diff options
Diffstat (limited to 'phpBB/includes/request')
| -rw-r--r-- | phpBB/includes/request/interface.php | 35 | ||||
| -rw-r--r-- | phpBB/includes/request/request.php | 64 | ||||
| -rw-r--r-- | phpBB/includes/request/type_cast_helper.php | 13 |
3 files changed, 105 insertions, 7 deletions
diff --git a/phpBB/includes/request/interface.php b/phpBB/includes/request/interface.php index 7b5b600100..181bcb467a 100644 --- a/phpBB/includes/request/interface.php +++ b/phpBB/includes/request/interface.php @@ -29,6 +29,7 @@ interface phpbb_request_interface const GET = 1; const REQUEST = 2; const COOKIE = 3; + const SERVER = 4; /**#@-*/ /** @@ -67,6 +68,26 @@ interface phpbb_request_interface public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST); /** + * Shortcut method to retrieve SERVER variables. + * + * @param string|array $var_name See phpbb_request_interface::variable + * @param mixed $default See phpbb_request_interface::variable + * + * @return mixed The server variable value. + */ + public function server($var_name, $default = ''); + + /** + * Shortcut method to retrieve the value of client HTTP headers. + * + * @param string|array $header_name The name of the header to retrieve. + * @param mixed $default See phpbb_request_interface::variable + * + * @return mixed The header value. + */ + public function header($var_name, $default = ''); + + /** * Checks whether a certain variable was sent via POST. * To make sure that a request was sent using POST you should call this function * on at least one variable. @@ -91,6 +112,20 @@ interface phpbb_request_interface public function is_set($var, $super_global = phpbb_request_interface::REQUEST); /** + * Checks whether the current request is an AJAX request (XMLHttpRequest) + * + * @return bool True if the current request is an ajax request + */ + public function is_ajax(); + + /** + * Checks if the current request is happening over HTTPS. + * + * @return bool True if the request is secure. + */ + public function is_secure(); + + /** * Returns all variable names for a given super global * * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global diff --git a/phpBB/includes/request/request.php b/phpBB/includes/request/request.php index 7d284a9bf7..9386088a07 100644 --- a/phpBB/includes/request/request.php +++ b/phpBB/includes/request/request.php @@ -32,7 +32,8 @@ class phpbb_request implements phpbb_request_interface phpbb_request_interface::POST => '_POST', phpbb_request_interface::GET => '_GET', phpbb_request_interface::REQUEST => '_REQUEST', - phpbb_request_interface::COOKIE => '_COOKIE' + phpbb_request_interface::COOKIE => '_COOKIE', + phpbb_request_interface::SERVER => '_SERVER', ); /** @@ -242,6 +243,47 @@ class phpbb_request implements phpbb_request_interface } /** + * Shortcut method to retrieve SERVER variables. + * + * Also fall back to getenv(), some CGI setups may need it (probably not, but + * whatever). + * + * @param string|array $var_name See phpbb_request_interface::variable + * @param mixed $Default See phpbb_request_interface::variable + * + * @return mixed The server variable value. + */ + public function server($var_name, $default = '') + { + $multibyte = true; + + if ($this->is_set($var_name, phpbb_request_interface::SERVER)) + { + return $this->variable($var_name, $default, $multibyte, phpbb_request_interface::SERVER); + } + else + { + $var = getenv($var_name); + $this->type_cast_helper->recursive_set_var($var, $default, $multibyte); + return $var; + } + } + + /** + * Shortcut method to retrieve the value of client HTTP headers. + * + * @param string|array $header_name The name of the header to retrieve. + * @param mixed $default See phpbb_request_interface::variable + * + * @return mixed The header value. + */ + public function header($header_name, $default = '') + { + $var_name = 'HTTP_' . str_replace('-', '_', strtoupper($header_name)); + return $this->server($var_name, $default); + } + + /** * Checks whether a certain variable was sent via POST. * To make sure that a request was sent using POST you should call this function * on at least one variable. @@ -272,6 +314,26 @@ class phpbb_request implements phpbb_request_interface } /** + * Checks whether the current request is an AJAX request (XMLHttpRequest) + * + * @return bool True if the current request is an ajax request + */ + public function is_ajax() + { + return $this->header('X-Requested-With') == 'XMLHttpRequest'; + } + + /** + * Checks if the current request is happening over HTTPS. + * + * @return bool True if the request is secure. + */ + public function is_secure() + { + return $this->server('HTTPS') == 'on'; + } + + /** * Returns all variable names for a given super global * * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global diff --git a/phpBB/includes/request/type_cast_helper.php b/phpBB/includes/request/type_cast_helper.php index 29855a9804..96ceb0df1d 100644 --- a/phpBB/includes/request/type_cast_helper.php +++ b/phpBB/includes/request/type_cast_helper.php @@ -88,11 +88,11 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i /** * Set variable $result to a particular type. * - * @param mixed &$result The variable to fill - * @param mixed $var The contents to fill with - * @param mixed $type The variable type. Will be used with {@link settype()} - * @param bool $multibyte Indicates whether string values may contain UTF-8 characters. - * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks. + * @param mixed &$result The variable to fill + * @param mixed $var The contents to fill with + * @param mixed $type The variable type. Will be used with {@link settype()} + * @param bool $multibyte Indicates whether string values may contain UTF-8 characters. + * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks. */ public function set_var(&$result, $var, $type, $multibyte = false) { @@ -101,7 +101,8 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i if ($type == 'string') { - $result = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result), ENT_COMPAT, 'UTF-8')); + $result = trim(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result)); + $result = htmlspecialchars($result, ENT_COMPAT, 'UTF-8'); if ($multibyte) { |