Input.php 2.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
  1. <?php
  2. namespace Elgg\Http;
  3. /**
  4. * WARNING: API IN FLUX. DO NOT USE DIRECTLY.
  5. *
  6. * Provides unified access to the $_GET and $_POST inputs.
  7. *
  8. * @package Elgg.Core
  9. * @subpackage Http
  10. * @since 1.10.0
  11. * @access private
  12. */
  13. class Input {
  14. /**
  15. * Global Elgg configuration
  16. *
  17. * @var \stdClass
  18. */
  19. private $CONFIG;
  20. /**
  21. * Constructor
  22. */
  23. public function __construct() {
  24. global $CONFIG;
  25. $this->CONFIG = $CONFIG;
  26. }
  27. /**
  28. * Sets an input value that may later be retrieved by get_input
  29. *
  30. * Note: this function does not handle nested arrays (ex: form input of param[m][n])
  31. *
  32. * @param string $variable The name of the variable
  33. * @param string|string[] $value The value of the variable
  34. *
  35. * @return void
  36. */
  37. public function set($variable, $value) {
  38. if (!isset($this->CONFIG->input)) {
  39. $this->CONFIG->input = array();
  40. }
  41. if (is_array($value)) {
  42. array_walk_recursive($value, create_function('&$v, $k', '$v = trim($v);'));
  43. $this->CONFIG->input[trim($variable)] = $value;
  44. } else {
  45. $this->CONFIG->input[trim($variable)] = trim($value);
  46. }
  47. }
  48. /**
  49. * Get some input from variables passed submitted through GET or POST.
  50. *
  51. * If using any data obtained from get_input() in a web page, please be aware that
  52. * it is a possible vector for a reflected XSS attack. If you are expecting an
  53. * integer, cast it to an int. If it is a string, escape quotes.
  54. *
  55. * Note: this function does not handle nested arrays (ex: form input of param[m][n])
  56. * because of the filtering done in htmlawed from the filter_tags call.
  57. * @todo Is this ^ still true?
  58. *
  59. * @param string $variable The variable name we want.
  60. * @param mixed $default A default value for the variable if it is not found.
  61. * @param bool $filter_result If true, then the result is filtered for bad tags.
  62. *
  63. * @return mixed
  64. */
  65. function get($variable, $default = null, $filter_result = true) {
  66. $result = $default;
  67. elgg_push_context('input');
  68. if (isset($this->CONFIG->input[$variable])) {
  69. // a plugin has already set this variable
  70. $result = $this->CONFIG->input[$variable];
  71. if ($filter_result) {
  72. $result = filter_tags($result);
  73. }
  74. } else {
  75. $request = _elgg_services()->request;
  76. $value = $request->get($variable);
  77. if ($value !== null) {
  78. $result = $value;
  79. if (is_string($result)) {
  80. // @todo why trim
  81. $result = trim($result);
  82. }
  83. if ($filter_result) {
  84. $result = filter_tags($result);
  85. }
  86. }
  87. }
  88. elgg_pop_context();
  89. return $result;
  90. }
  91. }