diff options
| author | Christopher Smith <chris@jalakai.co.uk> | 2014-03-06 19:55:56 +0000 |
|---|---|---|
| committer | Christopher Smith <chris@jalakai.co.uk> | 2014-03-06 19:55:56 +0000 |
| commit | 585bf44e2b756eac2e1cfce7035ef237bc02a788 (patch) | |
| tree | a9b431951c39bbac03c125fc6a13d3cca15eba9e | |
| parent | 1418498c406caca058076e3d148e31daee800551 (diff) | |
| download | rpg-585bf44e2b756eac2e1cfce7035ef237bc02a788.tar.gz rpg-585bf44e2b756eac2e1cfce7035ef237bc02a788.tar.bz2 | |
amend $_SERVER to $INPUT->server
| -rw-r--r-- | inc/Mailer.class.php | 15 | ||||
| -rw-r--r-- | inc/actions.php | 27 | ||||
| -rw-r--r-- | inc/auth.php | 54 | ||||
| -rw-r--r-- | inc/changelog.php | 8 | ||||
| -rw-r--r-- | inc/common.php | 102 | ||||
| -rw-r--r-- | inc/infoutils.php | 9 | ||||
| -rw-r--r-- | inc/init.php | 4 | ||||
| -rw-r--r-- | inc/mail.php | 9 | ||||
| -rw-r--r-- | inc/pageutils.php | 21 | ||||
| -rw-r--r-- | inc/remote.php | 5 | ||||
| -rw-r--r-- | inc/subscription.php | 18 | ||||
| -rw-r--r-- | inc/template.php | 39 | ||||
| -rw-r--r-- | inc/toolbar.php | 4 |
13 files changed, 213 insertions, 102 deletions
diff --git a/inc/Mailer.class.php b/inc/Mailer.class.php index e32178bba..e90b45f99 100644 --- a/inc/Mailer.class.php +++ b/inc/Mailer.class.php @@ -39,6 +39,8 @@ class Mailer { */ public function __construct() { global $conf; + /* @var Input $INPUT */ + global $INPUT; $server = parse_url(DOKU_URL, PHP_URL_HOST); if(strpos($server,'.') === false) $server = $server.'.localhost'; @@ -53,7 +55,7 @@ class Mailer { // add some default headers for mailfiltering FS#2247 $this->setHeader('X-Mailer', 'DokuWiki'); - $this->setHeader('X-DokuWiki-User', $_SERVER['REMOTE_USER']); + $this->setHeader('X-DokuWiki-User', $INPUT->server->str('REMOTE_USER')); $this->setHeader('X-DokuWiki-Title', $conf['title']); $this->setHeader('X-DokuWiki-Server', $server); $this->setHeader('X-Auto-Response-Suppress', 'OOF'); @@ -181,6 +183,9 @@ class Mailer { public function setBody($text, $textrep = null, $htmlrep = null, $html = null, $wrap = true) { global $INFO; global $conf; + /* @var Input $INPUT */ + global $INPUT; + $htmlrep = (array)$htmlrep; $textrep = (array)$textrep; @@ -218,24 +223,24 @@ class Mailer { $cip = gethostsbyaddrs($ip); $trep = array( 'DATE' => dformat(), - 'BROWSER' => $_SERVER['HTTP_USER_AGENT'], + 'BROWSER' => $INPUT->server->str('HTTP_USER_AGENT'), 'IPADDRESS' => $ip, 'HOSTNAME' => $cip, 'TITLE' => $conf['title'], 'DOKUWIKIURL' => DOKU_URL, - 'USER' => $_SERVER['REMOTE_USER'], + 'USER' => $INPUT->server->str('REMOTE_USER'), 'NAME' => $INFO['userinfo']['name'], 'MAIL' => $INFO['userinfo']['mail'], ); $trep = array_merge($trep, (array)$textrep); $hrep = array( 'DATE' => '<i>'.hsc(dformat()).'</i>', - 'BROWSER' => hsc($_SERVER['HTTP_USER_AGENT']), + 'BROWSER' => hsc($INPUT->server->str('HTTP_USER_AGENT')), 'IPADDRESS' => '<code>'.hsc($ip).'</code>', 'HOSTNAME' => '<code>'.hsc($cip).'</code>', 'TITLE' => hsc($conf['title']), 'DOKUWIKIURL' => '<a href="'.DOKU_URL.'">'.DOKU_URL.'</a>', - 'USER' => hsc($_SERVER['REMOTE_USER']), + 'USER' => hsc($INPUT->server->str('REMOTE_USER')), 'NAME' => hsc($INFO['userinfo']['name']), 'MAIL' => '<a href="mailto:"'.hsc($INFO['userinfo']['mail']).'">'. hsc($INFO['userinfo']['mail']).'</a>', diff --git a/inc/actions.php b/inc/actions.php index 240dce59a..ef09a0dc7 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -20,6 +20,7 @@ function act_dispatch(){ global $ID; global $INFO; global $QUERY; + /* @var Input $INPUT */ global $INPUT; global $lang; global $conf; @@ -94,7 +95,7 @@ function act_dispatch(){ // user profile changes if (in_array($ACT, array('profile','profile_delete'))) { - if(!$_SERVER['REMOTE_USER']) { + if(!$INPUT->server->str('REMOTE_USER')) { $ACT = 'login'; } else { switch ($ACT) { @@ -190,7 +191,7 @@ function act_dispatch(){ unset($evt); // when action 'show', the intial not 'show' and POST, do a redirect - if($ACT == 'show' && $preact != 'show' && strtolower($_SERVER['REQUEST_METHOD']) == 'post'){ + if($ACT == 'show' && $preact != 'show' && strtolower($INPUT->server->str('REQUEST_METHOD')) == 'post'){ act_redirect($ID,$preact); } @@ -414,6 +415,8 @@ function act_revert($act){ global $ID; global $REV; global $lang; + /* @var Input $INPUT */ + global $INPUT; // FIXME $INFO['writable'] currently refers to the attic version // global $INFO; // if (!