Skip to content

Commit cd669b3

Browse files
wilrwilr
committed
Don't access _SERVER globals directly
1 parent adecdf7 commit cd669b3

File tree

1 file changed

+10
-4
lines changed

1 file changed

+10
-4
lines changed

src/Controllers/ApiController.php

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,7 @@ public function init()
6161
->addHeader("Content-type", "application/json");
6262
}
6363

64+
6465
public function index()
6566
{
6667
return $this->httpError(400, 'Bad Request');
@@ -234,10 +235,10 @@ public function getAuthorizationHeader(): string
234235
{
235236
$header = '';
236237

237-
if (isset($_SERVER['Authorization'])) {
238-
$header = trim($_SERVER["Authorization"]);
239-
} elseif (isset($_SERVER['HTTP_AUTHORIZATION'])) {
240-
$header = trim($_SERVER["HTTP_AUTHORIZATION"]);
238+
if ($auth = $this->getRequest()->getHeader('Authorization')) {
239+
$header = trim($auth);
240+
} elseif ($auth = $this->getRequest()->getHeader('HTTP_AUTHORIZATION')) {
241+
$header = trim($auth);
241242
} elseif (function_exists('apache_request_headers')) {
242243
$requestHeaders = apache_request_headers();
243244
$requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders));
@@ -250,6 +251,11 @@ public function getAuthorizationHeader(): string
250251
return $header;
251252
}
252253

254+
/**
255+
* Returns the bearer token value from the Authorization Header
256+
*
257+
* @return string
258+
*/
253259
public function getBearerToken(): string
254260
{
255261
$headers = $this->getAuthorizationHeader();

0 commit comments

Comments
 (0)