From 17dd401e94c682034b7f3d9164ac3523ab01d825 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 5 Mar 2014 21:48:59 +0000 Subject: fix return by reference not a var --- inc/JpegMeta.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'inc') diff --git a/inc/JpegMeta.php b/inc/JpegMeta.php index cb1772736..a35ec3ed0 100644 --- a/inc/JpegMeta.php +++ b/inc/JpegMeta.php @@ -2929,7 +2929,8 @@ class JpegMeta { $length = strlen($data) - $pos; } - return substr($data, $pos, $length); + $rv = substr($data, $pos, $length); + return $rv; } /*************************************************************/ -- cgit v1.2.3 From 0e80bb5e347ff00c6f81627d8e39dafaaa923bc5 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 5 Mar 2014 21:58:46 +0000 Subject: use empty() where array values might not be set --- inc/actions.php | 2 +- inc/common.php | 2 +- inc/html.php | 10 +++++----- inc/init.php | 2 +- inc/media.php | 8 ++++---- inc/search.php | 16 ++++++++-------- 6 files changed, 20 insertions(+), 20 deletions(-) (limited to 'inc') diff --git a/inc/actions.php b/inc/actions.php index 4dbad1a32..240dce59a 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -733,7 +733,7 @@ function act_subscription($act){ } // any action given? if not just return and show the subscription page - if(!$params['action'] || !checkSecurityToken()) return $act; + if(empty($params['action']) || !checkSecurityToken()) return $act; // Handle POST data, may throw exception. trigger_event('ACTION_HANDLE_SUBSCRIBE', $params, 'subscription_handle_post'); diff --git a/inc/common.php b/inc/common.php index 9a53ee526..36bd32c4f 100644 --- a/inc/common.php +++ b/inc/common.php @@ -191,7 +191,7 @@ function pageinfo() { if($REV) { $revinfo = getRevisionInfo($ID, $REV, 1024); } else { - if(is_array($info['meta']['last_change'])) { + if(!empty($info['meta']['last_change']) && is_array($info['meta']['last_change'])) { $revinfo = $info['meta']['last_change']; } else { $revinfo = getRevisionInfo($ID, $info['lastmod'], 1024); diff --git a/inc/html.php b/inc/html.php index fcec29670..41f26e5cd 100644 --- a/inc/html.php +++ b/inc/html.php @@ -691,7 +691,7 @@ function html_recent($first=0, $show_changes='both'){ $form->addElement(form_makeOpenTag('div', array('class' => 'li'))); - if ($recent['media']) { + if (!empty($recent['media'])) { $form->addElement(media_printicon($recent['id'])); } else { $icon = DOKU_BASE.'lib/images/fileicons/file.png'; @@ -705,7 +705,7 @@ function html_recent($first=0, $show_changes='both'){ $diff = false; $href = ''; - if ($recent['media']) { + if (!empty($recent['media'])) { $diff = (count(getRevisions($recent['id'], 0, 1, 8192, true)) && @file_exists(mediaFN($recent['id']))); if ($diff) { $href = media_managerURL(array('tab_details' => 'history', @@ -715,7 +715,7 @@ function html_recent($first=0, $show_changes='both'){ $href = wl($recent['id'],"do=diff", false, '&'); } - if ($recent['media'] && !$diff) { + if (!empty($recent['media']) && !$diff) { $form->addElement(''); } else { $form->addElement(form_makeOpenTag('a', array('class' => 'diff_link', 'href' => $href))); @@ -729,7 +729,7 @@ function html_recent($first=0, $show_changes='both'){ $form->addElement(form_makeCloseTag('a')); } - if ($recent['media']) { + if (!empty($recent['media'])) { $href = media_managerURL(array('tab_details' => 'history', 'image' => $recent['id'], 'ns' => getNS($recent['id'])), '&'); } else { @@ -745,7 +745,7 @@ function html_recent($first=0, $show_changes='both'){ ))); $form->addElement(form_makeCloseTag('a')); - if ($recent['media']) { + if (!empty($recent['media'])) { $href = media_managerURL(array('tab_details' => 'view', 'image' => $recent['id'], 'ns' => getNS($recent['id'])), '&'); $class = (file_exists(mediaFN($recent['id']))) ? 'wikilink1' : $class = 'wikilink2'; $form->addElement(form_makeOpenTag('a', array('class' => $class, 'href' => $href))); diff --git a/inc/init.php b/inc/init.php index 9b8465911..6fb27bd2a 100644 --- a/inc/init.php +++ b/inc/init.php @@ -176,7 +176,7 @@ if(function_exists('set_magic_quotes_runtime')) @set_magic_quotes_runtime(0); $_REQUEST = array_merge($_GET,$_POST); // we don't want a purge URL to be digged -if(isset($_REQUEST['purge']) && $_SERVER['HTTP_REFERER']) unset($_REQUEST['purge']); +if(isset($_REQUEST['purge']) && !empty($_SERVER['HTTP_REFERER'])) unset($_REQUEST['purge']); // disable gzip if not available if($conf['compression'] == 'bz2' && !function_exists('bzopen')){ diff --git a/inc/media.php b/inc/media.php index 4fff95d94..dc76521c6 100644 --- a/inc/media.php +++ b/inc/media.php @@ -1018,7 +1018,7 @@ function media_file_tags($meta) { foreach($fields as $key => $tag){ $t = array(); if (!empty($tag[0])) $t = array($tag[0]); - if(is_array($tag[3])) $t = array_merge($t,$tag[3]); + if(isset($tag[3]) && is_array($tag[3])) $t = array_merge($t,$tag[3]); $value = media_getTag($t, $meta); $tags[] = array('tag' => $tag, 'value' => $value); } @@ -1779,7 +1779,7 @@ function media_nstree_item($item){ global $INPUT; $pos = strrpos($item['id'], ':'); $label = substr($item['id'], $pos > 0 ? $pos + 1 : 0); - if(!$item['label']) $item['label'] = $label; + if(empty($item['label'])) $item['label'] = $label; $ret = ''; if (!($INPUT->str('do') == 'media')) @@ -1841,7 +1841,7 @@ function media_resize_image($file, $ext, $w, $h=0){ if( $mtime > filemtime($file) || media_resize_imageIM($ext,$file,$info[0],$info[1],$local,$w,$h) || media_resize_imageGD($ext,$file,$info[0],$info[1],$local,$w,$h) ){ - if($conf['fperm']) @chmod($local, $conf['fperm']); + if(!empty($conf['fperm'])) @chmod($local, $conf['fperm']); return $local; } //still here? resizing failed @@ -1902,7 +1902,7 @@ function media_crop_image($file, $ext, $w, $h=0){ if( $mtime > @filemtime($file) || media_crop_imageIM($ext,$file,$info[0],$info[1],$local,$cw,$ch,$cx,$cy) || media_resize_imageGD($ext,$file,$cw,$ch,$local,$cw,$ch,$cx,$cy) ){ - if($conf['fperm']) @chmod($local, $conf['fperm']); + if(!empty($conf['fperm'])) @chmod($local, $conf['fperm']); return media_resize_image($local,$ext, $w, $h); } diff --git a/inc/search.php b/inc/search.php index c2d31b959..840f70375 100644 --- a/inc/search.php +++ b/inc/search.php @@ -141,7 +141,7 @@ function search_media(&$data,$base,$file,$type,$lvl,$opts){ //we do nothing with directories if($type == 'd') { - if(!$opts['depth']) return true; // recurse forever + if(empty($opts['depth'])) return true; // recurse forever $depth = substr_count($file,'/'); if($depth >= $opts['depth']) return false; // depth reached return true; @@ -157,12 +157,12 @@ function search_media(&$data,$base,$file,$type,$lvl,$opts){ //check ACL for namespace (we have no ACL for mediafiles) $info['perm'] = auth_quickaclcheck(getNS($info['id']).':*'); - if(!$opts['skipacl'] && $info['perm'] < AUTH_READ){ + if(empty($opts['skipacl']) && $info['perm'] < AUTH_READ){ return false; } //check pattern filter - if($opts['pattern'] && !@preg_match($opts['pattern'], $info['id'])){ + if(!empty($opts['pattern']) && !