| 1 | <?php |
| 2 | /* |
| 3 | +--------------------------------------------------------------------+ |
| 4 | | Copyright CiviCRM LLC. All rights reserved. | |
| 5 | | | |
| 6 | | This work is published under the GNU AGPLv3 license with some | |
| 7 | | permitted exceptions and without any warranty. For full license | |
| 8 | | and copyright information, see https://civicrm.org/licensing | |
| 9 | +--------------------------------------------------------------------+ |
| 10 | */ |
| 11 | |
| 12 | /** |
| 13 | * |
| 14 | * @package CRM |
| 15 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
| 16 | */ |
| 17 | |
| 18 | /** |
| 19 | * Class for managing a http request |
| 20 | */ |
| 21 | class CRM_Utils_Request { |
| 22 | |
| 23 | /** |
| 24 | * Get a unique ID for the request. |
| 25 | * |
| 26 | * This unique ID is assigned to mysql when the connection is opened and is |
| 27 | * available in PHP. |
| 28 | * |
| 29 | * The intent is that it is available for logging purposes and for triggers. |
| 30 | * |
| 31 | * The resulting string is 17 characters long. This consists of 13 characters of uniqid |
| 32 | * and 4 more random characters. |
| 33 | * |
| 34 | * Uniqid is unique to the microsecond - to make it more unique we add 4 more characters |
| 35 | * but stop short of the full 23 character string that a prefix would generate. |
| 36 | * |
| 37 | * It is intended that this string will be saved to log tables so striking a balance between |
| 38 | * uniqueness and length is important. Note that I did check & lining up with byte values |
| 39 | * (e.g 16 characters) does not confer any benefits. Using a CHAR field rather than VARCHAR |
| 40 | * may improve speed, if indexed. |
| 41 | * |
| 42 | * @return string |
| 43 | */ |
| 44 | public static function id() { |
| 45 | if (!isset(\Civi::$statics[__CLASS__]['id'])) { |
| 46 | \Civi::$statics[__CLASS__]['id'] = uniqid() . CRM_Utils_String::createRandom(CRM_Utils_String::ALPHANUMERIC, 4); |
| 47 | } |
| 48 | return \Civi::$statics[__CLASS__]['id']; |
| 49 | } |
| 50 | |
| 51 | /** |
| 52 | * Retrieve a value from the request (GET/POST/REQUEST) |
| 53 | * |
| 54 | * @param string $name |
| 55 | * Name of the variable to be retrieved. |
| 56 | * @param string $type |
| 57 | * Type of the variable (see CRM_Utils_Type for details). |
| 58 | * @param object $store |
| 59 | * Session scope where variable is stored. |
| 60 | * @param bool $abort |
| 61 | * TRUE, if the variable is required. |
| 62 | * @param mixed $default |
| 63 | * Default value of the variable if not present. |
| 64 | * @param string $method |
| 65 | * Where to look for the variable - 'GET', 'POST' or 'REQUEST'. |
| 66 | * @param bool $isThrowException |
| 67 | * Should a an exception be thrown rather than a fatal. |
| 68 | * |
| 69 | * @return mixed |
| 70 | * The value of the variable |
| 71 | * |
| 72 | * @throws \CRM_Core_Exception |
| 73 | */ |
| 74 | public static function retrieve($name, $type, &$store = NULL, $abort = FALSE, $default = NULL, $method = 'REQUEST', $isThrowException = TRUE) { |
| 75 | |
| 76 | $value = NULL; |
| 77 | switch ($method) { |
| 78 | case 'GET': |
| 79 | $value = self::getValue($name, $_GET); |
| 80 | break; |
| 81 | |
| 82 | case 'POST': |
| 83 | $value = self::getValue($name, $_POST); |
| 84 | break; |
| 85 | |
| 86 | default: |
| 87 | $value = self::getValue($name, $_REQUEST); |
| 88 | break; |
| 89 | } |
| 90 | |
| 91 | if (isset($value)) { |
| 92 | $value = CRM_Utils_Type::validate($value, $type, $abort, $name); |
| 93 | } |
| 94 | |
| 95 | if (!isset($value) && $store) { |
| 96 | $value = $store->get($name); |
| 97 | } |
| 98 | |
| 99 | if (!isset($value) && $abort) { |
| 100 | if ($isThrowException) { |
| 101 | throw new CRM_Core_Exception(ts("Could not find valid value for %1", [1 => $name])); |
| 102 | } |
| 103 | CRM_Core_Error::fatal(ts("Could not find valid value for %1", [1 => $name])); |
| 104 | } |
| 105 | |
| 106 | if (!isset($value) && $default) { |
| 107 | $value = $default; |
| 108 | } |
| 109 | |
| 110 | // minor hack for action |
| 111 | if ($name == 'action') { |
| 112 | if (!is_numeric($value) && is_string($value)) { |
| 113 | $value = CRM_Core_Action::resolve($value); |
| 114 | } |
| 115 | } |
| 116 | |
| 117 | if (isset($value) && $store) { |
| 118 | $store->set($name, $value); |
