[239] | 1 | <?php
|
---|
| 2 |
|
---|
| 3 | /** This file is part of KCFinder project
|
---|
| 4 | *
|
---|
| 5 | * @desc Input class for GET, POST and COOKIE requests
|
---|
| 6 | * @package KCFinder
|
---|
| 7 | * @version 2.51
|
---|
| 8 | * @author Pavel Tzonkov <pavelc@users.sourceforge.net>
|
---|
| 9 | * @copyright 2010, 2011 KCFinder Project
|
---|
| 10 | * @license http://www.opensource.org/licenses/gpl-2.0.php GPLv2
|
---|
| 11 | * @license http://www.opensource.org/licenses/lgpl-2.1.php LGPLv2
|
---|
| 12 | * @link http://kcfinder.sunhater.com
|
---|
| 13 | */
|
---|
| 14 |
|
---|
| 15 | class input {
|
---|
| 16 |
|
---|
| 17 | /** Filtered $_GET array
|
---|
| 18 | * @var array */
|
---|
| 19 | public $get;
|
---|
| 20 |
|
---|
| 21 | /** Filtered $_POST array
|
---|
| 22 | * @var array */
|
---|
| 23 | public $post;
|
---|
| 24 |
|
---|
| 25 | /** Filtered $_COOKIE array
|
---|
| 26 | * @var array */
|
---|
| 27 | public $cookie;
|
---|
| 28 |
|
---|
| 29 | /** magic_quetes_gpc ini setting flag
|
---|
| 30 | * @var bool */
|
---|
| 31 | protected $magic_quotes_gpc;
|
---|
| 32 |
|
---|
| 33 | /** magic_quetes_sybase ini setting flag
|
---|
| 34 | * @var bool */
|
---|
| 35 | protected $magic_quotes_sybase;
|
---|
| 36 |
|
---|
| 37 | public function __construct() {
|
---|
| 38 | $this->magic_quotes_gpc = function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc();
|
---|
| 39 | $this->magic_quotes_sybase = ini_get('magic_quotes_sybase');
|
---|
| 40 | $this->magic_quotes_sybase = $this->magic_quotes_sybase
|
---|
| 41 | ? !in_array(strtolower(trim($this->magic_quotes_sybase)),
|
---|
| 42 | array('off', 'no', 'false'))
|
---|
| 43 | : false;
|
---|
| 44 | $_GET = $this->filter($_GET);
|
---|
| 45 | $_POST = $this->filter($_POST);
|
---|
| 46 | $_COOKIE = $this->filter($_COOKIE);
|
---|
| 47 | $this->get = &$_GET;
|
---|
| 48 | $this->post = &$_POST;
|
---|
| 49 | $this->cookie = &$_COOKIE;
|
---|
| 50 | }
|
---|
| 51 |
|
---|
| 52 | /** Magic method to get non-public properties like public.
|
---|
| 53 | * @param string $property
|
---|
| 54 | * @return mixed */
|
---|
| 55 |
|
---|
| 56 | public function __get($property) {
|
---|
| 57 | return property_exists($this, $property) ? $this->$property : null;
|
---|
| 58 | }
|
---|
| 59 |
|
---|
| 60 | /** Filter the given subject. If magic_quotes_gpc and/or magic_quotes_sybase
|
---|
| 61 | * ini settings are turned on, the method will remove backslashes from some
|
---|
| 62 | * escaped characters. If the subject is an array, elements with non-
|
---|
| 63 | * alphanumeric keys will be removed
|
---|
| 64 | * @param mixed $subject
|
---|
| 65 | * @return mixed */
|
---|
| 66 |
|
---|
| 67 | public function filter($subject) {
|
---|
| 68 | if ($this->magic_quotes_gpc) {
|
---|
| 69 | if (is_array($subject)) {
|
---|
| 70 | foreach ($subject as $key => $val)
|
---|
| 71 | if (!preg_match('/^[a-z\d_]+$/si', $key))
|
---|
| 72 | unset($subject[$key]);
|
---|
| 73 | else
|
---|
| 74 | $subject[$key] = $this->filter($val);
|
---|
| 75 | } elseif (is_scalar($subject))
|
---|
| 76 | $subject = $this->magic_quotes_sybase
|
---|
| 77 | ? str_replace("\\'", "'", $subject)
|
---|
| 78 | : stripslashes($subject);
|
---|
| 79 |
|
---|
| 80 | }
|
---|
| 81 |
|
---|
| 82 | return $subject;
|
---|
| 83 | }
|
---|
| 84 | }
|
---|
| 85 |
|
---|
| 86 | ?> |
---|