post('mode', TYPE_NO_TAGS, ''); * - $page_id = $mx_request_vars->get('page', TYPE_INT, 1); * This class IS instatiated in common.php ;-) * * @access public * @author Markus Petrux, John Olson, FlorinCB * @package Core */ class RequestVars { /**#@+ * Constant identifying the super global with the same name. */ const _POST = 0; const _GET = 1; const _REQUEST = 2; const _COOKIE = 3; const _SERVER = 4; const _FILES = 5; const POST = 0; const GET = 1; const REQUEST = 2; const COOKIE = 3; const SERVER = 4; const FILES = 5; /**#@-*/ // // Implementation Conventions: // Properties and methods prefixed with underscore are intented to be private. ;-) // /** * @var array The names of super global variables that this class should protect if super globals are disabled. */ protected $super_globals = array( self::POST => '_POST', self::GET => '_GET', self::REQUEST => '_REQUEST', self::COOKIE => '_COOKIE', self::SERVER => '_SERVER', self::FILES => '_FILES', ); /** * @vars arrays Stores count() of $GLOBALS arrays. */ var $post_array = 0; var $get_array = 0; var $request_array = 0; var $cookie_array = 0; var $server_array = 0; var $files_arrays = 0; /** * @var array Stores original contents of $_REQUEST array. */ protected $original_request = null; /** * @var */ protected $super_globals_disabled = false; /** * @var array An associative array that has the value of super global constants as keys and holds their data as values. */ protected $input; /** * @var \phpbb\request\type_cast_helper_interface An instance of a type cast helper providing convenience methods for type conversions. * borrowed from github.comb */ protected $type_cast_helper; // ------------------------------ // Properties // /* ------------------------------ * Constructor * Initialises the request class, that means it stores all input data in {@link $input input} * and then calls {@link deactivated_super_global deactivated_super_global} */ public function __construct($disable_super_globals = false) { foreach ($this->super_globals as $const => $super_global) { $this->input[$const] = isset($GLOBALS[$super_global]) ? $GLOBALS[$super_global] : array(); } // simulate request_order = GP $this->original_request = $this->input[self::REQUEST]; $this->input[self::REQUEST] = $this->input[self::POST] + $this->input[self::GET]; $this->post_array = isset($GLOBALS['_POST']) ? count($GLOBALS['_POST']) : 0; $this->get_array = isset($GLOBALS['_GET']) ? count($GLOBALS['_GET']) : 0; $this->request_array = isset($GLOBALS['_REQUEST']) ? count($GLOBALS['_REQUEST']) : 0; $this->cookie_array = isset($GLOBALS['_COOKIE']) ? count($GLOBALS['_COOKIE']) : 0; $this->server_array = isset($GLOBALS['_SERVER']) ? count($GLOBALS['_SERVER']) : 0; $this->files_arrays = isset($GLOBALS['_FILES']) ? count($GLOBALS['_FILES']) : 0; if ($disable_super_globals) { $this->disable_super_globals(); } } /** * Getter for $super_globals_disabled * * @return bool Whether super globals are disabled or not. * borrowed from github.comb */ public function super_globals_disabled() { return $this->super_globals_disabled; } /** * Disables access of super globals specified in $super_globals. * This is achieved by overwriting the super globals with instances of {@link \autoindex\request\deactivated_super_global \autoindex\request\deactivated_super_global} * borrowed from github.comb */ public function disable_super_globals() { if (!$this->super_globals_disabled) { foreach ($this->super_globals as $const => $super_global) { unset($GLOBALS[$super_global]); $GLOBALS[$super_global] = new deactivated_super_global($this, $super_global, $const); } $this->super_globals_disabled = true; } } /** * Enables access of super globals specified in $super_globals if they were disabled by {@link disable_super_globals disable_super_globals}. * This is achieved by making the super globals point to the data stored within this class in {@link $input input}. * borrowed from github.comb */ public function enable_super_globals() { if ($this->super_globals_disabled) { foreach ($this->super_globals as $const => $super_global) { $GLOBALS[$super_global] = $this->input[$const]; } $GLOBALS['_REQUEST'] = $this->original_request; $this->super_globals_disabled = false; } } // ------------------------------ // Public Methods // /** * This function allows overwriting or setting a value in one of the super global arrays. * * Changes which are performed on the super globals directly will not have any effect on the results of * other methods this class provides. Using this function should be avoided if possible! It will * consume twice the the amount of memory of the value * * @param string $var_name The name of the variable that shall be overwritten * @param mixed $value The value which the variable shall contain. * If this is null the variable will be unset. * @param mx_request_vars::POST|GET|REQUEST|COOKIE $super_global * Specifies which super global shall be changed */ public function overwrite($var_name, $value, $super_global = self::REQUEST) { if (!isset($this->super_globals[$super_global])) { return; } $this->type_cast_helper->add_magic_quotes($value); // setting to null means unsetting if ($value === null) { unset($this->input[$super_global][$var_name]); if (!$this->super_globals_disabled()) { unset($GLOBALS[$this->super_globals[$super_global]][$var_name]); } } else { $this->input[$super_global][$var_name] = $value; if (!$this->super_globals_disabled()) { $GLOBALS[$this->super_globals[$super_global]][$var_name] = $value; } } } // ------------------------------ // Private Methods // /** * Function: _read(). * * Get the value of the specified request var (post or get) and force the result to be * of specified type. It might also transform the result (stripslashes, htmlspecialchars) for security * purposes. It all depends on the $type argument. * If the specified request var does not exist, then the default ($dflt) value is returned. * Note the $type argument behaves as a bit array where more than one option can be specified by OR'ing * the passed argument. This is tipical practice in languages like C, but it can also be done with PHP. * * @access private * @param unknown_type $var * @param unknown_type $type * @param unknown_type $dflt * @return unknown */ public function _read($var, $type = TYPE_ANY, $dflt = '', $not_null = false) { if( ($type & (TYPE_POST_VARS|TYPE_GET_VARS)) == 0 ) { $type |= (TYPE_POST_VARS|TYPE_GET_VARS); } if( ($type & TYPE_POST_VARS) && isset($_POST[$var]) || ($type & TYPE_GET_VARS) && isset($_GET[$var]) ) { $val = ( ($type & TYPE_POST_VARS) && isset($_POST[$var]) ? $_POST[$var] : $_GET[$var] ); if( !($type & TYPE_NO_STRIP) ) { if( is_array($val) ) { foreach( $val as $k => $v ) { $val[$k] = trim(stripslashes($v)); } } else { $val = trim(stripslashes($val)); } } } else { $val = $dflt; } if( $type & TYPE_INT ) // integer { return $not_null && empty($val) ? $dflt : intval($val); } if( $type & TYPE_FLOAT ) // float { return $not_null && empty($val) ? $dflt : floatval($val); } if( $type & TYPE_NO_TAGS ) // ie username { if( is_array($val) ) { foreach( $val as $k => $v ) { $val[$k] = htmlspecialchars(strip_tags(ltrim(rtrim($v, " \t\n\r\0\x0B\\")))); } } else { $val = htmlspecialchars(strip_tags(ltrim(rtrim($val, " \t\n\r\0\x0B\\")))); } } elseif( $type & TYPE_NO_HTML ) // no slashes nor html { if( is_array($val) ) { foreach( $val as $k => $v ) { $val[$k] = htmlspecialchars(ltrim(rtrim($v, " \t\n\r\0\x0B\\"))); } } else { $val = htmlspecialchars(ltrim(rtrim($val, " \t\n\r\0\x0B\\"))); } } if( $type & TYPE_SQL_QUOTED ) { if( is_array($val) ) { foreach( $val as $k => $v ) { $val[$k] = str_replace(($type & TYPE_NO_STRIP ? "\'" : "'"), "''", $v); } } else { $val = str_replace(($type & TYPE_NO_STRIP ? "\'" : "'"), "''", $val); } } return $not_null && empty($val) ? $dflt : $val; } // ------------------------------ // Public Methods // /** * Central type safe input handling function. * All variables in GET or POST requests should be retrieved through this function to maximise security. * * @param string|array $var_name The form variable's name from which data shall be retrieved. * If the value is an array this may be an array of indizes which will give * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") * then specifying array("var", 1) as the name will return "a". * @param mixed $default A default value that is returned if the variable was not set. * This function will always return a value of the same type as the default. * @param bool $multibyte If $default is a string this