Request

__construct(array $query = array(), array $request = array(), array $attributes = array(), array $cookies = array(), array $files = array(), array $server = array(), string|resource $content = null)

Parameters

array	$query	The GET parameters
array	$request	The POST parameters
array	$attributes	The request attributes (parameters parsed from the PATH_INFO, ...)
array	$cookies	The COOKIE parameters
array	$files	The FILES parameters
array	$server	The SERVER parameters
string|resource	$content	The raw body data

initialize(array $query = array(), array $request = array(), array $attributes = array(), array $cookies = array(), array $files = array(), array $server = array(), string|resource $content = null)

Sets the parameters for this request.

This method also re-initializes all properties.

Parameters

array	$query	The GET parameters
array	$request	The POST parameters
array	$attributes	The request attributes (parameters parsed from the PATH_INFO, ...)
array	$cookies	The COOKIE parameters
array	$files	The FILES parameters
array	$server	The SERVER parameters
string|resource	$content	The raw body data

static Request createFromGlobals()

Creates a new request with values from PHP's super globals.

Return Value

Request

static Request create(string $uri, string $method = 'GET', array $parameters = array(), array $cookies = array(), array $files = array(), array $server = array(), string $content = null)

Creates a Request based on a given URI and configuration.

The information contained in the URI always take precedence over the other information (server and parameters).

Parameters

string	$uri	The URI
string	$method	The HTTP method
array	$parameters	The query (GET) or request (POST) parameters
array	$cookies	The request cookies ($_COOKIE)
array	$files	The request files ($_FILES)
array	$server	The server parameters ($_SERVER)
string	$content	The raw body data

Return Value

Request

static setFactory(callable|null $callable)

Sets a callable able to create a Request instance.

This is mainly useful when you need to override the Request class to keep BC with an existing system. It should not be used for any other purpose.

Parameters

callable|null

$callable

A PHP callable

Request duplicate(array $query = null, array $request = null, array $attributes = null, array $cookies = null, array $files = null, array $server = null)

Clones a request and overrides some of its parameters.

Parameters

array	$query	The GET parameters
array	$request	The POST parameters
array	$attributes	The request attributes (parameters parsed from the PATH_INFO, ...)
array	$cookies	The COOKIE parameters
array	$files	The FILES parameters
array	$server	The SERVER parameters

Return Value

Request

__clone()

Clones the current request.

Note that the session is not cloned as duplicated requests are most of the time sub-requests of the main one.

string __toString()

Returns the request as a string.

Return Value

string

The request

overrideGlobals()

Overrides the PHP global variables according to this request instance.

It overrides $GET, $POST, $REQUEST, $SERVER, $COOKIE. $FILES is never overridden, see rfc1867

static setTrustedProxies(array $proxies, int $trustedHeaderSet)

Sets a list of trusted proxies.

You should only list the reverse proxies that you manage directly.

Parameters

array	$proxies	A list of trusted proxies
int	$trustedHeaderSet	A bit field of Request::HEADER_*, to set which headers to trust from your proxies

Exceptions

InvalidArgumentException

When $trustedHeaderSet is invalid

static array getTrustedProxies()

Gets the list of trusted proxies.

Return Value

array

An array of trusted proxies

static int getTrustedHeaderSet()

Gets the set of trusted headers from trusted proxies.

Return Value

int	A bit field of Request::HEADER_* that defines which headers are trusted from your proxies

static setTrustedHosts(array $hostPatterns)

Sets a list of trusted host patterns.

You should only list the hosts you manage using regexs.

Parameters

array

$hostPatterns

A list of trusted host patterns

static array getTrustedHosts()

Gets the list of trusted host patterns.

Return Value

array

An array of trusted host patterns

static string normalizeQueryString(string $qs)

Normalizes a query string.

It builds a normalized query string, where keys/value pairs are alphabetized, have consistent escaping and unneeded delimiters are removed.

Parameters

string

$qs

Query string

Return Value

string

A normalized query string for the Request

static enableHttpMethodParameterOverride()

Enables support for the _method request parameter to determine the intended HTTP method.

Be warned that enabling this feature might lead to CSRF issues in your code. Check that you are using CSRF tokens when required. If the HTTP method parameter override is enabled, an html-form with method "POST" can be altered and used to send a "PUT" or "DELETE" request via the _method request parameter. If these methods are not protected against CSRF, this presents a possible vulnerability.

The HTTP method can only be overridden when the real HTTP method is POST.

static bool getHttpMethodParameterOverride()

Checks whether support for the _method request parameter is enabled.

Return Value

bool	True when the _method request parameter is enabled, false otherwise

mixed get(string $key, mixed $default = null)

Gets a "parameter" value from any bag.

This method is mainly useful for libraries that want to provide some flexibility. If you don't need the flexibility in controllers, it is better to explicitly get request parameters from the appropriate public property instead (attributes, query, request).

