• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

nette / http / 26462513624

26 May 2026 04:53PM UTC coverage: 83.183% (-0.2%) from 83.409%
26462513624

push

github

dg
added CLAUDE.md

920 of 1106 relevant lines covered (83.18%)

0.83 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

91.55
/src/Http/Request.php
1
<?php declare(strict_types=1);
2

3
/**
4
 * This file is part of the Nette Framework (https://nette.org)
5
 * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
6
 */
7

8
namespace Nette\Http;
9

10
use Nette;
11
use function array_change_key_case, base64_decode, count, explode, gethostbyaddr, implode, in_array, preg_match, preg_match_all, rsort, strcasecmp, strtr;
12

13

14
/**
15
 * Immutable representation of an HTTP request with access to URL, headers, cookies, uploaded files, and body.
16
 *
17
 * @property-read UrlScript $url
18
 * @property-read array<string,mixed> $query
19
 * @property-read array<string,mixed> $post
20
 * @property-read array<string,mixed> $files
21
 * @property-read array<string,string> $cookies
22
 * @property-read string $method
23
 * @property-read array<string,string> $headers
24
 * @property-read ?UrlImmutable $referer
25
 * @property-read bool $secured
26
 * @property-read bool $ajax
27
 * @property-read ?string $remoteAddress
28
 * @property-read ?string $remoteHost
29
 * @property-read ?string $rawBody
30
 */
31
class Request implements IRequest
32
{
33
        use Nette\SmartObject;
34

35
        /** @var array<string, string> */
36
        private readonly array $headers;
37

38
        /** @var (\Closure(): string)|null */
39
        private readonly ?\Closure $rawBodyCallback;
40

41

42
        /**
43
         * @param array<string, string> $headers
44
         * @param ?(callable(): string) $rawBodyCallback
45
         */
46
        public function __construct(
1✔
47
                private UrlScript $url,
48
                /** @var mixed[] */
49
                private readonly array $post = [],
50
                /** @var mixed[] */
51
                private readonly array $files = [],
52
                /** @var array<string, string> */
53
                private readonly array $cookies = [],
54
                array $headers = [],
55
                private readonly string $method = 'GET',
56
                private readonly ?string $remoteAddress = null,
57
                private ?string $remoteHost = null,
58
                ?callable $rawBodyCallback = null,
59
        ) {
60
                $this->headers = array_change_key_case($headers);
1✔
61
                $this->rawBodyCallback = $rawBodyCallback ? $rawBodyCallback(...) : null;
1✔
62
        }
1✔
63

64

65
        /**
66
         * Returns a clone with a different URL.
67
         */
68
        public function withUrl(UrlScript $url): static
1✔
69
        {
70
                $dolly = clone $this;
1✔
71
                $dolly->url = $url;
1✔
72
                return $dolly;
1✔
73
        }
74

75

76
        /**
77
         * Returns the URL of the request.
78
         */
79
        public function getUrl(): UrlScript
80
        {
81
                return $this->url;
1✔
82
        }
83

84

85
        /********************* query, post, files & cookies ****************d*g**/
86

87

88
        /**
89
         * Returns a URL query parameter, or all parameters as an array if no key is given.
90
         */
91
        public function getQuery(?string $key = null): mixed
1✔
92
        {
93
                if (func_num_args() === 0) {
1✔
94
                        return $this->url->getQueryParameters();
1✔
95
                }
96

97
                assert($key !== null);
98
                return $this->url->getQueryParameter($key);
1✔
99
        }
100

101

102
        /**
103
         * Returns a POST parameter, or all POST parameters as an array if no key is given.
104
         */
105
        public function getPost(?string $key = null): mixed
1✔
106
        {
107
                if (func_num_args() === 0) {
1✔
108
                        return $this->post;
1✔
109
                }
110

111
                assert($key !== null);
112
                return $this->post[$key] ?? null;
1✔
113
        }
114

115

116
        /**
117
         * Returns the uploaded file for the given key, or null if not present.
118
         * Accepts a string key or an array of keys for nested file structures (e.g. ['form', 'avatar']).
119
         * @param  string|string[]  $key
120
         */
121
        public function getFile($key): ?FileUpload
122
        {
123
                $res = Nette\Utils\Arrays::get($this->files, $key, null);
1✔
124
                return $res instanceof FileUpload ? $res : null;
1✔
125
        }
126

127

128
        /**
129
         * Returns the tree of uploaded files, with each leaf being a FileUpload instance.
130
         * @return mixed[]
131
         */
132
        public function getFiles(): array
133
        {
134
                return $this->files;
1✔
135
        }
136

137

138
        /**
139
         * Returns a cookie or `null` if it does not exist.
140
         */
141
        public function getCookie(string $key): mixed
1✔
142
        {
143
                return $this->cookies[$key] ?? null;
1✔
144
        }
145

146

147
        /**
148
         * Returns all cookies.
149
         * @return array<string, string>
150
         */
151
        public function getCookies(): array
152
        {
153
                return $this->cookies;
1✔
154
        }
155

156

157
        /********************* method & headers ****************d*g**/
158

159

160
        /**
161
         * Returns the HTTP method with which the request was made (GET, POST, HEAD, PUT, ...).
162
         */
163
        public function getMethod(): string
164
        {
165
                return $this->method;
1✔
166
        }
167

