diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/exe/ajax.php | 24 | ||||
| -rw-r--r-- | lib/plugins/acl/admin.php | 46 | ||||
| -rw-r--r-- | lib/plugins/acl/ajax.php | 11 |
3 files changed, 45 insertions, 36 deletions
diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php index 945091f34..496b2f1a1 100644 --- a/lib/exe/ajax.php +++ b/lib/exe/ajax.php @@ -162,7 +162,8 @@ function ajax_lock(){ * @author Andreas Gohr <andi@splitbrain.org> */ function ajax_draftdel(){ - $id = cleanID($_REQUEST['id']); + global $INPUT; + $id = cleanID($INPUT->str('id')); if(empty($id)) return; $client = $_SERVER['REMOTE_USER']; @@ -218,11 +219,11 @@ function ajax_medialist(){ * @author Kate Arzamastseva <pshns@ukr.net> */ function ajax_mediadetails(){ - global $DEL, $NS, $IMG, $AUTH, $JUMPTO, $REV, $lang, $fullscreen, $conf; + global $DEL, $NS, $IMG, $AUTH, $JUMPTO, $REV, $lang, $fullscreen, $conf, $INPUT; $fullscreen = true; require_once(DOKU_INC.'lib/exe/mediamanager.php'); - if ($_REQUEST['image']) $image = cleanID($_REQUEST['image']); + if ($INPUT->has('image')) $image = cleanID($INPUT->str('image')); if (isset($IMG)) $image = $IMG; if (isset($JUMPTO)) $image = $JUMPTO; if (isset($REV) && !$JUMPTO) $rev = $REV; @@ -237,25 +238,26 @@ function ajax_mediadetails(){ */ function ajax_mediadiff(){ global $NS; + global $INPUT; - if ($_REQUEST['image']) $image = cleanID($_REQUEST['image']); + if ($INPUT->has('image')) $image = cleanID($INPUT->str('image')); $NS = $_POST['ns']; - $auth = auth_quickaclcheck("$ns:*"); + $auth = auth_quickaclcheck("$NS:*"); media_diff($image, $NS, $auth, true); } function ajax_mediaupload(){ - global $NS, $MSG; + global $NS, $MSG, $INPUT; if ($_FILES['qqfile']['tmp_name']) { - $id = ((empty($_POST['mediaid'])) ? $_FILES['qqfile']['name'] : $_POST['mediaid']); - } elseif (isset($_GET['qqfile'])) { - $id = $_GET['qqfile']; + $id = $INPUT->post->str('mediaid', $_FILES['qqfile']['name']); + } elseif ($INPUT->get->has('qqfile')) { + $id = $INPUT->get->str('qqfile'); } $id = cleanID($id); - $NS = $_REQUEST['ns']; + $NS = $INPUT->str('ns'); $ns = $NS.':'.getNS($id); $AUTH = auth_quickaclcheck("$ns:*"); @@ -264,7 +266,7 @@ function ajax_mediaupload(){ if ($_FILES['qqfile']['error']) unset($_FILES['qqfile']); if ($_FILES['qqfile']['tmp_name']) $res = media_upload($NS, $AUTH, $_FILES['qqfile']); - if (isset($_GET['qqfile'])) $res = media_upload_xhr($NS, $AUTH); + if ($INPUT->get->has('qqfile')) $res = media_upload_xhr($NS, $AUTH); if ($res) $result = array('success' => true, 'link' => media_managerURL(array('ns' => $ns, 'image' => $NS.':'.$id), '&'), diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php index 64d6ff3ca..1197892f2 100644 --- a/lib/plugins/acl/admin.php +++ b/lib/plugins/acl/admin.php @@ -56,22 +56,23 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin { global $ID; global $auth; global $config_cascade; + global $INPUT; // fresh 1:1 copy without replacements $AUTH_ACL = file($config_cascade['acl']['default']); // namespace given? - if($_REQUEST['ns'] == '*'){ + if($INPUT->str('ns') == '*'){ $this->ns = '*'; }else{ - $this->ns = cleanID($_REQUEST['ns']); + $this->ns = cleanID($INPUT->str('ns')); } - if ($_REQUEST['current_ns']) { - $this->current_item = array('id' => cleanID($_REQUEST['current_ns']), 'type' => 'd'); - } elseif ($_REQUEST['current_id']) { - $this->current_item = array('id' => cleanID($_REQUEST['current_id']), 'type' => 'f'); + if ($INPUT->str('current_ns')) { + $this->current_item = array('id' => cleanID($INPUT->str('current_ns')), 'type' => 