$request->raw_variable() or htmlspecialchars_decode($request->variable())?

Discussion forum for Extension Writers regarding Extension Development.
Post Reply
User avatar
primehalo
Former Team Member
Posts: 2988
Joined: Fri May 06, 2005 5:58 pm
Location: Redding, CA
Contact:

$request->raw_variable() or htmlspecialchars_decode($request->variable())?

Post by primehalo »

Are we allowed to use $request->raw_variable()? I saw this method in the code and it is a public method but didn't see anything about it in the documentation. If we can use it, is it better to use that or htmlspecialchars_decode($request->variable(), ENT_COMPAT) when getting a form field that you don't want encoded for HTML output?
Ken F. Innes IV
My Extensions | My MODs | My Topics | My Site: Absolute Anime
Experience the wonder of Japanese Animation!
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: $request->raw_variable() or htmlspecialchars_decode($request->variable())?

Post by 3Di »

You can simply do (and do add ENT_COMPAT or whatever if you see that fits)

Code: Select all

$blah = $request->variable('blah','');
$blah = htmlspecialchars_decode($blah);
The only place in the core where such request_raw is being used lies into phpbb\install\helper\iohandler\ajax_iohandler.php"(128,26)

Ref.: docblock at phpbb\request\request_interface.php"(87,18)

Code: Select all

	/**
	 * Get a variable without trimming strings and without escaping.
	 * This method MUST NOT be used with queries.
	 * Same functionality as variable(), except does not run trim() on strings
	 * and does not escape input.
	 * This method should only be used when the raw input is needed without
	 * any escaping, i.e. for database password during the installation.
	 *
	 * @param	string|array	$var_name	The form variable's name from which data shall be retrieved.
	 * 										If the value is an array this may be an array of indizes which will give
	 * 										direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
	 * 										then specifying array("var", 1) as the name will return "a".
	 * @param	mixed			$default	A default value that is returned if the variable was not set.
	 * 										This function will always return a value of the same type as the default.
	 * @param	\phpbb\request\request_interface::POST|GET|REQUEST|COOKIE	$super_global
	 * 										Specifies which super global should be used
	 *
	 * @return	mixed	The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
	 *					the same as that of $default. If the variable is not set $default is returned.
	 */
	public function raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST);
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
User avatar
canonknipser
Registered User
Posts: 2096
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: $request->raw_variable() or htmlspecialchars_decode($request->variable())?

Post by canonknipser »

instead of looking up the docblock in various files, you can always look up the api documentation https://area51.phpbb.com/docs/code/3.2.x/ , eg. https://area51.phpbb.com/docs/code/3.2. ... w_variable
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: $request->raw_variable() or htmlspecialchars_decode($request->variable())?

Post by 3Di »

I don't think 7 seconds is too long for a search. :)
-- raw_variable in C:\wamp64\www\QI\boards\325Dice\ from *.php --

"C:\wamp64\www\QI\boards\325Dice\phpbb\install\helper\iohandler\ajax_iohandler.php"(128,26): return $this->request->raw_variable($name, $default);

"C:\wamp64\www\QI\boards\325Dice\phpbb\request\request.php"(222,18): public function raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST)

"C:\wamp64\www\QI\boards\325Dice\phpbb\request\request.php"(409,17): $var = $this->raw_variable($var_name, $default, $super_global);

"C:\wamp64\www\QI\boards\325Dice\phpbb\request\request_interface.php"(87,18): public function raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST);

4 occurrences have been found in 3 files.

Output completed (7 sec consumed)
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
Post Reply

Return to “Extension Writers Discussion”