From bfd0f5975e6e3578b4fa0c712e9779a0861fdc72 Mon Sep 17 00:00:00 2001
From: Tom N Harris <tnharris@whoopdedo.org>
Date: Thu, 28 Jun 2012 22:04:10 -0400
Subject: Input wrapper for exe scripts

---
 lib/exe/fetch.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'lib/exe/fetch.php')

diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php
index 143d40f22..60843460e 100644
--- a/lib/exe/fetch.php
+++ b/lib/exe/fetch.php
@@ -17,10 +17,10 @@
 
   //get input
   $MEDIA  = stripctl(getID('media',false)); // no cleaning except control chars - maybe external
-  $CACHE  = calc_cache($_REQUEST['cache']);
-  $WIDTH  = (int) $_REQUEST['w'];
-  $HEIGHT = (int) $_REQUEST['h'];
-  $REV   = (int) @$_REQUEST['rev'];
+  $CACHE  = calc_cache($INPUT->str('cache'));
+  $WIDTH  = $INPUT->int('w');
+  $HEIGHT = $INPUT->int('h');
+  $REV    = &$INPUT->ref('rev');
   //sanitize revision
   $REV = preg_replace('/[^0-9]/','',$REV);
 
-- 
cgit v1.2.3


From 3009a773c06e6e5d731c42b12ad82272f9706f03 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 28 Jul 2012 10:40:48 +0200
Subject: replaced use of basename() with utf8_basename() FS#2015

---
 lib/exe/fetch.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/exe/fetch.php')

diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php
index 60843460e..150812b55 100644
--- a/lib/exe/fetch.php
+++ b/lib/exe/fetch.php
@@ -122,9 +122,9 @@ function sendFile($file,$mime,$dl,$cache){
 
   //download or display?
   if($dl){
-    header('Content-Disposition: attachment; filename="'.basename($file).'";');
+    header('Content-Disposition: attachment; filename="'.utf8_basename($file).'";');
   }else{
-    header('Content-Disposition: inline; filename="'.basename($file).'";');
+    header('Content-Disposition: inline; filename="'.utf8_basename($file).'";');
   }
 
   //use x-sendfile header to pass the delivery to compatible webservers
-- 
cgit v1.2.3


From 5373d8473e7ebb71c7d2b85a36a511358343d1ac Mon Sep 17 00:00:00 2001
From: Hakan Sandell <sandell.hakan@gmail.com>
Date: Sat, 8 Sep 2012 15:03:03 +0200
Subject: Replacing $_REQUEST variables with $INPUT wrapper, fetch.php

---
 lib/exe/fetch.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/exe/fetch.php')

diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php
index 150812b55..e8f189256 100644
--- a/lib/exe/fetch.php
+++ b/lib/exe/fetch.php
@@ -152,12 +152,12 @@ function sendFile($file,$mime,$dl,$cache){
  * @returns array(STATUS, STATUSMESSAGE)
  */
 function checkFileStatus(&$media, &$file, $rev='') {
-  global $MIME, $EXT, $CACHE;
+  global $MIME, $EXT, $CACHE, $INPUT;
 
   //media to local file
   if(preg_match('#^(https?)://#i',$media)){
     //check hash
-    if(substr(md5(auth_cookiesalt().$media),0,6) != $_REQUEST['hash']){
+    if(substr(md5(auth_cookiesalt().$media),0,6) != $INPUT->str('hash')){
       return array( 412, 'Precondition Failed');
     }
     //handle external images
-- 
cgit v1.2.3