symfony/src/Symfony/Component/HttpKernel/HttpCache/Esi.php

<?php

/*
 * This file is part of the Symfony package.
 *
 * (c) Fabien Potencier <fabien@symfony.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Symfony\Component\HttpKernel\HttpCache;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\HttpKernelInterface;

/**
 * Esi implements the ESI capabilities to Request and Response instances.
 *
 * For more information, read the following W3C notes:
 *
 *  * ESI Language Specification 1.0 (http://www.w3.org/TR/esi-lang)
 *
 *  * Edge Architecture Specification (http://www.w3.org/TR/edge-arch)
 *
 * @author Fabien Potencier <fabien@symfony.com>
 */
class Esi
{
    private $contentTypes;

    /**
     * Constructor.
     *
     * @param array $contentTypes An array of content-type that should be parsed for ESI information.
     *                           (default: text/html, text/xml, application/xhtml+xml, and application/xml)
     */
    public function __construct(array $contentTypes = array('text/html', 'text/xml', 'application/xhtml+xml', 'application/xml'))
    {
        $this->contentTypes = $contentTypes;
    }

    /**
     * Returns a new cache strategy instance.
     *
     * @return EsiResponseCacheStrategyInterface A EsiResponseCacheStrategyInterface instance
     */
    public function createCacheStrategy()
    {
        return new EsiResponseCacheStrategy();
    }

    /**
     * Checks that at least one surrogate has ESI/1.0 capability.
     *
     * @param Request $request A Request instance
     *
     * @return bool    true if one surrogate has ESI/1.0 capability, false otherwise
     */
    public function hasSurrogateEsiCapability(Request $request)
    {
        if (null === $value = $request->headers->get('Surrogate-Capability')) {
            return false;
        }

        return false !== strpos($value, 'ESI/1.0');
    }

    /**
     * Adds ESI/1.0 capability to the given Request.
     *
     * @param Request $request A Request instance
     */
    public function addSurrogateEsiCapability(Request $request)
    {
        $current = $request->headers->get('Surrogate-Capability');
        $new = 'symfony2="ESI/1.0"';

        $request->headers->set('Surrogate-Capability', $current ? $current.', '.$new : $new);
    }

    /**
     * Adds HTTP headers to specify that the Response needs to be parsed for ESI.
     *
     * This method only adds an ESI HTTP header if the Response has some ESI tags.
     *
     * @param Response $response A Response instance
     */
    public function addSurrogateControl(Response $response)
    {
        if (false !== strpos($response->getContent(), '<esi:include')) {
            $response->headers->set('Surrogate-Control', 'content="ESI/1.0"');
        }
    }

    /**
     * Checks that the Response needs to be parsed for ESI tags.
     *
     * @param Response $response A Response instance
     *
     * @return bool    true if the Response needs to be parsed, false otherwise
     */
    public function needsEsiParsing(Response $response)
    {
        if (!$control = $response->headers->get('Surrogate-Control')) {
            return false;
        }

        return (bool) preg_match('#content="[^"]*ESI/1.0[^"]*"#', $control);
    }

    /**
     * Renders an ESI tag.
     *
     * @param string  $uri          A URI
     * @param string  $alt          An alternate URI
     * @param bool    $ignoreErrors Whether to ignore errors or not
     * @param string  $comment      A comment to add as an esi:include tag
     *
     * @return string
     */
    public function renderIncludeTag($uri, $alt = null, $ignoreErrors = true, $comment = '')
    {
        $html = sprintf('<esi:include src="%s"%s%s />',
            $uri,
            $ignoreErrors ? ' onerror="continue"' : '',
            $alt ? sprintf(' alt="%s"', $alt) : ''
        );

        if (!empty($comment)) {
            return sprintf("<esi:comment text=\"%s\" />\n%s", $comment, $html);
        }

        return $html;
    }

    /**
     * Replaces a Response ESI tags with the included resource content.
     *
     * @param Request  $request  A Request instance
     * @param Response $response A Response instance
     *
     * @return Response
     */
    public function process(Request $request, Response $response)
    {
        $this->request = $request;
        $type = $response->headers->get('Content-Type');
        if (empty($type)) {
            $type = 'text/html';
        }

        $parts = explode(';', $type);
        if (!in_array($parts[0], $this->contentTypes)) {
            return $response;
        }

