blob: 68a8fe03f2f8380a3b57669fab19093974b64dea [file] [log] [blame]
Andrey Andreevc5536aa2012-11-01 17:33:58 +02001<?php
Derek Allard2067d1a2008-11-13 22:59:24 +00002/**
3 * CodeIgniter
4 *
Phil Sturgeon07c1ac82012-03-09 17:03:37 +00005 * An open source application development framework for PHP 5.2.4 or newer
Derek Allard2067d1a2008-11-13 22:59:24 +00006 *
Derek Jonesf4a4bd82011-10-20 12:18:42 -05007 * NOTICE OF LICENSE
Andrey Andreev64e98aa2012-01-07 20:29:10 +02008 *
Derek Jonesf4a4bd82011-10-20 12:18:42 -05009 * Licensed under the Open Software License version 3.0
Andrey Andreev64e98aa2012-01-07 20:29:10 +020010 *
Derek Jonesf4a4bd82011-10-20 12:18:42 -050011 * This source file is subject to the Open Software License (OSL 3.0) that is
12 * bundled with this package in the files license.txt / license.rst. It is
13 * also available through the world wide web at this URL:
14 * http://opensource.org/licenses/OSL-3.0
15 * If you did not receive a copy of the license and are unable to obtain it
16 * through the world wide web, please send an email to
17 * licensing@ellislab.com so we can send you a copy immediately.
18 *
Derek Allard2067d1a2008-11-13 22:59:24 +000019 * @package CodeIgniter
Derek Jonesf4a4bd82011-10-20 12:18:42 -050020 * @author EllisLab Dev Team
Andrey Andreev80500af2013-01-01 08:16:53 +020021 * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/)
Derek Jonesf4a4bd82011-10-20 12:18:42 -050022 * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0)
Derek Allard2067d1a2008-11-13 22:59:24 +000023 * @link http://codeigniter.com
24 * @since Version 1.0
25 * @filesource
26 */
Andrey Andreevc5536aa2012-11-01 17:33:58 +020027defined('BASEPATH') OR exit('No direct script access allowed');
Derek Allard2067d1a2008-11-13 22:59:24 +000028
Derek Allard2067d1a2008-11-13 22:59:24 +000029/**
30 * Input Class
31 *
32 * Pre-processes global input data for security
33 *
34 * @package CodeIgniter
35 * @subpackage Libraries
36 * @category Input
Derek Jonesf4a4bd82011-10-20 12:18:42 -050037 * @author EllisLab Dev Team
Derek Allard2067d1a2008-11-13 22:59:24 +000038 * @link http://codeigniter.com/user_guide/libraries/input.html
39 */
40class CI_Input {
Derek Allard2067d1a2008-11-13 22:59:24 +000041
David Behler9b5df592011-08-14 21:04:17 +020042 /**
43 * IP address of the current user
44 *
Andrey Andreev1887ec62012-10-27 16:22:07 +030045 * @var string
David Behler9b5df592011-08-14 21:04:17 +020046 */
Andrey Andreev1887ec62012-10-27 16:22:07 +030047 public $ip_address = FALSE;
Andrey Andreev92ebfb62012-05-17 12:49:24 +030048
David Behler9b5df592011-08-14 21:04:17 +020049 /**
Andrey Andreev1887ec62012-10-27 16:22:07 +030050 * User agent strin
David Behler9b5df592011-08-14 21:04:17 +020051 *
Andrey Andreev1887ec62012-10-27 16:22:07 +030052 * @var string
David Behler9b5df592011-08-14 21:04:17 +020053 */
Andrey Andreev1887ec62012-10-27 16:22:07 +030054 public $user_agent = FALSE;
Andrey Andreev92ebfb62012-05-17 12:49:24 +030055
David Behler9b5df592011-08-14 21:04:17 +020056 /**
Andrey Andreev1887ec62012-10-27 16:22:07 +030057 * Allow GET array flag
David Behler9b5df592011-08-14 21:04:17 +020058 *
Andrey Andreev1887ec62012-10-27 16:22:07 +030059 * If set to FALSE, then $_GET will be set to an empty array.
David Behler9b5df592011-08-14 21:04:17 +020060 *
Andrey Andreev1887ec62012-10-27 16:22:07 +030061 * @var bool
David Behler9b5df592011-08-14 21:04:17 +020062 */
Andrey Andreev1887ec62012-10-27 16:22:07 +030063 protected $_allow_get_array = TRUE;
Andrey Andreev92ebfb62012-05-17 12:49:24 +030064
David Behler9b5df592011-08-14 21:04:17 +020065 /**
Andrey Andreev1887ec62012-10-27 16:22:07 +030066 * Standartize new lines flag
David Behler9b5df592011-08-14 21:04:17 +020067 *
Andrey Andreev1887ec62012-10-27 16:22:07 +030068 * If set to TRUE, then newlines are standardized.
69 *
70 * @var bool
David Behler9b5df592011-08-14 21:04:17 +020071 */
Andrey Andreev1887ec62012-10-27 16:22:07 +030072 protected $_standardize_newlines = TRUE;
Andrey Andreev92ebfb62012-05-17 12:49:24 +030073
David Behler9b5df592011-08-14 21:04:17 +020074 /**
Andrey Andreev1887ec62012-10-27 16:22:07 +030075 * Enable XSS flag
76 *
77 * Determines whether the XSS filter is always active when
78 * GET, POST or COOKIE data is encountered.
79 * Set automatically based on config setting.
80 *
81 * @var bool
82 */
83 protected $_enable_xss = FALSE;
84
85 /**
86 * Enable CSRF flag
87 *
David Behler9b5df592011-08-14 21:04:17 +020088 * Enables a CSRF cookie token to be set.
Andrey Andreev1887ec62012-10-27 16:22:07 +030089 * Set automatically based on config setting.
