/**
* Returns TRUE if the supplied request object was received over a secured
* channel i.e. Transport Layer Security (e.g. SSL or TLS).
* This method tests for the $_SERVER global with key 'HTTPS' which should
* be a non-empty value if TLS was used. Since this key is not part of the
* CGI 1.1 specification there is no guarantee that it is provided by all
* web servers and in cases where it is not present, isSecureChannel will
* fail and throw an EnterpiseSecurityException.
*
* @param SafeRequest $request The request object to test.
*
* @throws EnterpiseSecurityException
*
* @return bool TRUE if the request was made over Transport Layer Security
* FALSE otherwise.
*/
public function isSecureChannel($request)
{
if ($request instanceof SafeRequest == false) {
throw new InvalidArgumentException('isSecureChannel expects an instance of SafeRequest.');
}
$isSecure = $request->getServerGlobal('HTTPS');
if ($isSecure === null) {
throw new EnterpriseSecurityException('Your Request could not be completed.', '$_SERVER[\'HTTPS\'] is not available to isSecureChannel. Cannot determine whether request is secure.');
}
if (empty($isSecure) || $isSecure === 'off') {
return false;
}
return true;
}
/**
* Test of SafeRequest::getServerGlobal() with valid input.
*
* @return bool true True on Pass.
*/
function testGetServerGlobalInputValid()
{
$req = new SafeRequest(array('env' => array('PHP_SELF' => '/foo%2fbar')));
$result = $req->getServerGlobal('PHP_SELF');
$this->assertInternalType('string', $result);
$this->assertEquals('/foo/bar', $result);
}
