Request.php 25.4 KB
Newer Older
Qiang Xue committed
1 2 3
<?php
/**
 * @link http://www.yiiframework.com/
Qiang Xue committed
4
 * @copyright Copyright (c) 2008 Yii Software LLC
Qiang Xue committed
5 6 7
 * @license http://www.yiiframework.com/license/
 */

Qiang Xue committed
8
namespace yii\web;
Qiang Xue committed
9

Qiang Xue committed
10
use Yii;
Qiang Xue committed
11
use yii\web\HttpException;
Qiang Xue committed
12
use yii\base\InvalidConfigException;
Qiang Xue committed
13
use yii\helpers\SecurityHelper;
Qiang Xue committed
14

Qiang Xue committed
15 16
/**
 * @author Qiang Xue <qiang.xue@gmail.com>
Qiang Xue committed
17
 * @since 2.0
Qiang Xue committed
18
 */
Qiang Xue committed
19
class Request extends \yii\base\Request
Qiang Xue committed
20
{
Qiang Xue committed
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
	/**
	 * @var boolean whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to false.
	 * By setting this property to true, forms submitted to an Yii Web application must be originated
	 * from the same application. If not, a 400 HTTP exception will be raised.
	 *
	 * Note, this feature requires that the user client accepts cookie. Also, to use this feature,
	 * forms submitted via POST method must contain a hidden input whose name is specified by [[csrfTokenName]].
	 * You may use [[\yii\web\Html::beginForm()]] to generate his hidden input.
	 * @see http://en.wikipedia.org/wiki/Cross-site_request_forgery
	 */
	public $enableCsrfValidation = false;
	/**
	 * @var string the name of the token used to prevent CSRF. Defaults to 'YII_CSRF_TOKEN'.
	 * This property is effectively only when {@link enableCsrfValidation} is true.
	 */
	public $csrfTokenName = '_csrf';
	/**
	 * @var array the configuration of the CSRF cookie. This property is used only when [[enableCsrfValidation]] is true.
	 * @see Cookie
	 */
Qiang Xue committed
41
	public $csrfCookie = array('httpOnly' => true);
Qiang Xue committed
42
	/**
Qiang Xue committed
43
	 * @var boolean whether cookies should be validated to ensure they are not tampered. Defaults to true.
Qiang Xue committed
44
	 */
Qiang Xue committed
45
	public $enableCookieValidation = true;
Qiang Xue committed
46 47
	/**
	 * @var string|boolean the name of the POST parameter that is used to indicate if a request is a PUT or DELETE
48
	 * request tunneled through POST. Default to '_method'.
49
	 * @see getMethod
Qiang Xue committed
50 51 52
	 * @see getRestParams
	 */
	public $restVar = '_method';
Qiang Xue committed
53 54 55

	private $_cookies;

Qiang Xue committed
56

Qiang Xue committed
57 58 59 60 61 62 63
	/**
	 * Resolves the current request into a route and the associated parameters.
	 * @return array the first element is the route, and the second is the associated parameters.
	 * @throws HttpException if the request cannot be resolved.
	 */
	public function resolve()
	{
Qiang Xue committed
64 65
		$this->validateCsrfToken();

Qiang Xue committed
66 67 68
		$result = Yii::$app->getUrlManager()->parseRequest($this);
		if ($result !== false) {
			list ($route, $params) = $result;
69 70
			$_GET = array_merge($_GET, $params);
			return array($route, $_GET);
Qiang Xue committed
71
		} else {
72
			throw new HttpException(404, Yii::t('yii', 'Page not found.'));
Qiang Xue committed
73 74 75
		}
	}

Qiang Xue committed
76 77 78 79 80
	/**
	 * Returns the method of the current request (e.g. GET, POST, HEAD, PUT, DELETE).
	 * @return string request method, such as GET, POST, HEAD, PUT, DELETE.
	 * The value returned is turned into upper case.
	 */
81
	public function getMethod()
Qiang Xue committed
82
	{
83
		if (isset($_POST[$this->restVar])) {
Qiang Xue committed
84
			return strtoupper($_POST[$this->restVar]);
Qiang Xue committed
85 86 87 88 89 90 91 92 93
		} else {
			return isset($_SERVER['REQUEST_METHOD']) ? strtoupper($_SERVER['REQUEST_METHOD']) : 'GET';
		}
	}

	/**
	 * Returns whether this is a POST request.
	 * @return boolean whether this is a POST request.
	 */
Qiang Xue committed
94
	public function getIsPost()
Qiang Xue committed
95
	{
96
		return $this->getMethod() === 'POST';
Qiang Xue committed
97 98 99 100 101 102
	}

