public static function getvar($name = null, $method = null) { /* The full list of field-name characters that PHP converts to _ (underscore) is the following (not just dot): chr(32) ( ) (space) chr(46) (.) (dot) chr(91) ([) (open square bracket) chr(128) - chr(159) (various) PHP irreversibly modifies field names containing these characters in an attempt to maintain compatibility with the deprecated register_globals feature. */ if (isset($name)) { $name = preg_replace("/[ \\.\\[€-Ÿ]/", "_", $name); } switch ($method) { case 'GET': $result = isset($name) ? $_GET[$name] : $_GET; break; case 'POST': $result = isset($name) ? $_POST[$name] : $_POST; break; case 'COOKIE': $result = isset($name) ? $_COOKIE[$name] : $_COOKIE; break; case 'SERVER': $result = isset($name) ? $_SERVER[$name] : $_SERVER; break; default: $result = !isset($name) ? $_REQUEST : (isset($_POST[$name]) ? $_POST[$name] : $_GET[$name]); break; } if (self::$tainting) { ar::taint($result); } return $result; }
public static function _taint(&$value) { ar::taint($value); }