| [ Index ] |
PHP Cross Reference of MantisBT |
[Summary view] [Print] [Text view]
1 <?php 2 # MantisBT - A PHP based bugtracking system 3 4 # MantisBT is free software: you can redistribute it and/or modify 5 # it under the terms of the GNU General Public License as published by 6 # the Free Software Foundation, either version 2 of the License, or 7 # (at your option) any later version. 8 # 9 # MantisBT is distributed in the hope that it will be useful, 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 # GNU General Public License for more details. 13 # 14 # You should have received a copy of the GNU General Public License 15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * GPC API 19 * 20 * Provides sanitisation and type conversion of user supplied data through 21 * HTTP GET, HTTP POST and cookies. 22 * 23 * @package CoreAPI 24 * @subpackage GPCAPI 25 * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org 26 * @copyright Copyright (C) 2002 - 2011 MantisBT Team - mantisbt-dev@lists.sourceforge.net 27 * @link http://www.mantisbt.org 28 * 29 * @uses config_api.php 30 * @uses constant_inc.php 31 * @uses error_api.php 32 */ 33 34 require_api( 'config_api.php' ); 35 require_api( 'constant_inc.php' ); 36 require_api( 'error_api.php' ); 37 38 /** 39 * Determines (once-off) whether the client is accessing this script via a 40 * secure connection. If they are, we want to use the Secure cookie flag to 41 * prevent the cookie from being transmitted to other domains. 42 * @global bool $g_cookie_secure_flag_enabled 43 */ 44 $g_cookie_secure_flag_enabled = isset( $_SERVER['HTTPS'] ) && ( utf8_strtolower( $_SERVER['HTTPS'] ) != 'off' ); 45 46 /** 47 * Determines (once-off) whether the version of PHP executing this script has 48 * support for the HttpOnly cookie flag. If so, we will set this flag to true 49 * so that it'll be added to all cookies sent to the client. 50 * @global bool $g_cookie_httponly_flag_enabled 51 */ 52 $g_cookie_httponly_flag_enabled = version_compare( PHP_VERSION, '5.2.0', '>=' ); 53 54 /** 55 * GET, POST, and Cookie API 56 * --------------- 57 * Retrieve a GPC variable. 58 * If the variable is not set, the default is returned. 59 * If magic_quotes_gpc is on, slashes will be stripped from the value before being returned. 60 * 61 * You may pass in any variable as a default (including null) but if 62 * you pass in *no* default then an error will be triggered if the field 63 * cannot be found 64 * 65 * @param string 66 * @return null 67 */ 68 function gpc_get( $p_var_name, $p_default = null ) { 69 if( isset( $_POST[$p_var_name] ) ) { 70 $t_result = gpc_strip_slashes( $_POST[$p_var_name] ); 71 } else if( isset( $_GET[$p_var_name] ) ) { 72 $t_result = gpc_strip_slashes( $_GET[$p_var_name] ); 73 } 74 else if( func_num_args() > 1 ) { 75 # check for a default passed in (allowing null) 76 $t_result = $p_default; 77 } else { 78 error_parameters( $p_var_name ); 79 trigger_error( ERROR_GPC_VAR_NOT_FOUND, ERROR ); 80 $t_result = null; 81 } 82 83 return $t_result; 84 } 85 86 /** 87 * 88 * @param string $p_var_name 89 * @return bool 90 */ 91 function gpc_isset( $p_var_name ) { 92 if( isset( $_POST[$p_var_name] ) ) { 93 return true; 94 } 95 else if( isset( $_GET[$p_var_name] ) ) { 96 return true; 97 } 98 99 return false; 100 } 101 102 /** 103 * Retrieve a string GPC variable. Uses gpc_get(). 104 * If you pass in *no* default, an error will be triggered if 105 * the variable does not exist 106 * @param string $p_var_name 107 * @param string $p_default (optional) 108 * @return string|null 109 */ 110 function gpc_get_string( $p_var_name, $p_default = null ) { 111 112 # Don't pass along a default unless one was given to us 113 # otherwise we prevent an error being triggered 114 $args = func_get_args(); 115 $t_result = call_user_func_array( 'gpc_get', $args ); 116 117 if( is_array( $t_result ) ) { 118 error_parameters( $p_var_name ); 119 trigger_error( ERROR_GPC_ARRAY_UNEXPECTED, ERROR ); 120 } 121 122 return $t_result; 123 } 124 125 /** 126 * Retrieve an integer GPC variable. Uses gpc_get(). 127 * If you pass in *no* default, an error will be triggered if 128 * the variable does not exist 129 * @param string $p_var_name 130 * @param int $p_default (optional) 131 * @return int|null 132 */ 133 function gpc_get_int( $p_var_name, $p_default = null ) { 134 # Don't pass along a default unless one was given to us 135 # otherwise we prevent an error being triggered 136 $args = func_get_args(); 137 $t_result = call_user_func_array( 'gpc_get', $args ); 138 139 if( is_array( $t_result ) ) { 140 error_parameters( $p_var_name ); 141 trigger_error( ERROR_GPC_ARRAY_UNEXPECTED, ERROR ); 142 } 143 $t_val = str_replace( ' ', '', trim( $t_result ) ); 144 if( !preg_match( "/^-?([0-9])*$/", $t_val ) ) { 145 error_parameters( $p_var_name ); 146 trigger_error( ERROR_GPC_NOT_NUMBER, ERROR ); 147 } 148 149 return (int) $t_val; 150 } 151 152 /** 153 * Retrieve a boolean GPC variable. Uses gpc_get(). 154 * If you pass in *no* default, false will be used 155 * @param string $p_var_name 156 * @param bool $p_default (optional) 157 * @return bool|null 158 */ 159 function gpc_get_bool( $p_var_name, $p_default = false ) { 160 $t_result = gpc_get( $p_var_name, $p_default ); 161 162 if( $t_result === $p_default ) { 163 return $p_default; 164 } else { 165 if( is_array( $t_result ) ) { 166 error_parameters( $p_var_name ); 167 trigger_error( ERROR_GPC_ARRAY_UNEXPECTED, ERROR ); 168 } 169 170 return gpc_string_to_bool( $t_result ); 171 } 172 } 173 174 /** 175 * see if a custom field variable is set. Uses gpc_isset(). 176 * @param string $p_var_name 177 * @param int $p_custom_field_type 178 * @return bool 179 */ 180 function gpc_isset_custom_field( $p_var_name, $p_custom_field_type ) { 181 $t_field_name = 'custom_field_' . $p_var_name; 182 183 switch ($p_custom_field_type ) { 184 case CUSTOM_FIELD_TYPE_DATE: 185 // date field is three dropdowns that default to 0 186 // Dropdowns are always present, so check if they are set 187 return gpc_isset( $t_field_name . '_day' ) && 188 gpc_get_int( $t_field_name . '_day', 0 ) != 0 && 189 gpc_isset( $t_field_name . '_month' ) && 190 gpc_get_int( $t_field_name . '_month', 0 ) != 0 && 191 gpc_isset( $t_field_name . '_year' ) && 192 gpc_get_int( $t_field_name . '_year', 0 ) != 0 ; 193 case CUSTOM_FIELD_TYPE_STRING: 194 case CUSTOM_FIELD_TYPE_NUMERIC: 195 case CUSTOM_FIELD_TYPE_FLOAT: 196 case CUSTOM_FIELD_TYPE_ENUM: 197 case CUSTOM_FIELD_TYPE_EMAIL: 198 return gpc_isset( $t_field_name ) && !is_blank( gpc_get_string( $t_field_name ) ); 199 default: 200 return gpc_isset( $t_field_name ); 201 } 202 } 203 204 /** 205 * Retrieve a custom field variable. Uses gpc_get(). 206 * If you pass in *no* default, an error will be triggered if 207 * the variable does not exist 208 * @param string $p_var_name 209 * @param int $p_custom_field_Type 210 * @param mixed $p_default 211 * @return string 212 */ 213 function gpc_get_custom_field( $p_var_name, $p_custom_field_type, $p_default = null ) { 214 switch( $p_custom_field_type ) { 215 case CUSTOM_FIELD_TYPE_MULTILIST: 216 case CUSTOM_FIELD_TYPE_CHECKBOX: 217 // ensure that the default is an array, if set 218 if ( ($p_default !== null) && !is_array($p_default) ) { 219 $p_default = array( $p_default ); 220 } 221 $t_values = gpc_get_string_array( $p_var_name, $p_default ); 222 if( is_array( $t_values ) ) { 223 return implode( '|', $t_values ); 224 } else { 225 return ''; 226 } 227 break; 228 case CUSTOM_FIELD_TYPE_DATE: 229 $t_day = gpc_get_int( $p_var_name . '_day', 0 ); 230 $t_month = gpc_get_int( $p_var_name . '_month', 0 ); 231 $t_year = gpc_get_int( $p_var_name . '_year', 0 ); 232 if(( $t_year == 0 ) || ( $t_month == 0 ) || ( $t_day == 0 ) ) { 233 if( $p_default == null ) { 234 return ''; 235 } else { 236 return $p_default; 237 } 238 } else { 239 return strtotime( $t_year . '-' . $t_month . '-' . $t_day ); 240 } 241 break; 242 default: 243 return gpc_get_string( $p_var_name, $p_default ); 244 } 245 } 246 247 /** 248 * Retrieve a string array GPC variable. Uses gpc_get(). 