@preg_match($opts['pattern'], $info['id'])){ return false; } @@ -176,7 +176,7 @@ function search_media(&$data,$base,$file,$type,$lvl,$opts){ }else{ $info['isimg'] = false; } - if($opts['hash']){ + if(!empty($opts['hash'])){ $info['hash'] = md5(io_readFile(mediaFN($info['id']),false)); } @@ -361,7 +361,7 @@ function search_universal(&$data,$base,$file,$type,$lvl,$opts){ if($type == 'd') { // decide if to recursion into this directory is wanted - if(!$opts['depth']){ + if(empty($opts['depth'])){ $return = true; // recurse forever }else{ $depth = substr_count($file,'/'); @@ -407,7 +407,7 @@ function search_universal(&$data,$base,$file,$type,$lvl,$opts){ $item['level'] = $lvl; $item['open'] = $return; - if($opts['meta']){ + if(!empty($opts['meta'])){ $item['file'] = utf8_basename($file); $item['size'] = filesize($base.'/'.$file); $item['mtime'] = filemtime($base.'/'.$file); @@ -417,8 +417,8 @@ function search_universal(&$data,$base,$file,$type,$lvl,$opts){ } if($type == 'f'){ - if($opts['hash']) $item['hash'] = md5(io_readFile($base.'/'.$file,false)); - if($opts['firsthead']) $item['title'] = p_get_first_heading($item['id'],METADATA_DONT_RENDER); + if(!empty($opts['hash'])) $item['hash'] = md5(io_readFile($base.'/'.$file,false)); + if(!empty($opts['firsthead'])) $item['title'] = p_get_first_heading($item['id'],METADATA_DONT_RENDER); } // finally add the item -- cgit v1.2.3 From 6d2af55dde922ac10a288b4195b1bf338e7bc5a9 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 5 Mar 2014 22:01:20 +0000 Subject: suppress errors where list() may not fill all vars --- inc/common.php | 6 +++--- inc/parser/metadata.php | 2 +- inc/parser/renderer.php | 6 +++--- inc/parser/xhtml.php | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) (limited to 'inc') diff --git a/inc/common.php b/inc/common.php index 36bd32c4f..6aad42bd1 100644 --- a/inc/common.php +++ b/inc/common.php @@ -773,7 +773,7 @@ function checklock($id) { } //my own lock - list($ip, $session) = explode("\n", io_readFile($lock)); + @list($ip, $session) = explode("\n", io_readFile($lock)); if($ip == $_SERVER['REMOTE_USER'] || $ip == clientIP() || $session == session_id()) { return false; } @@ -811,7 +811,7 @@ function lock($id) { function unlock($id) { $lock = wikiLockFN($id); if(@file_exists($lock)) { - list($ip, $session) = explode("\n", io_readFile($lock)); + @list($ip, $session) = explode("\n", io_readFile($lock)); if($ip == $_SERVER['REMOTE_USER'] || $ip == clientIP() || $session == session_id()) { @unlink($lock); return true; @@ -1536,7 +1536,7 @@ function send_redirect($url) { // work around IE bug // http://www.ianhoar.com/2008/11/16/internet-explorer-6-and-redirected-anchor-links/ - list($url, $hash) = explode('#', $url); + @list($url, $hash) = explode('#', $url); if($hash) { if(strpos($url, '?')) { $url = $url.'&#'.$hash; diff --git a/inc/parser/metadata.php b/inc/parser/metadata.php index 73bae190f..82a268fd6 100644 --- a/inc/parser/metadata.php +++ b/inc/parser/metadata.php @@ -299,7 +299,7 @@ class Doku_Renderer_metadata extends Doku_Renderer { // first resolve and clean up the $id resolve_pageid(getNS($ID), $id, $exists); - list($page, $hash) = explode('#', $id, 2); + @list($page, $hash) = explode('#', $id, 2); // set metadata $this->meta['relation']['references'][$page] = $exists; diff --git a/inc/parser/renderer.php b/inc/parser/renderer.php index 1f9ad00a2..e748c36d8 100644 --- a/inc/parser/renderer.php +++ b/inc/parser/renderer.php @@ -274,8 +274,8 @@ class Doku_Renderer extends DokuWiki_Plugin { function _simpleTitle($name){ global $conf; - //if there is a hash we use the ancor name only - list($name,$hash) = explode('#',$name,2); + //if there is a hash we use the anchor name only + @list($name,$hash) = explode('#',$name,2); if($hash) return $hash; if($conf['useslash']){ @@ -301,7 +301,7 @@ class Doku_Renderer extends DokuWiki_Plugin { } //split into hash and url part - list($reference,$hash) = explode('#',$reference,2); + @list($reference,$hash) = explode('#',$reference,2); //replace placeholder if(preg_match('#\{(URL|NAME|SCHEME|HOST|PORT|PATH|QUERY)\}#',$url)){ diff --git a/inc/parser/xhtml.php b/inc/parser/xhtml.php index 184e62fe3..4966f103a 100644 --- a/inc/parser/xhtml.php +++ b/inc/parser/xhtml.php @@ -606,7 +606,7 @@ class Doku_Renderer_xhtml extends Doku_Renderer { } //keep hash anchor - list($id,$hash) = explode('#',$id,2); + @list($id,$hash) = explode('#',$id,2); if(!empty($hash)) $hash = $this->_headerToLink($hash); //prepare for formating -- cgit v1.2.3 From f87b5dbbbad408da775ac4c60ceb9f9666280527 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 5 Mar 2014 22:04:14 +0000 Subject: use isset() + ?: or error suppression where value may not be set --- inc/auth.php | 2 +- inc/init.php | 8 ++++---- inc/search.php | 2 +- inc/template.php | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) (limited to 'inc') diff --git a/inc/auth.php b/inc/auth.php index 6c4636b2f..e44e837a7 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -325,7 +325,7 @@ function auth_browseruid() { $uid = ''; $uid .= $_SERVER['HTTP_USER_AGENT']; $uid .= $_SERVER['HTTP_ACCEPT_ENCODING']; - $uid .= $_SERVER['HTTP_ACCEPT_CHARSET']; + $uid .= @$_SERVER['HTTP_ACCEPT_CHARSET']; $uid .= substr($ip, 0, strpos($ip, '.')); $uid = strtolower($uid); return md5($uid); diff --git a/inc/init.php b/inc/init.php index 6fb27bd2a..bcd96e5e4 100644 --- a/inc/init.php +++ b/inc/init.php @@ -441,12 +441,12 @@ function getBaseURL($abs=null){ //split hostheader into host and port if(isset($_SERVER['HTTP_HOST'])){ $parsed_host = parse_url('http://'.$_SERVER['HTTP_HOST']); - $host = $parsed_host['host']; - $port = $parsed_host['port']; + $host = isset($parsed_host['host']) ? $parsed_host['host'] : null; + $port = isset($parsed_host['port']) ? $parsed_host['port'] : null; }elseif(isset($_SERVER['SERVER_NAME'])){ $parsed_host = parse_url('http://'.$_SERVER['SERVER_NAME']); - $host = $parsed_host['host']; - $port = $parsed_host['port']; + $host = isset($parsed_host['host']) ? $parsed_host['host'] : null; + $port = isset($parsed_host['port']) ? $parsed_host['port'] : null; }else{ $host = php_uname('n'); $port = ''; diff --git a/inc/search.php b/inc/search.php index 840f70375..ee4eef534 100644 --- a/inc/search.php +++ b/inc/search.php @@ -351,7 +351,7 @@ function search_universal(&$data,$base,$file,$type,$lvl,$opts){ $return = true; // get ID and check if it is a valid one - $item['id'] = pathID($file,($type == 'd' || $opts['keeptxt'])); + $item['id'] = pathID($file,($type == 'd' || @$opts['keeptxt'])); if($item['id'] != cleanID($item['id'])){ if($opts['showmsg']) msg(hsc($item['id']).' is not a valid file name for DokuWiki - skipped',-1); diff --git a/inc/template.php b/inc/template.php index 0a6a9e4aa..d9aa8863f 100644 --- a/inc/template.php +++ b/inc/template.php @@ -210,7 +210,7 @@ function tpl_toc($return = false) { } else { $tocok = true; } - $toc = $meta['description']['tableofcontents']; + $toc = isset($meta['description']['tableofcontents']) ? $meta['description']['tableofcontents'] : null; if(!$tocok || !is_array($toc) || !