/** * Gets a clean param value * * @param string|string[] $key Name of index or array of names of indexes, each with name or input-name-encoded array selection, e.g. a.b.c * @param mixed|GetterInterface $default [optional] Default value, or, if instanceof GetterInterface, parent GetterInterface for the default value * @param string|array $type [optional] default: null: raw. Or const int GetterInterface::COMMAND|GetterInterface::INT|... or array( const ) or array( $key => const ) * @return string|array * * @throws \InvalidArgumentException If namespace doesn't exist */ public function get($key, $default = null, $type = null) { if (is_array($key)) { $va = array(); foreach ($key as $k) { $va[$k] = $this->get($k, is_array($default) ? $default[$k] : $default, is_array($type) ? $type[$k] : $type); } return $va; } // Check for namespaced get( 'namespace/key' ): if (strpos($key, '/') !== false) { list($namespace, $subKey) = explode('/', $key, 2); return $this->getNamespaceRegistry($namespace)->get($subKey, $default, $type); } // Check in parent if not existing: if ($this->parent && !$this->hasInThis($key)) { return $this->parent->get($key, $default, $type); } // Get value in this Parameters: return Get::get($this->params, $key, $default, $type === null ? $this->defaultGetType : $type, $this->srcGpc); }
/** * Cleans the field value by type in a secure way for SQL * * @param mixed $fieldValue * @param string $type const,sql,param : string,int,float,datetime,formula * @param GetterInterface $pluginParams * @param DatabaseDriverInterface $db * @param array|null $extDataModels * @return string|boolean STRING: sql-safe value, Quoted or type-casted to int or float, or FALSE in case of type error */ public static function sqlCleanQuote($fieldValue, $type, GetterInterface $pluginParams, DatabaseDriverInterface $db, array $extDataModels = null) { $typeArray = explode(':', $type, 3); if (count($typeArray) < 2) { $typeArray = array('const', $type); } if ($typeArray[0] == 'param') { $fieldValue = $pluginParams->get($fieldValue); } elseif ($typeArray[0] == 'user') { // TODO: Change this to use Inversion Of Control, and allow XML valuetypes to be extended dynamically (e.g. instead of calling specifically CBLib\CB\User or similar when available, it is CB that adds the type and a closure to handle that type. if ($fieldValue == 'viewaccesslevels') { $fieldValue = Application::MyUser()->getAuthorisedViewLevels(); } else { if ($fieldValue == 'usergroups') { $fieldValue = Application::MyUser()->getAuthorisedGroups(false); } else { $fieldValue = \CBuser::getMyUserDataInstance()->get($fieldValue); } } } elseif (in_array($typeArray[0], array('request', 'get', 'post', 'cookie', 'cbcookie', 'session', 'server', 'env'))) { $fieldValue = self::_globalConv($typeArray[0], $fieldValue); } elseif ($typeArray[0] == 'ext') { if (isset($typeArray[2]) && $extDataModels && isset($extDataModels[$typeArray[2]])) { $model = $extDataModels[$typeArray[2]]; if (is_object($model)) { if ($model instanceof ParamsInterface) { $fieldValue = $model->get($fieldValue); } elseif (isset($model->{$fieldValue})) { $fieldValue = $model->{$fieldValue}; } } elseif (is_array($model)) { if (isset($model[$fieldValue])) { $fieldValue = $model[$fieldValue]; } } else { $fieldValue = $model; } } else { trigger_error('SQLXML::sqlCleanQuote: ERROR: ext valuetype "' . htmlspecialchars($type) . '" has not been setExternalDataTypeValues.', E_USER_NOTICE); } // } elseif ( ( $typeArray[0] == 'const' ) || ( $cnt_valtypeArray[0] == 'sql' ) { // $fieldValue = $fieldValue; } if (is_array($fieldValue)) { return self::cleanArrayType($fieldValue, $typeArray[1], $db); } return self::cleanScalarType($fieldValue, $typeArray[1], $db); }