Commit | Line | Data |
---|---|---|
696f20d5 MS |
1 | <? |
2 | class Input { | |
3 | ||
4 | function Input() { | |
5 | log_message("[input] é instanciado."); | |
6 | ||
7 | $this->_encode_array = array('4', '5', 'J', 'A', 'Q', 'c', 'n', 'x', 'P', 'Y', 'd', 'b', 'g', 'i', 'j', 'y', 'a', '9'); | |
8 | ||
9 | //TODO: Esquematizar segurança nas variáveis de entrada | |
10 | } | |
11 | ||
12 | function keyExists($tmp_input_name, $tmp_key) { | |
13 | switch ($tmp_input_name) { | |
14 | case "request": | |
15 | $var = $_REQUEST; | |
16 | ||
17 | break; | |
18 | case "post": | |
19 | $var = $_POST; | |
20 | ||
21 | break; | |
22 | case "get": | |
23 | $var = $_GET; | |
24 | ||
25 | break; | |
26 | } | |
27 | ||
28 | return array_key_exists($tmp_key, $var); | |
29 | } | |
30 | ||
31 | function get($tmp_key, $tmp_decode = false) { | |
32 | $key = $this->_cleanKey($tmp_key); | |
33 | ||
34 | $r = ""; | |
35 | if (isset($_GET[$key])) { | |
36 | $r = $this->_cleanStr($_GET[$key]); | |
37 | } | |
38 | ||
39 | if ($tmp_decode) { | |
40 | $r = $this->_decode($r); | |
41 | } | |
42 | ||
43 | return $r; | |
44 | } | |
45 | ||
46 | function post($tmp_key, $tmp_decode = false) { | |
47 | $key = $this->_cleanKey($tmp_key); | |
48 | ||
49 | $r = ""; | |
50 | if (isset($_POST[$key])) { | |
51 | $r = $this->_cleanStr($_POST[$key]); | |
52 | } | |
53 | ||
54 | if ($tmp_decode) { | |
55 | $r = $this->_decode($r); | |
56 | } | |
57 | ||
58 | return $r; | |
59 | } | |
60 | ||
61 | function request($tmp_key, $tmp_decode = false) { | |
62 | $get = $this->get($tmp_key); | |
63 | $post = $this->post($tmp_key); | |
64 | ||
65 | if ($tmp_decode) { | |
66 | $get = $this->_decode($get); | |
67 | $post = $this->_decode($post); | |
68 | } | |
69 | ||
70 | if ($get != "") { | |
71 | return $get; | |
72 | } elseif ($post != "") { | |
73 | return $post; | |
74 | } else { | |
75 | return ""; | |
76 | } | |
77 | } | |
78 | ||
79 | function server($tmp_key) { | |
80 | global $HTTP_SERVER_VARS; | |
81 | global $HTTP_ENV_VARS; | |
82 | ||
83 | if (!isset($_SERVER)) { | |
84 | $_SERVER = $HTTP_SERVER_VARS; | |
85 | if(!isset($_SERVER["REMOTE_ADDR"])) { | |
86 | // must be Apache | |
87 | $_SERVER = $HTTP_ENV_VARS; | |
88 | } | |
89 | } | |
90 | ||
91 | if (isset($_SERVER[$tmp_key])) { | |
92 | return $_SERVER[$tmp_key]; | |
93 | } else { | |
94 | return ""; | |
95 | } | |
96 | } | |
97 | ||
98 | function session($tmp_key) { | |
99 | $r = ""; | |
100 | ||
101 | if (isset($_SESSION[$tmp_key])) { | |
102 | $r = $_SESSION[$tmp_key]; | |
103 | } | |
104 | ||
105 | return $r; | |
106 | } | |
107 | ||
108 | function setSession($tmp_key, $tmp_value) { | |
109 | $_SESSION[$tmp_key] = $tmp_value; | |
110 | } | |
111 | ||
112 | function unsetSession($tmp_key) { | |
113 | unset($_SESSION[$tmp_key]); | |
114 | } | |
115 | ||
116 | function encode($tmp_string) { | |
117 | return $this->_encode($tmp_string); | |
118 | } | |
119 | ||
120 | function decode($tmp_string) { | |
121 | return $this->_decode($tmp_string); | |
122 | } | |
123 | ||
124 | //private functions | |
125 | function _cleanStr($tmp_string) { | |
126 | //Remove null chars | |
127 | $tmp_string = preg_replace('/\0+/', '', $tmp_string); | |
128 | $tmp_string = preg_replace('/(\\\\0)+/', '', $tmp_string); | |
129 | ||
130 | //Decode raw urls | |
131 | $tmp_string = rawurldecode($tmp_string); | |
132 | ||
133 | //Remove bad words | |
134 | $bad = array( | |
135 | 'document.cookie' => '[removed]', | |
136 | 'document.write' => '[removed]', | |
137 | '.parentNode' => '[removed]', | |
138 | '.innerHTML' => '[removed]', | |
139 | 'window.location' => '[removed]', | |
140 | '-moz-binding' => '[removed]', | |
141 | '<!--' => '<!--', | |
142 | '-->' => '-->', | |
143 | '<!CDATA[' => '<![CDATA[' | |
144 | ); | |
145 | ||
146 | foreach ($bad as $k => $v) { | |
147 | $tmp_string = str_replace($k, $v, $tmp_string); | |
148 | } | |
149 | ||
150 | //Escape ' | |
151 | $tmp_string = str_replace("'", "`", $tmp_string); | |
152 | ||
153 | return $tmp_string; | |
154 | } | |
155 | ||
156 | ||
157 | function _cleanKey($tmp_string) { | |
158 | if (!preg_match("/^[a-z0-9:_\/-]+$/i", $tmp_string)) { | |
159 | error(2, "Chave não permitida", "Input", "_cleanKey"); | |
160 | } | |
161 | ||
162 | return $tmp_string; | |
163 | } | |
164 | ||
165 | function _encode($tmp_string) { | |
166 | $arr = $this->_encode_array; | |
167 | $t = sizeof($arr) - 1; | |
168 | $r = ""; | |
169 | $l = strlen($tmp_string); | |
170 | ||
171 | for ($i = 0; $i < $l; $i++) { | |
172 | $c1 = 0; | |
173 | $c2 = ord($tmp_string{$i}); | |
174 | ||
175 | while ($c2 > $t) { | |
176 | $c2 -= $t; | |
177 | ||
178 | $c1++; | |
179 | } | |
180 | ||
181 | if (($i % 2) == 0) { $r .= $arr[$c1] . $arr[$c2]; } | |
182 | else { $r .= $arr[$t - $c1] . $arr[$t - $c2]; } | |
183 | } | |
184 | ||
185 | return $r; | |
186 | } | |
187 | ||
188 | function _decode($tmp_string) { | |
189 | $arr = $this->_encode_array; | |
190 | $t = sizeof($arr) - 1; | |
191 | $k = array_flip($arr); | |
192 | $n = 0; | |
193 | $r = ""; | |
194 | $l = strlen($tmp_string); | |
195 | ||
196 | for ($i = 0; $i < $l; $i++) { | |
197 | $c1 = $tmp_string{$i}; $i++; | |
198 | $c2 = $tmp_string{$i}; | |
199 | ||
200 | if (($n % 2) == 0) { $r .= chr(($k[$c1] * $t) + $k[$c2]); } | |
201 | else { $r .= chr((($t - $k[$c1]) * $t) + ($t - $k[$c2])); } | |
202 | ||
203 | $n++; | |
204 | } | |
205 | ||
206 | return $r; | |
207 | } | |
208 | } | |
209 | ?> |