API
1 year ago
Access
1 year ago
Application
1 year ago
Archive
1 year ago
ArchiveProcessor
1 year ago
Archiver
2 years ago
AssetManager
1 year ago
Auth
1 year ago
Category
2 years ago
Changes
1 year ago
CliMulti
1 year ago
Columns
1 year ago
Concurrency
1 year ago
Config
1 year ago
Container
1 year ago
CronArchive
1 year ago
DataAccess
1 year ago
DataFiles
2 years ago
DataTable
1 year ago
Db
1 year ago
DeviceDetector
1 year ago
Email
2 years ago
Exception
1 year ago
Http
1 year ago
Intl
1 year ago
Log
2 years ago
Mail
1 year ago
Measurable
1 year ago
Menu
1 year ago
Metrics
1 year ago
Notification
1 year ago
Period
1 year ago
Plugin
1 year ago
ProfessionalServices
1 year ago
Report
1 year ago
ReportRenderer
1 year ago
Scheduler
1 year ago
Segment
1 year ago
Session
1 year ago
Settings
1 year ago
Tracker
1 year ago
Translation
1 year ago
Twig
1 year ago
UpdateCheck
1 year ago
Updater
1 year ago
Updates
1 year ago
Validators
1 year ago
View
1 year ago
ViewDataTable
1 year ago
Visualization
1 year ago
Widget
1 year ago
.htaccess
2 years ago
Access.php
1 year ago
Archive.php
1 year ago
ArchiveProcessor.php
1 year ago
AssetManager.php
1 year ago
Auth.php
2 years ago
AuthResult.php
2 years ago
BaseFactory.php
2 years ago
Cache.php
2 years ago
CacheId.php
1 year ago
CliMulti.php
1 year ago
Common.php
1 year ago
Config.php
1 year ago
Console.php
1 year ago
Context.php
2 years ago
Cookie.php
1 year ago
CronArchive.php
1 year ago
DI.php
1 year ago
DataArray.php
1 year ago
DataTable.php
1 year ago
Date.php
1 year ago
Db.php
1 year ago
DbHelper.php
1 year ago
Development.php
1 year ago
ErrorHandler.php
1 year ago
EventDispatcher.php
1 year ago
ExceptionHandler.php
1 year ago
FileIntegrity.php
1 year ago
Filechecks.php
1 year ago
Filesystem.php
1 year ago
FrontController.php
1 year ago
Http.php
1 year ago
IP.php
1 year ago
Log.php
2 years ago
LogDeleter.php
1 year ago
Mail.php
1 year ago
Metrics.php
1 year ago
NoAccessException.php
2 years ago
Nonce.php
1 year ago
Notification.php
1 year ago
NumberFormatter.php
1 year ago
Option.php
1 year ago
Period.php
1 year ago
Piwik.php
1 year ago
Plugin.php
1 year ago
Process.php
1 year ago
Profiler.php
1 year ago
ProxyHeaders.php
2 years ago
ProxyHttp.php
1 year ago
QuickForm2.php
1 year ago
RankingQuery.php
1 year ago
ReportRenderer.php
1 year ago
Request.php
1 year ago
Segment.php
1 year ago
Sequence.php
2 years ago
Session.php
1 year ago
SettingsPiwik.php
1 year ago
SettingsServer.php
1 year ago
Singleton.php
2 years ago
Site.php
1 year ago
SiteContentDetector.php
1 year ago
SupportedBrowser.php
2 years ago
TCPDF.php
1 year ago
Theme.php
1 year ago
Timer.php
2 years ago
Tracker.php
1 year ago
Twig.php
1 year ago
Unzip.php
1 year ago
UpdateCheck.php
1 year ago
Updater.php
1 year ago
UpdaterErrorException.php
2 years ago
Updates.php
1 year ago
Url.php
1 year ago
UrlHelper.php
1 year ago
Version.php
1 year ago
View.php
1 year ago
bootstrap.php
1 year ago
dispatch.php
2 years ago
testMinimumPhpVersion.php
2 years ago
Request.php
286 lines
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * Matomo - free/libre analytics platform |
| 5 | * |
| 6 | * @link https://matomo.org |
| 7 | * @license https://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later |
| 8 | */ |
| 9 | namespace Piwik; |
| 10 | |
| 11 | use InvalidArgumentException; |
| 12 | /** |
| 13 | * Provides (type safe) access methods for request parameters. |
| 14 | * |
| 15 | * Ensure to handle parameters received with this class with care. |
| 16 | * Especially parameters received as string, array or json might contain malicious content. Those should never be used |
