From 40e0b44409037978b0bce4b451b1569c3bc3ee19 Mon Sep 17 00:00:00 2001
From: Dominik Eckelmann <deckelmann@gmail.com>
Date: Sat, 15 Feb 2014 10:58:33 +0100
Subject: use http_sendfile correct

---
 inc/actions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'inc/actions.php')

diff --git a/inc/actions.php b/inc/actions.php
index 50cbe369f..4dbad1a32 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -697,7 +697,7 @@ function act_sitemap($act) {
 
         // Send file
         //use x-sendfile header to pass the delivery to compatible webservers
-        if (http_sendfile($sitemap)) exit;
+        http_sendfile($sitemap);
 
         readfile($sitemap);
         exit;
-- 
cgit v1.2.3


From 0e80bb5e347ff00c6f81627d8e39dafaaa923bc5 Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Wed, 5 Mar 2014 21:58:46 +0000
Subject: use empty() where array values might not be set

---
 inc/actions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'inc/actions.php')

diff --git a/inc/actions.php b/inc/actions.php
index 4dbad1a32..240dce59a 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -733,7 +733,7 @@ function act_subscription($act){
     }
 
     // any action given? if not just return and show the subscription page
-    if(!$params['action'] || !checkSecurityToken()) return $act;
+    if(empty($params['action']) || !checkSecurityToken()) return $act;
 
     // Handle POST data, may throw exception.
     trigger_event('ACTION_HANDLE_SUBSCRIBE', $params, 'subscription_handle_post');
-- 
cgit v1.2.3


From 585bf44e2b756eac2e1cfce7035ef237bc02a788 Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Thu, 6 Mar 2014 19:55:56 +0000
Subject: amend $_SERVER to $INPUT->server

---
 inc/actions.php | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

(limited to 'inc/actions.php')

diff --git a/inc/actions.php b/inc/actions.php
index 240dce59a..ef09a0dc7 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -20,6 +20,7 @@ function act_dispatch(){
     global $ID;
     global $INFO;
     global $QUERY;
+    /* @var Input $INPUT */
     global $INPUT;
     global $lang;
     global $conf;
@@ -94,7 +95,7 @@ function act_dispatch(){
 
         // user profile changes
         if (in_array($ACT, array('profile','profile_delete'))) {
-            if(!$_SERVER['REMOTE_USER']) {
+            if(!$INPUT->server->str('REMOTE_USER')) {
                 $ACT = 'login';
             } else {
                 switch ($ACT) {
@@ -190,7 +191,7 @@ function act_dispatch(){
     unset($evt);
 
     // when action 'show', the intial not 'show' and POST, do a redirect
-    if($ACT == 'show' && $preact != 'show' && strtolower($_SERVER['REQUEST_METHOD']) == 'post'){
+    if($ACT == 'show' && $preact != 'show' && strtolower($INPUT->server->str('REQUEST_METHOD')) == 'post'){
         act_redirect($ID,$preact);
     }
 
@@ -414,6 +415,8 @@ function act_revert($act){
     global $ID;
     global $REV;
     global $lang;
+    /* @var Input $INPUT */
+    global $INPUT;
     // FIXME $INFO['writable'] currently refers to the attic version
     // global $INFO;
     // if (!$INFO['writable']) {
@@ -445,7 +448,7 @@ function act_revert($act){
     session_write_close();
 
     // when done, show current page
-    $_SERVER['REQUEST_METHOD'] = 'post'; //should force a redirect
+    $INPUT->server->set('REQUEST_METHOD','post'); //should force a redirect
     $REV = '';
     return 'show';
 }
@@ -493,17 +496,20 @@ function act_redirect_execute($opts){
 function act_auth($act){
     global $ID;
     global $INFO;
+    /* @var Input $INPUT */
+    global $INPUT;
 
     //already logged in?
-    if(isset($_SERVER['REMOTE_USER']) && $act=='login'){
+    if($INPUT->server->has('REMOTE_USER') && $act=='login'){
         return 'show';
     }
 
     //handle logout
     if($act=='logout'){
         $lockedby = checklock($ID); //page still locked?
-        if($lockedby == $_SERVER['REMOTE_USER'])
+        if($lockedby == $INPUT->server->str('REMOTE_USER')){
             unlock($ID); //try to unlock
+        }
 
         // do the logout stuff
         auth_logoff();
@@ -719,10 +725,11 @@ function act_subscription($act){
     global $lang;
     global $INFO;
     global $ID;
+    /* @var Input $INPUT */
     global $INPUT;
 
     // subcriptions work for logged in users only
-    if(!$_SERVER['REMOTE_USER']) return 'show';
+    if(!$INPUT->server->str('REMOTE_USER')) return 'show';
 
     // get and preprocess data.
     $params = array();
@@ -745,9 +752,9 @@ function act_subscription($act){
     // Perform action.
     $sub = new Subscription();
     if($action == 'unsubscribe'){
-        $ok = $sub->remove($target, $_SERVER['REMOTE_USER'], $style);
+        $ok = $sub->remove($target, $INPUT->server->str('REMOTE_USER'), $style);
     }else{
-        $ok = $sub->add($target, $_SERVER['REMOTE_USER'], $style);
+        $ok = $sub->add($target, $INPUT->server->str('REMOTE_USER'), $style);
     }
 
     if($ok) {
@@ -776,6 +783,8 @@ function act_subscription($act){
 function subscription_handle_post(&$params) {
     global $INFO;
     global $lang;
+    /* @var Input $INPUT */
+    global $INPUT;
 
     // Get and validate parameters.
     if (!isset($params['target'])) {
@@ -806,7 +815,7 @@ function subscription_handle_post(&$params) {
         }
         if ($is === false) {
             throw new Exception(sprintf($lang['subscr_not_subscribed'],
-                                        $_SERVER['REMOTE_USER'],
+                                        $INPUT->server->str('REMOTE_USER'),
                                         prettyprint_id($target)));
         }
         // subscription_set deletes a subscription if style = null.
-- 
cgit v1.2.3