1 | <?php |
||
2 | namespace Elgg\Http; |
||
3 | |||
4 | /** |
||
5 | * WARNING: API IN FLUX. DO NOT USE DIRECTLY. |
||
6 | * |
||
7 | * Provides unified access to the $_GET and $_POST inputs. |
||
8 | * |
||
9 | * @package Elgg.Core |
||
10 | * @subpackage Http |
||
11 | * @since 1.10.0 |
||
12 | * @access private |
||
13 | */ |
||
14 | class Input { |
||
15 | |||
16 | /** |
||
17 | * Data set from set_input() or from the request |
||
18 | * |
||
19 | * @var array |
||
20 | */ |
||
21 | private $data = []; |
||
22 | |||
23 | /** |
||
24 | * Sets an input value that may later be retrieved by get_input |
||
25 | * |
||
26 | * Note: this function does not handle nested arrays (ex: form input of param[m][n]) |
||
27 | * |
||
28 | * @param string $variable The name of the variable |
||
29 | * @param string|string[] $value The value of the variable |
||
30 | * |
||
31 | * @return void |
||
32 | */ |
||
33 | 38 | public function set($variable, $value) { |
|
34 | 38 | if (is_array($value)) { |
|
35 | 13 | array_walk_recursive($value, function(&$v, $k) { |
|
36 | 13 | $v = trim($v); |
|
37 | 13 | }); |
|
38 | 13 | $this->data[trim($variable)] = $value; |
|
39 | } else { |
||
40 | 38 | $this->data[trim($variable)] = trim($value); |
|
41 | } |
||
42 | 38 | } |
|
43 | |||
44 | /** |
||
45 | * Get some input from variables passed submitted through GET or POST. |
||
46 | * |
||
47 | * If using any data obtained from get_input() in a web page, please be aware that |
||
48 | * it is a possible vector for a reflected XSS attack. If you are expecting an |
||
49 | * integer, cast it to an int. If it is a string, escape quotes. |
||
50 | * |
||
51 | * Note: this function does not handle nested arrays (ex: form input of param[m][n]) |
||
52 | * because of the filtering done in htmlawed from the filter_tags call. |
||
53 | * @todo Is this ^ still true? |
||
54 | * |
||
55 | * @param string $variable The variable name we want. |
||
56 | * @param mixed $default A default value for the variable if it is not found. |
||
57 | * @param bool $filter_result If true, then the result is filtered for bad tags. |
||
58 | * |
||
59 | * @return mixed |
||
60 | */ |
||
61 | 4492 | function get($variable, $default = null, $filter_result = true) { |
|
0 ignored issues
–
show
|
|||
62 | 4492 | $result = $default; |
|
63 | |||
64 | 4492 | _elgg_services()->context->push('input'); |
|
65 | |||
66 | 4492 | if (isset($this->data[$variable])) { |
|
67 | // a plugin has already set this variable |
||
68 | 37 | $result = $this->data[$variable]; |
|
69 | 37 | if ($filter_result) { |
|
70 | 37 | $result = filter_tags($result); |
|
71 | } |
||
72 | } else { |
||
73 | 4488 | $request = _elgg_services()->request; |
|
74 | 4488 | $value = $request->get($variable); |
|
75 | 4488 | if ($value !== null) { |
|
76 | 78 | $result = $value; |
|
77 | 78 | if (is_string($result)) { |
|
78 | // @todo why trim |
||
79 | 78 | $result = trim($result); |
|
80 | } |
||
81 | |||
82 | 78 | if ($filter_result) { |
|
83 | 75 | $result = filter_tags($result); |
|
84 | } |
||
85 | } |
||
86 | } |
||
87 | |||
88 | 4492 | elgg_pop_context(); |
|
89 | |||
90 | 4492 | return $result; |
|
91 | } |
||
92 | } |
||
93 |
Adding explicit visibility (
private
,protected
, orpublic
) is generally recommend to communicate to other developers how, and from where this method is intended to be used.