File "request.lib.php"

Full Path: /home/rrterraplen/public_html/wp-content-20241221212636/plugins/sucuri-scanner/src/request.lib.php
File size: 4.4 KB
MIME-type: text/x-php
Charset: utf-8

<?php

/**
 * Code related to the request.lib.php interface.
 *
 * PHP version 5
 *
 * @category   Library
 * @package    Sucuri
 * @subpackage SucuriScanner
 * @author     Daniel Cid <[email protected]>
 * @copyright  2010-2018 Sucuri Inc.
 * @license    https://www.gnu.org/licenses/gpl-2.0.txt GPL2
 * @link       https://wordpress.org/plugins/sucuri-scanner
 */

if (!defined('SUCURISCAN_INIT') || SUCURISCAN_INIT !== true) {
    if (!headers_sent()) {
        /* Report invalid access if possible. */
        header('HTTP/1.1 403 Forbidden');
    }
    exit(1);
}

/**
 * HTTP request handler.
 *
 * Function definitions to retrieve, validate, and clean the parameters during a
 * HTTP request, generally after a form submission or while loading a URL. Use
 * these methods at most instead of accessing an index in the global PHP
 * variables _POST, _GET, _REQUEST since they may come with insecure data.
 *
 * @category   Library
 * @package    Sucuri
 * @subpackage SucuriScanner
 * @author     Daniel Cid <[email protected]>
 * @copyright  2010-2018 Sucuri Inc.
 * @license    https://www.gnu.org/licenses/gpl-2.0.txt GPL2
 * @link       https://wordpress.org/plugins/sucuri-scanner
 */
class SucuriScanRequest extends SucuriScan
{
    /**
     * Returns the value of the _GET, _POST or _REQUEST key.
     *
     * You can pass an additional parameter to execute a regular expression that
     * will return False if the value doesn't matches what the RegExp defined.
     * Very useful to filter user input besides form validations.
     *
     * @param  array  $list    The array where the specified key will be searched.
     * @param  string $key     Name of the variable contained in _POST.
     * @param  string $pattern Optional pattern to match allowed values.
     * @return array|string|bool Value from the global _GET or _POST variable.
     */
    private static function request($list = array(), $key = '', $pattern = '')
    {
        $key = self::varPrefix((string) $key);

        if (!is_array($list) || !isset($list[$key])) {
            return false;
        }

        $key_value = $list[$key]; /* raw request parameter */

        /* if the request data is an array, then only cast the value. */
        if ($pattern === '_array' && is_array($key_value)) {
            return (array) $key_value;
        }

        /* match WordPress nonce */
        if ($pattern === '_nonce') {
            $pattern = '[a-z0-9]{10}';
        }

        /* match valid page identifier */
        if ($pattern === '_page') {
            $pattern = '[a-z_]+';
        }

        /* match every data format */
        if ($pattern === '') {
            $pattern = '.*';
        }

        /* check the format of the request data with a regex defined above. */
        if (@preg_match('/^' . $pattern . '$/', $key_value)) {
            return self::escape($key_value);
        }

        return false;
    }

    /**
     * Returns the value stored in a specific index in the global _GET variable,
     * you can specify a pattern as the second argument to match allowed values.
     *
     * @param  string $key     Name of the variable contained in _GET.
     * @param  string $pattern Optional pattern to match allowed values.
     * @return array|string    Value from the global _GET variable.
     */
    public static function get($key = '', $pattern = '')
    {
        return self::request($_GET, $key, $pattern);
    }

    /**
     * Returns the value stored in a specific index in the global _POST variable,
     * you can specify a pattern as the second argument to match allowed values.
     *
     * @param  string $key     Name of the variable contained in _POST.
     * @param  string $pattern Optional pattern to match allowed values.
     * @return array|string    Value from the global _POST variable.
     */
    public static function post($key = '', $pattern = '')
    {
        return self::request($_POST, $key, $pattern);
    }

    /**
     * Returns the value stored in a specific index in the global _REQUEST variable,
     * you can specify a pattern as the second argument to match allowed values.
     *
     * @param  string $key     Name of the variable contained in _REQUEST.
     * @param  string $pattern Optional pattern to match allowed values.
     * @return array|string    Value from the global _REQUEST variable.
     */
    public static function getOrPost($key = '', $pattern = '')
    {
        return self::request($_REQUEST, $key, $pattern);
    }
}