[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /** This file is part of KCFinder project
   4    *
   5    *      @desc Input class for GET, POST and COOKIE requests
   6    *   @package KCFinder
   7    *   @version 2.21
   8    *    @author Pavel Tzonkov <[email protected]>
   9    * @copyright 2010 KCFinder Project
  10    *   @license http://www.opensource.org/licenses/gpl-2.0.php GPLv2
  11    *   @license http://www.opensource.org/licenses/lgpl-2.1.php LGPLv2
  12    *      @link http://kcfinder.sunhater.com
  13    */
  14  
  15  class input {
  16  
  17    /** Filtered $_GET array
  18      * @var array */
  19      public $get;
  20  
  21    /** Filtered $_POST array
  22      * @var array */
  23      public $post;
  24  
  25    /** Filtered $_COOKIE array
  26      * @var array */
  27      public $cookie;
  28  
  29    /** magic_quetes_gpc ini setting flag
  30      * @var bool */
  31      protected $magic_quotes_gpc;
  32  
  33    /** magic_quetes_sybase ini setting flag
  34      * @var bool */
  35      protected $magic_quotes_sybase;
  36  
  37      public function __construct() {
  38          $this->magic_quotes_gpc = function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc();
  39          $this->magic_quotes_sybase = ini_get('magic_quotes_sybase');
  40          $this->magic_quotes_sybase = $this->magic_quotes_sybase
  41              ? !in_array(strtolower(trim($this->magic_quotes_sybase)),
  42                  array('off', 'no', 'false'))
  43              : false;
  44          $_GET = $this->filter($_GET);
  45          $_POST = $this->filter($_POST);
  46          $_COOKIE = $this->filter($_COOKIE);
  47          $this->get = &$_GET;
  48          $this->post = &$_POST;
  49          $this->cookie = &$_COOKIE;
  50      }
  51  
  52    /** Magic method to get non-public properties like public.
  53      * @param string $property
  54      * @return mixed */
  55  
  56      public function __get($property) {
  57          return property_exists($this, $property) ? $this->$property : null;
  58      }
  59  
  60    /** Filter the given subject. If magic_quotes_gpc and/or magic_quotes_sybase
  61      * ini settings are turned on, the method will remove backslashes from some
  62      * escaped characters. If the subject is an array, elements with non-
  63      * alphanumeric keys will be removed
  64      * @param mixed $subject
  65      * @return mixed */
  66  
  67      public function filter($subject) {
  68          if ($this->magic_quotes_gpc) {
  69              if (is_array($subject)) {
  70                  foreach ($subject as $key => $val)
  71                      if (!preg_match('/^[a-z\d_]+$/si', $key))
  72                          unset($subject[$key]);
  73                      else
  74                          $subject[$key] = $this->filter($val);
  75              } elseif (is_scalar($subject))
  76                  $subject = $this->magic_quotes_sybase
  77                      ? str_replace("\\'", "'", $subject)
  78                      : stripslashes($subject);
  79  
  80          }
  81  
  82          return $subject;
  83      }
  84  }
  85  
  86  ?>