Order of precedence: PATH (routing placeholders or custom attributes), GET, BODY

Parameters

string	$key	The key
mixed	$default	The default value if the parameter key does not exist

Return Value

mixed

SessionInterface|null getSession()

Gets the Session.

Return Value

SessionInterface|null

The session

bool hasPreviousSession()

Whether the request contains a Session which was started in one of the previous requests.

Return Value

bool

bool hasSession()

Whether the request contains a Session object.

This method does not give any information about the state of the session object, like whether the session is started or not. It is just a way to check if this Request is associated with a Session instance.

Return Value

bool	true when the Request contains a Session object, false otherwise

setSession(SessionInterface $session)

Sets the Session.

Parameters

SessionInterface

$session

The Session

array getClientIps()

Returns the client IP addresses.

In the returned array the most trusted IP address is first, and the least trusted one last. The "real" client IP address is the last one, but this is also the least trusted one. Trusted proxies are stripped.

Use this method carefully; you should use getClientIp() instead.

Return Value

array

The client IP addresses

See also

getClientIp()

string|null getClientIp()

Returns the client IP address.

This method can read the client IP address from the "X-Forwarded-For" header when trusted proxies were set via "setTrustedProxies()". The "X-Forwarded-For" header value is a comma+space separated list of IP addresses, the left-most being the original client, and each successive proxy that passed the request adding the IP address where it received the request from.

Return Value

string|null

The client IP address

See also

getClientIps()
http://en.wikipedia.org/wiki/X-Forwarded-For

string getScriptName()

Returns current script name.

Return Value

string

string getPathInfo()

Returns the path being requested relative to the executed script.

The path info always starts with a /.

Suppose this request is instantiated from /mysite on localhost:

• http://localhost/mysite returns an empty string
• http://localhost/mysite/about returns '/about'
• http://localhost/mysite/enco%20ded returns '/enco%20ded'
• http://localhost/mysite/about?var=1 returns '/about'

Return Value

string

The raw path (i.e. not urldecoded)

string getBasePath()

Returns the root path from which this request is executed.

Suppose that an index.php file instantiates this request object:

• http://localhost/index.php returns an empty string
• http://localhost/index.php/page returns an empty string
• http://localhost/web/index.php returns '/web'
• http://localhost/we%20b/index.php returns '/we%20b'

Return Value

string

The raw path (i.e. not urldecoded)

string getBaseUrl()

Returns the root URL from which this request is executed.

The base URL never ends with a /.

This is similar to getBasePath(), except that it also includes the script filename (e.g. index.php) if one exists.

Return Value

string

The raw URL (i.e. not urldecoded)

string getScheme()

Gets the request's scheme.

Return Value

string

int|string getPort()

Returns the port on which the request is made.

This method can read the client port from the "X-Forwarded-Port" header when trusted proxies were set via "setTrustedProxies()".

The "X-Forwarded-Port" header must contain the client port.

Return Value

int|string

can be a string if fetched from the server bag

string|null getUser()

Returns the user.

Return Value

string|null

string|null getPassword()

Returns the password.

Return Value

string|null

string getUserInfo()

Gets the user info.

Return Value

string

A user name and, optionally, scheme-specific information about how to gain authorization to access the server

string getHttpHost()

Returns the HTTP host being requested.

The port name will be appended to the host if it's non-standard.

Return Value

string

string getRequestUri()

Returns the requested URI (path and query string).

Return Value

string

The raw URI (i.e. not URI decoded)

string getSchemeAndHttpHost()

Gets the scheme and HTTP host.

If the URL was called with basic authentication, the user and the password are not added to the generated string.

Return Value

string

The scheme and HTTP host

string getUri()

Generates a normalized URI (URL) for the Request.

Return Value

string

A normalized URI (URL) for the Request

See also

getQueryString()

string getUriForPath(string $path)

Generates a normalized URI for the given path.

Parameters

string

$path

A path to use instead of the current one

Return Value

string

The normalized URI for the path

string getRelativeUriForPath(string $path)

Returns the path as relative reference from the current Request path.

Only the URIs path component (no schema, host etc.) is relevant and must be given. Both paths must be absolute and not contain relative parts. Relative URLs from one resource to another are useful when generating self-contained downloadable document archives. Furthermore, they can be used to reduce the link size in documents.

Example target paths, given a base path of "/a/b/c/d": - "/a/b/c/d" -> "" - "/a/b/c/" -> "./" - "/a/b/" -> "../" - "/a/b/c/other" -> "other" - "/a/x/y" -> "../../x/y"

Parameters

string

$path

The target path

Return Value

string

The relative target path

string|null getQueryString()

Generates the normalized query string for the Request.

It builds a normalized query string, where keys/value pairs are alphabetized and have consistent escaping.

Return Value

string|null

A normalized query string for the Request

bool isSecure()

Checks whether the request is secure or not.

