Input wrapper for html forms

3 files changed, 33 insertions, 24 deletions

diff --git a/inc/form.php b/inc/form.php
index e74c52c5d..bdf520a2e 100644
--- a/inc/form.php
+++ b/inc/form.php
@@ -295,8 +295,9 @@ class Doku_Form {
      */
 
     function addRadioSet($name, $entries) {
-        $value = (isset($_POST[$name]) && isset($entries[$_POST[$name]])) ?
-                 $_POST[$name] : key($entries);
+        global $INPUT;
+        $value = (array_key_exists($INPUT->post->str($name), $entries)) ?
+                 $INPUT->str($name) : key($entries);
         foreach($entries as $val => $cap) {
             $data = ($value === $val) ? array('checked' => 'checked') : array();
             $this->addElement(form_makeRadioField($name, $val, $cap, '', '', $data));
diff --git a/inc/html.php b/inc/html.php
index be5666353..08b051f40 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -46,6 +46,7 @@ function html_login(){
     global $lang;
     global $conf;
     global $ID;
+    global $INPUT;
 
     print p_locale_xhtml('login');
     print '<div class="centeralign">'.NL;
@@ -53,7 +54,7 @@ function html_login(){
     $form->startFieldset($lang['btn_login']);
     $form->addHidden('id', $ID);
     $form->addHidden('do', 'login');
-    $form->addElement(form_makeTextField('u', ((!$_REQUEST['http_credentials']) ? $_REQUEST['u'] : ''), $lang['user'], 'focus__this', 'block'));
+    $form->addElement(form_makeTextField('u', ((!$INPUT->bool('http_credentials')) ? $INPUT->str('u') : ''), $lang['user'], 'focus__this', 'block'));
     $form->addElement(form_makePasswordField('p', $lang['pass'], '', 'block'));
     if($conf['rememberme']) {
         $form->addElement(form_makeCheckboxField('r', '1', $lang['remember'], 'remember__me', 'simple'));
@@ -1070,8 +1071,9 @@ function html_diff($text='',$intro=true,$type=null){
     global $REV;
     global $lang;
     global $conf;
+    global $INPUT;
 
-    if(!$type) $type = $_REQUEST['difftype'];
+    if(!$type) $type = $INPUT->str('difftype');
     if($type != 'inline') $type = 'sidebyside';
 
     // we're trying to be clever here, revisions to compare can be either
@@ -1079,16 +1081,16 @@ function html_diff($text='',$intro=true,$type=null){
     // array in rev2.
     $rev1 = $REV;
 
-    if(is_array($_REQUEST['rev2'])){
-        $rev1 = (int) $_REQUEST['rev2'][0];
-        $rev2 = (int) $_REQUEST['rev2'][1];
+    if(is_array($INPUT->ref('rev2'))){
+        $rev1 = (int) $INPUT->int('rev2')[0];
+        $rev2 = (int) $INPUT->int('rev2')[1];
 
         if(!$rev1){
             $rev1 = $rev2;
             unset($rev2);
         }
     }else{
-        $rev2 = (int) $_REQUEST['rev2'];
+        $rev2 = $INPUT->int('rev2');
     }
 
     $r_minor = '';
@@ -1246,6 +1248,7 @@ function html_register(){
     global $lang;
     global $conf;
     global $ID;
+    global $INPUT;
 
     print p_locale_xhtml('register');
     print '<div class="centeralign">'.NL;
@@ -1253,13 +1256,13 @@ function html_register(){
     $form->startFieldset($lang['btn_register']);
     $form->addHidden('do', 'register');
     $form->addHidden('save', '1');
-    $form->addElement(form_makeTextField('login', $_POST['login'], $lang['user'], '', 'block', array('size'=>'50')));
+    $form->addElement(form_makeTextField('login', $INPUT->post->str('login'), $lang['user'], '', 'block', array('size'=>'50')));
     if (!$conf['autopasswd']) {
         $form->addElement(form_makePasswordField('pass', $lang['pass'], '', 'block', array('size'=>'50')));
         $form->addElement(form_makePasswordField('passchk', $lang['passchk'], '', 'block', array('size'=>'50')));
     }
-    $form->addElement(form_makeTextField('fullname', $_POST['fullname'], $lang['fullname'], '', 'block', array('size'=>'50')));
-    $form->addElement(form_makeTextField('email', $_POST['email'], $lang['email'], '', 'block', array('size'=>'50')));
+    $form->addElement(form_makeTextField('fullname', $INPUT->post->str('fullname'), $lang['fullname'], '', 'block', array('size'=>'50')));
+    $form->addElement(form_makeTextField('email', $INPUT->post->str('email'), $lang['email'], '', 'block', array('size'=>'50')));
     $form->addElement(form_makeButton('submit', '', $lang['btn_register']));
     $form->endFieldset();
     html_form('register', $form);
@@ -1276,26 +1279,27 @@ function html_register(){
 function html_updateprofile(){
     global $lang;
     global $conf;
+    global $INPUT;
     global $ID;
     global $INFO;
     global $auth;
 
     print p_locale_xhtml('updateprofile');
 
-    if (empty($_POST['fullname'])) $_POST['fullname'] = $INFO['userinfo']['name'];
-    if (empty($_POST['email'])) $_POST['email'] = $INFO['userinfo']['mail'];
+    $fullname = $INPUT->post->str('fullname', $INFO['userinfo']['name'], true);
+    $email = $INPUT->post->str('email', $INFO['userinfo']['mail'], true);
     print '<div class="centeralign">'.NL;
     $form = new Doku_Form(array('id' => 'dw__register'));
     $form->startFieldset($lang['profile']);
     $form->addHidden('do', 'profile');
     $form->addHidden('save', '1');
-    $form->addElement(form_makeTextField('fullname', $_SERVER['REMOTE_USER'], $lang['user'], '', 'block', array('size'=>'50', 'disabled'=>'disabled')));
+    $form->addElement(form_makeTextField('login', $_SERVER['REMOTE_USER'], $lang['user'], '', 'block', array('size'=>'50', 'disabled'=>'disabled')));
     $attr = array('size'=>'50');
     if (!$auth->canDo('modName')) $attr['disabled'] = 'disabled';
-    $form->addElement(form_makeTextField('fullname', $_POST['fullname'], $lang['fullname'], '', 'block', $attr));
+    $form->addElement(form_makeTextField('fullname', $fullname, $lang['fullname'], '', 'block', $attr));
     $attr = array('size'=>'50');
     if (!$auth->canDo('modMail')) $attr['disabled'] = 'disabled';
-    $form->addElement(form_makeTextField('email', $_POST['email'], $lang['email'], '', 'block', $attr));
+    $form->addElement(form_makeTextField('email', $email, $lang['email'], '', 'block', $attr));
     $form->addElement(form_makeTag('br'));
     if ($auth->canDo('modPass')) {
         $form->addElement(form_makePasswordField('newpass', $lang['newpass'], '', 'block', array('size'=>'50')));
@@ -1320,6 +1324,7 @@ function html_updateprofile(){
  * @triggers HTML_EDITFORM_OUTPUT
  */
 function html_edit(){
+    global $INPUT;
     global $ID;
     global $REV;
     global $DATE;
@@ -1332,8 +1337,8 @@ function html_edit(){
     global $TEXT;
     global $RANGE;
 
-    if (isset($_REQUEST['changecheck'])) {
-        $check = $_REQUEST['changecheck'];
+    if ($INPUT->has('changecheck')) {
+        $check = $INPUT->str('changecheck');
     } elseif(!$INFO['exists']){
         // $TEXT has been loaded from page template
         $check = md5('');
@@ -1368,8 +1373,8 @@ function html_edit(){
     $data = array('form' => $form,
                   'wr'   => $wr,
                   'media_manager' => true,
-                  'target' => (isset($_REQUEST['target']) && $wr &&
-                               $RANGE !== '') ? $_REQUEST['target'] : 'section',
+                  'target' => ($INPUT->has('target') && $wr &&
+                               $RANGE !== '') ? $INPUT->str('target') : 'section',
                   'intro_locale' => $include);
 
     if ($data['target'] !== 'section') {
@@ -1456,6 +1461,7 @@ function html_edit_form($param) {
 function html_minoredit(){
     global $conf;
     global $lang;
+    global $INPUT;
     // minor edits are for logged in users only
     if(!$conf['useacl'] || !$_SERVER['REMOTE_USER']){
         return false;
@@ -1463,7 +1469,7 @@ function html_minoredit(){
 
     $p = array();
     $p['tabindex'] = 3;
-    if(!empty($_REQUEST['minor'])) $p['checked']='checked';
+    if($INPUT->bool('minor')) $p['checked']='checked';
     return form_makeCheckboxField('minor', '1', $lang['minoredit'], 'minoredit', 'nowrap', $p);
 }
 
@@ -1669,8 +1675,9 @@ function html_resendpwd() {
     global $lang;
     global $conf;
     global $ID;
+    global $INPUT;
 
-    $token = preg_replace('/[^a-f0-9]+/','',$_REQUEST['pwauth']);
+    $token = preg_replace('/[^a-f0-9]+/','',$INPUT->str('pwauth'));
 
     if(!$conf['autopasswd'] && $token){
         print p_locale_xhtml('resetpwd');
@@ -1695,7 +1702,7 @@ function html_resendpwd() {
         $form->addHidden('do', 'resendpwd');
         $form->addHidden('save', '1');
         $form->addElement(form_makeTag('br'));
-        $form->addElement(form_makeTextField('login', $_POST['login'], $lang['user'], '', 'block'));
+        $form->addElement(form_makeTextField('login', $INPUT->post->str('login'), $lang['user'], '', 'block'));
         $form->addElement(form_makeTag('br'));
         $form->addElement(form_makeTag('br'));
         $form->addElement(form_makeButton('submit', '', $lang['btn_resendpwd']));
diff --git a/inc/parser/code.php b/inc/parser/code.php
index 4d94dcf4e..ff44a4e1e 100644
--- a/inc/parser/code.php
+++ b/inc/parser/code.php
@@ -16,11 +16,12 @@ class Doku_Renderer_code extends Doku_Renderer {
      * When the correct block was found it exits the script.
      */
     function code($text, $language = NULL, $filename='' ) {
+        global $INPUT;
         if(!$language) $language = 'txt';
         if(!$filename) $filename = 'snippet.'.$language;
         $filename = basename($filename);
 
-        if($this->_codeblock == $_REQUEST['codeblock']){
+        if($this->_codeblock == $INPUT->str('codeblock')){
             header("Content-Type: text/plain; charset=utf-8");
             header("Content-Disposition: attachment; filename=$filename");
             header("X-Robots-Tag: noindex");