/** * This function returns POST/REQUEST vars, for some vars like SID and others they are also sanitized * * @param mixed $stringname * @param mixed $urlParam */ function returnGlobal($stringname) { if ($stringname == 'sid') { if (isset($_GET[$stringname])) { $urlParam = $_GET[$stringname]; } if (isset($_POST[$stringname])) { $urlParam = $_POST[$stringname]; } } elseif (isset($_REQUEST[$stringname])) { $urlParam = $_REQUEST[$stringname]; } if (isset($urlParam)) { if ($stringname == 'sid' || $stringname == "gid" || $stringname == "oldqid" || $stringname == "qid" || $stringname == "tid" || $stringname == "lid" || $stringname == "ugid" || $stringname == "thisstep" || $stringname == "scenario" || $stringname == "cqid" || $stringname == "cid" || $stringname == "qaid" || $stringname == "scid" || $stringname == "loadsecurity") { return sanitize_int($urlParam); } elseif ($stringname == "lang" || $stringname == "adminlang") { return sanitize_languagecode($urlParam); } elseif ($stringname == "htmleditormode" || $stringname == "subaction" || $stringname == "questionselectormode" || $stringname == "templateeditormode") { return sanitize_paranoid_string($urlParam); } elseif ($stringname == "cquestions") { return sanitize_cquestions($urlParam); } return $urlParam; } else { return NULL; } }
/** * This function returns POST/REQUEST vars, for some vars like SID and others they are also sanitized * * @param string $stringname * @param boolean $bRestrictToString */ function returnGlobal($stringname, $bRestrictToString = false) { $urlParam = Yii::app()->request->getParam($stringname); if (is_null($urlParam) && ($aCookies = Yii::app()->request->getCookies() && $stringname != 'sid')) { if (isset($aCookies[$stringname])) { $urlParam = $aCookies[$stringname]; } } $bUrlParamIsArray = is_array($urlParam); // Needed to array map or if $bRestrictToString if (!is_null($urlParam) && $stringname != '' && (!$bUrlParamIsArray || !$bRestrictToString)) { if ($stringname == 'sid' || $stringname == "gid" || $stringname == "oldqid" || $stringname == "qid" || $stringname == "tid" || $stringname == "lid" || $stringname == "ugid" || $stringname == "thisstep" || $stringname == "scenario" || $stringname == "cqid" || $stringname == "cid" || $stringname == "qaid" || $stringname == "scid" || $stringname == "loadsecurity") { if ($bUrlParamIsArray) { return array_map("sanitize_int", $urlParam); } else { return sanitize_int($urlParam); } } elseif ($stringname == "lang" || $stringname == "adminlang") { if ($bUrlParamIsArray) { return array_map("sanitize_languagecode", $urlParam); } else { return sanitize_languagecode($urlParam); } } elseif ($stringname == "htmleditormode" || $stringname == "subaction" || $stringname == "questionselectormode" || $stringname == "templateeditormode") { if ($bUrlParamIsArray) { return array_map("sanitize_paranoid_string", $urlParam); } else { return sanitize_paranoid_string($urlParam); } } elseif ($stringname == "cquestions") { if ($bUrlParamIsArray) { return array_map("sanitize_cquestions", $urlParam); } else { return sanitize_cquestions($urlParam); } } return $urlParam; } else { return NULL; } }
/** * This function returns GET/POST/REQUEST vars, for some vars like SID and others they are also sanitized * * @param mixed $stringname */ function returnglobal($stringname) { global $useWebserverAuth; if ((isset($useWebserverAuth) && $useWebserverAuth === true) || $stringname=='sid') // don't read SID from a Cookie { if (isset($_GET[$stringname])) $urlParam = $_GET[$stringname]; if (isset($_POST[$stringname])) $urlParam = $_POST[$stringname]; } elseif (isset($_REQUEST[$stringname])) { $urlParam = $_REQUEST[$stringname]; } if (isset($urlParam)) { if ($stringname == 'sid' || $stringname == "gid" || $stringname == "oldqid" || $stringname == "qid" || $stringname == "tid" || $stringname == "lid" || $stringname == "ugid"|| $stringname == "thisstep" || $stringname == "scenario" || $stringname == "cqid" || $stringname == "cid" || $stringname == "qaid" || $stringname == "scid" || $stringname == "loadsecurity") { return sanitize_int($urlParam); } elseif ($stringname =="lang" || $stringname =="adminlang") { return sanitize_languagecode($urlParam); } elseif ($stringname =="htmleditormode" || $stringname =="subaction") { return sanitize_paranoid_string($urlParam); } elseif ( $stringname =="cquestions") { return sanitize_cquestions($urlParam); } return $urlParam; } else { return NULL; } }