222 lines
5.3 KiB
PHP
222 lines
5.3 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of the Symfony package.
|
|
*
|
|
* (c) Fabien Potencier <fabien@symfony.com>
|
|
*
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Symfony\Component\HttpFoundation;
|
|
|
|
/**
|
|
* RequestMatcher compares a pre-defined set of checks against a Request instance.
|
|
*
|
|
* @author Fabien Potencier <fabien@symfony.com>
|
|
*
|
|
* @api
|
|
*/
|
|
class RequestMatcher implements RequestMatcherInterface
|
|
{
|
|
/**
|
|
* @var string
|
|
*/
|
|
private $path;
|
|
|
|
/**
|
|
* @var string
|
|
*/
|
|
private $host;
|
|
|
|
/**
|
|
* @var array
|
|
*/
|
|
private $methods;
|
|
|
|
/**
|
|
* @var string
|
|
*/
|
|
private $ip;
|
|
|
|
/**
|
|
* Attributes.
|
|
*
|
|
* @var array
|
|
*/
|
|
private $attributes;
|
|
|
|
public function __construct($path = null, $host = null, $methods = null, $ip = null, array $attributes = array())
|
|
{
|
|
$this->path = $path;
|
|
$this->host = $host;
|
|
$this->methods = $methods;
|
|
$this->ip = $ip;
|
|
$this->attributes = $attributes;
|
|
}
|
|
|
|
/**
|
|
* Adds a check for the URL host name.
|
|
*
|
|
* @param string $regexp A Regexp
|
|
*/
|
|
public function matchHost($regexp)
|
|
{
|
|
$this->host = $regexp;
|
|
}
|
|
|
|
/**
|
|
* Adds a check for the URL path info.
|
|
*
|
|
* @param string $regexp A Regexp
|
|
*/
|
|
public function matchPath($regexp)
|
|
{
|
|
$this->path = $regexp;
|
|
}
|
|
|
|
/**
|
|
* Adds a check for the client IP.
|
|
*
|
|
* @param string $ip A specific IP address or a range specified using IP/netmask like 192.168.1.0/24
|
|
*/
|
|
public function matchIp($ip)
|
|
{
|
|
$this->ip = $ip;
|
|
}
|
|
|
|
/**
|
|
* Adds a check for the HTTP method.
|
|
*
|
|
* @param string|array $method An HTTP method or an array of HTTP methods
|
|
*/
|
|
public function matchMethod($method)
|
|
{
|
|
$this->methods = array_map('strtoupper', is_array($method) ? $method : array($method));
|
|
}
|
|
|
|
/**
|
|
* Adds a check for request attribute.
|
|
*
|
|
* @param string $key The request attribute name
|
|
* @param string $regexp A Regexp
|
|
*/
|
|
public function matchAttribute($key, $regexp)
|
|
{
|
|
$this->attributes[$key] = $regexp;
|
|
}
|
|
|
|
/**
|
|
* {@inheritdoc}
|
|
*
|
|
* @api
|
|
*/
|
|
public function matches(Request $request)
|
|
{
|
|
if (null !== $this->methods && !in_array($request->getMethod(), $this->methods)) {
|
|
return false;
|
|
}
|
|
|
|
foreach ($this->attributes as $key => $pattern) {
|
|
if (!preg_match('#'.str_replace('#', '\\#', $pattern).'#', $request->attributes->get($key))) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
if (null !== $this->path) {
|
|
$path = str_replace('#', '\\#', $this->path);
|
|
|
|
if (!preg_match('#'.$path.'#', rawurldecode($request->getPathInfo()))) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
if (null !== $this->host && !preg_match('#'.str_replace('#', '\\#', $this->host).'#', $request->getHost())) {
|
|
return false;
|
|
}
|
|
|
|
if (null !== $this->ip && !$this->checkIp($request->getClientIp(), $this->ip)) {
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Validates an IP address.
|
|
*
|
|
* @param string $requestIp
|
|
* @param string $ip
|
|
*
|
|
* @return boolean True valid, false if not.
|
|
*/
|
|
protected function checkIp($requestIp, $ip)
|
|
{
|
|
// IPv6 address
|
|
if (false !== strpos($requestIp, ':')) {
|
|
return $this->checkIp6($requestIp, $ip);
|
|
} else {
|
|
return $this->checkIp4($requestIp, $ip);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Validates an IPv4 address.
|
|
*
|
|
* @param string $requestIp
|
|
* @param string $ip
|
|
*
|
|
* @return boolean True valid, false if not.
|
|
*/
|
|
protected function checkIp4($requestIp, $ip)
|
|
{
|
|
if (false !== strpos($ip, '/')) {
|
|
list($address, $netmask) = explode('/', $ip, 2);
|
|
|
|
if ($netmask < 1 || $netmask > 32) {
|
|
return false;
|
|
}
|
|
} else {
|
|
$address = $ip;
|
|
$netmask = 32;
|
|
}
|
|
|
|
return 0 === substr_compare(sprintf('%032b', ip2long($requestIp)), sprintf('%032b', ip2long($address)), 0, $netmask);
|
|
}
|
|
|
|
/**
|
|
* Validates an IPv6 address.
|
|
*
|
|
* @author David Soria Parra <dsp at php dot net>
|
|
* @see https://github.com/dsp/v6tools
|
|
*
|
|
* @param string $requestIp
|
|
* @param string $ip
|
|
*
|
|
* @return boolean True valid, false if not.
|
|
*/
|
|
protected function checkIp6($requestIp, $ip)
|
|
{
|
|
if (!defined('AF_INET6')) {
|
|
throw new \RuntimeException('Unable to check Ipv6. Check that PHP was not compiled with option "disable-ipv6".');
|
|
}
|
|
|
|
list($address, $netmask) = explode('/', $ip, 2);
|
|
|
|
$bytesAddr = unpack("n*", inet_pton($address));
|
|
$bytesTest = unpack("n*", inet_pton($requestIp));
|
|
|
|
for ($i = 1, $ceil = ceil($netmask / 16); $i <= $ceil; $i++) {
|
|
$left = $netmask - 16 * ($i-1);
|
|
$left = ($left <= 16) ? $left : 16;
|
|
$mask = ~(0xffff >> $left) & 0xffff;
|
|
if (($bytesAddr[$i] & $mask) != ($bytesTest[$i] & $mask)) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
}
|