$conf['tocminheads'] || count($toc) < $conf['tocminheads']) { $toc = array(); } -- cgit v1.2.3 From 9b4337c6e7bb0fdfa0bffa4294b56b0624b93d79 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 5 Mar 2014 22:05:14 +0000 Subject: refactor to take into account missing value --- inc/search.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'inc') diff --git a/inc/search.php b/inc/search.php index ee4eef534..89f3e253d 100644 --- a/inc/search.php +++ b/inc/search.php @@ -371,8 +371,12 @@ function search_universal(&$data,$base,$file,$type,$lvl,$opts){ $return = true; } } - if($return && !preg_match('/'.$opts['recmatch'].'/',$file)){ - $return = false; // doesn't match + + if ($return) { + $match = empty($opts['recmatch']) || preg_match('/'.$opts['recmatch'].'/',$file); + if (!$match) { + return false; // doesn't match + } } } -- cgit v1.2.3 From d30d491370b894b5c76e28362a0a3313f74a439e Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 5 Mar 2014 22:06:18 +0000 Subject: set empty 'do' key to avoid errors in other tpl functions --- inc/template.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'inc') diff --git a/inc/template.php b/inc/template.php index d9aa8863f..c0dfbb845 100644 --- a/inc/template.php +++ b/inc/template.php @@ -637,7 +637,7 @@ function tpl_get_action($type) { $accesskey = 'v'; } } else { - $params = array(); + $params = array('do' => ''); $type = 'show'; $accesskey = 'v'; } @@ -658,7 +658,7 @@ function tpl_get_action($type) { break; case 'top': $accesskey = 't'; - $params = array(); + $params = array('do' => ''); $id = '#dokuwiki__top'; break; case 'back': @@ -667,7 +667,7 @@ function tpl_get_action($type) { return false; } $id = $parent; - $params = array(); + $params = array('do' => ''); $accesskey = 'b'; break; case 'login': -- cgit v1.2.3 From 39134585c3f7a3c02113fb844ffabe0c1398c937 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 5 Mar 2014 22:15:25 +0000 Subject: add some braces (just style, not E_ALL) --- inc/indexer.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'inc') diff --git a/inc/indexer.php b/inc/indexer.php index 07f29b542..7c0b8bc18 100644 --- a/inc/indexer.php +++ b/inc/indexer.php @@ -304,15 +304,17 @@ class Doku_Indexer { $addwords = true; } // test if value is already in the index - if (isset($val_idx[$id]) && $val_idx[$id] <= 0) + if (isset($val_idx[$id]) && $val_idx[$id] <= 0){ $val_idx[$id] = 0; - else // else add it + } else { // else add it $val_idx[$id] = 1; + } } } - if ($addwords) + if ($addwords) { $this->saveIndex($metaname.'_w', '', $metawords); + } $vals_changed = false; foreach ($val_idx as $id => $action) { if ($action == -1) { @@ -1214,14 +1216,16 @@ class Doku_Indexer { */ protected function updateTuple($line, $id, $count) { $newLine = $line; - if ($newLine !== '') + if ($newLine !== ''){ $newLine = preg_replace('/(^|:)'.preg_quote($id,'/').'\*\d*/', '', $newLine); + } $newLine = trim($newLine, ':'); if ($count) { - if (strlen($newLine) > 0) + if (strlen($newLine) > 0) { return "$id*$count:".$newLine; - else + } else { return "$id*$count".$newLine; + } } return $newLine; } -- cgit v1.2.3 From 1418498c406caca058076e3d148e31daee800551 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Thu, 6 Mar 2014 14:54:19 +0000 Subject: extend to cover (PR#589) --- inc/Input.class.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'inc') diff --git a/inc/Input.class.php b/inc/Input.class.php index 7434d2b2c..de8bf5b97 100644 --- a/inc/Input.class.php +++ b/inc/Input.class.php @@ -15,6 +15,8 @@ class Input { public $post; /** @var GetInput Access $_GET parameters */ public $get; + /** @var ServerInput Access $_SERVER parameters */ + public $server; protected $access; @@ -25,6 +27,7 @@ class Input { $this->access = &$_REQUEST; $this->post = new PostInput(); $this->get = new GetInput(); + $this->server = new ServerInput(); } /** @@ -260,3 +263,18 @@ class GetInput extends Input { $_REQUEST[$name] = $value; } } + +/** + * Internal class used for $_SERVER access in Input class + */ +class ServerInput extends Input { + protected $access; + + /** + * Initialize the $access array, remove subclass members + */ + function __construct() { + $this->access = &$_SERVER; + } + +} -- cgit v1.2.3 From 585bf44e2b756eac2e1cfce7035ef237bc02a788 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Thu, 6 Mar 2014 19:55:56 +0000 Subject: amend $_SERVER to $INPUT->server --- inc/Mailer.class.php | 15 +++++--- inc/actions.php | 27 +++++++++----- inc/auth.php | 54 +++++++++++++++++---------- inc/changelog.php | 8 +++- inc/common.php | 102 +++++++++++++++++++++++++++++++++++---------------- inc/infoutils.php | 9 ++++- inc/init.php | 4 ++ inc/mail.php | 9 ++--- inc/pageutils.php | 21 ++++++----- inc/remote.php | 5 ++- inc/subscription.php | 18 ++++++--- inc/template.php | 39 ++++++++++++++------ inc/toolbar.php | 4 +- 13 files changed, 213 insertions(+), 102 deletions(-) (limited to 'inc') diff --git a/inc/Mailer.class.php b/inc/Mailer.class.php index e32178bba..e90b45f99 100644 --- a/inc/Mailer.class.php +++ b/inc/Mailer.class.php @@ -39,6 +39,8 @@ class Mailer { */ public function __construct() { global $conf; + /* @var Input $INPUT */ + global $INPUT; $server = parse_url(DOKU_URL, PHP_URL_HOST); if(strpos($server,'.') === false) $server = $server.'.localhost'; @@ -53,7 +55,7 @@ class Mailer { // add some default headers for mailfiltering FS#2247 $this->setHeader('X-Mailer', 'DokuWiki'); - $this->setHeader('X-DokuWiki-User', $_SERVER['REMOTE_USER']); + $this->setHeader('X-DokuWiki-User', $INPUT->server->str('REMOTE_USER')); $this->setHeader('X-DokuWiki-Title', $conf['title']); $this->setHeader('X-DokuWiki-Server', $server); $this->setHeader('X-Auto-Response-Suppress', 'OOF'); @@ -181,6 +183,9 @@ class Mailer { public function setBody($text, $textrep = null, $htmlrep = null, $html = null, $wrap = true) { global $INFO; global $conf; + /* @var Input $INPUT */ + global $INPUT; + $htmlrep = (array)$htmlrep; $textrep = (array)$textrep; @@ -218,24 +223,24 @@ class Mailer { $cip = gethostsbyaddrs($ip); $trep = array( 'DATE' => dformat(), - 'BROWSER' => $_SERVER['HTTP_USER_AGENT'], + 'BROWSER' => $INPUT->server->str('HTTP_USER_AGENT'), 'IPADDRESS' => $ip, 'HOSTNAME' => $cip, 'TITLE' => $conf['title'], 'DOKUWIKIURL' => DOKU_URL, - 'USER' => $_SERVER['REMOTE_USER'], + 'USER' => $INPUT->server->str('REMOTE_USER'), 'NAME' => $INFO['userinfo']['name'], 'MAIL' => $INFO['userinfo']['mail'], ); $trep = array_merge($trep, (array)$textrep); $hrep = array( 'DATE' => ''.hsc(dformat()).'', - 'BROWSER' => hsc($_SERVER['HTTP_USER_AGENT']), + 'BROWSER' => hsc($INPUT->server->str('HTTP_USER_AGENT')), 'IPADDRESS' => ''.hsc($ip).'', 'HOSTNAME' => ''.hsc($cip).'', 'TITLE' => hsc($conf['title']), 'DOKUWIKIURL' => ''.DOKU_URL.'', - 'USER' => hsc($_SERVER['REMOTE_USER']), + 'USER' => hsc($INPUT->server->str('REMOTE_USER')), 'NAME' => hsc($INFO['userinfo']['name']), 'MAIL' => ''. hsc($INFO['userinfo']['mail']).'', diff --git a/inc/actions.php b/inc/actions.php index 240dce59a..ef09a0dc7 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -20,6 +20,7 @@ function act_dispatch(){ global $ID; global $INFO; global $QUERY; + /* @var Input $INPUT */ global $INPUT; global $lang; global $conf; @@ -94,7 +95,7 @@ function act_dispatch(){ // user profile changes if (in_array($ACT, array('profile','profile_delete'))) { - if(!