parameter has to be true if the variable may contain any UTF-8 characters * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks * @param mx_request_vars::POST|GET|REQUEST|COOKIE $super_global * Specifies which super global should be used * * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the * the same as that of $default. If the variable is not set $default is returned. */ public function variable($var_name, $default, $multibyte = false, $super_global = self::REQUEST) { return $this->_variable($var_name, $default, $multibyte, $super_global, true); } /** * Get a variable, but without trimming strings. * Same functionality as variable(), except does not run trim() on strings. * This method should be used when handling passwords. * * @param string|array $var_name The form variable's name from which data shall be retrieved. * If the value is an array this may be an array of indizes which will give * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") * then specifying array("var", 1) as the name will return "a". * @param mixed $default A default value that is returned if the variable was not set. * This function will always return a value of the same type as the default. * @param bool $multibyte If $default is a string this parameter has to be true if the variable may contain any UTF-8 characters * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks * @param mx_request_vars::POST|GET|REQUEST|COOKIE $super_global * Specifies which super global should be used * * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the * the same as that of $default. If the variable is not set $default is returned. */ public function untrimmed_variable($var_name, $default, $multibyte = false, $super_global = self::REQUEST) { return $this->_variable($var_name, $default, $multibyte, $super_global, false); } /** * */ public function raw_variable($var_name, $default, $super_global = self::REQUEST) { $path = false; // deep direct access to multi dimensional arrays if (is_array($var_name)) { $path = $var_name; // make sure at least the variable name is specified if (empty($path)) { return (is_array($default)) ? array() : $default; } // the variable name is the first element on the path $var_name = array_shift($path); } if (!isset($this->input[$super_global][$var_name])) { return (is_array($default)) ? array() : $default; } $var = $this->input[$super_global][$var_name]; if ($path) { // walk through the array structure and find the element we are looking for foreach ($path as $key) { if (is_array($var) && isset($var[$key])) { $var = $var[$key]; } else { return (is_array($default)) ? array() : $default; } } } return $var; } /** * Shortcut method to retrieve SERVER variables. * * Also fall back to getenv(), some CGI setups may need it (probably not, but * whatever). * * @param string|array $var_name See \request\request_interface::variable * @param mixed $Default See \request\request_interface::variable * * @return mixed The server variable value. */ public function server($var_name, $default = '') { $multibyte = true; if ($this->is_set($var_name, self::SERVER)) { return $this->variable($var_name, $default, $multibyte, self::SERVER); } else { $var = getenv($var_name); $this->recursive_set_var($var, $default, $multibyte); return $var; } } /** * Shortcut method to retrieve the value of client HTTP headers. * * @param string|array $header_name The name of the header to retrieve. * @param mixed $default See \request\request_interface::variable * * @return mixed The header value. */ public function header($header_name, $default = '') { $var_name = 'HTTP_' . str_replace('-', '_', strtoupper($header_name)); return $this->server($var_name, $default); } /** * Shortcut method to retrieve $_FILES variables * * @param string $form_name The name of the file input form element * * @return array The uploaded file's information or an empty array if the * variable does not exist in _FILES. */ public function file($form_name) { return $this->variable($form_name, array('name' => 'none'), true, self::FILES); } /** * Request POST variable. * * _read() wrappers to retrieve POST, GET or any REQUEST (both) variable. * * @access public * @param string $var * @param integer $type * @param string $dflt * @return string */ public function post($var, $type = TYPE_ANY, $dflt = '', $not_null = false) { if (!