Overview

Packages

  • application
    • commands
    • components
      • actions
      • filters
      • leftWidget
      • permissions
      • sortableWidget
      • util
      • webupdater
      • x2flow
        • actions
        • triggers
      • X2GridView
      • X2Settings
    • controllers
    • models
      • embedded
    • modules
      • accounts
        • controllers
        • models
      • actions
        • controllers
        • models
      • calendar
        • controllers
        • models
      • charts
        • models
      • contacts
        • controllers
        • models
      • docs
        • components
        • controllers
        • models
      • groups
        • controllers
        • models
      • marketing
        • components
        • controllers
        • models
      • media
        • controllers
        • models
      • mobile
        • components
      • opportunities
        • controllers
        • models
      • products
        • controllers
        • models
      • quotes
        • controllers
        • models
      • services
        • controllers
        • models
      • template
        • models
      • users
        • controllers
        • models
      • workflow
        • controllers
        • models
      • x2Leads
        • controllers
        • models
  • Net
  • None
  • PHP
  • system
    • base
    • caching
      • dependencies
    • collections
    • console
    • db
      • ar
      • schema
        • cubrid
        • mssql
        • mysql
        • oci
        • pgsql
        • sqlite
    • i18n
      • gettext
    • logging
    • test
    • utils
    • validators
    • web
      • actions
      • auth
      • filters
      • form
      • helpers
      • renderers
      • services
      • widgets
        • captcha
        • pagers
  • Text
    • Highlighter
  • zii
    • behaviors
    • widgets
      • grid
      • jui

Classes

  • ActionFormModelBase
  • CActiveDataProvider
  • CalendarEventFormModel
  • CallFormModel
  • CArrayDataProvider
  • CAssetManager
  • CBaseController
  • CBaseUrlRule
  • CCacheHttpSession
  • CClientScript
  • CController
  • CCookieCollection
  • CDataProvider
  • CDataProviderIterator
  • CDbHttpSession
  • CExtController
  • CFormModel
  • CHttpCookie
  • CHttpRequest
  • CHttpSession
  • CHttpSessionIterator
  • COutputEvent
  • CPagination
  • CreatePageFormModel
  • CSort
  • CSqlDataProvider
  • CTheme
  • CThemeManager
  • CUploadedFile
  • CUrlManager
  • CUrlRule
  • CWebApplication
  • CWebModule
  • CWidgetFactory
  • EditMobileFormsFormModel
  • EventCommentPublisherFormModel
  • EventFormModel
  • EventPublisherFormModel
  • FileSystemObjectDataProvider
  • MassActionFormModel
  • MobilePagination
  • NoteFormModel
  • NotificationsController
  • TimeFormModel
  • UploadLogoFormModel
  • X2FormModel
  • X2HttpRequest

Interfaces

  • IDataProvider
  • IWidgetFactory
  • Overview
  • Package
  • Class
  • Tree

Class CHttpRequest

CHttpRequest encapsulates the $_SERVER variable and resolves its inconsistency among different Web servers.

CHttpRequest also manages the cookies sent from and sent to the user. By setting CHttpRequest::$enableCookieValidation to true, cookies sent from the user will be validated to see if they are tampered. The property getCookies cookies returns the collection of cookies. For more details, see CCookieCollection.

CHttpRequest is a default application component loaded by CWebApplication. It can be accessed via CApplication::getRequest().

CComponent
Extended by CApplicationComponent implements IApplicationComponent
Extended by CHttpRequest

Direct known subclasses

X2HttpRequest
Package: system\web
Copyright: 2008-2013 Yii Software LLC
License: http://www.yiiframework.com/license/
Author: Qiang Xue <qiang.xue@gmail.com>
Since: 1.0
Located at x2engine/framework/web/CHttpRequest.php
Methods summary
public
# init( )

Initializes the application component. This method overrides the parent implementation by preprocessing the user request data.

Initializes the application component. This method overrides the parent implementation by preprocessing the user request data.

Overrides

CApplicationComponent::init()
protected
# normalizeRequest( )

Normalizes the request data. This method strips off slashes in request data if get_magic_quotes_gpc() returns true. It also performs CSRF validation if CHttpRequest::$enableCsrfValidation is true.

Normalizes the request data. This method strips off slashes in request data if get_magic_quotes_gpc() returns true. It also performs CSRF validation if CHttpRequest::$enableCsrfValidation is true.
public mixed
# stripSlashes( mixed & $data )

Strips slashes from input data. This method is applied when magic quotes is enabled.

