HttpRequestService

Packagecraft.app.services
NamespaceCraft
Inheritanceclass HttpRequestService » \CHttpRequest » \CApplicationComponent » \CComponent
Implements\IApplicationComponent
Since1.0
Source Codecraft/app/services/HttpRequestService.php

HttpRequestService provides APIs for getting information about the current HTTP request.

An instance of HttpRequestService is globally accessible in Craft via craft()->request<span class="external".

Public Properties #

PropertyTypeDescriptionDefined By
acceptTypesstringReturns user browser accept types, null if not present.\CHttpRequest
actionSegmentsarray / nullReturns an array of the action path segments, if this is an action request.HttpRequestService
baseUrlstringReturns the relative URL for the application.\CHttpRequest
behaviorsarraythe behaviors that should be attached to this component.\CApplicationComponent
browserarrayReturns information about the capabilities of user browser.\CHttpRequest
browserLanguagesarray / falseReturns a list of languages the user has selected in their browser’s settings, canonicalized using LocaleData::getCanonicalID<span class="external".HttpRequestService
clientOsstringReturns whether the client is running "Windows", "Mac", "Linux" or "Other", based on the browser's UserAgent string.HttpRequestService
contentTypestringReturns request content-type\CHttpRequest
cookiesCookieCollectionReturns the cookie collection. The result can be used like an associative array. Adding HttpCookie objects to the collection will send the cookies to the client; and removing the objects from the collection will delete those cookies on the client.HttpRequestService
csrfCookiearraythe property values (in name-value pairs) used to initialize the CSRF cookie.\CHttpRequest
csrfTokenstringGets the current CSRF token from the CSRF token cookie, (re)creating the cookie if it is missing or invalid.HttpRequestService
csrfTokenNamestringthe name of the token used to prevent CSRF.\CHttpRequest
enableCookieValidationboolwhether cookies should be validated to ensure they are not tampered.\CHttpRequest
enableCsrfValidationboolwhether to enable CSRF (Cross-Site Request Forgery) validation.\CHttpRequest
hostInfostringReturns the schema and host part of the application URL.\CHttpRequest
hostNamestringReturns the host name, without “http://” or “https://”.HttpRequestService
httpVersionstringReturns the version of the HTTP protocol used by client.\CHttpRequest
ipAddressstringRetrieves the best guess of the client’s actual IP address taking into account numerous HTTP proxy headers due to variations in how different ISPs handle IP addresses in headers between hops.HttpRequestService
isAjaxRequestboolReturns whether this is an AJAX (XMLHttpRequest) request.\CHttpRequest
isDeleteRequestboolReturns whether this is a DELETE request.\CHttpRequest
isFlashRequestboolReturns whether this is an Adobe Flash or Adobe Flex request.\CHttpRequest
isGetRequestboolReturns whether this is a GET request.HttpRequestService
isInitializedboolChecks if this application component has been initialized.\CApplicationComponent
isPatchRequestboolReturns whether this is a PATCH request.\CHttpRequest
isPostRequestboolReturns whether this is a POST request.\CHttpRequest
isPutRequestboolReturns whether this is a PUT request.\CHttpRequest
isSecureConnectionboolReturn if the request is sent via secure channel (https).\CHttpRequest
jsonAsArrayboolwhether the parsing of JSON REST requests should return associative arrays for object data.\CHttpRequest
mimeTypestringReturns the MIME type that is going to be included in the response via the Content-Type header.HttpRequestService
normalizedPathstringReturns the path Craft should use to route this request, including the CP trigger if it is in there.HttpRequestService
pageNumintReturns the current page number.HttpRequestService
pathstringReturns the request’s Craft path.HttpRequestService
pathInfostringReturns the path info of the currently requested URL.\CHttpRequest
portintegerReturns the port to use for insecure requests.\CHttpRequest
postmixedReturns a POST parameter, or all of them.HttpRequestService
preferredAcceptTypearrayReturns the user preferred accept MIME type.\CHttpRequest
preferredAcceptTypesarrayReturns an array of user accepted MIME types in order of preference.\CHttpRequest
preferredLanguagestringReturns the user-preferred language that should be used by this application.\CHttpRequest
preferredLanguagesarrayReturns an array of user accepted languages in order of preference.\CHttpRequest
querymixedReturns a query string parameter, or all of them.HttpRequestService
queryStringstringReturns part of the request URL that is after the question mark.\CHttpRequest
queryStringWithoutPathstringReturns the request’s query string, without the p= parameter.HttpRequestService
rawBodystringReturns the raw HTTP request body.\CHttpRequest
requestTypestringReturns the request type, such as GET, POST, HEAD, PUT, PATCH, DELETE.\CHttpRequest
requestUristringReturns the request URI portion for the currently requested URL.\CHttpRequest
restParamsarrayReturns request parameters. Typically PUT, PATCH or DELETE.\CHttpRequest
scriptFilestringReturns entry script file path.\CHttpRequest
scriptNamestringReturns the script name used to access Craft (e.g. “index.php”).HttpRequestService
scriptUrlstringReturns the relative URL of the entry script.\CHttpRequest
securePortintegerReturns the port to use for secure requests.\CHttpRequest
segmentsarrayReturns an array of the Craft path’s segments.HttpRequestService
serverNamestringReturns the server name.\CHttpRequest
serverPortintegerReturns the server port number.\CHttpRequest
tokenstring / nullReturns the request’s token, if there is one.HttpRequestService
urlstringReturns the currently requested URL.\CHttpRequest
urlReferrerstringReturns the URL referrer, null if not present\CHttpRequest
userAgentstringReturns the user agent, null if not present.\CHttpRequest
userHoststringReturns the user host name, null if it cannot be determined.\CHttpRequest
userHostAddressstringAlias of getIpAddress().HttpRequestService

Protected Properties #

PropertyTypeDescriptionDefined By
isDeleteViaPostRequestboolReturns whether this is a DELETE request which was tunneled through POST.\CHttpRequest
isPatchViaPostRequestboolReturns whether this is a PATCH request which was tunneled through POST.\CHttpRequest
isPutViaPostRequestboolReturns whether this is a PUT request which was tunneled through POST.\CHttpRequest

