X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Frequest-functions.php;h=7f15d42b50ef443093f49c74263f1f4a13786ac6;hb=150ed402878985508f10f4e06d25831e0fb3a1f8;hp=353e24b4e8a6acba00e0c8fb770d44fd25022c0a;hpb=a16ae225264a183dc4adf24c2d931df231d2ffc7;p=mailer.git
diff --git a/inc/request-functions.php b/inc/request-functions.php
index 353e24b4e8..7f15d42b50 100644
--- a/inc/request-functions.php
+++ b/inc/request-functions.php
@@ -10,13 +10,8 @@
* -------------------------------------------------------------------- *
* Kurzbeschreibung : Spezialle Funktionen fuer die Anfragebehandlung *
* -------------------------------------------------------------------- *
- * $Revision:: $ *
- * $Date:: $ *
- * $Tag:: 0.2.1-FINAL $ *
- * $Author:: $ *
- * -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2009 by Roland Haeder *
- * Copyright (c) 2009 - 2011 by Mailer Developer Team *
+ * Copyright (c) 2009 - 2013 by Mailer Developer Team *
* For more information visit: http://mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
@@ -57,7 +52,7 @@ function getRequestElement ($element) {
$value = $GLOBALS['cache_request']['get'][$element];
} elseif (isGetRequestElementSet($element)) {
// Then get it directly
- $value = SQL_ESCAPE($GLOBALS['raw_request']['get'][$element]);
+ $value = sqlEscapeString($GLOBALS['raw_request']['get'][$element]);
// Store it in cache
$GLOBALS['cache_request']['get'][$element] = $value;
@@ -78,6 +73,7 @@ function isGetRequestElementSet ($element, $subElement = '') {
// Removes an element from $_GET
function unsetGetRequestElement ($element) {
+ unset($GLOBALS['cache_request']['get'][$element]);
unset($GLOBALS['raw_request']['get'][$element]);
}
@@ -89,7 +85,7 @@ function getRequestArray () {
// Counts entries in $_GET or returns false if not an array
function countRequestGet () {
// By default this is not an array
- $count = false;
+ $count = FALSE;
// Get the array
$GET = getRequestArray();
@@ -106,8 +102,8 @@ function countRequestGet () {
// Setter for element in $_GET
function setGetRequestElement ($element, $value) {
// Escape both
- $element = SQL_ESCAPE($element);
- $value = SQL_ESCAPE($value);
+ $element = sqlEscapeString($element);
+ $value = sqlEscapeString($value);
// Set in $_GET
$GLOBALS['raw_request']['get'][$element] = $value;
@@ -118,6 +114,7 @@ function setGetRequestElement ($element, $value) {
// Wrapper for elements in $_POST
function postRequestElement ($element, $subElement = NULL) {
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[' . gettype($element) . ']=' . $element . ',subElement[' . gettype($subElement) . ']=' . $subElement . ' - ENTERED!');
// By default no element is there
$value = NULL;
@@ -125,7 +122,7 @@ function postRequestElement ($element, $subElement = NULL) {
if (isset($GLOBALS['cache_request']['post'][$element][$subElement])) {
// Then use it
$value = $GLOBALS['cache_request']['post'][$element][$subElement];
- //* DEBUG: */ print $element.'/'.$subElement.'='.$value.'
';
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[' . gettype($element) . ']=' . $element . ',subElement[' . gettype($subElement) . ']=' . $subElement . ',value[' . gettype($value) . ']=' . $value . ' - CACHE!');
} elseif (isPostRequestElementSet($element)) {
// Then use it
$value = $GLOBALS['raw_request']['post'][$element];
@@ -133,29 +130,40 @@ function postRequestElement ($element, $subElement = NULL) {
// Is $subElement set?
if ((!is_null($subElement)) && (isPostRequestElementSet($element, $subElement))) {
// Then use this
- $value = SQL_ESCAPE($value[$subElement]);
- //* DEBUG: */ print 'sub!
';
- } elseif (!is_array($value)) {
+ $value = sqlEscapeString($value[$subElement]);
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',subElement=' . $subElement . ' - SUB!');
+ } elseif ((!is_array($value)) && (function_exists('sqlEscapeString'))) {
// Escape it here
- $value = SQL_ESCAPE($value);
- //* DEBUG: */ print 'no-array!
';
+ $value = sqlEscapeString($value);
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ' - REGULAR!');
}
// Set it in cache
- //* DEBUG: */ print $element.'/'.$subElement.'='.$value.'