$_SERVER['REMOTE_USER']) { + if(!$INPUT->server->str('REMOTE_USER')) { $ACT = 'login'; } else { switch ($ACT) { @@ -190,7 +191,7 @@ function act_dispatch(){ unset($evt); // when action 'show', the intial not 'show' and POST, do a redirect - if($ACT == 'show' && $preact != 'show' && strtolower($_SERVER['REQUEST_METHOD']) == 'post'){ + if($ACT == 'show' && $preact != 'show' && strtolower($INPUT->server->str('REQUEST_METHOD')) == 'post'){ act_redirect($ID,$preact); } @@ -414,6 +415,8 @@ function act_revert($act){ global $ID; global $REV; global $lang; + /* @var Input $INPUT */ + global $INPUT; // FIXME $INFO['writable'] currently refers to the attic version // global $INFO; // if (!$INFO['writable']) { @@ -445,7 +448,7 @@ function act_revert($act){ session_write_close(); // when done, show current page - $_SERVER['REQUEST_METHOD'] = 'post'; //should force a redirect + $INPUT->server->set('REQUEST_METHOD','post'); //should force a redirect $REV = ''; return 'show'; } @@ -493,17 +496,20 @@ function act_redirect_execute($opts){ function act_auth($act){ global $ID; global $INFO; + /* @var Input $INPUT */ + global $INPUT; //already logged in? - if(isset($_SERVER['REMOTE_USER']) && $act=='login'){ + if($INPUT->server->has('REMOTE_USER') && $act=='login'){ return 'show'; } //handle logout if($act=='logout'){ $lockedby = checklock($ID); //page still locked? - if($lockedby == $_SERVER['REMOTE_USER']) + if($lockedby == $INPUT->server->str('REMOTE_USER')){ unlock($ID); //try to unlock + } // do the logout stuff auth_logoff(); @@ -719,10 +725,11 @@ function act_subscription($act){ global $lang; global $INFO; global $ID; + /* @var Input $INPUT */ global $INPUT; // subcriptions work for logged in users only - if(!$_SERVER['REMOTE_USER']) return 'show'; + if(!$INPUT->server->str('REMOTE_USER')) return 'show'; // get and preprocess data. $params = array(); @@ -745,9 +752,9 @@ function act_subscription($act){ // Perform action. $sub = new Subscription(); if($action == 'unsubscribe'){ - $ok = $sub->remove($target, $_SERVER['REMOTE_USER'], $style); + $ok = $sub->remove($target, $INPUT->server->str('REMOTE_USER'), $style); }else{ - $ok = $sub->add($target, $_SERVER['REMOTE_USER'], $style); + $ok = $sub->add($target, $INPUT->server->str('REMOTE_USER'), $style); } if($ok) { @@ -776,6 +783,8 @@ function act_subscription($act){ function subscription_handle_post(&$params) { global $INFO; global $lang; + /* @var Input $INPUT */ + global $INPUT; // Get and validate parameters. if (!isset($params['target'])) { @@ -806,7 +815,7 @@ function subscription_handle_post(&$params) { } if ($is === false) { throw new Exception(sprintf($lang['subscr_not_subscribed'], - $_SERVER['REMOTE_USER'], + $INPUT->server->str('REMOTE_USER'), prettyprint_id($target))); } // subscription_set deletes a subscription if style = null. diff --git a/inc/auth.php b/inc/auth.php index e44e837a7..2bdc3eb00 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -131,6 +131,8 @@ function auth_setup() { function auth_loadACL() { global $config_cascade; global $USERINFO; + /* @var Input $INPUT */ + global $INPUT; if(!is_readable($config_cascade['acl']['default'])) return array(); @@ -145,10 +147,10 @@ function auth_loadACL() { // substitute user wildcard first (its 1:1) if(strstr($line, '%USER%')){ // if user is not logged in, this ACL line is meaningless - skip it - if (!isset($_SERVER['REMOTE_USER'])) continue; + if (!$INPUT->server->has('REMOTE_USER')) continue; - $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id); - $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest); + $id = str_replace('%USER%',cleanID($INPUT->server->str('REMOTE_USER')),$id); + $rest = str_replace('%USER%',auth_nameencode($INPUT->server->str('REMOTE_USER')),$rest); } // substitute group wildcard (its 1:m) @@ -217,6 +219,8 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { global $lang; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; + /* @var Input $INPUT */ + global $INPUT; $sticky ? $sticky = true : $sticky = false; //sanity check @@ -226,7 +230,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { //usual login if($auth->checkPass($user, $pass)) { // make logininfo globally available - $_SERVER['REMOTE_USER'] = $user; + $INPUT->server->set('REMOTE_USER', $user); $secret = auth_cookiesalt(!$sticky, true); //bind non-sticky to session auth_setCookie($user, auth_encrypt($pass, $secret), $sticky); return true; @@ -253,7 +257,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { ) { // he has session, cookie and browser right - let him in - $_SERVER['REMOTE_USER'] = $user; + $INPUT->server->set('REMOTE_USER', $user); $USERINFO = $session['info']; //FIXME move all references to session return true; } @@ -288,7 +292,10 @@ function auth_validateToken($token) { } // still here? trust the session data global $USERINFO; - $_SERVER['REMOTE_USER'] = $_SESSION[DOKU_COOKIE]['auth']['user']; + /* @var Input $INPUT */ + global $INPUT; + + $INPUT->server->set('REMOTE_USER',$_SESSION[DOKU_COOKIE]['auth']['user']); $USERINFO = $_SESSION[DOKU_COOKIE]['auth']['info']; return true; } @@ -321,11 +328,14 @@ function auth_createToken() { * @return string a MD5 sum of various browser headers */ function auth_browseruid() { + /* @var Input $INPUT */ + global $INPUT; + $ip = clientIP(true); $uid = ''; - $uid .= $_SERVER['HTTP_USER_AGENT']; - $uid .= $_SERVER['HTTP_ACCEPT_ENCODING']; - $uid .= @$_SERVER['HTTP_ACCEPT_CHARSET']; + $uid .= $INPUT->server->str('HTTP_USER_AGENT'); + $uid .= $INPUT->server->str('HTTP_ACCEPT_ENCODING'); + $uid .= $INPUT->server->str('HTTP_ACCEPT_CHARSET'); $uid .= substr($ip, 0, strpos($ip, '.')); $uid = strtolower($uid); return md5($uid); @@ -511,6 +521,8 @@ function auth_logoff($keepbc = false) { global $USERINFO; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; + /* @var Input $INPUT */ + global $INPUT; // make sure the session is writable (it usually is) @session_start(); @@ -523,8 +535,7 @@ function auth_logoff($keepbc = false) { unset($_SESSION[DOKU_COOKIE]['auth']['info']); if(!$keepbc && isset($_SESSION[DOKU_COOKIE]['bc'])) unset($_SESSION[DOKU_COOKIE]['bc']); - if(isset($_SERVER['REMOTE_USER'])) - unset($_SERVER['REMOTE_USER']); + $INPUT->server->remove('REMOTE_USER'); $USERINFO = null; //FIXME $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir']; @@ -553,13 +564,16 @@ function auth_ismanager($user = null, $groups = null, $adminonly = false) { global $USERINFO; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; + /* @var Input $INPUT */ + global $INPUT; + if(!$auth) return false; if(is_null($user)) { - if(!isset($_SERVER['REMOTE_USER'])) { + if(!$INPUT->server->has('REMOTE_USER')) { return false; } else { - $user = $_SERVER['REMOTE_USER']; + $user = $INPUT->server->str('REMOTE_USER'); } } if(is_null($groups)) { @@ -651,9 +665,11 @@ function auth_isMember($memberlist, $user, array $groups) { function auth_quickaclcheck($id) { global $conf; global $USERINFO; + /* @var Input $INPUT */ + global $INPUT; # if no ACL is used always return upload rights if(!$conf['useacl']) return AUTH_UPLOAD; - return auth_aclcheck($id, $_SERVER['REMOTE_USER'], $USERINFO['grps']); + return auth_aclcheck($id, $INPUT->server->str('REMOTE_USER'), $USERINFO['grps']); } /** @@ -1058,18 +1074,18 @@ function updateprofile() { } if($conf['profileconfirm']) { - if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) { + if(!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) { msg($lang['badpassconfirm'], -1); return false; } } - if($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) { + if($result = $auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), $changes))) { // update cookie and session with the changed data if($changes['pass']) { list( /*user*/, $sticky, /*pass*/) = auth_getCookie(); $pass = auth_encrypt($changes['pass'], auth_cookiesalt(!$sticky, true)); - auth_setCookie($_SERVER['REMOTE_USER'], $pass, (bool) $sticky); + auth_setCookie($INPUT->server->str('REMOTE_USER'), $pass, (bool) $sticky); } return true; } @@ -1105,13 +1121,13 @@ function auth_deleteprofile(){ } if($conf['profileconfirm']) { - if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) { + if(!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) { msg($lang['badpassconfirm'], -1); return false; } } - $deleted[] = $_SERVER['REMOTE_USER']; + $deleted[] = $INPUT->server->str('REMOTE_USER'); if($auth->triggerUserMod('delete', array($deleted))) { // force and immediate logout including removing the sticky cookie auth_logoff(); diff --git a/inc/changelog.php b/inc/changelog.php index 6ff1e0eca..cd46b1ec0 100644 --- a/inc/changelog.php +++ b/inc/changelog.php @@ -52,6 +52,8 @@ function parseChangelogLine($line) { */ function addLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extra='', $flags=null){ global $conf, $INFO; + /** @var Input $INPUT */ + global $INPUT; // check for special flags as keys if (!is_array($flags)) { $flags = array(); } @@ -65,7 +67,7 @@ function addLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extr if(!$date) $date = time(); //use current time if none supplied $remote = (!$flagExternalEdit)?clientIP(true):'127.0.0.1'; - $user = (!$flagExternalEdit)?$_SERVER['REMOTE_USER']:''; + $user = (!$flagExternalEdit)?$INPUT->server->str('REMOTE_USER'):''; $strip = array("\t", "\n"); $logline = array( @@ -117,12 +119,14 @@ function addLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extr */ function addMediaLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extra='', $flags=null){ global $conf; + /** @var Input $INPUT */ + global $INPUT; $id = cleanid($id); if(!$date) $date = time(); //use current time if none supplied $remote = clientIP(true); - $user = $_SERVER['REMOTE_USER']; + $user = $INPUT->server->str('REMOTE_USER'); $strip = array("\t", "\n"); $logline = array( diff --git a/inc/common.php b/inc/common.php index 6aad42bd1..9fbebde94 100644 --- a/inc/common.php +++ b/inc/common.php @@ -56,15 +56,18 @@ function stripctl($string) { * @return string */ function getSecurityToken() { - return PassHash::hmac('md5', session_id().$_SERVER['REMOTE_USER'], auth_cookiesalt()); + /** @var Input $INPUT */ + global $INPUT; + return PassHash::hmac('md5', session_id().$INPUT->server->str('REMOTE_USER'), auth_cookiesalt()); } /** * Check the secret CSRF token */ function checkSecurityToken($token = null) { + /** @var Input $INPUT */ global $INPUT; - if(empty($_SERVER['REMOTE_USER'])) return true; // no logged in user, no need for a check + if(!$INPUT->server->str('REMOTE_USER')) return true; // no logged in user, no need for a check if(is_null($token)) $token = $INPUT->str('sectok'); if(getSecurityToken() != $token) { @@ -93,14 +96,16 @@ function formSecurityToken($print = true) { */ function basicinfo($id, $htmlClient=true){ global $USERINFO; + /* @var Input $INPUT */ + global $INPUT; // set info about manager/admin status. $info['isadmin'] = false; $info['ismanager'] = false; - if(isset($_SERVER['REMOTE_USER'])) { + if($INPUT->server->has('REMOTE_USER')) { $info['userinfo'] = $USERINFO; $info['perm'] = auth_quickaclcheck($id); - $info['client'] = $_SERVER['REMOTE_USER']; + $info['client'] = $INPUT->server->str('REMOTE_USER'); if($info['perm'] == AUTH_ADMIN) { $info['isadmin'] = true; @@ -111,7 +116,7 @@ function basicinfo($id, $htmlClient=true){ // if some outside auth were used only REMOTE_USER is set if(!$info['userinfo']['name']) { - $info['userinfo']['name'] = $_SERVER['REMOTE_USER']; + $info['userinfo']['name'] = $INPUT->server->str('REMOTE_USER'); } } else { @@ -140,6 +145,8 @@ function pageinfo() { global $REV; global $RANGE; global $lang; + /* @var Input $INPUT */ + global $INPUT; $info = basicinfo($ID); @@ -148,7 +155,7 @@ function pageinfo() { $info['id'] = $ID; $info['rev'] = $REV; - if(isset($_SERVER['REMOTE_USER'])) { + if($INPUT->server->has('REMOTE_USER')) { $sub = new Subscription(); $info['subscribed'] = $sub->user_subscription(); } else { @@ -356,11 +363,14 @@ function breadcrumbs() { */ function idfilter($id, $ue = true) { global $conf; + /* @var Input $INPUT */ + global $INPUT; + if($conf['useslash'] && $conf['userewrite']) { $id = strtr($id, ':', '/'); } elseif(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' && $conf['userewrite'] && - strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') === false + strpos($INPUT->server->str('SERVER_SOFTWARE'), 'Microsoft-IIS') === false ) { $id = strtr($id, ':', ';'); } @@ -588,6 +598,8 @@ function checkwordblock($text = '') { global $SUM; global $conf; global $INFO; + /* @var Input $INPUT */ + global $INPUT; if(!$conf['usewordblock']) return false; @@ -620,9 +632,9 @@ function checkwordblock($text = '') { if(count($re) && preg_match('#('.join('|', $re).')#si', $text, $matches)) { // prepare event data $data['matches'] = $matches; - $data['userinfo']['ip'] = $_SERVER['REMOTE_ADDR']; - if($_SERVER['REMOTE_USER']) { - $data['userinfo']['user'] = $_SERVER['REMOTE_USER']; + $data['userinfo']['ip'] = $INPUT->server->str('REMOTE_ADDR'); + if($INPUT->server->str('REMOTE_USER')) { + $data['userinfo']['user'] = $INPUT->server->str('REMOTE_USER'); $data['userinfo']['name'] = $INFO['userinfo']['name']; $data['userinfo']['mail'] = $INFO['userinfo']['mail']; } @@ -648,12 +660,17 @@ function checkwordblock($text = '') { * @return string */ function clientIP($single = false) { + /* @var Input $INPUT */ + global $INPUT; + $ip = array(); - $ip[] = $_SERVER['REMOTE_ADDR']; - if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) - $ip = array_merge($ip, explode(',', str_replace(' ', '', $_SERVER['HTTP_X_FORWARDED_FOR']))); - if(!empty($_SERVER['HTTP_X_REAL_IP'])) - $ip = array_merge($ip, explode(',', str_replace(' ', '', $_SERVER['HTTP_X_REAL_IP']))); + $ip[] = $INPUT->server->str('REMOTE_ADDR'); + if($INPUT->server->str('HTTP_X_FORWARDED_FOR')) { + $ip = array_merge($ip, explode(',', str_replace(' ', '', $INPUT->server->str('HTTP_X_FORWARDED_FOR')))); + } + if($INPUT->server->str('HTTP_X_REAL_IP')) { + $ip = array_merge($ip, explode(',', str_replace(' ', '', $INPUT->server->str('HTTP_X_REAL_IP')))); + } // some IPv4/v6 regexps borrowed from Feyd // see: http://forums.devnetwork.net/viewtopic.php?f=38&t=53479 @@ -712,16 +729,18 @@ function clientIP($single = false) { * @link http://www.brainhandles.com/2007/10/15/detecting-mobile-browsers/#code */ function clientismobile() { + /* @var Input $INPUT */ + global $INPUT; - if(isset($_SERVER['HTTP_X_WAP_PROFILE'])) return true; + if($INPUT->server->has('HTTP_X_WAP_PROFILE')) return true; - if(preg_match('/wap\.