yiisoft /
yii2
Complex classes like Request often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use Request, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 86 | class Request extends \yii\base\Request |
||
| 87 | { |
||
| 88 | /** |
||
| 89 | * The name of the HTTP header for sending CSRF token. |
||
| 90 | */ |
||
| 91 | const CSRF_HEADER = 'X-CSRF-Token'; |
||
| 92 | /** |
||
| 93 | * The length of the CSRF token mask. |
||
| 94 | */ |
||
| 95 | const CSRF_MASK_LENGTH = 8; |
||
| 96 | |||
| 97 | /** |
||
| 98 | * @var bool whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to true. |
||
| 99 | * When CSRF validation is enabled, forms submitted to an Yii Web application must be originated |
||
| 100 | * from the same application. If not, a 400 HTTP exception will be raised. |
||
| 101 | * |
||
| 102 | * Note, this feature requires that the user client accepts cookie. Also, to use this feature, |
||
| 103 | * forms submitted via POST method must contain a hidden input whose name is specified by [[csrfParam]]. |
||
| 104 | * You may use [[\yii\helpers\Html::beginForm()]] to generate his hidden input. |
||
| 105 | * |
||
| 106 | * In JavaScript, you may get the values of [[csrfParam]] and [[csrfToken]] via `yii.getCsrfParam()` and |
||
| 107 | * `yii.getCsrfToken()`, respectively. The [[\yii\web\YiiAsset]] asset must be registered. |
||
| 108 | * You also need to include CSRF meta tags in your pages by using [[\yii\helpers\Html::csrfMetaTags()]]. |
||
| 109 | * |
||
| 110 | * @see Controller::enableCsrfValidation |
||
| 111 | * @see http://en.wikipedia.org/wiki/Cross-site_request_forgery |
||
| 112 | */ |
||
| 113 | public $enableCsrfValidation = true; |
||
| 114 | /** |
||
| 115 | * @var string the name of the token used to prevent CSRF. Defaults to '_csrf'. |
||
| 116 | * This property is used only when [[enableCsrfValidation]] is true. |
||
| 117 | */ |
||
| 118 | public $csrfParam = '_csrf'; |
||
| 119 | /** |
||
| 120 | * @var array the configuration for creating the CSRF [[Cookie|cookie]]. This property is used only when |
||
| 121 | * both [[enableCsrfValidation]] and [[enableCsrfCookie]] are true. |
||
| 122 | */ |
||
| 123 | public $csrfCookie = ['httpOnly' => true]; |
||
| 124 | /** |
||
| 125 | * @var bool whether to use cookie to persist CSRF token. If false, CSRF token will be stored |
||
| 126 | * in session under the name of [[csrfParam]]. Note that while storing CSRF tokens in session increases |
||
| 127 | * security, it requires starting a session for every page, which will degrade your site performance. |
||
| 128 | */ |
||
| 129 | public $enableCsrfCookie = true; |
||
| 130 | /** |
||
| 131 | * @var bool whether cookies should be validated to ensure they are not tampered. Defaults to true. |
||
| 132 | */ |
||
| 133 | public $enableCookieValidation = true; |
||
| 134 | /** |
||
| 135 | * @var string a secret key used for cookie validation. This property must be set if [[enableCookieValidation]] is true. |
||
| 136 | */ |
||
| 137 | public $cookieValidationKey; |
||
| 138 | /** |
||
| 139 | * @var string the name of the POST parameter that is used to indicate if a request is a PUT, PATCH or DELETE |
||
| 140 | * request tunneled through POST. Defaults to '_method'. |
||
| 141 | * @see getMethod() |
||
| 142 | * @see getBodyParams() |
||
| 143 | */ |
||
| 144 | public $methodParam = '_method'; |
||
| 145 | /** |
||
| 146 | * @var array the parsers for converting the raw HTTP request body into [[bodyParams]]. |
||
| 147 | * The array keys are the request `Content-Types`, and the array values are the |
||
| 148 | * corresponding configurations for [[Yii::createObject|creating the parser objects]]. |
||
| 149 | * A parser must implement the [[RequestParserInterface]]. |
||
| 150 | * |
||
| 151 | * To enable parsing for JSON requests you can use the [[JsonParser]] class like in the following example: |
||
| 152 | * |
||
| 153 | * ``` |
||
| 154 | * [ |
||
| 155 | * 'application/json' => 'yii\web\JsonParser', |
||
| 156 | * ] |
||
| 157 | * ``` |
||
| 158 | * |
||
| 159 | * To register a parser for parsing all request types you can use `'*'` as the array key. |
||
| 160 | * This one will be used as a fallback in case no other types match. |
||
| 161 | * |
||
| 162 | * @see getBodyParams() |
||
| 163 | */ |
||
| 164 | public $parsers = []; |
||
| 165 | |||
| 166 | /** |
||
