Example #1
0
 /**
  * Initializes request data
  *
  * @access public
  * @return
  */
 public static function Initialize()
 {
     // try to open stdin & stdout
     self::$input = fopen("php://input", "r");
     self::$output = fopen("php://output", "w+");
     // Parse the standard GET parameters
     if (isset($_GET["Cmd"])) {
         self::$command = self::filterEvilInput($_GET["Cmd"], self::LETTERS_ONLY);
     }
     // getUser is unfiltered, as everything is allowed.. even "/", "\" or ".."
     if (isset($_GET["User"])) {
         self::$getUser = strtolower($_GET["User"]);
         if (defined('USE_FULLEMAIL_FOR_LOGIN') && !USE_FULLEMAIL_FOR_LOGIN) {
             self::$getUser = Utils::GetLocalPartFromEmail(self::$getUser);
         }
     }
     if (isset($_GET["DeviceId"])) {
         self::$devid = strtolower(self::filterEvilInput($_GET["DeviceId"], self::WORDCHAR_ONLY));
     }
     if (isset($_GET["DeviceType"])) {
         self::$devtype = self::filterEvilInput($_GET["DeviceType"], self::LETTERS_ONLY);
     }
     if (isset($_GET["AttachmentName"])) {
         self::$attachmentName = self::filterEvilInput($_GET["AttachmentName"], self::HEX_EXTENDED);
     }
     if (isset($_GET["CollectionId"])) {
         self::$collectionId = self::filterEvilInput($_GET["CollectionId"], self::HEX_ONLY);
     }
     if (isset($_GET["ItemId"])) {
         self::$itemId = self::filterEvilInput($_GET["ItemId"], self::HEX_ONLY);
     }
     if (isset($_GET["SaveInSent"]) && $_GET["SaveInSent"] == "T") {
         self::$saveInSent = true;
     }
     if (isset($_SERVER["REQUEST_METHOD"])) {
         self::$method = self::filterEvilInput($_SERVER["REQUEST_METHOD"], self::LETTERS_ONLY);
     }
     // TODO check IPv6 addresses
     if (isset($_SERVER["REMOTE_ADDR"])) {
         self::$remoteAddr = self::filterEvilInput($_SERVER["REMOTE_ADDR"], self::NUMBERSDOT_ONLY);
     }
     // in protocol version > 14 mobile send these inputs as encoded query string
     if (!isset(self::$command) && !empty($_SERVER['QUERY_STRING']) && Utils::IsBase64String($_SERVER['QUERY_STRING'])) {
         $query = Utils::DecodeBase64URI($_SERVER['QUERY_STRING']);
         if (!isset(self::$command) && isset($query['Command'])) {
             self::$command = Utils::GetCommandFromCode($query['Command']);
         }
         if (!isset(self::$getUser) && isset($query[self::COMMANDPARAM_USER])) {
             self::$getUser = strtolower($query[self::COMMANDPARAM_USER]);
             if (defined('USE_FULLEMAIL_FOR_LOGIN') && !USE_FULLEMAIL_FOR_LOGIN) {
                 self::$getUser = Utils::GetLocalPartFromEmail(self::$getUser);
             }
         }
         if (!isset(self::$devid) && isset($query['DevID'])) {
             self::$devid = strtolower(self::filterEvilInput($query['DevID'], self::WORDCHAR_ONLY));
         }
         if (!isset(self::$devtype) && isset($query['DevType'])) {
             self::$devtype = self::filterEvilInput($query['DevType'], self::LETTERS_ONLY);
         }
         if (isset($query['PolKey'])) {
             self::$policykey = (int) self::filterEvilInput($query['PolKey'], self::NUMBERS_ONLY);
         }
         if (isset($query['ProtVer'])) {
             self::$asProtocolVersion = self::filterEvilInput($query['ProtVer'], self::NUMBERS_ONLY) / 10;
         }
         if (isset($query[self::COMMANDPARAM_ATTACHMENTNAME])) {
             self::$attachmentName = self::filterEvilInput($query[self::COMMANDPARAM_ATTACHMENTNAME], self::HEX_EXTENDED);
         }
         if (isset($query[self::COMMANDPARAM_COLLECTIONID])) {
             self::$collectionId = self::filterEvilInput($query[self::COMMANDPARAM_COLLECTIONID], self::HEX_ONLY);
         }
         if (isset($query[self::COMMANDPARAM_ITEMID])) {
             self::$itemId = self::filterEvilInput($query[self::COMMANDPARAM_ITEMID], self::HEX_ONLY);
         }
         if (isset($query[self::COMMANDPARAM_OPTIONS]) && ord($query[self::COMMANDPARAM_OPTIONS]) & self::COMMANDPARAM_OPTIONS_SAVEINSENT) {
             self::$saveInSent = true;
         }
         if (isset($query[self::COMMANDPARAM_OPTIONS]) && ord($query[self::COMMANDPARAM_OPTIONS]) & self::COMMANDPARAM_OPTIONS_ACCEPTMULTIPART) {
             self::$acceptMultipart = true;
         }
     }
     // in base64 encoded query string user is not necessarily set
     if (!isset(self::$getUser) && isset($_SERVER['PHP_AUTH_USER'])) {
         list(self::$getUser, ) = Utils::SplitDomainUser(strtolower($_SERVER['PHP_AUTH_USER']));
         if (defined('USE_FULLEMAIL_FOR_LOGIN') && !USE_FULLEMAIL_FOR_LOGIN) {
             self::$getUser = Utils::GetLocalPartFromEmail(self::$getUser);
         }
     }
 }