|\.wap/i', $_SERVER['HTTP_ACCEPT'])) return true; + if(preg_match('/wap\.|\.wap/i', $INPUT->server->str('HTTP_ACCEPT'))) return true; - if(!isset($_SERVER['HTTP_USER_AGENT'])) return false; + if(!$INPUT->server->has('HTTP_USER_AGENT')) return false; $uamatches = 'midp|j2me|avantg|docomo|novarra|palmos|palmsource|240x320|opwv|chtml|pda|windows ce|mmp\/|blackberry|mib\/|symbian|wireless|nokia|hand|mobi|phone|cdm|up\.b|audio|SIE\-|SEC\-|samsung|HTC|mot\-|mitsu|sagem|sony|alcatel|lg|erics|vx|NEC|philips|mmm|xx|panasonic|sharp|wap|sch|rover|pocket|benq|java|pt|pg|vox|amoi|bird|compal|kg|voda|sany|kdd|dbt|sendo|sgh|gradi|jb|\d\d\di|moto'; - if(preg_match("/$uamatches/i", $_SERVER['HTTP_USER_AGENT'])) return true; + if(preg_match("/$uamatches/i", $INPUT->server->str('HTTP_USER_AGENT'))) return true; return false; } @@ -761,6 +780,9 @@ function gethostsbyaddrs($ips) { */ function checklock($id) { global $conf; + /* @var Input $INPUT */ + global $INPUT; + $lock = wikiLockFN($id); //no lockfile @@ -774,7 +796,7 @@ function checklock($id) { //my own lock @list($ip, $session) = explode("\n", io_readFile($lock)); - if($ip == $_SERVER['REMOTE_USER'] || $ip == clientIP() || $session == session_id()) { + if($ip == $INPUT->server->str('REMOTE_USER') || $ip == clientIP() || $session == session_id()) { return false; } @@ -788,14 +810,16 @@ function checklock($id) { */ function lock($id) { global $conf; + /* @var Input $INPUT */ + global $INPUT; if($conf['locktime'] == 0) { return; } $lock = wikiLockFN($id); - if($_SERVER['REMOTE_USER']) { - io_saveFile($lock, $_SERVER['REMOTE_USER']); + if($INPUT->server->str('REMOTE_USER')) { + io_saveFile($lock, $INPUT->server->str('REMOTE_USER')); } else { io_saveFile($lock, clientIP()."\n".session_id()); } @@ -809,10 +833,13 @@ function lock($id) { * @return bool true if a lock was removed */ function unlock($id) { + /* @var Input $INPUT */ + global $INPUT; + $lock = wikiLockFN($id); if(@file_exists($lock)) { @list($ip, $session) = explode("\n", io_readFile($lock)); - if($ip == $_SERVER['REMOTE_USER'] || $ip == clientIP() || $session == session_id()) { + if($ip == $INPUT->server->str('REMOTE_USER') || $ip == clientIP() || $session == session_id()) { @unlink($lock); return true; } @@ -938,6 +965,8 @@ function parsePageTemplate(&$data) { global $USERINFO; global $conf; + /* @var Input $INPUT */ + global $INPUT; // replace placeholders $file = noNS($id); @@ -969,7 +998,7 @@ function parsePageTemplate(&$data) { utf8_ucfirst($page), utf8_ucwords($page), utf8_strtoupper($page), - $_SERVER['REMOTE_USER'], + $INPUT->server->str('REMOTE_USER'), $USERINFO['name'], $USERINFO['mail'], $conf['dformat'], @@ -1050,6 +1079,9 @@ function saveWikiText($id, $text, $summary, $minor = false) { global $conf; global $lang; global $REV; + /* @var Input $INPUT */ + global $INPUT; + // ignore if no changes were made if($text == rawWiki($id, '')) { return; @@ -1112,7 +1144,7 @@ function saveWikiText($id, $text, $summary, $minor = false) { $type = DOKU_CHANGE_TYPE_CREATE; } else if($wasRemoved) { $type = DOKU_CHANGE_TYPE_DELETE; - } else if($minor && $conf['useacl'] && $_SERVER['REMOTE_USER']) { + } else if($minor && $conf['useacl'] && $INPUT->server->str('REMOTE_USER')) { $type = DOKU_CHANGE_TYPE_MINOR_EDIT; } //minor edits only for logged in users @@ -1164,6 +1196,8 @@ function saveOldRevision($id) { */ function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace = array()) { global $conf; + /* @var Input $INPUT */ + global $INPUT; // decide if there is something to do, eg. whom to mail if($who == 'admin') { @@ -1172,7 +1206,7 @@ function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace = $to = $conf['notify']; } elseif($who == 'subscribers') { if(!actionOK('subscribe')) return false; //subscribers enabled? - if($conf['useacl'] && $_SERVER['REMOTE_USER'] && $minor) return false; //skip minors + if($conf['useacl'] && $INPUT->server->str('REMOTE_USER') && $minor) return false; //skip minors $data = array('id' => $id, 'addresslist' => '', 'self' => false); trigger_event( 'COMMON_NOTIFY_ADDRESSLIST', $data, @@ -1197,10 +1231,13 @@ function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace = * @author Todd Augsburger */ function getGoogleQuery() { - if(!isset($_SERVER['HTTP_REFERER'])) { + /* @var Input $INPUT */ + global $INPUT; + + if(!$INPUT->server->has('HTTP_REFERER')) { return ''; } - $url = parse_url($_SERVER['HTTP_REFERER']); + $url = parse_url($INPUT->server->str('HTTP_REFERER')); // only handle common SEs if(!preg_match('/(google|bing|yahoo|ask|duckduckgo|babylon|aol|yandex)/',$url['host'])) return ''; @@ -1523,6 +1560,9 @@ function is_mem_available($mem, $bytes = 1048576) { * @author Andreas Gohr */ function send_redirect($url) { + /* @var Input $INPUT */ + global $INPUT; + //are there any undisplayed messages? keep them in session for display global $MSG; if(isset($MSG) && count($MSG) && !defined('NOSESSION')) { @@ -1546,9 +1586,9 @@ function send_redirect($url) { } // check if running on IIS < 6 with CGI-PHP - if(isset($_SERVER['SERVER_SOFTWARE']) && isset($_SERVER['GATEWAY_INTERFACE']) && - (strpos($_SERVER['GATEWAY_INTERFACE'], 'CGI') !== false) && - (preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($_SERVER['SERVER_SOFTWARE']), $matches)) && + if($INPUT->server->has('SERVER_SOFTWARE') && $INPUT->server->has('GATEWAY_INTERFACE') && + (strpos($INPUT->server->str('GATEWAY_INTERFACE'), 'CGI') !== false) && + (preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($INPUT->server->str('SERVER_SOFTWARE')), $matches)) && $matches[1] < 6 ) { header('Refresh: 0;url='.$url); diff --git a/inc/infoutils.php b/inc/infoutils.php index 3636d86a1..0992040d9 100644 --- a/inc/infoutils.php +++ b/inc/infoutils.php @@ -102,6 +102,8 @@ function getVersion(){ function check(){ global $conf; global $INFO; + /* @var Input $INPUT */ + global $INPUT; if ($INFO['isadmin'] || $INFO['ismanager']){ msg('DokuWiki version: '.getVersion(),1); @@ -204,7 +206,7 @@ function check(){ } if($INFO['userinfo']['name']){ - msg('You are currently logged in as '.$_SERVER['REMOTE_USER'].' ('.$INFO['userinfo']['name'].')',0); + msg('You are currently logged in as '.$INPUT->server->str('REMOTE_USER').' ('.