Strips slashes from input data. This method is applied when magic quotes is enabled.

Parameters

$data
mixed
$data input data to be processed

Returns

mixed
processed data
public mixed
# getParam( string $name, mixed $defaultValue = null )

Returns the named GET or POST parameter value. If the GET or POST parameter does not exist, the second parameter to this method will be returned. If both GET and POST contains such a named parameter, the GET parameter takes precedence.

Returns the named GET or POST parameter value. If the GET or POST parameter does not exist, the second parameter to this method will be returned. If both GET and POST contains such a named parameter, the GET parameter takes precedence.

Parameters

$name
string
$name the GET parameter name
$defaultValue
mixed
$defaultValue the default parameter value if the GET parameter does not exist.

Returns

mixed
the GET parameter value

See

CHttpRequest::getQuery()
CHttpRequest::getPost()
public mixed
# getQuery( string $name, mixed $defaultValue = null )

Returns the named GET parameter value. If the GET parameter does not exist, the second parameter to this method will be returned.

Returns the named GET parameter value. If the GET parameter does not exist, the second parameter to this method will be returned.

Parameters

$name
string
$name the GET parameter name
$defaultValue
mixed
$defaultValue the default parameter value if the GET parameter does not exist.

Returns

mixed
the GET parameter value

See

CHttpRequest::getPost()
CHttpRequest::getParam()
public mixed
# getPost( string $name, mixed $defaultValue = null )

Returns the named POST parameter value. If the POST parameter does not exist, the second parameter to this method will be returned.

Returns the named POST parameter value. If the POST parameter does not exist, the second parameter to this method will be returned.

Parameters

$name
string
$name the POST parameter name
$defaultValue
mixed
$defaultValue the default parameter value if the POST parameter does not exist.

Returns

mixed
the POST parameter value

See

CHttpRequest::getParam()
CHttpRequest::getQuery()
public mixed
# getDelete( string $name, mixed $defaultValue = null )

Returns the named DELETE parameter value. If the DELETE parameter does not exist or if the current request is not a DELETE request, the second parameter to this method will be returned. If the DELETE request was tunneled through POST via _method parameter, the POST parameter will be returned instead (available since version 1.1.11).

Returns the named DELETE parameter value. If the DELETE parameter does not exist or if the current request is not a DELETE request, the second parameter to this method will be returned. If the DELETE request was tunneled through POST via _method parameter, the POST parameter will be returned instead (available since version 1.1.11).

Parameters

$name
string
$name the DELETE parameter name
$defaultValue
mixed
$defaultValue the default parameter value if the DELETE parameter does not exist.

Returns

mixed
the DELETE parameter value

Since

1.1.7
public mixed
# getPut( string $name, mixed $defaultValue = null )

Returns the named PUT parameter value. If the PUT parameter does not exist or if the current request is not a PUT request, the second parameter to this method will be returned. If the PUT request was tunneled through POST via _method parameter, the POST parameter will be returned instead (available since version 1.1.11).

Returns the named PUT parameter value. If the PUT parameter does not exist or if the current request is not a PUT request, the second parameter to this method will be returned. If the PUT request was tunneled through POST via _method parameter, the POST parameter will be returned instead (available since version 1.1.11).

Parameters

$name
string
$name the PUT parameter name
$defaultValue
mixed
$defaultValue the default parameter value if the PUT parameter does not exist.

Returns

mixed
the PUT parameter value

Since

1.1.7
public mixed
# getPatch( string $name, mixed $defaultValue = null )

Returns the named PATCH parameter value. If the PATCH parameter does not exist or if the current request is not a PATCH request, the second parameter to this method will be returned. If the PATCH request was tunneled through POST via _method parameter, the POST parameter will be returned instead.

Returns the named PATCH parameter value. If the PATCH parameter does not exist or if the current request is not a PATCH request, the second parameter to this method will be returned. If the PATCH request was tunneled through POST via _method parameter, the POST parameter will be returned instead.

Parameters

$name
string
$name the PATCH parameter name
$defaultValue
mixed
$defaultValue the default parameter value if the PATCH parameter does not exist.

Returns

mixed
the PATCH parameter value

Since

1.1.16
public array
# getRestParams( )

Returns request parameters. Typically PUT, PATCH or DELETE.

