Complex classes like Request often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use Request, and based on these observations, apply Extract Interface, too.
1 | <?php |
||
103 | class Request extends \yii\base\Request implements ServerRequestInterface |
||
104 | { |
||
105 | use MessageTrait; |
||
106 | |||
107 | /** |
||
108 | * The name of the HTTP header for sending CSRF token. |
||
109 | */ |
||
110 | const CSRF_HEADER = 'X-CSRF-Token'; |
||
111 | /** |
||
112 | * The length of the CSRF token mask. |
||
113 | * @deprecated 2.0.12 The mask length is now equal to the token length. |
||
114 | */ |
||
115 | const CSRF_MASK_LENGTH = 8; |
||
116 | |||
117 | /** |
||
118 | * @var bool whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to true. |
||
119 | * When CSRF validation is enabled, forms submitted to an Yii Web application must be originated |
||
120 | * from the same application. If not, a 400 HTTP exception will be raised. |
||
121 | * |
||
122 | * Note, this feature requires that the user client accepts cookie. Also, to use this feature, |
||
123 | * forms submitted via POST method must contain a hidden input whose name is specified by [[csrfParam]]. |
||
124 | * You may use [[\yii\helpers\Html::beginForm()]] to generate his hidden input. |
||
125 | * |
||
126 | * In JavaScript, you may get the values of [[csrfParam]] and [[csrfToken]] via `yii.getCsrfParam()` and |
||
127 | * `yii.getCsrfToken()`, respectively. The [[\yii\web\YiiAsset]] asset must be registered. |
||
128 | * You also need to include CSRF meta tags in your pages by using [[\yii\helpers\Html::csrfMetaTags()]]. |
||
129 | * |
||
130 | * @see Controller::enableCsrfValidation |
||
131 | * @see http://en.wikipedia.org/wiki/Cross-site_request_forgery |
||
132 | */ |
||
133 | public $enableCsrfValidation = true; |
||
134 | /** |
||
135 | * @var string the name of the token used to prevent CSRF. Defaults to '_csrf'. |
||
136 | * This property is used only when [[enableCsrfValidation]] is true. |
||
137 | */ |
||
138 | public $csrfParam = '_csrf'; |
||
139 | /** |
||
140 | * @var array the configuration for creating the CSRF [[Cookie|cookie]]. This property is used only when |
||
141 | * both [[enableCsrfValidation]] and [[enableCsrfCookie]] are true. |
||
142 | */ |
||
143 | public $csrfCookie = ['httpOnly' => true]; |
||
144 | /** |
||
145 | * @var bool whether to use cookie to persist CSRF token. If false, CSRF token will be stored |
||
146 | * in session under the name of [[csrfParam]]. Note that while storing CSRF tokens in session increases |
||
147 | * security, it requires starting a session for every page, which will degrade your site performance. |
||
148 | */ |
||
149 | public $enableCsrfCookie = true; |
||
150 | /** |
||
151 | * @var bool whether cookies should be validated to ensure they are not tampered. Defaults to true. |
||
152 | */ |
||
153 | public $enableCookieValidation = true; |
||
154 | /** |
||
155 | * @var string a secret key used for cookie validation. This property must be set if [[enableCookieValidation]] is true. |
||
156 | */ |
||
157 | public $cookieValidationKey; |
||
158 | /** |
||
159 | * @var string the name of the POST parameter that is used to indicate if a request is a PUT, PATCH or DELETE |
||
160 | * request tunneled through POST. Defaults to '_method'. |
||
161 | * @see getMethod() |
||
162 | * @see getParsedBody() |
||
163 | */ |
||
164 | public $methodParam = '_method'; |
||
165 | /** |
||
166 | * @var array the parsers for converting the raw HTTP request body into [[bodyParams]]. |
||
167 | * The array keys are the request `Content-Types`, and the array values are the |
||
168 | * corresponding configurations for [[Yii::createObject|creating the parser objects]]. |
||
169 | * A parser must implement the [[RequestParserInterface]]. |
||
170 | * |
||
171 | * To enable parsing for JSON requests you can use the [[JsonParser]] class like in the following example: |
||
172 | * |
||
173 | * ``` |
||
174 | * [ |
||
175 | * 'application/json' => \yii\web\JsonParser::class, |
||
176 | * ] |
||
177 | * ``` |
||
178 | * |
||
179 | * To register a parser for parsing all request types you can use `'*'` as the array key. |
||
180 | * This one will be used as a fallback in case no other types match. |
||
181 | * |
||
182 | * @see getParsedBody() |
||
183 | */ |
||
184 | public $parsers = []; |
||
185 | /** |
||
186 | * @var string name of the class to be used for uploaded file instantiation. |
||
187 | * This class should implement [[UploadedFileInterface]]. |
||
188 | * @since 2.1.0 |
||
189 | */ |
||
190 | public $uploadedFileClass = UploadedFile::class; |
||
191 | /** |
||
192 | * @var array the configuration for trusted security related headers. |
||
193 | * |
||
194 | * An array key is an IPv4 or IPv6 IP address in CIDR notation for matching a client. |
||
195 | * |
||
196 | * An array value is a list of headers to trust. These will be matched against |
||
197 | * [[secureHeaders]] to determine which headers are allowed to be sent by a specified host. |
||
198 | * The case of the header names must be the same as specified in [[secureHeaders]]. |
||
199 | * |
||
200 | * For example, to trust all headers listed in [[secureHeaders]] for IP addresses |
||
201 | * in range `192.168.0.0-192.168.0.254` write the following: |
||
202 | * |
||
203 | * ```php |
||
204 | * [ |
||
205 | * '192.168.0.0/24', |
||
206 | * ] |
||
207 | * ``` |
||
208 | * |
||
209 | * To trust just the `X-Forwarded-For` header from `10.0.0.1`, use: |
||
210 | * |
||
211 | * ``` |
||
212 | * [ |
||
213 | * '10.0.0.1' => ['X-Forwarded-For'] |
||
214 | * ] |
||
215 | * ``` |
||
216 | * |
||
217 | * Default is to trust all headers except those listed in [[secureHeaders]] from all hosts. |
||
218 | * Matches are tried in order and searching is stopped when IP matches. |
||
219 | * |
||
220 | * > Info: Matching is performed using [[IpValidator]]. |
||
221 | * See [[IpValidator::::setRanges()|IpValidator::setRanges()]] |
||
222 | * and [[IpValidator::networks]] for advanced matching. |
||
223 | * |
||
224 | * @see $secureHeaders |
||
225 | * @since 2.0.13 |
||
226 | */ |
||
227 | public $trustedHosts = []; |
||
228 | /** |
||
229 | * @var array lists of headers that are, by default, subject to the trusted host configuration. |
||
230 | * These headers will be filtered unless explicitly allowed in [[trustedHosts]]. |
||
231 | * The match of header names is case-insensitive. |
||
232 | * @see https://en.wikipedia.org/wiki/List_of_HTTP_header_fields |
||
233 | * @see $trustedHosts |
||
234 | * @since 2.0.13 |
||
235 | */ |
||
236 | public $secureHeaders = [ |
||
237 | // Common: |
||
238 | 'X-Forwarded-For', |
||
239 | 'X-Forwarded-Host', |
||
240 | 'X-Forwarded-Proto', |
||
241 | |||
242 | // Microsoft: |
||
243 | 'Front-End-Https', |
||
244 | 'X-Rewrite-Url', |
||
245 | ]; |
||
246 | /** |
||
247 | * @var string[] List of headers where proxies store the real client IP. |
||
248 | * It's not advisable to put insecure headers here. |
||
249 | * The match of header names is case-insensitive. |
||
250 | * @see $trustedHosts |
||
251 | * @see $secureHeaders |
||
252 | * @since 2.0.13 |
||
253 | */ |
||
254 | public $ipHeaders = [ |
||
255 | 'X-Forwarded-For', // Common |
||
256 | ]; |
||
257 | /** |
||
258 | * @var array list of headers to check for determining whether the connection is made via HTTPS. |
||
259 | * The array keys are header names and the array value is a list of header values that indicate a secure connection. |
||
260 | * The match of header names and values is case-insensitive. |
||
261 | * It's not advisable to put insecure headers here. |
||
262 | * @see $trustedHosts |
||
263 | * @see $secureHeaders |
||
264 | * @since 2.0.13 |
||
265 | */ |
||
266 | public $secureProtocolHeaders = [ |
||
267 | 'X-Forwarded-Proto' => ['https'], // Common |
||
268 | 'Front-End-Https' => ['on'], // Microsoft |
||
269 | ]; |
||
270 | |||
271 | /** |
||
272 | * @var array attributes derived from the request. |
||
273 | * @since 2.1.0 |
||
274 | */ |
||
275 | private $_attributes; |
||
276 | /** |
||
277 | * @var array server parameters. |
||
278 | * @since 2.1.0 |
||
279 | */ |
||
280 | private $_serverParams; |
||
281 | /** |
||
282 | * @var array the cookies sent by the client to the server. |
||
283 | * @since 2.1.0 |
||
284 | */ |
||
285 | private $_cookieParams; |
||
286 | /** |
||
287 | * @var CookieCollection Collection of request cookies. |
||
288 | */ |
||
289 | private $_cookies; |
||
290 | /** |
||
291 | * @var string the HTTP method of the request. |
||
292 | */ |
||
293 | private $_method; |
||
294 | /** |
||
295 | * @var UriInterface the URI instance associated with request. |
||
296 | */ |
||
297 | private $_uri; |
||
298 | /** |
||
299 | * @var mixed the message's request target. |
||
300 | */ |
||
301 | private $_requestTarget; |
||
302 | /** |
||
303 | * @var array uploaded files. |
||
304 | * @since 2.1.0 |
||
305 | */ |
||
306 | private $_uploadedFiles; |
||
307 | |||
308 | |||
309 | /** |
||
310 | * Resolves the current request into a route and the associated parameters. |
||
311 | * @return array the first element is the route, and the second is the associated parameters. |
||
312 | * @throws NotFoundHttpException if the request cannot be resolved. |
||
313 | */ |
||
314 | 1 | public function resolve() |
|
330 | |||
331 | /** |
||
332 | * Filters headers according to the [[trustedHosts]]. |
||
333 | * @param array $rawHeaders |
||
334 | * @return array filtered headers |
||
335 | * @since 2.0.13 |
||
336 | */ |
||
337 | 139 | protected function filterHeaders($rawHeaders) |
|
370 | |||
371 | /** |
||
372 | * Creates instance of [[IpValidator]]. |
||
373 | * You can override this method to adjust validator or implement different matching strategy. |
||
374 | * |
||
375 | * @return IpValidator |
||
376 | * @since 2.0.13 |
||
377 | */ |
||
378 | 24 | protected function getIpValidator() |
|
382 | |||
383 | /** |
||
384 | * Returns default message's headers, which should be present once [[headerCollection]] is instantiated. |
||
385 | * @return string[][] an associative array of the message's headers. |
||
386 | */ |
||
387 | 139 | protected function defaultHeaders() |
|
405 | |||
406 | /** |
||
407 | * {@inheritdoc} |
||
408 | * @since 2.1.0 |
||
409 | */ |
||
410 | public function getRequestTarget() |
||
417 | |||
418 | /** |
||
419 | * Specifies the message's request target |
||
420 | * @param mixed $requestTarget the message's request target. |
||
421 | * @since 2.1.0 |
||
422 | */ |
||
423 | public function setRequestTarget($requestTarget) |
||
427 | |||
428 | /** |
||
429 | * {@inheritdoc} |
||
430 | * @since 2.1.0 |
||
431 | */ |
||
432 | public function withRequestTarget($requestTarget) |
||
442 | |||
443 | /** |
||
444 | * {@inheritdoc} |
||
445 | */ |
||
446 | 51 | public function getMethod() |
|
459 | |||
460 | /** |
||
461 | * Specifies request HTTP method. |
||
462 | * @param string $method case-sensitive HTTP method. |
||
463 | * @since 2.1.0 |
||
464 | */ |
||
465 | 12 | public function setMethod($method) |
|
469 | |||
470 | /** |
||
471 | * {@inheritdoc} |
||
472 | * @since 2.1.0 |
||
473 | */ |
||
474 | 1 | public function withMethod($method) |
|
484 | |||
485 | /** |
||
486 | * {@inheritdoc} |
||
487 | * @since 2.1.0 |
||
488 | */ |
||
489 | public function getUri() |
||
504 | |||
505 | /** |
||
506 | * Specifies the URI instance. |
||
507 | * @param UriInterface|\Closure|array $uri URI instance or its DI compatible configuration. |
||
508 | * @since 2.1.0 |
||
509 | */ |
||
510 | public function setUri($uri) |
||
514 | |||
515 | /** |
||
516 | * {@inheritdoc} |
||
517 | * @since 2.1.0 |
||
518 | */ |
||
519 | public function withUri(UriInterface $uri, $preserveHost = false) |
||
533 | |||
534 | /** |
||
535 | * Returns whether this is a GET request. |
||
536 | * @return bool whether this is a GET request. |
||
537 | */ |
||
538 | 2 | public function getIsGet() |
|
542 | |||
543 | /** |
||
544 | * Returns whether this is an OPTIONS request. |
||
545 | * @return bool whether this is a OPTIONS request. |
||
546 | */ |
||
547 | 1 | public function getIsOptions() |
|
551 | |||
552 | /** |
||
553 | * Returns whether this is a HEAD request. |
||
554 | * @return bool whether this is a HEAD request. |
||
555 | */ |
||
556 | public function getIsHead() |
||
560 | |||
561 | /** |
||
562 | * Returns whether this is a POST request. |