David Behler9b5df592011-08-14 21:04:17 +020090 *
Andrey Andreev1887ec62012-10-27 16:22:07 +030091 * @var bool
David Behler9b5df592011-08-14 21:04:17 +020092 */
Andrey Andreev1887ec62012-10-27 16:22:07 +030093 protected $_enable_csrf = FALSE;
Andrey Andreev92ebfb62012-05-17 12:49:24 +030094
David Behler9b5df592011-08-14 21:04:17 +020095 /**
96 * List of all HTTP request headers
97 *
98 * @var array
99 */
Andrey Andreev1887ec62012-10-27 16:22:07 +0300100 protected $headers = array();
David Behler9b5df592011-08-14 21:04:17 +0200101
Derek Allard2067d1a2008-11-13 22:59:24 +0000102 /**
Andrey Andreev303eef02012-11-06 14:55:48 +0200103 * Input stream data
104 *
105 * Parsed from php://input at runtime
106 *
107 * @see CI_Input::input_stream()
108 * @var array
109 */
110 protected $_input_stream = NULL;
111
112 /**
Andrey Andreev1887ec62012-10-27 16:22:07 +0300113 * Class constructor
Greg Akera9263282010-11-10 15:26:43 -0600114 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300115 * Determines whether to globally enable the XSS processing
116 * and whether to allow the $_GET array.
Andrey Andreev92ebfb62012-05-17 12:49:24 +0300117 *
118 * @return void
Greg Akera9263282010-11-10 15:26:43 -0600119 */
120 public function __construct()
Derek Allard2067d1a2008-11-13 22:59:24 +0000121 {
Andrey Andreev13774972012-01-08 04:30:33 +0200122 log_message('debug', 'Input Class Initialized');
Derek Allard2067d1a2008-11-13 22:59:24 +0000123
Phil Sturgeonc8089152010-12-27 19:06:28 +0000124 $this->_allow_get_array = (config_item('allow_get_array') === TRUE);
Andrey Andreev64e98aa2012-01-07 20:29:10 +0200125 $this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
126 $this->_enable_csrf = (config_item('csrf_protection') === TRUE);
Derek Jones69fc4fc2010-03-02 13:36:31 -0600127
Pascal Kriete14a0ac62011-04-05 14:55:56 -0400128 global $SEC;
129 $this->security =& $SEC;
Derek Jones69fc4fc2010-03-02 13:36:31 -0600130
Pascal Krieteaaec1e42011-01-20 00:01:21 -0500131 // Do we need the UTF-8 class?
Derek Jones69fc4fc2010-03-02 13:36:31 -0600132 if (UTF8_ENABLED === TRUE)
133 {
134 global $UNI;
135 $this->uni =& $UNI;
136 }
137
138 // Sanitize global arrays
Derek Allard2067d1a2008-11-13 22:59:24 +0000139 $this->_sanitize_globals();
140 }
141
142 // --------------------------------------------------------------------
143
144 /**
Greg Akera9263282010-11-10 15:26:43 -0600145 * Fetch from array
146 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300147 * Internal method used to retrieve values from global arrays.
Greg Akera9263282010-11-10 15:26:43 -0600148 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300149 * @param array &$array $_GET, $_POST, $_COOKIE, $_SERVER, etc.
150 * @param string $index Index for item to be fetched from $array
151 * @param bool $xss_clean Whether to apply XSS filtering
152 * @return mixed
Greg Akera9263282010-11-10 15:26:43 -0600153 */
Bo-Yi Wu47213792011-09-13 22:44:07 +0800154 protected function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000155 {
156 if ( ! isset($array[$index]))
157 {
Phil Sturgeon55a6ddb2012-05-23 18:37:24 +0100158 return NULL;
Derek Allard2067d1a2008-11-13 22:59:24 +0000159 }
160
161 if ($xss_clean === TRUE)
162 {
Pascal Kriete14a0ac62011-04-05 14:55:56 -0400163 return $this->security->xss_clean($array[$index]);
Derek Allard2067d1a2008-11-13 22:59:24 +0000164 }
165
166 return $array[$index];
167 }
168
169 // --------------------------------------------------------------------
170
171 /**
Timothy Warren40403d22012-04-19 16:38:50 -0400172 * Fetch an item from the GET array
173 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300174 * @param string $index Index for item to be fetched from $_GET
175 * @param bool $xss_clean Whether to apply XSS filtering
176 * @return mixed
Timothy Warren40403d22012-04-19 16:38:50 -0400177 */
Bo-Yi Wu4db872f2011-09-12 10:52:37 +0800178 public function get($index = NULL, $xss_clean = FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000179 {
Phil Sturgeon44f21052011-02-15 21:39:25 +0000180 // Check if a field has been provided
Andrey Andreev77bd21b2012-11-20 16:34:15 +0200181 if ($index === NULL)
vascopjff1cfa12011-02-13 21:30:19 +0000182 {
Andrey Andreev77bd21b2012-11-20 16:34:15 +0200183 if (empty($_GET))
184 {
185 return array();
186 }
187
Phil Sturgeon44f21052011-02-15 21:39:25 +0000188 $get = array();
vascopjff1cfa12011-02-13 21:30:19 +0000189
190 // loop through the full _GET array
Phil Sturgeon44f21052011-02-15 21:39:25 +0000191 foreach (array_keys($_GET) as $key)
vascopjff1cfa12011-02-13 21:30:19 +0000192 {
Phil Sturgeon44f21052011-02-15 21:39:25 +0000193 $get[$key] = $this->_fetch_from_array($_GET, $key, $xss_clean);
vascopjff1cfa12011-02-13 21:30:19 +0000194 }
Phil Sturgeon44f21052011-02-15 21:39:25 +0000195 return $get;
vascopjff1cfa12011-02-13 21:30:19 +0000196 }
197
Derek Allard2067d1a2008-11-13 22:59:24 +0000198 return $this->_fetch_from_array($_GET, $index, $xss_clean);
199 }
200
201 // --------------------------------------------------------------------
202
