URL helper class.
You need to setup the list of trusted hosts in the url.php
config file, before starting using this helper class.
Class declared in SYSPATH/classes/URL.php on line 3.
Gets the base URL to the application.
To specify a protocol, provide the protocol as a string or request object.
If a protocol is used, a complete URL will be generated using the
$_SERVER['HTTP_HOST']
variable, which will be validated against RFC 952
and RFC 2181, as well as against the list of trusted hosts you have set
in the url.php
config file.
// Absolute URL path with no host or protocol
echo
URL::base();
// Absolute URL path with host, https protocol and index.php if set
echo
URL::base(
'https'
, TRUE);
// Absolute URL path with host and protocol from $request
echo
URL::base(
$request
);
mixed
$protocol
= NULL - Protocol string, [Request], or booleanboolean
$index
= bool FALSE - Add index file to URL?string
public
static
function
base(
$protocol
= NULL,
$index
= FALSE)
{
// Start with the configured base URL
$base_url
= Kohana::
$base_url
;
if
(
$protocol
=== TRUE)
{
// Use the initial request to get the protocol
$protocol
= Request::
$initial
;
}
if
(
$protocol
instanceof
Request)
{
if
( !
$protocol
->secure())
{
// Use the current protocol
list(
$protocol
) =
explode
(
'/'
,
strtolower
(
$protocol
->protocol()));
}
else
{
$protocol
=
'https'
;
}
}
if
( !
$protocol
)
{
// Use the configured default protocol
$protocol
=
parse_url
(
$base_url
, PHP_URL_SCHEME);
}
if
(
$index
=== TRUE AND !
empty
(Kohana::
$index_file
))
{
// Add the index file to the URL
$base_url
.= Kohana::
$index_file
.
'/'
;
}
if
(
is_string
(
$protocol
))
{
if
(
$port
=
parse_url
(
$base_url
, PHP_URL_PORT))
{
// Found a port, make it usable for the URL
$port
=
':'
.
$port
;
}
if
(
$host
=
parse_url
(
$base_url
, PHP_URL_HOST))
{
// Remove everything but the path from the URL
$base_url
=
parse_url
(
$base_url
, PHP_URL_PATH);
}
else
{
// Attempt to use HTTP_HOST and fallback to SERVER_NAME
$host
= isset(
$_SERVER
[
'HTTP_HOST'
]) ?
$_SERVER
[
'HTTP_HOST'
] :
$_SERVER
[
'SERVER_NAME'
];
// make $host lowercase
$host
=
strtolower
(
$host
);
// check that host does not contain forbidden characters (see RFC 952 and RFC 2181)
// use preg_replace() instead of preg_match() to prevent DoS attacks with long host names
if
(
$host
&&
''
!== preg_replace(
'/(?:^\[)?[a-zA-Z0-9-:\]_]+\.?/'
,
''
,
$host
)) {
throw
new
Kohana_Exception(
'Invalid host :host'
,
array
(
':host'
=>
$host
)
);
}
// Validate $host, see if it matches trusted hosts
if
( !
static
::is_trusted_host(
$host
))
{
throw
new
Kohana_Exception(
'Untrusted host :host. If you trust :host, add it to the trusted hosts in the `url` config file.'
,
array
(
':host'
=>
$host
)
);
}
}
// Add the protocol and domain to the base URL
$base_url
=
$protocol
.
'://'
.
$host
.
$port
.
$base_url
;
}
return
$base_url
;
}
Test if given $host should be trusted.
Tests against given $trusted_hosts
or looks for key trusted_hosts
in url
config
string
$host
required - $hostarray
$trusted_hosts
= NULL - $trusted_hostsboolean
- TRUE if $host is trustworthy
public
static
function
is_trusted_host(
$host
,
array
$trusted_hosts
= NULL)
{
// If list of trusted hosts is not directly provided read from config
if
(
empty
(
$trusted_hosts
))
{
$trusted_hosts
= (
array
) Kohana::
$config
->load(
'url'
)->get(
'trusted_hosts'
);
}
// loop through the $trusted_hosts array for a match
foreach
(
$trusted_hosts
as
$trusted_host
)
{
// make sure we fully match the trusted hosts
$pattern
=
'#^'
.