$this->super_globals_disabled()) { return $this->_read($var, ($type | TYPE_POST_VARS), $dflt, $not_null); } else { $super_global = self::POST; $multibyte = false; //UTF-8 ? $default = $dflt; return $this->_variable($var_name, $default, $multibyte, $super_global, true); } } /** ** / public function post($var_name, $default, $multibyte = false, $super_global = self::POST) { return $this->_variable($var_name, $default, $multibyte, $super_global, true); } /** **/ /** * Request GET variable. * * _read() wrappers to retrieve POST, GET or any REQUEST (both) variable. * * @access public * @param string $var * @param integer $type * @param string $dflt * @return string */ public function get($var, $type = TYPE_ANY, $dflt = '', $not_null = false) { if (!$this->super_globals_disabled()) { return $this->_read($var, ($type | TYPE_GET_VARS), $dflt, $not_null); } else { $super_global = self::GET; $multibyte = false; //UTF-8 ? $default = $dflt; return $this->_variable($var_name, $default, $multibyte, $super_global, true); } } /** ** / public function get($var_name, $default, $multibyte = false, $super_global = self::GET) { return $this->_variable($var_name, $default, $multibyte, $super_global, true); } /** **/ /** * Request GET or POST variable. * * _read() wrappers to retrieve POST, GET or any REQUEST (both) variable. * * @access public * @param string $var * @param integer $type * @param string $dflt * @return string */ public function request($var, $type = TYPE_ANY, $dflt = '', $not_null = false) { if (!$this->super_globals_disabled()) { return $this->_read($var, ($type | TYPE_POST_VARS | TYPE_GET_VARS), $dflt, $not_null); } else { $super_global = self::REQUEST; $multibyte = false; //UTF-8 ? $default = $dflt; return $this->_variable($var_name, $default, $multibyte, $super_global, true); } } /** * Is POST var? * * Boolean method to check for existence of POST variable. * * @access public * @param string $var * @return boolean */ public function is_post($var) { // Note: _x and _y are used by (at least IE) to return the mouse position at onclick of INPUT TYPE="img" elements. return ($this->is_set_post($var) || $this->is_set_post($var.'_x') && $this->is_set_post($var.'_y')) ? 1 : 0; } /** * Is GET var? * * Boolean method to check for existence of GET variable. * * @access public * @param string $var * @return boolean */ public function is_get($var) { //return isset($_GET[$var]) ? 1 : 0 ; return $this->is_set($var, self::GET); } /** * Is REQUEST (either GET or POST) var? * * Boolean method to check for existence of any REQUEST (both) variable. * * @access public * @param string $var * @return boolean */ public function is_request($var) { return ($this->is_get($var) || $this->is_post($var)) ? 1 : 0; //return $this->is_set($var, self::REQUEST); } /** * Is POST var empty? * * Boolean method to check if POST variable is empty * as it might be set but still be empty. * * @access public * @param string $var * @return boolean */ public function is_empty_post($var) { //return (empty($_POST[$var]) && ( empty($_POST[$var.'_x']) || empty($_POST[$var.'_y']))) ? 1 : 0 ; return ($this->is_empty($var, self::POST) && ($this->is_empty($var.'_x', self::POST) || $this->is_empty($var.'_y', self::POST))) ? 1 : 0; } /** * Is POST var not empty? * * Boolean method to check if POST variable is empty * as it might be set but still be empty. * * @access public * @param string $var * @return boolean */ public function is_not_empty_post($var) { //return (!empty($_POST[$var]) && ( !empty($_POST[$var.'_x']) || !empty($_POST[$var.'_y']))) ? 1 : 0 ; return ($this->is_not_empty($var, self::POST) && ($this->is_not_empty($var.'_x', self::POST) || $this->is_not_empty($var.'_y', self::POST))) ? 1 : 0; } /** * Is GET var empty? * * Boolean method to check if GET variable is empty * as it might be set but still be empty * * @access public * @param string $var * @return boolean */ public function is_empty_get($var) { //return empty($_GET[$var]) ? 1 : 0; return $this->is_empty($var, self::GET); } /** * Is GET var not empty? * * Boolean method to check if GET variable is empty * as it might be set but still be empty * * @access public * @param string $var * @return boolean */ public function is_not_empty_get($var) { //return !empty($_GET[$var]) ? 