0 follower

CHttpRequest

Package	system.web
Inheritance	class CHttpRequest » CApplicationComponent » CComponent
Implements	IApplicationComponent
Since	1.0
Source Code	framework/web/CHttpRequest.php

CHttpRequest encapsulates the $_SERVER variable and resolves its inconsistency among different Web servers.

CHttpRequest also manages the cookies sent from and sent to the user. By setting enableCookieValidation to true, cookies sent from the user will be validated to see if they are tampered. The property cookies returns the collection of cookies. For more details, see CCookieCollection.

CHttpRequest is a default application component loaded by CWebApplication. It can be accessed via CWebApplication::getRequest().

Public Properties

Hide inherited properties

Property	Type	Description	Defined By
acceptTypes	string	Returns user browser accept types, null if not present.	CHttpRequest
baseUrl	string	Returns the relative URL for the application.	CHttpRequest
behaviors	array	the behaviors that should be attached to this component.	CApplicationComponent
browser	array	Returns information about the capabilities of user browser.	CHttpRequest
contentType	string	Returns request content-type	CHttpRequest
cookies	CCookieCollection	Returns the cookie collection.	CHttpRequest
csrfCookie	array	the property values (in name-value pairs) used to initialize the CSRF cookie.	CHttpRequest
csrfToken	string	Returns the random token used to perform CSRF validation.	CHttpRequest
csrfTokenName	string	the name of the token used to prevent CSRF.	CHttpRequest
enableCookieValidation	boolean	whether cookies should be validated to ensure they are not tampered.	CHttpRequest
enableCsrfValidation	boolean	whether to enable CSRF (Cross-Site Request Forgery) validation.	CHttpRequest
hostInfo	string	Returns the schema and host part of the application URL.	CHttpRequest
httpVersion	string	Returns the version of the HTTP protocol used by client.	CHttpRequest
isAjaxRequest	boolean	Returns whether this is an AJAX (XMLHttpRequest) request.	CHttpRequest
isDeleteRequest	boolean	Returns whether this is a DELETE request.	CHttpRequest
isFlashRequest	boolean	Returns whether this is an Adobe Flash or Adobe Flex request.	CHttpRequest
isInitialized	boolean	Checks if this application component has been initialized.	CApplicationComponent
isPatchRequest	boolean	Returns whether this is a PATCH request.	CHttpRequest
isPostRequest	boolean	Returns whether this is a POST request.	CHttpRequest
isPutRequest	boolean	Returns whether this is a PUT request.	CHttpRequest
isSecureConnection	boolean	Return if the request is sent via secure channel (https).	CHttpRequest
jsonAsArray	boolean	whether the parsing of JSON REST requests should return associative arrays for object data.	CHttpRequest
pathInfo	string	Returns the path info of the currently requested URL.	CHttpRequest
port	integer	Returns the port to use for insecure requests.	CHttpRequest
preferredAcceptType	array	Returns the user preferred accept MIME type.	CHttpRequest
preferredAcceptTypes	array	Returns an array of user accepted MIME types in order of preference.	CHttpRequest
preferredLanguage	string	Returns the user-preferred language that should be used by this application.	CHttpRequest
preferredLanguages	array	Returns an array of user accepted languages in order of preference.	CHttpRequest
queryString	string	Returns part of the request URL that is after the question mark.	CHttpRequest
rawBody	string	Returns the raw HTTP request body.	CHttpRequest
requestType	string	Returns the request type, such as GET, POST, HEAD, PUT, PATCH, DELETE.	CHttpRequest
requestUri	string	Returns the request URI portion for the currently requested URL.	CHttpRequest
restParams	array	Returns request parameters. Typically PUT, PATCH or DELETE.	CHttpRequest
scriptFile	string	Returns entry script file path.	CHttpRequest
scriptUrl	string	Returns the relative URL of the entry script.	CHttpRequest
securePort	integer	Returns the port to use for secure requests.	CHttpRequest
serverName	string	Returns the server name.	CHttpRequest
serverPort	integer	Returns the server port number.	CHttpRequest
url	string	Returns the currently requested URL.	CHttpRequest
urlReferrer	string	Returns the URL referrer, null if not present	CHttpRequest
userAgent	string	Returns the user agent, null if not present.	CHttpRequest
userHost	string	Returns the user host name, null if it cannot be determined.	CHttpRequest
userHostAddress	string	Returns the user IP address.	CHttpRequest