Public Methods #

MethodDescriptionDefined By
__call()Calls the named method which is not a class method.\CComponent
__get()Returns a property value, an event handler list or a behavior based on its name.\CComponent
__isset()Checks if a property value is null.\CComponent
__set()Sets value of a component property.\CComponent
__unset()Sets a component property to be null.\CComponent
asa()Returns the named behavior object.\CComponent
attachBehavior()Attaches a behavior to this component.\CComponent
attachBehaviors()Attaches a list of behaviors to the component.\CComponent
attachEventHandler()Attaches an event handler to an event.\CComponent
canGetProperty()Determines whether a property can be read.\CComponent
canSetProperty()Determines whether a property can be set.\CComponent
close()Attempts to closes the connection with the HTTP client, without ending PHP script execution.HttpRequestService
compareAcceptTypes()Compare function for determining the preference of accepted MIME type array maps\CHttpRequest
decodePathInfo()Decodes the path info.HttpRequestService
deleteCookie()Deletes a cookie by its name.HttpRequestService
detachBehavior()Detaches a behavior from the component.\CComponent
detachBehaviors()Detaches all behaviors from the component.\CComponent
detachEventHandler()Detaches an existing event handler.\CComponent
disableBehavior()Disables an attached behavior.\CComponent
disableBehaviors()Disables all behaviors attached to this component.\CComponent
enableBehavior()Enables an attached behavior.\CComponent
enableBehaviors()Enables all behaviors attached to this component.\CComponent
evaluateExpression()Evaluates a PHP expression or callback under the context of this component.\CComponent
getAcceptTypes()Returns user browser accept types, null if not present.\CHttpRequest
getActionSegments()Returns an array of the action path segments, if this is an action request.HttpRequestService
getBaseUrl()Returns the relative URL for the application.\CHttpRequest
getBrowser()Returns information about the capabilities of user browser.\CHttpRequest
getBrowserLanguages()Returns a list of languages the user has selected in their browser’s settings, canonicalized using LocaleData::getCanonicalID<span class="external".HttpRequestService
getClientOs()Returns whether the client is running "Windows", "Mac", "Linux" or "Other", based on the browser's UserAgent string.HttpRequestService
getContentType()Returns request content-type\CHttpRequest
getCookie()Returns a cookie by its name.HttpRequestService
getCookies()Returns the cookie collection. The result can be used like an associative array. Adding HttpCookie objects to the collection will send the cookies to the client; and removing the objects from the collection will delete those cookies on the client.HttpRequestService
getCsrfToken()Gets the current CSRF token from the CSRF token cookie, (re)creating the cookie if it is missing or invalid.HttpRequestService
getDelete()Returns the named DELETE parameter value.\CHttpRequest
getEventHandlers()Returns the list of attached event handlers for an event.\CComponent
getHostInfo()Returns the schema and host part of the application URL.\CHttpRequest
getHostName()Returns the host name, without “http://” or “https://”.HttpRequestService
getHttpVersion()Returns the version of the HTTP protocol used by client.\CHttpRequest
getIpAddress()Retrieves the best guess of the client’s actual IP address taking into account numerous HTTP proxy headers due to variations in how different ISPs handle IP addresses in headers between hops.HttpRequestService
getIsAjaxRequest()Returns whether this is an AJAX (XMLHttpRequest) request.\CHttpRequest
getIsDeleteRequest()Returns whether this is a DELETE request.\CHttpRequest
getIsFlashRequest()Returns whether this is an Adobe Flash or Adobe Flex request.\CHttpRequest
getIsGetRequest()Returns whether this is a GET request.HttpRequestService
getIsInitialized()Checks if this application component has been initialized.\CApplicationComponent
getIsPatchRequest()Returns whether this is a PATCH request.\CHttpRequest
getIsPostRequest()Returns whether this is a POST request.\CHttpRequest
getIsPutRequest()Returns whether this is a PUT request.\CHttpRequest
getIsSecureConnection()Return if the request is sent via secure channel (https).\CHttpRequest
getMimeType()Returns the MIME type that is going to be included in the response via the Content-Type header.HttpRequestService
getNormalizedPath()Returns the path Craft should use to route this request, including the CP trigger if it is in there.HttpRequestService
getPageNum()Returns the current page number.HttpRequestService
getParam()Returns a parameter from either the query string or POST data.HttpRequestService
getPatch()Returns the named PATCH parameter value.\CHttpRequest
getPath()Returns the request’s Craft path.HttpRequestService
getPathInfo()Returns the path info of the currently requested URL.\CHttpRequest
getPort()Returns the port to use for insecure requests.\CHttpRequest
getPost()Returns a POST parameter, or all of them.HttpRequestService
getPreferredAcceptType()Returns the user preferred accept MIME type.\CHttpRequest
getPreferredAcceptTypes()Returns an array of user accepted MIME types in order of preference.\CHttpRequest
getPreferredLanguage()Returns the user-preferred language that should be used by this application.\CHttpRequest
getPreferredLanguages()Returns an array of user accepted languages in order of preference.\CHttpRequest
getPut()Returns the named PUT parameter value.\CHttpRequest
getQuery()Returns a query string parameter, or all of them.HttpRequestService
getQueryString()Returns part of the request URL that is after the question mark.\CHttpRequest
getQueryStringWithoutPath()Returns the request’s query string, without the p= parameter.HttpRequestService
getRawBody()Returns the raw HTTP request body.\CHttpRequest
getRequestType()Returns the request type, such as GET, POST, HEAD, PUT, PATCH, DELETE.\CHttpRequest
getRequestUri()Returns the request URI portion for the currently requested URL.\CHttpRequest
getRequiredParam()Returns a parameter from either the query string or POST data, or bails on the request with a 400 error if that parameter doesn’t exist anywhere.HttpRequestService
getRequiredPost()Returns a POST parameter, or bails on the request with a 400 error if that parameter doesn’t exist.HttpRequestService
getRequiredQuery()Returns a query string parameter, or bails on the request with a 400 error if that parameter doesn’t exist.HttpRequestService
getRestParams()Returns request parameters. Typically PUT, PATCH or DELETE.\CHttpRequest
getScriptFile()Returns entry script file path.\CHttpRequest
getScriptName()Returns the script name used to access Craft (e.g. “index.php”).HttpRequestService
getScriptUrl()Returns the relative URL of the entry script.\CHttpRequest
getSecurePort()Returns the port to use for secure requests.\CHttpRequest
getSegment()Returns a specific segment from the Craft path.HttpRequestService
getSegments()Returns an array of the Craft path’s segments.HttpRequestService
getServerName()Returns the server name.\CHttpRequest
getServerPort()Returns the server port number.\CHttpRequest
getToken()Returns the request’s token, if there is one.HttpRequestService
getUrl()Returns the currently requested URL.\CHttpRequest
getUrlReferrer()Returns the URL referrer, null if not present\CHttpRequest
getUserAgent()Returns the user agent, null if not present.\CHttpRequest
getUserHost()Returns the user host name, null if it cannot be determined.\CHttpRequest
getUserHostAddress()Alias of getIpAddress().HttpRequestService
getValidatedPost()Returns a POST parameter. If the validateUnsafeRequestParams config setting has been set to true, and this is a front-end request, then the POST parameter’s value will be validated with SecurityService::validateData() before being returned, ensuring that the value had not been tampered with by the user.HttpRequestService
hasEvent()Determines whether an event is defined.\CComponent
hasEventHandler()Checks whether the named event has attached handlers.\CComponent
hasProperty()Determines whether a property is defined.\CComponent
init()Initializes the application component.HttpRequestService
isActionRequest()Returns whether the current request should be routed to a specific controller action before normal request routing takes over.HttpRequestService
isAjaxRequest()Alias of getIsAjaxRequest().HttpRequestService
isCpRequest()Returns whether the current request should be routed to the Control Panel.HttpRequestService
isDeleteRequest()Alias of getIsDeleteRequest().HttpRequestService
isDeleteViaPostRequest()Alias of getIsDeleteViaPostRequest().HttpRequestService
isFlashRequest()Alias of getIsFlashRequest().HttpRequestService
isGetRequest()Alias of getIsGetRequest().HttpRequestService
isLivePreview()Returns whether this is a Live Preview request.HttpRequestService
isMobileBrowser()Returns whether the request is coming from a mobile browser.HttpRequestService
isPostRequest()Alias of getIsPostRequest().HttpRequestService
isPutRequest()Alias of getIsPutRequest().HttpRequestService
isPutViaPostRequest()Alias of getIsPutViaPostRequest().HttpRequestService
isResourceRequest()Returns whether the current request should be routed to a resource.HttpRequestService
isSecureConnection()Alias of getIsSecureConnection().HttpRequestService
isSiteRequest()Returns whether the current request should be routed to the front-end site.HttpRequestService
parseAcceptHeader()Parses an HTTP Accept header, returning an array map with all parts of each entry.\CHttpRequest
raiseEvent()Raises an event.\CComponent
redirect()Redirects the browser to the specified URL.\CHttpRequest
regenCsrfCookie()HttpRequestService
sendFile()Sends a file to the user.HttpRequestService
setBaseUrl()Sets the relative URL for the application.\CHttpRequest
setHostInfo()Sets the schema and host part of the application URL.\CHttpRequest
setPort()Sets the port to use for insecure requests.\CHttpRequest
setScriptUrl()Sets the relative URL for the application entry script.\CHttpRequest
setSecurePort()Sets the port to use for secure requests.\CHttpRequest
stripSlashes()Strips slashes from input data.\CHttpRequest
validateCsrfToken()Performs the CSRF validation. This is the event handler responding to CApplication::onBeginRequest. The default implementation will compare the CSRF token obtained from session and from a POST field. If they are different, a CSRF attack is detected.HttpRequestService
xSendFile()Sends existing file to a browser as a download using x-sendfile.\CHttpRequest