Returns request parameters. Typically PUT, PATCH or DELETE.

Returns

array
the request parameters

Since

1.1.7
1.1.13 method became public
public string
# getRawBody( )

Returns the raw HTTP request body.

Returns the raw HTTP request body.

Returns

string
the request body

Since

1.1.13
public string
# getUrl( )

Returns the currently requested URL. This is the same as CHttpRequest::getRequestUri().

Returns the currently requested URL. This is the same as CHttpRequest::getRequestUri().

Returns

string
part of the request URL after the host info.
public string
# getHostInfo( string $schema = '' )

Returns the schema and host part of the application URL. The returned URL does not have an ending slash. By default this is determined based on the user request information. You may explicitly specify it by setting the setHostInfo hostInfo property.

Returns the schema and host part of the application URL. The returned URL does not have an ending slash. By default this is determined based on the user request information. You may explicitly specify it by setting the setHostInfo hostInfo property.

Parameters

$schema
string
$schema schema to use (e.g. http, https). If empty, the schema used for the current request will be used.

Returns

string
schema and hostname part (with port number if needed) of the request URL (e.g. http://www.yiiframework.com)

See

CHttpRequest::setHostInfo()
public
# setHostInfo( string $value )

Sets the schema and host part of the application URL. This setter is provided in case the schema and hostname cannot be determined on certain Web servers.

Sets the schema and host part of the application URL. This setter is provided in case the schema and hostname cannot be determined on certain Web servers.

Parameters

$value
string
$value the schema and host part of the application URL.
public string
# getBaseUrl( boolean $absolute = false )

Returns the relative URL for the application. This is similar to getScriptUrl scriptUrl except that it does not have the script file name, and the ending slashes are stripped off.

Returns the relative URL for the application. This is similar to getScriptUrl scriptUrl except that it does not have the script file name, and the ending slashes are stripped off.

Parameters

$absolute
boolean
$absolute whether to return an absolute URL. Defaults to false, meaning returning a relative one.

Returns

string
the relative URL for the application

See

CHttpRequest::setScriptUrl()
public
# setBaseUrl( string $value )

Sets the relative URL for the application. By default the URL is determined based on the entry script URL. This setter is provided in case you want to change this behavior.

Sets the relative URL for the application. By default the URL is determined based on the entry script URL. This setter is provided in case you want to change this behavior.

Parameters

$value
string
$value the relative URL for the application
public string
# getScriptUrl( )

Returns the relative URL of the entry script. The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework.

Returns the relative URL of the entry script. The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework.

Returns

string
the relative URL of the entry script.

Throws

CException
when it is unable to determine the entry script URL.
public
# setScriptUrl( string $value )

Sets the relative URL for the application entry script. This setter is provided in case the entry script URL cannot be determined on certain Web servers.

Sets the relative URL for the application entry script. This setter is provided in case the entry script URL cannot be determined on certain Web servers.

Parameters

$value
string
$value the relative URL for the application entry script.
public string
# getPathInfo( )

Returns the path info of the currently requested URL. This refers to the part that is after the entry script and before the question mark. The starting and ending slashes are stripped off.

Returns the path info of the currently requested URL. This refers to the part that is after the entry script and before the question mark. The starting and ending slashes are stripped off.

Returns

string
part of the request URL that is after the entry script and before the question mark. Note, the returned pathinfo is decoded starting from 1.1.4. Prior to 1.1.4, whether it is decoded or not depends on the server configuration (in most cases it is not decoded).

Throws

CException
if the request URI cannot be determined due to improper server configuration
protected string
# decodePathInfo( string $pathInfo )

Decodes the path info. This method is an improved variant of the native urldecode() function and used in getPathInfo getPathInfo() to decode the path part of the request URI. You may override this method to change the way the path info is being decoded.

Decodes the path info. This method is an improved variant of the native urldecode() function and used in getPathInfo getPathInfo() to decode the path part of the request URI. You may override this method to change the way the path info is being decoded.

Parameters

$pathInfo
string
$pathInfo encoded path info

Returns

string
decoded path info

Since

1.1.10
public string
# getRequestUri( )

Returns the request URI portion for the currently requested URL. This refers to the portion that is after the hostInfo host info part. It includes the queryString query string part if any. The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework.

