|
|
@@ -1,11 +1,44 @@
|
|
|
<?php
|
|
|
namespace RequestResponse;
|
|
|
|
|
|
-use RequestResponse\Response as Response;
|
|
|
-
|
|
|
class Request{
|
|
|
|
|
|
- function required_param($parname, $type) {
|
|
|
+ const PARAM_ALPHA = 'alpha';
|
|
|
+ const PARAM_ALPHANUM = 'alphanum';
|
|
|
+ const PARAM_ALPHAEXT = 'alphaext';
|
|
|
+ const PARAM_ALPHANUMEXT = 'alphanumext';
|
|
|
+ const PARAM_INT = 'int';
|
|
|
+ const PARAM_FLOAT = 'float';
|
|
|
+ const PARAM_BOOL = 'bool';
|
|
|
+ const PARAM_RAW = 'raw';
|
|
|
+ const PARAM_TEXT = 'text';
|
|
|
+
|
|
|
+ const PARAM_AUTH = 'auth';
|
|
|
+ const PARAM_BASE64 = 'base64';
|
|
|
+ const PARAM_CAPABILITY = 'capability';
|
|
|
+ const PARAM_CLEANHTML = 'cleanhtml';
|
|
|
+ const PARAM_EMAIL = 'email';
|
|
|
+ const PARAM_FILE = 'file';
|
|
|
+ const PARAM_HOST = 'host';
|
|
|
+ const PARAM_LANG = 'lang';
|
|
|
+ const PARAM_LOCALURL = 'localurl';
|
|
|
+ const PARAM_NOTAGS = 'notags';
|
|
|
+ const PARAM_PATH = 'path';
|
|
|
+ const PARAM_PEM = 'pem';
|
|
|
+ const PARAM_PERMISSION = 'permission';
|
|
|
+ const PARAM_RAW_TRIMMED = 'raw_trimmed';
|
|
|
+ const PARAM_SAFEDIR = 'safedir';
|
|
|
+ const PARAM_SAFEPATH = 'safepath';
|
|
|
+ const PARAM_SEQUENCE = 'sequence';
|
|
|
+ const PARAM_TAG = 'tag';
|
|
|
+ const PARAM_TAGLIST = 'taglist';
|
|
|
+ const PARAM_THEME = 'theme';
|
|
|
+ const PARAM_URL = 'url';
|
|
|
+ const PARAM_USERNAME = 'username';
|
|
|
+ const PARAM_STRINGID = 'stringid';
|
|
|
+
|
|
|
+
|
|
|
+ public static function required_param($parname, $type) {
|
|
|
if (func_num_args() != 2 or empty($parname) or empty($type)) {
|
|
|
throw new \Exception('required_param() requires $parname and $type to be specified (parameter: '.$parname.')');
|
|
|
}
|
|
|
@@ -25,7 +58,7 @@ class Request{
|
|
|
return self::clean_param($param, $type);
|
|
|
}
|
|
|
|
|
|
- function required_param_array($parname, $type) {
|
|
|
+ public static function required_param_array($parname, $type) {
|
|
|
if (func_num_args() != 2 or empty($parname) or empty($type)) {
|
|
|
throw new \Exception('required_param_array() requires $parname and $type to be specified (parameter: '.$parname.')');
|
|
|
}
|
|
|
@@ -99,20 +132,6 @@ class Request{
|
|
|
return $result;
|
|
|
}
|
|
|
|
|
|
- /**
|
|
|
- * Used by {@link optional_param()} and {@link required_param()} to
|
|
|
- * clean the variables and/or cast to specific types, based on
|
|
|
- * an options field.
|
|
|
- * <code>
|
|
|
- * $course->format = clean_param($course->format, PARAM_ALPHA);
|
|
|
- * $selectedgradeitem = clean_param($selectedgradeitem, PARAM_INT);
|
|
|
- * </code>
|
|
|
- *
|
|
|
- * @param mixed $param the variable we are cleaning
|
|
|
- * @param string $type expected format of param after cleaning.
|
|
|
- * @return mixed
|
|
|
- * @throws coding_exception
|
|
|
- */
|
|
|
public static function clean_param($param, $type) {
|
|
|
global $CFG;
|
|
|
|
|
|
@@ -127,45 +146,45 @@ class Request{
|
|
|
}
|
|
|
|
|
|
switch ($type) {
|
|
|
- case PARAM_RAW:
|
|
|
+ case self::PARAM_RAW:
|
|
|
// No cleaning at all.
|
|
|
$param = fix_utf8($param);
|
|
|
return $param;
|
|
|
|
|
|
- case PARAM_RAW_TRIMMED:
|
|
|
+ case self::PARAM_RAW_TRIMMED:
|
|
|
// No cleaning, but strip leading and trailing whitespace.
|
|
|
$param = fix_utf8($param);
|
|
|
return trim($param);
|
|
|
|
|
|
- case PARAM_INT:
|
|
|
+ case self::PARAM_INT:
|
|
|
// Convert to integer.
|
|
|
return (int)$param;
|
|
|
|
|
|
- case PARAM_FLOAT:
|
|
|
+ case self::PARAM_FLOAT:
|
|
|
// Convert to float.
|
|
|
return (float)$param;
|
|
|
|
|
|
- case PARAM_ALPHA:
|
|
|
+ case self::PARAM_ALPHA:
|
|
|
// Remove everything not `a-z`.
|
|
|
return preg_replace('/[^a-zA-Z]/i', '', $param);
|
|
|
|
|
|
- case PARAM_ALPHAEXT:
|
|
|
+ case self::PARAM_ALPHAEXT:
|
|
|
// Remove everything not `a-zA-Z_-` (originally allowed "/" too).
|
|
|
return preg_replace('/[^a-zA-Z_-]/i', '', $param);
|
|
|
|
|
|
- case PARAM_ALPHANUM:
|
|
|
+ case self::PARAM_ALPHANUM:
|
|
|
// Remove everything not `a-zA-Z0-9`.
|
|
|
return preg_replace('/[^A-Za-z0-9]/i', '', $param);
|
|
|
|
|
|
- case PARAM_ALPHANUMEXT:
|
|
|
+ case self::PARAM_ALPHANUMEXT:
|
|
|
// Remove everything not `a-zA-Z0-9_-`.
|
|
|
return preg_replace('/[^A-Za-z0-9_-]/i', '', $param);
|
|
|
|
|
|
- case PARAM_SEQUENCE:
|
|
|
+ case self::PARAM_SEQUENCE:
|
|
|
// Remove everything not `0-9,`.
|
|
|
return preg_replace('/[^0-9,]/i', '', $param);
|
|
|
|
|
|
- case PARAM_BOOL:
|
|
|
+ case self::PARAM_BOOL:
|
|
|
// Convert to 1 or 0.
|
|
|
$tempstr = strtolower($param);
|
|
|
if ($tempstr === 'on' or $tempstr === 'yes' or $tempstr === 'true') {
|
|
|
@@ -177,12 +196,12 @@ class Request{
|
|
|
}
|
|
|
return $param;
|
|
|
|
|
|
- case PARAM_NOTAGS:
|
|
|
+ case self::PARAM_NOTAGS:
|
|
|
// Strip all tags.
|
|
|
$param = fix_utf8($param);
|
|
|
return strip_tags($param);
|
|
|
|
|
|
- case PARAM_TEXT:
|
|
|
+ case self::PARAM_TEXT:
|
|
|
// Leave only tags needed for multilang.
|
|
|
$param = fix_utf8($param);
|
|
|
// If the multilang syntax is not correct we strip all tags because it would break xhtml strict which is required
|
|
|
@@ -246,7 +265,7 @@ class Request{
|
|
|
// Easy, just strip all tags, if we ever want to fix orphaned '&' we have to do that in format_string().
|
|
|
return strip_tags($param);
|
|
|
|
|
|
- case PARAM_COMPONENT:
|
|
|
+ case self::PARAM_COMPONENT:
|
|
|
// We do not want any guessing here, either the name is correct or not
|
|
|
// please note only normalised component names are accepted.
|
|
|
if (!preg_match('/^[a-z]+(_[a-z][a-z0-9_]*)?[a-z0-9]+$/', $param)) {
|
|
|
@@ -264,15 +283,15 @@ class Request{
|
|
|
return $param;
|
|
|
|
|
|
|
|
|
- case PARAM_SAFEDIR:
|
|
|
+ case self::PARAM_SAFEDIR:
|
|
|
// Remove everything not a-zA-Z0-9_- .
|
|
|
return preg_replace('/[^a-zA-Z0-9_-]/i', '', $param);
|
|
|
|
|
|
- case PARAM_SAFEPATH:
|
|
|
+ case self::PARAM_SAFEPATH:
|
|
|
// Remove everything not a-zA-Z0-9/_- .
|
|
|
return preg_replace('/[^a-zA-Z0-9\/_-]/i', '', $param);
|
|
|
|
|
|
- case PARAM_FILE:
|
|
|
+ case self::PARAM_FILE:
|
|
|
// Strip all suspicious characters from filename.
|
|
|
$param = fix_utf8($param);
|
|
|
$param = preg_replace('~[[:cntrl:]]|[&<>"`\|\':\\\\/]~u', '', $param);
|
|
|
@@ -281,7 +300,7 @@ class Request{
|
|
|
}
|
|
|
return $param;
|
|
|
|
|
|
- case PARAM_PATH:
|
|
|
+ case self::PARAM_PATH:
|
|
|
// Strip all suspicious characters from file path.
|
|
|
$param = fix_utf8($param);
|
|
|
$param = str_replace('\\', '/', $param);
|
|
|
@@ -303,7 +322,7 @@ class Request{
|
|
|
$param = preg_replace('~/(\./)+~', '/', $param);
|
|
|
return $param;
|
|
|
|
|
|
- case PARAM_HOST:
|
|
|
+ case self::PARAM_HOST:
|
|
|
// Allow FQDN or IPv4 dotted quad.
|
|
|
$param = preg_replace('/[^\.\d\w-]/', '', $param );
|
|
|
// Match ipv4 dotted quad.
|
|
|
@@ -317,8 +336,8 @@ class Request{
|
|
|
$param = '';
|
|
|
}
|
|
|
} else if ( preg_match('/^[\w\d\.-]+$/', $param) // Dots, hyphens, numbers.
|
|
|
- && !preg_match('/^[\.-]/', $param) // No leading dots/hyphens.
|
|
|
- && !preg_match('/[\.-]$/', $param) // No trailing dots/hyphens.
|
|
|
+ && !preg_match('/^[\.-]/',$param) // No leading dots/hyphens.
|
|
|
+ && !preg_match('/[\.-]$/',$param) // No trailing dots/hyphens.
|
|
|
) {
|
|
|
// All is ok - $param is respected.
|
|
|
} else {
|
|
|
@@ -327,7 +346,7 @@ class Request{
|
|
|
}
|
|
|
return $param;
|
|
|
|
|
|
- case PARAM_URL: // Allow safe ftp, http, mailto urls.
|
|
|
+ case self::PARAM_URL: // Allow safe ftp, http, mailto urls.
|
|
|
$param = fix_utf8($param);
|
|
|
if (!empty($param) && self::validateUrlSyntax($param, 's?H?S?F?E?u-P-a?I?p?f?q?r?')) {
|
|
|
// All is ok, param is respected.
|
|
|
@@ -338,7 +357,7 @@ class Request{
|
|
|
return $param;
|
|
|
|
|
|
|
|
|
- case PARAM_PEM:
|
|
|
+ case self::PARAM_PEM:
|
|
|
$param = trim($param);
|
|
|
// PEM formatted strings may contain letters/numbers and the symbols:
|
|
|
// forward slash: /
|
|
|
@@ -357,7 +376,7 @@ class Request{
|
|
|
}
|
|
|
return '';
|
|
|
|
|
|
- case PARAM_BASE64:
|
|
|
+ case self::PARAM_BASE64:
|
|
|
if (!empty($param)) {
|
|
|
// PEM formatted strings may contain letters/numbers and the symbols
|
|
|
// forward slash: /
|
|
|
@@ -386,7 +405,7 @@ class Request{
|
|
|
return '';
|
|
|
}
|
|
|
|
|
|
- case PARAM_TAGLIST:
|
|
|
+ case self::PARAM_TAGLIST:
|
|
|
$param = fix_utf8($param);
|
|
|
$tags = explode(',', $param);
|
|
|
$result = array();
|
|
|
@@ -402,15 +421,7 @@ class Request{
|
|
|
return '';
|
|
|
}
|
|
|
|
|
|
-
|
|
|
-
|
|
|
-
|
|
|
-
|
|
|
-
|
|
|
-
|
|
|
-
|
|
|
-
|
|
|
- case PARAM_USERNAME:
|
|
|
+ case self::PARAM_USERNAME:
|
|
|
$param = fix_utf8($param);
|
|
|
$param = trim($param);
|
|
|
// Convert uppercase to lowercase MDL-16919.
|
|
|
@@ -423,7 +434,7 @@ class Request{
|
|
|
}
|
|
|
return $param;
|
|
|
|
|
|
- case PARAM_EMAIL:
|
|
|
+ case self::PARAM_EMAIL:
|
|
|
$param = fix_utf8($param);
|
|
|
if (validate_email($param)) {
|
|
|
return $param;
|
|
|
@@ -431,14 +442,14 @@ class Request{
|
|
|
return '';
|
|
|
}
|
|
|
|
|
|
- case PARAM_STRINGID:
|
|
|
+ case self::PARAM_STRINGID:
|
|
|
if (preg_match('|^[a-zA-Z][a-zA-Z0-9\.:/_-]*$|', $param)) {
|
|
|
return $param;
|
|
|
} else {
|
|
|
return '';
|
|
|
}
|
|
|
|
|
|
- case PARAM_TIMEZONE:
|
|
|
+ case self::PARAM_TIMEZONE:
|
|
|
// Can be int, float(with .5 or .0) or string seperated by '/' and can have '-_'.
|
|
|
$param = fix_utf8($param);
|
|
|
$timezonepattern = '/^(([+-]?(0?[0-9](\.[5|0])?|1[0-3](\.0)?|1[0-2]\.5))|(99)|[[:alnum:]]+(\/?[[:alpha:]_-])+)$/';
|
|
|
@@ -510,13 +521,6 @@ class Request{
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- /**
|
|
|
- * Validations
|
|
|
- * @param $urladdr
|
|
|
- * @param string $options
|
|
|
- * @return bool
|
|
|
- */
|
|
|
-
|
|
|
function validateUrlSyntax( $urladdr, $options="" ){
|
|
|
|
|
|
// Force Options parameter to be lower case
|