| 119 | } |
| 120 | |
| 121 | return $value; |
| 122 | } |
| 123 | |
| 124 | /** |
| 125 | * @param string $name |
| 126 | * Name of the variable to be retrieved. |
| 127 | * |
| 128 | * @param array $method - '$_GET', '$_POST' or '$_REQUEST'. |
| 129 | * |
| 130 | * @return mixed |
| 131 | * The value of the variable |
| 132 | */ |
| 133 | protected static function getValue($name, $method) { |
| 134 | if (isset($method[$name])) { |
| 135 | return $method[$name]; |
| 136 | } |
| 137 | // CRM-18384 - decode incorrect keys generated when & is present in url |
| 138 | foreach ($method as $key => $value) { |
| 139 | if (strpos($key, 'amp;') !== FALSE) { |
| 140 | $method[str_replace('amp;', '', $key)] = $method[$key]; |
| 141 | if (isset($method[$name])) { |
| 142 | return $method[$name]; |
| 143 | } |
| 144 | else { |
| 145 | continue; |
| 146 | } |
| 147 | } |
| 148 | } |
| 149 | return NULL; |
| 150 | } |
| 151 | |
| 152 | /** |
| 153 | * @deprecated |
| 154 | * |
| 155 | * We should use a function that checks url values. |
| 156 | * |
| 157 | * This is a replacement for $_REQUEST which includes $_GET/$_POST |
| 158 | * but excludes $_COOKIE / $_ENV / $_SERVER. |
| 159 | * |
| 160 | * @return array |
| 161 | */ |
| 162 | public static function exportValues() { |
| 163 | // For more discussion of default $_REQUEST handling, see: |
| 164 | // http://www.php.net/manual/en/reserved.variables.request.php |
| 165 | // http://www.php.net/manual/en/ini.core.php#ini.request-order |
| 166 | // http://www.php.net/manual/en/ini.core.php#ini.variables-order |
| 167 | |
| 168 | $result = []; |
| 169 | if ($_GET) { |
| 170 | $result = array_merge($result, $_GET); |
| 171 | } |
| 172 | if ($_POST) { |
| 173 | $result = array_merge($result, $_POST); |
| 174 | } |
| 175 | return $result; |
| 176 | } |
| 177 | |
| 178 | /** |
| 179 | * Retrieve a variable from the http request. |
| 180 | * |
| 181 | * @param string $name |
| 182 | * Name of the variable to be retrieved. |
| 183 | * @param string $type |
| 184 | * Type of the variable (see CRM_Utils_Type for details). |
| 185 | * Most common options are: |
| 186 | * - 'Integer' |
| 187 | * - 'Positive' |
| 188 | * - 'CommaSeparatedIntegers' |
| 189 | * - 'Boolean' |
| 190 | * - 'String' |
| 191 | * |
| 192 | * @param mixed $defaultValue |
| 193 | * Default value of the variable if not present. |
| 194 | * @param bool $isRequired |
| 195 | * Is the variable required for this function to proceed without an exception. |
| 196 | * @param string $method |
| 197 | * Where to look for the value - GET|POST|REQUEST |
| 198 | * |
| 199 | * @return mixed |
| 200 | * @throws \CRM_Core_Exception |
| 201 | */ |
| 202 | public static function retrieveValue($name, $type, $defaultValue = NULL, $isRequired = FALSE, $method = 'REQUEST') { |
| 203 | $null = NULL; |
| 204 | return CRM_Utils_Request::retrieve((string) $name, (string) $type, $null, (bool) $isRequired, $defaultValue, $method, TRUE); |
| 205 | } |
| 206 | |
| 207 | /** |
| 208 | * Retrieve the component from the action attribute of a form. |
| 209 | * |
| 210 | * Contribution Page forms and Event Management forms detect the value of a |
| 211 | * component (and therefore the desired tab key) by reaching into the "action" |
| 212 | * attribute of a form and reading the final item of the path. In WordPress, |
| 213 | * however, the URL may be urlencoded, and so the URL may need to be decoded |
| 214 | * before parsing it. |
| 215 | * |
| 216 | * @see https://lab.civicrm.org/dev/wordpress/issues/12#note_10699 |
| 217 | * |
| 218 | * @param array $attributes |
| 219 | * The form attributes array. |
| 220 | * |
| 221 | * @return string |
| 222 | * The desired value. |
| 223 | */ |
| 224 | public static function retrieveComponent($attributes) { |
| 225 | $url = $attributes['action'] ?? NULL; |
| 226 | // Whilst the following is a fallible universal test for urlencoded URLs, |
| 227 | // thankfully the "action" URL has a limited and predictable form and |
| 228 | // therefore this comparison is sufficient for our purposes. |
| 229 | if (rawurlencode(rawurldecode($url)) !== $url) { |
| 230 | $value = strtolower(basename(rawurldecode($url))); |
| 231 | } |
| 232 | else { |
| 233 | $value = strtolower(basename($url)); |
| 234 | } |
| 235 | return $value; |
| 236 | } |
| 237 | |
| 238 | } |