X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Frequest-functions.php;h=2903a4418cb18058398be0b80c6d069682403296;hb=3dd56e621164594dca92d59f826a298f69e0342d;hp=8c49e180d4ba5d67c54279c777ee780c59c659aa;hpb=e82c3c5bb62bd3439fa63e5690e9dc3097cfd34c;p=mailer.git
diff --git a/inc/request-functions.php b/inc/request-functions.php
index 8c49e180d4..2903a4418c 100644
--- a/inc/request-functions.php
+++ b/inc/request-functions.php
@@ -16,7 +16,7 @@
* $Author:: $ *
* -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2009 by Roland Haeder *
- * Copyright (c) 2009 - 2011 by Mailer Developer Team *
+ * Copyright (c) 2009 - 2013 by Mailer Developer Team *
* For more information visit: http://mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
@@ -57,7 +57,7 @@ function getRequestElement ($element) {
$value = $GLOBALS['cache_request']['get'][$element];
} elseif (isGetRequestElementSet($element)) {
// Then get it directly
- $value = SQL_ESCAPE($GLOBALS['raw_request']['get'][$element]);
+ $value = sqlEscapeString($GLOBALS['raw_request']['get'][$element]);
// Store it in cache
$GLOBALS['cache_request']['get'][$element] = $value;
@@ -78,6 +78,7 @@ function isGetRequestElementSet ($element, $subElement = '') {
// Removes an element from $_GET
function unsetGetRequestElement ($element) {
+ unset($GLOBALS['cache_request']['get'][$element]);
unset($GLOBALS['raw_request']['get'][$element]);
}
@@ -89,7 +90,7 @@ function getRequestArray () {
// Counts entries in $_GET or returns false if not an array
function countRequestGet () {
// By default this is not an array
- $count = false;
+ $count = FALSE;
// Get the array
$GET = getRequestArray();
@@ -106,8 +107,8 @@ function countRequestGet () {
// Setter for element in $_GET
function setGetRequestElement ($element, $value) {
// Escape both
- $element = SQL_ESCAPE($element);
- $value = SQL_ESCAPE($value);
+ $element = sqlEscapeString($element);
+ $value = sqlEscapeString($value);
// Set in $_GET
$GLOBALS['raw_request']['get'][$element] = $value;
@@ -118,6 +119,7 @@ function setGetRequestElement ($element, $value) {
// Wrapper for elements in $_POST
function postRequestElement ($element, $subElement = NULL) {
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[' . gettype($element) . ']=' . $element . ',subElement[' . gettype($subElement) . ']=' . $subElement . ' - ENTERED!');
// By default no element is there
$value = NULL;
@@ -125,7 +127,7 @@ function postRequestElement ($element, $subElement = NULL) {
if (isset($GLOBALS['cache_request']['post'][$element][$subElement])) {
// Then use it
$value = $GLOBALS['cache_request']['post'][$element][$subElement];
- //* DEBUG: */ print $element.'/'.$subElement.'='.$value.'
';
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[' . gettype($element) . ']=' . $element . ',subElement[' . gettype($subElement) . ']=' . $subElement . ',value[' . gettype($value) . ']=' . $value . ' - CACHE!');
} elseif (isPostRequestElementSet($element)) {
// Then use it
$value = $GLOBALS['raw_request']['post'][$element];
@@ -133,29 +135,40 @@ function postRequestElement ($element, $subElement = NULL) {
// Is $subElement set?
if ((!is_null($subElement)) && (isPostRequestElementSet($element, $subElement))) {
// Then use this
- $value = SQL_ESCAPE($value[$subElement]);
- //* DEBUG: */ print 'sub!
';
- } elseif (!is_array($value)) {
+ $value = sqlEscapeString($value[$subElement]);
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',subElement=' . $subElement . ' - SUB!');
+ } elseif ((!is_array($value)) && (function_exists('sqlEscapeString'))) {
// Escape it here
- $value = SQL_ESCAPE($value);
- //* DEBUG: */ print 'no-array!
';
+ $value = sqlEscapeString($value);
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ' - REGULAR!');
}
// Set it in cache
- //* DEBUG: */ print $element.'/'.$subElement.'='.$value.'
