Newer
Older
framework / system / HTTP / IncomingRequest.php
@MGatner MGatner on 18 May 2021 21 KB Release v4.1.2
<?php

/**
 * This file is part of the CodeIgniter 4 framework.
 *
 * (c) CodeIgniter Foundation <admin@codeigniter.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace CodeIgniter\HTTP;

use CodeIgniter\HTTP\Exceptions\HTTPException;
use CodeIgniter\HTTP\Files\FileCollection;
use CodeIgniter\HTTP\Files\UploadedFile;
use CodeIgniter\HTTP\URI;
use Config\App;
use Config\Services;
use InvalidArgumentException;
use Locale;

/**
 * Class IncomingRequest
 *
 * Represents an incoming, getServer-side HTTP request.
 *
 * Per the HTTP specification, this interface includes properties for
 * each of the following:
 *
 * - Protocol version
 * - HTTP method
 * - URI
 * - Headers
 * - Message body
 *
 * Additionally, it encapsulates all data as it has arrived to the
 * application from the CGI and/or PHP environment, including:
 *
 * - The values represented in $_SERVER.
 * - Any cookies provided (generally via $_COOKIE)
 * - Query string arguments (generally via $_GET, or as parsed via parse_str())
 * - Upload files, if any (as represented by $_FILES)
 * - Deserialized body binds (generally from $_POST)
 */
class IncomingRequest extends Request
{
	/**
	 * Enable CSRF flag
	 *
	 * Enables a CSRF cookie token to be set.
	 * Set automatically based on Config setting.
	 *
	 * @var boolean
	 */
	protected $enableCSRF = false;

	/**
	 * The URI for this request.
	 *
	 * Note: This WILL NOT match the actual URL in the browser since for
	 * everything this cares about (and the router, etc) is the portion
	 * AFTER the script name. So, if hosted in a sub-folder this will
	 * appear different than actual URL. If you need that use getPath().
	 *
	 * @var URI
	 */
	public $uri;

	/**
	 * The detected path (relative to SCRIPT_NAME).
	 *
	 * Note: current_url() uses this to build its URI,
	 * so this becomes the source for the "current URL"
	 * when working with the share request instance.
	 *
	 * @var string|null
	 */
	protected $path;

	/**
	 * File collection
	 *
	 * @var FileCollection|null
	 */
	protected $files;

	/**
	 * Negotiator
	 *
	 * @var Negotiate|null
	 */
	protected $negotiator;

	/**
	 * The default Locale this request
	 * should operate under.
	 *
	 * @var string
	 */
	protected $defaultLocale;

	/**
	 * The current locale of the application.
	 * Default value is set in Config\App.php
	 *
	 * @var string
	 */
	protected $locale;

	/**
	 * Stores the valid locale codes.
	 *
	 * @var array
	 */
	protected $validLocales = [];

	/**
	 * Configuration settings.
	 *
	 * @var App
	 */
	public $config;

	/**
	 * Holds the old data from a redirect.
	 *
	 * @var array
	 */
	protected $oldInput = [];

	/**
	 * The user agent this request is from.
	 *
	 * @var UserAgent
	 */
	protected $userAgent;

	//--------------------------------------------------------------------
	/**
	 * Constructor
	 *
	 * @param App         $config
	 * @param URI         $uri
	 * @param string|null $body
	 * @param UserAgent   $userAgent
	 */
	public function __construct($config, URI $uri = null, $body = 'php://input', UserAgent $userAgent = null)
	{
		if (empty($uri) || empty($userAgent))
		{
			throw new InvalidArgumentException('You must supply the parameters: uri, userAgent.');
		}

		// Get our body from php://input
		if ($body === 'php://input')
		{
			$body = file_get_contents('php://input');
		}

		$this->config       = $config;
		$this->uri          = $uri;
		$this->body         = ! empty($body) ? $body : null;
		$this->userAgent    = $userAgent;
		$this->validLocales = $config->supportedLocales;

		parent::__construct($config);

		$this->populateHeaders();
		$this->detectURI($config->uriProtocol, $config->baseURL);
		$this->detectLocale($config);
	}

	//--------------------------------------------------------------------

	/**
	 * Handles setting up the locale, perhaps auto-detecting through
	 * content negotiation.
	 *
	 * @param App $config
	 */
	public function detectLocale($config)
	{
		$this->locale = $this->defaultLocale = $config->defaultLocale;

		if (! $config->negotiateLocale)
		{
			return;
		}

		$this->setLocale($this->negotiate('language', $config->supportedLocales));
	}

	/**
	 * Sets up our URI object based on the information we have. This is
	 * either provided by the user in the baseURL Config setting, or
	 * determined from the environment as needed.
	 *
	 * @param string $protocol
	 * @param string $baseURL
	 */
	protected function detectURI(string $protocol, string $baseURL)
	{
		// Passing the config is unnecessary but left for legacy purposes
		$config          = clone $this->config;
		$config->baseURL = $baseURL;

