Access HTTP_USER_AGENT/HTTP_* in Agavi

If you try to do retrive the users browsers by accessing $SERVER['HTTPUSER_AGENT'] in agavi, you'll have no luck.

It's common in agavi, that all user input must be validated. Thus for instance $SERVER['SERVERNAME'] can not be manipulated by the user and is therefor accessible by using the $_SERVER global.

But $_SERVER'HTTPUSERAGENT' are transfered by the browser and pretend to be valid and normalized. Therefor you need to validate them with a validator.

A sample validator, for retrieving the HTTPUSERAGENT of the accessing user:

<validator class="string" [strong]source="headers"[/strong]>

As you can see, I highlighted the [em]source="headers"[/em] part of the code. The reason is, that the AgaviWebRequest fills all received data (post with files and data, get parameters, cookies and headers) into different parts of the request data.

Since the user supplied data in the header all starts with a HTTP, it got stripped. So if you want to validate [em]HTTPUSERAGENT[/em] you have to validate [em]USERAGENT[/em].
As result a


will just fail, because the USER_AGENT is not send in the POST/GET-Parameters, but send as header. So correct access on that value is:


Since we are using AgaviWebRequestDataHolder ($rd), we may also use:


to access it. Thanks to

Wombert for pointing that out.

In agavi, open source, php, validator by @ 07 Feb 2009

comments powered by Disqus

Recent Files


Recent Dev-Articles

Read recently