dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
phpdoc tweaking
[lhc/web/wiklou.git] / includes / WebRequest.php
1 <?php
2 /**
3 * Deal with importing all those nasssty globals and things
4 * @package MediaWiki
5 */
6
7 # Copyright (C) 2003 Brion Vibber <brion@pobox.com>
8 # http://www.mediawiki.org/
9 #
10 # This program is free software; you can redistribute it and/or modify
11 # it under the terms of the GNU General Public License as published by
12 # the Free Software Foundation; either version 2 of the License, or
13 # (at your option) any later version.
14 #
15 # This program is distributed in the hope that it will be useful,
16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU General Public License for more details.
19 #
20 # You should have received a copy of the GNU General Public License along
21 # with this program; if not, write to the Free Software Foundation, Inc.,
22 # 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 # http://www.gnu.org/copyleft/gpl.html
24
25 /**
26 * The WebRequest class encapsulates getting at data passed in the
27 * URL or via a POSTed form, handling remove of "magic quotes" slashes,
28 * stripping illegal input characters and normalizing Unicode sequences.
29 *
30 * Usually this is used via a global singleton, $wgRequest. You should
31 * not create a second WebRequest object; make a FauxRequest object if
32 * you want to pass arbitrary data to some function in place of the web
33 * input.
34 *
35 * @package MediaWiki
36 */
37 class WebRequest {
38 function WebRequest() {
39 $this->checkMagicQuotes();
40 global $wgUsePathInfo;
41 if( isset( $_SERVER['PATH_INFO'] ) && $wgUsePathInfo ) {
42 # Stuff it!
43 $_REQUEST['title'] = substr( $_SERVER['PATH_INFO'], 1 );
44 }
45 global $wgUseLatin1;
46 if( !$wgUseLatin1 ) {
47 require_once( 'normal/UtfNormal.php' );
48 wfProfileIn( 'WebRequest:normalizeUnicode-fix' );
49 $this->normalizeUnicode( $_REQUEST );
50 wfProfileOut( 'WebRequest:normalizeUnicode-fix' );
51 }
52 }
53
54 /**
55 * Recursively strips slashes from the given array;
56 * used for undoing the evil that is magic_quotes_gpc.
57 * @param array &$arr will be modified
58 * @return array the original array
59 * @private
60 */
61 function &fix_magic_quotes( &$arr ) {
62 foreach( $arr as $key => $val ) {
63 if( is_array( $val ) ) {
64 $this->fix_magic_quotes( $arr[$key] );
65 } else {
66 $arr[$key] = stripslashes( $val );
67 }
68 }
69 return $arr;
70 }
71
72 /**
73 * If magic_quotes_gpc option is on, run the global arrays
74 * through fix_magic_quotes to strip out the stupid dlashes.
75 * WARNING: This should only be done once! Running a second
76 * time could damage the values.
77 * @private
78 */
79 function checkMagicQuotes() {
80 if ( get_magic_quotes_gpc() ) {
81 $this->fix_magic_quotes( $_COOKIE );
82 $this->fix_magic_quotes( $_ENV );
83 $this->fix_magic_quotes( $_GET );
84 $this->fix_magic_quotes( $_POST );
85 $this->fix_magic_quotes( $_REQUEST );
86 $this->fix_magic_quotes( $_SERVER );
87 }
88 }
89
90 /**
91 * Recursively normalizes UTF-8 strings in the given array.
92 * @param array &$arr will be modified
93 * @private
94 */
95 function normalizeUnicode( &$arr ) {
96 foreach( $arr as $key => $val ) {
97 if( is_array( $val ) ) {
98 $this->normalizeUnicode( $arr[$key ] );
99 } else {
100 $arr[$key] = UtfNormal::cleanUp( $val );
101 }
102 }
103 }
104
105 /**
106 * Fetch a value from the given array or return $default if it's not set.
107 * @param array &$arr
108 * @param string $name
109 * @param mixed $default
110 * @return mixed
111 * @private
112 */
113 function getGPCVal( &$arr, $name, $default ) {
114 if( isset( $arr[$name] ) ) {
115 return $arr[$name];
116 } else {
117 return $default;
118 }
119 }
120
121 /**
122 * Fetch a value from the given array or return $default if it's not set.
123 * \r is stripped from the text, and with some language modules there is
124 * an input transliteration applied.
125 * @param array &$arr
126 * @param string $name
127 * @param string $default
128 * @return string
129 * @private
130 */
131 function getGPCText( &$arr, $name, $default ) {
132 # Text fields may be in an alternate encoding which we should check.
