From 0bf6966c5228d446c4f0d3862619db0f619c7369 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Wed, 13 Jul 2011 19:20:16 +0200 Subject: [feature/request-class] Add server(), header() and is_ajax() to request Extend the request class with helpers for reading server vars (server()) and HTTP request headers (header()). Refactor the existing code base to make use of these helpers, make $_SERVER a deactivated super global. Also introduce an is_ajax() method, which checks the X-Requested-With header for the value 'XMLHttpRequest', which is sent by JavaScript libraries, such as jQuery. PHPBB3-9716 --- phpBB/includes/functions.php | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index ed183b3e76..9ae1885efd 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -781,6 +781,8 @@ function is_absolute($path) */ function phpbb_own_realpath($path) { + global $request; + // Now to perform funky shizzle // Switch to use UNIX slashes @@ -824,11 +826,11 @@ function phpbb_own_realpath($path) $path_prefix = ''; } } - else if (isset($_SERVER['SCRIPT_FILENAME']) && !empty($_SERVER['SCRIPT_FILENAME'])) + else if ($request->server('SCRIPT_FILENAME')) { // Warning: If chdir() has been used this will lie! // Warning: This has some problems sometime (CLI can create them easily) - $path = str_replace(DIRECTORY_SEPARATOR, '/', dirname($_SERVER['SCRIPT_FILENAME'])) . '/' . $path; + $path = str_replace(DIRECTORY_SEPARATOR, '/', dirname($request->server('SCRIPT_FILENAME'))) . '/' . $path; $absolute = true; $path_prefix = ''; } @@ -2048,10 +2050,10 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false) */ function generate_board_url($without_script_path = false) { - global $config, $user; + global $config, $user, $request; $server_name = $user->host; - $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); + $server_port = $request->server('SERVER_PORT', 0); // Forcing server vars is the only way to specify/override the protocol if ($config['force_server_vars'] || !$server_name) @@ -2067,7 +2069,7 @@ function generate_board_url($without_script_path = false) else { // Do not rely on cookie_secure, users seem to think that it means a secured cookie instead of an encrypted connection - $cookie_secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0; + $cookie_secure = $request->server('HTTPS') == 'on' ? 1 : 0; $url = (($cookie_secure) ? 'https://' : 'http://') . $server_name; $script_path = $user->page['root_script_path']; @@ -2419,6 +2421,8 @@ function meta_refresh($time, $url, $disable_cd_check = false) */ function send_status_line($code, $message) { + global $request; + if (substr(strtolower(@php_sapi_name()), 0, 3) === 'cgi') { // in theory, we shouldn't need that due to php doing it. Reality offers a differing opinion, though @@ -2426,15 +2430,15 @@ function send_status_line($code, $message) } else { - if (!empty($_SERVER['SERVER_PROTOCOL'])) + if ($request->server('SERVER_PROTOCOL')) { - $version = $_SERVER['SERVER_PROTOCOL']; + $version = $request->server('SERVER_PROTOCOL'); } - else if (!empty($_SERVER['HTTP_VERSION'])) + else if ($request->server('HTTP_VERSION')) { // I cannot remember where I got this from. // This code path may never be reachable in reality. - $version = $_SERVER['HTTP_VERSION']; + $version = $request->server('HTTP_VERSION'); } else { @@ -4144,7 +4148,7 @@ function phpbb_optionset($bit, $set, $data) */ function phpbb_http_login($param) { - global $auth, $user; + global $auth, $user, $request; global $config; $param_defaults = array( @@ -4184,9 +4188,9 @@ function phpbb_http_login($param) $username = null; foreach ($username_keys as $k) { - if (isset($_SERVER[$k])) + if ($request->is_set($k, phpbb_request_interface::SERVER)) { - $username = $_SERVER[$k]; + $username = $request->server($k); break; } } @@ -4194,9 +4198,9 @@ function phpbb_http_login($param) $password = null; foreach ($password_keys as $k) { - if (isset($_SERVER[$k])) + if ($request->is_set($k, phpbb_request_interface::SERVER)) { - $password = $_SERVER[$k]; + $password = $request->server($k); break; } } -- cgit v1.2.1 From f84460c710f528724fac68278361af7fe18e458c Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Thu, 18 Aug 2011 22:25:17 +0200 Subject: [feature/request-class] Make use of the is_secure() method PHPBB3-9716 --- phpBB/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 9ae1885efd..a4baaa8af1 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2069,7 +2069,7 @@ function generate_board_url($without_script_path = false) else { // Do not rely on cookie_secure, users seem to think that it means a secured cookie instead of an encrypted connection - $cookie_secure = $request->server('HTTPS') == 'on' ? 1 : 0; + $cookie_secure = $request->is_secure() ? 1 : 0; $url = (($cookie_secure) ? 'https://' : 'http://') . $server_name; $script_path = $user->page['root_script_path']; -- cgit v1.2.1 From c5cef773c4811d2041c56a9c34da94a30f8190e1 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Thu, 18 Aug 2011 23:38:39 +0200 Subject: [feature/request-class] Adjust code base to do html decoding manually PHPBB3-9716 --- phpBB/includes/functions.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index ea96801129..b0c89bdceb 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -879,7 +879,8 @@ function phpbb_own_realpath($path) { // Warning: If chdir() has been used this will lie! // Warning: This has some problems sometime (CLI can create them easily) - $path = str_replace(DIRECTORY_SEPARATOR, '/', dirname($request->server('SCRIPT_FILENAME'))) . '/' . $path; + $filename = htmlspecialchars_decode($request->server('SCRIPT_FILENAME')); + $path = str_replace(DIRECTORY_SEPARATOR, '/', dirname($filename)) . '/' . $path; $absolute = true; $path_prefix = ''; } @@ -4242,7 +4243,7 @@ function phpbb_http_login($param) { if ($request->is_set($k, phpbb_request_interface::SERVER)) { - $username = $request->server($k); + $username = htmlspecialchars_decode($request->server($k)); break; } } @@ -4252,7 +4253,7 @@ function phpbb_http_login($param) { if ($request->is_set($k, phpbb_request_interface::SERVER)) { - $password = $request->server($k); + $password = htmlspecialchars_decode($request->server($k)); break; } } -- cgit v1.2.1