Page tree
Skip to end of metadata
Go to start of metadata

The BMO $_REQUEST helper is a single place to safely access and retrieve variables from $_REQUEST.

It provides a similar 'Default' functionality to DB_Helper, as well as attempting to automatically remove known attack vectors.

class Ponies extends FreePBX_Helpers implements BMO {
	public static reqDefaults = array ("protocol" => "sip");
 
	public function foo() {
		// Assuming $_REQUEST contains "type" => "Submit", 'text' => "O'Malley"
		$type = $this->getReq("type");
		$text = $this->getReq("text");
		$protocol = $this->getReq("protocol");
		$foo = $this->getReq("nothanks");
 
		// Now:
		//  $type = "Submit" (obviously)
		//  $text = "O'Malley"  (Because of automatic attack mitigation)
		//  $protocol = "sip" (Because it wasn't defined, and there's a default)
		//  $foo = false (It wasn't defined, and there was no default)
	}
}

Provides

$this->importRequest(array, string, string)
$this->getReq(string)
$this->setReq(string)
$this->getReqUnsafe(string)

Uses

$this->importRequest(array $exclude, string $excludeRegexp, string $id)

This loads everything provided in the GET/POST into the Key Value store. As this is implicitly safe, there is no need for extra sanity checking, and makes coding a pile easier.
This does NOT use any of the Override features provided by getReq and setReq, and does NOT DO INPUT FILTERING.  This is mainly for large pages that have lots of configuration options, and having an easy and simple way to load them into the store. If you're importing fields that will be displayed to the end user, add them to the excludeRegexp, or $exclude array, and import them individually with $this->getReq()

$r = $this->getReq("var")

Returns the contents of $_REQUEST, with all current attacks mitigated.  Honours the presense of a reqDefaults static array, and will return the contents from there if they exist and the variable is not submitted.

$r = $this->setReq("var", "foo")

Overrides $_REQUEST and will return "foo" when "var" is next requested

 

  • No labels