Returns the request URI portion for the currently requested URL. This refers to the portion that is after the hostInfo host info part. It includes the queryString query string part if any. The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework.

Returns

string
the request URI portion for the currently requested URL.

Throws

CException
if the request URI cannot be determined due to improper server configuration
public string
# getQueryString( )

Returns part of the request URL that is after the question mark.

Returns part of the request URL that is after the question mark.

Returns

string
part of the request URL that is after the question mark
public boolean
# getIsSecureConnection( )

Return if the request is sent via secure channel (https).

Return if the request is sent via secure channel (https).

Returns

boolean
if the request is sent via secure channel (https)
public string
# getRequestType( )

Returns the request type, such as GET, POST, HEAD, PUT, PATCH, DELETE. Request type can be manually set in POST requests with a parameter named _method. Useful for RESTful request from older browsers which do not support PUT, PATCH or DELETE natively (available since version 1.1.11).

Returns the request type, such as GET, POST, HEAD, PUT, PATCH, DELETE. Request type can be manually set in POST requests with a parameter named _method. Useful for RESTful request from older browsers which do not support PUT, PATCH or DELETE natively (available since version 1.1.11).

Returns

string
request type, such as GET, POST, HEAD, PUT, PATCH, DELETE.
public boolean
# getIsPostRequest( )

Returns whether this is a POST request.

Returns whether this is a POST request.

Returns

boolean
whether this is a POST request.
public boolean
# getIsDeleteRequest( )

Returns whether this is a DELETE request.

Returns whether this is a DELETE request.

Returns

boolean
whether this is a DELETE request.

Since

1.1.7
protected boolean
# getIsDeleteViaPostRequest( )

Returns whether this is a DELETE request which was tunneled through POST.

Returns whether this is a DELETE request which was tunneled through POST.

Returns

boolean
whether this is a DELETE request tunneled through POST.

Since

1.1.11
public boolean
# getIsPutRequest( )

Returns whether this is a PUT request.

Returns whether this is a PUT request.

Returns

boolean
whether this is a PUT request.

Since

1.1.7
protected boolean
# getIsPutViaPostRequest( )

Returns whether this is a PUT request which was tunneled through POST.

Returns whether this is a PUT request which was tunneled through POST.

Returns

boolean
whether this is a PUT request tunneled through POST.

Since

1.1.11
public boolean
# getIsPatchRequest( )

Returns whether this is a PATCH request.

Returns whether this is a PATCH request.

Returns

boolean
whether this is a PATCH request.

Since

1.1.16
protected boolean
# getIsPatchViaPostRequest( )

Returns whether this is a PATCH request which was tunneled through POST.

Returns whether this is a PATCH request which was tunneled through POST.

Returns

boolean
whether this is a PATCH request tunneled through POST.

Since

1.1.16
public boolean
# getIsAjaxRequest( )

Returns whether this is an AJAX (XMLHttpRequest) request.

Returns whether this is an AJAX (XMLHttpRequest) request.

Returns

boolean
whether this is an AJAX (XMLHttpRequest) request.
public boolean
# getIsFlashRequest( )

Returns whether this is an Adobe Flash or Adobe Flex request.

Returns whether this is an Adobe Flash or Adobe Flex request.

Returns

boolean
whether this is an Adobe Flash or Adobe Flex request.

Since

1.1.11
public string
# getServerName( )

Returns the server name.

Returns the server name.

Returns

string
server name
public integer
# getServerPort( )

Returns the server port number.

Returns the server port number.

Returns

integer
server port number
public string
# getUrlReferrer( )

Returns the URL referrer, null if not present

Returns the URL referrer, null if not present

Returns

string
URL referrer, null if not present
public string
# getUserAgent( )

Returns the user agent, null if not present.

Returns the user agent, null if not present.

Returns

string
user agent, null if not present
public string
# getUserHostAddress( )

Returns the user IP address.

Returns the user IP address.

Returns

string
user IP address
public string
# getUserHost( )

Returns the user host name, null if it cannot be determined.

Returns the user host name, null if it cannot be determined.

Returns

string
user host name, null if cannot be determined
public string
# getScriptFile( )

Returns entry script file path.

Returns entry script file path.

Returns

string
entry script file path (processed w/ realpath())
public array
# getBrowser( string $userAgent = null )

Returns information about the capabilities of user browser.

Returns information about the capabilities of user browser.