203 /**
Timothy Warren40403d22012-04-19 16:38:50 -0400204 * Fetch an item from the POST array
205 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300206 * @param string $index Index for item to be fetched from $_POST
207 * @param bool $xss_clean Whether to apply XSS filtering
208 * @return mixed
Timothy Warren40403d22012-04-19 16:38:50 -0400209 */
Bo-Yi Wu4db872f2011-09-12 10:52:37 +0800210 public function post($index = NULL, $xss_clean = FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000211 {
Phil Sturgeon44f21052011-02-15 21:39:25 +0000212 // Check if a field has been provided
Andrey Andreev77bd21b2012-11-20 16:34:15 +0200213 if ($index === NULL)
vascopj0ba58b82011-02-06 14:20:21 +0000214 {
Andrey Andreev77bd21b2012-11-20 16:34:15 +0200215 if (empty($_POST))
216 {
217 return array();
218 }
219
Phil Sturgeon44f21052011-02-15 21:39:25 +0000220 $post = array();
vascopj0ba58b82011-02-06 14:20:21 +0000221
Phil Sturgeon44f21052011-02-15 21:39:25 +0000222 // Loop through the full _POST array and return it
223 foreach (array_keys($_POST) as $key)
vascopj0ba58b82011-02-06 14:20:21 +0000224 {
Phil Sturgeon44f21052011-02-15 21:39:25 +0000225 $post[$key] = $this->_fetch_from_array($_POST, $key, $xss_clean);
vascopj0ba58b82011-02-06 14:20:21 +0000226 }
Phil Sturgeon44f21052011-02-15 21:39:25 +0000227 return $post;
vascopj0ba58b82011-02-06 14:20:21 +0000228 }
David Behler9b5df592011-08-14 21:04:17 +0200229
Derek Allard2067d1a2008-11-13 22:59:24 +0000230 return $this->_fetch_from_array($_POST, $index, $xss_clean);
231 }
232
233 // --------------------------------------------------------------------
234
235 /**
Andrey Andreev1887ec62012-10-27 16:22:07 +0300236 * Fetch an item from POST data with fallback to GET
Timothy Warren40403d22012-04-19 16:38:50 -0400237 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300238 * @param string $index Index for item to be fetched from $_POST or $_GET
239 * @param bool $xss_clean Whether to apply XSS filtering
240 * @return mixed
Timothy Warren40403d22012-04-19 16:38:50 -0400241 */
Bo-Yi Wu4db872f2011-09-12 10:52:37 +0800242 public function get_post($index = '', $xss_clean = FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000243 {
Andrey Andreev9448afb2012-02-08 19:49:19 +0200244 return isset($_POST[$index])
245 ? $this->post($index, $xss_clean)
246 : $this->get($index, $xss_clean);
Derek Allard2067d1a2008-11-13 22:59:24 +0000247 }
248
249 // --------------------------------------------------------------------
250
251 /**
Timothy Warren40403d22012-04-19 16:38:50 -0400252 * Fetch an item from the COOKIE array
253 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300254 * @param string $index Index for item to be fetched from $_COOKIE
255 * @param bool $xss_clean Whether to apply XSS filtering
256 * @return mixed
Timothy Warren40403d22012-04-19 16:38:50 -0400257 */
Bo-Yi Wu4db872f2011-09-12 10:52:37 +0800258 public function cookie($index = '', $xss_clean = FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000259 {
260 return $this->_fetch_from_array($_COOKIE, $index, $xss_clean);
261 }
262
Andrey Andreev1887ec62012-10-27 16:22:07 +0300263 // --------------------------------------------------------------------
264
265 /**
266 * Fetch an item from the SERVER array
267 *
268 * @param string $index Index for item to be fetched from $_SERVER
269 * @param bool $xss_clean Whether to apply XSS filtering
270 * @return mixed
271 */
272 public function server($index = '', $xss_clean = FALSE)
273 {
274 return $this->_fetch_from_array($_SERVER, $index, $xss_clean);
275 }
276
Derek Jones69fc4fc2010-03-02 13:36:31 -0600277 // ------------------------------------------------------------------------
278
279 /**
Andrey Andreev303eef02012-11-06 14:55:48 +0200280 * Fetch an item from the php://input stream
281 *
282 * Useful when you need to access PUT, DELETE or PATCH request data.
283 *
284 * @param string $index Index for item to be fetched
285 * @param bool $xss_clean Whether to apply XSS filtering
286 * @return mixed
287 */
288 public function input_stream($index = '', $xss_clean = FALSE)
289 {
290 // The input stream can only be read once, so we'll need to check
291 // if we have already done that first.
292 if (is_array($this->_input_stream))
293 {
294 return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean);
295 }
296
297 // Parse the input stream in our cache var
298 parse_str(file_get_contents('php://input'), $this->_input_stream);
299 if ( ! is_array($this->_input_stream))
300 {
301 $this->_input_stream = array();
302 return NULL;
303 }
304
305 return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean);
306 }
307
308 // ------------------------------------------------------------------------
309
310 /**
Timothy Warren40403d22012-04-19 16:38:50 -0400311 * Set cookie
312 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300313 * Accepts an arbitrary number of parameters (up to 7) or an associative
Timothy Warren40403d22012-04-19 16:38:50 -0400314 * array in the first parameter containing all the values.
