Request.php 24.3 KB
Newer Older
Qiang Xue committed
1 2 3
<?php
/**
 * @link http://www.yiiframework.com/
Qiang Xue committed
4
 * @copyright Copyright (c) 2008 Yii Software LLC
Qiang Xue committed
5 6 7
 * @license http://www.yiiframework.com/license/
 */

Qiang Xue committed
8
namespace yii\web;
Qiang Xue committed
9

Qiang Xue committed
10
use Yii;
Qiang Xue committed
11
use yii\base\HttpException;
Qiang Xue committed
12
use yii\base\InvalidConfigException;
Qiang Xue committed
13

Qiang Xue committed
14 15
/**
 * @author Qiang Xue <qiang.xue@gmail.com>
Qiang Xue committed
16
 * @since 2.0
Qiang Xue committed
17
 */
Qiang Xue committed
18
class Request extends \yii\base\Request
Qiang Xue committed
19
{
Qiang Xue committed
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
	/**
	 * @var boolean whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to false.
	 * By setting this property to true, forms submitted to an Yii Web application must be originated
	 * from the same application. If not, a 400 HTTP exception will be raised.
	 *
	 * Note, this feature requires that the user client accepts cookie. Also, to use this feature,
	 * forms submitted via POST method must contain a hidden input whose name is specified by [[csrfTokenName]].
	 * You may use [[\yii\web\Html::beginForm()]] to generate his hidden input.
	 * @see http://en.wikipedia.org/wiki/Cross-site_request_forgery
	 */
	public $enableCsrfValidation = false;
	/**
	 * @var string the name of the token used to prevent CSRF. Defaults to 'YII_CSRF_TOKEN'.
	 * This property is effectively only when {@link enableCsrfValidation} is true.
	 */
	public $csrfTokenName = '_csrf';
	/**
	 * @var array the configuration of the CSRF cookie. This property is used only when [[enableCsrfValidation]] is true.
	 * @see Cookie
	 */
	public $csrfCookie = array('httponly' => true);
Qiang Xue committed
41
	/**
Qiang Xue committed
42
	 * @var boolean whether cookies should be validated to ensure they are not tampered. Defaults to true.
Qiang Xue committed
43
	 */
Qiang Xue committed
44 45 46 47 48
	public $enableCookieValidation = true;
	/**
	 * @var string the secret key used for cookie validation. If not set, a random key will be generated and used.
	 */
	public $cookieValidationKey;
Qiang Xue committed
49 50
	/**
	 * @var string|boolean the name of the POST parameter that is used to indicate if a request is a PUT or DELETE
51
	 * request tunneled through POST. Default to '_method'.
Qiang Xue committed
52 53 54 55
	 * @see getRequestMethod
	 * @see getRestParams
	 */
	public $restVar = '_method';
Qiang Xue committed
56 57 58

	private $_cookies;

Qiang Xue committed
59

Qiang Xue committed
60 61 62 63 64 65 66
	/**
	 * Resolves the current request into a route and the associated parameters.
	 * @return array the first element is the route, and the second is the associated parameters.
	 * @throws HttpException if the request cannot be resolved.
	 */
	public function resolve()
	{
Qiang Xue committed
67 68
		$this->validateCsrfToken();

Qiang Xue committed
69 70 71
		$result = Yii::$app->getUrlManager()->parseRequest($this);
		if ($result !== false) {
			list ($route, $params) = $result;
72 73
			$_GET = array_merge($_GET, $params);
			return array($route, $_GET);
Qiang Xue committed
74
		} else {
75
			throw new HttpException(404, Yii::t('yii', 'Page not found.'));
Qiang Xue committed
76 77 78
		}
	}

Qiang Xue committed
79 80 81 82 83 84 85
	/**
	 * Returns the method of the current request (e.g. GET, POST, HEAD, PUT, DELETE).
	 * @return string request method, such as GET, POST, HEAD, PUT, DELETE.
	 * The value returned is turned into upper case.
	 */
	public function getRequestMethod()
	{
86
		if (isset($_POST[$this->restVar])) {
Qiang Xue committed
87
			return strtoupper($_POST[$this->restVar]);
Qiang Xue committed
88 89 90 91 92 93 94 95 96 97 98
		} else {
			return isset($_SERVER['REQUEST_METHOD']) ? strtoupper($_SERVER['REQUEST_METHOD']) : 'GET';
		}
	}

