diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2016-11-25 22:15:13 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2016-11-25 22:15:13 +0100 |
| commit | 9aa017d0f7ce13a11114cbae24b694e935931342 (patch) | |
| tree | a6ad083b93deb4e335bf76b33a4c816340059bc1 /phpBB/phpbb/request/request.php | |
| parent | 23f5b6debdd24cc1caefd3bb8cd6da96a88abe9a (diff) | |
| download | forums-9aa017d0f7ce13a11114cbae24b694e935931342.tar forums-9aa017d0f7ce13a11114cbae24b694e935931342.tar.gz forums-9aa017d0f7ce13a11114cbae24b694e935931342.tar.bz2 forums-9aa017d0f7ce13a11114cbae24b694e935931342.tar.xz forums-9aa017d0f7ce13a11114cbae24b694e935931342.zip | |
[ticket/14875] Add method for raw input to request and add to installer
A method for retrieving raw input has been added to the request class.
This will be used in the installer to retrieve the datatabase password
while also allowing utf8 characters. Not escaping the input is ok in
this case as it won't be put anywhere in this raw form and only be
used to populate the entry for the password field in config.php.
PHPBB3-14875
Diffstat (limited to 'phpBB/phpbb/request/request.php')
| -rw-r--r-- | phpBB/phpbb/request/request.php | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index 4cac6fbaea..318d9f66f9 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -225,6 +225,68 @@ class request implements \phpbb\request\request_interface } /** + * Get a variable without trimming strings and without escaping. + * This method MUST NOT be used with queries. + * Same functionality as variable(), except does not run trim() on strings + * and does not escape input. + * This method should only be used when the raw input is needed without + * any escaping, i.e. for database password during the installation. + * + * @param string|array $var_name The form variable's name from which data shall be retrieved. + * If the value is an array this may be an array of indizes which will give + * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") + * then specifying array("var", 1) as the name will return "a". + * @param mixed $default A default value that is returned if the variable was not set. + * This function will always return a value of the same type as the default. + * @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global + * Specifies which super global should be used + * + * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the + * the same as that of $default. If the variable is not set $default is returned. + */ + public function raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST) + { + $path = false; + + // deep direct access to multi dimensional arrays + if (is_array($var_name)) + { + $path = $var_name; + // make sure at least the variable name is specified + if (empty($path)) + { + return (is_array($default)) ? array() : $default; + } + // the variable name is the first element on the path + $var_name = array_shift($path); + } + + if (!isset($this->input[$super_global][$var_name])) + { + return (is_array($default)) ? array() : $default; + } + $var = $this->input[$super_global][$var_name]; + + if ($path) + { + // walk through the array structure and find the element we are looking for + foreach ($path as $key) + { + if (is_array($var) && isset($var[$key])) + { + $var = $var[$key]; + } + else + { + return (is_array($default)) ? array() : $default; + } + } + } + + return $var; + } + + /** * Shortcut method to retrieve SERVER variables. * * Also fall back to getenv(), some CGI setups may need it (probably not, but |