133 # Also, strip CRLF line endings down to LF to achieve consistency.
134 global $wgLang;
135 if( isset( $arr[$name] ) ) {
136 return str_replace( "\r\n", "\n", $wgLang->recodeInput( $arr[$name] ) );
137 } else {
138 return $default;
139 }
140 }
141
142 /**
143 * Fetch a value from the input or return $default if it's not set.
144 * Value may be of a string or array, and is not altered.
145 * @param string $name
146 * @param mixed $default optional default (or NULL)
147 * @return mixed
148 */
149 function getVal( $name, $default = NULL ) {
150 return $this->getGPCVal( $_REQUEST, $name, $default );
151 }
152
153 /**
154 * Fetch an integer value from the input or return $default if not set.
155 * Guaranteed to return an integer; non-numeric input will typically
156 * return 0.
157 * @param string $name
158 * @param int $default
159 * @return int
160 */
161 function getInt( $name, $default = 0 ) {
162 return IntVal( $this->getVal( $name, $default ) );
163 }
164
165 /**
166 * Fetch a boolean value from the input or return $default if not set.
167 * Guaranteed to return true or false, with normal PHP semantics for
168 * boolean interpretation of strings.
169 * @param string $name
170 * @param bool $default
171 * @return bool
172 */
173 function getBool( $name, $default = false ) {
174 return $this->getVal( $name, $default ) ? true : false;
175 }
176
177 /**
178 * Return true if the named value is set in the input, whatever that
179 * value is (even "0"). Return false if the named value is not set.
180 * Example use is checking for the presence of check boxes in forms.
181 * @param string $name
182 * @return bool
183 */
184 function getCheck( $name ) {
185 # Checkboxes and buttons are only present when clicked
186 # Presence connotes truth, abscense false
187 $val = $this->getVal( $name, NULL );
188 return isset( $val );
189 }
190
191 /**
192 * Fetch a text string from the given array or return $default if it's not
193 * set. \r is stripped from the text, and with some language modules there
194 * is an input transliteration applied. This should generally be used for
195 * form <textarea> and <input> fields.
196 *
197 * @param string $name
198 * @param string $default optional
199 * @return string
200 */
201 function getText( $name, $default = '' ) {
202 return $this->getGPCText( $_REQUEST, $name, $default );
203 }
204
205 /**
206 * Extracts the given named values into an array.
207 * If no arguments are given, returns all input values.
208 * No transformation is performed on the values.
209 */
210 function getValues() {
211 $names = func_get_args();
212 if ( count( $names ) == 0 ) {
213 $names = array_keys( $_REQUEST );
214 }
215
216 $retVal = array();
217 foreach ( $names as $name ) {
218 $value = $this->getVal( $name );
219 if ( !is_null( $value ) ) {
220 $retVal[$name] = $value;
221 }
222 }
223 return $retVal;
224 }
225
226 /**
227 * Returns true if the present request was reached by a POST operation,
228 * false otherwise (GET, HEAD, or command-line).
229 *
230 * Note that values retrieved by the object may come from the
231 * GET URL etc even on a POST request.
232 *
233 * @return bool
234 */
235 function wasPosted() {
236 return $_SERVER['REQUEST_METHOD'] == 'POST';
237 }
238
239 /**
240 * Returns true if there is a session cookie set.
241 * This does not necessarily mean that the user is logged in!
242 *
243 * @return bool
244 */
245 function checkSessionCookie() {
246 return isset( $_COOKIE[ini_get('session.name')] );
247 }
248
249 /**
250 * Return the path portion of the request URI.
251 * @return string
252 */
253 function getRequestURL() {
254 return $_SERVER['REQUEST_URI'];
255 }
256
257 /**
258 * Return the request URI with the canonical service and hostname.
259 * @return string
260 */
261 function getFullRequestURL() {
262 global $wgServer;
263 return $wgServer . $this->getRequestURL();
264 }
265
266 /**
267 * Take an arbitrary query and rewrite the present URL to include it
268 * @param string $query Query string fragment; do not include initial '?'
269 * @return string
270 */
271 function appendQuery( $query ) {
272 global $wgTitle;
273 $basequery = '';
274 foreach( $_GET as $var => $val ) {
275 if( $var == 'title' ) continue;
276 $basequery .= '&' . urlencode( $var ) . '=' . urlencode( $val );
277 }
278 $basequery .= '&' . $query;
279
280 # Trim the extra &
281 $basequery = substr( $basequery, 1 );
282 return $wgTitle->getLocalURL( $basequery );
283 }
284
285 /**
286 * HTML-safe version of appendQuery().
287 * @param string $query Query string fragment; do not include initial '?'
288 * @return string
289 */
290 function escapeAppendQuery( $query ) {
291 return htmlspecialchars( $this->appendQuery( $query ) );
292 }
293
294 /**
295 * Check for limit and offset parameters on the input, and return sensible
296 * defaults if not given. The limit must be positive and is capped at 5000.
297 * Offset must be positive but is not capped.
298 *
299 * @param int $deflimit Limit to use if no input and the user hasn't set the option.
300 * @param string $optionname To specify an option other than rclimit to pull from.
301 * @return array first element is limit, second is offset
302 */
303 function getLimitOffset( $deflimit = 50, $optionname = 'rclimit' ) {
304 global $wgUser;
305
306 $limit = $this->getInt( 'limit', 0 );
307 if( $limit < 0 ) $limit = 0;
308 if( ( $limit == 0 ) && ( $optionname != '' ) ) {
309 $limit = (int)$wgUser->getOption( $optionname );
310 }
311 if( $limit <= 0 ) $limit = $deflimit;
312 if( $limit > 5000 ) $limit = 5000; # We have *some* limits...
313
314 $offset = $this->getInt( 'offset', 0 );
315 if( $offset < 0 ) $offset = 0;
316
317 return array( $limit, $offset );
318 }
319
320 /**
321 * Return the path to the temporary file where PHP has stored the upload.
322 * @param string $key
323 * @return string or NULL if no such file.
324 */
325 function getFileTempname( $key ) {
326 if( !isset( $_FILES[$key] ) ) {
327 return NULL;
328 }
329 return $_FILES[$key]['tmp_name'];
330 }
331
332 /**
333 * Return the size of the upload, or 0.
334 * @param string $key
335 * @return integer
336 */
337 function getFileSize( $key ) {
338 if( !isset( $_FILES[$key] ) ) {
339 return 0;
340 }
341 return $_FILES[$key]['size'];
342 }
343
344 /**
345 * Return the original filename of the uploaded file, as reported by
346 * the submitting user agent. HTML-style character entities are
347 * interpreted and normalized to Unicode normalization form C, in part
348 * to deal with weird input from Safari with non-ASCII filenames.
349 *
350 * Other than this the name is not verified for being a safe filename.
351 *
352 * @param string $key
353 * @return string or NULL if no such file.
354 */
355 function getFileName( $key ) {
356 if( !isset( $_FILES[$key] ) ) {
357 return NULL;
358 }
359 $name = $_FILES[$key]['name'];
360
361 # Safari sends filenames in HTML-encoded Unicode form D...
362 # Horrid and evil! Let's try to make some kind of sense of it.
363 global $wgUseLatin1;
364 if( $wgUseLatin1 ) {
365 $name = utf8_encode( $name );
366 }
367 $name = wfMungeToUtf8( $name );
368 $name = UtfNormal::cleanUp( $name );
369 if( $wgUseLatin1 ) {
370 $name = utf8_decode( $name );
371 }
372 wfDebug( "WebRequest::getFileName() '" . $_FILES[$key]['name'] . "' normalized to '$name'\n" );
373 return $name;
374 }
375 }
376
377 /**
378 * WebRequest clone which takes values from a provided array.
379 *
380 * @package MediaWiki
381 */
382 class FauxRequest extends WebRequest {
383 var $data = null;
384 var $wasPosted = false;
385
386 function WebRequest( $data, $wasPosted = false ) {
387 if( is_array( $data ) ) {
388 $this->data = $data;
389 } else {
390 wfDebugDieBacktrace( "FauxReqeust() got bogus data" );
391 }
392 $this->wasPosted = $wasPosted;
393 }
394
395 function getVal( $name, $default = NULL ) {
396 return $this->getGPCVal( $this->data, $name, $default );
397 }
398
399 function getText( $name, $default = '' ) {
400 # Override; don't recode since we're using internal data
401 return $this->getVal( $name, $default );
402 }
403
404 function getValues() {
405 return $this->data;
406 }
407
408 function wasPosted() {
409 return $this->wasPosted;
410 }
411
412 function checkSessionCookie() {
413 return false;
414 }
415
416 function getRequestURL() {
417 wfDebugDieBacktrace( 'FauxRequest::getRequestURL() not implemented' );
418 }
419
420 function appendQuery( $query ) {
421 wfDebugDieBacktrace( 'FauxRequest::appendQuery() not implemented' );
422 }
423
424 }
425
426 ?>
Wiklou, le Wiki du Wiklou