Source for file globals-defs.php

Documentation is available at globals-defs.php

  1. <?php
  2. /* ******************************************************************** */
  3. /* CATALYST PHP Source Code */
  4. /* -------------------------------------------------------------------- */
  5. /* This program is free software; you can redistribute it and/or modify */
  6. /* it under the terms of the GNU General Public License as published by */
  7. /* the Free Software Foundation; either version 2 of the License, or */
  8. /* (at your option) any later version. */
  9. /* */
  10. /* This program is distributed in the hope that it will be useful, */
  11. /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
  12. /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
  13. /* GNU General Public License for more details. */
  14. /* */
  15. /* You should have received a copy of the GNU General Public License */
  16. /* along with this program; if not, write to: */
  17. /* The Free Software Foundation, Inc., 59 Temple Place, Suite 330, */
  18. /* Boston, MA 02111-1307 USA */
  19. /* -------------------------------------------------------------------- */
  20. /* */
  21. /* Filename: globals-defs.php */
  22. /* Author: Paul Waite */
  23. /* Description: Definitions for a manager of global variables which */
  24. /* might be POSTed or incoming on URL's. This is used */
  25. /* when the PHP 'register_globals' flag is set FALSE, and */
  26. /* thereby preventing this happening automatically. */
  27. /* */
  28. /* This class checks the PHP configuration and acts in the */
  29. /* appropriate way: */
  30. /* */
  31. /* If register_globals is set to "On" */
  32. /* - this class does nothing */
  33. /* If register_globals set to "Off" */
  34. /* - the class globalises vars with names which have */
  35. /* been registered with it. */
  36. /* */
  37. /* NOTE: The php.ini flag 'track_vars' must be ON for this */
  38. /* to work. This is usually on by default. */
  39. /* */
  40. /* ******************************************************************** */
  41. /** @package core */* A class to handle globalisation of specific variables. This class
  42. * allows us to turn off the problematical Php 'register_variables'
  43. * option in php.ini which allows _anything_ to be accepted into the global
  44. * scope without a by-your-leave and is therefore a security risk. With
  45. * this scheme specifically named variables can be globalised and all
  46. * others will be ignored. If you think of a Php page/script as a function
  47. * and the globals as its parameters, you will see the light.
  48. *
  49. * Use it at the top of a page as follows. We are assuming that the page
  50. * needs to have vars '$mode', and '$auth_code' POSTed, and that it has a
  51. * COOKIE called 'mycookie', and also uses '$HTTP_HOST' from the
  52. * environment:
  53. *
  54. * $glob = new globals();
  55. * $glob->register("mode,auth_code", "post"); // Only from POSTs
  56. * $glob->register("mycookie", "cookie"); // Only from cookies
  57. * $glob->globalise();
  58. *
  59. * Or, if you prefer to do everything in one hit, this variation is
  60. * also fine, although less exacting with the sources:
  61. *
  62. * $glob = new globals("mode,auth_code,mycookie", "post,cookie");
  63. *
  64. * NB: You can call the globalise() method as many times as you
  65. * like. New vars will be added as you define them each time
  66. * you call the method, and any existing ones will simply be
  67. * re-globalised, with no harm done.
  68. *
  69. * NOTE: For those using the Phplib framework, all of the Web Server
  70. * variables like $HTTP_HOST, $PHP_SELF etc. are automatically
  71. * globalised for you, as are the website cookies. To add your
  72. * own GET/POST vars you should put something like this at the
  73. * top of each webpage, immediately AFTER you have included your
  74. * site-webpage.php or application.php:
  75. *
  76. * $RESPONSE->globalise("myvar1,myvar2", "get,post");
  77. *
  78. * This will make sure you have access to vars which have been
  79. * POSTed or GOT via a URL.
  80. *
  81. * NOTE: Variable naming can incorporate a Perl regular expression.
  82. * To use this feature, you must begin the variable name with
  83. * the character "^".
  84. *
  85. * Eg. if you have a set of vars named as 'myvarNN' where NN is
  86. * a numeric counter: $myvar1, $myvar2.. etc. then just call the
  87. * variable "^myvar[0-9]+" in the list. With regular expressions
  88. * that means "myvar" followed by one or more digits. To do the
  89. * same thing, but allowing _any_ chars to come after the stem,
  90. * call it "^myvar.*". NB: take note of the dot "." which means
  91. * 'any char'; the asterisk "*" means 'any number of', so the whole
  92. * thing means 'a var which begins with "myvar" followed by zero
  93. * or more other characters. If you have an array type variable
  94. * being posted to your page, called something like:
  95. * '^myvar[0-9]+[]', this is ok. The square brackets will be
  96. * escaped for you in the Perl pattern, so no worries.
