26462944905

Committed 26 May 2026 05:02PM UTC coverage: 83.853% (-0.2%) from 84.038%

Build Type

push

github

Committed by

Commit Message

Request::getRemoteHost() is deprecated and returns null [Closes #218]

Coverage Stats

5 of 7 new or added lines in 2 files covered. (71.43%)

2 existing lines in 1 file now uncovered.

1049 of 1251 relevant lines covered (83.85%)

0.84 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

90.12

/src/Http/Request.php

<?php declare(strict_types=1);

/**
 * This file is part of the Nette Framework (https://nette.org)
 * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
 */

namespace Nette\Http;

use Nette;
use function array_change_key_case, base64_decode, count, explode, implode, in_array, preg_match, preg_match_all, rsort, strcasecmp, strtr;


/**
 * Immutable representation of an HTTP request with access to URL, headers, cookies, uploaded files, and body.
 *
 * @property-read UrlScript $url
 * @property-read array<string,mixed> $query
 * @property-read array<string,mixed> $post
 * @property-read array<string,mixed> $files
 * @property-read array<string,string> $cookies
 * @property-read string $method
 * @property-read array<string,string> $headers
 * @property-read ?UrlImmutable $referer
 * @property-read bool $secured
 * @property-read bool $ajax
 * @property-read ?string $remoteAddress
 * @property-deprecated ?string $remoteHost
 * @property-read ?string $rawBody
 */
class Request implements IRequest
{
        use Nette\SmartObject;

        /** @var array<string, string> */
        private readonly array $headers;

        /** @var (\Closure(): string)|null */
        private readonly ?\Closure $rawBodyCallback;


        /**
         * @param array<string, string> $headers
         * @param ?(callable(): string) $rawBodyCallback
         */
        public function __construct(
                private UrlScript $url,
                /** @var mixed[] */
                private readonly array $post = [],
                /** @var mixed[] */
                private readonly array $files = [],
                /** @var array<string, string> */
                private readonly array $cookies = [],
                array $headers = [],
                private readonly string $method = 'GET',
                private readonly ?string $remoteAddress = null,
                private ?string $remoteHost = null,
                ?callable $rawBodyCallback = null,
        ) {
                $this->headers = array_change_key_case($headers);
                $this->rawBodyCallback = $rawBodyCallback ? $rawBodyCallback(...) : null;
        }


        /**
         * Returns a clone with a different URL.
         */
        public function withUrl(UrlScript $url): static
        {
                $dolly = clone $this;
                $dolly->url = $url;
                return $dolly;
        }


        /**
         * Returns the URL of the request.
         */
        public function getUrl(): UrlScript
        {
                return $this->url;
        }


        /********************* query, post, files & cookies ****************d*g**/


        /**
         * Returns a URL query parameter, or all parameters as an array if no key is given.
         */
        public function getQuery(?string $key = null): mixed
        {
                if (func_num_args() === 0) {
                        return $this->url->getQueryParameters();
                }

                assert($key !== null);
                return $this->url->getQueryParameter($key);
        }


        /**
         * Returns a POST parameter, or all POST parameters as an array if no key is given.
         */
        public function getPost(?string $key = null): mixed
        {
                if (func_num_args() === 0) {
                        return $this->post;
                }

                assert($key !== null);
                return $this->post[$key] ?? null;
        }


        /**
         * Returns the uploaded file for the given key, or null if not present.
         * Accepts a string key or an array of keys for nested file structures (e.g. ['form', 'avatar']).
         * @param  string|string[]  $key
         */
        public function getFile($key): ?FileUpload
        {
                $res = Nette\Utils\Arrays::get($this->files, $key, null);
                return $res instanceof FileUpload ? $res : null;
        }


        /**
         * Returns the tree of uploaded files, with each leaf being a FileUpload instance.
         * @return mixed[]
         */
        public function getFiles(): array
        {
                return $this->files;
        }


        /**
         * Returns a cookie or `null` if it does not exist.
         */
        public function getCookie(string $key): mixed
        {
                return $this->cookies[$key] ?? null;
        }


        /**
         * Returns all cookies.
         * @return array<string, string>
         */
        public function getCookies(): array
        {
                return $this->cookies;
        }


