From 8108113c244529ec54f11271a6a15e3d1e0a048f Mon Sep 17 00:00:00 2001
From: Tom N Harris <tnharris@whoopdedo.org>
Date: Thu, 28 Jun 2012 22:15:56 -0400
Subject: Input validation for media manager

---
 lib/exe/mediamanager.php | 35 +++++++++++++++++------------------
 1 file changed, 17 insertions(+), 18 deletions(-)

(limited to 'lib/exe/mediamanager.php')

diff --git a/lib/exe/mediamanager.php b/lib/exe/mediamanager.php
index 5f09fe1f8..83166a2f4 100644
--- a/lib/exe/mediamanager.php
+++ b/lib/exe/mediamanager.php
@@ -11,24 +11,23 @@
     session_write_close();  //close session
 
     // handle passed message
-    if($_REQUEST['msg1']) msg(hsc($_REQUEST['msg1']),1);
-    if($_REQUEST['err']) msg(hsc($_REQUEST['err']),-1);
+    if($INPUT->str('msg1')) msg(hsc($INPUT->str('msg1')),1);
+    if($INPUT->str('err')) msg(hsc($INPUT->str('err')),-1);
 
 
     // get namespace to display (either direct or from deletion order)
-    if($_REQUEST['delete']){
-        $DEL = cleanID($_REQUEST['delete']);
+    if($INPUT->str('delete')){
+        $DEL = cleanID($INPUT->str('delete'));
         $IMG = $DEL;
         $NS  = getNS($DEL);
-    }elseif($_REQUEST['edit']){
-        $IMG = cleanID($_REQUEST['edit']);
+    }elseif($INPUT->str('edit')){
+        $IMG = cleanID($INPUT->str('edit'));
         $NS  = getNS($IMG);
-    }elseif($_REQUEST['img']){
-        $IMG = cleanID($_REQUEST['img']);
+    }elseif($INPUT->str('img')){
+        $IMG = cleanID($INPUT->str('img'));
         $NS  = getNS($IMG);
     }else{
-        $NS = $_REQUEST['ns'];
-        $NS = cleanID($NS);
+        $NS = cleanID($INPUT->str('ns'));
     }
 
     // check auth
@@ -76,18 +75,18 @@
     }
 
     // handle meta saving
-    if($IMG && @array_key_exists('save', $_REQUEST['do'])){
-        $JUMPTO = media_metasave($IMG,$AUTH,$_REQUEST['meta']);
+    if($IMG && @array_key_exists('save', $INPUT->arr('do'))){
+        $JUMPTO = media_metasave($IMG,$AUTH,$INPUT->arr('meta'));
     }
 
-    if($IMG && ($_REQUEST['mediado'] == 'save' || @array_key_exists('save', $_REQUEST['mediado']))) {
-        $JUMPTO = media_metasave($IMG,$AUTH,$_REQUEST['meta']);
+    if($IMG && ($INPUT->str('mediado') == 'save' || @array_key_exists('save', $INPUT->arr('mediado')))) {
+        $JUMPTO = media_metasave($IMG,$AUTH,$INPUT->arr('meta'));
     }
 
-    if ($_REQUEST['rev'] && $conf['mediarevisions']) $REV = (int) $_REQUEST['rev'];
+    if ($INPUT->int('rev') && $conf['mediarevisions']) $REV = $INPUT->int('rev');
 
-    if($_REQUEST['mediado'] == 'restore' && $conf['mediarevisions']){
-        $JUMPTO = media_restore($_REQUEST['image'], $REV, $AUTH);
+    if($INPUT->str('mediado') == 'restore' && $conf['mediarevisions']){
+        $JUMPTO = media_restore($INPUT->str('image'), $REV, $AUTH);
     }
 
     // handle deletion
@@ -101,7 +100,7 @@
             if ($res & DOKU_MEDIA_EMPTY_NS && !$fullscreen) {
                 // current namespace was removed. redirecting to root ns passing msg along
                 send_redirect(DOKU_URL.'lib/exe/mediamanager.php?msg1='.
-                        rawurlencode($msg).'&edid='.$_REQUEST['edid']);
+                        rawurlencode($msg).'&edid='.$INPUT->str('edid'));
             }
             msg($msg,1);
         } elseif ($res & DOKU_MEDIA_INUSE) {
-- 
cgit v1.2.3