From 7030578bbe9e11c18b5becaf8b06e670e3c2e3cd Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sun, 14 Jul 2013 01:32:34 -0400 Subject: [ticket/11698] Moving all autoloadable files to phpbb/ PHPBB3-11698 --- phpBB/phpbb/request/deactivated_super_global.php | 121 ++++++ phpBB/phpbb/request/interface.php | 139 +++++++ phpBB/phpbb/request/request.php | 415 +++++++++++++++++++++ phpBB/phpbb/request/type_cast_helper.php | 194 ++++++++++ phpBB/phpbb/request/type_cast_helper_interface.php | 63 ++++ 5 files changed, 932 insertions(+) create mode 100644 phpBB/phpbb/request/deactivated_super_global.php create mode 100644 phpBB/phpbb/request/interface.php create mode 100644 phpBB/phpbb/request/request.php create mode 100644 phpBB/phpbb/request/type_cast_helper.php create mode 100644 phpBB/phpbb/request/type_cast_helper_interface.php (limited to 'phpBB/phpbb/request') diff --git a/phpBB/phpbb/request/deactivated_super_global.php b/phpBB/phpbb/request/deactivated_super_global.php new file mode 100644 index 0000000000..cc05847ec7 --- /dev/null +++ b/phpBB/phpbb/request/deactivated_super_global.php @@ -0,0 +1,121 @@ +request = $request; + $this->name = $name; + $this->super_global = $super_global; + } + + /** + * Calls trigger_error with the file and line number the super global was used in. + */ + private function error() + { + $file = ''; + $line = 0; + + $message = 'Illegal use of $' . $this->name . '. You must use the request class or request_var() to access input data. Found in %s on line %d. This error message was generated by deactivated_super_global.'; + + $backtrace = debug_backtrace(); + if (isset($backtrace[1])) + { + $file = $backtrace[1]['file']; + $line = $backtrace[1]['line']; + } + trigger_error(sprintf($message, $file, $line), E_USER_ERROR); + } + + /** + * Redirects isset to the correct request class call. + * + * @param string $offset The key of the super global being accessed. + * + * @return bool Whether the key on the super global exists. + */ + public function offsetExists($offset) + { + return $this->request->is_set($offset, $this->super_global); + } + + /**#@+ + * Part of the ArrayAccess implementation, will always result in a FATAL error. + */ + public function offsetGet($offset) + { + $this->error(); + } + + public function offsetSet($offset, $value) + { + $this->error(); + } + + public function offsetUnset($offset) + { + $this->error(); + } + /**#@-*/ + + /** + * Part of the Countable implementation, will always result in a FATAL error + */ + public function count() + { + $this->error(); + } + + /** + * Part of the Traversable/IteratorAggregate implementation, will always result in a FATAL error + */ + public function getIterator() + { + $this->error(); + } +} + diff --git a/phpBB/phpbb/request/interface.php b/phpBB/phpbb/request/interface.php new file mode 100644 index 0000000000..741db35917 --- /dev/null +++ b/phpBB/phpbb/request/interface.php @@ -0,0 +1,139 @@ + "a") + * then specifying array("var", 1) as the name will return "a". + * @param mixed $default A default value that is returned if the variable was not set. + * This function will always return a value of the same type as the default. + * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters + * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks + * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * Specifies which super global should be used + * + * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the + * the same as that of $default. If the variable is not set $default is returned. + */ + public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST); + + /** + * Shortcut method to retrieve SERVER variables. + * + * @param string|array $var_name See phpbb_request_interface::variable + * @param mixed $default See phpbb_request_interface::variable + * + * @return mixed The server variable value. + */ + public function server($var_name, $default = ''); + + /** + * Shortcut method to retrieve the value of client HTTP headers. + * + * @param string|array $header_name The name of the header to retrieve. + * @param mixed $default See phpbb_request_interface::variable + * + * @return mixed The header value. + */ + public function header($var_name, $default = ''); + + /** + * Checks whether a certain variable was sent via POST. + * To make sure that a request was sent using POST you should call this function + * on at least one variable. + * + * @param string $name The name of the form variable which should have a + * _p suffix to indicate the check in the code that creates the form too. + * + * @return bool True if the variable was set in a POST request, false otherwise. + */ + public function is_set_post($name); + + /** + * Checks whether a certain variable is set in one of the super global + * arrays. + * + * @param string $var Name of the variable + * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * Specifies the super global which shall be checked + * + * @return bool True if the variable was sent as input + */ + public function is_set($var, $super_global = phpbb_request_interface::REQUEST); + + /** + * Checks whether the current request is an AJAX request (XMLHttpRequest) + * + * @return bool True if the current request is an ajax request + */ + public function is_ajax(); + + /** + * Checks if the current request is happening over HTTPS. + * + * @return bool True if the request is secure. + */ + public function is_secure(); + + /** + * Returns all variable names for a given super global + * + * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * The super global from which names shall be taken + * + * @return array All variable names that are set for the super global. + * Pay attention when using these, they are unsanitised! + */ + public function variable_names($super_global = phpbb_request_interface::REQUEST); +} diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php new file mode 100644 index 0000000000..ae3c526d89 --- /dev/null +++ b/phpBB/phpbb/request/request.php @@ -0,0 +1,415 @@ + '_POST', + phpbb_request_interface::GET => '_GET', + phpbb_request_interface::REQUEST => '_REQUEST', + phpbb_request_interface::COOKIE => '_COOKIE', + phpbb_request_interface::SERVER => '_SERVER', + phpbb_request_interface::FILES => '_FILES', + ); + + /** + * @var array Stores original contents of $_REQUEST array. + */ + protected $original_request = null; + + /** + * @var + */ + protected $super_globals_disabled = false; + + /** + * @var array An associative array that has the value of super global constants as keys and holds their data as values. + */ + protected $input; + + /** + * @var phpbb_request_type_cast_helper_interface An instance of a type cast helper providing convenience methods for type conversions. + */ + protected $type_cast_helper; + + /** + * Initialises the request class, that means it stores all input data in {@link $input input} + * and then calls {@link phpbb_request_deactivated_super_global phpbb_request_deactivated_super_global} + */ + public function __construct(phpbb_request_type_cast_helper_interface $type_cast_helper = null, $disable_super_globals = true) + { + if ($type_cast_helper) + { + $this->type_cast_helper = $type_cast_helper; + } + else + { + $this->type_cast_helper = new phpbb_request_type_cast_helper(); + } + + foreach ($this->super_globals as $const => $super_global) + { + $this->input[$const] = isset($GLOBALS[$super_global]) ? $GLOBALS[$super_global] : array(); + } + + // simulate request_order = GP + $this->original_request = $this->input[phpbb_request_interface::REQUEST]; + $this->input[phpbb_request_interface::REQUEST] = $this->input[phpbb_request_interface::POST] + $this->input[phpbb_request_interface::GET]; + + if ($disable_super_globals) + { + $this->disable_super_globals(); + } + } + + /** + * Getter for $super_globals_disabled + * + * @return bool Whether super globals are disabled or not. + */ + public function super_globals_disabled() + { + return $this->super_globals_disabled; + } + + /** + * Disables access of super globals specified in $super_globals. + * This is achieved by overwriting the super globals with instances of {@link phpbb_request_deactivated_super_global phpbb_request_deactivated_super_global} + */ + public function disable_super_globals() + { + if (!