aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--phpBB/adm/style/acp_search.html6
-rw-r--r--phpBB/includes/acp/acp_search.php10
-rw-r--r--phpBB/includes/auth/auth_db.php16
-rw-r--r--phpBB/includes/functions.php19
-rw-r--r--phpBB/includes/functions_display.php3
-rw-r--r--phpBB/includes/session.php3
-rw-r--r--phpBB/includes/ucp/ucp_main.php2
-rw-r--r--phpBB/search.php2
-rw-r--r--phpBB/viewtopic.php4
-rw-r--r--tests/request/request_var.php2
10 files changed, 38 insertions, 29 deletions
diff --git a/phpBB/adm/style/acp_search.html b/phpBB/adm/style/acp_search.html
index 5fd7a23d97..baadb70855 100644
--- a/phpBB/adm/style/acp_search.html
+++ b/phpBB/adm/style/acp_search.html
@@ -139,9 +139,11 @@
<p class="quick">
<!-- IF backend.S_INDEXED -->
- <input class="button2" type="submit" name="action[delete]" value="{L_DELETE_INDEX}" onclick="popup_progress_bar('delete');" />
+ <input type="hidden" name="action" value="delete" />
+ <input class="button2" type="submit" value="{L_DELETE_INDEX}" onclick="popup_progress_bar('delete');" />
<!-- ELSE -->
- <input class="button2" type="submit" name="action[create]" value="{L_CREATE_INDEX}" onclick="popup_progress_bar('create');" />
+ <input type="hidden" name="action" value="create" />
+ <input class="button2" type="submit" value="{L_CREATE_INDEX}" onclick="popup_progress_bar('create');" />
<!-- ENDIF -->
</p>
{S_FORM_TOKEN}
diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php
index 3a1d3da279..27e636ddcc 100644
--- a/phpBB/includes/acp/acp_search.php
+++ b/phpBB/includes/acp/acp_search.php
@@ -232,15 +232,7 @@ class acp_search
global $db, $user, $auth, $template, $cache;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
- if (isset($_REQUEST['action']) && is_array($_REQUEST['action']))
- {
- $action = request_var('action', array('' => false));
- $action = key($action);
- }
- else
- {
- $action = request_var('action', '');
- }
+ $action = request_var('action', '');
$this->state = explode(',', $config['search_indexing_state']);
if (isset($_POST['cancel']))
diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php
index 910eb10bdb..6304d6e49a 100644
--- a/phpBB/includes/auth/auth_db.php
+++ b/phpBB/includes/auth/auth_db.php
@@ -27,6 +27,7 @@ if (!defined('IN_PHPBB'))
function login_db(&$username, &$password)
{
global $db, $config;
+ global $request;
// do not allow empty password
if (!$password)
@@ -96,12 +97,23 @@ function login_db(&$username, &$password)
// If the password convert flag is set we need to convert it
if ($row['user_pass_convert'])
{
+ // enable super globals to get literal value
+ // this is needed to prevent unicode normalization
+ $super_globals_disabled = $request->super_globals_disabled();
+ if ($super_globals_disabled)
+ {
+ $request->enable_super_globals();
+ }
+
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
- $password_new_format = '';
+ $password_new_format = $request->variable('password', '', true);
- set_var($password_new_format, stripslashes($password_old_format), 'string');
+ if ($super_globals_disabled)
+ {
+ $request->disable_super_globals();
+ }
if ($password == $password_new_format)
{
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index a02cc52cba..32fff0d715 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1148,6 +1148,7 @@ function tz_select($default = '', $truncate = false)
function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $user_id = 0)
{
global $db, $user, $config;
+ global $request;
if ($mode == 'all')
{
@@ -1162,7 +1163,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
}
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
- $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+ $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
unset($tracking_topics['tf']);
@@ -1171,7 +1172,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
$tracking_topics['l'] = base_convert(time() - $config['board_startdate'], 10, 36);
$user->set_cookie('track', tracking_serialize($tracking_topics), time() + 31536000);
- $_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking_topics)) : tracking_serialize($tracking_topics);
+ $request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking_topics), phpbb_request_interface::COOKIE);
unset($tracking_topics);
@@ -1241,7 +1242,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
}
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
- $tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+ $tracking = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking = ($tracking) ? tracking_unserialize($tracking) : array();
foreach ($forum_id as $f_id)
@@ -1272,7 +1273,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
}
$user->set_cookie('track', tracking_serialize($tracking), time() + 31536000);
- $_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking);
+ $request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), phpbb_request_interface::COOKIE);
unset($tracking);
}
@@ -1313,7 +1314,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
}
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
- $tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+ $tracking = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking = ($tracking) ? tracking_unserialize($tracking) : array();
$topic_id36 = base_convert($topic_id, 10, 36);
@@ -1328,7 +1329,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
// If the cookie grows larger than 10000 characters we will remove the smallest value
// This can result in old topics being unread - but most of the time it should be accurate...
