }
  1686. public function testSetTrustedHostsDoesNotBreakOnSpecialCharacters()
  1687. {
  1688. Request::setTrustedHosts(['localhost(\.local){0,1}#,example.com', 'localhost']);
  1689. $request = Request::create('/');
  1690. $request->headers->set('host', 'localhost');
  1691. $this->assertSame('localhost', $request->getHost());
  1692. }
  1693. public function testFactory()
  1694. {
  1695. Request::setFactory(function (array $query = [], array $request = [], array $attributes = [], array $cookies = [], array $files = [], array $server = [], $content = null) {
  1696. return new NewRequest();
  1697. });
  1698. $this->assertEquals('foo', Request::create('/')->getFoo());
  1699. Request::setFactory(null);
  1700. }
  1701. /**
  1702. * @dataProvider getLongHostNames
  1703. */
  1704. public function testVeryLongHosts($host)
  1705. {
  1706. $start = microtime(true);
  1707. $request = Request::create('/');
  1708. $request->headers->set('host', $host);
  1709. $this->assertEquals($host, $request->getHost());
  1710. $this->assertLessThan(5, microtime(true) - $start);
  1711. }
  1712. /**
  1713. * @dataProvider getHostValidities
  1714. */
  1715. public function testHostValidity($host, $isValid, $expectedHost = null, $expectedPort = null)
  1716. {
  1717. $request = Request::create('/');
  1718. $request->headers->set('host', $host);
  1719. if ($isValid) {
  1720. $this->assertSame($expectedHost ?: $host, $request->getHost());
  1721. if ($expectedPort) {
  1722. $this->assertSame($expectedPort, $request->getPort());
  1723. }
  1724. } else {
  1725. $this->expectException(SuspiciousOperationException::class);
  1726. $this->expectExceptionMessage('Invalid Host');
  1727. $request->getHost();
  1728. }
  1729. }
  1730. public function getHostValidities()
  1731. {
  1732. return [
  1733. ['.a', false],
  1734. ['a..', false],
  1735. ['a.', true],
  1736. ["\xE9", false],
  1737. ['[::1]', true],
  1738. ['[::1]:80', true, '[::1]', 80],
  1739. [str_repeat('.', 101), false],
  1740. ];
  1741. }
  1742. public function getLongHostNames()
  1743. {
  1744. return [
  1745. ['a'.str_repeat('.a', 40000)],
  1746. [str_repeat(':', 101)],
  1747. ];
  1748. }
  1749. /**
  1750. * @dataProvider methodIdempotentProvider
  1751. */
  1752. public function testMethodIdempotent($method, $idempotent)
  1753. {
  1754. $request = new Request();
  1755. $request->setMethod($method);
  1756. $this->assertEquals($idempotent, $request->isMethodIdempotent());
  1757. }
  1758. public function methodIdempotentProvider()
  1759. {
  1760. return [
  1761. ['HEAD', true],
  1762. ['GET', true],
  1763. ['POST', false],
  1764. ['PUT', true],
  1765. ['PATCH', false],
  1766. ['DELETE', true],
  1767. ['PURGE', true],
  1768. ['OPTIONS', true],
  1769. ['TRACE', true],
  1770. ['CONNECT', false],
  1771. ];
  1772. }
  1773. /**
  1774. * @dataProvider methodSafeProvider
  1775. */
  1776. public function testMethodSafe($method, $safe)
  1777. {
  1778. $request = new Request();
  1779. $request->setMethod($method);
  1780. $this->assertEquals($safe, $request->isMethodSafe(false));
  1781. }
  1782. public function methodSafeProvider()
  1783. {
  1784. return [
  1785. ['HEAD', true],
  1786. ['GET', true],
  1787. ['POST', false],
  1788. ['PUT', false],
  1789. ['PATCH', false],
  1790. ['DELETE', false],
  1791. ['PURGE', false],
  1792. ['OPTIONS', true],
  1793. ['TRACE', true],
  1794. ['CONNECT', false],
  1795. ];
  1796. }
  1797. /**
  1798. * @group legacy
  1799. * @expectedDeprecation Checking only for cacheable HTTP methods with Symfony\Component\HttpFoundation\Request::isMethodSafe() is deprecated since Symfony 3.2 and will throw an exception in 4.0. Disable checking only for cacheable methods by calling the method with `false` as first argument or use the Request::isMethodCacheable() instead.