	/**
	 * Returns whether this is a POST request.
	 * @return boolean whether this is a POST request.
	 */
	public function getIsPostRequest()
	{
Qiang Xue committed
99
		return $this->getRequestMethod() === 'POST';
Qiang Xue committed
100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129
	}

	/**
	 * Returns whether this is a DELETE request.
	 * @return boolean whether this is a DELETE request.
	 */
	public function getIsDeleteRequest()
	{
		return $this->getRequestMethod() === 'DELETE';
	}

	/**
	 * Returns whether this is a PUT request.
	 * @return boolean whether this is a PUT request.
	 */
	public function getIsPutRequest()
	{
		return $this->getRequestMethod() === 'PUT';
	}

	/**
	 * Returns whether this is an AJAX (XMLHttpRequest) request.
	 * @return boolean whether this is an AJAX (XMLHttpRequest) request.
	 */
	public function getIsAjaxRequest()
	{
		return isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest';
	}

	/**
Qiang Xue committed
130
	 * Returns whether this is an Adobe Flash or Flex request.
Qiang Xue committed
131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148
	 * @return boolean whether this is an Adobe Flash or Adobe Flex request.
	 */
	public function getIsFlashRequest()
	{
		return isset($_SERVER['HTTP_USER_AGENT']) &&
			(stripos($_SERVER['HTTP_USER_AGENT'], 'Shockwave') !== false || stripos($_SERVER['HTTP_USER_AGENT'], 'Flash') !== false);
	}

	private $_restParams;

	/**
	 * Returns the request parameters for the RESTful request.
	 * @return array the RESTful request parameters
	 * @see getRequestMethod
	 */
	public function getRestParams()
	{
		if ($this->_restParams === null) {
149
			if (isset($_POST[$this->restVar])) {
Qiang Xue committed
150 151 152 153
				$this->_restParams = $_POST;
			} else {
				$this->_restParams = array();
				if (function_exists('mb_parse_str')) {
Qiang Xue committed
154
					mb_parse_str($this->getRawBody(), $this->_restParams);
Qiang Xue committed
155
				} else {
Qiang Xue committed
156
					parse_str($this->getRawBody(), $this->_restParams);
Qiang Xue committed
157 158 159 160 161 162
				}
			}
		}
		return $this->_restParams;
	}

Qiang Xue committed
163 164 165 166 167 168 169 170 171 172 173 174 175 176
	private $_rawBody;

	/**
	 * Returns the raw HTTP request body.
	 * @return string the request body
	 */
	public function getRawBody()
	{
		if ($this->_rawBody === null) {
			$this->_rawBody = file_get_contents('php://input');
		}
		return $this->_rawBody;
	}

Qiang Xue committed
177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197
	/**
	 * Sets the RESTful parameters.
	 * @param array $values the RESTful parameters (name-value pairs)
	 */
	public function setRestParams($values)
	{
		$this->_restParams = $values;
	}

	/**
	 * Returns the named RESTful parameter value.
	 * @param string $name the parameter name
	 * @param mixed $defaultValue the default parameter value if the parameter does not exist.
	 * @return mixed the parameter value
	 */
	public function getRestParam($name, $defaultValue = null)
	{
		$params = $this->getRestParams();
		return isset($params[$name]) ? $params[$name] : $defaultValue;
	}

Qiang Xue committed
198 199 200 201 202 203 204 205
	/**
	 * Returns the named GET parameter value.
	 * If the GET parameter does not exist, the second parameter to this method will be returned.
	 * @param string $name the GET parameter name
	 * @param mixed $defaultValue the default parameter value if the GET parameter does not exist.
	 * @return mixed the GET parameter value
	 * @see getPost
	 */
Qiang Xue committed
206
	public function getParam($name, $defaultValue = null)
Qiang Xue committed
207 208 209 210 211 212 213 214 215 216 217 218
	{
		return isset($_GET[$name]) ? $_GET[$name] : $defaultValue;
	}

	/**
	 * Returns the named POST parameter value.
	 * If the POST parameter does not exist, the second parameter to this method will be returned.
	 * @param string $name the POST parameter name
	 * @param mixed $defaultValue the default parameter value if the POST parameter does not exist.
	 * @return mixed the POST parameter value
	 * @see getParam
	 */
Qiang Xue committed
219
	public function getPost($name, $defaultValue = null)
Qiang Xue committed
220 221 222 223 224 225 226 227 228 229
	{
		return isset($_POST[$name]) ? $_POST[$name] : $defaultValue;
	}