Protected Properties

Hide inherited properties

Property	Type	Description	Defined By
isDeleteViaPostRequest	boolean	Returns whether this is a DELETE request which was tunneled through POST.	CHttpRequest
isPatchViaPostRequest	boolean	Returns whether this is a PATCH request which was tunneled through POST.	CHttpRequest
isPutViaPostRequest	boolean	Returns whether this is a PUT request which was tunneled through POST.	CHttpRequest

Public Methods

Hide inherited methods

Method	Description	Defined By
__call()	Calls the named method which is not a class method.	CComponent
__get()	Returns a property value, an event handler list or a behavior based on its name.	CComponent
__isset()	Checks if a property value is null.	CComponent
__set()	Sets value of a component property.	CComponent
__unset()	Sets a component property to be null.	CComponent
asa()	Returns the named behavior object.	CComponent
attachBehavior()	Attaches a behavior to this component.	CComponent
attachBehaviors()	Attaches a list of behaviors to the component.	CComponent
attachEventHandler()	Attaches an event handler to an event.	CComponent
canGetProperty()	Determines whether a property can be read.	CComponent
canSetProperty()	Determines whether a property can be set.	CComponent
compareAcceptTypes()	Compare function for determining the preference of accepted MIME type array maps	CHttpRequest
detachBehavior()	Detaches a behavior from the component.	CComponent
detachBehaviors()	Detaches all behaviors from the component.	CComponent
detachEventHandler()	Detaches an existing event handler.	CComponent
disableBehavior()	Disables an attached behavior.	CComponent
disableBehaviors()	Disables all behaviors attached to this component.	CComponent
enableBehavior()	Enables an attached behavior.	CComponent
enableBehaviors()	Enables all behaviors attached to this component.	CComponent
evaluateExpression()	Evaluates a PHP expression or callback under the context of this component.	CComponent
getAcceptTypes()	Returns user browser accept types, null if not present.	CHttpRequest
getBaseUrl()	Returns the relative URL for the application.	CHttpRequest
getBrowser()	Returns information about the capabilities of user browser.	CHttpRequest
getContentType()	Returns request content-type	CHttpRequest
getCookies()	Returns the cookie collection.	CHttpRequest
getCsrfToken()	Returns the random token used to perform CSRF validation.	CHttpRequest
getDelete()	Returns the named DELETE parameter value.	CHttpRequest
getEventHandlers()	Returns the list of attached event handlers for an event.	CComponent
getHostInfo()	Returns the schema and host part of the application URL.	CHttpRequest
getHttpVersion()	Returns the version of the HTTP protocol used by client.	CHttpRequest
getIsAjaxRequest()	Returns whether this is an AJAX (XMLHttpRequest) request.	CHttpRequest
getIsDeleteRequest()	Returns whether this is a DELETE request.	CHttpRequest
getIsFlashRequest()	Returns whether this is an Adobe Flash or Adobe Flex request.	CHttpRequest
getIsInitialized()	Checks if this application component has been initialized.	CApplicationComponent
getIsPatchRequest()	Returns whether this is a PATCH request.	CHttpRequest
getIsPostRequest()	Returns whether this is a POST request.	CHttpRequest
getIsPutRequest()	Returns whether this is a PUT request.	CHttpRequest
getIsSecureConnection()	Return if the request is sent via secure channel (https).	CHttpRequest
getParam()	Returns the named GET or POST parameter value.	CHttpRequest
getPatch()	Returns the named PATCH parameter value.	CHttpRequest
getPathInfo()	Returns the path info of the currently requested URL.	CHttpRequest
getPort()	Returns the port to use for insecure requests.	CHttpRequest
getPost()	Returns the named POST parameter value.	CHttpRequest
getPreferredAcceptType()	Returns the user preferred accept MIME type.	CHttpRequest
getPreferredAcceptTypes()	Returns an array of user accepted MIME types in order of preference.	CHttpRequest
getPreferredLanguage()	Returns the user-preferred language that should be used by this application.	CHttpRequest
getPreferredLanguages()	Returns an array of user accepted languages in order of preference.	CHttpRequest
getPut()	Returns the named PUT parameter value.	CHttpRequest
getQuery()	Returns the named GET parameter value.	CHttpRequest
getQueryString()	Returns part of the request URL that is after the question mark.	CHttpRequest
getRawBody()	Returns the raw HTTP request body.	CHttpRequest
getRequestType()	Returns the request type, such as GET, POST, HEAD, PUT, PATCH, DELETE.	CHttpRequest
getRequestUri()	Returns the request URI portion for the currently requested URL.	CHttpRequest
getRestParams()	Returns request parameters. Typically PUT, PATCH or DELETE.	CHttpRequest
getScriptFile()	Returns entry script file path.	CHttpRequest
getScriptUrl()	Returns the relative URL of the entry script.	CHttpRequest
getSecurePort()	Returns the port to use for secure requests.	CHttpRequest
getServerName()	Returns the server name.	CHttpRequest
getServerPort()	Returns the server port number.	CHttpRequest
getUrl()	Returns the currently requested URL.	CHttpRequest
getUrlReferrer()	Returns the URL referrer, null if not present	CHttpRequest
getUserAgent()	Returns the user agent, null if not present.	CHttpRequest
getUserHost()	Returns the user host name, null if it cannot be determined.	CHttpRequest
getUserHostAddress()	Returns the user IP address.	CHttpRequest
hasEvent()	Determines whether an event is defined.	CComponent
hasEventHandler()	Checks whether the named event has attached handlers.	CComponent
hasProperty()	Determines whether a property is defined.	CComponent
init()	Initializes the application component.	CHttpRequest
parseAcceptHeader()	Parses an HTTP Accept header, returning an array map with all parts of each entry.	CHttpRequest
raiseEvent()	Raises an event.	CComponent
redirect()	Redirects the browser to the specified URL.	CHttpRequest
sendFile()	Sends a file to user.	CHttpRequest
setBaseUrl()	Sets the relative URL for the application.	CHttpRequest
setHostInfo()	Sets the schema and host part of the application URL.	CHttpRequest
setPort()	Sets the port to use for insecure requests.	CHttpRequest
setScriptUrl()	Sets the relative URL for the application entry script.	CHttpRequest
setSecurePort()	Sets the port to use for secure requests.	CHttpRequest
stripSlashes()	Strips slashes from input data.	CHttpRequest
validateCsrfToken()	Performs the CSRF validation.	CHttpRequest
xSendFile()	Sends existing file to a browser as a download using x-sendfile.	CHttpRequest

