<?php /** * Postdata wrapper */ class Loco_mvc_PostParams extends Loco_mvc_ViewParams { /** * @var Loco_mvc_PostParams */ private static $singleton; /** * Get actual postdata, not hacked postdata WordPress ruined with wp_magic_quotes * @return Loco_mvc_PostParams */ public static function get(){ if( ! self::$singleton ){ self::$singleton = self::create(); } return self::$singleton; } /** * @return void */ public static function destroy(){ self::$singleton = null; } /** * Check if either magic_quotes_gpc or magic_quotes_runtime are enabled. * Note that get_magic_quotes_gpc and get_magic_quotes_runtime are deprecated as of PHP 7.4 and always return false * @return bool */ private static function has_magic_quotes(){ // phpcs:ignore -- PHP version is checked prior to deprecated function call. return version_compare(PHP_VERSION,'7.4','<') && ( get_magic_quotes_gpc() || get_magic_quotes_runtime() ); } /** * Construct clean postdata from current HTTP request * @return self */ public static function create(){ $post = []; if( 'POST' === $_SERVER['REQUEST_METHOD'] ){ // attempt to use clean input if available (without added slashes) $raw = (string) file_get_contents('php://input'); if( '' !== $raw && ! self::has_magic_quotes() ){ parse_str( $raw, $post ); } // else reverse wp_magic_quotes (assumes no other process has hacked the array) else { $post = stripslashes_deep( $_POST ); } } return new Loco_mvc_PostParams( $post ); } /** * Construct postdata from a series of value pairs. * This is used in tests to simulate how a form is serialized and posted * * @return self */ public static function fromSerial( array $serial ){ $pairs = []; foreach( $serial as $pair ){ $pairs[] = rawurlencode($pair[0]).'='.rawurlencode($pair[1]); } parse_str( implode('&',$pairs), $parsed ); return new Loco_mvc_PostParams( $parsed ); } /** * Collapse nested array down to series of scalar forms * @return string[] */ public function getSerial(){ $serial = []; $query = http_build_query( $this->getArrayCopy(), false, '&' ); foreach( explode('&',$query) as $str ){ $serial[] = array_map( 'urldecode', explode( '=', $str, 2 ) ); } return $serial; } }