[feature/request-class] Extracted type casting helpers from the request class.

These methods should be available without having to instantiate a request class
object, better separation of concerns. A set_var wrapper around this class no
longer requires a request object at all.

PHPBB3-9716

phpBB/includes/request/type_cast_helper.php

@@ -0,0 +1,178 @@
+<?php
+/**
+*
+* @package phpbb_request
+* @copyright (c) 2010 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* A helper class that provides convenience methods for type casting.
+*
+* @package phpbb_request
+*/
+class phpbb_type_cast_helper implements phpbb_type_cast_helper_interface
+{
+
+	/**
+	* @var	string	Whether slashes need to be stripped from input
+	*/
+	protected $strip;
+
+	/**
+	* Initialises the type cast helper class.
+	* All it does is find out whether magic quotes are turned on.
+	*/
+	public function __construct()
+	{
+		if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
+		{
+			$this->strip = false;
+		}
+		else
+		{
+			$this->strip = (@get_magic_quotes_gpc()) ? true : false;
+		}
+	}
+
+	/**
+	* Recursively applies addslashes to a variable.
+	*
+	* @param	mixed	&$var	Variable passed by reference to which slashes will be added.
+	*/
+	public function addslashes_recursively(&$var)
+	{
+		if (is_string($var))
+		{
+			$var = addslashes($var);
+		}
+		else if (is_array($var))
+		{
+			$var_copy = $var;
+			$var = array();
+			foreach ($var_copy as $key => $value)
+			{
+				if (is_string($key))
+				{
+					$key = addslashes($key);
+				}
+				$var[$key] = $value;
+
+				$this->addslashes_recursively($var[$key]);
+			}
+		}
+	}
+
+	/**
+	* Recursively applies addslashes to a variable if magic quotes are turned on.
+	*
+	* @param	mixed	&$var	Variable passed by reference to which slashes will be added.
+	*/
+	public function add_magic_quotes(&$var)
+	{
+		if ($this->strip)
+		{
+			$this->addslashes_recursively($var);
+		}
+	}
+
+	/**
+	* Set variable $result to a particular type.
+	*
+	* @param mixed	&$result	The variable to fill
+	* @param mixed	$var		The contents to fill with
+	* @param mixed	$type		The variable type. Will be used with {@link settype()}
+	* @param bool	$multibyte	Indicates whether string values may contain UTF-8 characters.
+	* 							Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks.
+	*/
+	public function set_var(&$result, $var, $type, $multibyte = false)
+	{
+		settype($var, $type);
+		$result = $var;
+
+		if ($type == 'string')
+		{
+			$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result), ENT_COMPAT, 'UTF-8'));
+
+			if (!empty($result))
+			{
+				// Make sure multibyte characters are wellformed
+				if ($multibyte)
+				{
+					if (!preg_match('/^./u', $result))
+					{
+						$result = '';
+					}
+				}
+				else
+				{
+					// no multibyte, allow only ASCII (0-127)
+					$result = preg_replace('/[\x80-\xFF]/', '?', $result);
+				}
+			}
+
+			$result = ($this->strip) ? stripslashes($result) : $result;
+		}
+	}
+
+	/**
+	* Recursively sets a variable to a given type using {@link set_var set_var}
+	*
+	* @param	string	$var		The value which shall be sanitised (passed by reference).
+	* @param	mixed	$default	Specifies the type $var shall have.
+	* 								If it is an array and $var is not one, then an empty array is returned.
+	* 								Otherwise var is cast to the same type, and if $default is an array all
+	* 								keys and values are cast recursively using this function too.
+	* @param	bool	$multibyte	Indicates whether string keys and values may contain UTF-8 characters.
+	* 								Default is false, causing all bytes outside the ASCII range (0-127) to
+	* 								be replaced with question marks.
+	*/
+	public function recursive_set_var(&$var, $default, $multibyte)
+	{
+		if (is_array($var) !== is_array($default))
+		{
+			$var = (is_array($default)) ? array() : $default;
+			return;
+		}
+
+		if (!is_array($default))
+		{
+			$type = gettype($default);
+			$this->set_var($var, $var, $type, $multibyte);
+		}
+		else
+		{
+			// make sure there is at least one key/value pair to use get the
+			// types from
+			if (empty($default))
+			{
+				$var = array();
+				return;
+			}
+
+			list($default_key, $default_value) = each($default);
+			$value_type = gettype($default_value);
+			$key_type = gettype($default_key);
+
+			$_var = $var;
+			$var = array();
+
+			foreach ($_var as $k => $v)
+			{
+				$this->set_var($k, $k, $key_type, $multibyte, $multibyte);
+
+				$this->recursive_set_var($v, $default_value, $multibyte);
+				$this->set_var($var[$k], $v, $value_type, $multibyte);
+			}
+		}
+	}
+}

phpBB/includes/request/type_cast_helper_interface.php

@@ -0,0 +1,63 @@
+<?php
+/**
+*
+* @package phpbb_request
+* @copyright (c) 2010 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* An interface for type cast operations.
+*
+* @package phpbb_request
+*/
+interface phpbb_type_cast_helper_interface
+{
+	/**
+	* Recursively applies addslashes to a variable.
+	*
+	* @param	mixed	&$var	Variable passed by reference to which slashes will be added.
+	*/
+	public function addslashes_recursively(&$var);
+
+	/**
+	* Recursively applies addslashes to a variable if magic quotes are turned on.
+	*
+	* @param	mixed	&$var	Variable passed by reference to which slashes will be added.
+	*/
+	public function add_magic_quotes(&$var);
+
+	/**
+	* Set variable $result to a particular type.
+	*
+	* @param mixed	&$result	The variable to fill
+	* @param mixed	$var		The contents to fill with
+	* @param mixed	$type		The variable type. Will be used with {@link settype()}
+	* @param bool	$multibyte	Indicates whether string values may contain UTF-8 characters.
+	* 							Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks.
+	*/
+	public function set_var(&$result, $var, $type, $multibyte = false);
+
+	/**
+	* Recursively sets a variable to a given type using {@link set_var set_var}.
+	*
+	* @param	string	$var		The value which shall be sanitised (passed by reference).
+	* @param	mixed	$default	Specifies the type $var shall have.
+	* 								If it is an array and $var is not one, then an empty array is returned.
+	* 								Otherwise var is cast to the same type, and if $default is an array all
+	* 								keys and values are cast recursively using this function too.
+	* @param	bool	$multibyte	Indicates whether string keys and values may contain UTF-8 characters.
+	* 								Default is false, causing all bytes outside the ASCII range (0-127) to
+	* 								be replaced with question marks.
+	*/
+	public function recursive_set_var(&$var, $default, $multibyte);
+}

tests/request/type_cast_helper.php

@@ -0,0 +1,33 @@
+<?php
+/**
+*
+* @package testing
+* @version $Id$
+* @copyright (c) 2009 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+require_once 'test_framework/framework.php';
+require_once '../phpBB/includes/request/type_cast_helper_interface.php';
+require_once '../phpBB/includes/request/type_cast_helper.php';
+
+class phpbb_type_cast_helper_test extends phpbb_test_case
+{
+	private $type_cast_helper;
+
+	protected function setUp()
+	{
+		$this->type_cast_helper = new phpbb_type_cast_helper();
+	}
+
+	public function test_addslashes_recursively()
+	{
+		$data = array('some"string' => array('that"' => 'really"', 'needs"' => '"escaping'));
+		$expected = array('some\\"string' => array('that\\"' => 'really\\"', 'needs\\"' => '\\"escaping'));
+
+		$this->type_cast_helper->addslashes_recursively($data);
+
+		$this->assertEquals($expected, $data);
+	}
+}