  1800. */
  1801. public function testMethodSafeChecksCacheable()
  1802. {
  1803. $request = new Request();
  1804. $request->setMethod('OPTIONS');
  1805. $this->assertFalse($request->isMethodSafe());
  1806. }
  1807. /**
  1808. * @dataProvider methodCacheableProvider
  1809. */
  1810. public function testMethodCacheable($method, $cacheable)
  1811. {
  1812. $request = new Request();
  1813. $request->setMethod($method);
  1814. $this->assertEquals($cacheable, $request->isMethodCacheable());
  1815. }
  1816. public function methodCacheableProvider()
  1817. {
  1818. return [
  1819. ['HEAD', true],
  1820. ['GET', true],
  1821. ['POST', false],
  1822. ['PUT', false],
  1823. ['PATCH', false],
  1824. ['DELETE', false],
  1825. ['PURGE', false],
  1826. ['OPTIONS', false],
  1827. ['TRACE', false],
  1828. ['CONNECT', false],
  1829. ];
  1830. }
  1831. /**
  1832. * @group legacy
  1833. */
  1834. public function testGetTrustedHeaderName()
  1835. {
  1836. Request::setTrustedProxies(['8.8.8.8'], Request::HEADER_X_FORWARDED_ALL);
  1837. $this->assertNull(Request::getTrustedHeaderName(Request::HEADER_FORWARDED));
  1838. $this->assertSame('X_FORWARDED_FOR', Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP));
  1839. $this->assertSame('X_FORWARDED_HOST', Request::getTrustedHeaderName(Request::HEADER_CLIENT_HOST));
  1840. $this->assertSame('X_FORWARDED_PORT', Request::getTrustedHeaderName(Request::HEADER_CLIENT_PORT));
  1841. $this->assertSame('X_FORWARDED_PROTO', Request::getTrustedHeaderName(Request::HEADER_CLIENT_PROTO));
  1842. Request::setTrustedProxies(['8.8.8.8'], Request::HEADER_FORWARDED);
  1843. $this->assertSame('FORWARDED', Request::getTrustedHeaderName(Request::HEADER_FORWARDED));
  1844. $this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP));
  1845. $this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_HOST));
  1846. $this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_PORT));
  1847. $this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_PROTO));
  1848. Request::setTrustedHeaderName(Request::HEADER_FORWARDED, 'A');
  1849. Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, 'B');
  1850. Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, 'C');
  1851. Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, 'D');
  1852. Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, 'E');
  1853. Request::setTrustedProxies(['8.8.8.8'], Request::HEADER_FORWARDED);
  1854. $this->assertSame('A', Request::getTrustedHeaderName(Request::HEADER_FORWARDED));
  1855. $this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP));
  1856. $this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_HOST));
  1857. $this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_PORT));
  1858. $this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_PROTO));
  1859. Request::setTrustedProxies(['8.8.8.8'], Request::HEADER_X_FORWARDED_ALL);
  1860. $this->assertNull(Request::getTrustedHeaderName(Request::HEADER_FORWARDED));
  1861. $this->assertSame('B', Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP));
  1862. $this->assertSame('C', Request::getTrustedHeaderName(Request::HEADER_CLIENT_HOST));
  1863. $this->assertSame('D', Request::getTrustedHeaderName(Request::HEADER_CLIENT_PORT));
  1864. $this->assertSame('E', Request::getTrustedHeaderName(Request::HEADER_CLIENT_PROTO));
  1865. Request::setTrustedProxies(['8.8.8.8'], Request::HEADER_FORWARDED);
