diff options
73 files changed, 369 insertions, 347 deletions
diff --git a/phpBB/adm/index.php b/phpBB/adm/index.php index 1a699bfac4..89eda2b602 100644 --- a/phpBB/adm/index.php +++ b/phpBB/adm/index.php @@ -175,7 +175,7 @@ function adm_page_footer($copyright_html = true) $mtime = explode(' ', microtime()); $totaltime = $mtime[0] + $mtime[1] - $starttime; - if (!empty($_REQUEST['explain']) && $auth->acl_get('a_') && defined('DEBUG_EXTRA') && method_exists($db, 'sql_report')) + if (request::variable('explain', false) && $auth->acl_get('a_') && defined('DEBUG_EXTRA') && method_exists($db, 'sql_report')) { $db->sql_report('display'); } diff --git a/phpBB/common.php b/phpBB/common.php index 97c02d4a23..882e782ebb 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -200,6 +200,9 @@ require(PHPBB_ROOT_PATH . 'includes/utf/utf_tools.' . PHP_EXT); // Set PHP error handler to ours set_error_handler(defined('PHPBB_MSG_HANDLER') ? PHPBB_MSG_HANDLER : 'msg_handler'); +// enforce the use of the request class +request::disable_super_globals(); + // Instantiate some basic classes $user = new user(); $auth = new auth(); diff --git a/phpBB/docs/coding-guidelines.html b/phpBB/docs/coding-guidelines.html index 310bf2ddb4..918cf96c98 100644 --- a/phpBB/docs/coding-guidelines.html +++ b/phpBB/docs/coding-guidelines.html @@ -875,7 +875,7 @@ $submit = (isset($HTTP_POST_VARS['submit'])) ? true : false; <p class="good">// Use request var and define a default variable (use the correct type)</p> <div class="codebox"><pre> $start = request_var('start', 0); -$submit = (isset($_POST['submit'])) ? true : false; +$submit = request::is_set_post('submit'); </pre></div> <p class="bad">// $start is an int, the following use of request_var therefore is not allowed</p> diff --git a/phpBB/download/file.php b/phpBB/download/file.php index d4bcb1f3b0..d1f6316551 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -30,13 +30,13 @@ else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT' exit; } -if (isset($_GET['avatar'])) +if (request::is_set('avatar', request::GET)) { // worst-case default $browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0'; $config = cache::obtain_config(); - $filename = $_GET['avatar']; + $filename = request::variable('avatar', '', false, request::GET); $avatar_group = false; $exit = false; diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 7b866e3c36..c4642f9dad 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -31,7 +31,7 @@ class acp_attachments $user->add_lang(array('posting', 'viewtopic', 'acp/attachments')); $error = $notify = array(); - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); $action = request_var('action', ''); $form_key = 'acp_attach'; @@ -128,7 +128,7 @@ class acp_attachments ); $this->new_config = $config; - $cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => '')) : $this->new_config; + $cfg_array = (request::is_set('config')) ? request_var('config', array('' => '')) : $this->new_config; $error = array(); // We validate the complete config if whished @@ -297,7 +297,7 @@ class acp_attachments case 'extensions': - if ($submit || isset($_POST['add_extension_check'])) + if ($submit || request::is_set_post('add_extension_check')) { if ($submit) { @@ -361,7 +361,7 @@ class acp_attachments // Add Extension? $add_extension = strtolower(request_var('add_extension', '')); $add_extension_group = request_var('add_group_select', 0); - $add = (isset($_POST['add_extension_check'])) ? true : false; + $add = request::is_set_post('add_extension_check'); if ($add_extension && $add) { @@ -402,7 +402,7 @@ class acp_attachments $template->assign_vars(array( 'S_EXTENSIONS' => true, 'ADD_EXTENSION' => (isset($add_extension)) ? $add_extension : '', - 'GROUP_SELECT_OPTIONS' => (isset($_POST['add_extension_check'])) ? $this->group_select('add_group_select', $add_extension_group, 'extension_group') : $this->group_select('add_group_select', false, 'extension_group')) + 'GROUP_SELECT_OPTIONS' => (request::is_set_post('add_extension_check')) ? $this->group_select('add_group_select', $add_extension_group, 'extension_group') : $this->group_select('add_group_select', false, 'extension_group')) ); $sql = 'SELECT * @@ -512,10 +512,10 @@ class acp_attachments $size_select = request_var('size_select', 'b'); $forum_select = request_var('forum_select', false); $allowed_forums = request_var('allowed_forums', array(0)); - $allow_in_pm = (isset($_POST['allow_in_pm'])) ? true : false; + $allow_in_pm = request::is_set_post('allow_in_pm'); $max_filesize = request_var('max_filesize', 0); $max_filesize = ($size_select == 'kb') ? round($max_filesize * 1024) : (($size_select == 'mb') ? round($max_filesize * 1048576) : $max_filesize); - $allow_group = (isset($_POST['allow_group'])) ? true : false; + $allow_group = request::is_set_post('allow_group'); if ($max_filesize == $config['max_filesize']) { @@ -593,7 +593,7 @@ class acp_attachments ); $group_id = request_var('g', 0); - $action = (isset($_POST['add'])) ? 'add' : $action; + $action = request::is_set_post('add'); switch ($action) { @@ -876,8 +876,8 @@ class acp_attachments if ($submit) { - $delete_files = (isset($_POST['delete'])) ? array_keys(request_var('delete', array('' => 0))) : array(); - $add_files = (isset($_POST['add'])) ? array_keys(request_var('add', array('' => 0))) : array(); + $delete_files = array_keys(request::variable('delete', array('' => 0), false, request::POST)); + $add_files = array_keys(request::variable('add', array('' => 0), false, request::POST)); $post_ids = request_var('post_id', array('' => 0)); if (sizeof($delete_files)) @@ -1231,14 +1231,14 @@ class acp_attachments { global $db, $user; - if (isset($_REQUEST['securesubmit'])) + if (request::is_set('securesubmit')) { // Grab the list of entries $ips = request_var('ips', ''); $ip_list = array_unique(explode("\n", $ips)); $ip_list_log = implode(', ', $ip_list); - $ip_exclude = (!empty($_POST['ipexclude'])) ? 1 : 0; + $ip_exclude = (int) request::variable('ipexclude', false, false, request::POST); $iplist = array(); $hostlist = array(); @@ -1385,7 +1385,7 @@ class acp_attachments trigger_error($user->lang['SECURE_DOWNLOAD_UPDATE_SUCCESS'] . adm_back_link($this->u_action)); } - else if (isset($_POST['unsecuresubmit'])) + else if (request::is_set_post('unsecuresubmit')) { $unip_sql = request_var('unip', array(0)); diff --git a/phpBB/includes/acp/acp_ban.php b/phpBB/includes/acp/acp_ban.php index f00c1a7fb4..8456c957a2 100644 --- a/phpBB/includes/acp/acp_ban.php +++ b/phpBB/includes/acp/acp_ban.php @@ -29,8 +29,8 @@ class acp_ban include(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT); - $bansubmit = (isset($_POST['bansubmit'])) ? true : false; - $unbansubmit = (isset($_POST['unbansubmit'])) ? true : false; + $bansubmit = request::is_set_post('bansubmit'); + $unbansubmit = request::is_set_post('unbansubmit'); $current_time = time(); $user->add_lang(array('acp/ban', 'acp/users')); diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index b2961dfb2b..46ad90e546 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -32,7 +32,7 @@ class acp_board $user->add_lang('acp/board'); $action = request_var('action', ''); - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); $form_key = 'acp_board'; add_form_key($form_key); @@ -371,7 +371,7 @@ class acp_board } $this->new_config = $config; - $cfg_array = (isset($_REQUEST['config'])) ? utf8_normalize_nfc(request_var('config', array('' => ''), true)) : $this->new_config; + $cfg_array = (request::is_set('config')) ? utf8_normalize_nfc(request_var('config', array('' => ''), true)) : $this->new_config; $error = array(); // We validate the complete config if whished diff --git a/phpBB/includes/acp/acp_bots.php b/phpBB/includes/acp/acp_bots.php index 672fb39c1d..327b31968d 100644 --- a/phpBB/includes/acp/acp_bots.php +++ b/phpBB/includes/acp/acp_bots.php @@ -28,11 +28,11 @@ class acp_bots global $config, $db, $user, $auth, $template, $cache; $action = request_var('action', ''); - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); $mark = request_var('mark', array(0)); $bot_id = request_var('id', 0); - if (isset($_POST['add'])) + if (request::is_set_post('add')) { $action = 'add'; } diff --git a/phpBB/includes/acp/acp_captcha.php b/phpBB/includes/acp/acp_captcha.php index f90699b2a8..dbc18e59bc 100644 --- a/phpBB/includes/acp/acp_captcha.php +++ b/phpBB/includes/acp/acp_captcha.php @@ -36,7 +36,7 @@ class acp_captcha $configure = request_var('configure', false); // Oh, they are just here for the view - if (isset($_GET['captcha_demo'])) + if (request::is_set('captcha_demo', request::GET)) { $this->deliver_demo($selected); } @@ -109,7 +109,7 @@ class acp_captcha foreach ($config_vars as $config_var => $template_var) { - $template->assign_var($template_var, (isset($_REQUEST[$config_var])) ? request_var($config_var, '') : $config[$config_var]) ; + $template->assign_var($template_var, request_var($config_var, $config[$config_var])) ; } $template->assign_vars(array( diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index c7c794dfba..b8115f5ed1 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -33,7 +33,7 @@ class acp_database $this->page_title = 'ACP_DATABASE'; $action = request_var('action', ''); - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); $template->assign_vars(array( 'MODE' => $mode diff --git a/phpBB/includes/acp/acp_disallow.php b/phpBB/includes/acp/acp_disallow.php index abcb964906..ec124b043f 100644 --- a/phpBB/includes/acp/acp_disallow.php +++ b/phpBB/includes/acp/acp_disallow.php @@ -38,8 +38,8 @@ class acp_disallow $form_key = 'acp_disallow'; add_form_key($form_key); - $disallow = (isset($_POST['disallow'])) ? true : false; - $allow = (isset($_POST['allow'])) ? true : false; + $disallow = request::is_set_post('disallow'); + $allow = request::is_set_post('allow'); if (($allow || $disallow) && !check_form_key($form_key)) { diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index b8672a1c03..1e39049eca 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -35,7 +35,7 @@ class acp_email add_form_key($form_key); // Set some vars - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); $error = array(); $usernames = request_var('usernames', '', true); @@ -48,7 +48,7 @@ class acp_email { // Error checking needs to go here ... if no subject and/or no message then skip // over the send and return to the form - $use_queue = (isset($_POST['send_immediately'])) ? false : true; + $use_queue = request::is_set_post('send_immediately'); $priority = request_var('mail_priority_flag', MAIL_NORMAL_PRIORITY); if (!check_form_key($form_key)) diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index da32a66fa7..37453f2f34 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -36,7 +36,7 @@ class acp_forums add_form_key($form_key); $action = request_var('action', ''); - $update = (isset($_POST['update'])) ? true : false; + $update = request::is_set_post('update'); $forum_id = request_var('f', 0); $this->parent_id = request_var('parent_id', 0); diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index cae2c30433..654fd62553 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -37,14 +37,14 @@ class acp_groups include(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT); // Check and set some common vars - $action = (isset($_POST['add'])) ? 'add' : ((isset($_POST['addusers'])) ? 'addusers' : request_var('action', '')); + $action = (request::is_set_post('add')) ? 'add' : ((request::is_set_post('addusers')) ? 'addusers' : request_var('action', '')); $group_id = request_var('g', 0); $mark_ary = request_var('mark', array(0)); $name_ary = request_var('usernames', '', true); $leader = request_var('leader', 0); $default = request_var('default', 0); $start = request_var('start', 0); - $update = (isset($_POST['update'])) ? true : false; + $update = request::is_set_post('update'); // Clear some vars @@ -303,8 +303,8 @@ class acp_groups $submit_ary = array( 'colour' => request_var('group_colour', ''), 'rank' => request_var('group_rank', 0), - 'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0, - 'legend' => isset($_REQUEST['group_legend']) ? 