diff options
| author | Hakan Sandell <sandell.hakan@gmail.com> | 2012-09-08 15:06:21 +0200 |
|---|---|---|
| committer | Hakan Sandell <sandell.hakan@gmail.com> | 2012-09-08 15:06:21 +0200 |
| commit | fbfbbe8a285a488c3feab53f47a9216fdd999a42 (patch) | |
| tree | dd51e5debd1b3aaeb1053d1c55b14e7794d815d1 /lib | |
| parent | f21e024ada9202d47fcdc85730a44af5ea259d1c (diff) | |
| download | rpg-fbfbbe8a285a488c3feab53f47a9216fdd999a42.tar.gz rpg-fbfbbe8a285a488c3feab53f47a9216fdd999a42.tar.bz2 | |
Replacing $_REQUEST variables with $INPUT wrapper, usermanager plugin
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/plugins/usermanager/admin.php | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php index 2bb0a863d..30b65debb 100644 --- a/lib/plugins/usermanager/admin.php +++ b/lib/plugins/usermanager/admin.php @@ -553,12 +553,13 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { */ function _retrieveUser($clean=true) { global $auth; + global $INPUT; - $user[0] = ($clean) ? $auth->cleanUser($_REQUEST['userid']) : $_REQUEST['userid']; - $user[1] = $_REQUEST['userpass']; - $user[2] = $_REQUEST['username']; - $user[3] = $_REQUEST['usermail']; - $user[4] = explode(',',$_REQUEST['usergroups']); + $user[0] = ($clean) ? $auth->cleanUser($INPUT->str('userid')) : $INPUT->str('userid'); + $user[1] = $INPUT->str('userpass'); + $user[2] = $INPUT->str('username'); + $user[3] = $INPUT->str('usermail'); + $user[4] = explode(',',$INPUT->str('usergroups')); $user[4] = array_map('trim',$user[4]); if($clean) $user[4] = array_map(array($auth,'cleanGroup'),$user[4]); @@ -584,9 +585,9 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { } function _retrieveFilter() { + global $INPUT; - $t_filter = $_REQUEST['filter']; - if (!is_array($t_filter)) return array(); + $t_filter = $INPUT->arr('filter'); // messy, but this way we ensure we aren't getting any additional crap from malicious users $filter = array(); |