ILIAS  trunk Revision v11.0_alpha-2638-g80c1d007f79
HttpPathBuilder.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 namespace ILIAS\Init\Environment;
22 
23 final class HttpPathBuilder
24 {
28  public function __construct(
29  private readonly \ILIAS\Data\Factory $df,
30  private readonly \ilSetting $settings,
31  private readonly \ilHTTPS $https,
32  private readonly \ilIniFile $ini,
33  private readonly array|\ArrayAccess $server_data
34  ) {
35  }
36 
37  public function build(): \ILIAS\Data\URI
38  {
39  $protocol = 'http://';
40  if ($this->https->isDetected()) {
41  $protocol = 'https://';
42  }
43  $host = $this->server_data['HTTP_HOST'];
44  $request_uri = strip_tags($this->server_data['REQUEST_URI']);
45 
46  // security fix: this failed, if the URI contained "?" and following "/"
47  // -> we remove everything after "?"
48  if (\is_int($pos = strpos($request_uri, '?'))) {
49  $request_uri = substr($request_uri, 0, $pos);
50  }
51 
52  if (\defined('ILIAS_MODULE')) {
53  // if in module remove module name from HTTP_PATH
54  $path = \dirname($request_uri);
55 
56  // dirname cuts the last directory from a directory path e.g content/classes return content
57  $module = \ilFileUtils::removeTrailingPathSeparators(ILIAS_MODULE);
58 
59  $dirs = explode('/', $module);
60  $uri = $path;
61  $uri = \dirname($uri, \count($dirs));
62  } else {
63  $path = pathinfo($request_uri);
64  if (($path['extension'] ?? '') !== '') {
65  $uri = \dirname($request_uri);
66  } else {
67  $uri = $request_uri;
68  }
69  }
70 
71  $ilias_http_path = \ilContext::modifyHttpPath(implode('', [$protocol, $host, $uri]));
72 
73  // remove everything after the first .php in the path
74  $ilias_http_path = preg_replace('@(http|https)(://)(.*?/.*?\.php).*@', '$1$2$3', $ilias_http_path);
75  $ilias_http_path = preg_replace('@goto.php/$@', '', $ilias_http_path);
76  $ilias_http_path = preg_replace('/goto.php$/', '', $ilias_http_path);
77  $ilias_http_path = preg_replace('@go/.*$@', '', $ilias_http_path);
78 
79  $uri = $this->df->uri(\ilFileUtils::removeTrailingPathSeparators($ilias_http_path));
80 
81  $ini_uri = $this->df->uri($this->ini->readVariable('server', 'http_path'));
82  $allowed_hosts = [
83  'localhost',
84  $ini_uri->getHost()
85  ];
86 
87  if ($this->settings->get('soap_wsdl_path')) {
88  $soap_wsdl_uri = $this->df->uri($this->settings->get('soap_wsdl_path'));
89  $allowed_hosts = array_merge(
90  [$soap_wsdl_uri->getHost()],
91  $allowed_hosts
92  );
93  }
94 
95  $allowed_hosts = array_merge(
96  array_filter(explode(',', $this->settings->get('allowed_hosts', ''))),
97  $allowed_hosts
98  );
99 
100  if (!\in_array($uri->getHost(), $allowed_hosts, true)) {
101  throw new \RuntimeException('Request rejected, the given HTTP host is not in the "allowed_hosts" list');
102  }
103 
104  return $uri;
105  }
106 }
ILIAS
Interface Observer Contains several chained tasks and infos about them.
Definition: AccessControl.php:21
ilContext\modifyHttpPath
static modifyHttpPath(string $httpPath)
Definition: class.ilContext.php:188
$path
$path
Definition: ltiservices.php:29
ilFileUtils\removeTrailingPathSeparators
static removeTrailingPathSeparators(string $path)
Definition: class.ilFileUtils.php:796
ilHTTPS
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilHTTPS.php:25
ILIAS_MODULE
const ILIAS_MODULE
Definition: server.php:24
ILIAS\Data\Factory
Builds data types.
Definition: Factory.php:35
ILIAS\Setup\Environment\HttpPathBuilder\__construct
__construct(private readonly \ILIAS\Data\Factory $df, private readonly \ilSetting $settings, private readonly \ilHTTPS $https, private readonly \ilIniFile $ini, private readonly array|\ArrayAccess $server_data)
Definition: HttpPathBuilder.php:28