20464213604

Committed 23 Dec 2025 03:05PM UTC coverage: 85.504% (+1.0%) from 84.549%

Build # 20464213604

Build Type

Pull #9852

github

Committed by

web-flow

Commit Message

Merge 792e921c5 into 0bd3e098f

Pull Request Pull Request #9852: feat: prevent `Maximum call stack size exceeded` on client-managed requests

Run Details

7 of 10 new or added lines in 2 files covered. (70.0%)

6 existing lines in 1 file now uncovered.

21741 of 25427 relevant lines covered (85.5%)

197.23 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

94.48

/system/HTTP/IncomingRequest.php

<?php

declare(strict_types=1);

/**
 * This file is part of CodeIgniter 4 framework.
 *
 * (c) CodeIgniter Foundation <admin@codeigniter.com>
 *
 * For the full copyright and license information, please view
 * the LICENSE file that was distributed with this source code.
 */

namespace CodeIgniter\HTTP;

use CodeIgniter\Exceptions\InvalidArgumentException;
use CodeIgniter\HTTP\Exceptions\HTTPException;
use CodeIgniter\HTTP\Files\FileCollection;
use CodeIgniter\HTTP\Files\UploadedFile;
use Config\App;
use Config\Services;
use Locale;
use stdClass;

/**
 * Class IncomingRequest
 *
 * Represents an incoming, server-side HTTP request.
 *
 * Per the HTTP specification, this interface includes properties for
 * each of the following:
 *
 * - Protocol version
 * - HTTP method
 * - URI
 * - Headers
 * - Message body
 *
 * Additionally, it encapsulates all data as it has arrived to the
 * application from the CGI and/or PHP environment, including:
 *
 * - The values represented in $_SERVER.
 * - Any cookies provided (generally via $_COOKIE)
 * - Query string arguments (generally via $_GET, or as parsed via parse_str())
 * - Upload files, if any (as represented by $_FILES)
 * - Deserialized body binds (generally from $_POST)
 *
 * @see \CodeIgniter\HTTP\IncomingRequestTest
 */
class IncomingRequest extends Request
{
    /**
     * The URI for this request.
     *
     * Note: This WILL NOT match the actual URL in the browser since for
     * everything this cares about (and the router, etc) is the portion
     * AFTER the baseURL. So, if hosted in a sub-folder this will
     * appear different than actual URI path. If you need that use getPath().
     *
     * @var URI
     */
    protected $uri;

    /**
     * The detected URI path (relative to the baseURL).
     *
     * Note: current_url() uses this to build its URI,
     * so this becomes the source for the "current URL"
     * when working with the share request instance.
     *
     * @var string|null
     */
    protected $path;

    /**
     * File collection
     *
     * @var FileCollection|null
     */
    protected $files;

    /**
     * Negotiator
     *
     * @var Negotiate|null
     */
    protected $negotiator;

    /**
     * The default Locale this request
     * should operate under.
     *
     * @var string
     */
    protected $defaultLocale;

    /**
     * The current locale of the application.
     * Default value is set in app/Config/App.php
     *
     * @var string
     */
    protected $locale;

    /**
     * Stores the valid locale codes.
     *
     * @var array
     */
    protected $validLocales = [];

    /**
     * Holds the old data from a redirect.
     *
     * @var array
     */
    protected $oldInput = [];

    /**
     * The user agent this request is from.
     *
     * @var UserAgent
     */
    protected $userAgent;

    /**
     * Constructor
     *
     * @param App         $config
     * @param string|null $body
     */
    public function __construct($config, ?URI $uri = null, $body = 'php://input', ?UserAgent $userAgent = null)
    {
        if (! $uri instanceof URI || ! $userAgent instanceof UserAgent) {
            throw new InvalidArgumentException('You must supply the parameters: uri, userAgent.');
        }

        $this->populateHeaders();

        if (
            $body === 'php://input'
            // php://input is not available with enctype="multipart/form-data".
            // See https://www.php.net/manual/en/wrappers.php.php#wrappers.php.input
            && ! str_contains($this->getHeaderLine('Content-Type'), 'multipart/form-data')
            && (int) $this->getHeaderLine('Content-Length') <= $this->getPostMaxSize()
        ) {
            // Get our body from php://input
            $body = file_get_contents('php://input');
        }

        // If file_get_contents() returns false or empty string, set null.
        if ($body === false || $body === '') {
            $body = null;
        }

        $this->uri          = $uri;
        $this->body         = $body;
        $this->userAgent    = $userAgent;
        $this->validLocales = $config->supportedLocales;

        parent::__construct($config);

        if ($uri instanceof SiteURI) {
            $this->setPath($uri->getRoutePath());
        } else {
            $this->setPath($uri->getPath());
        }

        $this->detectLocale($config);
    }

    private function getPostMaxSize(): int
    {
        $postMaxSize = ini_get('post_max_size');

        return match (strtoupper(substr($postMaxSize, -1))) {
            'G'     => (int) str_replace('G', '', $postMaxSize) * 1024 ** 3,
            'M'     => (int) str_replace('M', '', $postMaxSize) * 1024 ** 2,
            'K'     => (int) str_replace('K', '', $postMaxSize) * 1024,
            default => (int) $postMaxSize,
        };
    }

