| [ Index ] |
PHP Cross Reference of Joomla 1.5.26 DE |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * @version $Id: request.php 14401 2010-01-26 14:10:00Z louis $ 4 * @package Joomla.Framework 5 * @subpackage Environment 6 * @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved. 7 * @license GNU/GPL, see LICENSE.php 8 * Joomla! is free software. This version may have been modified pursuant 9 * to the GNU General Public License, and as distributed it includes or 10 * is derivative of works licensed under the GNU General Public License or 11 * other free or open source software licenses. 12 * See COPYRIGHT.php for copyright notices and details. 13 */ 14 15 // Check to ensure this file is within the rest of the framework 16 defined('JPATH_BASE') or die(); 17 18 /** 19 * Create the request global object 20 */ 21 $GLOBALS['_JREQUEST'] = array(); 22 23 /** 24 * Set the available masks for cleaning variables 25 */ 26 define( 'JREQUEST_NOTRIM' , 1 ); 27 define( 'JREQUEST_ALLOWRAW' , 2 ); 28 define( 'JREQUEST_ALLOWHTML', 4 ); 29 30 /** 31 * JRequest Class 32 * 33 * This class serves to provide the Joomla Framework with a common interface to access 34 * request variables. This includes $_POST, $_GET, and naturally $_REQUEST. Variables 35 * can be passed through an input filter to avoid injection or returned raw. 36 * 37 * @static 38 * @package Joomla.Framework 39 * @subpackage Environment 40 * @since 1.5 41 */ 42 class JRequest 43 { 44 /** 45 * Gets the full request path 46 * 47 * @return string 48 */ 49 function getURI() 50 { 51 $uri = &JFactory::getURI(); 52 return $uri->toString(array('path', 'query')); 53 } 54 55 /** 56 * Gets the request method 57 * 58 * @return string 59 */ 60 function getMethod() 61 { 62 $method = strtoupper( $_SERVER['REQUEST_METHOD'] ); 63 return $method; 64 } 65 66 /** 67 * Fetches and returns a given variable. 68 * 69 * The default behaviour is fetching variables depending on the 70 * current request method: GET and HEAD will result in returning 71 * an entry from $_GET, POST and PUT will result in returning an 72 * entry from $_POST. 73 * 74 * You can force the source by setting the $hash parameter: 75 * 76 * post $_POST 77 * get $_GET 78 * files $_FILES 79 * cookie $_COOKIE 80 * env $_ENV 81 * server $_SERVER 82 * method via current $_SERVER['REQUEST_METHOD'] 83 * default $_REQUEST 84 * 85 * @static 86 * @param string $name Variable name 87 * @param string $default Default value if the variable does not exist 88 * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD) 89 * @param string $type Return type for the variable, for valid values see {@link JFilterInput::clean()} 90 * @param int $mask Filter mask for the variable 91 * @return mixed Requested variable 92 * @since 1.5 93 */ 94 function getVar($name, $default = null, $hash = 'default', $type = 'none', $mask = 0) 95 { 96 // Ensure hash and type are uppercase 97 $hash = strtoupper( $hash ); 98 if ($hash === 'METHOD') { 99 $hash = strtoupper( $_SERVER['REQUEST_METHOD'] ); 100 } 101 $type = strtoupper( $type ); 102 $sig = $hash.$type.$mask; 103 104 // Get the input hash 105 switch ($hash) 106 { 107 case 'GET' : 108 $input = &$_GET; 109 break; 110 case 'POST' : 111 $input = &$_POST; 112 break; 113 case 'FILES' : 114 $input = &$_FILES; 115 break; 116 case 'COOKIE' : 117 $input = &$_COOKIE; 118 break; 119 case 'ENV' : 120 $input = &$_ENV; 121 break; 122 case 'SERVER' : 123 $input = &$_SERVER; 124 break; 125 default: 126 $input = &$_REQUEST; 127 $hash = 'REQUEST'; 128 break; 129 } 130 131 if (isset($GLOBALS['_JREQUEST'][$name]['SET.'.$hash]) && ($GLOBALS['_JREQUEST'][$name]['SET.'.$hash] === true)) { 132 // Get the variable from the input hash 133 $var = (isset($input[$name]) && $input[$name] !== null) ? $input[$name] : $default; 134 $var = JRequest::_cleanVar($var, $mask, $type); 135 } 136 elseif (!isset($GLOBALS['_JREQUEST'][$name][$sig])) 137 { 138 if (isset($input[$name]) && $input[$name] !== null) { 139 // Get the variable from the input hash and clean it 140 $var = JRequest::_cleanVar($input[$name], $mask, $type); 141 142 // Handle magic quotes compatability 143 if (get_magic_quotes_gpc() && ($var != $default) && ($hash != 'FILES')) { 144 $var = JRequest::_stripSlashesRecursive( $var ); 145 } 146 147 $GLOBALS['_JREQUEST'][$name][$sig] = $var; 148 } 149 elseif ($default !