$INFO['writable']) { @@ -445,7 +448,7 @@ function act_revert($act){ session_write_close(); // when done, show current page - $_SERVER['REQUEST_METHOD'] = 'post'; //should force a redirect + $INPUT->server->set('REQUEST_METHOD','post'); //should force a redirect $REV = ''; return 'show'; } @@ -493,17 +496,20 @@ function act_redirect_execute($opts){ function act_auth($act){ global $ID; global $INFO; + /* @var Input $INPUT */ + global $INPUT; //already logged in? - if(isset($_SERVER['REMOTE_USER']) && $act=='login'){ + if($INPUT->server->has('REMOTE_USER') && $act=='login'){ return 'show'; } //handle logout if($act=='logout'){ $lockedby = checklock($ID); //page still locked? - if($lockedby == $_SERVER['REMOTE_USER']) + if($lockedby == $INPUT->server->str('REMOTE_USER')){ unlock($ID); //try to unlock + } // do the logout stuff auth_logoff(); @@ -719,10 +725,11 @@ function act_subscription($act){ global $lang; global $INFO; global $ID; + /* @var Input $INPUT */ global $INPUT; // subcriptions work for logged in users only - if(!$_SERVER['REMOTE_USER']) return 'show'; + if(!$INPUT->server->str('REMOTE_USER')) return 'show'; // get and preprocess data. $params = array(); @@ -745,9 +752,9 @@ function act_subscription($act){ // Perform action. $sub = new Subscription(); if($action == 'unsubscribe'){ - $ok = $sub->remove($target, $_SERVER['REMOTE_USER'], $style); + $ok = $sub->remove($target, $INPUT->server->str('REMOTE_USER'), $style); }else{ - $ok = $sub->add($target, $_SERVER['REMOTE_USER'], $style); + $ok = $sub->add($target, $INPUT->server->str('REMOTE_USER'), $style); } if($ok) { @@ -776,6 +783,8 @@ function act_subscription($act){ function subscription_handle_post(&$params) { global $INFO; global $lang; + /* @var Input $INPUT */ + global $INPUT; // Get and validate parameters. if (!isset($params['target'])) { @@ -806,7 +815,7 @@ function subscription_handle_post(&$params) { } if ($is === false) { throw new Exception(sprintf($lang['subscr_not_subscribed'], - $_SERVER['REMOTE_USER'], + $INPUT->server->str('REMOTE_USER'), prettyprint_id($target))); } // subscription_set deletes a subscription if style = null. diff --git a/inc/auth.php b/inc/auth.php index e44e837a7..2bdc3eb00 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -131,6 +131,8 @@ function auth_setup() { function auth_loadACL() { global $config_cascade; global $USERINFO; + /* @var Input $INPUT */ + global $INPUT; if(!is_readable($config_cascade['acl']['default'])) return array(); @@ -145,10 +147,10 @@ function auth_loadACL() { // substitute user wildcard first (its 1:1) if(strstr($line, '%USER%')){ // if user is not logged in, this ACL line is meaningless - skip it - if (!isset($_SERVER['REMOTE_USER'])) continue; + if (!$INPUT->server->has('REMOTE_USER')) continue; - $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id); - $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest); + $id = str_replace('%USER%',cleanID($INPUT->server->str('REMOTE_USER')),$id); + $rest = str_replace('%USER%',auth_nameencode($INPUT->server->str('REMOTE_USER')),$rest); } // substitute group wildcard (its 1:m) @@ -217,6 +219,8 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { global $lang; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; + /* @var Input $INPUT */ + global $INPUT; $sticky ? $sticky = true : $sticky = false; //sanity check @@ -226,7 +230,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { //usual login if($auth->checkPass($user, $pass)) { // make logininfo globally available - $_SERVER['REMOTE_USER'] = $user; + $INPUT->server->set('REMOTE_USER', $user); $secret = auth_cookiesalt(!$sticky, true); //bind non-sticky to session auth_setCookie($user, auth_encrypt($pass, $secret), $sticky); return true; @@ -253,7 +257,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { ) { // he has session, cookie and browser right - let him in - $_SERVER['REMOTE_USER'] = $user; + $INPUT->server->set('REMOTE_USER', $user); $USERINFO = $session['info']; //FIXME move all references to session return true; } @@ -288,7 +292,10 @@ function auth_validateToken($token) { } // still here? trust the session data global $USERINFO; - $_SERVER['REMOTE_USER'] = $_SESSION[DOKU_COOKIE]['auth']['user']; + /* @var Input $INPUT */ + global $INPUT; + + $INPUT->server->set('REMOTE_USER',$_SESSION[DOKU_COOKIE]['auth']['user']); $USERINFO = $_SESSION[DOKU_COOKIE]['auth']['info']; return true; } @@ -321,11 +328,14 @@ function auth_createToken() { * @return string a MD5 sum of various browser headers */ function auth_browseruid() { + /* @var Input $INPUT */ + global $INPUT; + $ip = clientIP(true); $uid = ''; - $uid .= $_SERVER['HTTP_USER_AGENT']; - $uid .