| 167 | * @var CookieCollection Collection of request cookies. |
||
| 168 | */ |
||
| 169 | private $_cookies; |
||
| 170 | /** |
||
| 171 | * @var HeaderCollection Collection of request headers. |
||
| 172 | */ |
||
| 173 | private $_headers; |
||
| 174 | |||
| 175 | |||
| 176 | /** |
||
| 177 | * Resolves the current request into a route and the associated parameters. |
||
| 178 | * @return array the first element is the route, and the second is the associated parameters. |
||
| 179 | * @throws NotFoundHttpException if the request cannot be resolved. |
||
| 180 | */ |
||
| 181 | public function resolve() |
||
| 196 | |||
| 197 | /** |
||
| 198 | * Returns the header collection. |
||
| 199 | * The header collection contains incoming HTTP headers. |
||
| 200 | * @return HeaderCollection the header collection |
||
| 201 | */ |
||
| 202 | public function getHeaders() |
||
| 227 | |||
| 228 | /** |
||
| 229 | * Returns the method of the current request (e.g. GET, POST, HEAD, PUT, PATCH, DELETE). |
||
| 230 | * @return string request method, such as GET, POST, HEAD, PUT, PATCH, DELETE. |
||
| 231 | * The value returned is turned into upper case. |
||
| 232 | */ |
||
| 233 | public function getMethod() |
||
| 249 | |||
| 250 | /** |
||
| 251 | * Returns whether this is a GET request. |
||
| 252 | * @return bool whether this is a GET request. |
||
| 253 | */ |
||
| 254 | public function getIsGet() |
||
| 258 | |||
| 259 | /** |
||
| 260 | * Returns whether this is an OPTIONS request. |
||
| 261 | * @return bool whether this is a OPTIONS request. |
||
| 262 | */ |
||
| 263 | public function getIsOptions() |
||
| 267 | |||
| 268 | /** |
||
| 269 | * Returns whether this is a HEAD request. |
||
| 270 | * @return bool whether this is a HEAD request. |
||
| 271 | */ |
||
| 272 | public function getIsHead() |
||
| 276 | |||
| 277 | /** |
||
| 278 | * Returns whether this is a POST request. |
||
| 279 | * @return bool whether this is a POST request. |
||
| 280 | */ |
||
| 281 | public function getIsPost() |
||
| 285 | |||
| 286 | /** |
||
| 287 | * Returns whether this is a DELETE request. |
||
| 288 | * @return bool whether this is a DELETE request. |
||
| 289 | */ |
||
| 290 | public function getIsDelete() |
||
| 294 | |||
| 295 | /** |
||
| 296 | * Returns whether this is a PUT request. |
||
| 297 | * @return bool whether this is a PUT request. |
||
| 298 | */ |
||
| 299 | public function getIsPut() |
||
| 303 | |||
| 304 | /** |
||
| 305 | * Returns whether this is a PATCH request. |
||
| 306 | * @return bool whether this is a PATCH request. |
||
| 307 | */ |
||
| 308 | public function getIsPatch() |
||
| 312 | |||
| 313 | /** |
||
| 314 | * Returns whether this is an AJAX (XMLHttpRequest) request. |
||
| 315 | * |
||
| 316 | * Note that jQuery doesn't set the header in case of cross domain |
||
| 317 | * requests: https://stackoverflow.com/questions/8163703/cross-domain-ajax-doesnt-send-x-requested-with-header |
||
| 318 | * |
||
| 319 | * @return bool whether this is an AJAX (XMLHttpRequest) request. |
||
| 320 | */ |
||
| 321 | public function getIsAjax() |
||
| 325 | |||
| 326 | /** |
||
| 327 | * Returns whether this is a PJAX request |
||
| 328 | * @return bool whether this is a PJAX request |
||
| 329 | */ |
||
| 330 | public function getIsPjax() |
||
| 334 | |||
| 335 | /** |
||
| 336 | * Returns whether this is an Adobe Flash or Flex request. |
||
| 337 | * @return bool whether this is an Adobe Flash or Adobe Flex request. |
||
| 338 | */ |
||
| 339 | public function getIsFlash() |
||
| 344 | |||
| 345 | private $_rawBody; |
||
| 346 | |||
| 347 | /** |
||
| 348 | * Returns the raw HTTP request body. |
||
| 349 | * @return string the request body |
||
| 350 | */ |
||
| 351 | public function getRawBody() |
||
| 359 | |||
| 360 | /** |
||
| 361 | * Sets the raw HTTP request body, this method is mainly used by test scripts to simulate raw HTTP requests. |
||
| 362 | * @param string $rawBody the request body |
||
| 363 | */ |
||
| 364 | public function setRawBody($rawBody) |
||
| 368 | |||
| 369 | private $_bodyParams; |
||
| 370 | |||
| 371 | /** |
||
| 372 | * Returns the request parameters given in the request body. |
||
| 373 | * |
||
| 374 | * Request parameters are determined using the parsers configured in [[parsers]] property. |
||
| 375 | * If no parsers are configured for the current [[contentType]] it uses the PHP function `mb_parse_str()` |
||
