PKPRequest.inc.php

<?php
 
class PKPRequest {
   //
   // Internal state - please do not reference directly
   //
   var $_router = null;
 
   var $_dispatcher = null;
 
   var $_requestVars = null;
 
   var $_basePath;
 
   var $_requestPath;
 
   var $_isRestfulUrlsEnabled;
 
   var $_isPathInfoEnabled;
 
   var $_serverHost;
 
   var $_protocol;
 
   var $_isBot;
 
   var $_userAgent;
 
 
   function &getRouter() {
      return $this->_router;
   }
 
   function setRouter($router) {
      $this->_router = $router;
   }
 
   function setDispatcher($dispatcher) {
      $this->_dispatcher = $dispatcher;
   }
 
   function &getDispatcher() {
      return $this->_dispatcher;
   }
 
 
   function redirectUrl($url) {
      if (HookRegistry::call('Request::redirect', array(&$url))) {
         return;
      }
 
      header("Location: $url");
      exit();
   }
 
   function redirectUrlJson($url) {
      import('lib.pkp.classes.core.JSONMessage');
      $json = new JSONMessage(true);
      $json->setEvent('redirectRequested', $url);
      return $json;
   }
 
   function redirectSSL() {
      // Note that we are intentionally skipping PKP processing of REQUEST_URI and QUERY_STRING for a protocol redirect
      // This processing is deferred to the redirected (target) URI
      $url = 'https://' . $this->getServerHost() . $_SERVER['REQUEST_URI'];
      $queryString = $_SERVER['QUERY_STRING'];
      if (!empty($queryString)) $url .= "?$queryString";
      $this->redirectUrl($url);
   }
 
   function redirectNonSSL() {
      // Note that we are intentionally skipping PKP processing of REQUEST_URI and QUERY_STRING for a protocol redirect
      // This processing is deferred to the redirected (target) URI
      $url = 'http://' . $this->getServerHost() . $_SERVER['REQUEST_URI'];
      $queryString = $_SERVER['QUERY_STRING'];
      if (!empty($queryString)) $url .= "?$queryString";
      $this->redirectUrl($url);
   }
 
   function getIfModifiedSince() {
      if (!isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) return null;
      return strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']);
   }
 
   function getBaseUrl($allowProtocolRelative = false) {
      $serverHost = $this->getServerHost(false);
      if ($serverHost !== false) {
         // Auto-detection worked.
         if ($allowProtocolRelative) {
            $baseUrl = '//' . $this->getServerHost() . $this->getBasePath();
         } else {
            $baseUrl = $this->getProtocol() . '://' . $this->getServerHost() . $this->getBasePath();
         }
      } else {
         // Auto-detection didn't work (e.g. this is a command-line call); use configuration param
         $baseUrl = Config::getVar('general', 'base_url');
      }
      HookRegistry::call('Request::getBaseUrl', array(&$baseUrl));
      return $baseUrl;
   }
 
   function getBasePath() {
      if (!isset($this->_basePath)) {
         // Strip the PHP filename off of the script's executed path
         // We expect the SCRIPT_NAME to look like /path/to/file.php
         // If the SCRIPT_NAME ends in /, assume this is the directory and the script's actual name
         // is masked as the DirectoryIndex
         // If the SCRIPT_NAME ends in neither / or .php, assume the the script's actual name is masked
         // and we need to avoid stripping the terminal directory
         $path = preg_replace('#/[^/]*$#', '', $_SERVER['SCRIPT_NAME'].(substr($_SERVER['SCRIPT_NAME'], -1) == '/' || preg_match('#.php$#i', $_SERVER['SCRIPT_NAME']) ? '' : '/'));
 
         // Encode characters which need to be encoded in a URL.
         // Simply using rawurlencode() doesn't work because it
         // also encodes characters which are valid in a URL (i.e. @, $).
         $parts = explode('/', $path);
         foreach ($parts as $i => $part) {
            $pieces = array_map(array($this, 'encodeBasePathFragment'), str_split($part));
            $parts[$i] = implode('', $pieces);
         }
         $this->_basePath = implode('/', $parts);
 
         if ($this->_basePath == '/' || $this->_basePath == '\\') {
            $this->_basePath = '';
         }
         HookRegistry::call('Request::getBasePath', array(&$this->_basePath));
      }
 
      return $this->_basePath;
   }
 
   function encodeBasePathFragment($fragment) {
      if (!preg_match('/[A-Za-z0-9-._~!$&\'()*+,;=:@]/', $fragment)) {
         return rawurlencode($fragment);
      }
      return $fragment;
   }
 
   function getIndexUrl() {
      static $indexUrl;
 
      if (!isset($indexUrl)) {
         $indexUrl = $this->_delegateToRouter('getIndexUrl');
 