    /**
     * Handles setting up the locale, perhaps auto-detecting through
     * content negotiation.
     *
     * @param App $config
     *
     * @return void
     */
    public function detectLocale($config)
    {
        $this->locale = $this->defaultLocale = $config->defaultLocale;

        if (! $config->negotiateLocale) {
            return;
        }

        $this->setLocale($this->negotiate('language', $config->supportedLocales));
    }

    /**
     * Provides a convenient way to work with the Negotiate class
     * for content negotiation.
     */
    public function negotiate(string $type, array $supported, bool $strictMatch = false): string
    {
        if ($this->negotiator === null) {
            $this->negotiator = Services::negotiator($this, true);
        }

        return match (strtolower($type)) {
            'media'    => $this->negotiator->media($supported, $strictMatch),
            'charset'  => $this->negotiator->charset($supported),
            'encoding' => $this->negotiator->encoding($supported),
            'language' => $this->negotiator->language($supported),
            default    => throw HTTPException::forInvalidNegotiationType($type),
        };
    }

    /**
     * Checks this request type.
     */
    public function is(string $type): bool
    {
        $valueUpper = strtoupper($type);

        $httpMethods = Method::all();

        if (in_array($valueUpper, $httpMethods, true)) {
            return $this->getMethod() === $valueUpper;
        }

        if ($valueUpper === 'JSON') {
            return str_contains($this->getHeaderLine('Content-Type'), 'application/json');
        }

        if ($valueUpper === 'AJAX') {
            return $this->isAJAX();
        }

        throw new InvalidArgumentException('Unknown type: ' . $type);
    }

    /**
     * Determines if this request was made from the command line (CLI).
     */
    public function isCLI(): bool
    {
        return false;
    }

    /**
     * Test to see if a request contains the HTTP_X_REQUESTED_WITH header.
     */
    public function isAJAX(): bool
    {
        return $this->hasHeader('X-Requested-With')
            && strtolower($this->header('X-Requested-With')->getValue()) === 'xmlhttprequest';
    }

    /**
     * Attempts to detect if the current connection is secure through
     * a few different methods.
     */
    public function isSecure(): bool
    {
        if (! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') {
            return true;
        }

        if ($this->hasHeader('X-Forwarded-Proto') && $this->header('X-Forwarded-Proto')->getValue() === 'https') {
            return true;
        }

        return $this->hasHeader('Front-End-Https') && ! empty($this->header('Front-End-Https')->getValue()) && strtolower($this->header('Front-End-Https')->getValue()) !== 'off';
    }

    /**
     * Sets the URI path relative to baseURL.
     *
     * Note: Since current_url() accesses the shared request
     * instance, this can be used to change the "current URL"
     * for testing.
     *
     * @param string $path URI path relative to baseURL
     *
     * @return $this
     */
    private function setPath(string $path)
    {
        $this->path = $path;

        return $this;
    }

    /**
     * Returns the URI path relative to baseURL,
     * running detection as necessary.
     */
    public function getPath(): string
    {
        return $this->path;
    }

    /**
     * Sets the locale string for this request.
     *
     * @return IncomingRequest
     */
    public function setLocale(string $locale)
    {
        // If it's not a valid locale, set it
        // to the default locale for the site.
        if (! in_array($locale, $this->validLocales, true)) {
            $locale = $this->defaultLocale;
        }

        $this->locale = $locale;
        Locale::setDefault($locale);

        return $this;
    }

    /**
     * Set the valid locales.
     *
     * @return $this
     */
    public function setValidLocales(array $locales)
    {
        $this->validLocales = $locales;

        return $this;
    }

    /**
     * Gets the current locale, with a fallback to the default
     * locale if none is set.
     */
    public function getLocale(): string
    {
        return $this->locale;
    }

    /**
     * Returns the default locale as set in app/Config/App.php
     */
    public function getDefaultLocale(): string
    {
        return $this->defaultLocale;
    }

    /**
     * Fetch an item from JSON input stream with fallback to $_REQUEST object. This is the simplest way
     * to grab data from the request object and can be used in lieu of the
     * other get* methods in most cases.
     *
     * @param array|string|null $index
     * @param int|null          $filter Filter constant
     * @param array|int|null    $flags
     *
     * @return array|bool|float|int|stdClass|string|null
     */
    public function getVar($index = null, $filter = null, $flags = null)
    {
        if (
            str_contains($this->getHeaderLine('Content-Type'), 'application/json')
            && $this->body !== null
        ) {
            return $this->getJsonVar($index, false, $filter, $flags);
        }

        return $this->fetchGlobal('request', $index, $filter, $flags);
    }

    /**
     * A convenience method that grabs the raw input stream and decodes
     * the JSON into an array.
     *
     * If $assoc == true, then all objects in the response will be converted
     * to associative arrays.
     *
     * @param bool $assoc   Whether to return objects as associative arrays
     * @param int  $depth   How many levels deep to decode
     * @param int  $options Bitmask of options
     *
     * @see http://php.net/manual/en/function.json-decode.php
     *
     * @return array|bool|float|int|stdClass|null
     *
     * @throws HTTPException When the body is invalid as JSON.
     */
    public function getJSON(bool $assoc = false, int $depth = 512, int $options = 0)
    {
        if ($this->body === null) {
            return null;
        }

        $result = json_decode($this->body, $assoc, $depth, $options);

        if (json_last_error() !== JSON_ERROR_NONE) {
            throw HTTPException::forInvalidJSON(json_last_error_msg());
        }

        return $result;
    }

    /**
     * Get a specific variable from a JSON input stream
     *
     * @param array|string|null $index  The variable that you want which can use dot syntax for getting specific values.
     * @param bool              $assoc  If true, return the result as an associative array.
     * @param int|null          $filter Filter Constant
     * @param array|int|null    $flags  Option
     *
     * @return array|bool|float|int|stdClass|string|null
     */
    public function getJsonVar($index = null, bool $assoc = false, ?int $filter = null, $flags = null)
    {
        helper('array');

