aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/acp
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/acp')
-rw-r--r--phpBB/includes/acp/acp_attachments.php3
-rw-r--r--phpBB/includes/acp/acp_board.php2
-rw-r--r--phpBB/includes/acp/acp_icons.php5
-rw-r--r--phpBB/includes/acp/acp_language.php47
-rw-r--r--phpBB/includes/acp/acp_logs.php5
-rw-r--r--phpBB/includes/acp/acp_permissions.php17
-rw-r--r--phpBB/includes/acp/acp_profile.php11
7 files changed, 56 insertions, 34 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php
index fc5f44e14f..68870dce54 100644
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -1235,6 +1235,7 @@ class acp_attachments
function perform_site_list()
{
global $db, $user;
+ global $request;
if (isset($_REQUEST['securesubmit']))
{
@@ -1243,7 +1244,7 @@ class acp_attachments
$ip_list = array_unique(explode("\n", $ips));
$ip_list_log = implode(', ', $ip_list);
- $ip_exclude = (!empty($_POST['ipexclude'])) ? 1 : 0;
+ $ip_exclude = (int) $request->variable('ipexclude', false, false, phpbb_request_interface::POST);
$iplist = array();
$hostlist = array();
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php
index a5e80e1f6d..ab9492b7ba 100644
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -435,7 +435,7 @@ class acp_board
$cfg_array = (isset($_REQUEST['config'])) ? utf8_normalize_nfc(request_var('config', array('' => ''), true)) : $this->new_config;
$error = array();
- // We validate the complete config if whished
+ // We validate the complete config if wished
validate_config_vars($display_vars['vars'], $cfg_array, $error);
if ($submit && !check_form_key($form_key))
diff --git a/phpBB/includes/acp/acp_icons.php b/phpBB/includes/acp/acp_icons.php
index 3d64a2acda..43412f3c47 100644
--- a/phpBB/includes/acp/acp_icons.php
+++ b/phpBB/includes/acp/acp_icons.php
@@ -28,6 +28,7 @@ class acp_icons
{
global $db, $user, $auth, $template, $cache;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+ global $request;
$user->add_lang('acp/posting');
@@ -338,7 +339,7 @@ class acp_icons
$image_display_on_posting = (isset($_POST['display_on_posting'])) ? request_var('display_on_posting', array('' => 0)) : array();
// Ok, add the relevant bits if we are adding new codes to existing emoticons...
- if (!empty($_POST['add_additional_code']))
+ if ($request->variable('add_additional_code', false, false, phpbb_request_interface::POST))
{
$add_image = request_var('add_image', '');
$add_code = utf8_normalize_nfc(request_var('add_code', '', true));
@@ -354,7 +355,7 @@ class acp_icons
$image_width[$add_image] = request_var('add_width', 0);
$image_height[$add_image] = request_var('add_height', 0);
- if (!empty($_POST['add_display_on_posting']))
+ if ($request->variable('add_display_on_posting', false, false, phpbb_request_interface::POST))
{
$image_display_on_posting[$add_image] = 1;
}
diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php
index c2cb2f9c11..0f924dc95f 100644
--- a/phpBB/includes/acp/acp_language.php
+++ b/phpBB/includes/acp/acp_language.php
@@ -34,6 +34,7 @@ class acp_language
global $config, $db, $user, $auth, $template, $cache;
global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
global $safe_mode, $file_uploads;
+ global $request;
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
@@ -58,7 +59,7 @@ class acp_language
if (isset($_POST['missing_file']))
{
$missing_file = request_var('missing_file', array('' => 0));
- list($_REQUEST['language_file'], ) = array_keys($missing_file);
+ $request->overwrite('language_file', array_shift(array_keys($missing_file)));
}
$selected_lang_file = request_var('language_file', '|common.' . $phpEx);
@@ -68,6 +69,23 @@ class acp_language
$this->language_directory = basename($this->language_directory);
$this->language_file = basename($this->language_file);
+ // detect language file type
+ if ($this->language_directory == 'email')
+ {
+ $language_file_type = 'email';
+ $request_default = '';
+ }
+ else if (strpos($this->language_file, 'help_') === 0)
+ {
+ $language_file_type = 'help';
+ $request_default = array(0 => array(0 => ''));
+ }
+ else
+ {
+ $language_file_type = 'normal';
+ $request_default = array('' => '');
+ }
+
$user->add_lang('acp/language');
$this->tpl_name = 'acp_language';
$this->page_title = 'ACP_LANGUAGE_PACKS';
@@ -119,7 +137,7 @@ class acp_language
'DATA' => $data,
'NAME' => $user->lang[strtoupper($method . '_' . $data)],
'EXPLAIN' => $user->lang[strtoupper($method . '_' . $data) . '_EXPLAIN'],
- 'DEFAULT' => (!empty($_REQUEST[$data])) ? request_var($data, '') : $default
+ 'DEFAULT' => $request->variable($data, (string) $default),
));
}
@@ -130,7 +148,7 @@ class acp_language
'method' => $method)
);
- $hidden_data .= build_hidden_fields(array('entry' => $_POST['entry']), true, STRIP);
+ $hidden_data .= build_hidden_fields(array('entry' => $request->variable('entry', $request_default, true, phpbb_request_interface::POST)));
$template->assign_vars(array(
'S_UPLOAD' => true,
@@ -187,12 +205,9 @@ class acp_language
trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
}
- if (!$lang_id || empty($_POST['entry']))
- {
- trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action), E_USER_WARNING);
- }
+ $entry_value = $request->variable('entry', $request_default, true, phpbb_request_interface::POST);
- if ($this->language_directory != 'email' && !is_array($_POST['entry']))
+ if (!$lang_id || !$entry_value)
{
trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@@ -291,10 +306,10 @@ class acp_language
trigger_error(sprintf($user->lang['UNABLE_TO_WRITE_FILE'], $filename) . adm_back_link($this->u_action . '&id=' . $lang_id . '&action=details&language_file=' . urlencode($selected_lang_file)), E_USER_WARNING);
}
- if ($this->language_directory == 'email')
+ if ($language_file_type == 'email')
{
// Email Template
- $entry = $this->prepare_lang_entry($_POST['entry'], false);
+ $entry = $this->prepare_lang_entry(htmlspecialchars_decode($entry_value), false);
fwrite($fp, $entry);
}
else
@@ -302,13 +317,13 @@ class acp_language
$name = (($this->language_directory) ? $this->language_directory . '_' : '') . $this->language_file;
$header = str_replace(array('{FILENAME}', '{LANG_NAME}', '{CHANGED}', '{AUTHOR}'), array($name, $row['lang_english_name'], date('Y-m-d', time()), $row['lang_author']), $this->language_file_header);
- if (strpos($this->language_file, 'help_') === 0)
+ if ($language_file_type == 'help')
{
// Help File
$header .= '$help = array(' . "\n";
fwrite($fp, $header);
- foreach ($_POST['entry'] as $key => $value)
+ foreach ($entry_value as $key => $value)
{
if (!is_array($value))
{
@@ -319,7 +334,7 @@ class acp_language
foreach ($value as $_key => $_value)
{
- $entry .= "\t\t" . (int) $_key . "\t=> '" . $this->prepare_lang_entry($_value) . "',\n";
+ $entry .= "\t\t" . (int) $_key . "\t=> '" . $this->prepare_lang_entry(htmlspecialchars_decode($_value)) . "',\n";
}
$entry .= "\t),\n";
@@ -329,15 +344,15 @@ class acp_language
$footer = ");\n\n?>";
fwrite($fp, $footer);
}
- else
+ else if ($language_file_type == 'normal')
{
// Language File
$header .= $this->lang_header;
fwrite($fp, $header);
- foreach ($_POST['entry'] as $key => $value)
+ foreach ($entry_value as $key => $value)
{
- $entry = $this->format_lang_array($key, $value);
+ $entry = $this->format_lang_array(htmlspecialchars_decode($key), htmlspecialchars_decode($value));
fwrite($fp, $entry);
}
diff --git a/phpBB/includes/acp/acp_logs.php b/phpBB/includes/acp/acp_logs.php
index 0f4f78fcdd..e37b696873 100644
--- a/phpBB/includes/acp/acp_logs.php
+++ b/phpBB/includes/acp/acp_logs.php
@@ -27,6 +27,7 @@ class acp_logs
{
global $db, $user, $auth, $template, $cache;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+ global $request;
$user->add_lang('mcp');
@@ -35,8 +36,8 @@ class acp_logs
$forum_id = request_var('f', 0);
$topic_id = request_var('t', 0);
$start = request_var('start', 0);
- $deletemark = (!empty($_POST['delmarked'])) ? true : false;
- $deleteall = (!empty($_POST['delall'])) ? true : false;
+ $deletemark = $request->variable('delmarked', false, false, phpbb_request_interface::POST);
+ $deleteall = $request->variable('delall', false, false, phpbb_request_interface::POST);
$marked = request_var('mark', array(0));
// Sort keys
diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php
index e9f0af5071..50d7357100 100644
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@@ -658,6 +658,7 @@ class acp_permissions
function set_permissions($mode, $permission_type, &$auth_admin, &$user_id, &$group_id)
{
global $user, $auth;
+ global $request;
$psubmit = request_var('psubmit', array(0 => array(0 => 0)));
@@ -676,18 +677,17 @@ class acp_permissions
list($ug_id, ) = each($psubmit);
list($forum_id, ) = each($psubmit[$ug_id]);
- if (empty($_POST['setting']) || empty($_POST['setting'][$ug_id]) || empty($_POST['setting'][$ug_id][$forum_id]) || !is_array($_POST['setting'][$ug_id][$forum_id]))
+ $settings = $request->variable('setting', array(0 => array(0 => array('' => 0))), false, phpbb_request_interface::POST);
+ if (empty($settings) || empty($settings[$ug_id]) || empty($settings[$ug_id][$forum_id]))
{
trigger_error('WRONG_PERMISSION_SETTING_FORMAT', E_USER_WARNING);
}
- // We obtain and check $_POST['setting'][$ug_id][$forum_id] directly and not using request_var() because request_var()
- // currently does not support the amount of dimensions required. ;)
- // $auth_settings = request_var('setting', array(0 => array(0 => array('' => 0))));
- $auth_settings = array_map('intval', $_POST['setting'][$ug_id][$forum_id]);
+ $auth_settings = $settings[$ug_id][$forum_id];
// Do we have a role we want to set?
- $assigned_role = (isset($_POST['role'][$ug_id][$forum_id])) ? (int) $_POST['role'][$ug_id][$forum_id] : 0;
+ $roles = $request->variable('role', array(0 => array(0 => 0)), false, phpbb_request_interface::POST);
+ $assigned_role = (isset($roles[$ug_id][$forum_id])) ? (int) $roles[$ug_id][$forum_id] : 0;
// Do the admin want to set these permissions to other items too?
$inherit = request_var('inherit', array(0 => array(0)));
@@ -747,6 +747,7 @@ class acp_permissions
function set_all_permissions($mode, $permission_type, &$auth_admin, &$user_id, &$group_id)
{
global $user, $auth;
+ global $request;
// User or group to be set?
$ug_type = (sizeof($user_id)) ? 'user' : 'group';
@@ -757,8 +758,8 @@ class acp_permissions
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
- $auth_settings = (isset($_POST['setting'])) ? $_POST['setting'] : array();
- $auth_roles = (isset($_POST['role'])) ? $_POST['role'] : array();
+ $auth_settings = $request->variable('setting', array(0 => array(0 => array('' => 0))), false, phpbb_request_interface::POST);
+ $auth_roles = $request->variable('role', array(0 => array(0 => 0)), false, phpbb_request_interface::POST);
$ug_ids = $forum_ids = array();
// We need to go through the auth settings
diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php
index 2288a0728b..b66737ce03 100644
--- a/phpBB/includes/acp/acp_profile.php
+++ b/phpBB/includes/acp/acp_profile.php
@@ -30,6 +30,7 @@ class acp_profile
{
global $config, $db, $user, $auth, $template, $cache;
global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
+ global $request;
include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
@@ -487,7 +488,8 @@ class acp_profile
$cp->vars['field_default_value_day'] = $now['mday'];
$cp->vars['field_default_value_month'] = $now['mon'];
$cp->vars['field_default_value_year'] = $now['year'];
- $var = $_POST['field_default_value'] = 'now';
+ $var = 'now';
+ $request->overwrite('field_default_value', $var, phpbb_request_interface::POST);
}
else
{
@@ -496,7 +498,8 @@ class acp_profile
$cp->vars['field_default_value_day'] = request_var('field_default_value_day', 0);
$cp->vars['field_default_value_month'] = request_var('field_default_value_month', 0);
$cp->vars['field_default_value_year'] = request_var('field_default_value_year', 0);
- $var = $_POST['field_default_value'] = sprintf('%2d-%2d-%4d', $cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']);
+ $var = sprintf('%2d-%2d-%4d', $cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']);
+ $request->overwrite('field_default_value', $var, phpbb_request_interface::POST);
}
else
{
@@ -688,7 +691,7 @@ class acp_profile
}
else
{
- $_new_key_ary[$key] = (is_array($_REQUEST[$key])) ? utf8_normalize_nfc(request_var($key, array(''), true)) : utf8_normalize_nfc(request_var($key, '', true));
+ $_new_key_ary[$key] = ($field_type == FIELD_BOOL && $key == 'lang_options') ? utf8_normalize_nfc(request_var($key, array(''), true)) : utf8_normalize_nfc(request_var($key, '', true));
}
}
}
@@ -1623,4 +1626,4 @@ class acp_profile
}
}
-?>
+?> \ No newline at end of file