/** * Returns TRUE if the supplied request object was received over a secured * channel i.e. Transport Layer Security (e.g. SSL or TLS). * This method tests for the $_SERVER global with key 'HTTPS' which should * be a non-empty value if TLS was used. Since this key is not part of the * CGI 1.1 specification there is no guarantee that it is provided by all * web servers and in cases where it is not present, isSecureChannel will * fail and throw an EnterpiseSecurityException. * * @param SafeRequest $request The request object to test. * * @throws EnterpiseSecurityException * * @return bool TRUE if the request was made over Transport Layer Security * FALSE otherwise. */ public function isSecureChannel($request) { if ($request instanceof SafeRequest == false) { throw new InvalidArgumentException('isSecureChannel expects an instance of SafeRequest.'); } $isSecure = $request->getServerGlobal('HTTPS'); if ($isSecure === null) { throw new EnterpriseSecurityException('Your Request could not be completed.', '$_SERVER[\'HTTPS\'] is not available to isSecureChannel. Cannot determine whether request is secure.'); } if (empty($isSecure) || $isSecure === 'off') { return false; } return true; }
/** * Test of SafeRequest::getServerGlobal() with valid input. * * @return bool true True on Pass. */ function testGetServerGlobalInputValid() { $req = new SafeRequest(array('env' => array('PHP_SELF' => '/foo%2fbar'))); $result = $req->getServerGlobal('PHP_SELF'); $this->assertInternalType('string', $result); $this->assertEquals('/foo/bar', $result); }