|
class XRequest
{
public static function getPost( $name = "" )
{
if ( empty( $name ) )
{
return $_POST;
}
if ( isset( $_POST[$name] ) )
{
return $_POST[$name];
}
return "";
}
public static function getGet( $name = "" )
{
if ( empty( $name ) )
{
return $_GET;
}
if ( isset( $_GET[$name] ) )
{
return $_GET[$name];
}
return "";
}
public static function getCookie( $name = "" )
{
if ( $name == "" )
{
return $_COOKIE;
}
if ( isset( $_COOKIE[$name] ) )
{
return $_COOKIE[$name];
}
return "";
}
public static function getSession( $name = "" )
{
if ( $name == "" )
{
return $_SESSION;
}
if ( isset( $_SESSION[$name] ) )
{
return $_SESSION[$name];
}
return "";
}
public static function fetchEnv( $name = "" )
{
if ( $name == "" )
{
return $_ENV;
}
if ( isset( $_ENV[$name] ) )
{
return $_ENV[$name];
}
return "";
}
public static function getService( $name = "" )
{
if ( $name == "" )
{
return $_SERVER;
}
if ( isset( $_SERVER[$name] ) )
{
return $_SERVER[$name];
}
return "";
}
public static function getPhpSelf( )
{
return strip_tags( self::getservice( "PHP_SELF" ) );
}
public static function getServiceName( )
{
return self::getservice( "SERVER_NAME" );
}
public static function getRequestTime( )
{
return self::getservice( "REQUEST_TIME" );
}
public static function getUserAgent( )
{
return self::getservice( "HTTP_USER_AGENT" );
}
public static function getUri( )
{
return self::getservice( "REQUEST_URI" );
}
public static function isPost( )
{
if ( strtolower( self::getservice( "REQUEST_METHOD" ) ) == "post" )
{
return TRUE;
}
return FALSE;
}
public static function isGet( )
{
if ( strtolower( self::getservice( "REQUEST_METHOD" ) ) == "get" )
{
return TRUE;
}
return FALSE;
}
public static function isAjax( )
{
if ( self::getservice( "HTTP_X_REQUESTED_WITH" ) && strtolower( self::getservice( "HTTP_X_REQUESTED_WITH" ) ) == "xmlhttprequest" )
{
return TRUE;
}
if ( self::getservice( "HTTP_REQUEST_TYPE" ) && strtolower( self::getservice( "HTTP_REQUEST_TYPE" ) ) == "ajax" )
{
return TRUE;
}
if ( self::getpost( "oe_ajax" ) || self::getget( "oe_ajax" ) )
{
return TRUE;
}
return FALSE;
}
public static function getip( )
{
static $realip = NULL;
if ( isset( $_SERVER ) )
{
if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) )
{
$realip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
else if ( isset( $_SERVER['HTTP_CLIENT_IP'] ) )
{
$realip = $_SERVER['HTTP_CLIENT_IP'];
}
else
{
$realip = $_SERVER['REMOTE_ADDR'];
}
}
else if ( getenv( "HTTP_X_FORWARDED_FOR" ) )
{
$realip = getenv( "HTTP_X_FORWARDED_FOR" );
}
else if ( getenv( "HTTP_CLIENT_IP" ) )
{
$realip = getenv( "HTTP_CLIENT_IP" );
}
else
{
$realip = getenv( "REMOTE_ADDR" );
}
$one = "([0-9]|[0-9]{2}|1dd|2[0-4]d|25[0-5])";
if ( !@preg_match( "/".$one.".".$one.".".$one.".".$one."$/", $realip ) )
{
$realip = "0.0.0.0";
}
return $realip;
}
protected static function uri( )
{
$uri = self::geturi( );
$file = dirname( $_SERVER['SCRIPT_NAME'] );
$request = str_replace( $file, "", $uri );
$request = explode( "/", trim( $request, "/" ) );
if ( isset( $request[0] ) )
{
$GLOBALS['_GET']['c'] = $request[0];
unset( $request[0] );
}
if ( isset( $request[1] ) )
{
$GLOBALS['_GET']['a'] = $request[1];
unset( $request[1] );
}
if ( 1 < count( $request ) )
{
$mark = 0;
$val = $key = array( );
foreach ( $request as $value )
{
