* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\request;
/**
* All application input is accessed through this class.
*
* It provides a method to disable access to input data through super globals.
* This should force MOD authors to read about data validation.
*/
class request implements \phpbb\request\request_interface
{
/**
* @var array The names of super global variables that this class should protect if super globals are disabled.
*/
protected $super_globals = array(
\phpbb\request\request_interface::POST => '_POST',
\phpbb\request\request_interface::GET => '_GET',
\phpbb\request\request_interface::REQUEST => '_REQUEST',
\phpbb\request\request_interface::COOKIE => '_COOKIE',
\phpbb\request\request_interface::SERVER => '_SERVER',
\phpbb\request\request_interface::FILES => '_FILES',
);
/**
* @var array Stores original contents of $_REQUEST array.
*/
protected $original_request = null;
/**
* @var
*/
protected $super_globals_disabled = false;
/**
* @var array An associative array that has the value of super global constants as keys and holds their data as values.
*/
protected $input;
/**
* @var \phpbb\request\type_cast_helper_interface An instance of a type cast helper providing convenience methods for type conversions.
*/
protected $type_cast_helper;
/**
* Initialises the request class, that means it stores all input data in {@link $input input}
* and then calls {@link \phpbb\request\deactivated_super_global \phpbb\request\deactivated_super_global}
*/
public function __construct(\phpbb\request\type_cast_helper_interface $type_cast_helper = null, $disable_super_globals = true)
{
if ($type_cast_helper)
{
$this->type_cast_helper = $type_cast_helper;
}
else
{
$this->type_cast_helper = new \phpbb\request\type_cast_helper();
}
foreach ($this->super_globals as $const => $super_global)
{
$this->input[$const] = isset($GLOBALS[$super_global]) ? $GLOBALS[$super_global] : array();
}
// simulate request_order = GP
$this->original_request = $this->input[\phpbb\request\request_interface::REQUEST];
$this->input[\phpbb\request\request_interface::REQUEST] = $this->input[\phpbb\request\request_interface::POST] + $this->input[\phpbb\request\request_interface::GET];
if ($disable_super_globals)
{
$this->disable_super_globals();
}
}
/**
* Getter for $super_globals_disabled
*
* @return bool Whether super globals are disabled or not.
*/
public function super_globals_disabled()
{
return $this->super_globals_disabled;
}
/**
* Disables access of super globals specified in $super_globals.
* This is achieved by overwriting the super globals with instances of {@link \phpbb\request\deactivated_super_global \phpbb\request\deactivated_super_global}
*/
public function disable_super_globals()
{
if (!$this->super_globals_disabled)
{
foreach ($this->super_globals as $const => $super_global)
{
unset($GLOBALS[$super_global]);
$GLOBALS[$super_global] = new \phpbb\request\deactivated_super_global($this, $super_global, $const);
}
$this->super_globals_disabled = true;
}
}
/**
* Enables access of super globals specified in $super_globals if they were disabled by {@link disable_super_globals disable_super_globals}.
* This is achieved by making the super globals point to the data stored within this class in {@link $input input}.
*/
public function enable_super_globals()
{
if ($this->super_globals_disabled)
{
foreach ($this->super_globals as $const => $super_global)
{
$GLOBALS[$super_global] = $this->input[$const];
}
$GLOBALS['_REQUEST'] = $this->original_request;
$this->super_globals_disabled = false;
}
}
/**
* This function allows overwriting or setting a value in one of the super global arrays.
*
* Changes which are performed on the super globals directly will not have any effect on the results of
* other methods this class provides. Using this function should be avoided if possible! It will
* consume twice the the amount of memory of the value
*
* @param string $var_name The name of the variable that shall be overwritten
* @param mixed $value The value which the variable shall contain.
* If this is null the variable will be unset.