	/**
	 * Returns whether this is a DELETE request.
	 * @return boolean whether this is a DELETE request.
	 */
Qiang Xue committed
103
	public function getIsDelete()
Qiang Xue committed
104
	{
105
		return $this->getMethod() === 'DELETE';
Qiang Xue committed
106 107 108 109 110 111
	}

	/**
	 * Returns whether this is a PUT request.
	 * @return boolean whether this is a PUT request.
	 */
Qiang Xue committed
112
	public function getIsPut()
Qiang Xue committed
113
	{
114
		return $this->getMethod() === 'PUT';
Qiang Xue committed
115 116 117 118 119 120
	}

	/**
	 * Returns whether this is an AJAX (XMLHttpRequest) request.
	 * @return boolean whether this is an AJAX (XMLHttpRequest) request.
	 */
Qiang Xue committed
121
	public function getIsAjax()
Qiang Xue committed
122 123 124 125 126
	{
		return isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest';
	}

	/**
Qiang Xue committed
127
	 * Returns whether this is an Adobe Flash or Flex request.
Qiang Xue committed
128 129
	 * @return boolean whether this is an Adobe Flash or Adobe Flex request.
	 */
Qiang Xue committed
130
	public function getIsFlash()
Qiang Xue committed
131 132 133 134 135 136 137 138 139 140
	{
		return isset($_SERVER['HTTP_USER_AGENT']) &&
			(stripos($_SERVER['HTTP_USER_AGENT'], 'Shockwave') !== false || stripos($_SERVER['HTTP_USER_AGENT'], 'Flash') !== false);
	}

	private $_restParams;

	/**
	 * Returns the request parameters for the RESTful request.
	 * @return array the RESTful request parameters
141
	 * @see getMethod
Qiang Xue committed
142 143 144 145
	 */
	public function getRestParams()
	{
		if ($this->_restParams === null) {
146
			if (isset($_POST[$this->restVar])) {
Qiang Xue committed
147 148 149 150
				$this->_restParams = $_POST;
			} else {
				$this->_restParams = array();
				if (function_exists('mb_parse_str')) {
Qiang Xue committed
151
					mb_parse_str($this->getRawBody(), $this->_restParams);
Qiang Xue committed
152
				} else {
Qiang Xue committed
153
					parse_str($this->getRawBody(), $this->_restParams);
Qiang Xue committed
154 155 156 157 158 159
				}
			}
		}
		return $this->_restParams;
	}

Qiang Xue committed
160 161 162 163 164 165 166 167 168 169 170 171 172 173
	private $_rawBody;

	/**
	 * Returns the raw HTTP request body.
	 * @return string the request body
	 */
	public function getRawBody()
	{
		if ($this->_rawBody === null) {
			$this->_rawBody = file_get_contents('php://input');
		}
		return $this->_rawBody;
	}

Qiang Xue committed
174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194
	/**
	 * Sets the RESTful parameters.
	 * @param array $values the RESTful parameters (name-value pairs)
	 */
	public function setRestParams($values)
	{
		$this->_restParams = $values;
	}

	/**
	 * Returns the named RESTful parameter value.
	 * @param string $name the parameter name
	 * @param mixed $defaultValue the default parameter value if the parameter does not exist.
	 * @return mixed the parameter value
	 */
	public function getRestParam($name, $defaultValue = null)
	{
		$params = $this->getRestParams();
		return isset($params[$name]) ? $params[$name] : $defaultValue;
	}

Qiang Xue committed
195 196 197 198 199 200 201 202
	/**
	 * Returns the named GET parameter value.
	 * If the GET parameter does not exist, the second parameter to this method will be returned.
	 * @param string $name the GET parameter name
	 * @param mixed $defaultValue the default parameter value if the GET parameter does not exist.
	 * @return mixed the GET parameter value
	 * @see getPost
	 */
Qiang Xue committed
203
	public function get($name, $defaultValue = null)
Qiang Xue committed
204 205 206 207 208 209 210 211 212 213 214 215
	{
		return isset($_GET[$name]) ? $_GET[$name] : $defaultValue;
	}

	/**
	 * Returns the named POST parameter value.
	 * If the POST parameter does not exist, the second parameter to this method will be returned.
	 * @param string $name the POST parameter name
	 * @param mixed $defaultValue the default parameter value if the POST parameter does not exist.
	 * @return mixed the POST parameter value
	 * @see getParam
	 */
Qiang Xue committed
216
	public function getPost($name, $defaultValue = null)
Qiang Xue committed
217 218 219 220 221 222 223 224 225 226
	{
		return isset($_POST[$name]) ? $_POST[$name] : $defaultValue;
	}

	/**
	 * Returns the named DELETE parameter value.
	 * @param string $name the DELETE parameter name
	 * @param mixed $defaultValue the default parameter value if the DELETE parameter does not exist.
	 * @return mixed the DELETE parameter value
	 */
Qiang Xue committed
227
	public function getDelete($name, $defaultValue = null)
Qiang Xue committed
228
	{
Qiang Xue committed
229
		return $this->getIsDelete() ? $this->getRestParam($name, $defaultValue) : null;
Qiang Xue committed
230 231 232 233 234 235 236 237
	}

	/**
	 * Returns the named PUT parameter value.
	 * @param string $name the PUT parameter name
	 * @param mixed $defaultValue the default parameter value if the PUT parameter does not exist.
	 * @return mixed the PUT parameter value
	 */
Qiang Xue committed
238
	public function getPut($name, $defaultValue = null)
Qiang Xue committed
239
	{
Qiang Xue committed
240
		return $this->getIsPut() ? $this->getRestParam($name, $defaultValue) : null;
Qiang Xue committed
241 242
	}

Qiang Xue committed
243 244
	private $_hostInfo;

Qiang Xue committed
245
	/**
Qiang Xue committed
246
	 * Returns the schema and host part of the current request URL.
Qiang Xue committed
247 248
	 * The returned URL does not have an ending slash.
	 * By default this is determined based on the user request information.
Qiang Xue committed
249 250
	 * You may explicitly specify it by setting the [[setHostInfo()|hostInfo]] property.
	 * @return string schema and hostname part (with port number if needed) of the request URL (e.g. `http://www.yiiframework.com`)
Qiang Xue committed
251 252
	 * @see setHostInfo
	 */
Qiang Xue committed
253
	public function getHostInfo()
Qiang Xue committed
254
	{
Qiang Xue committed
255
		if ($this->_hostInfo === null) {
Qiang Xue committed
256 257
			$secure = $this->getIsSecureConnection();
			$http = $secure ? 'https' : 'http';
Qiang Xue committed
258 259 260 261 262 263 264 265
			if (isset($_SERVER['HTTP_HOST'])) {
				$this->_hostInfo = $http . '://' . $_SERVER['HTTP_HOST'];
			} else {
				$this->_hostInfo = $http . '://' . $_SERVER['SERVER_NAME'];
				$port = $secure ? $this->getSecurePort() : $this->getPort();
				if (($port !== 80 && !$secure) || ($port !== 443 && $secure)) {
					$this->_hostInfo .= ':' . $port;
				}
Qiang Xue committed
266 267 268
			}
		}

Qiang Xue committed
269
		return $this->_hostInfo;
Qiang Xue committed
270 271 272 273 274 275
	}

	/**
	 * Sets the schema and host part of the application URL.
	 * This setter is provided in case the schema and hostname cannot be determined
	 * on certain Web servers.
Qiang Xue committed
276
	 * @param string $value the schema and host part of the application URL. The trailing slashes will be removed.
Qiang Xue committed
277 278 279
	 */
	public function setHostInfo($value)
	{
Qiang Xue committed
280
		$this->_hostInfo = rtrim($value, '/');
Qiang Xue committed
281 282
	}

Qiang Xue committed
283 284
	private $_baseUrl;

Qiang Xue committed
285 286
	/**
	 * Returns the relative URL for the application.
Qiang Xue committed
287 288
	 * This is similar to [[scriptUrl]] except that it does not include the script file name,
	 * and the ending slashes are removed.
Qiang Xue committed
289 290 291
	 * @return string the relative URL for the application
	 * @see setScriptUrl
	 */
Qiang Xue committed
292
	public function getBaseUrl()
Qiang Xue committed
293
	{
Qiang Xue committed
294 295 296
		if ($this->_baseUrl === null) {
			$this->_baseUrl = rtrim(dirname($this->getScriptUrl()), '\\/');
		}
Qiang Xue committed
297
		return $this->_baseUrl;
Qiang Xue committed
298 299 300 301 302 303 304 305 306 307
	}

	/**
	 * Sets the relative URL for the application.
	 * By default the URL is determined based on the entry script URL.
	 * This setter is provided in case you want to change this behavior.
	 * @param string $value the relative URL for the application
	 */
	public function setBaseUrl($value)
	{
Qiang Xue committed
308
		$this->_baseUrl = $value;
Qiang Xue committed
309 310
	}

Qiang Xue committed
311 312
	private $_scriptUrl;

Qiang Xue committed
313 314 315 316
	/**
	 * Returns the relative URL of the entry script.
	 * The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework.
	 * @return string the relative URL of the entry script.
Qiang Xue committed
317
	 * @throws InvalidConfigException if unable to determine the entry script URL
Qiang Xue committed
318 319 320
	 */
	public function getScriptUrl()
	{
Qiang Xue committed
321
		if ($this->_scriptUrl === null) {
Qiang Xue committed
322 323
			$scriptFile = $this->getScriptFile();
			$scriptName = basename($scriptFile);
Qiang Xue committed
324 325
			if (basename($_SERVER['SCRIPT_NAME']) === $scriptName) {
				$this->_scriptUrl = $_SERVER['SCRIPT_NAME'];
Qiang Xue committed
326 327 328 329 330 331
			} elseif (basename($_SERVER['PHP_SELF']) === $scriptName) {
				$this->_scriptUrl = $_SERVER['PHP_SELF'];
			} elseif (isset($_SERVER['ORIG_SCRIPT_NAME']) && basename($_SERVER['ORIG_SCRIPT_NAME']) === $scriptName) {
				$this->_scriptUrl = $_SERVER['ORIG_SCRIPT_NAME'];
			} elseif (($pos = strpos($_SERVER['PHP_SELF'], '/' . $scriptName)) !== false) {
				$this->_scriptUrl = substr($_SERVER['SCRIPT_NAME'], 0, $pos) . '/' . $scriptName;
Qiang Xue committed
332 333
			} elseif (isset($_SERVER['DOCUMENT_ROOT']) && strpos($scriptFile, $_SERVER['DOCUMENT_ROOT']) === 0) {
				$this->_scriptUrl = str_replace('\\', '/', str_replace($_SERVER['DOCUMENT_ROOT'], '', $scriptFile));
Qiang Xue committed
334
			} else {
Qiang Xue committed
335
				throw new InvalidConfigException('Unable to determine the entry script URL.');
Qiang Xue committed
336
			}
Qiang Xue committed
337 338 339 340 341 342 343 344 345 346 347 348
		}
		return $this->_scriptUrl;
	}

	/**
	 * Sets the relative URL for the application entry script.
	 * This setter is provided in case the entry script URL cannot be determined
	 * on certain Web servers.
	 * @param string $value the relative URL for the application entry script.
	 */
	public function setScriptUrl($value)
	{
Qiang Xue committed
349
		$this->_scriptUrl = '/' . trim($value, '/');
Qiang Xue committed
350 351
	}

Qiang Xue committed
352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375
	private $_scriptFile;

	/**
	 * Returns the entry script file path.
	 * The default implementation will simply return `$_SERVER['SCRIPT_FILENAME']`.
	 * @return string the entry script file path
	 */
	public function getScriptFile()
	{
		return isset($this->_scriptFile) ? $this->_scriptFile : $_SERVER['SCRIPT_FILENAME'];
	}

	/**
	 * Sets the entry script file path.
	 * The entry script file path normally can be obtained from `$_SERVER['SCRIPT_FILENAME']`.
	 * If your server configuration does not return the correct value, you may configure
	 * this property to make it right.
	 * @param string $value the entry script file path.
	 */
	public function setScriptFile($value)
	{
		$this->_scriptFile = $value;
	}

Qiang Xue committed
376 377
	private $_pathInfo;

Qiang Xue committed
378 379
	/**
	 * Returns the path info of the currently requested URL.
Qiang Xue committed
380 381
	 * A path info refers to the part that is after the entry script and before the question mark (query string).
	 * The starting and ending slashes are both removed.
Qiang Xue committed
382
	 * @return string part of the request URL that is after the entry script and before the question mark.
Qiang Xue committed
383
	 * Note, the returned path info is already URL-decoded.
Qiang Xue committed
384
	 * @throws InvalidConfigException if the path info cannot be determined due to unexpected server configuration
Qiang Xue committed
385 386 387
	 */
	public function getPathInfo()
	{
Qiang Xue committed
388
		if ($this->_pathInfo === null) {
Qiang Xue committed
389 390 391 392
			$this->_pathInfo = $this->resolvePathInfo();
		}
		return $this->_pathInfo;
	}
Qiang Xue committed
393

Qiang Xue committed
394 395 396 397 398
	/**
	 * Sets the path info of the current request.
	 * This method is mainly provided for testing purpose.
	 * @param string $value the path info of the current request
	 */
Qiang Xue committed
399 400 401 402 403
	public function setPathInfo($value)
	{
		$this->_pathInfo = trim($value, '/');
	}

