diff options
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 168 | 
1 files changed, 51 insertions, 117 deletions
| diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index e154aa44b0..0f150a3d63 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -18,122 +18,62 @@ if (!defined('IN_PHPBB'))  // Common global functions -/** -* set_var -* -* Set variable, used by {@link request_var the request_var function} -* -* @access private -*/  function set_var(&$result, $var, $type, $multibyte = false)  { -	settype($var, $type); -	$result = $var; - -	if ($type == 'string') -	{ -		$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result), ENT_COMPAT, 'UTF-8')); - -		if (!empty($result)) -		{ -			// Make sure multibyte characters are wellformed -			if ($multibyte) -			{ -				if (!preg_match('/^./u', $result)) -				{ -					$result = ''; -				} -			} -			else -			{ -				// no multibyte, allow only ASCII (0-127) -				$result = preg_replace('/[\x80-\xFF]/', '?', $result); -			} -		} - -		$result = (STRIP) ? stripslashes($result) : $result; -	} +	// no need for dependency injection here, if you have the object, call the method yourself! +	$type_cast_helper = new phpbb_request_type_cast_helper(); +	$type_cast_helper->set_var($result, $var, $type, $multibyte);  }  /** -* request_var +* Wrapper function of phpbb_request::variable which exists for backwards compatability. +* See {@link phpbb_request_interface::variable phpbb_request_interface::variable} for +* documentation of this function's use. +* +* @param	mixed			$var_name	The form variable's name from which data shall be retrieved. +* 										If the value is an array this may be an array of indizes which will give +* 										direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") +* 										then specifying array("var", 1) as the name will return "a". +* 										If you pass an instance of {@link phpbb_request_interface phpbb_request_interface} +* 										as this parameter it will overwrite the current request class instance. If you do +* 										not do so, it will create its own instance (but leave superglobals enabled). +* @param	mixed			$default	A default value that is returned if the variable was not set. +* 										This function will always return a value of the same type as the default. +* @param	bool			$multibyte	If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters +*										Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks +* @param	bool			$cookie		This param is mapped to phpbb_request_interface::COOKIE as the last param for +* 										phpbb_request_interface::variable for backwards compatability reasons.  * -* Used to get passed variable +* @return	mixed	The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the +* 					the same as that of $default. If the variable is not set $default is returned.  */ -function request_var($var_name, $default, $multibyte = false, $cookie = false) +function request_var($var_name, $default, $multibyte = false, $cookie = false, phpbb_request_interface $request = null)  { -	if (!$cookie && isset($_COOKIE[$var_name])) -	{ -		if (!isset($_GET[$var_name]) && !isset($_POST[$var_name])) -		{ -			return (is_array($default)) ? array() : $default; -		} -		$_REQUEST[$var_name] = isset($_POST[$var_name]) ? $_POST[$var_name] : $_GET[$var_name]; -	} +	// This is all just an ugly hack to add "Dependency Injection" to a function +	// the only real code is the function call which maps this function to a method. +	static $static_request = null; -	$super_global = ($cookie) ? '_COOKIE' : '_REQUEST'; -	if (!isset($GLOBALS[$super_global][$var_name]) || is_array($GLOBALS[$super_global][$var_name]) != is_array($default)) +	if ($request instanceof phpbb_request_interface)  	{ -		return (is_array($default)) ? array() : $default; -	} +		$static_request = $request; -	$var = $GLOBALS[$super_global][$var_name]; -	if (!is_array($default)) -	{ -		$type = gettype($default); -	} -	else -	{ -		list($key_type, $type) = each($default); -		$type = gettype($type); -		$key_type = gettype($key_type); -		if ($type == 'array') +		if (empty($var_name))  		{ -			reset($default); -			$default = current($default); -			list($sub_key_type, $sub_type) = each($default); -			$sub_type = gettype($sub_type); -			$sub_type = ($sub_type == 'array') ? 