Andrey Andreev | c5536aa | 2012-11-01 17:33:58 +0200 | [diff] [blame] | 1 | <?php |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 2 | /** |
| 3 | * CodeIgniter |
| 4 | * |
Andrey Andreev | fe9309d | 2015-01-09 17:48:58 +0200 | [diff] [blame] | 5 | * An open source application development framework for PHP |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 6 | * |
Andrey Andreev | bdb96ca | 2014-10-28 00:13:31 +0200 | [diff] [blame] | 7 | * This content is released under the MIT License (MIT) |
Andrey Andreev | 64e98aa | 2012-01-07 20:29:10 +0200 | [diff] [blame] | 8 | * |
Andrey Andreev | cce6bd1 | 2018-01-09 11:32:02 +0200 | [diff] [blame^] | 9 | * Copyright (c) 2014 - 2018, British Columbia Institute of Technology |
Andrey Andreev | 64e98aa | 2012-01-07 20:29:10 +0200 | [diff] [blame] | 10 | * |
Andrey Andreev | bdb96ca | 2014-10-28 00:13:31 +0200 | [diff] [blame] | 11 | * Permission is hereby granted, free of charge, to any person obtaining a copy |
| 12 | * of this software and associated documentation files (the "Software"), to deal |
| 13 | * in the Software without restriction, including without limitation the rights |
| 14 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
| 15 | * copies of the Software, and to permit persons to whom the Software is |
| 16 | * furnished to do so, subject to the following conditions: |
Derek Jones | f4a4bd8 | 2011-10-20 12:18:42 -0500 | [diff] [blame] | 17 | * |
Andrey Andreev | bdb96ca | 2014-10-28 00:13:31 +0200 | [diff] [blame] | 18 | * The above copyright notice and this permission notice shall be included in |
| 19 | * all copies or substantial portions of the Software. |
| 20 | * |
| 21 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
| 22 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
| 23 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
| 24 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
| 25 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
| 26 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
| 27 | * THE SOFTWARE. |
| 28 | * |
| 29 | * @package CodeIgniter |
| 30 | * @author EllisLab Dev Team |
Andrey Andreev | 1924e87 | 2016-01-11 12:55:34 +0200 | [diff] [blame] | 31 | * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) |
Andrey Andreev | cce6bd1 | 2018-01-09 11:32:02 +0200 | [diff] [blame^] | 32 | * @copyright Copyright (c) 2014 - 2018, British Columbia Institute of Technology (http://bcit.ca/) |
Andrey Andreev | bdb96ca | 2014-10-28 00:13:31 +0200 | [diff] [blame] | 33 | * @license http://opensource.org/licenses/MIT MIT License |
Andrey Andreev | bd202c9 | 2016-01-11 12:50:18 +0200 | [diff] [blame] | 34 | * @link https://codeigniter.com |
Andrey Andreev | bdb96ca | 2014-10-28 00:13:31 +0200 | [diff] [blame] | 35 | * @since Version 1.0.0 |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 36 | * @filesource |
| 37 | */ |
Andrey Andreev | c5536aa | 2012-11-01 17:33:58 +0200 | [diff] [blame] | 38 | defined('BASEPATH') OR exit('No direct script access allowed'); |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 39 | |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 40 | /** |
| 41 | * Input Class |
| 42 | * |
| 43 | * Pre-processes global input data for security |
| 44 | * |
| 45 | * @package CodeIgniter |
| 46 | * @subpackage Libraries |
| 47 | * @category Input |
Derek Jones | f4a4bd8 | 2011-10-20 12:18:42 -0500 | [diff] [blame] | 48 | * @author EllisLab Dev Team |
Andrey Andreev | bd202c9 | 2016-01-11 12:50:18 +0200 | [diff] [blame] | 49 | * @link https://codeigniter.com/user_guide/libraries/input.html |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 50 | */ |
| 51 | class CI_Input { |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 52 | |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 53 | /** |
| 54 | * IP address of the current user |
| 55 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 56 | * @var string |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 57 | */ |
Andrey Andreev | 52caf59 | 2015-02-27 15:09:34 +0200 | [diff] [blame] | 58 | protected $ip_address = FALSE; |
Andrey Andreev | 92ebfb6 | 2012-05-17 12:49:24 +0300 | [diff] [blame] | 59 | |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 60 | /** |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 61 | * Allow GET array flag |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 62 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 63 | * If set to FALSE, then $_GET will be set to an empty array. |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 64 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 65 | * @var bool |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 66 | */ |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 67 | protected $_allow_get_array = TRUE; |
Andrey Andreev | 92ebfb6 | 2012-05-17 12:49:24 +0300 | [diff] [blame] | 68 | |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 69 | /** |
Andrey Andreev | bfb635b | 2014-01-08 18:32:05 +0200 | [diff] [blame] | 70 | * Standardize new lines flag |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 71 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 72 | * If set to TRUE, then newlines are standardized. |
| 73 | * |
| 74 | * @var bool |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 75 | */ |
Andrey Andreev | efc08e9 | 2014-04-15 14:32:52 +0300 | [diff] [blame] | 76 | protected $_standardize_newlines; |
Andrey Andreev | 92ebfb6 | 2012-05-17 12:49:24 +0300 | [diff] [blame] | 77 | |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 78 | /** |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 79 | * Enable XSS flag |
| 80 | * |
| 81 | * Determines whether the XSS filter is always active when |
| 82 | * GET, POST or COOKIE data is encountered. |
| 83 | * Set automatically based on config setting. |
| 84 | * |
| 85 | * @var bool |
| 86 | */ |
| 87 | protected $_enable_xss = FALSE; |
| 88 | |
| 89 | /** |
| 90 | * Enable CSRF flag |
| 91 | * |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 92 | * Enables a CSRF cookie token to be set. |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 93 | * Set automatically based on config setting. |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 94 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 95 | * @var bool |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 96 | */ |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 97 | protected $_enable_csrf = FALSE; |
Andrey Andreev | 92ebfb6 | 2012-05-17 12:49:24 +0300 | [diff] [blame] | 98 | |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 99 | /** |
| 100 | * List of all HTTP request headers |
| 101 | * |
| 102 | * @var array |
| 103 | */ |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 104 | protected $headers = array(); |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 105 | |
Andrey Andreev | d0ac8b1 | 2015-02-27 11:41:52 +0200 | [diff] [blame] | 106 | /** |
| 107 | * Raw input stream data |
| 108 | * |
| 109 | * Holds a cache of php://input contents |
| 110 | * |
| 111 | * @var string |
| 112 | */ |
Ignasimg | cae9588 | 2015-02-26 02:46:14 +0100 | [diff] [blame] | 113 | protected $_raw_input_stream; |
Ignasimg | f9fbf11 | 2015-02-06 09:21:07 +0100 | [diff] [blame] | 114 | |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 115 | /** |
Andrey Andreev | d0ac8b1 | 2015-02-27 11:41:52 +0200 | [diff] [blame] | 116 | * Parsed input stream data |
Andrey Andreev | 303eef0 | 2012-11-06 14:55:48 +0200 | [diff] [blame] | 117 | * |
| 118 | * Parsed from php://input at runtime |
| 119 | * |
| 120 | * @see CI_Input::input_stream() |
| 121 | * @var array |
| 122 | */ |
Andrey Andreev | d0ac8b1 | 2015-02-27 11:41:52 +0200 | [diff] [blame] | 123 | protected $_input_stream; |
| 124 | |
Andrey Andreev | 88fd8e4 | 2015-02-27 11:43:01 +0200 | [diff] [blame] | 125 | protected $security; |
Andrey Andreev | 7d365dc | 2015-02-27 14:32:15 +0200 | [diff] [blame] | 126 | protected $uni; |
Andrey Andreev | 88fd8e4 | 2015-02-27 11:43:01 +0200 | [diff] [blame] | 127 | |
Andrey Andreev | d0ac8b1 | 2015-02-27 11:41:52 +0200 | [diff] [blame] | 128 | // -------------------------------------------------------------------- |
Andrey Andreev | 303eef0 | 2012-11-06 14:55:48 +0200 | [diff] [blame] | 129 | |
| 130 | /** |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 131 | * Class constructor |
Greg Aker | a926328 | 2010-11-10 15:26:43 -0600 | [diff] [blame] | 132 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 133 | * Determines whether to globally enable the XSS processing |
| 134 | * and whether to allow the $_GET array. |
Andrey Andreev | 92ebfb6 | 2012-05-17 12:49:24 +0300 | [diff] [blame] | 135 | * |
| 136 | * @return void |
Greg Aker | a926328 | 2010-11-10 15:26:43 -0600 | [diff] [blame] | 137 | */ |
| 138 | public function __construct() |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 139 | { |
Andrey Andreev | 9e2dcd4 | 2017-11-29 12:59:45 +0200 | [diff] [blame] | 140 | $this->_allow_get_array = (config_item('allow_get_array') !== FALSE); |
Andrey Andreev | bfb635b | 2014-01-08 18:32:05 +0200 | [diff] [blame] | 141 | $this->_enable_xss = (config_item('global_xss_filtering') === TRUE); |
| 142 | $this->_enable_csrf = (config_item('csrf_protection') === TRUE); |
fabianozenatti | 523cda3 | 2014-03-21 12:13:03 +0100 | [diff] [blame] | 143 | $this->_standardize_newlines = (bool) config_item('standardize_newlines'); |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 144 | |
Andrey Andreev | c26b9eb | 2014-02-24 11:31:36 +0200 | [diff] [blame] | 145 | $this->security =& load_class('Security', 'core'); |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 146 | |
Pascal Kriete | aaec1e4 | 2011-01-20 00:01:21 -0500 | [diff] [blame] | 147 | // Do we need the UTF-8 class? |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 148 | if (UTF8_ENABLED === TRUE) |
| 149 | { |
Andrey Andreev | c26b9eb | 2014-02-24 11:31:36 +0200 | [diff] [blame] | 150 | $this->uni =& load_class('Utf8', 'core'); |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 151 | } |
| 152 | |
| 153 | // Sanitize global arrays |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 154 | $this->_sanitize_globals(); |
Andrey Andreev | 90726b8 | 2015-01-20 12:39:22 +0200 | [diff] [blame] | 155 | |
Andrey Andreev | dd28a88 | 2015-09-07 16:03:05 +0300 | [diff] [blame] | 156 | // CSRF Protection check |
| 157 | if ($this->_enable_csrf === TRUE && ! is_cli()) |
| 158 | { |
| 159 | $this->security->csrf_verify(); |
| 160 | } |
| 161 | |
Andrey Andreev | 90726b8 | 2015-01-20 12:39:22 +0200 | [diff] [blame] | 162 | log_message('info', 'Input Class Initialized'); |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 163 | } |
| 164 | |
| 165 | // -------------------------------------------------------------------- |
| 166 | |
| 167 | /** |
Greg Aker | a926328 | 2010-11-10 15:26:43 -0600 | [diff] [blame] | 168 | * Fetch from array |
| 169 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 170 | * Internal method used to retrieve values from global arrays. |
Greg Aker | a926328 | 2010-11-10 15:26:43 -0600 | [diff] [blame] | 171 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 172 | * @param array &$array $_GET, $_POST, $_COOKIE, $_SERVER, etc. |
Ahmad Anbar | ff89a4e | 2014-12-02 17:26:30 +0200 | [diff] [blame] | 173 | * @param mixed $index Index for item to be fetched from $array |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 174 | * @param bool $xss_clean Whether to apply XSS filtering |
| 175 | * @return mixed |
Greg Aker | a926328 | 2010-11-10 15:26:43 -0600 | [diff] [blame] | 176 | */ |
Andrey Andreev | 7c60b12 | 2014-02-08 18:47:19 +0200 | [diff] [blame] | 177 | protected function _fetch_from_array(&$array, $index = NULL, $xss_clean = NULL) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 178 | { |
Andrey Andreev | ef29f83 | 2014-12-02 18:03:47 +0200 | [diff] [blame] | 179 | is_bool($xss_clean) OR $xss_clean = $this->_enable_xss; |
| 180 | |
Andrey Andreev | 7c60b12 | 2014-02-08 18:47:19 +0200 | [diff] [blame] | 181 | // If $index is NULL, it means that the whole $array is requested |
Andrey Andreev | ef29f83 | 2014-12-02 18:03:47 +0200 | [diff] [blame] | 182 | isset($index) OR $index = array_keys($array); |
| 183 | |
| 184 | // allow fetching multiple keys at once |
| 185 | if (is_array($index)) |
Andrey Andreev | 7c60b12 | 2014-02-08 18:47:19 +0200 | [diff] [blame] | 186 | { |
| 187 | $output = array(); |
Andrey Andreev | 6b3bf4c | 2014-12-02 18:04:41 +0200 | [diff] [blame] | 188 | foreach ($index as $key) |
Andrey Andreev | 7c60b12 | 2014-02-08 18:47:19 +0200 | [diff] [blame] | 189 | { |
| 190 | $output[$key] = $this->_fetch_from_array($array, $key, $xss_clean); |
| 191 | } |
| 192 | |
| 193 | return $output; |
| 194 | } |
| 195 | |
nisheeth-barthwal | a7447d2 | 2013-03-21 15:48:10 +0530 | [diff] [blame] | 196 | if (isset($array[$index])) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 197 | { |
nisheeth-barthwal | a7447d2 | 2013-03-21 15:48:10 +0530 | [diff] [blame] | 198 | $value = $array[$index]; |
| 199 | } |
nisheeth-barthwal | 47ea5a8 | 2013-03-26 18:57:28 +0530 | [diff] [blame] | 200 | elseif (($count = preg_match_all('/(?:^[^\[]+)|\[[^]]*\]/', $index, $matches)) > 1) // Does the index contain array notation |
nisheeth-barthwal | a7447d2 | 2013-03-21 15:48:10 +0530 | [diff] [blame] | 201 | { |
nisheeth-barthwal | 47ea5a8 | 2013-03-26 18:57:28 +0530 | [diff] [blame] | 202 | $value = $array; |
nisheeth-barthwal | 77236e0 | 2013-03-25 23:42:36 +0530 | [diff] [blame] | 203 | for ($i = 0; $i < $count; $i++) |
nisheeth-barthwal | a7447d2 | 2013-03-21 15:48:10 +0530 | [diff] [blame] | 204 | { |
nisheeth-barthwal | 77236e0 | 2013-03-25 23:42:36 +0530 | [diff] [blame] | 205 | $key = trim($matches[0][$i], '[]'); |
nisheeth-barthwal | 408cbb4 | 2013-03-26 19:06:40 +0530 | [diff] [blame] | 206 | if ($key === '') // Empty notation will return the value as array |
nisheeth-barthwal | a7447d2 | 2013-03-21 15:48:10 +0530 | [diff] [blame] | 207 | { |
nisheeth-barthwal | 77236e0 | 2013-03-25 23:42:36 +0530 | [diff] [blame] | 208 | break; |
nisheeth-barthwal | a7447d2 | 2013-03-21 15:48:10 +0530 | [diff] [blame] | 209 | } |
nisheeth-barthwal | 47ea5a8 | 2013-03-26 18:57:28 +0530 | [diff] [blame] | 210 | |
| 211 | if (isset($value[$key])) |
nisheeth-barthwal | a7447d2 | 2013-03-21 15:48:10 +0530 | [diff] [blame] | 212 | { |
nisheeth-barthwal | 47ea5a8 | 2013-03-26 18:57:28 +0530 | [diff] [blame] | 213 | $value = $value[$key]; |
nisheeth-barthwal | 77236e0 | 2013-03-25 23:42:36 +0530 | [diff] [blame] | 214 | } |
| 215 | else |
| 216 | { |
| 217 | return NULL; |
nisheeth-barthwal | a7447d2 | 2013-03-21 15:48:10 +0530 | [diff] [blame] | 218 | } |
| 219 | } |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 220 | } |
nisheeth-barthwal | 77236e0 | 2013-03-25 23:42:36 +0530 | [diff] [blame] | 221 | else |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 222 | { |
nisheeth-barthwal | 77236e0 | 2013-03-25 23:42:36 +0530 | [diff] [blame] | 223 | return NULL; |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 224 | } |
| 225 | |
nisheeth-barthwal | 77236e0 | 2013-03-25 23:42:36 +0530 | [diff] [blame] | 226 | return ($xss_clean === TRUE) |
| 227 | ? $this->security->xss_clean($value) |
| 228 | : $value; |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 229 | } |
| 230 | |
| 231 | // -------------------------------------------------------------------- |
| 232 | |
| 233 | /** |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 234 | * Fetch an item from the GET array |
| 235 | * |
Ahmad Anbar | ff89a4e | 2014-12-02 17:26:30 +0200 | [diff] [blame] | 236 | * @param mixed $index Index for item to be fetched from $_GET |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 237 | * @param bool $xss_clean Whether to apply XSS filtering |
| 238 | * @return mixed |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 239 | */ |
Andrey Andreev | 80a16b1 | 2014-01-08 17:19:03 +0200 | [diff] [blame] | 240 | public function get($index = NULL, $xss_clean = NULL) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 241 | { |
nisheeth-barthwal | a5bcfb1 | 2013-03-23 10:53:51 +0530 | [diff] [blame] | 242 | return $this->_fetch_from_array($_GET, $index, $xss_clean); |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 243 | } |
| 244 | |
| 245 | // -------------------------------------------------------------------- |
| 246 | |
| 247 | /** |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 248 | * Fetch an item from the POST array |
| 249 | * |
Ahmad Anbar | ff89a4e | 2014-12-02 17:26:30 +0200 | [diff] [blame] | 250 | * @param mixed $index Index for item to be fetched from $_POST |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 251 | * @param bool $xss_clean Whether to apply XSS filtering |
| 252 | * @return mixed |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 253 | */ |
Andrey Andreev | 80a16b1 | 2014-01-08 17:19:03 +0200 | [diff] [blame] | 254 | public function post($index = NULL, $xss_clean = NULL) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 255 | { |
nisheeth-barthwal | a5bcfb1 | 2013-03-23 10:53:51 +0530 | [diff] [blame] | 256 | return $this->_fetch_from_array($_POST, $index, $xss_clean); |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 257 | } |
| 258 | |
| 259 | // -------------------------------------------------------------------- |
| 260 | |
| 261 | /** |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 262 | * Fetch an item from POST data with fallback to GET |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 263 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 264 | * @param string $index Index for item to be fetched from $_POST or $_GET |
| 265 | * @param bool $xss_clean Whether to apply XSS filtering |
| 266 | * @return mixed |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 267 | */ |
Andrey Andreev | 7c60b12 | 2014-02-08 18:47:19 +0200 | [diff] [blame] | 268 | public function post_get($index, $xss_clean = NULL) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 269 | { |
Andrey Andreev | 9448afb | 2012-02-08 19:49:19 +0200 | [diff] [blame] | 270 | return isset($_POST[$index]) |
nisheeth-barthwal | a5bcfb1 | 2013-03-23 10:53:51 +0530 | [diff] [blame] | 271 | ? $this->post($index, $xss_clean) |
| 272 | : $this->get($index, $xss_clean); |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 273 | } |
| 274 | |
| 275 | // -------------------------------------------------------------------- |
| 276 | |
| 277 | /** |
vlakoff | 441fd26 | 2013-08-11 20:36:41 +0200 | [diff] [blame] | 278 | * Fetch an item from GET data with fallback to POST |
| 279 | * |
| 280 | * @param string $index Index for item to be fetched from $_GET or $_POST |
| 281 | * @param bool $xss_clean Whether to apply XSS filtering |
| 282 | * @return mixed |
| 283 | */ |
Andrey Andreev | 7c60b12 | 2014-02-08 18:47:19 +0200 | [diff] [blame] | 284 | public function get_post($index, $xss_clean = NULL) |
vlakoff | 441fd26 | 2013-08-11 20:36:41 +0200 | [diff] [blame] | 285 | { |
| 286 | return isset($_GET[$index]) |
| 287 | ? $this->get($index, $xss_clean) |
| 288 | : $this->post($index, $xss_clean); |
| 289 | } |
| 290 | |
| 291 | // -------------------------------------------------------------------- |
| 292 | |
| 293 | /** |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 294 | * Fetch an item from the COOKIE array |
| 295 | * |
Ahmad Anbar | ff89a4e | 2014-12-02 17:26:30 +0200 | [diff] [blame] | 296 | * @param mixed $index Index for item to be fetched from $_COOKIE |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 297 | * @param bool $xss_clean Whether to apply XSS filtering |
| 298 | * @return mixed |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 299 | */ |
Andrey Andreev | 7c60b12 | 2014-02-08 18:47:19 +0200 | [diff] [blame] | 300 | public function cookie($index = NULL, $xss_clean = NULL) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 301 | { |
nisheeth-barthwal | a5bcfb1 | 2013-03-23 10:53:51 +0530 | [diff] [blame] | 302 | return $this->_fetch_from_array($_COOKIE, $index, $xss_clean); |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 303 | } |
| 304 | |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 305 | // -------------------------------------------------------------------- |
| 306 | |
| 307 | /** |
| 308 | * Fetch an item from the SERVER array |
| 309 | * |
Ahmad Anbar | ff89a4e | 2014-12-02 17:26:30 +0200 | [diff] [blame] | 310 | * @param mixed $index Index for item to be fetched from $_SERVER |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 311 | * @param bool $xss_clean Whether to apply XSS filtering |
| 312 | * @return mixed |
| 313 | */ |
Andrey Andreev | 7c60b12 | 2014-02-08 18:47:19 +0200 | [diff] [blame] | 314 | public function server($index, $xss_clean = NULL) |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 315 | { |
| 316 | return $this->_fetch_from_array($_SERVER, $index, $xss_clean); |
| 317 | } |
| 318 | |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 319 | // ------------------------------------------------------------------------ |
| 320 | |
| 321 | /** |
Andrey Andreev | 303eef0 | 2012-11-06 14:55:48 +0200 | [diff] [blame] | 322 | * Fetch an item from the php://input stream |
| 323 | * |
| 324 | * Useful when you need to access PUT, DELETE or PATCH request data. |
| 325 | * |
| 326 | * @param string $index Index for item to be fetched |
| 327 | * @param bool $xss_clean Whether to apply XSS filtering |
| 328 | * @return mixed |
| 329 | */ |
Andrey Andreev | 7c60b12 | 2014-02-08 18:47:19 +0200 | [diff] [blame] | 330 | public function input_stream($index = NULL, $xss_clean = NULL) |
Andrey Andreev | 303eef0 | 2012-11-06 14:55:48 +0200 | [diff] [blame] | 331 | { |
Andrey Andreev | dc134a8 | 2014-05-08 10:00:55 +0300 | [diff] [blame] | 332 | // Prior to PHP 5.6, the input stream can only be read once, |
| 333 | // so we'll need to check if we have already done that first. |
Andrey Andreev | 303eef0 | 2012-11-06 14:55:48 +0200 | [diff] [blame] | 334 | if ( ! is_array($this->_input_stream)) |
| 335 | { |
Ignasimg | cae9588 | 2015-02-26 02:46:14 +0100 | [diff] [blame] | 336 | // $this->raw_input_stream will trigger __get(). |
Ignasimg | 0b5569f | 2015-02-20 17:56:55 +0100 | [diff] [blame] | 337 | parse_str($this->raw_input_stream, $this->_input_stream); |
Andrey Andreev | 7c60b12 | 2014-02-08 18:47:19 +0200 | [diff] [blame] | 338 | is_array($this->_input_stream) OR $this->_input_stream = array(); |
Andrey Andreev | 303eef0 | 2012-11-06 14:55:48 +0200 | [diff] [blame] | 339 | } |
| 340 | |
| 341 | return $this->_fetch_from_array($this->_input_stream, $index, $xss_clean); |
| 342 | } |
| 343 | |
| 344 | // ------------------------------------------------------------------------ |
| 345 | |
| 346 | /** |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 347 | * Set cookie |
| 348 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 349 | * Accepts an arbitrary number of parameters (up to 7) or an associative |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 350 | * array in the first parameter containing all the values. |
| 351 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 352 | * @param string|mixed[] $name Cookie name or an array containing parameters |
| 353 | * @param string $value Cookie value |
| 354 | * @param int $expire Cookie expiration time in seconds |
| 355 | * @param string $domain Cookie domain (e.g.: '.yourdomain.com') |
| 356 | * @param string $path Cookie path (default: '/') |
| 357 | * @param string $prefix Cookie name prefix |
| 358 | * @param bool $secure Whether to only transfer cookies via SSL |
| 359 | * @param bool $httponly Whether to only makes the cookie accessible via HTTP (no javascript) |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 360 | * @return void |
| 361 | */ |
Andrey Andreev | 422b889 | 2017-02-01 14:36:49 +0200 | [diff] [blame] | 362 | public function set_cookie($name, $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = NULL, $httponly = NULL) |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 363 | { |
| 364 | if (is_array($name)) |
| 365 | { |
tobiasbg | 9aa7dc9 | 2011-02-18 21:57:13 +0100 | [diff] [blame] | 366 | // always leave 'name' in last place, as the loop will break otherwise, due to $$item |
freewil | 4ad0fd8 | 2012-03-13 22:37:42 -0400 | [diff] [blame] | 367 | foreach (array('value', 'expire', 'domain', 'path', 'prefix', 'secure', 'httponly', 'name') as $item) |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 368 | { |
| 369 | if (isset($name[$item])) |
| 370 | { |
| 371 | $$item = $name[$item]; |
| 372 | } |
| 373 | } |
| 374 | } |
| 375 | |
Alex Bilbie | ed944a3 | 2012-06-02 11:07:47 +0100 | [diff] [blame] | 376 | if ($prefix === '' && config_item('cookie_prefix') !== '') |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 377 | { |
| 378 | $prefix = config_item('cookie_prefix'); |
| 379 | } |
Andrey Andreev | 9ba661b | 2012-06-04 14:44:34 +0300 | [diff] [blame] | 380 | |
| 381 | if ($domain == '' && config_item('cookie_domain') != '') |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 382 | { |
| 383 | $domain = config_item('cookie_domain'); |
| 384 | } |
Andrey Andreev | 9ba661b | 2012-06-04 14:44:34 +0300 | [diff] [blame] | 385 | |
Alex Bilbie | ed944a3 | 2012-06-02 11:07:47 +0100 | [diff] [blame] | 386 | if ($path === '/' && config_item('cookie_path') !== '/') |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 387 | { |
| 388 | $path = config_item('cookie_path'); |
| 389 | } |
Andrey Andreev | 9ba661b | 2012-06-04 14:44:34 +0300 | [diff] [blame] | 390 | |
Andrey Andreev | 422b889 | 2017-02-01 14:36:49 +0200 | [diff] [blame] | 391 | $secure = ($secure === NULL && config_item('cookie_secure') !== NULL) |
| 392 | ? (bool) config_item('cookie_secure') |
| 393 | : (bool) $secure; |
Andrey Andreev | 9ba661b | 2012-06-04 14:44:34 +0300 | [diff] [blame] | 394 | |
Andrey Andreev | 422b889 | 2017-02-01 14:36:49 +0200 | [diff] [blame] | 395 | $httponly = ($httponly === NULL && config_item('cookie_httponly') !== NULL) |
| 396 | ? (bool) config_item('cookie_httponly') |
| 397 | : (bool) $httponly; |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 398 | |
| 399 | if ( ! is_numeric($expire)) |
| 400 | { |
| 401 | $expire = time() - 86500; |
| 402 | } |
| 403 | else |
| 404 | { |
Phil Sturgeon | c808915 | 2010-12-27 19:06:28 +0000 | [diff] [blame] | 405 | $expire = ($expire > 0) ? time() + $expire : 0; |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 406 | } |
| 407 | |
freewil | 4ad0fd8 | 2012-03-13 22:37:42 -0400 | [diff] [blame] | 408 | setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, $httponly); |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 409 | } |
| 410 | |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 411 | // -------------------------------------------------------------------- |
| 412 | |
| 413 | /** |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 414 | * Fetch the IP Address |
| 415 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 416 | * Determines and validates the visitor's IP address. |
| 417 | * |
| 418 | * @return string IP address |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 419 | */ |
Bo-Yi Wu | 4db872f | 2011-09-12 10:52:37 +0800 | [diff] [blame] | 420 | public function ip_address() |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 421 | { |
| 422 | if ($this->ip_address !== FALSE) |
| 423 | { |
| 424 | return $this->ip_address; |
| 425 | } |
Barry Mieny | dd67197 | 2010-10-04 16:33:58 +0200 | [diff] [blame] | 426 | |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 427 | $proxy_ips = config_item('proxy_ips'); |
Andrey Andreev | ea7a866 | 2012-10-09 13:36:31 +0300 | [diff] [blame] | 428 | if ( ! empty($proxy_ips) && ! is_array($proxy_ips)) |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 429 | { |
| 430 | $proxy_ips = explode(',', str_replace(' ', '', $proxy_ips)); |
| 431 | } |
Andrey Andreev | 5b92ae1 | 2012-10-04 13:05:03 +0300 | [diff] [blame] | 432 | |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 433 | $this->ip_address = $this->server('REMOTE_ADDR'); |
| 434 | |
| 435 | if ($proxy_ips) |
| 436 | { |
| 437 | foreach (array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP', 'HTTP_X_CLIENT_IP', 'HTTP_X_CLUSTER_CLIENT_IP') as $header) |
Jordan Pittman | 8960acf | 2012-07-23 09:05:49 -0300 | [diff] [blame] | 438 | { |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 439 | if (($spoof = $this->server($header)) !== NULL) |
Jordan Pittman | 8960acf | 2012-07-23 09:05:49 -0300 | [diff] [blame] | 440 | { |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 441 | // Some proxies typically list the whole chain of IP |
| 442 | // addresses through which the client has reached us. |
| 443 | // e.g. client_ip, proxy_ip1, proxy_ip2, etc. |
Andrey Andreev | e24eed7 | 2012-11-02 23:33:45 +0200 | [diff] [blame] | 444 | sscanf($spoof, '%[^,]', $spoof); |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 445 | |
| 446 | if ( ! $this->valid_ip($spoof)) |
| 447 | { |
| 448 | $spoof = NULL; |
| 449 | } |
| 450 | else |
| 451 | { |
Jordan Pittman | a5a7135 | 2012-07-20 19:36:43 -0300 | [diff] [blame] | 452 | break; |
| 453 | } |
| 454 | } |
Andrey Andreev | 5b92ae1 | 2012-10-04 13:05:03 +0300 | [diff] [blame] | 455 | } |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 456 | |
Andrey Andreev | e45ad2b | 2012-10-09 13:11:15 +0300 | [diff] [blame] | 457 | if ($spoof) |
Andrey Andreev | 5b92ae1 | 2012-10-04 13:05:03 +0300 | [diff] [blame] | 458 | { |
Andrey Andreev | 9df35b4 | 2012-10-09 13:37:58 +0300 | [diff] [blame] | 459 | for ($i = 0, $c = count($proxy_ips); $i < $c; $i++) |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 460 | { |
| 461 | // Check if we have an IP address or a subnet |
| 462 | if (strpos($proxy_ips[$i], '/') === FALSE) |
| 463 | { |
| 464 | // An IP address (and not a subnet) is specified. |
| 465 | // We can compare right away. |
| 466 | if ($proxy_ips[$i] === $this->ip_address) |
| 467 | { |
| 468 | $this->ip_address = $spoof; |
| 469 | break; |
| 470 | } |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 471 | |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 472 | continue; |
| 473 | } |
| 474 | |
| 475 | // We have a subnet ... now the heavy lifting begins |
| 476 | isset($separator) OR $separator = $this->valid_ip($this->ip_address, 'ipv6') ? ':' : '.'; |
| 477 | |
| 478 | // If the proxy entry doesn't match the IP protocol - skip it |
| 479 | if (strpos($proxy_ips[$i], $separator) === FALSE) |
| 480 | { |
| 481 | continue; |
| 482 | } |
| 483 | |
| 484 | // Convert the REMOTE_ADDR IP address to binary, if needed |
Andrey Andreev | 82d2cf1 | 2012-10-13 12:38:42 +0300 | [diff] [blame] | 485 | if ( ! isset($ip, $sprintf)) |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 486 | { |
| 487 | if ($separator === ':') |
| 488 | { |
| 489 | // Make sure we're have the "full" IPv6 format |
Andrey Andreev | 82d2cf1 | 2012-10-13 12:38:42 +0300 | [diff] [blame] | 490 | $ip = explode(':', |
| 491 | str_replace('::', |
| 492 | str_repeat(':', 9 - substr_count($this->ip_address, ':')), |
| 493 | $this->ip_address |
| 494 | ) |
| 495 | ); |
| 496 | |
Heesung Ahn | 0fc46ca | 2015-03-18 18:49:22 -0400 | [diff] [blame] | 497 | for ($j = 0; $j < 8; $j++) |
Andrey Andreev | 82d2cf1 | 2012-10-13 12:38:42 +0300 | [diff] [blame] | 498 | { |
Heesung Ahn | 0fc46ca | 2015-03-18 18:49:22 -0400 | [diff] [blame] | 499 | $ip[$j] = intval($ip[$j], 16); |
Andrey Andreev | 82d2cf1 | 2012-10-13 12:38:42 +0300 | [diff] [blame] | 500 | } |
| 501 | |
| 502 | $sprintf = '%016b%016b%016b%016b%016b%016b%016b%016b'; |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 503 | } |
| 504 | else |
| 505 | { |
Andrey Andreev | 82d2cf1 | 2012-10-13 12:38:42 +0300 | [diff] [blame] | 506 | $ip = explode('.', $this->ip_address); |
| 507 | $sprintf = '%08b%08b%08b%08b'; |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 508 | } |
| 509 | |
Andrey Andreev | 82d2cf1 | 2012-10-13 12:38:42 +0300 | [diff] [blame] | 510 | $ip = vsprintf($sprintf, $ip); |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 511 | } |
| 512 | |
| 513 | // Split the netmask length off the network address |
Andrey Andreev | e24eed7 | 2012-11-02 23:33:45 +0200 | [diff] [blame] | 514 | sscanf($proxy_ips[$i], '%[^/]/%d', $netaddr, $masklen); |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 515 | |
| 516 | // Again, an IPv6 address is most likely in a compressed form |
| 517 | if ($separator === ':') |
| 518 | { |
Andrey Andreev | 82d2cf1 | 2012-10-13 12:38:42 +0300 | [diff] [blame] | 519 | $netaddr = explode(':', str_replace('::', str_repeat(':', 9 - substr_count($netaddr, ':')), $netaddr)); |
Andrey Andreev | 9fd9248 | 2016-07-19 14:04:17 +0300 | [diff] [blame] | 520 | for ($j = 0; $j < 8; $j++) |
Andrey Andreev | 82d2cf1 | 2012-10-13 12:38:42 +0300 | [diff] [blame] | 521 | { |
Andrey Andreev | 3a89d3c | 2016-11-03 16:26:31 +0200 | [diff] [blame] | 522 | $netaddr[$j] = intval($netaddr[$j], 16); |
Andrey Andreev | 82d2cf1 | 2012-10-13 12:38:42 +0300 | [diff] [blame] | 523 | } |
| 524 | } |
| 525 | else |
| 526 | { |
| 527 | $netaddr = explode('.', $netaddr); |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 528 | } |
| 529 | |
Andrey Andreev | 82d2cf1 | 2012-10-13 12:38:42 +0300 | [diff] [blame] | 530 | // Convert to binary and finally compare |
| 531 | if (strncmp($ip, vsprintf($sprintf, $netaddr), $masklen) === 0) |
Andrey Andreev | 9ac557f | 2012-10-06 20:27:57 +0300 | [diff] [blame] | 532 | { |
| 533 | $this->ip_address = $spoof; |
| 534 | break; |
| 535 | } |
| 536 | } |
| 537 | } |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 538 | } |
| 539 | |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 540 | if ( ! $this->valid_ip($this->ip_address)) |
| 541 | { |
Andrey Andreev | 64e98aa | 2012-01-07 20:29:10 +0200 | [diff] [blame] | 542 | return $this->ip_address = '0.0.0.0'; |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 543 | } |
| 544 | |
| 545 | return $this->ip_address; |
| 546 | } |
| 547 | |
| 548 | // -------------------------------------------------------------------- |
| 549 | |
| 550 | /** |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 551 | * Validate IP Address |
| 552 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 553 | * @param string $ip IP address |
| 554 | * @param string $which IP protocol: 'ipv4' or 'ipv6' |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 555 | * @return bool |
| 556 | */ |
Andrey Andreev | 5a25718 | 2012-06-10 06:18:14 +0300 | [diff] [blame] | 557 | public function valid_ip($ip, $which = '') |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 558 | { |
Andrey Andreev | 5a25718 | 2012-06-10 06:18:14 +0300 | [diff] [blame] | 559 | switch (strtolower($which)) |
| 560 | { |
| 561 | case 'ipv4': |
| 562 | $which = FILTER_FLAG_IPV4; |
| 563 | break; |
| 564 | case 'ipv6': |
| 565 | $which = FILTER_FLAG_IPV6; |
| 566 | break; |
| 567 | default: |
| 568 | $which = NULL; |
| 569 | break; |
| 570 | } |
| 571 | |
| 572 | return (bool) filter_var($ip, FILTER_VALIDATE_IP, $which); |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 573 | } |
| 574 | |
| 575 | // -------------------------------------------------------------------- |
| 576 | |
| 577 | /** |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 578 | * Fetch User Agent string |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 579 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 580 | * @return string|null User Agent string or NULL if it doesn't exist |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 581 | */ |
Andrey Andreev | 8850e37 | 2014-02-27 21:56:06 +0200 | [diff] [blame] | 582 | public function user_agent($xss_clean = NULL) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 583 | { |
Andrey Andreev | 8850e37 | 2014-02-27 21:56:06 +0200 | [diff] [blame] | 584 | return $this->_fetch_from_array($_SERVER, 'HTTP_USER_AGENT', $xss_clean); |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 585 | } |
| 586 | |
| 587 | // -------------------------------------------------------------------- |
| 588 | |
| 589 | /** |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 590 | * Sanitize Globals |
| 591 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 592 | * Internal method serving for the following purposes: |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 593 | * |
Andrey Andreev | b78a8c7 | 2014-04-15 17:21:16 +0300 | [diff] [blame] | 594 | * - Unsets $_GET data, if query strings are not enabled |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 595 | * - Cleans POST, COOKIE and SERVER data |
| 596 | * - Standardizes newline characters to PHP_EOL |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 597 | * |
| 598 | * @return void |
| 599 | */ |
Andrey Andreev | 90cfe14 | 2012-01-08 04:46:42 +0200 | [diff] [blame] | 600 | protected function _sanitize_globals() |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 601 | { |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 602 | // Is $_GET data allowed? If not we'll set the $_GET to an empty array |
Alex Bilbie | ed944a3 | 2012-06-02 11:07:47 +0100 | [diff] [blame] | 603 | if ($this->_allow_get_array === FALSE) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 604 | { |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 605 | $_GET = array(); |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 606 | } |
Andrey Andreev | e70238e | 2015-09-07 16:07:45 +0300 | [diff] [blame] | 607 | elseif (is_array($_GET)) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 608 | { |
Andrey Andreev | 9448afb | 2012-02-08 19:49:19 +0200 | [diff] [blame] | 609 | foreach ($_GET as $key => $val) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 610 | { |
Andrey Andreev | 9448afb | 2012-02-08 19:49:19 +0200 | [diff] [blame] | 611 | $_GET[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 612 | } |
| 613 | } |
| 614 | |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 615 | // Clean $_POST Data |
Andrey Andreev | e70238e | 2015-09-07 16:07:45 +0300 | [diff] [blame] | 616 | if (is_array($_POST)) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 617 | { |
Pascal Kriete | 5d5895f | 2011-02-14 13:27:07 -0500 | [diff] [blame] | 618 | foreach ($_POST as $key => $val) |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 619 | { |
| 620 | $_POST[$this->_clean_input_keys($key)] = $this->_clean_input_data($val); |
| 621 | } |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 622 | } |
| 623 | |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 624 | // Clean $_COOKIE Data |
Andrey Andreev | e70238e | 2015-09-07 16:07:45 +0300 | [diff] [blame] | 625 | if (is_array($_COOKIE)) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 626 | { |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 627 | // Also get rid of specially treated cookies that might be set by a server |
| 628 | // or silly application, that are of no use to a CI application anyway |
| 629 | // but that when present will trip our 'Disallowed Key Characters' alarm |
| 630 | // http://www.ietf.org/rfc/rfc2109.txt |
| 631 | // note that the key names below are single quoted strings, and are not PHP variables |
Andrey Andreev | 5ac428b | 2014-01-08 16:07:31 +0200 | [diff] [blame] | 632 | unset( |
| 633 | $_COOKIE['$Version'], |
| 634 | $_COOKIE['$Path'], |
| 635 | $_COOKIE['$Domain'] |
| 636 | ); |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 637 | |
Pascal Kriete | 5d5895f | 2011-02-14 13:27:07 -0500 | [diff] [blame] | 638 | foreach ($_COOKIE as $key => $val) |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 639 | { |
Andrey Andreev | fd0aabb | 2013-09-23 13:18:20 +0300 | [diff] [blame] | 640 | if (($cookie_key = $this->_clean_input_keys($key)) !== FALSE) |
| 641 | { |
| 642 | $_COOKIE[$cookie_key] = $this->_clean_input_data($val); |
| 643 | } |
| 644 | else |
| 645 | { |
| 646 | unset($_COOKIE[$key]); |
| 647 | } |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 648 | } |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 649 | } |
| 650 | |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 651 | // Sanitize PHP_SELF |
| 652 | $_SERVER['PHP_SELF'] = strip_tags($_SERVER['PHP_SELF']); |
| 653 | |
Andrey Andreev | fd0aabb | 2013-09-23 13:18:20 +0300 | [diff] [blame] | 654 | log_message('debug', 'Global POST, GET and COOKIE data sanitized'); |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 655 | } |
| 656 | |
| 657 | // -------------------------------------------------------------------- |
| 658 | |
| 659 | /** |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 660 | * Clean Input Data |
| 661 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 662 | * Internal method that aids in escaping data and |
| 663 | * standardizing newline characters to PHP_EOL. |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 664 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 665 | * @param string|string[] $str Input string(s) |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 666 | * @return string |
| 667 | */ |
Andrey Andreev | 90cfe14 | 2012-01-08 04:46:42 +0200 | [diff] [blame] | 668 | protected function _clean_input_data($str) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 669 | { |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 670 | if (is_array($str)) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 671 | { |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 672 | $new_array = array(); |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 673 | foreach (array_keys($str) as $key) |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 674 | { |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 675 | $new_array[$this->_clean_input_keys($key)] = $this->_clean_input_data($str[$key]); |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 676 | } |
| 677 | return $new_array; |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 678 | } |
| 679 | |
Andrey Andreev | af72862 | 2011-10-20 10:11:59 +0300 | [diff] [blame] | 680 | /* We strip slashes if magic quotes is on to keep things consistent |
| 681 | |
| 682 | NOTE: In PHP 5.4 get_magic_quotes_gpc() will always return 0 and |
Andrey Andreev | 10fb7d1 | 2015-08-03 10:05:29 +0300 | [diff] [blame] | 683 | it will probably not exist in future versions at all. |
Andrey Andreev | af72862 | 2011-10-20 10:11:59 +0300 | [diff] [blame] | 684 | */ |
| 685 | if ( ! is_php('5.4') && get_magic_quotes_gpc()) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 686 | { |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 687 | $str = stripslashes($str); |
| 688 | } |
| 689 | |
| 690 | // Clean UTF-8 if supported |
| 691 | if (UTF8_ENABLED === TRUE) |
| 692 | { |
| 693 | $str = $this->uni->clean_string($str); |
| 694 | } |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 695 | |
Pascal Kriete | 14a0ac6 | 2011-04-05 14:55:56 -0400 | [diff] [blame] | 696 | // Remove control characters |
Andrey Andreev | 5ac428b | 2014-01-08 16:07:31 +0200 | [diff] [blame] | 697 | $str = remove_invisible_characters($str, FALSE); |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 698 | |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 699 | // Standardize newlines if needed |
Eric Roberts | b75e13d | 2013-01-27 20:10:09 -0600 | [diff] [blame] | 700 | if ($this->_standardize_newlines === TRUE) |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 701 | { |
Eric Roberts | b75e13d | 2013-01-27 20:10:09 -0600 | [diff] [blame] | 702 | return preg_replace('/(?:\r\n|[\r\n])/', PHP_EOL, $str); |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 703 | } |
| 704 | |
| 705 | return $str; |
| 706 | } |
| 707 | |
| 708 | // -------------------------------------------------------------------- |
| 709 | |
| 710 | /** |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 711 | * Clean Keys |
| 712 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 713 | * Internal method that helps to prevent malicious users |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 714 | * from trying to exploit keys we make sure that keys are |
| 715 | * only named with alpha-numeric text and a few other items. |
| 716 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 717 | * @param string $str Input string |
Ä°rfan Evrens | d02a69a | 2015-02-06 20:53:22 +0200 | [diff] [blame] | 718 | * @param bool $fatal Whether to terminate script exection |
Andrey Andreev | fd0aabb | 2013-09-23 13:18:20 +0300 | [diff] [blame] | 719 | * or to return FALSE if an invalid |
| 720 | * key is encountered |
| 721 | * @return string|bool |
Timothy Warren | 40403d2 | 2012-04-19 16:38:50 -0400 | [diff] [blame] | 722 | */ |
Andrey Andreev | fd0aabb | 2013-09-23 13:18:20 +0300 | [diff] [blame] | 723 | protected function _clean_input_keys($str, $fatal = TRUE) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 724 | { |
bigCat | 3c0846b | 2012-08-21 00:20:20 +0800 | [diff] [blame] | 725 | if ( ! preg_match('/^[a-z0-9:_\/|-]+$/i', $str)) |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 726 | { |
Andrey Andreev | fd0aabb | 2013-09-23 13:18:20 +0300 | [diff] [blame] | 727 | if ($fatal === TRUE) |
| 728 | { |
| 729 | return FALSE; |
| 730 | } |
| 731 | else |
| 732 | { |
| 733 | set_status_header(503); |
| 734 | echo 'Disallowed Key Characters.'; |
Andrey Andreev | 7cf682a | 2014-03-13 14:55:45 +0200 | [diff] [blame] | 735 | exit(7); // EXIT_USER_INPUT |
Andrey Andreev | fd0aabb | 2013-09-23 13:18:20 +0300 | [diff] [blame] | 736 | } |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 737 | } |
| 738 | |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 739 | // Clean UTF-8 if supported |
| 740 | if (UTF8_ENABLED === TRUE) |
| 741 | { |
Andrey Andreev | 64e98aa | 2012-01-07 20:29:10 +0200 | [diff] [blame] | 742 | return $this->uni->clean_string($str); |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 743 | } |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 744 | |
Derek Jones | 69fc4fc | 2010-03-02 13:36:31 -0600 | [diff] [blame] | 745 | return $str; |
| 746 | } |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 747 | |
Greg Aker | ec2f571 | 2010-11-15 16:22:12 -0600 | [diff] [blame] | 748 | // -------------------------------------------------------------------- |
| 749 | |
| 750 | /** |
| 751 | * Request Headers |
| 752 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 753 | * @param bool $xss_clean Whether to apply XSS filtering |
Andrey Andreev | 64e98aa | 2012-01-07 20:29:10 +0200 | [diff] [blame] | 754 | * @return array |
Greg Aker | ec2f571 | 2010-11-15 16:22:12 -0600 | [diff] [blame] | 755 | */ |
| 756 | public function request_headers($xss_clean = FALSE) |
| 757 | { |
CJ | 71cff1d | 2013-04-16 21:50:55 +0800 | [diff] [blame] | 758 | // If header is already defined, return it immediately |
| 759 | if ( ! empty($this->headers)) |
| 760 | { |
Andrey Andreev | cd3d595 | 2016-04-04 10:28:31 +0300 | [diff] [blame] | 761 | return $this->_fetch_from_array($this->headers, NULL, $xss_clean); |
CJ | 71cff1d | 2013-04-16 21:50:55 +0800 | [diff] [blame] | 762 | } |
| 763 | |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 764 | // In Apache, you can simply call apache_request_headers() |
Greg Aker | ec2f571 | 2010-11-15 16:22:12 -0600 | [diff] [blame] | 765 | if (function_exists('apache_request_headers')) |
| 766 | { |
Andrey Andreev | cd3d595 | 2016-04-04 10:28:31 +0300 | [diff] [blame] | 767 | $this->headers = apache_request_headers(); |
Greg Aker | ec2f571 | 2010-11-15 16:22:12 -0600 | [diff] [blame] | 768 | } |
Andrey Andreev | cd3d595 | 2016-04-04 10:28:31 +0300 | [diff] [blame] | 769 | else |
Greg Aker | ec2f571 | 2010-11-15 16:22:12 -0600 | [diff] [blame] | 770 | { |
Andrey Andreev | cd3d595 | 2016-04-04 10:28:31 +0300 | [diff] [blame] | 771 | isset($_SERVER['CONTENT_TYPE']) && $this->headers['Content-Type'] = $_SERVER['CONTENT_TYPE']; |
Greg Aker | ec2f571 | 2010-11-15 16:22:12 -0600 | [diff] [blame] | 772 | |
Andrey Andreev | cd3d595 | 2016-04-04 10:28:31 +0300 | [diff] [blame] | 773 | foreach ($_SERVER as $key => $val) |
| 774 | { |
| 775 | if (sscanf($key, 'HTTP_%s', $header) === 1) |
| 776 | { |
| 777 | // take SOME_HEADER and turn it into Some-Header |
| 778 | $header = str_replace('_', ' ', strtolower($header)); |
| 779 | $header = str_replace(' ', '-', ucwords($header)); |
| 780 | |
| 781 | $this->headers[$header] = $_SERVER[$key]; |
| 782 | } |
CJ | 826990f | 2013-04-16 14:17:53 +0800 | [diff] [blame] | 783 | } |
Greg Aker | ec2f571 | 2010-11-15 16:22:12 -0600 | [diff] [blame] | 784 | } |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 785 | |
Andrey Andreev | cd3d595 | 2016-04-04 10:28:31 +0300 | [diff] [blame] | 786 | return $this->_fetch_from_array($this->headers, NULL, $xss_clean); |
Greg Aker | ec2f571 | 2010-11-15 16:22:12 -0600 | [diff] [blame] | 787 | } |
| 788 | |
| 789 | // -------------------------------------------------------------------- |
| 790 | |
| 791 | /** |
| 792 | * Get Request Header |
| 793 | * |
| 794 | * Returns the value of a single member of the headers class member |
| 795 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 796 | * @param string $index Header name |
| 797 | * @param bool $xss_clean Whether to apply XSS filtering |
Adriano Rosa | f112e4a | 2014-10-03 13:15:46 -0300 | [diff] [blame] | 798 | * @return string|null The requested header on success or NULL on failure |
Greg Aker | ec2f571 | 2010-11-15 16:22:12 -0600 | [diff] [blame] | 799 | */ |
| 800 | public function get_request_header($index, $xss_clean = FALSE) |
| 801 | { |
Andrey Andreev | b763948 | 2015-06-08 14:44:47 +0300 | [diff] [blame] | 802 | static $headers; |
| 803 | |
| 804 | if ( ! isset($headers)) |
Greg Aker | ec2f571 | 2010-11-15 16:22:12 -0600 | [diff] [blame] | 805 | { |
Andrey Andreev | d45180c | 2015-08-15 09:09:38 +0300 | [diff] [blame] | 806 | empty($this->headers) && $this->request_headers(); |
Andrey Andreev | b763948 | 2015-06-08 14:44:47 +0300 | [diff] [blame] | 807 | foreach ($this->headers as $key => $value) |
| 808 | { |
| 809 | $headers[strtolower($key)] = $value; |
| 810 | } |
Greg Aker | ec2f571 | 2010-11-15 16:22:12 -0600 | [diff] [blame] | 811 | } |
David Behler | 9b5df59 | 2011-08-14 21:04:17 +0200 | [diff] [blame] | 812 | |
Andrey Andreev | b763948 | 2015-06-08 14:44:47 +0300 | [diff] [blame] | 813 | $index = strtolower($index); |
| 814 | |
| 815 | if ( ! isset($headers[$index])) |
Greg Aker | ec2f571 | 2010-11-15 16:22:12 -0600 | [diff] [blame] | 816 | { |
Phil Sturgeon | 55a6ddb | 2012-05-23 18:37:24 +0100 | [diff] [blame] | 817 | return NULL; |
Greg Aker | ec2f571 | 2010-11-15 16:22:12 -0600 | [diff] [blame] | 818 | } |
| 819 | |
Andrey Andreev | 9448afb | 2012-02-08 19:49:19 +0200 | [diff] [blame] | 820 | return ($xss_clean === TRUE) |
Andrey Andreev | b763948 | 2015-06-08 14:44:47 +0300 | [diff] [blame] | 821 | ? $this->security->xss_clean($headers[$index]) |
| 822 | : $headers[$index]; |
Greg Aker | ec2f571 | 2010-11-15 16:22:12 -0600 | [diff] [blame] | 823 | } |
| 824 | |
Greg Aker | 081ac9d | 2010-11-22 14:42:53 -0600 | [diff] [blame] | 825 | // -------------------------------------------------------------------- |
Phil Sturgeon | c382871 | 2011-01-19 12:31:47 +0000 | [diff] [blame] | 826 | |
Greg Aker | 081ac9d | 2010-11-22 14:42:53 -0600 | [diff] [blame] | 827 | /** |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 828 | * Is AJAX request? |
Greg Aker | 081ac9d | 2010-11-22 14:42:53 -0600 | [diff] [blame] | 829 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 830 | * Test to see if a request contains the HTTP_X_REQUESTED_WITH header. |
Greg Aker | 081ac9d | 2010-11-22 14:42:53 -0600 | [diff] [blame] | 831 | * |
Andrey Andreev | 9448afb | 2012-02-08 19:49:19 +0200 | [diff] [blame] | 832 | * @return bool |
Greg Aker | 081ac9d | 2010-11-22 14:42:53 -0600 | [diff] [blame] | 833 | */ |
| 834 | public function is_ajax_request() |
| 835 | { |
Andrey Andreev | 9448afb | 2012-02-08 19:49:19 +0200 | [diff] [blame] | 836 | return ( ! empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest'); |
Greg Aker | 081ac9d | 2010-11-22 14:42:53 -0600 | [diff] [blame] | 837 | } |
| 838 | |
Phil Sturgeon | c382871 | 2011-01-19 12:31:47 +0000 | [diff] [blame] | 839 | // -------------------------------------------------------------------- |
| 840 | |
| 841 | /** |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 842 | * Is CLI request? |
Phil Sturgeon | c382871 | 2011-01-19 12:31:47 +0000 | [diff] [blame] | 843 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 844 | * Test to see if a request was made from the command line. |
Phil Sturgeon | c382871 | 2011-01-19 12:31:47 +0000 | [diff] [blame] | 845 | * |
Andrey Andreev | f964b16 | 2013-11-12 17:04:55 +0200 | [diff] [blame] | 846 | * @deprecated 3.0.0 Use is_cli() instead |
Andrey Andreev | 10fb7d1 | 2015-08-03 10:05:29 +0300 | [diff] [blame] | 847 | * @return bool |
Phil Sturgeon | c382871 | 2011-01-19 12:31:47 +0000 | [diff] [blame] | 848 | */ |
| 849 | public function is_cli_request() |
| 850 | { |
Andrey Andreev | f964b16 | 2013-11-12 17:04:55 +0200 | [diff] [blame] | 851 | return is_cli(); |
Phil Sturgeon | c382871 | 2011-01-19 12:31:47 +0000 | [diff] [blame] | 852 | } |
| 853 | |
Michiel Vugteveen | be0ca26 | 2012-03-07 19:09:51 +0100 | [diff] [blame] | 854 | // -------------------------------------------------------------------- |
| 855 | |
| 856 | /** |
| 857 | * Get Request Method |
| 858 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 859 | * Return the request method |
Michiel Vugteveen | be0ca26 | 2012-03-07 19:09:51 +0100 | [diff] [blame] | 860 | * |
Andrey Andreev | 1887ec6 | 2012-10-27 16:22:07 +0300 | [diff] [blame] | 861 | * @param bool $upper Whether to return in upper or lower case |
| 862 | * (default: FALSE) |
| 863 | * @return string |
Michiel Vugteveen | be0ca26 | 2012-03-07 19:09:51 +0100 | [diff] [blame] | 864 | */ |
Michiel Vugteveen | 704fb16 | 2012-03-07 20:42:33 +0100 | [diff] [blame] | 865 | public function method($upper = FALSE) |
Michiel Vugteveen | be0ca26 | 2012-03-07 19:09:51 +0100 | [diff] [blame] | 866 | { |
Michiel Vugteveen | dc900df | 2012-03-07 20:41:37 +0100 | [diff] [blame] | 867 | return ($upper) |
| 868 | ? strtoupper($this->server('REQUEST_METHOD')) |
| 869 | : strtolower($this->server('REQUEST_METHOD')); |
Michiel Vugteveen | be0ca26 | 2012-03-07 19:09:51 +0100 | [diff] [blame] | 870 | } |
| 871 | |
Andrey Andreev | d0ac8b1 | 2015-02-27 11:41:52 +0200 | [diff] [blame] | 872 | // ------------------------------------------------------------------------ |
| 873 | |
| 874 | /** |
| 875 | * Magic __get() |
| 876 | * |
| 877 | * Allows read access to protected properties |
| 878 | * |
| 879 | * @param string $name |
| 880 | * @return mixed |
| 881 | */ |
| 882 | public function __get($name) |
| 883 | { |
| 884 | if ($name === 'raw_input_stream') |
| 885 | { |
| 886 | isset($this->_raw_input_stream) OR $this->_raw_input_stream = file_get_contents('php://input'); |
| 887 | return $this->_raw_input_stream; |
| 888 | } |
Andrey Andreev | 52caf59 | 2015-02-27 15:09:34 +0200 | [diff] [blame] | 889 | elseif ($name === 'ip_address') |
| 890 | { |
| 891 | return $this->ip_address; |
| 892 | } |
Andrey Andreev | d0ac8b1 | 2015-02-27 11:41:52 +0200 | [diff] [blame] | 893 | } |
| 894 | |
Derek Allard | 2067d1a | 2008-11-13 22:59:24 +0000 | [diff] [blame] | 895 | } |