Passed
Push — master ( c0a3a7...3b84a4 )
by Jeroen
58:51
created

engine/classes/Elgg/Http/Input.php (1 issue)

1
<?php
2
namespace Elgg\Http;
3
4
/**
5
 * WARNING: API IN FLUX. DO NOT USE DIRECTLY.
6
 *
7
 * Provides unified access to the $_GET and $_POST inputs.
8
 *
9
 * @package    Elgg.Core
10
 * @subpackage Http
11
 * @since      1.10.0
12
 * @access private
13
 */
14
class Input {
15
16
	/**
17
	 * Data set from set_input() or from the request
18
	 *
19
	 * @var array
20
	 */
21
	private $data = [];
22
23
	/**
24
	 * Sets an input value that may later be retrieved by get_input
25
	 *
26
	 * Note: this function does not handle nested arrays (ex: form input of param[m][n])
27
	 *
28
	 * @param string          $variable The name of the variable
29
	 * @param string|string[] $value    The value of the variable
30
	 *
31
	 * @return void
32
	 */
33 38
	public function set($variable, $value) {
34 38
		if (is_array($value)) {
35 13
			array_walk_recursive($value, function(&$v, $k) {
0 ignored issues
show
The parameter $k is not used and could be removed. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-unused  annotation

35
			array_walk_recursive($value, function(&$v, /** @scrutinizer ignore-unused */ $k) {

This check looks for parameters that have been defined for a function or method, but which are not used in the method body.

Loading history...
36 13
				$v = trim($v);
37 13
			});
38 13
			$this->data[trim($variable)] = $value;
39
		} else {
40 38
			$this->data[trim($variable)] = trim($value);
41
		}
42 38
	}
43
44
	/**
45
	 * Get some input from variables passed submitted through GET or POST.
46
	 *
47
	 * If using any data obtained from get_input() in a web page, please be aware that
48
	 * it is a possible vector for a reflected XSS attack. If you are expecting an
49
	 * integer, cast it to an int. If it is a string, escape quotes.
50
	 *
51
	 * Note: this function does not handle nested arrays (ex: form input of param[m][n])
52
	 * because of the filtering done in htmlawed from the filter_tags call.
53
	 * @todo Is this ^ still true?
54
	 *
55
	 * @param string $variable      The variable name we want.
56
	 * @param mixed  $default       A default value for the variable if it is not found.
57
	 * @param bool   $filter_result If true, then the result is filtered for bad tags.
58
	 *
59
	 * @return mixed
60
	 */
61 4492
	function get($variable, $default = null, $filter_result = true) {
62 4492
		$result = $default;
63
	
64 4492
		_elgg_services()->context->push('input');
65
66 4492
		if (isset($this->data[$variable])) {
67
			// a plugin has already set this variable
68 37
			$result = $this->data[$variable];
69 37
			if ($filter_result) {
70 37
				$result = filter_tags($result);
71
			}
72
		} else {
73 4488
			$request = _elgg_services()->request;
74 4488
			$value = $request->get($variable);
75 4488
			if ($value !== null) {
76 78
				$result = $value;
77 78
				if (is_string($result)) {
78
					// @todo why trim
79 78
					$result = trim($result);
80
				}
81
	
82 78
				if ($filter_result) {
83 75
					$result = filter_tags($result);
84
				}
85
			}
86
		}
87
88 4492
		elgg_pop_context();
89
	
90 4492
		return $result;
91
	}
92
}
93