* @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global
* Specifies which super global shall be changed
*/
public function overwrite($var_name, $value, $super_global = \phpbb\request\request_interface::REQUEST)
{
if (!isset($this->super_globals[$super_global]))
{
return;
}
$this->type_cast_helper->add_magic_quotes($value);
// setting to null means unsetting
if ($value === null)
{
unset($this->input[$super_global][$var_name]);
if (!$this->super_globals_disabled())
{
unset($GLOBALS[$this->super_globals[$super_global]][$var_name]);
}
}
else
{
$this->input[$super_global][$var_name] = $value;
if (!$this->super_globals_disabled())
{
$GLOBALS[$this->super_globals[$super_global]][$var_name] = $value;
}
}
}
/**
* Central type safe input handling function.
* All variables in GET or POST requests should be retrieved through this function to maximise security.
*
* @param string|array $var_name The form variable's name from which data shall be retrieved.
* If the value is an array this may be an array of indizes which will give
* direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
* then specifying array("var", 1) as the name will return "a".
* @param mixed $default A default value that is returned if the variable was not set.
* This function will always return a value of the same type as the default.
* @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters
* Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
* @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global
* Specifies which super global should be used
*
* @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
* the same as that of $default. If the variable is not set $default is returned.
*/
public function variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST)
{
return $this->_variable($var_name, $default, $multibyte, $super_global, true);
}
/**
* Get a variable, but without trimming strings.
* Same functionality as variable(), except does not run trim() on strings.
* This method should be used when handling passwords.
*
* @param string|array $var_name The form variable's name from which data shall be retrieved.
* If the value is an array this may be an array of indizes which will give
* direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
* then specifying array("var", 1) as the name will return "a".
* @param mixed $default A default value that is returned if the variable was not set.
* This function will always return a value of the same type as the default.
* @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters
* Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
* @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global
* Specifies which super global should be used
*
* @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
* the same as that of $default. If the variable is not set $default is returned.
*/
public function untrimmed_variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST)
{
return $this->_variable($var_name, $default, $multibyte, $super_global, false);
}
/**
* {@inheritdoc}
*/
public function raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST)
{
$path = false;
// deep direct access to multi dimensional arrays
if (is_array($var_name))
{
$path = $var_name;
// make sure at least the variable name is specified
if (empty($path))
{
return (is_array($default)) ? array() : $default;
}
// the variable name is the first element on the path
$var_name = array_shift($path);
}
if (!isset($this->input[$super_global][$var_name]))
{
return (is_array($default)) ? array() : $default;
}
$var = $this->input[$super_global][$var_name];
if ($path)
{
// walk through the array structure and find the element we are looking for
foreach ($path as $key)
{
if (is_array($var) && isset($var[$key]))
{
$var = $var[$key];
}
else
{
return (is_array($default)) ? array() : $default;
}
}
}
return $var;
}
/**
* Shortcut method to retrieve SERVER variables.
*
* Also fall back to getenv(), some CGI setups may need it (probably not, but
* whatever).
*
* @param string|array $var_name See \phpbb\request\request_interface::variable
* @param mixed $Default See \phpbb\request\request_interface::variable
*
* @return mixed The server variable value.
*/
public function server($var_name, $default = '')
{
$multibyte = true;
if ($this->is_set($var_name, \phpbb\request\request_interface::SERVER))
{
return $this->variable($var_name, $default, $multibyte, \phpbb\request\request_interface::SERVER);
}
else
{
$var = getenv($var_name);
$this->type_cast_helper->recursive_set_var($var, $default, $multibyte);
return $var;
}
}
/**
* Shortcut method to retrieve the value of client HTTP headers.
*
* @param string|array $header_name The name of the header to retrieve.
* @param mixed $default See \phpbb\request\request_interface::variable
*
* @return mixed The header value.
*/
public function header($header_name, $default = '')
{
$var_name = 'HTTP_' . str_replace('-', '_', strtoupper($header_name));
return $this->server($var_name, $default);
}
/**
* Shortcut method to retrieve $_FILES variables
*
* @param string $form_name The name of the file input form element
*
* @return array The uploaded file's information or an empty array if the
* variable does not exist in _FILES.
*/
public function file($form_name)
{
return $this->variable($form_name, array('name' => 'none'), true, \phpbb\request\request_interface::FILES);
}
/**
* Checks whether a certain variable was sent via POST.
* To make sure that a request was sent using POST you should call this function
* on at least one variable.