||
563 | * @return bool whether this is a POST request. |
||
564 | */ |
||
565 | public function getIsPost() |
||
569 | |||
570 | /** |
||
571 | * Returns whether this is a DELETE request. |
||
572 | * @return bool whether this is a DELETE request. |
||
573 | */ |
||
574 | public function getIsDelete() |
||
578 | |||
579 | /** |
||
580 | * Returns whether this is a PUT request. |
||
581 | * @return bool whether this is a PUT request. |
||
582 | */ |
||
583 | public function getIsPut() |
||
587 | |||
588 | /** |
||
589 | * Returns whether this is a PATCH request. |
||
590 | * @return bool whether this is a PATCH request. |
||
591 | */ |
||
592 | public function getIsPatch() |
||
596 | |||
597 | /** |
||
598 | * Returns whether this is an AJAX (XMLHttpRequest) request. |
||
599 | * |
||
600 | * Note that jQuery doesn't set the header in case of cross domain |
||
601 | * requests: https://stackoverflow.com/questions/8163703/cross-domain-ajax-doesnt-send-x-requested-with-header |
||
602 | * |
||
603 | * @return bool whether this is an AJAX (XMLHttpRequest) request. |
||
604 | */ |
||
605 | 13 | public function getIsAjax() |
|
609 | |||
610 | /** |
||
611 | * Returns whether this is an Adobe Flash or Flex request. |
||
612 | * @return bool whether this is an Adobe Flash or Adobe Flex request. |
||
613 | */ |
||
614 | public function getIsFlash() |
||
622 | |||
623 | /** |
||
624 | * Returns default message body to be used in case it is not explicitly set. |
||
625 | * @return StreamInterface default body instance. |
||
626 | */ |
||
627 | protected function defaultBody() |
||
634 | |||
635 | /** |
||
636 | * Returns the raw HTTP request body. |
||
637 | * @return string the request body |
||
638 | */ |
||
639 | public function getRawBody() |
||
643 | |||
644 | /** |
||
645 | * Sets the raw HTTP request body, this method is mainly used by test scripts to simulate raw HTTP requests. |
||
646 | * @param string $rawBody the request body |
||
647 | */ |
||
648 | 6 | public function setRawBody($rawBody) |
|
654 | |||
655 | private $_parsedBody = false; |
||
656 | |||
657 | /** |
||
658 | * Returns the request parameters given in the request body. |
||
659 | * |
||
660 | * Request parameters are determined using the parsers configured in [[parsers]] property. |
||
661 | * If no parsers are configured for the current [[contentType]] it uses the PHP function `mb_parse_str()` |
||
662 | * to parse the [[rawBody|request body]]. |
||
663 | * |
||
664 | * Since 2.1.0 body params also include result of [[getUploadedFiles()]]. |
||
665 | * |
||
666 | * @return array|null the request parameters given in the request body. A `null` value indicates |
||
667 | * the absence of body content. |
||
668 | * @throws InvalidConfigException if a registered parser does not implement the [[RequestParserInterface]]. |
||
669 | * @throws UnsupportedMediaTypeHttpException if unable to parse raw body. |
||
670 | * @see getMethod() |
||
671 | * @see getParsedBodyParam() |
||
672 | * @see setParsedBody() |
||
673 | */ |
||
674 | 13 | public function getParsedBody() |
|
724 | |||
725 | /** |
||
726 | * Sets the request body parameters. |
||
727 | * @param array $values the request body parameters (name-value pairs) |
||
728 | * @see getParsedBodyParam() |
||
729 | * @see getParsedBody() |
||
730 | */ |
||
731 | 4 | public function setParsedBody($values) |
|
735 | |||
736 | /** |
||
737 | * {@inheritdoc} |
||
738 | * @since 2.1.0 |
||
739 | */ |
||
740 | public function withParsedBody($data) |
||
746 | |||
747 | /** |
||
748 | * Returns the named request body parameter value. |
||
749 | * If the parameter does not exist, the second parameter passed to this method will be returned. |
||
750 | * @param string $name the parameter name |
||
751 | * @param mixed $defaultValue the default parameter value if the parameter does not exist. |
||
752 | * @return mixed the parameter value |
||
753 | * @see getParsedBody() |
||
754 | * @see setParsedBody() |
||
755 | */ |
||
756 | 5 | public function getParsedBodyParam($name, $defaultValue = null) |
|
771 | |||
772 | /** |
||
773 | * Returns POST parameter with a given name. If name isn't specified, returns an array of all POST parameters. |
||
774 | * |
||
775 | * @param string $name the parameter name |
||
776 | * @param mixed $defaultValue the default parameter value if the parameter does not exist. |
||
777 | * @return array|mixed |
||
778 | */ |
||
779 | public function post($name = null, $defaultValue = null) |
||
787 | |||
788 | private $_queryParams; |
||
789 | |||
790 | /** |
||
791 | * Returns the request parameters given in the [[queryString]]. |
||
792 | * |
||
793 | * This method will return the contents of `$_GET` if params where not explicitly set. |
||
794 | * @return array the request GET parameter values. |
||
795 | * @see setQueryParams() |
||
796 | */ |
||
797 | 18 | public function getQueryParams() |
|
805 | |||
806 | /** |
||
807 | * Sets the request [[queryString]] parameters. |
||
808 | * @param array $values the request query parameters (name-value pairs) |
||
809 | * @see getQueryParam() |
||
810 | * @see getQueryParams() |
||
811 | */ |
||
812 | 5 | public function setQueryParams($values) |
|
816 | |||
817 | /** |
||
818 | * {@inheritdoc} |
||
819 | */ |
||
820 | public function withQueryParams(array $query) |
||
830 | |||
831 | /** |
||
832 | * Returns GET parameter with a given name. If name isn't specified, returns an array of all GET parameters. |
||
833 | * |
||
834 | * @param string $name the parameter name |
||
835 | * @param mixed $defaultValue the default parameter value if the parameter does not exist. |
||
836 | * @return array|mixed |
||
837 | */ |
||
838 | 6 | public function get($name = null, $defaultValue = null) |
|
846 | |||
847 | /** |
||
848 | * Returns the named GET parameter value. |
||
849 | * If the GET parameter does not exist, the second parameter passed to this method will be returned. |
||
850 | * @param string $name the GET parameter name. |
||
851 | * @param mixed $defaultValue the default parameter value if the GET parameter does not exist. |
||
852 | * @return mixed the GET parameter value |
||
853 | * @see getParsedBodyParam() |
||
854 | */ |
||
855 | 9 | public function getQueryParam($name, $defaultValue = null) |
|
861 | |||
862 | /** |
||
863 | * Sets the data related to the incoming request environment. |
||
864 | * @param array $serverParams server parameters. |
||
865 | * @since 2.1.0 |
||
866 | */ |
||
867 | 4 | public function setServerParams(array $serverParams) |
|
871 | |||
872 | /** |
||
873 | * {@inheritdoc} |
||
874 | * @since 2.1.0 |
||
875 | */ |
||
876 | 122 | public function getServerParams() |
|
883 | |||
884 | /** |
||
885 | * Return the server environment parameter by name. |
||
886 | * @param string $name parameter name. |
||
887 | * @param mixed $default default value to return if the parameter does not exist. |
||
888 | * @return mixed parameter value. |
||
889 | * @since 2.1.0 |
||
890 | */ |
||
891 | 122 | public function getServerParam($name, $default = null) |
|
899 | |||
900 | /** |
||
901 | * Specifies cookies. |
||
902 | * @param array $cookies array of key/value pairs representing cookies. |
||
903 | * @since 2.1.0 |
||
904 | */ |
||
905 | public function setCookieParams(array $cookies) |
||
910 | |||
911 | /** |
||
912 | * {@inheritdoc} |
||
913 | * @since 2.1.0 |
||
914 | */ |
||
915 | 45 | public function getCookieParams() |
|
922 | |||
923 | /** |
||
924 | * {@inheritdoc} |
||
925 | * @since 2.1.0 |
||
926 | */ |
||
927 | public function withCookieParams(array $cookies) |
||
937 | |||
938 | private $_hostInfo; |
||
939 | private $_hostName; |
||
940 | |||
941 | /** |
||
942 | * Returns the schema and host part of the current request URL. |
||
943 | * |
||
944 | * The returned URL does not have an ending slash. |
||
945 | * |
||
946 | * By default this value is based on the user request information. This method will |
||
947 | * return the value of `$_SERVER['HTTP_HOST']` if it is available or `$_SERVER['SERVER_NAME']` if not. |
||
948 | * You may want to check out the [PHP documentation](http://php.net/manual/en/reserved.variables.server.php) |
||
949 | * for more information on these variables. |
||
950 | * |
||
951 | * You may explicitly specify it by setting the [[setHostInfo()|hostInfo]] property. |
||
952 | * |
||
953 | * > Warning: Dependent on the server configuration this information may not be |
||
954 | * > reliable and [may be faked by the user sending the HTTP request](https://www.acunetix.com/vulnerabilities/web/host-header-attack). |
||
955 | * > If the webserver is configured to serve the same site independent of the value of |
||
956 | * > the `Host` header, this value is not reliable. In such situations you should either |
||
957 | * > fix your webserver configuration or explicitly set the value by setting the [[setHostInfo()|hostInfo]] property. |
||
958 | * > If you don't have access to the server configuration, you can setup [[\yii\filters\HostControl]] filter at |
||
959 | * > application level in order to protect against such kind of attack. |
||
960 | * |
||
961 | * @property string|null schema and hostname part (with port number if needed) of the request URL |
||
962 | * (e.g. `http://www.yiiframework.com`), null if can't be obtained from `$_SERVER` and wasn't set. |
||
963 | * See [[getHostInfo()]] for security related notes on this property. |
||
964 | * @return string|null schema and hostname part (with port number if needed) of the request URL |
||
965 | * (e.g. `http://www.yiiframework.com`), null if can't be obtained from `$_SERVER` and wasn't set. |
||
966 | * @see setHostInfo() |
||
967 | */ |
||
968 | 23 | public function getHostInfo() |
|
989 | |||
990 | /** |
||
991 | * Sets the schema and host part of the application URL. |
||
992 | * This setter is provided in case the schema and hostname cannot be determined |
||
993 | * on certain Web servers. |
||
994 | * @param string|null $value the schema and host part of the application URL. The trailing slashes will be removed. |
||
995 | * @see getHostInfo() for security related notes on this property. |
||
996 | */ |
||
997 | 47 | public function setHostInfo($value) |
|
1002 | |||
1003 | /** |
||
1004 | * Returns the host part of the current request URL. |
||
1005 | * Value is calculated from current [[getHostInfo()|hostInfo]] property. |
||
1006 | * |
||
1007 | * > Warning: The content of this value may not be reliable, dependent on the server |
||
1008 | * > configuration. Please refer to [[getHostInfo()]] for more information. |
||
1009 | * |
||
1010 | * @return string|null hostname part of the request URL (e.g. `www.yiiframework.com`) |
||
1011 | * @see getHostInfo() |
||
1012 | * @since 2.0.10 |
||
1013 | */ |
||
1014 | 16 | public function getHostName() |
|
1022 | |||
1023 | private $_baseUrl; |
||
1024 | |||
1025 | /** |
||
1026 | * Returns the relative URL for the application. |
||
1027 | * This is similar to [[scriptUrl]] except that it does not include the script file name, |
||
1028 | * and the ending slashes are removed. |
||
1029 | * @return string the relative URL for the application |
||
1030 | * @see setScriptUrl() |
||
1031 | */ |
||
1032 | 253 | public function getBaseUrl() |
|
1040 | |||
1041 | /** |
||
1042 | * Sets the relative URL for the application. |
||
1043 | * By default the URL is determined based on the entry script URL. |
||
1044 | * This setter is provided in case you want to change this behavior. |
||
1045 | * @param string $value the relative URL for the application |
||
1046 | */ |
||
1047 | 1 | public function setBaseUrl($value) |
|
1051 | |||
1052 | private $_scriptUrl; |
||
1053 | |||
1054 | /** |
||
1055 | * Returns the relative URL of the entry script. |
||
1056 | * The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework. |
||
1057 | * @return string the relative URL of the entry script. |
||
1058 | * @throws InvalidConfigException if unable to determine the entry script URL |
||
1059 | */ |
||
1060 | 254 | public function getScriptUrl() |
|
1083 | |||
1084 | /** |
||
1085 | * Sets the relative URL for the application entry script. |
||
1086 | * This setter is provided in case the entry script URL cannot be determined |
||
1087 | * on certain Web servers. |
||
1088 | * @param string $value the relative URL for the application entry script. |
||
1089 | */ |
||
