/** * Return a variable value of a given name and check it for a given dataType * * @param string $varType : the variable type to get between var, request, session * @param string $name : the variable name to get * @param string $dataType : the type of value to check * @param mixed $varValue : the var value (optionnal to avoid global problems if vars are declared in previous PHP codes) * @return mixed : the variable value * @access public * @static */ static function getVarContent($varType, $name, $dataType, $varValue = '') { if (!$name || !$dataType) { return false; } switch ($varType) { case 'request': if ($dataType == 'string') { $dataType = 'safestring'; //Force safestring to avoid XSS } $varContent = isset($_REQUEST[$name]) ? $_REQUEST[$name] : null; break; case 'session': $varContent = isset($_SESSION[$name]) ? $_SESSION[$name] : null; break; case 'var': global ${$name}; $varContent = isset(${$name}) && ${$name} !== null ? ${$name} : $varValue; break; case 'constant': $varContent = defined($name) ? constant($name) : null; break; case 'server': $varContent = isset($_SERVER[$name]) ? $_SERVER[$name] : null; break; default: CMS_grandFather::raiseError('Unknown var type to get : ' . $varType); return false; break; } //pr('Vartype : '.$varType.' - Name : '.$name.' - Datatype : '.$dataType.' - Content : '.$varContent); switch ($dataType) { case 'int': return (int) $varContent; break; case 'date': case 'datetime': case 'localisedDate': if ($varContent) { global $cms_language; $date = new CMS_date(); $date->setDebug(false); $date->setFormat($cms_language->getDateFormat()); $date->setLocalizedDate($varContent); if ($date->hasError()) { return ''; } switch ($dataType) { case 'date': return $date->getDBValue(true); break; case 'datetime': return $date->getDBValue(false); break; case 'localisedDate': return $date->getLocalizedDate(); break; } } else { return ''; } break; case 'string': case 'unsafestring': return (string) $varContent; break; case 'safestring': //safestring return string without any XSS vector return SensitiveIO::sanitizeHTMLString((string) $varContent); break; case 'array': if (is_array($varContent)) { return $varContent; } else { return array(); //false } break; case 'bool': case 'boolean': if ($varContent === 'true') { return true; } elseif ($varContent === 'false') { return false; } else { return (bool) $varContent; } break; case 'email': if (sensitiveIO::IsValidEmail($varContent)) { return $varContent; } break; default: CMS_grandFather::raiseError('Unknown data type to get : ' . $dataType); return ''; break; } return ''; }