  1866. $this->assertSame('A', Request::getTrustedHeaderName(Request::HEADER_FORWARDED));
  1867. //reset
  1868. Request::setTrustedHeaderName(Request::HEADER_FORWARDED, 'FORWARDED');
  1869. Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, 'X_FORWARDED_FOR');
  1870. Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, 'X_FORWARDED_HOST');
  1871. Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, 'X_FORWARDED_PORT');
  1872. Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, 'X_FORWARDED_PROTO');
  1873. }
  1874. /**
  1875. * @dataProvider protocolVersionProvider
  1876. */
  1877. public function testProtocolVersion($serverProtocol, $trustedProxy, $via, $expected)
  1878. {
  1879. if ($trustedProxy) {
  1880. Request::setTrustedProxies(['1.1.1.1'], -1);
  1881. }
  1882. $request = new Request();
  1883. $request->server->set('SERVER_PROTOCOL', $serverProtocol);
  1884. $request->server->set('REMOTE_ADDR', '1.1.1.1');
  1885. $request->headers->set('Via', $via);
  1886. $this->assertSame($expected, $request->getProtocolVersion());
  1887. }
  1888. public function protocolVersionProvider()
  1889. {
  1890. return [
  1891. 'untrusted without via' => ['HTTP/2.0', false, '', 'HTTP/2.0'],
  1892. 'untrusted with via' => ['HTTP/2.0', false, '1.0 fred, 1.1 nowhere.com (Apache/1.1)', 'HTTP/2.0'],
  1893. 'trusted without via' => ['HTTP/2.0', true, '', 'HTTP/2.0'],
  1894. 'trusted with via' => ['HTTP/2.0', true, '1.0 fred, 1.1 nowhere.com (Apache/1.1)', 'HTTP/1.0'],
  1895. 'trusted with via and protocol name' => ['HTTP/2.0', true, 'HTTP/1.0 fred, HTTP/1.1 nowhere.com (Apache/1.1)', 'HTTP/1.0'],
  1896. 'trusted with broken via' => ['HTTP/2.0', true, 'HTTP/1^0 foo', 'HTTP/2.0'],
  1897. 'trusted with partially-broken via' => ['HTTP/2.0', true, '1.0 fred, foo', 'HTTP/1.0'],
  1898. ];
  1899. }
  1900. public function nonstandardRequestsData()
  1901. {
  1902. return [
  1903. ['', '', '/', 'http://host:8080/', ''],
  1904. ['/', '', '/', 'http://host:8080/', ''],
  1905. ['hello/app.php/x', '', '/x', 'http://host:8080/hello/app.php/x', '/hello', '/hello/app.php'],
  1906. ['/hello/app.php/x', '', '/x', 'http://host:8080/hello/app.php/x', '/hello', '/hello/app.php'],
  1907. ['', 'a=b', '/', 'http://host:8080/?a=b'],
  1908. ['?a=b', 'a=b', '/', 'http://host:8080/?a=b'],
  1909. ['/?a=b', 'a=b', '/', 'http://host:8080/?a=b'],
  1910. ['x', 'a=b', '/x', 'http://host:8080/x?a=b'],
  1911. ['x?a=b', 'a=b', '/x', 'http://host:8080/x?a=b'],
  1912. ['/x?a=b', 'a=b', '/x', 'http://host:8080/x?a=b'],
  1913. ['hello/x', '', '/x', 'http://host:8080/hello/x', '/hello'],
  1914. ['/hello/x', '', '/x', 'http://host:8080/hello/x', '/hello'],
  1915. ['hello/app.php/x', 'a=b', '/x', 'http://host:8080/hello/app.php/x?a=b', '/hello', '/hello/app.php'],
  1916. ['hello/app.php/x?a=b', 'a=b', '/x', 'http://host:8080/hello/app.php/x?a=b', '/hello', '/hello/app.php'],
  1917. ['/hello/app.php/x?a=b', 'a=b', '/x', 'http://host:8080/hello/app.php/x?a=b', '/hello', '/hello/app.php'],
  1918. ];
  1919. }
  1920. /**
  1921. * @dataProvider nonstandardRequestsData
  1922. */
  1923. public function testNonstandardRequests($requestUri, $queryString, $expectedPathInfo, $expectedUri, $expectedBasePath = '', $expectedBaseUrl = null)
  1924. {
  1925. if (null === $expectedBaseUrl) {
  1926. $expectedBaseUrl = $expectedBasePath;
  1927. }
  1928. $server = [
  1929. 'HTTP_HOST' => 'host:8080',