        /********************* method & headers ****************d*g**/


        /**
         * Returns the HTTP method with which the request was made (GET, POST, HEAD, PUT, ...).
         */
        public function getMethod(): string
        {
                return $this->method;
        }


        /**
         * Checks the HTTP method with which the request was made. The parameter is case-insensitive.
         */
        public function isMethod(string $method): bool
        {
                return strcasecmp($this->method, $method) === 0;
        }


        /**
         * Returns an HTTP header or `null` if it does not exist. The parameter is case-insensitive.
         */
        public function getHeader(string $header): ?string
        {
                $header = strtolower($header);
                return $this->headers[$header] ?? null;
        }


        /**
         * Returns all HTTP headers as associative array.
         * @return array<string, string>
         */
        public function getHeaders(): array
        {
                return $this->headers;
        }


        /**
         * Returns the referrer URL from the Referer header. Unreliable - clients may omit or spoof it.
         * @deprecated  use getOrigin()
         */
        public function getReferer(): ?UrlImmutable
        {
                return isset($this->headers['referer'])
                        ? new UrlImmutable($this->headers['referer'])
                        : null;
        }


        /**
         * Returns the request origin (scheme + host + port) from the Origin header, or null if absent or invalid.
         */
        public function getOrigin(): ?UrlImmutable
        {
                $header = $this->headers['origin'] ?? '';
                if (!preg_match('~^[a-z][a-z0-9+.-]*://[^/]+$~i', $header)) {
                        return null;
                }
                return new UrlImmutable($header);
        }


        /**
         * Checks whether the request was sent via a secure channel (HTTPS).
         */
        public function isSecured(): bool
        {
                return $this->url->getScheme() === 'https';
        }


        /** @deprecated use isFrom(['same-site', 'same-origin']) */
        public function isSameSite(): bool
        {
                return isset($this->cookies[Helpers::StrictCookieName]);
        }


        /**
         * Checks whether the request origin and initiator match the given Sec-Fetch-Site and Sec-Fetch-Dest values.
         * Falls back to the Origin header for browsers that don't send Sec-Fetch headers (Safari < 16.4).
         * @param  string|list<string>|null  $site       expected Sec-Fetch-Site values (e.g. 'same-origin', 'cross-site')
         * @param  string|list<string>|null  $initiator  expected Sec-Fetch-Dest values (e.g. 'document', 'empty')
         */
        public function isFrom(string|array|null $site = null, string|array|null $initiator = null): bool
        {
                $actualSite = $this->headers['sec-fetch-site'] ?? null;
                $actualDest = $this->headers['sec-fetch-dest'] ?? null;

                if ($actualSite === null && ($origin = $this->getOrigin())) { // fallback for Safari < 16.4
                        $actualSite = strcasecmp($origin->getScheme(), $this->url->getScheme()) === 0
                                        && strcasecmp(rtrim($origin->getHost(), '.'), rtrim($this->url->getHost(), '.')) === 0
                                        && $origin->getPort() === $this->url->getPort()
                                ? 'same-origin'
                                : 'cross-site';
                }

                return ($site === null || ($actualSite !== null && in_array($actualSite, (array) $site, strict: true)))
                        && ($initiator === null || ($actualDest !== null && in_array($actualDest, (array) $initiator, strict: true)));
        }


        /**
         * Checks whether the request was made via AJAX (X-Requested-With: XMLHttpRequest).
         */
        public function isAjax(): bool
        {
                return $this->getHeader('X-Requested-With') === 'XMLHttpRequest';
        }


        /**
         * Returns the IP address of the remote client.
         */
        public function getRemoteAddress(): ?string
        {
                return $this->remoteAddress;
        }


        #[\Deprecated]
        public function getRemoteHost(): ?string
        {
                trigger_error(__METHOD__ . '() is deprecated.', E_USER_DEPRECATED);
                return null;
        }


        /**
         * Returns raw content of HTTP request body.
         */
        public function getRawBody(): ?string
        {
                return $this->rawBodyCallback ? ($this->rawBodyCallback)() : null;
        }


