[Summary view] [Print] [Text view]

   1  <?php
   2  /*+**********************************************************************************
   3   * The contents of this file are subject to the vtiger CRM Public License Version 1.1
   4   * ("License"); You may not use this file except in compliance with the License
   5   * The Original Code is:  vtiger CRM Open Source
   6   * The Initial Developer of the Original Code is vtiger.
   7   * Portions created by vtiger are Copyright (C) vtiger.
   8   * All Rights Reserved.
   9   ************************************************************************************/
  10  
  11  class Vtiger_Request {
  12  
  13      // Datastore
  14      private $valuemap;
  15      private $rawvaluemap;
  16      private $defaultmap = array();
  17  
  18      /**
  19       * Default constructor
  20       */
  21  	function __construct($values, $rawvalues = array(), $stripifgpc=true) {
  22          $this->valuemap = $values;
  23          $this->rawvaluemap = $rawvalues;
  24          if ($stripifgpc && !empty($this->valuemap) && get_magic_quotes_gpc()) {
  25              $this->valuemap = $this->stripslashes_recursive($this->valuemap);
  26              $this->rawvaluemap = $this->stripslashes_recursive($this->rawvaluemap);
  27          }
  28      }
  29  
  30      /**
  31       * Strip the slashes recursively on the values.
  32       */
  33  	function stripslashes_recursive($value) {
  34          $value = is_array($value) ? array_map(array($this, 'stripslashes_recursive'), $value) : stripslashes($value);
  35          return $value;
  36      }
  37  
  38      /**
  39       * Get key value (otherwise default value)
  40       */
  41  	function get($key, $defvalue = '') {
  42          $value = $defvalue;
  43          if(isset($this->valuemap[$key])) {
  44              $value = $this->valuemap[$key];
  45          }
  46          if($value === '' && isset($this->defaultmap[$key])) {
  47              $value = $this->defaultmap[$key];
  48          }
  49  
  50          $isJSON = false;
  51          if (is_string($value)) {
  52              // NOTE: Zend_Json or json_decode gets confused with big-integers (when passed as string)
  53              // and convert them to ugly exponential format - to overcome this we are performin a pre-check
  54              if (strpos($value, "[") === 0 || strpos($value, "{") === 0) {
  55                  $isJSON = true;
  56              }
  57          }
  58          if($isJSON) {
  59              $oldValue = Zend_Json::$useBuiltinEncoderDecoder;
  60              Zend_Json::$useBuiltinEncoderDecoder = false;
  61              $decodeValue = Zend_Json::decode($value);
  62              if(isset($decodeValue)) {
  63                  $value = $decodeValue;
  64              }
  65              Zend_Json::$useBuiltinEncoderDecoder  = $oldValue;
  66          }
  67  
  68          //Handled for null because vtlib_purify returns empty string
  69          if(!empty($value)){
  70              $value = vtlib_purify($value);
  71          }
  72          return $value;
  73      }
  74  
  75      /**
  76       * Get value for key as boolean
  77       */
  78  	function getBoolean($key, $defvalue = '') {
  79          return strcasecmp('true', $this->get($key, $defvalue).'') === 0;
  80      }
  81  
  82      /**
  83       * Function to get the value if its safe to use for SQL Query (column).
  84       * @param <String> $key
  85       * @param <Boolean> $skipEmpty - Skip the check if string is empty
  86       * @return Value for the given key
  87       */
  88  	public function getForSql($key, $skipEmtpy=true) {
  89          return Vtiger_Util_Helper::validateStringForSql($this->get($key), $skipEmtpy);
  90      }
  91  
  92      /**
  93       * Get data map
  94       */
  95  	function getAll() {
  96          return $this->valuemap;
  97      }
  98  
  99      /**
 100       * Check for existence of key
 101       */
 102  	function has($key) {
 103          return isset($this->valuemap[$key]);
 104      }
 105  
 106      /**
 107       * Is the value (linked to key) empty?
 108       */
 109  	function isEmpty($key) {
 110          $value = $this->get($key);
 111          return empty($value);
 112      }
 113  
 114      /**
 115       * Get the raw value (if present) ignoring primary value.
 116       */
 117  	function getRaw($key, $defvalue = '') {
 118          if (isset($this->rawvaluemap[$key])) {
 119              return $this->rawvaluemap[$key];
 120          }
 121          return $this->get($key, $defvalue);
 122      }
 123  
 124      /**
 125       * Set the value for key
 126       */
 127  	function set($key, $newvalue) {
 128          $this->valuemap[$key]= $newvalue;
 129      }
 130  
 131      /**
 132       * Set the value for key, both in the object as well as global $_REQUEST variable
 133       */
 134  	function setGlobal($key, $newvalue) {
 135          $this->set($key, $newvalue);
 136          // TODO - This needs to be cleaned up once core apis are made independent of REQUEST variable.
 137          // This is added just for backward compatibility
 138          $_REQUEST[$key] = $newvalue;
 139      }
 140  
 141      /**
 142       * Set default value for key
 143       */
 144  	function setDefault($key, $defvalue) {
 145          $this->defaultmap[$key] = $defvalue;
 146      }
 147  
 148      /**
 149       * Shorthand function to get value for (key=_operation|operation)
 150       */
 151  	function getOperation() {
 152          return $this->get('_operation', $this->get('operation'));
 153      }
 154  
 155      /**
 156       * Shorthand function to get value for (key=_session)
 157       */
 158  	function getSession() {
 159          return $this->get('_session', $this->get('session'));
 160      }
 161  
 162      /**
 163       * Shorthand function to get value for (key=mode)
 164       */
 165  	function getMode() {
 166          return $this->get('mode');
 167      }
 168  
 169  	function getModule($raw=true) {
 170          $moduleName = $this->get('module');
 171          if(!$raw) {
 172              $parentModule = $this->get('parent');
 173              if(!empty($parentModule)) {
 174                  $moduleName = $parentModule.':'.$moduleName;
 175              }
 176          }
 177          return $moduleName;
 178      }
 179  
 180  	function isAjax() {
 181          if(!empty($_SERVER['HTTP_X_PJAX']) && $_SERVER['HTTP_X_PJAX'] == true) {
 182              return true;
 183          } elseif(!empty($_SERVER['HTTP_X_REQUESTED_WITH'])) {
 184              return true;
 185          }
 186          return false;
 187      }
 188  
 189      /**
 190       * Validating incoming request.
 191       */    
 192  	function validateReadAccess() {
 193          $this->validateReferer();
 194          // TODO validateIP restriction?
 195          return true;
 196      }
 197      
 198  	function validateWriteAccess($skipRequestTypeCheck = false) {
 199          if(!$skipRequestTypeCheck) {
 200              if ($_SERVER['REQUEST_METHOD'] != 'POST') throw new Exception('Invalid request');
 201          }
 202          $this->validateReadAccess();
 203          $this->validateCSRF();
 204          return true;
 205      }
 206  
 207  	protected function validateReferer() {
 208          // Referer check if present - to over come 
 209          if (isset($_SERVER['HTTP_REFERER'])) {
 210              global $site_URL;
 211              if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) && ($this->get('module') != 'Install')) {
 212                  throw new Exception('Illegal request');
 213              }
 214          }
 215          return true;
 216      }
 217      
 218  	protected function validateCSRF() {
 219          if (!csrf_check(false)) {
 220              throw new Exception('Unsupported request');
 221          }
 222      }
 223  }