Protected Methods

Hide inherited methods

Method	Description	Defined By
createCsrfCookie()	Creates a cookie with a randomly generated CSRF token.	CHttpRequest
decodePathInfo()	Decodes the path info.	CHttpRequest
getIsDeleteViaPostRequest()	Returns whether this is a DELETE request which was tunneled through POST.	CHttpRequest
getIsPatchViaPostRequest()	Returns whether this is a PATCH request which was tunneled through POST.	CHttpRequest
getIsPutViaPostRequest()	Returns whether this is a PUT request which was tunneled through POST.	CHttpRequest
normalizeRequest()	Normalizes the request data.	CHttpRequest

Property Details

acceptTypes property read-only

public string getAcceptTypes()

Returns user browser accept types, null if not present.

baseUrl property

public string getBaseUrl(boolean $absolute=false)
public void setBaseUrl(string $value)

Returns the relative URL for the application. This is similar to scriptUrl except that it does not have the script file name, and the ending slashes are stripped off.

Method Details

compareAcceptTypes() method

public static integer compareAcceptTypes(array $a, array $b)
$a	array	user accepted MIME type as an array map
$b	array	user accepted MIME type as an array map
{return}	integer	-1, 0 or 1 if $a has respectively greater preference, equal preference or less preference than $b (higher preference comes first).

Source Code: framework/web/CHttpRequest.php#1004 (show)


public static function compareAcceptTypes($a,$b)
{
    // check for equal quality first
    if($a['params']['q']===$b['params']['q'])
        if(!($a['type']==='*' xor $b['type']==='*'))
            if (!($a['subType']==='*' xor $b['subType']==='*'))
                // finally, higher number of parameters counts as greater precedence
                if(count($a['params'])===count($b['params']))
                    return 0;
                else
                    return count($a['params'])<count($b['params']) ? 1 : -1;
            // more specific takes precedence - whichever one doesn't have a * subType
            else
                return $a['subType']==='*' ? 1 : -1;
        // more specific takes precedence - whichever one doesn't have a * type
        else
            return $a['type']==='*' ? 1 : -1;
    else
        return ($a['params']['q']<$b['params']['q']) ? 1 : -1;
}

