summaryrefslogtreecommitdiff
path: root/inc
diff options
context:
space:
mode:
Diffstat (limited to 'inc')
-rw-r--r--inc/actions.php28
-rw-r--r--inc/cache.php3
-rw-r--r--inc/common.php3
-rw-r--r--inc/form.php5
-rw-r--r--inc/html.php49
-rw-r--r--inc/media.php66
-rw-r--r--inc/pageutils.php3
-rw-r--r--inc/parser/code.php3
8 files changed, 95 insertions, 65 deletions
diff --git a/inc/actions.php b/inc/actions.php
index e85cbfccc..0c35bc88c 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -20,6 +20,7 @@ function act_dispatch(){
global $ID;
global $INFO;
global $QUERY;
+ global $INPUT;
global $lang;
global $conf;
@@ -131,14 +132,14 @@ function act_dispatch(){
//handle admin tasks
if($ACT == 'admin'){
// retrieve admin plugin name from $_REQUEST['page']
- if (!empty($_REQUEST['page'])) {
+ if (($page = $INPUT->str('page', '', true)) != '') {
$pluginlist = plugin_list('admin');
- if (in_array($_REQUEST['page'], $pluginlist)) {
+ if (in_array($page, $pluginlist)) {
// attempt to load the plugin
- if ($plugin =& plugin_load('admin',$_REQUEST['page']) !== null){
+ if ($plugin =& plugin_load('admin',$page) !== null){
if($plugin->forAdminOnly() && !$INFO['isadmin']){
// a manager tried to load a plugin that's for admins only
- unset($_REQUEST['page']);
+ $INPUT->remove('page');
msg('For admins only',-1);
}else{
$plugin->handle();
@@ -300,13 +301,14 @@ function act_draftdel($act){
function act_draftsave($act){
global $INFO;
global $ID;
+ global $INPUT;
global $conf;
- if($conf['usedraft'] && $_POST['wikitext']){
+ if($conf['usedraft'] && $INPUT->post->has('wikitext')) {
$draft = array('id' => $ID,
- 'prefix' => substr($_POST['prefix'], 0, -1),
- 'text' => $_POST['wikitext'],
- 'suffix' => $_POST['suffix'],
- 'date' => (int) $_POST['date'],
+ 'prefix' => substr($INPUT->post->str('prefix'), 0, -1),
+ 'text' => $INPUT->post->str('wikitext'),
+ 'suffix' => $INPUT->post->str('suffix'),
+ 'date' => $INPUT->post->int('date'),
'client' => $INFO['client'],
);
$cname = getCacheName($draft['client'].$ID,'.draft');
@@ -335,6 +337,7 @@ function act_save($act){
global $SUM;
global $lang;
global $INFO;
+ global $INPUT;
//spam check
if(checkwordblock()) {
@@ -346,7 +349,7 @@ function act_save($act){
return 'conflict';
//save it
- saveWikiText($ID,con($PRE,$TEXT,$SUF,1),$SUM,$_REQUEST['minor']); //use pretty mode for con
+ saveWikiText($ID,con($PRE,$TEXT,$SUF,1),$SUM,$INPUT->bool('minor')); //use pretty mode for con
//unlock it
unlock($ID);
@@ -669,6 +672,7 @@ function act_subscription($act){
global $lang;
global $INFO;
global $ID;
+ global $INPUT;
// subcriptions work for logged in users only
if(!$_SERVER['REMOTE_USER']) return 'show';
@@ -676,8 +680,8 @@ function act_subscription($act){
// get and preprocess data.
