public static function getvar($name = null, $method = null)
{
/*
The full list of field-name characters that PHP converts to _ (underscore) is the following (not just dot):
chr(32) ( ) (space)
chr(46) (.) (dot)
chr(91) ([) (open square bracket)
chr(128) - chr(159) (various)
PHP irreversibly modifies field names containing these characters in an attempt to maintain compatibility with the deprecated register_globals feature.
*/
if (isset($name)) {
$name = preg_replace("/[ \\.\\[€-Ÿ]/", "_", $name);
}
switch ($method) {
case 'GET':
$result = isset($name) ? $_GET[$name] : $_GET;
break;
case 'POST':
$result = isset($name) ? $_POST[$name] : $_POST;
break;
case 'COOKIE':
$result = isset($name) ? $_COOKIE[$name] : $_COOKIE;
break;
case 'SERVER':
$result = isset($name) ? $_SERVER[$name] : $_SERVER;
break;
default:
$result = !isset($name) ? $_REQUEST : (isset($_POST[$name]) ? $_POST[$name] : $_GET[$name]);
break;
}
if (self::$tainting) {
ar::taint($result);
}
return $result;
}
public static function _taint(&$value)
{
ar::taint($value);
}