	/**
	 * Returns the named DELETE parameter value.
	 * @param string $name the DELETE parameter name
	 * @param mixed $defaultValue the default parameter value if the DELETE parameter does not exist.
	 * @return mixed the DELETE parameter value
	 */
Qiang Xue committed
230
	public function getDelete($name, $defaultValue = null)
Qiang Xue committed
231
	{
Qiang Xue committed
232
		return $this->getIsDeleteRequest() ? $this->getRestParam($name, $defaultValue) : null;
Qiang Xue committed
233 234 235 236 237 238 239 240
	}

	/**
	 * Returns the named PUT parameter value.
	 * @param string $name the PUT parameter name
	 * @param mixed $defaultValue the default parameter value if the PUT parameter does not exist.
	 * @return mixed the PUT parameter value
	 */
Qiang Xue committed
241
	public function getPut($name, $defaultValue = null)
Qiang Xue committed
242
	{
Qiang Xue committed
243
		return $this->getIsPutRequest() ? $this->getRestParam($name, $defaultValue) : null;
Qiang Xue committed
244 245
	}

Qiang Xue committed
246 247
	private $_hostInfo;

Qiang Xue committed
248
	/**
Qiang Xue committed
249
	 * Returns the schema and host part of the current request URL.
Qiang Xue committed
250 251
	 * The returned URL does not have an ending slash.
	 * By default this is determined based on the user request information.
Qiang Xue committed
252 253
	 * You may explicitly specify it by setting the [[setHostInfo()|hostInfo]] property.
	 * @return string schema and hostname part (with port number if needed) of the request URL (e.g. `http://www.yiiframework.com`)
Qiang Xue committed
254 255
	 * @see setHostInfo
	 */
Qiang Xue committed
256
	public function getHostInfo()
Qiang Xue committed
257
	{
Qiang Xue committed
258
		if ($this->_hostInfo === null) {
Qiang Xue committed
259 260
			$secure = $this->getIsSecureConnection();
			$http = $secure ? 'https' : 'http';
Qiang Xue committed
261 262 263 264 265 266 267 268
			if (isset($_SERVER['HTTP_HOST'])) {
				$this->_hostInfo = $http . '://' . $_SERVER['HTTP_HOST'];
			} else {
				$this->_hostInfo = $http . '://' . $_SERVER['SERVER_NAME'];
				$port = $secure ? $this->getSecurePort() : $this->getPort();
				if (($port !== 80 && !$secure) || ($port !== 443 && $secure)) {
					$this->_hostInfo .= ':' . $port;
				}
Qiang Xue committed
269 270 271
			}
		}

Qiang Xue committed
272
		return $this->_hostInfo;
Qiang Xue committed
273 274 275 276 277 278
	}

	/**
	 * Sets the schema and host part of the application URL.
	 * This setter is provided in case the schema and hostname cannot be determined
	 * on certain Web servers.
Qiang Xue committed
279
	 * @param string $value the schema and host part of the application URL. The trailing slashes will be removed.
Qiang Xue committed
280 281 282
	 */
	public function setHostInfo($value)
	{
Qiang Xue committed
283
		$this->_hostInfo = rtrim($value, '/');
Qiang Xue committed
284 285
	}

Qiang Xue committed
286 287
	private $_baseUrl;

Qiang Xue committed
288 289
	/**
	 * Returns the relative URL for the application.
Qiang Xue committed
290 291
	 * This is similar to [[scriptUrl]] except that it does not include the script file name,
	 * and the ending slashes are removed.
Qiang Xue committed
292 293 294
	 * @return string the relative URL for the application
	 * @see setScriptUrl
	 */
Qiang Xue committed
295
	public function getBaseUrl()
Qiang Xue committed
296
	{
Qiang Xue committed
297 298 299
		if ($this->_baseUrl === null) {
			$this->_baseUrl = rtrim(dirname($this->getScriptUrl()), '\\/');
		}
Qiang Xue committed
300
		return $this->_baseUrl;
Qiang Xue committed
301 302 303 304 305 306 307 308 309 310
	}