        $data = $this->getJSON(true);
        if (! is_array($data)) {
            return null;
        }

        if (is_string($index)) {
            $data = dot_array_search($index, $data);
        } elseif (is_array($index)) {
            $result = [];

            foreach ($index as $key) {
                $result[$key] = dot_array_search($key, $data);
            }

            [$data, $result] = [$result, null];
        }

        if ($data === null) {
            return null;
        }

        $filter ??= FILTER_UNSAFE_RAW;
        $flags = is_array($flags) ? $flags : (is_numeric($flags) ? (int) $flags : 0);

        if ($filter !== FILTER_UNSAFE_RAW
            || (
                (is_numeric($flags) && $flags !== 0)
                || is_array($flags) && $flags !== []
            )
        ) {
            if (is_array($data)) {
                // Iterate over array and append filter and flags
                array_walk_recursive($data, static function (&$val) use ($filter, $flags): void {
                    $valType = gettype($val);
                    $val     = filter_var($val, $filter, $flags);

                    if (in_array($valType, ['int', 'integer', 'float', 'double', 'bool', 'boolean'], true) && $val !== false) {
                        settype($val, $valType);
                    }
                });
            } else {
                $dataType = gettype($data);
                $data     = filter_var($data, $filter, $flags);

                if (in_array($dataType, ['int', 'integer', 'float', 'double', 'bool', 'boolean'], true) && $data !== false) {
                    settype($data, $dataType);
                }
            }
        }

        if (! $assoc) {
            if (is_array($index)) {
                foreach ($data as &$val) {
                    $val = is_array($val) ? json_decode(json_encode($val)) : $val;
                }

                return $data;
            }

            return json_decode(json_encode($data));
        }

        return $data;
    }

    /**
     * A convenience method that grabs the raw input stream(send method in PUT, PATCH, DELETE) and decodes
     * the String into an array.
     *
     * @return array
     */
    public function getRawInput()
    {
        parse_str($this->body ?? '', $output);

        return $output;
    }

    /**
     * Gets a specific variable from raw input stream (send method in PUT, PATCH, DELETE).
     *
     * @param array|string|null $index  The variable that you want which can use dot syntax for getting specific values.
     * @param int|null          $filter Filter Constant
     * @param array|int|null    $flags  Option
     *
     * @return array|bool|float|int|object|string|null
     */
    public function getRawInputVar($index = null, ?int $filter = null, $flags = null)
    {
        helper('array');

        parse_str($this->body ?? '', $output);

        if (is_string($index)) {
            $output = dot_array_search($index, $output);
        } elseif (is_array($index)) {
            $data = [];

            foreach ($index as $key) {
                $data[$key] = dot_array_search($key, $output);
            }

            [$output, $data] = [$data, null];
        }

        $filter ??= FILTER_UNSAFE_RAW;
        $flags = is_array($flags) ? $flags : (is_numeric($flags) ? (int) $flags : 0);

        if (is_array($output)
            && (
                $filter !== FILTER_UNSAFE_RAW
                || (
                    (is_numeric($flags) && $flags !== 0)
                    || is_array($flags) && $flags !== []
                )
            )
        ) {
            // Iterate over array and append filter and flags
            array_walk_recursive($output, static function (&$val) use ($filter, $flags): void {
                $val = filter_var($val, $filter, $flags);
            });

            return $output;
        }

        if (is_string($output)) {
            return filter_var($output, $filter, $flags);
        }

        return $output;
    }

    /**
     * Fetch an item from GET data.
     *
     * @param array|string|null $index  Index for item to fetch from $_GET.
     * @param int|null          $filter A filter name to apply.
     * @param array|int|null    $flags
     *
     * @return array|bool|float|int|object|string|null
     */
    public function getGet($index = null, $filter = null, $flags = null)
    {
        return $this->fetchGlobal('get', $index, $filter, $flags);
    }

    /**
     * Fetch an item from POST.
     *
     * @param array|string|null $index  Index for item to fetch from $_POST.
     * @param int|null          $filter A filter name to apply
     * @param array|int|null    $flags
     *
     * @return array|bool|float|int|object|string|null
     */
    public function getPost($index = null, $filter = null, $flags = null)
    {
        return $this->fetchGlobal('post', $index, $filter, $flags);
    }

    /**
     * Fetch an item from POST data with fallback to GET.
     *
     * @param array|string|null $index  Index for item to fetch from $_POST or $_GET
     * @param int|null          $filter A filter name to apply
     * @param array|int|null    $flags
     *
     * @return array|bool|float|int|object|string|null
     */
    public function getPostGet($index = null, $filter = null, $flags = null)
    {
        if ($index === null) {
            return array_merge($this->getGet($index, $filter, $flags), $this->getPost($index, $filter, $flags));
        }

        // Use $_POST directly here, since filter_has_var only
        // checks the initial POST data, not anything that might
        // have been added since.
        return isset($_POST[$index])
            ? $this->getPost($index, $filter, $flags)
            : (isset($_GET[$index]) ? $this->getGet($index, $filter, $flags) : $this->getPost($index, $filter, $flags));
    }

