vendor/symfony/web-profiler-bundle/EventListener/WebDebugToolbarListener.php line 75

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Bundle\WebProfilerBundle\EventListener;
  14. use Symfony\Bundle\WebProfilerBundle\Csp\ContentSecurityPolicyHandler;
  15. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  16. use Symfony\Component\HttpFoundation\Request;
  17. use Symfony\Component\HttpFoundation\Response;
  18. use Symfony\Component\HttpFoundation\Session\Flash\AutoExpireFlashBag;
  19. use Symfony\Component\HttpKernel\DataCollector\DumpDataCollector;
  20. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  21. use Symfony\Component\HttpKernel\KernelEvents;
  22. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  23. use Twig\Environment;
  25. /**
  26.  * WebDebugToolbarListener injects the Web Debug Toolbar.
  27.  *
  28.  * The onKernelResponse method must be connected to the kernel.response event.
  29.  *
  30.  * The WDT is only injected on well-formed HTML (with a proper </body> tag).
  31.  * This means that the WDT is never included in sub-requests or ESI requests.
  32.  *
  33.  * @author Fabien Potencier <fabien@symfony.com>
  34.  *
  35.  * @final
  36.  */
  37. class WebDebugToolbarListener implements EventSubscriberInterface
  38. {
  39.     public const DISABLED 1;
  40.     public const ENABLED 2;
  42.     protected $twig;
  43.     protected $urlGenerator;
  44.     protected $interceptRedirects;
  45.     protected $mode;
  46.     protected $excludedAjaxPaths;
  47.     private $cspHandler;
  48.     private $dumpDataCollector;
  50.     public function __construct(Environment $twigbool $interceptRedirects falseint $mode self::ENABLEDUrlGeneratorInterface $urlGenerator nullstring $excludedAjaxPaths '^/bundles|^/_wdt'ContentSecurityPolicyHandler $cspHandler nullDumpDataCollector $dumpDataCollector null)
  51.     {
  52.         $this->twig $twig;
  53.         $this->urlGenerator $urlGenerator;
  54.         $this->interceptRedirects $interceptRedirects;
  55.         $this->mode $mode;
  56.         $this->excludedAjaxPaths $excludedAjaxPaths;
  57.         $this->cspHandler $cspHandler;
  58.         $this->dumpDataCollector $dumpDataCollector;
  59.     }
  61.     public function isEnabled(): bool
  62.     {
  63.         return self::DISABLED !== $this->mode;
  64.     }
  66.     public function setMode(int $mode): void
  67.     {
  68.         if (self::DISABLED !== $mode && self::ENABLED !== $mode) {
  69.             throw new \InvalidArgumentException(sprintf('Invalid value provided for mode, use one of "%s::DISABLED" or "%s::ENABLED".'self::class, self::class));
  70.         }
  72.         $this->mode $mode;
  73.     }
  75.     public function onKernelResponse(ResponseEvent $event)
  76.     {
  77.         $response $event->getResponse();
  78.         $request $event->getRequest();
  80.         if ($response->headers->has('X-Debug-Token') && null !== $this->urlGenerator) {
  81.             try {
  82.                 $response->headers->set(
  83.                     'X-Debug-Token-Link',
  84.                     $this->urlGenerator->generate('_profiler', ['token' => $response->headers->get('X-Debug-Token')], UrlGeneratorInterface::ABSOLUTE_URL)
  85.                 );
  86.             } catch (\Exception $e) {
  87.                 $response->headers->set('X-Debug-Error', \get_class($e).': '.preg_replace('/\s+/'' '$e->getMessage()));
  88.             }
  89.         }
  91.         if (!$event->isMainRequest()) {
  92.             return;
  93.         }
  95.         $nonces = [];
  96.         if ($this->cspHandler) {
  97.             if ($this->dumpDataCollector && $this->dumpDataCollector->getDumpsCount() > 0) {
  98.                 $this->cspHandler->disableCsp();
  99.             }
  101.             $nonces $this->cspHandler->updateResponseHeaders($request$response);
  102.         }
  104.         // do not capture redirects or modify XML HTTP Requests
  105.         if ($request->isXmlHttpRequest()) {
  106.             return;
  107.         }
  109.         if ($response->headers->has('X-Debug-Token') && $response->isRedirect() && $this->interceptRedirects && 'html' === $request->getRequestFormat()) {
  110.             if ($request->hasSession() && ($session $request->getSession())->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag) {
  111.                 // keep current flashes for one more request if using AutoExpireFlashBag
  112.                 $session->getFlashBag()->setAll($session->getFlashBag()->peekAll());
  113.             }
  115.             $response->setContent($this->twig->render('@WebProfiler/Profiler/toolbar_redirect.html.twig', ['location' => $response->headers->get('Location')]));
  116.             $response->setStatusCode(200);
  117.             $response->headers->remove('Location');
  118.         }
  120.         if (self::DISABLED === $this->mode
  121.             || !$response->headers->has('X-Debug-Token')
  122.             || $response->isRedirection()
  123.             || ($response->headers->has('Content-Type') && !str_contains($response->headers->get('Content-Type'), 'html'))
  124.             || 'html' !== $request->getRequestFormat()
  125.             || false !== stripos($response->headers->get('Content-Disposition'''), 'attachment;')
  126.         ) {
  127.             return;
  128.         }
  130.         $this->injectToolbar($response$request$nonces);
  131.     }
  133.     /**
  134.      * Injects the web debug toolbar into the given Response.
  135.      */
  136.     protected function injectToolbar(Response $responseRequest $request, array $nonces)
  137.     {
  138.         $content $response->getContent();
  139.         $pos strripos($content'</body>');
  141.         if (false !== $pos) {
  142.             $toolbar "\n".str_replace("\n"''$this->twig->render(
  143.                 '@WebProfiler/Profiler/toolbar_js.html.twig',
  144.                 [
  145.                     'excluded_ajax_paths' => $this->excludedAjaxPaths,
  146.                     'token' => $response->headers->get('X-Debug-Token'),
  147.                     'request' => $request,
  148.                     'csp_script_nonce' => $nonces['csp_script_nonce'] ?? null,
  149.                     'csp_style_nonce' => $nonces['csp_style_nonce'] ?? null,
  150.                 ]
  151.             ))."\n";
  152.             $content substr($content0$pos).$toolbar.substr($content$pos);
  153.             $response->setContent($content);
  154.         }
  155.     }
  157.     public static function getSubscribedEvents(): array
  158.     {
  159.         return [
  160.             KernelEvents::RESPONSE => ['onKernelResponse', -128],
  161.         ];
  162.     }
  163. }