*
* @param string $name The name of the form variable which should have a
* _p suffix to indicate the check in the code that creates the form too.
*
* @return bool True if the variable was set in a POST request, false otherwise.
*/
public function is_set_post($name)
{
return $this->is_set($name, \phpbb\request\request_interface::POST);
}
/**
* Checks whether a certain variable is set in one of the super global
* arrays.
*
* @param string $var Name of the variable
* @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global
* Specifies the super global which shall be checked
*
* @return bool True if the variable was sent as input
*/
public function is_set($var, $super_global = \phpbb\request\request_interface::REQUEST)
{
return isset($this->input[$super_global][$var]);
}
/**
* Checks whether the current request is an AJAX request (XMLHttpRequest)
*
* @return bool True if the current request is an ajax request
*/
public function is_ajax()
{
return $this->header('X-Requested-With') == 'XMLHttpRequest';
}
/**
* Checks if the current request is happening over HTTPS.
*
* @return bool True if the request is secure.
*/
public function is_secure()
{
$https = $this->server('HTTPS');
$https = $this->server('HTTP_X_FORWARDED_PROTO') === 'https' ? 'on' : $https;
return !empty($https) && $https !== 'off';
}
/**
* Returns all variable names for a given super global
*
* @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global
* The super global from which names shall be taken
*
* @return array All variable names that are set for the super global.
* Pay attention when using these, they are unsanitised!
*/
public function variable_names($super_global = \phpbb\request\request_interface::REQUEST)
{
if (!isset($this->input[$super_global]))
{
return array();
}
return array_keys($this->input[$super_global]);
}
/**
* Helper function used by variable() and untrimmed_variable().
*
* @param string|array $var_name The form variable's name from which data shall be retrieved.
* If the value is an array this may be an array of indizes which will give
* direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
* then specifying array("var", 1) as the name will return "a".
* @param mixed $default A default value that is returned if the variable was not set.
* This function will always return a value of the same type as the default.
* @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters
* Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
* @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global
* Specifies which super global should be used
* @param bool $trim Indicates whether trim() should be applied to string values.
*
* @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
* the same as that of $default. If the variable is not set $default is returned.
*/
protected function _variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST, $trim = true)
{
$var = $this->raw_variable($var_name, $default, $super_global);
// Return prematurely if raw variable is empty array or the same as
// the default. Using strict comparison to ensure that one can't
// prevent proper type checking on any input variable
if ($var === array() || $var === $default)
{
return $var;
}
