From 64273335d1bae12b2fe7d9664e1665d6e69d47af Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Fri, 24 Aug 2012 09:43:50 +0200
Subject: more $INPUT use FS#2577

---
 lib/plugins/acl/ajax.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'lib/plugins/acl/ajax.php')

diff --git a/lib/plugins/acl/ajax.php b/lib/plugins/acl/ajax.php
index 3a5d89c08..10e18af97 100644
--- a/lib/plugins/acl/ajax.php
+++ b/lib/plugins/acl/ajax.php
@@ -11,6 +11,10 @@ require_once(DOKU_INC.'inc/init.php');
 //close session
 session_write_close();
 
+global $conf;
+global $ID;
+global $INPUT;
+
 //fix for Opera XMLHttpRequests
 $postData = http_get_raw_post_data();
 if(!count($_POST) && !empty($postData)){
@@ -22,20 +26,19 @@ if(!checkSecurityToken()) die('CRSF Attack');
 
 $ID    = getID();
 
+/** @var $acl admin_plugin_acl */
 $acl = plugin_load('admin','acl');
 $acl->handle();
 
-$ajax = $_REQUEST['ajax'];
+$ajax = $INPUT->str('ajax');
 header('Content-Type: text/html; charset=utf-8');
 
 if($ajax == 'info'){
     $acl->_html_info();
 }elseif($ajax == 'tree'){
-    global $conf;
-    global $ID;
 
     $dir = $conf['datadir'];
-    $ns  = $_REQUEST['ns'];
+    $ns  = $INPUT->str('ns');
     if($ns == '*'){
         $ns ='';
     }
-- 
cgit v1.2.3