includes/class.gpc.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257

<?php
//  {{{ class  Req
/**
 * Flyspray
 *
 * GPC classes
 *
 * This script contains classes for $_GET, $_REQUEST, $_POST and $_COOKIE
 * to safely retrieve values. Example: Get::val('foo', 'bar') to get $_GET['foo'] or 'bar' if 
 * the key does not exist. 
 *
 * @license http://opensource.org/licenses/lgpl-license.php Lesser GNU Public License
 * @package flyspray
 * @author Pierre Habouzit
 */
 
abstract class Req
{
    public static function has($key)
    {
        return isset($_REQUEST[$key]);
    }

    public static function val($key, $default = null)
    {
        return Req::has($key) ? $_REQUEST[$key] : $default;
    }

    //it will always return a number no matter what(null is 0)
    public static function num($key, $default = null)
    {
        return Filters::num(Req::val($key, $default));
    }
    
    public static function enum($key, $options, $default = null)
    {
        return Filters::enum(Req::val($key, $default), $options);
    }

    //always a string (null is typed to an empty string)
    public static function safe($key)
    {
        return Filters::noXSS(Req::val($key));
    }

    public static function isAlnum($key)
    {
        return Filters::isAlnum(Req::val($key));
    }

	/**
	 * Overwrites or sets a request value
	 */
	public static function set($key, $value = null) {
		$_REQUEST[$key] = $value;
	}
}

 // }}}
// {{{ class Post

abstract class Post
{
    public static function has($key)
    {
        // XXX semantics is different for POST, as POST of '' values is never
        //     unintentionnal, whereas GET/COOKIE may have '' values for empty
        //     ones.
        return isset($_POST[$key]);
    }

    public static function val($key, $default = null)
    {
        return Post::has($key) ? $_POST[$key] : $default;
    }

    //it will always return a number no matter what(null is 0)
    public static function num($key, $default = null)
    {
        return Filters::num(Post::val($key, $default));
    }

    //always a string (null is typed to an empty string)
    public static function safe($key)
    {
        return Filters::noXSS(Post::val($key));
    }

    public static function isAlnum($key)
    {
        return Filters::isAlnum(Post::val($key));
    }
}

// }}}
// {{{ class Get

abstract class Get
{
    public static function has($key)
    {
        return isset($_GET[$key]) && $_GET[$key] !== '';
    }

    public static function val($key, $default = null)
    {
        return Get::has($key) ? $_GET[$key] : $default;
    }

    //it will always return a number no matter what(null is 0)
    public static function num($key, $default = null)
    {
        return Filters::num(Get::val($key, $default));
    }

    //always a string (null is typed to an empty string)
    public static function safe($key)
    {
        return Filters::noXSS(Get::val($key));
    }

    public static function enum($key, $options, $default = null)
    {
        return Filters::enum(Get::val($key, $default), $options);
    }

}

// }}}
//{{{ class  Cookie

abstract class Cookie
{
    public static function has($key)
    {
        return isset($_COOKIE[$key]) && $_COOKIE[$key] !== '';
    }

    public static function val($key, $default = null)
    {
        return Cookie::has($key) ? $_COOKIE[$key] : $default;
    }
}
//}}}
/** 
 * Class Filters
 *
 * This is a simple class for safe input validation
 * no mixed stuff here, functions returns always the same type.
 * @author Cristian Rodriguez R <judas.iscariote@flyspray.org>
 * @license BSD
 * @notes this intented to be used by Flyspray internals functions/methods
 * please DO NOT use this in templates , if the code processing the input there 
 * is not safe, please fix the underlying problem.
 */
abstract class Filters {
    /**
     * give me a number only please?
     * @param mixed $data
     * @return int
     * @access public static
     * @notes changed before 0.9.9 to avoid strange results
     * with arrays and objects
     */
    public static function num($data)
    {
         return intval($data); // no further checks here please
    }
    
    /**
     * Give user input free from potentially mailicious html
     * @param mixed $data
     * @return string htmlspecialchar'ed
     * @access public static
     */
    public static function noXSS($data)
    {
        if(empty($data) || is_numeric($data)) {
            return $data;
        } elseif(is_string($data)) {
            return htmlspecialchars($data, ENT_QUOTES, 'utf-8');
        }
        return '';
    }
    
    /**
     * Give user input free from potentially mailicious html and JS insertions
     * @param mixed $data
     * @return string
     * @access public static
     */
    public static function noJsXSS($data)
    {
        if(empty($data) || is_numeric($data)) {
            return $data;
        } elseif(is_string($data)) {
            return Filters::noXSS(preg_replace("/[\x01-\x1F\x7F]|\xC2[\x80-\x9F]/", "", addcslashes($data, "\t\"'\\")));
        }
        return '';
    }
    
    /**
     * is $data alphanumeric eh ?
     * @param string $data string value to check
     * @return bool
     * @access public static
     * @notes unfortunately due to a bug in PHP < 5.1 
     * http://bugs.php.net/bug.php?id=30945 ctype_alnum
     * returned true on empty string, that's the reason why
     * we have to use strlen too.
     * 
     * Be aware: $data MUST be an string, integers or any other
     * type is evaluated to FALSE
     */
    public static function isAlnum($data)
    {
        return ctype_alnum($data) && strlen($data);
    }

    /**
     * Checks if $data is a value of $options and returns the first element of
     * $options if it is not (for input validation if all possible values are known)
     * @param mixed $data
     * @param array $options
     * @return mixed
     * @access public static
     */
    public static function enum($data, $options)
    {
        if (!in_array($data, $options) && isset($options[0])) {
            return $options[0];
        }
        
        return $data;
    }

    public static function escapeqs($qs)
    {
            parse_str($qs, $clean_qs);
            return http_build_query($clean_qs);
    }
}

/**
 * A basic function which works like the GPC classes above for any array
 * @param array $array
 * @param mixed $key
 * @param mixed $default
 * @return mixed
 * @version 1.0
 * @since 0.9.9
 * @see Backend::get_task_list()
 */
function array_get(&$array, $key, $default = null)
{
    return (isset($array[$key])) ? $array[$key] : $default;
}