$this->super_globals_disabled) + { + foreach ($this->super_globals as $const => $super_global) + { + unset($GLOBALS[$super_global]); + $GLOBALS[$super_global] = new phpbb_request_deactivated_super_global($this, $super_global, $const); + } + + $this->super_globals_disabled = true; + } + } + + /** + * Enables access of super globals specified in $super_globals if they were disabled by {@link disable_super_globals disable_super_globals}. + * This is achieved by making the super globals point to the data stored within this class in {@link $input input}. + */ + public function enable_super_globals() + { + if ($this->super_globals_disabled) + { + foreach ($this->super_globals as $const => $super_global) + { + $GLOBALS[$super_global] = $this->input[$const]; + } + + $GLOBALS['_REQUEST'] = $this->original_request; + + $this->super_globals_disabled = false; + } + } + + /** + * This function allows overwriting or setting a value in one of the super global arrays. + * + * Changes which are performed on the super globals directly will not have any effect on the results of + * other methods this class provides. Using this function should be avoided if possible! It will + * consume twice the the amount of memory of the value + * + * @param string $var_name The name of the variable that shall be overwritten + * @param mixed $value The value which the variable shall contain. + * If this is null the variable will be unset. + * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * Specifies which super global shall be changed + */ + public function overwrite($var_name, $value, $super_global = phpbb_request_interface::REQUEST) + { + if (!isset($this->super_globals[$super_global])) + { + return; + } + + $this->type_cast_helper->add_magic_quotes($value); + + // setting to null means unsetting + if ($value === null) + { + unset($this->input[$super_global][$var_name]); + if (!$this->super_globals_disabled()) + { + unset($GLOBALS[$this->super_globals[$super_global]][$var_name]); + } + } + else + { + $this->input[$super_global][$var_name] = $value; + if (!$this->super_globals_disabled()) + { + $GLOBALS[$this->super_globals[$super_global]][$var_name] = $value; + } + } + + if (!$this->super_globals_disabled()) + { + unset($GLOBALS[$this->super_globals[$super_global]][$var_name]); + $GLOBALS[$this->super_globals[$super_global]][$var_name] = $value; + } + } + + /** + * Central type safe input handling function. + * All variables in GET or POST requests should be retrieved through this function to maximise security. + * + * @param string|array $var_name The form variable's name from which data shall be retrieved. + * If the value is an array this may be an array of indizes which will give + * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") + * then specifying array("var", 1) as the name will return "a". + * @param mixed $default A default value that is returned if the variable was not set. + * This function will always return a value of the same type as the default. + * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters + * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks + * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * Specifies which super global should be used + * + * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the + * the same as that of $default. If the variable is not set $default is returned. + */ + public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST) + { + return $this->_variable($var_name, $default, $multibyte, $super_global, true); + } + + /** + * Get a variable, but without trimming strings. + * Same functionality as variable(), except does not run trim() on strings. + * This method should be used when handling passwords. + * + * @param string|array $var_name The form variable's name from which data shall be retrieved. + * If the value is an array this may be an array of indizes which will give + * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") + * then specifying array("var", 1) as the name will return "a". + * @param mixed $default A default value that is returned if the variable was not set. + * This function will always return a value of the same type as the default. + * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters + * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks + * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * Specifies which super global should be used + * + * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the + * the same as that of $default. If the variable is not set $default is returned. + */ + public function untrimmed_variable($var_name, $default, $multibyte, $super_global = phpbb_request_interface::REQUEST) + { + return $this->_variable($var_name, $default, $multibyte, $super_global, false); + } + + /** + * Shortcut method to retrieve SERVER variables. + * + * Also fall back to getenv(), some CGI setups may need it (probably not, but + * whatever). + * + * @param string|array $var_name See phpbb_request_interface::variable + * @param mixed $Default See phpbb_request_interface::variable + * + * @return mixed The server variable value. + */ + public function server($var_name, $default = '') + { + $multibyte = true; + + if ($this->is_set($var_name, phpbb_request_interface::SERVER)) + { + return $this->variable($var_name, $default, $multibyte, phpbb_request_interface::SERVER); + } + else + { + $var = getenv($var_name); + $this->type_cast_helper->recursive_set_var($var, $default, $multibyte); + return $var; + } + } + + /** + * Shortcut method to retrieve the value of client HTTP headers. + * + * @param string|array $header_name The name of the header to retrieve. + * @param mixed $default See phpbb_request_interface::variable + * + * @return mixed The header value. + */ + public function header($header_name, $default = '') + { + $var_name = 'HTTP_' . str_replace('-', '_', strtoupper($header_name)); + return $this->server($var_name, $default); + } + + /** + * Shortcut method to retrieve $_FILES variables + * + * @param string $form_name The name of the file input form element + * + * @return array The uploaded file's information or an empty array if the + * variable does not exist in _FILES. + */ + public function file($form_name) + { + return $this->variable($form_name, array('name' => 'none'), false, phpbb_request_interface::FILES); + } + + /** + * Checks whether a certain variable was sent via POST. + * To make sure that a request was sent using POST you should call this function + * on at least one variable. + * + * @param string $name The name of the form variable which should have a + * _p suffix to indicate the check in the code that creates the form too. + * + * @return bool True if the variable was set in a POST request, false otherwise. + */ + public function is_set_post($name) + { + return $this->is_set($name, phpbb_request_interface::POST); + } + + /** + * Checks whether a certain variable is set in one of the super global + * arrays. + * + * @param string $var Name of the variable + * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * Specifies the super global which shall be checked + * + * @return bool True if the variable was sent as input + */ + public function is_set($var, $super_global = phpbb_request_interface::REQUEST) + { + return isset($this->input[$super_global][$var]); + } + + /** + * Checks whether the current request is an AJAX request (XMLHttpRequest) + * + * @return bool True if the current request is an ajax request + */ + public function is_ajax() + { + return $this->header('X-Requested-With') == 'XMLHttpRequest'; + } + + /** + * Checks if the current request is happening over HTTPS. + * + * @return bool True if the request is secure. + */ + public function is_secure() + { + return $this->server('HTTPS') == 'on'; + } + + /** + * Returns all variable names for a given super global + * + * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * The super global from which names shall be taken + * + * @return array All variable names that are set for the super global. + * Pay attention when using these, they are unsanitised! + */ + public function variable_names($super_global = phpbb_request_interface::REQUEST) + { + if (!isset($this->input[$super_global])) + { + return array(); + } + + return array_keys($this->input[$super_global]); + } + + /** + * Helper function used by variable() and untrimmed_variable(). + * + * @param string|array $var_name The form variable's name from which data shall be retrieved. + * If the value is an array this may be an array of indizes which will give + * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") + * then specifying array("var", 1) as the name will return "a". + * @param mixed $default A default value that is returned if the variable was not set. + * This function will always return a value of the same type as the default. + * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters + * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks + * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * Specifies which super global should be used + * @param bool $trim Indicates whether trim() should be applied to string values. + * + * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the + * the same