Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
| Total | |
100.00% |
1 / 1 |
|
100.00% |
10 / 10 |
CRAP | |
100.00% |
90 / 90 |
| Hm_Request | |
100.00% |
1 / 1 |
|
100.00% |
10 / 10 |
31 | |
100.00% |
89 / 89 |
| __construct($filters) | |
100.00% |
1 / 1 |
1 | |
100.00% |
9 / 9 |
|||
| filter_request_input($filters) | |
100.00% |
1 / 1 |
5 | |
100.00% |
13 / 13 |
|||
| get_other_request_details($filters) | |
100.00% |
1 / 1 |
3 | |
100.00% |
11 / 11 |
|||
| empty_super_globals() | |
100.00% |
1 / 1 |
1 | |
100.00% |
10 / 10 |
|||
| filter_input($type, $data, $filters) | |
100.00% |
1 / 1 |
6 | |
100.00% |
16 / 16 |
|||
| is_mobile() | |
100.00% |
1 / 1 |
3 | |
100.00% |
6 / 6 |
|||
| is_tls() | |
100.00% |
1 / 1 |
5 | |
100.00% |
7 / 7 |
|||
| get_request_type() | |
100.00% |
1 / 1 |
2 | |
100.00% |
7 / 7 |
|||
| is_ajax() | |
100.00% |
1 / 1 |
2 | |
100.00% |
1 / 1 |
|||
| get_clean_url_path($uri) | |
100.00% |
1 / 1 |
3 | |
100.00% |
9 / 9 |
|||
| <?php | |
| if (!defined('DEBUG_MODE')) { die(); } | |
| /** | |
| * Data request details | |
| * | |
| * This is an interface to HTTP request details. All request data | |
| * must be white-listed and sanitized by module set filters. | |
| */ | |
| class Hm_Request { | |
| /* sanitized $_POST variables */ | |
| public $post = array(); | |
| /* sanitized $_GET variables */ | |
| public $get = array(); | |
| /* sanitized $_COOKIE variables */ | |
| public $cookie = array(); | |
| /* sanitized $_SERVER variables */ | |
| public $server = array(); | |
| /* request type. either AJAX or HTTP */ | |
| public $type = false; | |
| /* PHP sapi method used for the request */ | |
| public $sapi = false; | |
| /* Output format, either Hm_Format_JSON or Hm_Format_HTML5 */ | |
| public $format = false; | |
| /* bool indicating if the request was over SSL/TLS */ | |
| public $tls = false; | |
| /* bool indicating if this looks like a mobile OS request */ | |
| public $mobile = false; | |
| /* URL path */ | |
| public $path = ''; | |
| /* allowed AJAX output field names defined by module sets */ | |
| public $allowed_output = array(); | |
| /* bool indicating unknown input data */ | |
| public $invalid_input_detected = false; | |
| /* invalid input fields */ | |
| public $invalid_input_fields = array(); | |
| /** | |
| * Process request details | |
| * | |
| * @param $filters array list of input filters from module sets | |
| * | |
| * @return void | |
| */ | |
| public function __construct($filters) { | |
| $this->filter_request_input($filters); | |
| $this->get_other_request_details($filters); | |
| $this->empty_super_globals(); | |
| Hm_Debug::add('Using sapi: '.$this->sapi); | |
| Hm_Debug::add('Request type: '.$this->type); | |
| Hm_Debug::add('Request path: '.$this->path); | |
| Hm_Debug::add('TLS request: '.intval($this->tls)); | |
| Hm_Debug::add('Mobile request: '.intval($this->mobile)); | |
| } | |
| /** | |
| * Sanitize and filter user and server input | |
| * | |
| * @param $filters array list of input filters from module sets | |
| * | |
| * @return void | |
| */ | |
| private function filter_request_input($filters) { | |
| if (array_key_exists('allowed_server', $filters)) { | |
| $this->server = $this->filter_input(INPUT_SERVER, $_SERVER, $filters['allowed_server']); | |
| } | |
| if (array_key_exists('allowed_post', $filters)) { | |
| $this->post = $this->filter_input(INPUT_POST, $_POST, $filters['allowed_post']); | |
| } | |
| if (array_key_exists('allowed_get', $filters)) { | |
| $this->get = $this->filter_input(INPUT_GET, $_GET, $filters['allowed_get']); | |
| } | |
| if (array_key_exists('allowed_cookie', $filters)) { | |
| $this->cookie = $this->filter_input(INPUT_COOKIE, $_COOKIE, $filters['allowed_cookie']); | |
| } | |
| } | |
| /** | |
| * Collect other useful details about a request | |
| * | |
| * @param $filters array list of input filters from module sets | |
