X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Frequest-functions.php;h=d90c41bb91d8849cb9b9ed763bbe86d356d0860a;hp=4f48971f94dbda7e71f580bc701732a54a6268fb;hb=a524135c24dd0a8fa359c9a92399467d50fd69e0;hpb=3b712465a3f2b368ba8b74c39fed477de4278535
diff --git a/inc/request-functions.php b/inc/request-functions.php
index 4f48971f94..d90c41bb91 100644
--- a/inc/request-functions.php
+++ b/inc/request-functions.php
@@ -10,13 +10,8 @@
* -------------------------------------------------------------------- *
* Kurzbeschreibung : Spezialle Funktionen fuer die Anfragebehandlung *
* -------------------------------------------------------------------- *
- * $Revision:: $ *
- * $Date:: $ *
- * $Tag:: 0.2.1-FINAL $ *
- * $Author:: $ *
- * -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2009 by Roland Haeder *
- * Copyright (c) 2009 - 2011 by Mailer Developer Team *
+ * Copyright (c) 2009 - 2016 by Mailer Developer Team *
* For more information visit: http://mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
@@ -57,7 +52,7 @@ function getRequestElement ($element) {
$value = $GLOBALS['cache_request']['get'][$element];
} elseif (isGetRequestElementSet($element)) {
// Then get it directly
- $value = SQL_ESCAPE($GLOBALS['raw_request']['get'][$element]);
+ $value = sqlEscapeString($GLOBALS['raw_request']['get'][$element]);
// Store it in cache
$GLOBALS['cache_request']['get'][$element] = $value;
@@ -90,7 +85,7 @@ function getRequestArray () {
// Counts entries in $_GET or returns false if not an array
function countRequestGet () {
// By default this is not an array
- $count = false;
+ $count = FALSE;
// Get the array
$GET = getRequestArray();
@@ -107,8 +102,8 @@ function countRequestGet () {
// Setter for element in $_GET
function setGetRequestElement ($element, $value) {
// Escape both
- $element = SQL_ESCAPE($element);
- $value = SQL_ESCAPE($value);
+ $element = sqlEscapeString($element);
+ $value = sqlEscapeString($value);
// Set in $_GET
$GLOBALS['raw_request']['get'][$element] = $value;
@@ -119,6 +114,7 @@ function setGetRequestElement ($element, $value) {
// Wrapper for elements in $_POST
function postRequestElement ($element, $subElement = NULL) {
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[' . gettype($element) . ']=' . $element . ',subElement[' . gettype($subElement) . ']=' . $subElement . ' - ENTERED!');
// By default no element is there
$value = NULL;
@@ -126,7 +122,7 @@ function postRequestElement ($element, $subElement = NULL) {
if (isset($GLOBALS['cache_request']['post'][$element][$subElement])) {
// Then use it
$value = $GLOBALS['cache_request']['post'][$element][$subElement];
- //* DEBUG: */ print $element.'/'.$subElement.'='.$value.'
';
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[' . gettype($element) . ']=' . $element . ',subElement[' . gettype($subElement) . ']=' . $subElement . ',value[' . gettype($value) . ']=' . $value . ' - CACHE!');
} elseif (isPostRequestElementSet($element)) {
// Then use it
$value = $GLOBALS['raw_request']['post'][$element];
@@ -134,29 +130,40 @@ function postRequestElement ($element, $subElement = NULL) {
// Is $subElement set?
if ((!is_null($subElement)) && (isPostRequestElementSet($element, $subElement))) {
// Then use this
- $value = SQL_ESCAPE($value[$subElement]);
- //* DEBUG: */ print 'sub!
';
- } elseif (!is_array($value)) {
+ $value = sqlEscapeString($value[$subElement]);
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',subElement=' . $subElement . ' - SUB!');
+ } elseif ((!is_array($value)) && (function_exists('sqlEscapeString'))) {
// Escape it here
- $value = SQL_ESCAPE($value);
- //* DEBUG: */ print 'no-array!
';
+ $value = sqlEscapeString($value);
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ' - REGULAR!');
}
// Set it in cache
- //* DEBUG: */ print $element.'/'.$subElement.'='.$value.'