Compare function for determining the preference of accepted MIME type array maps See parseAcceptHeader() for the format of $a and $b

createCsrfCookie() method

protected CHttpCookie createCsrfCookie()
{return}	CHttpCookie	the generated cookie

Source Code: framework/web/CHttpRequest.php#1342 (show)


protected function createCsrfCookie()
{
    $securityManager=Yii::app()->getSecurityManager();
    $token=$securityManager->generateRandomBytes(32);
    $maskedToken=$securityManager->maskToken($token);
    $cookie=new CHttpCookie($this->csrfTokenName,$maskedToken);
    if(is_array($this->csrfCookie))
    {
        foreach($this->csrfCookie as $name=>$value)
            $cookie->$name=$value;
    }
    return $cookie;
}

Creates a cookie with a randomly generated CSRF token. Initial values specified in csrfCookie will be applied to the generated cookie.


protected function normalizeRequest()
{
    // normalize request
    if(version_compare(PHP_VERSION,'7.4.0','<'))
    {
        if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
        {
            if(isset($_GET))
                $_GET=$this->stripSlashes($_GET);
            if(isset($_POST))
                $_POST=$this->stripSlashes($_POST);
            if(isset($_REQUEST))
                $_REQUEST=$this->stripSlashes($_REQUEST);
            if(isset($_COOKIE))
                $_COOKIE=$this->stripSlashes($_COOKIE);
        }
    }

    if($this->enableCsrfValidation)
        Yii::app()->attachEventHandler('onBeginRequest',array($this,'validateCsrfToken'));
}

Normalizes the request data. This method strips off slashes in request data if get_magic_quotes_gpc() returns true. It also performs CSRF validation if enableCsrfValidation is true.

parseAcceptHeader() method

public static array parseAcceptHeader(string $header)
$header	string	the accept header value to parse
{return}	array	the user accepted MIME types.

Source Code: framework/web/CHttpRequest.php#941 (show)


public static function parseAcceptHeader($header)
{
    $matches=array();
    $accepts=array();
    // get individual entries with their type, subtype, basetype and params
    if($header!==null)
        preg_match_all('/(?:\G\s?,\s?|^)(\w+|\*)\/(\w+|\*)(?:\+(\w+))?|(?<!^)\G(?:\s?;\s?(\w+)=([\w\.]+))/',$header,$matches);
    // the regexp should (in theory) always return an array of 6 arrays
    if(count($matches)===6)
    {
        $i=0;
        $itemLen=count($matches[1]);
        while($i<$itemLen)
        {
            // fill out a content type
            $accept=array(
                'type'=>$matches[1][$i],
                'subType'=>$matches[2][$i],
                'baseType'=>null,
                'params'=>array(),
            );
            // fill in the base type if it exists
            if($matches[3][$i]!==null && $matches[3][$i]!=='')
                $accept['baseType']=$matches[3][$i];
            // continue looping while there is no new content type, to fill in all accompanying params
            for($i++;$i<$itemLen;$i++)
            {
                // if the next content type is null, then the item is a param for the current content type
                if($matches[1][$i]===null || $matches[1][$i]==='')
                {
                    // if this is the quality param, convert it to a double
                    if($matches[4][$i]==='q')
                    {
                        // sanity check on q value
                        $q=(double)$matches[5][$i];
                        if($q>1)
                            $q=(double)1;
                        elseif($q<0)
                            $q=(double)0;
                        $accept['params'][$matches[4][$i]]=$q;
                    }
                    else
                        $accept['params'][$matches[4][$i]]=$matches[5][$i];
                }
                else
                    break;
            }
            // q defaults to 1 if not explicitly given
            if(!isset($accept['params']['q']))
                $accept['params']['q']=(double)1;
            $accepts[] = $accept;
        }
    }
    return $accepts;
}

Parses an HTTP Accept header, returning an array map with all parts of each entry. Each array entry consists of a map with the type, subType, baseType and params, an array map of key-value parameters, obligatorily including a `q` value (i.e. preference ranking) as a double. For example, an Accept header value of 'application/xhtml+xml;q=0.9;level=1' would give an array entry of

array(
       'type' => 'application',
       'subType' => 'xhtml',
       'baseType' => 'xml',
       'params' => array(
           'q' => 0.9,
           'level' => '1',
       ),
)

Please note: To avoid great complexity, there are no steps taken to ensure that quoted strings are treated properly. If the header text includes quoted strings containing space or the , or ; characters then the results may not be correct!

