gnu-social/public/index.php
Diogo Peralta Cordeiro fb3e900b28
[CORE] Add CONFIG_ prefix to environment whitelist
Fixed minor issues with Commong:config of env not being included and ported to local social yaml

Fixed some regressions introduced with [CORE] Unset sensitive information from the environment
2022-02-11 10:05:58 +00:00

81 lines
2.9 KiB
PHP
Executable File
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
declare(strict_types = 1);
/*
* This file is part of GNU social - https://www.gnu.org/software/social
*
* GNU social is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GNU social is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with GNU social. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* GNU social's true web entry point, bootstraps Symfony's configuration and instantiates our Kernel
*
* @package GNUsocial
* @category Framework
*
* @author Hugo Sales <hugo@hsal.es>
* @author Diogo Peralta Cordeiro <mail@diogo.site>
* @copyright 2020-2021 Free Software Foundation, Inc http://www.fsf.org
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/
use App\CacheKernel;
use App\Kernel;
use App\Util\Formatting;
use Symfony\Component\ErrorHandler\Debug;
use Symfony\Component\HttpFoundation\Request;
require \dirname(__DIR__) . '/config/bootstrap.php';
if ($_SERVER['APP_DEBUG']) {
umask(0000);
Debug::enable();
}
// When a request passes through a proxy, certain request information is sent using either
// the standard Forwarded header or X-Forwarded-* headers.
// Therefore, if the user configures trusted proxy IPs, we trust these headers.
if ($trustedProxies = $_ENV['TRUSTED_PROXIES'] ?? $_SERVER['TRUSTED_PROXIES'] ?? false) {
Request::setTrustedProxies(
explode(',', $trustedProxies),
Request::HEADER_FORWARDED | Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO,
);
}
// For enhanced security while using Request, here we define the trusted hosts.
// If the incoming requests hostname doesn't match one of the regular expressions in
// this list, the application wont respond and the user will receive a 400 response.
if ($trustedHosts = $_ENV['TRUSTED_HOSTS'] ?? $_SERVER['TRUSTED_HOSTS'] ?? false) {
Request::setTrustedHosts([$trustedHosts]);
}
$kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
// Wrap the default Kernel with the CacheKernel one in 'prod' environment
if ('prod' === $kernel->getEnvironment() || isset($_ENV['CONFIG_USE_CACHE_KERNEL'])) {
$kernel = new CacheKernel($kernel);
}
$request = Request::createFromGlobals();
$_ENV = array_filter(
$_ENV,
fn (string $key) => Formatting::startsWith($key, ['HTTP', 'APP', 'CONFIG']) && $key !== 'APP_SECRET',
\ARRAY_FILTER_USE_KEY,
);
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);