as that of $default. If the variable is not set $default is returned. + */ + protected function _variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST, $trim = true) + { + $path = false; + + // deep direct access to multi dimensional arrays + if (is_array($var_name)) + { + $path = $var_name; + // make sure at least the variable name is specified + if (empty($path)) + { + return (is_array($default)) ? array() : $default; + } + // the variable name is the first element on the path + $var_name = array_shift($path); + } + + if (!isset($this->input[$super_global][$var_name])) + { + return (is_array($default)) ? array() : $default; + } + $var = $this->input[$super_global][$var_name]; + + if ($path) + { + // walk through the array structure and find the element we are looking for + foreach ($path as $key) + { + if (is_array($var) && isset($var[$key])) + { + $var = $var[$key]; + } + else + { + return (is_array($default)) ? array() : $default; + } + } + } + + $this->type_cast_helper->recursive_set_var($var, $default, $multibyte, $trim); + + return $var; + } +} diff --git a/phpBB/phpbb/request/type_cast_helper.php b/phpBB/phpbb/request/type_cast_helper.php new file mode 100644 index 0000000000..1a5274ed14 --- /dev/null +++ b/phpBB/phpbb/request/type_cast_helper.php @@ -0,0 +1,194 @@ +=')) + { + $this->strip = false; + } + else + { + $this->strip = (@get_magic_quotes_gpc()) ? true : false; + } + } + + /** + * Recursively applies addslashes to a variable. + * + * @param mixed &$var Variable passed by reference to which slashes will be added. + */ + public function addslashes_recursively(&$var) + { + if (is_string($var)) + { + $var = addslashes($var); + } + else if (is_array($var)) + { + $var_copy = $var; + $var = array(); + foreach ($var_copy as $key => $value) + { + if (is_string($key)) + { + $key = addslashes($key); + } + $var[$key] = $value; + + $this->addslashes_recursively($var[$key]); + } + } + } + + /** + * Recursively applies addslashes to a variable if magic quotes are turned on. + * + * @param mixed &$var Variable passed by reference to which slashes will be added. + */ + public function add_magic_quotes(&$var) + { + if ($this->strip) + { + $this->addslashes_recursively($var); + } + } + + /** + * Set variable $result to a particular type. + * + * @param mixed &$result The variable to fill + * @param mixed $var The contents to fill with + * @param mixed $type The variable type. Will be used with {@link settype()} + * @param bool $multibyte Indicates whether string values may contain UTF-8 characters. + * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks. + * @param bool $trim Indicates whether trim() should be applied to string values. + * Default is true. + */ + public function set_var(&$result, $var, $type, $multibyte = false, $trim = true) + { + settype($var, $type); + $result = $var; + + if ($type == 'string') + { + $result = str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result); + + if ($trim) + { + $result = trim($result); + } + + $result = htmlspecialchars($result, ENT_COMPAT, 'UTF-8'); + + if ($multibyte) + { + $result = utf8_normalize_nfc($result); + } + + if (!empty($result)) + { + // Make sure multibyte characters are wellformed + if ($multibyte) + { + if (!preg_match('/^./u', $result)) + { + $result = ''; + } + } + else + { + // no multibyte, allow only ASCII (0-127) + $result = preg_replace('/[\x80-\xFF]/', '?', $result); + } + } + + $result = ($this->strip) ? stripslashes($result) : $result; + } + } + + /** + * Recursively sets a variable to a given type using {@link set_var set_var} + * + * @param string $var The value which shall be sanitised (passed by reference). + * @param mixed $default Specifies the type $var shall have. + * If it is an array and $var is not one, then an empty array is returned. + * Otherwise var is cast to the same type, and if $default is an array all + * keys and values are cast recursively using this function too. + * @param bool $multibyte Indicates whether string keys and values may contain UTF-8 characters. + * Default is false, causing all bytes outside the ASCII range (0-127) to + * be replaced with question marks. + * @param bool $trim Indicates whether trim() should be applied to string values. + * Default is true. + */ + public function recursive_set_var(&$var, $default, $multibyte, $trim = true) + { + if (is_array($var) !== is_array($default)) + { + $var = (is_array($default)) ? array() : $default; + return; + } + + if (!is_array($default)) + { + $type = gettype($default); + $this->set_var($var, $var, $type, $multibyte, $trim); + } + else + { + // make sure there is at least one key/value pair to use get the + // types from + if (empty($default)) + { + $var = array(); + return; + } + + list($default_key, $default_value) = each($default); + $value_type = gettype($default_value); + $key_type = gettype($default_key); + + $_var = $var; + $var = array(); + + foreach ($_var as $k => $v) + { + $this->set_var($k, $k, $key_type, $multibyte); + + $this->recursive_set_var($v, $default_value, $multibyte, $trim); + $var[$k] = $v; + } + } + } +} diff --git a/phpBB/phpbb/request/type_cast_helper_interface.php b/phpBB/phpbb/request/type_cast_helper_interface.php new file mode 100644 index 0000000000..3920d16fc7 --- /dev/null +++ b/phpBB/phpbb/request/type_cast_helper_interface.php @@ -0,0 +1,63 @@ + Date: Sun, 14 Jul 2013 12:25:28 -0400 Subject: [ticket/11700] With namespaces interface will no longer be a valid classname PHPBB3-11700 --- phpBB/phpbb/request/interface.php | 139 ------------------------------ phpBB/phpbb/request/request_interface.php | 139 ++++++++++++++++++++++++++++++ 2 files changed, 139 insertions(+), 139 deletions(-) delete mode 100644 phpBB/phpbb/request/interface.php create mode 100644 phpBB/phpbb/request/request_interface.php (limited to 'phpBB/phpbb/request') diff --git a/phpBB/phpbb/request/interface.php b/phpBB/phpbb/request/interface.php deleted file mode 100644 index 741db35917..0000000000 --- a/phpBB/phpbb/request/interface.php +++ /dev/null @@ -1,139 +0,0 @@ - "a") - * then specifying array("var", 1) as the name will return "a". - * @param mixed $default A default value that is returned if the variable was not set. - * This function will always return a value of the same type as the default. - * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters - * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks - * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global - * Specifies which super global should be used - * - * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the - * the same as that of $default. If the variable is not set $default is returned. - */ - public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST); - - /** - * Shortcut method to retrieve SERVER variables. - * - * @param string|array $var_name See phpbb_request_interface::variable - * @param mixed $default See phpbb_request_interface::variable - * - * @return mixed The server variable value. - */ - public function server($var_name, $default = ''); - - /** - * Shortcut method to retrieve the value of client HTTP headers. - * - * @param string|array $header_name The name of the header to retrieve. - * @param mixed $default See phpbb_request_interface::variable - * - * @return mixed The header value. - */ - public function header($var_name, $default = ''); - - /** - * Checks whether a certain variable was sent via POST. - * To make sure that a request was sent using POST you should call this function - * on at least one variable. - * - * @param string $name The name of the form variable which should have a - * _p suffix to indicate the check in the code that creates the form too. - * - * @return bool True if the variable was set in a POST request, false otherwise. - */ - public function is_set_post($name); - - /** - * Checks whether a certain variable is set in one of the super global - * arrays. - * - * @param string $var Name of the variable - * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global - * Specifies the super global which shall be checked - * - * @return bool True if the variable was sent as input - */ - public function is_set($var, $super_global = phpbb_request_interface::REQUEST); - - /** - * Checks whether the current request is an AJAX request (XMLHttpRequest) - * - * @return bool True if the current request is an ajax request - */ - public function is_ajax(); - - /** - * Checks if the current request is happening over HTTPS. - * - * @return bool True if the request is secure. - */ - public function is_secure(); - - /** - * Returns all variable names for a given super global - * - * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global - * The super global from which names shall be taken - * - * @return array All variable names that are set for the super global. - * Pay attention when using these, they are unsanitised! - */ - public function variable_names($super_global = phpbb_request_interface::REQUEST); -} diff --git a/phpBB/phpbb/request/request_interface.php b/phpBB/phpbb/request/request_interface.php new file mode 100644 index 0000000000..482f0f1287 --- /dev/null +++ b/phpBB/phpbb/request/request_interface.php @@ -0,0 +1,139 @@ + "a") + * then specifying array("var", 1) as the name will return "a". + * @param mixed $default A default value that is returned if the variable was not set. + * This function will always return a value of the same type as the default. + * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters + * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks + * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * Specifies which super global should be used + * + * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the + * the same as that of $default. If the variable is not set $default is returned. + */ + public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST); + + /** + * Shortcut method to retrieve SERVER variables. + * + * @param string|array $var_name See phpbb_request_interface::variable + * @param mixed $default See phpbb_request_interface::variable + * + * @return mixed The server variable value. + */ + public function server($var_name, $default = ''); + + /** + * Shortcut method to retrieve the value of client HTTP headers. + * + * @param string|array $header_name The name of the header to retrieve. + * @param mixed $default See phpbb_request_interface::variable + * + * @return mixed The header value. + */ + public function header($var_name, $default = ''); + + /** + * Checks whether a certain variable was sent via POST. + * To make sure that a request was sent using POST you should call this function + * on at least one variable. + * + * @param string $name The name of the form variable which should have a + * _p suffix to indicate the check in the code that creates the form too. + * + * @return bool True if the variable was set in a POST request, false otherwise. + */ + public function is_set_post($name); + + /** + * Checks whether a certain variable is set in one of the super global + * arrays. + * + * @param string $var Name of the variable + * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * Specifies the super global which shall be checked + * + * @return bool True if the variable was sent as input + */ + public function is_set($var, $super_global = phpbb_request_interface::REQUEST); + + /** + * Checks whether the current request is an AJAX request (XMLHttpRequest) + * + * @return bool True if the current request is an ajax request + */ + public function is_ajax(); + + /** + * Checks if the current request is happening over HTTPS. + * + * @return bool True if the request is secure. + */ + public function is_secure(); + + /** + * Returns all variable names for a given super global + * + * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * The super global from which names shall be taken + * + * @return array All variable names that are set for the super global. + * Pay attention when using these, they are unsanitised! + */ + public function variable_names($super_global = phpbb_request_interface::REQUEST); +} -- cgit v1.2.1 From da2752e4004b296ae5acdd08b7c0a758d8f61e9d Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sun, 14 Jul 2013 13:30:52 -0400 Subject: [ticket/11700] Modify all code to use the new interface names PHPBB3-11700 --- phpBB/phpbb/request/deactivated_super_global.php | 10 ++--- phpBB/phpbb/request/request.php | 56 ++++++++++++------------ phpBB/phpbb/request/request_interface.php | 22 +++++----- 3 files changed, 44 insertions(+), 44 deletions(-) (limited to 'phpBB/phpbb/request') diff --git a/phpBB/phpbb/request/deactivated_super_global.php b/phpBB/phpbb/request/deactivated_super_global.php index cc05847ec7..9ca0f462b4 100644 --- a/phpBB/phpbb/request/deactivated_super_global.php +++ b/phpBB/phpbb/request/deactivated_super_global.php @@ -29,23 +29,23 @@ class phpbb_request_deactivated_super_global implements ArrayAccess, Countable, private $name; /** - * @var phpbb_request_interface::POST|GET|REQUEST|COOKIE Super global constant. + * @var phpbb_request_request_interface::POST|GET|REQUEST|COOKIE Super global constant. */ private $super_global; /** - * @var phpbb_request_interface The request class instance holding the actual request data. + * @var phpbb_request_request_interface The request class instance holding the actual request data. */ private $request; /** * Constructor generates an error message fitting the super global to be used within the other functions. * - * @param phpbb_request_interface $request A request class instance holding the real super global data. + * @param phpbb_request_request_interface $request A request class instance holding the real super global data. * @param string $name Name of the super global this is a replacement for - e.g. '_GET'. - * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global The variable's super global constant. + * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global The variable's super global constant. */ - public function __construct(phpbb_request_interface $request, $name, $super_global) + public function __construct(phpbb_request_request_interface $request, $name, $super_global) { $this->request = $request; $this->name = $name; diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index ae3c526d89..8c5bc12d96 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -23,18 +23,18 @@ if (!defined('IN_PHPBB')) * * @package phpbb_request */ -class phpbb_request implements phpbb_request_interface +class phpbb_request implements phpbb_request_request_interface { /** * @var array The names of super global variables that this class should protect if super globals are disabled. */ protected $super_globals = array( - phpbb_request_interface::POST => '_POST', - phpbb_request_interface::GET => '_GET', - phpbb_request_interface::REQUEST => '_REQUEST', - phpbb_request_interface::COOKIE => '_COOKIE', - phpbb_request_interface::SERVER => '_SERVER', - phpbb_request_interface::FILES => '_FILES', + phpbb_request_request_interface::POST => '_POST', + phpbb_request_request_interface::GET => '_GET', + phpbb_request_request_interface::REQUEST => '_REQUEST', + phpbb_request_request_interface::COOKIE => '_COOKIE', + phpbb_request_request_interface::SERVER => '_SERVER', + phpbb_request_request_interface::FILES => '_FILES', ); /** @@ -78,8 +78,8 @@ class phpbb_request implements phpbb_request_interface } // simulate request_order = GP - $this->original_request = $this->input[phpbb_request_interface::REQUEST]; - $this->input[phpbb_request_interface::REQUEST] = $this->input[phpbb_request_interface::POST] + $this->input[phpbb_request_interface::GET]; + $this->original_request = $this->input[phpbb_request_request_interface::REQUEST]; + $this->input[phpbb_request_request_interface::REQUEST] = $this->input[phpbb_request_request_interface::POST] + $this->input[phpbb_request_request_interface::GET]; if ($disable_super_globals) { @@ -144,10 +144,10 @@ class phpbb_request implements phpbb_request_interface * @param string $var_name The name of the variable that shall be overwritten * @param mixed $value The value which the variable shall contain. * If this is null the variable will be unset. - * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global * Specifies which super global shall be changed */ - public function overwrite($var_name, $value, $super_global = phpbb_request_interface::REQUEST) + public function overwrite($var_name, $value, $super_global = phpbb_request_request_interface::REQUEST) { if (!isset($this->super_globals[$super_global])) { @@ -193,13 +193,13 @@ class phpbb_request implements phpbb_request_interface * This function will always return a value of the same type as the default. * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks - * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global * Specifies which super global should be used * * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the * the same as that of $default. If the variable is not set $default is returned. */ - public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST) + public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_request_interface::REQUEST) { return $this->_variable($var_name, $default, $multibyte, $super_global, true); } @@ -217,13 +217,13 @@ class phpbb_request implements phpbb_request_interface * This function will always return a value of the same type as the default. * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks - * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global * Specifies which super global should be used * * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the * the same as that of $default. If the variable is not set $default is returned. */ - public function untrimmed_variable($var_name, $default, $multibyte, $super_global = phpbb_request_interface::REQUEST) + public function untrimmed_variable($var_name, $default, $multibyte, $super_global = phpbb_request_request_interface::REQUEST) { return $this->_variable($var_name, $default, $multibyte, $super_global, false); } @@ -234,8 +234,8 @@ class phpbb_request implements phpbb_request_interface * Also fall back to getenv(), some CGI setups may need it (probably not, but * whatever). * - * @param string|array $var_name See phpbb_request_interface::variable - * @param mixed $Default See phpbb_request_interface::variable + * @param string|array $var_name See phpbb_request_request_interface::variable + * @param mixed $Default See phpbb_request_request_interface::variable * * @return mixed The server variable value. */ @@ -243,9 +243,9 @@ class phpbb_request implements phpbb_request_interface { $multibyte = true; - if ($this->is_set($var_name, phpbb_request_interface::SERVER)) + if ($this->is_set($var_name, phpbb_request_request_interface::SERVER)) { - return $this->variable($var_name, $default, $multibyte, phpbb_request_interface::SERVER); + return $this->variable($var_name, $default, $multibyte, phpbb_request_request_interface::SERVER); } else { @@ -259,7 +259,7 @@ class phpbb_request implements phpbb_request_interface * Shortcut method to retrieve the value of client HTTP headers. * * @param string|array $header_name The name of the header to retrieve. - * @param mixed $default See phpbb_request_interface::variable + * @param mixed $default See phpbb_request_request_interface::variable * * @return mixed The header value. */ @@ -279,7 +279,7 @@ class phpbb_request implements phpbb_request_interface */ public function file($form_name) { - return $this->variable($form_name, array('name' => 'none'), false, phpbb_request_interface::FILES); + return $this->variable($form_name, array('name' => 'none'), false, phpbb_request_request_interface::FILES); } /** @@ -294,7 +294,7 @@ class phpbb_request implements phpbb_request_interface */ public function is_set_post($name) { - return $this->is_set($name, phpbb_request_interface::POST); + return $this->is_set($name, phpbb_request_request_interface::POST); } /** @@ -302,12 +302,12 @@ class phpbb_request implements phpbb_request_interface * arrays. * * @param string $var Name of the variable - * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global * Specifies the super global which shall be checked * * @return bool True if the variable was sent as input */ - public function is_set($var, $super_global = phpbb_request_interface::REQUEST) + public function is_set($var, $super_global = phpbb_request_request_interface::REQUEST) { return isset($this->input[$super_global][$var]); } @@ -335,13 +335,13 @@ class phpbb_request implements phpbb_request_interface /** * Returns all variable names for a given super global * - * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global * The super global from which names shall be taken * * @return array All variable names that are set for the super global. * Pay attention when using these, they are unsanitised! */ - public function variable_names($super_global = phpbb_request_interface::REQUEST) + public function variable_names($super_global = phpbb_request_request_interface::REQUEST) { if (!isset($this->input[$super_global])) { @@ -362,14 +362,14 @@ class phpbb_request implements phpbb_request_interface * This function will always return a value of the same type as the default. * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks - * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global * Specifies which super global should be used * @param bool $trim Indicates whether trim() should be applied to string values. * * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the * the same as that of $default. If the variable is not set $default is returned. */ - protected function _variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST, $trim = true) + protected function _variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_request_interface::REQUEST, $trim = true) { $path = false; diff --git a/phpBB/phpbb/request/request_interface.php b/phpBB/phpbb/request/request_interface.php index 482f0f1287..2c804cd7fd 100644 --- a/phpBB/phpbb/request/request_interface.php +++ b/phpBB/phpbb/request/request_interface.php @@ -43,10 +43,10 @@ interface phpbb_request_request_interface * @param string $var_name The name of the variable that shall be overwritten * @param mixed $value The value which the variable shall contain. * If this is null the variable will be unset. - * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global * Specifies which super global shall be changed */ - public function overwrite($var_name, $value, $super_global = phpbb_request_interface::REQUEST); + public function overwrite($var_name, $value, $super_global = phpbb_request_request_interface::REQUEST); /** * Central type safe input handling function. @@ -60,19 +60,19 @@ interface phpbb_request_request_interface * This function will always return a value of the same type as the default. * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks - * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global * Specifies which super global should be used * * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the * the same as that of $default. If the variable is not set $default is returned. */ - public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST); + public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_request_interface::REQUEST); /** * Shortcut method to retrieve SERVER variables. * - * @param string|array $var_name See phpbb_request_interface::variable - * @param mixed $default See phpbb_request_interface::variable + * @param string|array $var_name See phpbb_request_request_interface::variable + * @param mixed $default See phpbb_request_request_interface::variable * * @return mixed The server variable value. */ @@ -82,7 +82,7 @@ interface phpbb_request_request_interface * Shortcut method to retrieve the value of client HTTP headers. * * @param string|array $header_name The name of the header to retrieve. - * @param mixed $default See phpbb_request_interface::variable + * @param mixed $default See phpbb_request_request_interface::variable * * @return mixed The header value. */ @@ -105,12 +105,12 @@ interface phpbb_request_request_interface * arrays. * * @param string $var Name of the variable - * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global * Specifies the super global which shall be checked * * @return bool True if the variable was sent as input */ - public function is_set($var, $super_global = phpbb_request_interface::REQUEST); + public function is_set($var, $super_global = phpbb_request_request_interface::REQUEST); /** * Checks whether the current request is an AJAX request (XMLHttpRequest) @@ -129,11 +129,11 @@ interface phpbb_request_request_interface /** * Returns all variable names for a given super global * - * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global * The super global from which names shall be taken * * @return array All variable names that are set for the super global. * Pay attention when using these, they are unsanitised! */ - public function variable_names($super_global = phpbb_request_interface::REQUEST); + public function variable_names($super_global = phpbb_request_request_interface::REQUEST); } -- cgit v1.2.1 From a6ff2397788134b5410d89a67a3860a32670997e Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Sat, 13 Jul 2013 12:06:05 -0400 Subject: [feature/oauth] Allow getting original global arrays from request PHPBB3-11673 --- phpBB/phpbb/request/interface.php | 10 ++++++++++ phpBB/phpbb/request/request.php | 8 ++++++++ 2 files changed, 18 insertions(+) (limited to 'phpBB/phpbb/request') diff --git a/phpBB/phpbb/request/interface.php b/phpBB/phpbb/request/interface.php index 741db35917..8d472af97a 100644 --- a/phpBB/phpbb/request/interface.php +++ b/phpBB/phpbb/request/interface.php @@ -136,4 +136,14 @@ interface phpbb_request_interface * Pay attention when using these, they are unsanitised! */ public function variable_names($super_global = phpbb_request_interface::REQUEST); + + /** + * Returns the original array of the requested super global + * + * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global + * The super global which will be returned + * + * @return array The original array of the requested super global. + */ + public function original_global_values($super_global = phpbb_request_interface::REQUEST); } diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index ae3c526d89..a4e9a2c2b3 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -412,4 +412,12 @@ class phpbb_request implements phpbb_request_interface return $var; } + + /** + * {@inheritdoc} + */ + public function original_global_values($super_global = phpbb_request_interface::REQUEST) + { + return $this->input[$super_global]; + } } -- cgit v1.2.1 From 2e899c24f9248a06eef7b8cfaed7f5b4a792f7fd Mon Sep 17 00:00:00 2001 From: Joseph Warner Date: Sat, 13 Jul 2013 12:11:38 -0400 Subject: [feature/oauth] Change name of new method on request PHPBB3-11673 --- phpBB/phpbb/request/interface.php | 2 +- phpBB/phpbb/request/request.