        /**
         * Returns basic HTTP authentication credentials.
         * @return array{string, string}|null
         */
        public function getBasicCredentials(): ?array
        {
                return preg_match(
                        '~^Basic (\S+)$~',
                        $this->headers['authorization'] ?? '',
                        $t,
                )
                        && ($t = base64_decode($t[1], strict: true))
                        && ($t = explode(':', $t, 2))
                        && (count($t) === 2)
                        ? $t
                        : null;
        }


        /**
         * Returns the most preferred language from the Accept-Language header that matches one of the supported languages,
         * or null if no match is found.
         * @param  array<string>  $langs  supported language codes (e.g. ['en', 'cs', 'de'])
         */
        public function detectLanguage(array $langs): ?string
        {
                $header = $this->getHeader('Accept-Language');
                if (!$header) {
                        return null;
                }

                $s = strtolower($header);  // case insensitive
                $s = strtr($s, '_', '-');  // cs_CZ means cs-CZ
                rsort($langs);             // first more specific
                preg_match_all('#(' . implode('|', $langs) . ')(?:-[^\s,;=]+)?\s*(?:;\s*q=([0-9.]+))?#', $s, $matches);

                if (!$matches[0]) {
                        return null;
                }

                $max = 0;
                $lang = null;
                foreach ($matches[1] as $key => $value) {
                        $q = $matches[2][$key] === '' ? 1.0 : (float) $matches[2][$key];
                        if ($q > $max) {
                                $max = $q;
                                $lang = $value;
                        }
                }

