Skip to content

Add SESSION hash support to Request class #147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mambax7 wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Add SESSION hash support to Request class #147

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
69edcc8
Add SESSION hash support to Request::getVar(), get(), and setVar()
mambax7 Mar 11, 2026
2fcef08
Improve SESSION tests and complete Request docblocks
mambax7 Mar 11, 2026
ae74064
Fix SESSION tests for CLI/PHPUnit environments
mambax7 Mar 11, 2026
eec0b4d
Add reportUnmatchedIgnoredErrors: false to phpstan.neon
mambax7 Mar 11, 2026
e3cb224
Updates
mambax7 Mar 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 39 additions & 18 deletions src/Request.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,12 +64,13 @@ public static function getMethod()
* - cookie $_COOKIE
* - env $_ENV
* - server $_SERVER
* - session $_SESSION (returns default if no active session)
* - method via current $_SERVER['REQUEST_METHOD']
* - default $_REQUEST
*
* @param string $name Variable name
* @param mixed $default Default value if the variable does not exist
* @param string $hash Source of variable value (POST, GET, FILES, COOKIE, METHOD)
* @param string $hash Source of variable value (GET, POST, FILES, COOKIE, ENV, SERVER, SESSION, METHOD, DEFAULT/REQUEST)
* @param string $type Return type for the variable (INT, FLOAT, BOOLEAN, WORD,
* ALPHANUM, CMD, BASE64, STRING, ARRAY, PATH, NONE) For more
* information see FilterInput::clean().
Expand Down Expand Up @@ -106,6 +107,13 @@ public static function getVar($name, $default = null, $hash = 'default', $type =
case 'SERVER':
$input = &$_SERVER;
break;
case 'SESSION':
if (session_status() !== PHP_SESSION_ACTIVE) {
$input = [];
break;
}
$input = &$_SESSION;
break;
Comment on lines +110 to +116
Copy link

Copilot AI Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

session_status() and PHP_SESSION_ACTIVE are provided by the session extension; if ext-session is disabled, these calls/constants can be undefined and will fatal when $hash is SESSION. Since composer.json doesn’t declare ext-session, consider guarding the SESSION branch (and treating it as “no active session”) when session functions/constants aren’t available.

Copilot uses AI. Check for mistakes.
default:
$input = &$_REQUEST;
break;
Expand All @@ -114,13 +122,11 @@ public static function getVar($name, $default = null, $hash = 'default', $type =
if (isset($input[$name]) && null !== $input[$name]) {
// Get the variable from the input hash and clean it
$var = static::cleanVar($input[$name], $mask, $type);

} elseif (null !== $default) {
// Clean the default value
$var = static::cleanVar($default, $mask, $type);
} else {
$var = $default;

}

return $var;
Expand All @@ -135,7 +141,7 @@ public static function getVar($name, $default = null, $hash = 'default', $type =
*
* @param string $name Variable name
* @param int $default Default value if the variable does not exist
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, ENV, SERVER, SESSION, METHOD)
*
Comment on lines +144 to 145
Copy link

@coderabbitai coderabbitai bot Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Include DEFAULT/REQUEST in the proxy getter docs.

These wrappers still accept the same fallback hashes as getVar(), but the updated @param $hash text now lists only the explicit superglobals plus SESSION. That makes supported calls like Request::getArray(..., 'request') look undocumented.

📝 Suggested docblock tweak 
- * `@param` string $hash    Where the var should come from (POST, GET, FILES, COOKIE, ENV, SERVER, SESSION, METHOD)
+ * `@param` string $hash    Where the var should come from (POST, GET, FILES, COOKIE, ENV, SERVER, SESSION, METHOD, DEFAULT/REQUEST)

Also applies to: 162-163, 180-181, 198-199, 215-216, 233-234, 249-250, 263-264, 277-278, 291-292, 305-306, 320-321

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@src/Request.php` around lines 144 - 145, Update the docblocks for the Request
proxy getter methods to include the fallback values DEFAULT and REQUEST in the
`@param` $hash description (same set accepted by getVar()), so calls like
Request::getArray(..., 'request') are documented; locate the docblocks for the
proxy getters (e.g., Request::getArray and the other similar wrapper methods
that call getVar()) and add "DEFAULT/REQUEST" to the list of supported hash
sources in each `@param` $hash line.