| 17 | * raw in templates or other output. |
| 18 | * |
| 19 | * Note: For security reasons this class will automatically remove null byte sequences from string values. |
| 20 | * |
| 21 | * @api |
| 22 | */ |
| 23 | class Request |
| 24 | { |
| 25 | /** |
| 26 | * @var array |
| 27 | */ |
| 28 | protected $requestParameters; |
| 29 | private static $exceptionMsg = "The parameter '%s' isn't set in the Request and a default value wasn't provided."; |
| 30 | public function __construct(array $requestParameters) |
| 31 | { |
| 32 | $this->requestParameters = $requestParameters; |
| 33 | } |
| 34 | /** |
| 35 | * Creates a request object using GET and POST parameters of the current request |
| 36 | * |
| 37 | * @return static |
| 38 | */ |
| 39 | public static function fromRequest() : self |
| 40 | { |
| 41 | return new self($_GET + $_POST); |
| 42 | } |
| 43 | /** |
| 44 | * Creates a request object using only GET parameters of the current request |
| 45 | * |
| 46 | * @return static |
| 47 | */ |
| 48 | public static function fromGet() : self |
| 49 | { |
| 50 | return new self($_GET); |
| 51 | } |
| 52 | /** |
| 53 | * Creates a request object using only POST parameters of the current request |
| 54 | * |
| 55 | * @return static |
| 56 | */ |
| 57 | public static function fromPost() : self |
| 58 | { |
| 59 | return new self($_POST); |
| 60 | } |
| 61 | /** |
| 62 | * Creates a request object using the parameters that can be extracted from the provided query string |
| 63 | * |
| 64 | * @return static |
| 65 | */ |
| 66 | public static function fromQueryString(string $queryString) : self |
| 67 | { |
| 68 | $requestParameters = []; |
| 69 | parse_str($queryString, $requestParameters); |
| 70 | // If a querystring is provided urlencode'd parse_str will not be able to parse it correctly. |
| 71 | // A querystring like `method%3dVisitsSummary.get%26idSite%3d1` would result in |
| 72 | // an array like `['method=VisitsSummary.get&idSite=1' => '']` |
| 73 | // In this case we try to parse the urldecode'd string to get proper results |
| 74 | // Note: We can't always perform a urldecode, as this might otherwise destroy urlencoded values containing a & |
| 75 | if (1 === count($requestParameters) && '' === end($requestParameters)) { |
| 76 | $requestParameters = []; |
| 77 | parse_str(urldecode($queryString), $requestParameters); |
| 78 | } |
| 79 | return new self($requestParameters); |
| 80 | } |
| 81 | /** |
| 82 | * Returns the requested parameter from the request object. |
| 83 | * If the requested parameter can't be found and no default is provided an exception will be thrown |
| 84 | * |
| 85 | * Note: It's recommend to use one of type-safe methods instead, if a certain type is expected: |
| 86 | * @see getIntegerParameter |
| 87 | * @see getFloatParameter |
| 88 | * @see getStringParameter |
| 89 | * @see getArrayParameter |
| 90 | * @see getJSONParameter |
| 91 | * |
| 92 | * @param string $name |
| 93 | * @param mixed $default |
| 94 | * @return mixed |
| 95 | * @throws InvalidArgumentException |
| 96 | */ |
| 97 | public function getParameter(string $name, $default = null) |
| 98 | { |
| 99 | if (!strlen($name)) { |
| 100 | throw new InvalidArgumentException('Invalid request parameter. Parameter name required.'); |
| 101 | } |
| 102 | if (array_key_exists($name, $this->requestParameters) && $this->requestParameters[$name] !== null) { |
| 103 | return $this->filterNullBytes($this->requestParameters[$name]); |
| 104 | } |
| 105 | if (null !== $default) { |
| 106 | return $default; |
| 107 | } |
| 108 | throw new InvalidArgumentException(sprintf(self::$exceptionMsg, $name)); |
| 109 | } |
