index : flyspray | |
Archlinux32 customized Flyspray installation | gitolite user |
summaryrefslogtreecommitdiff |
-rw-r--r-- | includes/class.gpc.php | 257 |
diff --git a/includes/class.gpc.php b/includes/class.gpc.php new file mode 100644 index 0000000..88235ef --- /dev/null +++ b/includes/class.gpc.php @@ -0,0 +1,257 @@ +<?php +// {{{ class Req +/** + * Flyspray + * + * GPC classes + * + * This script contains classes for $_GET, $_REQUEST, $_POST and $_COOKIE + * to safely retrieve values. Example: Get::val('foo', 'bar') to get $_GET['foo'] or 'bar' if + * the key does not exist. + * + * @license http://opensource.org/licenses/lgpl-license.php Lesser GNU Public License + * @package flyspray + * @author Pierre Habouzit + */ + +abstract class Req +{ + public static function has($key) + { + return isset($_REQUEST[$key]); + } + + public static function val($key, $default = null) + { + return Req::has($key) ? $_REQUEST[$key] : $default; + } + + //it will always return a number no matter what(null is 0) + public static function num($key, $default = null) + { + return Filters::num(Req::val($key, $default)); + } + + public static function enum($key, $options, $default = null) + { + return Filters::enum(Req::val($key, $default), $options); + } + + //always a string (null is typed to an empty string) + public static function safe($key) + { + return Filters::noXSS(Req::val($key)); + } + + public static function isAlnum($key) + { + return Filters::isAlnum(Req::val($key)); + } + + /** + * Overwrites or sets a request value + */ + public static function set($key, $value = null) { + $_REQUEST[$key] = $value; + } +} + + // }}} +// {{{ class Post + +abstract class Post +{ + public static function has($key) + { + // XXX semantics is different for POST, as POST of '' values is never + // unintentionnal, whereas GET/COOKIE may have '' values for empty + // ones. + return isset($_POST[$key]); + } + + public static function val($key, $default = null) + { + return Post::has($key) ? $_POST[$key] : $default; + } + + //it will always return a number no matter what(null is 0) + public static function num($key, $default = null) + { + return Filters::num(Post::val($key, $default)); + } + + //always a string (null is typed to an empty string) + public static function safe($key) + { + return Filters::noXSS(Post::val($key)); + } + + public static function isAlnum($key) + { + return Filters::isAlnum(Post::val($key)); + } +} + +// }}} +// {{{ class Get + +abstract class Get +{ + public static function has($key) + { + return isset($_GET[$key]) && $_GET[$key] !== ''; + } + + public static function val($key, $default = null) + { + return Get::has($key) ? $_GET[$key] : $default; + } + + //it will always return a number no matter what(null is 0) + public static function num($key, $default = null) + { + return Filters::num(Get::val($key, $default)); + } + + //always a string (null is typed to an empty string) + public static function safe($key) + { + return Filters::noXSS(Get::val($key)); + } + + public static function enum($key, $options, $default = null) + { + return Filters::enum(Get::val($key, $default), $options); + } + +} + +// }}} +//{{{ class Cookie + +abstract class Cookie +{ + public static function has($key) + { + return isset($_COOKIE[$key]) && $_COOKIE[$key] !== ''; + } + + public static function val($key, $default = null) + { + return Cookie::has($key) ? $_COOKIE[$key] : $default; + } +} +//}}} +/** + * Class Filters + * + * This is a simple class for safe input validation + * no mixed stuff here, functions returns always the same type. + * @author Cristian Rodriguez R <judas.iscariote@flyspray.org> + * @license BSD + * @notes this intented to be used by Flyspray internals functions/methods + * please DO NOT use this in templates , if the code processing the input there + * is not safe, please fix the underlying problem. + */ +abstract class Filters { + /** + * give me a number only please? + * @param mixed $data + * @return int + * @access public static + * @notes changed before 0.9.9 to avoid strange results + * with arrays and objects + */ + public static function num($data) + { + return intval($data); // no further checks here please + } + + /** + * Give user input free from potentially mailicious html + * @param mixed $data + * @return string htmlspecialchar'ed + * @access public static + */ + public static function noXSS($data) + { + if(empty($data) || is_numeric($data)) { + return $data; + } elseif(is_string($data)) { + return htmlspecialchars($data, ENT_QUOTES, 'utf-8'); + } + return ''; + } + + /** + * Give user input free from potentially mailicious html and JS insertions + * @param mixed $data + * @return string + * @access public static + */ + public static function noJsXSS($data) + { + if(empty($data) || is_numeric($data)) { + return $data; + } elseif(is_string($data)) { + return Filters::noXSS(preg_replace("/[\x01-\x1F\x7F]|\xC2[\x80-\x9F]/", "", addcslashes($data, "\t\"'\\"))); + } + return ''; + } + + /** + * is $data alphanumeric eh ? + * @param string $data string value to check + * @return bool + * @access public static + * @notes unfortunately due to a bug in PHP < 5.1 + * http://bugs.php.net/bug.php?id=30945 ctype_alnum + * returned true on empty string, that's the reason why + * we have to use strlen too. + * + * Be aware: $data MUST be an string, integers or any other + * type is evaluated to FALSE + */ + public static function isAlnum($data) + { + return ctype_alnum($data) && strlen($data); + } + + /** + * Checks if $data is a value of $options and returns the first element of + * $options if it is not (for input validation if all possible values are known) + * @param mixed $data + * @param array $options + * @return mixed + * @access public static + */ + public static function enum($data, $options) + { + if (!in_array($data, $options) && isset($options[0])) { + return $options[0]; + } + + return $data; + } + + public static function escapeqs($qs) + { + parse_str($qs, $clean_qs); + return http_build_query($clean_qs); + } +} + +/** + * A basic function which works like the GPC classes above for any array + * @param array $array + * @param mixed $key + * @param mixed $default + * @return mixed + * @version 1.0 + * @since 0.9.9 + * @see Backend::get_task_list() + */ +function array_get(&$array, $key, $default = null) +{ + return (isset($array[$key])) ? $array[$key] : $default; +} |