'd'); + } elseif ($INPUT->str('current_id')) { + $this->current_item = array('id' => cleanID($INPUT->str('current_id')), 'type' => 'f'); } elseif ($this->ns) { $this->current_item = array('id' => $this->ns, 'type' => 'd'); } else { @@ -79,24 +80,25 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin { } // user or group choosen? - $who = trim($_REQUEST['acl_w']); - if($_REQUEST['acl_t'] == '__g__' && $who){ + $who = trim($INPUT->str('acl_w')); + if($INPUT->str('acl_t') == '__g__' && $who){ $this->who = '@'.ltrim($auth->cleanGroup($who),'@'); - }elseif($_REQUEST['acl_t'] == '__u__' && $who){ + }elseif($INPUT->str('acl_t') == '__u__' && $who){ $this->who = ltrim($who,'@'); if($this->who != '%USER%' && $this->who != '%GROUP%'){ #keep wildcard as is $this->who = $auth->cleanUser($this->who); } - }elseif($_REQUEST['acl_t'] && - $_REQUEST['acl_t'] != '__u__' && - $_REQUEST['acl_t'] != '__g__'){ - $this->who = $_REQUEST['acl_t']; + }elseif($INPUT->str('acl_t') && + $INPUT->str('acl_t') != '__u__' && + $INPUT->str('acl_t') != '__g__'){ + $this->who = $INPUT->str('acl_t'); }elseif($who){ $this->who = $who; } // handle modifications - if(isset($_REQUEST['cmd']) && checkSecurityToken()){ + if($INPUT->has('cmd') && checkSecurityToken()){ + $cmd = $INPUT->extract('cmd')->str('cmd'); // scope for modifications if($this->ns){ @@ -109,19 +111,21 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin { $scope = $ID; } - if(isset($_REQUEST['cmd']['save']) && $scope && $this->who && isset($_REQUEST['acl'])){ + if($cmd == 'save' && $scope && $this->who && $INPUT->has('acl')){ // handle additions or single modifications $this->_acl_del($scope, $this->who); - $this->_acl_add($scope, $this->who, (int) $_REQUEST['acl']); - }elseif(isset($_REQUEST['cmd']['del']) && $scope && $this->who){ + $this->_acl_add($scope, $this->who, $INPUT->int('acl')); + }elseif($cmd == 'del' && $scope && $this->who){ // handle single deletions $this->_acl_del($scope, $this->who); - }elseif(isset($_REQUEST['cmd']['update'])){ + }elseif($cmd == 'update'){ + $acl = $INPUT->arr('acl'); + // handle update of the whole file - foreach((array) $_REQUEST['del'] as $where => $names){ + foreach($INPUT->arr('del') as $where => $names){ // remove all rules marked for deletion foreach($names as $who) - unset($_REQUEST['acl'][$where][$who]); + unset($acl[$where][$who]); } // prepare lines $lines = array(); @@ -134,7 +138,7 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin { } } // re-add all rules - foreach((array) $_REQUEST['acl'] as $where => $opt){ + foreach($acl as $where => $opt){ foreach($opt as $who => $perm){ if ($who[0]=='@') { if ($who!='@ALL') { diff --git a/lib/plugins/acl/ajax.php b/lib/plugins/acl/ajax.php index 3a5d89c08..10e18af97 100644 --- a/lib/plugins/acl/ajax.php +++ b/lib/plugins/acl/ajax.php @@ -11,6 +11,10 @@ require_once(DOKU_INC.'inc/init.php'); //close session session_write_close(); +global $conf; +global $ID; +global $INPUT; + //fix for Opera XMLHttpRequests $postData = http_get_raw_post_data(); if(!count($_POST) && !empty($postData)){ @@ -22,20 +26,19 @@ if(!checkSecurityToken()) die('CRSF Attack'); $ID = getID(); +/** @var $acl admin_plugin_acl */ $acl = plugin_load('admin','acl'); $acl->handle(); -$ajax = $_REQUEST['ajax']; +$ajax = $INPUT->str('ajax'); header('Content-Type: text/html; charset=utf-8'); if($ajax == 'info'){ $acl->_html_info(); }elseif($ajax == 'tree'){ - global $conf; - global $ID; $dir = $conf['datadir']; - $ns = $_REQUEST['ns']; + $ns = $INPUT->str('ns'); if($ns == '*'){ $ns =''; } |