more INPUT wrapper uses: cache purge, sectok, getID

3 files changed, 6 insertions, 3 deletions

diff --git a/inc/cache.php b/inc/cache.php
index ff78e37ae..204c6f006 100644
--- a/inc/cache.php
+++ b/inc/cache.php
@@ -84,7 +84,8 @@ class cache {
      * it should only overwrite a dependency when the new value is more stringent than the old
      */
     function _addDependencies() {
-        if (isset($_REQUEST['purge'])) $this->depends['purge'] = true;   // purge requested
+        global $INPUT;
+        if ($INPUT->has('purge')) $this->depends['purge'] = true;   // purge requested
     }
 
     /**
diff --git a/inc/common.php b/inc/common.php
index 768260bbf..02ed2432b 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -63,9 +63,10 @@ function getSecurityToken() {
  * Check the secret CSRF token
  */
 function checkSecurityToken($token = null) {
+    global $INPUT;
     if(!$_SERVER['REMOTE_USER']) return true; // no logged in user, no need for a check
 
-    if(is_null($token)) $token = $_REQUEST['sectok'];
+    if(is_null($token)) $token = $INPUT->str('sectok');
     if(getSecurityToken() != $token) {
         msg('Security Token did not match. Possible CSRF attack.', -1);
         return false;
diff --git a/inc/pageutils.php b/inc/pageutils.php
index c94d14624..95f791364 100644
--- a/inc/pageutils.php
+++ b/inc/pageutils.php
@@ -19,9 +19,10 @@
  * @author Andreas Gohr <andi@splitbrain.org>
  */
 function getID($param='id',$clean=true){
+    global $INPUT;
     global $conf;
 
-    $id = isset($_REQUEST[$param]) ? $_REQUEST[$param] : null;
+    $id = $INPUT->str($param);
 
     //construct page id from request URI
     if(empty($id) && $conf['userewrite'] == 2){