See also https://tools.ietf.org/html/rfc2616#section-14.1 for details on Accept header.

redirect() method

public void redirect(string $url, boolean $terminate=true, integer $statusCode=302)
$url	string	URL to be redirected to. Note that when URL is not absolute (not starting with "/") it will be relative to current request URL.
$terminate	boolean	whether to terminate the current application
$statusCode	integer	the HTTP status code. Defaults to 302. See https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html for details about HTTP status code.

Source Code: framework/web/CHttpRequest.php#907 (show)


public function redirect($url,$terminate=true,$statusCode=302)
{
    if(strpos($url,'/')===0 && strpos($url,'//')!==0)
        $url=$this->getHostInfo().$url;
    header('Location: '.$url, true, $statusCode);
    if($terminate)
        Yii::app()->end();
}

Redirects the browser to the specified URL.

sendFile() method

public void sendFile(string $fileName, string $content, string $mimeType=NULL, boolean $terminate=true)
$fileName	string	file name
$content	string	content to be set.
$mimeType	string	mime type of the content. If null, it will be guessed automatically based on the given file name.
$terminate	boolean	whether to terminate the current application after calling this method

Source Code: framework/web/CHttpRequest.php#1137 (show)


public function sendFile($fileName,$content,$mimeType=null,$terminate=true)
{
    if($mimeType===null)
    {
        if(($mimeType=CFileHelper::getMimeTypeByExtension($fileName))===null)
            $mimeType='text/plain';
    }

    $fileSize=(function_exists('mb_strlen') ? mb_strlen($content,'8bit') : strlen($content));
    $contentStart=0;
    $contentEnd=$fileSize-1;

    $httpVersion=$this->getHttpVersion();
    if(isset($_SERVER['HTTP_RANGE']))
    {
        header('Accept-Ranges: bytes');

        //client sent us a multibyte range, can not hold this one for now
        if(strpos($_SERVER['HTTP_RANGE'],',')!==false)
        {
            header("Content-Range: bytes $contentStart-$contentEnd/$fileSize");
            throw new CHttpException(416,'Requested Range Not Satisfiable');
        }

        $range=str_replace('bytes=','',$_SERVER['HTTP_RANGE']);

        //range requests starts from "-", so it means that data must be dumped the end point.
        if($range[0]==='-')
            $contentStart=$fileSize-substr($range,1);
        else
        {
            $range=explode('-',$range);
            $contentStart=$range[0];

            // check if the last-byte-pos presents in header
            if((isset($range[1]) && is_numeric($range[1])))
                $contentEnd=$range[1];
        }

        /* Check the range and make sure it's treated according to the specs.
         * https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
         */
        // End bytes can not be larger than $end.
        $contentEnd=($contentEnd > $fileSize) ? $fileSize-1 : $contentEnd;

        // Validate the requested range and return an error if it's not correct.
        $wrongContentStart=($contentStart>$contentEnd || $contentStart>$fileSize-1 || $contentStart<0);

        if($wrongContentStart)
        {
            header("Content-Range: bytes $contentStart-$contentEnd/$fileSize");
            throw new CHttpException(416,'Requested Range Not Satisfiable');
        }

        header("HTTP/$httpVersion 206 Partial Content");
        header("Content-Range: bytes $contentStart-$contentEnd/$fileSize");
    }
    else
        header("HTTP/$httpVersion 200 OK");

    $length=$contentEnd-$contentStart+1; // Calculate new content length

    header('Pragma: public');
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header("Content-Type: $mimeType");
    header('Content-Length: '.$length);
    header("Content-Disposition: attachment; filename=\"$fileName\"");
    header('Content-Transfer-Encoding: binary');
    $content=function_exists('mb_substr') ? mb_substr($content,$contentStart,$length,'8bit') : substr($content,$contentStart,$length);

    if($terminate)
    {
        // clean up the application first because the file downloading could take long time
        // which may cause timeout of some resources (such as DB connection)
        ob_start();
        Yii::app()->end(0,false);
        ob_end_clean();
        echo $content;
        exit(0);
    }
    else
        echo $content;
}

Sends a file to user.

setBaseUrl() method

public void setBaseUrl(string $value)
$value	string	the relative URL for the application

Source Code: framework/web/CHttpRequest.php#412 (show)


public function setBaseUrl($value)
{
    $this->_baseUrl=$value;
}

Sets the relative URL for the application. By default the URL is determined based on the entry script URL. This setter is provided in case you want to change this behavior.

setHostInfo() method

public void setHostInfo(string $value)
$value	string	the schema and host part of the application URL.