| 110 | /** |
| 111 | * Returns the requested parameter from the request object. |
| 112 | * If no default is provided and the requested parameter either can't be found or is not of type integer an |
| 113 | * exception will be thrown |
| 114 | * |
| 115 | * @param string $name |
| 116 | * @param int|null $default |
| 117 | * @return int |
| 118 | * @throws InvalidArgumentException |
| 119 | */ |
| 120 | public function getIntegerParameter(string $name, ?int $default = null) : int |
| 121 | { |
| 122 | $parameter = $this->getParameter($name, $default); |
| 123 | if ((is_string($parameter) || is_numeric($parameter)) && (string) $parameter === (string) (int) $parameter) { |
| 124 | return (int) $parameter; |
| 125 | } |
| 126 | if (null !== $default) { |
| 127 | return $default; |
| 128 | } |
| 129 | throw new InvalidArgumentException(sprintf(self::$exceptionMsg, $name)); |
| 130 | } |
| 131 | /** |
| 132 | * Returns the requested parameter from the request object. |
| 133 | * If no default is provided and the requested parameter either can't be found or is not of type float an |
| 134 | * exception will be thrown |
| 135 | * |
| 136 | * @param string $name |
| 137 | * @param float|null $default |
| 138 | * @return float |
| 139 | * @throws InvalidArgumentException |
| 140 | */ |
| 141 | public function getFloatParameter(string $name, ?float $default = null) : float |
| 142 | { |
| 143 | $parameter = $this->getParameter($name, $default); |
| 144 | if (is_float($parameter) || is_int($parameter)) { |
| 145 | return (float) $parameter; |
| 146 | } |
| 147 | // Regex for all supported float notations in PHP (see https://www.php.net/manual/en/language.types.float.php) |
| 148 | $floatRegex = "/^[-+]?((([0-9]+(_[0-9]+)*)|(([0-9]+(_[0-9]+)*)?\\.([0-9]+(_[0-9]+)*))|(([0-9]+(_[0-9]+)*)\\.([0-9]+(_[0-9]+)*)?))([eE][+-]?([0-9]+(_[0-9]+)*))?)\$/"; |
| 149 | if (is_string($parameter) && preg_match($floatRegex, $parameter)) { |
| 150 | // underscores would break numbers if not removed before |
| 151 | return (float) str_replace('_', '', $parameter); |
| 152 | } |
| 153 | if (null !== $default) { |
| 154 | return $default; |
| 155 | } |
| 156 | throw new InvalidArgumentException(sprintf(self::$exceptionMsg, $name)); |
| 157 | } |
| 158 | /** |
| 159 | * Returns the requested parameter from the request object. |
| 160 | * If no default is provided and the requested parameter either can't be found or is not of type string an |
| 161 | * exception will be thrown |
| 162 | * |
| 163 | * @param string $name |
| 164 | * @param string|null $default |
| 165 | * @return string |
| 166 | * @throws InvalidArgumentException |
| 167 | */ |
| 168 | public function getStringParameter(string $name, ?string $default = null) : string |
| 169 | { |
| 170 | $parameter = $this->getParameter($name, $default); |
| 171 | if (is_string($parameter) || is_numeric($parameter)) { |
| 172 | return $this->filterNullBytes((string) $parameter); |
| 173 | } |
| 174 | if (null !== $default) { |
| 175 | return $default; |
| 176 | } |
| 177 | throw new InvalidArgumentException(sprintf(self::$exceptionMsg, $name)); |
| 178 | } |
| 179 | /** |
| 180 | * Returns the requested parameter from the request object. |
| 181 | * If no default is provided and the requested parameter either can't be found or can't be converted to boolean |
| 182 | * exception will be thrown |
| 183 | * |
| 184 | * Values accepted as bool-ish: |
| 185 | * true: true, 'true', '1', 1 |
| 186 | * false: false, 'false', '0', 0 |
| 187 | * |
| 188 | * @param string $name |
| 189 | * @param bool|null $default |
| 190 | * @return bool |
| 191 | * @throws InvalidArgumentException |