== null) { 150 // Clean the default value 151 $var = JRequest::_cleanVar($default, $mask, $type); 152 } 153 else { 154 $var = $default; 155 } 156 } else { 157 $var = $GLOBALS['_JREQUEST'][$name][$sig]; 158 } 159 160 return $var; 161 } 162 163 /** 164 * Fetches and returns a given filtered variable. The integer 165 * filter will allow only digits to be returned. This is currently 166 * only a proxy function for getVar(). 167 * 168 * See getVar() for more in-depth documentation on the parameters. 169 * 170 * @static 171 * @param string $name Variable name 172 * @param string $default Default value if the variable does not exist 173 * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD) 174 * @return integer Requested variable 175 * @since 1.5 176 */ 177 function getInt($name, $default = 0, $hash = 'default') 178 { 179 return JRequest::getVar($name, $default, $hash, 'int'); 180 } 181 182 /** 183 * Fetches and returns a given filtered variable. The float 184 * filter only allows digits and periods. This is currently 185 * only a proxy function for getVar(). 186 * 187 * See getVar() for more in-depth documentation on the parameters. 188 * 189 * @static 190 * @param string $name Variable name 191 * @param string $default Default value if the variable does not exist 192 * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD) 193 * @return float Requested variable 194 * @since 1.5 195 */ 196 function getFloat($name, $default = 0.0, $hash = 'default') 197 { 198 return JRequest::getVar($name, $default, $hash, 'float'); 199 } 200 201 /** 202 * Fetches and returns a given filtered variable. The bool 203 * filter will only return true/false bool values. This is 204 * currently only a proxy function for getVar(). 205 * 206 * See getVar() for more in-depth documentation on the parameters. 207 * 208 * @static 209 * @param string $name Variable name 210 * @param string $default Default value if the variable does not exist 211 * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD) 212 * @return bool Requested variable 213 * @since 1.5 214 */ 215 function getBool($name, $default = false, $hash = 'default') 216 { 217 return JRequest::getVar($name, $default, $hash, 'bool'); 218 } 219 220 /** 221 * Fetches and returns a given filtered variable. The word 222 * filter only allows the characters [A-Za-z_]. This is currently 223 * only a proxy function for getVar(). 224 * 225 * See getVar() for more in-depth documentation on the parameters. 226 * 227 * @static 228 * @param string $name Variable name 229 * @param string $default Default value if the variable does not exist 230 * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD) 231 * @return string Requested variable 232 * @since 1.5 233 */ 234 function getWord($name, $default = '', $hash = 'default') 235 { 236 return JRequest::getVar($name, $default, $hash, 'word'); 237 } 238 239 /** 240 * Fetches and returns a given filtered variable. The cmd 241 * filter only allows the characters [A-Za-z0-9.-_]. This is 242 * currently only a proxy function for getVar(). 243 * 244 * See getVar() for more in-depth documentation on the parameters. 245 * 246 * @static 247 * @param string $name Variable name 248 * @param string $default Default value if the variable does not exist 249 * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD) 250 * @return string Requested variable 251 * @since 1.5 252 */ 253 function getCmd($name, $default = '', $hash = 'default') 254 { 255 return JRequest::getVar($name, $default, $hash, 'cmd'); 256 } 257 258 /** 259 * Fetches and returns a given filtered variable. The string 260 * filter deletes 'bad' HTML code, if not overridden by the mask. 261 * This is currently only a proxy function for getVar(). 262 * 263 * See getVar() for more in-depth documentation on the parameters. 264 * 265 * @static 266 * @param string $name Variable name 267 * @param string $default Default value if the variable does not exist 268 * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD) 269 * @param int $mask Filter mask for the variable 270 * @return string Requested variable 271 * @since 1.5 272 */ 273 function getString($name, $default = '', $hash = 'default', $mask = 0) 274 { 275 // Cast to string, in case JREQUEST_ALLOWRAW was specified for mask 276 return (string) JRequest::getVar($name, $default, $hash, 'string', $mask); 277 } 278 279 /** 280 * Set a variabe in on of the request variables 281 * 282 * @access public 283 * @param string $name Name 284 * @param string $value Value 285 * @param string $hash Hash 286 * @param boolean $overwrite Boolean 287 * @return string Previous value 288 * @since 1.5 289 */ 290 function setVar($name, $value = null, $hash = 'method', $overwrite = true) 291 { 292 //If overwrite is true, makes sure the variable hasn't been set yet 293 if(!$overwrite && array_key_exists($name, $_REQUEST)) { 294 return $_REQUEST[$name]; 295 } 296 297 // Clean global request var 298 $GLOBALS['_JREQUEST'][$name] = array(); 299 300 // Get the request hash value 301 $hash = strtoupper($hash); 302 if ($hash === 'METHOD') { 303 $hash = strtoupper($_SERVER['REQUEST_METHOD']); 304 } 305 306 $previous = array_key_exists($name, $_REQUEST) ? $_REQUEST[$name] : null; 307 308 switch ($hash) 309 { 310 case 'GET' : 311 $_GET[$name] = $value; 312 $_REQUEST[$name] = $value; 313 break; 314 case 'POST' : 315 $_POST[$name] = $value; 316 $_REQUEST[$name] = $value; 317 break; 318 case 'COOKIE' : 319 $_COOKIE[$name] = $value; 320 $_REQUEST[$name] = $value; 321 break; 322 case 'FILES' : 323 $_FILES[$name] = $value; 324 break; 325 case 'ENV' : 326 $_ENV['name'] = $value; 327 break; 328 case 'SERVER' : 329 $_SERVER['name'] = $value; 330 break; 331 } 332 333 // Mark this variable as 'SET' 334 $GLOBALS['_JREQUEST'][$name]['SET.'.$hash] = true; 335 $GLOBALS['_JREQUEST'][$name]['SET.REQUEST'] = true; 336 337 return $previous; 338 } 339 340 /** 341 * Fetches and returns a request array. 342 * 343 * The default behaviour is fetching variables depending on the 344 * current request method: GET and HEAD will result in returning 345 * $_GET, POST and PUT will result in returning $_POST. 346 * 347 * You can force the source by setting the $hash parameter: 348 * 349 * post $_POST 350 * get $_GET 351 * files $_FILES 352 * cookie $_COOKIE 353 * env $_ENV 354 * server $_SERVER 355 * method via current $_SERVER['REQUEST_METHOD'] 356 * default $_REQUEST 357 * 358 * @static 359 * @param string $hash to get (POST, GET, FILES, METHOD) 360 * @param int $mask Filter mask for the variable 361 * @return mixed Request hash 362 * @since 1.5 363 */ 364 function get($hash = 'default', $mask = 0) 365 { 366 $hash = strtoupper($hash); 367 368 if ($hash === 'METHOD') { 369 $hash = strtoupper( $_SERVER['REQUEST_METHOD'] ); 370 } 371 372 switch ($hash) 373 { 374 case 'GET' : 375 $input = $_GET; 376 break; 377 378 case 'POST' : 379 $input = $_POST; 380 break; 381 382 case 'FILES' : 383 $input = $_FILES; 384 break; 385 386 case 'COOKIE' : 387 $input = $_COOKIE; 388 break; 389 390 case 'ENV' : 391 $input = &$_ENV; 392 break; 393 394 case 'SERVER' : 395 $input = &$_SERVER; 396 break; 397 398 default: 399 $input = $_REQUEST; 400 break; 401 } 402 403 $result = JRequest::_cleanVar($input, $mask); 404 405 // Handle magic quotes compatability 406 if (get_magic_quotes_gpc() && ($hash != 'FILES')) { 407 $result = JRequest::_stripSlashesRecursive( $result ); 408 } 409 410 return $result; 411 } 412 413 /** 414 * Sets a request variable 415 * 416 * @param array An associative array of key-value pairs 417 * @param string The request variable to set (POST, GET, FILES, METHOD) 418 * @param boolean If true and an existing key is found, the value is overwritten, otherwise it is ingored 419 */ 420 function set( $array, $hash = 'default', $overwrite = true ) 421 { 422 foreach ($array as $key => $value) { 423 JRequest::setVar($key, $value, $hash, $overwrite); 424 } 425 } 426 427 /** 428 * Checks for a form token in the request 429 * 430 * Use in conjuction with JHTML::_( 'form.token' ) 431 * 432 * @param string The request method in which to look for the token key 433 * @return boolean True if found and valid, false otherwise 434 */ 435 function checkToken( $method = 'post' ) 436 { 437 $token = JUtility::getToken(); 438 if(!JRequest::getVar( $token, '', $method, 'alnum' )) { 439 $session = JFactory::getSession(); 440 if($session->isNew()) { 441 //Redirect to login screen 442 global $mainframe; 443 $return = JRoute::_('index.php'); 444 ; $mainframe->redirect($return, JText::_('SESSION_EXPIRED')); 445 $mainframe->close(); 446 } else { 447 return false; 448 } 449 } else { 450 return true; 451 } 452 } 453 454 /** 455 * Cleans the request from script injection. 