    /**
     * Fetch an item from GET data with fallback to POST.
     *
     * @param array|string|null $index  Index for item to be fetched from $_GET or $_POST
     * @param int|null          $filter A filter name to apply
     * @param array|int|null    $flags
     *
     * @return array|bool|float|int|object|string|null
     */
    public function getGetPost($index = null, $filter = null, $flags = null)
    {
        if ($index === null) {
            return array_merge($this->getPost($index, $filter, $flags), $this->getGet($index, $filter, $flags));
        }

        // Use $_GET directly here, since filter_has_var only
        // checks the initial GET data, not anything that might
        // have been added since.
        return isset($_GET[$index])
            ? $this->getGet($index, $filter, $flags)
            : (isset($_POST[$index]) ? $this->getPost($index, $filter, $flags) : $this->getGet($index, $filter, $flags));
    }

    /**
     * Fetch an item from the COOKIE array.
     *
     * @param array|string|null $index  Index for item to be fetched from $_COOKIE
     * @param int|null          $filter A filter name to be applied
     * @param array|int|null    $flags
     *
     * @return array|bool|float|int|object|string|null
     */
    public function getCookie($index = null, $filter = null, $flags = null)
    {
        return $this->fetchGlobal('cookie', $index, $filter, $flags);
    }

    /**
     * Fetch the user agent string
     *
     * @return UserAgent
     */
    public function getUserAgent()
    {
        return $this->userAgent;
    }

    /**
     * Attempts to get old Input data that has been flashed to the session
     * with redirect_with_input(). It first checks for the data in the old
     * POST data, then the old GET data and finally check for dot arrays
     *
     * @return array|string|null
     */
    public function getOldInput(string $key)
    {
        // If the session hasn't been started, we're done.
        if (! isset($_SESSION)) {
            return null;
        }

        // Get previously saved in session
        $old = session('_ci_old_input');

        // If no data was previously saved, we're done.
        if ($old === null) {
            return null;
        }

        // Check for the value in the POST array first.
        if (isset($old['post'][$key])) {
            return $old['post'][$key];
        }

        // Next check in the GET array.
        if (isset($old['get'][$key])) {
            return $old['get'][$key];
        }

        helper('array');

        // Check for an array value in POST.
        if (isset($old['post'])) {
            $value = dot_array_search($key, $old['post']);
            if ($value !== null) {
                return $value;
            }
        }

        // Check for an array value in GET.
        if (isset($old['get'])) {
            $value = dot_array_search($key, $old['get']);
            if ($value !== null) {
                return $value;
            }
        }

        // requested session key not found
        return null;
    }

    /**
     * Returns an array of all files that have been uploaded with this
     * request. Each file is represented by an UploadedFile instance.
     */
    public function getFiles(): array
    {
        if ($this->files === null) {
            $this->files = new FileCollection();
        }

        return $this->files->all(); // return all files
    }

    /**
     * Verify if a file exist, by the name of the input field used to upload it, in the collection
     * of uploaded files and if is have been uploaded with multiple option.
     *
     * @return array|null
     */
    public function getFileMultiple(string $fileID)
    {
        if ($this->files === null) {
            $this->files = new FileCollection();
        }

        return $this->files->getFileMultiple($fileID);
    }

    /**
     * Retrieves a single file by the name of the input field used
     * to upload it.
     *
     * @return UploadedFile|null
     */
    public function getFile(string $fileID)
    {
        if ($this->files === null) {
            $this->files = new FileCollection();
        }

        return $this->files->getFile($fileID);
    }
}

1	<?php
2
3	declare(strict_types=1);
4
5	/**
6	* This file is part of CodeIgniter 4 framework.
7	*
8	* (c) CodeIgniter Foundation <admin@codeigniter.com>
9	*
10	* For the full copyright and license information, please view
11	* the LICENSE file that was distributed with this source code.
12	*/
13
14	namespace CodeIgniter\HTTP;
15
16	use CodeIgniter\Exceptions\InvalidArgumentException;
17	use CodeIgniter\HTTP\Exceptions\HTTPException;
18	use CodeIgniter\HTTP\Files\FileCollection;
19	use CodeIgniter\HTTP\Files\UploadedFile;
20	use Config\App;
21	use Config\Services;
22	use Locale;
23	use stdClass;
24
25	/**
26	* Class IncomingRequest
27	*
28	* Represents an incoming, server-side HTTP request.
29	*
30	* Per the HTTP specification, this interface includes properties for
31	* each of the following:
32	*
33	* - Protocol version
34	* - HTTP method
35	* - URI
36	* - Headers
37	* - Message body
38	*
39	* Additionally, it encapsulates all data as it has arrived to the
40	* application from the CGI and/or PHP environment, including:
41	*
42	* - The values represented in $_SERVER.
43	* - Any cookies provided (generally via $_COOKIE)
44	* - Query string arguments (generally via $_GET, or as parsed via parse_str())
45	* - Upload files, if any (as represented by $_FILES)
46	* - Deserialized body binds (generally from $_POST)
47	*
48	* @see \CodeIgniter\HTTP\IncomingRequestTest
49	*/
50	class IncomingRequest extends Request
51	{
52	/**
53	* The URI for this request.
54	*
55	* Note: This WILL NOT match the actual URL in the browser since for
56	* everything this cares about (and the router, etc) is the portion
57	* AFTER the baseURL. So, if hosted in a sub-folder this will
58	* appear different than actual URI path. If you need that use getPath().
59	*
60	* @var URI
61	*/
62	protected $uri;
63
64	/**
65	* The detected URI path (relative to the baseURL).
66	*
67	* Note: current_url() uses this to build its URI,
68	* so this becomes the source for the "current URL"
69	* when working with the share request instance.
70	*
71	* @var string\|null
72	*/
73	protected $path;
74
75	/**
76	* File collection
77	*
78	* @var FileCollection\|null
79	*/
80	protected $files;
81
82	/**
83	* Negotiator
84	*
85	* @var Negotiate\|null
86	*/
87	protected $negotiator;
88
89	/**
90	* The default Locale this request
91	* should operate under.
92	*
93	* @var string
94	*/
95	protected $defaultLocale;
96
97	/**
98	* The current locale of the application.
99	* Default value is set in app/Config/App.php
100	*
101	* @var string
102	*/
103	protected $locale;
104
105	/**
106	* Stores the valid locale codes.
107	*
108	* @var array
109	*/
110	protected $validLocales = [];
111
112	/**
113	* Holds the old data from a redirect.
114	*
115	* @var array
116	*/
117	protected $oldInput = [];
118
119	/**
120	* The user agent this request is from.
121	*
122	* @var UserAgent
123	*/
124	protected $userAgent;
125
126	/**
127	* Constructor
128	*
129	* @param App $config
130	* @param string\|null $body
131	*/
132	public function __construct($config, ?URI $uri = null, $body = 'php://input', ?UserAgent $userAgent = null)
133	{
134	if (! $uri instanceof URI \|\| ! $userAgent instanceof UserAgent) {	1,448✔
135	throw new InvalidArgumentException('You must supply the parameters: uri, userAgent.');	×
136	}
137
138	$this->populateHeaders();	1,448✔
139
140	if (
141	$body === 'php://input'	1,448✔
142	// php://input is not available with enctype="multipart/form-data".
143	// See https://www.php.net/manual/en/wrappers.php.php#wrappers.php.input
144	&& ! str_contains($this->getHeaderLine('Content-Type'), 'multipart/form-data')	1,448✔
145	&& (int) $this->getHeaderLine('Content-Length') <= $this->getPostMaxSize()	1,448✔
146	) {
147	// Get our body from php://input
148	$body = file_get_contents('php://input');	1,040✔
149	}
150
151	// If file_get_contents() returns false or empty string, set null.
152	if ($body === false \|\| $body === '') {	1,448✔
153	$body = null;	1,045✔
154	}
155
156	$this->uri = $uri;	1,448✔
157	$this->body = $body;	1,448✔
158	$this->userAgent = $userAgent;	1,448✔
159	$this->validLocales = $config->supportedLocales;	1,448✔
160
161	parent::__construct($config);	1,448✔
162
163	if ($uri instanceof SiteURI) {	1,448✔
164	$this->setPath($uri->getRoutePath());	1,448✔
165	} else {
166	$this->setPath($uri->getPath());	×
167	}
168
169	$this->detectLocale($config);	1,448✔
170	}
171
172	private function getPostMaxSize(): int
173	{
174	$postMaxSize = ini_get('post_max_size');	1,040✔
175
176	return match (strtoupper(substr($postMaxSize, -1))) {	1,040✔
177	'G' => (int) str_replace('G', '', $postMaxSize) * 1024 ** 3,	×
178	'M' => (int) str_replace('M', '', $postMaxSize) * 1024 ** 2,	1,040✔
179	'K' => (int) str_replace('K', '', $postMaxSize) * 1024,	×
180	default => (int) $postMaxSize,	1,040✔
181	};	1,040✔
182	}
183
184	/**
185	* Handles setting up the locale, perhaps auto-detecting through
186	* content negotiation.
187	*
188	* @param App $config
189	*
190	* @return void
191	*/
192	public function detectLocale($config)
193	{
194	$this->locale = $this->defaultLocale = $config->defaultLocale;	1,448✔
195
196	if (! $config->negotiateLocale) {	1,448✔
197	return;	1,448✔
198	}
199
200	$this->setLocale($this->negotiate('language', $config->supportedLocales));	2✔