		$this->setPath($this->detectPath($protocol), $config);
	}

	/**
	 * Detects the relative path based on
	 * the URIProtocol Config setting.
	 *
	 * @param string $protocol
	 *
	 * @return string
	 */
	public function detectPath(string $protocol = ''): string
	{
		if (empty($protocol))
		{
			$protocol = 'REQUEST_URI';
		}

		switch ($protocol)
		{
			case 'REQUEST_URI':
				$this->path = $this->parseRequestURI();
				break;
			case 'QUERY_STRING':
				$this->path = $this->parseQueryString();
				break;
			case 'PATH_INFO':
			default:
				$this->path = $this->fetchGlobal('server', $protocol) ?? $this->parseRequestURI();
				break;
		}

		return $this->path;
	}

	//--------------------------------------------------------------------

	/**
	 * Will parse the REQUEST_URI and automatically detect the URI from it,
	 * fixing the query string if necessary.
	 *
	 * @return string The URI it found.
	 */
	protected function parseRequestURI(): string
	{
		if (! isset($_SERVER['REQUEST_URI'], $_SERVER['SCRIPT_NAME']))
		{
			return '';
		}

		// parse_url() returns false if no host is present, but the path or query string
		// contains a colon followed by a number. So we attach a dummy host since
		// REQUEST_URI does not include the host. This allows us to parse out the query string and path.
		$parts = parse_url('http://dummy' . $_SERVER['REQUEST_URI']);
		$query = $parts['query'] ?? '';
		$uri   = $parts['path'] ?? '';

		// Strip the SCRIPT_NAME path from the URI
		if ($uri !== '' && isset($_SERVER['SCRIPT_NAME'][0]) && pathinfo($_SERVER['SCRIPT_NAME'], PATHINFO_EXTENSION) === 'php')
		{
			// Compare each segment, dropping them until there is no match
			$segments = $keep = explode('/', $uri);
			foreach (explode('/', $_SERVER['SCRIPT_NAME']) as $i => $segment)
			{
				// If these segments are not the same then we're done
				if ($segment !== $segments[$i])
				{
					break;
				}

				array_shift($keep);
			}

			$uri = implode('/', $keep);
		}

		// This section ensures that even on servers that require the URI to contain the query string (Nginx) a correct
		// URI is found, and also fixes the QUERY_STRING getServer var and $_GET array.
		if (trim($uri, '/') === '' && strncmp($query, '/', 1) === 0)
		{
			$query                   = explode('?', $query, 2);
			$uri                     = $query[0];
			$_SERVER['QUERY_STRING'] = $query[1] ?? '';
		}
		else
		{
			$_SERVER['QUERY_STRING'] = $query;
		}

		// Update our globals for values likely to been have changed
		parse_str($_SERVER['QUERY_STRING'], $_GET);
		$this->populateGlobals('server');
		$this->populateGlobals('get');

		$uri = URI::removeDotSegments($uri);

		return ($uri === '/' || $uri === '') ? '/' : ltrim($uri, '/');
	}

	/**
	 * Parse QUERY_STRING
	 *
	 * Will parse QUERY_STRING and automatically detect the URI from it.
	 *
	 * @return string
	 */
	protected function parseQueryString(): string
	{
		$uri = $_SERVER['QUERY_STRING'] ?? @getenv('QUERY_STRING');

		if (trim($uri, '/') === '')
		{
			return '';
		}

		if (strncmp($uri, '/', 1) === 0)
		{
			$uri                     = explode('?', $uri, 2);
			$_SERVER['QUERY_STRING'] = $uri[1] ?? '';
			$uri                     = $uri[0];
		}

		// Update our globals for values likely to been have changed
		parse_str($_SERVER['QUERY_STRING'], $_GET);
		$this->populateGlobals('server');
		$this->populateGlobals('get');

		$uri = URI::removeDotSegments($uri);

		return ($uri === '/' || $uri === '') ? '/' : ltrim($uri, '/');
	}

	//--------------------------------------------------------------------

	/**
	 * Provides a convenient way to work with the Negotiate class
	 * for content negotiation.
	 *
	 * @param string  $type
	 * @param array   $supported
	 * @param boolean $strictMatch
	 *
	 * @return string
	 */
	public function negotiate(string $type, array $supported, bool $strictMatch = false): string
	{
		if (is_null($this->negotiator))
		{
			$this->negotiator = Services::negotiator($this, true);
		}

		switch (strtolower($type))
		{
			case 'media':
				return $this->negotiator->media($supported, $strictMatch);
			case 'charset':
				return $this->negotiator->charset($supported);
			case 'encoding':
				return $this->negotiator->encoding($supported);
			case 'language':
				return $this->negotiator->language($supported);
		}

		throw HTTPException::forInvalidNegotiationType($type);
	}

	//--------------------------------------------------------------------

	/**
	 * Determines if this request was made from the command line (CLI).
	 *
	 * @return boolean
	 */
	public function isCLI(): bool
	{
		return is_cli();
	}

	/**
	 * Test to see if a request contains the HTTP_X_REQUESTED_WITH header.
	 *
	 * @return boolean
	 */
	public function isAJAX(): bool
	{
		return $this->hasHeader('X-Requested-With') && strtolower($this->header('X-Requested-With')->getValue()) === 'xmlhttprequest';
	}

	/**
	 * Attempts to detect if the current connection is secure through
	 * a few different methods.
	 *
	 * @return boolean
	 */
	public function isSecure(): bool
	{
		if (! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off')
		{
			return true;
		}

		if ($this->hasHeader('X-Forwarded-Proto') && $this->header('X-Forwarded-Proto')->getValue() === 'https')
		{
			return true;
		}
		return $this->hasHeader('Front-End-Https') && ! empty($this->header('Front-End-Https')->getValue()) && strtolower($this->header('Front-End-Https')->getValue()) !== 'off';
	}

	//--------------------------------------------------------------------

	/**
	 * Sets the relative path and updates the URI object.
	 * Note: Since current_url() accesses the shared request
	 * instance, this can be used to change the "current URL"
	 * for testing.
	 *
	 * @param string $path   URI path relative to SCRIPT_NAME
	 * @param App    $config Optional alternate config to use
	 *
	 * @return $this
	 */
	public function setPath(string $path, App $config = null)
	{
		$this->path = $path;
		$this->uri->setPath($path);

		$config = $config ?? $this->config;

		// It's possible the user forgot a trailing slash on their
		// baseURL, so let's help them out.
		$baseURL = $config->baseURL === '' ? $config->baseURL : rtrim($config->baseURL, '/ ') . '/';

		// Based on our baseURL provided by the developer
		// set our current domain name, scheme
		if ($baseURL !== '')
		{
			$this->uri->setScheme(parse_url($baseURL, PHP_URL_SCHEME));
			$this->uri->setHost(parse_url($baseURL, PHP_URL_HOST));
			$this->uri->setPort(parse_url($baseURL, PHP_URL_PORT));

			// Ensure we have any query vars
			$this->uri->setQuery($_SERVER['QUERY_STRING'] ?? '');

			// Check if the baseURL scheme needs to be coerced into its secure version
			if ($config->forceGlobalSecureRequests && $this->uri->getScheme() === 'http')
			{
				$this->uri->setScheme('https');
			}
		}
		// @codeCoverageIgnoreStart
		elseif (! is_cli())
		{
			die('You have an empty or invalid base URL. The baseURL value must be set in Config\App.php, or through the .env file.');
		}
		// @codeCoverageIgnoreEnd

		return $this;
	}

	/**
	 * Returns the path relative to SCRIPT_NAME,
	 * running detection as necessary.
	 *
	 * @return string
	 */
	public function getPath(): string
	{
		if (is_null($this->path))
		{
			$this->detectPath($this->config->uriProtocol);
		}

		return $this->path;
	}

	//--------------------------------------------------------------------

	/**
	 * Sets the locale string for this request.
	 *
	 * @param string $locale
	 *
	 * @return IncomingRequest
	 */
	public function setLocale(string $locale)
	{
		// If it's not a valid locale, set it
		// to the default locale for the site.
		if (! in_array($locale, $this->validLocales, true))
		{
			$locale = $this->defaultLocale;
		}

		$this->locale = $locale;
		Locale::setDefault($locale);

		return $this;
	}

	/**
	 * Gets the current locale, with a fallback to the default
	 * locale if none is set.
	 *
	 * @return string
	 */
	public function getLocale(): string
	{
		return $this->locale ?? $this->defaultLocale;
	}