Source Code: framework/web/CHttpRequest.php#386 (show)


public function setHostInfo($value)
{
    $this->_hostInfo=rtrim($value,'/');
}

Sets the schema and host part of the application URL. This setter is provided in case the schema and hostname cannot be determined on certain Web servers.

setPort() method (available since v1.1.3)

public void setPort(integer $value)
$value	integer	port number.

Source Code: framework/web/CHttpRequest.php#847 (show)


public function setPort($value)
{
    $this->_port=(int)$value;
    $this->_hostInfo=null;
}

Sets the port to use for insecure requests. This setter is provided in case a custom port is necessary for certain server configurations.

setScriptUrl() method

public void setScriptUrl(string $value)
$value	string	the relative URL for the application entry script.

Source Code: framework/web/CHttpRequest.php#450 (show)


public function setScriptUrl($value)
{
    $this->_scriptUrl='/'.trim($value,'/');
}

Sets the relative URL for the application entry script. This setter is provided in case the entry script URL cannot be determined on certain Web servers.

setSecurePort() method (available since v1.1.3)

public void setSecurePort(integer $value)
$value	integer	port number.

Source Code: framework/web/CHttpRequest.php#878 (show)


public function setSecurePort($value)
{
    $this->_securePort=(int)$value;
    $this->_hostInfo=null;
}

Sets the port to use for secure requests. This setter is provided in case a custom port is necessary for certain server configurations.

stripSlashes() method

public mixed stripSlashes(mixed &$data)
$data	mixed	input data to be processed
{return}	mixed	processed data

Source Code: framework/web/CHttpRequest.php#156 (show)


public function stripSlashes(&$data)
{
    if(is_array($data))
    {
        if(count($data) == 0)
            return $data;
        $keys=array_map('stripslashes',array_keys($data));
        $data=array_combine($keys,array_values($data));
        return array_map(array($this,'stripSlashes'),$data);
    }
    else
        return stripslashes($data);
}

Strips slashes from input data. This method is applied when magic quotes is enabled.

validateCsrfToken() method

public void validateCsrfToken(CEvent $event)
$event	CEvent	event parameter

Source Code: framework/web/CHttpRequest.php#1364 (show)


public function validateCsrfToken($event)
{
    if ($this->getIsPostRequest() ||
        $this->getIsPutRequest() ||
        $this->getIsPatchRequest() ||
        $this->getIsDeleteRequest())
    {
        $cookies=$this->getCookies();

        $method=$this->getRequestType();
        switch($method)
        {
            case 'POST':
                $maskedUserToken=$this->getPost($this->csrfTokenName);
            break;
            case 'PUT':
                $maskedUserToken=$this->getPut($this->csrfTokenName);
            break;
            case 'PATCH':
                $maskedUserToken=$this->getPatch($this->csrfTokenName);
            break;
            case 'DELETE':
                $maskedUserToken=$this->getDelete($this->csrfTokenName);
        }

        if (!empty($maskedUserToken) && is_string($maskedUserToken) && $cookies->contains($this->csrfTokenName))
        {
            $securityManager=Yii::app()->getSecurityManager();
            $maskedCookieToken=$cookies->itemAt($this->csrfTokenName)->value;
            $cookieToken=$securityManager->unmaskToken($maskedCookieToken);
            $userToken=$securityManager->unmaskToken($maskedUserToken);
            $valid=$cookieToken===$userToken;
        }
        else
            $valid = false;
        if (!$valid)
            throw new CHttpException(400,Yii::t('yii','The CSRF token could not be verified.'));
    }
}

Performs the CSRF validation. This is the event handler responding to CApplication::onBeginRequest. The default implementation will compare the CSRF token obtained from a cookie and from a POST field. If they are different, a CSRF attack is detected.

xSendFile() method

public void xSendFile(string $filePath, array $options=array ( ))
$filePath	string	file name with full path
$options	array	additional options: saveName: file name shown to the user, if not set real file name will be used mimeType: mime type of the file, if not set it will be guessed automatically based on the file name, if set to null no content-type header will be sent. xHeader: appropriate x-sendfile header, defaults to "X-Sendfile" terminate: whether to terminate the current application after calling this method, defaults to true forceDownload: specifies whether the file will be downloaded or shown inline, defaults to true. (Since version 1.1.9.) addHeaders: an array of additional http headers in header-value pairs (available since version 1.1.10)