                return $lang;
        }
}

1	<?php declare(strict_types=1);
2
3	/**
4	* This file is part of the Nette Framework (https://nette.org)
5	* Copyright (c) 2004 David Grudl (https://davidgrudl.com)
6	*/
7
8	namespace Nette\Http;
9
10	use Nette;
11	use function array_change_key_case, base64_decode, count, explode, implode, in_array, preg_match, preg_match_all, rsort, strcasecmp, strtr;
12
13
14	/**
15	* Immutable representation of an HTTP request with access to URL, headers, cookies, uploaded files, and body.
16	*
17	* @property-read UrlScript $url
18	* @property-read array<string,mixed> $query
19	* @property-read array<string,mixed> $post
20	* @property-read array<string,mixed> $files
21	* @property-read array<string,string> $cookies
22	* @property-read string $method
23	* @property-read array<string,string> $headers
24	* @property-read ?UrlImmutable $referer
25	* @property-read bool $secured
26	* @property-read bool $ajax
27	* @property-read ?string $remoteAddress
28	* @property-deprecated ?string $remoteHost
29	* @property-read ?string $rawBody
30	*/
31	class Request implements IRequest
32	{
33	use Nette\SmartObject;
34
35	/** @var array<string, string> */
36	private readonly array $headers;
37
38	/** @var (\Closure(): string)\|null */
39	private readonly ?\Closure $rawBodyCallback;
40
41
42	/**
43	* @param array<string, string> $headers
44	* @param ?(callable(): string) $rawBodyCallback
45	*/
46	public function __construct(	1✔
47	private UrlScript $url,
48	/** @var mixed[] */
49	private readonly array $post = [],
50	/** @var mixed[] */
51	private readonly array $files = [],
52	/** @var array<string, string> */
53	private readonly array $cookies = [],
54	array $headers = [],
55	private readonly string $method = 'GET',
56	private readonly ?string $remoteAddress = null,
57	private ?string $remoteHost = null,
58	?callable $rawBodyCallback = null,
59	) {
60	$this->headers = array_change_key_case($headers);	1✔
61	$this->rawBodyCallback = $rawBodyCallback ? $rawBodyCallback(...) : null;	1✔
62	}	1✔
63
64
65	/**
66	* Returns a clone with a different URL.
67	*/
68	public function withUrl(UrlScript $url): static	1✔
69	{
70	$dolly = clone $this;	1✔
71	$dolly->url = $url;	1✔
72	return $dolly;	1✔
73	}
74
75
76	/**
77	* Returns the URL of the request.
78	*/
79	public function getUrl(): UrlScript
80	{
81	return $this->url;	1✔
82	}
83
84
85	/******************* query, post, files & cookies *************dg**/
86
87
88	/**
89	* Returns a URL query parameter, or all parameters as an array if no key is given.
90	*/
91	public function getQuery(?string $key = null): mixed	1✔
92	{
93	if (func_num_args() === 0) {	1✔
94	return $this->url->getQueryParameters();	1✔
95	}
96
97	assert($key !== null);
98	return $this->url->getQueryParameter($key);	1✔
99	}
100
101
102	/**
103	* Returns a POST parameter, or all POST parameters as an array if no key is given.
104	*/
105	public function getPost(?string $key = null): mixed	1✔
106	{
107	if (func_num_args() === 0) {	1✔
108	return $this->post;	1✔
109	}
110
111	assert($key !== null);
112	return $this->post[$key] ?? null;	1✔
113	}
114
115
116	/**
117	* Returns the uploaded file for the given key, or null if not present.
118	* Accepts a string key or an array of keys for nested file structures (e.g. ['form', 'avatar']).
119	* @param string\|string[] $key
120	*/
121	public function getFile($key): ?FileUpload
122	{
123	$res = Nette\Utils\Arrays::get($this->files, $key, null);	1✔
124	return $res instanceof FileUpload ? $res : null;	1✔
125	}
126
127
128	/**
129	* Returns the tree of uploaded files, with each leaf being a FileUpload instance.
130	* @return mixed[]
131	*/
132	public function getFiles(): array
133	{
134	return $this->files;	1✔
135	}
136
137
138	/**
139	* Returns a cookie or `null` if it does not exist.
140	*/
141	public function getCookie(string $key): mixed	1✔
142	{
143	return $this->cookies[$key] ?? null;	1✔
144	}
145
146
147	/**
148	* Returns all cookies.
149	* @return array<string, string>
150	*/
151	public function getCookies(): array
152	{
153	return $this->cookies;	1✔
154	}
155
156
157	/******************* method & headers *************dg**/
158
159
160	/**
161	* Returns the HTTP method with which the request was made (GET, POST, HEAD, PUT, ...).
162	*/
163	public function getMethod(): string
164	{
165	return $this->method;	1✔
166	}
167
168
169	/**
170	* Checks the HTTP method with which the request was made. The parameter is case-insensitive.
171	*/
172	public function isMethod(string $method): bool
173	{
174	return strcasecmp($this->method, $method) === 0;	×
175	}
176
177
178	/**
179	* Returns an HTTP header or `null` if it does not exist. The parameter is case-insensitive.
180	*/
181	public function getHeader(string $header): ?string	1✔
182	{
183	$header = strtolower($header);	1✔
184	return $this->headers[$header] ?? null;	1✔
185	}
186
187
188	/**
189	* Returns all HTTP headers as associative array.