++$mark;
if ( $mark % 2 == 0 )
{
$val[] = $value;
}
else
{
$key[] = $value;
}
}
if ( count( $key ) !== count( $val ) )
{
$val[] = NULL;
}
$get = array_combine( $key, $val );
foreach ( $get as $key => $value )
{
$GLOBALS['_GET'][$key] = $value;
}
}
return TRUE;
}
public static function getGpc( $value, $isfliter = TRUE )
{
if ( !is_array( $value ) )
{
if ( isset( $_GET[$value] ) )
{
$temp = trim( $_GET[$value] );
}
if ( isset( $_POST[$value] ) )
{
$temp = trim( $_POST[$value] );
}
$temp = $isfliter === TRUE ? XFilter::filterstr( $temp ) : $temp;
return trim( $temp );
}
$temp = array( );
foreach ( $value as $val )
{
if ( isset( $_GET[$val] ) )
{
$temp[$val] = trim( $_GET[$val] );
}
if ( isset( $_POST[$val] ) )
{
$temp[$val] = trim( $_POST[$val] );
}
$temp[$val] = $isfliter === TRUE ? XFilter::filterstr( $temp[$val] ) : $temp[$val];
}
return $temp;
}
public static function getArgs( $value, $default = NULL, $isfliter = TRUE )
{
if ( !empty( $value ) )
{
if ( isset( $_GET[$value] ) )
{
$temp = trim( $_GET[$value] );
}
if ( isset( $_POST[$value] ) )
{
$temp = trim( $_POST[$value] );
}
if ( $isfliter )
{
$temp = XFilter::filterstr( $temp );
}
else
{
$temp = XFilter::striparray( $temp );
}
if ( empty( $temp ) && !empty( $default ) )
{
$temp = $default;
}
return trim( $temp );
}
return "";
}
public static function getInt( $value, $default = NULL )
{
if ( !empty( $value ) )
{
if ( isset( $_GET[$value] ) )
{
$temp = $_GET[$value];
}
if ( isset( $_POST[$value] ) )
{
$temp = $_POST[$value];
}
$temp = XFilter::filterstr( $temp );
if ( empty( $temp ) || FALSE === XValid::isnumber( $temp ) )
{
if ( TRUE === XValid::isnumber( $default ) )
{
$temp = $default;
}
else
{
$temp = 0;
}
}
return intval( $temp );
}
return 0;
}
public static function getArray( $value )
{
if ( !empty( $value ) )
{
if ( isset( $_GET[$value] ) )
{
$temp = $_GET[$value];
}
if ( isset( $_POST[$value] ) )
{
$temp = $_POST[$value];
}
return $temp;
}
return "";
}
public static function recArgs( $value )
{
if ( !empty( $value ) )
{
if ( isset( $_GET[$value] ) )
{
$temp = $_GET[$value];
}
if ( isset( $_POST[$value] ) )
{
$temp = $_POST[$value];
}
return XFilter::filterbadchar( $temp );
}
return "";
}
public static function getComArgs( $itemname )
{
$args = "";
$array = self::getarray( $itemname );
if ( !empty( $array ) )
{
$ii = 0;
for ( ; $ii < count( $array ); ++$ii )
{
$val = XFilter::filterbadchar( $array[$ii] );
if ( !empty( $val ) )
{
if ( $ii == 0 )
{
$args = $val;
}
else if ( $args == "" )
{
$args = $val;
}
else
{
$args = $args.",".$val;
}
}
}
}
return $args;
}
public static function getComInts( $name )
{
$args = "";
$array = self::getarray( $name );
if ( !empty( $array ) )
{
$ii = 0;
for ( ; $ii < count( $array ); ++$ii )
{
$val = intval( XFilter::filterbadchar( $array[$ii] ) );
if ( !empty( $val ) )
{
if ( $ii == 0 )
{
$args = $val;
}
else if ( $args == "" )
{
$args = $val;
}
else
{
$args = $args.",".$val;
}
}
}
}
return $args;
}
}
if ( !defined( "IN_OESOFT" ) )
{
exit( "Access Denied" );
}
?>
class XFilter
{
public static function filterBadChar( $str )
{
if ( empty( $str ) || $str == "" )
{
return;
}
$badstring = array( "'", """, """, "=", "#", "$", ">", "<", "", "/*", "%", "x00", "%00", "*" );
$newstring = array( "", "", "", "", "", "", "", "", "", "", "", "", "", "" );
