diff options
author | Greg Aker <greg.aker@ellislab.com> | 2010-11-15 23:22:12 +0100 |
---|---|---|
committer | Greg Aker <greg.aker@ellislab.com> | 2010-11-15 23:22:12 +0100 |
commit | ec2f57133750caa5f5903e529a6ae776aebc4431 (patch) | |
tree | d2585b30e865fab16b1790b6006b384ebaca7868 /system/core | |
parent | 9cc3d5078f0dc739ffb231edc5ad8021457fb094 (diff) |
Adding request_headers() and get_request_header() methods to the input class. The request_headers() method is helpful in non-apache environments where apache_request_headers() isn't going to exist.
Diffstat (limited to 'system/core')
-rw-r--r-- | system/core/Input.php | 83 |
1 files changed, 81 insertions, 2 deletions
diff --git a/system/core/Input.php b/system/core/Input.php index 0ce2d893a..52ea71bc5 100644 --- a/system/core/Input.php +++ b/system/core/Input.php @@ -35,6 +35,9 @@ class CI_Input { var $_enable_xss = FALSE; // Set automatically based on config setting var $_enable_csrf = FALSE; // Set automatically based on config setting + protected $headers = array(); + + /** * Constructor * @@ -378,8 +381,10 @@ class CI_Input { function _sanitize_globals() { // It would be "wrong" to unset any of these GLOBALS. - $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA', - 'system_folder', 'application_folder', 'BM', 'EXT', 'CFG', 'URI', 'RTR', 'OUT', 'IN'); + $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST', + '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA', + 'system_folder', 'application_folder', 'BM', 'EXT', + 'CFG', 'URI', 'RTR', 'OUT', 'IN'); // Unset globals for securiy. // This is effectively the same as register_globals = off @@ -545,6 +550,80 @@ class CI_Input { return $str; } + // -------------------------------------------------------------------- + + /** + * Request Headers + * + * In Apache, you can simply call apache_request_headers(), however for + * people running other webservers the function is undefined. + * + * @return array + */ + public function request_headers($xss_clean = FALSE) + { + // Look at Apache go! + if (function_exists('apache_request_headers')) + { + $headers = apache_request_headers(); + } + else + { + $headers['Content-Type'] = (isset($_SERVER['CONTENT_TYPE'])) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE'); + + foreach ($_SERVER as $key => $val) + { + if (strncmp($key, 'HTTP_', 5) === 0) + { + $headers[substr($key, 5)] = $this->_fetch_from_array($_SERVER, $key, $xss_clean); + } + } + } + + // take SOME_HEADER and turn it into Some-Header + foreach ($headers as $key => $val) + { + $key = str_replace('_', ' ', strtolower($key)); + $key = str_replace(' ', '-', ucwords($key)); + + $this->headers[$key] = $val; + } + + return $this->headers; + } + + // -------------------------------------------------------------------- + + /** + * Get Request Header + * + * Returns the value of a single member of the headers class member + * + * @param string array key for $this->headers + * @param boolean XSS Clean or not + * @return mixed FALSE on failure, string on success + */ + public function get_request_header($index, $xss_clean = FALSE) + { + if (empty($this->headers)) + { + $this->request_headers(); + } + + if ( ! isset($this->headers[$index])) + { + return FALSE; + } + + if ($xss_clean === TRUE) + { + $_security =& load_class('Security'); + return $_security->xss_clean($this->headers[$index]); + } + + return $this->headers[$index]; + } + } // END Input class |