$params = array();
foreach(array('target', 'style', 'action') as $param) {
- if (isset($_REQUEST["sub_$param"])) {
- $params[$param] = $_REQUEST["sub_$param"];
+ if ($INPUT->has("sub_$param")) {
+ $params[$param] = $INPUT->str("sub_$param");
}
}
diff --git a/inc/cache.php b/inc/cache.php
index ff78e37ae..204c6f006 100644
--- a/inc/cache.php
+++ b/inc/cache.php
@@ -84,7 +84,8 @@ class cache {
* it should only overwrite a dependency when the new value is more stringent than the old
*/
function _addDependencies() {
- if (isset($_REQUEST['purge'])) $this->depends['purge'] = true; // purge requested
+ global $INPUT;
+ if ($INPUT->has('purge')) $this->depends['purge'] = true; // purge requested
}
/**
diff --git a/inc/common.php b/inc/common.php
index 768260bbf..02ed2432b 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -63,9 +63,10 @@ function getSecurityToken() {
* Check the secret CSRF token
*/
function checkSecurityToken($token = null) {
+ global $INPUT;
if(!$_SERVER['REMOTE_USER']) return true; // no logged in user, no need for a check
- if(is_null($token)) $token = $_REQUEST['sectok'];
+ if(is_null($token)) $token = $INPUT->str('sectok');
if(getSecurityToken() != $token) {
msg('Security Token did not match. Possible CSRF attack.', -1);
return false;
diff --git a/inc/form.php b/inc/form.php
index e74c52c5d..bdf520a2e 100644
--- a/inc/form.php
+++ b/inc/form.php
@@ -295,8 +295,9 @@ class Doku_Form {
*/
function addRadioSet($name, $entries) {
- $value = (isset($_POST[$name]) && isset($entries[$_POST[$name]])) ?
- $_POST[$name] : key($entries);
+ global $INPUT;
+ $value = (array_key_exists($INPUT->post->str($name), $entries)) ?
+ $INPUT->str($name) : key($entries);
foreach($entries as $val => $cap) {
$data = ($value === $val) ? array('checked' => 'checked') : array();
$this->addElement(form_makeRadioField($name, $val, $cap, '', '', $data));
diff --git a/inc/html.php b/inc/html.php
index f9712d975..505474e0d 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -46,6 +46,7 @@ function html_login(){
global $lang;
global $conf;
global $ID;
+ global $INPUT;
print p_locale_xhtml('login');
print '<div class="centeralign">'.NL;
@@ -53,7 +54,7 @@ function html_login(){
$form->startFieldset($lang['btn_login']);
$form->addHidden('id', $ID);
$form->addHidden('do', 'login');
- $form->addElement(form_makeTextField('u', ((!$_REQUEST['http_credentials']) ? $_REQUEST['u'] : ''), $lang['user'], 'focus__this', 'block'));
+ $form->addElement(form_makeTextField('u', ((!$INPUT->bool('http_credentials')) ? $INPUT->str('u') : ''), $lang['user'], 'focus__this', 'block'));
$form->addElement(form_makePasswordField('p', $lang['pass'], '', 'block'));
if($conf['rememberme']) {
$form->addElement(form_makeCheckboxField('r', '1', $lang['remember'], 'remember__me', 'simple'));
@@ -1076,8 +1077,9 @@ function html_diff($text='',$intro=true,$type=null){
global $REV;
global $lang;
global $conf;
+ global $INPUT;
- if(!$type) $type = $_REQUEST['difftype'];
+ if(!$type) $type = $INPUT->str('difftype');
if($type != 'inline') $type = 'sidebyside';
// we're trying to be clever here, revisions to compare can be either
@@ -1085,16 +1087,16 @@ function html_diff($text='',$intro=true,$type=null){
// array in rev2.