315 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300316 * @param string|mixed[] $name Cookie name or an array containing parameters
317 * @param string $value Cookie value
318 * @param int $expire Cookie expiration time in seconds
319 * @param string $domain Cookie domain (e.g.: '.yourdomain.com')
320 * @param string $path Cookie path (default: '/')
321 * @param string $prefix Cookie name prefix
322 * @param bool $secure Whether to only transfer cookies via SSL
323 * @param bool $httponly Whether to only makes the cookie accessible via HTTP (no javascript)
Timothy Warren40403d22012-04-19 16:38:50 -0400324 * @return void
325 */
freewil4ad0fd82012-03-13 22:37:42 -0400326 public function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE, $httponly = FALSE)
Derek Jones69fc4fc2010-03-02 13:36:31 -0600327 {
328 if (is_array($name))
329 {
tobiasbg9aa7dc92011-02-18 21:57:13 +0100330 // always leave 'name' in last place, as the loop will break otherwise, due to $$item
freewil4ad0fd82012-03-13 22:37:42 -0400331 foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name') as $item)
Derek Jones69fc4fc2010-03-02 13:36:31 -0600332 {
333 if (isset($name[$item]))
334 {
335 $$item = $name[$item];
336 }
337 }
338 }
339
Alex Bilbieed944a32012-06-02 11:07:47 +0100340 if ($prefix === '' && config_item('cookie_prefix') !== '')
Derek Jones69fc4fc2010-03-02 13:36:31 -0600341 {
342 $prefix = config_item('cookie_prefix');
343 }
Andrey Andreev9ba661b2012-06-04 14:44:34 +0300344
345 if ($domain == '' && config_item('cookie_domain') != '')
Derek Jones69fc4fc2010-03-02 13:36:31 -0600346 {
347 $domain = config_item('cookie_domain');
348 }
Andrey Andreev9ba661b2012-06-04 14:44:34 +0300349
Alex Bilbieed944a32012-06-02 11:07:47 +0100350 if ($path === '/' && config_item('cookie_path') !== '/')
Derek Jones69fc4fc2010-03-02 13:36:31 -0600351 {
352 $path = config_item('cookie_path');
353 }
Andrey Andreev9ba661b2012-06-04 14:44:34 +0300354
Alex Bilbieed944a32012-06-02 11:07:47 +0100355 if ($secure === FALSE && config_item('cookie_secure') !== FALSE)
tobiasbg9aa7dc92011-02-18 21:57:13 +0100356 {
357 $secure = config_item('cookie_secure');
358 }
Andrey Andreev9ba661b2012-06-04 14:44:34 +0300359
Alex Bilbieed944a32012-06-02 11:07:47 +0100360 if ($httponly === FALSE && config_item('cookie_httponly') !== FALSE)
freewil4ad0fd82012-03-13 22:37:42 -0400361 {
362 $httponly = config_item('cookie_httponly');
363 }
Derek Jones69fc4fc2010-03-02 13:36:31 -0600364
365 if ( ! is_numeric($expire))
366 {
367 $expire = time() - 86500;
368 }
369 else
370 {
Phil Sturgeonc8089152010-12-27 19:06:28 +0000371 $expire = ($expire > 0) ? time() + $expire : 0;
Derek Jones69fc4fc2010-03-02 13:36:31 -0600372 }
373
freewil4ad0fd82012-03-13 22:37:42 -0400374 setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, $httponly);
Derek Jones69fc4fc2010-03-02 13:36:31 -0600375 }
376
Derek Allard2067d1a2008-11-13 22:59:24 +0000377 // --------------------------------------------------------------------
378
379 /**
Timothy Warren40403d22012-04-19 16:38:50 -0400380 * Fetch the IP Address
381 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300382 * Determines and validates the visitor's IP address.
383 *
384 * @return string IP address
Timothy Warren40403d22012-04-19 16:38:50 -0400385 */
Bo-Yi Wu4db872f2011-09-12 10:52:37 +0800386 public function ip_address()
Derek Allard2067d1a2008-11-13 22:59:24 +0000387 {
388 if ($this->ip_address !== FALSE)
389 {
390 return $this->ip_address;
391 }
Barry Mienydd671972010-10-04 16:33:58 +0200392
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300393 $proxy_ips = config_item('proxy_ips');
Andrey Andreevea7a8662012-10-09 13:36:31 +0300394 if ( ! empty($proxy_ips) && ! is_array($proxy_ips))
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300395 {
396 $proxy_ips = explode(',', str_replace(' ', '', $proxy_ips));
397 }
Andrey Andreev5b92ae12012-10-04 13:05:03 +0300398
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300399 $this->ip_address = $this->server('REMOTE_ADDR');
400
401 if ($proxy_ips)
402 {
403 foreach (array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP') as $header)
Jordan Pittman8960acf2012-07-23 09:05:49 -0300404 {
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300405 if (($spoof = $this->server($header)) !== NULL)
Jordan Pittman8960acf2012-07-23 09:05:49 -0300406 {
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300407 // Some proxies typically list the whole chain of IP
408 // addresses through which the client has reached us.
409 // e.g. client_ip, proxy_ip1, proxy_ip2, etc.
Andrey Andreeve24eed72012-11-02 23:33:45 +0200410 sscanf($spoof, '%[^,]', $spoof);
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300411
412 if ( ! $this->valid_ip($spoof))
413 {
414 $spoof = NULL;
415 }
416 else
417 {
Jordan Pittmana5a71352012-07-20 19:36:43 -0300418 break;
419 }
420 }
Andrey Andreev5b92ae12012-10-04 13:05:03 +0300421 }
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300422
Andrey Andreeve45ad2b2012-10-09 13:11:15 +0300423 if ($spoof)
Andrey Andreev5b92ae12012-10-04 13:05:03 +0300424 {
Andrey Andreev9df35b42012-10-09 13:37:58 +0300425 for ($i = 0, $c = count($proxy_ips); $i < $c; $i++)
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300426 {
427 // Check if we have an IP address or a subnet
428 if (strpos($proxy_ips[$i], '/') === FALSE)
429 {
430 // An IP address (and not a subnet) is specified.
