From 356d9c9ea239fe5fe0ac5ecc2c294e768f672059 Mon Sep 17 00:00:00 2001 From: Hakan Sandell Date: Sat, 8 Sep 2012 15:02:28 +0200 Subject: Replacing $_REQUEST variables with $INPUT wrapper, init.php --- lib/exe/ajax.php | 47 +++++++++++++++++++++++++++-------------------- 1 file changed, 27 insertions(+), 20 deletions(-) diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php index 496b2f1a1..9989269cf 100644 --- a/lib/exe/ajax.php +++ b/lib/exe/ajax.php @@ -14,10 +14,10 @@ session_write_close(); header('Content-Type: text/html; charset=utf-8'); //call the requested function -if(isset($_POST['call'])){ - $call = $_POST['call']; -}else if(isset($_GET['call'])){ - $call = $_GET['call']; +if($INPUT->post->has('call')){ + $call = $INPUT->post->str('call'); +}else if($INPUT->get->has('call')){ + $call = $INPUT->get->str('call'); }else{ exit; } @@ -43,9 +43,10 @@ if(function_exists($callfn)){ function ajax_qsearch(){ global $conf; global $lang; + global $INPUT; - $query = $_POST['q']; - if(empty($query)) $query = $_GET['q']; + $query = $INPUT->post->str('q'); + if(empty($query)) $query = $INPUT->get->str('q'); if(empty($query)) return; $query = urldecode($query); @@ -81,9 +82,10 @@ function ajax_qsearch(){ function ajax_suggestions() { global $conf; global $lang; + global $INPUT; - $query = cleanID($_POST['q']); - if(empty($query)) $query = cleanID($_GET['q']); + $query = cleanID($INPUT->post->str('q')); + if(empty($query)) $query = cleanID($INPUT->get->str('q')); if(empty($query)) return; $data = array(); @@ -121,8 +123,9 @@ function ajax_lock(){ global $lang; global $ID; global $INFO; + global $INPUT; - $ID = cleanID($_POST['id']); + $ID = cleanID($INPUT->post->str('id')); if(empty($ID)) return; $INFO = pageinfo(); @@ -137,15 +140,15 @@ function ajax_lock(){ echo 1; } - if($conf['usedraft'] && $_POST['wikitext']){ + if($conf['usedraft'] && $INPUT->post->str('wikitext')){ $client = $_SERVER['REMOTE_USER']; if(!$client) $client = clientIP(true); $draft = array('id' => $ID, - 'prefix' => substr($_POST['prefix'], 0, -1), - 'text' => $_POST['wikitext'], - 'suffix' => $_POST['suffix'], - 'date' => (int) $_POST['date'], + 'prefix' => substr($INPUT->post->str('prefix'), 0, -1), + 'text' => $INPUT->post->str('wikitext'), + 'suffix' => $INPUT->post->str('suffix'), + 'date' => $INPUT->post->int('date'), 'client' => $client, ); $cname = getCacheName($draft['client'].$ID,'.draft'); @@ -180,9 +183,10 @@ function ajax_draftdel(){ */ function ajax_medians(){ global $conf; + global $INPUT; // wanted namespace - $ns = cleanID($_POST['ns']); + $ns = cleanID($INPUT->post->str('ns')); $dir = utf8_encodeFN(str_replace(':','/',$ns)); $lvl = count(explode(':',$ns)); @@ -203,9 +207,10 @@ function ajax_medians(){ function ajax_medialist(){ global $conf; global $NS; + global $INPUT; - $NS = cleanID($_POST['ns']); - if ($_POST['do'] == 'media') { + $NS = cleanID($INPUT->post->str('ns')); + if ($INPUT->post->str('do') == 'media') { tpl_mediaFileList(); } else { tpl_mediaContent(true); @@ -241,7 +246,7 @@ function ajax_mediadiff(){ global $INPUT; if ($INPUT->has('image')) $image = cleanID($INPUT->str('image')); - $NS = $_POST['ns']; + $NS = $INPUT->post->str('ns'); $auth = auth_quickaclcheck("$NS:*"); media_diff($image, $NS, $auth, true); } @@ -310,9 +315,10 @@ function dir_delete($path) { */ function ajax_index(){ global $conf; + global $INPUT; // wanted namespace - $ns = cleanID($_POST['idx']); + $ns = cleanID($INPUT->post->str('idx')); $dir = utf8_encodeFN(str_replace(':','/',$ns)); $lvl = count(explode(':',$ns)); @@ -333,8 +339,9 @@ function ajax_index(){ function ajax_linkwiz(){ global $conf; global $lang; + global $INPUT; - $q = ltrim(trim($_POST['q']),':'); + $q = ltrim(trim($INPUT->post->str('q')),':'); $id = noNS($q); $ns = getNS($q); -- cgit v1.2.3