	/**
	 * Returns the default locale as set in Config\App.php
	 *
	 * @return string
	 */
	public function getDefaultLocale(): string
	{
		return $this->defaultLocale;
	}

	//--------------------------------------------------------------------

	/**
	 * Fetch an item from JSON input stream with fallback to $_REQUEST object. This is the simplest way
	 * to grab data from the request object and can be used in lieu of the
	 * other get* methods in most cases.
	 *
	 * @param string|array|null $index
	 * @param integer|null      $filter Filter constant
	 * @param mixed             $flags
	 *
	 * @return mixed
	 */
	public function getVar($index = null, $filter = null, $flags = null)
	{
		if (strpos($this->getHeaderLine('Content-Type'), 'application/json') !== false && ! is_null($this->body))
		{
			if (is_null($index))
			{
				return $this->getJSON();
			}

			if (is_array($index))
			{
				$output = [];
				foreach ($index as $key)
				{
					$output[$key] = $this->getJsonVar($key, false, $filter, $flags);
				}
				return $output;
			}

			return $this->getJsonVar($index, false, $filter, $flags);
		}
		return $this->fetchGlobal('request', $index, $filter, $flags);
	}

	//--------------------------------------------------------------------

	/**
	 * A convenience method that grabs the raw input stream and decodes
	 * the JSON into an array.
	 *
	 * If $assoc == true, then all objects in the response will be converted
	 * to associative arrays.
	 *
	 * @param boolean $assoc   Whether to return objects as associative arrays
	 * @param integer $depth   How many levels deep to decode
	 * @param integer $options Bitmask of options
	 *
	 * @see http://php.net/manual/en/function.json-decode.php
	 *
	 * @return mixed
	 */
	public function getJSON(bool $assoc = false, int $depth = 512, int $options = 0)
	{
		return json_decode($this->body, $assoc, $depth, $options);
	}

	/**
	 * Get a specific variable from a JSON input stream
	 *
	 * @param  string             $index  The variable that you want which can use dot syntax for getting specific values.
	 * @param  boolean            $assoc  If true, return the result as an associative array.
	 * @param  integer|null       $filter Filter Constant
	 * @param  array|integer|null $flags  Option
	 * @return mixed
	 */
	public function getJsonVar(string $index, bool $assoc = false, ?int $filter = null, $flags = null)
	{
		helper('array');

		$data = dot_array_search($index, $this->getJSON(true));

		if (! is_array($data))
		{
			$filter = $filter ?? FILTER_DEFAULT;
			$flags  = is_array($flags) ? $flags : (is_numeric($flags) ? (int) $flags : 0);

			return filter_var($data, $filter, $flags);
		}

		if (! $assoc)
		{
			return json_decode(json_encode($data));
		}

		return $data;
	}

	//--------------------------------------------------------------------

	/**
	 * A convenience method that grabs the raw input stream(send method in PUT, PATCH, DELETE) and decodes
	 * the String into an array.
	 *
	 * @return mixed
	 */
	public function getRawInput()
	{
		parse_str($this->body, $output);

		return $output;
	}

	//--------------------------------------------------------------------

	/**
	 * Fetch an item from GET data.
	 *
	 * @param string|array|null $index  Index for item to fetch from $_GET.
	 * @param integer|null      $filter A filter name to apply.
	 * @param mixed|null        $flags
	 *
	 * @return mixed
	 */
	public function getGet($index = null, $filter = null, $flags = null)
	{
		return $this->fetchGlobal('get', $index, $filter, $flags);
	}

	//--------------------------------------------------------------------

	/**
	 * Fetch an item from POST.
	 *
	 * @param string|array|null $index  Index for item to fetch from $_POST.
	 * @param integer|null      $filter A filter name to apply
	 * @param mixed             $flags
	 *
	 * @return mixed
	 */
	public function getPost($index = null, $filter = null, $flags = null)
	{
		return $this->fetchGlobal('post', $index, $filter, $flags);
	}

	//--------------------------------------------------------------------

	/**
	 * Fetch an item from POST data with fallback to GET.
	 *
	 * @param string|array|null $index  Index for item to fetch from $_POST or $_GET
	 * @param integer|null      $filter A filter name to apply
	 * @param mixed             $flags
	 *
	 * @return mixed
	 */
	public function getPostGet($index = null, $filter = null, $flags = null)
	{
		// Use $_POST directly here, since filter_has_var only
		// checks the initial POST data, not anything that might
		// have been added since.
		return isset($_POST[$index]) ? $this->getPost($index, $filter, $flags) : (isset($_GET[$index]) ? $this->getGet($index, $filter, $flags) : $this->getPost($index, $filter, $flags));
	}

