Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/includes/class.gpc.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/class.gpc.php')
-rw-r--r--includes/class.gpc.php257
1 files changed, 257 insertions, 0 deletions
diff --git a/includes/class.gpc.php b/includes/class.gpc.php
new file mode 100644
index 0000000..88235ef
--- /dev/null
+++ b/includes/class.gpc.php
@@ -0,0 +1,257 @@
+<?php
+// {{{ class Req
+/**
+ * Flyspray
+ *
+ * GPC classes
+ *
+ * This script contains classes for $_GET, $_REQUEST, $_POST and $_COOKIE
+ * to safely retrieve values. Example: Get::val('foo', 'bar') to get $_GET['foo'] or 'bar' if
+ * the key does not exist.
+ *
+ * @license http://opensource.org/licenses/lgpl-license.php Lesser GNU Public License
+ * @package flyspray
+ * @author Pierre Habouzit
+ */
+
+abstract class Req
+{
+ public static function has($key)
+ {
+ return isset($_REQUEST[$key]);
+ }
+
+ public static function val($key, $default = null)
+ {
+ return Req::has($key) ? $_REQUEST[$key] : $default;
+ }
+
+ //it will always return a number no matter what(null is 0)
+ public static function num($key, $default = null)
+ {
+ return Filters::num(Req::val($key, $default));
+ }
+
+ public static function enum($key, $options, $default = null)
+ {
+ return Filters::enum(Req::val($key, $default), $options);
+ }
+
+ //always a string (null is typed to an empty string)
+ public static function safe($key)
+ {
+ return Filters::noXSS(Req::val($key));
+ }
+
+ public static function isAlnum($key)
+ {
+ return Filters::isAlnum(Req::val($key));
+ }
+
+ /**
+ * Overwrites or sets a request value
+ */
+ public static function set($key, $value = null) {
+ $_REQUEST[$key] = $value;
+ }
+}
+
+ // }}}
+// {{{ class Post
+
+abstract class Post
+{
+ public static function has($key)
+ {
+ // XXX semantics is different for POST, as POST of '' values is never
+ // unintentionnal, whereas GET/COOKIE may have '' values for empty
+ // ones.
+ return isset($_POST[$key]);
+ }
+
+ public static function val($key, $default = null)
+ {
+ return Post::has($key) ? $_POST[$key] : $default;
+ }
+
+ //it will always return a number no matter what(null is 0)
+ public static function num($key, $default = null)
+ {
+ return Filters::num(Post::val($key, $default));
+ }
+
+ //always a string (null is typed to an empty string)
+ public static function safe($key)
+ {
+ return Filters::noXSS(Post::val($key));
+ }
+
+ public static function isAlnum($key)
+ {
+ return Filters::isAlnum(Post::val($key));
+ }
+}
+
+// }}}
+// {{{ class Get
+
+abstract class Get
+{
+ public static function has($key)
+ {
+ return isset($_GET[$key]) && $_GET[$key] !== '';
+ }
+
+ public static function val($key, $default = null)
+ {
+ return Get::has($key) ? $_GET[$key] : $default;
+ }
+
+ //it will always return a number no matter what(null is 0)
+ public static function num($key, $default = null)
+ {
+ return Filters::num(Get::val($key, $default));
+ }
+
+ //always a string (null is typed to an empty string)
+ public static function safe($key)
+ {
+ return Filters::noXSS(Get::val($key));
+ }
+
+ public static function enum($key, $options, $default = null)
+ {
+ return Filters::enum(Get::val($key, $default), $options);
+ }
+
+}
+
+// }}}
+//{{{ class Cookie
+
+abstract class Cookie
+{
+ public static function has($key)
+ {
+ return isset($_COOKIE[$key]) && $_COOKIE[$key] !== '';
+ }
+
+ public static function val($key, $default = null)
+ {
+ return Cookie::has($key) ? $_COOKIE[$key] : $default;
+ }
+}
+//}}}
+/**
+ * Class Filters
+ *
+ * This is a simple class for safe input validation
+ * no mixed stuff here, functions returns always the same type.
+ * @author Cristian Rodriguez R <judas.iscariote@flyspray.org>
+ * @license BSD
+ * @notes this intented to be used by Flyspray internals functions/methods
+ * please DO NOT use this in templates , if the code processing the input there
+ * is not safe, please fix the underlying problem.
+ */
+abstract class Filters {
+ /**
+ * give me a number only please?
+ * @param mixed $data
+ * @return int
+ * @access public static
+ * @notes changed before 0.9.9 to avoid strange results
+ * with arrays and objects
+ */
+ public static function num($data)
+ {
+ return intval($data); // no further checks here please
+ }
+
+ /**
+ * Give user input free from potentially mailicious html
+ * @param mixed $data
+ * @return string htmlspecialchar'ed
+ * @access public static
+ */
+ public static function noXSS($data)
+ {
+ if(empty($data) || is_numeric($data)) {
+ return $data;
+ } elseif(is_string($data)) {
+ return htmlspecialchars($data, ENT_QUOTES, 'utf-8');
+ }
+ return '';
+ }
+
+ /**
+ * Give user input free from potentially mailicious html and JS insertions
+ * @param mixed $data
+ * @return string
+ * @access public static
+ */
+ public static function noJsXSS($data)
+ {
+ if(empty($data) || is_numeric($data)) {
+ return $data;
+ } elseif(is_string($data)) {
+ return Filters::noXSS(preg_replace("/[\x01-\x1F\x7F]|\xC2[\x80-\x9F]/", "", addcslashes($data, "\t\"'\\")));
+ }
+ return '';
+ }
+
+ /**
+ * is $data alphanumeric eh ?
+ * @param string $data string value to check
+ * @return bool
+ * @access public static
+ * @notes unfortunately due to a bug in PHP < 5.1
+ * http://bugs.php.net/bug.php?id=30945 ctype_alnum
+ * returned true on empty string, that's the reason why
+ * we have to use strlen too.
+ *
+ * Be aware: $data MUST be an string, integers or any other
+ * type is evaluated to FALSE
+ */
+ public static function isAlnum($data)
+ {
+ return ctype_alnum($data) && strlen($data);
+ }
+
+ /**
+ * Checks if $data is a value of $options and returns the first element of
+ * $options if it is not (for input validation if all possible values are known)
+ * @param mixed $data
+ * @param array $options
+ * @return mixed
+ * @access public static
+ */
+ public static function enum($data, $options)
+ {
+ if (!in_array($data, $options) && isset($options[0])) {
+ return $options[0];
+ }
+
+ return $data;
+ }
+
+ public static function escapeqs($qs)
+ {
+ parse_str($qs, $clean_qs);
+ return http_build_query($clean_qs);
+ }
+}
+
+/**
+ * A basic function which works like the GPC classes above for any array
+ * @param array $array
+ * @param mixed $key
+ * @param mixed $default
+ * @return mixed
+ * @version 1.0
+ * @since 0.9.9
+ * @see Backend::get_task_list()
+ */
+function array_get(&$array, $key, $default = null)
+{
+ return (isset($array[$key])) ? $array[$key] : $default;
+}