1 : 0, + 'receive_pm' => request::is_set('group_receive_pm') ? 1 : 0, + 'legend' => request::is_set('group_legend') ? 1 : 0, 'message_limit' => request_var('group_message_limit', 0), 'max_recipients' => request_var('group_max_recipients', 0), 'founder_manage' => 0, @@ -312,7 +312,7 @@ class acp_groups if ($user->data['user_type'] == USER_FOUNDER) { - $submit_ary['founder_manage'] = isset($_REQUEST['group_founder_manage']) ? 1 : 0; + $submit_ary['founder_manage'] = request::is_set('group_founder_manage') ? 1 : 0; } if (!empty($_FILES['uploadfile']['tmp_name']) || $data['uploadurl'] || $data['remotelink']) @@ -519,7 +519,7 @@ class acp_groups $avatar_img = (!empty($group_row['group_avatar'])) ? get_user_avatar($group_row['group_avatar'], $group_row['group_avatar_type'], $group_row['group_avatar_width'], $group_row['group_avatar_height'], 'GROUP_AVATAR') : '<img src="' . PHPBB_ADMIN_PATH . 'images/no_avatar.gif" alt="" />'; - $display_gallery = (isset($_POST['display_gallery'])) ? true : false; + $display_gallery = request::is_set_post('display_gallery'); if ($config['allow_avatar_local'] && $display_gallery) { diff --git a/phpBB/includes/acp/acp_icons.php b/phpBB/includes/acp/acp_icons.php index aa7429dc96..6d2c8ad6f1 100644 --- a/phpBB/includes/acp/acp_icons.php +++ b/phpBB/includes/acp/acp_icons.php @@ -32,9 +32,9 @@ class acp_icons // Set up general vars $action = request_var('action', ''); - $action = (isset($_POST['add'])) ? 'add' : $action; - $action = (isset($_POST['edit'])) ? 'edit' : $action; - $action = (isset($_POST['import'])) ? 'import' : $action; + $action = (request::is_set_post('add')) ? 'add' : $action; + $action = (request::is_set_post('edit')) ? 'edit' : $action; + $action = (request::is_set_post('import')) ? 'import' : $action; $icon_id = request_var('id', 0); $mode = ($mode == 'smilies') ? 'smilies' : 'icons'; @@ -309,20 +309,20 @@ class acp_icons case 'modify': // Get items to create/modify - $images = (isset($_POST['image'])) ? array_keys(request_var('image', array('' => 0))) : array(); + $images = array_keys(request::variable('image', array('' => 0), false, request::POST)); // Now really get the items - $image_id = (isset($_POST['id'])) ? request_var('id', array('' => 0)) : array(); - $image_order = (isset($_POST['order'])) ? request_var('order', array('' => 0)) : array(); - $image_width = (isset($_POST['width'])) ? request_var('width', array('' => 0)) : array(); - $image_height = (isset($_POST['height'])) ? request_var('height', array('' => 0)) : array(); - $image_add = (isset($_POST['add_img'])) ? request_var('add_img', array('' => 0)) : array(); - $image_emotion = utf8_normalize_nfc(request_var('emotion', array('' => ''), true)); - $image_code = utf8_normalize_nfc(request_var('code', array('' => ''), true)); - $image_display_on_posting = (isset($_POST['display_on_posting'])) ? request_var('display_on_posting', array('' => 0)) : array(); + $image_id = request::variable('id', array('' => 0), false, request::POST); + $image_order = request::variable('order', array('' => 0), false, request::POST); + $image_width = request::variable('width', array('' => 0), false, request::POST); + $image_height = request::variable('height', array('' => 0), false, request::POST); + $image_add = request::variable('add_img', array('' => 0), false, request::POST); + $image_display_on_posting = request::variable('display_on_posting', array('' => 0), false, request::POST); + $image_emotion = utf8_normalize_nfc(request_var('emotion', array('' => ''), true)); + $image_code = utf8_normalize_nfc(request_var('code', array('' => ''), true)); // Ok, add the relevant bits if we are adding new codes to existing emoticons... - if (!empty($_POST['add_additional_code'])) + if (request::variable('add_additional_code', false, false, request::POST)) { $add_image = request_var('add_image', ''); $add_code = utf8_normalize_nfc(request_var('add_code', '', true)); @@ -338,7 +338,7 @@ class acp_icons $image_width[$add_image] = request_var('add_width', 0); $image_height[$add_image] = request_var('add_height', 0); - if (!empty($_POST['add_display_on_posting'])) + if (request::variable('add_display_on_posting', false, false, request::POST)) { $image_display_on_posting[$add_image] = 1; } diff --git a/phpBB/includes/acp/acp_inactive.php b/phpBB/includes/acp/acp_inactive.php index 1a1ff3ecf7..52c7de217f 100644 --- a/phpBB/includes/acp/acp_inactive.php +++ b/phpBB/includes/acp/acp_inactive.php @@ -38,9 +38,9 @@ class acp_inactive $user->add_lang('memberlist'); $action = request_var('action', ''); - $mark = (isset($_REQUEST['mark'])) ? request_var('mark', array(0)) : array(); + $mark = request_var('mark', array(0)); $start = request_var('start', 0); - $submit = isset($_POST['submit']); + $submit = request::is_set_post('submit'); // Sort keys $sort_days = request_var('st', 0); diff --git a/phpBB/includes/acp/acp_jabber.php b/phpBB/includes/acp/acp_jabber.php index 8f51c84ea2..48ad5c5986 100644 --- a/phpBB/includes/acp/acp_jabber.php +++ b/phpBB/includes/acp/acp_jabber.php @@ -33,7 +33,7 @@ class acp_jabber include_once(PHPBB_ROOT_PATH . 'includes/functions_jabber.' . PHP_EXT); $action = request_var('action', ''); - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); if ($mode != 'settings') { diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index 66f201dbed..28de0452d0 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -34,30 +34,40 @@ class acp_language global $config, $db, $user, $auth, $template, $cache; global $safe_mode, $file_uploads; + /** + * @todo make this work with the request class, might require some additional functionality + * inside the request class. Reducing some of the redundance of this code would certainly + * not hurt either. + */ + request::enable_super_globals(); + include_once(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT); $this->default_variables(); // Check and set some common vars - $action = (isset($_POST['update_details'])) ? 'update_details' : ''; - $action = (isset($_POST['download_file'])) ? 'download_file' : $action; - $action = (isset($_POST['upload_file'])) ? 'upload_file' : $action; - $action = (isset($_POST['upload_data'])) ? 'upload_data' : $action; - $action = (isset($_POST['submit_file'])) ? 'submit_file' : $action; - $action = (isset($_POST['remove_store'])) ? 'details' : $action; + $action = (request::is_set_post('update_details')) ? 'update_details' : ''; + $action = (request::is_set_post('download_file')) ? 'download_file' : $action; + $action = (request::is_set_post('upload_file')) ? 'upload_file' : $action; + $action = (request::is_set_post('upload_data')) ? 'upload_data' : $action; + $action = (request::is_set_post('submit_file')) ? 'submit_file' : $action; + $action = (request::is_set_post('remove_store')) ? 'details' : $action; - $submit = (empty($action) && !isset($_POST['update']) && !isset($_POST['test_connection'])) ? false : true; + $submit = (empty($action) && !request::is_set_post('update') && !request::is_set_post('test_connection')) ? false : true; $action = (empty($action)) ? request_var('action', '') : $action; $form_name = 'acp_lang'; add_form_key('acp_lang'); $lang_id = request_var('id', 0); - if (isset($_POST['missing_file'])) + if (request::is_set_post('missing_file')) { $missing_file = request_var('missing_file', array('' => 0)); - list($_REQUEST['language_file'], ) = array_keys($missing_file); + /** + * @todo Do NOT overwrite a request variable. + */ + request::overwrite('language_file', key($missing_file)); } $selected_lang_file = request_var('language_file', '|common.' . PHP_EXT); @@ -114,11 +124,12 @@ class acp_language $requested_data = call_user_func(array($method, 'data')); foreach ($requested_data as $data => $default) { + $default_value = request_var($data, ''); $template->assign_block_vars('data', array( 'DATA' => $data, 'NAME' => $user->lang[strtoupper($method . '_' . $data)], 'EXPLAIN' => $user->lang[strtoupper($method . '_' . $data) . '_EXPLAIN'], - 'DEFAULT' => (!empty($_REQUEST[$data])) ? request_var($data, '') : $default + 'DEFAULT' => (empty($default_value)) ? $default : $default_value )); } @@ -129,6 +140,9 @@ class acp_language 'method' => $method) ); + /** + * @todo Do not use $_POST here, but request::variable which needs to support more dimensions + */ $hidden_data .= build_hidden_fields(array('entry' => $_POST['entry']), true, STRIP); $template->assign_vars(array( @@ -488,7 +502,7 @@ class acp_language } } - if (isset($_POST['remove_store'])) + if (request::is_set_post('remove_store')) { $store_filename = $this->get_filename($lang_iso, $this->language_directory, $this->language_file, true, true); diff --git a/phpBB/includes/acp/acp_logs.php b/phpBB/includes/acp/acp_logs.php index 7ad0734151..204b2d4935 100644 --- a/phpBB/includes/acp/acp_logs.php +++ b/phpBB/includes/acp/acp_logs.php @@ -33,8 +33,8 @@ class acp_logs $action = request_var('action', ''); $forum_id = request_var('f', 0); $start = request_var('start', 0); - $deletemark = (!empty($_POST['delmarked'])) ? true : false; - $deleteall = (!empty($_POST['delall'])) ? true : false; + $deletemark = request::variable('delmarked', false, false, request::POST); + $deleteall = request::variable('delall', false, false, request::POST); $marked = request_var('mark', array(0)); // Sort keys diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php index 111725088b..70b3c621c8 100644 --- a/phpBB/includes/acp/acp_modules.php +++ b/phpBB/includes/acp/acp_modules.php @@ -266,7 +266,7 @@ class acp_modules $module_data['module_langname'] = utf8_normalize_nfc(request_var('module_langname', (string) $module_row['module_langname'], true)); $module_data['module_mode'] = request_var('module_mode', (string) $module_row['module_mode']); - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); if ($submit) { diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php index cdc276ad01..0ca445338b 100644 --- a/phpBB/includes/acp/acp_permission_roles.php +++ b/phpBB/includes/acp/acp_permission_roles.php @@ -37,10 +37,10 @@ class acp_permission_roles $this->tpl_name = 'acp_permission_roles'; - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); $role_id = request_var('role_id', 0); $action = request_var('action', ''); - $action = (isset($_POST['add'])) ? 'add' : $action; + $action = (request::is_set_post('add')) ? 'add' : $action; $form_name = 'acp_permissions'; add_form_key($form_name); diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php index ed7ca5e942..3512824d0c 100644 --- a/phpBB/includes/acp/acp_permissions.php +++ b/phpBB/includes/acp/acp_permissions.php @@ -59,7 +59,7 @@ class acp_permissions // Set some vars $action = request_var('action', array('' => 0)); $action = key($action); - $action = (isset($_POST['psubmit'])) ? 'apply_permissions' : $action; + $action = (request::is_set_post('psubmit')) ? 'apply_permissions' : $action; $all_forums = request_var('all_forums', 0); $subforum_id = request_var('subforum_id', 0); @@ -229,8 +229,8 @@ class acp_permissions trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING); } // All users/groups selected? - $all_users = (isset($_POST['all_users'])) ? true : false; - $all_groups = (isset($_POST['all_groups'])) ? true : false; + $all_users = request::is_set_post('all_users'); + $all_groups = request::is_set_post('all_groups'); if ($all_users || $all_groups) { @@ -257,7 +257,7 @@ class acp_permissions break; case 'apply_permissions': - if (!isset($_POST['setting'])) + if (!request::is_set_post('setting')) { trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -270,7 +270,7 @@ class acp_permissions break; case 'apply_all_permissions': - if (!isset($_POST['setting'])) + if (!request::is_set_post('setting')) { trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -376,8 +376,8 @@ class acp_permissions case 'usergroup': case 'usergroup_view': - $all_users = (isset($_POST['all_users'])) ? true : false; - $all_groups = (isset($_POST['all_groups'])) ? true : false; + $all_users = request::is_set_post('all_users'); + $all_groups = request::is_set_post('all_groups'); if ((sizeof($user_id) && !