Protected Methods #

MethodDescriptionDefined By
createCsrfCookie()Creates a cookie with a randomly generated CSRF token. Initial values specified in csrfCookie will be applied to the generated cookie.HttpRequestService
csrfTokenValidForCurrentUser()Gets whether the CSRF token is valid for the current user or notHttpRequestService
getIsDeleteViaPostRequest()Returns whether this is a DELETE request which was tunneled through POST.\CHttpRequest
getIsPatchViaPostRequest()Returns whether this is a PATCH request which was tunneled through POST.\CHttpRequest
getIsPutViaPostRequest()Returns whether this is a PUT request which was tunneled through POST.\CHttpRequest
normalizeRequest()Normalizes the request data.\CHttpRequest

Property Details #

actionSegments #

read-only
public array|null getActionSegments()

Returns an array of the action path segments, if this is an action request.

browserLanguages #

read-only
public array|false getBrowserLanguages()

Returns a list of languages the user has selected in their browser’s settings, canonicalized using LocaleData::getCanonicalID<span class="external".

Internally, this method checks the Accept-Language header that should have accompanied the request. If that header was not present, the method will return false.

clientOs #

read-only
public string getClientOs()

Returns whether the client is running "Windows", "Mac", "Linux" or "Other", based on the browser's UserAgent string.

cookies #

read-only
public CookieCollection getCookies()

Returns the cookie collection. The result can be used like an associative array. Adding HttpCookie objects to the collection will send the cookies to the client; and removing the objects from the collection will delete those cookies on the client.

csrfToken #

read-only
public string getCsrfToken()

Gets the current CSRF token from the CSRF token cookie, (re)creating the cookie if it is missing or invalid.

hostName #

read-only
public string getHostName()

Returns the host name, without “http://” or “https://”.

Internally, this method will first check the Host header that should have accompanied the request, which browsers will set depending on the host name they are requesting. If that header does not exist, the method will fall back on the SERVER_NAME server environment variable.

ipAddress #

read-only
public string getIpAddress()

Retrieves the best guess of the client’s actual IP address taking into account numerous HTTP proxy headers due to variations in how different ISPs handle IP addresses in headers between hops.

Considering any of these server vars besides REMOTE_ADDR can be spoofed, this method should not be used when you need a trusted source for the IP address. Use $_SERVER['REMOTE_ADDR'] instead.

isGetRequest #

read-only
public bool getIsGetRequest()

Returns whether this is a GET request.

mimeType #

read-only
public string getMimeType()

Deprecated in 2.2. Use HeaderHelper::getMimeType() instead.

Returns the MIME type that is going to be included in the response via the Content-Type header.

normalizedPath #

read-only
public string getNormalizedPath()

Returns the path Craft should use to route this request, including the CP trigger if it is in there.

pageNum #

read-only
public int getPageNum()

Returns the current page number.

path #

read-only
public string getPath()

Returns the request’s Craft path.

Note that the path will not include the CP trigger if it’s a CP request, or the page trigger or page number if it’s a paginated request.

post #

read-only
public mixed getPost(string|null $name = null, mixed $defaultValue = null)

Returns a POST parameter, or all of them.

If $name is specified, then the corresponding POST parameter will be returned if it exists, or $defaultValue will be returned if it doesn’t.

$foo = craft()->request->getPost('foo'); // Returns $_POST['foo'], if it exists

$name can also represent a nested parameter using a dot-delimited string.

$bar = craft()->request->getPost('foo.bar'); // Returns $_POST['foo']['bar'], if it exists

If $name is omitted, the entire $_POST array will be returned instead:

$allThePostParams = craft()->request->getPost(); // Returns $_POST

All values will be converted to UTF-8, regardless of the original character encoding.

query #

read-only
public mixed getQuery(string|null $name = null, mixed $defaultValue = null)

Returns a query string parameter, or all of them.

If $name is specified, then the corresponding query string parameter will be returned if it exists, or $defaultValue will be returned if it doesn’t.

$foo = craft()->request->getQuery('foo'); // Returns $_GET['foo'], if it exists

$name can also represent a nested parameter using a dot-delimited string.

$bar = craft()->request->getQuery('foo.bar'); // Returns $_GET['foo']['bar'], if it exists

If $name is omitted, the entire $_GET array will be returned instead:

$allTheQueryParams = craft()->request->getQuery(); // Returns $_GET

All values will be converted to UTF-8, regardless of the original character encoding.

queryStringWithoutPath #

read-only
public string getQueryStringWithoutPath()

Returns the request’s query string, without the p= parameter.

scriptName #

read-only
public string getScriptName()

Returns the script name used to access Craft (e.g. “index.php”).

segments #

read-only
public array getSegments()

Returns an array of the Craft path’s segments.

Note that the segments will not include the CP trigger if it’s a CP request, or the page trigger or page number if it’s a paginated request.

token #

read-only
public string|null getToken()

Returns the request’s token, if there is one.

userHostAddress #

read-only
public string getUserHostAddress()

Alias of getIpAddress().

