yiisoft /
yii2
Complex classes like Request often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use Request, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 103 | class Request extends \yii\base\Request implements ServerRequestInterface |
||
| 104 | { |
||
| 105 | use MessageTrait; |
||
| 106 | |||
| 107 | /** |
||
| 108 | * The name of the HTTP header for sending CSRF token. |
||
| 109 | */ |
||
| 110 | const CSRF_HEADER = 'X-CSRF-Token'; |
||
| 111 | /** |
||
| 112 | * The length of the CSRF token mask. |
||
| 113 | * @deprecated 2.0.12 The mask length is now equal to the token length. |
||
| 114 | */ |
||
| 115 | const CSRF_MASK_LENGTH = 8; |
||
| 116 | |||
| 117 | /** |
||
| 118 | * @var bool whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to true. |
||
| 119 | * When CSRF validation is enabled, forms submitted to an Yii Web application must be originated |
||
| 120 | * from the same application. If not, a 400 HTTP exception will be raised. |
||
| 121 | * |
||
| 122 | * Note, this feature requires that the user client accepts cookie. Also, to use this feature, |
||
| 123 | * forms submitted via POST method must contain a hidden input whose name is specified by [[csrfParam]]. |
||
| 124 | * You may use [[\yii\helpers\Html::beginForm()]] to generate his hidden input. |
||
| 125 | * |
||
| 126 | * In JavaScript, you may get the values of [[csrfParam]] and [[csrfToken]] via `yii.getCsrfParam()` and |
||
| 127 | * `yii.getCsrfToken()`, respectively. The [[\yii\web\YiiAsset]] asset must be registered. |
||
| 128 | * You also need to include CSRF meta tags in your pages by using [[\yii\helpers\Html::csrfMetaTags()]]. |
||
| 129 | * |
||
| 130 | * @see Controller::enableCsrfValidation |
||
| 131 | * @see http://en.wikipedia.org/wiki/Cross-site_request_forgery |
||
| 132 | */ |
||
| 133 | public $enableCsrfValidation = true; |
||
| 134 | /** |
||
| 135 | * @var string the name of the token used to prevent CSRF. Defaults to '_csrf'. |
||
| 136 | * This property is used only when [[enableCsrfValidation]] is true. |
||
| 137 | */ |
||
| 138 | public $csrfParam = '_csrf'; |
||
| 139 | /** |
||
| 140 | * @var array the configuration for creating the CSRF [[Cookie|cookie]]. This property is used only when |
||
| 141 | * both [[enableCsrfValidation]] and [[enableCsrfCookie]] are true. |
||
| 142 | */ |
||
| 143 | public $csrfCookie = ['httpOnly' => true]; |
||
| 144 | /** |
||
| 145 | * @var bool whether to use cookie to persist CSRF token. If false, CSRF token will be stored |
||
| 146 | * in session under the name of [[csrfParam]]. Note that while storing CSRF tokens in session increases |
||
| 147 | * security, it requires starting a session for every page, which will degrade your site performance. |
||
| 148 | */ |
||
| 149 | public $enableCsrfCookie = true; |
||
| 150 | /** |
||
| 151 | * @var bool whether cookies should be validated to ensure they are not tampered. Defaults to true. |
||
| 152 | */ |
||
| 153 | public $enableCookieValidation = true; |
||
| 154 | /** |
||
| 155 | * @var string a secret key used for cookie validation. This property must be set if [[enableCookieValidation]] is true. |
||
| 156 | */ |
||
| 157 | public $cookieValidationKey; |
||
| 158 | /** |
||
| 159 | * @var string the name of the POST parameter that is used to indicate if a request is a PUT, PATCH or DELETE |
||
| 160 | * request tunneled through POST. Defaults to '_method'. |
||
| 161 | * @see getMethod() |
||
| 162 | * @see getParsedBody() |
||
| 163 | */ |
||
| 164 | public $methodParam = '_method'; |
||
| 165 | /** |
||
| 166 | * @var array the parsers for converting the raw HTTP request body into [[bodyParams]]. |
||
| 167 | * The array keys are the request `Content-Types`, and the array values are the |
||
| 168 | * corresponding configurations for [[Yii::createObject|creating the parser objects]]. |
||
| 169 | * A parser must implement the [[RequestParserInterface]]. |
||
| 170 | * |
||
| 171 | * To enable parsing for JSON requests you can use the [[JsonParser]] class like in the following example: |
||
| 172 | * |
||
| 173 | * ``` |
||
| 174 | * [ |
||
| 175 | * 'application/json' => \yii\web\JsonParser::class, |
||
| 176 | * ] |
||
| 177 | * ``` |
||
| 178 | * |
||
| 179 | * To register a parser for parsing all request types you can use `'*'` as the array key. |
||
| 180 | * This one will be used as a fallback in case no other types match. |
||
| 181 | * |
||
| 182 | * @see getParsedBody() |
||
| 183 | */ |
||
| 184 | public $parsers = []; |
||
| 185 | /** |
||
| 186 | * @var string name of the class to be used for uploaded file instantiation. |
||
| 187 | * This class should implement [[UploadedFileInterface]]. |
||
| 188 | * @since 2.1.0 |
||
| 189 | */ |
||
| 190 | public $uploadedFileClass = UploadedFile::class; |
||
| 191 | /** |
||
| 192 | * @var array the configuration for trusted security related headers. |
||
| 193 | * |
||
| 194 | * An array key is an IPv4 or IPv6 IP address in CIDR notation for matching a client. |
||
| 195 | * |
||
| 196 | * An array value is a list of headers to trust. These will be matched against |
||
| 197 | * [[secureHeaders]] to determine which headers are allowed to be sent by a specified host. |
||
| 198 | * The case of the header names must be the same as specified in [[secureHeaders]]. |
||
| 199 | * |
||
| 200 | * For example, to trust all headers listed in [[secureHeaders]] for IP addresses |
||
| 201 | * in range `192.168.0.0-192.168.0.254` write the following: |
||
| 202 | * |
||
| 203 | * ```php |
||
| 204 | * [ |
||
| 205 | * '192.168.0.0/24', |
||
| 206 | * ] |
||
| 207 | * ``` |
||
| 208 | * |
||
| 209 | * To trust just the `X-Forwarded-For` header from `10.0.0.1`, use: |
||
| 210 | * |
||
| 211 | * ``` |
||
| 212 | * [ |
||
| 213 | * '10.0.0.1' => ['X-Forwarded-For'] |
||
| 214 | * ] |
||
| 215 | * ``` |
||
| 216 | * |
||
| 217 | * Default is to trust all headers except those listed in [[secureHeaders]] from all hosts. |
||
| 218 | * Matches are tried in order and searching is stopped when IP matches. |
||
| 219 | * |
||
| 220 | * > Info: Matching is performed using [[IpValidator]]. |
||
| 221 | * See [[IpValidator::::setRanges()|IpValidator::setRanges()]] |
||
| 222 | * and [[IpValidator::networks]] for advanced matching. |
||
| 223 | * |
||
| 224 | * @see $secureHeaders |
||
| 225 | * @since 2.0.13 |
||
| 226 | */ |
||
| 227 | public $trustedHosts = []; |
||
| 228 | /** |
||
