API
1 month ago
Access
3 months ago
Application
1 month ago
Archive
1 month ago
ArchiveProcessor
1 month ago
Archiver
2 years ago
AssetManager
1 month ago
Auth
6 months ago
Category
6 months ago
Changes
1 month ago
CliMulti
1 year ago
Columns
1 month ago
Concurrency
1 month ago
Config
1 month ago
Container
1 month ago
CronArchive
3 months ago
DataAccess
1 month ago
DataFiles
2 years ago
DataTable
2 weeks ago
Db
2 weeks ago
DeviceDetector
1 year ago
Email
2 years ago
Exception
4 months ago
Http
4 months ago
Intl
3 months ago
Log
2 years ago
Mail
1 year ago
Measurable
6 months ago
Menu
1 month ago
Metrics
3 months ago
Notification
6 months ago
Period
1 month ago
Plugin
2 weeks ago
Policy
1 month ago
ProfessionalServices
1 year ago
Report
1 year ago
ReportRenderer
3 months ago
Request
3 months ago
Scheduler
1 month ago
Segment
1 month ago
Session
2 weeks ago
Settings
1 month ago
Tracker
2 weeks ago
Translation
1 month ago
Twig
1 year ago
UpdateCheck
3 months ago
Updater
1 month ago
Updates
2 days ago
Validators
1 year ago
View
1 month ago
ViewDataTable
2 weeks ago
Visualization
1 year ago
Widget
1 month ago
.htaccess
2 years ago
Access.php
1 month ago
Archive.php
1 month ago
ArchiveProcessor.php
1 month ago
AssetManager.php
1 month ago
Auth.php
6 months ago
AuthResult.php
6 months ago
BaseFactory.php
2 years ago
Cache.php
2 years ago
CacheId.php
4 months ago
CliMulti.php
1 month ago
Common.php
2 weeks ago
Config.php
1 month ago
Console.php
3 months ago
Context.php
2 years ago
Cookie.php
1 year ago
CronArchive.php
1 month ago
DI.php
3 months ago
DataArray.php
1 month ago
DataTable.php
1 month ago
Date.php
1 month ago
Db.php
1 month ago
DbHelper.php
1 month ago
Development.php
1 year ago
ErrorHandler.php
6 months ago
EventDispatcher.php
1 month ago
ExceptionHandler.php
4 months ago
FileIntegrity.php
1 month ago
Filechecks.php
1 year ago
Filesystem.php
1 month ago
FrontController.php
4 months ago
Http.php
1 month ago
IP.php
1 year ago
Log.php
3 months ago
LogDeleter.php
1 year ago
Mail.php
1 year ago
Metrics.php
1 month ago
NoAccessException.php
2 years ago
Nonce.php
6 months ago
Notification.php
1 month ago
NumberFormatter.php
5 months ago
Option.php
5 months ago
Period.php
1 month ago
Piwik.php
1 month ago
Plugin.php
1 month ago
Process.php
1 month ago
Profiler.php
6 months ago
ProxyHeaders.php
4 months ago
ProxyHttp.php
5 months ago
QuickForm2.php
3 months ago
RankingQuery.php
1 month ago
ReportRenderer.php
1 month ago
Request.php
1 month ago
Segment.php
1 month ago
Sequence.php
6 months ago
Session.php
2 weeks ago
SettingsPiwik.php
1 month ago
SettingsServer.php
1 year ago
Singleton.php
2 years ago
Site.php
1 month ago
SiteContentDetector.php
1 month ago
SupportedBrowser.php
2 years ago
TCPDF.php
1 year ago
Theme.php
1 year ago
Timer.php
1 month ago
Tracker.php
1 month ago
Twig.php
1 month ago
Unzip.php
1 year ago
UpdateCheck.php
1 month ago
Updater.php
1 month ago
UpdaterErrorException.php
2 years ago
Updates.php
3 months ago
Url.php
3 months ago
UrlHelper.php
1 month ago
Version.php
2 days ago
View.php
1 month ago
bootstrap.php
1 year ago
dispatch.php
2 years ago
testMinimumPhpVersion.php
6 months ago
Request.php
266 lines
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * Matomo - free/libre analytics platform |
| 5 | * |
| 6 | * @link https://matomo.org |
| 7 | * @license https://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later |
| 8 | */ |
| 9 | namespace Piwik; |
| 10 | |
| 11 | use InvalidArgumentException; |
| 12 | /** |
| 13 | * Provides (type safe) access methods for request parameters. |
| 14 | * |
| 15 | * Ensure to handle parameters received with this class with care. |
| 16 | * Especially parameters received as string, array or json might contain malicious content. Those should never be used |
| 17 | * raw in templates or other output. |
| 18 | * |
| 19 | * Note: For security reasons this class will automatically remove null byte sequences from string values. |
| 20 | * |
| 21 | * @api |
| 22 | */ |
| 23 | class Request |
| 24 | { |
| 25 | /** |
| 26 | * @var array |
| 27 | */ |
| 28 | protected $requestParameters; |
| 29 | private static $exceptionMsg = "The parameter '%s' isn't set in the Request and a default value wasn't provided."; |
| 30 | public function __construct(array $requestParameters) |
| 31 | { |
| 32 | $this->requestParameters = $requestParameters; |
| 33 | } |
| 34 | /** |
| 35 | * Creates a request object using GET and POST parameters of the current request |
| 36 | * |
| 37 | * @return static |
| 38 | */ |
| 39 | public static function fromRequest() : self |
| 40 | { |
| 41 | return new self($_GET + $_POST); |
| 42 | } |
| 43 | /** |
| 44 | * Creates a request object using only GET parameters of the current request |
| 45 | * |
| 46 | * @return static |
| 47 | */ |
| 48 | public static function fromGet() : self |
| 49 | { |
| 50 | return new self($_GET); |
| 51 | } |
| 52 | /** |
| 53 | * Creates a request object using only POST parameters of the current request |
| 54 | * |
| 55 | * @return static |
| 56 | */ |
| 57 | public static function fromPost() : self |
| 58 | { |
| 59 | return new self($_POST); |
| 60 | } |
| 61 | /** |
| 62 | * Creates a request object using the parameters that can be extracted from the provided query string |
| 63 | * |
| 64 | * @return static |
| 65 | */ |
| 66 | public static function fromQueryString(string $queryString) : self |
| 67 | { |
| 68 | $requestParameters = []; |
| 69 | parse_str($queryString, $requestParameters); |
| 70 | // If a querystring is provided urlencode'd parse_str will not be able to parse it correctly. |
| 71 | // A querystring like `method%3dVisitsSummary.get%26idSite%3d1` would result in |
| 72 | // an array like `['method=VisitsSummary.get&idSite=1' => '']` |
| 73 | // In this case we try to parse the urldecode'd string to get proper results |
| 74 | // Note: We can't always perform a urldecode, as this might otherwise destroy urlencoded values containing a & |
| 75 | if (1 === count($requestParameters) && '' === end($requestParameters)) { |
| 76 | $requestParameters = []; |
| 77 | parse_str(urldecode($queryString), $requestParameters); |
| 78 | } |
| 79 | return new self($requestParameters); |
| 80 | } |
| 81 | /** |
| 82 | * Returns the requested parameter from the request object. |
| 83 | * If the requested parameter can't be found and no default is provided an exception will be thrown |
| 84 | * |
| 85 | * Note: It's recommend to use one of type-safe methods instead, if a certain type is expected: |
| 86 | * @see getIntegerParameter |
| 87 | * @see getFloatParameter |
| 88 | * @see getStringParameter |
| 89 | * @see getArrayParameter |
| 90 | * @see getJSONParameter |
| 91 | * |
| 92 | * @param mixed $default |
| 93 | * @return mixed |
| 94 | * @throws InvalidArgumentException |
| 95 | */ |
| 96 | public function getParameter(string $name, $default = null) |
| 97 | { |
| 98 | if (!strlen($name)) { |
| 99 | throw new InvalidArgumentException('Invalid request parameter. Parameter name required.'); |
| 100 | } |
| 101 | if (array_key_exists($name, $this->requestParameters) && $this->requestParameters[$name] !== null) { |
| 102 | return $this->filterNullBytes($this->requestParameters[$name]); |
| 103 | } |
| 104 | if (null !== $default) { |
| 105 | return $default; |
| 106 | } |
| 107 | throw new InvalidArgumentException(sprintf(self::$exceptionMsg, $name)); |
| 108 | } |
| 109 | /** |
| 110 | * Returns the requested parameter from the request object. |
| 111 | * If no default is provided and the requested parameter either can't be found or is not of type integer an |
| 112 | * exception will be thrown |
| 113 | * |
| 114 | * @throws InvalidArgumentException |
| 115 | */ |
| 116 | public function getIntegerParameter(string $name, ?int $default = null) : int |
| 117 | { |
| 118 | $parameter = $this->getParameter($name, $default); |
| 119 | if ((is_string($parameter) || is_numeric($parameter)) && (string) $parameter === (string) (int) $parameter) { |
| 120 | return (int) $parameter; |
| 121 | } |
| 122 | if (null !== $default) { |
| 123 | return $default; |
| 124 | } |
| 125 | throw new InvalidArgumentException(sprintf(self::$exceptionMsg, $name)); |
| 126 | } |
| 127 | /** |
| 128 | * Returns the requested parameter from the request object. |
| 129 | * If no default is provided and the requested parameter either can't be found or is not of type float an |
| 130 | * exception will be thrown |
| 131 | * |
| 132 | * @throws InvalidArgumentException |
| 133 | */ |
| 134 | public function getFloatParameter(string $name, ?float $default = null) : float |
| 135 | { |
| 136 | $parameter = $this->getParameter($name, $default); |
| 137 | $parsedFloat = \Piwik\Common::parseFloat($parameter); |
| 138 | if ($parsedFloat !== null) { |
| 139 | return $parsedFloat; |
| 140 | } |
| 141 | if (null !== $default) { |
| 142 | return $default; |
| 143 | } |
| 144 | throw new InvalidArgumentException(sprintf(self::$exceptionMsg, $name)); |
| 145 | } |
| 146 | /** |
| 147 | * Returns the requested parameter from the request object. |
| 148 | * If no default is provided and the requested parameter either can't be found or is not of type string an |
| 149 | * exception will be thrown |
| 150 | * |
| 151 | * @throws InvalidArgumentException |
| 152 | */ |
| 153 | public function getStringParameter(string $name, ?string $default = null) : string |
| 154 | { |
| 155 | $parameter = $this->getParameter($name, $default); |
| 156 | if (is_string($parameter) || is_numeric($parameter)) { |
| 157 | return $this->filterNullBytes((string) $parameter); |
| 158 | } |
| 159 | if (null !== $default) { |
| 160 | return $default; |
| 161 | } |
| 162 | throw new InvalidArgumentException(sprintf(self::$exceptionMsg, $name)); |
| 163 | } |
| 164 | /** |
| 165 | * Returns the requested parameter from the request object. |
| 166 | * If no default is provided and the requested parameter either can't be found or can't be converted to boolean |
| 167 | * exception will be thrown |
| 168 | * |
| 169 | * Values accepted as bool-ish: |
| 170 | * true: true, 'true', '1', 1 |
| 171 | * false: false, 'false', '0', 0 |
| 172 | * |
| 173 | * @throws InvalidArgumentException |
| 174 | */ |
| 175 | public function getBoolParameter(string $name, ?bool $default = null) : bool |
| 176 | { |