$trusted_host
.
'$#uD'
;
// return TRUE if there is match
if
(preg_match(
$pattern
,
$host
)) {
return
TRUE;
}
}
// return FALSE as nothing is matched
return
FALSE;
}
Merges the current GET parameters with an array of new or overloaded parameters and returns the resulting query string.
// Returns "?sort=title&limit=10" combined with any existing GET values
$query
= URL::query(
array
(
'sort'
=>
'title'
,
'limit'
=> 10));
Typically you would use this when you are sorting query results, or something similar.
Parameters with a NULL value are left out.
array
$params
= NULL - Array of GET parametersboolean
$use_get
= bool TRUE - Include current request GET parametersstring
public
static
function
query(
array
$params
= NULL,
$use_get
= TRUE)
{
if
(
$use_get
)
{
if
(
$params
=== NULL)
{
// Use only the current parameters
$params
=
$_GET
;
}
else
{
// Merge the current and new parameters
$params
= Arr::merge(
$_GET
,
$params
);
}
}
if
(
empty
(
$params
))
{
// No query parameters
return
''
;
}
// Note: http_build_query returns an empty string for a params array with only NULL values
$query
= http_build_query(
$params
,
''
,
'&'
);
// Don't prepend '?' to an empty string
return
(
$query
===
''
) ?
''
: (
'?'
.
$query
);
}
Fetches an absolute site URL based on a URI segment.
echo
URL::site(
'foo/bar'
);
string
$uri
= string(0) "" - Site URI to convertmixed
$protocol
= NULL - Protocol string or [Request] class to use protocol fromboolean
$index
= bool TRUE - Include the index_page in the URLstring
public
static
function
site(
$uri
=
''
,
$protocol
= NULL,
$index
= TRUE)
{
// Chop off possible scheme, host, port, user and pass parts
$path
= preg_replace(
'~^[-a-z0-9+.]++://[^/]++/?~'
,
''
, trim(
$uri
,
'/'
));
if
( ! UTF8::is_ascii(
$path
))
{
// Encode all non-ASCII characters, as per RFC 1738
$path
= preg_replace_callback(
'~([^/]+)~'
,
'URL::_rawurlencode_callback'
,
$path
);
}
// Concat the URL
return
URL::base(
$protocol
,
$index
).
$path
;
}
Convert a phrase to a URL-safe title.
echo
URL::title(
'My Blog Post'
);
// "my-blog-post"
string
$title
required - Phrase to convertstring
$separator
= string(1) "-" - Word separator (any single character)boolean
$ascii_only
= bool FALSE - Transliterate to ASCII?string
public
static
function
title(
$title
,
$separator
=
'-'
,
$ascii_only
= FALSE)
{
if
(
$ascii_only
=== TRUE)
{
// Transliterate non-ASCII characters
$title
= UTF8::transliterate_to_ascii(
$title
);
// Remove all characters that are not the separator, a-z, 0-9, or whitespace
$title
= preg_replace(
'![^'
.preg_quote(
$separator
).
'a-z0-9\s]+!'
,
''
,
strtolower
(
$title
));
}
else
{
// Remove all characters that are not the separator, letters, numbers, or whitespace
$title
= preg_replace(
'![^'
.preg_quote(
$separator
).
'\pL\pN\s]+!u'
,
''
, UTF8::
strtolower
(
$title
));
}
// Replace all separator characters and whitespace by a single separator
$title
= preg_replace(
'!['
.preg_quote(
$separator
).
'\s]+!u'
,
$separator
,
$title
);
// Trim separators from the beginning and end
return
trim(
$title
,
$separator
);
}
Callback used for encoding all non-ASCII characters, as per RFC 1738 Used by URL::site()
array
$matches
required - Array of matches from preg_replace_callback()string
- Encoded string
protected
static
function
_rawurlencode_callback(
$matches
)
{
return
rawurlencode(
$matches
[0]);
}