Method Details #

close() #

public function close($content = '')
{
     // Make sure nothing has been output yet
     if (headers_sent())
     {
          throw new Exception(Craft::t('HttpRequestService::close() cannot be called after content has been output.'));
     }

     // Prevent the script from ending when the browser closes the connection
     ignore_user_abort(true);

     // Prepend any current OB content
     while (ob_get_length() !== false)
     {
          // If ob_start() didn't have the PHP_OUTPUT_HANDLER_CLEANABLE flag, ob_get_clean() will cause a PHP notice
          // and return false.
          $obContent = @ob_get_clean();

          if ($obContent !== false)
          {
               $content = $obContent . $content;
          }
          else
          {
               break;
          }
     }

     // Send the content
     ob_start();
     echo $content;
     $size = ob_get_length();

     // Tell the browser to close the connection
     HeaderHelper::setHeader(array(
          'Connection'     => 'close',
          'Content-Length' => $size
     ));

     // Output the content, flush it to the browser, and close out the session
     ob_end_flush();
     flush();

     // Close the session.
     craft()->session->close();

     // In case we're running on php-fpm (https://secure.php.net/manual/en/book.fpm.php)
     if (function_exists("fastcgi_finish_request"))
     {
          fastcgi_finish_request();
     }
}
$contentstring / nullAny content that should be included in the response body.

Attempts to closes the connection with the HTTP client, without ending PHP script execution.

This method relies on flush(), which may not actually work if mod_deflate or mod_gzip is installed, or if this is a Win32 server.

createCsrfCookie() #

protected function createCsrfCookie()
{
     $cookie = $this->getCookies()->itemAt($this->csrfTokenName);

     if ($cookie)
     {
          // They have an existing CSRF cookie.
          $value = $cookie->value;

          // It's a CSRF cookie that came from an authenticated request.
          if (strpos($value, '|') !== false)
          {
               // Grab the existing nonce.
               $parts = explode('|', $value);
               $nonce = $parts[0];
          }
          else
          {
               // It's a CSRF cookie from an unauthenticated request.
               $nonce = $value;
          }
     }
     else
     {
          // No previous CSRF cookie, generate a new nonce.
          $nonce = craft()->security->generateRandomString(40);
     }

     // Authenticated users
     if (craft()->getComponent('userSession', false) && ($currentUser = craft()->userSession->getUser()))
     {
          // We mix the password into the token so that it will become invalid when the user changes their password.
          // The salt on the blowfish hash will be different even if they change their password to the same thing.
          // Normally using the session ID would be a better choice, but PHP's bananas session handling makes that difficult.
          $passwordHash = $currentUser->password;
          $userId = $currentUser->id;
          $hashable = implode('|', array($nonce, $userId, $passwordHash));
          $token = $nonce.'|'.craft()->security->computeHMAC($hashable);
     }
     else
     {
          // Unauthenticated users.
          $token = $nonce;
     }

     $cookie = new HttpCookie($this->csrfTokenName, $token);

     if (is_array($this->csrfCookie))
     {
          foreach ($this->csrfCookie as $name => $value)
          {
               $cookie->$name = $value;
          }
     }

     return $cookie;
}
ReturnsHttpCookie

The generated cookie

Creates a cookie with a randomly generated CSRF token. Initial values specified in csrfCookie will be applied to the generated cookie.

csrfTokenValidForCurrentUser() #

protected function csrfTokenValidForCurrentUser($token)
{
     $currentUser = false;

     if (craft()->isInstalled() && craft()->getComponent('userSession', false))
     {
          $currentUser = craft()->userSession->getUser();
     }

     if ($currentUser)
     {
          $splitToken = explode('|', $token, 2);

          if (count($splitToken) !== 2)
          {
               return false;
          }

          list($nonce, $hashFromToken) = $splitToken;

          // Check that this token is for the current user
          $passwordHash = $currentUser->password;
          $userId = $currentUser->id;
          $hashable = implode('|', array($nonce, $userId, $passwordHash));
          $expectedToken = $nonce.'|'.craft()->security->computeHMAC($hashable);

          return \CPasswordHelper::same($token, $expectedToken);
     }
     else
     {
          // If they're logged out, any token is fine
          return true;
     }
}
$token$token
Returnsbool

Gets whether the CSRF token is valid for the current user or not

decodePathInfo() #

public function decodePathInfo($pathInfo)
{
     $pathInfo = urldecode($pathInfo);

     if (!StringHelper::isUTF8($pathInfo))
     {
          $pathInfo = StringHelper::convertToUTF8($pathInfo);
     }

     return IOHelper::normalizePathSeparators($pathInfo);
}
$pathInfostringEncoded path info.
Returnsstring

Decoded path info.

Decodes the path info.

Replacement for Yii's \CHttpRequest::decodePathInfo().

deleteCookie() #

public function deleteCookie($name)
{
     if (isset($this->cookies[$name]))
     {
          unset($this->cookies[$name]);
     }
}
$name$nameThe cookie name.

Deletes a cookie by its name.

getActionSegments() #

public function getActionSegments()
{
     $this->_checkRequestType();
     return $this->_actionSegments;
}
Returnsarray / null

The action path segments, or null if this isn’t an action request.

Returns an array of the action path segments, if this is an action request.

getBrowserLanguages() #

public function getBrowserLanguages()
{
     if (!isset($this->_browserLanguages))
     {
          $this->_browserLanguages = array();

          if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) && preg_match_all('/([\w\-_]+)\s*(?:;\s*q\s*=\s*(\d*\.\d*))?/', $_SERVER['HTTP_ACCEPT_LANGUAGE'], $matches, PREG_SET_ORDER))
          {
               $weights = array();

               foreach ($matches as $match)
               {
                    $this->_browserLanguages[] = LocaleData::getCanonicalID($match[1]);
                    $weights[] = !empty($match[2]) ? floatval($match[2]) : 1;
               }

               // Sort the languages by their weight
               array_multisort($weights, SORT_NUMERIC, SORT_DESC, $this->_browserLanguages);
          }
     }

     if ($this->_browserLanguages)
     {
          return $this->_browserLanguages;
     }
     else
     {
          return false;
     }
}
Returnsarray / false

The preferred languages, or false if Craft is unable to determine them.

Returns a list of languages the user has selected in their browser’s settings, canonicalized using LocaleData::getCanonicalID<span class="external".

Internally, this method checks the Accept-Language header that should have accompanied the request. If that header was not present, the method will return false.

getClientOs() #

public function getClientOs()
{
     $userAgent = $this->getUserAgent();

     if (preg_match('/Linux/', $userAgent))
     {
          return 'Linux';
     }
     elseif (preg_match('/Win/', $userAgent))
     {
          return 'Windows';
     }
     elseif (preg_match('/Mac/', $userAgent))
     {
          return 'Mac';
     }
     else
     {
          return 'Other';
     }
}
Returnsstring

The OS the client is running.

Returns whether the client is running "Windows", "Mac", "Linux" or "Other", based on the browser's UserAgent string.

getCookie() #

public function getCookie($name)
{
     if (isset($this->cookies[$name]))
     {
          return $this->cookies[$name];
     }
}
$namestringThe cookie name.
ReturnsHttpCookie / null

The cookie, or null if it didn’t exist.

