LimeSurvey API - Master branch

LSApplicationTrait

Trait for ConsoleApplication and LSYii_Application

Tags
version
0.1.0

Table of Contents

Properties

$currentUserId  : mixed

Methods

createPublicUrl()  : string
Creates an absolute URL based on the given controller and action information.
createValidatedAbsoluteUrl()  : string|false
Creates an absolute URL that is validated against allowed hosts.
getCurrentUserId()  : int|null
get the current id of connected user, check if user exist before return for security
getPublicBaseUrl()  : string
Returns the relative URL for the application while considering if a "publicurl" config parameter is set to a valid url
isHostAllowed()  : bool
Checks whether a given host name is in the allowed hosts list.
loadAllowedHosts()  : array<string|int, mixed>
Loads the allowed hosts from the application config.
writeAllowedHosts()  : bool
Writes the allowed_hosts.php config file with the given hosts array.

Properties

Methods

createPublicUrl()

Creates an absolute URL based on the given controller and action information.

public createPublicUrl(string $route[, array<string|int, mixed> $params = array() ][, string $schema = '' ][, string $ampersand = '&' ]) : string
Parameters
$route : string

the URL route. This should be in the format of 'ControllerID/ActionID'.

$params : array<string|int, mixed> = array()

additional GET parameters (name=>value). Both the name and value will be URL-encoded.

$schema : string = ''

schema to use (e.g. http, https). If empty, the schema used for the current request will be used.

$ampersand : string = '&'

the token separating name-value pairs in the URL.

Return values
string

the constructed URL

createValidatedAbsoluteUrl()

Creates an absolute URL that is validated against allowed hosts.

public createValidatedAbsoluteUrl(string $route[, array<string|int, mixed> $params = array() ][, string $schema = '' ][, string $ampersand = '&' ]) : string|false

This prevents host header injection attacks by ensuring the generated URL uses a trusted host from allowed_hosts.php or the configured publicurl.

Parameters
$route : string

the URL route.

$params : array<string|int, mixed> = array()

additional GET parameters (name=>value).

$schema : string = ''

schema to use (e.g. http, https).

$ampersand : string = '&'

the token separating name-value pairs in the URL.

Return values
string|false

the constructed URL with a validated host, or false if no trusted host is available.

getCurrentUserId()

get the current id of connected user, check if user exist before return for security

public getCurrentUserId() : int|null
Return values
int|null

user id, 0 mean invalid user

getPublicBaseUrl()

Returns the relative URL for the application while considering if a "publicurl" config parameter is set to a valid url

public getPublicBaseUrl([bool $absolute = false ]) : string
Parameters
$absolute : bool = false

whether to return an absolute URL. Defaults to false, meaning returning a relative one.

Return values
string

the relative or the configured public URL for the application

isHostAllowed()

Checks whether a given host name is in the allowed hosts list.

public isHostAllowed(string $host) : bool

Lenient when allowed_hosts.php does not exist yet (returns true). Once the file exists with entries, strictly enforces the allowlist. The host from publicurl (if configured) is always auto-included.

Parameters
$host : string

The host name to validate.

Return values
bool

True if the host is allowed, false otherwise.

loadAllowedHosts()

Loads the allowed hosts from the application config.

public loadAllowedHosts() : array<string|int, mixed>

The config key 'allowedHosts' is populated from application/config/allowed_hosts.php (loaded at application startup, same pattern as security.php).

Return values
array<string|int, mixed>

List of allowed host names, or empty array if not configured.

writeAllowedHosts()

Writes the allowed_hosts.php config file with the given hosts array.

public writeAllowedHosts(array<string|int, mixed> $hosts) : bool
Parameters
$hosts : array<string|int, mixed>

Array of allowed domain names (no protocol, no port).

Return values
bool

True on success, false on failure.


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results