[feature/request-class] Add server(), header() and is_ajax() to request

Extend the request class with helpers for reading server vars (server()) and HTTP request headers (header()). Refactor the existing code base to make use of these helpers, make $_SERVER a deactivated super global. Also introduce an is_ajax() method, which checks the X-Requested-With header for the value 'XMLHttpRequest', which is sent by JavaScript libraries, such as jQuery. PHPBB3-9716
2025-08-16 05:34:01 +02:00 · 2011-07-13 19:20:16 +02:00
parent 09e0460e5b
commit 0bf6966c52
23 changed files with 318 additions and 152 deletions
--- a/phpBB/includes/request/interface.php
+++ b/phpBB/includes/request/interface.php
@@ -29,6 +29,7 @@ interface phpbb_request_interface
 	const GET = 1;
 	const REQUEST = 2;
 	const COOKIE = 3;
+	const SERVER = 4;
 	/**#@-*/

 	/**
@@ -60,11 +61,34 @@ interface phpbb_request_interface
 	*										Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
 	* @param	phpbb_request_interface::POST|GET|REQUEST|COOKIE	$super_global
 	* 										Specifies which super global should be used
+	* @param bool	$html_encode	When true, html encoding will be applied
 	*
 	* @return	mixed	The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
 	*					the same as that of $default. If the variable is not set $default is returned.
 	*/
-	public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST);
+	public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST, $html_encode = true);
+
+	/**
+	* Shortcut method to retrieve SERVER variables.
+	*
+	* @param	string|array	$var_name		See phpbb_request_interface::variable
+	* @param	mixed			$default		See phpbb_request_interface::variable
+	* @param	bool			$html_encode	See phpbb_request_interface::variable
+	*
+	* @return	mixed	The server variable value.
+	*/
+	public function server($var_name, $default = '', $html_encode = false);
+
+	/**
+	* Shortcut method to retrieve the value of client HTTP headers.
+	*
+	* @param	string|array	$header_name	The name of the header to retrieve.
+	* @param	mixed			$default		See phpbb_request_interface::variable
+	* @param	bool			$html_encode	See phpbb_request_interface::variable
+	*
+	* @return	mixed	The header value.
+	*/
+	public function header($var_name, $default = '', $html_encode = false);

 	/**
 	* Checks whether a certain variable was sent via POST.
@@ -90,6 +114,13 @@ interface phpbb_request_interface
 	*/
 	public function is_set($var, $super_global = phpbb_request_interface::REQUEST);

+	/**
+	* Checks whether the current request is an AJAX request (XMLHttpRequest)
+	*
+	* @return	bool			True if the current request is an ajax request
+	*/
+	public function is_ajax();
+
 	/**
 	* Returns all variable names for a given super global
 	*
--- a/phpBB/includes/request/request.php
+++ b/phpBB/includes/request/request.php
@@ -32,7 +32,8 @@ class phpbb_request implements phpbb_request_interface
 		phpbb_request_interface::POST => '_POST',
 		phpbb_request_interface::GET => '_GET',
 		phpbb_request_interface::REQUEST => '_REQUEST',
-		phpbb_request_interface::COOKIE => '_COOKIE'
+		phpbb_request_interface::COOKIE => '_COOKIE',
+		phpbb_request_interface::SERVER => '_SERVER',
 	);

 	/**
@@ -193,11 +194,12 @@ class phpbb_request implements phpbb_request_interface
 	*										Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
 	* @param	phpbb_request_interface::POST|GET|REQUEST|COOKIE	$super_global
 	* 										Specifies which super global should be used
+	* @param bool	$html_encode	When true, html encoding will be applied
 	*
 	* @return	mixed	The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
 	*					the same as that of $default. If the variable is not set $default is returned.
 	*/
-	public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST)
+	public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST, $html_encode = true)
 	{
 		$path = false;

@@ -236,11 +238,54 @@ class phpbb_request implements phpbb_request_interface
 			}
 		}

-		$this->type_cast_helper->recursive_set_var($var, $default, $multibyte);
+		$this->type_cast_helper->recursive_set_var($var, $default, $multibyte, $html_encode);

 		return $var;
 	}

+	/**
+	* Shortcut method to retrieve SERVER variables.
+	*
+	* Also fall back to getenv(), some CGI setups may need it (probably not, but
+	* whatever).
+	*
+	* @param	string|array	$var_name		See phpbb_request_interface::variable
+	* @param	mixed			$Default		See phpbb_request_interface::variable
+	* @param	bool			$html_encode	See phpbb_request_interface::variable
+	*
+	* @return	mixed	The server variable value.
+	*/
+	public function server($var_name, $default = '', $html_encode = false)
+	{
+		$multibyte = true;
+
+		if ($this->is_set($var_name, phpbb_request_interface::SERVER))
+		{
+			return $this->variable($var_name, $default, $multibyte, phpbb_request_interface::SERVER);
+		}
+		else
+		{
+			$var = getenv($var_name);
+			$this->type_cast_helper->recursive_set_var($var, $default, $multibyte);
+			return $var;
+		}
+	}
+
+	/**
+	* Shortcut method to retrieve the value of client HTTP headers.
+	*
+	* @param	string|array	$header_name	The name of the header to retrieve.
+	* @param	mixed			$default		See phpbb_request_interface::variable
+	* @param	bool			$html_encode	See phpbb_request_interface::variable
+	*
+	* @return	mixed	The header value.
+	*/
+	public function header($header_name, $default = '', $html_encode = true)
+	{
+		$var_name = 'HTTP_'.str_replace('-', '_', strtoupper($header_name));
+		return $this->server($var_name, $default, $html_encode);
+	}
+
 	/**
 	* Checks whether a certain variable was sent via POST.
 	* To make sure that a request was sent using POST you should call this function
@@ -271,6 +316,16 @@ class phpbb_request implements phpbb_request_interface
 		return isset($this->input[$super_global][$var]);
 	}

+	/**
+	* Checks whether the current request is an AJAX request (XMLHttpRequest)
+	*
+	* @return	bool			True if the current request is an ajax request
+	*/
+	public function is_ajax()
+	{
+		return $this->header('X-Requested-With') == 'XMLHttpRequest';
+	}
+
 	/**
 	* Returns all variable names for a given super global
 	*
--- a/phpBB/includes/request/type_cast_helper.php
+++ b/phpBB/includes/request/type_cast_helper.php
@@ -88,20 +88,26 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i
 	/**
 	* Set variable $result to a particular type.
 	*
-	* @param mixed	&$result	The variable to fill
-	* @param mixed	$var		The contents to fill with
-	* @param mixed	$type		The variable type. Will be used with {@link settype()}
-	* @param bool	$multibyte	Indicates whether string values may contain UTF-8 characters.
-	* 							Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks.
+	* @param mixed	&$result		The variable to fill
+	* @param mixed	$var			The contents to fill with
+	* @param mixed	$type			The variable type. Will be used with {@link settype()}
+	* @param bool	$multibyte		Indicates whether string values may contain UTF-8 characters.
+	* 								Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks.
+	* @param bool	$html_encode	When true, html encoding will be applied
 	*/
-	public function set_var(&$result, $var, $type, $multibyte = false)
+	public function set_var(&$result, $var, $type, $multibyte = false, $html_encode = true)
 	{
 		settype($var, $type);
 		$result = $var;

 		if ($type == 'string')
 		{
-			$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result), ENT_COMPAT, 'UTF-8'));
+			$result = trim(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result));
+
+			if ($html_encode)
+			{
+				$result = htmlspecialchars($result, ENT_COMPAT, 'UTF-8');
+			}

 			if ($multibyte)
 			{
@@ -140,8 +146,9 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i
 	* @param	bool	$multibyte	Indicates whether string keys and values may contain UTF-8 characters.
 	* 								Default is false, causing all bytes outside the ASCII range (0-127) to
 	* 								be replaced with question marks.
+	* @param bool	$html_encode	When true, html encoding will be applied
 	*/
-	public function recursive_set_var(&$var, $default, $multibyte)
+	public function recursive_set_var(&$var, $default, $multibyte, $html_encode = true)
 	{
 		if (is_array($var) !== is_array($default))
 		{
@@ -152,7 +159,7 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i
 		if (!is_array($default))
 		{
 			$type = gettype($default);
-			$this->set_var($var, $var, $type, $multibyte);
+			$this->set_var($var, $var, $type, $multibyte, $html_encode);
 		}
 		else
 		{
@@ -173,9 +180,9 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i

 			foreach ($_var as $k => $v)
 			{
-				$this->set_var($k, $k, $key_type, $multibyte, $multibyte);
+				$this->set_var($k, $k, $key_type, $multibyte, $multibyte, $html_encode);

-				$this->recursive_set_var($v, $default_value, $multibyte);
+				$this->recursive_set_var($v, $default_value, $multibyte, $html_encode);
 				$var[$k] = $v;
 			}
 		}