$all_users) || (sizeof($group_id) && !$all_groups)) { @@ -632,18 +632,14 @@ class acp_permissions list($ug_id, ) = each($psubmit); list($forum_id, ) = each($psubmit[$ug_id]); - if (empty($_POST['setting']) || empty($_POST['setting'][$ug_id]) || empty($_POST['setting'][$ug_id][$forum_id]) || !is_array($_POST['setting'][$ug_id][$forum_id])) + $auth_settings = request::variable('setting', array(0 => array(0 => array('' => 0))), false, request::POST); + if (!isset($auth_settings[$ug_id][$forum_id]) || !sizeof($auth_settings[$ug_id][$forum_id]))) { trigger_error('WRONG_PERMISSION_SETTING_FORMAT', E_USER_WARNING); } - // We obtain and check $_POST['setting'][$ug_id][$forum_id] directly and not using request_var() because request_var() - // currently does not support the amount of dimensions required. ;) - // $auth_settings = request_var('setting', array(0 => array(0 => array('' => 0)))); - $auth_settings = array_map('intval', $_POST['setting'][$ug_id][$forum_id]); - // Do we have a role we want to set? - $assigned_role = (isset($_POST['role'][$ug_id][$forum_id])) ? (int) $_POST['role'][$ug_id][$forum_id] : 0; + $assigned_role = request::variable(array('role', $ug_id, $forum_id), 0, false, request::POST)); // Do the admin want to set these permissions to other items too? $inherit = request_var('inherit', array(0 => array(0))); @@ -713,23 +709,21 @@ class acp_permissions trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } - $auth_settings = (isset($_POST['setting'])) ? $_POST['setting'] : array(); - $auth_roles = (isset($_POST['role'])) ? $_POST['role'] : array(); + $auth_settings = request::variable('setting', array(0 => array(0 => array('' => 0))), false, request::POST); + $auth_roles = request::variable('role', array(0 => array(0 => 0)), false, request::POST); $ug_ids = $forum_ids = array(); // We need to go through the auth settings foreach ($auth_settings as $ug_id => $forum_auth_row) { - $ug_id = (int) $ug_id; $ug_ids[] = $ug_id; foreach ($forum_auth_row as $forum_id => $auth_options) { - $forum_id = (int) $forum_id; $forum_ids[] = $forum_id; // Check role... - $assigned_role = (isset($auth_roles[$ug_id][$forum_id])) ? (int) $auth_roles[$ug_id][$forum_id] : 0; + $assigned_role = (isset($auth_roles[$ug_id][$forum_id])) ? $auth_roles[$ug_id][$forum_id] : 0; // If the auth settings differ from the assigned role, then do not set a role... if ($assigned_role) diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php index a05766f4a6..4143b70434 100644 --- a/phpBB/includes/acp/acp_profile.php +++ b/phpBB/includes/acp/acp_profile.php @@ -38,7 +38,7 @@ class acp_profile $this->tpl_name = 'acp_profile'; $this->page_title = 'ACP_CUSTOM_PROFILE_FIELDS'; - $action = (isset($_POST['create'])) ? 'create' : request_var('action', ''); + $action = (request::is_set_post('create')) ? 'create' : request_var('action', ''); $error = array(); $s_hidden_fields = ''; @@ -287,8 +287,8 @@ class acp_profile $field_id = request_var('field_id', 0); $step = request_var('step', 1); - $submit = (isset($_REQUEST['next']) || isset($_REQUEST['prev'])) ? true : false; - $save = (isset($_REQUEST['save'])) ? true : false; + $submit = (request::is_set('next') || request::is_set('prev')) ? true : false; + $save = request::is_set('save'); // The language id of default language $this->edit_lang_id = $this->lang_defs['iso'][$config['default_lang']]; @@ -399,7 +399,7 @@ class acp_profile $cp->vars['lang_default_value'] = utf8_normalize_nfc(request_var('lang_default_value', $field_row['lang_default_value'], true)); // Field option... - if (isset($_REQUEST['field_option'])) + if (request::is_set('field_option')) { $field_option = request_var('field_option', ''); @@ -463,7 +463,7 @@ class acp_profile } else if ($field_type == FIELD_TEXT && $key == 'field_length') { - if (isset($_REQUEST['rows'])) + if (request::is_set('rows')) { $cp->vars['rows'] = request_var('rows', 0); $cp->vars['columns'] = request_var('columns', 0); @@ -487,16 +487,27 @@ class acp_profile $cp->vars['field_default_value_day'] = $now['mday']; $cp->vars['field_default_value_month'] = $now['mon']; $cp->vars['field_default_value_year'] = $now['year']; - $var = $_POST['field_default_value'] = 'now'; + + $var = 'now'; + /** + * @todo Do NOT overwrite a request variable. + */ + request::overwrite('field_default_value', $var, request::REQUEST); + request::overwrite('field_default_value', $var, request::POST); } else { - if (isset($_REQUEST['field_default_value_day'])) + if (request::is_set('field_default_value_day')) { $cp->vars['field_default_value_day'] = request_var('field_default_value_day', 0); $cp->vars['field_default_value_month'] = request_var('field_default_value_month', 0); $cp->vars['field_default_value_year'] = request_var('field_default_value_year', 0); - $var = $_POST['field_default_value'] = sprintf('%2d-%2d-%4d', $cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']); + $var = sprintf('%2d-%2d-%4d', $cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']); + /** + * @todo Do NOT overwrite a request variable. + */ + request::overwrite('field_default_value', $var, request::REQUEST); + request::overwrite('field_default_value', $var, request::POST); } else { @@ -622,7 +633,7 @@ class acp_profile } } - $step = (isset($_REQUEST['next'])) ? $step + 1 : ((isset($_REQUEST['prev'])) ? $step - 1 : $step); + $step = (request::is_set('next')) ? $step + 1 : ((request::is_set('prev')) ? $step - 1 : $step); if (sizeof($error)) { @@ -642,7 +653,7 @@ class acp_profile foreach ($key_ary as $key) { - if ($field_type == FIELD_TEXT && $key == 'field_length' && isset($_REQUEST['rows'])) + if ($field_type == FIELD_TEXT && $key == 'field_length' && request::is_set('rows')) { $cp->vars['rows'] = request_var('rows', 0); $cp->vars['columns'] = request_var('columns', 0); @@ -656,21 +667,21 @@ class acp_profile { $_new_key_ary[$key] = 'now'; } - else if (isset($_REQUEST['field_default_value_day'])) + else if (request::is_set('field_default_value_day')) { $cp->vars['field_default_value_day'] = request_var('field_default_value_day', 0); $cp->vars['field_default_value_month'] = request_var('field_default_value_month', 0); $cp->vars['field_default_value_year'] = request_var('field_default_value_year', 0); - $_new_key_ary[$key] = sprintf('%2d-%2d-%4d', $cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']); + $_new_key_ary[$key] = sprintf('%2d-%2d-%4d', $cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']); } } - else if ($field_type == FIELD_BOOL && $key == 'l_lang_options' && isset($_REQUEST['l_lang_options'])) + else if ($field_type == FIELD_BOOL && $key == 'l_lang_options' && request::is_set('l_lang_options')) { $_new_key_ary[$key] = utf8_normalize_nfc(request_var($key, array(array('')), true)); } else { - if (!isset($_REQUEST[$key])) + if (!request::is_set($key)) { $var = false; } @@ -680,7 +691,11 @@ class acp_profile } else { - $_new_key_ary[$key] = (is_array($_REQUEST[$key])) ? utf8_normalize_nfc(request_var($key, array(''), true)) : utf8_normalize_nfc(request_var($key, '', true)); + $_new_key_ary[$key] = utf8_normalize_nfc(request_var($key, array(''), true)); + if (!sizeof($_new_key_ary[$key])) + { + $_new_key_ary[$key] = utf8_normalize_nfc(request_var($key, '', true)); + } } } } diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php index a1e4620377..ba49efff1a 100644 --- a/phpBB/includes/acp/acp_prune.php +++ b/phpBB/includes/acp/acp_prune.php @@ -55,7 +55,7 @@ class acp_prune $all_forums = request_var('all_forums', 0); $forum_id = request_var('f', array(0)); - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); if ($all_forums) { @@ -231,7 +231,7 @@ class acp_prune $user->add_lang('memberlist'); - $prune = (isset($_POST['prune'])) ? true : false; + $prune = request::is_set_post('prune'); if ($prune) { diff --git a/phpBB/includes/acp/acp_ranks.php b/phpBB/includes/acp/acp_ranks.php index aa827d646c..08d6cf5c8c 100644 --- a/phpBB/includes/acp/acp_ranks.php +++ b/phpBB/includes/acp/acp_ranks.php @@ -31,8 +31,8 @@ class acp_ranks // Set up general vars $action = request_var('action', ''); - $action = (isset($_POST['add'])) ? 'add' : $action; - $action = (isset($_POST['save'])) ? 'save' : $action; + $action = (request::is_set_post('add')) ? 'add' : $action; + $action = (request::is_set_post('save')) ? 'save' : $action; $rank_id = request_var('id', 0); $this->tpl_name = 'acp_ranks'; diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php index c7706402be..a8d7c1f752 100644 --- a/phpBB/includes/acp/acp_reasons.php +++ b/phpBB/includes/acp/acp_reasons.php @@ -31,7 +31,7 @@ class acp_reasons // Set up general vars $action = request_var('action', ''); - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); $reason_id = request_var('id', 0); $this->tpl_name = 'acp_reasons'; diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php index a593afc648..6f38a95bff 100644 --- a/phpBB/includes/acp/acp_search.php +++ b/phpBB/includes/acp/acp_search.php @@ -52,7 +52,7 @@ class acp_search { global $db, $user, $auth, $template, $cache, $config; - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); $search_types = $this->get_search_types(); @@ -99,7 +99,7 @@ class acp_search unset($search); unset($error); - $cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => ''), true) : array(); + $cfg_array = request_var('config', array('' => ''), true); $updated = request_var('updated', false); foreach ($settings as $config_name => $var_type) @@ -228,9 +228,9 @@ class acp_search { global $db, $user, $auth, $template, $cache, $config; - if (isset($_REQUEST['action']) && is_array($_REQUEST['action'])) + $action = request_var('action', array('' => false)); + if (sizeof($action)) { - $action = request_var('action', array('' => false)); $action = key($action); } else @@ -239,7 +239,7 @@ class acp_search } $this->state = explode(',', $config['search_indexing_state']); - if (isset($_POST['cancel'])) + if (request::is_set_post('cancel')) { $action = ''; $this->state = array(); diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index b2389da3d4..03abe01dbc 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -50,7 +50,7 @@ class acp_styles $this->page_title = 'ACP_CAT_STYLES'; $action = request_var('action', ''); - $action = (isset($_POST['add'])) ? 'add' : $action; + $action = (request::is_set_post('add')) ? 'add' : $action; $style_id = request_var('id', 0); // Fill the configuration variables @@ -646,7 +646,7 @@ parse_css_file = {PARSE_CSS_FILE} $template_data = htmlspecialchars_decode($template_data); $template_file = utf8_normalize_nfc(request_var('template_file', '', true)); $text_rows = max(5, min(999, request_var('text_rows', 20))); - $save_changes = (isset($_POST['save'])) ? true : false; + $save_changes = request::is_set_post('save'); // make sure template_file path doesn't go upwards $template_file = str_replace('..', '.', $template_file); @@ -805,7 +805,7 @@ parse_css_file = {PARSE_CSS_FILE} $source = str_replace('/', '.', request_var('source', '')); $file_ary = array_diff(request_var('delete', array('')), array('')); - $submit = isset($_POST['submit']) ? true : false; + $submit = request::is_set_post('submit'); $sql = 'SELECT * FROM ' . STYLES_TEMPLATE_TABLE . " @@ -930,7 +930,7 @@ parse_css_file = {PARSE_CSS_FILE} $theme_data = htmlspecialchars_decode($theme_data); $theme_file = utf8_normalize_nfc(request_var('template_file', '', true)); $text_rows = max(5, min(999, request_var('text_rows', 20))); - $save_changes = (isset($_POST['save'])) ? true : false; + $save_changes = request::is_set_post('save'); // make sure theme_file path doesn't go upwards $theme_file = str_replace('..', '.', $theme_file); @@ -1111,7 +1111,7 @@ parse_css_file = {PARSE_CSS_FILE} $this->page_title = 'EDIT_IMAGESET'; - $update = (isset($_POST['update'])) ? true : false; + $update = request::is_set_post('update'); $imgname = request_var('imgname', ''); $imgpath = request_var('imgpath', ''); @@ -1172,7 +1172,7 @@ parse_css_file = {PARSE_CSS_FILE} } } - if ($update && isset($_POST['imgpath'])) + if ($update && request::is_set_post('imgpath')) { if ($valid_name) { @@ -1379,7 +1379,7 @@ parse_css_file = {PARSE_CSS_FILE} global $db, $template, $user, $cache, $config; $new_id = request_var('new_id', 0); - $update = (isset($_POST['update'])) ? true : false; + $update = request::is_set_post('update'); $sql_where = ''; switch ($mode) @@ -1514,7 +1514,7 @@ parse_css_file = {PARSE_CSS_FILE} { global $db, $template, $user, $cache, $config; - $update = (isset($_POST['update'])) ? true : false; + $update = request::is_set_post('update'); $inc_template = request_var('inc_template', 0); $inc_theme = request_var('inc_theme', 0); @@ -1911,7 +1911,7 @@ parse_css_file = {PARSE_CSS_FILE} { global $template, $db, $config, $user, $safe_mode, $cache; - $update = (isset($_POST['update'])) ? true : false; + $update = request::is_set_post('update'); $l_type = strtoupper($mode); $error = array(); @@ -2269,7 +2269,7 @@ parse_css_file = {PARSE_CSS_FILE} $element_ary = array('template' => STYLES_TEMPLATE_TABLE, 'theme' => STYLES_THEME_TABLE, 'imageset' => STYLES_IMAGESET_TABLE); $install_path = request_var('path', ''); - $update = (isset($_POST['update'])) ? true : false; + $update = request::is_set_post('update'); // Installing, obtain cfg file contents if ($install_path) @@ -2432,7 +2432,7 @@ parse_css_file = {PARSE_CSS_FILE} ); $basis = request_var('basis', 0); - $update = (isset($_POST['update'])) ? true : false; + $update = request::is_set_post('update'); if ($basis) { diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index aec2a58abd..395e07751d 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -42,7 +42,7 @@ class acp_users $user_id = request_var('u', 0); $action = request_var('action', ''); - $submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false; + $submit = (request::is_set_post('update') && !request::is_set_post('cancel')) ? true : false; $form_name = 'acp_users'; add_form_key($form_name); @@ -937,8 +937,8 @@ class acp_users // Set up general vars $start = request_var('start', 0); - $deletemark = (isset($_POST['delmarked'])) ? true : false; - $deleteall = (isset($_POST['delall'])) ? true : false; + $deletemark = request::is_set_post('delmarked'); + $deleteall = request::is_set_post('delall'); $marked = request_var('mark', array(0)); $message = utf8_normalize_nfc(request_var('message', '', true)); @@ -1474,7 +1474,7 @@ class acp_users // Generate users avatar $avatar_img = ($user_row['user_avatar']) ? get_user_avatar($user_row['user_avatar'], $user_row['user_avatar_type'], $user_row['user_avatar_width'], $user_row['user_avatar_height']) : '<img src="' . PHPBB_ADMIN_PATH . 'images/no_avatar.gif" alt="" />'; - $display_gallery = (isset($_POST['display_gallery'])) ? true : false; + $display_gallery = request::is_set_post('display_gallery'); $avatar_select = basename(request_var('avatar_select', '')); $category = basename(request_var('category', '')); @@ -1551,7 +1551,7 @@ class acp_users $enable_urls = ($config['allow_sig_links']) ? ((request_var('disable_magic_url', false)) ? false : true) : false; $signature = utf8_normalize_nfc(request_var('signature', (string) $user_row['user_sig'], true)); - $preview = (isset($_POST['preview'])) ? true : false; + $preview = request::is_set_post('preview'); if ($submit || $preview) { @@ -1636,7 +1636,7 @@ class acp_users case 'attach': $start = request_var('start', 0); - $deletemark = (isset($_POST['delmarked'])) ? true : false; + $deletemark = request::is_set_post('delmarked'); $marked = request_var('mark', array(0)); // Sort keys diff --git a/phpBB/includes/acp/acp_words.php b/phpBB/includes/acp/acp_words.php index 5db6bef3e5..1b3d78acaf 100644 --- a/phpBB/includes/acp/acp_words.php +++ b/phpBB/includes/acp/acp_words.php @@ -32,7 +32,7 @@ class acp_words // Set up general vars $action = request_var('action', ''); - $action = (isset($_POST['add'])) ? 'add' : ((isset($_POST['save'])) ? 'save' : $action); + $action = (request::is_set_post('add')) ? 'add' : ((request::is_set_post('save')) ? 'save' : $action); $s_hidden_fields = ''; $word_info = array(); diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 402f22f827..2744b16c53 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -100,9 +100,15 @@ function login_db(&$username, &$password) /*if ($row['user_pass_convert']) { // in phpBB2 passwords were used exactly as they were sent, with addslashes applied + $disabled = request::super_globals_disabled(); + request::enable_super_globals(); $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; $password_new_format = ''; + if ($disabled) + { + request::disable_super_globals(); + } set_var($password_new_format, stripslashes($password_old_format), 'string'); diff --git a/phpBB/includes/captcha/plugins/phpbb_captcha_gd_plugin.php b/phpBB/includes/captcha/plugins/phpbb_captcha_gd_plugin.php index d3f8634834..906a63105a 100644 --- a/phpBB/includes/captcha/plugins/phpbb_captcha_gd_plugin.php +++ b/phpBB/includes/captcha/plugins/phpbb_captcha_gd_plugin.php @@ -87,7 +87,7 @@ class phpbb_captcha_gd extends phpbb_default_captcha implements phpbb_captcha_pl { foreach ($captcha_vars as $captcha_var => $template_var) { - $var = (isset($_REQUEST[$captcha_var])) ? request_var($captcha_var, 0) : $config[$captcha_var]; + $var = request_var($captcha_var, (int) $config[$captcha_var]); $template->assign_var($template_var, $var); } $template->assign_vars(array( diff --git a/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php b/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php index f9bd345f02..ea5069fe99 100644 --- a/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php +++ b/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php @@ -96,7 +96,7 @@ class phpbb_recaptcha extends phpbb_default_captcha implements phpbb_captcha_plu { foreach ($captcha_vars as $captcha_var => $template_var) { - $var = (isset($_REQUEST[$captcha_var])) ? request_var($captcha_var, '') : ((isset($config[$captcha_var])) ? $config[$captcha_var] : ''); + $var = request_var($captcha_var, (isset($config[$captcha_var])) ? (string) $config[$captcha_var] : ''); $template->assign_var($template_var, $var); } $template->assign_vars(array( diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index a1266b637e..f3dbae804a 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -632,7 +632,7 @@ class dbal { global $cache, $starttime, $user; - if (empty($_REQUEST['explain'])) + if (!request::variable('explain', false)) { return false; } diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 0a6194a4b5..bda91d1471 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -68,7 +68,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod } else if ($config['load_anon_lastread'] || $user->data['is_registered']) { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = request::variable($config['cookie_name'] . '_track', '', false, request::COOKIE); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); if (!$user->data['is_registered']) @@ -1044,7 +1044,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, if (!is_null($notify_status) && $notify_status !== '') { - if (isset($_GET['unwatch'])) + if (request::is_set('unwatch', request::GET)) { $uid = request_var('uid', 0); if ($uid != $user_id) @@ -1053,7 +1053,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, $message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); trigger_error($message); } - if ($_GET['unwatch'] == $mode) + if (request::variable('unwatch', '', false, request::GET) == $mode) { $is_watching = 0; @@ -1086,12 +1086,12 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, } else { - if (isset($_GET['watch'])) + if (request::is_set('watch', request::GET)) { $token = request_var('hash', ''); $redirect_url = append_sid("view$mode", "$u_url=$match_id&start=$start"); - if ($_GET['watch'] == $mode && check_link_hash($token, "{$mode}_$match_id")) + if (request::variable('watch', '', false, request::GET) == $mode && check_link_hash($token, "{$mode}_$match_id")) { $is_watching = true; @@ -1117,7 +1117,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, } else { - if (isset($_GET['unwatch']) && $_GET['unwatch'] == $mode) + if (request::variable('unwatch', '', false, request::GET) == $mode) { login_box(); } diff --git a/phpBB/includes/functions_module.php b/phpBB/includes/functions_module.php index 3d2330c965..404a5e5a09 100644 --- a/phpBB/includes/functions_module.php +++ b/phpBB/includes/functions_module.php @@ -358,7 +358,7 @@ class p_master $forum_id = ($forum_id === false) ? $this->acl_forum_id : $forum_id; $is_auth = false; - eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z0-9_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z0-9_]+)#', '#cfg_([a-z0-9_]+)#', '#request_([a-zA-Z0-9_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']', '!empty($_REQUEST[\'\\1\'])'), $module_auth) . ');'); + eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z0-9_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z0-9_]+)#', '#cfg_([a-z0-9_]+)#', '#request_([a-zA-Z0-9_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']', 'request::variable(\'\\1\', false)'), $module_auth) . ');'); return $is_auth; } diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index f5980e55a6..1362948b7e 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -870,7 +870,7 @@ function handle_mark_actions($user_id, $mark_action) $msg_ids = request_var('marked_msg_id', array(0)); $cur_folder_id = request_var('cur_folder_id', PRIVMSGS_NO_BOX); - $confirm = (isset($_POST['confirm'])) ? true : false; + $confirm = request::is_set_post('confirm'); if (!sizeof($msg_ids)) { diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php index cb53d62282..37bd730033 100644 --- a/phpBB/includes/functions_profile_fields.php +++ b/phpBB/includes/functions_profile_fields.php @@ -562,19 +562,19 @@ class custom_profile // checkbox - only testing for isset if ($profile_row['field_type'] == FIELD_BOOL && $profile_row['field_length'] == 2) { - $value = (isset($_REQUEST[$profile_row['field_ident']])) ? true : ((!isset($user->profile_fields[$user_ident]) || $preview) ? $default_value : $user->profile_fields[$user_ident]); + $value = (request::is_set($profile_row['field_ident'])) ? true : ((!isset($user->profile_fields[$user_ident]) || $preview) ? $default_value : $user->profile_fields[$user_ident]); } else if ($profile_row['field_type'] == FIELD_INT) { - if (isset($_REQUEST[$profile_row['field_ident']])) + if (request::is_set($profile_row['field_ident'])) { - $value = ($_REQUEST[$profile_row['field_ident']] === '') ? NULL : request_var($profile_row['field_ident'], $default_value); + $value = (request_var($profile_row['field_ident'], '') === '') ? null : request_var($profile_row['field_ident'], $default_value); } else { if (!$preview && isset($user->profile_fields[$user_ident]) && is_null($user->profile_fields[$user_ident])) { - $value = NULL; + $value = null; } else if (!isset($user->profile_fields[$user_ident]) || $preview) { @@ -590,7 +590,7 @@ class custom_profile } else { - $value = (isset($_REQUEST[$profile_row['field_ident']])) ? request_var($profile_row['field_ident'], $default_value, true) : ((!isset($user->profile_fields[$user_ident]) || $preview) ? $default_value : $user->profile_fields[$user_ident]); + $value = (request::is_set($profile_row['field_ident'])) ? request_var($profile_row['field_ident'], $default_value, true) : ((!isset($user->profile_fields[$user_ident]) || $preview) ? $default_value : $user->profile_fields[$user_ident]); if (gettype($value) == 'string') { @@ -633,7 +633,7 @@ class custom_profile $now = getdate(); - if (!isset($_REQUEST[$profile_row['field_ident'] . '_day'])) + if (!request::is_set($profile_row['field_ident'] . '_day')) { if ($profile_row['field_default_value'] == 'now') { @@ -845,7 +845,7 @@ class custom_profile { case FIELD_DATE: - if (!isset($_REQUEST[$var_name . '_day'])) + if (!request::is_set($var_name . '_day')) { if ($profile_row['field_default_value'] == 'now') { @@ -868,7 +868,7 @@ class custom_profile // Checkbox if ($profile_row['field_length'] == 2) { - $var = (isset($_REQUEST[$var_name])) ? 