= $_SERVER['HTTP_ACCEPT_ENCODING']; - $uid .= @$_SERVER['HTTP_ACCEPT_CHARSET']; + $uid .= $INPUT->server->str('HTTP_USER_AGENT'); + $uid .= $INPUT->server->str('HTTP_ACCEPT_ENCODING'); + $uid .= $INPUT->server->str('HTTP_ACCEPT_CHARSET'); $uid .= substr($ip, 0, strpos($ip, '.')); $uid = strtolower($uid); return md5($uid); @@ -511,6 +521,8 @@ function auth_logoff($keepbc = false) { global $USERINFO; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; + /* @var Input $INPUT */ + global $INPUT; // make sure the session is writable (it usually is) @session_start(); @@ -523,8 +535,7 @@ function auth_logoff($keepbc = false) { unset($_SESSION[DOKU_COOKIE]['auth']['info']); if(!$keepbc && isset($_SESSION[DOKU_COOKIE]['bc'])) unset($_SESSION[DOKU_COOKIE]['bc']); - if(isset($_SERVER['REMOTE_USER'])) - unset($_SERVER['REMOTE_USER']); + $INPUT->server->remove('REMOTE_USER'); $USERINFO = null; //FIXME $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir']; @@ -553,13 +564,16 @@ function auth_ismanager($user = null, $groups = null, $adminonly = false) { global $USERINFO; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; + /* @var Input $INPUT */ + global $INPUT; + if(!$auth) return false; if(is_null($user)) { - if(!isset($_SERVER['REMOTE_USER'])) { + if(!$INPUT->server->has('REMOTE_USER')) { return false; } else { - $user = $_SERVER['REMOTE_USER']; + $user = $INPUT->server->str('REMOTE_USER'); } } if(is_null($groups)) { @@ -651,9 +665,11 @@ function auth_isMember($memberlist, $user, array $groups) { function auth_quickaclcheck($id) { global $conf; global $USERINFO; + /* @var Input $INPUT */ + global $INPUT; # if no ACL is used always return upload rights if(!$conf['useacl']) return AUTH_UPLOAD; - return auth_aclcheck($id, $_SERVER['REMOTE_USER'], $USERINFO['grps']); + return auth_aclcheck($id, $INPUT->server->str('REMOTE_USER'), $USERINFO['grps']); } /** @@ -1058,18 +1074,18 @@ function updateprofile() { } if($conf['profileconfirm']) { - if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) { + if(!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) { msg($lang['badpassconfirm'], -1); return false; } } - if($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) { + if($result = $auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), $changes))) { // update cookie and session with the changed data if($changes['pass']) { list( /*user*/, $sticky, /*pass*/) = auth_getCookie(); $pass = auth_encrypt($changes['pass'], auth_cookiesalt(!$sticky, true)); - auth_setCookie($_SERVER['REMOTE_USER'], $pass, (bool) $sticky); + auth_setCookie($INPUT->server->str('REMOTE_USER'), $pass, (bool) $sticky); } return true; } @@ -1105,13 +1121,13 @@ function auth_deleteprofile(){ } if($conf['profileconfirm']) { - if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) { + if(!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) { msg($lang['badpassconfirm'], -1); return false; } } - $deleted[] = $_SERVER['REMOTE_USER']; + $deleted[] = $INPUT->server->str('REMOTE_USER'); if($auth->triggerUserMod('delete', array($deleted))) { // force and immediate logout including removing the sticky cookie auth_logoff(); diff --git a/inc/changelog.php b/inc/changelog.php index 6ff1e0eca..cd46b1ec0 100644 --- a/inc/changelog.php +++ b/inc/changelog.php @@ -52,6 +52,8 @@ function parseChangelogLine($line) { */ function addLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extra='', $flags=null){ global $conf, $INFO; + /** @var Input $INPUT */ + global $INPUT; // check for special flags as keys if (!is_array($flags)) { $flags = array(); } @@ -65,7 +67,7 @@ function addLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extr if(!$date) $date = time(); //use current time if none supplied $remote = (!$flagExternalEdit)?clientIP(true):'127.0.0.1'; - $user = (!$flagExternalEdit)?$_SERVER['REMOTE_USER']:''; + $user = (!$flagExternalEdit)?$INPUT->server->str('REMOTE_USER'):''; $strip = array("\t", "\n"); $logline = array( @@ -117,12 +119,14 @@ function addLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extr */ function addMediaLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extra='', $flags=null){ global $conf; + /** @var Input $INPUT */ + global $INPUT; $id = cleanid($id); if(!$date) $date = time(); //use current time if none supplied $remote = clientIP(true); - $user = $_SERVER['REMOTE_USER']; + $user = $INPUT->server->str('REMOTE_USER'); $strip = array("\t", "\n"); $logline = array( diff --git a/inc/common.php b/inc/common.php index 6aad42bd1..9fbebde94 100644 --- a/inc/common.php +++ b/inc/common.php @@ -56,15 +56,18 @@ function stripctl($string) { * @return string */ function getSecurityToken() { - return PassHash::hmac('md5', session_id().