diff options
| author | Tom N Harris <tnharris@whoopdedo.org> | 2012-06-28 22:15:56 -0400 |
|---|---|---|
| committer | Tom N Harris <tnharris@whoopdedo.org> | 2012-06-28 22:15:56 -0400 |
| commit | 8108113c244529ec54f11271a6a15e3d1e0a048f (patch) | |
| tree | 8f819bb5745fa11a6d5ba0cfe6a7d049f16a7c2f | |
| parent | bfd0f5975e6e3578b4fa0c712e9779a0861fdc72 (diff) | |
| download | rpg-8108113c244529ec54f11271a6a15e3d1e0a048f.tar.gz rpg-8108113c244529ec54f11271a6a15e3d1e0a048f.tar.bz2 | |
Input validation for media manager
| -rw-r--r-- | inc/media.php | 66 | ||||
| -rw-r--r-- | lib/exe/mediamanager.php | 35 |
2 files changed, 57 insertions, 44 deletions
diff --git a/inc/media.php b/inc/media.php index 2462a1deb..6c92225ff 100644 --- a/inc/media.php +++ b/inc/media.php @@ -226,8 +226,9 @@ function media_delete($id,$auth){ */ function media_upload_xhr($ns,$auth){ if(!checkSecurityToken()) return false; + global $INPUT; - $id = $_GET['qqfile']; + $id = $INPUT->get->str('qqfile'); list($ext,$mime,$dl) = mimetype($id); $input = fopen("php://input", "r"); if (!($tmp = io_mktmpdir())) return false; @@ -247,7 +248,7 @@ function media_upload_xhr($ns,$auth){ 'mime' => $mime, 'ext' => $ext), $ns.':'.$id, - (($_REQUEST['ow'] == 'checked') ? true : false), + (($INPUT->get->str('ow') == 'checked') ? true : false), $auth, 'copy' ); @@ -270,9 +271,10 @@ function media_upload_xhr($ns,$auth){ function media_upload($ns,$auth,$file=false){ if(!checkSecurityToken()) return false; global $lang; + global $INPUT; // get file and id - $id = $_POST['mediaid']; + $id = $INPUT->post->str('mediaid'); if (!$file) $file = $_FILES['upload']; if(empty($id)) $id = $file['name']; @@ -294,7 +296,7 @@ function media_upload($ns,$auth,$file=false){ $res = media_save(array('name' => $file['tmp_name'], 'mime' => $imime, 'ext' => $iext), $ns.':'.$id, - $_REQUEST['ow'], $auth, 'move_uploaded_file'); + $INPUT->post->bool('ow'), $auth, 'move_uploaded_file'); if (is_array($res)) { msg($res[0], $res[1]); return false; @@ -641,7 +643,9 @@ function media_tabs_details($image, $selected_tab = ''){ * @author Kate Arzamastseva <pshns@ukr.net> */ function media_tab_files_options(){ - global $lang, $NS; + global $lang; + global $NS; + global $INPUT; $form = new Doku_Form(array('class' => 'options', 'method' => 'get', 'action' => wl($ID))); $media_manager_params = media_managerURL(array(), '', false, true); @@ -649,8 +653,8 @@ function media_tab_files_options(){ $form->addHidden($pKey, $pVal); } $form->addHidden('sectok', null); - if (isset($_REQUEST['q'])) { - $form->addHidden('q', $_REQUEST['q']); + if ($INPUT->has('q')) { + $form->addHidden('q', $INPUT->str('q')); } $form->addElement('<ul>'.NL); foreach(array('list' => array('listType', array('thumbs', 'rows')), @@ -694,9 +698,10 @@ function _media_get_list_type() { } function _media_get_display_param($param, $values) { - if (isset($_REQUEST[$param]) && in_array($_REQUEST[$param], $values)) { + global $INPUT; + if (in_array($INPUT->str($param), $values)) { // FIXME: Set cookie - return $_REQUEST[$param]; + return $INPUT->str($param); } else { $val = get_doku_pref($param, $values['default']); if (!in_array($val, $values)) { @@ -746,10 +751,10 @@ function media_tab_upload($ns,$auth=null,$jump='') { */ function media_tab_search($ns,$auth=null) { global $lang; + global $INPUT; - $do = $_REQUEST['mediado']; - $query = $_REQUEST['q']; - if (!