	//--------------------------------------------------------------------

	/**
	 * Fetch an item from GET data with fallback to POST.
	 *
	 * @param string|array|null $index  Index for item to be fetched from $_GET or $_POST
	 * @param integer|null      $filter A filter name to apply
	 * @param mixed             $flags
	 *
	 * @return mixed
	 */
	public function getGetPost($index = null, $filter = null, $flags = null)
	{
		// Use $_GET directly here, since filter_has_var only
		// checks the initial GET data, not anything that might
		// have been added since.
		return isset($_GET[$index]) ? $this->getGet($index, $filter, $flags) : (isset($_POST[$index]) ? $this->getPost($index, $filter, $flags) : $this->getGet($index, $filter, $flags));
	}

	//--------------------------------------------------------------------

	/**
	 * Fetch an item from the COOKIE array.
	 *
	 * @param string|array|null $index  Index for item to be fetched from $_COOKIE
	 * @param integer|null      $filter A filter name to be applied
	 * @param mixed             $flags
	 *
	 * @return mixed
	 */
	public function getCookie($index = null, $filter = null, $flags = null)
	{
		return $this->fetchGlobal('cookie', $index, $filter, $flags);
	}

	//--------------------------------------------------------------------
	/**
	 * Fetch the user agent string
	 *
	 * @return UserAgent
	 */
	public function getUserAgent()
	{
		return $this->userAgent;
	}

	//--------------------------------------------------------------------

	/**
	 * Attempts to get old Input data that has been flashed to the session
	 * with redirect_with_input(). It first checks for the data in the old
	 * POST data, then the old GET data and finally check for dot arrays
	 *
	 * @param string $key
	 *
	 * @return mixed
	 */
	public function getOldInput(string $key)
	{
		// If the session hasn't been started, or no
		// data was previously saved, we're done.
		if (empty($_SESSION['_ci_old_input']))
		{
			return null;
		}

		// Check for the value in the POST array first.
		if (isset($_SESSION['_ci_old_input']['post'][$key]))
		{
			return $_SESSION['_ci_old_input']['post'][$key];
		}

		// Next check in the GET array.
		if (isset($_SESSION['_ci_old_input']['get'][$key]))
		{
			return $_SESSION['_ci_old_input']['get'][$key];
		}

		helper('array');

		// Check for an array value in POST.
		if (isset($_SESSION['_ci_old_input']['post']))
		{
			$value = dot_array_search($key, $_SESSION['_ci_old_input']['post']);
			if (! is_null($value))
			{
				return $value;
			}
		}

		// Check for an array value in GET.
		if (isset($_SESSION['_ci_old_input']['get']))
		{
			$value = dot_array_search($key, $_SESSION['_ci_old_input']['get']);
			if (! is_null($value))
			{
				return $value;
			}
		}

		// requested session key not found
		return null;
	}

	//--------------------------------------------------------------------

	/**
	 * Returns an array of all files that have been uploaded with this
	 * request. Each file is represented by an UploadedFile instance.
	 *
	 * @return array
	 */
	public function getFiles(): array
	{
		if (is_null($this->files))
		{
			$this->files = new FileCollection();
		}

		return $this->files->all(); // return all files
	}

	/**
	 * Verify if a file exist, by the name of the input field used to upload it, in the collection
	 * of uploaded files and if is have been uploaded with multiple option.
	 *
	 * @param string $fileID
	 *
	 * @return array|null
	 */
	public function getFileMultiple(string $fileID)
	{
		if (is_null($this->files))
		{
			$this->files = new FileCollection();
		}

		return $this->files->getFileMultiple($fileID);
	}

	/**
	 * Retrieves a single file by the name of the input field used
	 * to upload it.
	 *
	 * @param string $fileID
	 *
	 * @return UploadedFile|null
	 */
	public function getFile(string $fileID)
	{
		if (is_null($this->files))
		{
			$this->files = new FileCollection();
		}

		return $this->files->getFile($fileID);
	}

	//--------------------------------------------------------------------

	/**
	 * Remove relative directory (../) and multi slashes (///)
	 *
	 * Do some final cleaning of the URI and return it, currently only used in static::_parse_request_uri()
	 *
	 * @param string $uri
	 *
	 * @return string
	 *
	 * @deprecated Use URI::removeDotSegments() directly
	 */
	protected function removeRelativeDirectory(string $uri): string
	{
		$uri = URI::removeDotSegments($uri);

		return $uri === '/' ? $uri : ltrim($uri, '/');
	}
}