[civicrm-core.git] / CRM / Utils / Request.php

<?php
/*
 +--------------------------------------------------------------------+
 | Copyright CiviCRM LLC. All rights reserved.                        |
 |                                                                    |
 | This work is published under the GNU AGPLv3 license with some      |
 | permitted exceptions and without any warranty. For full license    |
 | and copyright information, see https://civicrm.org/licensing       |
 +--------------------------------------------------------------------+
 */

/**
 *
 * @package CRM
 * @copyright CiviCRM LLC https://civicrm.org/licensing
 */

/**
 * Class for managing a http request
 */
class CRM_Utils_Request {

  /**
   * Get a unique ID for the request.
   *
   * This unique ID is assigned to mysql when the connection is opened and is
   * available in PHP.
   *
   * The intent is that it is available for logging purposes and for triggers.
   *
   * The resulting string is 17 characters long. This consists of 13 characters of uniqid
   * and 4 more random characters.
   *
   * Uniqid is unique to the microsecond - to make it more unique we add 4 more characters
   * but stop short of the full 23 character string that a prefix would generate.
   *
   * It is intended that this string will be saved to log tables so striking a balance between
   * uniqueness and length is important. Note that I did check & lining up with byte values
   * (e.g 16 characters) does not confer any benefits. Using a CHAR field rather than VARCHAR
   * may improve speed, if indexed.
   *
   * @return string
   */
  public static function id() {
    if (!isset(\Civi::$statics[__CLASS__]['id'])) {
      \Civi::$statics[__CLASS__]['id'] = uniqid() . CRM_Utils_String::createRandom(CRM_Utils_String::ALPHANUMERIC, 4);
    }
    return \Civi::$statics[__CLASS__]['id'];
  }

  /**
   * Retrieve a value from the request (GET/POST/REQUEST)
   *
   * @param string $name
   *   Name of the variable to be retrieved.
   * @param string $type
   *   Type of the variable (see CRM_Utils_Type for details).
   * @param object $store
   *   Session scope where variable is stored.
   * @param bool $abort
   *   TRUE, if the variable is required.
   * @param mixed $default
   *   Default value of the variable if not present.
   * @param string $method
   *   Where to look for the variable - 'GET', 'POST' or 'REQUEST'.
   * @param bool $isThrowException
   *   Should a an exception be thrown rather than a fatal.
   *
   * @return mixed
   *   The value of the variable
   *
   * @throws \CRM_Core_Exception
   */
  public static function retrieve($name, $type, &$store = NULL, $abort = FALSE, $default = NULL, $method = 'REQUEST', $isThrowException = TRUE) {

    $value = NULL;
    switch ($method) {
      case 'GET':
        $value = self::getValue($name, $_GET);
        break;

      case 'POST':
        $value = self::getValue($name, $_POST);
        break;

      default:
        $value = self::getValue($name, $_REQUEST);
        break;
    }

    if (isset($value) &&
      (CRM_Utils_Type::validate($value, $type, $abort, $name) === NULL)
    ) {
      $value = NULL;
    }

    if (!isset($value) && $store) {
      $value = $store->get($name);
    }

    if (!isset($value) && $abort) {
      if ($isThrowException) {
        throw new CRM_Core_Exception(ts("Could not find valid value for %1", [1 => $name]));
      }
      CRM_Core_Error::fatal(ts("Could not find valid value for %1", [1 => $name]));
    }

    if (!isset($value) && $default) {
      $value = $default;
    }

    // minor hack for action
    if ($name == 'action') {
      if (!is_numeric($value) && is_string($value)) {
        $value = CRM_Core_Action::resolve($value);
      }
    }

    if (isset($value) && $store) {
      $store->set($name, $value);
    }

    return $value;
  }

  /**
   * @param string $name
   *   Name of the variable to be retrieved.
   *
   * @param array $method - '$_GET', '$_POST' or '$_REQUEST'.
   *
   * @return mixed
   *   The value of the variable
   */
  protected static function getValue($name, $method) {
    if (isset($method[$name])) {
      return $method[$name];
    }
    // CRM-18384 - decode incorrect keys generated when &amp; is present in url
    foreach ($method as $key => $value) {
      if (strpos($key, 'amp;') !== FALSE) {
        $method[str_replace('amp;', '', $key)] = $method[$key];
        if (isset($method[$name])) {
          return $method[$name];
        }
        else {
          continue;
        }
      }
    }
    return NULL;
  }