| 229 | * @var array lists of headers that are, by default, subject to the trusted host configuration. |
||
| 230 | * These headers will be filtered unless explicitly allowed in [[trustedHosts]]. |
||
| 231 | * The match of header names is case-insensitive. |
||
| 232 | * @see https://en.wikipedia.org/wiki/List_of_HTTP_header_fields |
||
| 233 | * @see $trustedHosts |
||
| 234 | * @since 2.0.13 |
||
| 235 | */ |
||
| 236 | public $secureHeaders = [ |
||
| 237 | // Common: |
||
| 238 | 'X-Forwarded-For', |
||
| 239 | 'X-Forwarded-Host', |
||
| 240 | 'X-Forwarded-Proto', |
||
| 241 | |||
| 242 | // Microsoft: |
||
| 243 | 'Front-End-Https', |
||
| 244 | 'X-Rewrite-Url', |
||
| 245 | ]; |
||
| 246 | /** |
||
| 247 | * @var string[] List of headers where proxies store the real client IP. |
||
| 248 | * It's not advisable to put insecure headers here. |
||
| 249 | * The match of header names is case-insensitive. |
||
| 250 | * @see $trustedHosts |
||
| 251 | * @see $secureHeaders |
||
| 252 | * @since 2.0.13 |
||
| 253 | */ |
||
| 254 | public $ipHeaders = [ |
||
| 255 | 'X-Forwarded-For', // Common |
||
| 256 | ]; |
||
| 257 | /** |
||
| 258 | * @var array list of headers to check for determining whether the connection is made via HTTPS. |
||
| 259 | * The array keys are header names and the array value is a list of header values that indicate a secure connection. |
||
| 260 | * The match of header names and values is case-insensitive. |
||
| 261 | * It's not advisable to put insecure headers here. |
||
| 262 | * @see $trustedHosts |
||
| 263 | * @see $secureHeaders |
||
| 264 | * @since 2.0.13 |
||
| 265 | */ |
||
| 266 | public $secureProtocolHeaders = [ |
||
| 267 | 'X-Forwarded-Proto' => ['https'], // Common |
||
| 268 | 'Front-End-Https' => ['on'], // Microsoft |
||
| 269 | ]; |
||
| 270 | |||
| 271 | /** |
||
| 272 | * @var array attributes derived from the request. |
||
| 273 | * @since 2.1.0 |
||
| 274 | */ |
||
| 275 | private $_attributes; |
||
| 276 | /** |
||
| 277 | * @var array server parameters. |
||
| 278 | * @since 2.1.0 |
||
| 279 | */ |
||
| 280 | private $_serverParams; |
||
| 281 | /** |
||
| 282 | * @var array the cookies sent by the client to the server. |
||
| 283 | * @since 2.1.0 |
||
| 284 | */ |
||
| 285 | private $_cookieParams; |
||
| 286 | /** |
||
| 287 | * @var CookieCollection Collection of request cookies. |
||
| 288 | */ |
||
| 289 | private $_cookies; |
||
| 290 | /** |
||
| 291 | * @var string the HTTP method of the request. |
||
| 292 | */ |
||
| 293 | private $_method; |
||
| 294 | /** |
||
| 295 | * @var UriInterface the URI instance associated with request. |
||
| 296 | */ |
||
| 297 | private $_uri; |
||
| 298 | /** |
||
| 299 | * @var mixed the message's request target. |
||
| 300 | */ |
||
| 301 | private $_requestTarget; |
||
| 302 | /** |
||
| 303 | * @var array uploaded files. |
||
| 304 | * @since 2.1.0 |
||
| 305 | */ |
||
| 306 | private $_uploadedFiles; |
||
| 307 | |||
| 308 | |||
| 309 | /** |
||
| 310 | * Resolves the current request into a route and the associated parameters. |
||
| 311 | * @return array the first element is the route, and the second is the associated parameters. |
||
| 312 | * @throws NotFoundHttpException if the request cannot be resolved. |
||
| 313 | */ |
||
| 314 | 1 | public function resolve() |
|
| 330 | |||
| 331 | /** |
||
| 332 | * Filters headers according to the [[trustedHosts]]. |
||
| 333 | * @param array $rawHeaders |
||
| 334 | * @return array filtered headers |
||
| 335 | * @since 2.0.13 |
||
| 336 | */ |
||
| 337 | 138 | protected function filterHeaders($rawHeaders) |
|
| 370 | |||
| 371 | /** |
||
| 372 | * Creates instance of [[IpValidator]]. |
||
| 373 | * You can override this method to adjust validator or implement different matching strategy. |
||
| 374 | * |
||
| 375 | * @return IpValidator |
||
| 376 | * @since 2.0.13 |
||
| 377 | */ |
||
| 378 | 24 | protected function getIpValidator() |
|
| 382 | |||
| 383 | /** |
||
| 384 | * Returns default message's headers, which should be present once [[headerCollection]] is instantiated. |
||
| 385 | * @return string[][] an associative array of the message's headers. |
||
| 386 | */ |
||
| 387 | 138 | protected function defaultHeaders() |
|
| 405 | |||
| 406 | /** |
||
| 407 | * {@inheritdoc} |
||
| 408 | * @since 2.1.0 |
||
| 409 | */ |
||
| 410 | public function getRequestTarget() |
||
| 417 | |||
| 418 | /** |
||
| 419 | * Specifies the message's request target |
||
| 420 | * @param mixed $requestTarget the message's request target. |
||
| 421 | * @since 2.1.0 |
||
| 422 | */ |
||
| 423 | public function setRequestTarget($requestTarget) |
||
| 427 | |||
| 428 | /** |
||
| 429 | * {@inheritdoc} |
||
| 430 | * @since 2.1.0 |
||
| 431 | */ |
||
| 432 | public function withRequestTarget($requestTarget) |
||
| 442 | |||
| 443 | /** |
||
| 444 | * {@inheritdoc} |
||
| 445 | */ |
||
| 446 | 50 | public function getMethod() |
|
| 459 | |||
| 460 | /** |
||
| 461 | * Specifies request HTTP method. |
||
| 462 | * @param string $method case-sensitive HTTP method. |
||
| 463 | * @since 2.1.0 |
||
| 464 | */ |
||
| 465 | 11 | public function setMethod($method) |
|
| 469 | |||
| 470 | /** |
||
| 471 | * {@inheritdoc} |
||
| 472 | * @since 2.1.0 |
||
| 473 | */ |
||
| 474 | 1 | public function withMethod($method) |
|
| 484 | |||
| 485 | /** |
||
| 486 | * {@inheritdoc} |
||
| 487 | * @since 2.1.0 |
||
| 488 | */ |
||
| 489 | public function getUri() |
||
| 504 | |||
| 505 | /** |
||
| 506 | * Specifies the URI instance. |
||
| 507 | * @param UriInterface|\Closure|array $uri URI instance or its DI compatible configuration. |
||
| 508 | * @since 2.1.0 |
||
| 509 | */ |
||
| 510 | public function setUri($uri) |
||
| 514 | |||
| 515 | /** |
||
| 516 | * {@inheritdoc} |
||
| 517 | * @since 2.1.0 |
||
| 518 | */ |
||
| 519 | public function withUri(UriInterface $uri, $preserveHost = false) |
||
| 533 | |||
| 534 | /** |
||
| 535 | * Returns whether this is a GET request. |
||
| 536 | * @return bool whether this is a GET request. |
||
| 537 | */ |
||
| 538 | 2 | public function getIsGet() |
|
| 542 | |||
| 543 | /** |
||
| 544 | * Returns whether this is an OPTIONS request. |
||
| 545 | * @return bool whether this is a OPTIONS request. |
||
| 546 | */ |
||
| 547 | 1 | public function getIsOptions() |
|
| 551 | |||
| 552 | /** |
||
| 553 | * Returns whether this is a HEAD request. |
||
| 554 | * @return bool whether this is a HEAD request. |
||
| 555 | */ |
||
| 556 | public function getIsHead() |
||
| 560 | |||