Parameters

$userAgent
string
$userAgent the user agent to be analyzed. Defaults to null, meaning using the current User-Agent HTTP header information.

Returns

array
user browser capabilities.

See

http://www.php.net/manual/en/function.get-browser.php
public string
# getAcceptTypes( )

Returns user browser accept types, null if not present.

Returns user browser accept types, null if not present.

Returns

string
user browser accept types, null if not present
public integer
# getPort( )

Returns the port to use for insecure requests. Defaults to 80, or the port specified by the server if the current request is insecure. You may explicitly specify it by setting the setPort port property.

Returns the port to use for insecure requests. Defaults to 80, or the port specified by the server if the current request is insecure. You may explicitly specify it by setting the setPort port property.

Returns

integer
port number for insecure requests.

Since

1.1.3

See

CHttpRequest::setPort()
public
# setPort( integer $value )

Sets the port to use for insecure requests. This setter is provided in case a custom port is necessary for certain server configurations.

Sets the port to use for insecure requests. This setter is provided in case a custom port is necessary for certain server configurations.

Parameters

$value
integer
$value port number.

Since

1.1.3
public integer
# getSecurePort( )

Returns the port to use for secure requests. Defaults to 443, or the port specified by the server if the current request is secure. You may explicitly specify it by setting the setSecurePort securePort property.

Returns the port to use for secure requests. Defaults to 443, or the port specified by the server if the current request is secure. You may explicitly specify it by setting the setSecurePort securePort property.

Returns

integer
port number for secure requests.

Since

1.1.3

See

CHttpRequest::setSecurePort()
public
# setSecurePort( integer $value )

Sets the port to use for secure requests. This setter is provided in case a custom port is necessary for certain server configurations.

Sets the port to use for secure requests. This setter is provided in case a custom port is necessary for certain server configurations.

Parameters

$value
integer
$value port number.

Since

1.1.3
public CCookieCollection
# getCookies( )

Returns the cookie collection. The result can be used like an associative array. Adding CHttpCookie objects to the collection will send the cookies to the client; and removing the objects from the collection will delete those cookies on the client.

Returns the cookie collection. The result can be used like an associative array. Adding CHttpCookie objects to the collection will send the cookies to the client; and removing the objects from the collection will delete those cookies on the client.

Returns

CCookieCollection
the cookie collection.
public
# redirect( string $url, boolean $terminate = true, integer $statusCode = 302 )

Redirects the browser to the specified URL.

Redirects the browser to the specified URL.

Parameters

$url
string
$url URL to be redirected to. Note that when URL is not absolute (not starting with "/") it will be relative to current request URL.
$terminate
boolean
$terminate whether to terminate the current application
$statusCode
integer
$statusCode the HTTP status code. Defaults to 302. See http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html for details about HTTP status code.
public static array
# parseAcceptHeader( string $header )

Parses an HTTP Accept header, returning an array map with all parts of each entry. Each array entry consists of a map with the type, subType, baseType and params, an array map of key-value parameters, obligatorily including a q value (i.e. preference ranking) as a double. For example, an Accept header value of <span class="php-quote">'application/xhtml+xml;q=0.9;level=1'</span> would give an array entry of

array(
       'type' => 'application',
       'subType' => 'xhtml',
       'baseType' => 'xml',
       'params' => array(
           'q' => 0.9,
           'level' => '1',
       ),
)

Parses an HTTP Accept header, returning an array map with all parts of each entry. Each array entry consists of a map with the type, subType, baseType and params, an array map of key-value parameters, obligatorily including a q value (i.e. preference ranking) as a double. For example, an Accept header value of <span class="php-quote">'application/xhtml+xml;q=0.9;level=1'</span> would give an array entry of

array(
       'type' => 'application',
       'subType' => 'xhtml',
       'baseType' => 'xml',
       'params' => array(
           'q' => 0.9,
           'level' => '1',
       ),
)

Please note: To avoid great complexity, there are no steps taken to ensure that quoted strings are treated properly. If the header text includes quoted strings containing space or the , or ; characters then the results may not be correct!

See also http://tools.ietf.org/html/rfc2616#section-14.1 for details on Accept header.

