/** * Returns value of parameter stored in POST,GET. * For security reasons performed oxconfig::checkSpecialChars(). * use $blRaw very carefully if you want to get unescaped * parameter. * * @param string $sName Name of parameter * @param bool $blRaw Get unescaped parameter * * @return mixed */ public static function getParameter($sName, $blRaw = false) { if (defined('OXID_PHP_UNIT')) { if (isset(modConfig::$unitMOD) && is_object(modConfig::$unitMOD)) { try { $sValue = modConfig::getParameter($sName, $blRaw); // TODO: remove this after special chars concept implementation $blIsAdmin = modConfig::getInstance()->isAdmin(); if ($sValue !== null && !$blIsAdmin && (!$blRaw || is_array($blRaw))) { self::checkSpecialChars($sValue, $blRaw); } return $sValue; } catch (Exception $e) { // if exception is thrown, use default } } } $sValue = null; if (isset($_POST[$sName])) { $sValue = $_POST[$sName]; } elseif (isset($_GET[$sName])) { $sValue = $_GET[$sName]; } // TODO: remove this after special chars concept implementation $blIsAdmin = oxConfig::getInstance()->isAdmin() && oxSession::getVar("blIsAdmin"); if ($sValue !== null && !$blIsAdmin && (!$blRaw || is_array($blRaw))) { self::checkSpecialChars($sValue, $blRaw); } return $sValue; }