'NULL' : $sub_type; -			$sub_key_type = gettype($sub_key_type); +			return;  		}  	} -	if (is_array($var)) -	{ -		$_var = $var; -		$var = array(); +	$tmp_request = $static_request; -		foreach ($_var as $k => $v) -		{ -			set_var($k, $k, $key_type); -			if ($type == 'array' && is_array($v)) -			{ -				foreach ($v as $_k => $_v) -				{ -					if (is_array($_v)) -					{ -						$_v = null; -					} -					set_var($_k, $_k, $sub_key_type, $multibyte); -					set_var($var[$k][$_k], $_v, $sub_type, $multibyte); -				} -			} -			else -			{ -				if ($type == 'array' || is_array($v)) -				{ -					$v = null; -				} -				set_var($var[$k], $v, $type, $multibyte); -			} -		} -	} -	else +	// no request class set, create a temporary one ourselves to keep backwards compatability +	if ($tmp_request === null)  	{ -		set_var($var, $var, $type, $multibyte); +		// false param: enable super globals, so the created request class does not +		// make super globals inaccessible everywhere outside this function. +		$tmp_request = new phpbb_request(new phpbb_request_type_cast_helper(), false);  	} -	return $var; +	return $tmp_request->variable($var_name, $default, $multibyte, ($cookie) ? phpbb_request_interface::COOKIE : phpbb_request_interface::REQUEST);  }  /** @@ -2038,7 +1978,7 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add  	// Make sure $per_page is a valid value  	$per_page = ($per_page <= 0) ? 1 : $per_page; -	$seperator = '<span class="page-sep">' . $user->lang['COMMA_SEPARATOR'] . '</span>'; +	$separator = '<span class="page-sep">' . $user->lang['COMMA_SEPARATOR'] . '</span>';  	$total_pages = ceil($num_items / $per_page);  	if ($total_pages == 1 || !$num_items) @@ -2056,29 +1996,29 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add  		$start_cnt = min(max(1, $on_page - 4), $total_pages - 5);  		$end_cnt = max(min($total_pages, $on_page + 4), 6); -		$page_string .= ($start_cnt > 1) ? ' ... ' : $seperator; +		$page_string .= ($start_cnt > 1) ? ' ... ' : $separator;  		for ($i = $start_cnt + 1; $i < $end_cnt; $i++)  		{  			$page_string .= ($i == $on_page) ? '<strong>' . $i . '</strong>' : '<a href="' . $base_url . "{$url_delim}start=" . (($i - 1) * $per_page) . '">' . $i . '</a>';  			if ($i < $end_cnt - 1)  			{ -				$page_string .= $seperator; +				$page_string .= $separator;  			}  		} -		$page_string .= ($end_cnt < $total_pages) ? ' ... ' : $seperator; +		$page_string .= ($end_cnt < $total_pages) ? ' ... ' : $separator;  	}  	else  	{ -		$page_string .= $seperator; +		$page_string .= $separator;  		for ($i = 2; $i < $total_pages; $i++)  		{  			$page_string .= ($i == $on_page) ? '<strong>' . $i . '</strong>' : '<a href="' . $base_url . "{$url_delim}start=" . (($i - 1) * $per_page) . '">' . $i . '</a>';  			if ($i < $total_pages)  			{ -				$page_string .= $seperator; +				$page_string .= $separator;  			}  		}  	} @@ -2758,22 +2698,14 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg  function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '')  {  	global $user, $template, $db; -	global $phpEx, $phpbb_root_path; +	global $phpEx, $phpbb_root_path, $request;  	if (isset($_POST['cancel']))  	{  		return false;  	} -	$confirm = false; -	if (isset($_POST['confirm'])) -	{ -		// language frontier -		if ($_POST['confirm'] === $user->lang['YES']) -		{ -			$confirm = true; -		} -	} +	$confirm = ($user->lang['YES'] === $request->variable('confirm', '', true, phpbb_request_interface::POST));  	if ($check && $confirm)  	{ @@ -2861,8 +2793,9 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo  function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)  {  	global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config; +	global $request; -	if (!class_exists('phpbb_captcha_factory')) +	if (!class_exists('phpbb_captcha_factory', false))  	{  		include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);  	} @@ -2911,8 +2844,8 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa  		}  		$username	= request_var('username', '', true); -		$autologin	= (!empty($_POST['autologin'])) ? true : false; -		$viewonline = (!empty($_POST['viewonline'])) ? 0 : 1; +		$autologin	= $request->is_set_post('autologin'); +		$viewonline = (int) !$request->is_set_post('viewonline');  		$admin 		= ($admin) ? 1 : 0;  		$viewonline = ($admin) ? $user->data['session_viewonline'] : $viewonline; @@ -4517,6 +4450,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0  function page_footer($run_cron = true)  {  	global $db, $config, $template, $user, $auth, $cache, $starttime, $phpbb_root_path, $phpEx; +	global $request;  	// Output page creation time  	if (defined('DEBUG')) @@ -4524,7 +4458,7 @@ function page_footer($run_cron = true)  		$mtime = explode(' ', microtime());  		$totaltime = $mtime[0] + $mtime[1] - $starttime; -		if (!empty($_REQUEST['explain']) && $auth->acl_get('a_') && defined('DEBUG_EXTRA') && method_exists($db, 'sql_report')) +		if ($request->variable('explain', false) && $auth->acl_get('a_') && defined('DEBUG_EXTRA') && method_exists($db, 'sql_report'))  		{  			$db->sql_report('display');  		} | 