1090 | 264 | public function setScriptUrl($value) |
|
1094 | |||
1095 | private $_scriptFile; |
||
1096 | |||
1097 | /** |
||
1098 | * Returns the entry script file path. |
||
1099 | * The default implementation will simply return `$_SERVER['SCRIPT_FILENAME']`. |
||
1100 | * @return string the entry script file path |
||
1101 | * @throws InvalidConfigException |
||
1102 | */ |
||
1103 | 255 | public function getScriptFile() |
|
1115 | |||
1116 | /** |
||
1117 | * Sets the entry script file path. |
||
1118 | * The entry script file path normally can be obtained from `$_SERVER['SCRIPT_FILENAME']`. |
||
1119 | * If your server configuration does not return the correct value, you may configure |
||
1120 | * this property to make it right. |
||
1121 | * @param string $value the entry script file path. |
||
1122 | */ |
||
1123 | 243 | public function setScriptFile($value) |
|
1127 | |||
1128 | private $_pathInfo; |
||
1129 | |||
1130 | /** |
||
1131 | * Returns the path info of the currently requested URL. |
||
1132 | * A path info refers to the part that is after the entry script and before the question mark (query string). |
||
1133 | * The starting and ending slashes are both removed. |
||
1134 | * @return string part of the request URL that is after the entry script and before the question mark. |
||
1135 | * Note, the returned path info is already URL-decoded. |
||
1136 | * @throws InvalidConfigException if the path info cannot be determined due to unexpected server configuration |
||
1137 | */ |
||
1138 | 17 | public function getPathInfo() |
|
1146 | |||
1147 | /** |
||
1148 | * Sets the path info of the current request. |
||
1149 | * This method is mainly provided for testing purpose. |
||
1150 | * @param string $value the path info of the current request |
||
1151 | */ |
||
1152 | 18 | public function setPathInfo($value) |
|
1156 | |||
1157 | /** |
||
1158 | * Resolves the path info part of the currently requested URL. |
||
1159 | * A path info refers to the part that is after the entry script and before the question mark (query string). |
||
1160 | * The starting slashes are both removed (ending slashes will be kept). |
||
1161 | * @return string part of the request URL that is after the entry script and before the question mark. |
||
1162 | * Note, the returned path info is decoded. |
||
1163 | * @throws InvalidConfigException if the path info cannot be determined due to unexpected server configuration |
||
1164 | */ |
||
1165 | protected function resolvePathInfo() |
||
1209 | |||
1210 | /** |
||
1211 | * Returns the currently requested absolute URL. |
||
1212 | * This is a shortcut to the concatenation of [[hostInfo]] and [[url]]. |
||
1213 | * @return string the currently requested absolute URL. |
||
1214 | */ |
||
1215 | public function getAbsoluteUrl() |
||
1219 | |||
1220 | private $_url; |
||
1221 | |||
1222 | /** |
||
1223 | * Returns the currently requested relative URL. |
||
1224 | * This refers to the portion of the URL that is after the [[hostInfo]] part. |
||
1225 | * It includes the [[queryString]] part if any. |
||
1226 | * @return string the currently requested relative URL. Note that the URI returned may be URL-encoded depending on the client. |
||
1227 | * @throws InvalidConfigException if the URL cannot be determined due to unusual server configuration |
||
1228 | */ |
||
1229 | 9 | public function getUrl() |
|
1237 | |||
1238 | /** |
||
1239 | * Sets the currently requested relative URL. |
||
1240 | * The URI must refer to the portion that is after [[hostInfo]]. |
||
1241 | * Note that the URI should be URL-encoded. |
||
1242 | * @param string $value the request URI to be set |
||
1243 | */ |
||
1244 | 24 | public function setUrl($value) |
|
1248 | |||
1249 | /** |
||
1250 | * Resolves the request URI portion for the currently requested URL. |
||
1251 | * This refers to the portion that is after the [[hostInfo]] part. It includes the [[queryString]] part if any. |
||
1252 | * The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework. |
||
1253 | * @return string|bool the request URI portion for the currently requested URL. |
||
1254 | * Note that the URI returned may be URL-encoded depending on the client. |
||
1255 | * @throws InvalidConfigException if the request URI cannot be determined due to unusual server configuration |
||
1256 | */ |
||
1257 | 2 | protected function resolveRequestUri() |
|
1279 | |||
1280 | /** |
||
1281 | * Returns part of the request URL that is after the question mark. |
||
1282 | * @return string part of the request URL that is after the question mark |
||
1283 | */ |
||
1284 | public function getQueryString() |
||
1288 | |||
1289 | /** |
||
1290 | * Return if the request is sent via secure channel (https). |
||
1291 | * @return bool if the request is sent via secure channel (https) |
||
1292 | */ |
||
1293 | 36 | public function getIsSecureConnection() |
|
1311 | |||
1312 | /** |
||
1313 | * Returns the server name. |
||
1314 | * @return string server name, null if not available |
||
1315 | */ |
||
1316 | 1 | public function getServerName() |
|
1320 | |||
1321 | /** |
||
1322 | * Returns the server port number. |
||
1323 | * @return int|null server port number, null if not available |
||
1324 | */ |
||
1325 | 2 | public function getServerPort() |
|
1330 | |||
1331 | /** |
||
1332 | * Returns the URL referrer. |
||
1333 | * @return string|null URL referrer, null if not available |
||
1334 | */ |
||
1335 | public function getReferrer() |
||
1342 | |||
1343 | /** |
||
1344 | * Returns the URL origin of a CORS request. |
||
1345 | * |
||
1346 | * The return value is taken from the `Origin` [[getHeaders()|header]] sent by the browser. |
||
1347 | * |
||
1348 | * Note that the origin request header indicates where a fetch originates from. |
||
1349 | * It doesn't include any path information, but only the server name. |
||
1350 | * It is sent with a CORS requests, as well as with POST requests. |
||
1351 | * It is similar to the referer header, but, unlike this header, it doesn't disclose the whole path. |
||
1352 | * Please refer to <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin> for more information. |
||
1353 | * |
||
1354 | * @return string|null URL origin of a CORS request, `null` if not available. |
||
1355 | * @see getHeaders() |
||
1356 | * @since 2.0.13 |
||
1357 | */ |
||
1358 | 1 | public function getOrigin() |
|
1362 | |||
1363 | /** |
||
1364 | * Returns the user agent. |
||
1365 | * @return string|null user agent, null if not available |
||
1366 | */ |
||
1367 | public function getUserAgent() |
||
1374 | |||
1375 | /** |
||
1376 | * Returns the user IP address. |
||
1377 | * The IP is determined using headers and / or `$_SERVER` variables. |
||
1378 | * @return string|null user IP address, null if not available |
||
1379 | */ |
||
1380 | 37 | public function getUserIP() |
|
1390 | |||
1391 | /** |
||
1392 | * Returns the user host name. |
||
1393 | * The HOST is determined using headers and / or `$_SERVER` variables. |
||
1394 | * @return string|null user host name, null if not available |
||
1395 | */ |
||
1396 | public function getUserHost() |
||
1406 | |||
1407 | /** |
||
1408 | * Returns the IP on the other end of this connection. |
||
1409 | * This is always the next hop, any headers are ignored. |
||
1410 | * @return string|null remote IP address, `null` if not available. |
||
1411 | * @since 2.0.13 |
||
1412 | */ |
||
1413 | 57 | public function getRemoteIP() |
|
1417 | |||
1418 | /** |
||
1419 | * Returns the host name of the other end of this connection. |
||
1420 | * This is always the next hop, any headers are ignored. |
||
1421 | * @return string|null remote host name, `null` if not available |
||
1422 | * @see getUserHost() |
||
1423 | * @see getRemoteIP() |
||
1424 | * @since 2.0.13 |
||
1425 | */ |
||
1426 | public function getRemoteHost() |
||
1430 | |||
1431 | /** |
||
1432 | * @return string|null the username sent via HTTP authentication, `null` if the username is not given |
||
1433 | * @see getAuthCredentials() to get both username and password in one call |
||
1434 | */ |
||
1435 | 9 | public function getAuthUser() |
|
1439 | |||
1440 | /** |
||
1441 | * @return string|null the password sent via HTTP authentication, `null` if the password is not given |
||
1442 | * @see getAuthCredentials() to get both username and password in one call |
||
1443 | */ |
||
1444 | 9 | public function getAuthPassword() |
|
1448 | |||
1449 | /** |
||
1450 | * @return array that contains exactly two elements: |
||
1451 | * - 0: the username sent via HTTP authentication, `null` if the username is not given |
||
1452 | * - 1: the password sent via HTTP authentication, `null` if the password is not given |
||
1453 | * @see getAuthUser() to get only username |
||
1454 | * @see getAuthPassword() to get only password |
||
1455 | * @since 2.0.13 |
||
1456 | */ |
||
1457 | 19 | public function getAuthCredentials() |
|
1486 | |||
1487 | private $_port; |
||
1488 | |||
1489 | /** |
||
1490 | * Returns the port to use for insecure requests. |
||
1491 | * Defaults to 80, or the port specified by the server if the current |
||
1492 | * request is insecure. |
||
1493 | * @return int port number for insecure requests. |
||
1494 | * @see setPort() |
||
1495 | */ |
||
1496 | 1 | public function getPort() |
|
1505 | |||
1506 | /** |
||
1507 | * Sets the port to use for insecure requests. |
||
1508 | * This setter is provided in case a custom port is necessary for certain |
||
1509 | * server configurations. |
||
1510 | * @param int $value port number. |
||
1511 | */ |
||
1512 | public function setPort($value) |
||
1519 | |||
1520 | private $_securePort; |
||
1521 | |||
1522 | /** |
||
1523 | * Returns the port to use for secure requests. |
||
1524 | * Defaults to 443, or the port specified by the server if the current |
||
1525 | * request is secure. |
||
1526 | * @return int port number for secure requests. |
||
1527 | * @see setSecurePort() |
||
1528 | */ |
||
1529 | public function getSecurePort() |
||
1538 | |||
1539 | /** |
||
1540 | * Sets the port to use for secure requests. |
||
1541 | * This setter is provided in case a custom port is necessary for certain |
||
1542 | * server configurations. |
||
1543 | * @param int $value port number. |
||
1544 | */ |
||
1545 | public function setSecurePort($value) |
||
1552 | |||
1553 | private $_contentTypes; |
||
1554 | |||
1555 | /** |
||
1556 | * Returns the content types acceptable by the end user. |
||
1557 | * |
||
1558 | * This is determined by the `Accept` HTTP header. For example, |
||
1559 | * |
||
1560 | * ```php |
||
1561 | * $_SERVER['HTTP_ACCEPT'] = 'text/plain; q=0.5, application/json; version=1.0, application/xml; version=2.0;'; |
||
1562 | * $types = $request->getAcceptableContentTypes(); |
||
1563 | * print_r($types); |
||
1564 | * // displays: |
||
1565 | * // [ |
||
1566 | * // 'application/json' => ['q' => 1, 'version' => '1.0'], |
||
1567 | * // 'application/xml' => ['q' => 1, 'version' => '2.0'], |
||
1568 | * // 'text/plain' => ['q' => 0.5], |
||
1569 | * // ] |
||
1570 | * ``` |
||
1571 | * |
||
1572 | * @return array the content types ordered by the quality score. Types with the highest scores |
||
1573 | * will be returned first. The array keys are the content types, while the array values |
||
1574 | * are the corresponding quality score and other parameters as given in the header. |
||
1575 | */ |
||
1576 | 3 | public function getAcceptableContentTypes() |
|
1588 | |||
1589 | /** |
||
1590 | * Sets the acceptable content types. |
||
1591 | * Please refer to [[getAcceptableContentTypes()]] on the format of the parameter. |
||
1592 | * @param array $value the content types that are acceptable by the end user. They should |
||
1593 | * be ordered by the preference level. |
||
1594 | * @see getAcceptableContentTypes() |
||
1595 | * @see parseAcceptHeader() |
||
1596 | */ |
||
1597 | 1 | public function setAcceptableContentTypes($value) |
|
1601 | |||
1602 | /** |
||
1603 | * Returns request content-type |
||
1604 | * The Content-Type header field indicates the MIME type of the data |
||
1605 | * contained in [[getBody()]] or, in the case of the HEAD method, the |
||
1606 | * media type that would have been sent had the request been a GET. |
||
1607 | * For the MIME-types the user expects in response, see [[acceptableContentTypes]]. |
||
1608 | * @return string request content-type. Empty string is returned if this information is not available. |