Parameters

$header
string
$header the accept header value to parse

Returns

array
the user accepted MIME types.
public static integer
# compareAcceptTypes( array $a, array $b )

Compare function for determining the preference of accepted MIME type array maps See CHttpRequest::parseAcceptHeader() for the format of $a and $b

Compare function for determining the preference of accepted MIME type array maps See CHttpRequest::parseAcceptHeader() for the format of $a and $b

Parameters

$a
array
$a user accepted MIME type as an array map
$b
array
$b user accepted MIME type as an array map

Returns

integer
-1, 0 or 1 if $a has respectively greater preference, equal preference or less preference than $b (higher preference comes first).
public array
# getPreferredAcceptTypes( )

Returns an array of user accepted MIME types in order of preference. Each array entry consists of a map with the type, subType, baseType and params, an array map of key-value parameters. See CHttpRequest::parseAcceptHeader() for a description of the array map.

Returns an array of user accepted MIME types in order of preference. Each array entry consists of a map with the type, subType, baseType and params, an array map of key-value parameters. See CHttpRequest::parseAcceptHeader() for a description of the array map.

Returns

array
the user accepted MIME types, as array maps, in the order of preference.
public array
# getPreferredAcceptType( )

Returns the user preferred accept MIME type. The MIME type is returned as an array map (see CHttpRequest::parseAcceptHeader()).

Returns the user preferred accept MIME type. The MIME type is returned as an array map (see CHttpRequest::parseAcceptHeader()).

Returns

array
the user preferred accept MIME type or false if the user does not have any.
public array
# getPreferredLanguages( )

Returns an array of user accepted languages in order of preference. The returned language IDs will NOT be canonicalized using CLocale::getCanonicalID().

Returns an array of user accepted languages in order of preference. The returned language IDs will NOT be canonicalized using CLocale::getCanonicalID().

Returns

array
the user accepted languages in the order of preference. See http://tools.ietf.org/html/rfc2616#section-14.4
public string
# getPreferredLanguage( array $languages = array() )

Returns the user-preferred language that should be used by this application. The language resolution is based on the user preferred languages and the languages supported by the application. The method will try to find the best match.

Returns the user-preferred language that should be used by this application. The language resolution is based on the user preferred languages and the languages supported by the application. The method will try to find the best match.

Parameters

$languages
array
$languages a list of the languages supported by the application. If empty, this method will return the first language returned by [[getPreferredLanguages()]].

Returns

string
the language that the application should use. false is returned if both [[getPreferredLanguages()]] and $languages are empty.
public
# sendFile( string $fileName, string $content, string $mimeType = null, boolean $terminate = true )

Sends a file to user.

Sends a file to user.

Parameters

$fileName
string
$fileName file name
$content
string
$content content to be set.
$mimeType
string
$mimeType mime type of the content. If null, it will be guessed automatically based on the given file name.
$terminate
boolean
$terminate whether to terminate the current application after calling this method
public
# xSendFile( string $filePath, array $options = array() )

Sends existing file to a browser as a download using x-sendfile.

Sends existing file to a browser as a download using x-sendfile.

X-Sendfile is a feature allowing a web application to redirect the request for a file to the webserver that in turn processes the request, this way eliminating the need to perform tasks like reading the file and sending it to the user. When dealing with a lot of files (or very big files) this can lead to a great increase in performance as the web application is allowed to terminate earlier while the webserver is handling the request.

The request is sent to the server through a special non-standard HTTP-header. When the web server encounters the presence of such header it will discard all output and send the file specified by that header using web server internals including all optimizations like caching-headers.

As this header directive is non-standard different directives exists for different web servers applications:
  • Apache: X-Sendfile
  • Lighttpd v1.4: X-LIGHTTPD-send-file
  • Lighttpd v1.5: X-Sendfile
  • Nginx: X-Accel-Redirect
  • Cherokee: X-Sendfile and X-Accel-Redirect
So for this method to work the X-SENDFILE option/module should be enabled by the web server and a proper xHeader should be sent.

Note: This option allows to download files that are not under web folders, and even files that are otherwise protected (deny from all) like .htaccess

Side effects: If this option is disabled by the web server, when this method is called a download configuration dialog will open but the downloaded file will have 0 bytes.

Known issues: There is a Bug with Internet Explorer 6, 7 and 8 when X-SENDFILE is used over an SSL connection, it will show an error message like this: "Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found.". You can work around this problem by removing the Pragma-header.

