/**
* Gets a cookie value from `$_COOKIE`, while allowing a default value to be provided
*
* @param string $name The name of the cookie to retrieve
* @param mixed $default_value If there is no cookie with the name provided, return this value instead
* @return mixed The value
*/
public static function get($name, $default_value = NULL)
{
if (isset($_COOKIE[$name])) {
$value = fUTF8::clean($_COOKIE[$name]);
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
return $value;
}
return $default_value;
}
/**
* Gets a value from the `DELETE`/`PUT` post data, `$_POST` or `$_GET` superglobals (in that order)
*
* A value that exactly equals `''` and is not cast to a specific type will
* become `NULL`.
*
* Valid `$cast_to` types include:
* - `'string'`,
* - `'int'`
* - `'integer'`
* - `'bool'`
* - `'boolean'`
* - `'array'`
* - `'date'`
* - `'time'`
* - `'timestamp'`
*
* It is also possible to append a `?` to a data type to return `NULL`
* whenever the `$key` was not specified in the request, or if the value
* was a blank string.
*
* All text values are interpreted as UTF-8 string and appropriately
* cleaned.
*
* @param string $key The key to get the value of
* @param string $cast_to Cast the value to this data type - see method description for details
* @param mixed $default_value If the parameter is not set in the `DELETE`/`PUT` post data, `$_POST` or `$_GET`, use this value instead. This value will get cast if a `$cast_to` is specified.
* @return mixed The value
*/
public static function get($key, $cast_to = NULL, $default_value = NULL)
{
self::initPutDelete();
$value = $default_value;
$array_dereference = NULL;
if (strpos($key, '[')) {
$bracket_pos = strpos($key, '[');
$array_dereference = substr($key, $bracket_pos);
$key = substr($key, 0, $bracket_pos);
}
if (isset(self::$put_delete[$key])) {
$value = self::$put_delete[$key];
} elseif (isset($_POST[$key])) {
$value = $_POST[$key];
} elseif (isset($_GET[$key])) {
$value = $_GET[$key];
}
if ($array_dereference) {
preg_match_all('#(?<=\\[)[^\\[\\]]+(?=\\])#', $array_dereference, $array_keys, PREG_SET_ORDER);
$array_keys = array_map('current', $array_keys);
foreach ($array_keys as $array_key) {
if (!is_array($value) || !isset($value[$array_key])) {
$value = $default_value;
break;
}
$value = $value[$array_key];
}
}
// This allows for data_type? casts to allow NULL through
if ($cast_to !== NULL && substr($cast_to, -1) == '?') {
if ($value === NULL || $value === '') {
return $value;
}
$cast_to = substr($cast_to, 0, -1);
}
if (get_magic_quotes_gpc() && (self::isPost() || self::isGet())) {
if (is_array($value)) {
$value = array_map('stripslashes', $value);
} else {
$value = stripslashes($value);
}
}
// This normalizes an empty element to NULL
if ($cast_to === NULL && $value === '') {
$value = NULL;
} elseif ($cast_to == 'date') {
try {
$value = new fDate($value);
} catch (fValidationException $e) {
$value = new fDate();
}
} elseif ($cast_to == 'time') {
try {
$value = new fTime($value);
} catch (fValidationException $e) {
$value = new fTime();
}
} elseif ($cast_to == 'timestamp') {
try {
$value = new fTimestamp($value);
} catch (fValidationException $e) {
$value = new fTimestamp();
}
} elseif ($cast_to == 'array' && is_string($value) && strpos($value, ',') !== FALSE) {
$value = explode(',', $value);
} elseif ($cast_to == 'array' && ($value === NULL || $value === '')) {
$value = array();
} elseif ($cast_to == 'bool' || $cast_to == 'boolean') {
if (strtolower($value) == 'f' || strtolower($value) == 'false' || strtolower($value) == 'no' || !$value) {
$value = FALSE;
} else {
$value = TRUE;
}
} elseif (($cast_to == 'int' || $cast_to == 'integer') && preg_match('#^-?\\d+$#D', $value)) {
// If the cast is an integer and the value is digits, don't cast to prevent
// truncation due to 32 bit integer limits
} elseif ($cast_to) {
settype($value, $cast_to);
}
// Clean values coming in to ensure we don't have invalid UTF-8
if (($cast_to === NULL || $cast_to == 'string' || $cast_to == 'array') && $value !== NULL) {
$value = fUTF8::clean($value);
}
return $value;
}
/**
* Recursively handles casting values
*
* @param string|array $value The value to be casted
* @param string $cast_to The data type to cast to
* @param integer $level The nesting level of the call
* @return mixed The casted `$value`
*/
private static function cast($value, $cast_to, $level = 0)
{
$level++;
$strict_array = substr($cast_to, -2) == '[]';
$array_type = $cast_to == 'array' || $strict_array;
if ($level == 1 && $array_type) {
if (is_string($value) && strpos($value, ',') !== FALSE) {
$value = explode(',', $value);
} elseif ($value === NULL || $value === '') {
$value = array();
} else {
settype($value, 'array');
}
}
// Iterate through array values and cast them individually
if (is_array($value) && ($cast_to == 'array' || $cast_to === NULL || $strict_array && $level == 1)) {
if ($value === array()) {
return $value;
}
foreach ($value as $key => $sub_value) {
$value[$key] = self::cast($sub_value, $cast_to, $level);
}
return $value;
}
if ($array_type) {
$cast_to = preg_replace('#\\[\\]$#D', '', $cast_to);
}
if ($cast_to == 'array' && $level > 1) {
