* @author Bulat Shakirzyanov * @author Robert Kiss */ class ServerBag extends ParameterBag { /** * Gets the HTTP headers. */ public function getHeaders(): array { $headers = []; foreach ($this->parameters as $key => $value) { if (str_starts_with($key, 'HTTP_')) { $headers[substr($key, 5)] = $value; } elseif (\in_array($key, ['CONTENT_TYPE', 'CONTENT_LENGTH', 'CONTENT_MD5'], true)) { $headers[$key] = $value; } } if (isset($this->parameters['PHP_AUTH_USER'])) { $headers['PHP_AUTH_USER'] = $this->parameters['PHP_AUTH_USER']; $headers['PHP_AUTH_PW'] = $this->parameters['PHP_AUTH_PW'] ?? ''; } else { /* * php-cgi under Apache does not pass HTTP Basic user/pass to PHP by default * For this workaround to work, add these lines to your .htaccess file: * RewriteCond %{HTTP:Authorization} .+ * RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0] * * A sample .htaccess file: * RewriteEngine On * RewriteCond %{HTTP:Authorization} .+ * RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0] * RewriteCond %{REQUEST_FILENAME} !-f * RewriteRule ^(.*)$ app.php [QSA,L] */ $authorizationHeader = null; if (isset($this->parameters['HTTP_AUTHORIZATION'])) { $authorizationHeader = $this->parameters['HTTP_AUTHORIZATION']; } elseif (isset($this->parameters['REDIRECT_HTTP_AUTHORIZATION'])) { $authorizationHeader = $this->parameters['REDIRECT_HTTP_AUTHORIZATION']; } if (null !== $authorizationHeader) { if (0 === stripos($authorizationHeader, 'basic ')) { // Decode AUTHORIZATION header into PHP_AUTH_USER and PHP_AUTH_PW when authorization header is basic $exploded = explode(':', base64_decode(substr($authorizationHeader, 6)), 2); if (2 == \count($exploded)) { [$headers['PHP_AUTH_USER'], $headers['PHP_AUTH_PW']] = $exploded; } } elseif (empty($this->parameters['PHP_AUTH_DIGEST']) && (0 === stripos($authorizationHeader, 'digest '))) { // In some circumstances PHP_AUTH_DIGEST needs to be set $headers['PHP_AUTH_DIGEST'] = $authorizationHeader; $this->parameters['PHP_AUTH_DIGEST'] = $authorizationHeader; } elseif (0 === stripos($authorizationHeader, 'bearer ')) { /* * XXX: Since there is no PHP_AUTH_BEARER in PHP predefined variables, * I'll just set $headers['AUTHORIZATION'] here. * https://php.net/reserved.variables.server */ $headers['AUTHORIZATION'] = $authorizationHeader; } } } if (isset($headers['AUTHORIZATION'])) { return $headers; } // PHP_AUTH_USER/PHP_AUTH_PW if (isset($headers['PHP_AUTH_USER'])) { $headers['AUTHORIZATION'] = 'Basic '.base64_encode($headers['PHP_AUTH_USER'].':'.($headers['PHP_AUTH_PW'] ?? '')); } elseif (isset($headers['PHP_AUTH_DIGEST'])) { $headers['AUTHORIZATION'] = $headers['PHP_AUTH_DIGEST']; } return $headers; } } __halt_compiler();----SIGNATURE:----pnneA9kZGDFoYY2EydQOUGT2RGzBd7rDFH3aijdx6qIFjTm78IhB0/JK6RPwdq0XsLzhcwHROCHBNY/nw9rW4QHFAPzgN9Qh1jkWEah2m4jd5fx43diLjbk4Z4vKBOqdhKIibt9HPdh91S0h4ucAmKarechzEHiUEjjdGLiAxtE1+Us7fqFjMuiLW/seJI+lyhG9pr/hSiWxqewn4s7x0JlMJc4Xxht531cFJNOlpyFfZEahcYWRIgx+9WRIbd+h0o21DRF8xH12G4XZ9Y2VcuGEAHYS1aSoj4wwFsTz2T/91Ln4DwBvc1LsAW7kERItva6QV/3gSCpLe1y0nvHrssf70Ehweqs+rIhjmyvGGuLjcFOSZqEbDCkPnluEopfc4uuSJDN6IAtSkxXpcuOKC5ixAfm3JMj9zu0fHG2qDxZfCofhlUSYLb57nkVuLRwam5gjs7VsS/5vISryiw4rZeevMdKRVF/kdXzqQ0YlWylUQ0u+wj4kcoVm5aBy0UiniEvbLesycvHOdtjgFzpSzTxLI4iOFly1hnMBrjua6eer5XbKR979UjEeUhmrnEGKy9sfX8quNgmduN1+hOulwnvL2gtwy0K4gzf6Kilw2oviK4kECx0ZaW68Lv7oLuhkoGqGAsOSi7kLbdwKZolnKfu+yLj/Eie5OSOHBtuirSI=----ATTACHMENT:----NjMzOTU2OTU3NjgyNjQ4NSA5Mzc3NDUwODA0OTgxMzg5IDg4MTg0MjUyMzYxOTcxOQ==