190	* @return array<string, string>
191	*/
192	public function getHeaders(): array
193	{
194	return $this->headers;	1✔
195	}
196
197
198	/**
199	* Returns the referrer URL from the Referer header. Unreliable - clients may omit or spoof it.
200	* @deprecated use getOrigin()
201	*/
202	public function getReferer(): ?UrlImmutable
203	{
204	return isset($this->headers['referer'])	×
205	? new UrlImmutable($this->headers['referer'])	×
206	: null;	×
207	}
208
209
210	/**
211	* Returns the request origin (scheme + host + port) from the Origin header, or null if absent or invalid.
212	*/
213	public function getOrigin(): ?UrlImmutable
214	{
215	$header = $this->headers['origin'] ?? '';	1✔
216	if (!preg_match('~^[a-z][a-z0-9+.-]*://[^/]+$~i', $header)) {	1✔
217	return null;	1✔
218	}
219	return new UrlImmutable($header);	1✔
220	}
221
222
223	/**
224	* Checks whether the request was sent via a secure channel (HTTPS).
225	*/
226	public function isSecured(): bool
227	{
228	return $this->url->getScheme() === 'https';	1✔
229	}
230
231
232	/** @deprecated use isFrom(['same-site', 'same-origin']) */
233	public function isSameSite(): bool
234	{
UNCOV 235	return isset($this->cookies[Helpers::StrictCookieName]);	×
236	}
237
238
239	/**
240	* Checks whether the request origin and initiator match the given Sec-Fetch-Site and Sec-Fetch-Dest values.
241	* Falls back to the Origin header for browsers that don't send Sec-Fetch headers (Safari < 16.4).
242	* @param string\|list<string>\|null $site expected Sec-Fetch-Site values (e.g. 'same-origin', 'cross-site')
243	* @param string\|list<string>\|null $initiator expected Sec-Fetch-Dest values (e.g. 'document', 'empty')
244	*/
245	public function isFrom(string\|array\|null $site = null, string\|array\|null $initiator = null): bool	1✔
246	{
247	$actualSite = $this->headers['sec-fetch-site'] ?? null;	1✔
248	$actualDest = $this->headers['sec-fetch-dest'] ?? null;	1✔
249
250	if ($actualSite === null && ($origin = $this->getOrigin())) { // fallback for Safari < 16.4	1✔
251	$actualSite = strcasecmp($origin->getScheme(), $this->url->getScheme()) === 0	1✔
252	&& strcasecmp(rtrim($origin->getHost(), '.'), rtrim($this->url->getHost(), '.')) === 0	1✔
253	&& $origin->getPort() === $this->url->getPort()	1✔
254	? 'same-origin'	1✔
255	: 'cross-site';	1✔
256	}
257
258	return ($site === null \|\| ($actualSite !== null && in_array($actualSite, (array) $site, strict: true)))	1✔
259	&& ($initiator === null \|\| ($actualDest !== null && in_array($actualDest, (array) $initiator, strict: true)));	1✔
260	}
261
262
263	/**
264	* Checks whether the request was made via AJAX (X-Requested-With: XMLHttpRequest).
265	*/
266	public function isAjax(): bool
267	{
UNCOV 268	return $this->getHeader('X-Requested-With') === 'XMLHttpRequest';	×
269	}
270
271
272	/**
273	* Returns the IP address of the remote client.
274	*/
275	public function getRemoteAddress(): ?string
276	{
277	return $this->remoteAddress;	1✔
278	}
279
280
281	#[\Deprecated]
282	public function getRemoteHost(): ?string
283	{
NEW 284	trigger_error(__METHOD__ . '() is deprecated.', E_USER_DEPRECATED);	×
NEW 285	return null;	×
286	}
287
288
289	/**
290	* Returns raw content of HTTP request body.
291	*/
292	public function getRawBody(): ?string
293	{
294	return $this->rawBodyCallback ? ($this->rawBodyCallback)() : null;	1✔
295	}
296
297
298	/**
299	* Returns basic HTTP authentication credentials.
300	* @return array{string, string}\|null
301	*/
302	public function getBasicCredentials(): ?array
303	{
304	return preg_match(	1✔
305	'~^Basic (\S+)$~',	1✔
306	$this->headers['authorization'] ?? '',	1✔
307	$t,	1✔
308	)
309	&& ($t = base64_decode($t[1], strict: true))	1✔
310	&& ($t = explode(':', $t, 2))	1✔
311	&& (count($t) === 2)	1✔
312	? $t	1✔
313	: null;	1✔
314	}
315
316
317	/**
318	* Returns the most preferred language from the Accept-Language header that matches one of the supported languages,
319	* or null if no match is found.
320	* @param array<string> $langs supported language codes (e.g. ['en', 'cs', 'de'])
321	*/
322	public function detectLanguage(array $langs): ?string	1✔
323	{
324	$header = $this->getHeader('Accept-Language');	1✔
325	if (!$header) {	1✔
326	return null;	1✔
327	}
328
329	$s = strtolower($header); // case insensitive	1✔
330	$s = strtr($s, '_', '-'); // cs_CZ means cs-CZ	1✔
331	rsort($langs); // first more specific	1✔
332	preg_match_all('#(' . implode('\|', $langs) . ')(?:-[^\s,;=]+)?\s(?:;\sq=([0-9.]+))?#', $s, $matches);	1✔
333
334	if (!$matches[0]) {	1✔
335	return null;	1✔
336	}
337
338	$max = 0;	1✔
339	$lang = null;	1✔
340	foreach ($matches[1] as $key => $value) {	1✔
341	$q = $matches[2][$key] === '' ? 1.0 : (float) $matches[2][$key];	1✔
342	if ($q > $max) {	1✔
343	$max = $q;	1✔
344	$lang = $value;	1✔
345	}
346	}
347
348	return $lang;	1✔
349	}
350	}

nette / http / 26462944905

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous