system/libraries/Input.php

   1 <?php defined('SYSPATH') OR die('No direct access allowed.');
   2 /**
   3  * Input library.
   4  *
   5  * $Id: Input.php 3917 2009-01-21 03:06:22Z zombor $
   6  *
   7  * @package    Core
   8  * @author     Kohana Team
   9  * @copyright  (c) 2007-2008 Kohana Team
  10  * @license    http://kohanaphp.com/license.html
  11  */
  12 class Input {
  13
  14         // IP address of current user
  15         public $ip_address;
  16
  17         // Input singleton
  18         protected static $instance;
  19
  20         /**
  21          * Retrieve a singleton instance of Input. This will always be the first
  22          * created instance of this class.
  23          *
  24          * @return  object
  25          */
  26         public static function instance()
  27         {
  28                 if (self::$instance === NULL)
  29                 {
  30                         // Create a new instance
  31                         return new Input;
  32                 }
  33
  34                 return self::$instance;
  35         }
  36
  37         /**
  38          * Sanitizes global GET, POST and COOKIE data. Also takes care of
  39          * magic_quotes and register_globals, if they have been enabled.
  40          *
  41          * @return  void
  42          */
  43         public function __construct()
  44         {
  45
  46                 if (self::$instance === NULL)
  47                 {
  48                         // magic_quotes_runtime is enabled
  49                         if (get_magic_quotes_runtime())
  50                         {
  51                                 echo ('Disable magic_quotes_runtime! It is evil and deprecated: http://php.net/magic_quotes');
  52                                 exit(1);
  53                         }
  54
  55                         // magic_quotes_gpc is enabled
  56                         if (get_magic_quotes_gpc())
  57                         {
  58                                 echo ('Disable magic_quotes_gpc! It is evil and deprecated: http://php.net/magic_quotes');
  59                                 exit(1);
  60                         }
  61
  62                         // register_globals is enabled
  63                         if (ini_get('register_globals'))
  64                         {
  65                                 echo ('Disable register_globals! It is evil and deprecated: http://php.net/register_globals');
  66                                 exit(1);
  67                         }
  68
  69                         // Create a singleton
  70                         self::$instance = $this;
  71                 }
  72         }
  73
  74         /**
  75          * Fetch an item from the $_GET array.
  76          *
  77          * @param   string   key to find
  78          * @param   mixed    default value
  79          * @return  mixed
  80          */
  81         public function get($key = array(), $default = NULL)
  82         {
  83                 return $this->search_array($_GET, $key, $default);
  84         }
  85
  86         /**
  87          * Fetch an item from the $_POST array.
  88          *
  89          * @param   string   key to find
  90          * @param   mixed    default value
  91          * @return  mixed
  92          */
  93         public function post($key = array(), $default = NULL)
  94         {
  95                 return $this->search_array($_POST, $key, $default);
  96         }
  97
  98         /**
  99          * Fetch an item from the $_COOKIE array.
 100          *
 101          * @param   string   key to find
 102          * @param   mixed    default value
 103          * @return  mixed
 104          */
 105         public function cookie($key = array(), $default = NULL)
 106         {
 107                 return $this->search_array($_COOKIE, $key, $default);
 108         }
 109
 110         /**
 111          * Fetch an item from the $_SERVER array.
 112          *
 113          * @param   string   key to find
 114          * @param   mixed    default value
 115          * @return  mixed
 116          */
 117         public function server($key = array(), $default = NULL)
 118         {
 119                 return $this->search_array($_SERVER, $key, $default);
 120         }
 121
 122         /**
 123          * Fetch an item from a global array.
 124          *
 125          * @param   array    array to search
 126          * @param   string   key to find
 127          * @param   mixed    default value
 128          * @return  mixed
 129          */
 130         protected function search_array($array, $key, $default = NULL)
 131         {
 132                 if ($key === array())
 133                         return $array;
 134
 135                 if ( ! isset($array[$key]))
 136                         return $default;
 137
 138                 // Get the value
 139                 $value = $array[$key];
 140
 141                 return $value;
 142         }
 143
 144         /**
 145          * Fetch the IP Address.
 146          *
 147          * @return string
 148          */
 149         public function ip_address()
 150         {
 151                 if ($this->ip_address !== NULL)
 152                         return $this->ip_address;
 153
 154                 if ($ip = $this->server('HTTP_CLIENT_IP'))
 155                 {
 156                          $this->ip_address = $ip;
 157                 }
 158                 elseif ($ip = $this->server('REMOTE_ADDR'))
 159                 {
 160                          $this->ip_address = $ip;
 161                 }
 162                 elseif ($ip = $this->server('HTTP_X_FORWARDED_FOR'))
 163                 {
 164                          $this->ip_address = $ip;
 165                 }
 166
 167                 if ($comma = strrpos($this->ip_address, ',') !== FALSE)
 168                 {
 169                         $this->ip_address = substr($this->ip_address, $comma + 1);
 170                 }
 171
 172                 if ( ! valid::ip($this->ip_address))
 173                 {
 174                         // Use an empty IP
 175                         $this->ip_address = '0.0.0.0';
 176                 }
 177
 178                 return $this->ip_address;
 179         }
 180
 181         /**
 182          * This is a helper method. It enforces W3C specifications for allowed
 183          * key name strings, to prevent malicious exploitation.
 184          *
 185          * @param   string  string to clean
 186          * @return  string
 187          */
 188         public function clean_input_keys($str)
 189         {
 190                 $chars = PCRE_UNICODE_PROPERTIES ? '\pL' : 'a-zA-Z';
 191
 192                 if ( ! preg_match('#^['.$chars.'0-9:_.-]++$#uD', $str))
 193                 {
 194                         exit('Disallowed key characters in global data.');
 195                 }
 196
 197                 return $str;
 198         }
 199
 200 } // End Input Class