* @return int Requested variable
*/
Expand All @@ -153,7 +159,7 @@ public static function getInt($name, $default = 0, $hash = 'default')
*
* @param string $name Variable name
* @param float $default Default value if the variable does not exist
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, ENV, SERVER, SESSION, METHOD)
*
* @return float Requested variable
*/
Expand All @@ -171,7 +177,7 @@ public static function getFloat($name, $default = 0.0, $hash = 'default')
*
* @param string $name Variable name
* @param bool $default Default value if the variable does not exist
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, ENV, SERVER, SESSION, METHOD)
*
* @return bool Requested variable
*/
Expand All @@ -189,7 +195,7 @@ public static function getBool($name, $default = false, $hash = 'default')
*
* @param string $name Variable name
* @param string $default Default value if the variable does not exist
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, ENV, SERVER, SESSION, METHOD)
*
* @return string Requested variable
*/
Expand All @@ -206,7 +212,7 @@ public static function getWord($name, $default = '', $hash = 'default')
*
* @param string $name Variable name
* @param string $default Default value if the variable does not exist
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, ENV, SERVER, SESSION, METHOD)
*
* @return string Requested variable
*/
Expand All @@ -224,7 +230,7 @@ public static function getCmd($name, $default = '', $hash = 'default')
*
* @param string $name Variable name
* @param string $default Default value if the variable does not exist
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, ENV, SERVER, SESSION, METHOD)
* @param int $mask Filter mask for the variable
*
* @return string Requested variable
Expand All @@ -240,7 +246,7 @@ public static function getString($name, $default = '', $hash = 'default', $mask
*
* @param string $name Variable name
* @param mixed $default Default value if the variable does not exist
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, ENV, SERVER, SESSION, METHOD)
*
* @return array
*/
Expand All @@ -254,7 +260,7 @@ public static function getArray($name, $default = array(), $hash = 'default')
*
* @param string $name Variable name
* @param string $default Default value if the variable does not exist
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, ENV, SERVER, SESSION, METHOD)
*
* @return string Requested variable
*/
Expand All @@ -268,7 +274,7 @@ public static function getText($name, $default = '', $hash = 'default')
*
* @param string $name Variable name
* @param string $default Default value if the variable does not exist
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, ENV, SERVER, SESSION, METHOD)
*
* @return string Requested variable
*/
Expand All @@ -282,7 +288,7 @@ public static function getUrl($name, $default = '', $hash = 'default')
*
* @param string $name Variable name
* @param string $default Default value if the variable does not exist
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, ENV, SERVER, SESSION, METHOD)
*
* @return string Requested variable
*/
Expand All @@ -296,7 +302,7 @@ public static function getPath($name, $default = '', $hash = 'default')
*
* @param string $name Variable name
* @param string $default Default value if the variable does not exist
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, ENV, SERVER, SESSION, METHOD)
*
* @return string email address or default if invalid
*/
Expand All @@ -311,7 +317,7 @@ public static function getEmail($name, $default = '', $hash = 'default')
*
* @param string $name Variable name
* @param string $default Default value if the variable does not exist
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
* @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, ENV, SERVER, SESSION, METHOD)
*
* @return string IP address or default if invalid
*/
Expand Down Expand Up @@ -385,9 +391,11 @@ public static function hasVar($name, $hash = 'default')
/**
* Set a variable in one of the request variables
*
* For SESSION, the write is silently skipped if no session is active.
*
* @param string $name Name
* @param string $value Value
* @param string $hash Hash
* @param string $hash Hash (GET, POST, REQUEST, COOKIE, FILES, ENV, SERVER, SESSION, METHOD)
* @param bool $overwrite Boolean
*
* @return string Previous value
Expand Down Expand Up @@ -437,6 +445,11 @@ public static function setVar($name, $value = null, $hash = 'method', $overwrite
case 'SERVER':
$_SERVER[$name] = $value;
break;
case 'SESSION':
if (session_status() === PHP_SESSION_ACTIVE) {
$_SESSION[$name] = $value;
Comment on lines +449 to +450
Copy link