        // we don't use a proper XML parser here as we can have ESI tags in a plain text response
        $content = $response->getContent();
        $content = str_replace(array('<?', '<%'), array('<?php echo "<?"; ?>', '<?php echo "<%"; ?>'), $content);
        $content = preg_replace_callback('#<esi\:include\s+(.*?)\s*(?:/|</esi\:include)>#', array($this, 'handleEsiIncludeTag'), $content);
        $content = preg_replace('#<esi\:comment[^>]*(?:/|</esi\:comment)>#', '', $content);
        $content = preg_replace('#<esi\:remove>.*?</esi\:remove>#', '', $content);

        $response->setContent($content);
        $response->headers->set('X-Body-Eval', 'ESI');

        // remove ESI/1.0 from the Surrogate-Control header
        if ($response->headers->has('Surrogate-Control')) {
            $value = $response->headers->get('Surrogate-Control');
            if ('content="ESI/1.0"' == $value) {
                $response->headers->remove('Surrogate-Control');
            } elseif (preg_match('#,\s*content="ESI/1.0"#', $value)) {
                $response->headers->set('Surrogate-Control', preg_replace('#,\s*content="ESI/1.0"#', '', $value));
            } elseif (preg_match('#content="ESI/1.0",\s*#', $value)) {
                $response->headers->set('Surrogate-Control', preg_replace('#content="ESI/1.0",\s*#', '', $value));
            }
        }
    }

    /**
     * Handles an ESI from the cache.
     *
     * @param HttpCache $cache        An HttpCache instance
     * @param string    $uri          The main URI
     * @param string    $alt          An alternative URI
     * @param bool      $ignoreErrors Whether to ignore errors or not
     *
     * @return string
     *
     * @throws \RuntimeException
     * @throws \Exception
     */
    public function handle(HttpCache $cache, $uri, $alt, $ignoreErrors)
    {
        $subRequest = Request::create($uri, 'get', array(), $cache->getRequest()->cookies->all(), array(), $cache->getRequest()->server->all());

        try {
            $response = $cache->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true);

            if (!$response->isSuccessful()) {
                throw new \RuntimeException(sprintf('Error when rendering "%s" (Status code is %s).', $subRequest->getUri(), $response->getStatusCode()));
            }

            return $response->getContent();
        } catch (\Exception $e) {
            if ($alt) {
                return $this->handle($cache, $alt, '', $ignoreErrors);
            }

            if (!$ignoreErrors) {
                throw $e;
            }
        }
    }

    /**
     * Handles an ESI include tag (called internally).
     *
     * @param array $attributes An array containing the attributes.
     *
     * @return string The response content for the include.
     *
     * @throws \RuntimeException
     */
    private function handleEsiIncludeTag($attributes)
    {
        $options = array();
        preg_match_all('/(src|onerror|alt)="([^"]*?)"/', $attributes[1], $matches, PREG_SET_ORDER);
        foreach ($matches as $set) {
            $options[$set[1]] = $set[2];
        }

        if (!isset($options['src'])) {
            throw new \RuntimeException('Unable to process an ESI tag without a "src" attribute.');
        }

        return sprintf('<?php echo $this->esi->handle($this, %s, %s, %s) ?>'."\n",
            var_export($options['src'], true),
            var_export(isset($options['alt']) ? $options['alt'] : '', true),
            isset($options['onerror']) && 'continue' == $options['onerror'] ? 'true' : 'false'
        );
    }
}
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`<?php`

			`/*`
normalized license messages in PHP files 2011-01-15 13:29:43 +00:00			`* This file is part of the Symfony package.`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`*`
replaced symfony-project.org by symfony.com 2011-03-06 11:40:06 +00:00			`* (c) Fabien Potencier <fabien@symfony.com>`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`*`
normalized license messages in PHP files 2011-01-15 13:29:43 +00:00			`* For the full copyright and license information, please view the LICENSE`
			`* file that was distributed with this source code.`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`*/`

renamed HttpKernel/Cache/ namespace to HttpKernel/HttpCache/ 2011-01-26 20:38:45 +00:00			`namespace Symfony\Component\HttpKernel\HttpCache;`
normalized license messages in PHP files 2011-01-15 13:29:43 +00:00
			`use Symfony\Component\HttpFoundation\Request;`
			`use Symfony\Component\HttpFoundation\Response;`
			`use Symfony\Component\HttpKernel\HttpKernelInterface;`

