git://200.18.67.61 / siap.git / blame
| Commit | Line | Data |
|---|---|---|
| 696f20d5 MS |
1 | <? |
| 2 | class Input { | |
| 3 | ||
| 4 | function Input() { | |
| 5 | log_message("[input] é instanciado."); | |
| 6 | ||
| 7 | $this->_encode_array = array('4', '5', 'J', 'A', 'Q', 'c', 'n', 'x', 'P', 'Y', 'd', 'b', 'g', 'i', 'j', 'y', 'a', '9'); | |
| 8 | ||
| 9 | //TODO: Esquematizar segurança nas variáveis de entrada | |
| 10 | } | |
| 11 | ||
| 12 | function keyExists($tmp_input_name, $tmp_key) { | |
| 13 | switch ($tmp_input_name) { | |
| 14 | case "request": | |
| 15 | $var = $_REQUEST; | |
| 16 | ||
| 17 | break; | |
| 18 | case "post": | |
| 19 | $var = $_POST; | |
| 20 | ||
| 21 | break; | |
| 22 | case "get": | |
| 23 | $var = $_GET; | |
| 24 | ||
| 25 | break; | |
| 26 | } | |
| 27 | ||
| 28 | return array_key_exists($tmp_key, $var); | |
| 29 | } | |
| 30 | ||
| 31 | function get($tmp_key, $tmp_decode = false) { | |
| 32 | $key = $this->_cleanKey($tmp_key); | |
| 33 | ||
| 34 | $r = ""; | |
| 35 | if (isset($_GET[$key])) { | |
| 36 | $r = $this->_cleanStr($_GET[$key]); | |
| 37 | } | |
| 38 | ||
| 39 | if ($tmp_decode) { | |
| 40 | $r = $this->_decode($r); | |
| 41 | } | |
| 42 | ||
| 43 | return $r; | |
| 44 | } | |
| 45 | ||
| 46 | function post($tmp_key, $tmp_decode = false) { | |
| 47 | $key = $this->_cleanKey($tmp_key); | |
| 48 | ||
| 49 | $r = ""; | |
| 50 | if (isset($_POST[$key])) { | |
| 51 | $r = $this->_cleanStr($_POST[$key]); | |
| 52 | } | |
| 53 | ||
| 54 | if ($tmp_decode) { | |
| 55 | $r = $this->_decode($r); | |
| 56 | } | |
| 57 | ||
| 58 | return $r; | |
| 59 | } | |
| 60 | ||
| 61 | function request($tmp_key, $tmp_decode = false) { | |
| 62 | $get = $this->get($tmp_key); | |
| 63 | $post = $this->post($tmp_key); | |
| 64 | ||
| 65 | if ($tmp_decode) { | |
| 66 | $get = $this->_decode($get); | |
| 67 | $post = $this->_decode($post); | |
| 68 | } | |
| 69 | ||
| 70 | if ($get != "") { | |
| 71 | return $get; | |
| 72 | } elseif ($post != "") { | |
| 73 | return $post; | |
| 74 | } else { | |
| 75 | return ""; | |
| 76 | } | |
| 77 | } | |
| 78 | ||
| 79 | function server($tmp_key) { | |
| 80 | global $HTTP_SERVER_VARS; | |
| 81 | global $HTTP_ENV_VARS; | |
| 82 | ||
| 83 | if (!isset($_SERVER)) { | |
| 84 | $_SERVER = $HTTP_SERVER_VARS; | |
| 85 | if(!isset($_SERVER["REMOTE_ADDR"])) { | |
| 86 | // must be Apache | |
| 87 | $_SERVER = $HTTP_ENV_VARS; | |
| 88 | } | |
| 89 | } | |
| 90 | ||
| 91 | if (isset($_SERVER[$tmp_key])) { | |
| 92 | return $_SERVER[$tmp_key]; | |
| 93 | } else { | |
| 94 | return ""; | |
| 95 | } | |
| 96 | } | |
| 97 | ||
| 98 | function session($tmp_key) { | |
| 99 | $r = ""; | |
| 100 | ||
| 101 | if (isset($_SESSION[$tmp_key])) { | |
| 102 | $r = $_SESSION[$tmp_key]; | |
| 103 | } | |
| 104 | ||
| 105 | return $r; | |
| 106 | } | |
| 107 | ||
| 108 | function setSession($tmp_key, $tmp_value) { | |
| 109 | $_SESSION[$tmp_key] = $tmp_value; | |
| 110 | } | |
| 111 | ||
| 112 | function unsetSession($tmp_key) { | |
| 113 | unset($_SESSION[$tmp_key]); | |
| 114 | } | |
| 115 | ||
| 116 | function encode($tmp_string) { | |
| 117 | return $this->_encode($tmp_string); | |
| 118 | } | |
| 119 | ||
| 120 | function decode($tmp_string) { | |
| 121 | return $this->_decode($tmp_string); | |
| 122 | } | |
| 123 | ||
| 124 | //private functions | |
| 125 | function _cleanStr($tmp_string) { | |
| 126 | //Remove null chars | |
| 127 | $tmp_string = preg_replace('/\0+/', '', $tmp_string); | |
| 128 | $tmp_string = preg_replace('/(\\\\0)+/', '', $tmp_string); | |
| 129 | ||
| 130 | //Decode raw urls | |
| 131 | $tmp_string = rawurldecode($tmp_string); | |
| 132 | ||
| 133 | //Remove bad words | |
| 134 | $bad = array( | |
| 135 | 'document.cookie' => '[removed]', | |
| 136 | 'document.write' => '[removed]', | |
| 137 | '.parentNode' => '[removed]', | |
| 138 | '.innerHTML' => '[removed]', | |
| 139 | 'window.location' => '[removed]', | |
| 140 | '-moz-binding' => '[removed]', | |
| 141 | '<!--' => '<!--', | |
| 142 | '-->' => '-->', | |
| 143 | '<!CDATA[' => '<![CDATA[' | |
| 144 | ); | |
| 145 | ||
| 146 | foreach ($bad as $k => $v) { | |
| 147 | $tmp_string = str_replace($k, $v, $tmp_string); | |
| 148 | } | |
| 149 | ||
| 150 | //Escape ' | |
| 151 | $tmp_string = str_replace("'", "`", $tmp_string); | |
| 152 | ||
| 153 | return $tmp_string; | |
| 154 | } | |
| 155 | ||
| 156 | ||
| 157 | function _cleanKey($tmp_string) { | |
| 158 | if (!preg_match("/^[a-z0-9:_\/-]+$/i", $tmp_string)) { | |
| 159 | error(2, "Chave não permitida", "Input", "_cleanKey"); | |
| 160 | } | |
| 161 | ||
| 162 | return $tmp_string; | |
| 163 | } | |
| 164 | ||
| 165 | function _encode($tmp_string) { | |
| 166 | $arr = $this->_encode_array; | |
| 167 | $t = sizeof($arr) - 1; | |
| 168 | $r = ""; | |
| 169 | $l = strlen($tmp_string); | |
| 170 | ||
| 171 | for ($i = 0; $i < $l; $i++) { | |
| 172 | $c1 = 0; | |
| 173 | $c2 = ord($tmp_string{$i}); | |
| 174 | ||
| 175 | while ($c2 > $t) { | |
| 176 | $c2 -= $t; | |
| 177 | ||
| 178 | $c1++; | |
| 179 | } | |
| 180 | ||
| 181 | if (($i % 2) == 0) { $r .= $arr[$c1] . $arr[$c2]; } | |
| 182 | else { $r .= $arr[$t - $c1] . $arr[$t - $c2]; } | |
| 183 | } | |
| 184 | ||
| 185 | return $r; | |
| 186 | } | |
| 187 | ||
| 188 | function _decode($tmp_string) { | |
| 189 | $arr = $this->_encode_array; | |
| 190 | $t = sizeof($arr) - 1; | |
| 191 | $k = array_flip($arr); | |
| 192 | $n = 0; | |
| 193 | $r = ""; | |
| 194 | $l = strlen($tmp_string); | |
| 195 | ||
| 196 | for ($i = 0; $i < $l; $i++) { | |
| 197 | $c1 = $tmp_string{$i}; $i++; | |
| 198 | $c2 = $tmp_string{$i}; | |
| 199 | ||
| 200 | if (($n % 2) == 0) { $r .= chr(($k[$c1] * $t) + $k[$c2]); } | |
| 201 | else { $r .= chr((($t - $k[$c1]) * $t) + ($t - $k[$c2])); } | |
| 202 | ||
| 203 | $n++; | |
| 204 | } | |
| 205 | ||
| 206 | return $r; | |
| 207 | } | |
| 208 | } | |
| 209 | ?> |