|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* @package presentation |
|
4
|
|
|
* @subpackage requests |
|
5
|
|
|
* @author marius orcsik <[email protected]> |
|
6
|
|
|
* @date 09.07.13 |
|
7
|
|
|
*/ |
|
8
|
|
|
namespace vsc\presentation\requests; |
|
9
|
|
|
|
|
10
|
|
|
class RwHttpRequest extends HttpRequestA { |
|
11
|
|
|
protected $aTaintedVars = array(); |
|
12
|
|
|
|
|
13
|
|
|
/** |
|
14
|
|
|
* returns the key of the first url parameter |
|
15
|
|
|
* @return string |
|
|
|
|
|
|
16
|
|
|
*/ |
|
17
|
1 |
|
public function getFirstParameter() { |
|
18
|
1 |
|
$aKeys = array_keys($this->aTaintedVars); |
|
19
|
1 |
|
return array_shift($aKeys); |
|
20
|
|
|
} |
|
21
|
|
|
|
|
22
|
|
|
// this seems quite unsafe |
|
23
|
1 |
|
public function setTaintedVars($aVars) { |
|
24
|
1 |
|
if (is_array($aVars)) { |
|
25
|
1 |
|
$this->aTaintedVars = array_merge($aVars, $this->aTaintedVars); |
|
26
|
|
|
} |
|
27
|
1 |
|
} |
|
28
|
|
|
|
|
29
|
|
|
/** |
|
30
|
|
|
* returns the key of the last url parameter |
|
31
|
|
|
* @return string |
|
|
|
|
|
|
32
|
|
|
*/ |
|
33
|
1 |
|
public function getLastParameter() { |
|
34
|
1 |
|
$aKeys = array_keys($this->aTaintedVars); |
|
35
|
1 |
|
return array_pop($aKeys); |
|
36
|
|
|
} |
|
37
|
|
|
|
|
38
|
18 |
|
public function __construct() { |
|
39
|
18 |
|
parent::__construct(); |
|
40
|
18 |
|
if (isset ($_SERVER)) { |
|
41
|
18 |
|
$this->getUri(); |
|
42
|
18 |
|
$this->constructTaintedVars(); |
|
43
|
|
|
} |
|
44
|
18 |
|
} |
|
45
|
|
|
|
|
46
|
1 |
|
public function getTaintedVars() { |
|
47
|
1 |
|
return $this->aTaintedVars; |
|
48
|
|
|
} |
|
49
|
|
|
|
|
50
|
|
|
/** |
|
51
|
|
|
* @param string $sVarName |
|
52
|
|
|
* @return mixed|null |
|
53
|
|
|
*/ |
|
54
|
1 |
|
protected function getTaintedVar($sVarName) { |
|
55
|
1 |
|
if (array_key_exists($sVarName, $this->aTaintedVars)) { |
|
56
|
1 |
|
return self::getDecodedVar($this->aTaintedVars[$sVarName]); |
|
57
|
|
|
} else { |
|
58
|
1 |
|
return null; |
|
59
|
|
|
} |
|
60
|
|
|
} |
|
61
|
|
|
|
|
62
|
1 |
|
public function getVars() { |
|
63
|
1 |
|
return array_merge($this->aTaintedVars, parent::getVars()); |
|
64
|
|
|
} |
|
65
|
|
|
|
|
66
|
2 |
|
public function getVar($sVarName) { |
|
67
|
2 |
|
$mValue = parent::getVar($sVarName); |
|
68
|
2 |
|
if (!$mValue) { |
|
69
|
1 |
|
$mValue = $this->getTaintedVar($sVarName); |
|
70
|
|
|
} |
|
71
|
2 |
|
return $mValue; |
|
72
|
|
|
} |
|
73
|
|
|
|
|
74
|
|
|
/** |
|
75
|
|
|
* @todo this has to be moved in the rw url handler |
|
76
|
|
|
* @return void |
|
77
|
|
|
*/ |
|
78
|
18 |
|
public function constructTaintedVars() { |
|
79
|
18 |
|
$sPath = $this->getUriObject()->getPath(); |
|
80
|
18 |
|
foreach (explode('/', $sPath) as $iKey => $sUrlId) { |
|
81
|
18 |
|
if ($sUrlId) { |
|
82
|
18 |
|
$t = explode(':', $sUrlId); |
|
83
|
18 |
|
if (count($t) > 1) { |
|
84
|
18 |
|
$this->aTaintedVars[array_shift($t)] = implode(':', $t); |
|
85
|
|
|
} /*else { |
|
86
|
|
|
$this->aTaintedVars[] = $t[0]; |
|
87
|
|
|
}*/ |
|
88
|
|
|
} |
|
89
|
|
|
} |
|
90
|
18 |
|
} |
|
91
|
|
|
} |
|
92
|
|
|
|
mariusor /
vsc
Loading history...
This check compares the return type specified in the
@returnannotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch.