diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2010-12-16 02:22:17 +0100 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2010-12-16 02:22:17 +0100 |
| commit | 442fc61be77787c211650f21b2fb485f5e6ffcf0 (patch) | |
| tree | 804ce33f487ab3f9d1ed19db203a91522d4dd184 /phpBB | |
| parent | 8b9b1f118726e9fb088737129a02e9959ac1adc4 (diff) | |
| parent | b08e0d17728f8733a403834a8ffa85b01c16d805 (diff) | |
| download | forums-442fc61be77787c211650f21b2fb485f5e6ffcf0.tar forums-442fc61be77787c211650f21b2fb485f5e6ffcf0.tar.gz forums-442fc61be77787c211650f21b2fb485f5e6ffcf0.tar.bz2 forums-442fc61be77787c211650f21b2fb485f5e6ffcf0.tar.xz forums-442fc61be77787c211650f21b2fb485f5e6ffcf0.zip | |
Merge branch 'feature/igorw/request-class' into develop
* feature/igorw/request-class:
[feature/request-class] Convert some remaining cookies
[feature/request-class] Adjust misleading comment
[feature/request-class] Remove direct access to _REQUEST in acp_search
[feature/request-class] Special case of direct access to _REQUEST
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/adm/style/acp_search.html | 6 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_search.php | 10 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_db.php | 16 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 19 | ||||
| -rw-r--r-- | phpBB/includes/functions_display.php | 3 | ||||
| -rw-r--r-- | phpBB/includes/session.php | 3 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_main.php | 2 | ||||
| -rw-r--r-- | phpBB/search.php | 2 | ||||
| -rw-r--r-- | phpBB/viewtopic.php | 4 |
9 files changed, 37 insertions, 28 deletions
diff --git a/phpBB/adm/style/acp_search.html b/phpBB/adm/style/acp_search.html index 5fd7a23d97..baadb70855 100644 --- a/phpBB/adm/style/acp_search.html +++ b/phpBB/adm/style/acp_search.html @@ -139,9 +139,11 @@ <p class="quick"> <!-- IF backend.S_INDEXED --> - <input class="button2" type="submit" name="action[delete]" value="{L_DELETE_INDEX}" onclick="popup_progress_bar('delete');" /> + <input type="hidden" name="action" value="delete" /> + <input class="button2" type="submit" value="{L_DELETE_INDEX}" onclick="popup_progress_bar('delete');" /> <!-- ELSE --> - <input class="button2" type="submit" name="action[create]" value="{L_CREATE_INDEX}" onclick="popup_progress_bar('create');" /> + <input type="hidden" name="action" value="create" /> + <input class="button2" type="submit" value="{L_CREATE_INDEX}" onclick="popup_progress_bar('create');" /> <!-- ENDIF --> </p> {S_FORM_TOKEN} diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php index 3a1d3da279..27e636ddcc 100644 --- a/phpBB/includes/acp/acp_search.php +++ b/phpBB/includes/acp/acp_search.php @@ -232,15 +232,7 @@ class acp_search global $db, $user, $auth, $template, $cache; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; - if (isset($_REQUEST['action']) && is_array($_REQUEST['action'])) - { - $action = request_var('action', array('' => false)); - $action = key($action); - } - else - { - $action = request_var('action', ''); - } + $action = request_var('action', ''); $this->state = explode(',', $config['search_indexing_state']); if (isset($_POST['cancel'])) diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 910eb10bdb..6304d6e49a 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -27,6 +27,7 @@ if (!defined('IN_PHPBB')) function login_db(&$username, &$password) { global $db, $config; + global $request; // do not allow empty password if (!$password) @@ -96,12 +97,23 @@ function login_db(&$username, &$password) // If the password convert flag is set we need to convert it if ($row['user_pass_convert']) { + // enable super globals to get literal value + // this is needed to prevent unicode normalization + $super_globals_disabled = $request->super_globals_disabled(); + if ($super_globals_disabled) + { + $request->enable_super_globals(); + } + // in phpBB2 passwords were used exactly as they were sent, with addslashes applied $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; - $password_new_format = ''; + $password_new_format = $request->variable('password', '', true); - set_var($password_new_format, stripslashes($password_old_format), 'string'); + if ($super_globals_disabled) + { + $request->disable_super_globals(); + } if ($password == $password_new_format) { diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index a02cc52cba..32fff0d715 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1148,6 +1148,7 @@ function tz_select($default = '', $truncate = false) function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $user_id = 0) { global $db, $user, $config; + global $request; if ($mode == 'all') { @@ -1162,7 +1163,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } else if ($config['load_anon_lastread'] || $user->data['is_registered']) { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); unset($tracking_topics['tf']); @@ -1171,7 +1172,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ $tracking_topics['l'] = base_convert(time() - $config['board_startdate'], 10, 36); $user->set_cookie('track', tracking_serialize($tracking_topics), time() + 31536000); - $_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking_topics)) : tracking_serialize($tracking_topics); + $request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking_topics), phpbb_request_interface::COOKIE); unset($tracking_topics); @@ -1241,7 +1242,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } else if ($config['load_anon_lastread'] || $user->data['is_registered']) { - $tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking = ($tracking) ? tracking_unserialize($tracking) : array(); foreach ($forum_id as $f_id) @@ -1272,7 +1273,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } $user->set_cookie('track', tracking_serialize($tracking), time() + 31536000); - $_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking); + $request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), phpbb_request_interface::COOKIE); unset($tracking); } @@ -1313,7 +1314,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } else if ($config['load_anon_lastread'] || $user->data['is_registered']) { - $tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking = ($tracking) ? tracking_unserialize($tracking) : array(); $topic_id36 = base_convert($topic_id, 10, 36); @@ -1328,7 +1329,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ // If the cookie grows larger than 10000 characters we will remove the smallest value // This can result in old topics being unread - but most of the time it should be accurate... - if (isset($_COOKIE[$config['cookie_name'] . '_track']) && strlen($_COOKIE[$config['cookie_name'] . '_track']) > 10000) + if (strlen($request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE)) > 10000) { //echo 'Cookie grown too large' . print_r($tracking, true); @@ -1368,7 +1369,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } $user->set_cookie('track', tracking_serialize($tracking), time() + 31536000); - $_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking); + $request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), phpbb_request_interface::COOKIE); } return; @@ -1550,7 +1551,7 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis if (!isset($tracking_topics) || !sizeof($tracking_topics)) { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); } @@ -1760,7 +1761,7 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti } else if ($config['load_anon_lastread'] || $user->data['is_registered']) { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); if (!$user->data['is_registered']) diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 98f1fdef13..71aee5d8e3 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -23,6 +23,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod { global $db, $auth, $user, $template; global $phpbb_root_path, $phpEx, $config; + global $request; $forum_rows = $subforums = $forum_ids = $forum_ids_moderator = $forum_moderators = $active_forum_ary = array(); $parent_id = $visible_forums = 0; @@ -69,7 +70,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod } else if ($config['load_anon_lastread'] || $user->data['is_registered']) { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); if (!$user->data['is_registered']) diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 73e0803d5d..d2f76868c1 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -206,6 +206,7 @@ class session function session_begin($update_session_page = true) { global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path; + global $request; // Give us some basic information $this->time_now = time(); @@ -241,7 +242,7 @@ class session $this->forwarded_for = ''; } - if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u'])) + if ($request->is_set($config['cookie_name'] . '_sid', phpbb_request_interface::COOKIE) || $request->is_set($config['cookie_name'] . '_u', phpbb_request_interface::COOKIE)) { $this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true); $this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true); diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index 64bed60248..d5bdb731ac 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -288,7 +288,7 @@ class ucp_main } else { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); } diff --git a/phpBB/search.php b/phpBB/search.php index 48fd12273b..b7cea03057 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -652,7 +652,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) if ($config['load_anon_lastread'] || ($user->data['is_registered'] && !$config['load_db_lastread'])) { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); } diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 2c719b45d4..2673418eab 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -701,9 +701,9 @@ if (!empty($topic_data['poll_start'])) // Cookie based guest tracking ... I don't like this but hum ho // it's oft requested. This relies on "nice" users who don't feel // the need to delete cookies to mess with results. - if (isset($_COOKIE[$config['cookie_name'] . '_poll_' . $topic_id])) + if ($request->is_set($config['cookie_name'] . '_poll_' . $topic_id, phpbb_request_interface::COOKIE)) { - $cur_voted_id = explode(',', $_COOKIE[$config['cookie_name'] . '_poll_' . $topic_id]); + $cur_voted_id = explode(',', $request->variable($config['cookie_name'] . '_poll_' . $topic_id, '', true, phpbb_request_interface::COOKIE)); $cur_voted_id = array_map('intval', $cur_voted_id); } } |