diff options
| -rw-r--r-- | phpBB/cron.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/cron/task/core/prune_forum.php | 13 | ||||
| -rw-r--r-- | phpBB/includes/cron/task/parametrized.php | 12 |
3 files changed, 12 insertions, 15 deletions
diff --git a/phpBB/cron.php b/phpBB/cron.php index 2363f5b10b..d1b96b12e1 100644 --- a/phpBB/cron.php +++ b/phpBB/cron.php @@ -89,7 +89,7 @@ if ($cron_lock->lock()) { if ($task->is_parametrized()) { - $task->parse_parameters($_GET); + $task->parse_parameters($request); } if ($task->is_ready()) { diff --git a/phpBB/includes/cron/task/core/prune_forum.php b/phpBB/includes/cron/task/core/prune_forum.php index 440dc5e358..b3f63c9f6c 100644 --- a/phpBB/includes/cron/task/core/prune_forum.php +++ b/phpBB/includes/cron/task/core/prune_forum.php @@ -103,20 +103,19 @@ class phpbb_cron_task_core_prune_forum extends phpbb_cron_task_base implements p } /** - * Parses parameters found in $params, which is an array. + * Parses parameters found in $request, which is an instance of + * phpbb_request_interface. * - * $params may contain user input and is not trusted. - * - * $params is expected to have a key f whose value is id of the forum to be pruned. + * It is expected to have a key f whose value is id of the forum to be pruned. */ - public function parse_parameters($params) + public function parse_parameters(phpbb_request_interface $request) { global $db; $this->forum_data = null; - if (isset($params['f'])) + if ($request->is_set('f')) { - $forum_id = (int) $params['f']; + $forum_id = $request->variable('f', 0); $sql = 'SELECT forum_id, prune_next, enable_prune, prune_days, prune_viewed, forum_flags, prune_freq FROM ' . FORUMS_TABLE . " diff --git a/phpBB/includes/cron/task/parametrized.php b/phpBB/includes/cron/task/parametrized.php index d505cc3328..a9481250e1 100644 --- a/phpBB/includes/cron/task/parametrized.php +++ b/phpBB/includes/cron/task/parametrized.php @@ -37,13 +37,11 @@ interface phpbb_cron_task_parametrized extends phpbb_cron_task public function get_parameters(); /** - * Parses parameters found in $params, which is an array. + * Parses parameters found in $request, which is an instance of + * phpbb_request_interface. * - * $params contains user input and must not be trusted. - * In normal operation $params contains the same data that was returned by - * get_parameters method. However, a malicious user can supply arbitrary - * data in $params. - * Cron task must validate all keys and values in $params before using them. + * $request contains user input and must not be trusted. + * Cron task must validate all data before using it. */ - public function parse_parameters($params); + public function parse_parameters(phpbb_request_interface $request); }
\ No newline at end of file |