diff options
| author | Igor Wiedler <igor@wiedler.ch> | 2010-08-31 21:29:11 +0200 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2010-09-17 14:08:41 +0200 |
| commit | 204ee4714b2a0be1513e6a30b255477f39dac5cb (patch) | |
| tree | b00b8910d2b1da3e3f5670938f05f02eb6f3f557 | |
| parent | 456de639123ae3da6320bed6140ab69ac9925e74 (diff) | |
| download | forums-204ee4714b2a0be1513e6a30b255477f39dac5cb.tar forums-204ee4714b2a0be1513e6a30b255477f39dac5cb.tar.gz forums-204ee4714b2a0be1513e6a30b255477f39dac5cb.tar.bz2 forums-204ee4714b2a0be1513e6a30b255477f39dac5cb.tar.xz forums-204ee4714b2a0be1513e6a30b255477f39dac5cb.zip | |
[feature/request-class] Removal of direct access to some superglobals
PHPBB3-9716
| -rw-r--r-- | phpBB/includes/functions.php | 12 | ||||
| -rw-r--r-- | phpBB/ucp.php | 6 |
2 files changed, 7 insertions, 11 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 029281ee84..81e327143a 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2698,22 +2698,14 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '') { global $user, $template, $db; - global $phpEx, $phpbb_root_path; + global $phpEx, $phpbb_root_path, $request; if (isset($_POST['cancel'])) { return false; } - $confirm = false; - if (isset($_POST['confirm'])) - { - // language frontier - if ($_POST['confirm'] === $user->lang['YES']) - { - $confirm = true; - } - } + $confirm = ($user->lang['YES'] === $request->variable('confirm', '', true, phpbb_request_interface::POST)); if ($check && $confirm) { diff --git a/phpBB/ucp.php b/phpBB/ucp.php index f5a2ec9648..f26f7b048e 100644 --- a/phpBB/ucp.php +++ b/phpBB/ucp.php @@ -136,13 +136,17 @@ switch ($mode) case 'delete_cookies': + global $request; + // Delete Cookies with dynamic names (do NOT delete poll cookies) if (confirm_box(true)) { $set_time = time() - 31536000; - foreach ($_COOKIE as $cookie_name => $cookie_data) + foreach ($request->variable_names(phpbb_request_interface::COOKIE) as $cookie_name) { + $cookie_data = $request->variable($cookie_name, '', true, phpbb_request_interface::COOKIE); + // Only delete board cookies, no other ones... if (strpos($cookie_name, $config['cookie_name'] . '_') !== 0) { |