Permalink
Browse files

BackwardsCompatibilityBreak - fRequest::get() now strips out low byte…

…s characters if no `$cast_to`, or if a `string` or `array` `$cast_to` is specified. Using the new `binary` `$cast_to` will leave all bytes intact.

Completed ticket #486 - added the `binary` type to fRequest::get().

Completed ticket #533 - fRequest::get() will cast all strings of digits in the range of PHP integer type to such an integer when the `integer` or `int` `$cast_to` is specified. If the integer is beyond the range, a string of the digits will be returned. fRequest::get() can be forced to always return a true integer by passing `integer!`.
  • Loading branch information...
wbond committed Dec 1, 2010
1 parent 9144106 commit a388312c61d3e2dd23ccf55441505c1d42219b14
Showing with 31 additions and 9 deletions.
  1. +4 −2 classes/fActiveRecord.php
  2. +27 −7 classes/fRequest.php
@@ -15,7 +15,8 @@
* @package Flourish
* @link http://flourishlib.com/fActiveRecord
*
* @version 1.0.0b73
* @version 1.0.0b74
* @changes 1.0.0b74 Updated ::populate() to use the `binary` type for fRequest::get() [wb, 2010-11-30]
* @changes 1.0.0b73 Backwards Compatibility Break - changed column set methods to treat strings of all whitespace the same as empty string and convert them to `NULL` [wb, 2010-11-29]
* @changes 1.0.0b72 Added the new `comment` element to the reflection signature for `inspect` methods [wb, 2010-11-28]
* @changes 1.0.0b71 Updated class to use fORM::getRelatedClass() [wb, 2010-11-24]
@@ -2024,7 +2025,8 @@ public function populate()
foreach ($column_info as $column => $info) {
if (fRequest::check($column)) {
$method = 'set' . fGrammar::camelize($column, TRUE);
$this->$method(fRequest::get($column));
$cast_to = ($info['type'] == 'blob') ? 'binary' : NULL;
$this->$method(fRequest::get($column, $cast_to));
}
}
@@ -16,7 +16,8 @@
* @package Flourish
* @link http://flourishlib.com/fRequest
*
* @version 1.0.0b15
* @version 1.0.0b16
* @changes 1.0.0b16 Backwards Compatiblity Break - changed ::get() to remove binary characters when casting to a `string`, changed `int` and `integer` to cast to a real integer when possible, added new types of `binary` and `integer!` [wb, 2010-11-30]
* @changes 1.0.0b15 Added documentation about `[sub-key]` syntax, added `[sub-key]` support to ::check() [wb, 2010-09-12]
* @changes 1.0.0b14 Rewrote ::set() to not require recursion for array syntax [wb, 2010-09-12]
* @changes 1.0.0b13 Fixed ::set() to work with `PUT` requests [wb, 2010-06-30]
@@ -244,7 +245,8 @@ static public function generateCSRFToken($url=NULL)
* become `NULL`.
*
* Valid `$cast_to` types include:
* - `'string'`,
* - `'string'`
* - `'binary'`
* - `'int'`
* - `'integer'`
* - `'bool'`
@@ -258,8 +260,21 @@ static public function generateCSRFToken($url=NULL)
* whenever the `$key` was not specified in the request, or if the value
* was a blank string.
*
* All text values are interpreted as UTF-8 string and appropriately
* cleaned.
* All `string`, `array` or unspecified `$cast_to` will result in the value(s)
* being interpreted as UTF-8 string and appropriately cleaned of invalid
* byte sequences. Also, all low-byte, non-printable characters will be
* stripped from the value. This includes all bytes less than the value of
* 32 (Space) other than Tab (`\t`), Newline (`\n`) and Cariage Return
* (`\r`).
*
* To preserve low-byte, non-printable characters, or get the raw value
* without cleaning invalid UTF-8 byte sequences, plase use the value of
* `binary` for the `$cast_to` parameter.
*
* Any integers that are beyond the range of 32bit storage will be returned
* as a string. The returned value can be forced to always be a real
* integer, which may cause truncation of the value, by passing `integer!`
* as the `$cast_to`.
*
* @param string $key The key to get the value of - array elements can be accessed via `[sub-key]` syntax
* @param string $cast_to Cast the value to this data type - see method description for details
@@ -354,15 +369,20 @@ static public function get($key, $cast_to=NULL, $default_value=NULL)
}
} elseif (($cast_to == 'int' || $cast_to == 'integer') && preg_match('#^-?\d+$#D', $value)) {
// If the cast is an integer and the value is digits, don't cast to prevent
// truncation due to 32 bit integer limits
// Only explicitly cast integers than can be represented by a real
// PHP integer to prevent truncation due to 32 bit integer limits
if (strval(intval($value)) == $value) {
$value = (int) $value;
}
} elseif ($cast_to) {
} elseif ($cast_to != 'binary' && $cast_to !== NULL) {
$cast_to = str_replace('integer!', 'integer', $cast_to);
settype($value, $cast_to);
}
// Clean values coming in to ensure we don't have invalid UTF-8
if (($cast_to === NULL || $cast_to == 'string' || $cast_to == 'array') && $value !== NULL) {
$value = preg_replace('#[\x00-\x08\x0B\x0C\x0E-\x1F]#', '', $value);
$value = fUTF8::clean($value);
}

0 comments on commit a388312

Please sign in to comment.