Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / c8089154217307a56b60ae8f0cb85087a1531b27 / . / system / core / Input.php
blob: eb2048e58252ac0d6f08bb7f12d78c7ff417c4b4 [file] [log] [blame]
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]1<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
2/**
3 * CodeIgniter
4 *
Greg Aker741de1c2010-11-10 14:52:57 -0600[diff] [blame]5 * An open source application development framework for PHP 5.1.6 or newer
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]6 *
7 * @package CodeIgniter
8 * @author ExpressionEngine Dev Team
Derek Jones7f3719f2010-01-05 13:35:37 +0000[diff] [blame]9 * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc.
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]10 * @license http://codeigniter.com/user_guide/license.html
11 * @link http://codeigniter.com
12 * @since Version 1.0
13 * @filesource
14 */
15
16// ------------------------------------------------------------------------
17
18/**
19 * Input Class
20 *
21 * Pre-processes global input data for security
22 *
23 * @package CodeIgniter
24 * @subpackage Libraries
25 * @category Input
26 * @author ExpressionEngine Dev Team
27 * @link http://codeigniter.com/user_guide/libraries/input.html
28 */
29class CI_Input {
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]30
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]31 var $ip_address = FALSE;
32 var $user_agent = FALSE;
Dan Horrigan65d603e2010-12-15 08:38:30 -0500[diff] [blame]33 var $_allow_get_array = TRUE;
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]34 var $_standardize_newlines = TRUE;
35 var $_enable_xss = FALSE; // Set automatically based on config setting
36 var $_enable_csrf = FALSE; // Set automatically based on config setting
37
Greg Akerec2f5712010-11-15 16:22:12 -0600[diff] [blame]38 protected $headers = array();
39
40
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]41 /**
Greg Akera9263282010-11-10 15:26:43 -0600[diff] [blame]42 * Constructor
43 *
44 * Sets whether to globally enable the XSS processing
45 * and whether to allow the $_GET array
46 *
47 */
48 public function __construct()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]49 {
50 log_message('debug', "Input Class Initialized");
51
Phil Sturgeonc8089152010-12-27 19:06:28 +0000[diff] [blame^]52 $this->_allow_get_array = (config_item('allow_get_array') === TRUE);
53 $this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
54 $this->_enable_csrf = (config_item('csrf_protection') === TRUE);
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]55
56 // Do we need to load the security class?
57 if ($this->_enable_xss == TRUE OR $this->_enable_csrf == TRUE)
58 {
59 $this->security =& load_class('Security');
60 }
61
62 // Do we need the Unicode class?
63 if (UTF8_ENABLED === TRUE)
64 {
65 global $UNI;
66 $this->uni =& $UNI;
67 }
68
69 // Sanitize global arrays
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]70 $this->_sanitize_globals();
71 }
72
73 // --------------------------------------------------------------------
74
75 /**
Greg Akera9263282010-11-10 15:26:43 -0600[diff] [blame]76 * Fetch from array
77 *
78 * This is a helper function to retrieve values from global arrays
79 *
80 * @access private
81 * @param array
82 * @param string
83 * @param bool
84 * @return string
85 */
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]86 function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE)
87 {
88 if ( ! isset($array[$index]))
89 {
90 return FALSE;
91 }
92
93 if ($xss_clean === TRUE)
94 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]95 $_security =& load_class('Security');
96 return $_security->xss_clean($array[$index]);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]97 }
98
99 return $array[$index];
100 }
101
102 // --------------------------------------------------------------------
103
104 /**
105 * Fetch an item from the GET array
106 *
107 * @access public
108 * @param string
109 * @param bool
110 * @return string
111 */
112 function get($index = '', $xss_clean = FALSE)
113 {
114 return $this->_fetch_from_array($_GET, $index, $xss_clean);
115 }
116
117 // --------------------------------------------------------------------
118
119 /**
120 * Fetch an item from the POST array
121 *
122 * @access public
123 * @param string
124 * @param bool
125 * @return string
126 */
127 function post($index = '', $xss_clean = FALSE)
128 {
129 return $this->_fetch_from_array($_POST, $index, $xss_clean);
130 }
131
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]132
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]133 // --------------------------------------------------------------------
134
135 /**
136 * Fetch an item from either the GET array or the POST
137 *
138 * @access public
139 * @param string The index key
140 * @param bool XSS cleaning
141 * @return string
142 */
143 function get_post($index = '', $xss_clean = FALSE)
144 {
145 if ( ! isset($_POST[$index]) )
146 {
147 return $this->get($index, $xss_clean);
148 }
149 else
150 {
151 return $this->post($index, $xss_clean);
152 }
153 }
154
155 // --------------------------------------------------------------------
156
157 /**
158 * Fetch an item from the COOKIE array
159 *
160 * @access public
161 * @param string
162 * @param bool
163 * @return string
164 */
165 function cookie($index = '', $xss_clean = FALSE)
166 {
167 return $this->_fetch_from_array($_COOKIE, $index, $xss_clean);
168 }
169
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]170 // ------------------------------------------------------------------------
171
172 /**
173 * Set cookie
174 *
175 * Accepts six parameter, or you can submit an associative
176 * array in the first parameter containing all the values.
177 *
178 * @access public
179 * @param mixed
180 * @param string the value of the cookie
181 * @param string the number of seconds until expiration
182 * @param string the cookie domain. Usually: .yourdomain.com
183 * @param string the cookie path
184 * @param string the cookie prefix
185 * @return void
186 */
187 function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '')
188 {
189 if (is_array($name))
190 {
191 foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'name') as $item)
192 {
193 if (isset($name[$item]))
194 {
195 $$item = $name[$item];
196 }
197 }
198 }
199
200 if ($prefix == '' AND config_item('cookie_prefix') != '')
201 {
202 $prefix = config_item('cookie_prefix');
203 }
204 if ($domain == '' AND config_item('cookie_domain') != '')
205 {
206 $domain = config_item('cookie_domain');
207 }
208 if ($path == '/' AND config_item('cookie_path') != '/')
209 {
210 $path = config_item('cookie_path');
211 }
212
213 if ( ! is_numeric($expire))
214 {
215 $expire = time() - 86500;
216 }
217 else
218 {
Phil Sturgeonc8089152010-12-27 19:06:28 +0000[diff] [blame^]219 $expire = ($expire > 0) ? time() + $expire : 0;
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]220 }
221
222 setcookie($prefix.$name, $value, $expire, $path, $domain, 0);
223 }
224
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]225 // --------------------------------------------------------------------
226
227 /**
228 * Fetch an item from the SERVER array
229 *
230 * @access public
231 * @param string
232 * @param bool
233 * @return string
234 */
235 function server($index = '', $xss_clean = FALSE)
236 {
237 return $this->_fetch_from_array($_SERVER, $index, $xss_clean);
238 }
239
240 // --------------------------------------------------------------------
241
242 /**
243 * Fetch the IP Address
244 *
245 * @access public
246 * @return string
247 */
248 function ip_address()
249 {
250 if ($this->ip_address !== FALSE)
251 {
252 return $this->ip_address;
253 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]254
Derek Jones42b2e172009-02-05 16:59:45 +0000[diff] [blame]255 if (config_item('proxy_ips') != '' && $this->server('HTTP_X_FORWARDED_FOR') && $this->server('REMOTE_ADDR'))
Derek Jonesc5972282009-02-04 21:40:20 +0000[diff] [blame]256 {
Derek Jones42b2e172009-02-05 16:59:45 +0000[diff] [blame]257 $proxies = preg_split('/[\s,]/', config_item('proxy_ips'), -1, PREG_SPLIT_NO_EMPTY);
Derek Jonesc5972282009-02-04 21:40:20 +0000[diff] [blame]258 $proxies = is_array($proxies) ? $proxies : array($proxies);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]259
Derek Jonesc5972282009-02-04 21:40:20 +0000[diff] [blame]260 $this->ip_address = in_array($_SERVER['REMOTE_ADDR'], $proxies) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
261 }
262 elseif ($this->server('REMOTE_ADDR') AND $this->server('HTTP_CLIENT_IP'))
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]263 {
264 $this->ip_address = $_SERVER['HTTP_CLIENT_IP'];
265 }
266 elseif ($this->server('REMOTE_ADDR'))
267 {
268 $this->ip_address = $_SERVER['REMOTE_ADDR'];
269 }
270 elseif ($this->server('HTTP_CLIENT_IP'))
271 {
272 $this->ip_address = $_SERVER['HTTP_CLIENT_IP'];
273 }
274 elseif ($this->server('HTTP_X_FORWARDED_FOR'))
275 {
276 $this->ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
277 }
278
279 if ($this->ip_address === FALSE)
280 {
281 $this->ip_address = '0.0.0.0';
282 return $this->ip_address;
283 }
284
Robin Sowell76b369e2010-03-19 11:15:28 -0400[diff] [blame]285 if (strpos($this->ip_address, ',') !== FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]286 {
287 $x = explode(',', $this->ip_address);
Derek Jonesc5972282009-02-04 21:40:20 +0000[diff] [blame]288 $this->ip_address = trim(end($x));
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]289 }
290
291 if ( ! $this->valid_ip($this->ip_address))
292 {
293 $this->ip_address = '0.0.0.0';
294 }
295
296 return $this->ip_address;
297 }
298
299 // --------------------------------------------------------------------
300
301 /**
302 * Validate IP Address
303 *
304 * Updated version suggested by Geert De Deckere
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]305 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]306 * @access public
307 * @param string
308 * @return string
309 */
310 function valid_ip($ip)
311 {
312 $ip_segments = explode('.', $ip);
313
314 // Always 4 segments needed
315 if (count($ip_segments) != 4)
316 {
317 return FALSE;
318 }
319 // IP can not start with 0
320 if ($ip_segments[0][0] == '0')
321 {
322 return FALSE;
323 }
324 // Check each segment
325 foreach ($ip_segments as $segment)
326 {
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]327 // IP segments must be digits and can not be
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]328 // longer than 3 digits or greater then 255
329 if ($segment == '' OR preg_match("/[^0-9]/", $segment) OR $segment > 255 OR strlen($segment) > 3)
330 {
331 return FALSE;
332 }
333 }
334
335 return TRUE;
336 }
337
338 // --------------------------------------------------------------------
339
340 /**
341 * User Agent
342 *
343 * @access public
344 * @return string
345 */
346 function user_agent()
347 {
348 if ($this->user_agent !== FALSE)
349 {
350 return $this->user_agent;
351 }
352
353 $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT'];
354
355 return $this->user_agent;
356 }
357
358 // --------------------------------------------------------------------
359
360 /**
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]361 * Sanitize Globals
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]362 *
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]363 * This function does the following:
364 *
365 * Unsets $_GET data (if query strings are not enabled)
366 *
367 * Unsets all globals if register_globals is enabled
368 *
369 * Standardizes newline characters to \n
370 *
371 * @access private
372 * @return void
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]373 */
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]374 function _sanitize_globals()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]375 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]376 // It would be "wrong" to unset any of these GLOBALS.
Greg Akerec2f5712010-11-15 16:22:12 -0600[diff] [blame]377 $protected = array('_SERVER', '_GET', '_POST', '_FILES', '_REQUEST',
378 '_SESSION', '_ENV', 'GLOBALS', 'HTTP_RAW_POST_DATA',
379 'system_folder', 'application_folder', 'BM', 'EXT',
380 'CFG', 'URI', 'RTR', 'OUT', 'IN');
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]381
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]382 // Unset globals for securiy.
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]383 // This is effectively the same as register_globals = off
384 foreach (array($_GET, $_POST, $_COOKIE) as $global)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]385 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]386 if ( ! is_array($global))
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]387 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]388 if ( ! in_array($global, $protected))
389 {
390 global $$global;
391 $$global = NULL;
392 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]393 }
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]394 else
395 {
396 foreach ($global as $key => $val)
397 {
398 if ( ! in_array($key, $protected))
399 {
400 global $$key;
401 $$key = NULL;
402 }
403 }
404 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]405 }
406
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]407 // Is $_GET data allowed? If not we'll set the $_GET to an empty array
408 if ($this->_allow_get_array == FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]409 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]410 $_GET = array();
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]411 }
412 else
413 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]414 if (is_array($_GET) AND count($_GET) > 0)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]415 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]416 foreach($_GET as $key => $val)
417 {
418 $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
419 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]420 }
421 }
422
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]423 // Clean $_POST Data
424 if (is_array($_POST) AND count($_POST) > 0)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]425 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]426 foreach($_POST as $key => $val)
427 {
428 $_POST[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
429 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]430 }
431
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]432 // Clean $_COOKIE Data
433 if (is_array($_COOKIE) AND count($_COOKIE) > 0)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]434 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]435 // Also get rid of specially treated cookies that might be set by a server
436 // or silly application, that are of no use to a CI application anyway
437 // but that when present will trip our 'Disallowed Key Characters' alarm
438 // http://www.ietf.org/rfc/rfc2109.txt
439 // note that the key names below are single quoted strings, and are not PHP variables
440 unset($_COOKIE['$Version']);
441 unset($_COOKIE['$Path']);
442 unset($_COOKIE['$Domain']);
443
444 foreach($_COOKIE as $key => $val)
445 {
446 $_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
447 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]448 }
449
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]450 // Sanitize PHP_SELF
451 $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']);
452
453
454 // CSRF Protection check
455 if ($this->_enable_csrf == TRUE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]456 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]457 $this->security->csrf_verify();
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]458 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]459
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]460 log_message('debug', "Global POST and COOKIE data sanitized");
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]461 }
462
463 // --------------------------------------------------------------------
464
465 /**
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]466 * Clean Input Data
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]467 *
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]468 * This is a helper function. It escapes data and
469 * standardizes newline characters to \n
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]470 *
471 * @access private
472 * @param string
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]473 * @return string
474 */
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]475 function _clean_input_data($str)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]476 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]477 if (is_array($str))
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]478 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]479 $new_array = array();
480 foreach ($str as $key => $val)
481 {
482 $new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
483 }
484 return $new_array;
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]485 }
486
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]487 // We strip slashes if magic quotes is on to keep things consistent
Phil Sturgeonfd694892010-12-15 10:52:37 +0000[diff] [blame]488 if (function_exists('get_magic_quotes_gpc') AND get_magic_quotes_gpc())
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]489 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]490 $str = stripslashes($str);
491 }
492
493 // Clean UTF-8 if supported
494 if (UTF8_ENABLED === TRUE)
495 {
496 $str = $this->uni->clean_string($str);
497 }
498
499 // Should we filter the input data?
500 if ($this->_enable_xss === TRUE)
501 {
502 $str = $this->security->xss_clean($str);
503 }
504
505 // Standardize newlines if needed
506 if ($this->_standardize_newlines == TRUE)
507 {
508 if (strpos($str, "\r") !== FALSE)
509 {
Phil Sturgeonc8089152010-12-27 19:06:28 +0000[diff] [blame^]510 $str = str_replace(array("\r\n", "\r"), PHP_EOL, $str);
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]511 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]512 }
513
514 return $str;
515 }
516
517 // --------------------------------------------------------------------
518
519 /**
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]520 * Clean Keys
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]521 *
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]522 * This is a helper function. To prevent malicious users
523 * from trying to exploit keys we make sure that keys are
524 * only named with alpha-numeric text and a few other items.
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]525 *
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]526 * @access private
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]527 * @param string
528 * @return string
529 */
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]530 function _clean_input_keys($str)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]531 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]532 if ( ! preg_match("/^[a-z0-9:_\/-]+$/i", $str))
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]533 {
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]534 exit('Disallowed Key Characters.');
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]535 }
536
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]537 // Clean UTF-8 if supported
538 if (UTF8_ENABLED === TRUE)
539 {
540 $str = $this->uni->clean_string($str);
541 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]542
Derek Jones69fc4fc2010-03-02 13:36:31 -0600[diff] [blame]543 return $str;
544 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]545
Greg Akerec2f5712010-11-15 16:22:12 -0600[diff] [blame]546 // --------------------------------------------------------------------
547
548 /**
549 * Request Headers
550 *
551 * In Apache, you can simply call apache_request_headers(), however for
552 * people running other webservers the function is undefined.
553 *
554 * @return array
555 */
556 public function request_headers($xss_clean = FALSE)
557 {
558 // Look at Apache go!
559 if (function_exists('apache_request_headers'))
560 {
561 $headers = apache_request_headers();
562 }
563 else
564 {
565 $headers['Content-Type'] = (isset($_SERVER['CONTENT_TYPE'])) ? $_SERVER['CONTENT_TYPE'] : @getenv('CONTENT_TYPE');
566
567 foreach ($_SERVER as $key => $val)
568 {
569 if (strncmp($key, 'HTTP_', 5) === 0)
570 {
571 $headers[substr($key, 5)] = $this->_fetch_from_array($_SERVER, $key, $xss_clean);
572 }
573 }
574 }
575
576 // take SOME_HEADER and turn it into Some-Header
577 foreach ($headers as $key => $val)
578 {
579 $key = str_replace('_', ' ', strtolower($key));
580 $key = str_replace(' ', '-', ucwords($key));
581
582 $this->headers[$key] = $val;
583 }
584
585 return $this->headers;
586 }
587
588 // --------------------------------------------------------------------
589
590 /**
591 * Get Request Header
592 *
593 * Returns the value of a single member of the headers class member
594 *
595 * @param string array key for $this->headers
596 * @param boolean XSS Clean or not
597 * @return mixed FALSE on failure, string on success
598 */
599 public function get_request_header($index, $xss_clean = FALSE)
600 {
601 if (empty($this->headers))
602 {
603 $this->request_headers();
604 }
605
606 if ( ! isset($this->headers[$index]))
607 {
608 return FALSE;
609 }
610
611 if ($xss_clean === TRUE)
612 {
613 $_security =& load_class('Security');
614 return $_security->xss_clean($this->headers[$index]);
615 }
616
617 return $this->headers[$index];
618 }
619
Greg Aker081ac9d2010-11-22 14:42:53 -0600[diff] [blame]620 // --------------------------------------------------------------------
621
622 /**
623 * Is ajax Request?
624 *
625 * Test to see if a request contains the HTTP_X_REQUESTED_WITH header
626 *
627 * @return boolean
628 */
629 public function is_ajax_request()
630 {
Greg Aker2fae66e2010-12-09 15:49:34 -0600[diff] [blame]631 return ($this->server('HTTP_X_REQUESTED_WITH') === 'XMLHttpRequest');
Greg Aker081ac9d2010-11-22 14:42:53 -0600[diff] [blame]632 }
633
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]634}
635// END Input class
636
637/* End of file Input.php */
Derek Jonesc68dfbf2010-03-02 12:59:23 -0600[diff] [blame]638/* Location: ./system/core/Input.php */