If you try to do retrive the users browsers by accessing $_SERVER['HTTP_USER_AGENT'] in agavi, you'll have no luck.

It's common in agavi, that all user input must be validated. Thus for instance $_SERVER['SERVER_NAME'] can not be manipulated by the user and is therefor accessible by using the $_SERVER global.

But $_SERVER['HTTP_USER_AGENT'] (and all HTTP_* variables) are transfered by the browser and pretend to be valid and normalized. Therefor you need to validate them with a validator.

A sample validator, for retrieving the HTTP_USER_AGENT of the accessing user:

1
2
3
<validator class="string" source="headers">
<argument>USER_AGENT</argument>
</validator>

As you can see, I highlighted the source="headers" part of the code.
The reason is, that the AgaviWebRequest fills all received data (post with files and data, get parameters, cookies and headers) into different parts of the request data.

Since the user supplied data in the header all starts with a HTTP_, it got stripped. So if you want to validate HTTP_USER_AGENT you have to validate USER_AGENT.

As result a

1
$rd->getParameter('USER_AGENT')

will just fail, because the USER_AGENT is not send in the POST/GET-Parameters, but send as header.
So correct access on that value is:

1
$rd->get('headers','USER_AGENT')

Since we are using AgaviWebRequestDataHolder ($rd), we may also use:

1
$rd->getHeader('User-Agent');

to access it. Thanks to Wombert for pointing that out.