X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Frequest-functions.php;h=d90c41bb91d8849cb9b9ed763bbe86d356d0860a;hp=4f48971f94dbda7e71f580bc701732a54a6268fb;hb=a524135c24dd0a8fa359c9a92399467d50fd69e0;hpb=3b712465a3f2b368ba8b74c39fed477de4278535
diff --git a/inc/request-functions.php b/inc/request-functions.php
index 4f48971f94..d90c41bb91 100644
--- a/inc/request-functions.php
+++ b/inc/request-functions.php
@@ -10,13 +10,8 @@
* -------------------------------------------------------------------- *
* Kurzbeschreibung : Spezialle Funktionen fuer die Anfragebehandlung *
* -------------------------------------------------------------------- *
- * $Revision:: $ *
- * $Date:: $ *
- * $Tag:: 0.2.1-FINAL $ *
- * $Author:: $ *
- * -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2009 by Roland Haeder *
- * Copyright (c) 2009 - 2011 by Mailer Developer Team *
+ * Copyright (c) 2009 - 2016 by Mailer Developer Team *
* For more information visit: http://mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
@@ -57,7 +52,7 @@ function getRequestElement ($element) {
$value = $GLOBALS['cache_request']['get'][$element];
} elseif (isGetRequestElementSet($element)) {
// Then get it directly
- $value = SQL_ESCAPE($GLOBALS['raw_request']['get'][$element]);
+ $value = sqlEscapeString($GLOBALS['raw_request']['get'][$element]);
// Store it in cache
$GLOBALS['cache_request']['get'][$element] = $value;
@@ -90,7 +85,7 @@ function getRequestArray () {
// Counts entries in $_GET or returns false if not an array
function countRequestGet () {
// By default this is not an array
- $count = false;
+ $count = FALSE;
// Get the array
$GET = getRequestArray();
@@ -107,8 +102,8 @@ function countRequestGet () {
// Setter for element in $_GET
function setGetRequestElement ($element, $value) {
// Escape both
- $element = SQL_ESCAPE($element);
- $value = SQL_ESCAPE($value);
+ $element = sqlEscapeString($element);
+ $value = sqlEscapeString($value);
// Set in $_GET
$GLOBALS['raw_request']['get'][$element] = $value;
@@ -119,6 +114,7 @@ function setGetRequestElement ($element, $value) {
// Wrapper for elements in $_POST
function postRequestElement ($element, $subElement = NULL) {
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[' . gettype($element) . ']=' . $element . ',subElement[' . gettype($subElement) . ']=' . $subElement . ' - ENTERED!');
// By default no element is there
$value = NULL;
@@ -126,7 +122,7 @@ function postRequestElement ($element, $subElement = NULL) {
if (isset($GLOBALS['cache_request']['post'][$element][$subElement])) {
// Then use it
$value = $GLOBALS['cache_request']['post'][$element][$subElement];
- //* DEBUG: */ print $element.'/'.$subElement.'='.$value.'
';
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[' . gettype($element) . ']=' . $element . ',subElement[' . gettype($subElement) . ']=' . $subElement . ',value[' . gettype($value) . ']=' . $value . ' - CACHE!');
} elseif (isPostRequestElementSet($element)) {
// Then use it
$value = $GLOBALS['raw_request']['post'][$element];
@@ -134,29 +130,40 @@ function postRequestElement ($element, $subElement = NULL) {
// Is $subElement set?
if ((!is_null($subElement)) && (isPostRequestElementSet($element, $subElement))) {
// Then use this
- $value = SQL_ESCAPE($value[$subElement]);
- //* DEBUG: */ print 'sub!
';
- } elseif (!is_array($value)) {
+ $value = sqlEscapeString($value[$subElement]);
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',subElement=' . $subElement . ' - SUB!');
+ } elseif ((!is_array($value)) && (function_exists('sqlEscapeString'))) {
// Escape it here
- $value = SQL_ESCAPE($value);
- //* DEBUG: */ print 'no-array!
';
+ $value = sqlEscapeString($value);
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ' - REGULAR!');
}
// Set it in cache
- //* DEBUG: */ print $element.'/'.$subElement.'='.$value.'
';
- //* DEBUG: */ print(''.print_r($_POST,true).'
