X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Frequest-functions.php;h=d90c41bb91d8849cb9b9ed763bbe86d356d0860a;hp=b651b018e73b582b269ba2af5e1a439a8e3ab020;hb=6dcb879ba3abb21843503cacc65d1fe0848eb90f;hpb=09f5758c42a33a56bdd461c946ffe759a59c54aa diff --git a/inc/request-functions.php b/inc/request-functions.php index b651b018e7..d90c41bb91 100644 --- a/inc/request-functions.php +++ b/inc/request-functions.php @@ -10,16 +10,9 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : Spezialle Funktionen fuer die Anfragebehandlung * * -------------------------------------------------------------------- * - * $Revision:: $ * - * $Date:: $ * - * $Tag:: 0.2.1-FINAL $ * - * $Author:: $ * - * Needs to be in all Files and every File needs "svn propset * - * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * - * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * Copyright (c) 2009, 2010 by Mailer Developer Team * - * For more information visit: http://www.mxchange.org * + * Copyright (c) 2009 - 2016 by Mailer Developer Team * + * For more information visit: http://mxchange.org * * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * @@ -44,25 +37,25 @@ if (!defined('__SECURITY')) { // Initialize the request elements function initRequest () { - $GLOBALS['raw_request']['get'] = $_GET; - $GLOBALS['raw_request']['post'] = $_POST; + $GLOBALS['raw_request']['get'] = (array) $_GET; + $GLOBALS['raw_request']['post'] = (array) $_POST; } // Wrapper for elements in $_GET -function getRequestParameter ($element) { +function getRequestElement ($element) { // By default no element is there - $value = null; + $value = NULL; // Is the element cached or there? - if (isset($GLOBALS['cache_request']['request_get'][$element])) { + if (isset($GLOBALS['cache_request']['get'][$element])) { // Then use the cache - $value = $GLOBALS['cache_request']['request_get'][$element]; - } elseif (isGetRequestParameterSet($element)) { + $value = $GLOBALS['cache_request']['get'][$element]; + } elseif (isGetRequestElementSet($element)) { // Then get it directly - $value = SQL_ESCAPE($GLOBALS['raw_request']['get'][$element]); + $value = sqlEscapeString($GLOBALS['raw_request']['get'][$element]); // Store it in cache - $GLOBALS['cache_request']['request_get'][$element] = $value; + $GLOBALS['cache_request']['get'][$element] = $value; } // END - if // Return value @@ -70,16 +63,17 @@ function getRequestParameter ($element) { } // Checks if an element in $_GET exists -function isGetRequestParameterSet ($element, $subElement = '') { +function isGetRequestElementSet ($element, $subElement = '') { if (empty($subElement)) { - return ((isset($GLOBALS['raw_request']['get'][$element])) && (!empty($GLOBALS['raw_request']['get'][$element]))); + return ((isset($GLOBALS['raw_request']['get'][$element])) && ('' . ($GLOBALS['raw_request']['get'][$element] . '') != '')); } else { - return ((isset($GLOBALS['raw_request']['get'][$element][$subElement])) && (!empty($GLOBALS['raw_request']['get'][$element][$subElement]))); + return ((isset($GLOBALS['raw_request']['get'][$element][$subElement])) && ('' . ($GLOBALS['raw_request']['get'][$element][$subElement] . '') != '')); } } // Removes an element from $_GET -function unsetGetRequestParameter ($element) { +function unsetGetRequestElement ($element) { + unset($GLOBALS['cache_request']['get'][$element]); unset($GLOBALS['raw_request']['get'][$element]); } @@ -91,7 +85,7 @@ function getRequestArray () { // Counts entries in $_GET or returns false if not an array function countRequestGet () { // By default this is not an array - $count = false; + $count = FALSE; // Get the array $GET = getRequestArray(); @@ -106,60 +100,78 @@ function countRequestGet () { } // Setter for element in $_GET -function setGetRequestParameter ($element, $value) { +function setGetRequestElement ($element, $value) { // Escape both - $element = SQL_ESCAPE($element); - $value = SQL_ESCAPE($value); + $element = sqlEscapeString($element); + $value = sqlEscapeString($value); // Set in $_GET $GLOBALS['raw_request']['get'][$element] = $value; // Update cache - $GLOBALS['cache_request']['request_get'][$element] = $value; + $GLOBALS['cache_request']['get'][$element] = $value; } // Wrapper for elements in $_POST -function postRequestParameter ($element, $subElement=null) { +function postRequestElement ($element, $subElement = NULL) { + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[' . gettype($element) . ']=' . $element . ',subElement[' . gettype($subElement) . ']=' . $subElement . ' - ENTERED!'); // By default no element is there - $value = null; + $value = NULL; // Is the element in cache? - if (isset($GLOBALS['cache_request']['request_post'][$element][$subElement])) { + if (isset($GLOBALS['cache_request']['post'][$element][$subElement])) { // Then use it - $value = $GLOBALS['cache_request']['request_post'][$element][$subElement]; - } elseif (isPostRequestParameterSet($element)) { + $value = $GLOBALS['cache_request']['post'][$element][$subElement]; + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[' . gettype($element) . ']=' . $element . ',subElement[' . gettype($subElement) . ']=' . $subElement . ',value[' . gettype($value) . ']=' . $value . ' - CACHE!'); + } elseif (isPostRequestElementSet($element)) { // Then use it $value = $GLOBALS['raw_request']['post'][$element]; // Is $subElement set? - if ((!is_null($subElement)) && (isPostRequestParameterSet($element, $subElement))) { + if ((!is_null($subElement)) && (isPostRequestElementSet($element, $subElement))) { // Then use this - $value = SQL_ESCAPE($value[$subElement]); - } elseif (!is_array($value)) { + $value = sqlEscapeString($value[$subElement]); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',subElement=' . $subElement . ' - SUB!'); + } elseif ((!is_array($value)) && (function_exists('sqlEscapeString'))) { // Escape it here - $value = SQL_ESCAPE($value); + $value = sqlEscapeString($value); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ' - REGULAR!'); } // Set it in cache - $GLOBALS['cache_request']['request_post'][$element][$subElement] = $value; + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',subElement=' . $subElement . ',value=' . $value.' - ADDED!'); + $GLOBALS['cache_request']['post'][$element][$subElement] = $value; } // END - if // Return value + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[' . gettype($element) . ']=' . $element . ',subElement[' . gettype($subElement) . ']=' . $subElement . ',value[' . gettype($value) . ']=' . $value . ' - EXIT!'); return $value; } // Checks if an element in $_POST exists -function isPostRequestParameterSet ($element, $subElement=null) { +function isPostRequestElementSet ($element, $subElement = NULL) { + /* + * Always check that $element is a string and that $subElement is NULL or + * a string as numerical indexes are not wanted in POST data (in this + * project). + */ + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element[]=' . gettype($element) . ',subElement[]=' . gettype($subElement)); + assert(is_string($element) && ((is_null($subElement)) || (is_string($subElement)) || (is_int($subElement)) || (is_double($subElement)))); + + // Is a sub element set? if (is_null($subElement)) { - return ((isset($GLOBALS['raw_request']['post'][$element])) && (isset($GLOBALS['raw_request']['post'][$element]))); + // No, then only check $element + return ((isset($GLOBALS['raw_request']['post'][$element])) && ((is_array($GLOBALS['raw_request']['post'][$element])) || (('' . $GLOBALS['raw_request']['post'][$element] . '') != ''))); } else { - return ((isset($GLOBALS['raw_request']['post'][$element][$subElement])) && (isset($GLOBALS['raw_request']['post'][$element][$subElement]))); + // Yes, then check both together + return ((isset($GLOBALS['raw_request']['post'][$element][$subElement])) && (('' . $GLOBALS['raw_request']['post'][$element][$subElement] . '') != '')); } } // Removes an element from $_POST -function unsetPostRequestParameter ($element) { +function unsetPostRequestElement ($element) { unset($GLOBALS['raw_request']['post'][$element]); + unset($GLOBALS['cache_request']['post'][$element]); } // Getter for whole $_POST array @@ -175,7 +187,7 @@ function setPostRequestArray ($postData) { // Counts entries in $_POST or returns false if not an array function countRequestPost () { // By default this is not an array - $count = false; + $count = FALSE; // Get the array $postData = postRequestArray(); @@ -187,10 +199,11 @@ function countRequestPost () { } // END - if // Return value + return $count; } // Setter for element in $_POST -function setPostRequestParameter ($element, $value) { +function setPostRequestElement ($element, $value) { // Is $element or $value an array? if (is_array($element)) { // Set array @@ -200,53 +213,69 @@ function setPostRequestParameter ($element, $value) { $eval .= implode("']['", $element); // Finish eval() command - $eval .= sprintf("'] = \"%s\";", SQL_ESCAPE($value)); + $eval .= sprintf("'] = \"%s\";", sqlEscapeString($value)); // And run it eval($eval); } elseif (is_array($value)) { // Escape element - $element = SQL_ESCAPE($element); + $element = sqlEscapeString($element); // Value is an array so set it directly $GLOBALS['raw_request']['post'][$element] = $value; } else { + // Debug message + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',value=' . $value . ' - BEFORE!'); + // Escape both - $element = SQL_ESCAPE($element); - $value = SQL_ESCAPE($value); + $element = sqlEscapeString($element); + $value = sqlEscapeString($value); + + // Debug message + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'element=' . $element . ',value=' . $value . ' - AFTER!'); // Set regular entry $GLOBALS['raw_request']['post'][$element] = $value; } // Update cache - $GLOBALS['cache_request']['request_post'][$element][null] = $value; + $GLOBALS['cache_request']['post'][$element][NULL] = $value; } -// Checks wether a form was sent. If so, the $_POST['ok'] element must be set -function isFormSent () { +// Checks whether a form was sent. If so, the $_POST['ok'] element must be set +function isFormSent ($requestParameter = 'ok') { // Simply wrap it! - return isPostRequestParameterSet('ok'); + return isPostRequestElementSet($requestParameter); } -// Checks if 'content_type' is set -function isContentTypeSet () { - return isset($GLOBALS['content_type']); -} +// Getter for request URI +function getRequestUri () { + // Is it not set? + if (!isset($_SERVER['REQUEST_URI'])) { + // Return empty string + return ''; + } // END - if -// Setter for content type -function setContentType ($contentType) { - $GLOBALS['content_type'] = (string) $contentType; + // Return it + return $_SERVER['REQUEST_URI']; } -// Getter for content type -function getContentType () { - return $GLOBALS['content_type']; -} +// Add all GET parameters to a string (without leading sign) +function addAllGetRequestParameters () { + // Init variable + $return = ''; -// Getter for request URI -function getRequestUri () { - return $_SERVER['REQUEST_URI']; + // Now add all parameters + foreach (getRequestArray() as $key => $value) { + // Add it secured + $return .= sqlEscapeString($key) . '=' . sqlEscapeString($value) . '&'; + } // END - foreach + + // Remove trailing & + $return = substr($return, 0, -5); + + // Return it + return $return; } // [EOF]