Returns a cookie by its name.

getCookies() #

public function getCookies()
{
     if ($this->_cookies !== null)
     {
          return $this->_cookies;
     }
     else
     {
          return $this->_cookies = new CookieCollection($this);
     }
}
ReturnsCookieCollection

The cookie collection.

Returns the cookie collection. The result can be used like an associative array. Adding HttpCookie objects to the collection will send the cookies to the client; and removing the objects from the collection will delete those cookies on the client.

getCsrfToken() #

public function getCsrfToken()
{
     if ($this->_csrfToken === null)
     {
          $cookie = $this->getCookies()->itemAt($this->csrfTokenName);

          // Reset the CSRF token cookie if it's not set, or for another user.
          if (!$cookie || ($this->_csrfToken = $cookie->value) == null || !$this->csrfTokenValidForCurrentUser($cookie->value))
          {
               $cookie = $this->createCsrfCookie();
               $this->_csrfToken = $cookie->value;
               $this->getCookies()->add($cookie->name, $cookie);
          }
     }

     return $this->_csrfToken;
}
Returnsstring

Gets the current CSRF token from the CSRF token cookie, (re)creating the cookie if it is missing or invalid.

getHostName() #

public function getHostName()
{
     if (isset($_SERVER['HTTP_HOST']))
     {
          return $_SERVER['HTTP_HOST'];
     }
     else
     {
          return $_SERVER['SERVER_NAME'];
     }
}
Returnsstring

The host name.

Returns the host name, without “http://” or “https://”.

Internally, this method will first check the Host header that should have accompanied the request, which browsers will set depending on the host name they are requesting. If that header does not exist, the method will fall back on the SERVER_NAME server environment variable.

getIpAddress() #

public function getIpAddress()
{
     if ($this->_ipAddress === null)
     {
          $ipMatch = false;

          // Check for shared internet/ISP IP
          if (!empty($_SERVER['HTTP_CLIENT_IP']) && $this->_validateIp($_SERVER['HTTP_CLIENT_IP']))
          {
               $ipMatch = $_SERVER['HTTP_CLIENT_IP'];
          }
          else
          {
               // Check for IPs passing through proxies
               if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
               {
                    // Check if multiple IPs exist in var
                    $ipList = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);

                    foreach ($ipList as $ip)
                    {
                         if ($this->_validateIp($ip))
                         {
                              $ipMatch = $ip;
                         }
                    }
               }
          }

          if (!$ipMatch)
          {
               if (!empty($_SERVER['HTTP_X_FORWARDED']) && $this->_validateIp($_SERVER['HTTP_X_FORWARDED']))
               {
                    $ipMatch = $_SERVER['HTTP_X_FORWARDED'];
               }
               else
               {
                    if (!empty($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']) && $this->_validateIp($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']))
                    {
                         $ipMatch = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
                    }
                    else
                    {
                         if (!empty($_SERVER['HTTP_FORWARDED_FOR']) && $this->_validateIp($_SERVER['HTTP_FORWARDED_FOR']))
                         {
                              $ipMatch = $_SERVER['HTTP_FORWARDED_FOR'];
                         }
                         else
                         {
                              if (!empty($_SERVER['HTTP_FORWARDED']) && $this->_validateIp($_SERVER['HTTP_FORWARDED']))
                              {
                                   $ipMatch = $_SERVER['HTTP_FORWARDED'];
                              }
                         }
                    }
               }

               // The only one we're guaranteed to be accurate.
               if (!$ipMatch)
               {
                    $ipMatch = $_SERVER['REMOTE_ADDR'];
               }
          }

          $this->_ipAddress = $ipMatch;
     }

     return $this->_ipAddress;
}
Returnsstring

The IP address.

Retrieves the best guess of the client’s actual IP address taking into account numerous HTTP proxy headers due to variations in how different ISPs handle IP addresses in headers between hops.

Considering any of these server vars besides REMOTE_ADDR can be spoofed, this method should not be used when you need a trusted source for the IP address. Use $_SERVER['REMOTE_ADDR'] instead.

getIsGetRequest() #

public function getIsGetRequest()
{
     return ($this->getRequestType() == 'GET');
}
Returnsbool

Whether this is a GET request.

Returns whether this is a GET request.

getMimeType() #

public function getMimeType()
{
     // TODO: Call the deprecator here in Craft 3.0
     return HeaderHelper::getMimeType();
}
Returnsstring

Deprecated in 2.2. Use HeaderHelper::getMimeType() instead.

Returns the MIME type that is going to be included in the response via the Content-Type header.

getNormalizedPath() #

public function getNormalizedPath()
{
     // Get the path
     if (craft()->config->usePathInfo())
     {
          $pathInfo = $this->getPathInfo();
          $path = $pathInfo ? $pathInfo : $this->_getQueryStringPath();
     }
     else
     {
          $queryString = $this->_getQueryStringPath();
          $path = $queryString ? $queryString : $this->getPathInfo();
     }

     // Sanitize
     return $this->decodePathInfo($path);
}
Returnsstring

The path.

Returns the path Craft should use to route this request, including the CP trigger if it is in there.

getPageNum() #

public function getPageNum()
{
     return $this->_pageNum;
}
Returnsint

The page number.

Returns the current page number.

getParam() #

public function getParam($name, $defaultValue = null)
{
     if (($value = $this->getQuery($name)) !== null)
     {
          return $value;
     }
     else if (($value = $this->getPost($name)) !== null)
     {
          return $value;
     }

     return $defaultValue;
}
$namestringThe dot-delimited name of the param to be fetched.
$defaultValuemixedThe fallback value to be returned if no param exists by the given $name. Defaults to null.
Returnsmixed

The value of the corresponding param, or $defaultValue if that value didn’t exist.

Returns a parameter from either the query string or POST data.

This method will first search for the given paramater in the query string, calling getQuery() internally, and if that doesn’t come back with a value, it will call getPost(). If that doesn’t come back with a value either, $defaultValue will be returned.

$foo = craft()->request->getParam('foo'); // Returns $_GET['foo'] or $_POST['foo'], if either exist

$name can also represent a nested parameter using a dot-delimited string.

$bar = craft()->request->getParam('foo.bar'); // Returns $_GET['foo']['bar'] or $_POST['foo']['bar'], if either exist

All values will be converted to UTF-8, regardless of the original character encoding.

getPath() #

public function getPath()
{
     return $this->_path;
}
Returnsstring

The Craft path.

Returns the request’s Craft path.

Note that the path will not include the CP trigger if it’s a CP request, or the page trigger or page number if it’s a paginated request.

getPost() #

public function getPost($name = null, $defaultValue = null)
{
     return $this->_getParam($name, $defaultValue, $_POST);
}
$namestring / nullThe dot-delimited name of the POST param to be fetched, if any.
$defaultValuemixedThe fallback value to be returned if no param exists by the given $name. Defaults to null.
Returnsmixed

The value of the corresponding POST param if a single param was requested, or $defaultValue if that value didn’t exist, or the entire $_POST array if no single param was requested.