         // Call legacy hook
         HookRegistry::call('Request::getIndexUrl', array(&$indexUrl));
      }
 
      return $indexUrl;
   }
 
   function getCompleteUrl() {
      static $completeUrl;
 
      if (!isset($completeUrl)) {
         $completeUrl = $this->getRequestUrl();
         $queryString = $this->getQueryString();
         if (!empty($queryString)) $completeUrl .= "?$queryString";
         HookRegistry::call('Request::getCompleteUrl', array(&$completeUrl));
      }
 
      return $completeUrl;
   }
 
   function getRequestUrl() {
      static $requestUrl;
 
      if (!isset($requestUrl)) {
         $requestUrl = $this->getProtocol() . '://' . $this->getServerHost() . $this->getRequestPath();
         HookRegistry::call('Request::getRequestUrl', array(&$requestUrl));
      }
 
      return $requestUrl;
   }
 
   function getQueryString() {
      static $queryString;
 
      if (!isset($queryString)) {
         $queryString = isset($_SERVER['QUERY_STRING'])?$_SERVER['QUERY_STRING']:'';
         HookRegistry::call('Request::getQueryString', array(&$queryString));
      }
 
      return $queryString;
   }
 
   function getQueryArray() {
      $queryString = $this->getQueryString();
      $queryArray = array();
 
      if (isset($queryString)) {
         parse_str($queryString, $queryArray);
      }
 
      // Filter out disable_path_info reserved parameters
      foreach (array_merge(Application::getContextList(), array('path', 'page', 'op')) as $varName) {
         if (isset($queryArray[$varName])) unset($queryArray[$varName]);
      }
 
      return $queryArray;
   }
 
   function getRequestPath() {
      if (!isset($this->_requestPath)) {
         if ($this->isRestfulUrlsEnabled()) {
            $this->_requestPath = $this->getBasePath();
         } else {
            $this->_requestPath = isset($_SERVER['SCRIPT_NAME'])?$_SERVER['SCRIPT_NAME']:'';
         }
 
         if ($this->isPathInfoEnabled()) {
            $this->_requestPath .= isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '';
         }
         HookRegistry::call('Request::getRequestPath', array(&$this->_requestPath));
      }
      return $this->_requestPath;
   }
 
   function getServerHost($default = null, $includePort = true) {
      if ($default === null) $default = 'localhost';
 
      if (!isset($this->_serverHost)) {
         $this->_serverHost = isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST']
            : (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST']
            : (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME']
            : $default));
         // in case of multiple host entries in the header (e.g. multiple reverse proxies) take the first entry
         $this->_serverHost = strtok($this->_serverHost, ',');
         HookRegistry::call('Request::getServerHost', array(&$this->_serverHost, &$default, &$includePort));
      }
      if (!$includePort) {
         // Strip the port number, if one is included. (#3912)
         return preg_replace("/:\d*$/", '', $this->_serverHost);
      }
      return $this->_serverHost;
   }
 
   function getProtocol() {
      if (!isset($this->_protocol)) {
         $this->_protocol = (!isset($_SERVER['HTTPS']) || strtolower_codesafe($_SERVER['HTTPS']) != 'on') ? 'http' : 'https';
         HookRegistry::call('Request::getProtocol', array(&$this->_protocol));
      }
      return $this->_protocol;
   }
 
   function getRequestMethod() {
      return (isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : '');
   }
 
   function isPost() {
      return ($this->getRequestMethod() == 'POST');
   }
 
   function isGet() {
      return ($this->getRequestMethod() == 'GET');
   }
 
   function checkCSRF() {
      $session = $this->getSession();
      return $this->getUserVar('csrfToken') == $session->getCSRFToken();
   }
 
