diff options
Diffstat (limited to 'lib/exe/ajax.php')
| -rw-r--r-- | lib/exe/ajax.php | 77 |
1 files changed, 40 insertions, 37 deletions
diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php index 46d835187..9989269cf 100644 --- a/lib/exe/ajax.php +++ b/lib/exe/ajax.php @@ -6,11 +6,6 @@ * @author Andreas Gohr <andi@splitbrain.org> */ -//fix for Opera XMLHttpRequests -if(!count($_POST) && !empty($HTTP_RAW_POST_DATA)){ - parse_str($HTTP_RAW_POST_DATA, $_POST); -} - if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../'); require_once(DOKU_INC.'inc/init.php'); //close session @@ -18,12 +13,11 @@ session_write_close(); header('Content-Type: text/html; charset=utf-8'); - //call the requested function -if(isset($_POST['call'])){ - $call = $_POST['call']; -}else if(isset($_GET['call'])){ - $call = $_GET['call']; +if($INPUT->post->has('call')){ + $call = $INPUT->post->str('call'); +}else if($INPUT->get->has('call')){ + $call = $INPUT->get->str('call'); }else{ exit; } @@ -49,9 +43,10 @@ if(function_exists($callfn)){ function ajax_qsearch(){ global $conf; global $lang; + global $INPUT; - $query = $_POST['q']; - if(empty($query)) $query = $_GET['q']; + $query = $INPUT->post->str('q'); + if(empty($query)) $query = $INPUT->get->str('q'); if(empty($query)) return; $query = urldecode($query); @@ -87,9 +82,10 @@ function ajax_qsearch(){ function ajax_suggestions() { global $conf; global $lang; + global $INPUT; - $query = cleanID($_POST['q']); - if(empty($query)) $query = cleanID($_GET['q']); + $query = cleanID($INPUT->post->str('q')); + if(empty($query)) $query = cleanID($INPUT->get->str('q')); if(empty($query)) return; $data = array(); @@ -127,8 +123,9 @@ function ajax_lock(){ global $lang; global $ID; global $INFO; + global $INPUT; - $ID = cleanID($_POST['id']); + $ID = cleanID($INPUT->post->str('id')); if(empty($ID)) return; $INFO = pageinfo(); @@ -143,15 +140,15 @@ function ajax_lock(){ echo 1; } - if($conf['usedraft'] && $_POST['wikitext']){ + if($conf['usedraft'] && $INPUT->post->str('wikitext')){ $client = $_SERVER['REMOTE_USER']; if(!$client) $client = clientIP(true); $draft = array('id' => $ID, - 'prefix' => substr($_POST['prefix'], 0, -1), - 'text' => $_POST['wikitext'], - 'suffix' => $_POST['suffix'], - 'date' => (int) $_POST['date'], + 'prefix' => substr($INPUT->post->str('prefix'), 0, -1), + 'text' => $INPUT->post->str('wikitext'), + 'suffix' => $INPUT->post->str('suffix'), + 'date' => $INPUT->post->int('date'), 'client' => $client, ); $cname = getCacheName($draft['client'].$ID,'.draft'); @@ -168,7 +165,8 @@ function ajax_lock(){ * @author Andreas Gohr <andi@splitbrain.org> */ function ajax_draftdel(){ - $id = cleanID($_REQUEST['id']); + global $INPUT; + $id = cleanID($INPUT->str('id')); if(empty($id)) return; $client = $_SERVER['REMOTE_USER']; @@ -185,9 +183,10 @@ function ajax_draftdel(){ */ function ajax_medians(){ global $conf; + global $INPUT; // wanted namespace - $ns = cleanID($_POST['ns']); + $ns = cleanID($INPUT->post->str('ns')); $dir = utf8_encodeFN(str_replace(':','/',$ns)); $lvl = count(explode(':',$ns)); @@ -208,9 +207,10 @@ function ajax_medians(){ function ajax_medialist(){ global $conf; global $NS; + global $INPUT; - $NS = $_POST['ns']; - if ($_POST['do'] == 'media') { + $NS = cleanID($INPUT->post->str('ns')); + if ($INPUT->post->str('do') == 'media') { tpl_mediaFileList(); } else { tpl_mediaContent(true); @@ -224,11 +224,11 @@ function ajax_medialist(){ * @author Kate Arzamastseva <pshns@ukr.net> */ function ajax_mediadetails(){ - global $DEL, $NS, $IMG, $AUTH, $JUMPTO, $REV, $lang, $fullscreen, $conf; + global $DEL, $NS, $IMG, $AUTH, $JUMPTO, $REV, $lang, $fullscreen, $conf, $INPUT; $fullscreen = true; require_once(DOKU_INC.'lib/exe/mediamanager.php'); - if ($_REQUEST['image']) $image = cleanID($_REQUEST['image']); + if ($INPUT->has('image')) $image = cleanID($INPUT->str('image')); if (isset($IMG)) $image = $IMG; if (isset($JUMPTO)) $image = $JUMPTO; if (isset($REV) && !$JUMPTO) $rev = $REV; @@ -243,25 +243,26 @@ function ajax_mediadetails(){ */ function ajax_mediadiff(){ global $NS; + global $INPUT; - if ($_REQUEST['image']) $image = cleanID($_REQUEST['image']); - $NS = $_POST['ns']; - $auth = auth_quickaclcheck("$ns:*"); + if ($INPUT->has('image')) $image = cleanID($INPUT->str('image')); + $NS = $INPUT->post->str('ns'); + $auth = auth_quickaclcheck("$NS:*"); media_diff($image, $NS, $auth, true); } function ajax_mediaupload(){ - global $NS, $MSG; + global $NS, $MSG, $INPUT; if ($_FILES['qqfile']['tmp_name']) { - $id = ((empty($_POST['mediaid'])) ? $_FILES['qqfile']['name'] : $_POST['mediaid']); - } elseif (isset($_GET['qqfile'])) { - $id = $_GET['qqfile']; + $id = $INPUT->post->str('mediaid', $_FILES['qqfile']['name']); + } elseif ($INPUT->get->has('qqfile')) { + $id = $INPUT->get->str('qqfile'); } $id = cleanID($id); - $NS = $_REQUEST['ns']; + $NS = $INPUT->str('ns'); $ns = $NS.':'.getNS($id); $AUTH = auth_quickaclcheck("$ns:*"); @@ -270,7 +271,7 @@ function ajax_mediaupload(){ if ($_FILES['qqfile']['error']) unset($_FILES['qqfile']); if ($_FILES['qqfile']['tmp_name']) $res = media_upload($NS, $AUTH, $_FILES['qqfile']); - if (isset($_GET['qqfile'])) $res = media_upload_xhr($NS, $AUTH); + if ($INPUT->get->has('qqfile')) $res = media_upload_xhr($NS, $AUTH); if ($res) $result = array('success' => true, 'link' => media_managerURL(array('ns' => $ns, 'image' => $NS.':'.$id), '&'), @@ -314,9 +315,10 @@ function dir_delete($path) { */ function ajax_index(){ global $conf; + global $INPUT; // wanted namespace - $ns = cleanID($_POST['idx']); + $ns = cleanID($INPUT->post->str('idx')); $dir = utf8_encodeFN(str_replace(':','/',$ns)); $lvl = count(explode(':',$ns)); @@ -337,8 +339,9 @@ function ajax_index(){ function ajax_linkwiz(){ global $conf; global $lang; + global $INPUT; - $q = ltrim(trim($_POST['q']),':'); + $q = ltrim(trim($INPUT->post->str('q')),':'); $id = noNS($q); $ns = getNS($q); |