168

169
        /**
170
         * Checks the HTTP method with which the request was made. The parameter is case-insensitive.
171
         */
172
        public function isMethod(string $method): bool
173
        {
174
                return strcasecmp($this->method, $method) === 0;
×
175
        }
176

177

178
        /**
179
         * Returns an HTTP header or `null` if it does not exist. The parameter is case-insensitive.
180
         */
181
        public function getHeader(string $header): ?string
1✔
182
        {
183
                $header = strtolower($header);
1✔
184
                return $this->headers[$header] ?? null;
1✔
185
        }
186

187

188
        /**
189
         * Returns all HTTP headers as associative array.
190
         * @return array<string, string>
191
         */
192
        public function getHeaders(): array
193
        {
194
                return $this->headers;
1✔
195
        }
196

197

198
        /**
199
         * Returns the referrer URL from the Referer header. Unreliable - clients may omit or spoof it.
200
         * @deprecated  use getOrigin()
201
         */
202
        public function getReferer(): ?UrlImmutable
203
        {
204
                return isset($this->headers['referer'])
×
205
                        ? new UrlImmutable($this->headers['referer'])
×
206
                        : null;
×
207
        }
208

209

210
        /**
211
         * Returns the request origin (scheme + host + port) from the Origin header, or null if absent or invalid.
212
         */
213
        public function getOrigin(): ?UrlImmutable
214
        {
215
                $header = $this->headers['origin'] ?? '';
1✔
216
                if (!preg_match('~^[a-z][a-z0-9+.-]*://[^/]+$~i', $header)) {
1✔
217
                        return null;
1✔
218
                }
219
                return new UrlImmutable($header);
1✔
220
        }
221

222

223
        /**
224
         * Checks whether the request was sent via a secure channel (HTTPS).
225
         */
226
        public function isSecured(): bool
227
        {
228
                return $this->url->getScheme() === 'https';
1✔
229
        }
230

231

232
        /**
233
         * Checks whether the request is coming from the same site and was initiated by clicking on a link.
234
         */
235
        public function isSameSite(): bool
236
        {
237
                return isset($this->cookies[Helpers::StrictCookieName]);
×
238
        }
239

240

241
        /**
242
         * Checks whether the request was made via AJAX (X-Requested-With: XMLHttpRequest).
243
         */
244
        public function isAjax(): bool
245
        {
246
                return $this->getHeader('X-Requested-With') === 'XMLHttpRequest';
×
247
        }
248

249

250
        /**
251
         * Returns the IP address of the remote client.
252
         */
253
        public function getRemoteAddress(): ?string
254
        {
255
                return $this->remoteAddress;
1✔
256
        }
257

258

259
        /**
260
         * Returns the host of the remote client.
261
         */
262
        public function getRemoteHost(): ?string
263
        {
264
                if ($this->remoteHost === null && $this->remoteAddress !== null) {
1✔
265
                        $this->remoteHost = gethostbyaddr($this->remoteAddress) ?: null;
1✔
266
                }
267

268
                return $this->remoteHost;
1✔
269
        }
270

271

272
        /**
273
         * Returns raw content of HTTP request body.
274
         */
275
        public function getRawBody(): ?string
276
        {
277
                return $this->rawBodyCallback ? ($this->rawBodyCallback)() : null;
1✔
278
        }
279

280

281
        /**
282
         * Returns basic HTTP authentication credentials.
283
         * @return array{string, string}|null
284
         */
285
        public function getBasicCredentials(): ?array
286
        {
287
                return preg_match(
1✔
288
                        '~^Basic (\S+)$~',
1✔
289
                        $this->headers['authorization'] ?? '',
1✔
290
                        $t,
1✔
291
                )
292
                        && ($t = base64_decode($t[1], strict: true))
1✔
293
                        && ($t = explode(':', $t, 2))
1✔
294
                        && (count($t) === 2)
1✔
295
                        ? $t
1✔
296
                        : null;
1✔
297
        }
298

299

300
        /**
301
         * Returns the most preferred language from the Accept-Language header that matches one of the supported languages,
302
         * or null if no match is found.
303
         * @param  array<string>  $langs  supported language codes (e.g. ['en', 'cs', 'de'])
304
         */
305
        public function detectLanguage(array $langs): ?string
1✔
306
        {
307
                $header = $this->getHeader('Accept-Language');
1✔
308
                if (!$header) {
1✔
309
                        return null;
1✔
310
                }
311

312
                $s = strtolower($header);  // case insensitive
1✔
313
                $s = strtr($s, '_', '-');  // cs_CZ means cs-CZ
1✔
314
                rsort($langs);             // first more specific
1✔
315
                preg_match_all('#(' . implode('|', $langs) . ')(?:-[^\s,;=]+)?\s*(?:;\s*q=([0-9.]+))?#', $s, $matches);
1✔
316

317
                if (!$matches[0]) {
1✔
318
                        return null;
1✔
319
                }
320

321
                $max = 0;
1✔
322
                $lang = null;
1✔
323
                foreach ($matches[1] as $key => $value) {
1✔
324
                        $q = $matches[2][$key] === '' ? 1.0 : (float) $matches[2][$key];
1✔
325
                        if ($q > $max) {
1✔
326
                                $max = $q;
1✔
327
                                $lang = $value;
1✔
328
                        }
329
                }
330

331
                return $lang;
1✔
332
        }
333
}
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc