Joomla Platform  13.1
Documentation des API du framework Joomla Platform
 Tout Classes Espaces de nommage Fichiers Fonctions Variables Pages
request.php
Aller à la documentation de ce fichier.
1 <?php
2 /**
3  * @package Joomla.Legacy
4  * @subpackage Request
5  *
6  * @copyright Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
7  * @license GNU General Public License version 2 or later; see LICENSE
8  */
9 
10 defined('JPATH_PLATFORM') or die;
11 
12 /**
13  * Create the request global object
14  */
15 $GLOBALS['_JREQUEST'] = array();
16 
17 /**
18  * Set the available masks for cleaning variables
19  */
20 const JREQUEST_NOTRIM = 1;
21 const JREQUEST_ALLOWRAW = 2;
22 const JREQUEST_ALLOWHTML = 4;
23 
24 JLog::add('JRequest is deprecated.', JLog::WARNING, 'deprecated');
25 
26 /**
27  * JRequest Class
28  *
29  * This class serves to provide the Joomla Platform with a common interface to access
30  * request variables. This includes $_POST, $_GET, and naturally $_REQUEST. Variables
31  * can be passed through an input filter to avoid injection or returned raw.
32  *
33  * @package Joomla.Legacy
34  * @subpackage Request
35  * @since 11.1
36  * @deprecated 12.1 (Platform) & 4.0 (CMS) - Get the JInput object from the application instead
37  */
38 class JRequest
39 {
40  /**
41  * Gets the full request path.
42  *
43  * @return string
44  *
45  * @since 11.1
46  *
47  * @deprecated 12.1
48  */
49  public static function getURI()
50  {
51  $uri = JUri::getInstance();
52  return $uri->toString(array('path', 'query'));
53  }
54 
55  /**
56  * Gets the request method.
57  *
58  * @return string
59  *
60  * @since 11.1
61  *
62  * @deprecated 12.1 Use JInput::getMethod() instead
63  */
64  public static function getMethod()
65  {
66  $method = strtoupper($_SERVER['REQUEST_METHOD']);
67  return $method;
68  }
69 
70  /**
71  * Fetches and returns a given variable.
72  *
73  * The default behaviour is fetching variables depending on the
74  * current request method: GET and HEAD will result in returning
75  * an entry from $_GET, POST and PUT will result in returning an
76  * entry from $_POST.
77  *
78  * You can force the source by setting the $hash parameter:
79  *
80  * post $_POST
81  * get $_GET
82  * files $_FILES
83  * cookie $_COOKIE
84  * env $_ENV
85  * server $_SERVER
86  * method via current $_SERVER['REQUEST_METHOD']
87  * default $_REQUEST
88  *
89  * @param string $name Variable name.
90  * @param string $default Default value if the variable does not exist.
91  * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD).
92  * @param string $type Return type for the variable, for valid values see {@link JFilterInput::clean()}.
93  * @param integer $mask Filter mask for the variable.
94  *
95  * @return mixed Requested variable.