$query) $query = ''; + $do = $INPUT->str('mediado'); + $query = $INPUT->str('q'); echo '<div class="search">'.NL; media_searchform($ns, $query, true); @@ -801,14 +806,16 @@ function media_tab_edit($image, $ns, $auth=null) { */ function media_tab_history($image, $ns, $auth=null) { global $lang; + global $INPUT; + if(is_null($auth)) $auth = auth_quickaclcheck("$ns:*"); - $do = $_REQUEST['mediado']; + $do = $INPUT->str('mediado'); if ($auth >= AUTH_READ && $image) { if ($do == 'diff'){ media_diff($image, $ns, $auth); } else { - $first = isset($_REQUEST['first']) ? intval($_REQUEST['first']) : 0; + $first = $INPUT->int('first'); html_revisions($first, $image); } } else { @@ -1002,21 +1009,22 @@ function media_details($image, $auth, $rev=false, $meta=false) { function media_diff($image, $ns, $auth, $fromajax = false) { global $lang; global $conf; + global $INPUT; if ($auth < AUTH_READ || !$image || !$conf['mediarevisions']) return ''; - $rev1 = (int) $_REQUEST['rev']; + $rev1 = $INPUT->int('rev'); - if(is_array($_REQUEST['rev2'])){ - $rev1 = (int) $_REQUEST['rev2'][0]; - $rev2 = (int) $_REQUEST['rev2'][1]; + if(is_array($INPUT->ref('rev2'))){ + $rev1 = (int) $INPUT->arr('rev2')[0]; + $rev2 = (int) $INPUT->arr('rev2')[1]; if(!$rev1){ $rev1 = $rev2; unset($rev2); } }else{ - $rev2 = (int) $_REQUEST['rev2']; + $rev2 = $INPUT->int('rev2'); } if ($rev1 && !file_exists(mediaFN($image, $rev1))) $rev1 = false; @@ -1071,7 +1079,9 @@ function _media_file_diff($data) { * @author Kate Arzamastseva <pshns@ukr.net> */ function media_file_diff($image, $l_rev, $r_rev, $ns, $auth, $fromajax){ - global $lang, $config_cascade; + global $lang; + global $config_cascade; + global $INPUT; $l_meta = new JpegMeta(mediaFN($image, $l_rev)); $r_meta = new JpegMeta(mediaFN($image, $r_rev)); @@ -1082,7 +1092,7 @@ function media_file_diff($image, $l_rev, $r_rev, $ns, $auth, $fromajax){ $r_size = media_image_preview_size($image, $r_rev, $r_meta); $is_img = ($l_size && $r_size && ($l_size[0] >= 30 || $r_size[0] >= 30)); - $difftype = $_REQUEST['difftype']; + $difftype = $INPUT->str('difftype'); if (!$fromajax) { $form = new Doku_Form(array( @@ -1527,11 +1537,12 @@ function media_printimgdetail($item, $fullscreen=false){ function media_managerURL($params=false, $amp='&', $abs=false, $params_array=false) { global $conf; global $ID; + global $INPUT; $gets = array('do' => 'media'); $media_manager_params = array('tab_files', 'tab_details', 'image', 'ns', 'list', 'sort'); foreach ($media_manager_params as $x) { - if (isset($_REQUEST[$x])) $gets[$x] = $_REQUEST[$x]; + if ($INPUT->has($x)) $gets[$x] = $INPUT->str($x); } if ($params) { @@ -1555,7 +1566,9 @@ function media_managerURL($params=false, $amp='&', $abs=false, $params_array * @author Kate Arzamastseva <pshns@ukr.net> */ function media_uploadform($ns, $auth, $fullscreen = false){ - global $lang, $conf; + global $lang; + global $conf; + global $INPUT; if($auth < AUTH_UPLOAD) { echo '<div class="nothing">'.$lang['media_perm_upload'].'</div>'.NL; @@ -1565,9 +1578,9 @@ function media_uploadform($ns, $auth, $fullscreen = false){ $update = false; $id = ''; - if ($auth >= $auth_ow && $fullscreen && $_REQUEST['mediado'] == 'update') { + if ($auth >= $auth_ow && $fullscreen && $INPUT->str('mediado') == 'update') { $update = true; - $id = cleanID($_REQUEST['image']); + $id = cleanID($INPUT->str('image')); } // The default HTML upload form @@ -1697,12 +1710,13 @@ function media_nstree($ns){ * @author Andreas Gohr <andi@splitbrain.org> */ function media_nstree_item($item){ + global $INPUT; $pos = strrpos($item['id'], ':'); $label = substr($item['id'], $pos > 0 ? $pos + 1 : 0); if(!$item['label']) $item['label'] = $label; $ret = ''; - if (!($_REQUEST['do'] == 'media')) + if (!($INPUT->str('do') == 'media')) $ret .= '<a href="'.DOKU_BASE.'lib/exe/mediamanager.php?ns='.idfilter($item['id']).'" class="idx_dir">'; else $ret .= '<a href="'.media_managerURL(array('ns' => idfilter($item['id'], false), 'tab_files' => 'files')) .'" class="idx_dir">'; diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php index 5f09fe1f8..83166a2f4 100644 --- a/lib/exe/mediamanager.php +++ b/lib/exe/mediamanager.php @@ -11,24 +11,23 @@ session_write_close(); //close session // handle passed message - if($_REQUEST['msg1']) msg(hsc($_REQUEST['msg1']),1); - if($_REQUEST['err']) msg(hsc($_REQUEST['err']),-1); + if($INPUT->str('msg1')) msg(hsc($INPUT->str('msg1')),1); + if($INPUT->str('err')) msg(hsc($INPUT->str('err')),-1); // get namespace to display (either direct or from deletion order) - if($_REQUEST['delete']){ - $DEL = cleanID($_REQUEST['delete']); + if($INPUT->str('delete')){ + $DEL = cleanID($INPUT->str('delete')); $IMG = $DEL; $NS = getNS($DEL); - }elseif($_REQUEST['edit']){ - $IMG = cleanID($_REQUEST['edit']); + }elseif($INPUT->str('edit')){ + $IMG = cleanID($INPUT->str('edit')); $NS = getNS($IMG); - }elseif($_REQUEST['img']){ - $IMG = cleanID($_REQUEST['img']); + }elseif($INPUT->str('img')){ + $IMG = cleanID($INPUT->str('img')); $NS = getNS($IMG); }else{ - $NS = $_REQUEST['ns']; - $NS = cleanID($NS); + $NS = cleanID($INPUT->str('ns')); } // check auth @@ -76,18 +75,18 @@ } // handle meta saving - if($IMG && @array_key_exists('save', $_REQUEST['do'])){ - $JUMPTO = media_metasave($IMG,$AUTH,$_REQUEST['meta']); + if($IMG && @array_key_exists('save', $INPUT->arr('do'))){ + $JUMPTO = media_metasave($IMG,$AUTH,$INPUT->arr('meta')); } - if($IMG && ($_REQUEST['mediado'] == 'save' || @array_key_exists('save', $_REQUEST['mediado']))) { - $JUMPTO = media_metasave($IMG,$AUTH,$_REQUEST['meta']); + if($IMG && ($INPUT->str('mediado') == 'save' || @array_key_exists('save', $INPUT->arr('mediado')))) { + $JUMPTO = media_metasave($IMG,$AUTH,$INPUT->arr('meta')); } - if ($_REQUEST['rev'] && $conf['mediarevisions']) $REV = (int) $_REQUEST['rev']; + if ($INPUT->int('rev') && $conf['mediarevisions']) $REV = $INPUT->int('rev'); - if($_REQUEST['mediado'] == 'restore' && $conf['mediarevisions']){ - $JUMPTO = media_restore($_REQUEST['image'], $REV, $AUTH); + if($INPUT->str('mediado') == 'restore' && $conf['mediarevisions']){ + $JUMPTO = media_restore($INPUT->str('image'), $REV, $AUTH); } // handle deletion @@ -101,7 +100,7 @@ if ($res & DOKU_MEDIA_EMPTY_NS && !$fullscreen) { // current namespace was removed. redirecting to root ns passing msg along send_redirect(DOKU_URL.'lib/exe/mediamanager.php?msg1='. - rawurlencode($msg).'&edid='.$_REQUEST['edid']); + rawurlencode($msg).'&edid='.$INPUT->str('edid')); } msg($msg,1); } elseif ($res & DOKU_MEDIA_INUSE) { |