Returns a POST parameter, or all of them.

If $name is specified, then the corresponding POST parameter will be returned if it exists, or $defaultValue will be returned if it doesn’t.

$foo = craft()->request->getPost('foo'); // Returns $_POST['foo'], if it exists

$name can also represent a nested parameter using a dot-delimited string.

$bar = craft()->request->getPost('foo.bar'); // Returns $_POST['foo']['bar'], if it exists

If $name is omitted, the entire $_POST array will be returned instead:

$allThePostParams = craft()->request->getPost(); // Returns $_POST

All values will be converted to UTF-8, regardless of the original character encoding.

getQuery() #

public function getQuery($name = null, $defaultValue = null)
{
     return $this->_getParam($name, $defaultValue, $_GET);
}
$namestring / nullThe dot-delimited name of the query string param to be fetched, if any.
$defaultValuemixedThe fallback value to be returned if no param exists by the given $name. Defaults to null.
Returnsmixed

The value of the corresponding query string param if a single param was requested, or $defaultValue if that value didn’t exist, or the entire $_GET array if no single param was requested.

Returns a query string parameter, or all of them.

If $name is specified, then the corresponding query string parameter will be returned if it exists, or $defaultValue will be returned if it doesn’t.

$foo = craft()->request->getQuery('foo'); // Returns $_GET['foo'], if it exists

$name can also represent a nested parameter using a dot-delimited string.

$bar = craft()->request->getQuery('foo.bar'); // Returns $_GET['foo']['bar'], if it exists

If $name is omitted, the entire $_GET array will be returned instead:

$allTheQueryParams = craft()->request->getQuery(); // Returns $_GET

All values will be converted to UTF-8, regardless of the original character encoding.

getQueryStringWithoutPath() #

public function getQueryStringWithoutPath()
{
     $queryData = $this->getQuery();

     unset($queryData[craft()->urlManager->pathParam]);

     return http_build_query($queryData);
}
Returnsstring

The query string.

Returns the request’s query string, without the p= parameter.

getRequiredParam() #

public function getRequiredParam($name)
{
     $value = $this->getParam($name);

     if ($value !== null)
     {
          return $value;
     }
     else
     {
          throw new HttpException(400, Craft::t('Param “{name}” doesn’t exist.', array('name' => $name)));
     }
}
$namestringThe dot-delimited name of the param to be fetched.
Returnsmixed

The value of the corresponding param, or $defaultValue if that value didn’t exist.

Returns a parameter from either the query string or POST data, or bails on the request with a 400 error if that parameter doesn’t exist anywhere.

This method will first search for the given paramater in the query string, calling getQuery() internally, and if that doesn’t come back with a value, it will call getPost().

$foo = craft()->request->getRequiredParam('foo'); // Returns $_GET['foo'] or $_POST['foo']

$name can also represent a nested parameter using a dot-delimited string.

$bar = craft()->request->getParam('foo.bar'); // Returns $_GET['foo']['bar'] or $_POST['foo']['bar'], if either exist

All values will be converted to UTF-8, regardless of the original character encoding.

getRequiredPost() #

public function getRequiredPost($name)
{
     $value = $this->getPost($name);

     if ($value !== null)
     {
          return $value;
     }
     else
     {
          throw new HttpException(400, Craft::t('POST param “{name}” doesn’t exist.', array('name' => $name)));
     }
}
$namestringThe dot-delimited name of the POST param to be fetched.
Returnsmixed

The value of the corresponding POST param.

Returns a POST parameter, or bails on the request with a 400 error if that parameter doesn’t exist.

$foo = craft()->request->getRequiredPost('foo'); // Returns $_POST['foo']

$name can also represent a nested parameter using a dot-delimited string.

$bar = craft()->request->getRequiredPost('foo.bar'); // Returns $_POST['foo']['bar']

The returned value will be converted to UTF-8, regardless of the original character encoding.

getRequiredQuery() #

public function getRequiredQuery($name)
{
     $value = $this->getQuery($name);

     if ($value !== null)
     {
          return $value;
     }
     else
     {
          throw new HttpException(400, Craft::t('GET param “{name}” doesn’t exist.', array('name' => $name)));
     }
}
$namestringThe dot-delimited name of the query string param to be fetched.
Returnsmixed

The value of the corresponding query string param.

Returns a query string parameter, or bails on the request with a 400 error if that parameter doesn’t exist.

$foo = craft()->request->getRequiredQuery('foo'); // Returns $_GET['foo']

$name can also represent a nested parameter using a dot-delimited string.

$bar = craft()->request->getRequiredQuery('foo.bar'); // Returns $_GET['foo']['bar']

The returned value will be converted to UTF-8, regardless of the original character encoding.

getScriptName() #

public function getScriptName()
{
     $scriptUrl = $this->getScriptUrl();
     return mb_substr($scriptUrl, mb_strrpos($scriptUrl, '/')+1);
}
Returnsstring

Returns the script name used to access Craft (e.g. “index.php”).

getSegment() #

public function getSegment($num)
{
     if ($num > 0 && isset($this->_segments[$num-1]))
     {
          return $this->_segments[$num-1];
     }
     else if ($num < 0)
     {
          $totalSegs = count($this->_segments);

          if (isset($this->_segments[$totalSegs + $num]))
          {
               return $this->_segments[$totalSegs + $num];
          }
     }
}
$numintWhich segment to return (1-indexed).
Returnsstring / null

The matching segment, or null if there wasn’t one.

Returns a specific segment from the Craft path.

getSegments() #

public function getSegments()
{
     return $this->_segments;
}
Returnsarray

The Craft path’s segments.

Returns an array of the Craft path’s segments.

Note that the segments will not include the CP trigger if it’s a CP request, or the page trigger or page number if it’s a paginated request.

getToken() #

public function getToken()
{
     return $this->getQuery(craft()->config->get('tokenParam'));
}
Returnsstring / null

The request’s token, or null if there isn’t one.

