class request implements request_interface

All application input is accessed through this class.

It provides a method to disable access to input data through super globals. This should force MOD authors to read about data validation.

Properties

protected array $super_globals
protected array $original_request
protected $super_globals_disabled
protected array $input
protected type_cast_helper_interface $type_cast_helper

Methods

__construct(type_cast_helper_interface $type_cast_helper = null, $disable_super_globals = true)

Initialises the request class, that means it stores all input data in {@link $input input} and then calls {@link \phpbb\request\deactivated_super_global \phpbb\request\deactivated_super_global}

bool
super_globals_disabled()

Getter for $super_globals_disabled

disable_super_globals()

Disables access of super globals specified in $super_globals.

enable_super_globals()

Enables access of super globals specified in $super_globals if they were disabled by {@link disable_super_globals disable_super_globals}.

overwrite(string $var_name, mixed $value, request_interface::POST|GET|REQUEST|COOKIE $super_global = \phpbb\request\request_interface::REQUEST)

This function allows overwriting or setting a value in one of the super global arrays.

mixed
variable(string|array $var_name, mixed $default, bool $multibyte = false, request_interface::POST|GET|REQUEST|COOKIE $super_global = \phpbb\request\request_interface::REQUEST)

Central type safe input handling function.

mixed
untrimmed_variable(string|array $var_name, mixed $default, bool $multibyte = false, request_interface::POST|GET|REQUEST|COOKIE $super_global = \phpbb\request\request_interface::REQUEST)

Get a variable, but without trimming strings.

mixed
server(string|array $var_name, mixed $default = '')

Shortcut method to retrieve SERVER variables.

mixed
header(string|array $header_name, $default = '')

Shortcut method to retrieve the value of client HTTP headers.

array
file(string $form_name)

Shortcut method to retrieve $_FILES variables

bool
is_set_post(string $name)

Checks whether a certain variable was sent via POST.

bool
is_set(string $var, request_interface::POST|GET|REQUEST|COOKIE $super_global = \phpbb\request\request_interface::REQUEST)

Checks whether a certain variable is set in one of the super global arrays.

bool
is_ajax()

Checks whether the current request is an AJAX request (XMLHttpRequest)

bool
is_secure()

Checks if the current request is happening over HTTPS.

array
variable_names(request_interface::POST|GET|REQUEST|COOKIE $super_global = \phpbb\request\request_interface::REQUEST)

Returns all variable names for a given super global

mixed
_variable(string|array $var_name, mixed $default, bool $multibyte = false, request_interface::POST|GET|REQUEST|COOKIE $super_global = \phpbb\request\request_interface::REQUEST, bool $trim = true)

Helper function used by variable() and untrimmed_variable().

array
get_super_global(request_interface::POST|GET|REQUEST|COOKIE $super_global = \phpbb\request\request_interface::REQUEST)

Returns the original array of the requested super global

string|array
escape($var, bool $multibyte)

Escape a string variable.

Details

at line 60
__construct(type_cast_helper_interface $type_cast_helper = null, $disable_super_globals = true)

Initialises the request class, that means it stores all input data in {@link $input input} and then calls {@link \phpbb\request\deactivated_super_global \phpbb\request\deactivated_super_global}

Parameters

type_cast_helper_interface $type_cast_helper
$disable_super_globals

at line 91
bool super_globals_disabled()

Getter for $super_globals_disabled

Return Value

bool Whether super globals are disabled or not.

at line 100
disable_super_globals()

Disables access of super globals specified in $super_globals.

This is achieved by overwriting the super globals with instances of {@link \phpbb\request\deactivated_super_global \phpbb\request\deactivated_super_global}

at line 118
enable_super_globals()

Enables access of super globals specified in $super_globals if they were disabled by {@link disable_super_globals disable_super_globals}.

This is achieved by making the super globals point to the data stored within this class in {@link $input input}.

at line 146
overwrite(string $var_name, mixed $value, request_interface::POST|GET|REQUEST|COOKIE $super_global = \phpbb\request\request_interface::REQUEST)

This function allows overwriting or setting a value in one of the super global arrays.

Changes which are performed on the super globals directly will not have any effect on the results of other methods this class provides. Using this function should be avoided if possible! It will consume twice the the amount of memory of the value

Parameters

string $var_name The name of the variable that shall be overwritten
mixed $value The value which the variable shall contain. If this is null the variable will be unset.
request_interface::POST|GET|REQUEST|COOKIE $super_global Specifies which super global shall be changed

at line 192
mixed variable(string|array $var_name, mixed $default, bool $multibyte = false, request_interface::POST|GET|REQUEST|COOKIE $super_global = \phpbb\request\request_interface::REQUEST)

Central type safe input handling function.

All variables in GET or POST requests should be retrieved through this function to maximise security.