1 : 0; + $var = request::is_set($var_name) ? 1 : 0; } else { @@ -882,7 +882,7 @@ class custom_profile break; case FIELD_INT: - if (isset($_REQUEST[$var_name]) && $_REQUEST[$var_name] === '') + if (request::is_set($var_name) && request_var($var_name, '') === '') { $var = NULL; } diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index bba55b4bfe..5b398b2bc0 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -2170,7 +2170,7 @@ function avatar_process_user(&$error, $custom_userdata = false) $sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar']; } } - else if (isset($_POST['delete']) && $change_avatar) + else if (request::is_set_post('delete') && $change_avatar) { $sql_ary['user_avatar'] = ''; $sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0; diff --git a/phpBB/includes/mcp/mcp_ban.php b/phpBB/includes/mcp/mcp_ban.php index 30d015fa0a..0e4c8e6726 100644 --- a/phpBB/includes/mcp/mcp_ban.php +++ b/phpBB/includes/mcp/mcp_ban.php @@ -32,8 +32,8 @@ class mcp_ban // Include the admin banning interface... include(PHPBB_ROOT_PATH . 'includes/acp/acp_ban.' . PHP_EXT); - $bansubmit = (isset($_POST['bansubmit'])) ? true : false; - $unbansubmit = (isset($_POST['unbansubmit'])) ? true : false; + $bansubmit = request::is_set_post('bansubmit'); + $unbansubmit = request::is_set_post('unbansubmit'); $current_time = time(); $user->add_lang(array('acp/ban', 'acp/users')); diff --git a/phpBB/includes/mcp/mcp_forum.php b/phpBB/includes/mcp/mcp_forum.php index 66a2e2ad9d..ef28d5efd0 100644 --- a/phpBB/includes/mcp/mcp_forum.php +++ b/phpBB/includes/mcp/mcp_forum.php @@ -33,7 +33,10 @@ function mcp_forum_view($id, $mode, $action, $forum_info) if ($merge_select) { // Fixes a "bug" that makes forum_view use the same ordering as topic_view - unset($_POST['sk'], $_POST['sd'], $_REQUEST['sk'], $_REQUEST['sd']); + request::overwrite('sk', null, request::POST); + request::overwrite('sd', null, request::POST); + request::overwrite('sk', null, request::REQUEST); + request::overwrite('sd', null, request::REQUEST); } $forum_id = $forum_info['forum_id']; diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index 4370228fb5..217ff7c896 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -576,21 +576,15 @@ function mcp_move_topic($topic_ids) } } } - else if (isset($_POST['confirm'])) + else if (request::is_set_post('confirm')) { $additional_msg = $user->lang['FORUM_NOT_EXIST']; } - if (!$to_forum_id || $additional_msg) - { - unset($_POST['confirm']); - unset($_REQUEST['confirm_key']); - } - - if (confirm_box(true)) + if ($to_forum_id && !$additional_msg && confirm_box(true)) { $topic_data = get_topic_data($topic_ids); - $leave_shadow = (isset($_POST['move_leave_shadow'])) ? true : false; + $leave_shadow = request::is_set_post('move_leave_shadow'); $topics_moved = sizeof($topic_ids); $topics_authed_moved = 0; @@ -789,7 +783,7 @@ function mcp_delete_topic($topic_ids) confirm_box(false, (sizeof($topic_ids) == 1) ? 'DELETE_TOPIC' : 'DELETE_TOPICS', $s_hidden_fields); } - if (!isset($_REQUEST['quickmod'])) + if (!request::is_set('quickmod')) { $redirect = request_var('redirect', 'index.' . PHP_EXT); $redirect = reapply_sid($redirect); @@ -982,18 +976,12 @@ function mcp_fork_topic($topic_ids) } } } - else if (isset($_POST['confirm'])) + else if (request::is_set_post('confirm')) { $additional_msg = $user->lang['FORUM_NOT_EXIST']; } - if ($additional_msg) - { - unset($_POST['confirm']); - unset($_REQUEST['confirm_key']); - } - - if (confirm_box(true)) + if (!$additional_msg && confirm_box(true)) { $topic_data = get_topic_data($topic_ids, 'f_post'); diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index 48bcd044f5..b94c838d43 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -484,7 +484,7 @@ function approve_post($post_id_list, $id, $mode) if (confirm_box(true)) { - $notify_poster = (isset($_REQUEST['notify_poster'])) ? true : false; + $notify_poster = request::is_set('notify_poster'); // If Topic -> total_topics = total_topics+1, total_posts = total_posts+1, forum_topics = forum_topics+1, forum_posts = forum_posts+1 // If Post -> total_posts = total_posts+1, forum_posts = forum_posts+1, topic_replies = topic_replies+1 @@ -803,7 +803,7 @@ function disapprove_post($post_id_list, $id, $mode) 'redirect' => $redirect) ); - $notify_poster = (isset($_REQUEST['notify_poster'])) ? true : false; + $notify_poster = request::is_set('notify_poster'); $disapprove_reason = ''; if ($reason_id) @@ -818,7 +818,6 @@ function disapprove_post($post_id_list, $id, $mode) if (!$row || (!$reason && strtolower($row['reason_title']) == 'other')) { $additional_msg = $user->lang['NO_REASON_DISAPPROVAL']; - unset($_POST['confirm']); } else { @@ -837,7 +836,7 @@ function disapprove_post($post_id_list, $id, $mode) $post_info = get_post_data($post_id_list, 'm_approve'); - if (confirm_box(true)) + if (!$additional_message && confirm_box(true)) { // If Topic -> forum_topics_real -= 1 diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index 18aacd53a9..bd1bc4f659 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -45,7 +45,7 @@ function mcp_topic_view($id, $mode, $action) $forum_id = request_var('f', 0); $to_topic_id = request_var('to_topic_id', 0); $to_forum_id = request_var('to_forum_id', 0); - $sort = isset($_POST['sort']) ? true : false; + $sort = request::is_set_post('sort'); $submitted_id_list = request_var('post_ids', array(0)); $checked_ids = $post_id_list = request_var('post_id_list', array(0)); diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php index d91b8b690a..d989254e15 100644 --- a/phpBB/includes/mcp/mcp_warn.php +++ b/phpBB/includes/mcp/mcp_warn.php @@ -195,7 +195,7 @@ class mcp_warn $post_id = request_var('p', 0); $forum_id = request_var('f', 0); - $notify = (isset($_REQUEST['notify_user'])) ? true : false; + $notify = request::is_set('notify_user'); $warning = utf8_normalize_nfc(request_var('warning', '', true)); $sql = 'SELECT u.*, p.* @@ -337,7 +337,7 @@ class mcp_warn $user_id = request_var('u', 0); $username = request_var('username', '', true); - $notify = (isset($_REQUEST['notify_user'])) ? true : false; + $notify = request::is_set('notify_user'); $warning = utf8_normalize_nfc(request_var('warning', '', true)); $sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index abcab9c000..b272750310 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1317,8 +1317,8 @@ class parse_message extends bbcode_firstpass $this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true)); $upload_file = (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none' && trim($_FILES[$form_name]['name'])) ? true : false; - $add_file = (isset($_POST['add_file'])) ? true : false; - $delete_file = (isset($_POST['delete_file'])) ? true : false; + $add_file = request::is_set_post('add_file'); + $delete_file = request::is_set_post('delete_file'); // First of all adjust comments if changed $actual_comment_list = utf8_normalize_nfc(request_var('comment_list', array(''), true)); @@ -1500,7 +1500,7 @@ class parse_message extends bbcode_firstpass global $user, $db, $config; $this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true)); - $attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array(); + $attachment_data = request::variable('attachment_data', array(0 => array('' => '')), true, request::POST); $this->attachment_data = array(); $check_user_id = ($check_user_id === false) ? $user->data['user_id'] : $check_user_id; @@ -1536,11 +1536,11 @@ class parse_message extends bbcode_firstpass while ($row = $db->sql_fetchrow($result)) { - $pos = $not_orphan[$row['attach_id']]; + $pos = $not_orphan[(int) $row['attach_id']]; $this->attachment_data[$pos] = $row; - set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true); + $this->attachment_data[$pos]['attach_comment'] = utf8_normalize_nfc($attachment_data[$pos]['attach_comment']); - unset($not_orphan[$row['attach_id']]); + unset($not_orphan[(int) $row['attach_id']]); } $db->sql_freeresult($result); } @@ -1562,11 +1562,11 @@ class parse_message extends bbcode_firstpass while ($row = $db->sql_fetchrow($result)) { - $pos = $orphan[$row['attach_id']]; + $pos = $orphan[(int) $row['attach_id']]; $this->attachment_data[$pos] = $row; - set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true); + $this->attachment_data[$pos]['attach_comment'] = utf8_normalize_nfc($attachment_data[$pos]['attach_comment']); - unset($orphan[$row['attach_id']]); + unset($orphan[(int) $row['attach_id']]); } $db->sql_freeresult($result); } diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index abbc61cfa8..849affc40a 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -240,9 +240,10 @@ class session } // Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number - $this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : ''; + $forum = request_var('f', 0); + $this->page['page'] .= ($forum) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . $forum . 'x' : ''; - if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u'])) + if (request::is_set($config['cookie_name'] . '_sid', request::COOKIE) || request::is_set($config['cookie_name'] . '_u', request::COOKIE)) { $this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true); $this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true); @@ -287,7 +288,7 @@ class session } // Is session_id is set or session_id is set and matches the url param if required - if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid']))) + if (!empty($this->session_id) && (!defined('NEED_SID') || $this->session_id === request::variable('sid', '', false, request::GET))) { $sql = 'SELECT u.*, s.* FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u @@ -1496,7 +1497,7 @@ class user extends session $this->add_lang($lang_set); unset($lang_set); - if (!empty($_GET['style']) && $auth->acl_get('a_styles')) + if (request::variable('style', false, false, request::GET) && $auth->acl_get('a_styles')) { global $SID, $_EXTRA_URL; diff --git a/phpBB/includes/ucp/ucp_attachments.php b/phpBB/includes/ucp/ucp_attachments.php index f70c772d9b..39fbe84ae1 100644 --- a/phpBB/includes/ucp/ucp_attachments.php +++ b/phpBB/includes/ucp/ucp_attachments.php @@ -33,8 +33,8 @@ class ucp_attachments $sort_key = request_var('sk', 'a'); $sort_dir = request_var('sd', 'a'); - $delete = (isset($_POST['delete'])) ? true : false; - $confirm = (isset($_POST['confirm'])) ? true : false; + $delete = request::is_set_post('delete'); + $confirm = request::is_set_post('confirm'); $delete_ids = array_keys(request_var('attachment', array(0))); if ($delete && sizeof($delete_ids)) diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 1f6f70026f..0242df2fd3 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -33,8 +33,8 @@ class ucp_groups $return_page = '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '">', '</a>'); $mark_ary = request_var('mark', array(0)); - $submit = (!empty($_POST['submit'])) ? true : false; - $delete = (!empty($_POST['delete'])) ? true : false; + $submit = request::variable('submit', false, false, request::POST); + $delete = request::variable('delete', false, false, request::POST); $error = $data = array(); switch ($mode) @@ -43,9 +43,9 @@ class ucp_groups $this->page_title = 'UCP_USERGROUPS_MEMBER'; - if ($submit || isset($_POST['change_default'])) + if ($submit || request::is_set_post('change_default')) { - $action = (isset($_POST['change_default'])) ? 'change_default' : request_var('action', ''); + $action = (request::is_set_post('change_default')) ? 'change_default' : request_var('action', ''); $group_id = ($action == 'change_default') ? request_var('default', 0) : request_var('selected', 0); if (!$group_id) @@ -411,7 +411,7 @@ class ucp_groups case 'manage': $this->page_title = 'UCP_USERGROUPS_MANAGE'; - $action = (isset($_POST['addusers'])) ? 'addusers' : request_var('action', ''); + $action = (request::is_set_post('addusers')) ? 'addusers' : request_var('action', ''); $group_id = request_var('g', 0); include(PHPBB_ROOT_PATH . 