| 192 | */ |
| 193 | public function getBoolParameter(string $name, ?bool $default = null) : bool |
| 194 | { |
| 195 | $parameter = $this->getParameter($name, $default); |
| 196 | if ($parameter === \false || $parameter === \true) { |
| 197 | return $parameter; |
| 198 | } |
| 199 | if (\is_string($parameter) && \strtolower($parameter) === 'false' || $parameter === '0' || $parameter === 0) { |
| 200 | return \false; |
| 201 | } |
| 202 | if (\is_string($parameter) && \strtolower($parameter) === 'true' || $parameter === '1' || $parameter === 1) { |
| 203 | return \true; |
| 204 | } |
| 205 | if (null !== $default) { |
| 206 | return $default; |
| 207 | } |
| 208 | throw new InvalidArgumentException(sprintf(self::$exceptionMsg, $name)); |
| 209 | } |
| 210 | /** |
| 211 | * Returns the requested parameter from the request object. |
| 212 | * If no default is provided and the requested parameter either can't be found or is not of type array an |
| 213 | * exception will be thrown |
| 214 | * |
| 215 | * @param string $name |
| 216 | * @param array|null $default |
| 217 | * @return array |
| 218 | * @throws InvalidArgumentException |
| 219 | */ |
| 220 | public function getArrayParameter(string $name, ?array $default = null) : array |
| 221 | { |
| 222 | $parameter = $this->getParameter($name, $default); |
| 223 | if (is_array($parameter)) { |
| 224 | return $this->filterNullBytes($parameter); |
| 225 | } |
| 226 | if (null !== $default) { |
| 227 | return $default; |
| 228 | } |
| 229 | throw new InvalidArgumentException(sprintf(self::$exceptionMsg, $name)); |
| 230 | } |
| 231 | /** |
| 232 | * Returns the requested parameter from the request object. |
| 233 | * If no default is provided and the requested parameter either can't be found or can't be json_decode'd an |
| 234 | * exception will be thrown |
| 235 | * |
| 236 | * @param string $name |
| 237 | * @param mixed $default |
| 238 | * @return mixed |
| 239 | * @throws InvalidArgumentException |
| 240 | */ |
| 241 | public function getJsonParameter(string $name, $default = null) |
| 242 | { |
| 243 | try { |
| 244 | // Note we can't simply pass the default to getParameter here, in case the default would be string |
| 245 | // we would otherwise try to parse it as json below, which might result in unexpected behavior |
| 246 | $parameter = $this->getParameter($name); |
| 247 | } catch (InvalidArgumentException $e) { |
| 248 | $parameter = null; |
| 249 | if ($default !== null) { |
| 250 | return $default; |
| 251 | } |
| 252 | } |
| 253 | if (is_string($parameter)) { |
| 254 | $decodedValue = \json_decode($parameter, \true); |
| 255 | if ($decodedValue !== null && $decodedValue !== '') { |
| 256 | return $this->filterNullBytes($decodedValue); |
| 257 | } |
| 258 | } |
| 259 | if (null !== $default) { |
| 260 | return $default; |
| 261 | } |
| 262 | throw new InvalidArgumentException(sprintf(self::$exceptionMsg, $name)); |
| 263 | } |
| 264 | private function filterNullBytes($value) |
| 265 | { |
| 266 | if (is_array($value)) { |
| 267 | $result = []; |
| 268 | foreach ($value as $key => $arrayValue) { |
| 269 | $result[$key] = $this->filterNullBytes($arrayValue); |
| 270 | } |
| 271 | return $result; |
| 272 | } else { |
| 273 | return is_string($value) ? \Piwik\Common::sanitizeNullBytes($value) : $value; |
| 274 | } |
| 275 | } |
| 276 | /** |
| 277 | * Returns an array containing all parameters of the request object |
| 278 | * |
| 279 | * @return array |
| 280 | */ |
| 281 | public function getParameters() : array |
| 282 | { |
| 283 | return $this->requestParameters; |
| 284 | } |
| 285 | } |
| 286 |