Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
<?php
/*+**********************************************************************************
* The contents of this file are subject to the vtiger CRM Public License Version 1.1
* ("License"); You may not use this file except in compliance with the License
* The Original Code is: vtiger CRM Open Source
* The Initial Developer of the Original Code is vtiger.
* Portions created by vtiger are Copyright (C) vtiger.
* All Rights Reserved.
************************************************************************************/
class Vtiger_Request {
// Datastore
private $valuemap;
private $rawvaluemap;
private $defaultmap = array();
/**
* Default constructor
*/
function __construct($values, $rawvalues = array(), $stripifgpc=true) {
$this->valuemap = $values;
$this->rawvaluemap = $rawvalues;
if ($stripifgpc && !empty($this->valuemap) && get_magic_quotes_gpc()) {
$this->valuemap = $this->stripslashes_recursive($this->valuemap);
$this->rawvaluemap = $this->stripslashes_recursive($this->rawvaluemap);
}
}
/**
* Strip the slashes recursively on the values.
*/
function stripslashes_recursive($value) {
$value = is_array($value) ? array_map(array($this, 'stripslashes_recursive'), $value) : stripslashes($value);
return $value;
}
/**
* Get key value (otherwise default value)
*/
function get($key, $defvalue = '') {
$value = $defvalue;
if(isset($this->valuemap[$key])) {
$value = $this->valuemap[$key];
}
if($value === '' && isset($this->defaultmap[$key])) {
$value = $this->defaultmap[$key];
}
$isJSON = false;
if (is_string($value)) {
// NOTE: Zend_Json or json_decode gets confused with big-integers (when passed as string)
// and convert them to ugly exponential format - to overcome this we are performin a pre-check
if (strpos($value, "[") === 0 || strpos($value, "{") === 0) {
$isJSON = true;
}
}
if($isJSON) {
$oldValue = Zend_Json::$useBuiltinEncoderDecoder;
Zend_Json::$useBuiltinEncoderDecoder = false;
$decodeValue = Zend_Json::decode($value);
if(isset($decodeValue)) {
$value = $decodeValue;
}
Zend_Json::$useBuiltinEncoderDecoder = $oldValue;
}
//Handled for null because vtlib_purify returns empty string
if(!empty($value)){
$value = vtlib_purify($value);
}
return $value;
}
/**
* Get value for key as boolean
*/
function getBoolean($key, $defvalue = '') {
return strcasecmp('true', $this->get($key, $defvalue).'') === 0;
}
/**
* Function to get the value if its safe to use for SQL Query (column).
* @param <String> $key
* @param <Boolean> $skipEmpty - Skip the check if string is empty
* @return Value for the given key
*/
public function getForSql($key, $skipEmtpy=true) {
return Vtiger_Util_Helper::validateStringForSql($this->get($key), $skipEmtpy);
}
/**
* Get data map
*/
function getAll() {
return $this->valuemap;
}
/**
* Check for existence of key
*/
function has($key) {
return isset($this->valuemap[$key]);
}
/**
* Is the value (linked to key) empty?
*/
function isEmpty($key) {
$value = $this->get($key);
return empty($value);
}
/**
* Get the raw value (if present) ignoring primary value.
*/
function getRaw($key, $defvalue = '') {
if (isset($this->rawvaluemap[$key])) {
return $this->rawvaluemap[$key];
}
return $this->get($key, $defvalue);
}
/**
* Set the value for key
*/
function set($key, $newvalue) {
$this->valuemap[$key]= $newvalue;
}
/**
* Set the value for key, both in the object as well as global $_REQUEST variable
*/
function setGlobal($key, $newvalue) {
$this->set($key, $newvalue);
// TODO - This needs to be cleaned up once core apis are made independent of REQUEST variable.
