CRM/Utils/Request.php

   1 <?php
   2 /*
   3  +--------------------------------------------------------------------+
   4  | CiviCRM version 5                                                  |
   5  +--------------------------------------------------------------------+
   6  | Copyright CiviCRM LLC (c) 2004-2020                                |
   7  +--------------------------------------------------------------------+
   8  | This file is a part of CiviCRM.                                    |
   9  |                                                                    |
  10  | CiviCRM is free software; you can copy, modify, and distribute it  |
  11  | under the terms of the GNU Affero General Public License           |
  12  | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
  13  |                                                                    |
  14  | CiviCRM is distributed in the hope that it will be useful, but     |
  15  | WITHOUT ANY WARRANTY; without even the implied warranty of         |
  16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
  17  | See the GNU Affero General Public License for more details.        |
  18  |                                                                    |
  19  | You should have received a copy of the GNU Affero General Public   |
  20  | License and the CiviCRM Licensing Exception along                  |
  21  | with this program; if not, contact CiviCRM LLC                     |
  22  | at info[AT]civicrm[DOT]org. If you have questions about the        |
  23  | GNU Affero General Public License or the licensing of CiviCRM,     |
  24  | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
  25  +--------------------------------------------------------------------+
  26  */
  27
  28 /**
  29  *
  30  * @package CRM
  31  * @copyright CiviCRM LLC (c) 2004-2020
  32  */
  33
  34 /**
  35  * Class for managing a http request
  36  */
  37 class CRM_Utils_Request {
  38
  39   /**
  40    * Get a unique ID for the request.
  41    *
  42    * This unique ID is assigned to mysql when the connection is opened and is
  43    * available in PHP.
  44    *
  45    * The intent is that it is available for logging purposes and for triggers.
  46    *
  47    * The resulting string is 17 characters long. This consists of 13 characters of uniqid
  48    * and 4 more random characters.
  49    *
  50    * Uniqid is unique to the microsecond - to make it more unique we add 4 more characters
  51    * but stop short of the full 23 character string that a prefix would generate.
  52    *
  53    * It is intended that this string will be saved to log tables so striking a balance between
  54    * uniqueness and length is important. Note that I did check & lining up with byte values
  55    * (e.g 16 characters) does not confer any benefits. Using a CHAR field rather than VARCHAR
  56    * may improve speed, if indexed.
  57    *
  58    * @return string
  59    */
  60   public static function id() {
  61     if (!isset(\Civi::$statics[__CLASS__]['id'])) {
  62       \Civi::$statics[__CLASS__]['id'] = uniqid() . CRM_Utils_String::createRandom(CRM_Utils_String::ALPHANUMERIC, 4);
  63     }
  64     return \Civi::$statics[__CLASS__]['id'];
  65   }
  66
  67   /**
  68    * Retrieve a value from the request (GET/POST/REQUEST)
  69    *
  70    * @param string $name
  71    *   Name of the variable to be retrieved.
  72    * @param string $type
  73    *   Type of the variable (see CRM_Utils_Type for details).
  74    * @param object $store
  75    *   Session scope where variable is stored.
  76    * @param bool $abort
  77    *   TRUE, if the variable is required.
  78    * @param mixed $default
  79    *   Default value of the variable if not present.
  80    * @param string $method
  81    *   Where to look for the variable - 'GET', 'POST' or 'REQUEST'.
  82    * @param bool $isThrowException
  83    *   Should a an exception be thrown rather than a fatal.
  84    *
  85    * @return mixed
  86    *   The value of the variable
  87    *
  88    * @throws \CRM_Core_Exception
  89    */
  90   public static function retrieve($name, $type, &$store = NULL, $abort = FALSE, $default = NULL, $method = 'REQUEST', $isThrowException = FALSE) {
  91
  92     $value = NULL;
  93     switch ($method) {
  94       case 'GET':
  95         $value = self::getValue($name, $_GET);
  96         break;
  97
  98       case 'POST':
  99         $value = self::getValue($name, $_POST);
 100         break;
 101
 102       default:
 103         $value = self::getValue($name, $_REQUEST);
 104         break;
 105     }
 106
 107     if (isset($value) &&
 108       (CRM_Utils_Type::validate($value, $type, $abort, $name) === NULL)
 109     ) {
 110       $value = NULL;
 111     }
 112
 113     if (!isset($value) && $store) {
 114       $value = $store->get($name);
 115     }
 116
 117     if (!isset($value) && $abort) {
 118       if ($isThrowException) {
 119         throw new CRM_Core_Exception(ts("Could not find valid value for %1", [1 => $name]));
 120       }
 121       CRM_Core_Error::fatal(ts("Could not find valid value for %1", [1 => $name]));
 122     }
 123
 124     if (!isset($value) && $default) {
 125       $value = $default;
 126     }
 127
 128     // minor hack for action
 129     if ($name == 'action') {
 130       if (!is_numeric($value) && is_string($value)) {
 131         $value = CRM_Core_Action::resolve($value);
 132       }
 133     }
 134
 135     if (isset($value) && $store) {
 136       $store->set($name, $value);
 137     }
 138
 139     return $value;
 140   }
 141
 142   /**
 143    * @param string $name
 144    *   Name of the variable to be retrieved.