');
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',subElement=' . $subElement . ',value=' . $value.' - ADDED!');
$GLOBALS['cache_request']['post'][$element][$subElement] = $value;
} // END - if
// Return value
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[' . gettype($element) . ']=' . $element . ',subElement[' . gettype($subElement) . ']=' . $subElement . ',value[' . gettype($value) . ']=' . $value . ' - EXIT!');
return $value;
}
// Checks if an element in $_POST exists
function isPostRequestElementSet ($element, $subElement = NULL) {
+ /*
+ * Always check that $element is a string and that $subElement is NULL or
+ * a string as numerical indexes are not wanted in POST data (in this
+ * project).
+ */
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[]=' . gettype($element) . ',subElement[]=' . gettype($subElement));
+ assert(is_string($element) && ((is_null($subElement)) || (is_string($subElement)) || (is_int($subElement)) || (is_double($subElement))));
+
+ // Is a sub element set?
if (is_null($subElement)) {
- return ((isset($GLOBALS['raw_request']['post'][$element])) && (('' . $GLOBALS['raw_request']['post'][$element] . '') != ''));
+ // No, then only check $element
+ return ((isset($GLOBALS['raw_request']['post'][$element])) && ((is_array($GLOBALS['raw_request']['post'][$element])) || (('' . $GLOBALS['raw_request']['post'][$element] . '') != '')));
} else {
+ // Yes, then check both together
return ((isset($GLOBALS['raw_request']['post'][$element][$subElement])) && (('' . $GLOBALS['raw_request']['post'][$element][$subElement] . '') != ''));
}
}
@@ -180,7 +187,7 @@ function setPostRequestArray ($postData) {
// Counts entries in $_POST or returns false if not an array
function countRequestPost () {
// By default this is not an array
- $count = false;
+ $count = FALSE;
// Get the array
$postData = postRequestArray();
@@ -206,52 +213,50 @@ function setPostRequestElement ($element, $value) {
$eval .= implode("']['", $element);
// Finish eval() command
- $eval .= sprintf("'] = \"%s\";", SQL_ESCAPE($value));
+ $eval .= sprintf("'] = \"%s\";", sqlEscapeString($value));
// And run it
eval($eval);
} elseif (is_array($value)) {
// Escape element
- $element = SQL_ESCAPE($element);
+ $element = sqlEscapeString($element);
// Value is an array so set it directly
$GLOBALS['raw_request']['post'][$element] = $value;
} else {
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',value=' . $value . ' - BEFORE!');
+
// Escape both
- $element = SQL_ESCAPE($element);
- $value = SQL_ESCAPE($value);
+ $element = sqlEscapeString($element);
+ $value = sqlEscapeString($value);
+
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',value=' . $value . ' - AFTER!');
// Set regular entry
$GLOBALS['raw_request']['post'][$element] = $value;
}
// Update cache
- $GLOBALS['cache_request']['post'][$element][null] = $value;
+ $GLOBALS['cache_request']['post'][$element][NULL] = $value;
}
-// Checks wether a form was sent. If so, the $_POST['ok'] element must be set
+// Checks whether a form was sent. If so, the $_POST['ok'] element must be set
function isFormSent ($requestParameter = 'ok') {
// Simply wrap it!
return isPostRequestElementSet($requestParameter);
}
-// Checks if 'content_type' is set
-function isContentTypeSet () {
- return isset($GLOBALS['content_type']);
-}
-
-// Setter for content type
-function setContentType ($contentType) {
- $GLOBALS['content_type'] = (string) $contentType;
-}
-
-// Getter for content type
-function getContentType () {
- return $GLOBALS['content_type'];
-}
-
// Getter for request URI
function getRequestUri () {
+ // Is it not set?
+ if (!isset($_SERVER['REQUEST_URI'])) {
+ // Return empty string
+ return '';
+ } // END - if
+
+ // Return it
return $_SERVER['REQUEST_URI'];
}
@@ -263,7 +268,7 @@ function addAllGetRequestParameters () {
// Now add all parameters
foreach (getRequestArray() as $key => $value) {
// Add it secured
- $return .= SQL_ESCAPE($key) . '=' . SQL_ESCAPE($value) . '&';
+ $return .= sqlEscapeString($key) . '=' . sqlEscapeString($value) . '&';
} // END - foreach
// Remove trailing &