1. class
  2. phpbb
  3. \
  4. request
  5. \
  6. request

request

class request implements request_interface

All application input is accessed through this class.

It provides a method to disable access to input data through super globals. This should force MOD authors to read about data validation.

Properties

protected array $super_globals
protected array $original_request
protected bool $super_globals_disabled
protected array $input
protected type_cast_helper_interface $type_cast_helper

Methods

__construct(type_cast_helper_interface $type_cast_helper = null, $disable_super_globals = true)

Initialises the request class, that means it stores all input data in $input input and then calls \phpbb\request\deactivated_super_global \phpbb\request\deactivated_super_global

bool
super_globals_disabled()

Getter for $super_globals_disabled

disable_super_globals()

Disables access of super globals specified in $super_globals.

enable_super_globals()

Enables access of super globals specified in $super_globals if they were disabled by disable_super_globals disable_super_globals.

overwrite(string $var_name, mixed $value, string $super_global = \phpbb\request\request_interface::REQUEST)

This function allows overwriting or setting a value in one of the super global arrays.

mixed
variable(string|array $var_name, mixed $default, bool $multibyte = false, string $super_global = \phpbb\request\request_interface::REQUEST)

Central type safe input handling function.

mixed
untrimmed_variable(string|array $var_name, mixed $default, bool $multibyte = false, string $super_global = \phpbb\request\request_interface::REQUEST)

Get a variable, but without trimming strings.

mixed
raw_variable(string|array $var_name, mixed $default, string $super_global = \phpbb\request\request_interface::REQUEST)

Get a variable without trimming strings and without escaping.

mixed
server(string|array $var_name, mixed $default = '')

Shortcut method to retrieve SERVER variables.

mixed
header(string|array $header_name, mixed $default = '')

Shortcut method to retrieve the value of client HTTP headers.

array
file(string $form_name)

Shortcut method to retrieve $_FILES variables

bool
is_set_post(string $name)

Checks whether a certain variable was sent via POST.

bool
is_set(string $var, string $super_global = \phpbb\request\request_interface::REQUEST)

Checks whether a certain variable is set in one of the super global arrays.

bool
is_ajax()

Checks whether the current request is an AJAX request (XMLHttpRequest)

bool
is_secure()

Checks if the current request is happening over HTTPS.

array
variable_names(string $super_global = \phpbb\request\request_interface::REQUEST)

Returns all variable names for a given super global

mixed
_variable(string|array $var_name, mixed $default, bool $multibyte = false, string $super_global = \phpbb\request\request_interface::REQUEST, bool $trim = true)

Helper function used by variable() and untrimmed_variable().

array
get_super_global(string $super_global = \phpbb\request\request_interface::REQUEST)

Returns the original array of the requested super global

string|array
escape($var, bool $multibyte)

Escape a string variable.

Details

at line 60
__construct(type_cast_helper_interface $type_cast_helper = null, $disable_super_globals = true)

Initialises the request class, that means it stores all input data in $input input and then calls \phpbb\request\deactivated_super_global \phpbb\request\deactivated_super_global

Parameters

type_cast_helper_interface $type_cast_helper
$disable_super_globals

at line 91
bool super_globals_disabled()

Getter for $super_globals_disabled

Return Value

bool

Whether super globals are disabled or not.

at line 100
disable_super_globals()

Disables access of super globals specified in $super_globals.

This is achieved by overwriting the super globals with instances of \phpbb\request\deactivated_super_global \phpbb\request\deactivated_super_global

at line 118
enable_super_globals()

Enables access of super globals specified in $super_globals if they were disabled by disable_super_globals disable_super_globals.

This is achieved by making the super globals point to the data stored within this class in $input input.

at line 146
overwrite(string $var_name, mixed $value, string $super_global = \phpbb\request\request_interface::REQUEST)

This function allows overwriting or setting a value in one of the super global arrays.

Changes which are performed on the super globals directly will not have any effect on the results of other methods this class provides. Using this function should be avoided if possible! It will consume twice the the amount of memory of the value

Parameters

string $var_name

The name of the variable that shall be overwritten
mixed $value

The value which the variable shall contain. If this is null the variable will be unset.
string $super_global

(\phpbb\request\request_interface::POST|GET|REQUEST|COOKIE) Specifies which super global shall be changed

at line 190
mixed variable(string|array $var_name, mixed $default, bool $multibyte = false, string $super_global = \phpbb\request\request_interface::REQUEST)

Central type safe input handling function.

All variables in GET or POST requests should be retrieved through this function to maximise security.

Parameters

string|array $var_name

The form variable's name from which data shall be retrieved. If the value is an array this may be an array of indizes which will give direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") then specifying array("var", 1) as the name will return "a".
mixed $default

A default value that is returned if the variable was not set. This function will always return a value of the same type as the default.
bool $multibyte

If $default is a string this parameter has to be true if the variable may contain any UTF-8 characters Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
string $super_global

(\phpbb\request\request_interface::POST|GET|REQUEST|COOKIE) Specifies which super global shall be changed

Return Value

mixed

The value of $_REQUEST[$var_name] run through set_var set_var to ensure that the type is the the same as that of $default. If the variable is not set $default is returned.

at line 214
mixed untrimmed_variable(string|array $var_name, mixed $default, bool $multibyte = false, string $super_global = \phpbb\request\request_interface::REQUEST)

Get a variable, but without trimming strings.

