diff options
| -rw-r--r-- | _test/core/DokuWikiTest.php | 3 | ||||
| -rw-r--r-- | inc/Input.class.php | 18 | ||||
| -rw-r--r-- | inc/JpegMeta.php | 3 | ||||
| -rw-r--r-- | inc/Mailer.class.php | 15 | ||||
| -rw-r--r-- | inc/actions.php | 29 | ||||
| -rw-r--r-- | inc/auth.php | 54 | ||||
| -rw-r--r-- | inc/changelog.php | 8 | ||||
| -rw-r--r-- | inc/common.php | 110 | ||||
| -rw-r--r-- | inc/html.php | 10 | ||||
| -rw-r--r-- | inc/indexer.php | 21 | ||||
| -rw-r--r-- | inc/infoutils.php | 9 | ||||
| -rw-r--r-- | inc/init.php | 14 | ||||
| -rw-r--r-- | inc/mail.php | 9 | ||||
| -rw-r--r-- | inc/media.php | 8 | ||||
| -rw-r--r-- | inc/pageutils.php | 21 | ||||
| -rw-r--r-- | inc/parser/metadata.php | 2 | ||||
| -rw-r--r-- | inc/parser/renderer.php | 6 | ||||
| -rw-r--r-- | inc/parser/xhtml.php | 2 | ||||
| -rw-r--r-- | inc/remote.php | 5 | ||||
| -rw-r--r-- | inc/search.php | 29 | ||||
| -rw-r--r-- | inc/subscription.php | 18 | ||||
| -rw-r--r-- | inc/template.php | 47 | ||||
| -rw-r--r-- | inc/toolbar.php | 4 | ||||
| -rw-r--r-- | lib/exe/mediamanager.php | 4 | ||||
| -rw-r--r-- | lib/plugins/acl/admin.php | 12 | ||||
| -rw-r--r-- | lib/plugins/info/syntax.php | 4 | ||||
| -rw-r--r-- | lib/plugins/syntax.php | 8 | ||||
| -rw-r--r-- | lib/plugins/usermanager/admin.php | 2 |
28 files changed, 313 insertions, 162 deletions
diff --git a/_test/core/DokuWikiTest.php b/_test/core/DokuWikiTest.php index 91eb5293b..f4521256a 100644 --- a/_test/core/DokuWikiTest.php +++ b/_test/core/DokuWikiTest.php @@ -115,5 +115,8 @@ abstract class DokuWikiTest extends PHPUnit_Framework_TestCase { // reload language $local = $conf['lang']; trigger_event('INIT_LANG_LOAD', $local, 'init_lang', true); + + global $INPUT; + $INPUT = new Input(); } } diff --git a/inc/Input.class.php b/inc/Input.class.php index 7434d2b2c..de8bf5b97 100644 --- a/inc/Input.class.php +++ b/inc/Input.class.php @@ -15,6 +15,8 @@ class Input { public $post; /** @var GetInput Access $_GET parameters */ public $get; + /** @var ServerInput Access $_SERVER parameters */ + public $server; protected $access; @@ -25,6 +27,7 @@ class Input { $this->access = &$_REQUEST; $this->post = new PostInput(); $this->get = new GetInput(); + $this->server = new ServerInput(); } /** @@ -260,3 +263,18 @@ class GetInput extends Input { $_REQUEST[$name] = $value; } } + +/** + * Internal class used for $_SERVER access in Input class + */ +class ServerInput extends Input { + protected $access; + + /** + * Initialize the $access array, remove subclass members + */ + function __construct() { + $this->access = &$_SERVER; + } + +} diff --git a/inc/JpegMeta.php b/inc/JpegMeta.php index cb1772736..a35ec3ed0 100644 --- a/inc/JpegMeta.php +++ b/inc/JpegMeta.php @@ -2929,7 +2929,8 @@ class JpegMeta { $length = strlen($data) - $pos; } - return substr($data, $pos, $length); + $rv = substr($data, $pos, $length); + return $rv; } /*************************************************************/ diff --git a/inc/Mailer.class.php b/inc/Mailer.class.php index e32178bba..e90b45f99 100644 --- a/inc/Mailer.class.php +++ b/inc/Mailer.class.php @@ -39,6 +39,8 @@ class Mailer { */ public function __construct() { global $conf; + /* @var Input $INPUT */ + global $INPUT; $server = parse_url(DOKU_URL, PHP_URL_HOST); if(strpos($server,'.') === false) $server = $server.'.localhost'; @@ -53,7 +55,7 @@ class Mailer { // add some default headers for mailfiltering FS#2247 $this->setHeader('X-Mailer', 'DokuWiki'); - $this->setHeader('X-DokuWiki-User', $_SERVER['REMOTE_USER']); + $this->setHeader('X-DokuWiki-User', $INPUT->server->str('REMOTE_USER')); $this->setHeader('X-DokuWiki-Title', $conf['title']); $this->setHeader('X-DokuWiki-Server', $server); $this->setHeader('X-Auto-Response-Suppress', 'OOF'); @@ -181,6 +183,9 @@ class Mailer { public function setBody($text, $textrep = null, $htmlrep = null, $html = null, $wrap = true) { global $INFO; global $conf; + /* @var Input $INPUT */ + global $INPUT; + $htmlrep = (array)$htmlrep; $textrep = (array)$textrep; @@ -218,24 +223,24 @@ class Mailer { $cip = gethostsbyaddrs($ip); $trep = array( 'DATE' => dformat(), - 'BROWSER' => $_SERVER['HTTP_USER_AGENT'], + 'BROWSER' => $INPUT->server->str('HTTP_USER_AGENT'), 'IPADDRESS' => $ip, 'HOSTNAME' => $cip, 'TITLE' => $conf['title'], 'DOKUWIKIURL' => DOKU_URL, - 'USER' => $_SERVER['REMOTE_USER'], + 'USER' => $INPUT->server->str('REMOTE_USER'), 'NAME' => $INFO['userinfo']['name'], 'MAIL' => $INFO['userinfo']['mail'], ); $trep = array_merge($trep, (array)$textrep); $hrep = array( 'DATE' => '<i>'.hsc(dformat()).'</i>', - 'BROWSER' => hsc($_SERVER['HTTP_USER_AGENT']), + 'BROWSER' => hsc($INPUT->server->str('HTTP_USER_AGENT')), 'IPADDRESS' => '<code>'.hsc($ip).'</code>', 'HOSTNAME' => '<code>'.hsc($cip).'</code>', 'TITLE' => hsc($conf['title']), 'DOKUWIKIURL' => '<a href="'.DOKU_URL.'">'.DOKU_URL.'</a>', - 'USER' => hsc($_SERVER['REMOTE_USER']), + 'USER' => hsc($INPUT->server->str('REMOTE_USER')), 'NAME' => hsc($INFO['userinfo']['name']), 'MAIL' => '<a href="mailto:"'.hsc($INFO['userinfo']['mail']).'">'. hsc($INFO['userinfo']['mail']).'</a>', diff --git a/inc/actions.php b/inc/actions.php index 4dbad1a32..ef09a0dc7 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -20,6 +20,7 @@ function act_dispatch(){ global $ID; global $INFO; global $QUERY; + /* @var Input $INPUT */ global $INPUT; global $lang; global $conf; @@ -94,7 +95,7 @@ function act_dispatch(){ // user profile changes if (in_array($ACT, array('profile','profile_delete'))) { - if(!$_SERVER['REMOTE_USER']) { + if(!$INPUT->server->str('REMOTE_USER')) { $ACT = 'login'; } else { switch ($ACT) { @@ -190,7 +191,7 @@ function act_dispatch(){ unset($evt); // when action 'show', the intial not 'show' and POST, do a redirect - if($ACT == 'show' && $preact != 'show' && strtolower($_SERVER['REQUEST_METHOD']) == 'post'){ + if($ACT == 'show' && $preact != 'show' && strtolower($INPUT->server->str('REQUEST_METHOD')) == 'post'){ act_redirect($ID,$preact); } @@ -414,6 +415,8 @@ function act_revert($act){ global $ID; global $REV; global $lang; + /* @var Input $INPUT */ + global $INPUT; // FIXME $INFO['writable'] currently refers to the attic version // global $INFO; // if (!$INFO['writable']) { @@ -445,7 +448,7 @@ function act_revert($act){ session_write_close(); // when done, show current page - $_SERVER['REQUEST_METHOD'] = 'post'; //should force a redirect + $INPUT->server->set('REQUEST_METHOD','post'); //should force a redirect $REV = ''; return 'show'; } @@ -493,17 +496,20 @@ function act_redirect_execute($opts){ function act_auth($act){ global $ID; global $INFO; + /* @var Input $INPUT */ + global $INPUT; //already logged in? - if(isset($_SERVER['REMOTE_USER']) && $act=='login'){ + if($INPUT->server->has('REMOTE_USER') && $act=='login'){ return 'show'; } //handle logout if($act=='logout'){ $lockedby = checklock($ID); //page still locked? - if($lockedby == $_SERVER['REMOTE_USER']) + if($lockedby == $INPUT->server->str('REMOTE_USER')){ unlock($ID); //try to unlock + } // do the logout stuff auth_logoff(); @@ -719,10 +725,11 @@ function act_subscription($act){ global $lang; global $INFO; global $ID; + /* @var Input $INPUT */ global $INPUT; // subcriptions work for logged in users only - if(!$_SERVER['REMOTE_USER']) return 'show'; + if(!$INPUT->server->str('REMOTE_USER')) return 'show'; // get and preprocess data. $params = array(); @@ -733,7 +740,7 @@ function act_subscription($act){ } // any action given? if not just return and show the subscription page - if(!$params['action'] || !checkSecurityToken()) return $act; + if(empty($params['action']) || !checkSecurityToken()) return $act; // Handle POST data, may throw exception. trigger_event('ACTION_HANDLE_SUBSCRIBE', $params, 'subscription_handle_post'); @@ -745,9 +752,9 @@ function act_subscription($act){ // Perform action. $sub = new Subscription(); if($action == 'unsubscribe'){ - $ok = $sub->remove($target, $_SERVER['REMOTE_USER'], $style); + $ok = $sub->remove($target, $INPUT->server->str('REMOTE_USER'), $style); }else{ - $ok = $sub->add($target, $_SERVER['REMOTE_USER'], $style); + $ok = $sub->add($target, $INPUT->server->str('REMOTE_USER'), $style); } if($ok) { @@ -776,6 +783,8 @@ function act_subscription($act){ function subscription_handle_post(&$params) { global $INFO; global $lang; + /* @var Input $INPUT */ + global $INPUT; // Get and validate parameters. if (!isset($params['target'])) { @@ -806,7 +815,7 @@ function subscription_handle_post(&$params) { } if ($is === false) { throw new Exception(sprintf($lang['subscr_not_subscribed'], - $_SERVER['REMOTE_USER'], + $INPUT->server->str('REMOTE_USER'), prettyprint_id($target))); } // subscription_set deletes a subscription if style = null. diff --git a/inc/auth.php b/inc/auth.php index 6c4636b2f..2bdc3eb00 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -131,6 +131,8 @@ function auth_setup() { function auth_loadACL() { global $config_cascade; global $USERINFO; + /* @var Input $INPUT */ + global $INPUT; if(!is_readable($config_cascade['acl']['default'])) return array(); @@ -145,10 +147,10 @@ function auth_loadACL() { // substitute user wildcard first (its 1:1) if(strstr($line, '%USER%')){ // if user is not logged in, this ACL line is meaningless - skip it - if (!isset($_SERVER['REMOTE_USER'])) continue; + if (!$INPUT->server->has('REMOTE_USER')) continue; - $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id); - $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest); + $id = str_replace('%USER%',cleanID($INPUT->server->str('REMOTE_USER')),$id); + $rest = str_replace('%USER%',auth_nameencode($INPUT->server->str('REMOTE_USER')),$rest); } // substitute group wildcard (its 1:m) @@ -217,6 +219,8 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { global $lang; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; + /* @var Input $INPUT */ + global $INPUT; $sticky ? $sticky = true : $sticky = false; //sanity check @@ -226,7 +230,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { //usual login if($auth->checkPass($user, $pass)) { // make logininfo globally available - $_SERVER['REMOTE_USER'] = $user; + $INPUT->server->set('REMOTE_USER', $user); $secret = auth_cookiesalt(!$sticky, true); //bind non-sticky to session auth_setCookie($user, auth_encrypt($pass, $secret), $sticky); return true; @@ -253,7 +257,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { ) { // he has session, cookie and browser right - let him in - $_SERVER['REMOTE_USER'] = $user; + $INPUT->server->set('REMOTE_USER', $user); $USERINFO = $session['info']; //FIXME move all references to session return true; } @@ -288,7 +292,10 @@ function auth_validateToken($token) { } // still here? trust the session data global $USERINFO; - $_SERVER['REMOTE_USER'] = $_SESSION[DOKU_COOKIE]['auth']['user']; + /* @var Input $INPUT */ + global $INPUT; + + $INPUT->server->set('REMOTE_USER',$_SESSION[DOKU_COOKIE]['auth']['user']); $USERINFO = $_SESSION[DOKU_COOKIE]['auth']['info']; return true; } @@ -321,11 +328,14 @@ function auth_createToken() { * @return string a MD5 sum of various browser headers */ function auth_browseruid() { + /* @var Input $INPUT */ + global $INPUT; + $ip = clientIP(true); $uid = ''; - $uid .= $_SERVER['HTTP_USER_AGENT']; - $uid .= $_SERVER['HTTP_ACCEPT_ENCODING']; - $uid .= $_SERVER['HTTP_ACCEPT_CHARSET']; + $uid .= $INPUT->server->str('HTTP_USER_AGENT'); + $uid .= $INPUT->server->str('HTTP_ACCEPT_ENCODING'); + $uid .= $INPUT->server->str('HTTP_ACCEPT_CHARSET'); $uid .= substr($ip, 0, strpos($ip, '.')); $uid = strtolower($uid); return md5($uid); @@ -511,6 +521,8 @@ function auth_logoff($keepbc = false) { global $USERINFO; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; + /* @var Input $INPUT */ + global $INPUT; // make sure the session is writable (it usually is) @session_start(); @@ -523,8 +535,7 @@ function auth_logoff($keepbc = false) { unset($_SESSION[DOKU_COOKIE]['auth']['info']); if(!$keepbc && isset($_SESSION[DOKU_COOKIE]['bc'])) unset($_SESSION[DOKU_COOKIE]['bc']); - if(isset($_SERVER['REMOTE_USER'])) - unset($_SERVER['REMOTE_USER']); + $INPUT->server->remove('REMOTE_USER'); $USERINFO = null; //FIXME $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir']; @@ -553,13 +564,16 @@ function auth_ismanager($user = null, $groups = null, $adminonly = false) { global $USERINFO; /* @var DokuWiki_Auth_Plugin $auth */ global $auth; + /* @var Input $INPUT */ + global $INPUT; + if(!$auth) return false; if(is_null($user)) { - if(!isset($_SERVER['REMOTE_USER'])) { + if(!$INPUT->server->has('REMOTE_USER')) { return false; } else { - $user = $_SERVER['REMOTE_USER']; + $user = $INPUT->server->str('REMOTE_USER'); } } if(is_null($groups)) { @@ -651,9 +665,11 @@ function auth_isMember($memberlist, $user, array $groups) { function auth_quickaclcheck($id) { global $conf; global $USERINFO; + /* @var Input $INPUT */ + global $INPUT; # if no ACL is used always return upload rights if(!$conf['useacl']) return AUTH_UPLOAD; - return auth_aclcheck($id, $_SERVER['REMOTE_USER'], $USERINFO['grps']); + return auth_aclcheck($id, $INPUT->server->str('REMOTE_USER'), $USERINFO['grps']); } /** @@ -1058,18 +1074,18 @@ function updateprofile() { } if($conf['profileconfirm']) { - if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) { + if(!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) { msg($lang['badpassconfirm'], -1); return false; } } - if($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) { + if($result = $auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), $changes))) { // update cookie and session with the changed data if($changes['pass']) { list( /*user*/, $sticky, /*pass*/) = auth_getCookie(); $pass = auth_encrypt($changes['pass'], auth_cookiesalt(!$sticky, true)); - auth_setCookie($_SERVER['REMOTE_USER'], $pass, (bool) $sticky); + auth_setCookie($INPUT->server->str('REMOTE_USER'), $pass, (bool) $sticky); } return true; } @@ -1105,13 +1121,13 @@ function auth_deleteprofile(){ } if($conf['profileconfirm']) { - if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) { + if(!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) { msg($lang['badpassconfirm'], -1); return false; } } - $deleted[] = $_SERVER['REMOTE_USER']; + $deleted[] = $INPUT->server->str('REMOTE_USER'); if($auth->triggerUserMod('delete', array($deleted))) { // force and immediate logout including removing the sticky cookie auth_logoff(); diff --git a/inc/changelog.php b/inc/changelog.php index 6ff1e0eca..cd46b1ec0 100644 --- a/inc/changelog.php +++ b/inc/changelog.php @@ -52,6 +52,8 @@ function parseChangelogLine($line) { */ function addLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extra='', $flags=null){ global $conf, $INFO; + /** @var Input $INPUT */ + global $INPUT; // check for special flags as keys if (!is_array($flags)) { $flags = array(); } @@ -65,7 +67,7 @@ function addLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extr if(!$date) $date = time(); //use current time if none supplied $remote = (!$flagExternalEdit)?clientIP(true):'127.0.0.1'; - $user = (!$flagExternalEdit)?$_SERVER['REMOTE_USER']:''; + $user = (!$flagExternalEdit)?$INPUT->server->str('REMOTE_USER'):''; $strip = array("\t", "\n"); $logline = array( @@ -117,12 +119,14 @@ function addLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extr */ function addMediaLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extra='', $flags=null){ global $conf; + /** @var Input $INPUT */ + global $INPUT; $id = cleanid($id); if(!$date) $date = time(); //use current time if none supplied $remote = clientIP(true); - $user = $_SERVER['REMOTE_USER']; + $user = $INPUT->server->str('REMOTE_USER'); $strip = array("\t", "\n"); $logline = array( diff --git a/inc/common.php b/inc/common.php index 9a53ee526..9fbebde94 100644 --- a/inc/common.php +++ b/inc/common.php @@ -56,15 +56,18 @@ function stripctl($string) { * @return string */ function getSecurityToken() { - return PassHash::hmac('md5', session_id().$_SERVER['REMOTE_USER'], auth_cookiesalt()); + /** @var Input $INPUT */ + global $INPUT; + return PassHash::hmac('md5', session_id().$INPUT->server->str('REMOTE_USER'), auth_cookiesalt()); } /** * Check the secret CSRF token */ function checkSecurityToken($token = null) { + /** @var Input $INPUT */ global $INPUT; - if(empty($_SERVER['REMOTE_USER'])) return true; // no logged in user, no need for a check + if(!$INPUT->server->str('REMOTE_USER')) return true; // no logged in user, no need for a check if(is_null($token)) $token = $INPUT->str('sectok'); if(getSecurityToken() != $token) { @@ -93,14 +96,16 @@ function formSecurityToken($print = true) { */ function basicinfo($id, $htmlClient=true){ global $USERINFO; + /* @var Input $INPUT */ + global $INPUT; // set info about manager/admin status. $info['isadmin'] = false; $info['ismanager'] = false; - if(isset($_SERVER['REMOTE_USER'])) { + if($INPUT->server->has('REMOTE_USER')) { $info['userinfo'] = $USERINFO; $info['perm'] = auth_quickaclcheck($id); - $info['client'] = $_SERVER['REMOTE_USER']; + $info['client'] = $INPUT->server->str('REMOTE_USER'); if($info['perm'] == AUTH_ADMIN) { $info['isadmin'] = true; @@ -111,7 +116,7 @@ function basicinfo($id, $htmlClient=true){ // if some outside auth were used only REMOTE_USER is set if(!$info['userinfo']['name']) { - $info['userinfo']['name'] = $_SERVER['REMOTE_USER']; + $info['userinfo']['name'] = $INPUT->server->str('REMOTE_USER'); } } else { @@ -140,6 +145,8 @@ function pageinfo() { global $REV; global $RANGE; global $lang; + /* @var Input $INPUT */ + global $INPUT; $info = basicinfo($ID); @@ -148,7 +155,7 @@ function pageinfo() { $info['id'] = $ID; $info['rev'] = $REV; - if(isset($_SERVER['REMOTE_USER'])) { + if($INPUT->server->has('REMOTE_USER')) { $sub = new Subscription(); $info['subscribed'] = $sub->user_subscription(); } else { @@ -191,7 +198,7 @@ function pageinfo() { if($REV) { $revinfo = getRevisionInfo($ID, $REV, 1024); } else { - if(is_array($info['meta']['last_change'])) { + if(!empty($info['meta']['last_change']) && is_array($info['meta']['last_change'])) { $revinfo = $info['meta']['last_change']; } else { $revinfo = getRevisionInfo($ID, $info['lastmod'], 1024); @@ -356,11 +363,14 @@ function breadcrumbs() { */ function idfilter($id, $ue = true) { global $conf; + /* @var Input $INPUT */ + global $INPUT; + if($conf['useslash'] && $conf['userewrite']) { $id = strtr($id, ':', '/'); } elseif(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' && $conf['userewrite'] && - strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') === false + strpos($INPUT->server->str('SERVER_SOFTWARE'), 'Microsoft-IIS') === false ) { $id = strtr($id, ':', ';'); } @@ -588,6 +598,8 @@ function checkwordblock($text = '') { global $SUM; global $conf; global $INFO; + /* @var Input $INPUT */ + global $INPUT; if(!$conf['usewordblock']) return false; @@ -620,9 +632,9 @@ function checkwordblock($text = '') { if(count($re) && preg_match('#('.join('|', $re).')#si', $text, $matches)) { // prepare event data $data['matches'] = $matches; - $data['userinfo']['ip'] = $_SERVER['REMOTE_ADDR']; - if($_SERVER['REMOTE_USER']) { - $data['userinfo']['user'] = $_SERVER['REMOTE_USER']; + $data['userinfo']['ip'] = $INPUT->server->str('REMOTE_ADDR'); + if($INPUT->server->str('REMOTE_USER')) { + $data['userinfo']['user'] = $INPUT->server->str('REMOTE_USER'); $data['userinfo']['name'] = $INFO['userinfo']['name']; $data['userinfo']['mail'] = $INFO['userinfo']['mail']; } @@ -648,12 +660,17 @@ function checkwordblock($text = '') { * @return string */ function clientIP($single = false) { + /* @var Input $INPUT */ + global $INPUT; + $ip = array(); - $ip[] = $_SERVER['REMOTE_ADDR']; - if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) - $ip = array_merge($ip, explode(',', str_replace(' ', '', $_SERVER['HTTP_X_FORWARDED_FOR']))); - if(!empty($_SERVER['HTTP_X_REAL_IP'])) - $ip = array_merge($ip, explode(',', str_replace(' ', '', $_SERVER['HTTP_X_REAL_IP']))); + $ip[] = $INPUT->server->str('REMOTE_ADDR'); + if($INPUT->server->str('HTTP_X_FORWARDED_FOR')) { + $ip = array_merge($ip, explode(',', str_replace(' ', '', $INPUT->server->str('HTTP_X_FORWARDED_FOR')))); + } + if($INPUT->server->str('HTTP_X_REAL_IP')) { + $ip = array_merge($ip, explode(',', str_replace(' ', '', $INPUT->server->str('HTTP_X_REAL_IP')))); + } // some IPv4/v6 regexps borrowed from Feyd // see: http://forums.devnetwork.net/viewtopic.php?f=38&t=53479 @@ -712,16 +729,18 @@ function clientIP($single = false) { * @link http://www.brainhandles.com/2007/10/15/detecting-mobile-browsers/#code */ function clientismobile() { + /* @var Input $INPUT */ + global $INPUT; - if(isset($_SERVER['HTTP_X_WAP_PROFILE'])) return true; + if($INPUT->server->has('HTTP_X_WAP_PROFILE')) return true; - if(preg_match('/wap\.|\.wap/i', $_SERVER['HTTP_ACCEPT'])) return true; + if(preg_match('/wap\.|\.wap/i', $INPUT->server->str('HTTP_ACCEPT'))) return true; - if(!isset($_SERVER['HTTP_USER_AGENT'])) return false; + if(!$INPUT->server->has('HTTP_USER_AGENT')) return false; $uamatches = 'midp|j2me|avantg|docomo|novarra|palmos|palmsource|240x320|opwv|chtml|pda|windows ce|mmp\/|blackberry|mib\/|symbian|wireless|nokia|hand|mobi|phone|cdm|up\.b|audio|SIE\-|SEC\-|samsung|HTC|mot\-|mitsu|sagem|sony|alcatel|lg|erics|vx|NEC|philips|mmm|xx|panasonic|sharp|wap|sch|rover|pocket|benq|java|pt|pg|vox|amoi|bird|compal|kg|voda|sany|kdd|dbt|sendo|sgh|gradi|jb|\d\d\di|moto'; - if(preg_match("/$uamatches/i", $_SERVER['HTTP_USER_AGENT'])) return true; + if(preg_match("/$uamatches/i", $INPUT->server->str('HTTP_USER_AGENT'))) return true; return false; } @@ -761,6 +780,9 @@ function gethostsbyaddrs($ips) { */ function checklock($id) { global $conf; + /* @var Input $INPUT */ + global $INPUT; + $lock = wikiLockFN($id); //no lockfile @@ -773,8 +795,8 @@ function checklock($id) { } //my own lock - list($ip, $session) = explode("\n", io_readFile($lock)); - if($ip == $_SERVER['REMOTE_USER'] || $ip == clientIP() || $session == session_id()) { + @list($ip, $session) = explode("\n", io_readFile($lock)); + if($ip == $INPUT->server->str('REMOTE_USER') || $ip == clientIP() || $session == session_id()) { return false; } @@ -788,14 +810,16 @@ function checklock($id) { */ function lock($id) { global $conf; + /* @var Input $INPUT */ + global $INPUT; if($conf['locktime'] == 0) { return; } $lock = wikiLockFN($id); - if($_SERVER['REMOTE_USER']) { - io_saveFile($lock, $_SERVER['REMOTE_USER']); + if($INPUT->server->str('REMOTE_USER')) { + io_saveFile($lock, $INPUT->server->str('REMOTE_USER')); } else { io_saveFile($lock, clientIP()."\n".session_id()); } @@ -809,10 +833,13 @@ function lock($id) { * @return bool true if a lock was removed */ function unlock($id) { + /* @var Input $INPUT */ + global $INPUT; + $lock = wikiLockFN($id); if(@file_exists($lock)) { - list($ip, $session) = explode("\n", io_readFile($lock)); - if($ip == $_SERVER['REMOTE_USER'] || $ip == clientIP() || $session == session_id()) { + @list($ip, $session) = explode("\n", io_readFile($lock)); + if($ip == $INPUT->server->str('REMOTE_USER') || $ip == clientIP() || $session == session_id()) { @unlink($lock); return true; } @@ -938,6 +965,8 @@ function parsePageTemplate(&$data) { global $USERINFO; global $conf; + /* @var Input $INPUT */ + global $INPUT; // replace placeholders $file = noNS($id); @@ -969,7 +998,7 @@ function parsePageTemplate(&$data) { utf8_ucfirst($page), utf8_ucwords($page), utf8_strtoupper($page), - $_SERVER['REMOTE_USER'], + $INPUT->server->str('REMOTE_USER'), $USERINFO['name'], $USERINFO['mail'], $conf['dformat'], @@ -1050,6 +1079,9 @@ function saveWikiText($id, $text, $summary, $minor = false) { global $conf; global $lang; global $REV; + /* @var Input $INPUT */ + global $INPUT; + // ignore if no changes were made if($text == rawWiki($id, '')) { return; @@ -1112,7 +1144,7 @@ function saveWikiText($id, $text, $summary, $minor = false) { $type = DOKU_CHANGE_TYPE_CREATE; } else if($wasRemoved) { $type = DOKU_CHANGE_TYPE_DELETE; - } else if($minor && $conf['useacl'] && $_SERVER['REMOTE_USER']) { + } else if($minor && $conf['useacl'] && $INPUT->server->str('REMOTE_USER')) { $type = DOKU_CHANGE_TYPE_MINOR_EDIT; } //minor edits only for logged in users @@ -1164,6 +1196,8 @@ function saveOldRevision($id) { */ function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace = array()) { global $conf; + /* @var Input $INPUT */ + global $INPUT; // decide if there is something to do, eg. whom to mail if($who == 'admin') { @@ -1172,7 +1206,7 @@ function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace = $to = $conf['notify']; } elseif($who == 'subscribers') { if(!actionOK('subscribe')) return false; //subscribers enabled? - if($conf['useacl'] && $_SERVER['REMOTE_USER'] && $minor) return false; //skip minors + if($conf['useacl'] && $INPUT->server->str('REMOTE_USER') && $minor) return false; //skip minors $data = array('id' => $id, 'addresslist' => '', 'self' => false); trigger_event( 'COMMON_NOTIFY_ADDRESSLIST', $data, @@ -1197,10 +1231,13 @@ function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace = * @author Todd Augsburger <todd@rollerorgans.com> */ function getGoogleQuery() { - if(!isset($_SERVER['HTTP_REFERER'])) { + /* @var Input $INPUT */ + global $INPUT; + + if(!$INPUT->server->has('HTTP_REFERER')) { return ''; } - $url = parse_url($_SERVER['HTTP_REFERER']); + $url = parse_url($INPUT->server->str('HTTP_REFERER')); // only handle common SEs if(!preg_match('/(google|bing|yahoo|ask|duckduckgo|babylon|aol|yandex)/',$url['host'])) return ''; @@ -1523,6 +1560,9 @@ function is_mem_available($mem, $bytes = 1048576) { * @author Andreas Gohr <andi@splitbrain.org> */ function send_redirect($url) { + /* @var Input $INPUT */ + global $INPUT; + //are there any undisplayed messages? keep them in session for display global $MSG; if(isset($MSG) && count($MSG) && !defined('NOSESSION')) { @@ -1536,7 +1576,7 @@ function send_redirect($url) { // work around IE bug // http://www.ianhoar.com/2008/11/16/internet-explorer-6-and-redirected-anchor-links/ - list($url, $hash) = explode('#', $url); + @list($url, $hash) = explode('#', $url); if($hash) { if(strpos($url, '?')) { $url = $url.'&#'.$hash; @@ -1546,9 +1586,9 @@ function send_redirect($url) { } // check if running on IIS < 6 with CGI-PHP - if(isset($_SERVER['SERVER_SOFTWARE']) && isset($_SERVER['GATEWAY_INTERFACE']) && - (strpos($_SERVER['GATEWAY_INTERFACE'], 'CGI') !== false) && - (preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($_SERVER['SERVER_SOFTWARE']), $matches)) && + if($INPUT->server->has('SERVER_SOFTWARE') && $INPUT->server->has('GATEWAY_INTERFACE') && + (strpos($INPUT->server->str('GATEWAY_INTERFACE'), 'CGI') !== false) && + (preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($INPUT->server->str('SERVER_SOFTWARE')), $matches)) && $matches[1] < 6 ) { header('Refresh: 0;url='.$url); diff --git a/inc/html.php b/inc/html.php index fcec29670..41f26e5cd 100644 --- a/inc/html.php +++ b/inc/html.php @@ -691,7 +691,7 @@ function html_recent($first=0, $show_changes='both'){ $form->addElement(form_makeOpenTag('div', array('class' => 'li'))); - if ($recent['media']) { + if (!empty($recent['media'])) { $form->addElement(media_printicon($recent['id'])); } else { $icon = DOKU_BASE.'lib/images/fileicons/file.png'; @@ -705,7 +705,7 @@ function html_recent($first=0, $show_changes='both'){ $diff = false; $href = ''; - if ($recent['media']) { + if (!empty($recent['media'])) { $diff = (count(getRevisions($recent['id'], 0, 1, 8192, true)) && @file_exists(mediaFN($recent['id']))); if ($diff) { $href = media_managerURL(array('tab_details' => 'history', @@ -715,7 +715,7 @@ function html_recent($first=0, $show_changes='both'){ $href = wl($recent['id'],"do=diff", false, '&'); } - if ($recent['media'] && !$diff) { + if (!empty($recent['media']) && !$diff) { $form->addElement('<img src="'.DOKU_BASE.'lib/images/blank.gif" width="15" height="11" alt="" />'); } else { $form->addElement(form_makeOpenTag('a', array('class' => 'diff_link', 'href' => $href))); @@ -729,7 +729,7 @@ function html_recent($first=0, $show_changes='both'){ $form->addElement(form_makeCloseTag('a')); } - if ($recent['media']) { + if (!empty($recent['media'])) { $href = media_managerURL(array('tab_details' => 'history', 'image' => $recent['id'], 'ns' => getNS($recent['id'])), '&'); } else { @@ -745,7 +745,7 @@ function html_recent($first=0, $show_changes='both'){ ))); $form->addElement(form_makeCloseTag('a')); - if ($recent['media']) { + if (!empty($recent['media'])) { $href = media_managerURL(array('tab_details' => 'view', 'image' => $recent['id'], 'ns' => getNS($recent['id'])), '&'); $class = (file_exists(mediaFN($recent['id']))) ? 'wikilink1' : $class = 'wikilink2'; $form->addElement(form_makeOpenTag('a', array('class' => $class, 'href' => $href))); diff --git a/inc/indexer.php b/inc/indexer.php index 07f29b542..a167db47f 100644 --- a/inc/indexer.php +++ b/inc/indexer.php @@ -270,8 +270,9 @@ class Doku_Indexer { // Special handling for titles so the index file is simpler if (array_key_exists('title', $key)) { $value = $key['title']; - if (is_array($value)) + if (is_array($value)) { $value = $value[0]; + } $this->saveIndexKey('title', '', $pid, $value); unset($key['title']); } @@ -299,20 +300,24 @@ class Doku_Indexer { if ($val !== "") { $id = array_search($val, $metawords, true); if ($id === false) { + // didn't find $val, so we'll add it to the end of metawords and create a placeholder in metaidx $id = count($metawords); $metawords[$id] = $val; + $metaidx[$id] = ''; $addwords = true; } // test if value is already in the index - if (isset($val_idx[$id]) && $val_idx[$id] <= 0) + if (isset($val_idx[$id]) && $val_idx[$id] <= 0){ $val_idx[$id] = 0; - else // else add it + } else { // else add it $val_idx[$id] = 1; + } } } - if ($addwords) + if ($addwords) { $this->saveIndex($metaname.'_w', '', $metawords); + } $vals_changed = false; foreach ($val_idx as $id => $action) { if ($action == -1) { @@ -1214,14 +1219,16 @@ class Doku_Indexer { */ protected function updateTuple($line, $id, $count) { $newLine = $line; - if ($newLine !== '') + if ($newLine !== ''){ $newLine = preg_replace('/(^|:)'.preg_quote($id,'/').'\*\d*/', '', $newLine); + } $newLine = trim($newLine, ':'); if ($count) { - if (strlen($newLine) > 0) + if (strlen($newLine) > 0) { return "$id*$count:".$newLine; - else + } else { return "$id*$count".$newLine; + } } return $newLine; } diff --git a/inc/infoutils.php b/inc/infoutils.php index 3636d86a1..0992040d9 100644 --- a/inc/infoutils.php +++ b/inc/infoutils.php @@ -102,6 +102,8 @@ function getVersion(){ function check(){ global $conf; global $INFO; + /* @var Input $INPUT */ + global $INPUT; if ($INFO['isadmin'] || $INFO['ismanager']){ msg('DokuWiki version: '.getVersion(),1); @@ -204,7 +206,7 @@ function check(){ } if($INFO['userinfo']['name']){ - msg('You are currently logged in as '.$_SERVER['REMOTE_USER'].' ('.$INFO['userinfo']['name'].')',0); + msg('You are currently logged in as '.$INPUT->server->str('REMOTE_USER').' ('.$INFO['userinfo']['name'].')',0); msg('You are part of the groups '.join($INFO['userinfo']['grps'],', '),0); }else{ msg('You are currently not logged in',0); @@ -361,6 +363,9 @@ function dbg($msg,$hidden=false){ */ function dbglog($msg,$header=''){ global $conf; + /* @var Input $INPUT */ + global $INPUT; + // The debug log isn't automatically cleaned thus only write it when // debugging has been enabled by the user. if($conf['allowdebug'] !== 1) return; @@ -373,7 +378,7 @@ function dbglog($msg,$header=''){ $file = $conf['cachedir'].'/debug.log'; $fh = fopen($file,'a'); if($fh){ - fwrite($fh,date('H:i:s ').$_SERVER['REMOTE_ADDR'].': '.$msg."\n"); + fwrite($fh,date('H:i:s ').$INPUT->server->str('REMOTE_ADDR').': '.$msg."\n"); fclose($fh); } } diff --git a/inc/init.php b/inc/init.php index 9b8465911..4ff239787 100644 --- a/inc/init.php +++ b/inc/init.php @@ -176,7 +176,7 @@ if(function_exists('set_magic_quotes_runtime')) @set_magic_quotes_runtime(0); $_REQUEST = array_merge($_GET,$_POST); // we don't want a purge URL to be digged -if(isset($_REQUEST['purge']) && $_SERVER['HTTP_REFERER']) unset($_REQUEST['purge']); +if(isset($_REQUEST['purge']) && !empty($_SERVER['HTTP_REFERER'])) unset($_REQUEST['purge']); // disable gzip if not available if($conf['compression'] == 'bz2' && !function_exists('bzopen')){ @@ -402,6 +402,10 @@ function remove_magic_quotes(&$array) { * Returns the full absolute URL to the directory where * DokuWiki is installed in (includes a trailing slash) * + * !! Can not access $_SERVER values through $INPUT + * !! here as this function is called before $INPUT is + * !! initialized. + * * @author Andreas Gohr <andi@splitbrain.org> */ function getBaseURL($abs=null){ @@ -441,12 +445,12 @@ function getBaseURL($abs=null){ //split hostheader into host and port if(isset($_SERVER['HTTP_HOST'])){ $parsed_host = parse_url('http://'.$_SERVER['HTTP_HOST']); - $host = $parsed_host['host']; - $port = $parsed_host['port']; + $host = isset($parsed_host['host']) ? $parsed_host['host'] : null; + $port = isset($parsed_host['port']) ? $parsed_host['port'] : null; }elseif(isset($_SERVER['SERVER_NAME'])){ $parsed_host = parse_url('http://'.$_SERVER['SERVER_NAME']); - $host = $parsed_host['host']; - $port = $parsed_host['port']; + $host = isset($parsed_host['host']) ? $parsed_host['host'] : null; + $port = isset($parsed_host['port']) ? $parsed_host['port'] : null; }else{ $host = php_uname('n'); $port = ''; diff --git a/inc/mail.php b/inc/mail.php index 0b60c0a5b..9994ac63e 100644 --- a/inc/mail.php +++ b/inc/mail.php @@ -40,6 +40,8 @@ if (!defined('PREG_PATTERN_VALID_EMAIL')) define('PREG_PATTERN_VALID_EMAIL', '[' function mail_setup(){ global $conf; global $USERINFO; + /** @var Input $INPUT */ + global $INPUT; // auto constructed address $host = @parse_url(DOKU_URL,PHP_URL_HOST); @@ -53,11 +55,8 @@ function mail_setup(){ $replace['@MAIL@'] = $noreply; } - if(!empty($_SERVER['REMOTE_USER'])){ - $replace['@USER@'] = $_SERVER['REMOTE_USER']; - }else{ - $replace['@USER@'] = 'noreply'; - } + // use 'noreply' if no user + $replace['@USER@'] = $INPUT->server->str('REMOTE_USER', 'noreply', true); if(!empty($USERINFO['name'])){ $replace['@NAME@'] = $USERINFO['name']; diff --git a/inc/media.php b/inc/media.php index 4fff95d94..dc76521c6 100644 --- a/inc/media.php +++ b/inc/media.php @@ -1018,7 +1018,7 @@ function media_file_tags($meta) { foreach($fields as $key => $tag){ $t = array(); if (!empty($tag[0])) $t = array($tag[0]); - if(is_array($tag[3])) $t = array_merge($t,$tag[3]); + if(isset($tag[3]) && is_array($tag[3])) $t = array_merge($t,$tag[3]); $value = media_getTag($t, $meta); $tags[] = array('tag' => $tag, 'value' => $value); } @@ -1779,7 +1779,7 @@ function media_nstree_item($item){ global $INPUT; $pos = strrpos($item['id'], ':'); $label = substr($item['id'], $pos > 0 ? $pos + 1 : 0); - if(!$item['label']) $item['label'] = $label; + if(empty($item['label'])) $item['label'] = $label; $ret = ''; if (!($INPUT->str('do') == 'media')) @@ -1841,7 +1841,7 @@ function media_resize_image($file, $ext, $w, $h=0){ if( $mtime > filemtime($file) || media_resize_imageIM($ext,$file,$info[0],$info[1],$local,$w,$h) || media_resize_imageGD($ext,$file,$info[0],$info[1],$local,$w,$h) ){ - if($conf['fperm']) @chmod($local, $conf['fperm']); + if(!empty($conf['fperm'])) @chmod($local, $conf['fperm']); return $local; } //still here? resizing failed @@ -1902,7 +1902,7 @@ function media_crop_image($file, $ext, $w, $h=0){ if( $mtime > @filemtime($file) || media_crop_imageIM($ext,$file,$info[0],$info[1],$local,$cw,$ch,$cx,$cy) || media_resize_imageGD($ext,$file,$cw,$ch,$local,$cw,$ch,$cx,$cy) ){ - if($conf['fperm']) @chmod($local, $conf['fperm']); + if(!empty($conf['fperm'])) @chmod($local, $conf['fperm']); return media_resize_image($local,$ext, $w, $h); } diff --git a/inc/pageutils.php b/inc/pageutils.php index 9c2794387..8474c5697 100644 --- a/inc/pageutils.php +++ b/inc/pageutils.php @@ -19,6 +19,7 @@ * @author Andreas Gohr <andi@splitbrain.org> */ function getID($param='id',$clean=true){ + /** @var Input $INPUT */ global $INPUT; global $conf; global $ACT; @@ -27,7 +28,7 @@ function getID($param='id',$clean=true){ //construct page id from request URI if(empty($id) && $conf['userewrite'] == 2){ - $request = $_SERVER['REQUEST_URI']; + $request = $INPUT->server->str('REQUEST_URI'); $script = ''; //get the script URL @@ -36,15 +37,15 @@ function getID($param='id',$clean=true){ if($param != 'id') { $relpath = 'lib/exe/'; } - $script = $conf['basedir'].$relpath.utf8_basename($_SERVER['SCRIPT_FILENAME']); - - }elseif($_SERVER['PATH_INFO']){ - $request = $_SERVER['PATH_INFO']; - }elseif($_SERVER['SCRIPT_NAME']){ - $script = $_SERVER['SCRIPT_NAME']; - }elseif($_SERVER['DOCUMENT_ROOT'] && $_SERVER['SCRIPT_FILENAME']){ - $script = preg_replace ('/^'.preg_quote($_SERVER['DOCUMENT_ROOT'],'/').'/','', - $_SERVER['SCRIPT_FILENAME']); + $script = $conf['basedir'].$relpath.utf8_basename($INPUT->server->str('SCRIPT_FILENAME')); + + }elseif($INPUT->server->str('PATH_INFO')){ + $request = $INPUT->server->str('PATH_INFO'); + }elseif($INPUT->server->str('SCRIPT_NAME')){ + $script = $INPUT->server->str('SCRIPT_NAME'); + }elseif($INPUT->server->str('DOCUMENT_ROOT') && $INPUT->server->str('SCRIPT_FILENAME')){ + $script = preg_replace ('/^'.preg_quote($INPUT->server->str('DOCUMENT_ROOT'),'/').'/','', + $INPUT->server->str('SCRIPT_FILENAME')); $script = '/'.$script; } diff --git a/inc/parser/metadata.php b/inc/parser/metadata.php index 73bae190f..82a268fd6 100644 --- a/inc/parser/metadata.php +++ b/inc/parser/metadata.php @@ -299,7 +299,7 @@ class Doku_Renderer_metadata extends Doku_Renderer { // first resolve and clean up the $id resolve_pageid(getNS($ID), $id, $exists); - list($page, $hash) = explode('#', $id, 2); + @list($page, $hash) = explode('#', $id, 2); // set metadata $this->meta['relation']['references'][$page] = $exists; diff --git a/inc/parser/renderer.php b/inc/parser/renderer.php index 1f9ad00a2..e748c36d8 100644 --- a/inc/parser/renderer.php +++ b/inc/parser/renderer.php @@ -274,8 +274,8 @@ class Doku_Renderer extends DokuWiki_Plugin { function _simpleTitle($name){ global $conf; - //if there is a hash we use the ancor name only - list($name,$hash) = explode('#',$name,2); + //if there is a hash we use the anchor name only + @list($name,$hash) = explode('#',$name,2); if($hash) return $hash; if($conf['useslash']){ @@ -301,7 +301,7 @@ class Doku_Renderer extends DokuWiki_Plugin { } //split into hash and url part - list($reference,$hash) = explode('#',$reference,2); + @list($reference,$hash) = explode('#',$reference,2); //replace placeholder if(preg_match('#\{(URL|NAME|SCHEME|HOST|PORT|PATH|QUERY)\}#',$url)){ diff --git a/inc/parser/xhtml.php b/inc/parser/xhtml.php index 184e62fe3..4966f103a 100644 --- a/inc/parser/xhtml.php +++ b/inc/parser/xhtml.php @@ -606,7 +606,7 @@ class Doku_Renderer_xhtml extends Doku_Renderer { } //keep hash anchor - list($id,$hash) = explode('#',$id,2); + @list($id,$hash) = explode('#',$id,2); if(!empty($hash)) $hash = $this->_headerToLink($hash); //prepare for formating diff --git a/inc/remote.php b/inc/remote.php index 2ef28afd2..e27aa74f8 100644 --- a/inc/remote.php +++ b/inc/remote.php @@ -169,6 +169,9 @@ class RemoteAPI { public function hasAccess() { global $conf; global $USERINFO; + /** @var Input $INPUT */ + global $INPUT; + if (!$conf['remote']) { return false; } @@ -179,7 +182,7 @@ class RemoteAPI { return true; } - return auth_isMember($conf['remoteuser'], $_SERVER['REMOTE_USER'], (array) $USERINFO['grps']); + return auth_isMember($conf['remoteuser'], $INPUT->server->str('REMOTE_USER'), (array) $USERINFO['grps']); } /** diff --git a/inc/search.php b/inc/search.php index c2d31b959..be4710237 100644 --- a/inc/search.php +++ b/inc/search.php @@ -141,7 +141,7 @@ function search_media(&$data,$base,$file,$type,$lvl,$opts){ //we do nothing with directories if($type == 'd') { - if(!$opts['depth']) return true; // recurse forever + if(empty($opts['depth'])) return true; // recurse forever $depth = substr_count($file,'/'); if($depth >= $opts['depth']) return false; // depth reached return true; @@ -157,12 +157,12 @@ function search_media(&$data,$base,$file,$type,$lvl,$opts){ //check ACL for namespace (we have no ACL for mediafiles) $info['perm'] = auth_quickaclcheck(getNS($info['id']).':*'); - if(!$opts['skipacl'] && $info['perm'] < AUTH_READ){ + if(empty($opts['skipacl']) && $info['perm'] < AUTH_READ){ return false; } //check pattern filter - if($opts['pattern'] && !@preg_match($opts['pattern'], $info['id'])){ + if(!empty($opts['pattern']) && !@preg_match($opts['pattern'], $info['id'])){ return false; } @@ -176,7 +176,7 @@ function search_media(&$data,$base,$file,$type,$lvl,$opts){ }else{ $info['isimg'] = false; } - if($opts['hash']){ + if(!empty($opts['hash'])){ $info['hash'] = md5(io_readFile(mediaFN($info['id']),false)); } @@ -351,17 +351,18 @@ function search_universal(&$data,$base,$file,$type,$lvl,$opts){ $return = true; // get ID and check if it is a valid one - $item['id'] = pathID($file,($type == 'd' || $opts['keeptxt'])); + $item['id'] = pathID($file,($type == 'd' || !empty($opts['keeptxt']))); if($item['id'] != cleanID($item['id'])){ - if($opts['showmsg']) + if(!empty($opts['showmsg'])){ msg(hsc($item['id']).' is not a valid file name for DokuWiki - skipped',-1); + } return false; // skip non-valid files } $item['ns'] = getNS($item['id']); if($type == 'd') { // decide if to recursion into this directory is wanted - if(!$opts['depth']){ + if(empty($opts['depth'])){ $return = true; // recurse forever }else{ $depth = substr_count($file,'/'); @@ -371,8 +372,12 @@ function search_universal(&$data,$base,$file,$type,$lvl,$opts){ $return = true; } } - if($return && !preg_match('/'.$opts['recmatch'].'/',$file)){ - $return = false; // doesn't match + + if ($return) { + $match = empty($opts['recmatch']) || preg_match('/'.$opts['recmatch'].'/',$file); + if (!$match) { + return false; // doesn't match + } } } @@ -407,7 +412,7 @@ function search_universal(&$data,$base,$file,$type,$lvl,$opts){ $item['level'] = $lvl; $item['open'] = $return; - if($opts['meta']){ + if(!empty($opts['meta'])){ $item['file'] = utf8_basename($file); $item['size'] = filesize($base.'/'.$file); $item['mtime'] = filemtime($base.'/'.$file); @@ -417,8 +422,8 @@ function search_universal(&$data,$base,$file,$type,$lvl,$opts){ } if($type == 'f'){ - if($opts['hash']) $item['hash'] = md5(io_readFile($base.'/'.$file,false)); - if($opts['firsthead']) $item['title'] = p_get_first_heading($item['id'],METADATA_DONT_RENDER); + if(!empty($opts['hash'])) $item['hash'] = md5(io_readFile($base.'/'.$file,false)); + if(!empty($opts['firsthead'])) $item['title'] = p_get_first_heading($item['id'],METADATA_DONT_RENDER); } // finally add the item diff --git a/inc/subscription.php b/inc/subscription.php index ddf30706b..adf1b821c 100644 --- a/inc/subscription.php +++ b/inc/subscription.php @@ -256,8 +256,10 @@ class Subscription { if(!$this->isenabled()) return false; global $ID; + /** @var Input $INPUT */ + global $INPUT; if(!$id) $id = $ID; - if(!$user) $user = $_SERVER['REMOTE_USER']; + if(!$user) $user = $INPUT->server->str('REMOTE_USER'); $subs = $this->subscribers($id, $user); if(!count($subs)) return false; @@ -292,13 +294,15 @@ class Subscription { global $auth; global $conf; global $USERINFO; + /** @var Input $INPUT */ + global $INPUT; $count = 0; $subscriptions = $this->subscribers($page, null, array('digest', 'list')); // remember current user info $olduinfo = $USERINFO; - $olduser = $_SERVER['REMOTE_USER']; + $olduser = $INPUT->server->str('REMOTE_USER'); foreach($subscriptions as $target => $users) { if(!$this->lock($target)) continue; @@ -315,7 +319,7 @@ class Subscription { // Work as the user to make sure ACLs apply correctly $USERINFO = $auth->getUserData($user); - $_SERVER['REMOTE_USER'] = $user; + $INPUT->server->set('REMOTE_USER',$user); if($USERINFO === false) continue; if(!$USERINFO['mail']) continue; @@ -334,7 +338,7 @@ class Subscription { foreach($changes as $rev) { $n = 0; while(!is_null($rev) && $rev['date'] >= $lastupdate && - ($_SERVER['REMOTE_USER'] === $rev['user'] || + ($INPUT->server->str('REMOTE_USER') === $rev['user'] || $rev['type'] === DOKU_CHANGE_TYPE_MINOR_EDIT)) { $rev = getRevisions($rev['id'], $n++, 1); $rev = (count($rev) > 0) ? $rev[0] : null; @@ -369,7 +373,7 @@ class Subscription { // restore current user info $USERINFO = $olduinfo; - $_SERVER['REMOTE_USER'] = $olduser; + $INPUT->server->set('REMOTE_USER',$olduser); return $count; } @@ -654,6 +658,8 @@ class Subscription { /** @var DokuWiki_Auth_Plugin $auth */ global $auth; global $conf; + /** @var Input $INPUT */ + global $INPUT; $id = $data['id']; $self = $data['self']; @@ -667,7 +673,7 @@ class Subscription { $userinfo = $auth->getUserData($user); if($userinfo === false) continue; if(!$userinfo['mail']) continue; - if(!$self && $user == $_SERVER['REMOTE_USER']) continue; //skip our own changes + if(!$self && $user == $INPUT->server->str('REMOTE_USER')) continue; //skip our own changes $level = auth_aclcheck($id, $user, $userinfo['grps']); if($level >= AUTH_READ) { diff --git a/inc/template.php b/inc/template.php index 0a6a9e4aa..88964fada 100644 --- a/inc/template.php +++ b/inc/template.php @@ -210,7 +210,7 @@ function tpl_toc($return = false) { } else { $tocok = true; } - $toc = $meta['description']['tableofcontents']; + $toc = isset($meta['description']['tableofcontents']) ? $meta['description']['tableofcontents'] : null; if(!$tocok || !is_array($toc) || !$conf['tocminheads'] || count($toc) < $conf['tocminheads']) { $toc = array(); } @@ -291,6 +291,8 @@ function tpl_metaheaders($alt = true) { global $lang; global $conf; global $updateVersion; + /** @var Input $INPUT */ + global $INPUT; // prepare the head array $head = array(); @@ -401,7 +403,7 @@ function tpl_metaheaders($alt = true) { // make $INFO and other vars available to JavaScripts $json = new JSON(); $script = "var NS='".$INFO['namespace']."';"; - if($conf['useacl'] && !empty($_SERVER['REMOTE_USER'])) { + if($conf['useacl'] && $INPUT->server->str('REMOTE_USER')) { $script .= "var SIG='".toolbar_signature()."';"; } $script .= 'var JSINFO = '.$json->encode($JSINFO).';'; @@ -603,6 +605,8 @@ function tpl_get_action($type) { global $REV; global $ACT; global $conf; + /** @var Input $INPUT */ + global $INPUT; // check disabled actions and fix the badly named ones if($type == 'history') $type = 'revisions'; @@ -637,7 +641,7 @@ function tpl_get_action($type) { $accesskey = 'v'; } } else { - $params = array(); + $params = array('do' => ''); $type = 'show'; $accesskey = 'v'; } @@ -658,7 +662,7 @@ function tpl_get_action($type) { break; case 'top': $accesskey = 't'; - $params = array(); + $params = array('do' => ''); $id = '#dokuwiki__top'; break; case 'back': @@ -667,12 +671,12 @@ function tpl_get_action($type) { return false; } $id = $parent; - $params = array(); + $params = array('do' => ''); $accesskey = 'b'; break; case 'login': $params['sectok'] = getSecurityToken(); - if(isset($_SERVER['REMOTE_USER'])) { + if($INPUT->server->has('REMOTE_USER')) { if(!actionOK('logout')) { return false; } @@ -681,12 +685,12 @@ function tpl_get_action($type) { } break; case 'register': - if(!empty($_SERVER['REMOTE_USER'])) { + if($INPUT->server->str('REMOTE_USER')) { return false; } break; case 'resendpwd': - if(!empty($_SERVER['REMOTE_USER'])) { + if($INPUT->server->str('REMOTE_USER')) { return false; } break; @@ -703,14 +707,14 @@ function tpl_get_action($type) { $params['sectok'] = getSecurityToken(); break; case 'subscribe': - if(!$_SERVER['REMOTE_USER']) { + if(!$INPUT->server->str('REMOTE_USER')) { return false; } break; case 'backlink': break; case 'profile': - if(!isset($_SERVER['REMOTE_USER'])) { + if(!$INPUT->server->has('REMOTE_USER')) { return false; } break; @@ -886,8 +890,11 @@ function tpl_youarehere($sep = ' » ') { function tpl_userinfo() { global $lang; global $INFO; - if(isset($_SERVER['REMOTE_USER'])) { - print $lang['loggedinas'].': <bdi>'.hsc($INFO['userinfo']['name']).'</bdi> (<bdi>'.hsc($_SERVER['REMOTE_USER']).'</bdi>)'; + /** @var Input $INPUT */ + global $INPUT; + + if($INPUT->server->str('REMOTE_USER')) { + print $lang['loggedinas'].': <bdi>'.hsc($INFO['userinfo']['name']).'</bdi> (<bdi>'.hsc($INPUT->server->str('REMOTE_USER')).'</bdi>)'; return true; } return false; @@ -1030,6 +1037,7 @@ function tpl_img_getTag($tags, $alt = '', $src = null) { */ function tpl_img($maxwidth = 0, $maxheight = 0, $link = true, $params = null) { global $IMG; + /** @var Input $INPUT */ global $INPUT; $w = tpl_img_getTag('File.Width'); $h = tpl_img_getTag('File.Height'); @@ -1242,6 +1250,7 @@ function tpl_mediaContent($fromajax = false, $sort='natural') { global $INUSE; global $NS; global $JUMPTO; + /** @var Input $INPUT */ global $INPUT; $do = $INPUT->extract('do')->str('do'); @@ -1291,6 +1300,7 @@ function tpl_mediaFileList() { global $NS; global $JUMPTO; global $lang; + /** @var Input $INPUT */ global $INPUT; $opened_tab = $INPUT->str('tab_files'); @@ -1331,7 +1341,9 @@ function tpl_mediaFileList() { * @author Kate Arzamastseva <pshns@ukr.net> */ function tpl_mediaFileDetails($image, $rev) { - global $AUTH, $NS, $conf, $DEL, $lang, $INPUT; + global $AUTH, $NS, $conf, $DEL, $lang; + /** @var Input $INPUT */ + global $INPUT; $removed = (!file_exists(mediaFN($image)) && file_exists(mediaMetaFN($image, '.changes')) && $conf['mediarevisions']); if(!$image || (!file_exists(mediaFN($image)) && !$removed) || $DEL) return; @@ -1409,12 +1421,14 @@ function tpl_actiondropdown($empty = '', $button = '>') { global $ID; global $REV; global $lang; + /** @var Input $INPUT */ + global $INPUT; echo '<form action="'.script().'" method="get" accept-charset="utf-8">'; echo '<div class="no">'; echo '<input type="hidden" name="id" value="'.$ID.'" />'; if($REV) echo '<input type="hidden" name="rev" value="'.$REV.'" />'; - if (!empty($_SERVER['REMOTE_USER'])) { + if ($INPUT->server->str('REMOTE_USER')) { echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />'; } @@ -1780,11 +1794,14 @@ function tpl_media() { */ function tpl_classes() { global $ACT, $conf, $ID, $INFO; + /** @var Input $INPUT */ + global $INPUT; + $classes = array( 'dokuwiki', 'mode_'.$ACT, 'tpl_'.$conf['template'], - !empty($_SERVER['REMOTE_USER']) ? 'loggedIn' : '', + $INPUT->server->bool('REMOTE_USER') ? 'loggedIn' : '', $INFO['exists'] ? '' : 'notFound', ($ID == $conf['start']) ? 'home' : '', ); diff --git a/inc/toolbar.php b/inc/toolbar.php index d8d2f209b..7cc29e866 100644 --- a/inc/toolbar.php +++ b/inc/toolbar.php @@ -241,10 +241,12 @@ function toolbar_JSdefines($varname){ function toolbar_signature(){ global $conf; global $INFO; + /** @var Input $INPUT */ + global $INPUT; $sig = $conf['signature']; $sig = dformat(null,$sig); - $sig = str_replace('@USER@',$_SERVER['REMOTE_USER'],$sig); + $sig = str_replace('@USER@',$INPUT->server->str('REMOTE_USER'),$sig); $sig = str_replace('@NAME@',$INFO['userinfo']['name'],$sig); $sig = str_replace('@MAIL@',$INFO['userinfo']['mail'],$sig); $sig = str_replace('@DATE@',dformat(),$sig); diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php index d94a24c74..7044232ce 100644 --- a/lib/exe/mediamanager.php +++ b/lib/exe/mediamanager.php @@ -57,7 +57,7 @@ } // give info on PHP caught upload errors - if($_FILES['upload']['error']){ + if(!empty($_FILES['upload']['error'])){ switch($_FILES['upload']['error']){ case 1: case 2: @@ -71,7 +71,7 @@ } // handle upload - if($_FILES['upload']['tmp_name']){ + if(!empty($_FILES['upload']['tmp_name'])){ $JUMPTO = media_upload($NS,$AUTH); if($JUMPTO) $NS = getNS($JUMPTO); } diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php index 6c7c28ff6..de38aedd5 100644 --- a/lib/plugins/acl/admin.php +++ b/lib/plugins/acl/admin.php @@ -268,7 +268,10 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin { usort($data,array($this,'_tree_sort')); $count = count($data); if($count>0) for($i=1; $i<$count; $i++){ - if($data[$i-1]['id'] == $data[$i]['id'] && $data[$i-1]['type'] == $data[$i]['type']) unset($data[$i]); + if($data[$i-1]['id'] == $data[$i]['id'] && $data[$i-1]['type'] == $data[$i]['type']) { + unset($data[$i]); + $i++; // duplicate found, next $i can't be a duplicate, so skip forward one + } } return $data; } @@ -488,7 +491,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin { function _html_list_acl($item){ $ret = ''; // what to display - if($item['label']){ + if(!empty($item['label'])){ $base = $item['label']; }else{ $base = ':'.$item['id']; @@ -496,8 +499,11 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin { } // highlight? - if( ($item['type']== $this->current_item['type'] && $item['id'] == $this->current_item['id'])) + if( ($item['type']== $this->current_item['type'] && $item['id'] == $this->current_item['id'])) { $cl = ' cur'; + } else { + $cl = ''; + } // namespace or page? if($item['type']=='d'){ diff --git a/lib/plugins/info/syntax.php b/lib/plugins/info/syntax.php index f8c6eb484..9265f44d5 100644 --- a/lib/plugins/info/syntax.php +++ b/lib/plugins/info/syntax.php @@ -48,7 +48,7 @@ class syntax_plugin_info extends DokuWiki_Syntax_Plugin { /** * Handle the match */ - function handle($match, $state, $pos, Doku_Handler &$handler){ + function handle($match, $state, $pos, Doku_Handler $handler){ $match = substr($match,7,-2); //strip ~~INFO: from start and ~~ from end return array(strtolower($match)); } @@ -56,7 +56,7 @@ class syntax_plugin_info extends DokuWiki_Syntax_Plugin { /** * Create output */ - function render($format, Doku_Renderer &$renderer, $data) { + function render($format, Doku_Renderer $renderer, $data) { if($format == 'xhtml'){ /** @var Doku_Renderer_xhtml $renderer */ //handle various info stuff diff --git a/lib/plugins/syntax.php b/lib/plugins/syntax.php index 7ab9c30e1..42a4903ec 100644 --- a/lib/plugins/syntax.php +++ b/lib/plugins/syntax.php @@ -63,10 +63,10 @@ class DokuWiki_Syntax_Plugin extends Doku_Parser_Mode_Plugin { * @param string $match The text matched by the patterns * @param int $state The lexer state for the match * @param int $pos The character position of the matched text - * @param Doku_Handler $handler Reference to the Doku_Handler object + * @param Doku_Handler $handler The Doku_Handler object * @return array Return an array with all data you want to use in render */ - function handle($match, $state, $pos, Doku_Handler &$handler){ + function handle($match, $state, $pos, Doku_Handler $handler){ trigger_error('handle() not implemented in '.get_class($this), E_USER_WARNING); } @@ -89,11 +89,11 @@ class DokuWiki_Syntax_Plugin extends Doku_Parser_Mode_Plugin { * created * * @param $format string output format being rendered - * @param $renderer Doku_Renderer reference to the current renderer object + * @param $renderer Doku_Renderer the current renderer object * @param $data array data created by handler() * @return boolean rendered correctly? */ - function render($format, Doku_Renderer &$renderer, $data) { + function render($format, Doku_Renderer $renderer, $data) { trigger_error('render() not implemented in '.get_class($this), E_USER_WARNING); } diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php index eadfb76ad..b67d91b36 100644 --- a/lib/plugins/usermanager/admin.php +++ b/lib/plugins/usermanager/admin.php @@ -53,7 +53,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { } // attempt to retrieve any import failures from the session - if ($_SESSION['import_failures']){ + if (!empty($_SESSION['import_failures'])){ $this->_import_failures = $_SESSION['import_failures']; } } |