  /**
   * @deprecated
   *
   * We should use a function that checks url values.
   *
   * This is a replacement for $_REQUEST which includes $_GET/$_POST
   * but excludes $_COOKIE / $_ENV / $_SERVER.
   *
   * @return array
   */
  public static function exportValues() {
    // For more discussion of default $_REQUEST handling, see:
    // http://www.php.net/manual/en/reserved.variables.request.php
    // http://www.php.net/manual/en/ini.core.php#ini.request-order
    // http://www.php.net/manual/en/ini.core.php#ini.variables-order

    $result = [];
    if ($_GET) {
      $result = array_merge($result, $_GET);
    }
    if ($_POST) {
      $result = array_merge($result, $_POST);
    }
    return $result;
  }

  /**
   * Retrieve a variable from the http request.
   *
   * @param string $name
   *   Name of the variable to be retrieved.
   * @param string $type
   *   Type of the variable (see CRM_Utils_Type for details).
   *   Most common options are:
   *   - 'Integer'
   *   - 'Positive'
   *   - 'CommaSeparatedIntegers'
   *   - 'Boolean'
   *   - 'String'
   *
   * @param mixed $defaultValue
   *   Default value of the variable if not present.
   * @param bool $isRequired
   *   Is the variable required for this function to proceed without an exception.
   * @param string $method
   *   Where to look for the value - GET|POST|REQUEST
   *
   * @return mixed
   * @throws \CRM_Core_Exception
   */
  public static function retrieveValue($name, $type, $defaultValue = NULL, $isRequired = FALSE, $method = 'REQUEST') {
    $null = NULL;
    return CRM_Utils_Request::retrieve((string) $name, (string) $type, $null, (bool) $isRequired, $defaultValue, $method, TRUE);
  }

  /**
   * Retrieve the component from the action attribute of a form.
   *
   * Contribution Page forms and Event Management forms detect the value of a
   * component (and therefore the desired tab key) by reaching into the "action"
   * attribute of a form and reading the final item of the path. In WordPress,
   * however, the URL may be urlencoded, and so the URL may need to be decoded
   * before parsing it.
   *
   * @see https://lab.civicrm.org/dev/wordpress/issues/12#note_10699
   *
   * @param array $attributes
   *   The form attributes array.
   *
   * @return string
   *   The desired value.
   */
  public static function retrieveComponent($attributes) {
    $url = CRM_Utils_Array::value('action', $attributes);
    // Whilst the following is a fallible universal test for urlencoded URLs,
    // thankfully the "action" URL has a limited and predictable form and
    // therefore this comparison is sufficient for our purposes.
    if (rawurlencode(rawurldecode($url)) !== $url) {
      $value = strtolower(basename(rawurldecode($url)));
    }
    else {
      $value = strtolower(basename($url));
    }
    return $value;
  }