- if (isset($_COOKIE[$config['cookie_name'] . '_track']) && strlen($_COOKIE[$config['cookie_name'] . '_track']) > 10000)
+ if (strlen($request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE)) > 10000)
{
//echo 'Cookie grown too large' . print_r($tracking, true);
@@ -1368,7 +1369,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
}
$user->set_cookie('track', tracking_serialize($tracking), time() + 31536000);
- $_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking);
+ $request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), phpbb_request_interface::COOKIE);
}
return;
@@ -1550,7 +1551,7 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
if (!isset($tracking_topics) || !sizeof($tracking_topics))
{
- $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+ $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
}
@@ -1760,7 +1761,7 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti
}
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
- $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+ $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
if (!$user->data['is_registered'])
diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php
index 98f1fdef13..71aee5d8e3 100644
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -23,6 +23,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
{
global $db, $auth, $user, $template;
global $phpbb_root_path, $phpEx, $config;
+ global $request;
$forum_rows = $subforums = $forum_ids = $forum_ids_moderator = $forum_moderators = $active_forum_ary = array();
$parent_id = $visible_forums = 0;
@@ -69,7 +70,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
}
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
- $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+ $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
if (!$user->data['is_registered'])
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 73e0803d5d..d2f76868c1 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -206,6 +206,7 @@ class session
function session_begin($update_session_page = true)
{
global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path;
+ global $request;
// Give us some basic information
$this->time_now = time();
@@ -241,7 +242,7 @@ class session
$this->forwarded_for = '';
}
- if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
+ if ($request->is_set($config['cookie_name'] . '_sid', phpbb_request_interface::COOKIE) || $request->is_set($config['cookie_name'] . '_u', phpbb_request_interface::COOKIE))
{
$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true);
$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true);
diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php
index 64bed60248..d5bdb731ac 100644
--- a/phpBB/includes/ucp/ucp_main.php
+++ b/phpBB/includes/ucp/ucp_main.php
@@ -288,7 +288,7 @@ class ucp_main
}
else
{
- $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+ $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
}
diff --git a/phpBB/search.php b/phpBB/search.php
index 48fd12273b..b7cea03057 100644
--- a/phpBB/search.php
+++ b/phpBB/search.php
@@ -652,7 +652,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
if ($config['load_anon_lastread'] || ($user->data['is_registered'] && !$config['load_db_lastread']))
{
- $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+ $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
}
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index 2c719b45d4..2673418eab 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -701,9 +701,9 @@ if (!empty($topic_data['poll_start']))
// Cookie based guest tracking ... I don't like this but hum ho
// it's oft requested. This relies on "nice" users who don't feel
// the need to delete cookies to mess with results.
- if (isset($_COOKIE[$config['cookie_name'] . '_poll_' . $topic_id]))
+ if ($request->is_set($config['cookie_name'] . '_poll_' . $topic_id, phpbb_request_interface::COOKIE))
{
- $cur_voted_id = explode(',', $_COOKIE[$config['cookie_name'] . '_poll_' . $topic_id]);
+ $cur_voted_id = explode(',', $request->variable($config['cookie_name'] . '_poll_' . $topic_id, '', true, phpbb_request_interface::COOKIE));
$cur_voted_id = array_map('intval', $cur_voted_id);
}
}
diff --git a/tests/request/request_var.php b/tests/request/request_var.php
index 1c360d45d0..53a4d8097b 100644
--- a/tests/request/request_var.php
+++ b/tests/request/request_var.php
@@ -87,7 +87,7 @@ class phpbb_request_var_test extends phpbb_test_case
$this->unset_variables('var');
// cannot set $_REQUEST directly because in phpbb_request implementation
- // $_REQUEST = $_GET + $_POST
+ // $_REQUEST = $_POST + $_GET
$_POST['var'] = array(
0 => array(
'b' => array(