diff options
Diffstat (limited to 'phpBB/phpbb')
5 files changed, 94 insertions, 24 deletions
diff --git a/phpBB/phpbb/install/helper/iohandler/ajax_iohandler.php b/phpBB/phpbb/install/helper/iohandler/ajax_iohandler.php index 591a19b7c1..2db6750f3f 100644 --- a/phpBB/phpbb/install/helper/iohandler/ajax_iohandler.php +++ b/phpBB/phpbb/install/helper/iohandler/ajax_iohandler.php @@ -27,7 +27,7 @@ class ajax_iohandler extends iohandler_base protected $path_helper; /** - * @var \phpbb\request\request_interface + * @var \phpbb\request\request */ protected $request; @@ -90,12 +90,12 @@ class ajax_iohandler extends iohandler_base * Constructor * * @param path_helper $path_helper - * @param \phpbb\request\request_interface $request HTTP request interface + * @param \phpbb\request\request $request HTTP request interface * @param \phpbb\template\template $template Template engine * @param router $router Router * @param string $root_path Path to phpBB's root */ - public function __construct(path_helper $path_helper, \phpbb\request\request_interface $request, \phpbb\template\template $template, router $router, $root_path) + public function __construct(path_helper $path_helper, \phpbb\request\request $request, \phpbb\template\template $template, router $router, $root_path) { $this->path_helper = $path_helper; $this->request = $request; @@ -121,19 +121,11 @@ class ajax_iohandler extends iohandler_base } /** - * Returns untrimmed input variable - * - * @param string $name Name of the input variable to obtain - * @param mixed $default A default value that is returned if the variable was not set. - * This function will always return a value of the same type as the default. - * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters - * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks - * - * @return mixed Value of the untrimmed input variable + * {@inheritdoc} */ - public function get_untrimmed_input($name, $default, $multibyte = false) + public function get_raw_input($name, $default) { - return $this->request->untrimmed_variable($name, $default, $multibyte); + return $this->request->raw_variable($name, $default); } /** diff --git a/phpBB/phpbb/install/helper/iohandler/cli_iohandler.php b/phpBB/phpbb/install/helper/iohandler/cli_iohandler.php index 196cdcdaab..4117a3dfd3 100644 --- a/phpBB/phpbb/install/helper/iohandler/cli_iohandler.php +++ b/phpBB/phpbb/install/helper/iohandler/cli_iohandler.php @@ -74,6 +74,20 @@ class cli_iohandler extends iohandler_base return $result; } + /** + * {@inheritdoc} + */ + public function get_raw_input($name, $default) + { + return $this->get_input($name, $default, true); + } + + /** + * Set input variable + * + * @param string $name Name of input variable + * @param mixed $value Value of input variable + */ public function set_input($name, $value) { $this->input_values[$name] = $value; diff --git a/phpBB/phpbb/install/helper/iohandler/iohandler_interface.php b/phpBB/phpbb/install/helper/iohandler/iohandler_interface.php index f22f33d9cb..f0e0e99bbb 100644 --- a/phpBB/phpbb/install/helper/iohandler/iohandler_interface.php +++ b/phpBB/phpbb/install/helper/iohandler/iohandler_interface.php @@ -39,6 +39,17 @@ interface iohandler_interface public function get_input($name, $default, $multibyte = false); /** + * Returns raw input variable + * + * @param string $name Name of the input variable to obtain + * @param mixed $default A default value that is returned if the variable was not set. + * This function will always return a value of the same type as the default. + * + * @return mixed Value of the raw input variable + */ + public function get_raw_input($name, $default); + + /** * Returns server variable * * This function should work the same as request_interterface::server(). diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php index 9019cf4332..dc7b060746 100644 --- a/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php +++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php @@ -79,19 +79,10 @@ class obtain_database_data extends \phpbb\install\task_base implements \phpbb\in $dbhost = $this->io_handler->get_input('dbhost', '', true); $dbport = $this->io_handler->get_input('dbport', ''); $dbuser = $this->io_handler->get_input('dbuser', ''); + $dbpasswd = $this->io_handler->get_raw_input('dbpasswd', ''); $dbname = $this->io_handler->get_input('dbname', ''); $table_prefix = $this->io_handler->get_input('table_prefix', ''); - // Need to get untrimmed password when using ajax IO handler - if ($this->io_handler instanceof \phpbb\install\helper\iohandler\ajax_iohandler) - { - $dbpasswd = htmlspecialchars_decode(htmlspecialchars_decode($this->io_handler->get_untrimmed_input('dbpasswd', '', true))); - } - else - { - $dbpasswd = $this->io_handler->get_input('dbpasswd', '', true); - } - // Check database data $user_data_vaild = $this->check_database_data($dbms, $dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $table_prefix); diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index 4cac6fbaea..318d9f66f9 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -225,6 +225,68 @@ class request implements \phpbb\request\request_interface } /** + * Get a variable without trimming strings and without escaping. + * This method MUST NOT be used with queries. + * Same functionality as variable(), except does not run trim() on strings + * and does not escape input. + * This method should only be used when the raw input is needed without + * any escaping, i.e. for database password during the installation. + * + * @param string|array $var_name The form variable's name from which data shall be retrieved. + * If the value is an array this may be an array of indizes which will give + * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") + * then specifying array("var", 1) as the name will return "a". + * @param mixed $default A default value that is returned if the variable was not set. + * This function will always return a value of the same type as the default. + * @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global + * Specifies which super global should be used + * + * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the + * the same as that of $default. If the variable is not set $default is returned. + */ + public function raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST) + { + $path = false; + + // deep direct access to multi dimensional arrays + if (is_array($var_name)) + { + $path = $var_name; + // make sure at least the variable name is specified + if (empty($path)) + { + return (is_array($default)) ? array() : $default; + } + // the variable name is the first element on the path + $var_name = array_shift($path); + } + + if (!isset($this->input[$super_global][$var_name])) + { + return (is_array($default)) ? array() : $default; + } + $var = $this->input[$super_global][$var_name]; + + if ($path) + { + // walk through the array structure and find the element we are looking for + foreach ($path as $key) + { + if (is_array($var) && isset($var[$key])) + { + $var = $var[$key]; + } + else + { + return (is_array($default)) ? array() : $default; + } + } + } + + return $var; + } + + /** * Shortcut method to retrieve SERVER variables. * * Also fall back to getenv(), some CGI setups may need it (probably not, but |