}
Commit	Line	Data
6a488035 TO	1	<?php
	2	/*
	3	+--------------------------------------------------------------------+
bc77d7c0	4	\| Copyright CiviCRM LLC. All rights reserved. \|
6a488035	5	\| \|
bc77d7c0 TO	6	\| This work is published under the GNU AGPLv3 license with some \|
	7	\| permitted exceptions and without any warranty. For full license \|
	8	\| and copyright information, see https://civicrm.org/licensing \|
6a488035	9	+--------------------------------------------------------------------+
d25dd0ee	10	*/
6a488035 TO	11
	12	/**
	13	*
	14	* @package CRM
ca5cec67	15	* @copyright CiviCRM LLC https://civicrm.org/licensing
6a488035 TO	16	*/
	17
	18	/**
50bfb460	19	* Class for managing a http request
6a488035 TO	20	*/
	21	class CRM_Utils_Request {
	22
40101d37	23	/**
	24	* Get a unique ID for the request.
	25	*
	26	* This unique ID is assigned to mysql when the connection is opened and is
	27	* available in PHP.
	28	*
	29	* The intent is that it is available for logging purposes and for triggers.
	30	*
	31	* The resulting string is 17 characters long. This consists of 13 characters of uniqid
	32	* and 4 more random characters.
	33	*
	34	* Uniqid is unique to the microsecond - to make it more unique we add 4 more characters
	35	* but stop short of the full 23 character string that a prefix would generate.
	36	*
	37	* It is intended that this string will be saved to log tables so striking a balance between
	38	* uniqueness and length is important. Note that I did check & lining up with byte values
	39	* (e.g 16 characters) does not confer any benefits. Using a CHAR field rather than VARCHAR
	40	* may improve speed, if indexed.
	41	*
	42	* @return string
	43	*/
	44	public static function id() {
	45	if (!isset(\Civi::$statics[__CLASS__]['id'])) {
	46	\Civi::$statics[__CLASS__]['id'] = uniqid() . CRM_Utils_String::createRandom(CRM_Utils_String::ALPHANUMERIC, 4);
	47	}
	48	return \Civi::$statics[__CLASS__]['id'];
	49	}
	50
6a488035 TO	51	/**
	52	* Retrieve a value from the request (GET/POST/REQUEST)
	53	*
a3379cc1 AH	54	* @param string $name
	55	* Name of the variable to be retrieved.
	56	* @param string $type
	57	* Type of the variable (see CRM_Utils_Type for details).
	58	* @param object $store
	59	* Session scope where variable is stored.
	60	* @param bool $abort
	61	* TRUE, if the variable is required.
	62	* @param mixed $default
	63	* Default value of the variable if not present.
	64	* @param string $method
	65	* Where to look for the variable - 'GET', 'POST' or 'REQUEST'.
5e4ccea5	66	* @param bool $isThrowException
5e4ccea5	67	* Should a an exception be thrown rather than a fatal.
6a488035	68	*
a3379cc1 AH	69	* @return mixed
a3379cc1 AH	70	* The value of the variable
5e4ccea5	71	*
5e4ccea5	72	* @throws \CRM_Core_Exception
6a488035	73	*/
309310bf	74	public static function retrieve($name, $type, &$store = NULL, $abort = FALSE, $default = NULL, $method = 'REQUEST', $isThrowException = TRUE) {
6a488035 TO	75
	76	$value = NULL;
	77	switch ($method) {
	78	case 'GET':
00479d26	79	$value = self::getValue($name, $_GET);
6a488035 TO	80	break;
	81
	82	case 'POST':
00479d26	83	$value = self::getValue($name, $_POST);
6a488035 TO	84	break;
	85
	86	default:
00479d26	87	$value = self::getValue($name, $_REQUEST);
6a488035 TO	88	break;
	89	}
	90
	91	if (isset($value) &&
	92	(CRM_Utils_Type::validate($value, $type, $abort, $name) === NULL)
	93	) {
	94	$value = NULL;
	95	}
	96
	97	if (!isset($value) && $store) {
	98	$value = $store->get($name);
	99	}
	100
	101	if (!isset($value) && $abort) {
5e4ccea5	102	if ($isThrowException) {
be2fb01f	103	throw new CRM_Core_Exception(ts("Could not find valid value for %1", [1 => $name]));
5e4ccea5	104	}
be2fb01f	105	CRM_Core_Error::fatal(ts("Could not find valid value for %1", [1 => $name]));
6a488035 TO	106	}
6a488035 TO	107
6ad0a621	108	if (!isset($value) && $default) {
6a488035 TO	109	$value = $default;
	110	}
	111
	112	// minor hack for action
25cdc89e MWMC	113	if ($name == 'action') {
	114	if (!is_numeric($value) && is_string($value)) {
	115	$value = CRM_Core_Action::resolve($value);
	116	}
6a488035 TO	117	}
	118
	119	if (isset($value) && $store) {
	120	$store->set($name, $value);
	121	}
	122
	123	return $value;
	124	}
ba56a28f	125
00479d26	126	/**
	127	* @param string $name
	128	* Name of the variable to be retrieved.
	129	*
	130	* @param array $method - '$_GET', '$_POST' or '$_REQUEST'.
	131	*
	132	* @return mixed
6714d8d2	133	* The value of the variable
00479d26	134	*/
5e4ccea5	135	protected static function getValue($name, $method) {
131cc2eb	136	if (isset($method[$name])) {
	137	return $method[$name];
	138	}
00479d26	139	// CRM-18384 - decode incorrect keys generated when & is present in url
00479d26	140	foreach ($method as $key => $value) {
131cc2eb	141	if (strpos($key, 'amp;') !== FALSE) {
00479d26	142	$method[str_replace('amp;', '', $key)] = $method[$key];
131cc2eb	143	if (isset($method[$name])) {
	144	return $method[$name];
	145	}
	146	else {
	147	continue;
	148	}
00479d26	149	}
00479d26	150	}
131cc2eb	151	return NULL;
00479d26	152	}
00479d26	153
ba56a28f	154	/**
5e4ccea5	155	* @deprecated
	156	*
	157	* We should use a function that checks url values.
	158	*
ba56a28f TO	159	* This is a replacement for $_REQUEST which includes $_GET/$_POST
	160	* but excludes $_COOKIE / $_ENV / $_SERVER.
	161	*
ba56a28f	162	* @return array
ba56a28f	163	*/
00be9182	164	public static function exportValues() {
ba56a28f TO	165	// For more discussion of default $_REQUEST handling, see:
	166	// http://www.php.net/manual/en/reserved.variables.request.php
	167	// http://www.php.net/manual/en/ini.core.php#ini.request-order
	168	// http://www.php.net/manual/en/ini.core.php#ini.variables-order
	169
be2fb01f	170	$result = [];
ba56a28f TO	171	if ($_GET) {
	172	$result = array_merge($result, $_GET);
	173	}
	174	if ($_POST) {
	175	$result = array_merge($result, $_POST);
	176	}
	177	return $result;
	178	}
96025800	179
5e4ccea5	180	/**
	181	* Retrieve a variable from the http request.
	182	*
	183	* @param string $name
	184	* Name of the variable to be retrieved.
	185	* @param string $type
	186	* Type of the variable (see CRM_Utils_Type for details).
	187	* Most common options are:
	188	* - 'Integer'
	189	* - 'Positive'
	190	* - 'CommaSeparatedIntegers'
	191	* - 'Boolean'
	192	* - 'String'
	193	*
	194	* @param mixed $defaultValue
	195	* Default value of the variable if not present.
	196	* @param bool $isRequired
	197	* Is the variable required for this function to proceed without an exception.
	198	* @param string $method
	199	* Where to look for the value - GET\|POST\|REQUEST
	200	*
	201	* @return mixed
54c32137	202	* @throws \CRM_Core_Exception
5e4ccea5	203	*/
	204	public static function retrieveValue($name, $type, $defaultValue = NULL, $isRequired = FALSE, $method = 'REQUEST') {
	205	$null = NULL;
	206	return CRM_Utils_Request::retrieve((string) $name, (string) $type, $null, (bool) $isRequired, $defaultValue, $method, TRUE);
	207	}
	208
b90552b7 CW	209	/**
	210	* Retrieve the component from the action attribute of a form.
	211	*
	212	* Contribution Page forms and Event Management forms detect the value of a
	213	* component (and therefore the desired tab key) by reaching into the "action"
	214	* attribute of a form and reading the final item of the path. In WordPress,
	215	* however, the URL may be urlencoded, and so the URL may need to be decoded
	216	* before parsing it.
	217	*
	218	* @see https://lab.civicrm.org/dev/wordpress/issues/12#note_10699
	219	*
	220	* @param array $attributes
	221	* The form attributes array.
	222	*
6714d8d2	223	* @return string
b90552b7 CW	224	* The desired value.
	225	*/
	226	public static function retrieveComponent($attributes) {
	227	$url = CRM_Utils_Array::value('action', $attributes);
	228	// Whilst the following is a fallible universal test for urlencoded URLs,
	229	// thankfully the "action" URL has a limited and predictable form and
	230	// therefore this comparison is sufficient for our purposes.
	231	if (rawurlencode(rawurldecode($url)) !== $url) {
	232	$value = strtolower(basename(rawurldecode($url)));
	233	}
	234	else {
	235	$value = strtolower(basename($url));
	236	}
	237	return $value;
	238	}
	239
6a488035	240	}