diff options
| author | Igor Wiedler <igor@wiedler.ch> | 2010-10-29 13:29:00 +0200 |
|---|---|---|
| committer | Oleg Pudeyev <oleg@bsdpower.com> | 2011-02-12 22:05:52 -0500 |
| commit | e48b850ab5dfed646e91d87f0dd9c560e7fd76cf (patch) | |
| tree | 0abcb0316933d37eb0e05b1c8b7d9bae9d9e1e40 | |
| parent | 5a95340ee89515aaddd0dd3d3b5cfc2e666d33b2 (diff) | |
| download | forums-e48b850ab5dfed646e91d87f0dd9c560e7fd76cf.tar forums-e48b850ab5dfed646e91d87f0dd9c560e7fd76cf.tar.gz forums-e48b850ab5dfed646e91d87f0dd9c560e7fd76cf.tar.bz2 forums-e48b850ab5dfed646e91d87f0dd9c560e7fd76cf.tar.xz forums-e48b850ab5dfed646e91d87f0dd9c560e7fd76cf.zip | |
[feature/system-cron] use phpbb_request instead of plain superglobals
PHPBB3-9596
| -rw-r--r-- | phpBB/cron.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/cron/task/core/prune_forum.php | 13 | ||||
| -rw-r--r-- | phpBB/includes/cron/task/parametrized.php | 12 |
3 files changed, 12 insertions, 15 deletions
diff --git a/phpBB/cron.php b/phpBB/cron.php index 2363f5b10b..d1b96b12e1 100644 --- a/phpBB/cron.php +++ b/phpBB/cron.php @@ -89,7 +89,7 @@ if ($cron_lock->lock()) { if ($task->is_parametrized()) { - $task->parse_parameters($_GET); + $task->parse_parameters($request); } if ($task->is_ready()) { diff --git a/phpBB/includes/cron/task/core/prune_forum.php b/phpBB/includes/cron/task/core/prune_forum.php index 440dc5e358..b3f63c9f6c 100644 --- a/phpBB/includes/cron/task/core/prune_forum.php +++ b/phpBB/includes/cron/task/core/prune_forum.php @@ -103,20 +103,19 @@ class phpbb_cron_task_core_prune_forum extends phpbb_cron_task_base implements p } /** - * Parses parameters found in $params, which is an array. + * Parses parameters found in $request, which is an instance of + * phpbb_request_interface. * - * $params may contain user input and is not trusted. - * - * $params is expected to have a key f whose value is id of the forum to be pruned. + * It is expected to have a key f whose value is id of the forum to be pruned. */ - public function parse_parameters($params) + public function parse_parameters(phpbb_request_interface $request) { global $db; $this->forum_data = null; - if (isset($params['f'])) + if ($request->is_set('f')) { - $forum_id = (int) $params['f']; + $forum_id = $request->variable('f', 0); $sql = 'SELECT forum_id, prune_next, enable_prune, prune_days, prune_viewed, forum_flags, prune_freq FROM ' . FORUMS_TABLE . " diff --git a/phpBB/includes/cron/task/parametrized.php b/phpBB/includes/cron/task/parametrized.php index d505cc3328..a9481250e1 100644 --- a/phpBB/includes/cron/task/parametrized.php +++ b/phpBB/includes/cron/task/parametrized.php @@ -37,13 +37,11 @@ interface phpbb_cron_task_parametrized extends phpbb_cron_task public function get_parameters(); /** - * Parses parameters found in $params, which is an array. + * Parses parameters found in $request, which is an instance of + * phpbb_request_interface. * - * $params contains user input and must not be trusted. - * In normal operation $params contains the same data that was returned by - * get_parameters method. However, a malicious user can supply arbitrary - * data in $params. - * Cron task must validate all keys and values in $params before using them. + * $request contains user input and must not be trusted. + * Cron task must validate all data before using it. */ - public function parse_parameters($params); + public function parse_parameters(phpbb_request_interface $request); }
\ No newline at end of file |