Request

Constructor.

Sets the parameters for this request.

This method also re-initializes all properties.

Creates a new request with values from PHP's super globals.

Creates a Request based on a given URI and configuration.

The information contained in the URI always take precedence over the other information (server and parameters).

Sets a callable able to create a Request instance.

This is mainly useful when you need to override the Request class to keep BC with an existing system. It should not be used for any other purpose.

Clones a request and overrides some of its parameters.

Clones the current request.

Note that the session is not cloned as duplicated requests are most of the time sub-requests of the main one.

Returns the request as a string.

Overrides the PHP global variables according to this request instance.

It overrides $GET, $POST, $REQUEST, $SERVER, $COOKIE. $FILES is never overridden, see rfc1867

Sets a list of trusted proxies.

You should only list the reverse proxies that you manage directly.

Gets the list of trusted proxies.

Sets a list of trusted host patterns.

You should only list the hosts you manage using regexs.

Gets the list of trusted host patterns.

Sets the name for trusted headers.

The following header keys are supported:

• Request::HEADERCLIENTIP: defaults to X-Forwarded-For (see getClientIp())
• Request::HEADERCLIENTHOST: defaults to X-Forwarded-Host (see getHost())
• Request::HEADERCLIENTPORT: defaults to X-Forwarded-Port (see getPort())
• Request::HEADERCLIENTPROTO: defaults to X-Forwarded-Proto (see getScheme() and isSecure())

Setting an empty value allows to disable the trusted header for the given key.

Gets the trusted proxy header name.

Normalizes a query string.

It builds a normalized query string, where keys/value pairs are alphabetized, have consistent escaping and unneeded delimiters are removed.

Enables support for the _method request parameter to determine the intended HTTP method.

Be warned that enabling this feature might lead to CSRF issues in your code. Check that you are using CSRF tokens when required. If the HTTP method parameter override is enabled, an html-form with method "POST" can be altered and used to send a "PUT" or "DELETE" request via the _method request parameter. If these methods are not protected against CSRF, this presents a possible vulnerability.

The HTTP method can only be overridden when the real HTTP method is POST.

Checks whether support for the _method request parameter is enabled.

Gets a "parameter" value from any bag.

This method is mainly useful for libraries that want to provide some flexibility. If you don't need the flexibility in controllers, it is better to explicitly get request parameters from the appropriate public property instead (attributes, query, request).

Order of precedence: PATH (routing placeholders or custom attributes), GET, BODY

Gets the Session.

Whether the request contains a Session which was started in one of the previous requests.

Whether the request contains a Session object.

This method does not give any information about the state of the session object, like whether the session is started or not. It is just a way to check if this Request is associated with a Session instance.

Sets the Session.

Returns the client IP addresses.

In the returned array the most trusted IP address is first, and the least trusted one last. The "real" client IP address is the last one, but this is also the least trusted one. Trusted proxies are stripped.

Use this method carefully; you should use getClientIp() instead.

Returns the client IP address.

This method can read the client IP address from the "X-Forwarded-For" header when trusted proxies were set via "setTrustedProxies()". The "X-Forwarded-For" header value is a comma+space separated list of IP addresses, the left-most being the original client, and each successive proxy that passed the request adding the IP address where it received the request from.

If your reverse proxy uses a different header name than "X-Forwarded-For", ("Client-Ip" for instance), configure it via "setTrustedHeaderName()" with the "client-ip" key.

Returns current script name.

Returns the path being requested relative to the executed script.

The path info always starts with a /.

Suppose this request is instantiated from /mysite on localhost:

• http://localhost/mysite returns an empty string
• http://localhost/mysite/about returns '/about'
• http://localhost/mysite/enco%20ded returns '/enco%20ded'
• http://localhost/mysite/about?var=1 returns '/about'

Returns the root path from which this request is executed.

Suppose that an index.php file instantiates this request object:

• http://localhost/index.php returns an empty string
• http://localhost/index.php/page returns an empty string
• http://localhost/web/index.php returns '/web'
• http://localhost/we%20b/index.php returns '/we%20b'

Returns the root URL from which this request is executed.

The base URL never ends with a /.

This is similar to getBasePath(), except that it also includes the script filename (e.g. index.php) if one exists.

Gets the request's scheme.

Returns the port on which the request is made.

This method can read the client port from the "X-Forwarded-Port" header when trusted proxies were set via "setTrustedProxies()".

The "X-Forwarded-Port" header must contain the client port.

If your reverse proxy uses a different header name than "X-Forwarded-Port", configure it via "setTrustedHeaderName()" with the "client-port" key.

Returns the user.

Returns the password.

Gets the user info.

Returns the HTTP host being requested.

The port name will be appended to the host if it's non-standard.

Returns the requested URI (path and query string).

Gets the scheme and HTTP host.

If the URL was called with basic authentication, the user and the password are not added to the generated string.

Generates a normalized URI (URL) for the Request.

Generates a normalized URI for the given path.

Returns the path as relative reference from the current Request path.

Only the URIs path component (no schema, host etc.) is relevant and must be given. Both paths must be absolute and not contain relative parts. Relative URLs from one resource to another are useful when generating self-contained downloadable document archives. Furthermore, they can be used to reduce the link size in documents.

Example target paths, given a base path of "/a/b/c/d": - "/a/b/c/d" -> "" - "/a/b/c/" -> "./" - "/a/b/" -> "../" - "/a/b/c/other" -> "other" - "/a/x/y" -> "../../x/y"

Generates the normalized query string for the Request.

It builds a normalized query string, where keys/value pairs are alphabetized and have consistent escaping.

Checks whether the request is secure or not.

This method can read the client protocol from the "X-Forwarded-Proto" header when trusted proxies were set via "setTrustedProxies()".

The "X-Forwarded-Proto" header must contain the protocol: "https" or "http".

If your reverse proxy uses a different header name than "X-Forwarded-Proto" ("SSL_HTTPS" for instance), configure it via "setTrustedHeaderName()" with the "client-proto" key.

Returns the host name.

This method can read the client host name from the "X-Forwarded-Host" header when trusted proxies were set via "setTrustedProxies()".

The "X-Forwarded-Host" header must contain the client host name.

If your reverse proxy uses a different header name than "X-Forwarded-Host", configure it via "setTrustedHeaderName()" with the "client-host" key.

Sets the request method.

Gets the request "intended" method.

If the X-HTTP-Method-Override header is set, and if the method is a POST, then it is used to determine the "real" intended HTTP method.

The _method request parameter can also be used to determine the HTTP method, but only if enableHttpMethodParameterOverride() has been called.

The method is always an uppercased string.

Gets the "real" request method.

Gets the mime type associated with the format.

Gets the mime types associated with the format.

Gets the format associated with the mime type.

Associates a format with mime types.

Gets the request format.

Here is the process to determine the format:

• format defined by the user (with setRequestFormat())
• _format request attribute
• $default

Sets the request format.

Gets the format associated with the request.

Sets the default locale.

Get the default locale.

Sets the locale.

Get the locale.

Checks if the request method is of specified type.

Checks whether the method is safe or not.

Checks whether the method is cacheable or not.

Returns the request body content.

Gets the Etags.

Returns the preferred language.

Gets a list of languages acceptable by the client browser.

Gets a list of charsets acceptable by the client browser.

Gets a list of encodings acceptable by the client browser.

Gets a list of content types acceptable by the client browser.

Returns true if the request is a XMLHttpRequest.

It works if your JavaScript library sets an X-Requested-With HTTP header. It is known to work with common JavaScript frameworks:

Indicates whether this request originated from a trusted proxy.

This can be useful to determine whether or not to trust the contents of a proxy-specific header.