. * */ namespace OC\AppFramework\Http; use OCP\IRequest; /** * Class for accessing variables in the request. * This class provides an immutable object with request variables. */ class Request implements \ArrayAccess, \Countable, IRequest { protected $inputStream; protected $content; protected $items = array(); protected $allowedKeys = array( 'get', 'post', 'files', 'server', 'env', 'cookies', 'urlParams', 'parameters', 'method', 'requesttoken', ); /** * @param array $vars An associative array with the following optional values: * @param array 'urlParams' the parameters which were matched from the URL * @param array 'get' the $_GET array * @param array|string 'post' the $_POST array or JSON string * @param array 'files' the $_FILES array * @param array 'server' the $_SERVER array * @param array 'env' the $_ENV array * @param array 'cookies' the $_COOKIE array * @param string 'method' the request method (GET, POST etc) * @param string|false 'requesttoken' the requesttoken or false when not available * @see http://www.php.net/manual/en/reserved.variables.php */ public function __construct(array $vars=array()) { foreach($this->allowedKeys as $name) { $this->items[$name] = isset($vars[$name]) ? $vars[$name] : array(); } if (defined('PHPUNIT_RUN') && PHPUNIT_RUN && in_array('fakeinput', stream_get_wrappers())) { $this->inputStream = 'fakeinput://data'; } else { $this->inputStream = 'php://input'; } // Only 'application/x-www-form-urlencoded' requests are automatically // transformed by PHP, 'application/json' must be decoded manually. if ($this->method === 'POST' && strpos($this->getHeader('Content-Type'), 'application/json') !== false ) { $this->items['params'] = $this->items['post'] = json_decode(file_get_contents($this->inputStream), true); } $this->items['parameters'] = array_merge( $this->items['get'], $this->items['post'], $this->items['urlParams'] ); } // Countable method. public function count() { return count(array_keys($this->items['parameters'])); } /** * ArrayAccess methods * * Gives access to the combined GET, POST and urlParams arrays * * Examples: * * $var = $request['myvar']; * * or * * if(!isset($request['myvar']) { * // Do something * } * * $request['myvar'] = 'something'; // This throws an exception. * * @param string $offset The key to lookup * @return string|null */ public function offsetExists($offset) { return isset($this->items['parameters'][$offset]); } /** * @see offsetExists */ public function offsetGet($offset) { return isset($this->items['parameters'][$offset]) ? $this->items['parameters'][$offset] : null; } /** * @see offsetExists */ public function offsetSet($offset, $value) { throw new \RuntimeException('You cannot change the contents of the request object'); } /** * @see offsetExists */ public function offsetUnset($offset) { throw new \RuntimeException('You cannot change the contents of the request object'); } // Magic property accessors public function __set($name, $value) { throw new \RuntimeException('You cannot change the contents of the request object'); } /** * Access request variables by method and name. * Examples: * * $request->post['myvar']; // Only look for POST variables * $request->myvar; or $request->{'myvar'}; or $request->{$myvar} * Looks in the combined GET, POST and urlParams array. * * If you access e.g. ->post but the current HTTP request method * is GET a \LogicException will be thrown. * * @param string $name The key to look for. * @throws \LogicException * @return mixed|null */ public function __get($name) { switch($name) { case 'put': case 'patch': case 'get': case 'post': if($this->method !== strtoupper($name)) { throw new \LogicException(sprintf('%s cannot be accessed in a %s request.', $name, $this->method)); } case 'files': case 'server': case 'env': case 'cookies': case 'parameters': case 'params': case 'urlParams': if(in_array($name, array('put', 'patch'))) { return $this->getContent($name); } else { return isset($this->items[$name]) ? $this->items[$name] : null; } break; case 'method': return $this->items['method']; break; default; return isset($this[$name]) ? $this[$name] : null; break; } } public function __isset($name) { return isset($this->items['parameters'][$name]); } public function __unset($id) { throw new \RunTimeException('You cannot change the contents of the request object'); } /** * Returns the value for a specific http header. * * This method returns null if the header did not exist. * * @param string $name * @return string */ public function getHeader($name) { $name = strtoupper(str_replace(array('-'),array('_'),$name)); if (isset($this->server['HTTP_' . $name])) { return $this->server['HTTP_' . $name]; } // There's a few headers that seem to end up in the top-level // server array. switch($name) { case 'CONTENT_TYPE' : case 'CONTENT_LENGTH' : if (isset($this->server[$name])) { return $this->server[$name]; } break; } return null; } /** * Lets you access post and get parameters by the index * In case of json requests the encoded json body is accessed * * @param string $key the key which you want to access in the URL Parameter * placeholder, $_POST or $_GET array. * The priority how they're returned is the following: * 1. URL parameters * 2. POST parameters * 3. GET parameters * @param mixed $default If the key is not found, this value will be returned * @return mixed the content of the array */ public function getParam($key, $default = null) { return isset($this->parameters[$key]) ? $this->parameters[$key] : $default; } /** * Returns all params that were received, be it from the request * (as GET or POST) or throuh the URL by the route * @return array the array with all parameters */ public function getParams() { return $this->parameters; } /** * Returns the method of the request * @return string the method of the request (POST, GET, etc) */ public function getMethod() { return $this->method; } /** * Shortcut for accessing an uploaded file through the $_FILES array * @param string $key the key that will be taken from the $_FILES array * @return array the file in the $_FILES element */ public function getUploadedFile($key) { return isset($this->files[$key]) ? $this->files[$key] : null; } /** * Shortcut for getting env variables * @param string $key the key that will be taken from the $_ENV array * @return array the value in the $_ENV element */ public function getEnv($key) { return isset($this->env[$key]) ? $this->env[$key] : null; } /** * Shortcut for getting cookie variables * @param string $key the key that will be taken from the $_COOKIE array * @return array the value in the $_COOKIE element */ function getCookie($key) { return isset($this->cookies[$key]) ? $this->cookies[$key] : null; } /** * Returns the request body content. * * If the HTTP request method is PUT and the body * not application/x-www-form-urlencoded or application/json a stream * resource is returned, otherwise an array. * * @return array|string|resource The request body content or a resource to read the body stream. * * @throws \LogicException */ protected function getContent() { if ($this->content === false && $this->method === 'PUT') { throw new \LogicException( '"put" can only be accessed once if not ' . 'application/x-www-form-urlencoded or application/json.' ); } // If the content can't be parsed into an array then return a stream resource. if ($this->method === 'PUT' && strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') === false && strpos($this->getHeader('Content-Type'), 'application/json') === false ) { $this->content = false; return fopen($this->inputStream, 'rb'); } if (is_null($this->content)) { $this->content = file_get_contents($this->inputStream); /* * Normal jquery ajax requests are sent as application/x-www-form-urlencoded * and in $_GET and $_POST PHP transformes the data into an array. * The first condition mimics this. * The second condition allows for sending raw application/json data while * still getting the result as an array. * */ if (strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) { parse_str($this->content, $content); if(is_array($content)) { $this->content = $content; } } elseif (strpos($this->getHeader('Content-Type'), 'application/json') !== false) { $content = json_decode($this->content, true); if(is_array($content)) { $this->content = $content; } } } return $this->content; } /** * Checks if the CSRF check was correct * @return bool true if CSRF check passed * @see OC_Util::$callLifespan * @see OC_Util::callRegister() */ public function passesCSRFCheck() { if($this->items['requesttoken'] === false) { return false; } if (isset($this->items['get']['requesttoken'])) { $token = $this->items['get']['requesttoken']; } elseif (isset($this->items['post']['requesttoken'])) { $token = $this->items['post']['requesttoken']; } elseif (isset($this->items['server']['HTTP_REQUESTTOKEN'])) { $token = $this->items['server']['HTTP_REQUESTTOKEN']; } else { //no token found. return false; } // Check if the token is valid if($token !== $this->items['requesttoken']) { // Not valid return false; } else { // Valid token return true; } }}