| 376 | * to parse the [[rawBody|request body]]. |
||
| 377 | * @return array the request parameters given in the request body. |
||
| 378 | * @throws \yii\base\InvalidConfigException if a registered parser does not implement the [[RequestParserInterface]]. |
||
| 379 | * @see getMethod() |
||
| 380 | * @see getBodyParam() |
||
| 381 | * @see setBodyParams() |
||
| 382 | */ |
||
| 383 | public function getBodyParams() |
||
| 423 | |||
| 424 | /** |
||
| 425 | * Sets the request body parameters. |
||
| 426 | * @param array $values the request body parameters (name-value pairs) |
||
| 427 | * @see getBodyParam() |
||
| 428 | * @see getBodyParams() |
||
| 429 | */ |
||
| 430 | public function setBodyParams($values) |
||
| 434 | |||
| 435 | /** |
||
| 436 | * Returns the named request body parameter value. |
||
| 437 | * If the parameter does not exist, the second parameter passed to this method will be returned. |
||
| 438 | * @param string $name the parameter name |
||
| 439 | * @param mixed $defaultValue the default parameter value if the parameter does not exist. |
||
| 440 | * @return mixed the parameter value |
||
| 441 | * @see getBodyParams() |
||
| 442 | * @see setBodyParams() |
||
| 443 | */ |
||
| 444 | public function getBodyParam($name, $defaultValue = null) |
||
| 450 | |||
| 451 | /** |
||
| 452 | * Returns POST parameter with a given name. If name isn't specified, returns an array of all POST parameters. |
||
| 453 | * |
||
| 454 | * @param string $name the parameter name |
||
| 455 | * @param mixed $defaultValue the default parameter value if the parameter does not exist. |
||
| 456 | * @return array|mixed |
||
| 457 | */ |
||
| 458 | public function post($name = null, $defaultValue = null) |
||
| 466 | |||
| 467 | private $_queryParams; |
||
| 468 | |||
| 469 | /** |
||
| 470 | * Returns the request parameters given in the [[queryString]]. |
||
| 471 | * |
||
| 472 | * This method will return the contents of `$_GET` if params where not explicitly set. |
||
| 473 | * @return array the request GET parameter values. |
||
| 474 | * @see setQueryParams() |
||
| 475 | */ |
||
| 476 | public function getQueryParams() |
||
| 484 | |||
| 485 | /** |
||
| 486 | * Sets the request [[queryString]] parameters. |
||
| 487 | * @param array $values the request query parameters (name-value pairs) |
||
| 488 | * @see getQueryParam() |
||
| 489 | * @see getQueryParams() |
||
| 490 | */ |
||
| 491 | public function setQueryParams($values) |
||
| 495 | |||
| 496 | /** |
||
| 497 | * Returns GET parameter with a given name. If name isn't specified, returns an array of all GET parameters. |
||
| 498 | * |
||
| 499 | * @param string $name the parameter name |
||
| 500 | * @param mixed $defaultValue the default parameter value if the parameter does not exist. |
||
| 501 | * @return array|mixed |
||
| 502 | */ |
||
| 503 | public function get($name = null, $defaultValue = null) |
||
| 511 | |||
| 512 | /** |
||
| 513 | * Returns the named GET parameter value. |
||
| 514 | * If the GET parameter does not exist, the second parameter passed to this method will be returned. |
||
| 515 | * @param string $name the GET parameter name. |
||
| 516 | * @param mixed $defaultValue the default parameter value if the GET parameter does not exist. |
||
| 517 | * @return mixed the GET parameter value |
||
| 518 | * @see getBodyParam() |
||
| 519 | */ |
||
| 520 | public function getQueryParam($name, $defaultValue = null) |
||
| 526 | |||
| 527 | private $_hostInfo; |
||
| 528 | private $_hostName; |
||
| 529 | |||
| 530 | /** |
||
| 531 | * Returns the schema and host part of the current request URL. |
||
| 532 | * |
||
| 533 | * The returned URL does not have an ending slash. |
||
| 534 | * |
||
| 535 | * By default this value is based on the user request information. This method will |
||
| 536 | * return the value of `$_SERVER['HTTP_HOST']` if it is available or `$_SERVER['SERVER_NAME']` if not. |
||
| 537 | * You may want to check out the [PHP documentation](http://php.net/manual/en/reserved.variables.server.php) |
||
| 538 | * for more information on these variables. |
||
| 539 | * |
||
| 540 | * You may explicitly specify it by setting the [[setHostInfo()|hostInfo]] property. |
||
| 541 | * |
||
| 542 | * > Warning: Dependent on the server configuration this information may not be |
||
| 543 | * > reliable and [may be faked by the user sending the HTTP request](https://www.acunetix.com/vulnerabilities/web/host-header-attack). |
||
| 544 | * > If the webserver is configured to serve the same site independent of the value of |
||
| 545 | * > the `Host` header, this value is not reliable. In such situations you should either |
||
| 546 | * > fix your webserver configuration or explicitly set the value by setting the [[setHostInfo()|hostInfo]] property. |
||
| 547 | * > If you don't have access to the server configuration, you can setup [[\yii\filters\HostControl]] filter at |
||
| 548 | * > application level in order to protect against such kind of attack. |
||
| 549 | * |
||
| 550 | * @property string|null schema and hostname part (with port number if needed) of the request URL |
||
| 551 | * (e.g. `http://www.yiiframework.com`), null if can't be obtained from `$_SERVER` and wasn't set. |
||
| 552 | * See [[getHostInfo()]] for security related notes on this property. |
||
| 553 | * @return string|null schema and hostname part (with port number if needed) of the request URL |
||
| 554 | * (e.g. `http://www.yiiframework.com`), null if can't be obtained from `$_SERVER` and wasn't set. |
||
| 555 | * @see setHostInfo() |
||
| 556 | */ |
||
| 557 | public function getHostInfo() |
||
| 575 | |||
| 576 | /** |
||
| 577 | * Sets the schema and host part of the application URL. |
||
| 578 | * This setter is provided in case the schema and hostname cannot be determined |
||
| 579 | * on certain Web servers. |
||
| 580 | * @param string|null $value the schema and host part of the application URL. The trailing slashes will be removed. |
||
| 581 | * @see getHostInfo() for security related notes on this property. |
||
| 582 | */ |
||
| 583 | public function setHostInfo($value) |
||
| 588 | |||
| 589 | /** |
||
| 590 | * Returns the host part of the current request URL. |
||
| 591 | * Value is calculated from current [[getHostInfo()|hostInfo]] property. |
||
| 592 | * |
||
| 593 | * > Warning: The content of this value may not be reliable, dependent on the server |
||
| 594 | * > configuration. Please refer to [[getHostInfo()]] for more information. |
||
| 595 | * |
||
| 596 | * @return string|null hostname part of the request URL (e.g. `www.yiiframework.com`) |
||
| 597 | * @see getHostInfo() |
||
| 598 | * @since 2.0.10 |
||
| 599 | */ |
||
| 600 | public function getHostName() |
||
| 608 | |||
| 609 | private $_baseUrl; |
||
| 610 | |||
| 611 | /** |
||
| 612 | * Returns the relative URL for the application. |
||
| 613 | * This is similar to [[scriptUrl]] except that it does not include the script file name, |
||
| 614 | * and the ending slashes are removed. |
||
| 615 | * @return string the relative URL for the application |
||
| 616 | * @see setScriptUrl() |
||
| 617 | */ |
||
| 618 | public function getBaseUrl() |
||
| 626 | |||
| 627 | /** |
||
| 628 | * Sets the relative URL for the application. |
||
| 629 | * By default the URL is determined based on the entry script URL. |
||
| 630 | * This setter is provided in case you want to change this behavior. |
||
| 631 | * @param string $value the relative URL for the application |
||
| 632 | */ |
||
| 633 | public function setBaseUrl($value) |
||
| 637 | |||
| 638 | private $_scriptUrl; |
||
| 639 | |||
| 640 | /** |
||
| 641 | * Returns the relative URL of the entry script. |
||
| 642 | * The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework. |
||
| 643 | * @return string the relative URL of the entry script. |
||
| 644 | * @throws InvalidConfigException if unable to determine the entry script URL |
||
| 645 | */ |
||
| 646 | public function getScriptUrl() |
||
| 668 | |||
| 669 | /** |
||
| 670 | * Sets the relative URL for the application entry script. |
||
| 671 | * This setter is provided in case the entry script URL cannot be determined |
||
| 672 | * on certain Web servers. |
||
| 673 | * @param string $value the relative URL for the application entry script. |
||
| 674 | */ |
||
| 675 | public function setScriptUrl($value) |
||
| 679 | |||
| 680 | private $_scriptFile; |
||
|
Comprehensibility
introduced
by
|
|||
| 681 | |||
| 682 | /** |
||
| 683 | * Returns the entry script file path. |
||
| 684 | * The default implementation will simply return `$_SERVER['SCRIPT_FILENAME']`. |
||
| 685 | * @return string the entry script file path |
||
| 686 | * @throws InvalidConfigException |
||
| 687 | */ |
||
| 688 | public function getScriptFile() |
||
| 698 | |||
| 699 | /** |
||
| 700 | * Sets the entry script file path. |
||
| 701 | * The entry script file path normally can be obtained from `$_SERVER['SCRIPT_FILENAME']`. |
||
| 702 | * If your server configuration does not return the correct value, you may configure |
||
| 703 | * this property to make it right. |
||
| 704 | * @param string $value the entry script file path. |
||
| 705 | */ |
||
| 706 | public function setScriptFile($value) |
||
| 710 | |||
| 711 | private $_pathInfo; |
||
| 712 | |||
| 713 | /** |
||
| 714 | * Returns the path info of the currently requested URL. |
||
| 715 | * A path info refers to the part that is after the entry script and before the question mark (query string). |
||
| 716 | * The starting and ending slashes are both removed. |
||
| 717 | * @return string part of the request URL that is after the entry script and before the question mark. |
||
| 718 | * Note, the returned path info is already URL-decoded. |
||
| 719 | * @throws InvalidConfigException if the path info cannot be determined due to unexpected server configuration |
||
| 720 | */ |
||
| 721 | public function getPathInfo() |
||
| 729 | |||
| 730 | /** |
||
| 731 | * Sets the path info of the current request. |
||
| 732 | * This method is mainly provided for testing purpose. |
||
| 733 | * @param string $value the path info of the current request |
||
| 734 | */ |
||
| 735 | public function setPathInfo($value) |
||
| 739 | |||
| 740 | /** |
||
| 741 | * Resolves the path info part of the currently requested URL. |
||
| 742 | * A path info refers to the part that is after the entry script and before the question mark (query string). |
||
| 743 | * The starting slashes are both removed (ending slashes will be kept). |
||
| 744 | * @return string part of the request URL that is after the entry script and before the question mark. |
||
| 745 | * Note, the returned path info is decoded. |
||
| 746 | * @throws InvalidConfigException if the path info cannot be determined due to unexpected server configuration |
||
| 747 | */ |
||
| 748 | protected function resolvePathInfo() |
||
| 792 | |||
| 793 | /** |
||
| 794 | * Returns the currently requested absolute URL. |
||
| 795 | * This is a shortcut to the concatenation of [[hostInfo]] and [[url]]. |
||
| 796 | * @return string the currently requested absolute URL. |
||
| 797 | */ |
||
| 798 | public function getAbsoluteUrl() |
||
| 802 | |||
| 803 | private $_url; |
||
| 804 | |||
| 805 | /** |
||
| 806 | * Returns the currently requested relative URL. |
||
| 807 | * This refers to the portion of the URL that is after the [[hostInfo]] part. |
||
| 808 | * It includes the [[queryString]] part if any. |
||
| 809 | * @return string the currently requested relative URL. Note that the URI returned is URL-encoded. |
||
| 810 | * @throws InvalidConfigException if the URL cannot be determined due to unusual server configuration |
||
| 811 | */ |
||
| 812 | public function getUrl() |
||
| 820 | |||
| 821 | /** |
||
| 822 | * Sets the currently requested relative URL. |
||
| 823 | * The URI must refer to the portion that is after [[hostInfo]]. |
||
| 824 | * Note that the URI should be URL-encoded. |
||
| 825 | * @param string $value the request URI to be set |
||
| 826 | */ |
||
| 827 | public function setUrl($value) |
||
| 831 | |||
| 832 | /** |
||
| 833 | * Resolves the request URI portion for the currently requested URL. |
||
| 834 | * This refers to the portion that is after the [[hostInfo]] part. It includes the [[queryString]] part if any. |
||
| 835 | * The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework. |
||
| 836 | * @return string|bool the request URI portion for the currently requested URL. |
||
| 837 | * Note that the URI returned is URL-encoded. |
||
| 838 | * @throws InvalidConfigException if the request URI cannot be determined due to unusual server configuration |
||
| 839 | */ |
||
| 840 | protected function resolveRequestUri() |
||
| 860 | |||
| 861 | /** |
||
| 862 | * Returns part of the request URL that is after the question mark. |
||
| 863 | * @return string part of the request URL that is after the question mark |
||
| 864 | */ |
||
| 865 | public function getQueryString() |
||
| 869 | |||
| 870 | /** |
||
| 871 | * Return if the request is sent via secure channel (https). |
||
| 872 | * @return bool if the request is sent via secure channel (https) |
||
| 873 | */ |
||
| 874 | public function getIsSecureConnection() |
||
| 879 | |||
| 880 | /** |
||
| 881 | * Returns the server name. |
||
| 882 | * @return string server name, null if not available |
||
| 883 | */ |
||
| 884 | public function getServerName() |
||
| 888 | |||
| 889 | /** |
||
| 890 | * Returns the server port number. |
||
| 891 | * @return int|null server port number, null if not available |
||
| 892 | */ |
||
| 893 | public function getServerPort() |
||
| 897 | |||
| 898 | /** |
||
| 899 | * Returns the URL referrer. |
||
| 900 | * @return string|null URL referrer, null if not available |
||
| 901 | */ |
||
| 902 | public function getReferrer() |
||
| 906 | |||
| 907 | /** |
||
| 908 | * Returns the user agent. |
||
| 909 | * @return string|null user agent, null if not available |
||
| 910 | */ |
||
| 911 | public function getUserAgent() |
||
| 915 | |||
| 916 | /** |
||
| 917 | * Returns the user IP address. |
||
| 918 | * @return string|null user IP address, null if not available |
||
| 919 | */ |
||
| 920 | public function getUserIP() |
||
| 924 | |||
| 925 | /** |
||
| 926 | * Returns the user host name. |
||
| 927 | * @return string|null user host name, null if not available |
||
| 928 | */ |
||
| 929 | public function getUserHost() |
||
| 933 | |||
| 934 | /** |
||
| 935 | * @return string|null the username sent via HTTP authentication, null if the username is not given |
||
| 936 | */ |
||
| 937 | public function getAuthUser() |
||
| 941 | |||
| 942 | /** |
||
| 943 | * @return string|null the password sent via HTTP authentication, null if the password is not given |
||
| 944 | */ |
||
| 945 | public function getAuthPassword() |
||
| 949 | |||
| 950 | private $_port; |
||
| 951 | |||
| 952 | /** |
||
| 953 | * Returns the port to use for insecure requests. |
||
| 954 | * Defaults to 80, or the port specified by the server if the current |
||
| 955 | * request is insecure. |
||
| 956 | * @return int port number for insecure requests. |
||
| 957 | * @see setPort() |
||
| 958 | */ |
||
| 959 | public function getPort() |
||
| 967 | |||
| 968 | /** |
||
| 969 | * Sets the port to use for insecure requests. |
||
| 970 | * This setter is provided in case a custom port is necessary for certain |
||
| 971 | * server configurations. |
||
| 972 | * @param int $value port number. |
||
| 973 | */ |
||
| 974 | public function setPort($value) |
||
| 981 | |||
| 982 | private $_securePort; |
||
| 983 | |||
| 984 | /** |
||
| 985 | * Returns the port to use for secure requests. |
||
| 986 | * Defaults to 443, or the port specified by the server if the current |
||
| 987 | * request is secure. |
||
| 988 | * @return int port number for secure requests. |
||
| 989 | * @see setSecurePort() |
||
| 990 | */ |
||
| 991 | public function getSecurePort() |
||
| 999 | |||
| 1000 | /** |
||
| 1001 | * Sets the port to use for secure requests. |
||
| 1002 | * This setter is provided in case a custom port is necessary for certain |
||
| 1003 | * server configurations. |
||
| 1004 | * @param int $value port number. |
||
| 1005 | */ |
||
| 1006 | public function setSecurePort($value) |
||
| 1013 | |||
| 1014 | private $_contentTypes; |
||
| 1015 | |||
| 1016 | /** |
||
| 1017 | * Returns the content types acceptable by the end user. |
||
| 1018 | * This is determined by the `Accept` HTTP header. For example, |
||
| 1019 | * |
||
| 1020 | * ```php |
||
| 1021 | * $_SERVER['HTTP_ACCEPT'] = 'text/plain; q=0.5, application/json; version=1.0, application/xml; version=2.0;'; |
||
| 1022 | * $types = $request->getAcceptableContentTypes(); |
||
| 1023 | * print_r($types); |
||
| 1024 | * // displays: |
||
| 1025 | * // [ |
||
| 1026 | * // 'application/json' => ['q' => 1, 'version' => '1.0'], |
||
| 1027 | * // 'application/xml' => ['q' => 1, 'version' => '2.0'], |
||
| 1028 | * // 'text/plain' => ['q' => 0.5], |
||
| 1029 | * // ] |
||
| 1030 | * ``` |
||
| 1031 | * |
||
| 1032 | * @return array the content types ordered by the quality score. Types with the highest scores |
||
| 1033 | * will be returned first. The array keys are the content types, while the array values |
||
| 1034 | * are the corresponding quality score and other parameters as given in the header. |
||
| 1035 | */ |
||
| 1036 | public function getAcceptableContentTypes() |
||
| 1048 | |||
| 1049 | /** |
||
| 1050 | * Sets the acceptable content types. |
||
| 1051 | * Please refer to [[getAcceptableContentTypes()]] on the format of the parameter. |
||
| 1052 | * @param array $value the content types that are acceptable by the end user. They should |
||
| 1053 | * be ordered by the preference level. |
||
| 1054 | * @see getAcceptableContentTypes() |
||
| 1055 | * @see parseAcceptHeader() |
||
| 1056 | */ |
||
| 1057 | public function setAcceptableContentTypes($value) |
||
| 1061 | |||
| 1062 | /** |
||
| 1063 | * Returns request content-type |
||
| 1064 | * The Content-Type header field indicates the MIME type of the data |
||
| 1065 | * contained in [[getRawBody()]] or, in the case of the HEAD method, the |
||
| 1066 | * media type that would have been sent had the request been a GET. |
||
| 1067 | * For the MIME-types the user expects in response, see [[acceptableContentTypes]]. |
||
| 1068 | * @return string request content-type. Null is returned if this information is not available. |
||
| 1069 | * @link http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17 |
||
| 1070 | * HTTP 1.1 header field definitions |
||
| 1071 | */ |
||
| 1072 | public function getContentType() |
||
| 1083 | |||
| 1084 | private $_languages; |
||
| 1085 | |||
| 1086 | /** |
||
| 1087 | * Returns the languages acceptable by the end user. |
||
| 1088 | * This is determined by the `Accept-Language` HTTP header. |
||
| 1089 | * @return array the languages ordered by the preference level. The first element |
||
| 1090 | * represents the most preferred language. |
||
| 1091 | */ |
||
| 1092 | public function getAcceptableLanguages() |
||
| 1104 | |||
| 1105 | /** |
||
| 1106 | * @param array $value the languages that are acceptable by the end user. They should |
||
| 1107 | * be ordered by the preference level. |
||
| 1108 | */ |
||
| 1109 | public function setAcceptableLanguages($value) |
||
| 1113 | |||
| 1114 | /** |
||
| 1115 | * Parses the given `Accept` (or `Accept-Language`) header. |
||
| 1116 | * |
||
| 1117 | * This method will return the acceptable values with their quality scores and the corresponding parameters |
||
| 1118 | * as specified in the given `Accept` header. The array keys of the return value are the acceptable values, |
||
| 1119 | * while the array values consisting of the corresponding quality scores and parameters. The acceptable |
||
| 1120 | * values with the highest quality scores will be returned first. For example, |
||
| 1121 | * |
||
| 1122 | * ```php |
||
| 1123 | * $header = 'text/plain; q=0.5, application/json; version=1.0, application/xml; version=2.0;'; |
||
| 1124 | * $accepts = $request->parseAcceptHeader($header); |
||
| 1125 | * print_r($accepts); |
||
| 1126 | * // displays: |
||
| 1127 | * // [ |
||
| 1128 | * // 'application/json' => ['q' => 1, 'version' => '1.0'], |
||
| 1129 | * // 'application/xml' => ['q' => 1, 'version' => '2.0'], |
||
| 1130 | * // 'text/plain' => ['q' => 0.5], |
||
| 1131 | * // ] |
||
| 1132 | * ``` |
||
| 1133 | * |
||
| 1134 | * @param string $header the header to be parsed |
||
| 1135 | * @return array the acceptable values ordered by their quality score. The values with the highest scores |
||
| 1136 | * will be returned first. |
||
| 1137 | */ |
||
| 1138 | public function parseAcceptHeader($header) |
||
| 1197 | |||
| 1198 | /** |
||
| 1199 | * Returns the user-preferred language that should be used by this application. |
||
| 1200 | * The language resolution is based on the user preferred languages and the languages |
||
| 1201 | * supported by the application. The method will try to find the best match. |
||
| 1202 | * @param array $languages a list of the languages supported by the application. If this is empty, the current |
||
| 1203 | * application language will be returned without further processing. |
||
| 1204 | * @return string the language that the application should use. |
||
| 1205 | */ |
||
| 1206 | public function getPreferredLanguage(array $languages = []) |
||
| 1227 | |||
| 1228 | /** |
||
| 1229 | * Gets the Etags. |
||
| 1230 | * |
||
| 1231 | * @return array The entity tags |
||
| 1232 | */ |
||
| 1233 | public function getETags() |
||
| 1241 | |||
| 1242 | /** |
||
| 1243 | * Returns the cookie collection. |
||
| 1244 | * Through the returned cookie collection, you may access a cookie using the following syntax: |
||
| 1245 | * |
||
| 1246 | * ```php |
||
| 1247 | * $cookie = $request->cookies['name'] |
||