';
- //* DEBUG: */ print('
'.print_r($_POST,true).''); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',subElement=' . $subElement . ',value=' . $value.' - ADDED!'); $GLOBALS['cache_request']['post'][$element][$subElement] = $value; } // END - if // Return value + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[' . gettype($element) . ']=' . $element . ',subElement[' . gettype($subElement) . ']=' . $subElement . ',value[' . gettype($value) . ']=' . $value . ' - EXIT!'); return $value; } // Checks if an element in $_POST exists function isPostRequestElementSet ($element, $subElement = NULL) { + /* + * Always check that $element is a string and that $subElement is NULL or + * a string as numerical indexes are not wanted in POST data (in this + * project). + */ + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[]=' . gettype($element) . ',subElement[]=' . gettype($subElement)); + assert(is_string($element) && ((is_null($subElement)) || (is_string($subElement)) || (is_int($subElement)) || (is_double($subElement)))); + + // Is a sub element set? if (is_null($subElement)) { - return ((isset($GLOBALS['raw_request']['post'][$element])) && (('' . $GLOBALS['raw_request']['post'][$element] . '') != '')); + // No, then only check $element + return ((isset($GLOBALS['raw_request']['post'][$element])) && ((is_array($GLOBALS['raw_request']['post'][$element])) || (('' . $GLOBALS['raw_request']['post'][$element] . '') != ''))); } else { + // Yes, then check both together return ((isset($GLOBALS['raw_request']['post'][$element][$subElement])) && (('' . $GLOBALS['raw_request']['post'][$element][$subElement] . '') != '')); } } @@ -163,6 +171,7 @@ function isPostRequestElementSet ($element, $subElement = NULL) { // Removes an element from $_POST function unsetPostRequestElement ($element) { unset($GLOBALS['raw_request']['post'][$element]); + unset($GLOBALS['cache_request']['post'][$element]); } // Getter for whole $_POST array @@ -178,7 +187,7 @@ function setPostRequestArray ($postData) { // Counts entries in $_POST or returns false if not an array function countRequestPost () { // By default this is not an array - $count = false; + $count = FALSE; // Get the array $postData = postRequestArray(); @@ -190,6 +199,7 @@ function countRequestPost () { } // END - if // Return value + return $count; } // Setter for element in $_POST @@ -203,53 +213,69 @@ function setPostRequestElement ($element, $value) { $eval .= implode("']['", $element); // Finish eval() command - $eval .= sprintf("'] = \"%s\";", SQL_ESCAPE($value)); + $eval .= sprintf("'] = \"%s\";", sqlEscapeString($value)); // And run it eval($eval); } elseif (is_array($value)) { // Escape element - $element = SQL_ESCAPE($element); + $element = sqlEscapeString($element); // Value is an array so set it directly $GLOBALS['raw_request']['post'][$element] = $value; } else { + // Debug message + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',value=' . $value . ' - BEFORE!'); + // Escape both - $element = SQL_ESCAPE($element); - $value = SQL_ESCAPE($value); + $element = sqlEscapeString($element); + $value = sqlEscapeString($value); + + // Debug message + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',value=' . $value . ' - AFTER!'); // Set regular entry $GLOBALS['raw_request']['post'][$element] = $value; } // Update cache - $GLOBALS['cache_request']['post'][$element][null] = $value; + $GLOBALS['cache_request']['post'][$element][NULL] = $value; } -// Checks wether a form was sent. If so, the $_POST['ok'] element must be set +// Checks whether a form was sent. If so, the $_POST['ok'] element must be set function isFormSent ($requestParameter = 'ok') { // Simply wrap it! return isPostRequestElementSet($requestParameter); } -// Checks if 'content_type' is set -function isContentTypeSet () { - return isset($GLOBALS['content_type']); -} +// Getter for request URI +function getRequestUri () { + // Is it not set? + if (!isset($_SERVER['REQUEST_URI'])) { + // Return empty string + return ''; + } // END - if -// Setter for content type -function setContentType ($contentType) { - $GLOBALS['content_type'] = (string) $contentType; + // Return it + return $_SERVER['REQUEST_URI']; } -// Getter for content type -function getContentType () { - return $GLOBALS['content_type']; -} +// Add all GET parameters to a string (without leading sign) +function addAllGetRequestParameters () { + // Init variable + $return = ''; -// Getter for request URI -function getRequestUri () { - return $_SERVER['REQUEST_URI']; + // Now add all parameters + foreach (getRequestArray() as $key => $value) { + // Add it secured + $return .= sqlEscapeString($key) . '=' . sqlEscapeString($value) . '&'; + } // END - foreach + + // Remove trailing & + $return = substr($return, 0, -5); + + // Return it + return $return; } // [EOF]