function get_vars($vars_order = array())
{
if (is_string($vars_order)) {
$vars_order = explode(' ', $vars_order);
} else {
if (empty($vars_order) || !is_array($vars_order)) {
$vars_order = array('OLDGET', 'POST', 'URI', 'GET');
// Default order
}
}
$vars = array();
foreach ($vars_order as $order) {
$order = strtoupper($order);
switch ($order) {
case 'OLDGET':
// Parse GET variables into $vars for backwards compatibility
// Can probably remove this soon
foreach ($_GET as $key => $get_var) {
if (strstr($key, "opt")) {
list($name, $value) = explode("|", $get_var);
if (!isset($value)) {
$value = "yes";
}
if (!isset($vars[$name])) {
$vars[$name] = $value;
}
}
}
break;
case 'POST':
// Parse POST variables into $vars
foreach ($_POST as $name => $value) {
if (!isset($vars[$name])) {
$vars[$name] = var_decode($value);
}
}
break;
case 'URI':
case 'URL':
// Parse URI into $vars
$segments = explode('/', trim($_SERVER['REQUEST_URI'], '/'));
foreach ($segments as $pos => $segment) {
//$segment = urldecode($segment);
if ($pos == "0" && strpos($segment, '=') === FALSE) {
$segment = urldecode($segment);
$vars['page'] = $segment;
} else {
list($name, $value) = explode('=', $segment, 2);
if (!isset($vars[$name])) {
if (!isset($value) || $value === '') {
$vars[$name] = 'yes';
} else {
$value = str_replace('%7F', '/', urldecode($value));
// %7F (DEL, delete) - not defined in HTML 4 standard
if (strpos($value, ',')) {
// Here commas list (convert to array)
$vars[$name] = explode(',', $value);
} else {
// Here can be string as encoded array
$vars[$name] = var_decode($value);
if (strpos($vars[$name], '%1F') !== FALSE) {
$vars[$name] = str_replace('%1F', ',', $vars[$name]);
// %1F (US, unit separator) - not defined in HTML 4 standard
}
}
}
}
}
}
break;
case 'GET':
// Parse GET variable into $vars
foreach ($_GET as $name => $value) {
if (!isset($vars[$name])) {
$value = str_replace('%7F', '/', urldecode($value));
// %7F (DEL, delete) - not defined in HTML 4 standard
if (strpos($value, ',')) {
// Here commas list (convert to array)
$vars[$name] = explode(',', $value);
} else {
// Here can be string as encoded array
$vars[$name] = var_decode($value);
if (strpos($vars[$name], '%1F') !== FALSE) {
$vars[$name] = str_replace('%1F', ',', $vars[$name]);
// %1F (US, unit separator) - not defined in HTML 4 standard
}
}
}
}
break;
}
}
// Always convert location to array
if (isset($vars['location'])) {
if ($vars['location'] === '') {
// Unset location if is empty string
unset($vars['location']);
} else {
if (is_array($vars['location'])) {
// Additionaly decode locations if array entries encoded
foreach ($vars['location'] as $k => $location) {
$vars['location'][$k] = var_decode($location);
}
} else {
// All other location strings covert to array
$vars['location'] = array($vars['location']);
}
}
}
//r($vars);
return $vars;
}
function get_vars($vars_order = array())
{
if (is_string($vars_order)) {
$vars_order = explode(' ', $vars_order);
} else {
if (empty($vars_order) || !is_array($vars_order)) {
$vars_order = array('POST', 'URI', 'GET');
// Default order
}
}
// XSS script regex
$prevent_xss = '!<\\s*/?\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t\\s*>!i';
// <sCrIpT> < / s c r i p t >
$vars = array();
foreach ($vars_order as $order) {
$order = strtoupper($order);
switch ($order) {
case 'POST':
// Parse POST variables into $vars
foreach ($_POST as $name => $value) {
if (!isset($vars[$name])) {
$vars[$name] = var_decode($value);
if (preg_match($prevent_xss, $vars[$name])) {
// Prevent any <script> html tag inside vars, exclude any possible XSS with scripts
unset($vars[$name]);
}
}
}
break;
case 'URI':
case 'URL':
// Parse URI into $vars
$segments = explode('/', trim($_SERVER['REQUEST_URI'], '/'));
foreach ($segments as $pos => $segment) {
//$segment = urldecode($segment);
if ($pos == "0" && strpos($segment, '=') === FALSE) {
$segment = urldecode($segment);
$vars['page'] = $segment;
} else {
list($name, $value) = explode('=', $segment, 2);
if (!isset($vars[$name])) {
if (!isset($value) || $value === '') {
$vars[$name] = 'yes';
} else {
$value = str_replace('%7F', '/', urldecode($value));
// %7F (DEL, delete) - not defined in HTML 4 standard
if (preg_match($prevent_xss, $value)) {
// Prevent any <script> html tag inside vars, exclude any possible XSS with scripts
continue;
}
if (strpos($value, ',')) {
// Here commas list (convert to array)
$vars[$name] = explode(',', $value);
} else {
// Here can be string as encoded array
$vars[$name] = var_decode($value);
if (is_string($vars[$name]) && preg_match($prevent_xss, $vars[$name])) {
// Prevent any <script> html tag inside vars, exclude any possible XSS with scripts
unset($vars[$name]);
}
}
if (strpos($vars[$name], '%1F') !== FALSE) {
$vars[$name] = str_replace('%1F', ',', $vars[$name]);
// %1F (US, unit separator) - not defined in HTML 4 standard
}
}
}
}
}
break;
case 'GET':
// Parse GET variable into $vars
foreach ($_GET as $name => $value) {
if (!isset($vars[$name])) {
$value = str_replace('%7F', '/', urldecode($value));
// %7F (DEL, delete) - not defined in HTML 4 standard
if (preg_match($prevent_xss, $value)) {
// Prevent any <script> html tag inside vars, exclude any possible XSS with scripts
continue;
}
if (strpos($value, ',')) {
// Here commas list (convert to array)
$vars[$name] = explode(',', $value);
} else {
// Here can be string as encoded array
$vars[$name] = var_decode($value);
if (is_string($vars[$name]) && preg_match($prevent_xss, $vars[$name])) {
// Prevent any <script> html tag inside vars, exclude any possible XSS with scripts
unset($vars[$name]);
}
}
if (strpos($vars[$name], '%1F') !== FALSE) {
$vars[$name] = str_replace('%1F', ',', $vars[$name]);
// %1F (US, unit separator) - not defined in HTML 4 standard
}
}
}
break;
}
}
// Always convert location to array
if (isset($vars['location'])) {
if ($vars['location'] === '') {
// Unset location if is empty string
unset($vars['location']);
} else {
if (is_array($vars['location'])) {
// Additionaly decode locations if array entries encoded
foreach ($vars['location'] as $k => $location) {
$vars['location'][$k] = var_decode($location);
}
} else {
// All other location strings covert to array
$vars['location'] = array($vars['location']);
}
}
}
//r($vars);
return $vars;
}
/**
* @dataProvider providerVarDecodeWrong
* @group vars
*/
public function testVarDecodeWrong($result, $method, $string)
{
$this->assertSame($result, var_decode($string, $method));
}
