Passed
Push — master ( c0a3a7...3b84a4 )
by Jeroen
58:51
created

engine/classes/Elgg/Http/Input.php (1 issue)

1
<?php
2
namespace Elgg\Http;
3
4
/**
5
 * WARNING: API IN FLUX. DO NOT USE DIRECTLY.
6
 *
7
 * Provides unified access to the $_GET and $_POST inputs.
8
 *
9
 * @package    Elgg.Core
10
 * @subpackage Http
11
 * @since      1.10.0
12
 * @access private
13
 */
14
class Input {
15
16
	/**
17
	 * Data set from set_input() or from the request
18
	 *
19
	 * @var array
20
	 */
21
	private $data = [];
22
23
	/**
24
	 * Sets an input value that may later be retrieved by get_input
25
	 *
26
	 * Note: this function does not handle nested arrays (ex: form input of param[m][n])
27
	 *
28
	 * @param string          $variable The name of the variable
29
	 * @param string|string[] $value    The value of the variable
30
	 *
31
	 * @return void
32
	 */
33 38
	public function set($variable, $value) {
34 38
		if (is_array($value)) {
35 13
			array_walk_recursive($value, function(&$v, $k) {
36 13
				$v = trim($v);
37 13
			});
38 13
			$this->data[trim($variable)] = $value;
39
		} else {
40 38
			$this->data[trim($variable)] = trim($value);
41
		}
42 38
	}
43
44
	/**
45
	 * Get some input from variables passed submitted through GET or POST.
46
	 *
47
	 * If using any data obtained from get_input() in a web page, please be aware that
48
	 * it is a possible vector for a reflected XSS attack. If you are expecting an
49
	 * integer, cast it to an int. If it is a string, escape quotes.
50
	 *
51
	 * Note: this function does not handle nested arrays (ex: form input of param[m][n])
52
	 * because of the filtering done in htmlawed from the filter_tags call.
53
	 * @todo Is this ^ still true?
54
	 *
55
	 * @param string $variable      The variable name we want.
56
	 * @param mixed  $default       A default value for the variable if it is not found.
57
	 * @param bool   $filter_result If true, then the result is filtered for bad tags.
58
	 *
59
	 * @return mixed
60
	 */
61 4492
	function get($variable, $default = null, $filter_result = true) {
0 ignored issues
show
It is generally recommended to explicitly declare the visibility for methods.

Adding explicit visibility (private, protected, or public) is generally recommend to communicate to other developers how, and from where this method is intended to be used.

Loading history...
62 4492
		$result = $default;
63
	
64 4492
		_elgg_services()->context->push('input');
65
66 4492
		if (isset($this->data[$variable])) {
67
			// a plugin has already set this variable
68 37
			$result = $this->data[$variable];
69 37
			if ($filter_result) {
70 37
				$result = filter_tags($result);
71
			}
72
		} else {
73 4488
			$request = _elgg_services()->request;
74 4488
			$value = $request->get($variable);
75 4488
			if ($value !== null) {
76 78
				$result = $value;
77 78
				if (is_string($result)) {
78
					// @todo why trim
79 78
					$result = trim($result);
80
				}
81
	
82 78
				if ($filter_result) {
83 75
					$result = filter_tags($result);
84
				}
85
			}
86
		}
87
88 4492
		elgg_pop_context();
89
	
90 4492
		return $result;
91
	}
92
}
93