1 files changed, 84 insertions, 10 deletions

diff --git a/inc/Input.class.php b/inc/Input.class.php
index 7434d2b2c..94da2a10e 100644
--- a/inc/Input.class.php
+++ b/inc/Input.class.php
@@ -15,16 +15,50 @@ class Input {
     public $post;
     /** @var GetInput Access $_GET parameters */
     public $get;
+    /** @var ServerInput Access $_SERVER parameters */
+    public $server;
 
     protected $access;
 
     /**
+     * @var Callable
+     */
+    protected $filter;
+
+    /**
      * Intilizes the Input class and it subcomponents
      */
     function __construct() {
         $this->access = &$_REQUEST;
         $this->post   = new PostInput();
         $this->get    = new GetInput();
+        $this->server = new ServerInput();
+    }
+
+    /**
+     * Apply the set filter to the given value
+     *
+     * @param string $data
+     * @return string
+     */
+    protected function applyfilter($data){
+        if(!$this->filter) return $data;
+        return call_user_func($this->filter, $data);
+    }
+
+    /**
+     * Return a filtered copy of the input object
+     *
+     * Expects a callable that accepts one string parameter and returns a filtered string
+     *
+     * @param Callable|string $filter
+     * @return Input
+     */
+    public function filter($filter='stripctl'){
+        $this->filter = $filter;
+        $clone = clone $this;
+        $this->filter = '';
+        return $clone;
     }
 
     /**
@@ -74,8 +108,9 @@ class Input {
      */
     public function param($name, $default = null, $nonempty = false) {
         if(!isset($this->access[$name])) return $default;
-        if($nonempty && empty($this->access[$name])) return $default;
-        return $this->access[$name];
+        $value = $this->applyfilter($this->access[$name]);
+        if($nonempty && empty($value)) return $default;
+        return $value;
     }
 
     /**
@@ -118,10 +153,11 @@ class Input {
     public function int($name, $default = 0, $nonempty = false) {
         if(!isset($this->access[$name])) return $default;
         if(is_array($this->access[$name])) return $default;
-        if($this->access[$name] === '') return $default;
-        if($nonempty && empty($this->access[$name])) return $default;
+        $value = $this->applyfilter($this->access[$name]);
+        if($value === '') return $default;
+        if($nonempty && empty($value)) return $default;
 
-        return (int) $this->access[$name];
+        return (int) $value;
     }
 
     /**
@@ -135,9 +171,31 @@ class Input {
     public function str($name, $default = '', $nonempty = false) {
         if(!isset($this->access[$name])) return $default;
         if(is_array($this->access[$name])) return $default;
-        if($nonempty && empty($this->access[$name])) return $default;
+        $value = $this->applyfilter($this->access[$name]);
+        if($nonempty && empty($value)) return $default;
 
-        return (string) $this->access[$name];
+        return (string) $value;
+    }
+
+    /**
+     * Access a request parameter and make sure it is has a valid value
+     *
+     * Please note that comparisons to the valid values are not done typesafe (request vars
+     * are always strings) however the function will return the correct type from the $valids
+     * array when an match was found.
+     *
+     * @param string $name    Parameter name
+     * @param array  $valids  Array of valid values
+     * @param mixed  $default Default to return if parameter isn't set or not valid
+     * @return null|mixed
+     */
+    public function valid($name, $valids, $default = null) {
+        if(!isset($this->access[$name])) return $default;
+        if(is_array($this->access[$name])) return $default; // we don't allow arrays
+        $value = $this->applyfilter($this->access[$name]);
+        $found = array_search($value, $valids);
+        if($found !== false) return $valids[$found]; // return the valid value for type safety
+        return $default;
     }
 
     /**
@@ -153,10 +211,11 @@ class Input {
     public function bool($name, $default = false, $nonempty = false) {
         if(!isset($this->access[$name])) return $default;
         if(is_array($this->access[$name])) return $default;
-        if($this->access[$name] === '') return $default;
-        if($nonempty && empty($this->access[$name])) return $default;
+        $value = $this->applyfilter($this->access[$name]);
+        if($value === '') return $default;
+        if($nonempty && empty($value)) return $default;
 
-        return (bool) $this->access[$name];
+        return (bool) $value;
     }
 
     /**
@@ -260,3 +319,18 @@ class GetInput extends Input {
         $_REQUEST[$name] = $value;
     }
 }
+
+/**
+ * Internal class used for $_SERVER access in Input class
+ */
+class ServerInput extends Input {
+    protected $access;
+
+    /**
+     * Initialize the $access array, remove subclass members
+     */
+    function __construct() {
+        $this->access = &$_SERVER;
+    }
+
+}