This method can read the client protocol from the "X-Forwarded-Proto" header when trusted proxies were set via "setTrustedProxies()".

The "X-Forwarded-Proto" header must contain the protocol: "https" or "http".

Return Value

bool

string getHost()

Returns the host name.

This method can read the client host name from the "X-Forwarded-Host" header when trusted proxies were set via "setTrustedProxies()".

The "X-Forwarded-Host" header must contain the client host name.

Return Value

string

Exceptions

SuspiciousOperationException

when the host name is invalid or not trusted

setMethod(string $method)

Sets the request method.

Parameters

string

$method

string getMethod()

Gets the request "intended" method.

If the X-HTTP-Method-Override header is set, and if the method is a POST, then it is used to determine the "real" intended HTTP method.

The _method request parameter can also be used to determine the HTTP method, but only if enableHttpMethodParameterOverride() has been called.

The method is always an uppercased string.

Return Value

string

The request method

See also

getRealMethod()

string getRealMethod()

Gets the "real" request method.

Return Value

string

The request method

See also

getMethod()

string getMimeType(string $format)

Gets the mime type associated with the format.

Parameters

string

$format

The format

Return Value

string

The associated mime type (null if not found)

static array getMimeTypes(string $format)

Gets the mime types associated with the format.

Parameters

string

$format

The format

Return Value

array

The associated mime types

string|null getFormat(string $mimeType)

Gets the format associated with the mime type.

Parameters

string

$mimeType

The associated mime type

Return Value

string|null

The format (null if not found)

setFormat(string $format, string|array $mimeTypes)

Associates a format with mime types.

Parameters

string	$format	The format
string|array	$mimeTypes	The associated mime types (the preferred one must be the first as it will be used as the content type)

string getRequestFormat(string $default = 'html')

Gets the request format.

Here is the process to determine the format:

• format defined by the user (with setRequestFormat())
• _format request attribute
• $default

Parameters

string

$default

The default format

Return Value

string

The request format

setRequestFormat(string $format)

Sets the request format.

Parameters

string

$format

The request format

string|null getContentType()

Gets the format associated with the request.

Return Value

string|null

The format (null if no content type is present)

setDefaultLocale(string $locale)

Sets the default locale.

Parameters

string

$locale

string getDefaultLocale()

Get the default locale.

Return Value

string

setLocale(string $locale)

Sets the locale.

Parameters

string

$locale

string getLocale()

Get the locale.

Return Value

string

bool isMethod(string $method)

Checks if the request method is of specified type.

Parameters

string

$method

Uppercase request method (GET, POST etc)

Return Value

bool

bool isMethodSafe()

Checks whether or not the method is safe.

Return Value

bool

See also

https://tools.ietf.org/html/rfc7231#section-4.2.1

bool isMethodIdempotent()

Checks whether or not the method is idempotent.

Return Value

bool

bool isMethodCacheable()

Checks whether the method is cacheable or not.

Return Value

bool

See also

https://tools.ietf.org/html/rfc7231#section-4.2.3

string getProtocolVersion()

Returns the protocol version.

If the application is behind a proxy, the protocol version used in the requests between the client and the proxy and between the proxy and the server might be different. This returns the former (from the "Via" header) if the proxy is trusted (see "setTrustedProxies()"), otherwise it returns the latter (from the "SERVER_PROTOCOL" server parameter).

Return Value

string

string|resource getContent(bool $asResource = false)

Returns the request body content.

Parameters

bool

$asResource

If true, a resource will be returned

Return Value

string|resource

The request body content or a resource to read the body stream

Exceptions

LogicException

array getETags()

Gets the Etags.

Return Value

array

The entity tags

bool isNoCache()

Return Value

bool

string|null getPreferredLanguage(array $locales = null)

Returns the preferred language.

Parameters

array

$locales

An array of ordered available locales

Return Value

string|null

The preferred locale

array getLanguages()

Gets a list of languages acceptable by the client browser.

Return Value

array

Languages ordered in the user browser preferences

array getCharsets()

Gets a list of charsets acceptable by the client browser.

Return Value

array

List of charsets in preferable order

array getEncodings()

Gets a list of encodings acceptable by the client browser.

Return Value

array

List of encodings in preferable order

array getAcceptableContentTypes()

Gets a list of content types acceptable by the client browser.

Return Value

array

List of content types in preferable order

bool isXmlHttpRequest()

Returns true if the request is a XMLHttpRequest.

It works if your JavaScript library sets an X-Requested-With HTTP header. It is known to work with common JavaScript frameworks:

Return Value

bool	true if the request is an XMLHttpRequest, false otherwise

See also

http://en.wikipedia.org/wiki/List_of_Ajax_frameworks#JavaScript

bool isFromTrustedProxy()

Indicates whether this request originated from a trusted proxy.

This can be useful to determine whether or not to trust the contents of a proxy-specific header.

Return Value

bool	true if the request came from a trusted proxy, false otherwise