diff options
| author | Oliver Schramm <oliver.schramm97@gmail.com> | 2017-10-05 14:54:47 +0200 |
|---|---|---|
| committer | Oliver Schramm <oliver.schramm97@gmail.com> | 2017-10-05 14:54:47 +0200 |
| commit | 5514b1069968d451adb7eaf89278a6e1e5dc20df (patch) | |
| tree | 245b21642c134c4509e46fab60d130065e123624 /phpBB/phpbb/request/request.php | |
| parent | 93621aa1844ab48d9bae068d9872d2c49ae86de4 (diff) | |
| parent | ca5678cc1c2a1f723d39127e0c066eba6c9a3336 (diff) | |
| download | forums-5514b1069968d451adb7eaf89278a6e1e5dc20df.tar forums-5514b1069968d451adb7eaf89278a6e1e5dc20df.tar.gz forums-5514b1069968d451adb7eaf89278a6e1e5dc20df.tar.bz2 forums-5514b1069968d451adb7eaf89278a6e1e5dc20df.tar.xz forums-5514b1069968d451adb7eaf89278a6e1e5dc20df.zip | |
Merge pull request #4960 from rxu/ticket/15367
[ticket/15367] Escape special characters in Sphinx search backend
Diffstat (limited to 'phpBB/phpbb/request/request.php')
| -rw-r--r-- | phpBB/phpbb/request/request.php | 84 |
1 files changed, 51 insertions, 33 deletions
diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index 00ff9064cb..00be8fd381 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -219,6 +219,51 @@ class request implements \phpbb\request\request_interface } /** + * {@inheritdoc} + */ + public function raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST) + { + $path = false; + + // deep direct access to multi dimensional arrays + if (is_array($var_name)) + { + $path = $var_name; + // make sure at least the variable name is specified + if (empty($path)) + { + return (is_array($default)) ? array() : $default; + } + // the variable name is the first element on the path + $var_name = array_shift($path); + } + + if (!isset($this->input[$super_global][$var_name])) + { + return (is_array($default)) ? array() : $default; + } + $var = $this->input[$super_global][$var_name]; + + if ($path) + { + // walk through the array structure and find the element we are looking for + foreach ($path as $key) + { + if (is_array($var) && isset($var[$key])) + { + $var = $var[$key]; + } + else + { + return (is_array($default)) ? array() : $default; + } + } + } + + return $var; + } + + /** * Shortcut method to retrieve SERVER variables. * * Also fall back to getenv(), some CGI setups may need it (probably not, but @@ -363,41 +408,14 @@ class request implements \phpbb\request\request_interface */ protected function _variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST, $trim = true) { - $path = false; - - // deep direct access to multi dimensional arrays - if (is_array($var_name)) - { - $path = $var_name; - // make sure at least the variable name is specified - if (empty($path)) - { - return (is_array($default)) ? array() : $default; - } - // the variable name is the first element on the path - $var_name = array_shift($path); - } + $var = $this->raw_variable($var_name, $default, $super_global); - if (!isset($this->input[$super_global][$var_name])) + // Return prematurely if raw variable is empty array or the same as + // the default. Using strict comparison to ensure that one can't + // prevent proper type checking on any input variable + if ($var === array() || $var === $default) { - return (is_array($default)) ? array() : $default; - } - $var = $this->input[$super_global][$var_name]; - - if ($path) - { - // walk through the array structure and find the element we are looking for - foreach ($path as $key) - { - if (is_array($var) && isset($var[$key])) - { - $var = $var[$key]; - } - else - { - return (is_array($default)) ? array() : $default; - } - } + return $var; } $this->type_cast_helper->recursive_set_var($var, $default, $multibyte, $trim); |