431 // We can compare right away.
432 if ($proxy_ips[$i] === $this->ip_address)
433 {
434 $this->ip_address = $spoof;
435 break;
436 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000437
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300438 continue;
439 }
440
441 // We have a subnet ... now the heavy lifting begins
442 isset($separator) OR $separator = $this->valid_ip($this->ip_address, 'ipv6') ? ':' : '.';
443
444 // If the proxy entry doesn't match the IP protocol - skip it
445 if (strpos($proxy_ips[$i], $separator) === FALSE)
446 {
447 continue;
448 }
449
450 // Convert the REMOTE_ADDR IP address to binary, if needed
Andrey Andreev82d2cf12012-10-13 12:38:42 +0300451 if ( ! isset($ip, $sprintf))
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300452 {
453 if ($separator === ':')
454 {
455 // Make sure we're have the "full" IPv6 format
Andrey Andreev82d2cf12012-10-13 12:38:42 +0300456 $ip = explode(':',
457 str_replace('::',
458 str_repeat(':', 9 - substr_count($this->ip_address, ':')),
459 $this->ip_address
460 )
461 );
462
463 for ($i = 0; $i < 8; $i++)
464 {
465 $ip[$i] = intval($ip[$i], 16);
466 }
467
468 $sprintf = '%016b%016b%016b%016b%016b%016b%016b%016b';
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300469 }
470 else
471 {
Andrey Andreev82d2cf12012-10-13 12:38:42 +0300472 $ip = explode('.', $this->ip_address);
473 $sprintf = '%08b%08b%08b%08b';
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300474 }
475
Andrey Andreev82d2cf12012-10-13 12:38:42 +0300476 $ip = vsprintf($sprintf, $ip);
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300477 }
478
479 // Split the netmask length off the network address
Andrey Andreeve24eed72012-11-02 23:33:45 +0200480 sscanf($proxy_ips[$i], '%[^/]/%d', $netaddr, $masklen);
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300481
482 // Again, an IPv6 address is most likely in a compressed form
483 if ($separator === ':')
484 {
Andrey Andreev82d2cf12012-10-13 12:38:42 +0300485 $netaddr = explode(':', str_replace('::', str_repeat(':', 9 - substr_count($netaddr, ':')), $netaddr));
486 for ($i = 0; $i < 8; $i++)
487 {
488 $netaddr[$i] = intval($netaddr[$i], 16);
489 }
490 }
491 else
492 {
493 $netaddr = explode('.', $netaddr);
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300494 }
495
Andrey Andreev82d2cf12012-10-13 12:38:42 +0300496 // Convert to binary and finally compare
497 if (strncmp($ip, vsprintf($sprintf, $netaddr), $masklen) === 0)
Andrey Andreev9ac557f2012-10-06 20:27:57 +0300498 {
499 $this->ip_address = $spoof;
500 break;
501 }
502 }
503 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000504 }
505
Derek Allard2067d1a2008-11-13 22:59:24 +0000506 if ( ! $this->valid_ip($this->ip_address))
507 {
Andrey Andreev64e98aa2012-01-07 20:29:10 +0200508 return $this->ip_address = '0.0.0.0';
Derek Allard2067d1a2008-11-13 22:59:24 +0000509 }
510
511 return $this->ip_address;
512 }
513
514 // --------------------------------------------------------------------
515
516 /**
Timothy Warren40403d22012-04-19 16:38:50 -0400517 * Validate IP Address
518 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300519 * @param string $ip IP address
520 * @param string $which IP protocol: 'ipv4' or 'ipv6'
Timothy Warren40403d22012-04-19 16:38:50 -0400521 * @return bool
522 */
Andrey Andreev5a257182012-06-10 06:18:14 +0300523 public function valid_ip($ip, $which = '')
Derek Allard2067d1a2008-11-13 22:59:24 +0000524 {
Andrey Andreev5a257182012-06-10 06:18:14 +0300525 switch (strtolower($which))
526 {
527 case 'ipv4':
528 $which = FILTER_FLAG_IPV4;
529 break;
530 case 'ipv6':
531 $which = FILTER_FLAG_IPV6;
532 break;
533 default:
534 $which = NULL;
535 break;
536 }
537
538 return (bool) filter_var($ip, FILTER_VALIDATE_IP, $which);
Derek Allard2067d1a2008-11-13 22:59:24 +0000539 }
540
541 // --------------------------------------------------------------------
542
543 /**
Andrey Andreev1887ec62012-10-27 16:22:07 +0300544 * Fetch User Agent string
Timothy Warren40403d22012-04-19 16:38:50 -0400545 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300546 * @return string|null User Agent string or NULL if it doesn't exist
Timothy Warren40403d22012-04-19 16:38:50 -0400547 */
Bo-Yi Wu4db872f2011-09-12 10:52:37 +0800548 public function user_agent()
Derek Allard2067d1a2008-11-13 22:59:24 +0000549 {
550 if ($this->user_agent !== FALSE)
551 {
552 return $this->user_agent;
553 }
554
Andrey Andreev1887ec62012-10-27 16:22:07 +0300555 return $this->user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : NULL;
Derek Allard2067d1a2008-11-13 22:59:24 +0000556 }
557
558 // --------------------------------------------------------------------
559
560 /**
Timothy Warren40403d22012-04-19 16:38:50 -0400561 * Sanitize Globals
562 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300563 * Internal method serving for the following purposes:
Timothy Warren40403d22012-04-19 16:38:50 -0400564 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300565 * - Unsets $_GET data (if query strings are not enabled)
566 * - Unsets all globals if register_globals is enabled
567 * - Cleans POST, COOKIE and SERVER data
568 * - Standardizes newline characters to PHP_EOL
Timothy Warren40403d22012-04-19 16:38:50 -0400569 *
570 * @return void
571 */
Andrey Andreev90cfe142012-01-08 04:46:42 +0200572 protected function _sanitize_globals()
Derek Allard2067d1a2008-11-13 22:59:24 +0000573 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600574 // It would be "wrong" to unset any of these GLOBALS.
