HTTP headers are user supplied data, so they are passed through
validation. You probably have a validation mode enabled that triggers
validation unconditionally (so it's always on) or if there are already
validation rules in place.
Where are you trying this code?
David
Am 21.12.2007 um 07:33 schrieb Jeya Selvi R:
>
> Hi,
> I tried to get the values using $rd->getHeader(). I got the
> following results. Still I didn't get value for $rd-
> >getHeader('ACCEPT') (>>$_SERVER['HTTP_ACCEPT']) after ajax request
> in Agavi. Can u please help me.
> I'm getting the following result before ajax request.
> $_SERVER result
> ---------------
> array(35) {
> ["HTTP_HOST"]=>
> string(9) "localhost"
> ["HTTP_USER_AGENT"]=>
> string(92) "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
> 1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
> ["HTTP_ACCEPT"]=>
> string(99) "text/xml,application/xml,application/xhtml+xml,text/
> html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
> ["HTTP_ACCEPT_LANGUAGE"]=>
> string(14) "en-us,en;q=0.5"
> ["HTTP_ACCEPT_ENCODING"]=>
> string(12) "gzip,deflate"
> ["HTTP_ACCEPT_CHARSET"]=>
> string(30) "ISO-8859-1,utf-8;q=
> 0.7,*;q=0.7"
> ["HTTP_KEEP_ALIVE"]=>
> string(3) "300"
> ["HTTP_CONNECTION"]=>
> string(10) "keep-alive"
> ["HTTP_COOKIE"]=>
> string(79) "fontSize=100;
> d4dad6935f632ac35975e3001dc7bbe8=910ae5aedfab8b01eb029a7d3e820655"
> ["HTTP_IF_MODIFIED_SINCE"]=>
> string(29) "Fri, 21 Dec 2007 06:02:27 GMT"
> ["PATH"]=>
> string(181) "C:\Program Files\PC Connectivity Solution\;C:\WINDOWS
> \system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\progra~1\Java
> \jdk1.5.0_10\bin;c:\phing\bin;C:\Program Files\QuickTime\QTSystem\"
> ["SystemRoot"]=>
> string(10) "C:\WINDOWS"
> ["COMSPEC"]=>
> string(27) "C:\WINDOWS\system32\cmd.exe"
> ["PATHEXT"]=>
> string(48) ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH"
> ["WINDIR"]=>
> string(10) "C:\WINDOWS"
> ["SERVER_SIGNATURE"]=>
> string(133) "
> Apache/2.2.3 (Win32) DAV/2 mod_ssl/2.2.3 OpenSSL/0.9.8d
> mod_autoindex_color PHP/5.2.0 Server at localhost Port 80
>
> "
> ["SERVER_SOFTWARE"]=>
> string(85) "Apache/2.2.3 (Win32) DAV/2 mod_ssl/2.2.3 OpenSSL/
> 0.9.8d mod_autoindex_color PHP/5.2.0"
> ["SERVER_NAME"]=>
> string(9) "localhost"
> ["SERVER_ADDR"]=>
> string(9) "
> 127.0.0.1"
> ["SERVER_PORT"]=>
> string(2) "80"
> ["REMOTE_ADDR"]=>
> string(9) "127.0.0.1"
> ["DOCUMENT_ROOT"]=>
> string(15) "C:/xampp/htdocs"
> ["SERVER_ADMIN"]=>
> string(15) "[EMAIL PROTECTED]"
> ["SCRIPT_FILENAME"]=>
> string(42) "C:/xampp/htdocs/nscs_svn/output/index2.php"
> ["REMOTE_PORT"]=>
> string(4) "1493"
> ["GATEWAY_INTERFACE"]=>
> string(7) "CGI/1.1"
> ["SERVER_PROTOCOL"]=>
> string(8) "HTTP/1.1"
> ["REQUEST_METHOD"]=>
> string(3) "GET"
> ["QUERY_STRING"]=>
> string(44) "option=com_agavi&module=Default&action=Login"
> ["REQUEST_URI"]=>
> string(72) "/nscs_svn/output/index2.php?
> option=com_agavi&module=Default&action=Login"
> ["SCRIPT_NAME"]=>
> string(27) "/nscs_svn/output/index2.php"
> ["PHP_SELF"]=>
> string(27) "/nscs_svn/output/index2.php"
> ["REQUEST_TIME"]=>
> int(1198216992)
> ["argv"]=>
> array(1) {
> [0]=>
> string(44) "option=com_agavi&module=Default&action=Login"
> }
> ["argc"]=>
> int(1)
> }
>
> $rd->getHeader('ACCEPT') Result
> -------------------------------
> string(99) "text/xml,application/xml,application/xhtml+xml,text/
> html;q=
> 0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
>
> $rd->getHeaderNames() Result
> ----------------------------
> array(10) {
> [0]=>
> string(4) "HOST"
> [1]=>
> string(10) "USER_AGENT"
> [2]=>
> string(6) "ACCEPT"
> [3]=>
> string(15) "ACCEPT_LANGUAGE"
> [4]=>
> string(15) "ACCEPT_ENCODING"
> [5]=>
> string(14) "ACCEPT_CHARSET"
> [6]=>
> string(10) "KEEP_ALIVE"
> [7]=>
> string(10) "CONNECTION"
> [8]=>
> string(6) "COOKIE"
> [9]=>
> string(17) "IF_MODIFIED_SINCE"
> }
>
>
> I'm getting the following result after ajax request.