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/phpbb/request') diff --git a/phpBB/phpbb/request/interface.php b/phpBB/phpbb/request/interface.php index 8d472af97a..05f6c54d3f 100644 --- a/phpBB/phpbb/request/interface.php +++ b/phpBB/phpbb/request/interface.php @@ -145,5 +145,5 @@ interface phpbb_request_interface * * @return array The original array of the requested super global. */ - public function original_global_values($super_global = phpbb_request_interface::REQUEST); + public function get_super_global($super_global = phpbb_request_interface::REQUEST); } diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index a4e9a2c2b3..ed2e8e2200 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -416,7 +416,7 @@ class phpbb_request implements phpbb_request_interface /** * {@inheritdoc} */ - public function original_global_values($super_global = phpbb_request_interface::REQUEST) + public function get_super_global($super_global = phpbb_request_interface::REQUEST) { return $this->input[$super_global]; } -- cgit v1.2.1 From b95fdacdd378877d277e261465da73deb06e50da Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Tue, 10 Sep 2013 14:01:09 +0200 Subject: [ticket/11700] Move all recent code to namespaces PHPBB3-11700 --- phpBB/phpbb/request/deactivated_super_global.php | 24 +++---- phpBB/phpbb/request/request.php | 74 +++++++++++----------- phpBB/phpbb/request/request_interface.php | 30 +++++---- phpBB/phpbb/request/type_cast_helper.php | 8 ++- phpBB/phpbb/request/type_cast_helper_interface.php | 8 ++- 5 files changed, 77 insertions(+), 67 deletions(-) (limited to 'phpBB/phpbb/request') diff --git a/phpBB/phpbb/request/deactivated_super_global.php b/phpBB/phpbb/request/deactivated_super_global.php index 9ca0f462b4..4d4417229e 100644 --- a/phpBB/phpbb/request/deactivated_super_global.php +++ b/phpBB/phpbb/request/deactivated_super_global.php @@ -1,12 +1,14 @@ request = $request; $this->name = $name; @@ -84,7 +86,7 @@ class phpbb_request_deactivated_super_global implements ArrayAccess, Countable, } /**#@+ - * Part of the ArrayAccess implementation, will always result in a FATAL error. + * Part of the \ArrayAccess implementation, will always result in a FATAL error. */ public function offsetGet($offset) { @@ -103,7 +105,7 @@ class phpbb_request_deactivated_super_global implements ArrayAccess, Countable, /**#@-*/ /** - * Part of the Countable implementation, will always result in a FATAL error + * Part of the \Countable implementation, will always result in a FATAL error */ public function count() { diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index 8c5bc12d96..b36ac3711a 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -1,12 +1,14 @@ '_POST', - phpbb_request_request_interface::GET => '_GET', - phpbb_request_request_interface::REQUEST => '_REQUEST', - phpbb_request_request_interface::COOKIE => '_COOKIE', - phpbb_request_request_interface::SERVER => '_SERVER', - phpbb_request_request_interface::FILES => '_FILES', + \phpbb\request\request_interface::POST => '_POST', + \phpbb\request\request_interface::GET => '_GET', + \phpbb\request\request_interface::REQUEST => '_REQUEST', + \phpbb\request\request_interface::COOKIE => '_COOKIE', + \phpbb\request\request_interface::SERVER => '_SERVER', + \phpbb\request\request_interface::FILES => '_FILES', ); /** @@ -53,15 +55,15 @@ class phpbb_request implements phpbb_request_request_interface protected $input; /** - * @var phpbb_request_type_cast_helper_interface An instance of a type cast helper providing convenience methods for type conversions. + * @var \phpbb\request\type_cast_helper_interface An instance of a type cast helper providing convenience methods for type conversions. */ protected $type_cast_helper; /** * Initialises the request class, that means it stores all input data in {@link $input input} - * and then calls {@link phpbb_request_deactivated_super_global phpbb_request_deactivated_super_global} + * and then calls {@link \phpbb\request\deactivated_super_global \phpbb\request\deactivated_super_global} */ - public function __construct(phpbb_request_type_cast_helper_interface $type_cast_helper = null, $disable_super_globals = true) + public function __construct(\phpbb\request\type_cast_helper_interface $type_cast_helper = null, $disable_super_globals = true) { if ($type_cast_helper) { @@ -69,7 +71,7 @@ class phpbb_request implements phpbb_request_request_interface } else { - $this->type_cast_helper = new phpbb_request_type_cast_helper(); + $this->type_cast_helper = new \phpbb\request\type_cast_helper(); } foreach ($this->super_globals as $const => $super_global) @@ -78,8 +80,8 @@ class phpbb_request implements phpbb_request_request_interface } // simulate request_order = GP - $this->original_request = $this->input[phpbb_request_request_interface::REQUEST]; - $this->input[phpbb_request_request_interface::REQUEST] = $this->input[phpbb_request_request_interface::POST] + $this->input[phpbb_request_request_interface::GET]; + $this->original_request = $this->input[\phpbb\request\request_interface::REQUEST]; + $this->input[\phpbb\request\request_interface::REQUEST] = $this->input[\phpbb\request\request_interface::POST] + $this->input[\phpbb\request\request_interface::GET]; if ($disable_super_globals) { @@ -99,7 +101,7 @@ class phpbb_request implements phpbb_request_request_interface /** * Disables access of super globals specified in $super_globals. - * This is achieved by overwriting the super globals with instances of {@link phpbb_request_deactivated_super_global phpbb_request_deactivated_super_global} + * This is achieved by overwriting the super globals with instances of {@link \phpbb\request\deactivated_super_global \phpbb\request\deactivated_super_global} */ public function disable_super_globals() { @@ -108,7 +110,7 @@ class phpbb_request implements phpbb_request_request_interface foreach ($this->super_globals as $const => $super_global) { unset($GLOBALS[$super_global]); - $GLOBALS[$super_global] = new phpbb_request_deactivated_super_global($this, $super_global, $const); + $GLOBALS[$super_global] = new \phpbb\request\deactivated_super_global($this, $super_global, $const); } $this->super_globals_disabled = true; @@ -144,10 +146,10 @@ class phpbb_request implements phpbb_request_request_interface * @param string $var_name The name of the variable that shall be overwritten * @param mixed $value The value which the variable shall contain. * If this is null the variable will be unset. - * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global * Specifies which super global shall be changed */ - public function overwrite($var_name, $value, $super_global = phpbb_request_request_interface::REQUEST) + public function overwrite($var_name, $value, $super_global = \phpbb\request\request_interface::REQUEST) { if (!isset($this->super_globals[$super_global])) { @@ -193,13 +195,13 @@ class phpbb_request implements phpbb_request_request_interface * This function will always return a value of the same type as the default. * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks - * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global * Specifies which super global should be used * * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the * the same as that of $default. If the variable is not set $default is returned. */ - public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_request_interface::REQUEST) + public function variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST) { return $this->_variable($var_name, $default, $multibyte, $super_global, true); } @@ -217,13 +219,13 @@ class phpbb_request implements phpbb_request_request_interface * This function will always return a value of the same type as the default. * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks - * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global * Specifies which super global should be used * * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the * the same as that of $default. If the variable is not set $default is returned. */ - public function untrimmed_variable($var_name, $default, $multibyte, $super_global = phpbb_request_request_interface::REQUEST) + public function untrimmed_variable($var_name, $default, $multibyte, $super_global = \phpbb\request\request_interface::REQUEST) { return $this->_variable($var_name, $default, $multibyte, $super_global, false); } @@ -234,8 +236,8 @@ class phpbb_request implements phpbb_request_request_interface * Also fall back to getenv(), some CGI setups may need it (probably not, but * whatever). * - * @param string|array $var_name See phpbb_request_request_interface::variable - * @param mixed $Default See phpbb_request_request_interface::variable + * @param string|array $var_name See \phpbb\request\request_interface::variable + * @param mixed $Default See \phpbb\request\request_interface::variable * * @return mixed The server variable value. */ @@ -243,9 +245,9 @@ class phpbb_request implements phpbb_request_request_interface { $multibyte = true; - if ($this->is_set($var_name, phpbb_request_request_interface::SERVER)) + if ($this->is_set($var_name, \phpbb\request\request_interface::SERVER)) { - return $this->variable($var_name, $default, $multibyte, phpbb_request_request_interface::SERVER); + return $this->variable($var_name, $default, $multibyte, \phpbb\request\request_interface::SERVER); } else { @@ -259,7 +261,7 @@ class phpbb_request implements phpbb_request_request_interface * Shortcut method to retrieve the value of client HTTP headers. * * @param string|array $header_name The name of the header to retrieve. - * @param mixed $default See phpbb_request_request_interface::variable + * @param mixed $default See \phpbb\request\request_interface::variable * * @return mixed The header value. */ @@ -279,7 +281,7 @@ class phpbb_request implements phpbb_request_request_interface */ public function file($form_name) { - return $this->variable($form_name, array('name' => 'none'), false, phpbb_request_request_interface::FILES); + return $this->variable($form_name, array('name' => 'none'), false, \phpbb\request\request_interface::FILES); } /** @@ -294,7 +296,7 @@ class phpbb_request implements phpbb_request_request_interface */ public function is_set_post($name) { - return $this->is_set($name, phpbb_request_request_interface::POST); + return $this->is_set($name, \phpbb\request\request_interface::POST); } /** @@ -302,12 +304,12 @@ class phpbb_request implements phpbb_request_request_interface * arrays. * * @param string $var Name of the variable - * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global * Specifies the super global which shall be checked * * @return bool True if the variable was sent as input */ - public function is_set($var, $super_global = phpbb_request_request_interface::REQUEST) + public function is_set($var, $super_global = \phpbb\request\request_interface::REQUEST) { return isset($this->input[$super_global][$var]); } @@ -335,13 +337,13 @@ class phpbb_request implements phpbb_request_request_interface /** * Returns all variable names for a given super global * - * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global * The super global from which names shall be taken * * @return array All variable names that are set for the super global. * Pay attention when using these, they are unsanitised! */ - public function variable_names($super_global = phpbb_request_request_interface::REQUEST) + public function variable_names($super_global = \phpbb\request\request_interface::REQUEST) { if (!isset($this->input[$super_global])) { @@ -362,14 +364,14 @@ class phpbb_request implements phpbb_request_request_interface * This function will always return a value of the same type as the default. * @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks - * @param phpbb_request_request_interface::POST|GET|REQUEST|COOKIE $super_global + * @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global * Specifies which super global should be used * @param bool $trim Indicates whether trim() should be applied to string values. * * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the * the same as that of $default. If the variable is not set $default is returned. */ - protected function _variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_request_interface::REQUEST, $trim = true) + protected function _variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST, $trim = true) { $path = false; diff --git a/phpBB/phpbb/request/request_interface.php b/phpBB/phpbb/request/request_interface.php index 2c804cd7fd..3281e1ca03 100644 --- a/phpBB/phpbb/request/request_interface.php +++ b/phpBB/phpbb/request/request_interface.php @@ -1,12 +1,14 @@ Date: Mon, 16 Sep 2013 05:20:27 +0200 Subject: [ticket/11700] Fix leftover backslashes in comments PHPBB3-11700 --- phpBB/phpbb/request/deactivated_super_global.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/request') diff --git a/phpBB/phpbb/request/deactivated_super_global.php b/phpBB/phpbb/request/deactivated_super_global.php index 4d4417229e..8f39960477 100644 --- a/phpBB/phpbb/request/deactivated_super_global.php +++ b/phpBB/phpbb/request/deactivated_super_global.php @@ -18,7 +18,7 @@ if (!defined('IN_PHPBB')) } /** -* Replacement for a superglobal (\like $_GET or $_POST) which calls +* Replacement for a superglobal (like $_GET or $_POST) which calls * trigger_error on all operations but isset, overloads the [] operator with SPL. * * @package \phpbb\request\request -- cgit v1.2.1 From 7aa8f6461f1e85cf91931f56b95384e54fec07c2 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Wed, 30 Oct 2013 13:05:28 +0100 Subject: [task/code-sniffer] Remove the IN_PHPBB check side-effect from class files. PHPBB3-11980 --- phpBB/phpbb/request/deactivated_super_global.php | 8 -------- phpBB/phpbb/request/request.php | 8 -------- phpBB/phpbb/request/request_interface.php | 8 -------- phpBB/phpbb/request/type_cast_helper.php | 8 -------- phpBB/phpbb/request/type_cast_helper_interface.php | 8 -------- 5 files changed, 40 deletions(-) (limited to 'phpBB/phpbb/request') diff --git a/phpBB/phpbb/request/deactivated_super_global.php b/phpBB/phpbb/request/deactivated_super_global.php index 8f39960477..b03624593e 100644 --- a/phpBB/phpbb/request/deactivated_super_global.php +++ b/phpBB/phpbb/request/deactivated_super_global.php @@ -9,14 +9,6 @@ namespace phpbb\request; -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - /** * Replacement for a superglobal (like $_GET or $_POST) which calls * trigger_error on all operations but isset, overloads the [] operator with SPL. diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index 1c388b3c73..e158d33c01 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -9,14 +9,6 @@ namespace phpbb\request; -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - /** * All application input is accessed through this class. * diff --git a/phpBB/phpbb/request/request_interface.php b/phpBB/phpbb/request/request_interface.php index cd949147f7..1f9978b276 100644 --- a/phpBB/phpbb/request/request_interface.php +++ b/phpBB/phpbb/request/request_interface.php @@ -9,14 +9,6 @@ namespace phpbb\request; -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - /** * An interface through which all application input can be accessed. * diff --git a/phpBB/phpbb/request/type_cast_helper.php b/phpBB/phpbb/request/type_cast_helper.php index 262aff73c1..e9b55663af 100644 --- a/phpBB/phpbb/request/type_cast_helper.php +++ b/phpBB/phpbb/request/type_cast_helper.php @@ -9,14 +9,6 @@ namespace phpbb\request; -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - /** * A helper class that provides convenience methods for type casting. * diff --git a/phpBB/phpbb/request/type_cast_helper_interface.php b/phpBB/phpbb/request/type_cast_helper_interface.php index e8195c352e..f12795eef9 100644 --- a/phpBB/phpbb/request/type_cast_helper_interface.php +++ b/phpBB/phpbb/request/type_cast_helper_interface.php @@ -9,14 +9,6 @@ namespace phpbb\request; -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - /** * An interface for type cast operations. * -- cgit v1.2.1 From cd98dba0b97e717d7254387e8a02c9f4edaf0feb Mon Sep 17 00:00:00 2001 From: Cesar G Date: Thu, 19 Dec 2013 19:07:45 -0800 Subject: [ticket/12079] Add default value to $multibyte in request.untrimmed_variable(). PHPBB3-12079 --- phpBB/phpbb/request/request.