';
- //* DEBUG: */ print('
'.print_r($_POST,true).''); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',subElement=' . $subElement . ',value=' . $value.' - ADDED!'); $GLOBALS['cache_request']['post'][$element][$subElement] = $value; } // END - if // Return value + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[' . gettype($element) . ']=' . $element . ',subElement[' . gettype($subElement) . ']=' . $subElement . ',value[' . gettype($value) . ']=' . $value . ' - EXIT!'); return $value; } // Checks if an element in $_POST exists function isPostRequestElementSet ($element, $subElement = NULL) { + /* + * Always check that $element is a string and that $subElement is NULL or + * a string as numerical indexes are not wanted in POST data (in this + * project). + */ + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[]=' . gettype($element) . ',subElement[]=' . gettype($subElement)); + assert(is_string($element) && ((is_null($subElement)) || (is_string($subElement)) || (is_int($subElement)) || (is_double($subElement)))); + + // Is a sub element set? if (is_null($subElement)) { - return ((isset($GLOBALS['raw_request']['post'][$element])) && (('' . $GLOBALS['raw_request']['post'][$element] . '') != '')); + // No, then only check $element + return ((isset($GLOBALS['raw_request']['post'][$element])) && ((is_array($GLOBALS['raw_request']['post'][$element])) || (('' . $GLOBALS['raw_request']['post'][$element] . '') != ''))); } else { + // Yes, then check both together return ((isset($GLOBALS['raw_request']['post'][$element][$subElement])) && (('' . $GLOBALS['raw_request']['post'][$element][$subElement] . '') != '')); } } @@ -163,6 +176,7 @@ function isPostRequestElementSet ($element, $subElement = NULL) { // Removes an element from $_POST function unsetPostRequestElement ($element) { unset($GLOBALS['raw_request']['post'][$element]); + unset($GLOBALS['cache_request']['post'][$element]); } // Getter for whole $_POST array @@ -178,7 +192,7 @@ function setPostRequestArray ($postData) { // Counts entries in $_POST or returns false if not an array function countRequestPost () { // By default this is not an array - $count = false; + $count = FALSE; // Get the array $postData = postRequestArray(); @@ -204,52 +218,50 @@ function setPostRequestElement ($element, $value) { $eval .= implode("']['", $element); // Finish eval() command - $eval .= sprintf("'] = \"%s\";", SQL_ESCAPE($value)); + $eval .= sprintf("'] = \"%s\";", sqlEscapeString($value)); // And run it eval($eval); } elseif (is_array($value)) { // Escape element - $element = SQL_ESCAPE($element); + $element = sqlEscapeString($element); // Value is an array so set it directly $GLOBALS['raw_request']['post'][$element] = $value; } else { + // Debug message + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',value=' . $value . ' - BEFORE!'); + // Escape both - $element = SQL_ESCAPE($element); - $value = SQL_ESCAPE($value); + $element = sqlEscapeString($element); + $value = sqlEscapeString($value); + + // Debug message + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',value=' . $value . ' - AFTER!'); // Set regular entry $GLOBALS['raw_request']['post'][$element] = $value; } // Update cache - $GLOBALS['cache_request']['post'][$element][null] = $value; + $GLOBALS['cache_request']['post'][$element][NULL] = $value; } -// Checks wether a form was sent. If so, the $_POST['ok'] element must be set +// Checks whether a form was sent. If so, the $_POST['ok'] element must be set function isFormSent ($requestParameter = 'ok') { // Simply wrap it! return isPostRequestElementSet($requestParameter); } -// Checks if 'content_type' is set -function isContentTypeSet () { - return isset($GLOBALS['content_type']); -} - -// Setter for content type -function setContentType ($contentType) { - $GLOBALS['content_type'] = (string) $contentType; -} - -// Getter for content type -function getContentType () { - return $GLOBALS['content_type']; -} - // Getter for request URI function getRequestUri () { + // Is it not set? + if (!isset($_SERVER['REQUEST_URI'])) { + // Return empty string + return ''; + } // END - if + + // Return it return $_SERVER['REQUEST_URI']; } @@ -261,7 +273,7 @@ function addAllGetRequestParameters () { // Now add all parameters foreach (getRequestArray() as $key => $value) { // Add it secured - $return .= SQL_ESCAPE($key) . '=' . SQL_ESCAPE($value) . '&'; + $return .= sqlEscapeString($key) . '=' . sqlEscapeString($value) . '&'; } // END - foreach // Remove trailing &