||
1609 | * @link https://tools.ietf.org/html/rfc2616#section-14.17 |
||
1610 | * HTTP 1.1 header field definitions |
||
1611 | */ |
||
1612 | 13 | public function getContentType() |
|
1616 | |||
1617 | private $_languages; |
||
1618 | |||
1619 | /** |
||
1620 | * Returns the languages acceptable by the end user. |
||
1621 | * This is determined by the `Accept-Language` HTTP header. |
||
1622 | * @return array the languages ordered by the preference level. The first element |
||
1623 | * represents the most preferred language. |
||
1624 | */ |
||
1625 | 1 | public function getAcceptableLanguages() |
|
1637 | |||
1638 | /** |
||
1639 | * @param array $value the languages that are acceptable by the end user. They should |
||
1640 | * be ordered by the preference level. |
||
1641 | */ |
||
1642 | 1 | public function setAcceptableLanguages($value) |
|
1646 | |||
1647 | /** |
||
1648 | * Parses the given `Accept` (or `Accept-Language`) header. |
||
1649 | * |
||
1650 | * This method will return the acceptable values with their quality scores and the corresponding parameters |
||
1651 | * as specified in the given `Accept` header. The array keys of the return value are the acceptable values, |
||
1652 | * while the array values consisting of the corresponding quality scores and parameters. The acceptable |
||
1653 | * values with the highest quality scores will be returned first. For example, |
||
1654 | * |
||
1655 | * ```php |
||
1656 | * $header = 'text/plain; q=0.5, application/json; version=1.0, application/xml; version=2.0;'; |
||
1657 | * $accepts = $request->parseAcceptHeader($header); |
||
1658 | * print_r($accepts); |
||
1659 | * // displays: |
||
1660 | * // [ |
||
1661 | * // 'application/json' => ['q' => 1, 'version' => '1.0'], |
||
1662 | * // 'application/xml' => ['q' => 1, 'version' => '2.0'], |
||
1663 | * // 'text/plain' => ['q' => 0.5], |
||
1664 | * // ] |
||
1665 | * ``` |
||
1666 | * |
||
1667 | * @param string $header the header to be parsed |
||
1668 | * @return array the acceptable values ordered by their quality score. The values with the highest scores |
||
1669 | * will be returned first. |
||
1670 | */ |
||
1671 | 3 | public function parseAcceptHeader($header) |
|
1738 | |||
1739 | /** |
||
1740 | * Returns the user-preferred language that should be used by this application. |
||
1741 | * The language resolution is based on the user preferred languages and the languages |
||
1742 | * supported by the application. The method will try to find the best match. |
||
1743 | * @param array $languages a list of the languages supported by the application. If this is empty, the current |
||
1744 | * application language will be returned without further processing. |
||
1745 | * @return string the language that the application should use. |
||
1746 | */ |
||
1747 | 1 | public function getPreferredLanguage(array $languages = []) |
|
1769 | |||
1770 | /** |
||
1771 | * Gets the Etags. |
||
1772 | * |
||
1773 | * @return array The entity tags |
||
1774 | */ |
||
1775 | public function getETags() |
||
1783 | |||
1784 | /** |
||
1785 | * Returns the cookie collection. |
||
1786 | * |
||
1787 | * Through the returned cookie collection, you may access a cookie using the following syntax: |
||
1788 | * |
||
1789 | * ```php |
||
1790 | * $cookie = $request->cookies['name'] |
||
1791 | * if ($cookie !== null) { |
||
1792 | * $value = $cookie->value; |
||
1793 | * } |
||
1794 | * |
||
1795 | * // alternatively |
||
1796 | * $value = $request->cookies->getValue('name'); |
||
1797 | * ``` |
||
1798 | * |
||
1799 | * @return CookieCollection the cookie collection. |
||
1800 | */ |
||
1801 | 46 | public function getCookies() |
|
1811 | |||
1812 | /** |
||
1813 | * Converts [[cookieParams]] into an array of [[Cookie]]. |
||
1814 | * @return array the cookies obtained from request |
||
1815 | * @throws InvalidConfigException if [[cookieValidationKey]] is not set when [[enableCookieValidation]] is true |
||
1816 | */ |
||
1817 | 46 | protected function loadCookies() |
|
1855 | |||
1856 | /** |
||
1857 | * {@inheritdoc} |
||
1858 | * @since 2.1.0 |
||
1859 | */ |
||
1860 | 12 | public function getUploadedFiles() |
|
1870 | |||
1871 | /** |
||
1872 | * Sets uploaded files for this request. |
||
1873 | * Data structure for the uploaded files should follow [PSR-7 Uploaded Files specs](http://www.php-fig.org/psr/psr-7/#16-uploaded-files). |
||
1874 | * @param array|null $uploadedFiles uploaded files. |
||
1875 | * @since 2.1.0 |
||
1876 | */ |
||
1877 | 6 | public function setUploadedFiles($uploadedFiles) |
|
1881 | |||
1882 | /** |
||
1883 | * {@inheritdoc} |
||
1884 | * @since 2.1.0 |
||
1885 | */ |
||
1886 | public function withUploadedFiles(array $uploadedFiles) |
||
1892 | |||
1893 | /** |
||
1894 | * Initializes default uploaded files data structure parsing super-global $_FILES. |
||
1895 | * @see http://www.php-fig.org/psr/psr-7/#16-uploaded-files |
||
1896 | * @return array uploaded files. |
||
1897 | * @since 2.1.0 |
||
1898 | */ |
||
1899 | 6 | protected function defaultUploadedFiles() |
|
1909 | |||
1910 | /** |
||
1911 | * Populates uploaded files array from $_FILE data structure recursively. |
||
1912 | * @param array $files uploaded files array to be populated. |
||
1913 | * @param mixed $names file names provided by PHP |
||
1914 | * @param mixed $tempNames temporary file names provided by PHP |
||
1915 | * @param mixed $types file types provided by PHP |
||
1916 | * @param mixed $sizes file sizes provided by PHP |
||
1917 | * @param mixed $errors uploading issues provided by PHP |
||
1918 | * @since 2.1.0 |
||
1919 | */ |
||
1920 | 3 | private function populateUploadedFileRecursive(&$files, $names, $tempNames, $types, $sizes, $errors) |
|
1938 | |||
1939 | /** |
||
1940 | * Returns an uploaded file according to the given name. |
||
1941 | * Name can be either a string HTML form input name, e.g. 'Item[file]' or array path, e.g. `['Item', 'file']`. |
||
1942 | * Note: this method returns `null` in case given name matches multiple files. |
||
1943 | * @param string|array $name HTML form input name or array path. |
||