Same functionality as variable(), except does not run trim() on strings. This method should be used when handling passwords.

Parameters

string|array $var_name

The form variable's name from which data shall be retrieved. If the value is an array this may be an array of indizes which will give direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") then specifying array("var", 1) as the name will return "a".
mixed $default

A default value that is returned if the variable was not set. This function will always return a value of the same type as the default.
bool $multibyte

If $default is a string this parameter has to be true if the variable may contain any UTF-8 characters Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
string $super_global

(\phpbb\request\request_interface::POST|GET|REQUEST|COOKIE) Specifies which super global should be used

Return Value

mixed

The value of $_REQUEST[$var_name] run through set_var set_var to ensure that the type is the the same as that of $default. If the variable is not set $default is returned.

at line 222
mixed raw_variable(string|array $var_name, mixed $default, string $super_global = \phpbb\request\request_interface::REQUEST)

Get a variable without trimming strings and without escaping.

This method MUST NOT be used with queries. Same functionality as variable(), except does not run trim() on strings and does not escape input. This method should only be used when the raw input is needed without any escaping, i.e. for database password during the installation.

Parameters

string|array $var_name

The form variable's name from which data shall be retrieved. If the value is an array this may be an array of indizes which will give direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") then specifying array("var", 1) as the name will return "a".
mixed $default

A default value that is returned if the variable was not set. This function will always return a value of the same type as the default.
string $super_global

(\phpbb\request\request_interface::POST|GET|REQUEST|COOKIE) Specifies which super global shall be changed

Return Value

mixed

The value of $_REQUEST[$var_name] run through set_var set_var to ensure that the type is the the same as that of $default. If the variable is not set $default is returned.

at line 275
mixed server(string|array $var_name, mixed $default = '')

Shortcut method to retrieve SERVER variables.

Also fall back to getenv(), some CGI setups may need it (probably not, but whatever).

Parameters

string|array $var_name

See \phpbb\request\request_interface::variable
mixed $default

See \phpbb\request\request_interface::variable

Return Value

mixed

The server variable value.

at line 299
mixed header(string|array $header_name, mixed $default = '')

Shortcut method to retrieve the value of client HTTP headers.

Parameters

string|array $header_name

The name of the header to retrieve.
mixed $default

See \phpbb\request\request_interface::variable

Return Value

mixed

The header value.

at line 313
array file(string $form_name)

Shortcut method to retrieve $_FILES variables

Parameters

string $form_name

The name of the file input form element

Return Value

array

The uploaded file's information or an empty array if the variable does not exist in _FILES.

at line 328
bool is_set_post(string $name)

Checks whether a certain variable was sent via POST.

To make sure that a request was sent using POST you should call this function on at least one variable.

Parameters

string $name

The name of the form variable which should have a _p suffix to indicate the check in the code that creates the form too.

Return Value

bool

True if the variable was set in a POST request, false otherwise.

at line 343
bool is_set(string $var, string $super_global = \phpbb\request\request_interface::REQUEST)

Checks whether a certain variable is set in one of the super global arrays.

Parameters

string $var

Name of the variable
string $super_global

(\phpbb\request\request_interface::POST|GET|REQUEST|COOKIE) Specifies which super global shall be changed

Return Value

bool

True if the variable was sent as input

at line 353
bool is_ajax()

Checks whether the current request is an AJAX request (XMLHttpRequest)

Return Value

bool

True if the current request is an ajax request

at line 363
bool is_secure()

Checks if the current request is happening over HTTPS.

Return Value

bool

True if the request is secure.

at line 379
array variable_names(string $super_global = \phpbb\request\request_interface::REQUEST)

Returns all variable names for a given super global

Parameters

string $super_global

(\phpbb\request\request_interface::POST|GET|REQUEST|COOKIE) The super global from which names shall be taken

Return Value

array

All variable names that are set for the super global. Pay attention when using these, they are unsanitised!

at line 407
protected mixed _variable(string|array $var_name, mixed $default, bool $multibyte = false, string $super_global = \phpbb\request\request_interface::REQUEST, bool $trim = true)

Helper function used by variable() and untrimmed_variable().

Parameters

string|array $var_name

The form variable's name from which data shall be retrieved. If the value is an array this may be an array of indizes which will give direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") then specifying array("var", 1) as the name will return "a".
mixed $default

A default value that is returned if the variable was not set. This function will always return a value of the same type as the default.
bool $multibyte

If $default is a string this parameter has to be true if the variable may contain any UTF-8 characters Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
string $super_global

(\phpbb\request\request_interface::POST|GET|REQUEST|COOKIE) Specifies which super global should be used
bool $trim

Indicates whether trim() should be applied to string values.

Return Value

mixed

The value of $_REQUEST[$var_name] run through set_var set_var to ensure that the type is the the same as that of $default. If the variable is not set $default is returned.

at line 427
array get_super_global(string $super_global = \phpbb\request\request_interface::REQUEST)

Returns the original array of the requested super global

Parameters

string $super_global

(\phpbb\request\request_interface::POST|GET|REQUEST|COOKIE) The super global which will be returned

Return Value

array

The original array of the requested super global.

at line 435
string|array escape($var, bool $multibyte)

Escape a string variable.

Parameters

$var
bool $multibyte

Indicates whether string values may contain UTF-8 characters. Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks.

Return Value

string|array