// This is added just for backward compatibility
$_REQUEST[$key] = $newvalue;
}
/**
* Set default value for key
*/
function setDefault($key, $defvalue) {
$this->defaultmap[$key] = $defvalue;
}
/**
* Shorthand function to get value for (key=_operation|operation)
*/
function getOperation() {
return $this->get('_operation', $this->get('operation'));
}
/**
* Shorthand function to get value for (key=_session)
*/
function getSession() {
return $this->get('_session', $this->get('session'));
}
/**
* Shorthand function to get value for (key=mode)
*/
function getMode() {
return $this->get('mode');
}
function getModule($raw=true) {
$moduleName = $this->get('module');
if(!$raw) {
$parentModule = $this->get('parent');
if(!empty($parentModule)) {
$moduleName = $parentModule.':'.$moduleName;
}
}
return $moduleName;
}
function isAjax() {
if(!empty($_SERVER['HTTP_X_PJAX']) && $_SERVER['HTTP_X_PJAX'] == true) {
return true;
} elseif(!empty($_SERVER['HTTP_X_REQUESTED_WITH'])) {
return true;
}
return false;
}
/**
* Validating incoming request.
*/
function validateReadAccess() {
$this->validateReferer();
// TODO validateIP restriction?
return true;
}
function validateWriteAccess($skipRequestTypeCheck = false) {
if(!$skipRequestTypeCheck) {
if ($_SERVER['REQUEST_METHOD'] != 'POST') throw new Exception('Invalid request');
}
$this->validateReadAccess();
$this->validateCSRF();
return true;
}
protected function validateReferer() {
$user= vglobal('current_user');
// Referer check if present - to over come
if (isset($_SERVER['HTTP_REFERER']) && $user) {//Check for user post authentication.
global $site_URL;
if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) && ($this->get('module') != 'Install')) {
throw new Exception('Illegal request');
}
}
return true;
}
protected function validateCSRF() {
if (!csrf_check(false)) {
throw new Exception('Unsupported request');
}
}
/**
* Get purified data map
*/
function getAllPurified() {
foreach ($this->valuemap as $key => $value) {
$sanitizedMap[$key] = $this->get($key);
}
return $sanitizedMap;
}
/**
* Function gives the return url for a request
* @return <String> - return url
*/
function getReturnURL() {
$data = $this->getAll();
$returnURL = array();
foreach($data as $key => $value) {
if(stripos($key, 'return') === 0 && !empty($value) && $value != '/') {
if($key == 'returnsearch_params' && $value == '""') continue;
$newKey = str_replace('return','',$key);
$returnURL[$newKey] = $value;
}
}
return http_build_query($returnURL);
}
/**
* Function sets the viewer with the return url parameters
* @param $viewer <Vtiger_Viewer> - template object
*/
function setViewerReturnValues($viewer) {
$viewer->assign('RETURN_MODULE', $this->get('returnmodule'));
$viewer->assign('RETURN_VIEW', $this->get('returnview'));
$viewer->assign('RETURN_PAGE', $this->get('returnpage'));
$viewer->assign('RETURN_VIEW_NAME', $this->get('returnviewname'));
$viewer->assign('RETURN_SEARCH_PARAMS', $this->get('returnsearch_params'));
$viewer->assign('RETURN_SEARCH_KEY', $this->get('returnsearch_key'));
$viewer->assign('RETURN_SEARCH_VALUE', $this->get('returnsearch_value'));
$viewer->assign('RETURN_SEARCH_OPERATOR', $this->get('returnoperator'));
$viewer->assign('RETURN_SORTBY', $this->get('returnsortorder'));
$viewer->assign('RETURN_ORDERBY', $this->get('returnorderby'));
$viewer->assign('RETURN_RECORD', $this->get('returnrecord'));
$viewer->assign('RETURN_RELATED_TAB', $this->get('returntab_label'));
$viewer->assign('RETURN_RELATED_MODULE', $this->get('returnrelatedModuleName'));
$viewer->assign('RETURN_MODE', $this->get('returnmode'));
$viewer->assign('RETURN_RELATION_ID', $this->get('returnrelationId'));
$viewer->assign('RETURN_PARENT_MODULE', $this->get('returnparent'));
}
}