456 * 457 * @static 458 * @return void 459 * @since 1.5 460 */ 461 function clean() 462 { 463 JRequest::_cleanArray( $_FILES ); 464 JRequest::_cleanArray( $_ENV ); 465 JRequest::_cleanArray( $_GET ); 466 JRequest::_cleanArray( $_POST ); 467 JRequest::_cleanArray( $_COOKIE ); 468 JRequest::_cleanArray( $_SERVER ); 469 470 if (isset( $_SESSION )) { 471 JRequest::_cleanArray( $_SESSION ); 472 } 473 474 $REQUEST = $_REQUEST; 475 $GET = $_GET; 476 $POST = $_POST; 477 $COOKIE = $_COOKIE; 478 $FILES = $_FILES; 479 $ENV = $_ENV; 480 $SERVER = $_SERVER; 481 482 if (isset ( $_SESSION )) { 483 $SESSION = $_SESSION; 484 } 485 486 foreach ($GLOBALS as $key => $value) 487 { 488 if ( $key != 'GLOBALS' ) { 489 unset ( $GLOBALS [ $key ] ); 490 } 491 } 492 $_REQUEST = $REQUEST; 493 $_GET = $GET; 494 $_POST = $POST; 495 $_COOKIE = $COOKIE; 496 $_FILES = $FILES; 497 $_ENV = $ENV; 498 $_SERVER = $SERVER; 499 500 if (isset ( $SESSION )) { 501 $_SESSION = $SESSION; 502 } 503 504 // Make sure the request hash is clean on file inclusion 505 $GLOBALS['_JREQUEST'] = array(); 506 } 507 508 /** 509 * Adds an array to the GLOBALS array and checks that the GLOBALS variable is not being attacked 510 * 511 * @access protected 512 * @param array $array Array to clean 513 * @param boolean True if the array is to be added to the GLOBALS 514 * @since 1.5 515 */ 516 function _cleanArray( &$array, $globalise=false ) 517 { 518 static $banned = array( '_files', '_env', '_get', '_post', '_cookie', '_server', '_session', 'globals' ); 519 520 foreach ($array as $key => $value) 521 { 522 // PHP GLOBALS injection bug 523 $failed = in_array( strtolower( $key ), $banned ); 524 525 // PHP Zend_Hash_Del_Key_Or_Index bug 526 $failed |= is_numeric( $key ); 527 if ($failed) { 528 jexit( 'Illegal variable <b>' . implode( '</b> or <b>', $banned ) . '</b> passed to script.' ); 529 } 530 if ($globalise) { 531 $GLOBALS[$key] = $value; 532 } 533 } 534 } 535 536 /** 537 * Clean up an input variable. 538 * 539 * @param mixed The input variable. 540 * @param int Filter bit mask. 1=no trim: If this flag is cleared and the 541 * input is a string, the string will have leading and trailing whitespace 542 * trimmed. 2=allow_raw: If set, no more filtering is performed, higher bits 543 * are ignored. 4=allow_html: HTML is allowed, but passed through a safe 544 * HTML filter first. If set, no more filtering is performed. If no bits 545 * other than the 1 bit is set, a strict filter is applied. 546 * @param string The variable type {@see JFilterInput::clean()}. 547 */ 548 function _cleanVar($var, $mask = 0, $type=null) 549 { 550 // Static input filters for specific settings 551 static $noHtmlFilter = null; 552 static $safeHtmlFilter = null; 553 554 // If the no trim flag is not set, trim the variable 555 if (!($mask & 1) && is_string($var)) { 556 $var = trim($var); 557 } 558 559 // Now we handle input filtering 560 if ($mask & 2) 561 { 562 // If the allow raw flag is set, do not modify the variable 563 $var = $var; 564 } 565 elseif ($mask & 4) 566 { 567 // If the allow html flag is set, apply a safe html filter to the variable 568 if (is_null($safeHtmlFilter)) { 569 $safeHtmlFilter = & JFilterInput::getInstance(null, null, 1, 1); 570 } 571 $var = $safeHtmlFilter->clean($var, $type); 572 } 573 else 574 { 575 // Since no allow flags were set, we will apply the most strict filter to the variable 576 if (is_null($noHtmlFilter)) { 577 $noHtmlFilter = & JFilterInput::getInstance(/* $tags, $attr, $tag_method, $attr_method, $xss_auto */); 578 } 579 $var = $noHtmlFilter->clean($var, $type); 580 } 581 return $var; 582 } 583 584 /** 585 * Strips slashes recursively on an array 586 * 587 * @access protected 588 * @param array $array Array of (nested arrays of) strings 589 * @return array The input array with stripshlashes applied to it 590 */ 591 function _stripSlashesRecursive( $value ) 592 { 593 $value = is_array( $value ) ? array_map( array( 'JRequest', '_stripSlashesRecursive' ), $value ) : stripslashes( $value ); 594 return $value; 595 } 596 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Mar 28 15:54:07 2012 | Cross-referenced by PHPXref 0.7.1 |