Timothy Warren40403d22012-04-19 16:38:50 -0400575 $protected = array(
576 '_SERVER',
577 '_GET',
578 '_POST',
579 '_FILES',
580 '_REQUEST',
581 '_SESSION',
582 '_ENV',
583 'GLOBALS',
584 'HTTP_RAW_POST_DATA',
585 'system_folder',
586 'application_folder',
587 'BM',
588 'EXT',
589 'CFG',
590 'URI',
591 'RTR',
Timothy Warren67cb3ee2012-04-19 16:41:52 -0400592 'OUT',
Timothy Warren40403d22012-04-19 16:38:50 -0400593 'IN'
594 );
Derek Allard2067d1a2008-11-13 22:59:24 +0000595
Andrey Andreev1887ec62012-10-27 16:22:07 +0300596 // Unset globals for security.
Derek Jones69fc4fc2010-03-02 13:36:31 -0600597 // This is effectively the same as register_globals = off
Andrey Andreev1887ec62012-10-27 16:22:07 +0300598 // PHP 5.4 no longer has the register_globals functionality.
599 if ( ! is_php('5.4'))
Derek Allard2067d1a2008-11-13 22:59:24 +0000600 {
Andrey Andreev1887ec62012-10-27 16:22:07 +0300601 foreach (array($_GET, $_POST, $_COOKIE) as $global)
Derek Jones69fc4fc2010-03-02 13:36:31 -0600602 {
Andrey Andreev1887ec62012-10-27 16:22:07 +0300603 if (is_array($global))
Derek Jones69fc4fc2010-03-02 13:36:31 -0600604 {
Andrey Andreev1887ec62012-10-27 16:22:07 +0300605 foreach ($global as $key => $val)
Derek Jones69fc4fc2010-03-02 13:36:31 -0600606 {
Andrey Andreev1887ec62012-10-27 16:22:07 +0300607 if ( ! in_array($key, $protected))
608 {
609 global $$key;
610 $$key = NULL;
611 }
Derek Jones69fc4fc2010-03-02 13:36:31 -0600612 }
613 }
Andrey Andreev1887ec62012-10-27 16:22:07 +0300614 elseif ( ! in_array($global, $protected))
615 {
616 global $$global;
617 $$global = NULL;
618 }
Andrey Andreev92ebfb62012-05-17 12:49:24 +0300619 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000620 }
621
Derek Jones69fc4fc2010-03-02 13:36:31 -0600622 // Is $_GET data allowed? If not we'll set the $_GET to an empty array
Alex Bilbieed944a32012-06-02 11:07:47 +0100623 if ($this->_allow_get_array === FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000624 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600625 $_GET = array();
Derek Allard2067d1a2008-11-13 22:59:24 +0000626 }
Andrey Andreev9448afb2012-02-08 19:49:19 +0200627 elseif (is_array($_GET) && count($_GET) > 0)
Derek Allard2067d1a2008-11-13 22:59:24 +0000628 {
Andrey Andreev9448afb2012-02-08 19:49:19 +0200629 foreach ($_GET as $key => $val)
Derek Allard2067d1a2008-11-13 22:59:24 +0000630 {
Andrey Andreev9448afb2012-02-08 19:49:19 +0200631 $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
Derek Allard2067d1a2008-11-13 22:59:24 +0000632 }
633 }
634
Derek Jones69fc4fc2010-03-02 13:36:31 -0600635 // Clean $_POST Data
Andrey Andreev9448afb2012-02-08 19:49:19 +0200636 if (is_array($_POST) && count($_POST) > 0)
Derek Allard2067d1a2008-11-13 22:59:24 +0000637 {
Pascal Kriete5d5895f2011-02-14 13:27:07 -0500638 foreach ($_POST as $key => $val)
Derek Jones69fc4fc2010-03-02 13:36:31 -0600639 {
640 $_POST[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
641 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000642 }
643
Derek Jones69fc4fc2010-03-02 13:36:31 -0600644 // Clean $_COOKIE Data
Andrey Andreev9448afb2012-02-08 19:49:19 +0200645 if (is_array($_COOKIE) && count($_COOKIE) > 0)
Derek Allard2067d1a2008-11-13 22:59:24 +0000646 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600647 // Also get rid of specially treated cookies that might be set by a server
648 // or silly application, that are of no use to a CI application anyway
649 // but that when present will trip our 'Disallowed Key Characters' alarm
650 // http://www.ietf.org/rfc/rfc2109.txt
651 // note that the key names below are single quoted strings, and are not PHP variables
652 unset($_COOKIE['$Version']);
653 unset($_COOKIE['$Path']);
654 unset($_COOKIE['$Domain']);
655
Pascal Kriete5d5895f2011-02-14 13:27:07 -0500656 foreach ($_COOKIE as $key => $val)
Derek Jones69fc4fc2010-03-02 13:36:31 -0600657 {
658 $_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
659 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000660 }
661
Derek Jones69fc4fc2010-03-02 13:36:31 -0600662 // Sanitize PHP_SELF
663 $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
664
Derek Jones69fc4fc2010-03-02 13:36:31 -0600665 // CSRF Protection check
Andrey Andreeve45ad2b2012-10-09 13:11:15 +0300666 if ($this->_enable_csrf === TRUE && ! $this->is_cli_request())
Derek Allard2067d1a2008-11-13 22:59:24 +0000667 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600668 $this->security->csrf_verify();
Derek Allard2067d1a2008-11-13 22:59:24 +0000669 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000670
Andrey Andreev90cfe142012-01-08 04:46:42 +0200671 log_message('debug', 'Global POST and COOKIE data sanitized');
Derek Allard2067d1a2008-11-13 22:59:24 +0000672 }
673
674 // --------------------------------------------------------------------
675
676 /**
Timothy Warren40403d22012-04-19 16:38:50 -0400677 * Clean Input Data
678 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300679 * Internal method that aids in escaping data and
680 * standardizing newline characters to PHP_EOL.