   function getRemoteAddr() {
      $ipaddr =& Registry::get('remoteIpAddr'); // Reference required.
      if (is_null($ipaddr)) {
         if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) &&
            Config::getVar('general', 'trust_x_forwarded_for', true) &&
            preg_match_all('/([0-9.a-fA-F:]+)/', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches)) {
         } else if (isset($_SERVER['REMOTE_ADDR']) &&
            preg_match_all('/([0-9.a-fA-F:]+)/', $_SERVER['REMOTE_ADDR'], $matches)) {
         } else if (preg_match_all('/([0-9.a-fA-F:]+)/', getenv('REMOTE_ADDR'), $matches)) {
         } else {
            $ipaddr = '';
         }
 
         if (!isset($ipaddr)) {
            // If multiple addresses are listed, take the last. (Supports ipv6.)
            $ipaddr = $matches[0][count($matches[0])-1];
         }
         HookRegistry::call('Request::getRemoteAddr', array(&$ipaddr));
      }
      return $ipaddr;
   }
 
   function getRemoteDomain() {
      static $remoteDomain;
      if (!isset($remoteDomain)) {
         $remoteDomain = null;
         $remoteDomain = @getHostByAddr($this->getRemoteAddr());
         HookRegistry::call('Request::getRemoteDomain', array(&$remoteDomain));
      }
      return $remoteDomain;
   }
 
   function getUserAgent() {
      if (!isset($this->_userAgent)) {
         if (isset($_SERVER['HTTP_USER_AGENT'])) {
            $this->_userAgent = $_SERVER['HTTP_USER_AGENT'];
         }
         if (!isset($this->_userAgent) || empty($this->_userAgent)) {
            $this->_userAgent = getenv('HTTP_USER_AGENT');
         }
         if (!isset($this->_userAgent) || $this->_userAgent == false) {
            $this->_userAgent = '';
         }
         HookRegistry::call('Request::getUserAgent', array(&$this->_userAgent));
      }
      return $this->_userAgent;
   }
 
   function isBot() {
      if (!isset($this->_isBot)) {
         $userAgent = $this->getUserAgent();
         $this->_isBot = Core::isUserAgentBot($userAgent);
      }
      return $this->_isBot;
   }
 
   function isPathInfoEnabled() {
      if (!isset($this->_isPathInfoEnabled)) {
         $this->_isPathInfoEnabled = Config::getVar('general', 'disable_path_info')?false:true;
      }
      return $this->_isPathInfoEnabled;
   }
 
   function isRestfulUrlsEnabled() {
      if (!isset($this->_isRestfulUrlsEnabled)) {
         $this->_isRestfulUrlsEnabled = Config::getVar('general', 'restful_urls')?true:false;
      }
      return $this->_isRestfulUrlsEnabled;
   }
 
   function &getSite() {
      $site =& Registry::get('site', true, null);
      if ($site === null) {
         $siteDao = DAORegistry::getDAO('SiteDAO'); /* @var $siteDao SiteDAO */
         $site = $siteDao->getSite();
         // PHP bug? This is needed for some reason or extra queries results.
         Registry::set('site', $site);
      }
 
      return $site;
   }
 
   function &getSession() {
      $session =& Registry::get('session', true, null);
 
      if ($session === null) {
         $sessionManager = SessionManager::getManager();
         $session = $sessionManager->getUserSession();
      }
 
      return $session;
   }
 
   function &getUser() {
      $user =& Registry::get('user', true, null);
 
      $router = $this->getRouter();
      if (!is_null($handler = $router->getHandler()) && !is_null($token = $handler->getApiToken())) {
         if ($user === null) {
            $userDao = DAORegistry::getDAO('UserDAO'); /* @var $userDao UserDAO */
            $user = $userDao->getBySetting('apiKey', $token);
         }
         if (is_null($user) || !$user->getData('apiKeyEnabled')) {
            $user = null;
         }
         return $user;
      }
 
      if ($user === null) {
         $sessionManager = SessionManager::getManager();
         $session = $sessionManager->getUserSession();
         $user = $session->getUser();
      }
 
      return $user;
   }
 
   function getUserVar($key) {
      // special treatment for APIRouter. APIHandler gets to fetch parameter first
      $router = $this->getRouter();
      if (is_a($router, 'APIRouter') && (!is_null($handler = $router->getHandler()))) {
         $handler = $router->getHandler();
         $value = $handler->getParameter($key);
         if (!is_null($value)) {
            return $value;
         }
      }
 