1944 | * @return UploadedFileInterface|null uploaded file instance, `null` - if not found. |
||
1945 | * @since 2.1.0 |
||
1946 | */ |
||
1947 | 1 | public function getUploadedFileByName($name) |
|
1955 | |||
1956 | /** |
||
1957 | * Returns the list of uploaded file instances according to the given name. |
||
1958 | * Name can be either a string HTML form input name, e.g. 'Item[file]' or array path, e.g. `['Item', 'file']`. |
||
1959 | * Note: this method does NOT preserve uploaded files structure - it returns instances in single-level array (list), |
||
1960 | * even if they are set by nested keys. |
||
1961 | * @param string|array $name HTML form input name or array path. |
||
1962 | * @return UploadedFileInterface[] list of uploaded file instances. |
||
1963 | * @since 2.1.0 |
||
1964 | */ |
||
1965 | 1 | public function getUploadedFilesByName($name) |
|
1976 | |||
1977 | /** |
||
1978 | * Finds the uploaded file or set of uploaded files inside [[$uploadedFiles]] according to given name. |
||
1979 | * Name can be either a string HTML form input name, e.g. 'Item[file]' or array path, e.g. `['Item', 'file']`. |
||
1980 | * @param string|array $name HTML form input name or array path. |
||
1981 | * @return UploadedFileInterface|array|null |
||
1982 | * @since 2.1.0 |
||
1983 | */ |
||
1984 | 2 | private function findUploadedFiles($name) |
|
1991 | |||
1992 | /** |
||
1993 | * Reduces complex uploaded files structure to the single-level array (list). |
||
1994 | * @param array $uploadedFiles raw set of the uploaded files. |
||
1995 | * @return UploadedFileInterface[] list of uploaded files. |
||
1996 | * @since 2.1.0 |
||
1997 | */ |
||
1998 | private function reduceUploadedFiles($uploadedFiles) |
||
2009 | |||
2010 | private $_csrfToken; |
||
2011 | |||
2012 | /** |
||
2013 | * Returns the token used to perform CSRF validation. |
||
2014 | * |
||
2015 | * This token is generated in a way to prevent [BREACH attacks](http://breachattack.com/). It may be passed |
||
2016 | * along via a hidden field of an HTML form or an HTTP header value to support CSRF validation. |
||
2017 | * @param bool $regenerate whether to regenerate CSRF token. When this parameter is true, each time |
||
2018 | * this method is called, a new CSRF token will be generated and persisted (in session or cookie). |
||
2019 | * @return string the token used to perform CSRF validation. |
||
2020 | */ |
||
2021 | 52 | public function getCsrfToken($regenerate = false) |
|
2033 | |||
2034 | /** |
||
2035 | * Loads the CSRF token from cookie or session. |
||
2036 | * @return string the CSRF token loaded from cookie or session. Null is returned if the cookie or session |
||
2037 | * does not have CSRF token. |
||
2038 | */ |
||
2039 | 52 | protected function loadCsrfToken() |
|
2047 | |||
2048 | /** |
||
2049 | * Generates an unmasked random token used to perform CSRF validation. |
||
2050 | * @return string the random token for CSRF validation. |
||
2051 | */ |
||
2052 | 48 | protected function generateCsrfToken() |
|
2064 | |||
2065 | /** |
||
2066 | * @return string the CSRF token sent via [[CSRF_HEADER]] by browser. Null is returned if no such header is sent. |
||
2067 | */ |
||
2068 | 3 | public function getCsrfTokenFromHeader() |
|
2072 | |||
2073 | /** |
||
2074 | * Creates a cookie with a randomly generated CSRF token. |
||
2075 | * Initial values specified in [[csrfCookie]] will be applied to the generated cookie. |
||
2076 | * @param string $token the CSRF token |
||
2077 | * @return Cookie the generated cookie |
||
2078 | * @see enableCsrfValidation |
||
2079 | */ |
||
2080 | 47 | protected function createCsrfCookie($token) |
|
2089 | |||
2090 | /** |
||
2091 | * Performs the CSRF validation. |
||
2092 | * |
||
2093 | * This method will validate the user-provided CSRF token by comparing it with the one stored in cookie or session. |
||
2094 | * This method is mainly called in [[Controller::beforeAction()]]. |
||
2095 | * |
||
2096 | * Note that the method will NOT perform CSRF validation if [[enableCsrfValidation]] is false or the HTTP method |
||
2097 | * is among GET, HEAD or OPTIONS. |
||
2098 | * |
||
2099 | * @param string $clientSuppliedToken the user-provided CSRF token to be validated. If null, the token will be retrieved from |
||
2100 | * the [[csrfParam]] POST field or HTTP header. |
||
2101 | * This parameter is available since version 2.0.4. |
||
2102 | * @return bool whether CSRF token is valid. If [[enableCsrfValidation]] is false, this method will return true. |
||
2103 | */ |
||
2104 | 36 | public function validateCsrfToken($clientSuppliedToken = null) |
|
2121 | |||
2122 | /** |
||
2123 | * Validates CSRF token. |
||
2124 | * |
||
2125 | * @param string $clientSuppliedToken The masked client-supplied token. |
||
2126 | * @param string $trueToken The masked true token. |
||
2127 | * @return bool |
||
2128 | */ |
||
2129 | 4 | private function validateCsrfTokenInternal($clientSuppliedToken, $trueToken) |
|
2139 | |||
2140 | /** |
||
2141 | * {@inheritdoc} |
||
2142 | * @since 2.1.0 |
||
2143 | */ |
||
2144 | 3 | public function getAttributes() |
|
2151 | |||
2152 | /** |
||
2153 | * @param array $attributes attributes derived from the request. |
||
2154 | */ |
||
2155 | 3 | public function setAttributes(array $attributes) |
|
2159 | |||
2160 | /** |
||
2161 | * {@inheritdoc} |
||
2162 | * @since 2.1.0 |
||
2163 | */ |
||
2164 | 1 | public function getAttribute($name, $default = null) |
|
2173 | |||
2174 | /** |
||
2175 | * {@inheritdoc} |
||
2176 | * @since 2.1.0 |
||
2177 | */ |
||
2178 | 1 | public function withAttribute($name, $value) |
|
2191 | |||
2192 | /** |
||
2193 | * {@inheritdoc} |
||
2194 | * @since 2.1.0 |
||
2195 | */ |
||
2196 | 1 | public function withoutAttribute($name) |
|
2209 | |||
2210 | /** |
||
2211 | * Returns default server request attributes to be used in case they are not explicitly set. |
||
2212 | * @return array attributes derived from the request. |
||
2213 | * @since 2.1.0 |
||
2214 | */ |
||
2215 | protected function defaultAttributes() |
||
2219 | |||
2220 | /** |
||
2221 | * {@inheritdoc} |
||
2222 | */ |
||
2223 | 4 | public function __clone() |
|
2235 | } |
||
2236 |
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.