function VerifyPageArguments($argspec, $required) { global $drewheader; if ($drewheader) { trigger_error("PAGEHEADER called before VerifyPageArguments " . "(called by RequiredPageArguments or OptionalPageArguments). " . "Won't be able to return proper HTTP status code on Error " . "in " . $_SERVER['SCRIPT_FILENAME'] . ",", E_USER_WARNING); } $result = array(); while ($argspec and count($argspec) > 1) { $name = array_shift($argspec); $type = array_shift($argspec); $yep = 0; unset($object); switch ($type) { case PAGEARG_EXPERIMENT: if (isset($_REQUEST[URL_EXPERIMENT])) { $idx = $_REQUEST[URL_EXPERIMENT]; $yep = 1; if (ValidateArgument(PAGEARG_EXPERIMENT, $idx)) { $object = Experiment::Lookup($idx); } } elseif (isset($_REQUEST[URL_EXPTIDX])) { $idx = $_REQUEST[URL_EXPTIDX]; $yep = 1; if (ValidateArgument(PAGEARG_EXPERIMENT, $idx)) { $object = Experiment::Lookup($idx); } } elseif (isset($_REQUEST[URL_PID]) && isset($_REQUEST[URL_EID])) { $pid = $_REQUEST[URL_PID]; $eid = $_REQUEST[URL_EID]; $yep = 1; if (ValidateArgument(PAGEARG_PID, $pid) && ValidateArgument(PAGEARG_EID, $eid)) { $object = Experiment::LookupByPidEid($pid, $eid); } } break; case PAGEARG_TEMPLATE: if (isset($_REQUEST[URL_GUID]) && isset($_REQUEST[URL_VERS])) { $guid = $_REQUEST[URL_GUID]; $vers = $_REQUEST[URL_VERS]; $yep = 1; if (ValidateArgument(PAGEARG_GUID, $guid) && ValidateArgument(PAGEARG_VERS, $vers)) { $object = Template::Lookup($guid, $vers); } } elseif (isset($_REQUEST[URL_TEMPLATE])) { $guidvers = $_REQUEST[URL_TEMPLATE]; $yep = 1; if (preg_match("/^([\\d]+)\\/([\\d]+)\$/", $guidvers, $matches)) { $guid = $matches[1]; $vers = $matches[2]; $object = Template::Lookup($guid, $vers); } else { PAGEARGERROR("Invalid argument for '{$type}': {$guidvers}"); } } break; case PAGEARG_INSTANCE: if (isset($_REQUEST[URL_INSTANCE])) { $idx = $_REQUEST[URL_INSTANCE]; $yep = 1; if (ValidateArgument(PAGEARG_INSTANCE, $idx)) { $object = TemplateInstance::LookupByExptidx($idx); } } break; case PAGEARG_METADATA: if (isset($_REQUEST[URL_METADATA])) { $guidvers = $_REQUEST[URL_METADATA]; $yep = 1; if (preg_match("/^([\\d]+)\\/([\\d]+)\$/", $guidvers, $matches)) { $guid = $matches[1]; $vers = $matches[2]; $object = TemplateMetadata::Lookup($guid, $vers); } else { PAGEARGERROR("Invalid argument for '{$type}': {$guidvers}"); } } break; case PAGEARG_PROJECT: if (isset($_REQUEST[URL_PROJECT])) { $idx = $_REQUEST[URL_PROJECT]; $yep = 1; if (ValidateArgument(PAGEARG_PROJECT, $idx)) { $object = Project::Lookup($idx); } } elseif (isset($_REQUEST[URL_PID])) { $pid = $_REQUEST[URL_PID]; $yep = 1; if (ValidateArgument(PAGEARG_PID, $pid)) { $object = Project::Lookup($pid); } } break; case PAGEARG_GROUP: if (isset($_REQUEST[URL_GROUP])) { $idx = $_REQUEST[URL_GROUP]; $yep = 1; if (ValidateArgument(PAGEARG_GROUP, $idx)) { $object = Group::Lookup($idx); } } elseif (isset($_REQUEST[URL_PID]) && isset($_REQUEST[URL_GID])) { $pid = $_REQUEST[URL_PID]; $gid = $_REQUEST[URL_GID]; $yep = 1; if (ValidateArgument(PAGEARG_PID, $pid) && ValidateArgument(PAGEARG_GID, $gid)) { $object = Group::LookupByPidGid($pid, $gid); } } break; case PAGEARG_NODE: if (isset($_REQUEST[URL_NODE])) { $idx = $_REQUEST[URL_NODE]; $yep = 1; if (ValidateArgument(PAGEARG_NODE, $idx)) { $object = Node::Lookup($idx); } } elseif (isset($_REQUEST[URL_NODEID])) { $nodeid = $_REQUEST[URL_NODEID]; $yep = 1; if (ValidateArgument(PAGEARG_NODEID, $nodeid)) { $object = Node::Lookup($nodeid); } } elseif (isset($_REQUEST[URL_NODEID_ALT])) { $nodeid = $_REQUEST[URL_NODEID_ALT]; $yep = 1; if (ValidateArgument(PAGEARG_NODEID, $nodeid)) { $object = Node::Lookup($nodeid); } } break; case PAGEARG_USER: if (isset($_REQUEST[URL_USER])) { $idx = $_REQUEST[URL_USER]; $yep = 1; if (ValidateArgument(PAGEARG_USER, $idx)) { $object = User::Lookup($idx); } } elseif (isset($_REQUEST[URL_UID])) { $uid = $_REQUEST[URL_UID]; $yep = 1; if (ValidateArgument(PAGEARG_UID, $uid)) { $object = User::Lookup($uid); } } break; case PAGEARG_IMAGE: if (isset($_REQUEST[URL_IMAGEID])) { $imageid = $_REQUEST[URL_IMAGEID]; $yep = 1; if (ValidateArgument(PAGEARG_IMAGE, $imageid)) { $object = Image::Lookup($imageid); } } elseif (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") { $imageid = $_REQUEST[$name]; $yep = 1; if (ValidateArgument(PAGEARG_IMAGE, $imageid)) { $object = Image::Lookup($imageid); } } break; case PAGEARG_OSINFO: if (isset($_REQUEST[URL_OSID])) { $osid = $_REQUEST[URL_OSID]; $yep = 1; if (ValidateArgument(PAGEARG_OSINFO, $osid)) { $object = OSinfo::Lookup($osid); } } break; case PAGEARG_BOOLEAN: if (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") { $object = $_REQUEST[$name]; $yep = 1; if (strcasecmp("{$object}", "yes") == 0 || strcasecmp("{$object}", "1") == 0 || strcasecmp("{$object}", "true") == 0 || strcasecmp("{$object}", "on") == 0) { $object = True; } elseif (strcasecmp("{$object}", "no") == 0 || strcasecmp("{$object}", "0") == 0 || strcasecmp("{$object}", "false") == 0 || strcasecmp("{$object}", "off") == 0) { $object = False; } } break; case PAGEARG_INTEGER: case PAGEARG_NUMERIC: case PAGEARG_ARRAY: if (isset($_REQUEST[$name]) && $_REQUEST[$name] != "") { $object = $_REQUEST[$name]; $yep = 1; if (!ValidateArgument($type, $object)) { unset($object); } } break; case PAGEARG_ANYTHING: if (isset($_REQUEST[$name])) { $object = $_REQUEST[$name]; $yep = 1; # Anything allowed, caller BETTER check it. } break; case PAGEARG_ALPHALIST: if (isset($_REQUEST[$name])) { $object = $_REQUEST[$name]; if (!preg_match("/^[\\d\\w\\-\\ \\,]+\$/", $object)) { unset($object); } else { $object = preg_split("/[\\,\\;]+\\s*/", $_REQUEST[$name]); } } break; case PAGEARG_STRING: default: if (isset($_REQUEST[$name])) { $object = $_REQUEST[$name]; $yep = 1; # Pages never get arguments with special chars. Check. if (preg_match("/[\\'\"]/", $object)) { $object = htmlspecialchars($object); PAGEARGERROR("Invalid characters in '{$name}': {$object}"); } } break; case PAGEARG_PASSWORD: default: if (isset($_REQUEST[$name])) { $object = $_REQUEST[$name]; $yep = 1; # Only printable chars. if (!preg_match("/^[ -~]+\$/", $object)) { PAGEARGERROR("Invalid characters in '{$name}'"); } } break; case PAGEARG_LOGFILE: if (isset($_REQUEST[URL_LOGFILE])) { $logid = $_REQUEST[URL_LOGFILE]; $yep = 1; if (ValidateArgument(PAGEARG_LOGFILE, $logid)) { $object = Logfile::Lookup($logid); } } break; } if (isset($object)) { $result[$name] = $object; $GLOBALS[$name] = $object; } elseif ($yep) { # # Value supplied but could not be mapped to object. # Lets make that clear in the error message. # USERERROR("Could not map page arguments to '{$name}'", 1); } elseif ($required) { PAGEARGERROR("Must provide '{$name}' page argument"); } else { unset($GLOBALS[$name]); } } return $result; }
function TemplateLookupByName($template, $name) { $metadata_name = addslashes($name); $template_guid = $template->guid(); $template_vers = $template->vers(); $query_result = DBQueryFatal("select i.guid,i.vers " . " from experiment_template_metadata as m " . "left join experiment_template_metadata_items as i on " . " i.guid=m.metadata_guid and i.vers=m.metadata_vers " . "where m.parent_guid='{$template_guid}' and " . " m.parent_vers='{$template_vers}' and " . " i.name='{$metadata_name}'"); if (!mysql_num_rows($query_result)) { return null; } $row = mysql_fetch_array($query_result); $metadata_guid = $row['guid']; $metadata_vers = $row['vers']; $foo = new TemplateMetadata($metadata_guid, $metadata_vers); if (!$foo->IsValid()) { return null; } $foo->template = $template; return $foo; }