';
- //* DEBUG: */ print('
'.print_r($_POST,true).''); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',subElement=' . $subElement . ',value=' . $value.' - ADDED!'); $GLOBALS['cache_request']['post'][$element][$subElement] = $value; } // END - if // Return value + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[' . gettype($element) . ']=' . $element . ',subElement[' . gettype($subElement) . ']=' . $subElement . ',value[' . gettype($value) . ']=' . $value . ' - EXIT!'); return $value; } // Checks if an element in $_POST exists function isPostRequestElementSet ($element, $subElement = NULL) { + /* + * Always check that $element is a string and that $subElement is NULL or + * a string as numerical indexes are not wanted in POST data (in this + * project). + */ + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[]=' . gettype($element) . ',subElement[]=' . gettype($subElement)); + assert(is_string($element) && ((is_null($subElement)) || (is_string($subElement)) || (is_int($subElement)) || (is_double($subElement)))); + + // Is a sub element set? if (is_null($subElement)) { - return ((isset($GLOBALS['raw_request']['post'][$element])) && (('' . $GLOBALS['raw_request']['post'][$element] . '') != '')); + // No, then only check $element + return ((isset($GLOBALS['raw_request']['post'][$element])) && ((is_array($GLOBALS['raw_request']['post'][$element])) || (('' . $GLOBALS['raw_request']['post'][$element] . '') != ''))); } else { + // Yes, then check both together return ((isset($GLOBALS['raw_request']['post'][$element][$subElement])) && (('' . $GLOBALS['raw_request']['post'][$element][$subElement] . '') != '')); } } @@ -180,7 +187,7 @@ function setPostRequestArray ($postData) { // Counts entries in $_POST or returns false if not an array function countRequestPost () { // By default this is not an array - $count = false; + $count = FALSE; // Get the array $postData = postRequestArray(); @@ -206,52 +213,50 @@ function setPostRequestElement ($element, $value) { $eval .= implode("']['", $element); // Finish eval() command - $eval .= sprintf("'] = \"%s\";", SQL_ESCAPE($value)); + $eval .= sprintf("'] = \"%s\";", sqlEscapeString($value)); // And run it eval($eval); } elseif (is_array($value)) { // Escape element - $element = SQL_ESCAPE($element); + $element = sqlEscapeString($element); // Value is an array so set it directly $GLOBALS['raw_request']['post'][$element] = $value; } else { + // Debug message + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',value=' . $value . ' - BEFORE!'); + // Escape both - $element = SQL_ESCAPE($element); - $value = SQL_ESCAPE($value); + $element = sqlEscapeString($element); + $value = sqlEscapeString($value); + + // Debug message + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',value=' . $value . ' - AFTER!'); // Set regular entry $GLOBALS['raw_request']['post'][$element] = $value; } // Update cache - $GLOBALS['cache_request']['post'][$element][null] = $value; + $GLOBALS['cache_request']['post'][$element][NULL] = $value; } -// Checks wether a form was sent. If so, the $_POST['ok'] element must be set +// Checks whether a form was sent. If so, the $_POST['ok'] element must be set function isFormSent ($requestParameter = 'ok') { // Simply wrap it! return isPostRequestElementSet($requestParameter); } -// Checks if 'content_type' is set -function isContentTypeSet () { - return isset($GLOBALS['content_type']); -} - -// Setter for content type -function setContentType ($contentType) { - $GLOBALS['content_type'] = (string) $contentType; -} - -// Getter for content type -function getContentType () { - return $GLOBALS['content_type']; -} - // Getter for request URI function getRequestUri () { + // Is it not set? + if (!isset($_SERVER['REQUEST_URI'])) { + // Return empty string + return ''; + } // END - if + + // Return it return $_SERVER['REQUEST_URI']; } @@ -263,7 +268,7 @@ function addAllGetRequestParameters () { // Now add all parameters foreach (getRequestArray() as $key => $value) { // Add it secured - $return .= SQL_ESCAPE($key) . '=' . SQL_ESCAPE($value) . '&'; + $return .= sqlEscapeString($key) . '=' . sqlEscapeString($value) . '&'; } // END - foreach // Remove trailing &