** Built upon work by Roman Danyliw , ** ** Purpose: routines to manipulate shared state (session information) ******************************************************************************** ** Authors: ******************************************************************************** ** Kevin Johnson 0 ) echo ''._PHPSESSREG.'
'; } /* *********************************************************************** * Function: CleanVariables() * * @doc Removes invalid characters/data from a variable based on a * specified mask of acceptable data or a list of explicit values. * * Note: only the mask or explicit list can be used a a time * * @param item variable to scrub * @param valid_data mask of valid characters * @param exception array with explicit values to match * * @return a sanitized version of the passed variable * ************************************************************************/ function CleanVariable($item, $valid_data, $exception = "") { return $item; /* Check the exception value list first */ if ( $exception != "" ) { if ( in_array($item, $exception) ) return $item; else return ""; } if ( $valid_data == "" ) return $item; $regex_mask = ""; if ( ($valid_data & VAR_DIGIT) > 0 ) $regex_mask = $regex_mask . "0-9"; if ( ($valid_data & VAR_LETTER) > 0 ) $regex_mask = $regex_mask . "A-Za-z"; if ( ($valid_data & VAR_ULETTER) > 0 ) $regex_mask = $regex_mask . "A-Z"; if ( ($valid_data & VAR_LLETTER) > 0 ) $regex_mask = $regex_mask . "a-z"; if ( ($valid_data & VAR_ALPHA) > 0 ) $regex_mask = $regex_mask . "0-9A-Za-z"; if ( ($valid_data & VAR_SPACE) > 0 ) $regex_mask = $regex_mask . "\ "; if ( ($valid_data & VAR_PERIOD) > 0 ) $regex_mask = $regex_mask . "\."; if ( ($valid_data & VAR_OPAREN) > 0 ) $regex_mask = $regex_mask . "\("; if ( ($valid_data & VAR_CPAREN) > 0 ) $regex_mask = $regex_mask . "\)"; if ( ($valid_data & VAR_BOOLEAN) > 0 ) $regex_mask = $regex_mask . "\)"; if ( ($valid_data & VAR_OPERATOR) > 0 ) $regex_mask = $regex_mask . "\)"; if ( ($valid_data & VAR_PUNC) > 0 ) $regex_mask = $regex_mask . "\!\#\$\%\^\&\*\_\-\=\+\:\;\,\?\ \(\))"; if ( ($valid_data & VAR_USCORE) > 0 ) $regex_mask = $regex_mask . "\_"; if ( ($valid_data & VAR_AT) > 0 ) $regex_mask = $regex_mask . "\@"; return ereg_replace("[^".$regex_mask."]", "", $item); } /* *********************************************************************** * Function: SetSessionVar() * * @doc Handles retrieving and updating persistant session (criteria) * data. This routine handles the details of checking for criteria * updates passed through POST/GET and resolving this with values * that may already have been set and stored in the session. * * All criteria variables need invoke this function before they are * used for the first time to extract their previously stored values, * and process potential updates to their value. * * Note: Validation of user input is not performed by this routine. * * @param $var_name name of the persistant session variable to retrieve * * @return the updated value of the persistant session variable named * by $var_name * ************************************************************************/ function SetSessionVar($var_name) { if ( isset($_POST[$var_name]) ) { if ( $GLOBALS['debug_mode'] > 0 ) echo "importing POST var '$var_name'
"; return $_POST[$var_name]; } else if ( isset($_GET[$var_name]) ) { if ( $GLOBALS['debug_mode'] > 0 ) echo "importing GET var '$var_name'
"; return $_GET[$var_name]; } else if ( isset($_SESSION[$var_name]) ) { if ( $GLOBALS['debug_mode'] > 0 ) echo "importing SESSION var '$var_name'
"; return $_SESSION[$var_name]; } else return ""; } /* *********************************************************************** * Function: ImportHTTPVar() * * @doc Handles retrieving temporary state variables needed to present a * given set of results (e.g., sort order, current record). The * values of these variables are never persistantly stored. Rather, * they are passed as HTTP POST and GET parameters. * * All temporary variables need invoke this function before they are * used for the first time to extract their value. * * Optionally, sanitization parameters can be set, ala CleanVariable() * syntax to validate the user input. * * @param $var_name name of the temporary state variable to retrieve * @param $valid_data (optional) list of valid character types * (see CleanVariable) * @param $exception (optional) array of explicit values the imported * variable must be set to * * @see CleanVariable * * @return the sanitized value of the temporary state variable named * by $var_name * ************************************************************************/ function ImportHTTPVar($var_name, $valid_data = "", $exception = "") { $tmp = ""; if ( isset($_POST[$var_name]) ) { //if ( $debug_mode > 0 ) echo "importing POST var '$var_name'
"; $tmp = $_POST[$var_name]; } else if ( isset($_GET[$var_name]) ) { //if ( $debug_mode > 0 ) echo "importing GET var '$var_name'
"; $tmp = $_GET[$var_name]; } else $tmp = ""; return CleanVariable($tmp, $valid_data, $exception); } /* *********************************************************************** * Function: ExportHTTPVar() * * @doc Handles export of a temporary state variables needed to present a * given set of results (e.g., sort order, current record). This * routine creates a hidden HTML form variable. * * Note: The user is responsible for generating the appropriate HTML * form code. * * Security Note: Only, temporary variables should make use of this * function. These values are exposed in HTML to the * user; he is free to modify them. * * @param $var_name name of the temporary state variable to export * @param $var_value value of the temporary state variable * * @see ImportHTTPVar * ************************************************************************/ function ExportHTTPVar ($var_name, $var_value) { echo "\n"; } ?>