249 * If you pass in *no* default, an error will be triggered if 250 * the variable does not exist 251 * @param string $p_var_name 252 * @param array $p_default 253 * @return array 254 */ 255 function gpc_get_string_array( $p_var_name, $p_default = null ) { 256 # Don't pass along a default unless one was given to us 257 # otherwise we prevent an error being triggered 258 $args = func_get_args(); 259 $t_result = call_user_func_array( 'gpc_get', $args ); 260 261 # If we the result isn't the default we were given or an array, error 262 if( !((( 1 < func_num_args() ) && ( $t_result === $p_default ) ) || is_array( $t_result ) ) ) { 263 error_parameters( $p_var_name ); 264 trigger_error( ERROR_GPC_ARRAY_EXPECTED, ERROR ); 265 } 266 267 return $t_result; 268 } 269 270 /** 271 * Retrieve an integer array GPC variable. Uses gpc_get(). 272 * If you pass in *no* default, an error will be triggered if 273 * the variable does not exist 274 * @param string $p_var_name 275 * @param array $p_default 276 * @return array 277 */ 278 function gpc_get_int_array( $p_var_name, $p_default = null ) { 279 # Don't pass along a default unless one was given to us 280 # otherwise we prevent an error being triggered 281 $args = func_get_args(); 282 $t_result = call_user_func_array( 'gpc_get', $args ); 283 284 # If we the result isn't the default we were given or an array, error 285 if( !((( 1 < func_num_args() ) && ( $t_result === $p_default ) ) || is_array( $t_result ) ) ) { 286 error_parameters( $p_var_name ); 287 trigger_error( ERROR_GPC_ARRAY_EXPECTED, ERROR ); 288 } 289 290 $t_count = count( $t_result ); 291 for( $i = 0;$i < $t_count;$i++ ) { 292 $t_result[$i] = (int) $t_result[$i]; 293 } 294 295 return $t_result; 296 } 297 298 /** 299 * Retrieve a boolean array GPC variable. Uses gpc_get(). 300 * If you pass in *no* default, an error will be triggered if the variable does not exist. 301 * @param string $p_var_name 302 * @param string $p_default 303 * @return array 304 */ 305 function gpc_get_bool_array( $p_var_name, $p_default = null ) { 306 # Don't pass along a default unless one was given to us 307 # otherwise we prevent an error being triggered 308 $args = func_get_args(); 309 $t_result = call_user_func_array( 'gpc_get', $args ); 310 311 # If we the result isn't the default we were given or an array, error 312 if( !((( 1 < func_num_args() ) && ( $t_result === $p_default ) ) || is_array( $t_result ) ) ) { 313 error_parameters( $p_var_name ); 314 trigger_error( ERROR_GPC_ARRAY_EXPECTED, ERROR ); 315 } 316 317 $t_count = count( $t_result ); 318 for( $i = 0; $i < $t_count; $i++ ) { 319 $t_result[$i] = gpc_string_to_bool( $t_result[$i] ); 320 } 321 322 return $t_result; 323 } 324 325 /** 326 * Retrieve a cookie variable 327 * You may pass in any variable as a default (including null) but if 328 * you pass in *no* default then an error will be triggered if the cookie cannot be found 329 * @param string $p_var_name 330 * @param string $p_default 331 * @return string 332 */ 333 function gpc_get_cookie( $p_var_name, $p_default = null ) { 334 if( isset( $_COOKIE[$p_var_name] ) ) { 335 $t_result = gpc_strip_slashes( $_COOKIE[$p_var_name] ); 336 } 337 else if( func_num_args() > 1 ) { 338 # check for a default passed in (allowing null) 339 $t_result = $p_default; 340 } else { 341 error_parameters( $p_var_name ); 342 trigger_error( ERROR_GPC_VAR_NOT_FOUND, ERROR ); 343 } 344 345 return $t_result; 346 } 347 348 /** 349 * Set a cookie variable 350 * If $p_expire is false instead of a number, the cookie will expire when 351 * the browser is closed; if it is true, the default time from the config 352 * file will be used. 353 * If $p_path or $p_domain are omitted, defaults are used. 354 * Set $p_httponly to false if client-side Javascript needs to read/write 355 * the cookie. Otherwise it is safe to leave this value unspecified, as 356 * the default value is true. 357 * @todo this function is to be modified by Victor to add CRC... for now it just passes the parameters through to setcookie() 358 * @param string $p_name 359 * @param string $p_value 360 * @param bool $p_expire default false 361 * @param string $p_path default null 362 * @param string $p_domain default null 363 * @param bool $p_httponly default true 364 * @return bool - true on success, false on failure 365 */ 366 function gpc_set_cookie( $p_name, $p_value, $p_expire = false, $p_path = null, $p_domain = null, $p_httponly = true ) { 367 global $g_cookie_secure_flag_enabled; 368 global $g_cookie_httponly_flag_enabled; 369 if( false === $p_expire ) { 370 $p_expire = 0; 371 } 372 else if( true === $p_expire ) { 373 $t_cookie_length = config_get( 'cookie_time_length' ); 374 $p_expire = time() + $t_cookie_length; 375 } 376 if( null === $p_path ) { 377 $p_path = config_get( 'cookie_path' ); 378 } 379 if( null === $p_domain ) { 380 $p_domain = config_get( 'cookie_domain' ); 381 } 382 383 if( $g_cookie_httponly_flag_enabled ) { 384 # The HttpOnly cookie flag is only supported in PHP >= 5.2.0 385 return setcookie( $p_name, $p_value, $p_expire, $p_path, $p_domain, $g_cookie_secure_flag_enabled, $g_cookie_httponly_flag_enabled ); 386 } 387 388 return setcookie( $p_name, $p_value, $p_expire, $p_path, $p_domain, $g_cookie_secure_flag_enabled ); 389 } 390 391 /** 392 * Clear a cookie variable 393 * @param string $p_name 394 * @param string $p_path 395 * @param string $p_domain 396 * @return bool 397 */ 398 function gpc_clear_cookie( $p_name, $p_path = null, $p_domain = null ) { 399 if( null === $p_path ) { 400 $p_path = config_get( 'cookie_path' ); 401 } 402 if( null === $p_domain ) { 403 $p_domain = config_get( 'cookie_domain' ); 404 } 405 406 if( isset( $_COOKIE[$p_name] ) ) { 407 unset( $_COOKIE[$p_name] ); 408 } 409 410 # dont try to send cookie if headers are send (guideweb) 411 if( !headers_sent() ) { 412 return setcookie( $p_name, '', -1, $p_path, $p_domain ); 413 } else { 414 return false; 415 } 416 } 417 418 /** 419 * Retrieve a file variable 420 * You may pass in any variable as a default (including null) but if 421 * you pass in *no* default then an error will be triggered if the file 422 * cannot be found 423 * @param string $p_var_name 424 * @param mixed $p_file 425 * @return mixed 426 */ 427 function gpc_get_file( $p_var_name, $p_default = null ) { 428 if( isset( $_FILES[$p_var_name] ) ) { 429 430 # FILES are not escaped even if magic_quotes is ON, this applies to Windows paths. 431 $t_result = $_FILES[$p_var_name]; 432 } 433 else if( func_num_args() > 1 ) { 434 435 # check for a default passed in (allowing null) 436 $t_result = $p_default; 437 } else { 438 error_parameters( $p_var_name ); 439 trigger_error( ERROR_GPC_VAR_NOT_FOUND, ERROR ); 440 } 441 442 return $t_result; 443 } 444 445 /** 446 * Convert a POST/GET parameter to an array if it is not already one. 447 * @param string $p_var_name - The name of the parameter 448 * @return null no return value. The $_POST/$_GET are updated as appropriate. 449 */ 450 function gpc_make_array( $p_var_name ) { 451 if( isset( $_POST[$p_var_name] ) && !is_array( $_POST[$p_var_name] ) ) { 452 $_POST[$p_var_name] = array( 453 $_POST[$p_var_name], 454 ); 455 } 456 457 if( isset( $_GET[$p_var_name] ) && !is_array( $_GET[$p_var_name] ) ) { 458 $_GET[$p_var_name] = array( 459 $_GET[$p_var_name], 460 ); 461 } 462 } 463 464 /** 465 * Convert a string to a bool 466 * @param string $p_string 467 * @return bool 468 */ 469 function gpc_string_to_bool( $p_string ) { 470 if( 0 == strcasecmp( 'off', $p_string ) || 0 == strcasecmp( 'no', $p_string ) || 0 == strcasecmp( 'false', $p_string ) || 0 == strcasecmp( '', $p_string ) || 0 == strcasecmp( '0', $p_string ) ) { 471 return false; 472 } else { 473 return true; 474 } 475 } 476 477 /** 478 * Strip slashes if necessary (supports arrays) 479 * @param mixed $p_var 480 * @return mixed 481 */ 482 function gpc_strip_slashes( $p_var ) { 483 if( 0 == get_magic_quotes_gpc() ) { 484 return $p_var; 485 } else if( !is_array( $p_var ) ) { 486 return stripslashes( $p_var ); 487 } else { 488 foreach( $p_var as $key => $value ) { 489 $p_var[$key] = gpc_strip_slashes( $value ); 490 } 491 return $p_var; 492 } 493 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Jul 28 15:48:31 2011 | Cross-referenced by PHPXref 0.7 |