	/**
	 * Sets the relative URL for the application.
	 * By default the URL is determined based on the entry script URL.
	 * This setter is provided in case you want to change this behavior.
	 * @param string $value the relative URL for the application
	 */
	public function setBaseUrl($value)
	{
Qiang Xue committed
311
		$this->_baseUrl = $value;
Qiang Xue committed
312 313
	}

Qiang Xue committed
314 315
	private $_scriptUrl;

Qiang Xue committed
316 317 318 319
	/**
	 * Returns the relative URL of the entry script.
	 * The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework.
	 * @return string the relative URL of the entry script.
Qiang Xue committed
320
	 * @throws InvalidConfigException if unable to determine the entry script URL
Qiang Xue committed
321 322 323
	 */
	public function getScriptUrl()
	{
Qiang Xue committed
324
		if ($this->_scriptUrl === null) {
Qiang Xue committed
325 326
			$scriptFile = $this->getScriptFile();
			$scriptName = basename($scriptFile);
Qiang Xue committed
327 328
			if (basename($_SERVER['SCRIPT_NAME']) === $scriptName) {
				$this->_scriptUrl = $_SERVER['SCRIPT_NAME'];
Qiang Xue committed
329 330 331 332 333 334
			} elseif (basename($_SERVER['PHP_SELF']) === $scriptName) {
				$this->_scriptUrl = $_SERVER['PHP_SELF'];
			} elseif (isset($_SERVER['ORIG_SCRIPT_NAME']) && basename($_SERVER['ORIG_SCRIPT_NAME']) === $scriptName) {
				$this->_scriptUrl = $_SERVER['ORIG_SCRIPT_NAME'];
			} elseif (($pos = strpos($_SERVER['PHP_SELF'], '/' . $scriptName)) !== false) {
				$this->_scriptUrl = substr($_SERVER['SCRIPT_NAME'], 0, $pos) . '/' . $scriptName;
Qiang Xue committed
335 336
			} elseif (isset($_SERVER['DOCUMENT_ROOT']) && strpos($scriptFile, $_SERVER['DOCUMENT_ROOT']) === 0) {
				$this->_scriptUrl = str_replace('\\', '/', str_replace($_SERVER['DOCUMENT_ROOT'], '', $scriptFile));
Qiang Xue committed
337
			} else {
Qiang Xue committed
338
				throw new InvalidConfigException('Unable to determine the entry script URL.');
Qiang Xue committed
339
			}
Qiang Xue committed
340 341 342 343 344 345 346 347 348 349 350 351
		}
		return $this->_scriptUrl;
	}

	/**
	 * Sets the relative URL for the application entry script.
	 * This setter is provided in case the entry script URL cannot be determined
	 * on certain Web servers.
	 * @param string $value the relative URL for the application entry script.
	 */
	public function setScriptUrl($value)
	{
Qiang Xue committed
352
		$this->_scriptUrl = '/' . trim($value, '/');
Qiang Xue committed
353 354
	}

Qiang Xue committed
355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378
	private $_scriptFile;

	/**
	 * Returns the entry script file path.
	 * The default implementation will simply return `$_SERVER['SCRIPT_FILENAME']`.
	 * @return string the entry script file path
	 */
	public function getScriptFile()
	{
		return isset($this->_scriptFile) ? $this->_scriptFile : $_SERVER['SCRIPT_FILENAME'];
	}

	/**
	 * Sets the entry script file path.
	 * The entry script file path normally can be obtained from `$_SERVER['SCRIPT_FILENAME']`.
	 * If your server configuration does not return the correct value, you may configure
	 * this property to make it right.
	 * @param string $value the entry script file path.
	 */
	public function setScriptFile($value)
	{
		$this->_scriptFile = $value;
	}

Qiang Xue committed
379 380
	private $_pathInfo;

Qiang Xue committed
381 382
	/**
	 * Returns the path info of the currently requested URL.
Qiang Xue committed
383 384
	 * A path info refers to the part that is after the entry script and before the question mark (query string).
	 * The starting and ending slashes are both removed.
Qiang Xue committed
385
	 * @return string part of the request URL that is after the entry script and before the question mark.
Qiang Xue committed
386
	 * Note, the returned path info is already URL-decoded.
Qiang Xue committed
387
	 * @throws InvalidConfigException if the path info cannot be determined due to unexpected server configuration
Qiang Xue committed
388 389 390
	 */
	public function getPathInfo()
	{
Qiang Xue committed
391
		if ($this->_pathInfo === null) {
Qiang Xue committed
392 393 394 395
			$this->_pathInfo = $this->resolvePathInfo();
		}
		return $this->_pathInfo;
	}
Qiang Xue committed
396

Qiang Xue committed
397 398 399 400 401
	/**
	 * Sets the path info of the current request.
	 * This method is mainly provided for testing purpose.
	 * @param string $value the path info of the current request
	 */
Qiang Xue committed
402 403 404 405 406
	public function setPathInfo($value)
	{
		$this->_pathInfo = trim($value, '/');
	}

Qiang Xue committed
407 408 409 410 411 412
	/**
	 * Resolves the path info part of the currently requested URL.
	 * A path info refers to the part that is after the entry script and before the question mark (query string).
	 * The starting and ending slashes are both removed.
	 * @return string part of the request URL that is after the entry script and before the question mark.
	 * Note, the returned path info is decoded.
Qiang Xue committed
413
	 * @throws InvalidConfigException if the path info cannot be determined due to unexpected server configuration
Qiang Xue committed
414 415 416
	 */
	protected function resolvePathInfo()
	{
Qiang Xue committed
417
		$pathInfo = $this->getUrl();
Qiang Xue committed
418

Qiang Xue committed
419 420 421
		if (($pos = strpos($pathInfo, '?')) !== false) {
			$pathInfo = substr($pathInfo, 0, $pos);
		}
Qiang Xue committed
422

Qiang Xue committed
423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438
		$pathInfo = urldecode($pathInfo);

		// try to encode in UTF8 if not so
		// http://w3.org/International/questions/qa-forms-utf-8.html
		if (!preg_match('%^(?:
				[\x09\x0A\x0D\x20-\x7E]              # ASCII
				| [\xC2-\xDF][\x80-\xBF]             # non-overlong 2-byte
				| \xE0[\xA0-\xBF][\x80-\xBF]         # excluding overlongs
				| [\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}  # straight 3-byte
				| \xED[\x80-\x9F][\x80-\xBF]         # excluding surrogates
				| \xF0[\x90-\xBF][\x80-\xBF]{2}      # planes 1-3
				| [\xF1-\xF3][\x80-\xBF]{3}          # planes 4-15
				| \xF4[\x80-\x8F][\x80-\xBF]{2}      # plane 16
				)*$%xs', $pathInfo)) {
			$pathInfo = utf8_encode($pathInfo);
		}
Qiang Xue committed
439

Qiang Xue committed
440 441 442 443 444 445 446 447 448
		$scriptUrl = $this->getScriptUrl();
		$baseUrl = $this->getBaseUrl();
		if (strpos($pathInfo, $scriptUrl) === 0) {
			$pathInfo = substr($pathInfo, strlen($scriptUrl));
		} elseif ($baseUrl === '' || strpos($pathInfo, $baseUrl) === 0) {
			$pathInfo = substr($pathInfo, strlen($baseUrl));
		} elseif (strpos($_SERVER['PHP_SELF'], $scriptUrl) === 0) {
			$pathInfo = substr($_SERVER['PHP_SELF'], strlen($scriptUrl));
		} else {
Qiang Xue committed
449
			throw new InvalidConfigException('Unable to determine the path info of the current request.');
Qiang Xue committed
450
		}
Qiang Xue committed
451 452

		return trim($pathInfo, '/');
Qiang Xue committed
453 454
	}

Qiang Xue committed
455
	/**
Qiang Xue committed
456 457 458
	 * Returns the currently requested absolute URL.
	 * This is a shortcut to the concatenation of [[hostInfo]] and [[url]].
	 * @return string the currently requested absolute URL.
Qiang Xue committed
459
	 */
Qiang Xue committed
460
	public function getAbsoluteUrl()
Qiang Xue committed
461
	{
Qiang Xue committed
462
		return $this->getHostInfo() . $this->getUrl();
Qiang Xue committed
463 464
	}

Qiang Xue committed
465
	private $_url;
Qiang Xue committed
466

Qiang Xue committed
467
	/**
Qiang Xue committed
468 469 470 471 472
	 * Returns the currently requested relative URL.
	 * This refers to the portion of the URL that is after the [[hostInfo]] part.
	 * It includes the [[queryString]] part if any.
	 * @return string the currently requested relative URL. Note that the URI returned is URL-encoded.
	 * @throws InvalidConfigException if the URL cannot be determined due to unusual server configuration
Qiang Xue committed
473
	 */
Qiang Xue committed
474
	public function getUrl()
Qiang Xue committed
475
	{
Qiang Xue committed
476 477
		if ($this->_url === null) {
			$this->_url = $this->resolveRequestUri();
Qiang Xue committed
478
		}
Qiang Xue committed
479
		return $this->_url;
Qiang Xue committed
480 481
	}

Qiang Xue committed
482
	/**
Qiang Xue committed
483
	 * Sets the currently requested relative URL.
Qiang Xue committed
484 485 486 487
	 * The URI must refer to the portion that is after [[hostInfo]].
	 * Note that the URI should be URL-encoded.
	 * @param string $value the request URI to be set
	 */
Qiang Xue committed
488
	public function setUrl($value)
Qiang Xue committed
489
	{
Qiang Xue committed
490
		$this->_url = $value;
Qiang Xue committed
491 492
	}

Qiang Xue committed
493 494 495 496 497 498
	/**
	 * Resolves the request URI portion for the currently requested URL.
	 * This refers to the portion that is after the [[hostInfo]] part. It includes the [[queryString]] part if any.
	 * The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework.
	 * @return string|boolean the request URI portion for the currently requested URL.
	 * Note that the URI returned is URL-encoded.
Qiang Xue committed
499
	 * @throws InvalidConfigException if the request URI cannot be determined due to unusual server configuration
Qiang Xue committed
500 501 502 503 504 505 506
	 */
	protected function resolveRequestUri()
	{
		if (isset($_SERVER['HTTP_X_REWRITE_URL'])) { // IIS
			$requestUri = $_SERVER['HTTP_X_REWRITE_URL'];
		} elseif (isset($_SERVER['REQUEST_URI'])) {
			$requestUri = $_SERVER['REQUEST_URI'];
Qiang Xue committed
507
			if ($requestUri !== '' && $requestUri[0] !== '/') {
Qiang Xue committed
508 509 510 511 512 513 514 515
				$requestUri = preg_replace('/^(http|https):\/\/[^\/]+/i', '', $requestUri);
			}
		} elseif (isset($_SERVER['ORIG_PATH_INFO'])) { // IIS 5.0 CGI
			$requestUri = $_SERVER['ORIG_PATH_INFO'];
			if (!empty($_SERVER['QUERY_STRING'])) {
				$requestUri .= '?' . $_SERVER['QUERY_STRING'];
			}
		} else {
Qiang Xue committed
516
			throw new InvalidConfigException('Unable to determine the request URI.');
Qiang Xue committed
517 518 519 520
		}
		return $requestUri;
	}

Qiang Xue committed
521 522 523 524 525 526
	/**
	 * Returns part of the request URL that is after the question mark.
	 * @return string part of the request URL that is after the question mark
	 */
	public function getQueryString()
	{
Qiang Xue committed
527
		return isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
Qiang Xue committed
528 529 530 531 532 533 534 535
	}

	/**
	 * Return if the request is sent via secure channel (https).
	 * @return boolean if the request is sent via secure channel (https)
	 */
	public function getIsSecureConnection()
	{
Qiang Xue committed
536
		return !empty($_SERVER['HTTPS']) && strcasecmp($_SERVER['HTTPS'], 'off');
Qiang Xue committed
537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553
	}

	/**
	 * Returns the server name.
	 * @return string server name
	 */
	public function getServerName()
	{
		return $_SERVER['SERVER_NAME'];
	}

	/**
	 * Returns the server port number.
	 * @return integer server port number
	 */
	public function getServerPort()
	{
Qiang Xue committed
554
		return (int)$_SERVER['SERVER_PORT'];
Qiang Xue committed
555 556 557 558 559 560
	}

	/**
	 * Returns the URL referrer, null if not present
	 * @return string URL referrer, null if not present
	 */
Qiang Xue committed
561
	public function getReferrer()
Qiang Xue committed
562
	{
Qiang Xue committed
563
		return isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null;
Qiang Xue committed
564 565 566 567 568 569 570 571
	}

	/**
	 * Returns the user agent, null if not present.
	 * @return string user agent, null if not present
	 */
	public function getUserAgent()
	{
Qiang Xue committed
572
		return isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : null;
Qiang Xue committed
573 574 575 576 577 578
	}

	/**
	 * Returns the user IP address.
	 * @return string user IP address
	 */
579
	public function getUserIP()
Qiang Xue committed
580
	{
Qiang Xue committed
581
		return isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1';
Qiang Xue committed
582 583 584 585 586 587 588 589
	}

	/**
	 * Returns the user host name, null if it cannot be determined.
	 * @return string user host name, null if cannot be determined
	 */
	public function getUserHost()
	{
Qiang Xue committed
590
		return isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : null;
Qiang Xue committed
591 592 593 594 595 596 597 598
	}

	/**
	 * Returns user browser accept types, null if not present.
	 * @return string user browser accept types, null if not present
	 */
	public function getAcceptTypes()
	{
Qiang Xue committed
599
		return isset($_SERVER['HTTP_ACCEPT']) ? $_SERVER['HTTP_ACCEPT'] : null;
Qiang Xue committed
600 601 602 603
	}

	private $_port;

Qiang Xue committed
604
	/**
Qiang Xue committed
605 606 607 608 609 610 611 612
	 * Returns the port to use for insecure requests.
	 * Defaults to 80, or the port specified by the server if the current
	 * request is insecure.
	 * @return integer port number for insecure requests.
	 * @see setPort
	 */
	public function getPort()
	{
Qiang Xue committed
613 614 615
		if ($this->_port === null) {
			$this->_port = !$this->getIsSecureConnection() && isset($_SERVER['SERVER_PORT']) ? (int)$_SERVER['SERVER_PORT'] : 80;
		}
Qiang Xue committed
616 617 618 619 620 621 622 623 624 625 626
		return $this->_port;
	}

	/**
	 * Sets the port to use for insecure requests.
	 * This setter is provided in case a custom port is necessary for certain
	 * server configurations.
	 * @param integer $value port number.
	 */
	public function setPort($value)
	{
Qiang Xue committed
627 628 629 630
		if ($value != $this->_port) {
			$this->_port = (int)$value;
			$this->_hostInfo = null;
		}
Qiang Xue committed
631 632 633 634 635 636 637 638 639 640 641 642 643
	}

	private $_securePort;

	/**
	 * Returns the port to use for secure requests.
	 * Defaults to 443, or the port specified by the server if the current
	 * request is secure.
	 * @return integer port number for secure requests.
	 * @see setSecurePort
	 */
	public function getSecurePort()
	{
Qiang Xue committed
644 645 646
		if ($this->_securePort === null) {
			$this->_securePort = $this->getIsSecureConnection() && isset($_SERVER['SERVER_PORT']) ? (int)$_SERVER['SERVER_PORT'] : 443;
		}
Qiang Xue committed
647 648 649 650 651 652 653 654 655 656 657
		return $this->_securePort;
	}

	/**
	 * Sets the port to use for secure requests.
	 * This setter is provided in case a custom port is necessary for certain
	 * server configurations.
	 * @param integer $value port number.
	 */
	public function setSecurePort($value)
	{
Qiang Xue committed
658 659 660
		if ($value != $this->_securePort) {
			$this->_securePort = (int)$value;
			$this->_hostInfo = null;
Qiang Xue committed
661
		}
Qiang Xue committed
662 663
	}

Qiang Xue committed
664
	private $_preferredLanguages;
Qiang Xue committed
665 666

	/**
Qiang Xue committed
667 668 669 670
	 * Returns the user preferred languages.
	 * The languages returned are ordered by user's preference, starting with the language that the user
	 * prefers the most.
	 * @return string the user preferred languages. An empty array may be returned if the user has no preference.
Qiang Xue committed
671
	 */
Qiang Xue committed
672
	public function getPreferredLanguages()
Qiang Xue committed
673
	{
Qiang Xue committed
674
		if ($this->_preferredLanguages === null) {
Qiang Xue committed
675 676 677 678 679
			if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) && ($n = preg_match_all('/([\w\-_]+)\s*(;\s*q\s*=\s*(\d*\.\d*))?/', $_SERVER['HTTP_ACCEPT_LANGUAGE'], $matches)) > 0) {
				$languages = array();
				for ($i = 0; $i < $n; ++$i) {
					$languages[$matches[1][$i]] = empty($matches[3][$i]) ? 1.0 : floatval($matches[3][$i]);
				}
Qiang Xue committed
680
				arsort($languages);
Qiang Xue committed
681 682 683
				$this->_preferredLanguages = array_keys($languages);
			} else {
				$this->_preferredLanguages = array();
Qiang Xue committed
684 685
			}
		}
Qiang Xue committed
686
		return $this->_preferredLanguages;
Qiang Xue committed
687 688 689
	}

	/**
Qiang Xue committed
690 691 692
	 * Returns the language most preferred by the user.
	 * @return string|boolean the language most preferred by the user. If the user has no preference, false
	 * will be returned.
Qiang Xue committed
693
	 */
Qiang Xue committed
694
	public function getPreferredLanguage()
Qiang Xue committed
695
	{
Qiang Xue committed
696 697
		$languages = $this->getPreferredLanguages();
		return isset($languages[0]) ? $languages[0] : false;
Qiang Xue committed
698 699 700
	}

	/**
Qiang Xue committed
701
	 * Returns the cookie collection.
702 703 704 705 706 707 708 709 710 711 712 713 714
	 * Through the returned cookie collection, you may access a cookie using the following syntax:
	 *
	 * ~~~
	 * $cookie = $request->cookies['name']
	 * if ($cookie !== null) {
	 *     $value = $cookie->value;
	 * }
	 *
	 * // alternatively
	 * $value = $request->cookies->getValue('name');
	 * ~~~
	 *
	 * @return CookieCollection the cookie collection.
Qiang Xue committed
715
	 */
Qiang Xue committed
716
	public function getCookies()
Qiang Xue committed
717
	{
718
		if ($this->_cookies === null) {
Qiang Xue committed
719 720
			$this->_cookies = new CookieCollection(array(
				'enableValidation' => $this->enableCookieValidation,
Qiang Xue committed
721
				'validationKey' => $this->cookieValidationKey,
Qiang Xue committed
722
			));
723 724 725
		}
		return $this->_cookies;
	}
Qiang Xue committed
726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788

	private $_csrfToken;

	/**
	 * Returns the random token used to perform CSRF validation.
	 * The token will be read from cookie first. If not found, a new token will be generated.
	 * @return string the random token for CSRF validation.
	 * @see enableCsrfValidation
	 */
	public function getCsrfToken()
	{
		if ($this->_csrfToken === null) {
			$cookies = $this->getCookies();
			if (($this->_csrfToken = $cookies->getValue($this->csrfTokenName)) === null) {
				$cookie = $this->createCsrfCookie();
				$this->_csrfToken = $cookie->value;
				$cookies->add($cookie);
			}
		}

		return $this->_csrfToken;
	}

	/**
	 * Creates a cookie with a randomly generated CSRF token.
	 * Initial values specified in [[csrfCookie]] will be applied to the generated cookie.
	 * @return Cookie the generated cookie
	 * @see enableCsrfValidation
	 */
	protected function createCsrfCookie()
	{
		$options = $this->csrfCookie;
		$options['name'] = $this->csrfTokenName;
		$options['value'] = sha1(uniqid(mt_rand(), true));
		return new Cookie($options);
	}

	/**
	 * Performs the CSRF validation.
	 * The method will compare the CSRF token obtained from a cookie and from a POST field.
	 * If they are different, a CSRF attack is detected and a 400 HTTP exception will be raised.
	 * @throws HttpException if the validation fails
	 */
	public function validateCsrfToken()
	{
		if (!$this->enableCsrfValidation) {
			return;
		}
		$method = $this->getRequestMethod();
		if ($method === 'POST' || $method === 'PUT' || $method === 'DELETE') {
			$cookies = $this->getCookies();
			switch ($method) {
				case 'POST':
					$token = $this->getPost($this->csrfTokenName);
					break;
				case 'PUT':
					$token = $this->getPut($this->csrfTokenName);
					break;
				case 'DELETE':
					$token = $this->getDelete($this->csrfTokenName);
			}

			if (empty($token) || $cookies->getValue($this->csrfTokenName) !== $token) {
789
				throw new HttpException(400, Yii::t('yii', 'Unable to verify your data submission.'));
Qiang Xue committed
790 791 792
			}
		}
	}
Qiang Xue committed
793 794
}