201	}
202
203	/**
204	* Provides a convenient way to work with the Negotiate class
205	* for content negotiation.
206	*/
207	public function negotiate(string $type, array $supported, bool $strictMatch = false): string
208	{
209	if ($this->negotiator === null) {	8✔
210	$this->negotiator = Services::negotiator($this, true);	8✔
211	}
212
213	return match (strtolower($type)) {	8✔
214	'media' => $this->negotiator->media($supported, $strictMatch),	2✔
215	'charset' => $this->negotiator->charset($supported),	1✔
216	'encoding' => $this->negotiator->encoding($supported),	1✔
217	'language' => $this->negotiator->language($supported),	3✔
218	default => throw HTTPException::forInvalidNegotiationType($type),	8✔
219	};	8✔
220	}
221
222	/**
223	* Checks this request type.
224	*/
225	public function is(string $type): bool
226	{
227	$valueUpper = strtoupper($type);	47✔
228
229	$httpMethods = Method::all();	47✔
230
231	if (in_array($valueUpper, $httpMethods, true)) {	47✔
232	return $this->getMethod() === $valueUpper;	44✔
233	}
234
235	if ($valueUpper === 'JSON') {	3✔
236	return str_contains($this->getHeaderLine('Content-Type'), 'application/json');	1✔
237	}
238
239	if ($valueUpper === 'AJAX') {	2✔
240	return $this->isAJAX();	1✔
241	}
242
243	throw new InvalidArgumentException('Unknown type: ' . $type);	1✔
244	}
245
246	/**
247	* Determines if this request was made from the command line (CLI).
248	*/
249	public function isCLI(): bool
250	{
251	return false;	1✔
252	}
253
254	/**
255	* Test to see if a request contains the HTTP_X_REQUESTED_WITH header.
256	*/
257	public function isAJAX(): bool
258	{
259	return $this->hasHeader('X-Requested-With')	80✔
260	&& strtolower($this->header('X-Requested-With')->getValue()) === 'xmlhttprequest';	80✔
261	}
262
263	/**
264	* Attempts to detect if the current connection is secure through
265	* a few different methods.
266	*/
267	public function isSecure(): bool
268	{
269	if (! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') {	5✔
270	return true;	1✔
271	}
272
273	if ($this->hasHeader('X-Forwarded-Proto') && $this->header('X-Forwarded-Proto')->getValue() === 'https') {	4✔
274	return true;	1✔
275	}
276
277	return $this->hasHeader('Front-End-Https') && ! empty($this->header('Front-End-Https')->getValue()) && strtolower($this->header('Front-End-Https')->getValue()) !== 'off';	3✔
278	}
279
280	/**
281	* Sets the URI path relative to baseURL.
282	*
283	* Note: Since current_url() accesses the shared request
284	* instance, this can be used to change the "current URL"
285	* for testing.
286	*
287	* @param string $path URI path relative to baseURL
288	*
289	* @return $this
290	*/
291	private function setPath(string $path)
292	{
293	$this->path = $path;	1,448✔
294
295	return $this;	1,448✔
296	}
297
298	/**
299	* Returns the URI path relative to baseURL,
300	* running detection as necessary.
301	*/
302	public function getPath(): string
303	{
304	return $this->path;	99✔
305	}
306
307	/**
308	* Sets the locale string for this request.
309	*
310	* @return IncomingRequest
311	*/
312	public function setLocale(string $locale)
313	{
314	// If it's not a valid locale, set it
315	// to the default locale for the site.
316	if (! in_array($locale, $this->validLocales, true)) {	5✔
317	$locale = $this->defaultLocale;	1✔
318	}
319
320	$this->locale = $locale;	5✔
321	Locale::setDefault($locale);	5✔
322
323	return $this;	5✔
324	}
325
326	/**
327	* Set the valid locales.
328	*
329	* @return $this
330	*/
331	public function setValidLocales(array $locales)
332	{
333	$this->validLocales = $locales;	1✔
334
335	return $this;	1✔
336	}
337
338	/**
339	* Gets the current locale, with a fallback to the default
340	* locale if none is set.
341	*/
342	public function getLocale(): string
343	{
344	return $this->locale;	429✔
345	}
346
347	/**
348	* Returns the default locale as set in app/Config/App.php
349	*/
350	public function getDefaultLocale(): string
351	{
352	return $this->defaultLocale;	3✔
353	}
354
355	/**
356	* Fetch an item from JSON input stream with fallback to $_REQUEST object. This is the simplest way
357	* to grab data from the request object and can be used in lieu of the
358	* other get* methods in most cases.
359	*
360	* @param array\|string\|null $index
361	* @param int\|null $filter Filter constant
362	* @param array\|int\|null $flags
363	*
364	* @return array\|bool\|float\|int\|stdClass\|string\|null
365	*/
366	public function getVar($index = null, $filter = null, $flags = null)
367	{
368	if (
369	str_contains($this->getHeaderLine('Content-Type'), 'application/json')	18✔
370	&& $this->body !== null	18✔
371	) {
372	return $this->getJsonVar($index, false, $filter, $flags);	1✔
373	}
374
375	return $this->fetchGlobal('request', $index, $filter, $flags);	17✔
376	}
377
378	/**
379	* A convenience method that grabs the raw input stream and decodes
380	* the JSON into an array.
381	*
382	* If $assoc == true, then all objects in the response will be converted
383	* to associative arrays.
384	*
385	* @param bool $assoc Whether to return objects as associative arrays
386	* @param int $depth How many levels deep to decode
387	* @param int $options Bitmask of options
388	*
389	* @see http://php.net/manual/en/function.json-decode.php
390	*
391	* @return array\|bool\|float\|int\|stdClass\|null
