vendor/symfony/web-profiler-bundle/Controller/ProfilerController.php line 387

  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Symfony\Bundle\WebProfilerBundle\Controller;
  14. use Symfony\Bundle\FullStack;
  15. use Symfony\Bundle\WebProfilerBundle\Csp\ContentSecurityPolicyHandler;
  16. use Symfony\Bundle\WebProfilerBundle\Profiler\TemplateManager;
  17. use Symfony\Component\HttpFoundation\BinaryFileResponse;
  18. use Symfony\Component\HttpFoundation\RedirectResponse;
  19. use Symfony\Component\HttpFoundation\Request;
  20. use Symfony\Component\HttpFoundation\Response;
  21. use Symfony\Component\HttpFoundation\Session\Flash\AutoExpireFlashBag;
  22. use Symfony\Component\HttpKernel\DataCollector\DumpDataCollector;
  23. use Symfony\Component\HttpKernel\DataCollector\ExceptionDataCollector;
  24. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  25. use Symfony\Component\HttpKernel\Profiler\Profiler;
  26. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  27. use Twig\Environment;
  29. /**
  30. * @author Fabien Potencier <fabien@symfony.com>
  31. *
  32. * @internal
  33. */
  34. class ProfilerController
  35. {
  36. private TemplateManager $templateManager;
  37. private UrlGeneratorInterface $generator;
  38. private ?Profiler $profiler;
  39. private Environment $twig;
  40. private array $templates;
  41. private ?ContentSecurityPolicyHandler $cspHandler;
  42. private ?string $baseDir;
  44. public function __construct(UrlGeneratorInterface $generator, ?Profiler $profiler, Environment $twig, array $templates, ?ContentSecurityPolicyHandler $cspHandler = null, ?string $baseDir = null)
  45. {
  46. $this->generator = $generator;
  47. $this->profiler = $profiler;
  48. $this->twig = $twig;
  49. $this->templates = $templates;
  50. $this->cspHandler = $cspHandler;
  51. $this->baseDir = $baseDir;
  52. }
  54. /**
  55. * Redirects to the last profiles.
  56. *
  57. * @throws NotFoundHttpException
  58. */
  59. public function homeAction(): RedirectResponse
  60. {
  61. $this->denyAccessIfProfilerDisabled();
  63. return new RedirectResponse($this->generator->generate('_profiler_search_results', ['token' => 'empty', 'limit' => 10]), 302, ['Content-Type' => 'text/html']);
  64. }
  66. /**
  67. * Renders a profiler panel for the given token.
  68. *
  69. * @throws NotFoundHttpException
  70. */
  71. public function panelAction(Request $request, string $token): Response
  72. {
  73. $this->denyAccessIfProfilerDisabled();
  75. $this->cspHandler?->disableCsp();
  77. $panel = $request->query->get('panel');
  78. $page = $request->query->get('page', 'home');
  79. $profileType = $request->query->get('type', 'request');
  81. if ('latest' === $token && $latest = current($this->profiler->find(null, null, 1, null, null, null, null, fn ($profile) => $profileType === $profile['virtual_type']))) {
  82. $token = $latest['token'];
  83. }
  85. if (!$profile = $this->profiler->loadProfile($token)) {
  86. return $this->renderWithCspNonces($request, '@WebProfiler/Profiler/info.html.twig', ['about' => 'no_token', 'token' => $token, 'request' => $request, 'profile_type' => $profileType]);
  87. }
  89. $profileType = $profile->getVirtualType() ?? 'request';
  91. if (null === $panel) {
  92. $panel = $profileType;
  94. foreach ($profile->getCollectors() as $collector) {
  95. if ($collector instanceof ExceptionDataCollector && $collector->hasException()) {
  96. $panel = $collector->getName();
  98. break;
  99. }
  101. if ($collector instanceof DumpDataCollector && $collector->getDumpsCount() > 0) {
  102. $panel = $collector->getName();
  103. }
  104. }
  105. }
  107. if (!$profile->hasCollector($panel)) {
  108. throw new NotFoundHttpException(\sprintf('Panel "%s" is not available for token "%s".', $panel, $token));
  109. }
  111. return $this->renderWithCspNonces($request, $this->getTemplateManager()->getName($profile, $panel), [
  112. 'token' => $token,
  113. 'profile' => $profile,
  114. 'collector' => $profile->getCollector($panel),
  115. 'panel' => $panel,
  116. 'page' => $page,
  117. 'request' => $request,
  118. 'templates' => $this->getTemplateManager()->getNames($profile),
  119. 'is_ajax' => $request->isXmlHttpRequest(),
  120. 'profiler_markup_version' => 3, // 1 = original profiler, 2 = Symfony 2.8+ profiler, 3 = Symfony 6.2+ profiler
  121. 'profile_type' => $profileType,
  122. ]);
  123. }
  125. /**
  126. * Renders the Web Debug Toolbar.
  127. *
  128. * @throws NotFoundHttpException
  129. */
  130. public function toolbarAction(Request $request, ?string $token = null): Response
  131. {
  132. if (null === $this->profiler) {
  133. throw new NotFoundHttpException('The profiler must be enabled.');
  134. }
  136. if (!$request->attributes->getBoolean('_stateless') && $request->hasSession()
  137. && ($session = $request->getSession())->isStarted() && $session->getFlashBag() instanceof AutoExpireFlashBag
  138. ) {
  139. // keep current flashes for one more request if using AutoExpireFlashBag
  140. $session->getFlashBag()->setAll($session->getFlashBag()->peekAll());
  141. }
  143. if ('empty' === $token || null === $token) {
  144. return new Response('', 200, ['Content-Type' => 'text/html']);
  145. }
  147. $this->profiler->disable();
  149. if (!$profile = $this->profiler->loadProfile($token)) {
  150. return new Response('', 404, ['Content-Type' => 'text/html']);
  151. }
  153. $url = null;
  154. try {
  155. $url = $this->generator->generate('_profiler', ['token' => $token], UrlGeneratorInterface::ABSOLUTE_URL);
  156. } catch (\Exception) {
  157. // the profiler is not enabled
  158. }
  160. return $this->renderWithCspNonces($request, '@WebProfiler/Profiler/toolbar.html.twig', [
  161. 'full_stack' => class_exists(FullStack::class),
  162. 'request' => $request,
  163. 'profile' => $profile,
  164. 'templates' => $this->getTemplateManager()->getNames($profile),
  165. 'profiler_url' => $url,
  166. 'token' => $token,
  167. 'profiler_markup_version' => 3, // 1 = original toolbar, 2 = Symfony 2.8+ profiler, 3 = Symfony 6.2+ profiler
  168. ]);
  169. }
  171. /**
  172. * Renders the profiler search bar.
  173. *
  174. * @throws NotFoundHttpException
  175. */
  176. public function searchBarAction(Request $request): Response
  177. {
  178. $this->denyAccessIfProfilerDisabled();
  180. $this->cspHandler?->disableCsp();
  182. $session = null;
  183. if (!$request->attributes->getBoolean('_stateless') && $request->hasSession()) {
  184. $session = $request->getSession();
  185. }
  187. return new Response(
  188. $this->twig->render('@WebProfiler/Profiler/search.html.twig', [
  189. 'token' => $request->query->get('token', $session?->get('_profiler_search_token')),
  190. 'ip' => $request->query->get('ip', $session?->get('_profiler_search_ip')),
  191. 'method' => $request->query->get('method', $session?->get('_profiler_search_method')),
  192. 'status_code' => $request->query->get('status_code', $session?->get('_profiler_search_status_code')),
  193. 'url' => $request->query->get('url', $session?->get('_profiler_search_url')),
  194. 'start' => $request->query->get('start', $session?->get('_profiler_search_start')),
  195. 'end' => $request->query->get('end', $session?->get('_profiler_search_end')),
  196. 'limit' => $request->query->get('limit', $session?->get('_profiler_search_limit')),
  197. 'request' => $request,
  198. 'render_hidden_by_default' => false,
  199. 'profile_type' => $request->query->get('type', $session?->get('_profiler_search_type', 'request')),
  200. ]),
  201. 200,
  202. ['Content-Type' => 'text/html']
  203. );
  204. }
  206. /**
  207. * Renders the search results.
  208. *
  209. * @throws NotFoundHttpException
  210. */
  211. public function searchResultsAction(Request $request, string $token): Response
  212. {
  213. $this->denyAccessIfProfilerDisabled();
  215. $this->cspHandler?->disableCsp();
  217. $profile = $this->profiler->loadProfile($token);
  219. $ip = $request->query->get('ip');
  220. $method = $request->query->get('method');
  221. $statusCode = $request->query->get('status_code');
  222. $url = $request->query->get('url');
  223. $start = $request->query->get('start', null);
  224. $end = $request->query->get('end', null);
  225. $limit = $request->query->get('limit');
  226. $profileType = $request->query->get('type', 'request');
  228. return $this->renderWithCspNonces($request, '@WebProfiler/Profiler/results.html.twig', [
  229. 'request' => $request,
  230. 'token' => $token,
  231. 'profile' => $profile,
  232. 'tokens' => $this->profiler->find($ip, $url, $limit, $method, $start, $end, $statusCode, fn ($profile) => $profileType === $profile['virtual_type']),
  233. 'ip' => $ip,
  234. 'method' => $method,
  235. 'status_code' => $statusCode,
  236. 'url' => $url,
  237. 'start' => $start,
  238. 'end' => $end,
  239. 'limit' => $limit,
  240. 'panel' => null,
  241. 'profile_type' => $profileType,
  242. ]);
  243. }
  245. /**
  246. * Narrows the search bar.
  247. *
  248. * @throws NotFoundHttpException
  249. */
  250. public function searchAction(Request $request): Response
  251. {
  252. $this->denyAccessIfProfilerDisabled();
  254. $ip = $request->query->get('ip');
  255. $method = $request->query->get('method');
  256. $statusCode = $request->query->get('status_code');
  257. $url = $request->query->get('url');
  258. $start = $request->query->get('start', null);
  259. $end = $request->query->get('end', null);
  260. $limit = $request->query->get('limit');
  261. $token = $request->query->get('token');
  262. $profileType = $request->query->get('type', 'request');
  264. if (!$request->attributes->getBoolean('_stateless') && $request->hasSession()) {
  265. $session = $request->getSession();
  267. $session->set('_profiler_search_ip', $ip);
  268. $session->set('_profiler_search_method', $method);
  269. $session->set('_profiler_search_status_code', $statusCode);
  270. $session->set('_profiler_search_url', $url);
  271. $session->set('_profiler_search_start', $start);
  272. $session->set('_profiler_search_end', $end);
  273. $session->set('_profiler_search_limit', $limit);
  274. $session->set('_profiler_search_token', $token);
  275. $session->set('_profiler_search_type', $profileType);
  276. }
  278. if (!empty($token)) {
  279. return new RedirectResponse($this->generator->generate('_profiler', ['token' => $token]), 302, ['Content-Type' => 'text/html']);
  280. }
  282. $tokens = $this->profiler->find($ip, $url, $limit, $method, $start, $end, $statusCode, fn ($profile) => $profileType === $profile['virtual_type']);
  284. return new RedirectResponse($this->generator->generate('_profiler_search_results', [
  285. 'token' => $tokens ? $tokens[0]['token'] : 'empty',
  286. 'ip' => $ip,
  287. 'method' => $method,
  288. 'status_code' => $statusCode,
  289. 'url' => $url,
  290. 'start' => $start,
  291. 'end' => $end,
  292. 'limit' => $limit,
  293. 'type' => $profileType,
  294. ]), 302, ['Content-Type' => 'text/html']);
  295. }
  297. /**
  298. * Displays the PHP info.