 145    *
 146    * @param array $method - '$_GET', '$_POST' or '$_REQUEST'.
 147    *
 148    * @return mixed
 149    *   The value of the variable
 150    */
 151   protected static function getValue($name, $method) {
 152     if (isset($method[$name])) {
 153       return $method[$name];
 154     }
 155     // CRM-18384 - decode incorrect keys generated when &amp; is present in url
 156     foreach ($method as $key => $value) {
 157       if (strpos($key, 'amp;') !== FALSE) {
 158         $method[str_replace('amp;', '', $key)] = $method[$key];
 159         if (isset($method[$name])) {
 160           return $method[$name];
 161         }
 162         else {
 163           continue;
 164         }
 165       }
 166     }
 167     return NULL;
 168   }
 169
 170   /**
 171    * @deprecated
 172    *
 173    * We should use a function that checks url values.
 174    *
 175    * This is a replacement for $_REQUEST which includes $_GET/$_POST
 176    * but excludes $_COOKIE / $_ENV / $_SERVER.
 177    *
 178    * @return array
 179    */
 180   public static function exportValues() {
 181     // For more discussion of default $_REQUEST handling, see:
 182     // http://www.php.net/manual/en/reserved.variables.request.php
 183     // http://www.php.net/manual/en/ini.core.php#ini.request-order
 184     // http://www.php.net/manual/en/ini.core.php#ini.variables-order
 185
 186     $result = [];
 187     if ($_GET) {
 188       $result = array_merge($result, $_GET);
 189     }
 190     if ($_POST) {
 191       $result = array_merge($result, $_POST);
 192     }
 193     return $result;
 194   }
 195
 196   /**
 197    * Retrieve a variable from the http request.
 198    *
 199    * @param string $name
 200    *   Name of the variable to be retrieved.
 201    * @param string $type
 202    *   Type of the variable (see CRM_Utils_Type for details).
 203    *   Most common options are:
 204    *   - 'Integer'
 205    *   - 'Positive'
 206    *   - 'CommaSeparatedIntegers'
 207    *   - 'Boolean'
 208    *   - 'String'
 209    *
 210    * @param mixed $defaultValue
 211    *   Default value of the variable if not present.
 212    * @param bool $isRequired
 213    *   Is the variable required for this function to proceed without an exception.
 214    * @param string $method
 215    *   Where to look for the value - GET|POST|REQUEST
 216    *
 217    * @return mixed
 218    * @throws \CRM_Core_Exception
 219    */
 220   public static function retrieveValue($name, $type, $defaultValue = NULL, $isRequired = FALSE, $method = 'REQUEST') {
 221     $null = NULL;
 222     return CRM_Utils_Request::retrieve((string) $name, (string) $type, $null, (bool) $isRequired, $defaultValue, $method, TRUE);
 223   }
 224
 225   /**
 226    * Retrieve the component from the action attribute of a form.
 227    *
 228    * Contribution Page forms and Event Management forms detect the value of a
 229    * component (and therefore the desired tab key) by reaching into the "action"
 230    * attribute of a form and reading the final item of the path. In WordPress,
 231    * however, the URL may be urlencoded, and so the URL may need to be decoded
 232    * before parsing it.
 233    *
 234    * @see https://lab.civicrm.org/dev/wordpress/issues/12#note_10699
 235    *
 236    * @param array $attributes
 237    *   The form attributes array.
 238    *
 239    * @return string
 240    *   The desired value.
 241    */
 242   public static function retrieveComponent($attributes) {
 243     $url = CRM_Utils_Array::value('action', $attributes);
 244     // Whilst the following is a fallible universal test for urlencoded URLs,
 245     // thankfully the "action" URL has a limited and predictable form and
 246     // therefore this comparison is sufficient for our purposes.
 247     if (rawurlencode(rawurldecode($url)) !== $url) {
 248       $value = strtolower(basename(rawurldecode($url)));
 249     }
 250     else {
 251       $value = strtolower(basename($url));
 252     }
 253     return $value;
 254   }
 255
 256 }