96  *
97  * @since 11.1
98  *
99  * @deprecated 12.1 Use JInput::Get
100  */
101  public static function getVar($name, $default = null, $hash = 'default', $type = 'none', $mask = 0)
102  {
103  // Ensure hash and type are uppercase
104  $hash = strtoupper($hash);
105  if ($hash === 'METHOD')
106  {
107  $hash = strtoupper($_SERVER['REQUEST_METHOD']);
108  }
109  $type = strtoupper($type);
110  $sig = $hash . $type . $mask;
111 
112  // Get the input hash
113  switch ($hash)
114  {
115  case 'GET':
116  $input = &$_GET;
117  break;
118  case 'POST':
119  $input = &$_POST;
120  break;
121  case 'FILES':
122  $input = &$_FILES;
123  break;
124  case 'COOKIE':
125  $input = &$_COOKIE;
126  break;
127  case 'ENV':
128  $input = &$_ENV;
129  break;
130  case 'SERVER':
131  $input = &$_SERVER;
132  break;
133  default:
134  $input = &$_REQUEST;
135  $hash = 'REQUEST';
136  break;
137  }
138 
139  if (isset($GLOBALS['_JREQUEST'][$name]['SET.' . $hash]) && ($GLOBALS['_JREQUEST'][$name]['SET.' . $hash] === true))
140  {
141  // Get the variable from the input hash
142  $var = (isset($input[$name]) && $input[$name] !== null) ? $input[$name] : $default;
143  $var = self::_cleanVar($var, $mask, $type);
144  }
145  elseif (!isset($GLOBALS['_JREQUEST'][$name][$sig]))
146  {
147  if (isset($input[$name]) && $input[$name] !== null)
148  {
149  // Get the variable from the input hash and clean it
150  $var = self::_cleanVar($input[$name], $mask, $type);
151 
152  $GLOBALS['_JREQUEST'][$name][$sig] = $var;
153  }
154  elseif ($default !== null)
155  {
156  // Clean the default value
157  $var = self::_cleanVar($default, $mask, $type);
158  }
159  else
160  {
161  $var = $default;
162  }
163  }
164  else
165  {
166  $var = $GLOBALS['_JREQUEST'][$name][$sig];
167  }
168 
169  return $var;
170  }
171 
172  /**
173  * Fetches and returns a given filtered variable. The integer
174  * filter will allow only digits and the - sign to be returned. This is currently
175  * only a proxy function for getVar().
176  *
177  * See getVar() for more in-depth documentation on the parameters.
178  *
179  * @param string $name Variable name.
180  * @param string $default Default value if the variable does not exist.
181  * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD).
182  *
183  * @return integer Requested variable.
184  *
185  * @since 11.1
186  *
187  * @deprecated 12.1
188  */
189  public static function getInt($name, $default = 0, $hash = 'default')
190  {
191  return self::getVar($name, $default, $hash, 'int');
192  }
193 
194  /**
195  * Fetches and returns a given filtered variable. The unsigned integer
196  * filter will allow only digits to be returned. This is currently
197  * only a proxy function for getVar().
198  *
199  * See getVar() for more in-depth documentation on the parameters.
200  *
201  * @param string $name Variable name.
202  * @param string $default Default value if the variable does not exist.
203  * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD).
204  *
205  * @return integer Requested variable.
206  *
207  * @deprecated 12.1
208  * @since 11.1
209  */
210  public static function getUInt($name, $default = 0, $hash = 'default')
211  {
212  return self::getVar($name, $default, $hash, 'uint');
213  }
214 
215  /**
216  * Fetches and returns a given filtered variable. The float
217  * filter only allows digits and periods. This is currently
218  * only a proxy function for getVar().
219  *
220  * See getVar() for more in-depth documentation on the parameters.
221  *
222  * @param string $name Variable name.
223  * @param string $default Default value if the variable does not exist.
224  * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD).
225  *
226  * @return float Requested variable.
227  *
228  * @since 11.1
229  *
230  * @deprecated 12.1
231  */
232  public static function getFloat($name, $default = 0.0, $hash = 'default')
233  {
234  return self::getVar($name, $default, $hash, 'float');
235  }
236 
237  /**
238  * Fetches and returns a given filtered variable. The bool
239  * filter will only return true/false bool values. This is
240  * currently only a proxy function for getVar().
241  *
242  * See getVar() for more in-depth documentation on the parameters.
243  *
244  * @param string $name Variable name.
245  * @param string $default Default value if the variable does not exist.
246  * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD).
247  *
248  * @return boolean Requested variable.
249  *
250  * @deprecated 12.1
251  * @since 11.1
252  */
253  public static function getBool($name, $default = false, $hash = 'default')
254  {
255  return self::getVar($name, $default, $hash, 'bool');
256  }
257 
258  /**
259  * Fetches and returns a given filtered variable. The word
260  * filter only allows the characters [A-Za-z_]. This is currently
261  * only a proxy function for getVar().
262  *
263  * See getVar() for more in-depth documentation on the parameters.
264  *
265  * @param string $name Variable name.
266  * @param string $default Default value if the variable does not exist.
267  * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD).
268  *
269  * @return string Requested variable.
270  *
271  * @since 11.1
272  *
273  * @deprecated 12.1
274  */
275  public static function getWord($name, $default = '', $hash = 'default')
276  {
277  return self::getVar($name, $default, $hash, 'word');
278  }
279 
280  /**
281  * Cmd (Word and Integer0 filter
282  *
283  * Fetches and returns a given filtered variable. The cmd
284  * filter only allows the characters [A-Za-z0-9.-_]. This is
285  * currently only a proxy function for getVar().
286  *
287  * See getVar() for more in-depth documentation on the parameters.
288  *
289  * @param string $name Variable name
290  * @param string $default Default value if the variable does not exist
291  * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
292  *
293  * @return string Requested variable
294  *
295  * @deprecated 12.1
296  * @since 11.1
297  */
298  public static function getCmd($name, $default = '', $hash = 'default')
299  {
300  return self::getVar($name, $default, $hash, 'cmd');
301  }
302 
303  /**
304  * Fetches and returns a given filtered variable. The string
305  * filter deletes 'bad' HTML code, if not overridden by the mask.
306  * This is currently only a proxy function for getVar().
307  *
308  * See getVar() for more in-depth documentation on the parameters.
309  *
310  * @param string $name Variable name
311  * @param string $default Default value if the variable does not exist
312  * @param string $hash Where the var should come from (POST, GET, FILES, COOKIE, METHOD)
313  * @param integer $mask Filter mask for the variable
314  *
315  * @return string Requested variable
316  *
317  * @since 11.1
318  *
319  * @deprecated 12.1
320  */
321  public static function getString($name, $default = '', $hash = 'default', $mask = 0)
322  {
323  // Cast to string, in case JREQUEST_ALLOWRAW was specified for mask
324  return (string) self::getVar($name, $default, $hash, 'string', $mask);
325  }
326 
327  /**
328  * Set a variable in one of the request variables.
329  *
330  * @param string $name Name
331  * @param string $value Value
332  * @param string $hash Hash
333  * @param boolean $overwrite Boolean
334  *
335  * @return string Previous value
336  *
337  * @since 11.1
338  *
339  * @deprecated 12.1
340  */
341  public static function setVar($name, $value = null, $hash = 'method', $overwrite = true)
342  {
343  // If overwrite is true, makes sure the variable hasn't been set yet
344  if (!$overwrite && array_key_exists($name, $_REQUEST))
345  {
346  return $_REQUEST[$name];
347  }
348 
349  // Clean global request var
350  $GLOBALS['_JREQUEST'][$name] = array();
351 
352  // Get the request hash value
353  $hash = strtoupper($hash);
354  if ($hash === 'METHOD')
355  {
356  $hash = strtoupper($_SERVER['REQUEST_METHOD']);
357  }
358 
359  $previous = array_key_exists($name, $_REQUEST) ? $_REQUEST[$name] : null;
360 
361  switch ($hash)
362  {
363  case 'GET':
364  $_GET[$name] = $value;
365  $_REQUEST[$name] = $value;
366  break;
367  case 'POST':
368  $_POST[$name] = $value;
369  $_REQUEST[$name] = $value;
370  break;
371  case 'COOKIE':
372  $_COOKIE[$name] = $value;
373  $_REQUEST[$name] = $value;
374  break;
375  case 'FILES':
376  $_FILES[$name] = $value;
377  break;
378  case 'ENV':
379  $_ENV['name'] = $value;
380  break;
381  case 'SERVER':
382  $_SERVER['name'] = $value;
383  break;
384  }
385 
386  // Mark this variable as 'SET'
387  $GLOBALS['_JREQUEST'][$name]['SET.' . $hash] = true;
388  $GLOBALS['_JREQUEST'][$name]['SET.REQUEST'] = true;
389 
390  return $previous;
391  }
392 
393  /**
394  * Fetches and returns a request array.
395  *
396  * The default behaviour is fetching variables depending on the
397  * current request method: GET and HEAD will result in returning
398  * $_GET, POST and PUT will result in returning $_POST.
399  *
400  * You can force the source by setting the $hash parameter:
401  *
402  * post $_POST
403  * get $_GET
404  * files $_FILES
405  * cookie $_COOKIE
406  * env $_ENV
407  * server $_SERVER
408  * method via current $_SERVER['REQUEST_METHOD']
409  * default $_REQUEST
410  *
411  * @param string $hash to get (POST, GET, FILES, METHOD).
412  * @param integer $mask Filter mask for the variable.
413  *
414  * @return mixed Request hash.
415  *
416  * @deprecated 12.1 User JInput::get
417  * @see JInput
418  * @since 11.1
419  */
420  public static function get($hash = 'default', $mask = 0)
421  {
422  $hash = strtoupper($hash);
423 
424  if ($hash === 'METHOD')
425  {
426  $hash = strtoupper($_SERVER['REQUEST_METHOD']);
427  }
428 
429  switch ($hash)
430  {
431  case 'GET':
432  $input = $_GET;
433  break;
434 
435  case 'POST':
436  $input = $_POST;
437  break;
438 
439  case 'FILES':
440  $input = $_FILES;
441  break;
442 
443  case 'COOKIE':
444  $input = $_COOKIE;
445  break;
446 
447  case 'ENV':
448  $input = &$_ENV;
449  break;
450 
451  case 'SERVER':
452  $input = &$_SERVER;
453  break;
454 
455  default:
456  $input = $_REQUEST;
457  break;
458  }
459 
460  $result = self::_cleanVar($input, $mask);
461 
462  return $result;
463  }
464 
465  /**
466  * Sets a request variable.
467  *
468  * @param array $array An associative array of key-value pairs.
469  * @param string $hash The request variable to set (POST, GET, FILES, METHOD).
470  * @param boolean $overwrite If true and an existing key is found, the value is overwritten, otherwise it is ignored.
471  *
472  * @return void
473  *
474  * @deprecated 12.1 Use JInput::set()
475  * @see JInput::set()
476  * @since 11.1
477  */
478  public static function set($array, $hash = 'default', $overwrite = true)
479  {
480  foreach ($array as $key => $value)
481  {
482  self::setVar($key, $value, $hash, $overwrite);
483  }
484  }
485 
486  /**
487  * Checks for a form token in the request.
488  *
489  * Use in conjunction with JHtml::_('form.token').
490  *
491  * @param string $method The request method in which to look for the token key.
492  *
493  * @return boolean True if found and valid, false otherwise.
494  *
495  * @deprecated 12.1 Use JSession::checkToken() instead. Note that 'default' has to become 'request'.
496  * @since 11.1
497  */
498  public static function checkToken($method = 'post')
499  {
500  if ($method == 'default')
501  {
502  $method = 'request';
503  }
504 
505  return JSession::checkToken($method);
506  }
507 
508  /**
509  * Clean up an input variable.
510  *
511  * @param mixed $var The input variable.
512  * @param integer $mask Filter bit mask.
513  * 1 = no trim: If this flag is cleared and the input is a string, the string will have leading and trailing
514  * whitespace trimmed.
515  * 2 = allow_raw: If set, no more filtering is performed, higher bits are ignored.
516  * 4 = allow_html: HTML is allowed, but passed through a safe HTML filter first. If set, no more filtering
517  * is performed. If no bits other than the 1 bit is set, a strict filter is applied.
518  * @param string $type The variable type {@see JFilterInput::clean()}.
519  *
520  * @return mixed Same as $var
521  *
522  * @deprecated 12.1
523  * @since 11.1
524  */
525  protected static function _cleanVar($var, $mask = 0, $type = null)
526  {
527  // If the no trim flag is not set, trim the variable
528  if (!($mask & 1) && is_string($var))
529  {
530  $var = trim($var);
531  }
532 
533  // Now we handle input filtering
534  if ($mask & 2)
535  {
536  // If the allow raw flag is set, do not modify the variable
537  $var = $var;
538  }
539  elseif ($mask & 4)
540  {
541  // If the allow HTML flag is set, apply a safe HTML filter to the variable
542  $safeHtmlFilter = JFilterInput::getInstance(null, null, 1, 1);
543  $var = $safeHtmlFilter->clean($var, $type);
544  }
545  else
546  {
547  // Since no allow flags were set, we will apply the most strict filter to the variable
548  // $tags, $attr, $tag_method, $attr_method, $xss_auto use defaults.
549  $noHtmlFilter = JFilterInput::getInstance();
550  $var = $noHtmlFilter->clean($var, $type);
551  }
552  return $var;
553  }
554 }