/** * Initializes request data * * @access public * @return */ public static function Initialize() { // try to open stdin & stdout self::$input = fopen("php://input", "r"); self::$output = fopen("php://output", "w+"); // Parse the standard GET parameters if (isset($_GET["Cmd"])) { self::$command = self::filterEvilInput($_GET["Cmd"], self::LETTERS_ONLY); } // getUser is unfiltered, as everything is allowed.. even "/", "\" or ".." if (isset($_GET["User"])) { self::$getUser = strtolower($_GET["User"]); if (defined('USE_FULLEMAIL_FOR_LOGIN') && !USE_FULLEMAIL_FOR_LOGIN) { self::$getUser = Utils::GetLocalPartFromEmail(self::$getUser); } } if (isset($_GET["DeviceId"])) { self::$devid = strtolower(self::filterEvilInput($_GET["DeviceId"], self::WORDCHAR_ONLY)); } if (isset($_GET["DeviceType"])) { self::$devtype = self::filterEvilInput($_GET["DeviceType"], self::LETTERS_ONLY); } if (isset($_GET["AttachmentName"])) { self::$attachmentName = self::filterEvilInput($_GET["AttachmentName"], self::HEX_EXTENDED); } if (isset($_GET["CollectionId"])) { self::$collectionId = self::filterEvilInput($_GET["CollectionId"], self::HEX_ONLY); } if (isset($_GET["ItemId"])) { self::$itemId = self::filterEvilInput($_GET["ItemId"], self::HEX_ONLY); } if (isset($_GET["SaveInSent"]) && $_GET["SaveInSent"] == "T") { self::$saveInSent = true; } if (isset($_SERVER["REQUEST_METHOD"])) { self::$method = self::filterEvilInput($_SERVER["REQUEST_METHOD"], self::LETTERS_ONLY); } // TODO check IPv6 addresses if (isset($_SERVER["REMOTE_ADDR"])) { self::$remoteAddr = self::filterEvilInput($_SERVER["REMOTE_ADDR"], self::NUMBERSDOT_ONLY); } // in protocol version > 14 mobile send these inputs as encoded query string if (!isset(self::$command) && !empty($_SERVER['QUERY_STRING']) && Utils::IsBase64String($_SERVER['QUERY_STRING'])) { $query = Utils::DecodeBase64URI($_SERVER['QUERY_STRING']); if (!isset(self::$command) && isset($query['Command'])) { self::$command = Utils::GetCommandFromCode($query['Command']); } if (!isset(self::$getUser) && isset($query[self::COMMANDPARAM_USER])) { self::$getUser = strtolower($query[self::COMMANDPARAM_USER]); if (defined('USE_FULLEMAIL_FOR_LOGIN') && !USE_FULLEMAIL_FOR_LOGIN) { self::$getUser = Utils::GetLocalPartFromEmail(self::$getUser); } } if (!isset(self::$devid) && isset($query['DevID'])) { self::$devid = strtolower(self::filterEvilInput($query['DevID'], self::WORDCHAR_ONLY)); } if (!isset(self::$devtype) && isset($query['DevType'])) { self::$devtype = self::filterEvilInput($query['DevType'], self::LETTERS_ONLY); } if (isset($query['PolKey'])) { self::$policykey = (int) self::filterEvilInput($query['PolKey'], self::NUMBERS_ONLY); } if (isset($query['ProtVer'])) { self::$asProtocolVersion = self::filterEvilInput($query['ProtVer'], self::NUMBERS_ONLY) / 10; } if (isset($query[self::COMMANDPARAM_ATTACHMENTNAME])) { self::$attachmentName = self::filterEvilInput($query[self::COMMANDPARAM_ATTACHMENTNAME], self::HEX_EXTENDED); } if (isset($query[self::COMMANDPARAM_COLLECTIONID])) { self::$collectionId = self::filterEvilInput($query[self::COMMANDPARAM_COLLECTIONID], self::HEX_ONLY); } if (isset($query[self::COMMANDPARAM_ITEMID])) { self::$itemId = self::filterEvilInput($query[self::COMMANDPARAM_ITEMID], self::HEX_ONLY); } if (isset($query[self::COMMANDPARAM_OPTIONS]) && ord($query[self::COMMANDPARAM_OPTIONS]) & self::COMMANDPARAM_OPTIONS_SAVEINSENT) { self::$saveInSent = true; } if (isset($query[self::COMMANDPARAM_OPTIONS]) && ord($query[self::COMMANDPARAM_OPTIONS]) & self::COMMANDPARAM_OPTIONS_ACCEPTMULTIPART) { self::$acceptMultipart = true; } } // in base64 encoded query string user is not necessarily set if (!isset(self::$getUser) && isset($_SERVER['PHP_AUTH_USER'])) { list(self::$getUser, ) = Utils::SplitDomainUser(strtolower($_SERVER['PHP_AUTH_USER'])); if (defined('USE_FULLEMAIL_FOR_LOGIN') && !USE_FULLEMAIL_FOR_LOGIN) { self::$getUser = Utils::GetLocalPartFromEmail(self::$getUser); } } }