Timothy Warren40403d22012-04-19 16:38:50 -0400681 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300682 * @param string|string[] $str Input string(s)
Timothy Warren40403d22012-04-19 16:38:50 -0400683 * @return string
684 */
Andrey Andreev90cfe142012-01-08 04:46:42 +0200685 protected function _clean_input_data($str)
Derek Allard2067d1a2008-11-13 22:59:24 +0000686 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600687 if (is_array($str))
Derek Allard2067d1a2008-11-13 22:59:24 +0000688 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600689 $new_array = array();
Andrey Andreev1887ec62012-10-27 16:22:07 +0300690 foreach (array_keys($str) as $key)
Derek Jones69fc4fc2010-03-02 13:36:31 -0600691 {
Andrey Andreev1887ec62012-10-27 16:22:07 +0300692 $new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($str[$key]);
Derek Jones69fc4fc2010-03-02 13:36:31 -0600693 }
694 return $new_array;
Derek Allard2067d1a2008-11-13 22:59:24 +0000695 }
696
Andrey Andreevaf728622011-10-20 10:11:59 +0300697 /* We strip slashes if magic quotes is on to keep things consistent
698
699 NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and
700 it will probably not exist in future versions at all.
701 */
702 if ( ! is_php('5.4') && get_magic_quotes_gpc())
Derek Allard2067d1a2008-11-13 22:59:24 +0000703 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600704 $str = stripslashes($str);
705 }
706
707 // Clean UTF-8 if supported
708 if (UTF8_ENABLED === TRUE)
709 {
710 $str = $this->uni->clean_string($str);
711 }
David Behler9b5df592011-08-14 21:04:17 +0200712
Pascal Kriete14a0ac62011-04-05 14:55:56 -0400713 // Remove control characters
714 $str = remove_invisible_characters($str);
Derek Jones69fc4fc2010-03-02 13:36:31 -0600715
716 // Should we filter the input data?
717 if ($this->_enable_xss === TRUE)
718 {
719 $str = $this->security->xss_clean($str);
720 }
721
722 // Standardize newlines if needed
Eric Robertsb75e13d2013-01-27 20:10:09 -0600723 if ($this->_standardize_newlines === TRUE)
Derek Jones69fc4fc2010-03-02 13:36:31 -0600724 {
Eric Robertsb75e13d2013-01-27 20:10:09 -0600725 return preg_replace('/(?:\r\n|[\r\n])/', PHP_EOL, $str);
Derek Allard2067d1a2008-11-13 22:59:24 +0000726 }
727
728 return $str;
729 }
730
731 // --------------------------------------------------------------------
732
733 /**
Timothy Warren40403d22012-04-19 16:38:50 -0400734 * Clean Keys
735 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300736 * Internal method that helps to prevent malicious users
Timothy Warren40403d22012-04-19 16:38:50 -0400737 * from trying to exploit keys we make sure that keys are
738 * only named with alpha-numeric text and a few other items.
739 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300740 * @param string $str Input string
Timothy Warren40403d22012-04-19 16:38:50 -0400741 * @return string
742 */
Andrey Andreev90cfe142012-01-08 04:46:42 +0200743 protected function _clean_input_keys($str)
Derek Allard2067d1a2008-11-13 22:59:24 +0000744 {
bigCat3c0846b2012-08-21 00:20:20 +0800745 if ( ! preg_match('/^[a-z0-9:_\/|-]+$/i', $str))
Derek Allard2067d1a2008-11-13 22:59:24 +0000746 {
Kevin Cuppd63e4012012-02-05 14:14:32 -0500747 set_status_header(503);
Derek Jones69fc4fc2010-03-02 13:36:31 -0600748 exit('Disallowed Key Characters.');
Derek Allard2067d1a2008-11-13 22:59:24 +0000749 }
750
Derek Jones69fc4fc2010-03-02 13:36:31 -0600751 // Clean UTF-8 if supported
752 if (UTF8_ENABLED === TRUE)
753 {
Andrey Andreev64e98aa2012-01-07 20:29:10 +0200754 return $this->uni->clean_string($str);
Derek Jones69fc4fc2010-03-02 13:36:31 -0600755 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000756
Derek Jones69fc4fc2010-03-02 13:36:31 -0600757 return $str;
758 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000759
Greg Akerec2f5712010-11-15 16:22:12 -0600760 // --------------------------------------------------------------------
761
762 /**
763 * Request Headers
764 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300765 * @param bool $xss_clean Whether to apply XSS filtering
Andrey Andreev64e98aa2012-01-07 20:29:10 +0200766 * @return array
Greg Akerec2f5712010-11-15 16:22:12 -0600767 */
768 public function request_headers($xss_clean = FALSE)
769 {
Andrey Andreev1887ec62012-10-27 16:22:07 +0300770 // In Apache, you can simply call apache_request_headers()
Greg Akerec2f5712010-11-15 16:22:12 -0600771 if (function_exists('apache_request_headers'))
772 {
773 $headers = apache_request_headers();
774 }
775 else
776 {
Andrey Andreev9448afb2012-02-08 19:49:19 +0200777 $headers['Content-Type'] = isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE');
Greg Akerec2f5712010-11-15 16:22:12 -0600778