Returns the request’s token, if there is one.

getUserHostAddress() #

public function getUserHostAddress()
{
     return $this->getIpAddress();
}
Returnsstring

Alias of getIpAddress().

getValidatedPost() #

public function getValidatedPost($name)
{
     $value = $this->getPost($name);

     if ($value !== null && $this->isSiteRequest() && craft()->config->get('validateUnsafeRequestParams'))
     {
          $value = craft()->security->validateData($value);

          if ($value === false)
          {
               throw new HttpException(400, Craft::t('POST param “{name}” was invalid.', array('name' => $name)));
          }
     }

     return $value;
}
$namestringThe dot-delimited name of the POST param to be fetched.
Returnsmixed

The value of the corresponding POST param

Returns a POST parameter. If the validateUnsafeRequestParams config setting has been set to true, and this is a front-end request, then the POST parameter’s value will be validated with SecurityService::validateData() before being returned, ensuring that the value had not been tampered with by the user.

init() #

public function init()
{
     // Is CSRF protection enabled?
     if (craft()->config->get('enableCsrfProtection') === true)
     {
          $this->enableCsrfValidation = true;

          // Grab the token name.
          $this->csrfTokenName = craft()->config->get('csrfTokenName');
     }

     // Now initialize Yii's CHttpRequest.
     parent::init();

     // There is no path.
     if (craft()->isConsole())
     {
          $path = '';
     }
     else
     {
          // Get the normalized path.
          $path = $this->getNormalizedPath();
     }

     // Get the path segments
     $this->_segments = array_values(array_filter(explode('/', $path), function($value)
     {
          // Explicitly check in case there is a 0 in a segment (i.e. foo/0 or foo/0/bar)
          return $value !== '';
     }));

     // Is this a CP request?
     $this->_isCpRequest = ($this->getSegment(1) == craft()->config->get('cpTrigger'));

     if ($this->_isCpRequest)
     {
          // Chop the CP trigger segment off of the path & segments array
          array_shift($this->_segments);
     }

     // Is this a paginated request?
     $pageTrigger = craft()->config->get('pageTrigger');

     if (!is_string($pageTrigger) || !strlen($pageTrigger))
     {
          $pageTrigger = 'p';
     }

     // Is this query string-based pagination?
     if ($pageTrigger[0] === '?')
     {
          $pageTrigger = trim($pageTrigger, '?=');

          if ($pageTrigger === 'p')
          {
               // Avoid conflict with the main 'p' param
               $pageTrigger = 'pg';
          }

          $this->_pageNum = (int) $this->getQuery($pageTrigger, '1');
     }
     else if ($this->_segments)
     {
          // Match against the entire path string as opposed to just the last segment so that we can support
          // "/page/2"-style pagination URLs
          $path = implode('/', $this->_segments);
          $pageTrigger = preg_quote(craft()->config->get('pageTrigger'), '/');

          if (preg_match("/^(?:(.*)\/)?{$pageTrigger}(\d+)$/", $path, $match))
          {
               // Capture the page num
               $this->_pageNum = (int) $match[2];

               // Sanitize
               $newPath = $this->decodePathInfo($match[1]);

               // Reset the segments without the pagination stuff
               $this->_segments = array_values(array_filter(explode('/', $newPath)));
          }
     }

     // Now that we've chopped off the admin/page segments, set the path
     $this->_path = implode('/', $this->_segments);
}

Initializes the application component.

isActionRequest() #

public function isActionRequest()
{
     $this->_checkRequestType();
     return $this->_isActionRequest;
}
Returnsbool

Whether the current request should be routed to a controller action.

Returns whether the current request should be routed to a specific controller action before normal request routing takes over.

There are several ways that this method could return true:

  • If the first segment in the Craft path matches the action trigger
  • If there is an 'action' param in either the POST data or query string
  • If the Craft path matches the Login path, the Logout path, or the Set Password path

isAjaxRequest() #

public function isAjaxRequest()
{
     return $this->getIsAjaxRequest();
}
Returnsbool

Alias of getIsAjaxRequest().

isCpRequest() #

public function isCpRequest()
{
     return $this->_isCpRequest;
}
Returnsbool

Whether the current request should be routed to the Control Panel.

Returns whether the current request should be routed to the Control Panel.

The result depends on whether the first segment in the URI matches the CP trigger.

Note that even if this function returns true, the request will not necessarily route to the Control Panel. It could instead route to a resource, for example.

isDeleteRequest() #

public function isDeleteRequest()
{
     return $this->getIsDeleteRequest();
}
Returnsbool

Alias of getIsDeleteRequest().

isDeleteViaPostRequest() #

public function isDeleteViaPostRequest()
{
     return $this->getIsDeleteViaPostRequest();
}
Returnsbool

Alias of getIsDeleteViaPostRequest().

isFlashRequest() #

public function isFlashRequest()
{
     return $this->getIsFlashRequest();
}
Returnsbool

Alias of getIsFlashRequest().

isGetRequest() #

public function isGetRequest()
{
     return $this->getIsGetRequest();
}

Alias of getIsGetRequest().

isLivePreview() #

public function isLivePreview()
{
     return (
          $this->isSiteRequest() &&
          $this->isActionRequest() &&
          craft()->request->getPost('livePreview')
     );
}
Returnsbool

Whether this is a Live Preview request.

Returns whether this is a Live Preview request.

isMobileBrowser() #

public function isMobileBrowser($detectTablets = false)
{
     $key = ($detectTablets ? '_isMobileOrTabletBrowser' : '_isMobileBrowser');

     if (!isset($this->$key))
     {
          if ($this->userAgent)
          {
               $this->$key = (
                    preg_match(
                         '/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino'.($detectTablets ? '|android|ipad|playbook|silk' : '').'/i',
                         $this->userAgent
                    ) ||
                    preg_match(
                         '/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i',
                         mb_substr($this->userAgent, 0, 4)
                    )
               );
          }
          else
          {
               $this->$key = false;
          }
     }

     return $this->$key;
}
$detectTabletsboolWhether tablets should be considered “modile”.
Returnsbool

Whether the request is coming from a mobile browser.

Returns whether the request is coming from a mobile browser.

The detection script is provided by http://detectmobilebrowsers.com. It was last updated on 2014-11-24.

isPostRequest() #

public function isPostRequest()
{
     return $this->getIsPostRequest();
}
Returnsbool

Alias of getIsPostRequest().

isPutRequest() #

public function isPutRequest()
{
     return $this->getIsPutRequest();
}
Returnsbool

Alias of getIsPutRequest().

isPutViaPostRequest() #

public function isPutViaPostRequest()
{
     return $this->getIsPutViaPostRequest();
}
Returnsbool

Alias of getIsPutViaPostRequest().

isResourceRequest() #

public function isResourceRequest()
{
     $this->_checkRequestType();
     return $this->_isResourceRequest;
}
Returnsbool

Whether the current request should be routed to a resource.

Returns whether the current request should be routed to a resource.

The result depends on whether the first segment in the Craft path matches the resource trigger.

isSecureConnection() #

public function isSecureConnection()
{
     return $this->getIsSecureConnection();
}
Returnsbool

Alias of getIsSecureConnection().

isSiteRequest() #

public function isSiteRequest()
{
     return !$this->_isCpRequest;
}
Returnsbool

Whether the current request should be routed to the front-end site.

Returns whether the current request should be routed to the front-end site.