[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`/**`
			`* Esi implements the ESI capabilities to Request and Response instances.`
			`*`
			`* For more information, read the following W3C notes:`
			`*`
			`* * ESI Language Specification 1.0 (http://www.w3.org/TR/esi-lang)`
			`*`
			`* * Edge Architecture Specification (http://www.w3.org/TR/edge-arch)`
			`*`
replaced symfony-project.org by symfony.com 2011-03-06 11:40:06 +00:00			`* @author Fabien Potencier <fabien@symfony.com>`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`*/`
			`class Esi`
			`{`
[HttpKernel] moved from protected to private 2011-03-23 18:47:16 +00:00			`private $contentTypes;`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00
			`/**`
			`* Constructor.`
			`*`
			`* @param array $contentTypes An array of content-type that should be parsed for ESI information.`
Added XHTML content type to ESI defaults. 2012-12-11 23:08:01 +00:00			`* (default: text/html, text/xml, application/xhtml+xml, and application/xml)`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`*/`
Added XHTML content type to ESI defaults. 2012-12-11 23:08:01 +00:00			`public function __construct(array $contentTypes = array('text/html', 'text/xml', 'application/xhtml+xml', 'application/xml'))`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`{`
			`$this->contentTypes = $contentTypes;`
			`}`

[HttpKernel] added a way to change the ESI cache strategy 2011-02-22 12:50:26 +00:00			`/**`
			`* Returns a new cache strategy instance.`
			`*`
			`* @return EsiResponseCacheStrategyInterface A EsiResponseCacheStrategyInterface instance`
			`*/`
			`public function createCacheStrategy()`
			`{`
			`return new EsiResponseCacheStrategy();`
			`}`

[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`/**`
			`* Checks that at least one surrogate has ESI/1.0 capability.`
			`*`
updated PHPDoc as the API tool knows about the current use statements 2010-07-27 14:33:28 +01:00			`* @param Request $request A Request instance`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`*`
fixed types in phpdocs 2014-04-16 11:30:19 +01:00			`* @return bool true if one surrogate has ESI/1.0 capability, false otherwise`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`*/`
			`public function hasSurrogateEsiCapability(Request $request)`
			`{`
			`if (null === $value = $request->headers->get('Surrogate-Capability')) {`
			`return false;`
			`}`

[HttpKernel] removed unnecessary regex The pattern was also flawed because of the unescaped `.` 2012-01-12 17:33:03 +00:00			`return false !== strpos($value, 'ESI/1.0');`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`}`

			`/**`
			`* Adds ESI/1.0 capability to the given Request.`
			`*`
updated PHPDoc as the API tool knows about the current use statements 2010-07-27 14:33:28 +01:00			`* @param Request $request A Request instance`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`*/`
			`public function addSurrogateEsiCapability(Request $request)`
			`{`
			`$current = $request->headers->get('Surrogate-Capability');`
			`$new = 'symfony2="ESI/1.0"';`

			`$request->headers->set('Surrogate-Capability', $current ? $current.', '.$new : $new);`
			`}`

			`/**`
			`* Adds HTTP headers to specify that the Response needs to be parsed for ESI.`
			`*`
			`* This method only adds an ESI HTTP header if the Response has some ESI tags.`
			`*`
updated PHPDoc as the API tool knows about the current use statements 2010-07-27 14:33:28 +01:00			`* @param Response $response A Response instance`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`*/`
			`public function addSurrogateControl(Response $response)`
			`{`
			`if (false !== strpos($response->getContent(), '<esi:include')) {`
			`$response->headers->set('Surrogate-Control', 'content="ESI/1.0"');`
			`}`
			`}`

			`/**`
			`* Checks that the Response needs to be parsed for ESI tags.`
			`*`
updated PHPDoc as the API tool knows about the current use statements 2010-07-27 14:33:28 +01:00			`* @param Response $response A Response instance`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`*`
fixed types in phpdocs 2014-04-16 11:30:19 +01:00			`* @return bool true if the Response needs to be parsed, false otherwise`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`*/`
			`public function needsEsiParsing(Response $response)`
			`{`
			`if (!$control = $response->headers->get('Surrogate-Control')) {`
			`return false;`
			`}`

made types consistent with those defined in Hack 2014-04-12 18:44:00 +01:00			`return (bool) preg_match('#content="[^"]ESI/1.0[^"]"#', $control);`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`}`

			`/**`
			`* Renders an ESI tag.`
			`*`
			`* @param string $uri A URI`
			`* @param string $alt An alternate URI`
made phpdoc types consistent with those defined in Hack 2014-04-12 18:54:57 +01:00			`* @param bool $ignoreErrors Whether to ignore errors or not`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`* @param string $comment A comment to add as an esi:include tag`
Fixed most of the docblocks/unused namespaces 2012-12-16 12:02:54 +00:00			`*`
			`* @return string`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`*/`
[HttpKernel] added unit tests for ESI 2010-11-02 19:00:18 +00:00			`public function renderIncludeTag($uri, $alt = null, $ignoreErrors = true, $comment = '')`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`{`
			`$html = sprintf('<esi:include src="%s"%s%s />',`
			`$uri,`
			`$ignoreErrors ? ' onerror="continue"' : '',`
			`$alt ? sprintf(' alt="%s"', $alt) : ''`
			`);`

