/**
* Get the value of the specified POST key, if it is found, or the default otherwise.
*
* @param ID_TEXT The name of the parameter to get
* @param ?mixed The default value to give the parameter if the parameter value is not defined (NULL: allow missing parameter) (false: give error on missing parameter)
* @param boolean Whether we are cleaning for HTML rather than Comcode/plain-text
* @param boolean Whether to convert WYSIWYG contents to Comcode automatically
* @return ?string The parameter value (NULL: missing)
*/
function post_param($name, $default = false, $html = false, $conv_from_wysiwyg = true)
{
$ret = __param($_POST, $name, $default, false, true);
if ($ret === NULL) {
return NULL;
}
if (trim($ret) == '' && $default !== '' && array_key_exists('require__' . $name, $_POST) && $_POST['require__' . $name] != '0') {
require_code('failure');
improperly_filled_in_post($name);
}
if ($ret != '' && addon_installed('wordfilter')) {
if ($name != 'password') {
require_code('word_filter');
if ($ret !== $default) {
$ret = check_word_filter($ret, $name);
}
}
}
if ($ret !== NULL) {
$ret = unixify_line_format($ret, NULL, $html);
}
if (isset($_POST[$name . '__is_wysiwyg']) && $_POST[$name . '__is_wysiwyg'] == '1' && $conv_from_wysiwyg) {
if (trim($ret) == '') {
$ret = '';
} else {
require_code('comcode_from_html');
$ret = trim(semihtml_to_comcode($ret));
}
} else {
if (substr($ret, 0, 10) == '[semihtml]' && substr(trim($ret), -11) == '[/semihtml]') {
$_ret = trim($ret);
$_ret = substr($_ret, 10, strlen($_ret) - 11 - 10);
if (strpos($_ret, '[semihtml') === false) {
require_code('comcode_from_html');
$ret = trim(semihtml_to_comcode($_ret));
}
}
}
require_code('input_filter');
if ($GLOBALS['BOOTSTRAPPING'] == 0 && $GLOBALS['MICRO_AJAX_BOOTUP'] == 0) {
check_posted_field($name, $ret);
}
if ($ret === $default) {
return $ret;
}
if (strpos($ret, ':') !== false && function_exists('ocp_url_decode_post_process')) {
$ret = ocp_url_decode_post_process($ret);
}
check_input_field_string($name, $ret, true);
return $ret;
}
/**
* Complain about a field being missing.
*
* @param string The name of the parameter
* @param ?boolean Whether the parameter is a POST parameter (NULL: undetermined)
* @param array The array we're extracting parameters from
*/
function improperly_filled_in($name, $posted, $array)
{
require_code('tempcode');
$GLOBALS['HTTP_STATUS_CODE'] = '400';
if (!headers_sent()) {
if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) {
header('HTTP/1.0 400 Bad Request');
}
}
if ($posted !== false) {
improperly_filled_in_post($name);
}
if ($name == 'login_username') {
warn_exit(do_lang_tempcode('NO_PARAMETER_SENT_SPECIAL', escape_html($name)));
}
if (!isset($array[$name]) && ($name == 'id' || $name == 'type') && !headers_sent()) {
$GLOBALS['HTTP_STATUS_CODE'] = '404';
if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) {
header('HTTP/1.0 404 Not Found');
}
// Direct ascending for short URLs - not possible, so should give 404's to avoid indexing
}
warn_exit(do_lang_tempcode('NO_PARAMETER_SENT', escape_html($name)));
}