Example:

<?php
   Yii::app()->request->xSendFile('/home/user/Pictures/picture1.jpg',array(
       'saveName'=>'image1.jpg',
       'mimeType'=>'image/jpeg',
       'terminate'=>false,
   ));
?>

Parameters

$filePath
string
$filePath file name with full path
$options
array
$options additional options:
  • saveName: file name shown to the user, if not set real file name will be used
  • mimeType: mime type of the file, if not set it will be guessed automatically based on the file name, if set to null no content-type header will be sent.
  • xHeader: appropriate x-sendfile header, defaults to "X-Sendfile"
  • terminate: whether to terminate the current application after calling this method, defaults to true
  • forceDownload: specifies whether the file will be downloaded or shown inline, defaults to true. (Since version 1.1.9.)
  • addHeaders: an array of additional http headers in header-value pairs (available since version 1.1.10)
public string
# getCsrfToken( )

Returns the random token used to perform CSRF validation. The token will be read from cookie first. If not found, a new token will be generated.

Returns the random token used to perform CSRF validation. The token will be read from cookie first. If not found, a new token will be generated.

Returns

string
the random token for CSRF validation.

See

CHttpRequest::$enableCsrfValidation
protected CHttpCookie
# createCsrfCookie( )

Creates a cookie with a randomly generated CSRF token. Initial values specified in CHttpRequest::$csrfCookie will be applied to the generated cookie.

Creates a cookie with a randomly generated CSRF token. Initial values specified in CHttpRequest::$csrfCookie will be applied to the generated cookie.

Returns

CHttpCookie
the generated cookie

See

CHttpRequest::$enableCsrfValidation
public
# validateCsrfToken( CEvent $event )

Performs the CSRF validation. This is the event handler responding to CApplication::onBeginRequest(). The default implementation will compare the CSRF token obtained from a cookie and from a POST field. If they are different, a CSRF attack is detected.

Performs the CSRF validation. This is the event handler responding to CApplication::onBeginRequest(). The default implementation will compare the CSRF token obtained from a cookie and from a POST field. If they are different, a CSRF attack is detected.

Parameters

$event
CEvent
$event event parameter

Throws

CHttpException
if the validation fails
public string
# getHttpVersion( )

Returns the version of the HTTP protocol used by client.

Returns the version of the HTTP protocol used by client.

Returns

string
the version of the HTTP protocol.

Since

1.1.16
Methods inherited from CApplicationComponent
getIsInitialized()
Methods inherited from CComponent
__call(), __get(), __isset(), __set(), __unset(), asa(), attachBehavior(), attachBehaviors(), attachEventHandler(), canGetProperty(), canSetProperty(), detachBehavior(), detachBehaviors(), detachEventHandler(), disableBehavior(), disableBehaviors(), enableBehavior(), enableBehaviors(), evaluateExpression(), getEventHandlers(), hasEvent(), hasEventHandler(), hasProperty(), raiseEvent()
Properties summary
public boolean $enableCookieValidation false
#

whether cookies should be validated to ensure they are not tampered. Defaults to false.

whether cookies should be validated to ensure they are not tampered. Defaults to false.
public boolean $enableCsrfValidation false
#

whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to false. By setting this property to true, forms submitted to an Yii Web application must be originated from the same application. If not, a 400 HTTP exception will be raised. Note, this feature requires that the user client accepts cookie. You also need to use CHtml::form() or CHtml::statefulForm() to generate the needed HTML forms in your pages.

whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to false. By setting this property to true, forms submitted to an Yii Web application must be originated from the same application. If not, a 400 HTTP exception will be raised. Note, this feature requires that the user client accepts cookie. You also need to use CHtml::form() or CHtml::statefulForm() to generate the needed HTML forms in your pages.

See

http://seclab.stanford.edu/websec/csrf/csrf.pdf
public string $csrfTokenName 'YII_CSRF_TOKEN'
#

the name of the token used to prevent CSRF. Defaults to 'YII_CSRF_TOKEN'. This property is effectively only when CHttpRequest::$enableCsrfValidation is true.

the name of the token used to prevent CSRF. Defaults to 'YII_CSRF_TOKEN'. This property is effectively only when CHttpRequest::$enableCsrfValidation is true.
public array $csrfCookie
#

the property values (in name-value pairs) used to initialize the CSRF cookie. Any property of CHttpCookie may be initialized. This property is effective only when CHttpRequest::$enableCsrfValidation is true.

the property values (in name-value pairs) used to initialize the CSRF cookie. Any property of CHttpCookie may be initialized. This property is effective only when CHttpRequest::$enableCsrfValidation is true.
Properties inherited from CApplicationComponent
$behaviors
Magic properties summary
public string $url
#

Part of the request URL after the host info.