| 177 | $parameter = $this->getParameter($name, $default); |
| 178 | if ($parameter === \false || $parameter === \true) { |
| 179 | return $parameter; |
| 180 | } |
| 181 | if (\is_string($parameter) && \strtolower($parameter) === 'false' || $parameter === '0' || $parameter === 0) { |
| 182 | return \false; |
| 183 | } |
| 184 | if (\is_string($parameter) && \strtolower($parameter) === 'true' || $parameter === '1' || $parameter === 1) { |
| 185 | return \true; |
| 186 | } |
| 187 | if (null !== $default) { |
| 188 | return $default; |
| 189 | } |
| 190 | throw new InvalidArgumentException(sprintf(self::$exceptionMsg, $name)); |
| 191 | } |
| 192 | /** |
| 193 | * Returns the requested parameter from the request object. |
| 194 | * If no default is provided and the requested parameter either can't be found or is not of type array an |
| 195 | * exception will be thrown |
| 196 | * |
| 197 | * @param array|null $default |
| 198 | * @return array |
| 199 | * @throws InvalidArgumentException |
| 200 | */ |
| 201 | public function getArrayParameter(string $name, ?array $default = null) : array |
| 202 | { |
| 203 | $parameter = $this->getParameter($name, $default); |
| 204 | if (is_array($parameter)) { |
| 205 | return $this->filterNullBytes($parameter); |
| 206 | } |
| 207 | if (null !== $default) { |
| 208 | return $default; |
| 209 | } |
| 210 | throw new InvalidArgumentException(sprintf(self::$exceptionMsg, $name)); |
| 211 | } |
| 212 | /** |
| 213 | * Returns the requested parameter from the request object. |
| 214 | * If no default is provided and the requested parameter either can't be found or can't be json_decode'd an |
| 215 | * exception will be thrown |
| 216 | * |
| 217 | * @param mixed $default |
| 218 | * @return mixed |
| 219 | * @throws InvalidArgumentException |
| 220 | */ |
| 221 | public function getJsonParameter(string $name, $default = null) |
| 222 | { |
| 223 | try { |
| 224 | // Note we can't simply pass the default to getParameter here, in case the default would be string |
| 225 | // we would otherwise try to parse it as json below, which might result in unexpected behavior |
| 226 | $parameter = $this->getParameter($name); |
| 227 | } catch (InvalidArgumentException $e) { |
| 228 | $parameter = null; |
| 229 | if ($default !== null) { |
| 230 | return $default; |
| 231 | } |
| 232 | } |
| 233 | if (is_string($parameter)) { |
| 234 | $decodedValue = \json_decode($parameter, \true); |
| 235 | if ($decodedValue !== null && $decodedValue !== '') { |
| 236 | return $this->filterNullBytes($decodedValue); |
| 237 | } |
| 238 | } |
| 239 | if (null !== $default) { |
| 240 | return $default; |
| 241 | } |
| 242 | throw new InvalidArgumentException(sprintf(self::$exceptionMsg, $name)); |
| 243 | } |
| 244 | private function filterNullBytes($value) |
| 245 | { |
| 246 | if (is_array($value)) { |
| 247 | $result = []; |
| 248 | foreach ($value as $key => $arrayValue) { |
| 249 | $result[$key] = $this->filterNullBytes($arrayValue); |
| 250 | } |
| 251 | return $result; |
| 252 | } else { |
| 253 | return is_string($value) ? \Piwik\Common::sanitizeNullBytes($value) : $value; |
| 254 | } |
| 255 | } |
| 256 | /** |
| 257 | * Returns an array containing all parameters of the request object |
| 258 | * |
| 259 | * @return array |
| 260 | */ |
| 261 | public function getParameters() : array |
| 262 | { |
| 263 | return $this->requestParameters; |
| 264 | } |
| 265 | } |
| 266 |