$INFO['userinfo']['name'].')',0); msg('You are part of the groups '.join($INFO['userinfo']['grps'],', '),0); }else{ msg('You are currently not logged in',0); @@ -361,6 +363,9 @@ function dbg($msg,$hidden=false){ */ function dbglog($msg,$header=''){ global $conf; + /* @var Input $INPUT */ + global $INPUT; + // The debug log isn't automatically cleaned thus only write it when // debugging has been enabled by the user. if($conf['allowdebug'] !== 1) return; @@ -373,7 +378,7 @@ function dbglog($msg,$header=''){ $file = $conf['cachedir'].'/debug.log'; $fh = fopen($file,'a'); if($fh){ - fwrite($fh,date('H:i:s ').$_SERVER['REMOTE_ADDR'].': '.$msg."\n"); + fwrite($fh,date('H:i:s ').$INPUT->server->str('REMOTE_ADDR').': '.$msg."\n"); fclose($fh); } } diff --git a/inc/init.php b/inc/init.php index bcd96e5e4..4ff239787 100644 --- a/inc/init.php +++ b/inc/init.php @@ -402,6 +402,10 @@ function remove_magic_quotes(&$array) { * Returns the full absolute URL to the directory where * DokuWiki is installed in (includes a trailing slash) * + * !! Can not access $_SERVER values through $INPUT + * !! here as this function is called before $INPUT is + * !! initialized. + * * @author Andreas Gohr */ function getBaseURL($abs=null){ diff --git a/inc/mail.php b/inc/mail.php index 0b60c0a5b..9994ac63e 100644 --- a/inc/mail.php +++ b/inc/mail.php @@ -40,6 +40,8 @@ if (!defined('PREG_PATTERN_VALID_EMAIL')) define('PREG_PATTERN_VALID_EMAIL', '[' function mail_setup(){ global $conf; global $USERINFO; + /** @var Input $INPUT */ + global $INPUT; // auto constructed address $host = @parse_url(DOKU_URL,PHP_URL_HOST); @@ -53,11 +55,8 @@ function mail_setup(){ $replace['@MAIL@'] = $noreply; } - if(!empty($_SERVER['REMOTE_USER'])){ - $replace['@USER@'] = $_SERVER['REMOTE_USER']; - }else{ - $replace['@USER@'] = 'noreply'; - } + // use 'noreply' if no user + $replace['@USER@'] = $INPUT->server->str('REMOTE_USER', 'noreply', true); if(!empty($USERINFO['name'])){ $replace['@NAME@'] = $USERINFO['name']; diff --git a/inc/pageutils.php b/inc/pageutils.php index 9c2794387..8474c5697 100644 --- a/inc/pageutils.php +++ b/inc/pageutils.php @@ -19,6 +19,7 @@ * @author Andreas Gohr */ function getID($param='id',$clean=true){ + /** @var Input $INPUT */ global $INPUT; global $conf; global $ACT; @@ -27,7 +28,7 @@ function getID($param='id',$clean=true){ //construct page id from request URI if(empty($id) && $conf['userewrite'] == 2){ - $request = $_SERVER['REQUEST_URI']; + $request = $INPUT->server->str('REQUEST_URI'); $script = ''; //get the script URL @@ -36,15 +37,15 @@ function getID($param='id',$clean=true){ if($param != 'id') { $relpath = 'lib/exe/'; } - $script = $conf['basedir'].$relpath.utf8_basename($_SERVER['SCRIPT_FILENAME']); - - }elseif($_SERVER['PATH_INFO']){ - $request = $_SERVER['PATH_INFO']; - }elseif($_SERVER['SCRIPT_NAME']){ - $script = $_SERVER['SCRIPT_NAME']; - }elseif($_SERVER['DOCUMENT_ROOT'] && $_SERVER['SCRIPT_FILENAME']){ - $script = preg_replace ('/^'.preg_quote($_SERVER['DOCUMENT_ROOT'],'/').'/','', - $_SERVER['SCRIPT_FILENAME']); + $script = $conf['basedir'].$relpath.utf8_basename($INPUT->server->str('SCRIPT_FILENAME')); + + }elseif($INPUT->server->str('PATH_INFO')){ + $request = $INPUT->server->str('PATH_INFO'); + }elseif($INPUT->server->str('SCRIPT_NAME')){ + $script = $INPUT->server->str('SCRIPT_NAME'); + }elseif($INPUT->server->str('DOCUMENT_ROOT') && $INPUT->server->str('SCRIPT_FILENAME')){ + $script = preg_replace ('/^'.preg_quote($INPUT->server->str('DOCUMENT_ROOT'),'/').'/','', + $INPUT->server->str('SCRIPT_FILENAME')); $script = '/'.$script; } diff --git a/inc/remote.php b/inc/remote.php index 2ef28afd2..e27aa74f8 100644 --- a/inc/remote.php +++ b/inc/remote.php @@ -169,6 +169,9 @@ class RemoteAPI { public function hasAccess() { global $conf; global $USERINFO; + /** @var Input $INPUT */ + global $INPUT; + if (!$conf['remote']) { return false; } @@ -179,7 +182,7 @@ class RemoteAPI { return true; } - return auth_isMember($conf['remoteuser'], $_SERVER['REMOTE_USER'], (array) $USERINFO['grps']); + return auth_isMember($conf['remoteuser'], $INPUT->server->str('REMOTE_USER'), (array) $USERINFO['grps']); } /** diff --git a/inc/subscription.php b/inc/subscription.php index ddf30706b..adf1b821c 100644 --- a/inc/subscription.php +++ b/inc/subscription.php @@ -256,8 +256,10 @@ class Subscription { if(!$this->isenabled()) return false; global $ID; + /** @var Input $INPUT */ + global $INPUT; if(!$id) $id = $ID; - if(!$user) $user = $_SERVER['REMOTE_USER']; + if(!$user) $user = $INPUT->server->str('REMOTE_USER'); $subs = $this->subscribers($id, $user); if(!count($subs)) return false; @@ -292,13 +294,15 @@ class Subscription { global $auth; global $conf; global $USERINFO; + /** @var Input $INPUT */ + global $INPUT; $count = 0; $subscriptions = $this->subscribers($page, null, array('digest', 'list')); // remember current user info $olduinfo = $USERINFO; - $olduser = $_SERVER['REMOTE_USER']; + $olduser = $INPUT->server->str('REMOTE_USER'); foreach($subscriptions as $target => $users) { if(!$this->lock($target)) continue; @@ -315,7 +319,7 @@ class Subscription { // Work as the user to make sure ACLs apply correctly $USERINFO = $auth->getUserData($user); - $_SERVER['REMOTE_USER'] = $user; + $INPUT->server->set('REMOTE_USER',$user); if($USERINFO === false) continue; if(!$USERINFO['mail']) continue; @@ -334,7 +338,7 @@ class Subscription { foreach($changes as $rev) { $n = 0; while(!is_null($rev) && $rev['date'] >= $lastupdate && - ($_SERVER['REMOTE_USER'] === $rev['user'] || + ($INPUT->server->str('REMOTE_USER') === $rev['user'] || $rev['type'] === DOKU_CHANGE_TYPE_MINOR_EDIT)) { $rev = getRevisions($rev['id'], $n++, 1); $rev = (count($rev) > 0) ? $rev[0] : null; @@ -369,7 +373,7 @@ class Subscription { // restore current user info $USERINFO = $olduinfo; - $_SERVER['REMOTE_USER'] = $olduser; + $INPUT->server->set('REMOTE_USER',$olduser); return $count; } @@ -654,6 +658,8 @@ class Subscription { /** @var DokuWiki_Auth_Plugin $auth */ global $auth; global $conf; + /** @var Input $INPUT */ + global $INPUT; $id = $data['id']; $self = $data['self']; @@ -667,7 +673,7 @@ class Subscription { $userinfo = $auth->getUserData($user); if($userinfo === false) continue; if(!$userinfo['mail']) continue; - if(!$self && $user == $_SERVER['REMOTE_USER']) continue; //skip our own changes + if(!$self && $user == $INPUT->server->str('REMOTE_USER')) continue; //skip our own changes $level = auth_aclcheck($id, $user, $userinfo['grps']); if($level >= AUTH_READ) { diff --git a/inc/template.php b/inc/template.php index c0dfbb845..88964fada 100644 --- a/inc/template.php +++ b/inc/template.php @@ -291,6 +291,8 @@ function tpl_metaheaders($alt = true) { global $lang; global $conf; global $updateVersion; + /** @var Input $INPUT */ + global $INPUT; // prepare the head array $head = array(); @@ -401,7 +403,7 @@ function tpl_metaheaders($alt = true) { // make $INFO and other vars available to JavaScripts $json = new JSON(); $script = "var NS='".$INFO['namespace']."';"; - if($conf['useacl'] && !empty($_SERVER['REMOTE_USER'])) { + if($conf['useacl'] && $INPUT->server->str('REMOTE_USER')) { $script .= "var SIG='".toolbar_signature()."';"; } $script .