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/request') diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index e158d33c01..3171a6edb7 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -217,7 +217,7 @@ class request implements \phpbb\request\request_interface * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the * the same as that of $default. If the variable is not set $default is returned. */ - public function untrimmed_variable($var_name, $default, $multibyte, $super_global = \phpbb\request\request_interface::REQUEST) + public function untrimmed_variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST) { return $this->_variable($var_name, $default, $multibyte, $super_global, false); } -- cgit v1.2.1 From 1e86f7113339c6b032a4500ce65cf959db97645a Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Mon, 10 Feb 2014 15:01:50 +0100 Subject: [ticket/12180] Add "Each file MUST end with exactly one newline character" rule PHPBB3-12180 --- phpBB/phpbb/request/deactivated_super_global.php | 1 - 1 file changed, 1 deletion(-) (limited to 'phpBB/phpbb/request') diff --git a/phpBB/phpbb/request/deactivated_super_global.php b/phpBB/phpbb/request/deactivated_super_global.php index b03624593e..b6940cf51f 100644 --- a/phpBB/phpbb/request/deactivated_super_global.php +++ b/phpBB/phpbb/request/deactivated_super_global.php @@ -112,4 +112,3 @@ class deactivated_super_global implements \ArrayAccess, \Countable, \IteratorAgg $this->error(); } } - -- cgit v1.2.1 From a759704b39fc1c1353f865a633759b1369589b67 Mon Sep 17 00:00:00 2001 From: Yuriy Rusko Date: Tue, 27 May 2014 20:18:06 +0200 Subject: [ticket/12594] Remove @package tags and update file headers PHPBB3-12594 --- phpBB/phpbb/request/deactivated_super_global.php | 12 +++++++----- phpBB/phpbb/request/request.php | 12 +++++++----- phpBB/phpbb/request/request_interface.php | 12 +++++++----- phpBB/phpbb/request/type_cast_helper.php | 12 +++++++----- phpBB/phpbb/request/type_cast_helper_interface.php | 12 +++++++----- 5 files changed, 35 insertions(+), 25 deletions(-) (limited to 'phpBB/phpbb/request') diff --git a/phpBB/phpbb/request/deactivated_super_global.php b/phpBB/phpbb/request/deactivated_super_global.php index b6940cf51f..b6cad59be4 100644 --- a/phpBB/phpbb/request/deactivated_super_global.php +++ b/phpBB/phpbb/request/deactivated_super_global.php @@ -1,9 +1,13 @@ +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. * */ @@ -12,8 +16,6 @@ namespace phpbb\request; /** * Replacement for a superglobal (like $_GET or $_POST) which calls * trigger_error on all operations but isset, overloads the [] operator with SPL. -* -* @package \phpbb\request\request */ class deactivated_super_global implements \ArrayAccess, \Countable, \IteratorAggregate { diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index 3171a6edb7..ea9854894c 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -1,9 +1,13 @@ +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. * */ @@ -14,8 +18,6 @@ namespace phpbb\request; * * It provides a method to disable access to input data through super globals. * This should force MOD authors to read about data validation. -* -* @package \phpbb\request\request */ class request implements \phpbb\request\request_interface { diff --git a/phpBB/phpbb/request/request_interface.php b/phpBB/phpbb/request/request_interface.php index 1f9978b276..3236f73990 100644 --- a/phpBB/phpbb/request/request_interface.php +++ b/phpBB/phpbb/request/request_interface.php @@ -1,9 +1,13 @@ +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. * */ @@ -11,8 +15,6 @@ namespace phpbb\request; /** * An interface through which all application input can be accessed. -* -* @package \phpbb\request\request */ interface request_interface { diff --git a/phpBB/phpbb/request/type_cast_helper.php b/phpBB/phpbb/request/type_cast_helper.php index e9b55663af..bc654e6182 100644 --- a/phpBB/phpbb/request/type_cast_helper.php +++ b/phpBB/phpbb/request/type_cast_helper.php @@ -1,9 +1,13 @@ +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. * */ @@ -11,8 +15,6 @@ namespace phpbb\request; /** * A helper class that provides convenience methods for type casting. -* -* @package \phpbb\request\request */ class type_cast_helper implements \phpbb\request\type_cast_helper_interface { diff --git a/phpBB/phpbb/request/type_cast_helper_interface.php b/phpBB/phpbb/request/type_cast_helper_interface.php index f12795eef9..2cb28d021f 100644 --- a/phpBB/phpbb/request/type_cast_helper_interface.php +++ b/phpBB/phpbb/request/type_cast_helper_interface.php @@ -1,9 +1,13 @@ +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. * */ @@ -11,8 +15,6 @@ namespace phpbb\request; /** * An interface for type cast operations. -* -* @package \phpbb\request\request */ interface type_cast_helper_interface { -- cgit v1.2.1 From 0dfe1d0d8b007ec7b7cae0715cfb2e5f4e33bad4 Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Wed, 12 Nov 2014 11:44:56 +0100 Subject: [ticket/13280] Output escaping for the symfony request object PHPBB3-13280 --- phpBB/phpbb/request/request.php | 23 +++++++++++++++++++++++ phpBB/phpbb/request/request_interface.php | 10 ++++++++++ 2 files changed, 33 insertions(+) (limited to 'phpBB/phpbb/request') diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index ea9854894c..f0f2f7e2a2 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -416,4 +416,27 @@ class request implements \phpbb\request\request_interface { return $this->input[$super_global]; } + + /** + * {@inheritdoc} + */ + public function escape($var, $multibyte) + { + if (is_array($var)) + { + $result = array(); + foreach ($var as $key => $value) + { + $this->type_cast_helper->set_var($key, $key, gettype($key), $multibyte); + $result[$key] = $this->escape($value, $multibyte); + } + $var = $result; + } + else + { + $this->type_cast_helper->set_var($var, $var, 'string', $multibyte); + } + + return $var; + } } diff --git a/phpBB/phpbb/request/request_interface.php b/phpBB/phpbb/request/request_interface.php index 3236f73990..47b3b3a4ed 100644 --- a/phpBB/phpbb/request/request_interface.php +++ b/phpBB/phpbb/request/request_interface.php @@ -142,4 +142,14 @@ interface request_interface * @return array The original array of the requested super global. */ public function get_super_global($super_global = \phpbb\request\request_interface::REQUEST); + + /** + * Escape a string variable. + * + * @param mixed $value The contents to fill with + * @param bool $multibyte Indicates whether string values may contain UTF-8 characters. + * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks. + * @return string|array + */ + public function escape($value, $multibyte); } -- cgit v1.2.1 From 589394e80b0f2ca962c7fd12d9f085bdaf650ca8 Mon Sep 17 00:00:00 2001 From: Cesar G Date: Tue, 2 Dec 2014 16:23:40 -0800 Subject: [ticket/13396] Normalize multibyte characters in attachment file names. PHPBB3-13396 --- phpBB/phpbb/request/request.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/request') diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index f0f2f7e2a2..56ce3999ed 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -275,7 +275,7 @@ class request implements \phpbb\request\request_interface */ public function file($form_name) { - return $this->variable($form_name, array('name' => 'none'), false, \phpbb\request\request_interface::FILES); + return $this->variable($form_name, array('name' => 'none'), true, \phpbb\request\request_interface::FILES); } /** -- cgit v1.2.1 From accf8f8625ca1c730ee0bb09e1ecc44526c124d3 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 15 Feb 2016 21:40:52 +0100 Subject: [ticket/14481] Respect HTTP_X_FORWARDED headers for implying https PHPBB3-14481 --- phpBB/phpbb/request/request.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'phpBB/phpbb/request') diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index 56ce3999ed..4cac6fbaea 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -325,7 +325,9 @@ class request implements \phpbb\request\request_interface */ public function is_secure() { - return $this->server('HTTPS') == 'on'; + $https = $this->server('HTTPS'); + $https = $this->server('HTTP_X_FORWARDED_PROTO') === 'https' ? 'on' : $https; + return !empty($https) && $https !== 'off'; } /** -- cgit v1.2.1 From 18eaf10e5a04032306fdbe5caabdd29bc8c4f1f9 Mon Sep 17 00:00:00 2001 From: javiexin Date: Thu, 2 Mar 2017 15:51:51 +0100 Subject: [ticket/15108] Remove duplicate code in request->context PHPBB3-15108 --- phpBB/phpbb/request/request.php | 6 ------ 1 file changed, 6 deletions(-) (limited to 'phpBB/phpbb/request') diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index 4cac6fbaea..00ff9064cb 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -169,12 +169,6 @@ class request implements \phpbb\request\request_interface $GLOBALS[$this->super_globals[$super_global]][$var_name] = $value; } } - - if (!$this->super_globals_disabled()) - { - unset($GLOBALS[$this->super_globals[$super_global]][$var_name]); - $GLOBALS[$this->super_globals[$super_global]][$var_name] = $value; - } } /** -- cgit v1.2.1