Qiang Xue committed
404 405 406 407 408 409
	/**
	 * Resolves the path info part of the currently requested URL.
	 * A path info refers to the part that is after the entry script and before the question mark (query string).
	 * The starting and ending slashes are both removed.
	 * @return string part of the request URL that is after the entry script and before the question mark.
	 * Note, the returned path info is decoded.
Qiang Xue committed
410
	 * @throws InvalidConfigException if the path info cannot be determined due to unexpected server configuration
Qiang Xue committed
411 412 413
	 */
	protected function resolvePathInfo()
	{
Qiang Xue committed
414
		$pathInfo = $this->getUrl();
Qiang Xue committed
415

Qiang Xue committed
416 417 418
		if (($pos = strpos($pathInfo, '?')) !== false) {
			$pathInfo = substr($pathInfo, 0, $pos);
		}
Qiang Xue committed
419

Qiang Xue committed
420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435
		$pathInfo = urldecode($pathInfo);

		// try to encode in UTF8 if not so
		// http://w3.org/International/questions/qa-forms-utf-8.html
		if (!preg_match('%^(?:
				[\x09\x0A\x0D\x20-\x7E]              # ASCII
				| [\xC2-\xDF][\x80-\xBF]             # non-overlong 2-byte
				| \xE0[\xA0-\xBF][\x80-\xBF]         # excluding overlongs
				| [\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}  # straight 3-byte
				| \xED[\x80-\x9F][\x80-\xBF]         # excluding surrogates
				| \xF0[\x90-\xBF][\x80-\xBF]{2}      # planes 1-3
				| [\xF1-\xF3][\x80-\xBF]{3}          # planes 4-15
				| \xF4[\x80-\x8F][\x80-\xBF]{2}      # plane 16
				)*$%xs', $pathInfo)) {
			$pathInfo = utf8_encode($pathInfo);
		}
Qiang Xue committed
436

Qiang Xue committed
437 438 439 440 441 442 443 444 445
		$scriptUrl = $this->getScriptUrl();
		$baseUrl = $this->getBaseUrl();
		if (strpos($pathInfo, $scriptUrl) === 0) {
			$pathInfo = substr($pathInfo, strlen($scriptUrl));
		} elseif ($baseUrl === '' || strpos($pathInfo, $baseUrl) === 0) {
			$pathInfo = substr($pathInfo, strlen($baseUrl));
		} elseif (strpos($_SERVER['PHP_SELF'], $scriptUrl) === 0) {
			$pathInfo = substr($_SERVER['PHP_SELF'], strlen($scriptUrl));
		} else {
Qiang Xue committed
446
			throw new InvalidConfigException('Unable to determine the path info of the current request.');
Qiang Xue committed
447
		}
Qiang Xue committed
448 449

		return trim($pathInfo, '/');
Qiang Xue committed
450 451
	}

Qiang Xue committed
452
	/**
Qiang Xue committed
453 454 455
	 * Returns the currently requested absolute URL.
	 * This is a shortcut to the concatenation of [[hostInfo]] and [[url]].
	 * @return string the currently requested absolute URL.
Qiang Xue committed
456
	 */
Qiang Xue committed
457
	public function getAbsoluteUrl()
Qiang Xue committed
458
	{
Qiang Xue committed
459
		return $this->getHostInfo() . $this->getUrl();
Qiang Xue committed
460 461
	}

Qiang Xue committed
462
	private $_url;
Qiang Xue committed
463

Qiang Xue committed
464
	/**
Qiang Xue committed
465 466 467 468 469
	 * Returns the currently requested relative URL.
	 * This refers to the portion of the URL that is after the [[hostInfo]] part.
	 * It includes the [[queryString]] part if any.
	 * @return string the currently requested relative URL. Note that the URI returned is URL-encoded.
	 * @throws InvalidConfigException if the URL cannot be determined due to unusual server configuration
Qiang Xue committed
470
	 */
Qiang Xue committed
471
	public function getUrl()
Qiang Xue committed
472
	{
Qiang Xue committed
473 474
		if ($this->_url === null) {
			$this->_url = $this->resolveRequestUri();
Qiang Xue committed
475
		}
Qiang Xue committed
476
		return $this->_url;
Qiang Xue committed
477 478
	}