$cast_to = 'string';
}
if (get_magic_quotes_gpc() && (self::isPost() || self::isGet())) {
$value = self::stripSlashes($value);
}
// This normalizes an empty element to NULL
if ($cast_to === NULL && $value === '') {
$value = NULL;
} elseif ($cast_to == 'date') {
try {
$value = new fDate($value);
} catch (fValidationException $e) {
$value = new fDate();
}
} elseif ($cast_to == 'time') {
try {
$value = new fTime($value);
} catch (fValidationException $e) {
$value = new fTime();
}
} elseif ($cast_to == 'timestamp') {
try {
$value = new fTimestamp($value);
} catch (fValidationException $e) {
$value = new fTimestamp();
}
} elseif ($cast_to == 'bool' || $cast_to == 'boolean') {
if (strtolower($value) == 'f' || strtolower($value) == 'false' || strtolower($value) == 'no' || !$value) {
$value = FALSE;
} else {
$value = TRUE;
}
} elseif (($cast_to == 'int' || $cast_to == 'integer') && is_string($value) && preg_match('#^-?\\d+$#D', $value)) {
// Only explicitly cast integers than can be represented by a real
// PHP integer to prevent truncation due to 32 bit integer limits
if (strval(intval($value)) == $value) {
$value = (int) $value;
}
// This patches PHP bug #53632 for vulnerable versions of PHP - http://bugs.php.net/bug.php?id=53632
} elseif ($cast_to == 'float' && $value === "2.2250738585072011e-308") {
static $vulnerable_to_53632 = NULL;
if ($vulnerable_to_53632 === NULL) {
$running_version = preg_replace('#^(\\d+\\.\\d+\\.\\d+).*$#D', '\\1', PHP_VERSION);
$vulnerable_to_53632 = version_compare($running_version, '5.2.17', '<') || version_compare($running_version, '5.3.5', '<') && version_compare($running_version, '5.3.0', '>=');
}
if ($vulnerable_to_53632) {
$value = "2.2250738585072012e-308";
}
settype($value, 'float');
} elseif ($cast_to != 'binary' && $cast_to !== NULL) {
$cast_to = str_replace('integer!', 'integer', $cast_to);
settype($value, $cast_to);
}
// Clean values coming in to ensure we don't have invalid UTF-8
if (($cast_to === NULL || $cast_to == 'string' || $cast_to == 'array') && $value !== NULL) {
$value = self::stripLowOrderBytes($value);
$value = fUTF8::clean($value);
}
return $value;
}
/**
* Gets a value from the `DELETE`/`PUT` post data, `$_POST` or `$_GET` superglobals (in that order)
*
* A value that exactly equals `''` and is not cast to a specific type will
* become `NULL`.
*
* Valid `$cast_to` types include:
* - `'string'`,
* - `'int'`
* - `'integer'`
* - `'bool'`
* - `'boolean'`
* - `'array'`
* - `'date'`
* - `'time'`
* - `'timestamp'`
*
* It is also possible to append a `?` to a data type to return `NULL`
* whenever the `$key` was not specified in the request, or if the value
* was a blank string.
*
* All text values are interpreted as UTF-8 string and appropriately
* cleaned.
*
* @param string $key The key to get the value of
* @param string $cast_to Cast the value to this data type - see method description for details
* @param mixed $default_value If the parameter is not set in the `DELETE`/`PUT` post data, `$_POST` or `$_GET`, use this value instead. This value will get cast if a `$cast_to` is specified.
* @return mixed The value
*/
public static function get($key, $cast_to = NULL, $default_value = NULL)
{
self::initPutDelete();
$value = $default_value;
if (isset(self::$put_delete[$key])) {
$value = self::$put_delete[$key];
} elseif (isset($_POST[$key])) {
$value = $_POST[$key];
} elseif (isset($_GET[$key])) {
$value = $_GET[$key];
}
// This allows for data_type? casts to allow NULL through
if ($cast_to !== NULL && substr($cast_to, -1) == '?') {
if ($value === NULL || $value === '') {
return $value;
}
$cast_to = substr($cast_to, 0, -1);
}
if (get_magic_quotes_gpc() && (self::isPost() || self::isGet())) {
if (is_array($value)) {
$value = array_map('stripslashes', $value);
} else {
$value = stripslashes($value);
}
}
// This normalizes an empty element to NULL
if ($cast_to === NULL && $value === '') {
$value = NULL;
} elseif ($cast_to == 'date') {
try {
$value = new fDate($value);
} catch (fValidationException $e) {
$value = new fDate();
}
} elseif ($cast_to == 'time') {
try {
$value = new fTime($value);
} catch (fValidationException $e) {
$value = new fTime();
}
} elseif ($cast_to == 'timestamp') {
try {
$value = new fTimestamp($value);
} catch (fValidationException $e) {
$value = new fTimestamp();
}
} elseif ($cast_to == 'array' && is_string($value) && strpos($value, ',') !== FALSE) {
$value = explode(',', $value);
} elseif ($cast_to == 'array' && ($value === NULL || $value === '')) {
$value = array();
} elseif ($cast_to == 'bool' || $cast_to == 'boolean') {
if (strtolower($value) == 'f' || strtolower($value) == 'false' || strtolower($value) == 'no' || !$value) {
$value = FALSE;
} else {
$value = TRUE;
}
} elseif ($cast_to) {
settype($value, $cast_to);
}
// Clean values coming in to ensure we don't have invalid UTF-8
if (($cast_to === NULL || $cast_to == 'string' || $cast_to == 'array') && $value !== NULL) {
$value = fUTF8::clean($value);
}
return $value;
}
/**
* @dataProvider cleanProvider
*/
public function testClean($input, $output)
{
$this->assertEquals($output, fUTF8::clean($input));
}