The result will always just be the opposite of whatever isCpRequest() returns.

regenCsrfCookie() #

public function regenCsrfCookie()
{
     $cookie = $this->createCsrfCookie();
     $this->_csrfToken = $cookie->value;
     $this->getCookies()->add($cookie->name, $cookie);
}

sendFile() #

public function sendFile($path, $content, $options = array(), $terminate = true)
{
     $fileName = empty($options['filename']) ? IOHelper::getFileName($path, true) : $options['filename'];

     // Clear the output buffer to prevent corrupt downloads. Need to check the OB status first, or else some PHP
     // versions will throw an E_NOTICE since we have a custom error handler
     // (http://pear.php.net/bugs/bug.php?id=9670)
     if (ob_get_length() !== false)
     {
          // If zlib.output_compression is enabled, then ob_clean() will corrupt the results of output buffering.
          // ob_end_clean is what we want.
          ob_end_clean();
     }

     // Default to disposition to 'download'
     $forceDownload = !isset($options['forceDownload']) || $options['forceDownload'];

     if ($forceDownload)
     {
          HeaderHelper::setDownload($fileName);
     }

     if (empty($options['mimeType']))
     {
          if (($options['mimeType'] = FileHelper::getMimeTypeByExtension($fileName)) === null)
          {
               $options['mimeType'] = 'text/plain';
          }
     }

     HeaderHelper::setHeader(array('Content-Type' => $options['mimeType'].'; charset=utf-8'));

     $fileSize = mb_strlen($content, '8bit');
     $contentStart = 0;
     $contentEnd = $fileSize - 1;

     $httpVersion = $this->getHttpVersion();

     if (isset($_SERVER['HTTP_RANGE']))
     {
          HeaderHelper::setHeader(array('Accept-Ranges' => 'bytes'));

          // Client sent us a multibyte range, can not hold this one for now
          if (mb_strpos($_SERVER['HTTP_RANGE'], ',') !== false)
          {
               HeaderHelper::setHeader(array('Content-Range' => 'bytes '.$contentStart - $contentEnd / $fileSize));
               throw new HttpException(416, 'Requested Range Not Satisfiable');
          }

          $range = str_replace('bytes=', '', $_SERVER['HTTP_RANGE']);

          // range requests starts from "-", so it means that data must be dumped the end point.
          if ($range[0] === '-')
          {
               $contentStart = $fileSize - mb_substr($range, 1);
          }
          else
          {
               $range = explode('-', $range);
               $contentStart = $range[0];

               // check if the last-byte-pos presents in header
               if ((isset($range[1]) && is_numeric($range[1])))
               {
                    $contentEnd = $range[1];
               }
          }

          // Check the range and make sure it's treated according to the specs.
          // http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

          // End bytes can not be larger than $end.
          $contentEnd = ($contentEnd > $fileSize) ? $fileSize - 1 : $contentEnd;

          // Validate the requested range and return an error if it's not correct.
          $wrongContentStart = ($contentStart > $contentEnd || $contentStart > $fileSize - 1 || $contentStart < 0);

          if ($wrongContentStart)
          {
               HeaderHelper::setHeader(array('Content-Range' => 'bytes '.$contentStart - $contentEnd / $fileSize));
               throw new HttpException(416, 'Requested Range Not Satisfiable');
          }

          HeaderHelper::setHeader("HTTP/$httpVersion 206 Partial Content");
          HeaderHelper::setHeader(array('Content-Range' => 'bytes '.$contentStart - $contentEnd / $fileSize));
     }
     else
     {
          HeaderHelper::setHeader("HTTP/$httpVersion 200 OK");
     }

     // Calculate new content length
     $length = $contentEnd - $contentStart + 1;

     if (!empty($options['cache']))
     {
          $cacheTime = 31536000; // 1 year
          HeaderHelper::setHeader(array('Expires' => gmdate('D, d M Y H:i:s', time() + $cacheTime).' GMT'));
          HeaderHelper::setHeader(array('Pragma' => 'cache'));
          HeaderHelper::setHeader(array('Cache-Control' => 'max-age='.$cacheTime));
          $modifiedTime = IOHelper::getLastTimeModified($path);
          HeaderHelper::setHeader(array('Last-Modified' => gmdate("D, d M Y H:i:s", $modifiedTime->getTimestamp()).' GMT'));
     }
     else
     {
          if (!$forceDownload)
          {
               HeaderHelper::setNoCache();
          }
          else
          {
               // Fixes a bug in IE 6, 7 and 8 when trying to force download a file over SSL:
               // https://stackoverflow.com/questions/1218925/php-script-to-download-file-not-working-in-ie
               HeaderHelper::setHeader(array(
                    'Pragma' => '',
                    'Cache-Control' => ''
               ));
          }
     }

     if ($options['mimeType'] == 'application/x-javascript' || $options['mimeType'] == 'text/css')
     {
          HeaderHelper::setHeader(array('Vary' => 'Accept-Encoding'));
     }

     $content = mb_substr($content, $contentStart, $length, '8bit');

     if ($terminate)
     {
          // Clean up the application first because the file downloading could take long time which may cause timeout
          // of some resources (such as DB connection)
          ob_start();
          Craft::app()->end(0, false);
          ob_end_clean();

          echo $content;
          exit(0);
     }
     else
     {
          echo $content;
     }
}
$pathstringThe path to the file on the server.
$contentstringThe contents of the file.
$optionsarray / nullAn array of optional options. Possible keys include 'forceDownload', 'mimeType', and 'cache'.
$terminatebool / nullWhether the request should be terminated after the file has been sent. Defaults to true.

Sends a file to the user.

We’re overriding this from \CHttpRequest::sendFile() so we can have more control over the headers.

validateCsrfToken() #

public function validateCsrfToken($event)
{
     if ($this->getIsPostRequest() || $this->getIsPutRequest() || $this->getIsPatchRequest() || $this->getIsDeleteRequest())
     {
          $method = $this->getRequestType();

          switch($method)
          {
               case 'POST':
               {
                    $tokenFromPost = $this->getPost($this->csrfTokenName);
                    break;
               }

               case 'PUT':
               {
                    $tokenFromPost = $this->getPut($this->csrfTokenName);
                    break;
               }

               case 'PATCH':
               {
                    $tokenFromPost = $this->getPatch($this->csrfTokenName);
                    break;
               }

               case 'DELETE':
               {
                    $tokenFromPost = $this->getDelete($this->csrfTokenName);
               }
          }

          $csrfCookie = $this->getCookies()->itemAt($this->csrfTokenName);

          if (!empty($tokenFromPost) && $csrfCookie && $csrfCookie->value)
          {
               // Must at least match the cookie so that tokens from previous sessions won't work
               if (\CPasswordHelper::same($csrfCookie->value, $tokenFromPost))
               {
                    // TODO: Remove this nested condition after the next breakpoint and call csrfTokenValidForCurrentUser() directly.
                    // Is this an update request?
                    if ($this->isActionRequest() && isset($this->_actionSegments[0]) && $this->_actionSegments[0] == 'update')
                    {
                         return true;
                    }
                    else
                    {
                         $valid = $this->csrfTokenValidForCurrentUser($tokenFromPost);
                    }
               }
               else
               {
                    $valid = false;
               }
          }
          else
          {
               $valid = false;
          }

          if (!$valid)
          {
               throw new HttpException(400, Craft::t('The CSRF token could not be verified.'));
          }
     }
}
$eventEventevent parameter

Performs the CSRF validation. This is the event handler responding to CApplication::onBeginRequest. The default implementation will compare the CSRF token obtained from session and from a POST field. If they are different, a CSRF attack is detected.