Permalink
Browse files

[feature/request-class] Adding a request class based on ascraeus-expe…

…riment.

The well known request_var function is now a wrapper that calls a method
on a phpbb_request object. The class provides additional functionality.
It can replace all super globals with special objects that throw errors
when being accessed. They still allow isset operations to keep backward
compatibility with isset($_POST['var']) checks. The phpbb_request class
implements the phpbb_request_interface which is available for easy mocking
of input in tests.

PHPBB3-9716
  • Loading branch information...
1 parent cdadda3 commit d7e52ee0f8fb876161ac9705f4347d6431657358 @naderman committed Mar 6, 2010
@@ -19,121 +19,53 @@
// Common global functions
/**
-* set_var
+* Wrapper function of phpbb_request::variable which exists for backwards compatability.
+* See {@link phpbb_request_interface::variable phpbb_request_interface::variable} for
+* documentation of this function's use.
*
-* Set variable, used by {@link request_var the request_var function}
+* @param mixed $var_name The form variable's name from which data shall be retrieved.
+* If the value is an array this may be an array of indizes which will give
+* direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
+* then specifying array("var", 1) as the name will return "a".
+* If you pass an instance of {@link phpbb_request_interface phpbb_request_interface}
+* as this parameter it will overwrite the current request class instance. If you do
+* not do so, it will create its own instance (but leave superglobals enabled).
+* @param mixed $default A default value that is returned if the variable was not set.
+* This function will always return a value of the same type as the default.
+* @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters
+* Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
+* @param bool $cookie This param is mapped to phpbb_request_interface::COOKIE as the last param for
+* phpbb_request_interface::variable for backwards compatability reasons.
*
-* @access private
-*/
-function set_var(&$result, $var, $type, $multibyte = false)
-{
- settype($var, $type);
- $result = $var;
-
- if ($type == 'string')
- {
- $result = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result), ENT_COMPAT, 'UTF-8'));
-
- if (!empty($result))
- {
- // Make sure multibyte characters are wellformed
- if ($multibyte)
- {
- if (!preg_match('/^./u', $result))
- {
- $result = '';
- }
- }
- else
- {
- // no multibyte, allow only ASCII (0-127)
- $result = preg_replace('/[\x80-\xFF]/', '?', $result);
- }
- }
-
- $result = (STRIP) ? stripslashes($result) : $result;
- }
-}
-
-/**
-* request_var
-*
-* Used to get passed variable
+* @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
+* the same as that of $default. If the variable is not set $default is returned.
*/
function request_var($var_name, $default, $multibyte = false, $cookie = false)
{
- if (!$cookie && isset($_COOKIE[$var_name]))
- {
- if (!isset($_GET[$var_name]) && !isset($_POST[$var_name]))
- {
- return (is_array($default)) ? array() : $default;
- }
- $_REQUEST[$var_name] = isset($_POST[$var_name]) ? $_POST[$var_name] : $_GET[$var_name];
- }
-
- $super_global = ($cookie) ? '_COOKIE' : '_REQUEST';
- if (!isset($GLOBALS[$super_global][$var_name]) || is_array($GLOBALS[$super_global][$var_name]) != is_array($default))
- {
- return (is_array($default)) ? array() : $default;
- }
+ // This is all just an ugly hack to add "Dependency Injection" to a function
+ // the only real code is the function call which maps this function to a method.
+ static $request = null;
- $var = $GLOBALS[$super_global][$var_name];
- if (!is_array($default))
- {
- $type = gettype($default);
- }
- else
+ if ($var_name instanceof phpbb_request_interface)
{
- list($key_type, $type) = each($default);
- $type = gettype($type);
- $key_type = gettype($key_type);
- if ($type == 'array')
- {
- reset($default);
- $default = current($default);
- list($sub_key_type, $sub_type) = each($default);
- $sub_type = gettype($sub_type);
- $sub_type = ($sub_type == 'array') ? 'NULL' : $sub_type;