$str = str_replace( $badstring, $newstring, $str );
return trim( $str );
}
public static function stripArray( &$_data )
{
if ( is_array( $_data ) )
{
foreach ( $_data as $_key => $_value )
{
$_data[$_key] = trim( self::striparray( $_value ) );
}
return $_data;
}
return stripslashes( trim( $_data ) );
}
public static function filterSlashes( &$value )
{
if ( get_magic_quotes_gpc( ) )
{
return FALSE;
}
$value = ( array )$value;
foreach ( $value as $key => $val )
{
if ( is_array( $val ) )
{
self::filterslashes( $value[$key] );
}
else
{
$value[$key] = addslashes( $val );
}
}
}
public static function filterScript( $value )
{
if ( empty( $value ) )
{
return "";
}
$value = preg_replace( "/(javascript:)?on(click|load|key|mouse|error|abort|move|unload|change|dblclick|move|reset|resize|submit)/i", "&111n2", $value );
$value = preg_replace( "/(.*?)/si", "", $value );
$value = preg_replace( "/<iframe(.*?)>(.*?)/si", "", $value );
$value = preg_replace( "//iesU", "", $value );
return $value;
}
public static function filterHtml( $value )
{
if ( empty( $value ) )
{
return "";
}
if ( function_exists( "htmlspecialchars" ) )
{
return htmlspecialchars( $value );
}
return str_replace( array( "&", """, "'", "<", ">" ), array( "&", """, "'", "<", ">" ), $value );
}
public static function filterSql( $value )
{
if ( empty( $value ) )
{
return "";
}
$sql = array( "select", "insert", "update", "delete", "'", "/*", "../", "./", "union", "into", "load_file", "outfile" );
$sql_re = array( "", "", "", "", "", "", "", "", "", "", "", "" );
return str_ireplace( $sql, $sql_re, $value );
}
public static function filterStr( $value )
{
if ( empty( $value ) )
{
return "";
}
$value = trim( $value );
$badstr = array( "x00", "%00", "r", "&", """, "'", "<", ">", "%3C", "%3E" );
$newstr = array( "", "", "", "&", """, "'", "<", ">", "<", ">" );
$value = str_ireplace( $badstr, $newstr, $value );
$value = preg_replace( "/&((#(d{3,5}|x[a-fA-F0-9]{4}));)/", "&1", $value );
return $value;
}
public static function filterUrl( )
{
if ( preg_replace( "/https?://([^:/]+).*/i", "1", $_SERVER['HTTP_REFERER'] ) !== preg_replace( "/([^:]+).*/", "1", $_SERVER['HTTP_HOST'] ) )
{
return FALSE;
}
return TRUE;
}
public static function filterForbidChar( $content )
{
$new_content = $content;
$forbidargs = X::$cfg['forbidargs'];
if ( !empty( $forbidargs ) )
{
$array = explode( ",", $forbidargs );
$i = 0;
for ( ; $i < sizeof( $array ); ++$i )
{
$new_content = str_ireplace( $array[$i], "", $content );
}
}
return $new_content;
}
public static function checkExistsForbidChar( $content )
{
$flag = FALSE;
$forbidargs = X::$cfg['forbidargs'];
if ( !empty( $forbidargs ) )
{
$array = explode( ",", $forbidargs );
$i = 0;
for ( ; $i < sizeof( $array ); ++$i )
{
if ( FALSE === strpos( strtolower( $content ), strtolower( $array[$i] ) ) )
{
continue;
}
$flag = TRUE;
break;
}
}
return $flag;
}
public static function checkExistsForbidUserName( $username )
{
$flag = FALSE;
$forbidargs = X::$cfg['lockusers'];
if ( !empty( $forbidargs ) )
{
$array = explode( ",", $forbidargs );
$i = 0;
for ( ; $i < sizeof( $array ); ++$i )
{
if ( FALSE === strpos( strtolower( $username ), strtolower( $array[$i] ) ) )
{
continue;
}
$flag = TRUE;
break;
}
}
return $flag;
}
}
if ( !defined( "IN_OESOFT" ) )
{
exit( "Access Denied" );
}
?>
|