  299. *
  300. * @throws NotFoundHttpException
  301. */
  302. public function phpinfoAction(): Response
  303. {
  304. $this->denyAccessIfProfilerDisabled();
  306. $this->cspHandler?->disableCsp();
  308. ob_start();
  309. phpinfo();
  310. $phpinfo = ob_get_clean();
  312. return new Response($phpinfo, 200, ['Content-Type' => 'text/html']);
  313. }
  315. /**
  316. * Displays the Xdebug info.
  317. *
  318. * @throws NotFoundHttpException
  319. */
  320. public function xdebugAction(): Response
  321. {
  322. $this->denyAccessIfProfilerDisabled();
  324. if (!\function_exists('xdebug_info')) {
  325. throw new NotFoundHttpException('Xdebug must be installed in version 3.');
  326. }
  328. $this->cspHandler?->disableCsp();
  330. ob_start();
  331. xdebug_info();
  332. $xdebugInfo = ob_get_clean();
  334. return new Response($xdebugInfo, 200, ['Content-Type' => 'text/html']);
  335. }
  337. /**
  338. * Returns the custom web fonts used in the profiler.
  339. *
  340. * @throws NotFoundHttpException
  341. */
  342. public function fontAction(string $fontName): Response
  343. {
  344. $this->denyAccessIfProfilerDisabled();
  345. if ('JetBrainsMono' !== $fontName) {
  346. throw new NotFoundHttpException(\sprintf('Font file "%s.woff2" not found.', $fontName));
  347. }
  349. $fontFile = \dirname(__DIR__).'/Resources/fonts/'.$fontName.'.woff2';
  350. if (!is_file($fontFile) || !is_readable($fontFile)) {
  351. throw new NotFoundHttpException(\sprintf('Cannot read font file "%s".', $fontFile));
  352. }
  354. $this->profiler?->disable();
  356. return new BinaryFileResponse($fontFile, 200, ['Content-Type' => 'font/woff2']);
  357. }
  359. /**
  360. * Displays the source of a file.
  361. *
  362. * @throws NotFoundHttpException
  363. */
  364. public function openAction(Request $request): Response
  365. {
  366. if (null === $this->baseDir) {
  367. throw new NotFoundHttpException('The base dir should be set.');
  368. }
  370. $this->profiler?->disable();
  372. $file = $request->query->get('file');
  373. $line = $request->query->get('line');
  375. $filename = $this->baseDir.\DIRECTORY_SEPARATOR.$file;
  377. if (preg_match("'(^|[/\\\\])\.'", $file) || !is_readable($filename)) {
  378. throw new NotFoundHttpException(\sprintf('The file "%s" cannot be opened.', $file));
  379. }
  381. return $this->renderWithCspNonces($request, '@WebProfiler/Profiler/open.html.twig', [
  382. 'file_info' => new \SplFileInfo($filename),
  383. 'file' => $file,
  384. 'line' => $line,
  385. ]);
  386. }
  388. protected function getTemplateManager(): TemplateManager
  389. {
  390. return $this->templateManager ??= new TemplateManager($this->profiler, $this->twig, $this->templates);
  391. }
  393. private function denyAccessIfProfilerDisabled(): void
  394. {
  395. if (null === $this->profiler) {
  396. throw new NotFoundHttpException('The profiler must be enabled.');
  397. }
  399. $this->profiler->disable();
  400. }
  402. private function renderWithCspNonces(Request $request, string $template, array $variables, int $code = 200, array $headers = ['Content-Type' => 'text/html']): Response
  403. {
  404. $response = new Response('', $code, $headers);
  406. $nonces = $this->cspHandler ? $this->cspHandler->getNonces($request, $response) : [];
  408. $variables['csp_script_nonce'] = $nonces['csp_script_nonce'] ?? null;
  409. $variables['csp_style_nonce'] = $nonces['csp_style_nonce'] ?? null;
  411. $response->setContent($this->twig->render($template, $variables));
  413. return $response;
  414. }
  415. }