mirror of
https://github.com/phpbb/phpbb.git
synced 2025-03-23 00:50:30 +01:00
Merge pull request #4539 from marc1706/ticket/14875
[ticket/14875] Add method for untrimmed input to ajax iohandler * marc1706/ticket/14875: [ticket/14875] Add raw_variable() to request mock [ticket/14875] Move raw_variable() method to request_interface [ticket/14875] Use raw_variable() method in _variable() to get raw data [ticket/14875] Add method for raw input to request and add to installer [ticket/14875] Add method for untrimmed input to ajax iohandler
This commit is contained in:
Tristan Darricau
commit
74f49387e1
@ -120,6 +120,14 @@ class ajax_iohandler extends iohandler_base
|
||||
return $this->request->variable($name, $default, $multibyte);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function get_raw_input($name, $default)
|
||||
{
|
||||
return $this->request->raw_variable($name, $default);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
|
||||
@ -74,6 +74,20 @@ class cli_iohandler extends iohandler_base
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function get_raw_input($name, $default)
|
||||
{
|
||||
return $this->get_input($name, $default, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set input variable
|
||||
*
|
||||
* @param string $name Name of input variable
|
||||
* @param mixed $value Value of input variable
|
||||
*/
|
||||
public function set_input($name, $value)
|
||||
{
|
||||
$this->input_values[$name] = $value;
|
||||
|
||||
@ -38,10 +38,21 @@ interface iohandler_interface
|
||||
*/
|
||||
public function get_input($name, $default, $multibyte = false);
|
||||
|
||||
/**
|
||||
* Returns raw input variable
|
||||
*
|
||||
* @param string $name Name of the input variable to obtain
|
||||
* @param mixed $default A default value that is returned if the variable was not set.
|
||||
* This function will always return a value of the same type as the default.
|
||||
*
|
||||
* @return mixed Value of the raw input variable
|
||||
*/
|
||||
public function get_raw_input($name, $default);
|
||||
|
||||
/**
|
||||
* Returns server variable
|
||||
*
|
||||
* This function should work the same as request_interterface::server().
|
||||
* This function should work the same as request_interface::server().
|
||||
*
|
||||
* @param string $name Name of the server variable
|
||||
* @param mixed $default Default value to return when the requested variable does not exist
|
||||
@ -51,7 +62,7 @@ interface iohandler_interface
|
||||
public function get_server_variable($name, $default = '');
|
||||
|
||||
/**
|
||||
* Wrapper function for request_interterface::header()
|
||||
* Wrapper function for request_interface::header()
|
||||
*
|
||||
* @param string $name Name of the request header variable
|
||||
* @param mixed $default Default value to return when the requested variable does not exist
|
||||
|
||||
@ -79,7 +79,7 @@ class obtain_database_data extends \phpbb\install\task_base implements \phpbb\in
|
||||
$dbhost = $this->io_handler->get_input('dbhost', '', true);
|
||||
$dbport = $this->io_handler->get_input('dbport', '');
|
||||
$dbuser = $this->io_handler->get_input('dbuser', '');
|
||||
$dbpasswd = $this->io_handler->get_input('dbpasswd', '', true);
|
||||
$dbpasswd = $this->io_handler->get_raw_input('dbpasswd', '');
|
||||
$dbname = $this->io_handler->get_input('dbname', '');
|
||||
$table_prefix = $this->io_handler->get_input('table_prefix', '');
|
||||
|
||||
|
||||
@ -224,6 +224,51 @@ class request implements \phpbb\request\request_interface
|
||||
return $this->_variable($var_name, $default, $multibyte, $super_global, false);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST)
|
||||
{
|
||||
$path = false;
|
||||
|
||||
// deep direct access to multi dimensional arrays
|
||||
if (is_array($var_name))
|
||||
{
|
||||
$path = $var_name;
|
||||
// make sure at least the variable name is specified
|
||||
if (empty($path))
|
||||
{
|
||||
return (is_array($default)) ? array() : $default;
|
||||
}
|
||||
// the variable name is the first element on the path
|
||||
$var_name = array_shift($path);
|
||||
}
|
||||
|
||||
if (!isset($this->input[$super_global][$var_name]))
|
||||
{
|
||||
return (is_array($default)) ? array() : $default;
|
||||
}
|
||||
$var = $this->input[$super_global][$var_name];
|
||||
|
||||
if ($path)
|
||||
{
|
||||
// walk through the array structure and find the element we are looking for
|
||||
foreach ($path as $key)
|
||||
{
|
||||
if (is_array($var) && isset($var[$key]))
|
||||
{
|
||||
$var = $var[$key];
|
||||
}
|
||||
else
|
||||
{
|
||||
return (is_array($default)) ? array() : $default;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $var;
|
||||
}
|
||||
|
||||
/**
|
||||
* Shortcut method to retrieve SERVER variables.
|
||||
*
|
||||
@ -369,41 +414,14 @@ class request implements \phpbb\request\request_interface
|
||||
*/
|
||||
protected function _variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST, $trim = true)
|
||||
{
|
||||
$path = false;
|
||||
$var = $this->raw_variable($var_name, $default, $super_global);
|
||||
|
||||
// deep direct access to multi dimensional arrays
|
||||
if (is_array($var_name))
|
||||
// Return prematurely if raw variable is empty array or the same as
|
||||
// the default. Using strict comparison to ensure that one can't
|
||||
// prevent proper type checking on any input variable
|
||||
if ($var === array() || $var === $default)
|
||||
{
|
||||
$path = $var_name;
|
||||
// make sure at least the variable name is specified
|
||||
if (empty($path))
|
||||
{
|
||||
return (is_array($default)) ? array() : $default;
|
||||
}
|
||||
// the variable name is the first element on the path
|
||||
$var_name = array_shift($path);
|
||||
}
|
||||
|
||||
if (!isset($this->input[$super_global][$var_name]))
|
||||
{
|
||||
return (is_array($default)) ? array() : $default;
|
||||
}
|
||||
$var = $this->input[$super_global][$var_name];
|
||||
|
||||
if ($path)
|
||||
{
|
||||
// walk through the array structure and find the element we are looking for
|
||||
foreach ($path as $key)
|
||||
{
|
||||
if (is_array($var) && isset($var[$key]))
|
||||
{
|
||||
$var = $var[$key];
|
||||
}
|
||||
else
|
||||
{
|
||||
return (is_array($default)) ? array() : $default;
|
||||
}
|
||||
}
|
||||
return $var;
|
||||
}
|
||||
|
||||
$this->type_cast_helper->recursive_set_var($var, $default, $multibyte, $trim);
|
||||
|
||||
@ -64,6 +64,28 @@ interface request_interface
|
||||
*/
|
||||
public function variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST);
|
||||
|
||||
/**
|
||||
* Get a variable without trimming strings and without escaping.
|
||||
* This method MUST NOT be used with queries.
|
||||
* Same functionality as variable(), except does not run trim() on strings
|
||||
* and does not escape input.
|
||||
* This method should only be used when the raw input is needed without
|
||||
* any escaping, i.e. for database password during the installation.
|
||||
*
|
||||
* @param string|array $var_name The form variable's name from which data shall be retrieved.
|
||||
* If the value is an array this may be an array of indizes which will give
|
||||
* direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
|
||||
* then specifying array("var", 1) as the name will return "a".
|
||||
* @param mixed $default A default value that is returned if the variable was not set.
|
||||
* This function will always return a value of the same type as the default.
|
||||
* @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global
|
||||
* Specifies which super global should be used
|
||||
*
|
||||
* @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
|
||||
* the same as that of $default. If the variable is not set $default is returned.
|
||||
*/
|
||||
public function raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST);
|
||||
|
||||
/**
|
||||
* Shortcut method to retrieve SERVER variables.
|
||||
*
|
||||
|
||||
@ -34,6 +34,11 @@ class phpbb_mock_request implements \phpbb\request\request_interface
|
||||
$this->data[$super_global][$var_name] = $value;
|
||||
}
|
||||
|
||||
public function raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST)
|
||||
{
|
||||
return $this->variable($var_name, $default, true, $super_global);
|
||||
}
|
||||
|
||||
public function variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST)
|
||||
{
|
||||
return isset($this->data[$super_global][$var_name]) ? $this->data[$super_global][$var_name] : $default;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user