mirror of
https://github.com/phpbb/phpbb.git
synced 2025-04-02 23:12:46 +02:00
[ticket/14875] Add method for raw input to request and add to installer
A method for retrieving raw input has been added to the request class. This will be used in the installer to retrieve the datatabase password while also allowing utf8 characters. Not escaping the input is ok in this case as it won't be put anywhere in this raw form and only be used to populate the entry for the password field in config.php. PHPBB3-14875
This commit is contained in:
Marc Alexander
parent
23f5b6debd
commit
9aa017d0f7
@ -27,7 +27,7 @@ class ajax_iohandler extends iohandler_base
|
||||
protected $path_helper;
|
||||
|
||||
/**
|
||||
* @var \phpbb\request\request_interface
|
||||
* @var \phpbb\request\request
|
||||
*/
|
||||
protected $request;
|
||||
|
||||
@ -90,12 +90,12 @@ class ajax_iohandler extends iohandler_base
|
||||
* Constructor
|
||||
*
|
||||
* @param path_helper $path_helper
|
||||
* @param \phpbb\request\request_interface $request HTTP request interface
|
||||
* @param \phpbb\request\request $request HTTP request interface
|
||||
* @param \phpbb\template\template $template Template engine
|
||||
* @param router $router Router
|
||||
* @param string $root_path Path to phpBB's root
|
||||
*/
|
||||
public function __construct(path_helper $path_helper, \phpbb\request\request_interface $request, \phpbb\template\template $template, router $router, $root_path)
|
||||
public function __construct(path_helper $path_helper, \phpbb\request\request $request, \phpbb\template\template $template, router $router, $root_path)
|
||||
{
|
||||
$this->path_helper = $path_helper;
|
||||
$this->request = $request;
|
||||
@ -121,19 +121,11 @@ class ajax_iohandler extends iohandler_base
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns untrimmed input variable
|
||||
*
|
||||
* @param string $name Name of the input variable to obtain
|
||||
* @param mixed $default A default value that is returned if the variable was not set.
|
||||
* This function will always return a value of the same type as the default.
|
||||
* @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters
|
||||
* Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
|
||||
*
|
||||
* @return mixed Value of the untrimmed input variable
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function get_untrimmed_input($name, $default, $multibyte = false)
|
||||
public function get_raw_input($name, $default)
|
||||
{
|
||||
return $this->request->untrimmed_variable($name, $default, $multibyte);
|
||||
return $this->request->raw_variable($name, $default);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -74,6 +74,20 @@ class cli_iohandler extends iohandler_base
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function get_raw_input($name, $default)
|
||||
{
|
||||
return $this->get_input($name, $default, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set input variable
|
||||
*
|
||||
* @param string $name Name of input variable
|
||||
* @param mixed $value Value of input variable
|
||||
*/
|
||||
public function set_input($name, $value)
|
||||
{
|
||||
$this->input_values[$name] = $value;
|
||||
|
||||
@ -38,6 +38,17 @@ interface iohandler_interface
|
||||
*/
|
||||
public function get_input($name, $default, $multibyte = false);
|
||||
|
||||
/**
|
||||
* Returns raw input variable
|
||||
*
|
||||
* @param string $name Name of the input variable to obtain
|
||||
* @param mixed $default A default value that is returned if the variable was not set.
|
||||
* This function will always return a value of the same type as the default.
|
||||
*
|
||||
* @return mixed Value of the raw input variable
|
||||
*/
|
||||
public function get_raw_input($name, $default);
|
||||
|
||||
/**
|
||||
* Returns server variable
|
||||
*
|
||||
|
||||
@ -79,19 +79,10 @@ class obtain_database_data extends \phpbb\install\task_base implements \phpbb\in
|
||||
$dbhost = $this->io_handler->get_input('dbhost', '', true);
|
||||
$dbport = $this->io_handler->get_input('dbport', '');
|
||||
$dbuser = $this->io_handler->get_input('dbuser', '');
|
||||
$dbpasswd = $this->io_handler->get_raw_input('dbpasswd', '');
|
||||
$dbname = $this->io_handler->get_input('dbname', '');
|
||||
$table_prefix = $this->io_handler->get_input('table_prefix', '');
|
||||
|
||||
// Need to get untrimmed password when using ajax IO handler
|
||||
if ($this->io_handler instanceof \phpbb\install\helper\iohandler\ajax_iohandler)
|
||||
{
|
||||
$dbpasswd = htmlspecialchars_decode(htmlspecialchars_decode($this->io_handler->get_untrimmed_input('dbpasswd', '', true)));
|
||||
}
|
||||
else
|
||||
{
|
||||
$dbpasswd = $this->io_handler->get_input('dbpasswd', '', true);
|
||||
}
|
||||
|
||||
// Check database data
|
||||
$user_data_vaild = $this->check_database_data($dbms, $dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $table_prefix);
|
||||
|
||||
|
||||
@ -224,6 +224,68 @@ class request implements \phpbb\request\request_interface
|
||||
return $this->_variable($var_name, $default, $multibyte, $super_global, false);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a variable without trimming strings and without escaping.
|
||||
* This method MUST NOT be used with queries.
|
||||
* Same functionality as variable(), except does not run trim() on strings
|
||||
* and does not escape input.
|
||||
* This method should only be used when the raw input is needed without
|
||||
* any escaping, i.e. for database password during the installation.
|
||||
*
|
||||
* @param string|array $var_name The form variable's name from which data shall be retrieved.
|
||||
* If the value is an array this may be an array of indizes which will give
|
||||
* direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
|
||||
* then specifying array("var", 1) as the name will return "a".
|
||||
* @param mixed $default A default value that is returned if the variable was not set.
|
||||
* This function will always return a value of the same type as the default.
|
||||
* @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global
|
||||
* Specifies which super global should be used
|
||||
*
|
||||
* @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
|
||||
* the same as that of $default. If the variable is not set $default is returned.
|
||||
*/
|
||||
public function raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST)
|
||||
{
|
||||
$path = false;
|
||||
|
||||
// deep direct access to multi dimensional arrays
|
||||
if (is_array($var_name))
|
||||
{
|
||||
$path = $var_name;
|
||||
// make sure at least the variable name is specified
|
||||
if (empty($path))
|
||||
{
|
||||
return (is_array($default)) ? array() : $default;
|
||||
}
|
||||
// the variable name is the first element on the path
|
||||
$var_name = array_shift($path);
|
||||
}
|
||||
|
||||
if (!isset($this->input[$super_global][$var_name]))
|
||||
{
|
||||
return (is_array($default)) ? array() : $default;
|
||||
}
|
||||
$var = $this->input[$super_global][$var_name];
|
||||
|
||||
if ($path)
|
||||
{
|
||||
// walk through the array structure and find the element we are looking for
|
||||
foreach ($path as $key)
|
||||
{
|
||||
if (is_array($var) && isset($var[$key]))
|
||||
{
|
||||
$var = $var[$key];
|
||||
}
|
||||
else
|
||||
{
|
||||
return (is_array($default)) ? array() : $default;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $var;
|
||||
}
|
||||
|
||||
/**
|
||||
* Shortcut method to retrieve SERVER variables.
|
||||
*
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user