From d7e52ee0f8fb876161ac9705f4347d6431657358 Mon Sep 17 00:00:00 2001
From: Nils Adermann <naderman@naderman.de>
Date: Sat, 6 Mar 2010 05:40:38 +0100
Subject: [feature/request-class] Adding a request class based on
 ascraeus-experiment.

The well known request_var function is now a wrapper that calls a method
on a phpbb_request object. The class provides additional functionality.
It can replace all super globals with special objects that throw errors
when being accessed. They still allow isset operations to keep backward
compatibility with isset($_POST['var']) checks. The phpbb_request class
implements the phpbb_request_interface which is available for easy mocking
of input in tests.

PHPBB3-9716
---
 phpBB/includes/request/request_interface.php | 103 +++++++++++++++++++++++++++
 1 file changed, 103 insertions(+)
 create mode 100644 phpBB/includes/request/request_interface.php

(limited to 'phpBB/includes/request/request_interface.php')

diff --git a/phpBB/includes/request/request_interface.php b/phpBB/includes/request/request_interface.php
new file mode 100644
index 0000000000..7b5b600100
--- /dev/null
+++ b/phpBB/includes/request/request_interface.php
@@ -0,0 +1,103 @@
+<?php
+/**
+*
+* @package phpbb_request
+* @copyright (c) 2010 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* An interface through which all application input can be accessed.
+*
+* @package phpbb_request
+*/
+interface phpbb_request_interface
+{
+	/**#@+
+	* Constant identifying the super global with the same name.
+	*/
+	const POST = 0;
+	const GET = 1;
+	const REQUEST = 2;
+	const COOKIE = 3;
+	/**#@-*/
+
+	/**
+	* This function allows overwriting or setting a value in one of the super global arrays.
+	*
+	* Changes which are performed on the super globals directly will not have any effect on the results of
+	* other methods this class provides. Using this function should be avoided if possible! It will
+	* consume twice the the amount of memory of the value
+	*
+	* @param	string	$var_name	The name of the variable that shall be overwritten
+	* @param	mixed	$value		The value which the variable shall contain.
+	* 								If this is null the variable will be unset.
+	* @param	phpbb_request_interface::POST|GET|REQUEST|COOKIE	$super_global
+	* 								Specifies which super global shall be changed
+	*/
+	public function overwrite($var_name, $value, $super_global = phpbb_request_interface::REQUEST);
+
+	/**
+	* Central type safe input handling function.
+	* All variables in GET or POST requests should be retrieved through this function to maximise security.
+	*
+	* @param	string|array	$var_name	The form variable's name from which data shall be retrieved.
+	* 										If the value is an array this may be an array of indizes which will give
+	* 										direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
+	* 										then specifying array("var", 1) as the name will return "a".
+	* @param	mixed			$default	A default value that is returned if the variable was not set.
+	* 										This function will always return a value of the same type as the default.
+	* @param	bool			$multibyte	If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters
+	*										Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
+	* @param	phpbb_request_interface::POST|GET|REQUEST|COOKIE	$super_global
+	* 										Specifies which super global should be used
+	*
+	* @return	mixed	The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
+	*					the same as that of $default. If the variable is not set $default is returned.
+	*/
+	public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST);
+
+	/**
+	* Checks whether a certain variable was sent via POST.
+	* To make sure that a request was sent using POST you should call this function
+	* on at least one variable.
+	*
+	* @param	string	$name	The name of the form variable which should have a
+	*							_p suffix to indicate the check in the code that creates the form too.
+	*
+	* @return	bool			True if the variable was set in a POST request, false otherwise.
+	*/
+	public function is_set_post($name);
+
+	/**
+	* Checks whether a certain variable is set in one of the super global
+	* arrays.
+	*
+	* @param	string	$var	Name of the variable
+	* @param	phpbb_request_interface::POST|GET|REQUEST|COOKIE	$super_global
+	*							Specifies the super global which shall be checked
+	*
+	* @return	bool			True if the variable was sent as input
+	*/
+	public function is_set($var, $super_global = phpbb_request_interface::REQUEST);
+
+	/**
+	* Returns all variable names for a given super global
+	*
+	* @param	phpbb_request_interface::POST|GET|REQUEST|COOKIE	$super_global
+	*					The super global from which names shall be taken
+	*
+	* @return	array	All variable names that are set for the super global.
+	*					Pay attention when using these, they are unsanitised!
+	*/
+	public function variable_names($super_global = phpbb_request_interface::REQUEST);
+}
-- 
cgit v1.2.1