$rev1 = $REV;
- if(is_array($_REQUEST['rev2'])){
- $rev1 = (int) $_REQUEST['rev2'][0];
- $rev2 = (int) $_REQUEST['rev2'][1];
+ if(is_array($INPUT->ref('rev2'))){
+ $rev1 = (int) $INPUT->int('rev2')[0];
+ $rev2 = (int) $INPUT->int('rev2')[1];
if(!$rev1){
$rev1 = $rev2;
unset($rev2);
}
}else{
- $rev2 = (int) $_REQUEST['rev2'];
+ $rev2 = $INPUT->int('rev2');
}
$r_minor = '';
@@ -1252,6 +1254,7 @@ function html_register(){
global $lang;
global $conf;
global $ID;
+ global $INPUT;
print p_locale_xhtml('register');
print '<div class="centeralign">'.NL;
@@ -1259,13 +1262,13 @@ function html_register(){
$form->startFieldset($lang['btn_register']);
$form->addHidden('do', 'register');
$form->addHidden('save', '1');
- $form->addElement(form_makeTextField('login', $_POST['login'], $lang['user'], '', 'block', array('size'=>'50')));
+ $form->addElement(form_makeTextField('login', $INPUT->post->str('login'), $lang['user'], '', 'block', array('size'=>'50')));
if (!$conf['autopasswd']) {
$form->addElement(form_makePasswordField('pass', $lang['pass'], '', 'block', array('size'=>'50')));
$form->addElement(form_makePasswordField('passchk', $lang['passchk'], '', 'block', array('size'=>'50')));
}
- $form->addElement(form_makeTextField('fullname', $_POST['fullname'], $lang['fullname'], '', 'block', array('size'=>'50')));
- $form->addElement(form_makeTextField('email', $_POST['email'], $lang['email'], '', 'block', array('size'=>'50')));
+ $form->addElement(form_makeTextField('fullname', $INPUT->post->str('fullname'), $lang['fullname'], '', 'block', array('size'=>'50')));
+ $form->addElement(form_makeTextField('email', $INPUT->post->str('email'), $lang['email'], '', 'block', array('size'=>'50')));
$form->addElement(form_makeButton('submit', '', $lang['btn_register']));
$form->endFieldset();
html_form('register', $form);
@@ -1282,26 +1285,27 @@ function html_register(){
function html_updateprofile(){
global $lang;
global $conf;
+ global $INPUT;
global $ID;
global $INFO;
global $auth;
print p_locale_xhtml('updateprofile');
- if (empty($_POST['fullname'])) $_POST['fullname'] = $INFO['userinfo']['name'];
- if (empty($_POST['email'])) $_POST['email'] = $INFO['userinfo']['mail'];
+ $fullname = $INPUT->post->str('fullname', $INFO['userinfo']['name'], true);
+ $email = $INPUT->post->str('email', $INFO['userinfo']['mail'], true);
print '<div class="centeralign">'.NL;
$form = new Doku_Form(array('id' => 'dw__register'));
$form->startFieldset($lang['profile']);
$form->addHidden('do', 'profile');
$form->addHidden('save', '1');
- $form->addElement(form_makeTextField('fullname', $_SERVER['REMOTE_USER'], $lang['user'], '', 'block', array('size'=>'50', 'disabled'=>'disabled')));
+ $form->addElement(form_makeTextField('login', $_SERVER['REMOTE_USER'], $lang['user'], '', 'block', array('size'=>'50', 'disabled'=>'disabled')));
$attr = array('size'=>'50');
if (!$auth->canDo('modName')) $attr['disabled'] = 'disabled';
- $form->addElement(form_makeTextField('fullname', $_POST['fullname'], $lang['fullname'], '', 'block', $attr));
+ $form->addElement(form_makeTextField('fullname', $fullname, $lang['fullname'], '', 'block', $attr));
$attr = array('size'=>'50');
if (!$auth->canDo('modMail')) $attr['disabled'] = 'disabled';
- $form->addElement(form_makeTextField('email', $_POST['email'], $lang['email'], '', 'block', $attr));
+ $form->addElement(form_makeTextField('email', $email, $lang['email'], '', 'block', $attr));
$form->addElement(form_makeTag('br'));