'includes/functions_display.' . PHP_EXT); @@ -482,7 +482,7 @@ class ucp_groups $data = $submit_ary = array(); - $update = (isset($_POST['update'])) ? true : false; + $update = request::is_set_post('update'); $error = array(); @@ -505,7 +505,7 @@ class ucp_groups $submit_ary = array( 'colour' => request_var('group_colour', ''), 'rank' => request_var('group_rank', 0), - 'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0, + 'receive_pm' => request::is_set('group_receive_pm') ? 1 : 0, 'message_limit' => request_var('group_message_limit', 0), 'max_recipients'=> request_var('group_max_recipients', 0), ); @@ -672,7 +672,7 @@ class ucp_groups $type_closed = ($group_type == GROUP_CLOSED) ? ' checked="checked"' : ''; $type_hidden = ($group_type == GROUP_HIDDEN) ? ' checked="checked"' : ''; - $display_gallery = (isset($_POST['display_gallery'])) ? true : false; + $display_gallery = request::is_set_post('display_gallery'); if ($config['allow_avatar_local'] && $display_gallery) { diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index b52878509e..8d2f443ca0 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -204,7 +204,7 @@ class ucp_main add_form_key('ucp_front_subscribed'); - $unwatch = (isset($_POST['unwatch'])) ? true : false; + $unwatch = request::is_set_post('unwatch'); if ($unwatch) { @@ -287,7 +287,7 @@ class ucp_main } else { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = request::variable($config['cookie_name'] . '_track', '', false, request::COOKIE); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); } @@ -386,10 +386,10 @@ class ucp_main $user->add_lang('viewforum'); - if (isset($_POST['unbookmark'])) + if (request::is_set_post('unbookmark')) { $s_hidden_fields = array('unbookmark' => 1); - $topics = (isset($_POST['t'])) ? array_keys(request_var('t', array(0 => 0))) : array(); + $topics = array_keys(request::variable('t', array(0 => 0), false, request::POST)); $url = $this->u_action; if (!sizeof($topics)) @@ -432,10 +432,10 @@ class ucp_main $user->add_lang('posting'); - $edit = (isset($_REQUEST['edit'])) ? true : false; - $submit = (isset($_POST['submit'])) ? true : false; - $draft_id = ($edit) ? intval($_REQUEST['edit']) : 0; - $delete = (isset($_POST['delete'])) ? true : false; + $edit = request::is_set('edit'); + $draft_id = request::variable('edit', 0); + $submit = request::is_set_post('submit'); + $delete = request::is_set_post('delete'); $s_hidden_fields = ($edit) ? '<input type="hidden" name="edit" value="' . $draft_id . '" />' : ''; $draft_subject = $draft_message = ''; @@ -614,7 +614,7 @@ class ucp_main $template->assign_vars(array( 'L_TITLE' => $user->lang['UCP_MAIN_' . strtoupper($mode)], - 'S_DISPLAY_MARK_ALL' => ($mode == 'watched' || ($mode == 'drafts' && !isset($_GET['edit']))) ? true : false, + 'S_DISPLAY_MARK_ALL' => ($mode == 'watched' || ($mode == 'drafts' && !request::is_set('edit', request::GET))) ? true : false, 'S_HIDDEN_FIELDS' => (isset($s_hidden_fields)) ? $s_hidden_fields : '', 'S_UCP_ACTION' => $this->u_action, diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index e4371602cb..b631357784 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -18,8 +18,8 @@ if (!defined('IN_PHPBB')) /** * Private Message Class * -* $_REQUEST['folder'] display folder with the id used -* $_REQUEST['folder'] inbox|outbox|sentbox display folder with the associated name +* _REQUEST['folder'] display folder with the id used +* _REQUEST['folder'] inbox|outbox|sentbox display folder with the associated name * * Display Messages (default to inbox) - mode=view * Display single message - mode=view&p=[msg_id] or &p=[msg_id] (short linkage) @@ -195,8 +195,8 @@ class ucp_pm // First Handle Mark actions and moving messages - $submit_mark = (isset($_POST['submit_mark'])) ? true : false; - $move_pm = (isset($_POST['move_pm'])) ? true : false; + $submit_mark = request::is_set_post('submit_mark'); + $move_pm = request::is_set_post('move_pm'); $mark_option = request_var('mark_option', ''); $dest_folder = request_var('dest_folder', PRIVMSGS_NO_BOX); @@ -211,7 +211,7 @@ class ucp_pm // Move PM if ($move_pm) { - $move_msg_ids = (isset($_POST['marked_msg_id'])) ? request_var('marked_msg_id', array(0)) : array(); + $move_msg_ids = request::variable('marked_msg_id', array(0), false, request::POST); $cur_folder_id = request_var('cur_folder_id', PRIVMSGS_NO_BOX); if (move_pm($user->data['user_id'], $user->data['message_limit'], $move_msg_ids, $dest_folder, $cur_folder_id)) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 0df9ba2707..2a8243b73a 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -44,28 +44,21 @@ function compose_pm($id, $mode, $action) $msg_id = request_var('p', 0); $draft_id = request_var('d', 0); $lastclick = request_var('lastclick', 0); + $address_list = request_var('address_list', array('' => array(0 => ''))); - // Do NOT use request_var or specialchars here - $address_list = isset($_REQUEST['address_list']) ? $_REQUEST['address_list'] : array(); + $submit = request::is_set_post('post'); + $preview = request::is_set_post('preview'); + $save = request::is_set_post('save'); + $load = request::is_set_post('load'); + $cancel = (request::is_set_post('cancel') && !$save) ? true : false; + $delete = request::is_set_post('delete'); - if (!is_array($address_list)) - { - $address_list = array(); - } + $remove_u = request::is_set('remove_u'); + $remove_g = request::is_set('remove_g'); + $add_to = request::is_set('add_to'); + $add_bcc = request::is_set('add_bcc'); - $submit = (isset($_POST['post'])) ? true : false; - $preview = (isset($_POST['preview'])) ? true : false; - $save = (isset($_POST['save'])) ? true : false; - $load = (isset($_POST['load'])) ? true : false; - $cancel = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false; - $delete = (isset($_POST['delete'])) ? true : false; - - $remove_u = (isset($_REQUEST['remove_u'])) ? true : false; - $remove_g = (isset($_REQUEST['remove_g'])) ? true : false; - $add_to = (isset($_REQUEST['add_to'])) ? true : false; - $add_bcc = (isset($_REQUEST['add_bcc'])) ? true : false; - - $refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || $save || $load + $refresh = request::is_set_post('add_file') || request::is_set_post('delete_file') || $save || $load || $remove_u || $remove_g || $add_to || $add_bcc; $action = ($delete && !$preview && !$refresh && $submit) ? 'delete' : $action; @@ -625,10 +618,10 @@ function compose_pm($id, $mode, $action) $icon_id = request_var('icon', 0); - $enable_bbcode = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true; - $enable_smilies = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true; - $enable_urls = (isset($_POST['disable_magic_url'])) ? 0 : 1; - $enable_sig = (!$config['allow_sig'] ||!$config['allow_sig_pm']) ? false : ((isset($_POST['attach_sig'])) ? true : false); + $enable_bbcode = (!$bbcode_status || request::is_set_post('disable_bbcode')) ? false : true; + $enable_smilies = (!$smilies_status || request::is_set_post'disable_smilies')) ? false : true; + $enable_urls = (request::is_set_post('disable_magic_url')) ? 0 : 1; + $enable_sig = (!$config['allow_sig'] ||!$config['allow_sig_pm']) ? false : request::is_set_post('attach_sig'); if ($submit) { @@ -1002,7 +995,7 @@ function compose_pm($id, $mode, $action) $s_hidden_fields = '<input type="hidden" name="lastclick" value="' . $current_time . '" />'; $s_hidden_fields .= (isset($check_value)) ? '<input type="hidden" name="status_switch" value="' . $check_value . '" />' : ''; - $s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . ((isset($_REQUEST['draft_loaded'])) ? intval($_REQUEST['draft_loaded']) : $draft_id) . '" />' : ''; + $s_hidden_fields .= ($draft_id || request::is_set('draft_loaded')) ? '<input type="hidden" name="draft_loaded" value="' . request_var('draft_loaded', (int) $draft_id) . '" />' : ''; $form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_pm_attach'] || !$auth->acl_get('u_pm_attach')) ? '' : ' enctype="multipart/form-data"'; @@ -1047,7 +1040,7 @@ function compose_pm($id, $mode, $action) 'S_HIDDEN_ADDRESS_FIELD' => $s_hidden_address_field, 'S_HIDDEN_FIELDS' => $s_hidden_fields, - 'S_CLOSE_PROGRESS_WINDOW' => isset($_POST['add_file']), + 'S_CLOSE_PROGRESS_WINDOW' => request::is_set_post('add_file'), 'U_PROGRESS_BAR' => append_sid('posting', 'f=0&mode=popup'), 'UA_PROGRESS_BAR' => addslashes(append_sid('posting', 'f=0&mode=popup')), )); @@ -1079,32 +1072,25 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove global $auth, $db, $user; // Delete User [TO/BCC] - if ($remove_u && !empty($_REQUEST['remove_u']) && is_array($_REQUEST['remove_u'])) + $remove_user_id = request_var('remove_u', array(0 => false)); + if ($remove_u && sizeof($remove_user_id)) { - $remove_user_id = array_keys($_REQUEST['remove_u']); - - if (isset($remove_user_id[0])) - { - unset($address_list['u'][(int) $remove_user_id[0]]); - } + unset($address_list['u'][(int) key($remove_user_id)]); } // Delete Group [TO/BCC] - if ($remove_g && !empty($_REQUEST['remove_g']) && is_array($_REQUEST['remove_g'])) + $remove_group_id = request_var('remove_g', array(0 => false)); + if ($remove_g && sizeof($remove_group_id)) { - $remove_group_id = array_keys($_REQUEST['remove_g']); - - if (isset($remove_group_id[0])) - { - unset($address_list['g'][(int) $remove_group_id[0]]); - } + unset($address_list['g'][(int) key($remove_group_id)]); } // Add Selected Groups $group_list = request_var('group_list', array(0)); // Build usernames to add - $usernames = (isset($_REQUEST['username'])) ? array(request_var('username', '', true)) : array(); + $username = request_var('username', '', true) + $usernames = ($username) ? array($username) : array(); $username_list = request_var('username_list', '', true); if ($username_list) { @@ -1152,7 +1138,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove } // Add Friends if specified - $friend_list = (isset($_REQUEST['add_' . $type]) && is_array($_REQUEST['add_' . $type])) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array(); + $friend_list = array_keys(request_var('add_' . $type, array(0 => false))); $user_id_ary = array_merge($user_id_ary, $friend_list); foreach ($user_id_ary as $user_id) diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index 46f5740c46..af3b211a5e 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -27,7 +27,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit add_form_key('ucp_pm_options'); // Change "full folder" setting - what to do if folder is full - if (isset($_POST['fullfolder'])) + if (request::is_set_post('fullfolder')) { check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url); $full_action = request_var('full_action', 0); @@ -68,7 +68,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit } // Add Folder - if (isset($_POST['addfolder'])) + if (request::is_set_post('addfolder')) { if (check_form_key('ucp_pm_options')) { @@ -120,7 +120,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit } // Rename folder - if (isset($_POST['rename_folder'])) + if (request::is_set_post('rename_folder')) { if (check_form_key('ucp_pm_options')) { @@ -165,7 +165,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit } // Remove Folder - if (isset($_POST['remove_folder'])) + if (request::is_set_post('remove_folder')) { $remove_folder_id = request_var('remove_folder_id', 0); @@ -276,7 +276,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit } // Add Rule - if (isset($_POST['add_rule'])) + if (request::is_set_post('add_rule')) { if (check_form_key('ucp_pm_options')) { @@ -345,7 +345,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit } // Remove Rule - if (isset($_POST['delete_rule']) && !isset($_POST['cancel'])) + if (request::is_set_post('delete_rule') && !request::is_set_post('cancel')) { $delete_id = array_keys(request_var('delete_rule', array(0 => 0))); $delete_id = (!empty($delete_id[0])) ? $delete_id[0] : 0; @@ -494,7 +494,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit $rule_option = request_var('rule_option', 0); $cond_option = request_var('cond_option', ''); $action_option = request_var('action_option', ''); - $back = (isset($_REQUEST['back'])) ? request_var('back', array('' => 0)) : array(); + $back = request_var('back', array('' => 0)); if (sizeof($back)) { diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index 8db7b29c1b..36750d69c4 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -24,7 +24,7 @@ function view_folder($id, $mode, $folder_id, $folder) { global $user, $template, $auth, $db, $cache, $config; - $submit_export = (isset($_POST['submit_export'])) ? true : false; + $submit_export = request::is_set_post('submit_export'); $folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']); @@ -473,7 +473,7 @@ function get_pm_from($folder_id, $folder, $user_id) { $min_post_time = time() - ($sort_days * 86400); - if (isset($_POST['sort'])) + if (request::is_set_post('sort')) { $start = 0; } diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index ee318a2a0d..606316d04b 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -234,7 +234,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) } } - if (!isset($_REQUEST['view']) || $_REQUEST['view'] != 'print') + if (request_var('view', '') != 'print') { // Message History if (message_history($msg_id, $user->data['user_id'], $message_row, $folder)) diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index 31dc0cdeb8..f33ae39ba5 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -29,7 +29,7 @@ class ucp_prefs { global $config, $db, $user, $auth, $template; - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); $error = $data = array(); $s_hidden_fields = ''; diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 95bfee642c..fc4e7e174b 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -33,9 +33,9 @@ class ucp_profile $user->add_lang('posting'); - $preview = (!empty($_POST['preview'])) ? true : false; - $submit = (!empty($_POST['submit'])) ? true : false; - $delete = (!empty($_POST['delete'])) ? true : false; + $preview = request::variable('preview', false, false, request::POST); + $submit = request::variable('submit', false, false, request::POST); + $delete = request::variable('delete', false, false, request::POST); $error = $data = array(); $s_hidden_fields = ''; diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index c0ebd5f2c5..a3a128f1b2 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -37,9 +37,9 @@ class ucp_register include(PHPBB_ROOT_PATH . 'includes/functions_profile_fields.' . PHP_EXT); - $coppa = (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false; - $agreed = (!empty($_POST['agreed'])) ? 1 : 0; - $submit = (isset($_POST['submit'])) ? true : false; + $coppa = request::is_set('coppa') ? ((request_var('coppa', false)) ? 1 : 0) : false; + $agreed = request::variable('agreed', false, false, request::POST) ? 1 : 0; + $submit = request::is_set_post('submit'); $change_lang = request_var('change_lang', ''); $user_lang = request_var('lang', $user->lang_name); @@ -71,7 +71,7 @@ class ucp_register $submit = false; // Setting back agreed to let the user view the agreement in his/her language - $agreed = (empty($_GET['change_lang'])) ? 0 : $agreed; + $agreed = (request::is_set_post('change_lang')) ? 0 : $agreed; } $user->lang_name = $lang = $use_lang; diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index 1ed9e27836..fd8d1cebc6 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -31,7 +31,7 @@ class ucp_remind $username = request_var('username', '', true); $email = strtolower(request_var('email', '')); - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); if ($submit) { diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index 92445868e4..a3b79ffb0f 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -31,7 +31,7 @@ class ucp_resend $username = request_var('username', '', true); $email = strtolower(request_var('email', '')); - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); add_form_key('ucp_resend'); diff --git a/phpBB/includes/ucp/ucp_zebra.php b/phpBB/includes/ucp/ucp_zebra.php index f0a0b1b63d..c45eb9a1d6 100644 --- a/phpBB/includes/ucp/ucp_zebra.php +++ b/phpBB/includes/ucp/ucp_zebra.php @@ -28,7 +28,7 @@ class ucp_zebra { global $config, $db, $user, $auth, $template; - $submit = (isset($_POST['submit']) || isset($_GET['add']) || isset($_GET['remove'])) ? true : false; + $submit = request::is_set_post('submit') || request::is_set('add', request::GET) || request::is_set('remove', request::GET); $s_hidden_fields = ''; $l_mode = strtoupper($mode); diff --git a/phpBB/includes/utf/utf_tools.php b/phpBB/includes/utf/utf_tools.php index 8dbb236a1c..b946f16466 100644 --- a/phpBB/includes/utf/utf_tools.php +++ b/phpBB/includes/utf/utf_tools.php @@ -1356,6 +1356,8 @@ function utf8_case_fold_nfc($text, $option = 'full') * A wrapper function for the normalizer which takes care of including the class if required and modifies the passed strings * to be in NFC (Normalization Form Composition). * +* @todo allow arbitrary array depth +* * @param mixed $strings a string or an array of strings to normalize * @return mixed the normalized content, preserving array keys if array given. */ diff --git a/phpBB/install/install_convert.php b/phpBB/install/install_convert.php index 319505d57a..eaec24ef4f 100644 --- a/phpBB/install/install_convert.php +++ b/phpBB/install/install_convert.php @@ -381,7 +381,7 @@ class install_convert extends module $this->p_master->error($lang['DEV_NO_TEST_FILE'], __LINE__, __FILE__); } - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); $src_dbms = request_var('src_dbms', $convertor_data['dbms']); $src_dbhost = request_var('src_dbhost', $convertor_data['dbhost']); @@ -805,7 +805,7 @@ class install_convert extends module if (!$current_table && !$skip_rows) { - if (empty($_REQUEST['confirm'])) + if (!request::variable('confirm', false)) { // If avatars / ranks / smilies folders are specified make sure they are writable $bad_folders = array(); @@ -966,7 +966,7 @@ class install_convert extends module )); return; - } // if (empty($_REQUEST['confirm'])) + } // if (!request::variable('confirm', false)) $template->assign_block_vars('checks', array( 'S_LEGEND' => true, diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index fce0350c31..ca1e8fea22 100644 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -559,7 +559,7 @@ class install_install extends module $available_dbms = get_available_dbms(false, true); // Has the user opted to test the connection? - if (isset($_POST['testdb'])) + if (request::is_set_post('testdb')) { if (!isset($available_dbms[$data['dbms']]) || !$available_dbms[$data['dbms']]['AVAILABLE']) { @@ -700,7 +700,7 @@ class install_install extends module $data['default_lang'] = ($data['default_lang'] !== '') ? $data['default_lang'] : $data['language']; - if (isset($_POST['check'])) + if (request::is_set_post('check')) { $error = array(); @@ -954,7 +954,7 @@ class install_install extends module } } - if (isset($_POST['dldone'])) + if (request::is_set_post('dldone')) { // Do a basic check to make sure that the file has been uploaded // Note that all we check is that the file has _something_ in it @@ -981,7 +981,7 @@ class install_install extends module { // OK, so it didn't work let's try the alternatives - if (isset($_POST['dlconfig'])) + if (request::is_set_post('dlconfig')) { // They want a copy of the file to download, so send the relevant headers and dump out the data header('Content-Type: text/x-delimtext; name="config.' . PHP_EXT . '"'); diff --git a/phpBB/install/install_update.php b/phpBB/install/install_update.php index 8312b3fc55..f10caf9d54 100644 --- a/phpBB/install/install_update.php +++ b/phpBB/install/install_update.php @@ -208,7 +208,7 @@ class install_update extends module $this->include_file('includes/diff/renderer.' . PHP_EXT); // Make sure we stay at the file check if checking the files again - if (!empty($_POST['check_again'])) + if (request::variable('check_again', false, false, request::POST)) { $sub = $this->p_master->sub = 'file_check'; } @@ -297,7 +297,7 @@ class install_update extends module $action = request_var('action', ''); // We are directly within an update. To make sure our update list is correct we check its status. - $update_list = (!empty($_POST['check_again'])) ? false : $cache->get('_update_list'); + $update_list = (request::variable('check_again', false, false, request::POST)) ? false : $cache->get('_update_list'); $modified = ($update_list !== false) ? @filemtime($cache->cache_dir . 'data_update_list.' . PHP_EXT) : 0; // Make sure the list is up-to-date @@ -644,7 +644,7 @@ class install_update extends module { $cache->put('_diff_files', $file_list); - if (!empty($_REQUEST['download'])) + if (request_var('download', false)) { $params[] = 'download=1'; } @@ -747,7 +747,7 @@ class install_update extends module $file_list['status'] = -1; $cache->put('_diff_files', $file_list); - if (!empty($_REQUEST['download'])) + if (request_var('download', false)) { $this->include_file('includes/functions_compress.' . PHP_EXT); @@ -823,7 +823,7 @@ class install_update extends module // Choose FTP, if not available use fsock... $method = basename(request_var('method', '')); - $submit = (isset($_POST['submit'])) ? true : false; + $submit = request::is_set_post('submit'); $test_ftp_connection = request_var('test_connection', ''); if (!$method || !class_exists($method)) @@ -881,7 +881,7 @@ class install_update extends module 'DATA' => $data, 'NAME' => $user->lang[strtoupper($method . '_' . $data)], 'EXPLAIN' => $user->lang[strtoupper($method . '_' . $data) . '_EXPLAIN'], - 'DEFAULT' => (!empty($_REQUEST[$data])) ? request_var($data, '') : $default + 'DEFAULT' => (request_var($data, false)) ? request_var($data, '') : $default )); } diff --git a/phpBB/mcp.php b/phpBB/mcp.php index 299e8332ab..12f5cb9ee8 100644 --- a/phpBB/mcp.php +++ b/phpBB/mcp.php @@ -31,10 +31,10 @@ $template->assign_var('S_IN_MCP', true); // Basic parameter data $id = request_var('i', ''); -if (isset($_REQUEST['mode']) && is_array($_REQUEST['mode'])) +$mode = request_var('mode', array('')); +if (!empty($mode)) { - $mode = request_var('mode', array('')); - list($mode, ) = each($mode); + $mode = key($mode); } else { @@ -52,19 +52,18 @@ if (!$user->data['is_registered']) login_box('', $user->lang['LOGIN_EXPLAIN_MCP']); } -$quickmod = (isset($_REQUEST['quickmod'])) ? true : false; -$action = request_var('action', ''); -$action_ary = request_var('action', array('' => 0)); +$quickmod = request::is_set('quickmod'); +$action = request_var('action', ''); +$action_ary = request_var('action', array('' => 0)); +$forum_action = request_var('forum_action', ''); -$forum_action = request_var('forum_action', ''); -if ($forum_action !