Parameters

string|array $var_name The form variable's name from which data shall be retrieved. If the value is an array this may be an array of indizes which will give direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") then specifying array("var", 1) as the name will return "a".
mixed $default A default value that is returned if the variable was not set. This function will always return a value of the same type as the default.
bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
request_interface::POST|GET|REQUEST|COOKIE $super_global Specifies which super global should be used

Return Value

mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the the same as that of $default. If the variable is not set $default is returned.

at line 216
mixed untrimmed_variable(string|array $var_name, mixed $default, bool $multibyte = false, request_interface::POST|GET|REQUEST|COOKIE $super_global = \phpbb\request\request_interface::REQUEST)

Get a variable, but without trimming strings.

Same functionality as variable(), except does not run trim() on strings. This method should be used when handling passwords.

Parameters

string|array $var_name The form variable's name from which data shall be retrieved. If the value is an array this may be an array of indizes which will give direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") then specifying array("var", 1) as the name will return "a".
mixed $default A default value that is returned if the variable was not set. This function will always return a value of the same type as the default.
bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
request_interface::POST|GET|REQUEST|COOKIE $super_global Specifies which super global should be used

Return Value

mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the the same as that of $default. If the variable is not set $default is returned.

at line 232
mixed server(string|array $var_name, mixed $default = '')

Shortcut method to retrieve SERVER variables.

Also fall back to getenv(), some CGI setups may need it (probably not, but whatever).

Parameters

string|array $var_name See \phpbb\request\request_interface::variable
mixed $default See \phpbb\request\request_interface::variable

Return Value

mixed The server variable value.

at line 256
mixed header(string|array $header_name, $default = '')

Shortcut method to retrieve the value of client HTTP headers.

Parameters

string|array $header_name The name of the header to retrieve.
$default

Return Value

mixed The header value.

at line 270
array file(string $form_name)

Shortcut method to retrieve $_FILES variables

Parameters

string $form_name The name of the file input form element

Return Value

array The uploaded file's information or an empty array if the variable does not exist in _FILES.

at line 285
bool is_set_post(string $name)

Checks whether a certain variable was sent via POST.

To make sure that a request was sent using POST you should call this function on at least one variable.

Parameters

string $name The name of the form variable which should have a _p suffix to indicate the check in the code that creates the form too.

Return Value

bool True if the variable was set in a POST request, false otherwise.

at line 300
bool is_set(string $var, request_interface::POST|GET|REQUEST|COOKIE $super_global = \phpbb\request\request_interface::REQUEST)

Checks whether a certain variable is set in one of the super global arrays.

Parameters

string $var Name of the variable
request_interface::POST|GET|REQUEST|COOKIE $super_global Specifies the super global which shall be checked

Return Value

bool True if the variable was sent as input

at line 310
bool is_ajax()

Checks whether the current request is an AJAX request (XMLHttpRequest)

Return Value

bool True if the current request is an ajax request

at line 320
bool is_secure()

Checks if the current request is happening over HTTPS.

Return Value

bool True if the request is secure.

at line 336
array variable_names(request_interface::POST|GET|REQUEST|COOKIE $super_global = \phpbb\request\request_interface::REQUEST)

Returns all variable names for a given super global

Parameters

request_interface::POST|GET|REQUEST|COOKIE $super_global The super global from which names shall be taken

Return Value

array All variable names that are set for the super global. Pay attention when using these, they are unsanitised!

at line 364
protected mixed _variable(string|array $var_name, mixed $default, bool $multibyte = false, request_interface::POST|GET|REQUEST|COOKIE $super_global = \phpbb\request\request_interface::REQUEST, bool $trim = true)

Helper function used by variable() and untrimmed_variable().

Parameters

string|array $var_name The form variable's name from which data shall be retrieved. If the value is an array this may be an array of indizes which will give direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") then specifying array("var", 1) as the name will return "a".
mixed $default A default value that is returned if the variable was not set. This function will always return a value of the same type as the default.
bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
request_interface::POST|GET|REQUEST|COOKIE $super_global Specifies which super global should be used
bool $trim Indicates whether trim() should be applied to string values.

Return Value

mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the the same as that of $default. If the variable is not set $default is returned.

at line 411
array get_super_global(request_interface::POST|GET|REQUEST|COOKIE $super_global = \phpbb\request\request_interface::REQUEST)

Returns the original array of the requested super global

Parameters

request_interface::POST|GET|REQUEST|COOKIE $super_global The super global which will be returned

Return Value

array The original array of the requested super global.

at line 419
string|array escape($var, bool $multibyte)

Escape a string variable.

Parameters

$var
bool $multibyte Indicates whether string values may contain UTF-8 characters. Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks.

Return Value

string|array