Qiang Xue committed
479
	/**
Qiang Xue committed
480
	 * Sets the currently requested relative URL.
Qiang Xue committed
481 482 483 484
	 * The URI must refer to the portion that is after [[hostInfo]].
	 * Note that the URI should be URL-encoded.
	 * @param string $value the request URI to be set
	 */
Qiang Xue committed
485
	public function setUrl($value)
Qiang Xue committed
486
	{
Qiang Xue committed
487
		$this->_url = $value;
Qiang Xue committed
488 489
	}

Qiang Xue committed
490 491 492 493 494 495
	/**
	 * Resolves the request URI portion for the currently requested URL.
	 * This refers to the portion that is after the [[hostInfo]] part. It includes the [[queryString]] part if any.
	 * The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework.
	 * @return string|boolean the request URI portion for the currently requested URL.
	 * Note that the URI returned is URL-encoded.
Qiang Xue committed
496
	 * @throws InvalidConfigException if the request URI cannot be determined due to unusual server configuration
Qiang Xue committed
497 498 499 500 501 502 503
	 */
	protected function resolveRequestUri()
	{
		if (isset($_SERVER['HTTP_X_REWRITE_URL'])) { // IIS
			$requestUri = $_SERVER['HTTP_X_REWRITE_URL'];
		} elseif (isset($_SERVER['REQUEST_URI'])) {
			$requestUri = $_SERVER['REQUEST_URI'];
Qiang Xue committed
504
			if ($requestUri !== '' && $requestUri[0] !== '/') {
Qiang Xue committed
505 506 507 508 509 510 511 512
				$requestUri = preg_replace('/^(http|https):\/\/[^\/]+/i', '', $requestUri);
			}
		} elseif (isset($_SERVER['ORIG_PATH_INFO'])) { // IIS 5.0 CGI
			$requestUri = $_SERVER['ORIG_PATH_INFO'];
			if (!empty($_SERVER['QUERY_STRING'])) {
				$requestUri .= '?' . $_SERVER['QUERY_STRING'];
			}
		} else {
Qiang Xue committed
513
			throw new InvalidConfigException('Unable to determine the request URI.');
Qiang Xue committed
514 515 516 517
		}
		return $requestUri;
	}

Qiang Xue committed
518 519 520 521 522 523
	/**
	 * Returns part of the request URL that is after the question mark.
	 * @return string part of the request URL that is after the question mark
	 */
	public function getQueryString()
	{
Qiang Xue committed
524
		return isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
Qiang Xue committed
525 526 527 528 529 530 531 532
	}

	/**
	 * Return if the request is sent via secure channel (https).
	 * @return boolean if the request is sent via secure channel (https)
	 */
	public function getIsSecureConnection()
	{
533 534
		return isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] === 'on' || $_SERVER['HTTPS'] == 1)
			|| isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https';
Qiang Xue committed
535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551
	}

	/**
	 * Returns the server name.
	 * @return string server name
	 */
	public function getServerName()
	{
		return $_SERVER['SERVER_NAME'];
	}

	/**
	 * Returns the server port number.
	 * @return integer server port number
	 */
	public function getServerPort()
	{
Qiang Xue committed
552
		return (int)$_SERVER['SERVER_PORT'];
Qiang Xue committed
553 554 555 556 557 558
	}

	/**
	 * Returns the URL referrer, null if not present
	 * @return string URL referrer, null if not present
	 */
Qiang Xue committed
559
	public function getReferrer()
Qiang Xue committed
560
	{
Qiang Xue committed
561
		return isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null;
Qiang Xue committed
562 563 564 565 566 567 568 569
	}

	/**
	 * Returns the user agent, null if not present.
	 * @return string user agent, null if not present
	 */
	public function getUserAgent()
	{
Qiang Xue committed
570
		return isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : null;
Qiang Xue committed
571 572 573 574 575 576
	}

	/**
	 * Returns the user IP address.
	 * @return string user IP address
	 */
577
	public function getUserIP()
Qiang Xue committed
578
	{
Qiang Xue committed
579
		return isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1';
Qiang Xue committed
580 581 582 583 584 585 586 587
	}

	/**
	 * Returns the user host name, null if it cannot be determined.
	 * @return string user host name, null if cannot be determined
	 */
	public function getUserHost()
	{
Qiang Xue committed
588
		return isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : null;
Qiang Xue committed
589 590 591 592 593 594 595 596
	}

	/**
	 * Returns user browser accept types, null if not present.
	 * @return string user browser accept types, null if not present
	 */
	public function getAcceptTypes()
	{
Qiang Xue committed
597
		return isset($_SERVER['HTTP_ACCEPT']) ? $_SERVER['HTTP_ACCEPT'] : null;
Qiang Xue committed
598 599 600 601
	}

	private $_port;

Qiang Xue committed
602
	/**
Qiang Xue committed
603 604 605 606 607 608 609 610
	 * Returns the port to use for insecure requests.
	 * Defaults to 80, or the port specified by the server if the current
	 * request is insecure.
	 * @return integer port number for insecure requests.
	 * @see setPort
	 */
	public function getPort()
	{
Qiang Xue committed
611 612 613
		if ($this->_port === null) {
			$this->_port = !$this->getIsSecureConnection() && isset($_SERVER['SERVER_PORT']) ? (int)$_SERVER['SERVER_PORT'] : 80;
		}
Qiang Xue committed
614 615 616 617 618 619 620 621 622 623 624
		return $this->_port;
	}

	/**
	 * Sets the port to use for insecure requests.
	 * This setter is provided in case a custom port is necessary for certain
	 * server configurations.
	 * @param integer $value port number.
	 */
	public function setPort($value)
	{
Qiang Xue committed
625 626 627 628
		if ($value != $this->_port) {
			$this->_port = (int)$value;
			$this->_hostInfo = null;
		}
Qiang Xue committed
629 630 631 632 633 634 635 636 637 638 639 640 641
	}

	private $_securePort;

	/**
	 * Returns the port to use for secure requests.
	 * Defaults to 443, or the port specified by the server if the current
	 * request is secure.
	 * @return integer port number for secure requests.
	 * @see setSecurePort
	 */
	public function getSecurePort()
	{
Qiang Xue committed
642 643 644
		if ($this->_securePort === null) {
			$this->_securePort = $this->getIsSecureConnection() && isset($_SERVER['SERVER_PORT']) ? (int)$_SERVER['SERVER_PORT'] : 443;
		}
Qiang Xue committed
645 646 647 648 649 650 651 652 653 654 655
		return $this->_securePort;
	}

	/**
	 * Sets the port to use for secure requests.
	 * This setter is provided in case a custom port is necessary for certain
	 * server configurations.
	 * @param integer $value port number.
	 */
	public function setSecurePort($value)
	{
Qiang Xue committed
656 657 658
		if ($value != $this->_securePort) {
			$this->_securePort = (int)$value;
			$this->_hostInfo = null;
Qiang Xue committed
659
		}
Qiang Xue committed
660 661
	}

Qiang Xue committed
662
	private $_preferredLanguages;
Qiang Xue committed
663 664

	/**
Qiang Xue committed
665 666 667 668
	 * Returns the user preferred languages.
	 * The languages returned are ordered by user's preference, starting with the language that the user
	 * prefers the most.
	 * @return string the user preferred languages. An empty array may be returned if the user has no preference.
Qiang Xue committed
669
	 */
Qiang Xue committed
670
	public function getPreferredLanguages()
Qiang Xue committed
671
	{
Qiang Xue committed
672
		if ($this->_preferredLanguages === null) {
Qiang Xue committed
673 674 675 676 677
			if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) && ($n = preg_match_all('/([\w\-_]+)\s*(;\s*q\s*=\s*(\d*\.\d*))?/', $_SERVER['HTTP_ACCEPT_LANGUAGE'], $matches)) > 0) {
				$languages = array();
				for ($i = 0; $i < $n; ++$i) {
					$languages[$matches[1][$i]] = empty($matches[3][$i]) ? 1.0 : floatval($matches[3][$i]);
				}
Qiang Xue committed
678
				arsort($languages);
Qiang Xue committed
679 680 681
				$this->_preferredLanguages = array_keys($languages);
			} else {
				$this->_preferredLanguages = array();
Qiang Xue committed
682 683
			}
		}
Qiang Xue committed
684
		return $this->_preferredLanguages;
Qiang Xue committed
685 686 687
	}

	/**
Qiang Xue committed
688 689 690
	 * Returns the language most preferred by the user.
	 * @return string|boolean the language most preferred by the user. If the user has no preference, false
	 * will be returned.
Qiang Xue committed
691
	 */
Qiang Xue committed
692
	public function getPreferredLanguage()
Qiang Xue committed
693
	{
Qiang Xue committed
694 695
		$languages = $this->getPreferredLanguages();
		return isset($languages[0]) ? $languages[0] : false;
Qiang Xue committed
696 697 698
	}