| 561 | /** |
||
| 562 | * Returns whether this is a POST request. |
||
| 563 | * @return bool whether this is a POST request. |
||
| 564 | */ |
||
| 565 | public function getIsPost() |
||
| 569 | |||
| 570 | /** |
||
| 571 | * Returns whether this is a DELETE request. |
||
| 572 | * @return bool whether this is a DELETE request. |
||
| 573 | */ |
||
| 574 | public function getIsDelete() |
||
| 578 | |||
| 579 | /** |
||
| 580 | * Returns whether this is a PUT request. |
||
| 581 | * @return bool whether this is a PUT request. |
||
| 582 | */ |
||
| 583 | public function getIsPut() |
||
| 587 | |||
| 588 | /** |
||
| 589 | * Returns whether this is a PATCH request. |
||
| 590 | * @return bool whether this is a PATCH request. |
||
| 591 | */ |
||
| 592 | public function getIsPatch() |
||
| 596 | |||
| 597 | /** |
||
| 598 | * Returns whether this is an AJAX (XMLHttpRequest) request. |
||
| 599 | * |
||
| 600 | * Note that jQuery doesn't set the header in case of cross domain |
||
| 601 | * requests: https://stackoverflow.com/questions/8163703/cross-domain-ajax-doesnt-send-x-requested-with-header |
||
| 602 | * |
||
| 603 | * @return bool whether this is an AJAX (XMLHttpRequest) request. |
||
| 604 | */ |
||
| 605 | 13 | public function getIsAjax() |
|
| 609 | |||
| 610 | /** |
||
| 611 | * Returns whether this is an Adobe Flash or Flex request. |
||
| 612 | * @return bool whether this is an Adobe Flash or Adobe Flex request. |
||
| 613 | */ |
||
| 614 | public function getIsFlash() |
||
| 622 | |||
| 623 | /** |
||
| 624 | * Returns default message body to be used in case it is not explicitly set. |
||
| 625 | * @return StreamInterface default body instance. |
||
| 626 | */ |
||
| 627 | protected function defaultBody() |
||
| 634 | |||
| 635 | /** |
||
| 636 | * Returns the raw HTTP request body. |
||
| 637 | * @return string the request body |
||
| 638 | */ |
||
| 639 | public function getRawBody() |
||
| 643 | |||
| 644 | /** |
||
| 645 | * Sets the raw HTTP request body, this method is mainly used by test scripts to simulate raw HTTP requests. |
||
| 646 | * @param string $rawBody the request body |
||
| 647 | */ |
||
| 648 | 6 | public function setRawBody($rawBody) |
|
| 654 | |||
| 655 | private $_parsedBody; |
||
| 656 | |||
| 657 | /** |
||
| 658 | * Returns the request parameters given in the request body. |
||
| 659 | * |
||
| 660 | * Request parameters are determined using the parsers configured in [[parsers]] property. |
||
| 661 | * If no parsers are configured for the current [[contentType]] it uses the PHP function `mb_parse_str()` |
||
| 662 | * to parse the [[rawBody|request body]]. |
||
| 663 | * |
||
| 664 | * Since 2.1.0 body params also include result of [[getUploadedFiles()]]. |
||
| 665 | * |
||
| 666 | * @return array the request parameters given in the request body. |
||
| 667 | * @throws InvalidConfigException if a registered parser does not implement the [[RequestParserInterface]]. |
||
| 668 | * @throws UnsupportedMediaTypeHttpException if unable to parse raw body. |
||
| 669 | * @see getMethod() |
||
| 670 | * @see getParsedBodyParam() |
||
| 671 | * @see setParsedBody() |
||
| 672 | */ |
||
| 673 | 12 | public function getParsedBody() |
|
| 721 | |||
| 722 | /** |
||
| 723 | * Sets the request body parameters. |
||
| 724 | * @param array $values the request body parameters (name-value pairs) |
||
| 725 | * @see getParsedBodyParam() |
||
| 726 | * @see getParsedBody() |
||
| 727 | */ |
||
| 728 | 4 | public function setParsedBody($values) |
|
| 732 | |||
| 733 | /** |
||
| 734 | * {@inheritdoc} |
||
| 735 | * @since 2.1.0 |
||
| 736 | */ |
||
| 737 | public function withParsedBody($data) |
||
| 743 | |||
| 744 | /** |
||
| 745 | * Returns the named request body parameter value. |
||
| 746 | * If the parameter does not exist, the second parameter passed to this method will be returned. |
||
| 747 | * @param string $name the parameter name |
||
| 748 | * @param mixed $defaultValue the default parameter value if the parameter does not exist. |
||
| 749 | * @return mixed the parameter value |
||
| 750 | * @see getParsedBody() |
||
| 751 | * @see setParsedBody() |
||
| 752 | */ |
||
| 753 | 5 | public function getParsedBodyParam($name, $defaultValue = null) |
|
| 768 | |||
| 769 | /** |
||
| 770 | * Returns POST parameter with a given name. If name isn't specified, returns an array of all POST parameters. |
||
| 771 | * |
||
| 772 | * @param string $name the parameter name |
||
| 773 | * @param mixed $defaultValue the default parameter value if the parameter does not exist. |
||
| 774 | * @return array|mixed |
||
| 775 | */ |
||
| 776 | public function post($name = null, $defaultValue = null) |
||
| 784 | |||
| 785 | private $_queryParams; |
||
| 786 | |||
| 787 | /** |
||
| 788 | * Returns the request parameters given in the [[queryString]]. |
||
| 789 | * |
||
| 790 | * This method will return the contents of `$_GET` if params where not explicitly set. |
||
| 791 | * @return array the request GET parameter values. |
||
| 792 | * @see setQueryParams() |
||
| 793 | */ |
||
| 794 | 18 | public function getQueryParams() |
|
| 802 | |||
| 803 | /** |
||
| 804 | * Sets the request [[queryString]] parameters. |
||
| 805 | * @param array $values the request query parameters (name-value pairs) |
||
| 806 | * @see getQueryParam() |
||
| 807 | * @see getQueryParams() |
||
| 808 | */ |
||
| 809 | 5 | public function setQueryParams($values) |
|
| 813 | |||
| 814 | /** |
||
| 815 | * {@inheritdoc} |
||
| 816 | */ |
||
| 817 | public function withQueryParams(array $query) |
||
| 827 | |||
| 828 | /** |
||
| 829 | * Returns GET parameter with a given name. If name isn't specified, returns an array of all GET parameters. |
||
| 830 | * |
||
| 831 | * @param string $name the parameter name |
||
| 832 | * @param mixed $defaultValue the default parameter value if the parameter does not exist. |
||
| 833 | * @return array|mixed |
||
| 834 | */ |
||
| 835 | 6 | public function get($name = null, $defaultValue = null) |
|
| 843 | |||
| 844 | /** |
||
| 845 | * Returns the named GET parameter value. |
||
| 846 | * If the GET parameter does not exist, the second parameter passed to this method will be returned. |
||
| 847 | * @param string $name the GET parameter name. |
||
| 848 | * @param mixed $defaultValue the default parameter value if the GET parameter does not exist. |
||
| 849 | * @return mixed the GET parameter value |
||
| 850 | * @see getParsedBodyParam() |
||
| 851 | */ |
||
| 852 | 9 | public function getQueryParam($name, $defaultValue = null) |
|
| 858 | |||
| 859 | /** |
||
| 860 | * Sets the data related to the incoming request environment. |
||
| 861 | * @param array $serverParams server parameters. |
||
| 862 | * @since 2.1.0 |
||
| 863 | */ |
||
| 864 | 4 | public function setServerParams(array $serverParams) |
|
| 868 | |||
| 869 | /** |
||
| 870 | * {@inheritdoc} |
||
| 871 | * @since 2.1.0 |
||
| 872 | */ |
||
| 873 | 122 | public function getServerParams() |
|
| 880 | |||
| 881 | /** |
||
| 882 | * Return the server environment parameter by name. |
||
| 883 | * @param string $name parameter name. |
||
| 884 | * @param mixed $default default value to return if the parameter does not exist. |
||
| 885 | * @return mixed parameter value. |
||
| 886 | * @since 2.1.0 |
||
| 887 | */ |
||
| 888 | 122 | public function getServerParam($name, $default = null) |
|
| 896 | |||
| 897 | /** |
||
| 898 | * Specifies cookies. |
||
| 899 | * @param array $cookies array of key/value pairs representing cookies. |
||
| 900 | * @since 2.1.0 |
||
| 901 | */ |
||
| 902 | public function setCookieParams(array $cookies) |
||
| 907 | |||
| 908 | /** |
||
| 909 | * {@inheritdoc} |
||
| 910 | * @since 2.1.0 |
||
| 911 | */ |
||
| 912 | 44 | public function getCookieParams() |
|
| 919 | |||
| 920 | /** |
||
| 921 | * {@inheritdoc} |
||
| 922 | * @since 2.1.0 |
||
| 923 | */ |
||
| 924 | public function withCookieParams(array $cookies) |
||
| 934 | |||
| 935 | private $_hostInfo; |
||
| 936 | private $_hostName; |
||
| 937 | |||
| 938 | /** |
||
| 939 | * Returns the schema and host part of the current request URL. |
||
| 940 | * |
||
| 941 | * The returned URL does not have an ending slash. |
||
| 942 | * |
||
| 943 | * By default this value is based on the user request information. This method will |
||
| 944 | * return the value of `$_SERVER['HTTP_HOST']` if it is available or `$_SERVER['SERVER_NAME']` if not. |
||
| 945 | * You may want to check out the [PHP documentation](http://php.net/manual/en/reserved.variables.server.php) |
||
| 946 | * for more information on these variables. |
||
| 947 | * |
||
| 948 | * You may explicitly specify it by setting the [[setHostInfo()|hostInfo]] property. |
||
| 949 | * |
||
| 950 | * > Warning: Dependent on the server configuration this information may not be |
||
| 951 | * > reliable and [may be faked by the user sending the HTTP request](https://www.acunetix.com/vulnerabilities/web/host-header-attack). |
||
| 952 | * > If the webserver is configured to serve the same site independent of the value of |
||
| 953 | * > the `Host` header, this value is not reliable. In such situations you should either |
||
| 954 | * > fix your webserver configuration or explicitly set the value by setting the [[setHostInfo()|hostInfo]] property. |
||
| 955 | * > If you don't have access to the server configuration, you can setup [[\yii\filters\HostControl]] filter at |
||
| 956 | * > application level in order to protect against such kind of attack. |
||
| 957 | * |
||
| 958 | * @property string|null schema and hostname part (with port number if needed) of the request URL |
||
| 959 | * (e.g. `http://www.yiiframework.com`), null if can't be obtained from `$_SERVER` and wasn't set. |
||
| 960 | * See [[getHostInfo()]] for security related notes on this property. |
||
| 961 | * @return string|null schema and hostname part (with port number if needed) of the request URL |
||
| 962 | * (e.g. `http://www.yiiframework.com`), null if can't be obtained from `$_SERVER` and wasn't set. |
||
| 963 | * @see setHostInfo() |
||
| 964 | */ |
||
| 965 | 23 | public function getHostInfo() |
|
| 986 | |||
| 987 | /** |
||
| 988 | * Sets the schema and host part of the application URL. |
||
| 989 | * This setter is provided in case the schema and hostname cannot be determined |
||
| 990 | * on certain Web servers. |
||
| 991 | * @param string|null $value the schema and host part of the application URL. The trailing slashes will be removed. |
||
| 992 | * @see getHostInfo() for security related notes on this property. |
||
| 993 | */ |
||
| 994 | 47 | public function setHostInfo($value) |
|
| 999 | |||
| 1000 | /** |
||
| 1001 | * Returns the host part of the current request URL. |
||
| 1002 | * Value is calculated from current [[getHostInfo()|hostInfo]] property. |
||
| 1003 | * |
||
| 1004 | * > Warning: The content of this value may not be reliable, dependent on the server |
||
| 1005 | * > configuration. Please refer to [[getHostInfo()]] for more information. |
||
| 1006 | * |
||
| 1007 | * @return string|null hostname part of the request URL (e.g. `www.yiiframework.com`) |
||
| 1008 | * @see getHostInfo() |
||
| 1009 | * @since 2.0.10 |
||
| 1010 | */ |
||
| 1011 | 16 | public function getHostName() |
|
| 1019 | |||
| 1020 | private $_baseUrl; |
||
| 1021 | |||
| 1022 | /** |
||
| 1023 | * Returns the relative URL for the application. |
||
| 1024 | * This is similar to [[scriptUrl]] except that it does not include the script file name, |
||
| 1025 | * and the ending slashes are removed. |
||
| 1026 | * @return string the relative URL for the application |
||
| 1027 | * @see setScriptUrl() |
||
| 1028 | */ |
||
| 1029 | 252 | public function getBaseUrl() |
|
| 1037 | |||
| 1038 | /** |
||
| 1039 | * Sets the relative URL for the application. |
||
| 1040 | * By default the URL is determined based on the entry script URL. |
||
| 1041 | * This setter is provided in case you want to change this behavior. |
||
| 1042 | * @param string $value the relative URL for the application |
||
| 1043 | */ |
||
| 1044 | 1 | public function setBaseUrl($value) |
|
| 1048 | |||
| 1049 | private $_scriptUrl; |
||
| 1050 | |||
| 1051 | /** |
||
| 1052 | * Returns the relative URL of the entry script. |
||
| 1053 | * The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework. |
||
| 1054 | * @return string the relative URL of the entry script. |
||
| 1055 | * @throws InvalidConfigException if unable to determine the entry script URL |
||
| 1056 | */ |
||
| 1057 | 253 | public function getScriptUrl() |
|
| 1080 | |||
| 1081 | /** |
||
| 1082 | * Sets the relative URL for the application entry script. |
||
| 1083 | * This setter is provided in case the entry script URL cannot be determined |
||
| 1084 | * on certain Web servers. |
||
| 1085 | * @param string $value the relative URL for the application entry script. |
||
| 1086 | */ |
||
| 1087 | 263 | public function setScriptUrl($value) |
|
| 1091 | |||
| 1092 | private $_scriptFile; |
||
| 1093 | |||
| 1094 | /** |
||
| 1095 | * Returns the entry script file path. |
||
| 1096 | * The default implementation will simply return `$_SERVER['SCRIPT_FILENAME']`. |
||
| 1097 | * @return string the entry script file path |
||
| 1098 | * @throws InvalidConfigException |
||
| 1099 | */ |
||
| 1100 | 254 | public function getScriptFile() |
|
| 1112 | |||
| 1113 | /** |
||
| 1114 | * Sets the entry script file path. |
||
| 1115 | * The entry script file path normally can be obtained from `$_SERVER['SCRIPT_FILENAME']`. |
||
| 1116 | * If your server configuration does not return the correct value, you may configure |
||
| 1117 | * this property to make it right. |
||
| 1118 | * @param string $value the entry script file path. |
||
| 1119 | */ |
||
| 1120 | 242 | public function setScriptFile($value) |
|
| 1124 | |||
| 1125 | private $_pathInfo; |
||
| 1126 | |||
| 1127 | /** |
||
| 1128 | * Returns the path info of the currently requested URL. |
||
| 1129 | * A path info refers to the part that is after the entry script and before the question mark (query string). |
||
| 1130 | * The starting and ending slashes are both removed. |
||
| 1131 | * @return string part of the request URL that is after the entry script and before the question mark. |
||
| 1132 | * Note, the returned path info is already URL-decoded. |
||
| 1133 | * @throws InvalidConfigException if the path info cannot be determined due to unexpected server configuration |
||
| 1134 | */ |
||
| 1135 | 17 | public function getPathInfo() |
|
| 1143 | |||
| 1144 | /** |
||
| 1145 | * Sets the path info of the current request. |
||
| 1146 | * This method is mainly provided for testing purpose. |
||
| 1147 | * @param string $value the path info of the current request |
||
| 1148 | */ |
||
| 1149 | 18 | public function setPathInfo($value) |
|
| 1153 | |||
| 1154 | /** |
||
| 1155 | * Resolves the path info part of the currently requested URL. |
||
| 1156 | * A path info refers to the part that is after the entry script and before the question mark (query string). |
||
| 1157 | * The starting slashes are both removed (ending slashes will be kept). |
||
| 1158 | * @return string part of the request URL that is after the entry script and before the question mark. |
||
| 1159 | * Note, the returned path info is decoded. |
||
| 1160 | * @throws InvalidConfigException if the path info cannot be determined due to unexpected server configuration |
||
| 1161 | */ |
||
| 1162 | protected function resolvePathInfo() |
||
| 1206 | |||
| 1207 | /** |
||
| 1208 | * Returns the currently requested absolute URL. |
||
| 1209 | * This is a shortcut to the concatenation of [[hostInfo]] and [[url]]. |
||
| 1210 | * @return string the currently requested absolute URL. |
||
| 1211 | */ |
||
| 1212 | public function getAbsoluteUrl() |
||
| 1216 | |||
| 1217 | private $_url; |
||
| 1218 | |||
| 1219 | /** |
||
| 1220 | * Returns the currently requested relative URL. |
||
| 1221 | * This refers to the portion of the URL that is after the [[hostInfo]] part. |
||
| 1222 | * It includes the [[queryString]] part if any. |
||
| 1223 | * @return string the currently requested relative URL. Note that the URI returned may be URL-encoded depending on the client. |
||
| 1224 | * @throws InvalidConfigException if the URL cannot be determined due to unusual server configuration |
||
| 1225 | */ |
||
| 1226 | 9 | public function getUrl() |
|
| 1234 | |||
| 1235 | /** |
||
| 1236 | * Sets the currently requested relative URL. |
||
| 1237 | * The URI must refer to the portion that is after [[hostInfo]]. |
||
| 1238 | * Note that the URI should be URL-encoded. |
||
| 1239 | * @param string $value the request URI to be set |
||
| 1240 | */ |
||
| 1241 | 24 | public function setUrl($value) |
|
| 1245 | |||
| 1246 | /** |
||
| 1247 | * Resolves the request URI portion for the currently requested URL. |
||
| 1248 | * This refers to the portion that is after the [[hostInfo]] part. It includes the [[queryString]] part if any. |
||
| 1249 | * The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework. |
||
| 1250 | * @return string|bool the request URI portion for the currently requested URL. |
||
| 1251 | * Note that the URI returned may be URL-encoded depending on the client. |
||
| 1252 | * @throws InvalidConfigException if the request URI cannot be determined due to unusual server configuration |
||
| 1253 | */ |
||
| 1254 | 2 | protected function resolveRequestUri() |
|
| 1276 | |||
| 1277 | /** |
||
| 1278 | * Returns part of the request URL that is after the question mark. |
||
| 1279 | * @return string part of the request URL that is after the question mark |
||
| 1280 | */ |
||
| 1281 | public function getQueryString() |
||
| 1285 | |||
| 1286 | /** |
||
| 1287 | * Return if the request is sent via secure channel (https). |
||
| 1288 | * @return bool if the request is sent via secure channel (https) |
||
| 1289 | */ |
||
| 1290 | 36 | public function getIsSecureConnection() |
|
| 1308 | |||
| 1309 | /** |
||
| 1310 | * Returns the server name. |
||
| 1311 | * @return string server name, null if not available |
||
| 1312 | */ |
||
| 1313 | 1 | public function getServerName() |
|
| 1317 | |||
| 1318 | /** |
||
| 1319 | * Returns the server port number. |
||
| 1320 | * @return int|null server port number, null if not available |
||
| 1321 | */ |
||
| 1322 | 2 | public function getServerPort() |
|
| 1327 | |||
| 1328 | /** |
||
| 1329 | * Returns the URL referrer. |
||
| 1330 | * @return string|null URL referrer, null if not available |
||
| 1331 | */ |
||
| 1332 | public function getReferrer() |
||
| 1339 | |||
| 1340 | /** |
||
| 1341 | * Returns the URL origin of a CORS request. |
||
| 1342 | * |
||
| 1343 | * The return value is taken from the `Origin` [[getHeaders()|header]] sent by the browser. |
||
| 1344 | * |
||
| 1345 | * Note that the origin request header indicates where a fetch originates from. |
||
| 1346 | * It doesn't include any path information, but only the server name. |
||
| 1347 | * It is sent with a CORS requests, as well as with POST requests. |
||
| 1348 | * It is similar to the referer header, but, unlike this header, it doesn't disclose the whole path. |
||
| 1349 | * Please refer to <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin> for more information. |
||
| 1350 | * |
||
| 1351 | * @return string|null URL origin of a CORS request, `null` if not available. |
||
| 1352 | * @see getHeaders() |
||
| 1353 | * @since 2.0.13 |
||
| 1354 | */ |
||
| 1355 | 1 | public function getOrigin() |
|
| 1359 | |||
| 1360 | /** |
||
| 1361 | * Returns the user agent. |
||
| 1362 | * @return string|null user agent, null if not available |
||
| 1363 | */ |
||
| 1364 | public function getUserAgent() |
||
| 1371 | |||
| 1372 | /** |
||
| 1373 | * Returns the user IP address. |
||
| 1374 | * The IP is determined using headers and / or `$_SERVER` variables. |
||
| 1375 | * @return string|null user IP address, null if not available |
||
| 1376 | */ |
||
| 1377 | 37 | public function getUserIP() |
|
| 1387 | |||
| 1388 | /** |
||
| 1389 | * Returns the user host name. |
||
| 1390 | * The HOST is determined using headers and / or `$_SERVER` variables. |
||
| 1391 | * @return string|null user host name, null if not available |
||
| 1392 | */ |
||
| 1393 | public function getUserHost() |
||
| 1403 | |||
| 1404 | /** |
||
| 1405 | * Returns the IP on the other end of this connection. |
||
| 1406 | * This is always the next hop, any headers are ignored. |
||
| 1407 | * @return string|null remote IP address, `null` if not available. |
||
| 1408 | * @since 2.0.13 |
||
| 1409 | */ |
||
| 1410 | 57 | public function getRemoteIP() |
|
| 1414 | |||
| 1415 | /** |
||
| 1416 | * Returns the host name of the other end of this connection. |
||
| 1417 | * This is always the next hop, any headers are ignored. |
||
| 1418 | * @return string|null remote host name, `null` if not available |
||
| 1419 | * @see getUserHost() |
||
| 1420 | * @see getRemoteIP() |
||
| 1421 | * @since 2.0.13 |
||
| 1422 | */ |
||
| 1423 | public function getRemoteHost() |
||
| 1427 | |||
| 1428 | /** |
||
| 1429 | * @return string|null the username sent via HTTP authentication, `null` if the username is not given |
||
| 1430 | * @see getAuthCredentials() to get both username and password in one call |
||
| 1431 | */ |
||
| 1432 | 9 | public function getAuthUser() |
|
| 1436 | |||
| 1437 | /** |
||
| 1438 | * @return string|null the password sent via HTTP authentication, `null` if the password is not given |
||
| 1439 | * @see getAuthCredentials() to get both username and password in one call |
||
| 1440 | */ |
||
| 1441 | 9 | public function getAuthPassword() |
|
| 1445 | |||
| 1446 | /** |
||
| 1447 | * @return array that contains exactly two elements: |
||
| 1448 | * - 0: the username sent via HTTP authentication, `null` if the username is not given |
||
| 1449 | * - 1: the password sent via HTTP authentication, `null` if the password is not given |
||
| 1450 | * @see getAuthUser() to get only username |
||
| 1451 | * @see getAuthPassword() to get only password |
||
| 1452 | * @since 2.0.13 |
||
| 1453 | */ |
||
| 1454 | 19 | public function getAuthCredentials() |
|
| 1483 | |||
| 1484 | private $_port; |
||
| 1485 | |||
| 1486 | /** |
||
| 1487 | * Returns the port to use for insecure requests. |
||
| 1488 | * Defaults to 80, or the port specified by the server if the current |
||
| 1489 | * request is insecure. |
||
| 1490 | * @return int port number for insecure requests. |
||
| 1491 | * @see setPort() |
||
| 1492 | */ |
||
| 1493 | 1 | public function getPort() |
|
| 1502 | |||
| 1503 | /** |
||
| 1504 | * Sets the port to use for insecure requests. |
||
| 1505 | * This setter is provided in case a custom port is necessary for certain |
||
| 1506 | * server configurations. |
||
| 1507 | * @param int $value port number. |
||
| 1508 | */ |
||
| 1509 | public function setPort($value) |
||
| 1516 | |||
| 1517 | private $_securePort; |
||
| 1518 | |||
| 1519 | /** |
||
| 1520 | * Returns the port to use for secure requests. |
||
| 1521 | * Defaults to 443, or the port specified by the server if the current |
||
| 1522 | * request is secure. |
||
| 1523 | * @return int port number for secure requests. |
||
| 1524 | * @see setSecurePort() |
||
| 1525 | */ |
||
| 1526 | public function getSecurePort() |
||
| 1535 | |||
| 1536 | /** |
||
| 1537 | * Sets the port to use for secure requests. |
||
| 1538 | * This setter is provided in case a custom port is necessary for certain |
||
| 1539 | * server configurations. |
||
| 1540 | * @param int $value port number. |
||
| 1541 | */ |
||
| 1542 | public function setSecurePort($value) |
||
| 1549 | |||
| 1550 | private $_contentTypes; |
||
| 1551 | |||
| 1552 | /** |
||
| 1553 | * Returns the content types acceptable by the end user. |
||
| 1554 | * |
||
| 1555 | * This is determined by the `Accept` HTTP header. For example, |
||
| 1556 | * |
||
| 1557 | * ```php |
||
| 1558 | * $_SERVER['HTTP_ACCEPT'] = 'text/plain; q=0.5, application/json; version=1.0, application/xml; version=2.0;'; |
||
| 1559 | * $types = $request->getAcceptableContentTypes(); |
||
| 1560 | * print_r($types); |
||
| 1561 | * // displays: |
||
| 1562 | * // [ |
||
| 1563 | * // 'application/json' => ['q' => 1, 'version' => '1.0'], |
||
| 1564 | * // 'application/xml' => ['q' => 1, 'version' => '2.0'], |
||
| 1565 | * // 'text/plain' => ['q' => 0.5], |
||
| 1566 | * // ] |
||
| 1567 | * ``` |
||
| 1568 | * |
||
| 1569 | * @return array the content types ordered by the quality score. Types with the highest scores |
||
| 1570 | * will be returned first. The array keys are the content types, while the array values |
||
| 1571 | * are the corresponding quality score and other parameters as given in the header. |
||
| 1572 | */ |
||
| 1573 | 3 | public function getAcceptableContentTypes() |
|
| 1585 | |||
| 1586 | /** |
||
| 1587 | * Sets the acceptable content types. |
||
| 1588 | * Please refer to [[getAcceptableContentTypes()]] on the format of the parameter. |
||
| 1589 | * @param array $value the content types that are acceptable by the end user. They should |
||
| 1590 | * be ordered by the preference level. |
||
| 1591 | * @see getAcceptableContentTypes() |
||
| 1592 | * @see parseAcceptHeader() |
||
| 1593 | */ |
||
| 1594 | 1 | public function setAcceptableContentTypes($value) |
|
| 1598 | |||
| 1599 | /** |
||
| 1600 | * Returns request content-type |
||
| 1601 | * The Content-Type header field indicates the MIME type of the data |
||
| 1602 | * contained in [[getBody()]] or, in the case of the HEAD method, the |
||
| 1603 | * media type that would have been sent had the request been a GET. |
||
| 1604 | * For the MIME-types the user expects in response, see [[acceptableContentTypes]]. |
||
| 1605 | * @return string request content-type. Empty string is returned if this information is not available. |
||
| 1606 | * @link https://tools.ietf.org/html/rfc2616#section-14.17 |
||
| 1607 | * HTTP 1.1 header field definitions |
||
| 1608 | */ |
||
| 1609 | 12 | public function getContentType() |
|
| 1613 | |||
| 1614 | private $_languages; |
||
| 1615 | |||
| 1616 | /** |
||
| 1617 | * Returns the languages acceptable by the end user. |
||
| 1618 | * This is determined by the `Accept-Language` HTTP header. |
||
| 1619 | * @return array the languages ordered by the preference level. The first element |
||
| 1620 | * represents the most preferred language. |
||
| 1621 | */ |
||
| 1622 | 1 | public function getAcceptableLanguages() |
|
| 1634 | |||
| 1635 | /** |
||
| 1636 | * @param array $value the languages that are acceptable by the end user. They should |
||
| 1637 | * be ordered by the preference level. |
||
| 1638 | */ |
||
| 1639 | 1 | public function setAcceptableLanguages($value) |
|
| 1643 | |||
| 1644 | /** |
||
| 1645 | * Parses the given `Accept` (or `Accept-Language`) header. |
||
| 1646 | * |
||
| 1647 | * This method will return the acceptable values with their quality scores and the corresponding parameters |
||
| 1648 | * as specified in the given `Accept` header. The array keys of the return value are the acceptable values, |
||
| 1649 | * while the array values consisting of the corresponding quality scores and parameters. The acceptable |
||
| 1650 | * values with the highest quality scores will be returned first. For example, |
||
| 1651 | * |
||
| 1652 | * ```php |
||
| 1653 | * $header = 'text/plain; q=0.5, application/json; version=1.0, application/xml; version=2.0;'; |
||
| 1654 | * $accepts = $request->parseAcceptHeader($header); |
||
| 1655 | * print_r($accepts); |
||
| 1656 | * // displays: |
||
| 1657 | * // [ |
||
| 1658 | * // 'application/json' => ['q' => 1, 'version' => '1.0'], |
||
| 1659 | * // 'application/xml' => ['q' => 1, 'version' => '2.0'], |
||
| 1660 | * // 'text/plain' => ['q' => 0.5], |
||
| 1661 | * // ] |
||
| 1662 | * ``` |
||
| 1663 | * |
||
| 1664 | * @param string $header the header to be parsed |
||
| 1665 | * @return array the acceptable values ordered by their quality score. The values with the highest scores |
||
| 1666 | * will be returned first. |
||
| 1667 | */ |
||
| 1668 | 3 | public function parseAcceptHeader($header) |
|
| 1735 | |||
| 1736 | /** |
||
| 1737 | * Returns the user-preferred language that should be used by this application. |
||
| 1738 | * The language resolution is based on the user preferred languages and the languages |
||
| 1739 | * supported by the application. The method will try to find the best match. |
||
| 1740 | * @param array $languages a list of the languages supported by the application. If this is empty, the current |
||
| 1741 | * application language will be returned without further processing. |
||
| 1742 | * @return string the language that the application should use. |
||
| 1743 | */ |
||
| 1744 | 1 | public function getPreferredLanguage(array $languages = []) |
|
| 1766 | |||
| 1767 | /** |
||
| 1768 | * Gets the Etags. |
||
| 1769 | * |
||
| 1770 | * @return array The entity tags |
||
| 1771 | */ |
||
| 1772 | public function getETags() |
||
| 1780 | |||
| 1781 | /** |
||
| 1782 | * Returns the cookie collection. |
||
| 1783 | * |
||
| 1784 | * Through the returned cookie collection, you may access a cookie using the following syntax: |
||
| 1785 | * |
||
| 1786 | * ```php |
||
| 1787 | * $cookie = $request->cookies['name'] |
||
| 1788 | * if ($cookie !== null) { |
||
| 1789 | * $value = $cookie->value; |
||
| 1790 | * } |
||
| 1791 | * |
||
| 1792 | * // alternatively |
||
| 1793 | * $value = $request->cookies->getValue('name'); |
||
| 1794 | * ``` |
||
| 1795 | * |
||
| 1796 | * @return CookieCollection the cookie collection. |
||
| 1797 | */ |
||
| 1798 | 45 | public function getCookies() |
|
| 1808 | |||
| 1809 | /** |
||
| 1810 | * Converts [[cookieParams]] into an array of [[Cookie]]. |
||
| 1811 | * @return array the cookies obtained from request |
||
| 1812 | * @throws InvalidConfigException if [[cookieValidationKey]] is not set when [[enableCookieValidation]] is true |
||
| 1813 | */ |
||
| 1814 | 45 | protected function loadCookies() |
|
| 1852 | |||
| 1853 | /** |
||
| 1854 | * {@inheritdoc} |
||
| 1855 | * @since 2.1.0 |
||
| 1856 | */ |
||
| 1857 | 12 | public function getUploadedFiles() |
|
| 1867 | |||
| 1868 | /** |
||
| 1869 | * Sets uploaded files for this request. |
||
| 1870 | * Data structure for the uploaded files should follow [PSR-7 Uploaded Files specs](http://www.php-fig.org/psr/psr-7/#16-uploaded-files). |
||
| 1871 | * @param array|null $uploadedFiles uploaded files. |
||
| 1872 | * @since 2.1.0 |
||
| 1873 | */ |
||
| 1874 | 6 | public function setUploadedFiles($uploadedFiles) |
|
| 1878 | |||
| 1879 | /** |
||
| 1880 | * {@inheritdoc} |
||
| 1881 | * @since 2.1.0 |
||
| 1882 | */ |
||
| 1883 | public function withUploadedFiles(array $uploadedFiles) |
||
| 1889 | |||
| 1890 | /** |
||
| 1891 | * Initializes default uploaded files data structure parsing super-global $_FILES. |
||
| 1892 | * @see http://www.php-fig.org/psr/psr-7/#16-uploaded-files |
||
| 1893 | * @return array uploaded files. |
||
| 1894 | * @since 2.1.0 |
||
| 1895 | */ |
||
| 1896 | 6 | protected function defaultUploadedFiles() |
|
| 1906 | |||
| 1907 | /** |
||
| 1908 | * Populates uploaded files array from $_FILE data structure recursively. |
||
| 1909 | * @param array $files uploaded files array to be populated. |
||
| 1910 | * @param mixed $names file names provided by PHP |
||
| 1911 | * @param mixed $tempNames temporary file names provided by PHP |
||
| 1912 | * @param mixed $types file types provided by PHP |
||
| 1913 | * @param mixed $sizes file sizes provided by PHP |
||
| 1914 | * @param mixed $errors uploading issues provided by PHP |
||
| 1915 | * @since 2.1.0 |
||
| 1916 | */ |
||
| 1917 | 3 | private function populateUploadedFileRecursive(&$files, $names, $tempNames, $types, $sizes, $errors) |
|
| 1935 | |||
| 1936 | /** |
||
| 1937 | * Returns an uploaded file according to the given name. |
||
| 1938 | * Name can be either a string HTML form input name, e.g. 'Item[file]' or array path, e.g. `['Item', 'file']`. |
||
| 1939 | * Note: this method returns `null` in case given name matches multiple files. |
||
| 1940 | * @param string|array $name HTML form input name or array path. |
||
| 1941 | * @return UploadedFileInterface|null uploaded file instance, `null` - if not found. |
||
| 1942 | * @since 2.1.0 |
||
| 1943 | */ |
||
| 1944 | 1 | public function getUploadedFileByName($name) |
|
| 1952 | |||
| 1953 | /** |
||
| 1954 | * Returns the list of uploaded file instances according to the given name. |
||
| 1955 | * Name can be either a string HTML form input name, e.g. 'Item[file]' or array path, e.g. `['Item', 'file']`. |
||
| 1956 | * Note: this method does NOT preserve uploaded files structure - it returns instances in single-level array (list), |
||
| 1957 | * even if they are set by nested keys. |
||
| 1958 | * @param string|array $name HTML form input name or array path. |
||
| 1959 | * @return UploadedFileInterface[] list of uploaded file instances. |
||
| 1960 | * @since 2.1.0 |
||
| 1961 | */ |
||
| 1962 | 1 | public function getUploadedFilesByName($name) |
|
| 1973 | |||
| 1974 | /** |
||
| 1975 | * Finds the uploaded file or set of uploaded files inside [[$uploadedFiles]] according to given name. |
||
| 1976 | * Name can be either a string HTML form input name, e.g. 'Item[file]' or array path, e.g. `['Item', 'file']`. |
||
| 1977 | * @param string|array $name HTML form input name or array path. |
||
| 1978 | * @return UploadedFileInterface|array|null |
||
| 1979 | * @since 2.1.0 |
||
| 1980 | */ |
||
| 1981 | 2 | private function findUploadedFiles($name) |
|
| 1988 | |||
| 1989 | /** |
||
| 1990 | * Reduces complex uploaded files structure to the single-level array (list). |
||
| 1991 | * @param array $uploadedFiles raw set of the uploaded files. |
||
| 1992 | * @return UploadedFileInterface[] list of uploaded files. |
||
| 1993 | * @since 2.1.0 |
||
| 1994 | */ |
||
| 1995 | private function reduceUploadedFiles($uploadedFiles) |
||
| 2006 | |||
| 2007 | private $_csrfToken; |
||
| 2008 | |||
| 2009 | /** |
||
| 2010 | * Returns the token used to perform CSRF validation. |
||
| 2011 | * |
||
| 2012 | * This token is generated in a way to prevent [BREACH attacks](http://breachattack.com/). It may be passed |
||
| 2013 | * along via a hidden field of an HTML form or an HTTP header value to support CSRF validation. |
||
| 2014 | * @param bool $regenerate whether to regenerate CSRF token. When this parameter is true, each time |
||
| 2015 | * this method is called, a new CSRF token will be generated and persisted (in session or cookie). |
||
| 2016 | * @return string the token used to perform CSRF validation. |
||
| 2017 | */ |
||
| 2018 | 51 | public function getCsrfToken($regenerate = false) |
|
| 2030 | |||
| 2031 | /** |
||
| 2032 | * Loads the CSRF token from cookie or session. |
||
| 2033 | * @return string the CSRF token loaded from cookie or session. Null is returned if the cookie or session |
||
| 2034 | * does not have CSRF token. |
||
| 2035 | */ |
||
| 2036 | 51 | protected function loadCsrfToken() |
|
| 2044 | |||
| 2045 | /** |
||
| 2046 | * Generates an unmasked random token used to perform CSRF validation. |
||
| 2047 | * @return string the random token for CSRF validation. |
||
| 2048 | */ |
||
| 2049 | 47 | protected function generateCsrfToken() |
|
| 2061 | |||
| 2062 | /** |
||
| 2063 | * @return string the CSRF token sent via [[CSRF_HEADER]] by browser. Null is returned if no such header is sent. |
||
| 2064 | */ |
||
| 2065 | 3 | public function getCsrfTokenFromHeader() |
|
| 2069 | |||
| 2070 | /** |
||
| 2071 | * Creates a cookie with a randomly generated CSRF token. |
||
| 2072 | * Initial values specified in [[csrfCookie]] will be applied to the generated cookie. |
||
| 2073 | * @param string $token the CSRF token |
||
| 2074 | * @return Cookie the generated cookie |
||
| 2075 | * @see enableCsrfValidation |
||
| 2076 | */ |
||
| 2077 | 46 | protected function createCsrfCookie($token) |
|
| 2086 | |||
| 2087 | /** |
||
| 2088 | * Performs the CSRF validation. |
||
| 2089 | * |
||
| 2090 | * This method will validate the user-provided CSRF token by comparing it with the one stored in cookie or session. |
||
| 2091 | * This method is mainly called in [[Controller::beforeAction()]]. |
||
| 2092 | * |
||
| 2093 | * Note that the method will NOT perform CSRF validation if [[enableCsrfValidation]] is false or the HTTP method |
||
| 2094 | * is among GET, HEAD or OPTIONS. |
||
| 2095 | * |
||
| 2096 | * @param string $clientSuppliedToken the user-provided CSRF token to be validated. If null, the token will be retrieved from |
||
| 2097 | * the [[csrfParam]] POST field or HTTP header. |
||
| 2098 | * This parameter is available since version 2.0.4. |
||
| 2099 | * @return bool whether CSRF token is valid. If [[enableCsrfValidation]] is false, this method will return true. |
||
| 2100 | */ |
||
| 2101 | 36 | public function validateCsrfToken($clientSuppliedToken = null) |
|
| 2118 | |||
| 2119 | /** |
||
| 2120 | * Validates CSRF token. |
||
| 2121 | * |
||
| 2122 | * @param string $clientSuppliedToken The masked client-supplied token. |
||
| 2123 | * @param string $trueToken The masked true token. |
||
| 2124 | * @return bool |
||
| 2125 | */ |
||
| 2126 | 4 | private function validateCsrfTokenInternal($clientSuppliedToken, $trueToken) |
|
| 2136 | |||
| 2137 | /** |
||
| 2138 | * {@inheritdoc} |
||
| 2139 | * @since 2.1.0 |
||
| 2140 | */ |
||
| 2141 | 3 | public function getAttributes() |
|
| 2148 | |||
| 2149 | /** |
||
| 2150 | * @param array $attributes attributes derived from the request. |
||
| 2151 | */ |
||
| 2152 | 3 | public function setAttributes(array $attributes) |
|
| 2156 | |||
| 2157 | /** |
||
| 2158 | * {@inheritdoc} |
||
| 2159 | * @since 2.1.0 |
||
| 2160 | */ |
||
| 2161 | 1 | public function getAttribute($name, $default = null) |
|
| 2170 | |||
| 2171 | /** |
||
| 2172 | * {@inheritdoc} |
||
| 2173 | * @since 2.1.0 |
||
| 2174 | */ |
||
| 2175 | 1 | public function withAttribute($name, $value) |
|
| 2188 | |||
| 2189 | /** |
||
| 2190 | * {@inheritdoc} |
||
| 2191 | * @since 2.1.0 |
||
| 2192 | */ |
||
| 2193 | 1 | public function withoutAttribute($name) |
|
| 2206 | |||
| 2207 | /** |
||
| 2208 | * Returns default server request attributes to be used in case they are not explicitly set. |
||
| 2209 | * @return array attributes derived from the request. |
||
| 2210 | * @since 2.1.0 |
||
| 2211 | */ |
||
| 2212 | protected function defaultAttributes() |
||
| 2216 | |||
| 2217 | /** |
||
| 2218 | * {@inheritdoc} |
||
| 2219 | */ |
||
| 2220 | 3 | public function __clone() |
|
| 2230 | } |
||
| 2231 |
Loading history...
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.