  1930. 'SERVER_PORT' => '8080',
  1931. 'QUERY_STRING' => $queryString,
  1932. 'PHP_SELF' => '/hello/app.php',
  1933. 'SCRIPT_FILENAME' => '/some/path/app.php',
  1934. 'REQUEST_URI' => $requestUri,
  1935. ];
  1936. $request = new Request([], [], [], [], [], $server);
  1937. $this->assertEquals($expectedPathInfo, $request->getPathInfo());
  1938. $this->assertEquals($expectedUri, $request->getUri());
  1939. $this->assertEquals($queryString, $request->getQueryString());
  1940. $this->assertEquals(8080, $request->getPort());
  1941. $this->assertEquals('host:8080', $request->getHttpHost());
  1942. $this->assertEquals($expectedBaseUrl, $request->getBaseUrl());
  1943. $this->assertEquals($expectedBasePath, $request->getBasePath());
  1944. }
  1945. public function testTrustedHost()
  1946. {
  1947. Request::setTrustedProxies(['1.1.1.1'], -1);
  1948. $request = Request::create('/');
  1949. $request->server->set('REMOTE_ADDR', '1.1.1.1');
  1950. $request->headers->set('Forwarded', 'host=localhost:8080');
  1951. $request->headers->set('X-Forwarded-Host', 'localhost:8080');
  1952. $this->assertSame('localhost:8080', $request->getHttpHost());
  1953. $this->assertSame(8080, $request->getPort());
  1954. $request = Request::create('/');
  1955. $request->server->set('REMOTE_ADDR', '1.1.1.1');
  1956. $request->headers->set('Forwarded', 'host="[::1]:443"');
  1957. $request->headers->set('X-Forwarded-Host', '[::1]:443');
  1958. $request->headers->set('X-Forwarded-Port', 443);
  1959. $this->assertSame('[::1]:443', $request->getHttpHost());
  1960. $this->assertSame(443, $request->getPort());
  1961. }
  1962. public function testTrustedPort()
  1963. {
  1964. Request::setTrustedProxies(['1.1.1.1'], -1);
  1965. $request = Request::create('/');
  1966. $request->server->set('REMOTE_ADDR', '1.1.1.1');
  1967. $request->headers->set('Forwarded', 'host=localhost:8080');
  1968. $request->headers->set('X-Forwarded-Port', 8080);
  1969. $this->assertSame(8080, $request->getPort());
  1970. $request = Request::create('/');
  1971. $request->server->set('REMOTE_ADDR', '1.1.1.1');
  1972. $request->headers->set('Forwarded', 'host=localhost');
  1973. $request->headers->set('X-Forwarded-Port', 80);
  1974. $this->assertSame(80, $request->getPort());
  1975. $request = Request::create('/');
  1976. $request->server->set('REMOTE_ADDR', '1.1.1.1');
  1977. $request->headers->set('Forwarded', 'host="[::1]"');
  1978. $request->headers->set('X-Forwarded-Proto', 'https');
  1979. $request->headers->set('X-Forwarded-Port', 443);
  1980. $this->assertSame(443, $request->getPort());
  1981. }
  1982. public function testTrustedPortDoesNotDefaultToZero()
  1983. {
  1984. Request::setTrustedProxies(['1.1.1.1'], Request::HEADER_X_FORWARDED_ALL);
  1985. $request = Request::create('/');
  1986. $request->server->set('REMOTE_ADDR', '1.1.1.1');
  1987. $request->headers->set('X-Forwarded-Host', 'test.example.com');
  1988. $request->headers->set('X-Forwarded-Port', '');
  1989. $this->assertSame(80, $request->getPort());
  1990. }
  1991. }
  1992. class RequestContentProxy extends Request
  1993. {
  1994. public function getContent($asResource = false)
  1995. {
  1996. return http_build_query(['_method' => 'PUT', 'content' => 'mycontent'], '', '&');
  1997. }
  1998. }
  1999. class NewRequest extends Request
  2000. {
  2001. public function getFoo()
  2002. {
  2003. return 'foo';
  2004. }
  2005. }