| * | |
| * @return void | |
| */ | |
| private function get_other_request_details($filters) { | |
| $this->sapi = php_sapi_name(); | |
| if (array_key_exists('allowed_output', $filters)) { | |
| $this->allowed_output = $filters['allowed_output']; | |
| } | |
| if (array_key_exists('REQUEST_URI', $this->server)) { | |
| $this->path = $this->get_clean_url_path($this->server['REQUEST_URI']); | |
| } | |
| $this->get_request_type(); | |
| $this->is_tls(); | |
| $this->is_mobile(); | |
| } | |
| /** | |
| * Empty out super globals. | |
| * | |
| * @return void | |
| */ | |
| private function empty_super_globals() { | |
| $_POST = array(); | |
| $_SERVER = array(); | |
| $_GET = array(); | |
| $_COOKIE = array(); | |
| $_FILES = array(); | |
| $_REQUEST = array(); | |
| $_ENV = array(); | |
| $GLOBALS = array('_SERVER' => array(), '_POST' => array(), '_GET' => array(), '_COOKIE' => array(), | |
| '_FILES' => array(), '_REQUEST' => array(), '_ENV' => array()); | |
| } | |
| /** | |
| * Filter specified input against module defined filters | |
| * | |
| * @param type string the type of input (POST, GET, COOKIE, etc) | |
| * @param filters array list of input filters from module sets | |
| * | |
| * @return array filtered input data | |
| */ | |
| private function filter_input($type, $data, $filters) { | |
| $data = filter_var_array($data, $filters, false); | |
| if (!$data) { | |
| return array(); | |
| } | |
| if ($type == INPUT_GET) { | |
| $this->invalid_input_detected = count($_GET) > count($data); | |
| if ($this->invalid_input_detected) { | |
| $this->invalid_input_fields = array_keys(array_diff_assoc($_GET, $data)); | |
| } | |
| } | |
| if ($type == INPUT_POST) { | |
| $this->invalid_input_detected = count($_POST) > count($data); | |
| if ($this->invalid_input_detected) { | |
| $this->invalid_input_fields = array_keys(array_diff_assoc($_POST, $data)); | |
| } | |
| } | |
| return $data; | |
| } | |
| /** | |
| * Look at the HTTP_USER_AGENT value and set a mobile OS flag | |
| * | |
| * @return void | |
| */ | |
| private function is_mobile() { | |
| if (array_key_exists('HTTP_USER_AGENT', $this->server)) { | |
| if (preg_match("/(iphone|ipod|ipad|android|blackberry|webos)/i", $this->server['HTTP_USER_AGENT'])) { | |
| $this->mobile = true; | |
| } | |
| } | |
| } | |
| /** | |
| * Determine if a request was done over TLS | |
| * | |
| * @return void | |
| */ | |
| private function is_tls() { | |
| if (array_key_exists('HTTPS', $this->server) && strtolower($this->server['HTTPS']) == 'on') { | |
| $this->tls = true; | |
| } | |
| elseif (array_key_exists('REQUEST_SCHEME', $this->server) && strtolower($this->server['REQUEST_SCHEME']) == 'https') { | |
| $this->tls = true; | |
| } | |
| } | |
| /** | |
| * Determine the request type, either AJAX or HTTP | |
| * | |
| * @return void | |
| */ | |
| private function get_request_type() { | |
| if ($this->is_ajax()) { | |
| $this->type = 'AJAX'; | |
| $this->format = 'Hm_Format_JSON'; | |
| } | |
| else { | |
| $this->type = 'HTTP'; | |
| $this->format = 'Hm_Format_HTML5'; | |
| } | |
| } | |
| /** | |
| * Determine if a request is an AJAX call | |
| * | |
| * @return bool true if the request is from an AJAX call | |
| */ | |
| private function is_ajax() { | |
| return array_key_exists('HTTP_X_REQUESTED_WITH', $this->server) && strtolower($this->server['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest'; | |
| } | |
| /** | |
| * Make sure a url path is sane | |
| * | |
| * @param $uri string path to check | |
| * | |
| * @return string clean url path | |
| */ | |
| private function get_clean_url_path($uri) { | |
| if (strpos($uri, '?') !== false) { | |
| $parts = explode('?', $uri, 2); | |
| $path = $parts[0]; | |
| } | |
| else { | |
| $path = $uri; | |
| } | |
| if (substr($path, -1) != '/') { | |
| $path .= '/'; | |
| } | |
| return $path; | |
| } | |
| } | |
| ?> |