1 : 0; return $this->is_not_empty($var, self::GET); } /** * Is REQUEST empty (GET and POST) var? * * Boolean method to check if REQUEST (both) variable is empty. * * @access public * @param string $var * @return boolean */ public function is_empty_request($var) { return ($this->is_empty_get($var) && $this->is_empty_post($var)) ? 1 : 0; } /** * Is REQUEST not empty (GET and POST) var? * * Boolean method to check if REQUEST (both) variable is empty. * * @access public * @param string $var * @return boolean */ public function is_not_empty_request($var) { return ($this->is_not_empty_get($var) && $this->is_not_empty_post($var)) ? 1 : 0; } /** * Checks whether a certain variable was sent via POST. * To make sure that a request was sent using POST you should call this function * on at least one variable. * * @param string $name The name of the form variable which should have a * _p suffix to indicate the check in the code that creates the form too. * * @return bool True if the variable was set in a POST request, false otherwise. */ public function is_set_post($var) { if (is_array($var)) { return $this->is_array_set($var, self::POST); } else { return $this->is_set($var, self::POST); } } /** * Checks whether a certain variable was not sent via POST. * To make sure that a request was not sent using POST you should call this function * on at least one variable. * * @param string $name The name of the form variable which should have a * _p suffix to indicate the check in the code that creates the form too. * * @return bool True if the variable was not set in a POST request, false otherwise. */ public function is_not_set_post($name) { return $this->is_not_set($name, self::POST); } /** * Checks whether a certain variable was sent via GET. * To make sure that a request was sent using GET you should call this function * on at least one variable. * * @param string $name The name of the form variable which should have a * _p suffix to indicate the check in the code that creates the form too. * * @return bool True if the variable was set in a GET request, false otherwise. */ public function is_set_get($var) { if (is_array($var)) { return $this->is_array_set($var, self::GET); } else { return $this->is_set($var, self::GET); } } /** * Checks whether a certain variable was not sent via GET. * To make sure that a request was not sent using GET you should call this function * on at least one variable. * * @param string $name The name of the form variable which should have a * _p suffix to indicate the check in the code that creates the form too. * * @return bool True if the variable was not set in a GET request, false otherwise. */ public function is_not_set_get($name) { return $this->is_not_set($name, self::GET); } /* * * */ public function post_array() { return ($this->post_array > 0) ? $this->post_array : 0; } /* * * */ public function get_array() { return ($this->get_array > 0) ? $this->get_array : 0; } /* * * */ public function request_array() { return ($this->request_array > 0) ? $this->request_array : 0; } /* * * */ public function cookie_array() { return ($this->cookie_array > 0) ? $this->cookie_array : 0; } /* * * */ public function server_array() { return ($this->server_array > 0) ? $this->server_array : 0; } /* * * */ public function files_array() { return ($this->files_array > 0) ? $this->files_array : 0; } /** * Checks whether a certain variable is empty in one of the super global * arrays. * * @param string $var Name of the variable * @param mx_request_vars::POST|GET|REQUEST|COOKIE $super_global * Specifies the super global which shall be checked * * @return bool True if the variable was sent as input */ public function is_empty($var, $super_global = self::REQUEST) { return empty($this->input[$super_global][$var]); } /** * Checks whether a certain variable is not empty in one of the super global * arrays. * * @param string $var Name of the variable * @param mx_request_vars::POST|GET|REQUEST|COOKIE $super_global * Specifies the super global which shall be checked * * @return bool True if the variable was sent as input */ public function is_not_empty($var, $super_global = self::REQUEST) { return !empty($this->input[$super_global][$var]); } /** * Checks whether a certain variable is set in one of the super global * arrays. * * @param string $var Name of the variable * @param mx_request_vars::POST|GET|REQUEST|COOKIE $super_global * Specifies the super global which shall be checked * * @return bool True if the variable was sent as input */ public function is_set($var, $super_global = self::REQUEST) { return isset($this->input[$super_global][$var]); } /** * Checks whether a certain array of variables are set in one of the super global * arrays. * * @param string $var1 Name of the variable * @param string $var2 Name of the variable * @param mx_request_vars::POST|GET|REQUEST|COOKIE $super_global * Specifies the super global which shall be checked * * @return bool True if the variable was sent as input */ public function is_array_set($arr, $super_global = self::REQUEST) { $n = count($arr); $lim = 4; for ($i = 0; $i < $n; $i++) { foreach($arr as $var) { $arr[$i] = isset($this->input[$super_global][$var][$i]) ? $this->input[$super_global][$var][$i] : $var; } if ($i < 3) { return isset($this->input[$super_global][$var][0], $this->input[$super_global][$var][2]); } elseif ($i < 4) { return isset($this->input[$super_global][$var][0], $this->input[$super_global][$var][2], $this->input[$super_global][$var][3]); } elseif ($i < 5) { return isset($this->input[$super_global][$var][0], $this->input[$super_global][$var][2], $this->input[$super_global][$var][3], $this->input[$super_global][$var][4]); } elseif ($lim < $n) { print('Warning: Request vars class only accepts a number of arguments in an array: ' . $lim . ', but now are: ' . $n . ' arguments.'); } } } /** * Checks whether a certain variable is not set in one of the super global * arrays. * * @param string $var Name of the variable * @param mx_request_vars::POST|GET|REQUEST|COOKIE $super_global * Specifies the super global which shall be checked * * @return bool True if the variable was sent as input */ public function is_not_set($var, $super_global = self::REQUEST) { return !isset($this->input[$super_global][$var]); } /** * Checks whether the current request is an AJAX request (XMLHttpRequest) * * @return bool True if the current request is an ajax request */ public function is_ajax() { return $this->header('X-Requested-With') == 'XMLHttpRequest'; } /** * Checks if the current request is happening over HTTPS. * * @return bool True if the request is secure. */ public function is_secure() { $https = $this->server('HTTPS'); $https = $this->server('HTTP_X_FORWARDED_PROTO') === 'https' ? 'on' : $https; return !empty($https) && $https !== 'off'; } /** * Returns all variable names for a given super global * * @param mx_request_vars::POST|GET|REQUEST|COOKIE $super_global * The super global from which names shall be taken * * @return array All variable names that are set for the super global. * Pay attention when using these, they are unsanitised! */ public function variable_names($super_global = self::REQUEST) { if (!isset($this->input[$super_global])) { return array(); } return array_keys($this->input[$super_global]); } /** * Helper function used by variable() and untrimmed_variable(). * * @param string|array $var_name The form variable's name from which data shall be retrieved. * If the value is an array this may be an array of indizes which will give * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") * then specifying array("var", 1) as the name will return "a". * @param mixed $default A default value that is returned if the variable was not set. * This function will always return a value of the same type as the default. * @param bool $multibyte If $default is a string this parameter has to be true if the variable may contain any UTF-8 characters * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks * @param mx_request_vars::POST|GET|REQUEST|COOKIE $super_global * Specifies which super global should be used * @param bool $trim Indicates whether trim() should be applied to string values. * * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the * the same as that of $default. If the variable is not set $default is returned. */ protected function _variable($var_name, $default, $multibyte = false, $super_global = self::REQUEST, $trim = true) { $var = $this->raw_variable($var_name, $default, $super_global); // Return prematurely if raw variable is empty array or the same as // the default. Using strict comparison to ensure that one can't // prevent proper type checking on any input variable if ($var === array() || $var === $default) { return $var; } $this->recursive_set_var($var, $default, $multibyte, $trim); return $var; } /** * */ public function get_super_global($super_global = self::REQUEST) { return $this->input[$super_global]; } /** * */ public function escape($var, $multibyte) { if (is_array($var)) { $result = array(); foreach ($var as $key => $value) { $this->set_var($key, $key, gettype($key), $multibyte); $result[$key] = $this->escape($value, $multibyte); } $var = $result; } else { $this->set_var($var, $var, 'string', $multibyte); } return $var; } /** * Check GET POST vars exists */ function check_http_var_exists($var_name, $empty_var = false) { if ($empty_var) { if (isset($_GET[$var_name]) || isset($_POST[$var_name])) { return true; } else { return false; } } else { if (!empty($_GET[$var_name]) || !empty($_POST[$var_name])) { return true; } else { return false; } } return false; } /** * Check variable value against default array */ function check_var_value($var, $var_array, $var_default = false) { if (!is_array($var_array) || empty($var_array)) { return $var; } $var_default = (($var_default === false) ? $var_array[0] : $var_default); $var = in_array($var, $var_array) ? $var : $var_default; return $var; } /** * Set variable $result to a particular type. * * @param mixed &$result The variable to fill * @param mixed $var The contents to fill with * @param mixed $type The variable type. Will be used with {@link settype()} * @param bool $multibyte Indicates whether string values may contain UTF-8 characters. * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks. * @param bool $trim Indicates whether trim() should be applied to string values. * Default is true. */ public function set_var(&$result, $var, $type, $multibyte = false, $trim = true) { settype($var, $type); $result = $var; if ($type == 'string') { $result = str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result); if ($trim) { $result = trim($result); } $result = htmlspecialchars($result, ENT_COMPAT, 'UTF-8'); if ($multibyte) { if (is_array($result)) { foreach ($result as $key => $string) { if (is_array($string)) { foreach ($string as $_key => $_string) { $result = $result[$key][$_string]; } } else { $result = $strings[$key]; } } } } if (!empty($result)) { // Make sure multibyte characters are wellformed if ($multibyte) { if (!preg_match('/^./u', $result)) { $result = ''; } } else { // no multibyte, allow only ASCII (0-127) $result = preg_replace('/[\x80-\xFF]/', '?', $result); } } } } /** * Recursively sets a variable to a given type using {@link set_var set_var} * * @param string $var The value which shall be sanitised (passed by reference). * @param mixed $default Specifies the type $var shall have. * If it is an array and $var is not one, then an empty array is returned. * Otherwise var is cast to the same type, and if $default is an array all * keys and values are cast recursively using this function too. * @param bool $multibyte Indicates whether string keys and values may contain UTF-8 characters. * Default is false, causing all bytes outside the ASCII range (0-127) to * be replaced with question marks. * @param bool $trim Indicates whether trim() should be applied to string values. * Default is true. */ public function recursive_set_var(&$var, $default, $multibyte, $trim = true) { if (is_array($var) !== is_array($default)) { $var = (is_array($default)) ? array() : $default; return; } if (!is_array($default)) { $type = gettype($default); $this->set_var($var, $var, $type, $multibyte, $trim); } else { // make sure there is at least one key/value pair to use get the // types from if (empty($default)) { $var = array(); return; } list($default_key, $default_value) = each($default); $key_type = gettype($default_key); $_var = $var; $var = array(); foreach ($_var as $k => $v) { $this->set_var($k, $k, $key_type, $multibyte); $this->recursive_set_var($v, $default_value, $multibyte, $trim); $var[$k] = $v; } } } } // class RequestVars ?>