	/**
Qiang Xue committed
699
	 * Returns the cookie collection.
700 701 702 703 704 705 706 707 708 709 710 711 712
	 * Through the returned cookie collection, you may access a cookie using the following syntax:
	 *
	 * ~~~
	 * $cookie = $request->cookies['name']
	 * if ($cookie !== null) {
	 *     $value = $cookie->value;
	 * }
	 *
	 * // alternatively
	 * $value = $request->cookies->getValue('name');
	 * ~~~
	 *
	 * @return CookieCollection the cookie collection.
Qiang Xue committed
713
	 */
Qiang Xue committed
714
	public function getCookies()
Qiang Xue committed
715
	{
716
		if ($this->_cookies === null) {
Qiang Xue committed
717 718
			$this->_cookies = new CookieCollection($this->loadCookies(), array(
				'readOnly' => true,
Qiang Xue committed
719
			));
720 721 722
		}
		return $this->_cookies;
	}
Qiang Xue committed
723

Qiang Xue committed
724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774
	/**
	 * Converts `$_COOKIE` into an array of [[Cookie]].
	 * @return array the cookies obtained from request
	 */
	protected function loadCookies()
	{
		$cookies = array();
		if ($this->enableCookieValidation) {
			$key = $this->getCookieValidationKey();
			foreach ($_COOKIE as $name => $value) {
				if (is_string($value) && ($value = SecurityHelper::validateData($value, $key)) !== false) {
					$cookies[$name] = new Cookie(array(
						'name' => $name,
						'value' => @unserialize($value),
					));
				}
			}
		} else {
			foreach ($_COOKIE as $name => $value) {
				$cookies[$name] = new Cookie(array(
					'name' => $name,
					'value' => $value,
				));
			}
		}
		return $cookies;
	}

	private $_cookieValidationKey;

	/**
	 * @return string the secret key used for cookie validation. If it was set previously,
	 * a random key will be generated and used.
	 */
	public function getCookieValidationKey()
	{
		if ($this->_cookieValidationKey === null) {
			$this->_cookieValidationKey = SecurityHelper::getSecretKey(__CLASS__ . '/' . Yii::$app->id);
		}
		return $this->_cookieValidationKey;
	}

	/**
	 * Sets the secret key used for cookie validation.
	 * @param string $value the secret key used for cookie validation.
	 */
	public function setCookieValidationKey($value)
	{
		$this->_cookieValidationKey = $value;
	}

Qiang Xue committed
775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821
	private $_csrfToken;

	/**
	 * Returns the random token used to perform CSRF validation.
	 * The token will be read from cookie first. If not found, a new token will be generated.
	 * @return string the random token for CSRF validation.
	 * @see enableCsrfValidation
	 */
	public function getCsrfToken()
	{
		if ($this->_csrfToken === null) {
			$cookies = $this->getCookies();
			if (($this->_csrfToken = $cookies->getValue($this->csrfTokenName)) === null) {
				$cookie = $this->createCsrfCookie();
				$this->_csrfToken = $cookie->value;
				$cookies->add($cookie);
			}
		}

		return $this->_csrfToken;
	}

	/**
	 * Creates a cookie with a randomly generated CSRF token.
	 * Initial values specified in [[csrfCookie]] will be applied to the generated cookie.
	 * @return Cookie the generated cookie
	 * @see enableCsrfValidation
	 */
	protected function createCsrfCookie()
	{
		$options = $this->csrfCookie;
		$options['name'] = $this->csrfTokenName;
		$options['value'] = sha1(uniqid(mt_rand(), true));
		return new Cookie($options);
	}

	/**
	 * Performs the CSRF validation.
	 * The method will compare the CSRF token obtained from a cookie and from a POST field.
	 * If they are different, a CSRF attack is detected and a 400 HTTP exception will be raised.
	 * @throws HttpException if the validation fails
	 */
	public function validateCsrfToken()
	{
		if (!$this->enableCsrfValidation) {
			return;
		}
822
		$method = $this->getMethod();
Qiang Xue committed
823 824 825 826 827 828 829 830 831 832 833 834 835 836
		if ($method === 'POST' || $method === 'PUT' || $method === 'DELETE') {
			$cookies = $this->getCookies();
			switch ($method) {
				case 'POST':
					$token = $this->getPost($this->csrfTokenName);
					break;
				case 'PUT':
					$token = $this->getPut($this->csrfTokenName);
					break;
				case 'DELETE':
					$token = $this->getDelete($this->csrfTokenName);
			}

			if (empty($token) || $cookies->getValue($this->csrfTokenName) !== $token) {
837
				throw new HttpException(400, Yii::t('yii', 'Unable to verify your data submission.'));
Qiang Xue committed
838 839 840
			}
		}
	}
Qiang Xue committed
841
}