HTTP Request Handling Library

Introduction

HTTP Request is user input. Many developers forget this fact and tend to rely on it as a trustworthy source and configure many aspects of their applications based on values of $_SERVER (most of which are set using HTTP request). While not all values under $_SERVER are unreliable, some of the values such as ‘QUERY_STRING’, ‘HTTP_REFERRER’ etc are entirely arbitrary information sent by the client. This library provides wrappers which securely process these data and hand them to user, and replaces the $_SERVER values that are insecure with objects that throw exceptions when cast to string (e.g. in HTTP_HOST), so that developers can no longer directly access them.