URL helper class.
You need to setup the list of trusted hosts in the url.php config file, before starting using this helper class.
Class declared in SYSPATH/classes/URL.php on line 3.
Gets the base URL to the application.
To specify a protocol, provide the protocol as a string or request object.
If a protocol is used, a complete URL will be generated using the
$_SERVER['HTTP_HOST'] variable, which will be validated against RFC 952
and RFC 2181, as well as against the list of trusted hosts you have set
in the url.php config file.
// Absolute URL path with no host or protocol
echo URL::base();
// Absolute URL path with host, https protocol and index.php if set
echo URL::base('https', true);
// Absolute URL path with host and protocol from $request
echo URL::base($request);
mixed
$protocol
= NULL - Protocol string, [Request], or boolean boolean
$index
= bool FALSE - Add index file to URL? stringpublic static function base($protocol = null, $index = false)
{
// Start with the configured base URL
$base_url = Kohana::$base_url;
if ($protocol === true) {
// Use the initial request to get the protocol
$protocol = Request::$initial;
}
if ($protocol instanceof Request) {
if (!$protocol->secure()) {
// Use the current protocol
list($protocol) = explode('/', strtolower($protocol->protocol()));
} else {
$protocol = 'https';
}
}
if (!$protocol) {
// Use the configured default protocol
$protocol = parse_url($base_url, PHP_URL_SCHEME);
}
if ($index === true AND ! empty(Kohana::$index_file)) {
// Add the index file to the URL
$base_url .= Kohana::$index_file . '/';
}
if (is_string($protocol)) {
if ($port = parse_url($base_url, PHP_URL_PORT)) {
// Found a port, make it usable for the URL
$port = ':' . $port;
}
if ($host = parse_url($base_url, PHP_URL_HOST)) {
// Remove everything but the path from the URL
$base_url = parse_url($base_url, PHP_URL_PATH);
} else {
// Attempt to use HTTP_HOST and fallback to SERVER_NAME
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
// make $host lowercase
$host = strtolower($host);
// check that host does not contain forbidden characters (see RFC 952 and RFC 2181)
// use preg_replace() instead of preg_match() to prevent DoS attacks with long host names
if ($host && '' !== preg_replace('/(?:^\[)?[a-zA-Z0-9-:\]_]+\.?/', '', $host)) {
throw new Kohana_Exception('Invalid host :host', [':host' => $host]);
}
// Validate $host, see if it matches trusted hosts
if (!static::is_trusted_host($host)) {
throw new Kohana_Exception('Untrusted host :host. If you trust :host, add it to the trusted hosts in the `url` config file.', [':host' => $host]);
}
}
// Add the protocol and domain to the base URL
$base_url = $protocol . '://' . $host . $port . $base_url;
}
return $base_url;
}Test if given $host should be trusted.
Tests against given $trusted_hosts
or looks for key trusted_hosts in url config
string
$host
required - $host array
$trusted_hosts
= NULL - $trusted_hosts bool - True if $host is trustworthy.public static function is_trusted_host($host, array $trusted_hosts = null)
{
// If list of trusted hosts is not directly provided read from config
if (empty($trusted_hosts)) {
$trusted_hosts = (array) Kohana::$config->load('url')->get('trusted_hosts');
}
// loop through the $trusted_hosts array for a match
foreach ($trusted_hosts as $trusted_host) {
// make sure we fully match the trusted hosts
$pattern = '#^' . $trusted_host . '$#uD';
// return true if there is match
if (preg_match($pattern, $host)) {
return true;
}
}
// return false as nothing is matched
return false;
}Merges the current GET parameters with an array of new or overloaded parameters and returns the resulting query string.
// Returns "?sort=title&limit=10" combined with any existing GET values
$query = URL::query(['sort' => 'title', 'limit' => 10]);
Typically you would use this when you are sorting query results, or something similar.
Parameters with a null value are left out.
array
$params
= NULL - Array of GET parameters boolean
$use_get
= bool TRUE - Include current request GET parameters stringpublic static function query(array $params = null, $use_get = true)
{
if ($use_get) {
if ($params === null) {
// Use only the current parameters
$params = $_GET;
} else {
// Merge the current and new parameters
$params = Arr::merge($_GET, $params);
}
}
if (empty($params)) {
// No query parameters
return '';
}
// Note: http_build_query returns an empty string for a params array with only null values
$query = http_build_query($params, '', '&');
// Don't prepend '?' to an empty string
return ($query === '') ? '' : ('?' . $query);
}Fetches an absolute site URL based on a URI segment.
echo URL::site('foo/bar');
string
$uri
= string(0) "" - Site URI to convert mixed
$protocol
= NULL - Protocol string or [Request] class to use protocol from boolean
$index
= bool TRUE - Include the index_page in the URL stringpublic static function site($uri = '', $protocol = null, $index = true)
{
// Chop off possible scheme, host, port, user and pass parts
$path = preg_replace('~^[-a-z0-9+.]++://[^/]++/?~', '', trim($uri, '/'));
if (!UTF8::is_ascii($path)) {
// Encode all non-ASCII characters, as per RFC 1738
$path = preg_replace_callback('~([^/]+)~', 'URL::_rawurlencode_callback', $path);
}
// Concat the URL
return URL::base($protocol, $index) . $path;
}Convert a phrase to a URL-safe title.
echo URL::title('My Blog Post'); // "my-blog-post"
string
$title
required - Phrase to convert string
$separator
= string(1) "-" - Word separator (any single character) boolean
$ascii_only
= bool FALSE - Transliterate to ASCII? stringpublic static function title($title, $separator = '-', $ascii_only = false)
{
if ($ascii_only === true) {
// Transliterate non-ASCII characters
$title = UTF8::transliterate_to_ascii($title);
// Remove all characters that are not the separator, a-z, 0-9, or whitespace
$title = preg_replace('![^' . preg_quote($separator) . 'a-z0-9\s]+!', '', strtolower($title));
} else {
// Remove all characters that are not the separator, letters, numbers, or whitespace
$title = preg_replace('![^' . preg_quote($separator) . '\pL\pN\s]+!u', '', UTF8::strtolower($title));
}
// Replace all separator characters and whitespace by a single separator
$title = preg_replace('![' . preg_quote($separator) . '\s]+!u', $separator, $title);
// Trim separators from the beginning and end
return trim($title, $separator);
}Callback used for encoding all non-ASCII characters, as per RFC 1738 Used by URL::site()
array
$matches
required - Array of matches from preg_replace_callback() string - Encoded stringprotected static function _rawurlencode_callback($matches)
{
return rawurlencode($matches[0]);
}