function uri_port($http_host) { if (str_contains(':', $http_host)) { list(, $port) = explode(':', $http_host, 2); if (!preg_match('/^[0-9]+$/', $port)) { die(trigger_error("Invalid or malicious port detected in HTTP_HOST: " . str_sanitize($http_host), E_USER_ERROR)); } } else { $port = ''; } return $port; }
function server_var($key, $sanitize = true) { $val = NULL; if (isset($_SERVER[$key])) { $val = $_SERVER[$key]; } elseif (isset($_ENV[$key])) { $val = $_ENV[$key]; } elseif ($env_val = getenv($key)) { $val = $env_val; } if (is_null($val)) { return $val; } return $sanitize ? str_sanitize($val) : $val; }
function request_path_($path) { return str_sanitize(rawurldecode('/' . ltrim($path, '/'))); }
function _default_request_path($get) { $path = isset($get[PATH_IN_QUERY_HACK]) ? $get[PATH_IN_QUERY_HACK] : '/'; return str_sanitize($path); //TODO: if $_GET is sanitized we cud remove this! }