392	*
393	* @throws HTTPException When the body is invalid as JSON.
394	*/
395	public function getJSON(bool $assoc = false, int $depth = 512, int $options = 0)
396	{
397	if ($this->body === null) {	21✔
398	return null;	2✔
399	}
400
401	$result = json_decode($this->body, $assoc, $depth, $options);	19✔
402
403	if (json_last_error() !== JSON_ERROR_NONE) {	18✔
404	throw HTTPException::forInvalidJSON(json_last_error_msg());	3✔
405	}
406
407	return $result;	15✔
408	}
409
410	/**
411	* Get a specific variable from a JSON input stream
412	*
413	* @param array\|string\|null $index The variable that you want which can use dot syntax for getting specific values.
414	* @param bool $assoc If true, return the result as an associative array.
415	* @param int\|null $filter Filter Constant
416	* @param array\|int\|null $flags Option
417	*
418	* @return array\|bool\|float\|int\|stdClass\|string\|null
419	*/
420	public function getJsonVar($index = null, bool $assoc = false, ?int $filter = null, $flags = null)
421	{
422	helper('array');	6✔
423
424	$data = $this->getJSON(true);	6✔
425	if (! is_array($data)) {	6✔
426	return null;	1✔
427	}
428
429	if (is_string($index)) {	5✔
430	$data = dot_array_search($index, $data);	5✔
431	} elseif (is_array($index)) {	2✔
432	$result = [];	2✔
433
434	foreach ($index as $key) {	2✔
435	$result[$key] = dot_array_search($key, $data);	2✔
436	}
437
438	[$data, $result] = [$result, null];	2✔
439	}
440
441	if ($data === null) {	5✔
442	return null;	2✔
443	}
444
445	$filter ??= FILTER_UNSAFE_RAW;	5✔
446	$flags = is_array($flags) ? $flags : (is_numeric($flags) ? (int) $flags : 0);	5✔
447
448	if ($filter !== FILTER_UNSAFE_RAW	5✔
449	\|\| (
450	(is_numeric($flags) && $flags !== 0)	5✔
451	\|\| is_array($flags) && $flags !== []	5✔
452	)
453	) {
454	if (is_array($data)) {	2✔
455	// Iterate over array and append filter and flags
456	array_walk_recursive($data, static function (&$val) use ($filter, $flags): void {	1✔
457	$valType = gettype($val);	1✔
458	$val = filter_var($val, $filter, $flags);	1✔
459
460	if (in_array($valType, ['int', 'integer', 'float', 'double', 'bool', 'boolean'], true) && $val !== false) {	1✔
461	settype($val, $valType);	1✔
462	}
463	});	1✔
464	} else {
465	$dataType = gettype($data);	1✔
466	$data = filter_var($data, $filter, $flags);	1✔
467
468	if (in_array($dataType, ['int', 'integer', 'float', 'double', 'bool', 'boolean'], true) && $data !== false) {	1✔
UNCOV 469	settype($data, $dataType);	×
470	}
471	}
472	}
473
474	if (! $assoc) {	5✔
475	if (is_array($index)) {	4✔
476	foreach ($data as &$val) {	2✔
477	$val = is_array($val) ? json_decode(json_encode($val)) : $val;	2✔
478	}
479
480	return $data;	2✔
481	}
482
483	return json_decode(json_encode($data));	3✔
484	}
485
486	return $data;	2✔
487	}
488
489	/**
490	* A convenience method that grabs the raw input stream(send method in PUT, PATCH, DELETE) and decodes
491	* the String into an array.
492	*
493	* @return array
494	*/
495	public function getRawInput()
496	{
497	parse_str($this->body ?? '', $output);	13✔
498
499	return $output;	13✔
500	}
501
502	/**
503	* Gets a specific variable from raw input stream (send method in PUT, PATCH, DELETE).
504	*
505	* @param array\|string\|null $index The variable that you want which can use dot syntax for getting specific values.
506	* @param int\|null $filter Filter Constant
507	* @param array\|int\|null $flags Option
508	*
509	* @return array\|bool\|float\|int\|object\|string\|null
510	*/
511	public function getRawInputVar($index = null, ?int $filter = null, $flags = null)
512	{
513	helper('array');	10✔
514
515	parse_str($this->body ?? '', $output);	10✔
516
517	if (is_string($index)) {	10✔
518	$output = dot_array_search($index, $output);	6✔
519	} elseif (is_array($index)) {	4✔
520	$data = [];	2✔
521
522	foreach ($index as $key) {	2✔
523	$data[$key] = dot_array_search($key, $output);	2✔
524	}
525
526	[$output, $data] = [$data, null];	2✔
527	}
528
529	$filter ??= FILTER_UNSAFE_RAW;	10✔
530	$flags = is_array($flags) ? $flags : (is_numeric($flags) ? (int) $flags : 0);	10✔
531
532	if (is_array($output)	10✔
533	&& (
534	$filter !== FILTER_UNSAFE_RAW	10✔
535	\|\| (	10✔
536	(is_numeric($flags) && $flags !== 0)	10✔
537	\|\| is_array($flags) && $flags !== []	10✔
538	)	10✔
539	)
540	) {
541	// Iterate over array and append filter and flags
UNCOV 542	array_walk_recursive($output, static function (&$val) use ($filter, $flags): void {	×
UNCOV 543	$val = filter_var($val, $filter, $flags);	×
UNCOV 544	});	×
545
UNCOV 546	return $output;	×
547	}
548
549	if (is_string($output)) {	10✔
550	return filter_var($output, $filter, $flags);	5✔
551	}
552
553	return $output;	5✔
554	}
555
556	/**
557	* Fetch an item from GET data.
558	*
559	* @param array\|string\|null $index Index for item to fetch from $_GET.
560	* @param int\|null $filter A filter name to apply.
561	* @param array\|int\|null $flags
562	*
563	* @return array\|bool\|float\|int\|object\|string\|null
564	*/
565	public function getGet($index = null, $filter = null, $flags = null)
566	{
567	return $this->fetchGlobal('get', $index, $filter, $flags);	68✔
568	}
569
570	/**
571	* Fetch an item from POST.
572	*
573	* @param array\|string\|null $index Index for item to fetch from $_POST.
574	* @param int\|null $filter A filter name to apply
575	* @param array\|int\|null $flags
