diff options
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/cache.php | 3 | ||||
| -rw-r--r-- | inc/common.php | 3 | ||||
| -rw-r--r-- | inc/pageutils.php | 3 |
3 files changed, 6 insertions, 3 deletions
diff --git a/inc/cache.php b/inc/cache.php index ff78e37ae..204c6f006 100644 --- a/inc/cache.php +++ b/inc/cache.php @@ -84,7 +84,8 @@ class cache { * it should only overwrite a dependency when the new value is more stringent than the old */ function _addDependencies() { - if (isset($_REQUEST['purge'])) $this->depends['purge'] = true; // purge requested + global $INPUT; + if ($INPUT->has('purge')) $this->depends['purge'] = true; // purge requested } /** diff --git a/inc/common.php b/inc/common.php index 768260bbf..02ed2432b 100644 --- a/inc/common.php +++ b/inc/common.php @@ -63,9 +63,10 @@ function getSecurityToken() { * Check the secret CSRF token */ function checkSecurityToken($token = null) { + global $INPUT; if(!$_SERVER['REMOTE_USER']) return true; // no logged in user, no need for a check - if(is_null($token)) $token = $_REQUEST['sectok']; + if(is_null($token)) $token = $INPUT->str('sectok'); if(getSecurityToken() != $token) { msg('Security Token did not match. Possible CSRF attack.', -1); return false; diff --git a/inc/pageutils.php b/inc/pageutils.php index c94d14624..95f791364 100644 --- a/inc/pageutils.php +++ b/inc/pageutils.php @@ -19,9 +19,10 @@ * @author Andreas Gohr <andi@splitbrain.org> */ function getID($param='id',$clean=true){ + global $INPUT; global $conf; - $id = isset($_REQUEST[$param]) ? $_REQUEST[$param] : null; + $id = $INPUT->str($param); //construct page id from request URI if(empty($id) && $conf['userewrite'] == 2){ |