Source Code: framework/web/CHttpRequest.php#1279 (show)


public function xSendFile($filePath, $options=array())
{
    if(!isset($options['forceDownload']) || $options['forceDownload'])
        $disposition='attachment';
    else
        $disposition='inline';

    if(!isset($options['saveName']))
        $options['saveName']=basename($filePath);

    if(!isset($options['mimeType']))
    {
        if(($options['mimeType']=CFileHelper::getMimeTypeByExtension($filePath))===null)
            $options['mimeType']='text/plain';
    }

    if(!isset($options['xHeader']))
        $options['xHeader']='X-Sendfile';

    if($options['mimeType']!==null)
        header('Content-Type: '.$options['mimeType']);
    header('Content-Disposition: '.$disposition.'; filename="'.$options['saveName'].'"');
    if(isset($options['addHeaders']))
    {
        foreach($options['addHeaders'] as $header=>$value)
            header($header.': '.$value);
    }
    header(trim($options['xHeader']).': '.$filePath);

    if(!isset($options['terminate']) || $options['terminate'])
        Yii::app()->end();
}

Sends existing file to a browser as a download using x-sendfile.

X-Sendfile is a feature allowing a web application to redirect the request for a file to the webserver that in turn processes the request, this way eliminating the need to perform tasks like reading the file and sending it to the user. When dealing with a lot of files (or very big files) this can lead to a great increase in performance as the web application is allowed to terminate earlier while the webserver is handling the request.

The request is sent to the server through a special non-standard HTTP-header. When the web server encounters the presence of such header it will discard all output and send the file specified by that header using web server internals including all optimizations like caching-headers.

As this header directive is non-standard different directives exists for different web servers applications:

Apache: X-Sendfile
Lighttpd v1.4: X-LIGHTTPD-send-file
Lighttpd v1.5: X-Sendfile
Nginx: X-Accel-Redirect
Cherokee: X-Sendfile and X-Accel-Redirect

So for this method to work the X-SENDFILE option/module should be enabled by the web server and a proper xHeader should be sent.

Note: This option allows to download files that are not under web folders, and even files that are otherwise protected (deny from all) like .htaccess

Side effects: If this option is disabled by the web server, when this method is called a download configuration dialog will open but the downloaded file will have 0 bytes.

Known issues: There is a Bug with Internet Explorer 6, 7 and 8 when X-SENDFILE is used over an SSL connection, it will show an error message like this: "Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found.". You can work around this problem by removing the Pragma-header.

Example:

<?php
   Yii::app()->request->xSendFile('/home/user/Pictures/picture1.jpg',array(
       'saveName'=>'image1.jpg',
       'mimeType'=>'image/jpeg',
       'terminate'=>false,
   ));
?>

User Contributed Notes 1

#1967

8 0

Examples of CHttpRequest properties for a given URL

In both cases the application is installed in a subdirectory somefolder.

showScriptName=false

Browser URL: http://www.example.com/somefolder/contact?search=term

baseUrl:        /somefolder
hostInfo:       http://www.example.com
pathInfo:       contact
queryString:    search=term
requestUri:     /somefolder/contact?search=term
scriptFile:     /www/www.example.com/htdocs/somefolder/index.php
scriptUrl:      /somefolder/index.php
url:            /somefolder/contact?search=term

showScriptName=true

Browser URL: http://www.example.com/somefolder/index.php/contact?search=term

baseUrl:        /somefolder
hostInfo:       http://www.example.com
pathInfo:       contact
queryString:    search=term
requestUri:     /somefolder/index.php/contact?search=term
scriptFile:     /www/www.example.com/htdocs/somefolder/index.php
scriptUrl:      /somefolder/index.php
url:            /somefolder/index.php/contact?search=term

Mike at Oct 22, 2010, 12:26:52 PM

Signup or Login in order to comment.

protected string decodePathInfo(string $pathInfo)
$pathInfo	string	encoded path info
{return}	string	decoded path info

public array getBrowser(string $userAgent=NULL)
$userAgent	string	the user agent to be analyzed. Defaults to null, meaning using the current User-Agent HTTP header information.
{return}	array	user browser capabilities.

public string getHostInfo(string $schema='')
$schema	string	schema to use (e.g. http, https). If empty, the schema used for the current request will be used.
{return}	string	schema and hostname part (with port number if needed) of the request URL (e.g. https://www.yiiframework.com)

public string getPreferredLanguage(array $languages=array ( ))
$languages	array	a list of the languages supported by the application. If empty, this method will return the first language returned by [[getPreferredLanguages()]].
{return}	string	the language that the application should use. false is returned if both [[getPreferredLanguages()]] and `$languages` are empty.

