/** * Get the value of the specified POST key, if it is found, or the default otherwise. * * @param ID_TEXT The name of the parameter to get * @param ?mixed The default value to give the parameter if the parameter value is not defined (NULL: allow missing parameter) (false: give error on missing parameter) * @param boolean Whether we are cleaning for HTML rather than Comcode/plain-text * @param boolean Whether to convert WYSIWYG contents to Comcode automatically * @return ?string The parameter value (NULL: missing) */ function post_param($name, $default = false, $html = false, $conv_from_wysiwyg = true) { $ret = __param($_POST, $name, $default, false, true); if ($ret === NULL) { return NULL; } if (trim($ret) == '' && $default !== '' && array_key_exists('require__' . $name, $_POST) && $_POST['require__' . $name] != '0') { require_code('failure'); improperly_filled_in_post($name); } if ($ret != '' && addon_installed('wordfilter')) { if ($name != 'password') { require_code('word_filter'); if ($ret !== $default) { $ret = check_word_filter($ret, $name); } } } if ($ret !== NULL) { $ret = unixify_line_format($ret, NULL, $html); } if (isset($_POST[$name . '__is_wysiwyg']) && $_POST[$name . '__is_wysiwyg'] == '1' && $conv_from_wysiwyg) { if (trim($ret) == '') { $ret = ''; } else { require_code('comcode_from_html'); $ret = trim(semihtml_to_comcode($ret)); } } else { if (substr($ret, 0, 10) == '[semihtml]' && substr(trim($ret), -11) == '[/semihtml]') { $_ret = trim($ret); $_ret = substr($_ret, 10, strlen($_ret) - 11 - 10); if (strpos($_ret, '[semihtml') === false) { require_code('comcode_from_html'); $ret = trim(semihtml_to_comcode($_ret)); } } } require_code('input_filter'); if ($GLOBALS['BOOTSTRAPPING'] == 0 && $GLOBALS['MICRO_AJAX_BOOTUP'] == 0) { check_posted_field($name, $ret); } if ($ret === $default) { return $ret; } if (strpos($ret, ':') !== false && function_exists('ocp_url_decode_post_process')) { $ret = ocp_url_decode_post_process($ret); } check_input_field_string($name, $ret, true); return $ret; }
/** * Complain about a field being missing. * * @param string The name of the parameter * @param ?boolean Whether the parameter is a POST parameter (NULL: undetermined) * @param array The array we're extracting parameters from */ function improperly_filled_in($name, $posted, $array) { require_code('tempcode'); $GLOBALS['HTTP_STATUS_CODE'] = '400'; if (!headers_sent()) { if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) { header('HTTP/1.0 400 Bad Request'); } } if ($posted !== false) { improperly_filled_in_post($name); } if ($name == 'login_username') { warn_exit(do_lang_tempcode('NO_PARAMETER_SENT_SPECIAL', escape_html($name))); } if (!isset($array[$name]) && ($name == 'id' || $name == 'type') && !headers_sent()) { $GLOBALS['HTTP_STATUS_CODE'] = '404'; if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) { header('HTTP/1.0 404 Not Found'); } // Direct ascending for short URLs - not possible, so should give 404's to avoid indexing } warn_exit(do_lang_tempcode('NO_PARAMETER_SENT', escape_html($name))); }