if ($auth->canDo('modPass')) {
$form->addElement(form_makePasswordField('newpass', $lang['newpass'], '', 'block', array('size'=>'50')));
@@ -1326,6 +1330,7 @@ function html_updateprofile(){
* @triggers HTML_EDITFORM_OUTPUT
*/
function html_edit(){
+ global $INPUT;
global $ID;
global $REV;
global $DATE;
@@ -1338,8 +1343,8 @@ function html_edit(){
global $TEXT;
global $RANGE;
- if (isset($_REQUEST['changecheck'])) {
- $check = $_REQUEST['changecheck'];
+ if ($INPUT->has('changecheck')) {
+ $check = $INPUT->str('changecheck');
} elseif(!$INFO['exists']){
// $TEXT has been loaded from page template
$check = md5('');
@@ -1374,8 +1379,8 @@ function html_edit(){
$data = array('form' => $form,
'wr' => $wr,
'media_manager' => true,
- 'target' => (isset($_REQUEST['target']) && $wr &&
- $RANGE !== '') ? $_REQUEST['target'] : 'section',
+ 'target' => ($INPUT->has('target') && $wr &&
+ $RANGE !== '') ? $INPUT->str('target') : 'section',
'intro_locale' => $include);
if ($data['target'] !== 'section') {
@@ -1461,6 +1466,7 @@ function html_edit_form($param) {
function html_minoredit(){
global $conf;
global $lang;
+ global $INPUT;
// minor edits are for logged in users only
if(!$conf['useacl'] || !$_SERVER['REMOTE_USER']){
return false;
@@ -1468,7 +1474,7 @@ function html_minoredit(){
$p = array();
$p['tabindex'] = 3;
- if(!empty($_REQUEST['minor'])) $p['checked']='checked';
+ if($INPUT->bool('minor')) $p['checked']='checked';
return form_makeCheckboxField('minor', '1', $lang['minoredit'], 'minoredit', 'nowrap', $p);
}
@@ -1674,8 +1680,9 @@ function html_resendpwd() {
global $lang;
global $conf;
global $ID;
+ global $INPUT;
- $token = preg_replace('/[^a-f0-9]+/','',$_REQUEST['pwauth']);
+ $token = preg_replace('/[^a-f0-9]+/','',$INPUT->str('pwauth'));
if(!$conf['autopasswd'] && $token){
print p_locale_xhtml('resetpwd');
@@ -1700,7 +1707,7 @@ function html_resendpwd() {
$form->addHidden('do', 'resendpwd');
$form->addHidden('save', '1');
$form->addElement(form_makeTag('br'));
- $form->addElement(form_makeTextField('login', $_POST['login'], $lang['user'], '', 'block'));
+ $form->addElement(form_makeTextField('login', $INPUT->post->str('login'), $lang['user'], '', 'block'));
$form->addElement(form_makeTag('br'));
$form->addElement(form_makeTag('br'));
$form->addElement(form_makeButton('submit', '', $lang['btn_resendpwd']));
diff --git a/inc/media.php b/inc/media.php
index e1d5d511e..4bca2e71a 100644
--- a/inc/media.php
+++ b/inc/media.php
@@ -226,8 +226,9 @@ function media_delete($id,$auth){
*/
function media_upload_xhr($ns,$auth){
if(!checkSecurityToken()) return false;
+ global $INPUT;
- $id = $_GET['qqfile'];
+ $id = $INPUT->get->str('qqfile');
list($ext,$mime,$dl) = mimetype($id);
$input = fopen("php://input", "r");
if (!($tmp = io_mktmpdir())) return false;
@@ -247,7 +248,7 @@ function media_upload_xhr($ns,$auth){
'mime' => $mime,
'ext' => $ext),
$ns.':'.$id,
- (($_REQUEST['ow'] == 'checked') ? true : false),
+ (($INPUT->get->str('ow') == 'checked') ? true : false),
$auth,
'copy'
);
@@ -270,9 +271,10 @@ function media_upload_xhr($ns,$auth){
function media_upload($ns,$auth,$file=false){
if(!checkSecurityToken()) return false;
global $lang;
+ global $INPUT;
// get file and id
- $id = $_POST['mediaid'];
+ $id = $INPUT->post->str('mediaid');
if (!$file) $file = $_FILES['upload'];
if(empty($id)) $id = $file['name'];
@@ -294,7 +296,7 @@ function media_upload($ns,$auth,$file=false){
$res = media_save(array('name' => $file['tmp_name'],
'mime' => $imime,
'ext' => $iext), $ns.':'.$id,
- $_REQUEST['ow'], $auth, 'move_uploaded_file');
+ $INPUT->post->bool('ow'), $auth, 'move_uploaded_file');
if (is_array($res)) {
msg($res[0], $res[1]);
return false;
@@ -641,7 +643,9 @@ function media_tabs_details($image, $selected_tab = ''){
* @author Kate Arzamastseva <pshns@ukr.net>
*/
function media_tab_files_options(){
- global $lang, $NS;
+ global $lang;
+ global $NS;
+ global $INPUT;
$form = new Doku_Form(array('class' => 'options', 'method' => 'get',
'action' => wl($ID)));
$media_manager_params = media_managerURL(array(), '', false, true);
@@ -649,8 +653,8 @@ function media_tab_files_options(){
$form->addHidden($pKey, $pVal);
}
$form->addHidden('sectok', null);
- if (isset($_REQUEST['q'])) {
- $form->addHidden('q', $_REQUEST['q']);
+ if ($INPUT->has('q')) {
+ $form->addHidden('q', $INPUT->str('q'));
}
$form->addElement('<ul>'.NL);
foreach(array('list' => array('listType', array('thumbs', 'rows')),
@@ -694,9 +698,10 @@ function _media_get_list_type() {
}
function _media_get_display_param($param, $values) {
- if (isset($_REQUEST[$param]) && in_array($_REQUEST[$param], $values)) {
+ global $INPUT;
+ if (in_array($INPUT->str($param), $values)) {
// FIXME: Set cookie
- return $_REQUEST[$param];
+ return $INPUT->str($param);
} else {
$val = get_doku_pref($param, $values['default']);
if (!in_array($val, $values)) {
@@ -746,10 +751,10 @@ function media_tab_upload($ns,$auth=null,$jump='') {
*/
function media_tab_search($ns,$auth=null) {
global $lang;
+ global $INPUT;
- $do = $_REQUEST['mediado'];
- $query = $_REQUEST['q'];
- if (!$query) $query = '';
+ $do = $INPUT->str('mediado');
+ $query = $INPUT->str('q');
echo '<div class="search">'.NL;
media_searchform($ns, $query, true);
@@ -801,14 +806,16 @@ function media_tab_edit($image, $ns, $auth=null) {
*/
function media_tab_history($image, $ns, $auth=null) {
global $lang;
+ global $INPUT;
+
if(is_null($auth)) $auth = auth_quickaclcheck("$ns:*");
- $do = $_REQUEST['mediado'];
+ $do = $INPUT->str('mediado');
if ($auth >= AUTH_READ && $image) {
if ($do == 'diff'){
media_diff($image, $ns, $auth);
} else {
- $first = isset($_REQUEST['first']) ? intval($_REQUEST['first']) : 0;
+ $first = $INPUT->int('first');
html_revisions($first, $image);
}
} else {
@@ -1002,21 +1009,22 @@ function media_details($image, $auth, $rev=false, $meta=false) {
function media_diff($image, $ns, $auth, $fromajax = false) {
global $lang;
global $conf;
+ global $INPUT;
if ($auth < AUTH_READ || !$image || !$conf['mediarevisions']) return '';
- $rev1 = (int) $_REQUEST['rev'];
+ $rev1 = $INPUT->int('rev');
- if(is_array($_REQUEST['rev2'])){
- $rev1 = (int) $_REQUEST['rev2'][0];
- $rev2 = (int) $_REQUEST['rev2'][1];
+ if(is_array($INPUT->ref('rev2'))){
+ $rev1 = (int) $INPUT->arr('rev2')[0];
+ $rev2 = (int) $INPUT->arr('rev2')[1];
if(!$rev1){
$rev1 = $rev2;
unset($rev2);
}
}else{
- $rev2 = (int) $_REQUEST['rev2'];
+ $rev2 = $INPUT->int('rev2');
}
if ($rev1 && !file_exists(mediaFN($image, $rev1))) $rev1 = false;
@@ -1071,7 +1079,9 @@ function _media_file_diff($data) {
* @author Kate Arzamastseva <pshns@ukr.net>
*/
function media_file_diff($image, $l_rev, $r_rev, $ns, $auth, $fromajax){
- global $lang, $config_cascade;
+ global $lang;
+ global $config_cascade;
+ global $INPUT;
$l_meta = new JpegMeta(mediaFN($image, $l_rev));
$r_meta = new JpegMeta(mediaFN($image, $r_rev));
@@ -1082,7 +1092,7 @@ function media_file_diff($image, $l_rev, $r_rev, $ns, $auth, $fromajax){
$r_size = media_image_preview_size($image, $r_rev, $r_meta);
$is_img = ($l_size && $r_size && ($l_size[0] >= 30 || $r_size[0] >= 30));
- $difftype = $_REQUEST['difftype'];
+ $difftype = $INPUT->str('difftype');
if (!$fromajax) {
$form = new Doku_Form(array(
@@ -1527,11 +1537,12 @@ function media_printimgdetail($item, $fullscreen=false){
function media_managerURL($params=false, $amp='&amp;', $abs=false, $params_array=false) {
global $conf;
global $ID;
+ global $INPUT;
$gets = array('do' => 'media');
$media_manager_params = array('tab_files', 'tab_details', 'image', 'ns', 'list', 'sort');
foreach ($media_manager_params as $x) {
- if (isset($_REQUEST[$x])) $gets[$x] = $_REQUEST[$x];
+ if ($INPUT->has($x)) $gets[$x] = $INPUT->str($x);
}
if ($params) {
@@ -1555,7 +1566,9 @@ function media_managerURL($params=false, $amp='&amp;', $abs=false, $params_array
* @author Kate Arzamastseva <pshns@ukr.net>
*/
function media_uploadform($ns, $auth, $fullscreen = false){
- global $lang, $conf;
+ global $lang;
+ global $conf;
+ global $INPUT;
if($auth < AUTH_UPLOAD) {
echo '<div class="nothing">'.$lang['media_perm_upload'].'</div>'.NL;
@@ -1565,9 +1578,9 @@ function media_uploadform($ns, $auth, $fullscreen = false){
$update = false;
$id = '';
- if ($auth >= $auth_ow && $fullscreen && $_REQUEST['mediado'] == 'update') {
+ if ($auth >= $auth_ow && $fullscreen && $INPUT->str('mediado') == 'update') {
$update = true;
- $id = cleanID($_REQUEST['image']);
+ $id = cleanID($INPUT->str('image'));
}
// The default HTML upload form
@@ -1697,12 +1710,13 @@ function media_nstree($ns){
* @author Andreas Gohr <andi@splitbrain.org>
*/
function media_nstree_item($item){
+ global $INPUT;
$pos = strrpos($item['id'], ':');
$label = substr($item['id'], $pos > 0 ? $pos + 1 : 0);
if(!$item['label']) $item['label'] = $label;
$ret = '';
- if (!($_REQUEST['do'] == 'media'))
+ if (!($INPUT->str('do') == 'media'))
$ret .= '<a href="'.DOKU_BASE.'lib/exe/mediamanager.php?ns='.idfilter($item['id']).'" class="idx_dir">';
else $ret .= '<a href="'.media_managerURL(array('ns' => idfilter($item['id'], false), 'tab_files' => 'files'))
.'" class="idx_dir">';
diff --git a/inc/pageutils.php b/inc/pageutils.php
index f525c44d0..5e741c491 100644
--- a/inc/pageutils.php
+++ b/inc/pageutils.php
@@ -19,9 +19,10 @@
* @author Andreas Gohr <andi@splitbrain.org>
*/
function getID($param='id',$clean=true){
+ global $INPUT;
global $conf;
- $id = isset($_REQUEST[$param]) ? $_REQUEST[$param] : null;
+ $id = $INPUT->str($param);
//construct page id from request URI
if(empty($id) && $conf['userewrite'] == 2){
diff --git a/inc/parser/code.php b/inc/parser/code.php
index 4d94dcf4e..ff44a4e1e 100644
--- a/inc/parser/code.php
+++ b/inc/parser/code.php
@@ -16,11 +16,12 @@ class Doku_Renderer_code extends Doku_Renderer {
* When the correct block was found it exits the script.
*/
function code($text, $language = NULL, $filename='' ) {
+ global $INPUT;
if(!$language) $language = 'txt';
if(!$filename) $filename = 'snippet.'.$language;
$filename = basename($filename);
- if($this->_codeblock == $_REQUEST['codeblock']){
+ if($this->_codeblock == $INPUT->str('codeblock')){
header("Content-Type: text/plain; charset=utf-8");
header("Content-Disposition: attachment; filename=$filename");
header("X-Robots-Tag: noindex");
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-11 14:26:49 +0000