576	*
577	* @return array\|bool\|float\|int\|object\|string\|null
578	*/
579	public function getPost($index = null, $filter = null, $flags = null)
580	{
581	return $this->fetchGlobal('post', $index, $filter, $flags);	98✔
582	}
583
584	/**
585	* Fetch an item from POST data with fallback to GET.
586	*
587	* @param array\|string\|null $index Index for item to fetch from $_POST or $_GET
588	* @param int\|null $filter A filter name to apply
589	* @param array\|int\|null $flags
590	*
591	* @return array\|bool\|float\|int\|object\|string\|null
592	*/
593	public function getPostGet($index = null, $filter = null, $flags = null)
594	{
595	if ($index === null) {	5✔
596	return array_merge($this->getGet($index, $filter, $flags), $this->getPost($index, $filter, $flags));	3✔
597	}
598
599	// Use $_POST directly here, since filter_has_var only
600	// checks the initial POST data, not anything that might
601	// have been added since.
602	return isset($_POST[$index])	2✔
603	? $this->getPost($index, $filter, $flags)	1✔
604	: (isset($_GET[$index]) ? $this->getGet($index, $filter, $flags) : $this->getPost($index, $filter, $flags));	2✔
605	}
606
607	/**
608	* Fetch an item from GET data with fallback to POST.
609	*
610	* @param array\|string\|null $index Index for item to be fetched from $_GET or $_POST
611	* @param int\|null $filter A filter name to apply
612	* @param array\|int\|null $flags
613	*
614	* @return array\|bool\|float\|int\|object\|string\|null
615	*/
616	public function getGetPost($index = null, $filter = null, $flags = null)
617	{
618	if ($index === null) {	5✔
619	return array_merge($this->getPost($index, $filter, $flags), $this->getGet($index, $filter, $flags));	3✔
620	}
621
622	// Use $_GET directly here, since filter_has_var only
623	// checks the initial GET data, not anything that might
624	// have been added since.
625	return isset($_GET[$index])	2✔
626	? $this->getGet($index, $filter, $flags)	1✔
627	: (isset($_POST[$index]) ? $this->getPost($index, $filter, $flags) : $this->getGet($index, $filter, $flags));	2✔
628	}
629
630	/**
631	* Fetch an item from the COOKIE array.
632	*
633	* @param array\|string\|null $index Index for item to be fetched from $_COOKIE
634	* @param int\|null $filter A filter name to be applied
635	* @param array\|int\|null $flags
636	*
637	* @return array\|bool\|float\|int\|object\|string\|null
638	*/
639	public function getCookie($index = null, $filter = null, $flags = null)
640	{
641	return $this->fetchGlobal('cookie', $index, $filter, $flags);	127✔
642	}
643
644	/**
645	* Fetch the user agent string
646	*
647	* @return UserAgent
648	*/
649	public function getUserAgent()
650	{
651	return $this->userAgent;	1✔
652	}
653
654	/**
655	* Attempts to get old Input data that has been flashed to the session
656	* with redirect_with_input(). It first checks for the data in the old
657	* POST data, then the old GET data and finally check for dot arrays
658	*
659	* @return array\|string\|null
660	*/
661	public function getOldInput(string $key)
662	{
663	// If the session hasn't been started, we're done.
664	if (! isset($_SESSION)) {	20✔
UNCOV 665	return null;	×
666	}
667
668	// Get previously saved in session
669	$old = session('_ci_old_input');	20✔
670
671	// If no data was previously saved, we're done.
672	if ($old === null) {	20✔
673	return null;	6✔
674	}
675
676	// Check for the value in the POST array first.
677	if (isset($old['post'][$key])) {	16✔
678	return $old['post'][$key];	13✔
679	}
680
681	// Next check in the GET array.
682	if (isset($old['get'][$key])) {	8✔
683	return $old['get'][$key];	3✔
684	}
685
686	helper('array');	6✔
687
688	// Check for an array value in POST.
689	if (isset($old['post'])) {	6✔
690	$value = dot_array_search($key, $old['post']);	6✔
691	if ($value !== null) {	6✔
692	return $value;	1✔
693	}
694	}
695
696	// Check for an array value in GET.
697	if (isset($old['get'])) {	6✔
698	$value = dot_array_search($key, $old['get']);	3✔
699	if ($value !== null) {	3✔
700	return $value;	1✔
701	}
702	}
703
704	// requested session key not found
705	return null;	5✔
706	}
707
708	/**
709	* Returns an array of all files that have been uploaded with this
710	* request. Each file is represented by an UploadedFile instance.
711	*/
712	public function getFiles(): array
713	{
714	if ($this->files === null) {	1✔
715	$this->files = new FileCollection();	1✔
716	}
717
718	return $this->files->all(); // return all files	1✔
719	}
720
721	/**
722	* Verify if a file exist, by the name of the input field used to upload it, in the collection
723	* of uploaded files and if is have been uploaded with multiple option.
724	*
725	* @return array\|null
726	*/
727	public function getFileMultiple(string $fileID)
728	{
729	if ($this->files === null) {	51✔
730	$this->files = new FileCollection();	51✔
731	}
732
733	return $this->files->getFileMultiple($fileID);	51✔
734	}
735
736	/**
737	* Retrieves a single file by the name of the input field used
738	* to upload it.
739	*
740	* @return UploadedFile\|null
741	*/
742	public function getFile(string $fileID)
743	{
744	if ($this->files === null) {	47✔
745	$this->files = new FileCollection();	1✔
746	}
747
748	return $this->files->getFile($fileID);	47✔
749	}
750	}

codeigniter4 / CodeIgniter4 / 20464213604

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous