public static function Setup() { if (!self::$setup) { self::$setup = true; // Check if post_max_size was exceeded if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST' && empty($_POST) && $_SERVER['CONTENT_LENGTH'] > 0) { self::$post_max_size_exceeded = true; } if (get_magic_quotes_gpc() == 1) { $_GET = String::RemoveSlashes($_GET); $_POST = String::RemoveSlashes($_POST); $_COOKIE = String::RemoveSlashes($_COOKIE); } $_REQUEST = array_map(array('String', 'Trim'), array_merge($_GET, $_POST)); } }
/** * Tests the post_max_size_exceeded() method * * @dataProvider provider_post_max_size_exceeded * * @param int content_length * @param bool expected * @return void */ public function test_post_max_size_exceeded($content_length, $expected) { // Ensure the request method is set to POST Request::$initial->method(HTTP_Request::POST); // Set the content length $_SERVER['CONTENT_LENGTH'] = $content_length; // Test the post_max_size_exceeded() method $this->assertSame(Request::post_max_size_exceeded(), $expected); }
/** * Returns TRUE if the POST has a valid CSRF * * Usage:<br> * <code> * if ($this->valid_post('upload_photo')) { ... } * </code> * * @param string|NULL $submit Submit value [Optional] * @return boolean Return TRUE if it's valid $_POST * * @uses Request::is_post * @uses Request::post_max_size_exceeded * @uses Request::get_post_max_size * @uses Request::post * @uses Message::error * @uses CSRF::valid * @uses Captcha::valid */ public function valid_post($submit = NULL) { if (!$this->request->is_post()) { return FALSE; } if (Request::post_max_size_exceeded()) { $this->_errors = array('_action' => __('Max file size of :max Bytes exceeded!', array(':max' => Request::get_post_max_size()))); return FALSE; } if (!is_null($submit)) { if (!isset($_POST[$submit])) { $this->_errors = array('_action' => __('This form has altered. Please try submitting it again.')); return FALSE; } } $_token = $this->request->post('_token'); $_action = $this->request->post('_action'); $has_csrf = !empty($_token) and !empty($_action); $valid_csrf = CSRF::valid($_token, $_action); if ($has_csrf and !$valid_csrf) { // CSRF was submitted but expired $this->_errors = array('_token' => __('This form has expired. Please try submitting it again.')); return FALSE; } if (isset($_POST['_captcha'])) { $captcha = $this->request->post('_captcha'); if (empty($captcha)) { // CSRF was not entered $this->_errors = array('_captcha' => __('The security code can\'t be empty.')); return FALSE; } elseif (!Captcha::valid($captcha)) { $this->_errors = array('_captcha' => __('The security answer was wrong.')); return FALSE; } } return $has_csrf and $valid_csrf; }