summaryrefslogtreecommitdiff
path: root/lib/exe/mediamanager.php
diff options
context:
space:
mode:
authorTom N Harris <tnharris@whoopdedo.org>2012-06-28 22:15:56 -0400
committerTom N Harris <tnharris@whoopdedo.org>2012-06-28 22:15:56 -0400
commit8108113c244529ec54f11271a6a15e3d1e0a048f (patch)
tree8f819bb5745fa11a6d5ba0cfe6a7d049f16a7c2f /lib/exe/mediamanager.php
parentbfd0f5975e6e3578b4fa0c712e9779a0861fdc72 (diff)
downloadrpg-8108113c244529ec54f11271a6a15e3d1e0a048f.tar.gz
rpg-8108113c244529ec54f11271a6a15e3d1e0a048f.tar.bz2
Input validation for media manager
Diffstat (limited to 'lib/exe/mediamanager.php')
-rw-r--r--lib/exe/mediamanager.php35
1 files changed, 17 insertions, 18 deletions
diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php
index 5f09fe1f8..83166a2f4 100644
--- a/lib/exe/mediamanager.php
+++ b/lib/exe/mediamanager.php
@@ -11,24 +11,23 @@
session_write_close(); //close session
// handle passed message
- if($_REQUEST['msg1']) msg(hsc($_REQUEST['msg1']),1);
- if($_REQUEST['err']) msg(hsc($_REQUEST['err']),-1);
+ if($INPUT->str('msg1')) msg(hsc($INPUT->str('msg1')),1);
+ if($INPUT->str('err')) msg(hsc($INPUT->str('err')),-1);
// get namespace to display (either direct or from deletion order)
- if($_REQUEST['delete']){
- $DEL = cleanID($_REQUEST['delete']);
+ if($INPUT->str('delete')){
+ $DEL = cleanID($INPUT->str('delete'));
$IMG = $DEL;
$NS = getNS($DEL);
- }elseif($_REQUEST['edit']){
- $IMG = cleanID($_REQUEST['edit']);
+ }elseif($INPUT->str('edit')){
+ $IMG = cleanID($INPUT->str('edit'));
$NS = getNS($IMG);
- }elseif($_REQUEST['img']){
- $IMG = cleanID($_REQUEST['img']);
+ }elseif($INPUT->str('img')){
+ $IMG = cleanID($INPUT->str('img'));
$NS = getNS($IMG);
}else{
- $NS = $_REQUEST['ns'];
- $NS = cleanID($NS);
+ $NS = cleanID($INPUT->str('ns'));
}
// check auth
@@ -76,18 +75,18 @@
}
// handle meta saving
- if($IMG && @array_key_exists('save', $_REQUEST['do'])){
- $JUMPTO = media_metasave($IMG,$AUTH,$_REQUEST['meta']);
+ if($IMG && @array_key_exists('save', $INPUT->arr('do'))){
+ $JUMPTO = media_metasave($IMG,$AUTH,$INPUT->arr('meta'));
}
- if($IMG && ($_REQUEST['mediado'] == 'save' || @array_key_exists('save', $_REQUEST['mediado']))) {
- $JUMPTO = media_metasave($IMG,$AUTH,$_REQUEST['meta']);
+ if($IMG && ($INPUT->str('mediado') == 'save' || @array_key_exists('save', $INPUT->arr('mediado')))) {
+ $JUMPTO = media_metasave($IMG,$AUTH,$INPUT->arr('meta'));
}
- if ($_REQUEST['rev'] && $conf['mediarevisions']) $REV = (int) $_REQUEST['rev'];
+ if ($INPUT->int('rev') && $conf['mediarevisions']) $REV = $INPUT->int('rev');
- if($_REQUEST['mediado'] == 'restore' && $conf['mediarevisions']){
- $JUMPTO = media_restore($_REQUEST['image'], $REV, $AUTH);
+ if($INPUT->str('mediado') == 'restore' && $conf['mediarevisions']){
+ $JUMPTO = media_restore($INPUT->str('image'), $REV, $AUTH);
}
// handle deletion
@@ -101,7 +100,7 @@
if ($res & DOKU_MEDIA_EMPTY_NS && !$fullscreen) {
// current namespace was removed. redirecting to root ns passing msg along
send_redirect(DOKU_URL.'lib/exe/mediamanager.php?msg1='.
- rawurlencode($msg).'&edid='.$_REQUEST['edid']);
+ rawurlencode($msg).'&edid='.$INPUT->str('edid'));
}
msg($msg,1);
} elseif ($res & DOKU_MEDIA_INUSE) {