RFC: Request Class Superglobal Default Values/Methods
This is a proposal to modify OpenCart's Request class to return a default value should the superglobal value not exist. Currently superglobal values are stored as Request class properties and directly accessed by the cart. This change is best achieved by modifying the Request class to return superglobals through a method rather than object properties.
Proof of Concept
Code: Select all
class Request {
private $get = array();
...
public function __construct() {
$this->get = $_GET;
...
unset($_GET);
}
public function get($value, $default = null, $raw = false) {
return $this->getValue($this->get, $value, $default, $raw);
}
public function post($value, $default = null, $raw = false) { ... }
public function cookie($value, $default = null, $raw = false) { ... }
public function files($value, $default = null, $raw = false) { ... }
public function server($value, $default = null, $raw = false) { ... }
public function env($value, $default = null, $raw = false) { ... }
public function clean($data) { ... }
private function getValue($global, $value, $default, $raw) {
$data = $default;
if (isset($global[$value])) {
$data = $global[$value];
}
if ($raw !== true) {
$data = $this->clean($data);
}
return $data;
}
}
Advantages
This would allow existing code:
Code: Select all
if (isset($this->request->get['filter_price'])) {
$filter_price = $this->request->get['filter_price'];
} else {
$filter_price = null;
}
if (isset($this->request->get['order'])) {
$order = $this->request->get['order'];
} else {
$order = 'ASC';
}
Code: Select all
$filter_price = $this->request->get('filter_price'); // default null
$order = $this->request->get('order', 'ASC'); // default ASC
Code: Select all
$this->request->post('password', null, true);
This feature will allow for the return of superglobal unsetting which was removed in commit 360788e5. Unsetting superglobals increases security by ensuring third-party mods are not accidentally using unsanitized data.
Impact
The two superglobal access approaches can coexist. A staggered removal of Request properties could occur (deprecation in OC 2.0, removal in 2.1) but with with major backward compatibility breaks of OpenCart 2.0 it would be advisable to plan for a full removal in that release. Third-party mods will already need to be updated at that time.
The following areas of the OpenCart core will be affected:
- All $this->request->{superglobal}[] properties would need to be updated to $this->request->{superglobal}() methods
- if/else assignments such as the examples should be updated to use default returns
- Logic relying on an isset() check of a superglobal would need to be changed to !is_null()
The following frameworks/ecommerce platforms use similar methodologies:
Laravel - http://laravel.com/docs/requests
Phalcon - http://docs.phalconphp.com/en/latest/ap ... quest.html
CodeIgniter - https://ellislab.com/codeigniter/user-g ... input.html
Symfony2 - http://symfony.com/doc/current/componen ... ction.html
Prestashop - http://doc.prestashop.com/display/PS15/ ... ols.php%29
Updates
2014-09-07: Added superglobal unsetting, full PoC code, and references