  97. *
  98. * One last thing: when naming your variable as a Perl regular
  99. * expression don't end it with the dollar "$" end-of-line char
  100. * since this is added automatically.
  101. * @package core
  102. */
  103. class globals {
  104. // Public
  105. /** Whether the globals registration is active */
  106.  
  107. var $active;
  108. /** Array containing vars to globalise, and their sources */
  109.  
  110. var $varnames;
  111.  
  112. // Private
  113. /** @access private */
  114. var $vname_env;
  115. /** @access private */
  116. var $vname_get;
  117. /** @access private */
  118. var $vname_post;
  119. /** @access private */
  120. var $vname_cookie;
  121. /** @access private */
  122. var $vname_server;
  123. //.....................................................................
  124. /**
  125. * Creates the object which contains the vars to globalise and the
  126. * methods to globalise them. Takes optional parameters which are vars
  127. * to globalise.
  128. * @param string $varnames Comma-delimited list of vars to globalise
  129. * @param string $sources Comma-delimited list of sources for vars
  130. */
  131. function globals($varnames="", $sources="env,get,post,cookie,server") {
  132. // If this is defined, then globals are being
  133. // registered by Php, otherwise we do it..
  134. global $HTTP_HOST;
  135. if (isset($HTTP_HOST) && !empty($HTTP_HOST)) {
  136. $this->active = false;
  137. }
  138. else {
  139. $this->active = true;
  140. // Get names of globals we will use. These depend on the
  141. // version of Php, since we won't rely on the old ones
  142. // sticking around forever..
  143. if (version_compare(phpversion(), "4.1.0", "ge")) {
  144. $this->vname_env = "_ENV";
  145. $this->vname_get = "_GET";
  146. $this->vname_post = "_POST";
  147. $this->vname_cookie = "_COOKIE";
  148. $this->vname_server = "_SERVER";
  149. }
  150. else {
  151. $this->vname_env = "";
  152. $this->vname_get = "HTTP_GET_VARS";
  153. $this->vname_post = "HTTP_POST_VARS";
  154. $this->vname_cookie = "HTTP_COOKIE_VARS";
  155. $this->vname_server = "";
  156. }
  157. }
  158.  
  159. // Now, register given vars, and globalise if we
  160. // have any defined at this point..
  161. if ($varnames != "") {
  162. $this->globalise($varnames, $sources);
  163. }
  164. } // globals
  165.  
  166. //.....................................................................
  167. /**
  168. * Register the given comma-delimited list of varnames, These are the
  169. * names of global variables which can come from 'outside sources'.
  170. * Optionally specify the allowed sources for these, with the default
  171. * being all the usual ones: GET, POST, or COOKIEs.
  172. * NB: The ordering of these is important, and determines how vars
  173. * will be overwritten if defined from multiple sources.
  174. * @param string $varnames Comma-delimited list of vars to globalise
  175. * @param string $sources Comma-delimited list of sources for vars
  176. */
  177. function register($varnames, $sources="env,get,post,cookie,server") {
  178. if ($this->active) {
  179. $vars = explode(",", $varnames);
  180. foreach ($vars as $var) {
  181. $this->varnames[$var] = strtolower($sources);
  182. }
  183. }
  184. } // register
  185.  
  186. //.....................................................................
  187. /**
  188. * Globalises all variables from all possible sources. This
  189. * duplicates the effect of Php register_globals = On in the
  190. * Php configuration .ini file.
  191. * NB: This always operates in EGPCS order.
  192. */
  193. function globalise_all() {
  194. if ($this->active) {
  195. // Environment vars..
  196. $varnames = $this->array_varnames($this->vname_env);
  197. $this->register($varnames);
  198.  
  199. // GET vars
  200. $varnames = $this->array_varnames($this->vname_get);
  201. $this->register($varnames);
  202.  
  203. // POSTed vars..
  204. $varnames = $this->array_varnames($this->vname_post);
  205. $this->register($varnames);
  206.  
  207. // COOKIE vars..
  208. $varnames = $this->array_varnames($this->vname_cookie);
  209. $this->register($varnames);
  210.  
  211. // SERVER vars..
  212. $varnames = $this->array_varnames($this->vname_server);
  213. $this->register($varnames);
  214.  
  215. // Now globalise all of these..
  216. $this->globalise();
  217. }
  218. } // globalise_all
  219.  
  220. //.....................................................................
  221. /**
  222. * Globalise the variables which have already been registered. Also
  223. * accepts varnames and sources as parameters, and registers these if
  224. * they are given before globalising, thus saving you having to use
  225. * the register() method if you only have a simple set of vars with
  226. * one source.
  227. * @param string $varnames Comma-delimited list of vars to globalise
  228. * @param string $sources Comma-delimited list of sources for vars
  229. */
  230. function globalise($varnames="", $sources="env,get,post,cookie,server") {
  231. if ($this->active) {
  232. // Firstly, register any variables given..
  233. if ($varnames != "") {
  234. $this->register($varnames, $sources);
  235. }
  236. // Perform globalisation. Hopefully there won't be any protest
  237. // marches against this variety.
  238. if (isset($this->varnames) && count($this->varnames > 0)) {
  239. foreach($this->varnames as $var => $srclist) {
  240. $sources = explode(",", $srclist);
  241. foreach($sources as $source) {
  242. switch ($source) {
  243. case "env":
  244. $this->create_global($var, $this->vname_env);
  245. break;
  246. case "get":
  247. $this->create_global($var, $this->vname_get);
  248. break;
  249. case "post":
  250. $this->create_global($var, $this->vname_post);
  251. break;
  252. case "cookie":
  253. $this->create_global($var, $this->vname_cookie);
  254. break;
  255. case "server":
  256. $this->create_global($var, $this->vname_server);
  257. break;
  258. } // switch
  259. } // foreach
  260. } // while
  261. } // if got varnames
  262. } // if active
  263.  
  264. } // globalise
  265.  
  266. //.....................................................................
  267. /**
  268. * Gets all the varnames from the given array and returns them as
  269. * a comma delimited string.
  270. * This is an internal method.
  271. * @param string $globarrname Name of global array to use as source
  272. * @access private
  273. */
  274. function array_varnames($globarrname) {
  275. $s = "";
  276. global $$globarrname;
  277. $arr = $$globarrname;
  278. if (isset($arr) && is_array($arr) && count($arr) > 0) {
  279. while (list($varname, $val) = each($arr)) {
  280. if ($s != "") $s .= ",";
  281. $s .= "$varname";
  282. }
  283. }
  284. return $s;
  285. } // array_varnames
  286.  
  287. //.....................................................................
  288. /**
  289. * Find variables in the given source array with a pattern.
  290. * The pattern may just be a straightforward name, or a
  291. * regular expression (Perl syntax).
  292. * Returns a comma-delimited list of variable names which
  293. * match the pattern in the given array.
  294. * This is an internal method.
  295. * @param string $varname Var name, can be a Perl-compatible regex
  296. * @param string $srcname Name of source array holding variables
  297. * @access private
  298. */
  299. function find_varnames($varname, $srcname) {
  300. $names = array();
  301. if ($varname != "" && $srcname != "") {
  302. global $$srcname;
  303. $arr = $$srcname;
  304. if (is_array($arr) && count($arr) > 0) {
  305. if (substr($varname, 0, 1) == "^") {
  306. // Regular expression varname to match..
  307. $patt = "/" . $varname . "$/";
  308. str_replace("[]", "\[\]", $patt);
  309. foreach ($arr as $varname => $val) {
  310. if (preg_match($patt, $varname)) {
  311. $names[$varname] = $val;
  312. }
  313. }
  314. }
  315. else {
  316. // Just a bare varname..
  317. if (isset($arr[$varname])) {
  318. $names[$varname] = $arr[$varname];
  319. }
  320. }
  321. }
  322. }
  323. return $names;
  324. } // find_varnames
  325.  
  326. //.....................................................................
  327. /**
  328. * Create a global variable and assign it the given value.
  329. * If the variable already exists, then it is overwritten.
  330. * This is an internal method.
  331. * @param array $varname The var name or pattern matching many varnames
  332. * @param string $srcname The name of the source array to find vars in
  333. * @access private
  334. */
  335. function create_global($varname, $srcname) {
  336. if ($varname != "" && $srcname != "") {
  337. $names = $this->find_varnames($varname, $srcname);
  338. foreach ($names as $varname => $val) {
  339. global $$srcname;
  340. global $$varname;
  341. if (!isset($$varname)) {
  342. $srcarray = $$srcname;
  343. // Only assign it if it exists in the source array..
  344. if (isset($srcarray[$varname])) {
  345. $$varname = $val;
  346. debugbr("GLOBALISED: $varname = '" . $val . "'", DBG_DEBUG);
  347. }
  348. }
  349. else {
  350. debugbr("ALREADY GLOBAL: $varname", DBG_DEBUG);
  351. }
  352. } // foreach
  353. }
  354. } // create global
  355.  
  356.  
  357.  
  358. } // globals class
  359. // ----------------------------------------------------------------------
  360.  
  361. ?>

Documentation generated by phpDocumentor 1.3.0RC3