phpBB API Documentation
Class

phpbb\request\request

class request implements request_interface

All application input is accessed through this class.

It provides a method to disable access to input data through super globals. This should force MOD authors to read about data validation.

Methods

__construct(type_cast_helper_interface $type_cast_helper = null, $disable_super_globals = true)

Initialises the request class, that means it stores all input data in {@link $input input} and then calls {@link \phpbb\request\deactivatedsuperglobal \phpbb\request\deactivatedsuperglobal}

super_globals_disabled()

Getter for $superglobalsdisabled

disable_super_globals()

Disables access of super globals specified in $super_globals.

enable_super_globals()

Enables access of super globals specified in $superglobals if they were disabled by {@link disablesuperglobals disablesuper_globals}.

overwrite($var_name, $value, $super_global = \phpbb\request\request_interface::REQUEST)

This function allows overwriting or setting a value in one of the super global arrays.

variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST)

Central type safe input handling function.

untrimmed_variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST)

Get a variable, but without trimming strings.

raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST)

Get a variable without trimming strings and without escaping.

server($var_name, $default = '')

Shortcut method to retrieve SERVER variables.

header($header_name, $default = '')

Shortcut method to retrieve the value of client HTTP headers.

array file(string $form_name)

Shortcut method to retrieve $_FILES variables

is_set_post($name)

Checks whether a certain variable was sent via POST.

is_set($var, $super_global = \phpbb\request\request_interface::REQUEST)

Checks whether a certain variable is set in one of the super global arrays.

is_ajax()

Checks whether the current request is an AJAX request (XMLHttpRequest)

is_secure()

Checks if the current request is happening over HTTPS.

variable_names($super_global = \phpbb\request\request_interface::REQUEST)

Returns all variable names for a given super global

get_super_global($super_global = \phpbb\request\request_interface::REQUEST)

Returns the original array of the requested super global

string|array escape($var, bool $multibyte)

Escape a string variable.

Details

at line 60
public __construct(type_cast_helper_interface $type_cast_helper = null, $disable_super_globals = true)

Initialises the request class, that means it stores all input data in {@link $input input} and then calls {@link \phpbb\request\deactivatedsuperglobal \phpbb\request\deactivatedsuperglobal}

Parameters

type_cast_helper_interface $type_cast_helper
$disable_super_globals

at line 91
public super_globals_disabled()

Getter for $superglobalsdisabled

at line 100
public disable_super_globals()

Disables access of super globals specified in $super_globals.

This is achieved by overwriting the super globals with instances of {@link \phpbb\request\deactivatedsuperglobal \phpbb\request\deactivatedsuperglobal}

at line 118
public enable_super_globals()

Enables access of super globals specified in $superglobals if they were disabled by {@link disablesuperglobals disablesuper_globals}.

This is achieved by making the super globals point to the data stored within this class in {@link $input input}.

at line 146
public overwrite($var_name, $value, $super_global = \phpbb\request\request_interface::REQUEST)

This function allows overwriting or setting a value in one of the super global arrays.

Changes which are performed on the super globals directly will not have any effect on the results of other methods this class provides. Using this function should be avoided if possible! It will consume twice the the amount of memory of the value

Parameters

$var_name
$value
$super_global

at line 192
public variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST)

Central type safe input handling function.

All variables in GET or POST requests should be retrieved through this function to maximise security.

Parameters

$var_name
$default
$multibyte
$super_global

at line 216
public untrimmed_variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST)

Get a variable, but without trimming strings.

Same functionality as variable(), except does not run trim() on strings. This method should be used when handling passwords.

Parameters

$var_name
$default
$multibyte
$super_global

at line 224
public raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST)

Get a variable without trimming strings and without escaping.

This method MUST NOT be used with queries. Same functionality as variable(), except does not run trim() on strings and does not escape input. This method should only be used when the raw input is needed without any escaping, i.e. for database password during the installation.

Parameters

$var_name
$default
$super_global

at line 277
public server($var_name, $default = '')

Shortcut method to retrieve SERVER variables.

Also fall back to getenv(), some CGI setups may need it (probably not, but whatever).

Parameters

$var_name
$default

at line 301
public header($header_name, $default = '')

Shortcut method to retrieve the value of client HTTP headers.

Parameters

$header_name
$default

at line 315
public array file(string $form_name)

Shortcut method to retrieve $_FILES variables

Parameters

string $form_name The name of the file input form element

Return Value

array The uploaded file's information or an empty array if the variable does not exist in _FILES.

at line 330
public is_set_post($name)

Checks whether a certain variable was sent via POST.

To make sure that a request was sent using POST you should call this function on at least one variable.

Parameters

$name

at line 345
public is_set($var, $super_global = \phpbb\request\request_interface::REQUEST)

Checks whether a certain variable is set in one of the super global arrays.

Parameters

$var
$super_global

at line 355
public is_ajax()

Checks whether the current request is an AJAX request (XMLHttpRequest)

at line 365
public is_secure()

Checks if the current request is happening over HTTPS.

at line 381
public variable_names($super_global = \phpbb\request\request_interface::REQUEST)

Returns all variable names for a given super global

Parameters

$super_global

at line 429
public get_super_global($super_global = \phpbb\request\request_interface::REQUEST)

Returns the original array of the requested super global

Parameters

$super_global

at line 437
public string|array escape($var, bool $multibyte)

Escape a string variable.

Parameters

$var
bool $multibyte Indicates whether string values may contain UTF-8 characters. Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks.

Return Value

string|array