| 1248 | * if ($cookie !== null) { |
||
| 1249 | * $value = $cookie->value; |
||
| 1250 | * } |
||
| 1251 | * |
||
| 1252 | * // alternatively |
||
| 1253 | * $value = $request->cookies->getValue('name'); |
||
| 1254 | * ``` |
||
| 1255 | * |
||
| 1256 | * @return CookieCollection the cookie collection. |
||
| 1257 | */ |
||
| 1258 | public function getCookies() |
||
| 1268 | |||
| 1269 | /** |
||
| 1270 | * Converts `$_COOKIE` into an array of [[Cookie]]. |
||
| 1271 | * @return array the cookies obtained from request |
||
| 1272 | * @throws InvalidConfigException if [[cookieValidationKey]] is not set when [[enableCookieValidation]] is true |
||
| 1273 | */ |
||
| 1274 | protected function loadCookies() |
||
| 1310 | |||
| 1311 | private $_csrfToken; |
||
| 1312 | |||
| 1313 | /** |
||
| 1314 | * Returns the token used to perform CSRF validation. |
||
| 1315 | * |
||
| 1316 | * This token is generated in a way to prevent [BREACH attacks](http://breachattack.com/). It may be passed |
||
| 1317 | * along via a hidden field of an HTML form or an HTTP header value to support CSRF validation. |
||
| 1318 | * @param bool $regenerate whether to regenerate CSRF token. When this parameter is true, each time |
||
| 1319 | * this method is called, a new CSRF token will be generated and persisted (in session or cookie). |
||
| 1320 | * @return string the token used to perform CSRF validation. |
||
| 1321 | */ |
||
| 1322 | public function getCsrfToken($regenerate = false) |
||
| 1337 | |||
| 1338 | /** |
||
| 1339 | * Loads the CSRF token from cookie or session. |
||
| 1340 | * @return string the CSRF token loaded from cookie or session. Null is returned if the cookie or session |
||
| 1341 | * does not have CSRF token. |
||
| 1342 | */ |
||
| 1343 | protected function loadCsrfToken() |
||
| 1351 | |||
| 1352 | /** |
||
| 1353 | * Generates an unmasked random token used to perform CSRF validation. |
||
| 1354 | * @return string the random token for CSRF validation. |
||
| 1355 | */ |
||
| 1356 | protected function generateCsrfToken() |
||
| 1367 | |||
| 1368 | /** |
||
| 1369 | * Returns the XOR result of two strings. |
||
| 1370 | * If the two strings are of different lengths, the shorter one will be padded to the length of the longer one. |
||
| 1371 | * @param string $token1 |
||
| 1372 | * @param string $token2 |
||
| 1373 | * @return string the XOR result |
||
| 1374 | */ |
||
| 1375 | private function xorTokens($token1, $token2) |
||
| 1387 | |||
| 1388 | /** |
||
| 1389 | * @return string the CSRF token sent via [[CSRF_HEADER]] by browser. Null is returned if no such header is sent. |
||
| 1390 | */ |
||
| 1391 | public function getCsrfTokenFromHeader() |
||
| 1396 | |||
| 1397 | /** |
||
| 1398 | * Creates a cookie with a randomly generated CSRF token. |
||
| 1399 | * Initial values specified in [[csrfCookie]] will be applied to the generated cookie. |
||
| 1400 | * @param string $token the CSRF token |
||
| 1401 | * @return Cookie the generated cookie |
||
| 1402 | * @see enableCsrfValidation |
||
| 1403 | */ |
||
| 1404 | protected function createCsrfCookie($token) |
||
| 1411 | |||
| 1412 | /** |
||
| 1413 | * Performs the CSRF validation. |
||
| 1414 | * |
||
| 1415 | * This method will validate the user-provided CSRF token by comparing it with the one stored in cookie or session. |
||
| 1416 | * This method is mainly called in [[Controller::beforeAction()]]. |
||
| 1417 | * |
||
| 1418 | * Note that the method will NOT perform CSRF validation if [[enableCsrfValidation]] is false or the HTTP method |
||
| 1419 | * is among GET, HEAD or OPTIONS. |
||
| 1420 | * |
||
| 1421 | * @param string $token the user-provided CSRF token to be validated. If null, the token will be retrieved from |
||
| 1422 | * the [[csrfParam]] POST field or HTTP header. |
||
| 1423 | * This parameter is available since version 2.0.4. |
||
| 1424 | * @return bool whether CSRF token is valid. If [[enableCsrfValidation]] is false, this method will return true. |
||
| 1425 | */ |
||
| 1426 | public function validateCsrfToken($token = null) |
||
| 1443 | |||
| 1444 | /** |
||
| 1445 | * Validates CSRF token |
||
| 1446 | * |
||
| 1447 | * @param string $token |
||
| 1448 | * @param string $trueToken |
||
| 1449 | * @return bool |
||
| 1450 | */ |
||
| 1451 | private function validateCsrfTokenInternal($token, $trueToken) |
||
| 1468 | } |
||
| 1469 |
Loading history...
