1 files changed, 66 insertions, 16 deletions

diff --git a/inc/actions.php b/inc/actions.php
index 50cbe369f..709c19ddd 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -20,6 +20,7 @@ function act_dispatch(){
     global $ID;
     global $INFO;
     global $QUERY;
+    /* @var Input $INPUT */
     global $INPUT;
     global $lang;
     global $conf;
@@ -94,7 +95,7 @@ function act_dispatch(){
 
         // user profile changes
         if (in_array($ACT, array('profile','profile_delete'))) {
-            if(!$_SERVER['REMOTE_USER']) {
+            if(!$INPUT->server->str('REMOTE_USER')) {
                 $ACT = 'login';
             } else {
                 switch ($ACT) {
@@ -190,7 +191,7 @@ function act_dispatch(){
     unset($evt);
 
     // when action 'show', the intial not 'show' and POST, do a redirect
-    if($ACT == 'show' && $preact != 'show' && strtolower($_SERVER['REQUEST_METHOD']) == 'post'){
+    if($ACT == 'show' && $preact != 'show' && strtolower($INPUT->server->str('REQUEST_METHOD')) == 'post'){
         act_redirect($ID,$preact);
     }
 
@@ -199,6 +200,7 @@ function act_dispatch(){
     global $license;
 
     //call template FIXME: all needed vars available?
+    $headers = array();
     $headers[] = 'Content-Type: text/html; charset=utf-8';
     trigger_event('ACTION_HEADERS_SEND',$headers,'act_sendheaders');
 
@@ -220,6 +222,9 @@ function act_sendheaders($headers) {
  * Sanitize the action command
  *
  * @author Andreas Gohr <andi@splitbrain.org>
+ *
+ * @param array|string $act
+ * @return string
  */
 function act_clean($act){
     // check if the action was given as array key
@@ -244,6 +249,9 @@ function act_clean($act){
  * Add all allowed commands here.
  *
  * @author Andreas Gohr <andi@splitbrain.org>
+ *
+ * @param array|string $act
+ * @return string
  */
 function act_validate($act) {
     global $conf;
@@ -283,10 +291,12 @@ function act_validate($act) {
  * Run permissionchecks
  *
  * @author Andreas Gohr <andi@splitbrain.org>
+ *
+ * @param string $act action command
+ * @return string action command
  */
 function act_permcheck($act){
     global $INFO;
-    global $conf;
 
     if(in_array($act,array('save','preview','edit','recover'))){
         if($INFO['exists']){
@@ -329,6 +339,9 @@ function act_permcheck($act){
  * Handle 'draftdel'
  *
  * Deletes the draft for the current page and user
+ *
+ * @param string $act action command
+ * @return string action command
  */
 function act_draftdel($act){
     global $INFO;
@@ -341,6 +354,9 @@ function act_draftdel($act){
  * Saves a draft on preview
  *
  * @todo this currently duplicates code from ajax.php :-/
+ *
+ * @param string $act action command
+ * @return string action command
  */
 function act_draftsave($act){
     global $INFO;
@@ -371,6 +387,9 @@ function act_draftsave($act){
  * returns a new action.
  *
  * @author Andreas Gohr <andi@splitbrain.org>
+ *
+ * @param string $act action command
+ * @return string action command
  */
 function act_save($act){
     global $ID;
@@ -393,7 +412,7 @@ function act_save($act){
         return 'conflict';
 
     //save it
-    saveWikiText($ID,con($PRE,$TEXT,$SUF,1),$SUM,$INPUT->bool('minor')); //use pretty mode for con
+    saveWikiText($ID,con($PRE,$TEXT,$SUF,true),$SUM,$INPUT->bool('minor')); //use pretty mode for con
     //unlock it
     unlock($ID);
 
@@ -409,11 +428,16 @@ function act_save($act){
  * Revert to a certain revision
  *
  * @author Andreas Gohr <andi@splitbrain.org>
+ *
+ * @param string $act action command
+ * @return string action command
  */
 function act_revert($act){
     global $ID;
     global $REV;
     global $lang;
+    /* @var Input $INPUT */
+    global $INPUT;
     // FIXME $INFO['writable'] currently refers to the attic version
     // global $INFO;
     // if (!$INFO['writable']) {
@@ -445,7 +469,7 @@ function act_revert($act){
     session_write_close();
 
     // when done, show current page
-    $_SERVER['REQUEST_METHOD'] = 'post'; //should force a redirect
+    $INPUT->server->set('REQUEST_METHOD','post'); //should force a redirect
     $REV = '';
     return 'show';
 }
@@ -454,6 +478,9 @@ function act_revert($act){
  * Do a redirect after receiving post data
  *
  * Tries to add the section id as hash mark after section editing
+ *
+ * @param string $id page id
+ * @param string $preact action command before redirect
  */
 function act_redirect($id,$preact){
     global $PRE;
@@ -475,7 +502,7 @@ function act_redirect($id,$preact){
 /**
  * Execute the redirect
  *
- * @param array $opts id and fragment for the redirect
+ * @param array $opts id and fragment for the redirect and the preact
  */
 function act_redirect_execute($opts){
     $go = wl($opts['id'],'',true);
@@ -489,21 +516,27 @@ function act_redirect_execute($opts){
  * Handle 'login', 'logout'
  *
  * @author Andreas Gohr <andi@splitbrain.org>
+ *
+ * @param string $act action command
+ * @return string action command
  */
 function act_auth($act){
     global $ID;
     global $INFO;
+    /* @var Input $INPUT */
+    global $INPUT;
 
     //already logged in?
-    if(isset($_SERVER['REMOTE_USER']) && $act=='login'){
+    if($INPUT->server->has('REMOTE_USER') && $act=='login'){
         return 'show';
     }
 
     //handle logout
     if($act=='logout'){
         $lockedby = checklock($ID); //page still locked?
-        if($lockedby == $_SERVER['REMOTE_USER'])
+        if($lockedby == $INPUT->server->str('REMOTE_USER')){
             unlock($ID); //try to unlock
+        }
 
         // do the logout stuff
         auth_logoff();
@@ -521,6 +554,9 @@ function act_auth($act){
  * Handle 'edit', 'preview', 'recover'
  *
  * @author Andreas Gohr <andi@splitbrain.org>
+ *
+ * @param string $act action command
+ * @return string action command
  */
 function act_edit($act){
     global $ID;
@@ -585,6 +621,9 @@ function act_edit($act){
  *
  * @author Andreas Gohr <andi@splitbrain.org>
  * @author Michael Klier <chi@chimeric.de>
+ *
+ * @param string $act action command
+ * @return string action command
  */
 function act_export($act){
     global $ID;
@@ -594,7 +633,6 @@ function act_export($act){
 
     $pre = '';
     $post = '';
-    $output = '';
     $headers = array();
 
     // search engines: never cache exported docs! (Google only currently)
@@ -638,7 +676,7 @@ function act_export($act){
             $output = p_wiki_xhtml($ID,$REV,false);
             break;
         default:
-            $output = p_cached_output(wikiFN($ID,$REV), $mode);
+            $output = p_cached_output(wikiFN($ID,$REV), $mode, $ID);
             $headers = p_get_metadata($ID,"format $mode");
             break;
     }
@@ -666,6 +704,8 @@ function act_export($act){
  * Handle sitemap delivery
  *
  * @author Michael Hamann <michael@content-space.de>
+ *
+ * @param string $act action command
  */
 function act_sitemap($act) {
     global $conf;
@@ -697,7 +737,7 @@ function act_sitemap($act) {
 
         // Send file
         //use x-sendfile header to pass the delivery to compatible webservers
-        if (http_sendfile($sitemap)) exit;
+        http_sendfile($sitemap);
 
         readfile($sitemap);
         exit;
@@ -714,15 +754,20 @@ function act_sitemap($act) {
  * Throws exception on error.
  *
  * @author Adrian Lang <lang@cosmocode.de>
+ *
+ * @param string $act action command
+ * @return string action command
+ * @throws Exception if (un)subscribing fails
  */
 function act_subscription($act){
     global $lang;
     global $INFO;
     global $ID;
+    /* @var Input $INPUT */
     global $INPUT;
 
     // subcriptions work for logged in users only
-    if(!$_SERVER['REMOTE_USER']) return 'show';
+    if(!$INPUT->server->str('REMOTE_USER')) return 'show';
 
     // get and preprocess data.
     $params = array();
@@ -733,7 +778,7 @@ function act_subscription($act){
     }
 
     // any action given? if not just return and show the subscription page
-    if(!$params['action'] || !checkSecurityToken()) return $act;
+    if(empty($params['action']) || !checkSecurityToken()) return $act;
 
     // Handle POST data, may throw exception.
     trigger_event('ACTION_HANDLE_SUBSCRIBE', $params, 'subscription_handle_post');
@@ -745,9 +790,9 @@ function act_subscription($act){
     // Perform action.
     $sub = new Subscription();
     if($action == 'unsubscribe'){
-        $ok = $sub->remove($target, $_SERVER['REMOTE_USER'], $style);
+        $ok = $sub->remove($target, $INPUT->server->str('REMOTE_USER'), $style);
     }else{
-        $ok = $sub->add($target, $_SERVER['REMOTE_USER'], $style);
+        $ok = $sub->add($target, $INPUT->server->str('REMOTE_USER'), $style);
     }
 
     if($ok) {
@@ -772,10 +817,15 @@ function act_subscription($act){
  * default action for the event ACTION_HANDLE_SUBSCRIBE.
  *
  * @author Adrian Lang <lang@cosmocode.de>
+ *
+ * @param array &$params the parameters: target, style and action
+ * @throws Exception
  */
 function subscription_handle_post(&$params) {
     global $INFO;
     global $lang;
+    /* @var Input $INPUT */
+    global $INPUT;
 
     // Get and validate parameters.
     if (!isset($params['target'])) {
@@ -806,7 +856,7 @@ function subscription_handle_post(&$params) {
         }
         if ($is === false) {
             throw new Exception(sprintf($lang['subscr_not_subscribed'],
-                                        $_SERVER['REMOTE_USER'],
+                                        $INPUT->server->str('REMOTE_USER'),
                                         prettyprint_id($target)));
         }
         // subscription_set deletes a subscription if style = null.