= 'var JSINFO = '.$json->encode($JSINFO).';'; @@ -603,6 +605,8 @@ function tpl_get_action($type) { global $REV; global $ACT; global $conf; + /** @var Input $INPUT */ + global $INPUT; // check disabled actions and fix the badly named ones if($type == 'history') $type = 'revisions'; @@ -672,7 +676,7 @@ function tpl_get_action($type) { break; case 'login': $params['sectok'] = getSecurityToken(); - if(isset($_SERVER['REMOTE_USER'])) { + if($INPUT->server->has('REMOTE_USER')) { if(!actionOK('logout')) { return false; } @@ -681,12 +685,12 @@ function tpl_get_action($type) { } break; case 'register': - if(!empty($_SERVER['REMOTE_USER'])) { + if($INPUT->server->str('REMOTE_USER')) { return false; } break; case 'resendpwd': - if(!empty($_SERVER['REMOTE_USER'])) { + if($INPUT->server->str('REMOTE_USER')) { return false; } break; @@ -703,14 +707,14 @@ function tpl_get_action($type) { $params['sectok'] = getSecurityToken(); break; case 'subscribe': - if(!$_SERVER['REMOTE_USER']) { + if(!$INPUT->server->str('REMOTE_USER')) { return false; } break; case 'backlink': break; case 'profile': - if(!isset($_SERVER['REMOTE_USER'])) { + if(!$INPUT->server->has('REMOTE_USER')) { return false; } break; @@ -886,8 +890,11 @@ function tpl_youarehere($sep = ' ยป ') { function tpl_userinfo() { global $lang; global $INFO; - if(isset($_SERVER['REMOTE_USER'])) { - print $lang['loggedinas'].': '.hsc($INFO['userinfo']['name']).' ('.hsc($_SERVER['REMOTE_USER']).')'; + /** @var Input $INPUT */ + global $INPUT; + + if($INPUT->server->str('REMOTE_USER')) { + print $lang['loggedinas'].': '.hsc($INFO['userinfo']['name']).' ('.hsc($INPUT->server->str('REMOTE_USER')).')'; return true; } return false; @@ -1030,6 +1037,7 @@ function tpl_img_getTag($tags, $alt = '', $src = null) { */ function tpl_img($maxwidth = 0, $maxheight = 0, $link = true, $params = null) { global $IMG; + /** @var Input $INPUT */ global $INPUT; $w = tpl_img_getTag('File.Width'); $h = tpl_img_getTag('File.Height'); @@ -1242,6 +1250,7 @@ function tpl_mediaContent($fromajax = false, $sort='natural') { global $INUSE; global $NS; global $JUMPTO; + /** @var Input $INPUT */ global $INPUT; $do = $INPUT->extract('do')->str('do'); @@ -1291,6 +1300,7 @@ function tpl_mediaFileList() { global $NS; global $JUMPTO; global $lang; + /** @var Input $INPUT */ global $INPUT; $opened_tab = $INPUT->str('tab_files'); @@ -1331,7 +1341,9 @@ function tpl_mediaFileList() { * @author Kate Arzamastseva */ function tpl_mediaFileDetails($image, $rev) { - global $AUTH, $NS, $conf, $DEL, $lang, $INPUT; + global $AUTH, $NS, $conf, $DEL, $lang; + /** @var Input $INPUT */ + global $INPUT; $removed = (!file_exists(mediaFN($image)) && file_exists(mediaMetaFN($image, '.changes')) && $conf['mediarevisions']); if(!$image || (!file_exists(mediaFN($image)) && !$removed) || $DEL) return; @@ -1409,12 +1421,14 @@ function tpl_actiondropdown($empty = '', $button = '>') { global $ID; global $REV; global $lang; + /** @var Input $INPUT */ + global $INPUT; echo '
'; echo '
'; echo ''; if($REV) echo ''; - if (!empty($_SERVER['REMOTE_USER'])) { + if ($INPUT->server->str('REMOTE_USER')) { echo ''; } @@ -1780,11 +1794,14 @@ function tpl_media() { */ function tpl_classes() { global $ACT, $conf, $ID, $INFO; + /** @var Input $INPUT */ + global $INPUT; + $classes = array( 'dokuwiki', 'mode_'.$ACT, 'tpl_'.$conf['template'], - !empty($_SERVER['REMOTE_USER']) ? 'loggedIn' : '', + $INPUT->server->bool('REMOTE_USER') ? 'loggedIn' : '', $INFO['exists'] ? '' : 'notFound', ($ID == $conf['start']) ? 'home' : '', ); diff --git a/inc/toolbar.php b/inc/toolbar.php index d8d2f209b..7cc29e866 100644 --- a/inc/toolbar.php +++ b/inc/toolbar.php @@ -241,10 +241,12 @@ function toolbar_JSdefines($varname){ function toolbar_signature(){ global $conf; global $INFO; + /** @var Input $INPUT */ + global $INPUT; $sig = $conf['signature']; $sig = dformat(null,$sig); - $sig = str_replace('@USER@',$_SERVER['REMOTE_USER'],$sig); + $sig = str_replace('@USER@',$INPUT->server->str('REMOTE_USER'),$sig); $sig = str_replace('@NAME@',$INFO['userinfo']['name'],$sig); $sig = str_replace('@MAIL@',$INFO['userinfo']['mail'],$sig); $sig = str_replace('@DATE@',dformat(),$sig); -- cgit v1.2.3 From e1ecd6fde3f52e917907ec1dffc774829934d0dd Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Thu, 6 Mar 2014 20:05:31 +0000 Subject: resolve notices generated in calls to updateTuple() when $metaidx[$id] doesn't exist --- inc/indexer.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'inc') diff --git a/inc/indexer.php b/inc/indexer.php index 7c0b8bc18..a167db47f 100644 --- a/inc/indexer.php +++ b/inc/indexer.php @@ -270,8 +270,9 @@ class Doku_Indexer { // Special handling for titles so the index file is simpler if (array_key_exists('title', $key)) { $value = $key['title']; - if (is_array($value)) + if (is_array($value)) { $value = $value[0]; + } $this->saveIndexKey('title', '', $pid, $value); unset($key['title']); } @@ -299,8 +300,10 @@ class Doku_Indexer { if ($val !== "") { $id = array_search($val, $metawords, true); if ($id === false) { + // didn't find $val, so we'll add it to the end of metawords and create a placeholder in metaidx $id = count($metawords); $metawords[$id] = $val; + $metaidx[$id] = ''; $addwords = true; } // test if value is already in the index -- cgit v1.2.3 From b7a3421a21dcfafa93505b980de9f1cf8fd3532e Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Thu, 6 Mar 2014 20:11:42 +0000 Subject: use \!empty() rather than error suppression --- inc/search.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'inc') diff --git a/inc/search.php b/inc/search.php index 89f3e253d..21666b3fd 100644 --- a/inc/search.php +++ b/inc/search.php @@ -351,10 +351,11 @@ function search_universal(&$data,$base,$file,$type,$lvl,$opts){ $return = true; // get ID and check if it is a valid one - $item['id'] = pathID($file,($type == 'd' || @$opts['keeptxt'])); + $item['id'] = pathID($file,($type == 'd' || !empty($opts['keeptxt']))); if($item['id'] != cleanID($item['id'])){ - if($opts['showmsg']) + if($opts['showmsg']){ msg(hsc($item['id']).' is not a valid file name for DokuWiki - skipped',-1); + } return false; // skip non-valid files } $item['ns'] = getNS($item['id']); -- cgit v1.2.3 From 49f299d6a332f8755f3b7a20c414702cca9c5ab8 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Thu, 6 Mar 2014 23:19:19 +0000 Subject: another instance of empty() where an array key might not exist --- inc/search.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc') diff --git a/inc/search.php b/inc/search.php index 21666b3fd..be4710237 100644 --- a/inc/search.php +++ b/inc/search.php @@ -353,7 +353,7 @@ function search_universal(&$data,$base,$file,$type,$lvl,$opts){ // get ID and check if it is a valid one $item['id'] = pathID($file,($type == 'd' || !empty($opts['keeptxt']))); if($item['id'] != cleanID($item['id'])){ - if($opts['showmsg']){ + if(!empty($opts['showmsg'])){ msg(hsc($item['id']).' is not a valid file name for DokuWiki - skipped',-1); } return false; // skip non-valid files -- cgit v1.2.3