Skip to content
This repository has been archived by the owner on Jan 29, 2020. It is now read-only.

ServerRequestFactory #158

Open
easy-system opened this issue Mar 13, 2016 · 3 comments
Open

ServerRequestFactory #158

easy-system opened this issue Mar 13, 2016 · 3 comments

Comments

@easy-system
Copy link

This all works fine. Great.
But why all the logic is concentrated in one place?
Moreover, there is a class of Server.
I think it would be better to make a directory of the factories.
Firstly, it allows to separate each logic element in its factory.
Secondly, because I can always get in the code of the original values.
For example, Zend\Diactoros\Factory\HttpProtocolFactory:

use UnexpectedValueException;

class HttpProtocolFactory
{
    public static function make(array $server = null)
    {
        if (empty($server)) {
            $server = $_SERVER;
        }

        if (! isset($server['SERVER_PROTOCOL'])) {
            return '1.1';
        }

        $protocol = $server['SERVER_PROTOCOL'];

        if (! preg_match('#\A(?:HTTP/)?(?P<version>\d{1}\.\d+)\Z#', $protocol, $matches)) {
            throw new UnexpectedValueException(sprintf(
                'Unrecognized protocol version "%s".',
                $server['SERVER_PROTOCOL']
            ));
        }

        return $matches['version'];
    }
}

All this is true for the request method, headers, Uri, uploaded files etc
@easy-system
Copy link
Author

And for the host is must be required!
forced host... This is not such a rare situation. And it should be done without interfering with the application logic, the best from the index.php

use DomainException;

class ServerHostFactory
{
    protected static $forcedHost = '';

    public static function setForcedHost($host)
    {
        static::$forcedHost = $host;
    }

    public static function getForcedHost()
    {
        return static::$forcedHost;
    }

    public static function make(array $server = null)
    {
        if (! empty(static::$forcedHost)) {
            return static::$forcedHost;
        }

        return static::calculate($server);
    }

    public static function calculate(array $server = null)
    {
        if (empty($server)) {
            $server = $_SERVER;
        }

        // from server config, if present
        if (isset($server['SERVER_NAME'])) {
            return $server['SERVER_NAME'];
        }

        // from headers, dangerous to use
       /* if (isset($server['HTTP_HOST'])) {
            return $server['HTTP_HOST'];
        }*/

        throw new DomainException(
            'Missing host in server parameters.'
        );
    }
}

@easy-system easy-system changed the title ServerRequestFactory ServerRequestFactory & security wulnerables Mar 13, 2016
@weierophinney weierophinney changed the title ServerRequestFactory & security wulnerables ServerRequestFactory Mar 13, 2016
@easy-system
Copy link
Author

Ok. Im delete this from public.
P.S.: reported

@weierophinney weierophinney mentioned this issue Dec 31, 2019
Closed
@weierophinney
Copy link
Member

This repository has been closed and moved to laminas/laminas-diactoros; a new issue has been opened at laminas/laminas-diactoros#23.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@weierophinney @easy-system