>
> $_SERVER result
> ---------------
> array(39) {
> ["HTTP_HOST"]=>
> string(9) "localhost"
> ["HTTP_USER_AGENT"]=>
> string(92) "Mozilla/5.0 (Windows; U; Windows NT
> 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
> ["HTTP_ACCEPT"]=>
> string(58) "text/javascript, text/html, application/xml, text/xml,
> */*"
> ["HTTP_ACCEPT_LANGUAGE"]=>
> string(14) "en-us,en;q=0.5"
> ["HTTP_ACCEPT_ENCODING"]=>
> string(12) "gzip,deflate"
> ["HTTP_ACCEPT_CHARSET"]=>
> string(30) "ISO-8859-1,utf-8;q=0.7,*;q=0.7"
> ["HTTP_KEEP_ALIVE"]=>
> string(3) "300"
> ["HTTP_CONNECTION"]=>
> string(10) "keep-alive"
> ["CONTENT_TYPE"]=>
> string(48) "application/x-www-form-urlencoded; charset=utf-8"
> ["HTTP_X_REQUESTED_WITH"]=>
> string(14) "XMLHttpRequest"
> ["HTTP_REFERER"]=>
> string(88) "
> http://localhost/nscs_svn/output/index2.php?option=com_agavi&module=Default&action=Login
>
> "
> ["HTTP_COOKIE"]=>
> string(79) "fontSize=100;
> d4dad6935f632ac35975e3001dc7bbe8=910ae5aedfab8b01eb029a7d3e820655"
> ["HTTP_PRAGMA"]=>
> string(8) "no-cache"
> ["HTTP_CACHE_CONTROL"]=>
> string(8) "no-cache"
> ["PATH"]=>
> string(181) "C:\Program Files\PC Connectivity Solution\;C:\WINDOWS
> \system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\progra~1\Java
> \jdk1.5.0_10\bin;c:\phing\bin;C:\Program Files\QuickTime\QTSystem\"
> ["SystemRoot"]=>
> string(10) "C:\WINDOWS"
> ["COMSPEC"]=>
> string(27) "C:\WINDOWS\system32\cmd.exe"
> ["PATHEXT"]=>
> string(48) ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH"
> ["WINDIR"]=>
> string(10) "C:\WINDOWS"
> ["SERVER_SIGNATURE"]=>
> string(133) "
> Apache/2.2.3 (Win32) DAV/2 mod_ssl/2.2.3 OpenSSL/0.9.8d
> mod_autoindex_color PHP/5.2.0 Server at localhost Port 80
>
> "
> ["SERVER_SOFTWARE"]=>
> string(85) "Apache/2.2.3 (Win32) DAV/2 mod_ssl/2.2.3 OpenSSL/
> 0.9.8d mod_autoindex_color PHP/5.2.0"
> ["SERVER_NAME"]=>
> string(9) "localhost"
> ["SERVER_ADDR"]=>
> string(9) "
> 127.0.0.1"
> ["SERVER_PORT"]=>
> string(2) "80"
> ["REMOTE_ADDR"]=>
> string(9) "127.0.0.1"
> ["DOCUMENT_ROOT"]=>
> string(15) "C:/xampp/htdocs"
> ["SERVER_ADMIN"]=>
> string(15) "[EMAIL PROTECTED]"
> ["SCRIPT_FILENAME"]=>
> string(42) "C:/xampp/htdocs/nscs_svn/output/index2.php"
> ["REMOTE_PORT"]=>
> string(4) "1497"
> ["GATEWAY_INTERFACE"]=>
> string(7) "CGI/1.1"
> ["SERVER_PROTOCOL"]=>
> string(8) "HTTP/1.1"
> ["REQUEST_METHOD"]=>
> string(4) "POST"
> ["QUERY_STRING"]=>
> string(44) "option=com_agavi&module=Default&action=Login"
> ["REQUEST_URI"]=>
> string(72) "/nscs_svn/output/index2.php?
> option=com_agavi&module=Default&action=Login"
> ["SCRIPT_NAME"]=>
> string(27) "/nscs_svn/output/index2.php"
> ["PHP_SELF"]=>
> string(27) "/nscs_svn/output/index2.php"
> ["REQUEST_TIME"]=>
> int(1198217025)
> ["argv"]=>
> array(1) {
> [0]=>
> string(44) "option=com_agavi&module=Default&action=Login"
> }
> ["argc"]=>
> int(1)
> }
>
> $rd->getHeader('ACCEPT') Result
> -------------------------------
> NULL
>
> $rd->getHeaderNames() Result
> ----------------------------
> NULL
> array(0) {
> }
>
>
>
> On Dec 21, 2007 10:53 AM, Veikko Mäkinen < [EMAIL PROTECTED]>
> wrote:
> Jeya Selvi R wrote:
> > Hello,
> >
> > I'm using agavi as a component in Joomla1.5 for my project.
> >
> > I am passing Ajax request to Agavi from Joomla. But when i try to
> > retrive the value for $_SERVER['HTTP_ACCEPT'],I am unable to get the
> > value in Agavi.
> >
> > I'm getting the $_SERVER['HTTP_ACCEPT'] value as "text/javascript"
> > before control is going to Agavi. Once the control is in agavi, this
> > value is emptied.
> >
> > How can I get the value for $_SERVER['HTTP_ACCEPT'] in Agavi?
> >
>
> Hi Jeya,
>
> All insecure headers (provided by the user/client) are only accessible
> through $rd->getHeader(). This is to protect you from using insecure
> data without validation.
>
>
> -veikko
>
>
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.agavi.org/mailman/listinfo/users
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.agavi.org/mailman/listinfo/users
_______________________________________________
users mailing list
[email protected]
http://lists.agavi.org/mailman/listinfo/users
