vendor/symfony/web-profiler-bundle/EventListener/WebDebugToolbarListener.php line 61

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Bundle\WebProfilerBundle\EventListener;
  14. use Symfony\Bundle\WebProfilerBundle\Csp\ContentSecurityPolicyHandler;
  15. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  16. use Symfony\Component\HttpFoundation\Request;
  17. use Symfony\Component\HttpFoundation\Response;
  18. use Symfony\Component\HttpFoundation\Session\Flash\AutoExpireFlashBag;
  19. use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
  20. use Symfony\Component\HttpKernel\KernelEvents;
  21. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  22. use Twig\Environment;
  24. /**
  25.  * WebDebugToolbarListener injects the Web Debug Toolbar.
  26.  *
  27.  * The onKernelResponse method must be connected to the kernel.response event.
  28.  *
  29.  * The WDT is only injected on well-formed HTML (with a proper </body> tag).
  30.  * This means that the WDT is never included in sub-requests or ESI requests.
  31.  *
  32.  * @author Fabien Potencier <fabien@symfony.com>
  33.  */
  34. class WebDebugToolbarListener implements EventSubscriberInterface
  35. {
  36.     const DISABLED 1;
  37.     const ENABLED 2;
  39.     protected $twig;
  40.     protected $urlGenerator;
  41.     protected $interceptRedirects;
  42.     protected $mode;
  43.     protected $excludedAjaxPaths;
  44.     private $cspHandler;
  46.     public function __construct(Environment $twigbool $interceptRedirects falseint $mode self::ENABLEDUrlGeneratorInterface $urlGenerator nullstring $excludedAjaxPaths '^/bundles|^/_wdt'ContentSecurityPolicyHandler $cspHandler null)
  47.     {
  48.         $this->twig $twig;
  49.         $this->urlGenerator $urlGenerator;
  50.         $this->interceptRedirects $interceptRedirects;
  51.         $this->mode $mode;
  52.         $this->excludedAjaxPaths $excludedAjaxPaths;
  53.         $this->cspHandler $cspHandler;
  54.     }
  56.     public function isEnabled()
  57.     {
  58.         return self::DISABLED !== $this->mode;
  59.     }
  61.     public function onKernelResponse(FilterResponseEvent $event)
  62.     {
  63.         $response $event->getResponse();
  64.         $request $event->getRequest();
  66.         if ($response->headers->has('X-Debug-Token') && null !== $this->urlGenerator) {
  67.             try {
  68.                 $response->headers->set(
  69.                     'X-Debug-Token-Link',
  70.                     $this->urlGenerator->generate('_profiler', ['token' => $response->headers->get('X-Debug-Token')], UrlGeneratorInterface::ABSOLUTE_URL)
  71.                 );
  72.             } catch (\Exception $e) {
  73.                 $response->headers->set('X-Debug-Error', \get_class($e).': '.preg_replace('/\s+/'' '$e->getMessage()));
  74.             }
  75.         }
  77.         if (!$event->isMasterRequest()) {
  78.             return;
  79.         }
  81.         $nonces $this->cspHandler $this->cspHandler->updateResponseHeaders($request$response) : [];
  83.         // do not capture redirects or modify XML HTTP Requests
  84.         if ($request->isXmlHttpRequest()) {
  85.             return;
  86.         }
  88.         if ($response->headers->has('X-Debug-Token') && $response->isRedirect() && $this->interceptRedirects) {
  89.             $session $request->getSession();
  90.             if (null !== $session && $session->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag) {
  91.                 // keep current flashes for one more request if using AutoExpireFlashBag
  92.                 $session->getFlashBag()->setAll($session->getFlashBag()->peekAll());
  93.             }
  95.             $response->setContent($this->twig->render('@WebProfiler/Profiler/toolbar_redirect.html.twig', ['location' => $response->headers->get('Location')]));
  96.             $response->setStatusCode(200);
  97.             $response->headers->remove('Location');
  98.         }
  100.         if (self::DISABLED === $this->mode
  101.             || !$response->headers->has('X-Debug-Token')
  102.             || $response->isRedirection()
  103.             || ($response->headers->has('Content-Type') && false === strpos($response->headers->get('Content-Type'), 'html'))
  104.             || 'html' !== $request->getRequestFormat()
  105.             || false !== stripos($response->headers->get('Content-Disposition'), 'attachment;')
  106.         ) {
  107.             return;
  108.         }
  110.         $this->injectToolbar($response$request$nonces);
  111.     }
  113.     /**
  114.      * Injects the web debug toolbar into the given Response.
  115.      */
  116.     protected function injectToolbar(Response $responseRequest $request, array $nonces)
  117.     {
  118.         $content $response->getContent();
  119.         $pos strripos($content'</body>');
  121.         if (false !== $pos) {
  122.             $toolbar "\n".str_replace("\n"''$this->twig->render(
  123.                 '@WebProfiler/Profiler/toolbar_js.html.twig',
  124.                 [
  125.                     'excluded_ajax_paths' => $this->excludedAjaxPaths,
  126.                     'token' => $response->headers->get('X-Debug-Token'),
  127.                     'request' => $request,
  128.                     'csp_script_nonce' => isset($nonces['csp_script_nonce']) ? $nonces['csp_script_nonce'] : null,
  129.                     'csp_style_nonce' => isset($nonces['csp_style_nonce']) ? $nonces['csp_style_nonce'] : null,
  130.                 ]
  131.             ))."\n";
  132.             $content substr($content0$pos).$toolbar.substr($content$pos);
  133.             $response->setContent($content);
  134.         }
  135.     }
  137.     public static function getSubscribedEvents()
  138.     {
  139.         return [
  140.             KernelEvents::RESPONSE => ['onKernelResponse', -128],
  141.         ];
  142.     }
  143. }