Access HTTP_USER_AGENT/HTTP_* in Agavi

If you try to do retrive the users browsers by accessing $SERVER['HTTPUSER_AGENT'] in agavi, you'll have no luck.

It's common in agavi, that all user input must be validated. Thus for instance $SERVER['SERVERNAME'] can not be manipulated by the user and is therefor accessible by using the $_SERVER global.

But $_SERVER'HTTPUSERAGENT' are transfered by the browser and pretend to be valid and normalized. Therefor you need to validate them with a validator.

A sample validator, for retrieving the HTTPUSERAGENT of the accessing user:

<validator class="string" [strong]source="headers"[/strong]>

As you can see, I highlighted the [em]source="headers"[/em] part of the code. The reason is, that the AgaviWebRequest fills all received data (post with files and data, get parameters, cookies and headers) into different parts of the request data.

Since the user supplied data in the header all starts with a HTTP, it got stripped. So if you want to validate [em]HTTPUSERAGENT[/em] you have to validate [em]USERAGENT[/em].
As result a


will just fail, because the USER_AGENT is not send in the POST/GET-Parameters, but send as header. So correct access on that value is:


Since we are using AgaviWebRequestDataHolder ($rd), we may also use:


to access it. Thanks to

Wombert for pointing that out.

In agavi, open source, php, validator by
@ 07 Feb 2009, Comments at Reddit & Hackernews

Give something back

Were my blog posts useful to you? If you want to give back, support one of these charities, too!

Report hate in social media Campact e.V. With our technology and your help, we protect the oceans from plastic waste. Gesellschaft fur Freiheitsrechte e. V. The civil eye in the mediterranean

Recent Dev-Articles

Read recently

Recent Files