== '' && !empty($_POST['sort'])) +if (sizeof($action_ary)) { - $action = $forum_action; + $action = key($action_ary); } - -if (sizeof($action_ary)) +else if (!empty($forum_action) && request::variable('sort', false, false, request::POST)) { - list($action, ) = each($action_ary); + $action = $forum_action; } unset($action_ary); diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 92e19fc87d..af42452a9b 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -56,7 +56,7 @@ switch ($mode) } $start = request_var('start', 0); -$submit = (isset($_POST['submit'])) ? true : false; +$submit = request::is_set_post('submit'); $default_key = 'c'; $sort_key = request_var('sk', $default_key); @@ -741,8 +741,8 @@ switch ($mode) $email_lang = request_var('lang', $config['default_lang']); $subject = utf8_normalize_nfc(request_var('subject', '', true)); $message = utf8_normalize_nfc(request_var('message', '', true)); - $cc = (isset($_POST['cc_email'])) ? true : false; - $submit = (isset($_POST['submit'])) ? true : false; + $cc = request::is_set_post('cc_email'); + $submit = request::is_set_post('submit'); if ($submit) { @@ -948,7 +948,7 @@ switch ($mode) // We validate form and field here, only id/class allowed $form = (!preg_match('/^[a-z0-9_-]+$/i', $form)) ? '' : $form; $field = (!preg_match('/^[a-z0-9_-]+$/i', $field)) ? '' : $field; - if (($mode == 'searchuser' || sizeof(array_intersect(array_keys($_GET), $search_params)) > 0) && ($config['load_search'] || $auth->acl_get('a_'))) + if (($mode == 'searchuser' || sizeof(array_intersect(request::variable_names(request::GET), $search_params)) > 0) && ($config['load_search'] || $auth->acl_get('a_'))) { $username = request_var('username', '', true); $email = strtolower(request_var('email', '')); @@ -1238,7 +1238,7 @@ switch ($mode) foreach ($check_params as $key => $call) { - if (!isset($_REQUEST[$key])) + if (!request::is_set($key)) { continue; } diff --git a/phpBB/posting.php b/phpBB/posting.php index 226cb31dfc..db8fe3576d 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -32,14 +32,14 @@ $forum_id = request_var('f', 0); $draft_id = request_var('d', 0); $lastclick = request_var('lastclick', 0); -$submit = (isset($_POST['post'])) ? true : false; -$preview = (isset($_POST['preview'])) ? true : false; -$save = (isset($_POST['save'])) ? true : false; -$load = (isset($_POST['load'])) ? true : false; -$delete = (isset($_POST['delete'])) ? true : false; -$cancel = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false; - -$refresh = (isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['cancel_unglobalise']) || $save || $load) ? true : false; +$submit = request::is_set_post('post'); +$preview = request::is_set_post('preview'); +$save = request::is_set_post('save'); +$load = request::is_set_post('load'); +$delete = request::is_set_post('delete'); +$cancel = (request::is_set_post('cancel') && !request::is_set_post('save')) ? true : false; + +$refresh = (request::is_set_post('add_file') || request::is_set_post('delete_file') || request::is_set_post('cancel_unglobalise') || $save || $load) ? true : false; $mode = ($delete && !$preview && !$refresh && $submit) ? 'delete' : request_var('mode', ''); $error = $post_data = array(); @@ -574,35 +574,37 @@ $solved_captcha = false; if ($submit || $preview || $refresh) { + $edit_reason = utf8_normalize_nfc(request_var('edit_reason', '', true)); + $post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0); $post_data['post_subject'] = utf8_normalize_nfc(request_var('subject', '', true)); $message_parser->message = utf8_normalize_nfc(request_var('message', '', true)); $post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true)); - $post_data['post_edit_reason'] = (!empty($_POST['edit_reason']) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? utf8_normalize_nfc(request_var('edit_reason', '', true)) : ''; + $post_data['post_edit_reason'] = (!empty($edit_reason) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? $edit_reason : ''; $post_data['orig_topic_type'] = $post_data['topic_type']; $post_data['topic_type'] = request_var('topic_type', (($mode != 'post') ? (int) $post_data['topic_type'] : POST_NORMAL)); $post_data['topic_time_limit'] = request_var('topic_time_limit', (($mode != 'post') ? (int) $post_data['topic_time_limit'] : 0)); $post_data['icon_id'] = request_var('icon', 0); - $post_data['enable_bbcode'] = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true; - $post_data['enable_smilies'] = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true; - $post_data['enable_urls'] = (isset($_POST['disable_magic_url'])) ? 0 : 1; - $post_data['enable_sig'] = (!$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig')) ? false : ((isset($_POST['attach_sig']) && $user->data['is_registered']) ? true : false); + $post_data['enable_bbcode'] = (!$bbcode_status || request::is_set_post('disable_bbcode')) ? false : true; + $post_data['enable_smilies'] = (!$smilies_status || request::is_set_post('disable_smilies')) ? false : true; + $post_data['enable_urls'] = request::is_set_post('disable_magic_url'); + $post_data['enable_sig'] = (!$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig')) ? false : ((request::is_set_post('attach_sig') && $user->data['is_registered']) ? true : false); if ($config['allow_topic_notify'] && $user->data['is_registered']) { - $notify = (isset($_POST['notify'])) ? true : false; + $notify = request::is_set_post('notify'); } else { $notify = false; } - $topic_lock = (isset($_POST['lock_topic'])) ? true : false; - $post_lock = (isset($_POST['lock_post'])) ? true : false; - $poll_delete = (isset($_POST['poll_delete'])) ? true : false; + $topic_lock = request::is_set_post('lock_topic'); + $post_lock = request::is_set_post('lock_post'); + $poll_delete = request::is_set_post('poll_delete'); if ($submit) { @@ -652,7 +654,7 @@ if ($submit || $preview || $refresh) $post_data['poll_length'] = request_var('poll_length', 0); $post_data['poll_option_text'] = utf8_normalize_nfc(request_var('poll_option_text', '', true)); $post_data['poll_max_options'] = request_var('poll_max_options', 1); - $post_data['poll_vote_change'] = ($auth->acl_get('f_votechg', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0; + $post_data['poll_vote_change'] = ($auth->acl_get('f_votechg', $forum_id) && request::is_set_post('poll_vote_change')) ? 1 : 0; } // If replying/quoting and last post id has changed @@ -1228,7 +1230,7 @@ if ($config['enable_post_confirm'] && !$user->data['is_registered'] && $solved_c $s_hidden_fields = ($mode == 'reply' || $mode == 'quote') ? '<input type="hidden" name="topic_cur_post_id" value="' . $post_data['topic_last_post_id'] . '" />' : ''; $s_hidden_fields .= '<input type="hidden" name="lastclick" value="' . $current_time . '" />'; -$s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . request_var('draft_loaded', $draft_id) . '" />' : ''; +$s_hidden_fields .= ($draft_id || request::is_set('draft_loaded')) ? '<input type="hidden" name="draft_loaded" value="' . request_var('draft_loaded', $draft_id) . '" />' : ''; // Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview if ($solved_captcha !== false) @@ -1269,7 +1271,7 @@ $template->assign_vars(array( 'UA_PROGRESS_BAR' => addslashes(append_sid('posting', "f=$forum_id&mode=popup")), 'S_PRIVMSGS' => false, - 'S_CLOSE_PROGRESS_WINDOW' => (isset($_POST['add_file'])) ? true : false, + 'S_CLOSE_PROGRESS_WINDOW' => request::is_set_post('add_file'), 'S_EDIT_POST' => ($mode == 'edit') ? true : false, 'S_EDIT_REASON' => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false, 'S_DISPLAY_USERNAME' => (!$user->data['is_registered'] || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS)) ? true : false, @@ -1319,7 +1321,7 @@ if (($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_ 'L_POLL_OPTIONS_EXPLAIN' => sprintf($user->lang['POLL_OPTIONS_' . (($mode == 'edit') ? 'EDIT_' : '') . 'EXPLAIN'], $config['max_poll_options']), 'VOTE_CHANGE_CHECKED' => (!empty($post_data['poll_vote_change'])) ? ' checked="checked"' : '', - 'POLL_TITLE' => (isset($post_data['poll_title'])) ? $post_data['poll_title'] : '', +// 'POLL_TITLE' => (isset($post_data['poll_title'])) ? $post_data['poll_title'] : '', 'POLL_OPTIONS' => (!empty($post_data['poll_options'])) ? implode("\n", $post_data['poll_options']) : '', 'POLL_MAX_OPTIONS' => (isset($post_data['poll_max_options'])) ? (int) $post_data['poll_max_options'] : 1, 'POLL_LENGTH' => $post_data['poll_length']) diff --git a/phpBB/report.php b/phpBB/report.php index 9e816b9a66..1997a55a15 100644 --- a/phpBB/report.php +++ b/phpBB/report.php @@ -28,7 +28,7 @@ $reason_id = request_var('reason_id', 0); $report_text = utf8_normalize_nfc(request_var('report_text', '', true)); $user_notify = ($user->data['is_registered']) ? request_var('notify', 0) : false; -$submit = (isset($_POST['submit'])) ? true : false; +$submit = request::is_set_post('submit'); if (!$post_id) { @@ -38,7 +38,7 @@ if (!$post_id) $redirect_url = append_sid('viewtopic', "f=$forum_id&p=$post_id") . "#p$post_id"; // Has the report been cancelled? -if (isset($_POST['cancel'])) +if (request::is_set_post('cancel')) { redirect($redirect_url); } diff --git a/phpBB/search.php b/phpBB/search.php index dafac780a6..8c4dc6547d 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -562,7 +562,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) if ($config['load_anon_lastread'] || ($user->data['is_registered'] && !$config['load_db_lastread'])) { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = request::variable($config['cookie_name'] . '_track', '', false, request::COOKIE); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); } @@ -1038,11 +1038,17 @@ for ($i = 100; $i <= 1000 ; $i += 100) $s_hidden_fields = array('t' => $topic_id); +/** +* @todo get rid of this global $_SID voodoo! +*/ if ($_SID) { $s_hidden_fields['sid'] = $_SID; } +/** +* @todo get rid of this global $_EXTRA_URL voodoo, too! +*/ if (!empty($_EXTRA_URL)) { foreach ($_EXTRA_URL as $url_param) diff --git a/phpBB/ucp.php b/phpBB/ucp.php index d4eb566301..8fd3243341 100644 --- a/phpBB/ucp.php +++ b/phpBB/ucp.php @@ -58,7 +58,7 @@ switch ($mode) break; case 'register': - if ($user->data['is_registered'] || isset($_REQUEST['not_agreed'])) + if ($user->data['is_registered'] || request::is_set('not_agreed')) { redirect(append_sid('index')); } @@ -81,7 +81,7 @@ switch ($mode) break; case 'logout': - if ($user->data['user_id'] != ANONYMOUS && isset($_GET['sid']) && !is_array($_GET['sid']) && $_GET['sid'] === $user->session_id) + if ($user->data['user_id'] != ANONYMOUS && request::variable('sid', '', false, request::GET) === $user->session_id) { $user->session_kill(); $user->session_begin(); @@ -140,7 +140,8 @@ switch ($mode) { $set_time = time() - 31536000; - foreach ($_COOKIE as $cookie_name => $cookie_data) + $cookies = request::variable_names(request::COOKIE); + foreach ($cookies as $cookie_name) { $cookie_name = str_replace($config['cookie_name'] . '_', '', $cookie_name); diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index ae40b92349..cc4003b939 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -75,7 +75,7 @@ if (!$forum_data) $user->setup('viewforum', $forum_data['forum_style']); // Redirect to login upon emailed notification links -if (isset($_GET['e']) && !$user->data['is_registered']) +if (request::is_set('e', request::GET) && !$user->data['is_registered']) { login_box('', $user->lang['LOGIN_NOTIFY_FORUM']); } @@ -238,7 +238,7 @@ if ($sort_days) $topics_count = (int) $db->sql_fetchfield('num_topics'); $db->sql_freeresult($result); - if (isset($_POST['sort'])) + if (request::is_set_post('sort')) { $start = 0; } diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index c6ba573002..3a8714a375 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -348,7 +348,7 @@ if ($topic_data['forum_password']) } // Redirect to login or to the correct post upon emailed notification links -if (isset($_GET['e'])) +if (request::is_set('e', request::GET)) { $jump_to = request_var('e', 0); @@ -417,7 +417,7 @@ if ($sort_days) $limit_posts_time = "AND p.post_time >= $min_post_time "; - if (isset($_POST['sort'])) + if (request::is_set_post('sort')) { $start = 0; } @@ -673,10 +673,10 @@ if (!empty($topic_data['poll_start'])) // Cookie based guest tracking ... I don't like this but hum ho // it's oft requested. This relies on "nice" users who don't feel // the need to delete cookies to mess with results. - if (isset($_COOKIE[$config['cookie_name'] . '_poll_' . $topic_id])) + $cur_voted_list = request::variable($config['cookie_name'] . '_poll_' . $topic_id, '', false, request::COOKIE); + if (!empty($cur_voted_list)) { - $cur_voted_id = explode(',', $_COOKIE[$config['cookie_name'] . '_poll_' . $topic_id]); - $cur_voted_id = array_map('intval', $cur_voted_id); + $cur_voted_id = array_map('intval', explode(',', $cur_voted_list)); } } @@ -1580,12 +1580,15 @@ else if (!$all_marked_read) } } -// We overwrite $_REQUEST['f'] if there is no forum specified +/** +* @todo Do NOT overwrite a request variable. +*/ +// We overwrite the 'f' request variable if there is no forum specified // to be able to display the correct online list. // One downside is that the user currently viewing this topic/post is not taken into account. -if (empty($_REQUEST['f'])) +if (empty(request::variable('f', ''))) { - $_REQUEST['f'] = $forum_id; + request::overwrite('f', $forum_id); } // Output the page |