Client.php 2.46 KB
Newer Older
Carsten  Rose's avatar
Carsten Rose committed
1
2
3
4
5
6
7
8
9
10
11
12
<?php
/**
 * Created by PhpStorm.
 * User: crose
 * Date: 7/9/17
 * Time: 3:14 PM
 */

namespace qfq;

use qfq;

13
require_once(__DIR__ . '/../../core/helper/Sanitize.php');
Carsten  Rose's avatar
Carsten Rose committed
14

15
16
17
18
/**
 * Class Client
 * @package qfq
 */
Carsten  Rose's avatar
Carsten Rose committed
19
20
class Client {

21
22
23
24
    /**
     * @return array|string
     * @throws CodeException
     */
Carsten  Rose's avatar
Carsten Rose committed
25
26
27
    public static function getParam() {

        // copy GET and POST and SERVER Parameter. Priority: SERVER, POST, GET
Carsten  Rose's avatar
Carsten Rose committed
28
        $get = array();
Carsten  Rose's avatar
Carsten Rose committed
29
30
31
32
        $post = array();
        $cookie = array();
        $server = array();

33
34
35
36
        // Dirty workaround to clean poisoned T3 cache
        Sanitize::digitCheckAndCleanGet(CLIENT_PAGE_TYPE);
        Sanitize::digitCheckAndCleanGet(CLIENT_PAGE_LANGUAGE);

Carsten  Rose's avatar
Carsten Rose committed
37
38
        $header = self::getHeader();

Carsten  Rose's avatar
Carsten Rose committed
39
        if (isset($_GET)) {
40
            $get = $_GET; // do not use urldecode() - http://php.net/manual/de/function.urldecode.php#refsect1-function.urldecode-notes
Carsten  Rose's avatar
Carsten Rose committed
41
        }
Carsten  Rose's avatar
Carsten Rose committed
42
43
44

        if (isset($_POST)) {
            $post = $_POST;
45
//            Logger::logMessage(var_export($post, true) . PHP_EOL . PHP_EOL,'post.txt');
Carsten  Rose's avatar
Carsten Rose committed
46
47
48
49
50
51
52
53
54
55
56
        }

        if (isset($_COOKIE[SESSION_NAME])) {
            $cookie[CLIENT_COOKIE_QFQ] = $_COOKIE[SESSION_NAME];
        }

        // It's important to merge the SERVER array last: those entries shall overwrite client values.
        if (isset($_SERVER)) {
            $server = Sanitize::htmlentitiesArr($_SERVER); // $_SERVER values might be compromised.
        }

57
58
59
60
61
        // Necessary for phpUnit Tests
        if (!isset($server[CLIENT_REMOTE_ADDRESS])) {
            $server[CLIENT_REMOTE_ADDRESS] = '0.0.0.0';
        }

Carsten  Rose's avatar
Carsten Rose committed
62
        $arr = array_merge($header, $get, $post, $cookie, $server);
Carsten  Rose's avatar
Carsten Rose committed
63
64
65

        return Sanitize::normalize($arr);
    }
Carsten  Rose's avatar
Carsten Rose committed
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

    /**
     * @return array
     */
    private static function getHeader() {

        $arr = array();

        // getallheaders() does not exist for phpunit tests
        if (!function_exists('getallheaders')) {
            return array();
        }

        $headers = getallheaders();

        foreach ([HTTP_HEADER_AUTHORIZATION] as $key) {
            if (isset($headers[$key])) {
                $line = $headers[$key];

                $delimiter = (strpos($line, '=') === false) ? ':' : '=';

                // Header: 'Authorization: Token token=1234'
                $split = explode($delimiter, $line, 2);
                if (isset($split[1])) {
                    $arr[$key] = OnString::trimQuote($split[1]);
                }
            }
        }

        return $arr;
    }
Carsten  Rose's avatar
Carsten Rose committed
97
}