      // Get all vars (already cleaned)
      $vars = $this->getUserVars();
 
      if (isset($vars[$key])) {
         return $vars[$key];
      } else {
         return null;
      }
   }
 
   function &getUserVars() {
      if (!isset($this->_requestVars)) {
         $this->_requestVars = array_map(function($s) {
            return is_string($s)?trim($s):$s;
         }, array_merge($_GET, $_POST));
      }
 
      return $this->_requestVars;
   }
 
   function getUserDateVar($prefix, $defaultDay = null, $defaultMonth = null, $defaultYear = null, $defaultHour = 0, $defaultMinute = 0, $defaultSecond = 0) {
      $monthPart = $this->getUserVar($prefix . 'Month');
      $dayPart = $this->getUserVar($prefix . 'Day');
      $yearPart = $this->getUserVar($prefix . 'Year');
      $hourPart = $this->getUserVar($prefix . 'Hour');
      $minutePart = $this->getUserVar($prefix . 'Minute');
      $secondPart = $this->getUserVar($prefix . 'Second');
 
      switch ($this->getUserVar($prefix . 'Meridian')) {
         case 'pm':
            if (is_numeric($hourPart) && $hourPart != 12) $hourPart += 12;
            break;
         case 'am':
         default:
            // Do nothing.
            break;
      }
 
      if (empty($dayPart)) $dayPart = $defaultDay;
      if (empty($monthPart)) $monthPart = $defaultMonth;
      if (empty($yearPart)) $yearPart = $defaultYear;
      if (empty($hourPart)) $hourPart = $defaultHour;
      if (empty($minutePart)) $minutePart = $defaultMinute;
      if (empty($secondPart)) $secondPart = $defaultSecond;
 
      if (empty($monthPart) || empty($dayPart) || empty($yearPart)) return null;
      return mktime($hourPart, $minutePart, $secondPart, $monthPart, $dayPart, $yearPart);
   }
 
   function getCookieVar($key) {
      if (isset($_COOKIE[$key])) {
         return $_COOKIE[$key];
      } else {
         return null;
      }
   }
 
   function setCookieVar($key, $value, $expire = 0) {
      $basePath = $this->getBasePath();
      if (!$basePath) $basePath = '/';
 
      setcookie($key, $value, $expire, $basePath);
      $_COOKIE[$key] = $value;
   }
 
   function redirect($context = null, $page = null, $op = null, $path = null, $params = null, $anchor = null) {
      $dispatcher = $this->getDispatcher();
      $this->redirectUrl($dispatcher->url($this, ROUTE_PAGE, $context, $page, $op, $path, $params, $anchor));
   }
 
   function &getContext() {
      return $this->_delegateToRouter('getContext');
   }
 
   function getRequestedContextPath($contextLevel = null) {
      // Emulate the old behavior of getRequestedContextPath for
      // backwards compatibility.
      if (is_null($contextLevel)) {
         return $this->_delegateToRouter('getRequestedContextPaths');
      } else {
         return array($this->_delegateToRouter('getRequestedContextPath', $contextLevel));
      }
   }
 
   function getRequestedPage() {
      return $this->_delegateToRouter('getRequestedPage');
   }
 
   function getRequestedOp() {
      return $this->_delegateToRouter('getRequestedOp');
   }
 
   function getRequestedArgs() {
      return $this->_delegateToRouter('getRequestedArgs');
   }
 
   function url($context = null, $page = null, $op = null, $path = null,
            $params = null, $anchor = null, $escape = false) {
      return $this->_delegateToRouter('url', $context, $page, $op, $path,
            $params, $anchor, $escape);
   }
 
   function &_delegateToRouter($method) {
      // This call is deprecated. We don't trigger a
      // deprecation error, though, as there are so
      // many instances of this error that it has a
      // performance impact and renders the error
      // log virtually useless when deprecation
      // warnings are switched on.
      // FIXME: Fix enough instances of this error so that
      // we can put a deprecation warning in here.
      $router = $this->getRouter();
 
      if (is_null($router)) {
         assert(false);
         $nullValue = null;
         return $nullValue;
      }
 
      // Construct the method call
      $callable = array($router, $method);
 
      // Get additional parameters but replace
      // the first parameter (currently the
      // method to be called) with the request
      // as all router methods required the request
      // as their first parameter.
      $parameters = func_get_args();
      $parameters[0] =& $this;
 
      $returner = call_user_func_array($callable, $parameters);
      return $returner;
   }
}