$this->type_cast_helper->recursive_set_var($var, $default, $multibyte, $trim);
return $var;
}
/**
* {@inheritdoc}
*/
public function get_super_global($super_global = \phpbb\request\request_interface::REQUEST)
{
return $this->input[$super_global];
}
/**
* {@inheritdoc}
*/
public function escape($var, $multibyte)
{
if (is_array($var))
{
$result = array();
foreach ($var as $key => $value)
{
$this->type_cast_helper->set_var($key, $key, gettype($key), $multibyte);
$result[$key] = $this->escape($value, $multibyte);
}
$var = $result;
}
else
{
$this->type_cast_helper->set_var($var, $var, 'string', $multibyte);
}
return $var;
}
}
/a>
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
package keyboard; # $Id$
use diagnostics;
use strict;
#-######################################################################################
#- misc imports
#-######################################################################################
use common;
use detect_devices;
use run_program;
use lang;
use log;
use c;
#-######################################################################################
#- Globals
#-######################################################################################
my $KMAP_MAGIC = 0x8B39C07F;
#- a best guess of the keyboard layout, based on the choosen locale
#- beware only the first 5 characters of the locale are used
my %lang2keyboard =
(
'af' => 'us_intl',
'am' => 'us:90',
'ar' => 'ar:90',
'as' => 'ben:90 dev:20 us_intl:5',
'az' => 'az:90 tr_q:10 us_intl:5',
'be' => 'by:90 ru:50 ru_yawerty:40',
'bg' => 'bg_phonetic:60 bg:50',
'bn' => 'ben:90 dev:20 us_intl:5',
'br' => 'fr:90',
'bs' => 'bs:90',
'ca' => 'es:90 fr:15',
'cs' => 'cz_qwerty:70 cz:50',
'cy' => 'uk:90',
'da' => 'dk:90',
'de' => 'de_nodeadkeys:70 de:50 be:50 ch_de:50',
'el' => 'gr:90',
'en' => 'us:89 us_intl:50 qc:50 uk:50',
'en_IE' => 'ie:80 uk:70',
'en_US' => 'us:90 us_intl:50',
'en_GB' => 'uk:89 us:60 us_intl:50',
'eo' => 'us_intl:89 dvorak_eo:30 dvorak:20',
'es' => 'es:85 la:80 us_intl:50',
'et' => 'ee:90',
'eu' => 'es:90 fr:15',
'fa' => 'ir:90',
'fi' => 'fi:90',
'fo' => 'dk:90',
'fr' => 'fr:89 qc:85 be:85 ch_fr:70',
'fur' => 'it:90',
'ga' => 'ie:80 uk:70',
'gd' => 'uk:80 ie:70',
'gl' => 'es:90',
'gn' => 'la:85 es:80 us_intl:50',
'gu' => 'guj:90',
'gv' => 'uk:80 ie:70',
'he' => 'il:90 il_phonetic:10',
'hi' => 'dev:90',
'hr' => 'hr:90 si:50',
'hu' => 'hu:90',
'hy' => 'am:90 am_old:10 am_phonetic:5',
'ia' => 'us:90 us_intl:20',
'id' => 'us:90 us_intl:20',
'is' => 'is:90',
'it' => 'it:90 ch_fr:50 ch_de:50',
'iu' => 'iu:90',
'ja' => 'jp:90 us:50 us_intl:20',
'ka' => 'ge_la:90 ge_ru:50',
'kl' => 'dk:80 us_intl:30',
'kn' => 'kan:90',
'ko' => 'kr:90 us:60',
'ku' => 'tr_q:90 tr_f:30',
'kw' => 'uk:80 ie:70',
'ky' => 'ky:90 ru_yawerty:40',
'li' => 'us_intl:80 be:70 nl:10 us:5',
'lo' => 'lao:90',
'lt' => 'lt:80 lt_new:70 lt_b:60 lt_p:50',
'ltg' => 'lv:90 lt:40 lt_new:30 lt_b:20 lt_p:10 ee:5',
'lv' => 'lv:90 lt:40 lt_new:30 lt_b:20 lt_p:10 ee:5',
'mi' => 'us_intl:90 uk:20 us:10',
'mk' => 'mk:90',
'ml' => 'mal:90',
'mn' => 'mng:90 ru:20 ru_yawerty:5',
'mr' => 'dev:90',
'ms' => 'us:90 us_intl:20',
'mt' => 'mt:90 mt_us:35 us_intl:10',
'my' => 'mm:90',
'nb' => 'no:90 dvorak_no:10',
'nds' => 'de_nodeadkeys:70 de:50 us_intl:40 nl:10 us:5',
'ne' => 'dev:90',
'nl' => 'us_intl:80 be:70 nl:10 us:5',
'nn' => 'no:90 dvorak_no:10',
'no' => 'no:90 dvorak_no:10', # for compatiblity only
'oc' => 'fr:90',
'or' => 'ori:90',
'pa' => 'gur:90',
'ph' => 'us:90 us_intl:20',
'pl' => 'pl:90 pl2:60',
'pp' => 'br:80 la:20 pt:10 us_intl:30',
'pt_BR' => 'br:90 la:20 pt:10 us_intl:30',
'pt' => 'pt:90',
'ro' => 'ro2:80 ro:40 us_intl:10',
'ru' => 'ru:85 ru_yawerty:80 ua:50',
'sc' => 'it:90',
'se' => 'sapmi:70 sapmi_sefi:50',
'sh' => 'yu:80',
'sk' => 'sk_qwerty:80 sk:70',
'sl' => 'si:90 hr:50',
'sq' => 'al:90',
'sr' => 'sr:80',
'ss' => 'us_intl',
'st' => 'us_intl',
'sv' => 'se:90 fi:30 dvorak_se:10',
'ta' => 'tscii:80 tml:20',
'te' => 'tel:90',
'tg' => 'tj:90 ru_yawerty:40',
'th' => 'th:90',
'tk' => 'tr_q:50 tr_f:40', # proper Turkmen keyboard still to come
'tl' => 'us:90 us_intl:20',
'tr' => 'tr_q:90 tr_f:30',
'tt' => 'ru:50 ru_yawerty:40',
'uk' => 'ua:90 ru:50 ru_yawerty:40',
'ur' => 'ar:50 ir:40', # proper Urdu keyboard still to come
'uz' => 'uz:80 ru_yawerty:40',
'uz\@Cyrl' => 'uz:80 ru_yawerty:40',
'uz\@Latn' => 'us:80 uz:80',
've' => 'us_intl',
'vi' => 'vn:80 us:60 us_intl:50',
'wa' => 'be:90 fr:5',
'xh' => 'us_intl',
'yi' => 'il_phonetic:90 il:10 us_intl:10',
'zh_CN' => 'us:60',
'zh_TW' => 'us:60',
'zu' => 'us_intl',
);
# USB kbd table
# The numeric values are the bCountryCode field (5th byte) of HID descriptor
# NOTE: we don't trust when the layout is declared as us layout (0x21)
# as most manufacturers just use that value when selling physical devices
# with different layouts printed on the keys.
my @usb2keyboard =
(
qw(SKIP ar_SKIP be ca_SKIP qc cz dk fi fr de gr il hu us_intl it jp),
#- 0x10
qw(kr la nl no ir pl pt ru sk es se ch_de ch_de ch_de tw_SKIP tr_q),
#- 0x20
qw(uk us_SKIP yu tr_f),
#- higher codes not attribued as of 2002-02
);
#- key = extension for Xmodmap file, [0] = description of the keyboard,
#- [1] = name for loadkeys, [2] = name for XKB, [3] = "1" if it is
#- a multigroup layout (eg: one with latin/non-latin letters)
my %keyboards = (
arch() =~ /^sparc/ ? (
"cz" => [ N_("Czech (QWERTZ)"), "sunt5-cz-us", "cz", 0 ],
"de" => [ N_("German"), "sunt5-de-latin1", "de", 0 ],
"dvorak" => [ N_("Dvorak"), "sundvorak", "dvorak",0 ],
"es" => [ N_("Spanish"), "sunt5-es", "es", 0 ],
"fi" => [ N_("Finnish"), "sunt5-fi-latin1", "fi", 0 ],
"fr" => [ N_("French"), "sunt5-fr-latin1", "fr", 0 ],
"no" => [ N_("Norwegian"), "sunt4-no-latin1", "no", 0 ],
"pl" => [ N_("Polish"), "sun-pl-altgraph", "pl", 0 ],
"ru" => [ N_("Russian"), "sunt5-ru", "ru", 1 ],
# TODO: check the console map
"se" => [ N_("Swedish"), "sunt5-fi-latin1", "se", 0 ],
"uk" => [ N_("UK keyboard"), "sunt5-uk", "gb", 0 ],
"us" => [ N_("US keyboard"), "sunkeymap", "us", 0 ],
) : (
"al" => [ N_("Albanian"), "al", "al", 0 ],
"am_old" => [ N_("Armenian (old)"), "am_old", "am(old)", 1 ],
"am" => [ N_("Armenian (typewriter)"), "am-armscii8", "am", 1 ],
"am_phonetic" => [ N_("Armenian (phonetic)"), "am_phonetic", "am(phonetic)",1 ],
"ar" => [ N_("Arabic"), "us", "ar(digits)", 1 ],
"az" => [ N_("Azerbaidjani (latin)"), "az", "az", 0 ],
#"a3" => [ N_("Azerbaidjani (cyrillic)"), "az-koi8k","az(cyrillic)",1 ],
"be" => [ N_("Belgian"), "be2-latin1", "be", 0 ],
"ben" => [ N_("Bengali"), "us", "ben", 1 ],
|