3 * Deal with importing all those nasssty globals and things
7 # Copyright (C) 2003 Brion Vibber <brion@pobox.com>
8 # http://www.mediawiki.org/
10 # This program is free software; you can redistribute it and/or modify
11 # it under the terms of the GNU General Public License as published by
12 # the Free Software Foundation; either version 2 of the License, or
13 # (at your option) any later version.
15 # This program is distributed in the hope that it will be useful,
16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU General Public License for more details.
20 # You should have received a copy of the GNU General Public License along
21 # with this program; if not, write to the Free Software Foundation, Inc.,
22 # 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 # http://www.gnu.org/copyleft/gpl.html
26 * The WebRequest class encapsulates getting at data passed in the
27 * URL or via a POSTed form, handling remove of "magic quotes" slashes,
28 * stripping illegal input characters and normalizing Unicode sequences.
30 * Usually this is used via a global singleton, $wgRequest. You should
31 * not create a second WebRequest object; make a FauxRequest object if
32 * you want to pass arbitrary data to some function in place of the web
38 function WebRequest() {
39 $this->checkMagicQuotes();
40 global $wgUsePathInfo;
41 if( isset( $_SERVER['PATH_INFO'] ) && $wgUsePathInfo ) {
43 $_REQUEST['title'] = substr( $_SERVER['PATH_INFO'], 1 );
47 require_once( 'normal/UtfNormal.php' );
48 wfProfileIn( 'WebRequest:normalizeUnicode-fix' );
49 $this->normalizeUnicode( $_REQUEST );
50 wfProfileOut( 'WebRequest:normalizeUnicode-fix' );
55 * Recursively strips slashes from the given array;
56 * used for undoing the evil that is magic_quotes_gpc.
57 * @param array &$arr will be modified
58 * @return array the original array
61 function &fix_magic_quotes( &$arr ) {
62 foreach( $arr as $key => $val ) {
63 if( is_array( $val ) ) {
64 $this->fix_magic_quotes( $arr[$key] );
66 $arr[$key] = stripslashes( $val );
73 * If magic_quotes_gpc option is on, run the global arrays
74 * through fix_magic_quotes to strip out the stupid dlashes.
75 * WARNING: This should only be done once! Running a second
76 * time could damage the values.
79 function checkMagicQuotes() {
80 if ( get_magic_quotes_gpc() ) {
81 $this->fix_magic_quotes( $_COOKIE );
82 $this->fix_magic_quotes( $_ENV );
83 $this->fix_magic_quotes( $_GET );
84 $this->fix_magic_quotes( $_POST );
85 $this->fix_magic_quotes( $_REQUEST );
86 $this->fix_magic_quotes( $_SERVER );
91 * Recursively normalizes UTF-8 strings in the given array.
92 * @param array &$arr will be modified
95 function normalizeUnicode( &$arr ) {
96 foreach( $arr as $key => $val ) {
97 if( is_array( $val ) ) {
98 $this->normalizeUnicode( $arr[$key ] );
100 $arr[$key] = UtfNormal
::cleanUp( $val );
106 * Fetch a value from the given array or return $default if it's not set.
108 * @param string $name
109 * @param mixed $default
113 function getGPCVal( &$arr, $name, $default ) {
114 if( isset( $arr[$name] ) ) {
122 * Fetch a value from the given array or return $default if it's not set.
123 * \r is stripped from the text, and with some language modules there is
124 * an input transliteration applied.
126 * @param string $name
127 * @param string $default
131 function getGPCText( &$arr, $name, $default ) {
132 # Text fields may be in an alternate encoding which we should check.
133 # Also, strip CRLF line endings down to LF to achieve consistency.
135 if( isset( $arr[$name] ) ) {
136 return str_replace( "\r\n", "\n", $wgLang->recodeInput( $arr[$name] ) );
143 * Fetch a value from the input or return $default if it's not set.
144 * Value may be of a string or array, and is not altered.
145 * @param string $name
146 * @param mixed $default optional default (or NULL)
149 function getVal( $name, $default = NULL ) {
150 return $this->getGPCVal( $_REQUEST, $name, $default );
154 * Fetch an integer value from the input or return $default if not set.
155 * Guaranteed to return an integer; non-numeric input will typically
157 * @param string $name
158 * @param int $default
161 function getInt( $name, $default = 0 ) {
162 return IntVal( $this->getVal( $name, $default ) );
166 * Fetch a boolean value from the input or return $default if not set.
167 * Guaranteed to return true or false, with normal PHP semantics for
168 * boolean interpretation of strings.
169 * @param string $name
170 * @param bool $default
173 function getBool( $name, $default = false ) {
174 return $this->getVal( $name, $default ) ?
true : false;
178 * Return true if the named value is set in the input, whatever that
179 * value is (even "0"). Return false if the named value is not set.
180 * Example use is checking for the presence of check boxes in forms.
181 * @param string $name
184 function getCheck( $name ) {
185 # Checkboxes and buttons are only present when clicked
186 # Presence connotes truth, abscense false
187 $val = $this->getVal( $name, NULL );
188 return isset( $val );
192 * Fetch a text string from the given array or return $default if it's not
193 * set. \r is stripped from the text, and with some language modules there
194 * is an input transliteration applied. This should generally be used for
195 * form <textarea> and <input> fields.
