示例#1
0
 public static function Setup()
 {
     if (!self::$setup) {
         self::$setup = true;
         // Check if post_max_size was exceeded
         if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST' && empty($_POST) && $_SERVER['CONTENT_LENGTH'] > 0) {
             self::$post_max_size_exceeded = true;
         }
         if (get_magic_quotes_gpc() == 1) {
             $_GET = String::RemoveSlashes($_GET);
             $_POST = String::RemoveSlashes($_POST);
             $_COOKIE = String::RemoveSlashes($_COOKIE);
         }
         $_REQUEST = array_map(array('String', 'Trim'), array_merge($_GET, $_POST));
     }
 }
示例#2
0
 /**
  * Tests the post_max_size_exceeded() method
  * 
  * @dataProvider provider_post_max_size_exceeded
  *
  * @param   int      content_length 
  * @param   bool     expected 
  * @return  void
  */
 public function test_post_max_size_exceeded($content_length, $expected)
 {
     // Ensure the request method is set to POST
     Request::$initial->method(HTTP_Request::POST);
     // Set the content length
     $_SERVER['CONTENT_LENGTH'] = $content_length;
     // Test the post_max_size_exceeded() method
     $this->assertSame(Request::post_max_size_exceeded(), $expected);
 }
示例#3
0
 /**
  * Returns TRUE if the POST has a valid CSRF
  *
  * Usage:<br>
  * <code>
  * 	if ($this->valid_post('upload_photo')) { ... }
  * </code>
  *
  * @param   string|NULL  $submit Submit value [Optional]
  * @return  boolean  Return TRUE if it's valid $_POST
  *
  * @uses    Request::is_post
  * @uses    Request::post_max_size_exceeded
  * @uses    Request::get_post_max_size
  * @uses    Request::post
  * @uses    Message::error
  * @uses    CSRF::valid
  * @uses    Captcha::valid
  */
 public function valid_post($submit = NULL)
 {
     if (!$this->request->is_post()) {
         return FALSE;
     }
     if (Request::post_max_size_exceeded()) {
         $this->_errors = array('_action' => __('Max file size of :max Bytes exceeded!', array(':max' => Request::get_post_max_size())));
         return FALSE;
     }
     if (!is_null($submit)) {
         if (!isset($_POST[$submit])) {
             $this->_errors = array('_action' => __('This form has altered. Please try submitting it again.'));
             return FALSE;
         }
     }
     $_token = $this->request->post('_token');
     $_action = $this->request->post('_action');
     $has_csrf = !empty($_token) and !empty($_action);
     $valid_csrf = CSRF::valid($_token, $_action);
     if ($has_csrf and !$valid_csrf) {
         // CSRF was submitted but expired
         $this->_errors = array('_token' => __('This form has expired. Please try submitting it again.'));
         return FALSE;
     }
     if (isset($_POST['_captcha'])) {
         $captcha = $this->request->post('_captcha');
         if (empty($captcha)) {
             // CSRF was not entered
             $this->_errors = array('_captcha' => __('The security code can\'t be empty.'));
             return FALSE;
         } elseif (!Captcha::valid($captcha)) {
             $this->_errors = array('_captcha' => __('The security answer was wrong.'));
             return FALSE;
         }
     }
     return $has_csrf and $valid_csrf;
 }