- $sub_key_type = gettype($sub_key_type);
- }
+ $request = $var_name;
}
- if (is_array($var))
+ // no request class set, create a temporary one ourselves to keep backwards compatability
+ if ($request === null)
{
- $_var = $var;
- $var = array();
-
- foreach ($_var as $k => $v)
- {
- set_var($k, $k, $key_type);
- if ($type == 'array' && is_array($v))
- {
- foreach ($v as $_k => $_v)
- {
- if (is_array($_v))
- {
- $_v = null;
- }
- set_var($_k, $_k, $sub_key_type, $multibyte);
- set_var($var[$k][$_k], $_v, $sub_type, $multibyte);
- }
- }
- else
- {
- if ($type == 'array' || is_array($v))
- {
- $v = null;
- }
- set_var($var[$k], $v, $type, $multibyte);
- }
- }
+ $tmp_request = new phpbb_request();
+ // enable super globals, so the magically created request class does not
+ // make super globals inaccessible everywhere outside this function.
+ $tmp_request->enable_super_globals();
}
else
{
- set_var($var, $var, $type, $multibyte);
+ // otherwise use the static injected instance
+ $tmp_request = $request;
}
- return $var;
+ return $tmp_request->variable($var_name, $default, $multibyte, ($cookie) ? phpbb_request_interface::COOKIE : phpbb_request_interface::REQUEST);
}
/**
@@ -0,0 +1,121 @@
+<?php
+/**
+*
+* @package phpbb_request
+* @copyright (c) 2010 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+ exit;
+}
+
+/**
+* Replacement for a superglobal (like $_GET or $_POST) which calls
+* trigger_error on all operations but isset, overloads the [] operator with SPL.
+*
+* @package phpbb_request
+*/
+class phpbb_deactivated_super_global implements ArrayAccess, Countable, IteratorAggregate
+{
+ /**
+ * @var string Holds the name of the superglobal this is replacing.
+ */
+ private $name;
+
+ /**
+ * @var phpbb_request_interface::POST|GET|REQUEST|COOKIE Super global constant.
+ */
+ private $super_global;
+
+ /**
+ * @var phpbb_request_interface The request class instance holding the actual request data.
+ */
+ private $request;
+
+ /**
+ * Constructor generates an error message fitting the super global to be used within the other functions.
+ *
+ * @param phpbb_request_interface $request A request class instance holding the real super global data.
+ * @param string $name Name of the super global this is a replacement for - e.g. '_GET'.
+ * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global The variable's super global constant.
+ */
+ public function __construct(phpbb_request_interface $request, $name, $super_global)
+ {
+ $this->request = $request;
+ $this->name = $name;
+ $this->super_global = $super_global;
+ }
+
+ /**
+ * Calls trigger_error with the file and line number the super global was used in.
+ */
+ private function error()
+ {
+ $file = '';
+ $line = 0;
+
+ $message = 'Illegal use of $' . $this->name . '. You must use the request class or request_var() to access input data. Found in %s on line %d. This error message was generated';
+
+ $backtrace = debug_backtrace();
+ if (isset($backtrace[1]))
+ {
+ $file = $backtrace[1]['file'];
+ $line = $backtrace[1]['line'];
+ }
+ trigger_error(sprintf($message, $file, $line), E_USER_ERROR);
+ }
+
+ /**
+ * Redirects isset to the correct request class call.
+ *
+ * @param string $offset The key of the super global being accessed.
+ *
+ * @return bool Whether the key on the super global exists.
+ */
+ public function offsetExists($offset)
+ {
+ return $this->request->is_set($offset, $this->super_global);
+ }
+
+ /**#@+
+ * Part of the ArrayAccess implementation, will always result in a FATAL error.
+ */
+ public function offsetGet($offset)
+ {
+ $this->error();
+ }
+
+ public function offsetSet($offset, $value)
+ {
+ $this->error();
+ }
+
+ public function offsetUnset($offset)
+ {
+ $this->error();
+ }
+ /**#@-*/
+
+ /**
+ * Part of the Countable implementation, will always result in a FATAL error
+ */
+ public function count()
+ {
+ $this->error();
+ }
+
+ /**
+ * Part of the Traversable/IteratorAggregate implementation, will always result in a FATAL error
+ */
+ public function getIterator()
+ {
+ $this->error();
+ }
+}
+
Oops, something went wrong.

0 comments on commit d7e52ee

Please sign in to comment.