$_SERVER['REMOTE_USER'], auth_cookiesalt()); + /** @var Input $INPUT */ + global $INPUT; + return PassHash::hmac('md5', session_id().$INPUT->server->str('REMOTE_USER'), auth_cookiesalt()); } /** * Check the secret CSRF token */ function checkSecurityToken($token = null) { + /** @var Input $INPUT */ global $INPUT; - if(empty($_SERVER['REMOTE_USER'])) return true; // no logged in user, no need for a check + if(!$INPUT->server->str('REMOTE_USER')) return true; // no logged in user, no need for a check if(is_null($token)) $token = $INPUT->str('sectok'); if(getSecurityToken() != $token) { @@ -93,14 +96,16 @@ function formSecurityToken($print = true) { */ function basicinfo($id, $htmlClient=true){ global $USERINFO; + /* @var Input $INPUT */ + global $INPUT; // set info about manager/admin status. $info['isadmin'] = false; $info['ismanager'] = false; - if(isset($_SERVER['REMOTE_USER'])) { + if($INPUT->server->has('REMOTE_USER')) { $info['userinfo'] = $USERINFO; $info['perm'] = auth_quickaclcheck($id); - $info['client'] = $_SERVER['REMOTE_USER']; + $info['client'] = $INPUT->server->str('REMOTE_USER'); if($info['perm'] == AUTH_ADMIN) { $info['isadmin'] = true; @@ -111,7 +116,7 @@ function basicinfo($id, $htmlClient=true){ // if some outside auth were used only REMOTE_USER is set if(!$info['userinfo']['name']) { - $info['userinfo']['name'] = $_SERVER['REMOTE_USER']; + $info['userinfo']['name'] = $INPUT->server->str('REMOTE_USER'); } } else { @@ -140,6 +145,8 @@ function pageinfo() { global $REV; global $RANGE; global $lang; + /* @var Input $INPUT */ + global $INPUT; $info = basicinfo($ID); @@ -148,7 +155,7 @@ function pageinfo() { $info['id'] = $ID; $info['rev'] = $REV; - if(isset($_SERVER['REMOTE_USER'])) { + if($INPUT->server->has('REMOTE_USER')) { $sub = new Subscription(); $info['subscribed'] = $sub->user_subscription(); } else { @@ -356,11 +363,14 @@ function breadcrumbs() { */ function idfilter($id, $ue = true) { global $conf; + /* @var Input $INPUT */ + global $INPUT; + if($conf['useslash'] && $conf['userewrite']) { $id = strtr($id, ':', '/'); } elseif(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' && $conf['userewrite'] && - strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') === false + strpos($INPUT->server->str('SERVER_SOFTWARE'), 'Microsoft-IIS') === false ) { $id = strtr($id, ':', ';'); } @@ -588,6 +598,8 @@ function checkwordblock($text = '') { global $SUM; global $conf; global $INFO; + /* @var Input $INPUT */ + global $INPUT; if(!$conf['usewordblock']) return false; @@ -620,9 +632,9 @@ function checkwordblock($text = '') { if(count($re) && preg_match('#('.join('|', $re).')#si', $text, $matches)) { // prepare event data $data['matches'] = $matches; - $data['userinfo']['ip'] = $_SERVER['REMOTE_ADDR']; - if($_SERVER['REMOTE_USER']) { - $data['userinfo']['user'] = $_SERVER['REMOTE_USER']; + $data['userinfo']['ip'] = $INPUT->server->str('REMOTE_ADDR'); + if($INPUT->server->str('REMOTE_USER')) { + $data['userinfo']['user'] = $INPUT->server->str('REMOTE_USER'); $data['userinfo']['name'] = $INFO['userinfo']['name']; $data['userinfo']['mail'] = $INFO['userinfo']['mail']; } @@ -648,12 +660,17 @@ function checkwordblock($text = '') { * @return string */ function clientIP($single = false) { + /* @var Input $INPUT */ + global $INPUT; + $ip = array(); - $ip[] = $_SERVER['REMOTE_ADDR']; - if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) - $ip = array_merge($ip, explode(',', str_replace(' ', '', $_SERVER['HTTP_X_FORWARDED_FOR']))); - if(!empty($_SERVER['HTTP_X_REAL_IP'])) - $ip = array_merge($ip, explode(',', str_replace(' ', '', $_SERVER['HTTP_X_REAL_IP']))); + $ip[] = $INPUT->server->str('REMOTE_ADDR'); + if($INPUT->server->str('HTTP_X_FORWARDED_FOR')) { + $ip = array_merge($ip, explode(',', str_replace(' ', '', $INPUT->server->str('HTTP_X_FORWARDED_FOR')))); + } + if($INPUT->server->str('HTTP_X_REAL_IP')) { + $ip = array_merge($ip, explode(',', str_replace(' ', '', $INPUT->server->str('HTTP_X_REAL_IP')))); + } // some IPv4/v6 regexps borrowed from Feyd // see: http://forums.devnetwork.net/viewtopic.php?f=38&t=53479 @@ -712,16 +729,18 @@ function clientIP($single = false) { * @link http://www.brainhandles.com/2007/10/15/detecting-mobile-browsers/#code */ function clientismobile() { + /* @var Input $INPUT */ + global $INPUT; - if(isset($_SERVER['HTTP_X_WAP_PROFILE'])) return true; + if($INPUT->server->has('HTTP_X_WAP_PROFILE')) return true; - if(preg_match('/wap\.|\.wap/i', $_SERVER['HTTP_ACCEPT'])) return true; + if(preg_match('/wap\.|\.wap/i', $INPUT->server->str('HTTP_ACCEPT'))) return true; - if(!isset($_SERVER['HTTP_USER_AGENT'])) return false; + if(!$INPUT->server->has('HTTP_USER_AGENT')) return false; $uamatches = 'midp|j2me|avantg|docomo|novarra|palmos|palmsource|240x320|opwv|chtml|pda|windows ce|mmp\/|blackberry|mib\/|symbian|wireless|nokia|hand|mobi|phone|cdm|up\.b|audio|SIE\-|SEC\-|samsung|HTC|mot\-|mitsu|sagem|sony|alcatel|lg|erics|vx|NEC|philips|mmm|xx|panasonic|sharp|wap|sch|rover|pocket|benq|java|pt|pg|vox|amoi|bird|compal|kg|voda|sany|kdd|dbt|sendo|sgh|gradi|jb|\d\d\di|moto'; - if(preg_match("/$uamatches/i", $_SERVER['HTTP_USER_AGENT'])) return true; + if(preg_match("/$uamatches/i", $INPUT->server->str('HTTP_USER_AGENT'))) return true; return false; } @@ -761,6 +780,9 @@ function gethostsbyaddrs($ips) { */ function checklock($id) { global $conf; + /* @var Input $INPUT */ + global $INPUT; + $lock = wikiLockFN($id); //no lockfile @@ -774,7 +796,7 @@ function checklock($id) { //my own lock @list($ip, $session) = explode("\n", io_readFile($lock)); - if($ip == $_SERVER['REMOTE_USER'] || $ip == clientIP() || $session == session_id()) { + if($ip == $INPUT->server->str('REMOTE_USER') || $ip == clientIP() || $session == session_id()) { return false; } @@ -788,14 +810,16 @@ function checklock($id) { */ function lock($id) { global $conf; + /* @var Input $INPUT */ + global $INPUT; if($conf['locktime'] == 0) { return; } $lock = wikiLockFN($id); - if($_SERVER['REMOTE_USER']) { - io_saveFile($lock, $_SERVER['REMOTE_USER']); + if($INPUT->server->str('REMOTE_USER')) { + io_saveFile($lock, $INPUT->server->str('REMOTE_USER')); } else { io_saveFile($lock, clientIP()."\n".session_id()); } @@ -809,10 +833,13 @@ function lock($id) { * @return bool true if a lock was removed */ function unlock($id) { + /* @var Input $INPUT */ + global $INPUT; + $lock = wikiLockFN($id); if(@file_exists($lock)) { @list($ip, $session) = explode("\n", io_readFile($lock)); - if($ip == $_SERVER['REMOTE_USER'] || $ip == clientIP() || $session == session_id()) { + if($ip == $INPUT->server->str('REMOTE_USER') || $ip == clientIP() || $session == session_id()) { @unlink($lock); return true; } @@ -938,6 +965,8 @@ function parsePageTemplate(&$data) { global $USERINFO; global $conf; + /* @var Input $INPUT */ + global $INPUT; // replace placeholders $file = noNS($id); @@ -969,7 +998,7 @@ function parsePageTemplate(&$data) { utf8_ucfirst($page), utf8_ucwords($page), utf8_strtoupper($page), - $_SERVER['REMOTE_USER'], + $INPUT->server->str('REMOTE_USER'), $USERINFO['name'], $USERINFO['mail'], $conf['dformat'], @@ -1050,6 +1079,9 @@ function saveWikiText($id, $text, $summary, $minor = false) { global $conf; global $lang; global $REV; + /* @var Input $INPUT */ + global $INPUT; + // ignore if no changes were made if($text == rawWiki($id, '')) { return; @@ -1112,7 +1144,7 @@ function saveWikiText($id, $text, $summary, $minor = false) { $type = DOKU_CHANGE_TYPE_CREATE; } else if($wasRemoved) { $type = DOKU_CHANGE_TYPE_DELETE; - } else if($minor && $conf['useacl'] && $_SERVER['REMOTE_USER']) { + } else if($minor && $conf['useacl'] && $INPUT->server->str('REMOTE_USER')) { $type = DOKU_CHANGE_TYPE_MINOR_EDIT; } //minor edits only for logged in users @@ -1164,6 +1196,8 @@ function saveOldRevision($id) { */ function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace = array()) { global $conf; + /* @var Input $INPUT */ + global $INPUT; // decide if there is something to do, eg. whom to mail if($who == 'admin') { @@ -1172,7 +1206,7 @@ function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace = $to = $conf['notify']; } elseif($who == 'subscribers') { if(!actionOK('subscribe')) return false; //subscribers enabled? - if($conf['useacl'] && $_SERVER['REMOTE_USER'] && $minor) return false; //skip minors + if($conf['useacl'] && $INPUT->server->str('REMOTE_USER') && $minor) return false; //skip minors $data = array('id' => $id, 'addresslist' => '', 'self' => false); trigger_event( 'COMMON_NOTIFY_ADDRESSLIST', $data, @@ -1197,10 +1231,13 @@ function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace = * @author Todd Augsburger <todd@rollerorgans.com> */ function getGoogleQuery() { - if(!isset($_SERVER['HTTP_REFERER'])) { + /* @var Input $INPUT */ + global $INPUT; + + if(!$INPUT->server->has('HTTP_REFERER')) { return ''; } - $url = parse_url($_SERVER['HTTP_REFERER']); + $url = parse_url($INPUT->server->str('HTTP_REFERER')); // only handle common SEs if(!preg_match('/(google|bing|yahoo|ask|duckduckgo|babylon|aol|yandex)/',$url['host'])) return ''; @@ -1523,6 +1560,9 @@ function is_mem_available($mem, $bytes = 1048576) { * @author Andreas Gohr <andi@splitbrain.org> */ function send_redirect($url) { + /* @var Input $INPUT */ + global $INPUT; + //are there any undisplayed messages? keep them in session for display global $MSG; if(isset($MSG) && count($MSG) && !defined('NOSESSION')) { @@ -1546,9 +1586,9 @@ function send_redirect($url) { } // check if running on IIS < 6 with CGI-PHP - if(isset($_SERVER['SERVER_SOFTWARE']) && isset($_SERVER['GATEWAY_INTERFACE']) && - (strpos($_SERVER['GATEWAY_INTERFACE'], 'CGI') !== false) && - (preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($_SERVER['SERVER_SOFTWARE']), $matches)) && + if($INPUT->server->has('SERVER_SOFTWARE') && $INPUT->server->has('GATEWAY_INTERFACE') && + (strpos($INPUT->server->str('GATEWAY_INTERFACE'), 'CGI') !== false) && + (preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($INPUT->server->str('SERVER_SOFTWARE')), $matches)) && $matches[1] < 6 ) { header('Refresh: 0;url='.$url); diff --git a/inc/infoutils.php b/inc/infoutils.php index 3636d86a1..0992040d9 100644 --- a/inc/infoutils.php +++ b/inc/infoutils.php @@ -102,6 +102,8 @@ function getVersion(){ function check(){ global $conf; global $INFO; + /* @var Input $INPUT */ + global $INPUT; if ($INFO['isadmin'] || $INFO['ismanager']){ msg('DokuWiki version: '.getVersion(),1); @@ -204,7 +206,7 @@ function check(){ } if($INFO['userinfo']['name']){ - msg('You are currently logged in as '.$_SERVER['REMOTE_USER'].' ('.$INFO['userinfo']['name'].')',0); + msg('You are currently logged in as '.$INPUT->server->str('REMOTE_USER').' ('.$INFO['userinfo']['name'].')',0); msg('You are part of the groups '.join($INFO['userinfo']['grps'],', '),0); }else{ msg('You are currently not logged in',0); @@ -361,6 +363,9 @@ function dbg($msg,$hidden=false){ */ function dbglog($msg,$header=''){ global $conf; + /* @var Input $INPUT */ + global $INPUT; + // The debug log isn't automatically cleaned thus only write it when // debugging has been enabled by the user. if($conf['allowdebug'] !== 1) return; @@ -373,7 +378,7 @@ function dbglog($msg,$header=''){ $file = $conf['cachedir'].'/debug.log'; $fh = fopen($file,'a'); if($fh){ - fwrite($fh,date('H:i:s ').$_SERVER['REMOTE_ADDR'].': '.$msg."\n"); + fwrite($fh,date('H:i:s ').$INPUT->server->str('REMOTE_ADDR').': '.$msg."\n"); fclose($fh); } } diff --git a/inc/init.php b/inc/init.php index bcd96e5e4..4ff239787 100644 --- a/inc/init.php +++ b/inc/init.php @@ -402,6 +402,10 @@ function remove_magic_quotes(&$array) { * Returns the full absolute URL to the directory where * DokuWiki is installed in (includes a trailing slash) * + * !! Can not access $_SERVER values through $INPUT + * !! here as this function is called before $INPUT is + * !! initialized. + * * @author Andreas Gohr <andi@splitbrain.org> */ function getBaseURL($abs=null){ diff --git a/inc/mail.php b/inc/mail.php index 0b60c0a5b..9994ac63e 100644 --- a/inc/mail.php +++ b/inc/mail.php @@ -40,6 +40,8 @@ if (!defined('PREG_PATTERN_VALID_EMAIL')) define('PREG_PATTERN_VALID_EMAIL', '[' function mail_setup(){ global $conf; global $USERINFO; + /** @var Input $INPUT */ + global $INPUT; // auto constructed address $host = @parse_url(DOKU_URL,PHP_URL_HOST); @@ -53,11 +55,8 @@ function mail_setup(){ $replace['@MAIL@'] = $noreply; } - if(!empty($_SERVER['REMOTE_USER'])){ - $replace['@USER@'] = $_SERVER['REMOTE_USER']; - }else{ - $replace['@USER@'] = 'noreply'; - } + // use 'noreply' if no user + $replace['@USER@'] = $INPUT->server->str('REMOTE_USER', 'noreply', true); if(!empty($USERINFO['name'])){ $replace['@NAME@'] = $USERINFO['name']; diff --git a/inc/pageutils.php b/inc/pageutils.php index 9c2794387..8474c5697 100644 --- a/inc/pageutils.php +++ b/inc/pageutils.php @@ -19,6 +19,7 @@ * @author Andreas Gohr <andi@splitbrain.org> */ function getID($param='id',$clean=true){ + /** @var Input $INPUT */ global $INPUT; global $conf; global $ACT; @@ -27,7 +28,7 @@ function getID($param='id',$clean=true){ //construct page id from request URI if(empty($id) && $conf['userewrite'] == 2){ - $request = $_SERVER['REQUEST_URI']; + $request = $INPUT->server->str('REQUEST_URI'); $script = ''; //get the script URL @@ -36,15 +37,15 @@ function getID($param='id',$clean=true){ if($param != 'id') { $relpath = 'lib/exe/'; } - $script = $conf['basedir'].$relpath.utf8_basename($_SERVER['SCRIPT_FILENAME']); - - }elseif($_SERVER['PATH_INFO']){ - $request = $_SERVER['PATH_INFO']; - }elseif($_SERVER['SCRIPT_NAME']){ - $script = $_SERVER['SCRIPT_NAME']; - }elseif($_SERVER['DOCUMENT_ROOT'] && $_SERVER['SCRIPT_FILENAME']){ - $script = preg_replace ('/^'.preg_quote($_SERVER['DOCUMENT_ROOT'],'/').'/','', - $_SERVER['SCRIPT_FILENAME']); + $script = $conf['basedir'].$relpath.utf8_basename($INPUT->server->str('SCRIPT_FILENAME')); + + }elseif($INPUT->server->str('PATH_INFO')){ + $request = $INPUT->server->str('PATH_INFO'); + }elseif($INPUT->server->str('SCRIPT_NAME')){ + $script = $INPUT->server->str('SCRIPT_NAME'); + }elseif($INPUT->server->str('DOCUMENT_ROOT') && $INPUT->server->str('SCRIPT_FILENAME')){ + $script = preg_replace ('/^'.preg_quote($INPUT->server->str('DOCUMENT_ROOT'),'/').'/','', + $INPUT->server->str('SCRIPT_FILENAME')); $script = '/'.$script; } diff --git a/inc/remote.php b/inc/remote.php index 2ef28afd2..e27aa74f8 100644 --- a/inc/remote.php +++ b/inc/remote.php @@ -169,6 +169,9 @@ class RemoteAPI { public function hasAccess() { global $conf; global $USERINFO; + /** @var Input $INPUT */ + global $INPUT; + if (!$conf['remote']) { return false; } @@ -179,7 +182,7 @@ class RemoteAPI { return true; } - return auth_isMember($conf['remoteuser'], $_SERVER['REMOTE_USER'], (array) $USERINFO['grps']); + return auth_isMember($conf['remoteuser'], $INPUT->server->str('REMOTE_USER'), (array) $USERINFO['grps']); } /** diff --git a/inc/subscription.php b/inc/subscription.php index ddf30706b..adf1b821c 100644 --- a/inc/subscription.php +++ b/inc/subscription.php @@ -256,8 +256,10 @@ class Subscription { if(!$this->isenabled()) return false; global $ID; + /** @var Input $INPUT */ + global $INPUT; if(!$id) $id = $ID; - if(!$user) $user = $_SERVER['REMOTE_USER']; + if(!$user) $user = $INPUT->server->str('REMOTE_USER'); $subs = $this->subscribers($id, $user); if(!count($subs)) return false; @@ -292,13 +294,15 @@ class Subscription { global $auth; global $conf; global $USERINFO; + /** @var Input $INPUT */ + global $INPUT; $count = 0; $subscriptions = $this->subscribers($page, null, array('digest', 'list')); // remember current user info $olduinfo = $USERINFO; - $olduser = $_SERVER['REMOTE_USER']; + $olduser = $INPUT->server->str('REMOTE_USER'); foreach($subscriptions as $target => $users) { if(!$this->lock($target)) continue; @@ -315,7 +319,7 @@ class Subscription { // Work as the user to make sure ACLs apply correctly $USERINFO = $auth->getUserData($user); - $_SERVER['REMOTE_USER'] = $user; + $INPUT->server->set('REMOTE_USER',$user); if($USERINFO === false) continue; if(!$USERINFO['mail']) continue; @@ -334,7 +338,7 @@ class Subscription { foreach($changes as $rev) { $n = 0; while(!is_null($rev) && $rev['date'] >= $lastupdate && - ($_SERVER['REMOTE_USER'] === $rev['user'] || + ($INPUT->server->str('REMOTE_USER') === $rev['user'] || $rev['type'] === DOKU_CHANGE_TYPE_MINOR_EDIT)) { $rev = getRevisions($rev['id'], $n++, 1); $rev = (count($rev) > 0) ? $rev[0] : null; @@ -369,7 +373,7 @@ class Subscription { // restore current user info $USERINFO = $olduinfo; - $_SERVER['REMOTE_USER'] = $olduser; + $INPUT->server->set('REMOTE_USER',$olduser); return $count; } @@ -654,6 +658,8 @@ class Subscription { /** @var DokuWiki_Auth_Plugin $auth */ global $auth; global $conf; + /** @var Input $INPUT */ + global $INPUT; $id = $data['id']; $self = $data['self']; @@ -667,7 +673,7 @@ class Subscription { $userinfo = $auth->getUserData($user); if($userinfo === false) continue; if(!$userinfo['mail']) continue; - if(!$self && $user == $_SERVER['REMOTE_USER']) continue; //skip our own changes + if(!$self && $user == $INPUT->server->str('REMOTE_USER')) continue; //skip our own changes $level = auth_aclcheck($id, $user, $userinfo['grps']); if($level >= AUTH_READ) { diff --git a/inc/template.php b/inc/template.php index c0dfbb845..88964fada 100644 --- a/inc/template.php +++ b/inc/template.php @@ -291,6 +291,8 @@ function tpl_metaheaders($alt = true) { global $lang; global $conf; global $updateVersion; + /** @var Input $INPUT */ + global $INPUT; // prepare the head array $head = array(); @@ -401,7 +403,7 @@ function tpl_metaheaders($alt = true) { // make $INFO and other vars available to JavaScripts $json = new JSON(); $script = "var NS='".$INFO['namespace']."';"; - if($conf['useacl'] && !empty($_SERVER['REMOTE_USER'])) { + if($conf['useacl'] && $INPUT->server->str('REMOTE_USER')) { $script .= "var SIG='".toolbar_signature()."';"; } $script .= 'var JSINFO = '.$json->encode($JSINFO).';'; @@ -603,6 +605,8 @@ function tpl_get_action($type) { global $REV; global $ACT; global $conf; + /** @var Input $INPUT */ + global $INPUT; // check disabled actions and fix the badly named ones if($type == 'history') $type = 'revisions'; @@ -672,7 +676,7 @@ function tpl_get_action($type) { break; case 'login': $params['sectok'] = getSecurityToken(); - if(isset($_SERVER['REMOTE_USER'])) { + if($INPUT->server->has('REMOTE_USER')) { if(!actionOK('logout')) { return false; } @@ -681,12 +685,12 @@ function tpl_get_action($type) { } break; case 'register': - if(!empty($_SERVER['REMOTE_USER'])) { + if($INPUT->server->str('REMOTE_USER')) { return false; } break; case 'resendpwd': - if(!empty($_SERVER['REMOTE_USER'])) { + if($INPUT->server->str('REMOTE_USER')) { return false; } break; @@ -703,14 +707,14 @@ function tpl_get_action($type) { $params['sectok'] = getSecurityToken(); break; case 'subscribe': - if(!$_SERVER['REMOTE_USER']) { + if(!$INPUT->server->str('REMOTE_USER')) { return false; } break; case 'backlink': break; case 'profile': - if(!isset($_SERVER['REMOTE_USER'])) { + if(!$INPUT->server->has('REMOTE_USER')) { return false; } break; @@ -886,8 +890,11 @@ function tpl_youarehere($sep = ' » ') { function tpl_userinfo() { global $lang; global $INFO; - if(isset($_SERVER['REMOTE_USER'])) { - print $lang['loggedinas'].': <bdi>'.hsc($INFO['userinfo']['name']).'</bdi> (<bdi>'.hsc($_SERVER['REMOTE_USER']).'</bdi>)'; + /** @var Input $INPUT */ + global $INPUT; + + if($INPUT->server->str('REMOTE_USER')) { + print $lang['loggedinas'].': <bdi>'.hsc($INFO['userinfo']['name']).'</bdi> (<bdi>'.hsc($INPUT->server->str('REMOTE_USER')).'</bdi>)'; return true; } return false; @@ -1030,6 +1037,7 @@ function tpl_img_getTag($tags, $alt = '', $src = null) { */ function tpl_img($maxwidth = 0, $maxheight = 0, $link = true, $params = null) { global $IMG; + /** @var Input $INPUT */ global $INPUT; $w = tpl_img_getTag('File.Width'); $h = tpl_img_getTag('File.Height'); @@ -1242,6 +1250,7 @@ function tpl_mediaContent($fromajax = false, $sort='natural') { global $INUSE; global $NS; global $JUMPTO; + /** @var Input $INPUT */ global $INPUT; $do = $INPUT->extract('do')->str('do'); @@ -1291,6 +1300,7 @@ function tpl_mediaFileList() { global $NS; global $JUMPTO; global $lang; + /** @var Input $INPUT */ global $INPUT; $opened_tab = $INPUT->str('tab_files'); @@ -1331,7 +1341,9 @@ function tpl_mediaFileList() { * @author Kate Arzamastseva <pshns@ukr.net> */ function tpl_mediaFileDetails($image, $rev) { - global $AUTH, $NS, $conf, $DEL, $lang, $INPUT; + global $AUTH, $NS, $conf, $DEL, $lang; + /** @var Input $INPUT */ + global $INPUT; $removed = (!file_exists(mediaFN($image)) && file_exists(mediaMetaFN($image, '.changes')) && $conf['mediarevisions']); if(!$image || (!file_exists(mediaFN($image)) && !$removed) || $DEL) return; @@ -1409,12 +1421,14 @@ function tpl_actiondropdown($empty = '', $button = '>') { global $ID; global $REV; global $lang; + /** @var Input $INPUT */ + global $INPUT; echo '<form action="'.script().'" method="get" accept-charset="utf-8">'; echo '<div class="no">'; echo '<input type="hidden" name="id" value="'.$ID.'" />'; if($REV) echo '<input type="hidden" name="rev" value="'.$REV.'" />'; - if (!empty($_SERVER['REMOTE_USER'])) { + if ($INPUT->server->str('REMOTE_USER')) { echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />'; } @@ -1780,11 +1794,14 @@ function tpl_media() { */ function tpl_classes() { global $ACT, $conf, $ID, $INFO; + /** @var Input $INPUT */ + global $INPUT; + $classes = array( 'dokuwiki', 'mode_'.$ACT, 'tpl_'.$conf['template'], - !empty($_SERVER['REMOTE_USER']) ? 'loggedIn' : '', + $INPUT->server->bool('REMOTE_USER') ? 'loggedIn' : '', $INFO['exists'] ? '' : 'notFound', ($ID == $conf['start']) ? 'home' : '', ); diff --git a/inc/toolbar.php b/inc/toolbar.php index d8d2f209b..7cc29e866 100644 --- a/inc/toolbar.php +++ b/inc/toolbar.php @@ -241,10 +241,12 @@ function toolbar_JSdefines($varname){ function toolbar_signature(){ global $conf; global $INFO; + /** @var Input $INPUT */ + global $INPUT; $sig = $conf['signature']; $sig = dformat(null,$sig); - $sig = str_replace('@USER@',$_SERVER['REMOTE_USER'],$sig); + $sig = str_replace('@USER@',$INPUT->server->str('REMOTE_USER'),$sig); $sig = str_replace('@NAME@',$INFO['userinfo']['name'],$sig); $sig = str_replace('@MAIL@',$INFO['userinfo']['mail'],$sig); $sig = str_replace('@DATE@',dformat(),$sig); |