779 foreach ($_SERVER as $key => $val)
780 {
Andrey Andreev7a7ad782012-11-12 17:21:01 +0200781 if (sscanf($key, 'HTTP_%s', $header) === 1)
Greg Akerec2f5712010-11-15 16:22:12 -0600782 {
Andrey Andreev7a7ad782012-11-12 17:21:01 +0200783 $headers[$header] = $this->_fetch_from_array($_SERVER, $key, $xss_clean);
Greg Akerec2f5712010-11-15 16:22:12 -0600784 }
785 }
786 }
787
788 // take SOME_HEADER and turn it into Some-Header
789 foreach ($headers as $key => $val)
790 {
Daniel Hunsakerc82b57b2012-12-31 09:22:07 -0700791 $key = str_replace(array('_', '-'), ' ', strtolower($key));
Greg Akerec2f5712010-11-15 16:22:12 -0600792 $key = str_replace(' ', '-', ucwords($key));
David Behler9b5df592011-08-14 21:04:17 +0200793
Greg Akerec2f5712010-11-15 16:22:12 -0600794 $this->headers[$key] = $val;
795 }
David Behler9b5df592011-08-14 21:04:17 +0200796
Greg Akerec2f5712010-11-15 16:22:12 -0600797 return $this->headers;
798 }
799
800 // --------------------------------------------------------------------
801
802 /**
803 * Get Request Header
804 *
805 * Returns the value of a single member of the headers class member
806 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300807 * @param string $index Header name
808 * @param bool $xss_clean Whether to apply XSS filtering
809 * @return string|bool The requested header on success or FALSE on failure
Greg Akerec2f5712010-11-15 16:22:12 -0600810 */
811 public function get_request_header($index, $xss_clean = FALSE)
812 {
813 if (empty($this->headers))
814 {
815 $this->request_headers();
816 }
David Behler9b5df592011-08-14 21:04:17 +0200817
Greg Akerec2f5712010-11-15 16:22:12 -0600818 if ( ! isset($this->headers[$index]))
819 {
Phil Sturgeon55a6ddb2012-05-23 18:37:24 +0100820 return NULL;
Greg Akerec2f5712010-11-15 16:22:12 -0600821 }
822
Andrey Andreev9448afb2012-02-08 19:49:19 +0200823 return ($xss_clean === TRUE)
824 ? $this->security->xss_clean($this->headers[$index])
825 : $this->headers[$index];
Greg Akerec2f5712010-11-15 16:22:12 -0600826 }
827
Greg Aker081ac9d2010-11-22 14:42:53 -0600828 // --------------------------------------------------------------------
Phil Sturgeonc3828712011-01-19 12:31:47 +0000829
Greg Aker081ac9d2010-11-22 14:42:53 -0600830 /**
Andrey Andreev1887ec62012-10-27 16:22:07 +0300831 * Is AJAX request?
Greg Aker081ac9d2010-11-22 14:42:53 -0600832 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300833 * Test to see if a request contains the HTTP_X_REQUESTED_WITH header.
Greg Aker081ac9d2010-11-22 14:42:53 -0600834 *
Andrey Andreev9448afb2012-02-08 19:49:19 +0200835 * @return bool
Greg Aker081ac9d2010-11-22 14:42:53 -0600836 */
837 public function is_ajax_request()
838 {
Andrey Andreev9448afb2012-02-08 19:49:19 +0200839 return ( ! empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest');
Greg Aker081ac9d2010-11-22 14:42:53 -0600840 }
841
Phil Sturgeonc3828712011-01-19 12:31:47 +0000842 // --------------------------------------------------------------------
843
844 /**
Andrey Andreev1887ec62012-10-27 16:22:07 +0300845 * Is CLI request?
Phil Sturgeonc3828712011-01-19 12:31:47 +0000846 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300847 * Test to see if a request was made from the command line.
Phil Sturgeonc3828712011-01-19 12:31:47 +0000848 *
Andrey Andreev9448afb2012-02-08 19:49:19 +0200849 * @return bool
Phil Sturgeonc3828712011-01-19 12:31:47 +0000850 */
851 public function is_cli_request()
852 {
Andrey Andreev9448afb2012-02-08 19:49:19 +0200853 return (php_sapi_name() === 'cli' OR defined('STDIN'));
Phil Sturgeonc3828712011-01-19 12:31:47 +0000854 }
855
Michiel Vugteveenbe0ca262012-03-07 19:09:51 +0100856 // --------------------------------------------------------------------
857
858 /**
859 * Get Request Method
860 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300861 * Return the request method
Michiel Vugteveenbe0ca262012-03-07 19:09:51 +0100862 *
Andrey Andreev1887ec62012-10-27 16:22:07 +0300863 * @param bool $upper Whether to return in upper or lower case
864 * (default: FALSE)
865 * @return string
Michiel Vugteveenbe0ca262012-03-07 19:09:51 +0100866 */
Michiel Vugteveen704fb162012-03-07 20:42:33 +0100867 public function method($upper = FALSE)
Michiel Vugteveenbe0ca262012-03-07 19:09:51 +0100868 {
Michiel Vugteveendc900df2012-03-07 20:41:37 +0100869 return ($upper)
870 ? strtoupper($this->server('REQUEST_METHOD'))
871 : strtolower($this->server('REQUEST_METHOD'));
Michiel Vugteveenbe0ca262012-03-07 19:09:51 +0100872 }
873
Derek Allard2067d1a2008-11-13 22:59:24 +0000874}
Derek Allard2067d1a2008-11-13 22:59:24 +0000875
876/* End of file Input.php */
Timothy Warren40403d22012-04-19 16:38:50 -0400877/* Location: ./system/core/Input.php */