/** * Returns value of parameter stored in POST,GET. * For security reasons performed oxconfig->checkParamSpecialChars(). * use $blRaw very carefully if you want to get unescaped * parameter. * * @param string $sName Name of parameter * @param bool $blRaw Get unescaped parameter * * @return mixed */ public function getRequestParameter($sName, $blRaw = false) { if (defined('OXID_PHP_UNIT')) { if (isset(modConfig::$unitMOD) && is_object(modConfig::$unitMOD)) { try { $sValue = modConfig::getRequestParameter($sName, $blRaw); // TODO: remove this after special chars concept implementation $blIsAdmin = modConfig::getInstance()->isAdmin() || modSession::getInstance()->getVariable("blIsAdmin"); if ($sValue !== null && !$blIsAdmin && (!$blRaw || is_array($blRaw))) { $this->checkParamSpecialChars($sValue, $blRaw); } return $sValue; } catch (Exception $e) { // if exception is thrown, use default } } } $sValue = null; if (isset($_POST[$sName])) { $sValue = $_POST[$sName]; } elseif (isset($_GET[$sName])) { $sValue = $_GET[$sName]; } // TODO: remove this after special chars concept implementation $blIsAdmin = $this->isAdmin() && $this->getSession()->getVariable("blIsAdmin"); if ($sValue !== null && !$blIsAdmin && (!$blRaw || is_array($blRaw))) { $this->checkParamSpecialChars($sValue, $blRaw); } return $sValue; }