			`if (!empty($comment)) {`
[HttpKernel] added unit tests for ESI 2010-11-02 19:00:18 +00:00			`return sprintf("<esi:comment text=\"%s\" />\n%s", $comment, $html);`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`}`

			`return $html;`
			`}`

			`/**`
			`* Replaces a Response ESI tags with the included resource content.`
			`*`
updated PHPDoc as the API tool knows about the current use statements 2010-07-27 14:33:28 +01:00			`* @param Request $request A Request instance`
			`* @param Response $response A Response instance`
Fixed most of the docblocks/unused namespaces 2012-12-16 12:02:54 +00:00			`*`
			`* @return Response`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`*/`
			`public function process(Request $request, Response $response)`
			`{`
			`$this->request = $request;`
			`$type = $response->headers->get('Content-Type');`
			`if (empty($type)) {`
			`$type = 'text/html';`
			`}`

[HttpKernel] fixed typo 2010-07-27 12:36:58 +01:00			`$parts = explode(';', $type);`
[HttpKernel] fixed content-type management for ESIs when charset is part of the response content-type header 2010-07-26 14:10:59 +01:00			`if (!in_array($parts[0], $this->contentTypes)) {`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`return $response;`
			`}`

			`// we don't use a proper XML parser here as we can have ESI tags in a plain text response`
			`$content = $response->getContent();`
[HttpKernel] Prevent php script execution in cached ESI pages using HttpCache 2012-01-24 18:27:21 +00:00			`$content = str_replace(array('<?', '<%'), array('<?php echo "<?"; ?>', '<?php echo "<%"; ?>'), $content);`
Be more tolerant and also accept <esi:include ...></esi:include>, also if it is not 100% standards compliant. 2011-12-23 18:02:12 +00:00			`$content = preg_replace_callback('#<esi\:include\s+(.?)\s(?:/\|</esi\:include)>#', array($this, 'handleEsiIncludeTag'), $content);`
			`$content = preg_replace('#<esi\:comment[^>]*(?:/\|</esi\:comment)>#', '', $content);`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`$content = preg_replace('#<esi\:remove>.*?</esi\:remove>#', '', $content);`

			`$response->setContent($content);`
			`$response->headers->set('X-Body-Eval', 'ESI');`

			`// remove ESI/1.0 from the Surrogate-Control header`
[HttpKernel] added unit tests for ESI 2010-11-02 19:00:18 +00:00			`if ($response->headers->has('Surrogate-Control')) {`
			`$value = $response->headers->get('Surrogate-Control');`
			`if ('content="ESI/1.0"' == $value) {`
made some method name changes to have a better coherence throughout the framework When an object has a "main" many relation with related "things" (objects, parameters, ...), the method names are normalized: * get() * set() * all() * replace() * remove() * clear() * isEmpty() * add() * register() * count() * keys() The classes below follow this method naming convention: * BrowserKit\CookieJar -> Cookie * BrowserKit\History -> Request * Console\Application -> Command * Console\Application\Helper\HelperSet -> HelperInterface * DependencyInjection\Container -> services * DependencyInjection\ContainerBuilder -> services * DependencyInjection\ParameterBag\ParameterBag -> parameters * DependencyInjection\ParameterBag\FrozenParameterBag -> parameters * DomCrawler\Form -> FormField * EventDispatcher\Event -> parameters * Form\FieldGroup -> Field * HttpFoundation\HeaderBag -> headers * HttpFoundation\ParameterBag -> parameters * HttpFoundation\Session -> attributes * HttpKernel\Profiler\Profiler -> DataCollectorInterface * Routing\RouteCollection -> Route * Security\Authentication\AuthenticationProviderManager -> AuthenticationProviderInterface * Templating\Engine -> HelperInterface * Translation\MessageCatalogue -> messages The usage of these methods are only allowed when it is clear that there is a main relation: * a CookieJar has many Cookies; * a Container has many services and many parameters (as services is the main relation, we use the naming convention for this relation); * a Console Input has many arguments and many options. There is no "main" relation, and so the naming convention does not apply. For many relations where the convention does not apply, the following methods must be used instead (where XXX is the name of the related thing): * get() -> getXXX() * set() -> setXXX() * all() -> getXXXs() * replace() -> setXXXs() * remove() -> removeXXX() * clear() -> clearXXX() * isEmpty() -> isEmptyXXX() * add() -> addXXX() * register() -> registerXXX() * count() -> countXXX() * keys() 2010-11-23 08:42:19 +00:00			`$response->headers->remove('Surrogate-Control');`
[HttpKernel] added unit tests for ESI 2010-11-02 19:00:18 +00:00			`} elseif (preg_match('#,\s*content="ESI/1.0"#', $value)) {`
			`$response->headers->set('Surrogate-Control', preg_replace('#,\s*content="ESI/1.0"#', '', $value));`
			`} elseif (preg_match('#content="ESI/1.0",\s*#', $value)) {`
			`$response->headers->set('Surrogate-Control', preg_replace('#content="ESI/1.0",\s*#', '', $value));`
			`}`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`}`
			`}`

			`/**`
			`* Handles an ESI from the cache.`
			`*`
renamed HttpKernel/Cache/ namespace to HttpKernel/HttpCache/ 2011-01-26 20:38:45 +00:00			`* @param HttpCache $cache An HttpCache instance`
			`* @param string $uri The main URI`
			`* @param string $alt An alternative URI`
made phpdoc types consistent with those defined in Hack 2014-04-12 18:54:57 +01:00			`* @param bool $ignoreErrors Whether to ignore errors or not`
Fixed most of the docblocks/unused namespaces 2012-12-16 12:02:54 +00:00			`*`
			`* @return string`
			`*`
			`* @throws \RuntimeException`
			`* @throws \Exception`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`*/`
renamed HttpKernel/Cache/ namespace to HttpKernel/HttpCache/ 2011-01-26 20:38:45 +00:00			`public function handle(HttpCache $cache, $uri, $alt, $ignoreErrors)`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`{`
			`$subRequest = Request::create($uri, 'get', array(), $cache->getRequest()->cookies->all(), array(), $cache->getRequest()->server->all());`

			`try {`
simplified HttpKernel types of request 2010-08-14 17:29:27 +01:00			`$response = $cache->handle($subRequest, HttpKernelInterface::SUB_REQUEST, true);`

[HttpKernel] Allow any 2xx response code in a subrequest 2011-02-10 07:52:49 +00:00			`if (!$response->isSuccessful()) {`
Fixed wrong variable name in Esi. 2010-09-07 14:49:08 +01:00			`throw new \RuntimeException(sprintf('Error when rendering "%s" (Status code is %s).', $subRequest->getUri(), $response->getStatusCode()));`
simplified HttpKernel types of request 2010-08-14 17:29:27 +01:00			`}`

			`return $response->getContent();`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`} catch (\Exception $e) {`
			`if ($alt) {`
			`return $this->handle($cache, $alt, '', $ignoreErrors);`
			`}`

			`if (!$ignoreErrors) {`
			`throw $e;`
			`}`
			`}`
			`}`

			`/**`
			`* Handles an ESI include tag (called internally).`
			`*`
			`* @param array $attributes An array containing the attributes.`
			`*`
fixed phpdoc 2010-07-01 19:17:03 +01:00			`* @return string The response content for the include.`
Fixed most of the docblocks/unused namespaces 2012-12-16 12:02:54 +00:00			`*`
			`* @throws \RuntimeException`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`*/`
[HttpKernel] moved from protected to private 2011-03-23 18:47:16 +00:00			`private function handleEsiIncludeTag($attributes)`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`{`
			`$options = array();`
			`preg_match_all('/(src\|onerror\|alt)="([^"]*?)"/', $attributes[1], $matches, PREG_SET_ORDER);`
			`foreach ($matches as $set) {`
			`$options[$set[1]] = $set[2];`
			`}`

			`if (!isset($options['src'])) {`
			`throw new \RuntimeException('Unable to process an ESI tag without a "src" attribute.');`
			`}`

Escape parameter on generated response 2014-09-03 21:47:06 +01:00			`return sprintf('<?php echo $this->esi->handle($this, %s, %s, %s) ?>'."\n",`
			`var_export($options['src'], true),`
			`var_export(isset($options['alt']) ? $options['alt'] : '', true),`
[HttpKernel] added the cache system 2010-06-23 20:42:41 +01:00			`isset($options['onerror']) && 'continue' == $options['onerror'] ? 'true' : 'false'`
			`);`
			`}`
			`}`