CHttpRequest

Public Properties

Protected Properties

Public Methods

Protected Methods

Property Details

See Also

See Also

See Also

See Also

See Also

See Also

See Also

See Also

Method Details

See Also

See Also

See Also

See Also

See Also

See Also

See Also

See Also

See Also

See Also

public string getBaseUrl(boolean $absolute=false)
$absolute	boolean	whether to return an absolute URL. Defaults to false, meaning returning a relative one.
{return}	string	the relative URL for the application

public string getContentType()
{return}	string	request content-type. Null is returned if this information is not available.

public CCookieCollection getCookies()
{return}	CCookieCollection	the cookie collection.

public string getCsrfToken()
{return}	string	the random token for CSRF validation.

public mixed getDelete(string $name, mixed $defaultValue=NULL)
$name	string	the DELETE parameter name
$defaultValue	mixed	the default parameter value if the DELETE parameter does not exist.
{return}	mixed	the DELETE parameter value

public string getHttpVersion()
{return}	string	the version of the HTTP protocol.

public boolean getIsAjaxRequest()
{return}	boolean	whether this is an AJAX (XMLHttpRequest) request.

public boolean getIsDeleteRequest()
{return}	boolean	whether this is a DELETE request.

protected boolean getIsDeleteViaPostRequest()
{return}	boolean	whether this is a DELETE request tunneled through POST.

public boolean getIsFlashRequest()
{return}	boolean	whether this is an Adobe Flash or Adobe Flex request.

public boolean getIsPatchRequest()
{return}	boolean	whether this is a PATCH request.

protected boolean getIsPatchViaPostRequest()
{return}	boolean	whether this is a PATCH request tunneled through POST.

public boolean getIsPostRequest()
{return}	boolean	whether this is a POST request.

public boolean getIsPutRequest()
{return}	boolean	whether this is a PUT request.

protected boolean getIsPutViaPostRequest()
{return}	boolean	whether this is a PUT request tunneled through POST.

public boolean getIsSecureConnection()
{return}	boolean	if the request is sent via secure channel (https)

public mixed getParam(string $name, mixed $defaultValue=NULL)
$name	string	the GET parameter name
$defaultValue	mixed	the default parameter value if the GET parameter does not exist.
{return}	mixed	the GET parameter value

public mixed getPatch(string $name, mixed $defaultValue=NULL)
$name	string	the PATCH parameter name
$defaultValue	mixed	the default parameter value if the PATCH parameter does not exist.
{return}	mixed	the PATCH parameter value

public string getPathInfo()
{return}	string	part of the request URL that is after the entry script and before the question mark. Note, the returned pathinfo is decoded starting from 1.1.4. Prior to 1.1.4, whether it is decoded or not depends on the server configuration (in most cases it is not decoded).

public integer getPort()
{return}	integer	port number for insecure requests.

public mixed getPost(string $name, mixed $defaultValue=NULL)
$name	string	the POST parameter name
$defaultValue	mixed	the default parameter value if the POST parameter does not exist.
{return}	mixed	the POST parameter value

public array getPreferredAcceptType()
{return}	array	the user preferred accept MIME type or false if the user does not have any.

public array getPreferredAcceptTypes()
{return}	array	the user accepted MIME types, as array maps, in the order of preference.

public array getPreferredLanguages()
{return}	array	the user accepted languages in the order of preference. See https://tools.ietf.org/html/rfc2616#section-14.4

public mixed getPut(string $name, mixed $defaultValue=NULL)
$name	string	the PUT parameter name
$defaultValue	mixed	the default parameter value if the PUT parameter does not exist.
{return}	mixed	the PUT parameter value

public mixed getQuery(string $name, mixed $defaultValue=NULL)
$name	string	the GET parameter name
$defaultValue	mixed	the default parameter value if the GET parameter does not exist.
{return}	mixed	the GET parameter value

public string getQueryString()
{return}	string	part of the request URL that is after the question mark

public string getRawBody()
{return}	string	the request body

public string getRequestType()
{return}	string	request type, such as GET, POST, HEAD, PUT, PATCH, DELETE.

public string getRequestUri()
{return}	string	the request URI portion for the currently requested URL.