Verzeichnisstruktur phpBB-3.1.0
- Veröffentlicht
- 27.10.2014
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
request.php
001 <?php
002 /**
003 *
004 * This file is part of the phpBB Forum Software package.
005 *
006 * @copyright (c) phpBB Limited <https://www.phpbb.com>
007 * @license GNU General Public License, version 2 (GPL-2.0)
008 *
009 * For full copyright and license information, please see
010 * the docs/CREDITS.txt file.
011 *
012 */
013
014 namespace phpbb\request;
015
016 /**
017 * All application input is accessed through this class.
018 *
019 * It provides a method to disable access to input data through super globals.
020 * This should force MOD authors to read about data validation.
021 */
022 class request implements \phpbb\request\request_interface
023 {
024 /**
025 * @var array The names of super global variables that this class should protect if super globals are disabled.
026 */
027 protected $super_globals = array(
028 \phpbb\request\request_interface::POST => '_POST',
029 \phpbb\request\request_interface::GET => '_GET',
030 \phpbb\request\request_interface::REQUEST => '_REQUEST',
031 \phpbb\request\request_interface::COOKIE => '_COOKIE',
032 \phpbb\request\request_interface::SERVER => '_SERVER',
033 \phpbb\request\request_interface::FILES => '_FILES',
034 );
035
036 /**
037 * @var array Stores original contents of $_REQUEST array.
038 */
039 protected $original_request = null;
040
041 /**
042 * @var
043 */
044 protected $super_globals_disabled = false;
045
046 /**
047 * @var array An associative array that has the value of super global constants as keys and holds their data as values.
048 */
049 protected $input;
050
051 /**
052 * @var \phpbb\request\type_cast_helper_interface An instance of a type cast helper providing convenience methods for type conversions.
053 */
054 protected $type_cast_helper;
055
056 /**
057 * Initialises the request class, that means it stores all input data in {@link $input input}
058 * and then calls {@link \phpbb\request\deactivated_super_global \phpbb\request\deactivated_super_global}
059 */
060 public function __construct(\phpbb\request\type_cast_helper_interface $type_cast_helper = null, $disable_super_globals = true)
061 {
062 if ($type_cast_helper)
063 {
064 $this->type_cast_helper = $type_cast_helper;
065 }
066 else
067 {
068 $this->type_cast_helper = new \phpbb\request\type_cast_helper();
069 }
070
071 foreach ($this->super_globals as $const => $super_global)
072 {
073 $this->input[$const] = isset($GLOBALS[$super_global]) ? $GLOBALS[$super_global] : array();
074 }
075
076 // simulate request_order = GP
077 $this->original_request = $this->input[\phpbb\request\request_interface::REQUEST];
078 $this->input[\phpbb\request\request_interface::REQUEST] = $this->input[\phpbb\request\request_interface::POST] + $this->input[\phpbb\request\request_interface::GET];
079
080 if ($disable_super_globals)
081 {
082 $this->disable_super_globals();
083 }
084 }
085
086 /**
087 * Getter for $super_globals_disabled
088 *
089 * @return bool Whether super globals are disabled or not.
090 */
091 public function super_globals_disabled()
092 {
093 return $this->super_globals_disabled;
094 }
095
096 /**
097 * Disables access of super globals specified in $super_globals.
098 * This is achieved by overwriting the super globals with instances of {@link \phpbb\request\deactivated_super_global \phpbb\request\deactivated_super_global}
099 */
100 public function disable_super_globals()
101 {
102 if (!$this->super_globals_disabled)
103 {
104 foreach ($this->super_globals as $const => $super_global)
105 {
106 unset($GLOBALS[$super_global]);
107 $GLOBALS[$super_global] = new \phpbb\request\deactivated_super_global($this, $super_global, $const);
108 }
109
110 $this->super_globals_disabled = true;
111 }
112 }
113
114 /**
115 * Enables access of super globals specified in $super_globals if they were disabled by {@link disable_super_globals disable_super_globals}.
116 * This is achieved by making the super globals point to the data stored within this class in {@link $input input}.
117 */
118 public function enable_super_globals()
119 {
120 if ($this->super_globals_disabled)
121 {
122 foreach ($this->super_globals as $const => $super_global)
123 {
124 $GLOBALS[$super_global] = $this->input[$const];
125 }
126
127 $GLOBALS['_REQUEST'] = $this->original_request;
128
129 $this->super_globals_disabled = false;
130 }
131 }
132
133 /**
134 * This function allows overwriting or setting a value in one of the super global arrays.
135 *
136 * Changes which are performed on the super globals directly will not have any effect on the results of
137 * other methods this class provides. Using this function should be avoided if possible! It will
138 * consume twice the the amount of memory of the value
139 *
140 * @param string $var_name The name of the variable that shall be overwritten
141 * @param mixed $value The value which the variable shall contain.
142 * If this is null the variable will be unset.
143 * @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global
144 * Specifies which super global shall be changed
145 */
146 public function overwrite($var_name, $value, $super_global = \phpbb\request\request_interface::REQUEST)
147 {
148 if (!isset($this->super_globals[$super_global]))
149 {
150 return;
151 }
152
153 $this->type_cast_helper->add_magic_quotes($value);
154
155 // setting to null means unsetting
156 if ($value === null)
157 {
158 unset($this->input[$super_global][$var_name]);
159 if (!$this->super_globals_disabled())
160 {
161 unset($GLOBALS[$this->super_globals[$super_global]][$var_name]);
162 }
163 }
164 else
165 {
166 $this->input[$super_global][$var_name] = $value;
167 if (!$this->super_globals_disabled())
168 {
169 $GLOBALS[$this->super_globals[$super_global]][$var_name] = $value;
170 }
171 }
172
173 if (!$this->super_globals_disabled())
174 {
175 unset($GLOBALS[$this->super_globals[$super_global]][$var_name]);
176 $GLOBALS[$this->super_globals[$super_global]][$var_name] = $value;
177 }
178 }
179
180 /**
181 * Central type safe input handling function.
182 * All variables in GET or POST requests should be retrieved through this function to maximise security.
183 *
184 * @param string|array $var_name The form variable's name from which data shall be retrieved.
185 * If the value is an array this may be an array of indizes which will give
186 * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
187 * then specifying array("var", 1) as the name will return "a".
188 * @param mixed $default A default value that is returned if the variable was not set.
189 * This function will always return a value of the same type as the default.
190 * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters
191 * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
192 * @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global
193 * Specifies which super global should be used
194 *
195 * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
196 * the same as that of $default. If the variable is not set $default is returned.
197 */
198 public function variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST)
199 {
200 return $this->_variable($var_name, $default, $multibyte, $super_global, true);
201 }
202
203 /**
204 * Get a variable, but without trimming strings.
205 * Same functionality as variable(), except does not run trim() on strings.
206 * This method should be used when handling passwords.
207 *
208 * @param string|array $var_name The form variable's name from which data shall be retrieved.
209 * If the value is an array this may be an array of indizes which will give
210 * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
211 * then specifying array("var", 1) as the name will return "a".
212 * @param mixed $default A default value that is returned if the variable was not set.
213 * This function will always return a value of the same type as the default.
214 * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters
215 * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
216 * @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global
217 * Specifies which super global should be used
218 *
219 * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
220 * the same as that of $default. If the variable is not set $default is returned.
221 */
222 public function untrimmed_variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST)
223 {
224 return $this->_variable($var_name, $default, $multibyte, $super_global, false);
225 }
226
227 /**
228 * Shortcut method to retrieve SERVER variables.
229 *
230 * Also fall back to getenv(), some CGI setups may need it (probably not, but
231 * whatever).
232 *
233 * @param string|array $var_name See \phpbb\request\request_interface::variable
234 * @param mixed $Default See \phpbb\request\request_interface::variable
235 *
236 * @return mixed The server variable value.
237 */
238 public function server($var_name, $default = '')
239 {
240 $multibyte = true;
241
242 if ($this->is_set($var_name, \phpbb\request\request_interface::SERVER))
243 {
244 return $this->variable($var_name, $default, $multibyte, \phpbb\request\request_interface::SERVER);
245 }
246 else
247 {
248 $var = getenv($var_name);
249 $this->type_cast_helper->recursive_set_var($var, $default, $multibyte);
250 return $var;
251 }
252 }
253
254 /**
255 * Shortcut method to retrieve the value of client HTTP headers.
256 *
257 * @param string|array $header_name The name of the header to retrieve.
258 * @param mixed $default See \phpbb\request\request_interface::variable
259 *
260 * @return mixed The header value.
261 */
262 public function header($header_name, $default = '')
263 {
264 $var_name = 'HTTP_' . str_replace('-', '_', strtoupper($header_name));
265 return $this->server($var_name, $default);
266 }
267
268 /**
269 * Shortcut method to retrieve $_FILES variables
270 *
271 * @param string $form_name The name of the file input form element
272 *
273 * @return array The uploaded file's information or an empty array if the
274 * variable does not exist in _FILES.
275 */
276 public function file($form_name)
277 {
278 return $this->variable($form_name, array('name' => 'none'), false, \phpbb\request\request_interface::FILES);
279 }
280
281 /**
282 * Checks whether a certain variable was sent via POST.
283 * To make sure that a request was sent using POST you should call this function
284 * on at least one variable.
285 *
286 * @param string $name The name of the form variable which should have a
287 * _p suffix to indicate the check in the code that creates the form too.
288 *
289 * @return bool True if the variable was set in a POST request, false otherwise.
290 */
291 public function is_set_post($name)
292 {
293 return $this->is_set($name, \phpbb\request\request_interface::POST);
294 }
295
296 /**
297 * Checks whether a certain variable is set in one of the super global
298 * arrays.
299 *
300 * @param string $var Name of the variable
301 * @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global
302 * Specifies the super global which shall be checked
303 *
304 * @return bool True if the variable was sent as input
305 */
306 public function is_set($var, $super_global = \phpbb\request\request_interface::REQUEST)
307 {
308 return isset($this->input[$super_global][$var]);
309 }
310
311 /**
312 * Checks whether the current request is an AJAX request (XMLHttpRequest)
313 *
314 * @return bool True if the current request is an ajax request
315 */
316 public function is_ajax()
317 {
318 return $this->header('X-Requested-With') == 'XMLHttpRequest';
319 }
320
321 /**
322 * Checks if the current request is happening over HTTPS.
323 *
324 * @return bool True if the request is secure.
325 */
326 public function is_secure()
327 {
328 return $this->server('HTTPS') == 'on';
329 }
330
331 /**
332 * Returns all variable names for a given super global
333 *
334 * @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global
335 * The super global from which names shall be taken
336 *
337 * @return array All variable names that are set for the super global.
338 * Pay attention when using these, they are unsanitised!
339 */
340 public function variable_names($super_global = \phpbb\request\request_interface::REQUEST)
341 {
342 if (!isset($this->input[$super_global]))
343 {
344 return array();
345 }
346
347 return array_keys($this->input[$super_global]);
348 }
349
350 /**
351 * Helper function used by variable() and untrimmed_variable().
352 *
353 * @param string|array $var_name The form variable's name from which data shall be retrieved.
354 * If the value is an array this may be an array of indizes which will give
355 * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
356 * then specifying array("var", 1) as the name will return "a".
357 * @param mixed $default A default value that is returned if the variable was not set.
358 * This function will always return a value of the same type as the default.
359 * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters
360 * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
361 * @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global
362 * Specifies which super global should be used
363 * @param bool $trim Indicates whether trim() should be applied to string values.
364 *
365 * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
366 * the same as that of $default. If the variable is not set $default is returned.
367 */
368 protected function _variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST, $trim = true)
369 {
370 $path = false;
371
372 // deep direct access to multi dimensional arrays
373 if (is_array($var_name))
374 {
375 $path = $var_name;
376 // make sure at least the variable name is specified
377 if (empty($path))
378 {
379 return (is_array($default)) ? array() : $default;
380 }
381 // the variable name is the first element on the path
382 $var_name = array_shift($path);
383 }
384
385 if (!isset($this->input[$super_global][$var_name]))
386 {
387 return (is_array($default)) ? array() : $default;
388 }
389 $var = $this->input[$super_global][$var_name];
390
391 if ($path)
392 {
393 // walk through the array structure and find the element we are looking for
394 foreach ($path as $key)
395 {
396 if (is_array($var) && isset($var[$key]))
397 {
398 $var = $var[$key];
399 }
400 else
401 {
402 return (is_array($default)) ? array() : $default;
403 }
404 }
405 }
406
407 $this->type_cast_helper->recursive_set_var($var, $default, $multibyte, $trim);
408
409 return $var;
410 }
411
412 /**
413 * {@inheritdoc}
414 */
415 public function get_super_global($super_global = \phpbb\request\request_interface::REQUEST)
416 {
417 return $this->input[$super_global];
418 }
419 }
420