diff options
-rw-r--r-- | phpBB/adm/style/acp_search.html | 6 | ||||
-rw-r--r-- | phpBB/includes/acp/acp_search.php | 10 | ||||
-rw-r--r-- | phpBB/includes/auth/auth_db.php | 16 | ||||
-rw-r--r-- | phpBB/includes/functions.php | 19 | ||||
-rw-r--r-- | phpBB/includes/functions_display.php | 3 | ||||
-rw-r--r-- | phpBB/includes/session.php | 3 | ||||
-rw-r--r-- | phpBB/includes/ucp/ucp_main.php | 2 | ||||
-rw-r--r-- | phpBB/search.php | 2 | ||||
-rw-r--r-- | phpBB/viewtopic.php | 4 | ||||
-rw-r--r-- | tests/request/request_var.php | 2 |
10 files changed, 38 insertions, 29 deletions
diff --git a/phpBB/adm/style/acp_search.html b/phpBB/adm/style/acp_search.html index 5fd7a23d97..baadb70855 100644 --- a/phpBB/adm/style/acp_search.html +++ b/phpBB/adm/style/acp_search.html @@ -139,9 +139,11 @@ <p class="quick"> <!-- IF backend.S_INDEXED --> - <input class="button2" type="submit" name="action[delete]" value="{L_DELETE_INDEX}" onclick="popup_progress_bar('delete');" /> + <input type="hidden" name="action" value="delete" /> + <input class="button2" type="submit" value="{L_DELETE_INDEX}" onclick="popup_progress_bar('delete');" /> <!-- ELSE --> - <input class="button2" type="submit" name="action[create]" value="{L_CREATE_INDEX}" onclick="popup_progress_bar('create');" /> + <input type="hidden" name="action" value="create" /> + <input class="button2" type="submit" value="{L_CREATE_INDEX}" onclick="popup_progress_bar('create');" /> <!-- ENDIF --> </p> {S_FORM_TOKEN} diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php index 3a1d3da279..27e636ddcc 100644 --- a/phpBB/includes/acp/acp_search.php +++ b/phpBB/includes/acp/acp_search.php @@ -232,15 +232,7 @@ class acp_search global $db, $user, $auth, $template, $cache; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; - if (isset($_REQUEST['action']) && is_array($_REQUEST['action'])) - { - $action = request_var('action', array('' => false)); - $action = key($action); - } - else - { - $action = request_var('action', ''); - } + $action = request_var('action', ''); $this->state = explode(',', $config['search_indexing_state']); if (isset($_POST['cancel'])) diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 910eb10bdb..6304d6e49a 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -27,6 +27,7 @@ if (!defined('IN_PHPBB')) function login_db(&$username, &$password) { global $db, $config; + global $request; // do not allow empty password if (!$password) @@ -96,12 +97,23 @@ function login_db(&$username, &$password) // If the password convert flag is set we need to convert it if ($row['user_pass_convert']) { + // enable super globals to get literal value + // this is needed to prevent unicode normalization + $super_globals_disabled = $request->super_globals_disabled(); + if ($super_globals_disabled) + { + $request->enable_super_globals(); + } + // in phpBB2 passwords were used exactly as they were sent, with addslashes applied $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; - $password_new_format = ''; + $password_new_format = $request->variable('password', '', true); - set_var($password_new_format, stripslashes($password_old_format), 'string'); + if ($super_globals_disabled) + { + $request->disable_super_globals(); + } if ($password == $password_new_format) { diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index a02cc52cba..32fff0d715 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1148,6 +1148,7 @@ function tz_select($default = '', $truncate = false) function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $user_id = 0) { global $db, $user, $config; + global $request; if ($mode == 'all') { @@ -1162,7 +1163,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } else if ($config['load_anon_lastread'] || $user->data['is_registered']) { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); unset($tracking_topics['tf']); @@ -1171,7 +1172,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ $tracking_topics['l'] = base_convert(time() - $config['board_startdate'], 10, 36); $user->set_cookie('track', tracking_serialize($tracking_topics), time() + 31536000); - $_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking_topics)) : tracking_serialize($tracking_topics); + $request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking_topics), phpbb_request_interface::COOKIE); unset($tracking_topics); @@ -1241,7 +1242,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } else if ($config['load_anon_lastread'] || $user->data['is_registered']) { - $tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking = ($tracking) ? tracking_unserialize($tracking) : array(); foreach ($forum_id as $f_id) @@ -1272,7 +1273,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } $user->set_cookie('track', tracking_serialize($tracking), time() + 31536000); - $_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking); + $request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), phpbb_request_interface::COOKIE); unset($tracking); } @@ -1313,7 +1314,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } else if ($config['load_anon_lastread'] || $user->data['is_registered']) { - $tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking = ($tracking) ? tracking_unserialize($tracking) : array(); $topic_id36 = base_convert($topic_id, 10, 36); @@ -1328,7 +1329,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ // If the cookie grows larger than 10000 characters we will remove the smallest value // This can result in old topics being unread - but most of the time it should be accurate... - if (isset($_COOKIE[$config['cookie_name'] . '_track']) && strlen($_COOKIE[$config['cookie_name'] . '_track']) > 10000) + if (strlen($request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE)) > 10000) { //echo 'Cookie grown too large' . print_r($tracking, true); @@ -1368,7 +1369,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } $user->set_cookie('track', tracking_serialize($tracking), time() + 31536000); - $_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking); + $request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), phpbb_request_interface::COOKIE); } return; @@ -1550,7 +1551,7 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis if (!isset($tracking_topics) || !sizeof($tracking_topics)) { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); } @@ -1760,7 +1761,7 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti } else if ($config['load_anon_lastread'] || $user->data['is_registered']) { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); if (!$user->data['is_registered']) diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 98f1fdef13..71aee5d8e3 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -23,6 +23,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod { global $db, $auth, $user, $template; global $phpbb_root_path, $phpEx, $config; + global $request; $forum_rows = $subforums = $forum_ids = $forum_ids_moderator = $forum_moderators = $active_forum_ary = array(); $parent_id = $visible_forums = 0; @@ -69,7 +70,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod } else if ($config['load_anon_lastread'] || $user->data['is_registered']) { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); if (!$user->data['is_registered']) diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 73e0803d5d..d2f76868c1 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -206,6 +206,7 @@ class session function session_begin($update_session_page = true) { global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path; + global $request; // Give us some basic information $this->time_now = time(); @@ -241,7 +242,7 @@ class session $this->forwarded_for = ''; } - if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u'])) + if ($request->is_set($config['cookie_name'] . '_sid', phpbb_request_interface::COOKIE) || $request->is_set($config['cookie_name'] . '_u', phpbb_request_interface::COOKIE)) { $this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true); $this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true); diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index 64bed60248..d5bdb731ac 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -288,7 +288,7 @@ class ucp_main } else { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); } diff --git a/phpBB/search.php b/phpBB/search.php index 48fd12273b..b7cea03057 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -652,7 +652,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) if ($config['load_anon_lastread'] || ($user->data['is_registered'] && !$config['load_db_lastread'])) { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); } diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 2c719b45d4..2673418eab 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -701,9 +701,9 @@ if (!empty($topic_data['poll_start'])) // Cookie based guest tracking ... I don't like this but hum ho // it's oft requested. This relies on "nice" users who don't feel // the need to delete cookies to mess with results. - if (isset($_COOKIE[$config['cookie_name'] . '_poll_' . $topic_id])) + if ($request->is_set($config['cookie_name'] . '_poll_' . $topic_id, phpbb_request_interface::COOKIE)) { - $cur_voted_id = explode(',', $_COOKIE[$config['cookie_name'] . '_poll_' . $topic_id]); + $cur_voted_id = explode(',', $request->variable($config['cookie_name'] . '_poll_' . $topic_id, '', true, phpbb_request_interface::COOKIE)); $cur_voted_id = array_map('intval', $cur_voted_id); } } diff --git a/tests/request/request_var.php b/tests/request/request_var.php index 1c360d45d0..53a4d8097b 100644 --- a/tests/request/request_var.php +++ b/tests/request/request_var.php @@ -87,7 +87,7 @@ class phpbb_request_var_test extends phpbb_test_case $this->unset_variables('var'); // cannot set $_REQUEST directly because in phpbb_request implementation - // $_REQUEST = $_GET + $_POST + // $_REQUEST = $_POST + $_GET $_POST['var'] = array( 0 => array( 'b' => array( |