197 * @param string $name
198 * @param string $default optional
201 function getText( $name, $default = '' ) {
202 return $this->getGPCText( $_REQUEST, $name, $default );
206 * Extracts the given named values into an array.
207 * If no arguments are given, returns all input values.
208 * No transformation is performed on the values.
210 function getValues() {
211 $names = func_get_args();
212 if ( count( $names ) == 0 ) {
213 $names = array_keys( $_REQUEST );
217 foreach ( $names as $name ) {
218 $value = $this->getVal( $name );
219 if ( !is_null( $value ) ) {
220 $retVal[$name] = $value;
227 * Returns true if the present request was reached by a POST operation,
228 * false otherwise (GET, HEAD, or command-line).
230 * Note that values retrieved by the object may come from the
231 * GET URL etc even on a POST request.
235 function wasPosted() {
236 return $_SERVER['REQUEST_METHOD'] == 'POST';
240 * Returns true if there is a session cookie set.
241 * This does not necessarily mean that the user is logged in!
245 function checkSessionCookie() {
246 return isset( $_COOKIE[ini_get('session.name')] );
250 * Return the path portion of the request URI.
253 function getRequestURL() {
254 return $_SERVER['REQUEST_URI'];
258 * Return the request URI with the canonical service and hostname.
261 function getFullRequestURL() {
263 return $wgServer . $this->getRequestURL();
267 * Take an arbitrary query and rewrite the present URL to include it
268 * @param string $query Query string fragment; do not include initial '?'
271 function appendQuery( $query ) {
274 foreach( $_GET as $var => $val ) {
275 if( $var == 'title' ) continue;
276 $basequery .= '&' . urlencode( $var ) . '=' . urlencode( $val );
278 $basequery .= '&' . $query;
281 $basequery = substr( $basequery, 1 );
282 return $wgTitle->getLocalURL( $basequery );
286 * HTML-safe version of appendQuery().
287 * @param string $query Query string fragment; do not include initial '?'
290 function escapeAppendQuery( $query ) {
291 return htmlspecialchars( $this->appendQuery( $query ) );
295 * Check for limit and offset parameters on the input, and return sensible
296 * defaults if not given. The limit must be positive and is capped at 5000.
297 * Offset must be positive but is not capped.
299 * @param int $deflimit Limit to use if no input and the user hasn't set the option.
300 * @param string $optionname To specify an option other than rclimit to pull from.
301 * @return array first element is limit, second is offset
303 function getLimitOffset( $deflimit = 50, $optionname = 'rclimit' ) {
306 $limit = $this->getInt( 'limit', 0 );
307 if( $limit < 0 ) $limit = 0;
308 if( ( $limit == 0 ) && ( $optionname != '' ) ) {
309 $limit = (int)$wgUser->getOption( $optionname );
311 if( $limit <= 0 ) $limit = $deflimit;
312 if( $limit > 5000 ) $limit = 5000; # We have *some* limits...
314 $offset = $this->getInt( 'offset', 0 );
315 if( $offset < 0 ) $offset = 0;
317 return array( $limit, $offset );
321 * Return the path to the temporary file where PHP has stored the upload.
323 * @return string or NULL if no such file.
325 function getFileTempname( $key ) {
326 if( !isset( $_FILES[$key] ) ) {
329 return $_FILES[$key]['tmp_name'];
333 * Return the size of the upload, or 0.
337 function getFileSize( $key ) {
338 if( !isset( $_FILES[$key] ) ) {
341 return $_FILES[$key]['size'];
345 * Return the original filename of the uploaded file, as reported by
346 * the submitting user agent. HTML-style character entities are
347 * interpreted and normalized to Unicode normalization form C, in part
348 * to deal with weird input from Safari with non-ASCII filenames.
350 * Other than this the name is not verified for being a safe filename.
353 * @return string or NULL if no such file.
355 function getFileName( $key ) {
356 if( !isset( $_FILES[$key] ) ) {
359 $name = $_FILES[$key]['name'];
361 # Safari sends filenames in HTML-encoded Unicode form D...
362 # Horrid and evil! Let's try to make some kind of sense of it.
365 $name = utf8_encode( $name );
367 $name = wfMungeToUtf8( $name );
368 $name = UtfNormal
::cleanUp( $name );
370 $name = utf8_decode( $name );
372 wfDebug( "WebRequest::getFileName() '" . $_FILES[$key]['name'] . "' normalized to '$name'\n" );
378 * WebRequest clone which takes values from a provided array.
382 class FauxRequest
extends WebRequest
{
384 var $wasPosted = false;
386 function WebRequest( $data, $wasPosted = false ) {
387 if( is_array( $data ) ) {
390 wfDebugDieBacktrace( "FauxReqeust() got bogus data" );
392 $this->wasPosted
= $wasPosted;
395 function getVal( $name, $default = NULL ) {
396 return $this->getGPCVal( $this->data
, $name, $default );
399 function getText( $name, $default = '' ) {
400 # Override; don't recode since we're using internal data
401 return $this->getVal( $name, $default );
404 function getValues() {
408 function wasPosted() {
409 return $this->wasPosted
;
412 function checkSessionCookie() {
416 function getRequestURL() {
417 wfDebugDieBacktrace( 'FauxRequest::getRequestURL() not implemented' );
420 function appendQuery( $query ) {
421 wfDebugDieBacktrace( 'FauxRequest::appendQuery() not implemented' );