1
|
|
|
<?php |
2
|
|
|
namespace Elgg\Http; |
3
|
|
|
|
4
|
|
|
/** |
5
|
|
|
* WARNING: API IN FLUX. DO NOT USE DIRECTLY. |
6
|
|
|
* |
7
|
|
|
* Provides unified access to the $_GET and $_POST inputs. |
8
|
|
|
* |
9
|
|
|
* @package Elgg.Core |
10
|
|
|
* @subpackage Http |
11
|
|
|
* @since 1.10.0 |
12
|
|
|
* @access private |
13
|
|
|
*/ |
14
|
|
|
class Input { |
15
|
|
|
|
16
|
|
|
/** |
17
|
|
|
* Data set from set_input() or from the request |
18
|
|
|
* |
19
|
|
|
* @var array |
20
|
|
|
*/ |
21
|
|
|
private $data = []; |
22
|
|
|
|
23
|
|
|
/** |
24
|
|
|
* Sets an input value that may later be retrieved by get_input |
25
|
|
|
* |
26
|
|
|
* Note: this function does not handle nested arrays (ex: form input of param[m][n]) |
27
|
|
|
* |
28
|
|
|
* @param string $variable The name of the variable |
29
|
|
|
* @param string|string[] $value The value of the variable |
30
|
|
|
* |
31
|
|
|
* @return void |
32
|
|
|
*/ |
33
|
38 |
|
public function set($variable, $value) { |
34
|
38 |
|
if (is_array($value)) { |
35
|
13 |
|
array_walk_recursive($value, function(&$v, $k) { |
|
|
|
|
36
|
13 |
|
$v = trim($v); |
37
|
13 |
|
}); |
38
|
13 |
|
$this->data[trim($variable)] = $value; |
39
|
|
|
} else { |
40
|
38 |
|
$this->data[trim($variable)] = trim($value); |
41
|
|
|
} |
42
|
38 |
|
} |
43
|
|
|
|
44
|
|
|
/** |
45
|
|
|
* Get some input from variables passed submitted through GET or POST. |
46
|
|
|
* |
47
|
|
|
* If using any data obtained from get_input() in a web page, please be aware that |
48
|
|
|
* it is a possible vector for a reflected XSS attack. If you are expecting an |
49
|
|
|
* integer, cast it to an int. If it is a string, escape quotes. |
50
|
|
|
* |
51
|
|
|
* Note: this function does not handle nested arrays (ex: form input of param[m][n]) |
52
|
|
|
* because of the filtering done in htmlawed from the filter_tags call. |
53
|
|
|
* @todo Is this ^ still true? |
54
|
|
|
* |
55
|
|
|
* @param string $variable The variable name we want. |
56
|
|
|
* @param mixed $default A default value for the variable if it is not found. |
57
|
|
|
* @param bool $filter_result If true, then the result is filtered for bad tags. |
58
|
|
|
* |
59
|
|
|
* @return mixed |
60
|
|
|
*/ |
61
|
4492 |
|
function get($variable, $default = null, $filter_result = true) { |
|
|
|
|
62
|
4492 |
|
$result = $default; |
63
|
|
|
|
64
|
4492 |
|
_elgg_services()->context->push('input'); |
65
|
|
|
|
66
|
4492 |
|
if (isset($this->data[$variable])) { |
67
|
|
|
// a plugin has already set this variable |
68
|
37 |
|
$result = $this->data[$variable]; |
69
|
37 |
|
if ($filter_result) { |
70
|
37 |
|
$result = filter_tags($result); |
71
|
|
|
} |
72
|
|
|
} else { |
73
|
4488 |
|
$request = _elgg_services()->request; |
74
|
4488 |
|
$value = $request->get($variable); |
75
|
4488 |
|
if ($value !== null) { |
76
|
78 |
|
$result = $value; |
77
|
78 |
|
if (is_string($result)) { |
78
|
|
|
// @todo why trim |
79
|
78 |
|
$result = trim($result); |
80
|
|
|
} |
81
|
|
|
|
82
|
78 |
|
if ($filter_result) { |
83
|
75 |
|
$result = filter_tags($result); |
84
|
|
|
} |
85
|
|
|
} |
86
|
|
|
} |
87
|
|
|
|
88
|
4492 |
|
elgg_pop_context(); |
89
|
|
|
|
90
|
4492 |
|
return $result; |
91
|
|
|
} |
92
|
|
|
} |
93
|
|
|
|
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.