Copilot AI Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Request::setVar(..., 'session') currently assumes the session extension is enabled (session_status()/PHP_SESSION_ACTIVE). If ext-session is disabled, this will fatal instead of “silently skipping” as documented. Guard this branch so that in environments without sessions it safely no-ops.

Suggested change
if (session_status() === PHP_SESSION_ACTIVE) {
$_SESSION[$name] = $value;
if (function_exists('session_status') && defined('PHP_SESSION_ACTIVE')) {
if (session_status() === PHP_SESSION_ACTIVE) {
$_SESSION[$name] = $value;
}

Copilot uses AI. Check for mistakes.
}
break;
Comment on lines +448 to +452
Copy link

Copilot AI Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SESSION support was added to setVar(), but the method’s docblock doesn’t mention SESSION or the no-op behavior when no session is active. Please update the setVar() documentation to include SESSION and clarify what happens when the session isn’t active.

Copilot uses AI. Check for mistakes.
}

return $previous;
Expand All @@ -457,10 +470,11 @@ public static function setVar($name, $value = null, $hash = 'method', $overwrite
* - cookie $_COOKIE
* - env $_ENV
* - server $_SERVER
* - session $_SESSION (returns empty if no active session)
* - method via current $_SERVER['REQUEST_METHOD']
* - default $_REQUEST
*
* @param string $hash to get (POST, GET, FILES, METHOD)
* @param string $hash to get (GET, POST, FILES, COOKIE, ENV, SERVER, SESSION, METHOD, DEFAULT/REQUEST)
* @param int $mask Filter mask for the variable
*
* @return mixed Request hash
Expand Down Expand Up @@ -492,6 +506,13 @@ public static function get($hash = 'default', $mask = 0)
case 'SERVER':
$input = &$_SERVER;
break;
case 'SESSION':
if (session_status() !== PHP_SESSION_ACTIVE) {
$input = [];
break;
}
Comment on lines +509 to +513
Copy link

Copilot AI Mar 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same concern as getVar(): the SESSION branch uses session_status()/PHP_SESSION_ACTIVE, which can be undefined if the session extension is disabled. Guarding here would prevent fatals and let Request::get('session') degrade to an empty array as intended.

Suggested change
case 'SESSION':
if (session_status() !== PHP_SESSION_ACTIVE) {
$input = [];
break;
}
case 'SESSION':
if (!function_exists('session_status') || !defined('PHP_SESSION_ACTIVE')) {
$input = [];
break;
}
if (session_status() !== PHP_SESSION_ACTIVE) {
$input = [];
break;
}
if (!isset($_SESSION)) {
$input = [];
break;
}

Copilot uses AI. Check for mistakes.
$input = &$_SESSION;
break;
default:
$input = $_REQUEST;
break;
Expand All @@ -506,7 +527,7 @@ public static function get($hash = 'default', $mask = 0)
* Sets a request variable
*
* @param array $array An associative array of key-value pairs
* @param string $hash The request variable to set (POST, GET, FILES, METHOD)
* @param string $hash The request variable to set (GET, POST, REQUEST, COOKIE, FILES, ENV, SERVER, SESSION, METHOD)
* @param bool $overwrite If true and an existing key is found, the value is overwritten,
* otherwise it is ignored
*
Expand Down
Loading
Loading