Thread: Mysidia Adoptables v1.3.2[Security Release]
View Single Post
  #58  
Old 12-12-2012, 01:13 PM
SilverDragonTears's Avatar
SilverDragonTears SilverDragonTears is offline
I am your Nemesis.
  
Join Date: Jun 2011
Posts: 1,113
Gender: Female
Credits: 112,690
SilverDragonTears is on a distinguished road
Default
I did. Still got an error.
Parse error: syntax error, unexpected T_VARIABLE in /home/taleofdr/public_html/classes/class_input.php on line 120

I'm starting to think I won't be able to add in the adopt shop :/

Code:
<?php

/**
 * The Input Class, it is one of Mysidia system core classes.
 * It acts as a secure wrapper for user input in $_GET and $_POST.
 * Input is a final class, no child class shall derive from it.
 * An instance of Input class is generated upon Mysidia system object's creation. 
 * This specific instance is available from Registry, just like any other Mysidia core objects. 
 * @category Resource
 * @package Core
 * @author Hall of Famer 
 * @copyright Mysidia Adoptables Script
 * @link http://www.mysidiaadoptables.com
 * @since 1.3.2
 * @todo incorporate input class in Mysidia adoptables system.
 */

final class Input{

    /**
	 * The request property, which holds request method information: get, post or else.
	 * @access public
	 * @var String
    */
    public $request;
	
	/**
	 * The post property, it stores all user input vars in $_POST.
	 * @access private
	 * @var ArrayObject
    */
    private $post; 
	
	/**
	 * The get property, it stores all user input vars in $_GET.
	 * @access private
	 * @var ArrayObject
    */
    private $get;
	
	/**
	 * The action property, which specifies users action.
	 * @access private
	 * @var String
    */
    private $action;

	
	/**
     * Constructor of Input Class, it generates basic properties for an input object.
     * @access public
     * @return Void
     */	 
    public function __construct(){	 
        $this->checkrequest();
	    $this->initialize();
    }
  
    /**
     * The initialize method, which handles parsing of user input vars.
     * @access public
     * @return Void
     */
    public function initialize(){
	    if(isset($_POST)){
	        $post = array_map('secure',$_POST);
		    $this->post = new ArrayObject($post, ArrayObject::ARRAY_AS_PROPS);
		    if(isset($this->post->action)) $this->action = $this->post->action;
            unset($_POST);     
	    }
	    if(isset($_GET)){ 
	        $get = array_map('secure',$_GET);
	        $this->get = new ArrayObject($get, ArrayObject::ARRAY_AS_PROPS);
		    if(isset($this->get->action)) $this->action = $this->get->action;
            unset($_GET);
	    }
        if(defined("SUBDIR")){
            $parser = new UrlParser($_SERVER['REQUEST_URI']);
			$elements = $parser->parse();
			$get = array_map('secure', $elements);
			$this->get = new ArrayObject($get, ArrayObject::ARRAY_AS_PROPS);
            if(isset($this->get->action)) $this->action = $this->get->action;
        }		
    }
  
    /**
     * The post method, returns a user input var stored in Input::$post property.
	 * @param String  $key
     * @access public
     * @return Object
     */
    public function post($key = ""){
        if(empty($key) and !empty($this->post)) return $this->post;
	    elseif(isset($this->post->{$key})) return $this->post->{$key};
	    else return FALSE;
    }
  
    /**
     * The get method, returns a user input var stored in Input::$get property.
	 * @param String  $key
     * @access public
     * @return Object
     */
    public function get($key = ""){
        if(empty($key) and !empty($this->get)) return $this->get;
	    elseif(isset($this->get->{$key})) return $this->get->{$key};
	    else return FALSE;    
    }

    /**
     * The manipulate method, set values in a get variable from post variable.
     * This can be manipulated by controller objects.
     * It serves as a temporary solution to url rewrite problem with get forms.
	 * @param String  $controller
     * @access public
     * @return Void
     */
    public function manipulate($controller){
        if(!($controller instanceof AppController)) throw new Exception("Controller not found.");
        elseif(is_array($controller::$param)){
            foreach($controller::$param as $key){
                if($this->post->{$key}) $this->get->{$key} = $this->post->{$key};
            }
        }
        else{
            $key = $controller::$param;
            if($this->post->{$key}) $this->get->{$key} = $this->post->{$key};
        }   
    }
  
    /**
     * The action method, verifies whether a specified action is taken by this user.
	 * @param String  $act
     * @access private
     * @return Boolean
     */
    public function action(){
        if(empty($this->action)) return FALSE;
	    else return $this->action;
    }
  
    /**
     * The checkrequest method, checks to see the request method of a particular user
     * @access private
     * @return Boolean
     */
    private function checkrequest(){
        // This method checks if there is user input, and returns the request_method if evaluated to be true
        if($_SERVER['REQUEST_METHOD'] == "POST"){
  	        $this->request = "post";
		    return TRUE;
	    }	
	    elseif($_SERVER['REQUEST_METHOD'] == "GET"){
	        $this->request = "get";
		    return TRUE;
	    }	
	    else $this->request = FALSE;
    }
  
    /**
     * The secure method, parse user input in a safe manner.
	 * @param Array  $data
     * @access private
     * @return ArrayObject
     */
    private function secure($data){
        if(is_array($data) and SUBDIR != "AdminCP") die("Hacking Attempt!");
	    $data = htmlentities($data);
        $data = addslashes($data);	
	    $data = strip_tags($data, '');
	    return $data;
    }  
}
?>
__________________

Check out SilvaTales