Part of the request URL after the host info.
public string $hostInfo
#

Schema and hostname part (with port number if needed) of the request URL (e.g. http://www.yiiframework.com).

Schema and hostname part (with port number if needed) of the request URL (e.g. http://www.yiiframework.com).
public string $baseUrl
#

The relative URL for the application.

The relative URL for the application.
public string $scriptUrl
#

The relative URL of the entry script.

The relative URL of the entry script.
public string $pathInfo
#

Part of the request URL that is after the entry script and before the question mark. Note, the returned pathinfo is decoded starting from 1.1.4. Prior to 1.1.4, whether it is decoded or not depends on the server configuration (in most cases it is not decoded).

Part of the request URL that is after the entry script and before the question mark. Note, the returned pathinfo is decoded starting from 1.1.4. Prior to 1.1.4, whether it is decoded or not depends on the server configuration (in most cases it is not decoded).
public string $requestUri
#

The request URI portion for the currently requested URL.

The request URI portion for the currently requested URL.
public string $queryString
#

Part of the request URL that is after the question mark.

Part of the request URL that is after the question mark.
public boolean $isSecureConnection
#

If the request is sent via secure channel (https).

If the request is sent via secure channel (https).
public string $requestType
#

Request type, such as GET, POST, HEAD, PUT, PATCH, DELETE.

Request type, such as GET, POST, HEAD, PUT, PATCH, DELETE.
public boolean $isPostRequest
#

Whether this is a POST request.

Whether this is a POST request.
public boolean $isDeleteRequest
#

Whether this is a DELETE request.

Whether this is a DELETE request.
public boolean $isPutRequest
#

Whether this is a PUT request.

Whether this is a PUT request.
public boolean $isPatchRequest
#

Whether this is a PATCH request.

Whether this is a PATCH request.
public boolean $isAjaxRequest
#

Whether this is an AJAX (XMLHttpRequest) request.

Whether this is an AJAX (XMLHttpRequest) request.
public boolean $isFlashRequest
#

Whether this is an Adobe Flash or Adobe Flex request.

Whether this is an Adobe Flash or Adobe Flex request.
public string $serverName
#

Server name.

Server name.
public integer $serverPort
#

Server port number.

Server port number.
public string $urlReferrer
#

URL referrer, null if not present.

URL referrer, null if not present.
public string $userAgent
#

User agent, null if not present.

User agent, null if not present.
public string $userHostAddress
#

User IP address.

User IP address.
public string $userHost
#

User host name, null if cannot be determined.

User host name, null if cannot be determined.
public string $scriptFile
#

Entry script file path (processed w/ realpath()).

Entry script file path (processed w/ realpath()).
public array $browser
#

User browser capabilities.

User browser capabilities.
public string $acceptTypes
#

User browser accept types, null if not present.

User browser accept types, null if not present.
public integer $port
#

Port number for insecure requests.

Port number for insecure requests.
public integer $securePort
#

Port number for secure requests.

Port number for secure requests.
public array $preferredAcceptType
#

The user preferred accept type as an array map, e.g. array('type' => 'application', 'subType' => 'xhtml', 'baseType' => 'xml', 'params' => array('q' => 0.9)).

The user preferred accept type as an array map, e.g. array('type' => 'application', 'subType' => 'xhtml', 'baseType' => 'xml', 'params' => array('q' => 0.9)).
public array $preferredAcceptTypes
#

An array of all user accepted types (as array maps like array('type' => 'application', 'subType' => 'xhtml', 'baseType' => 'xml', 'params' => array('q' => 0.9)) ) in order of preference.

An array of all user accepted types (as array maps like array('type' => 'application', 'subType' => 'xhtml', 'baseType' => 'xml', 'params' => array('q' => 0.9)) ) in order of preference.
public string $preferredLanguage
#

The user preferred language.

The user preferred language.
public array $preferredLanguages
#

An array of all user accepted languages in order of preference.

An array of all user accepted languages in order of preference.
public string $csrfToken
#

The random token for CSRF validation.

The random token for CSRF validation.
Magic properties inherited from CApplicationComponent
$isInitialized
API documentation generated by ApiGen 2.8.0