bugfix custom headers: add support for urls; code cleanup

Author: Lars Schröder

Diff for: KielCodingSecurityHeaders.php

@@ -30,9 +30,20 @@ public function deactivate(DeactivateContext $context)
      */
     public function build(ContainerBuilder $container)
     {
-        $container->setParameter($this->getContainerPrefix() . '.plugin_dir', $this->getPath());
-        $container->setParameter($this->getContainerPrefix() . '.plugin_name', $this->getName());
+        $container->setParameter('kiel_coding_security_headers.plugin_dir', $this->getPluginPath());
 
         parent::build($container);
     }
+
+    /**
+     * Gets the Plugin directory path.
+     *
+     * @return string The Plugin absolute path
+     */
+    public function getPluginPath()
+    {
+        $reflected = new \ReflectionObject($this);
+
+        return dirname($reflected->getFileName());
+    }
 }

Diff for: Resources/config.xml

@@ -80,8 +80,8 @@
             <name>customHeaders</name>
             <label>Custom Headers</label>
             <label lang="de">Eigene Headers</label>
-            <description>E.g. X-Powered-By: My Company Name</description>
-            <description lang="de">Z.B. X-Powered-By: Mein Firmenname</description>
+            <description>Split header name and value with ":"; split multiple headers with line break.E.g. X-Powered-By: My Company Name.</description>
+            <description lang="de">Header-Name und -Wert mittels ":" trennen; mehrere Header mittels Zeilenumbruch trennen. Z.B. X-Powered-By: Mein Firmenname.</description>
         </element>
     </elements>
 </config>

Diff for: Resources/services.xml

@@ -2,9 +2,16 @@
 <container xmlns="http://symfony.com/schema/dic/services"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+    <parameters>
+        <parameter key="kiel_coding_security_headers.plugin_name">KielCodingSecurityHeaders</parameter>
+    </parameters>
+
     <services>
-        <service id="kiel_coding_trusted_shops_reviews.subscriber.frontend" class="KielCodingSecurityHeaders\Subscriber\Frontend">
-            <argument type="service" id="service_container" />
+        <service id="kiel_coding_security_headers.subscriber.frontend" class="KielCodingSecurityHeaders\Subscriber\Frontend">
+            <argument type="service" id="shopware.plugin.cached_config_reader" />
+            <argument type="string">%kiel_coding_security_headers.plugin_name%</argument>
+
             <tag name="shopware.event_subscriber" />
         </service>
     </services>

Diff for: Subscriber/Frontend.php

@@ -3,28 +3,22 @@
 namespace KielCodingSecurityHeaders\Subscriber;
 
 use Enlight\Event\SubscriberInterface;
-use Shopware\Models\Shop\DetachedShop;
-use Symfony\Component\DependencyInjection\ContainerInterface;
+use Shopware\Components\Plugin\CachedConfigReader;
 
 class Frontend implements SubscriberInterface
 {
     /**
-     * @var ContainerInterface
-     */
-    private $container;
-
-    /**
-     * @var
+     * @var array
      */
     private $config;
 
     /**
-     * @param ContainerInterface $container
+     * @param CachedConfigReader $configReader
+     * @param string             $pluginName
      */
-    public function __construct(ContainerInterface $container)
+    public function __construct(CachedConfigReader $configReader, $pluginName)
     {
-        $this->container = $container;
-        $this->config = $this->getPluginConfig();
+        $this->config = $configReader->getByPluginName($pluginName, Shopware()->Shop());
     }
 
     /**
@@ -42,11 +36,12 @@ public static function getSubscribedEvents()
      */
     public function onPostDispatch(\Enlight_Controller_ActionEventArgs $args)
     {
+        /** @var \Enlight_Controller_Response_ResponseHttp $response */
         $response = $args->getResponse();
 
         $this->setSecurityHeaders($response);
         $this->setCustomHeaders($response);
-        $this->removeInsecureHeaders($response);
+        $this->removeInsecureHeaders();
     }
 
     /**
@@ -88,10 +83,7 @@ private function setCustomHeaders(\Enlight_Controller_Response_ResponseHttp $res
         }
     }
 
-    /**
-     * @param \Enlight_Controller_Response_ResponseHttp $response
-     */
-    private function removeInsecureHeaders(\Enlight_Controller_Response_ResponseHttp $response)
+    private function removeInsecureHeaders()
     {
         if ($this->config['xPoweredByDisabled']) {
             @ini_set('expose_php', 'off');
@@ -111,31 +103,19 @@ private function getCustomHeaders()
 
         $headersFormatted = [];
         foreach ($headers as $header) {
-            $headerParts = explode(':', $header);
+            // Use preg_split with limit to prevent url splitting caused by ":" inside.
+            $headerParts = preg_split('/[\\s+:\\s+]/', $header, 2);
             $headersFormatted[$headerParts[0]] = $headerParts[1];
         }
 
         return $headersFormatted;
     }
 
-    /**
-     * @return array
-     */
-    private function getPluginConfig()
-    {
-        $pluginName = $this->container->getParameter('kiel_coding_security_headers.plugin_name');
-
-        return $this->container->get('shopware.plugin.cached_config_reader')->getByPluginName($pluginName);
-    }
-
     /**
      * @return bool
      */
     private function isSecure()
     {
-        /** @var DetachedShop $shop */
-        $shop = $this->container->get('shop');
-
-        return $shop->getSecure();
+        return Shopware()->Shop()->getSecure();
     }
 }

Diff for: plugin.png

@@ -2,14 +2,19 @@
 <plugin xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="../../../engine/Shopware/Components/Plugin/schema/plugin.xsd">
     <label>Security Headers</label>
-    <version>1.1.0</version>
+    <version>1.2.0</version>
 
-    <author>Kiel Coding</author>
-    <copyright>(c) by Kiel Coding</copyright>
-    <link>https://kielcoding.de</link>
+    <author>KielCoding</author>
+    <copyright>(c) KielCoding</copyright>
+    <link>https://www.kielcoding.de</link>
     <license>proprietary</license>
     <compatibility minVersion="5.2.0" />
 
+    <changelog version="1.2.0">
+        <changes>Custom header url bugfix and code cleanup.</changes>
+        <changes lang="de">Eigene Header URL Bugfix und Code-Bereinigung.</changes>
+    </changelog>
+
     <changelog version="1.1.0">
         <changes>Fix event</changes>
         <changes lang="de">Fix Event</changes>