1 files changed, 9 insertions, 15 deletions
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index b596e72c41..07aa25d67b 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -24,6 +24,7 @@ function compose_pm($id, $mode, $action)
 {
 	global $template, $db, $auth, $user;
 	global $phpbb_root_path, $phpEx, $config;
+	global $request;
 
 	// Damn php and globals - i know, this is horrible
 	// Needed for handle_message_list_actions()
@@ -49,13 +50,7 @@ function compose_pm($id, $mode, $action)
 	// Reply to all triggered (quote/reply)
 	$reply_to_all	= request_var('reply_to_all', 0);
 
-	// Do NOT use request_var or specialchars here
-	$address_list	= isset($_REQUEST['address_list']) ? $_REQUEST['address_list'] : array();
-
-	if (!is_array($address_list))
-	{
-		$address_list = array();
-	}
+	$address_list	= $request->variable('address_list', array('' => array(0 => '')));
 
 	$submit		= (isset($_POST['post'])) ? true : false;
 	$preview	= (isset($_POST['preview'])) ? true : false;
@@ -1029,7 +1024,7 @@ function compose_pm($id, $mode, $action)
 
 	$s_hidden_fields = '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
 	$s_hidden_fields .= (isset($check_value)) ? '<input type="hidden" name="status_switch" value="' . $check_value . '" />' : '';
-	$s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . ((isset($_REQUEST['draft_loaded'])) ? intval($_REQUEST['draft_loaded']) : $draft_id) . '" />' : '';
+	$s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . ((isset($_REQUEST['draft_loaded'])) ? $request->variable('draft_loaded', 0) : $draft_id) . '" />' : '';
 
 	$form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_pm_attach'] || !$auth->acl_get('u_pm_attach')) ? '' : ' enctype="multipart/form-data"';
 
@@ -1105,11 +1100,12 @@ function compose_pm($id, $mode, $action)
 function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove_g, $add_to, $add_bcc)
 {
 	global $auth, $db, $user;
+	global $request;
 
 	// Delete User [TO/BCC]
-	if ($remove_u && !empty($_REQUEST['remove_u']) && is_array($_REQUEST['remove_u']))
+	if ($remove_u && $request->variable('remove_u', array(0 => '')))
 	{
-		$remove_user_id = array_keys($_REQUEST['remove_u']);
+		$remove_user_id = array_keys($request->variable('remove_u', array(0 => '')));
 
 		if (isset($remove_user_id[0]))
 		{
@@ -1118,9 +1114,9 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
 	}
 
 	// Delete Group [TO/BCC]
-	if ($remove_g && !empty($_REQUEST['remove_g']) && is_array($_REQUEST['remove_g']))
+	if ($remove_g && $request->variable('remove_g', array(0 => '')))
 	{
-		$remove_group_id = array_keys($_REQUEST['remove_g']);
+		$remove_group_id = array_keys($request->variable('remove_g', array(0 => '')));
 
 		if (isset($remove_group_id[0]))
 		{
@@ -1188,7 +1184,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
 		}
 
 		// Add Friends if specified
-		$friend_list = (isset($_REQUEST['add_' . $type]) && is_array($_REQUEST['add_' . $type])) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array();
+		$friend_list = array_keys($request->variable('add_' . $type, array(0)));
 		$user_id_ary = array_merge($user_id_ary, $friend_list);
 
 		foreach ($user_id_ary as $user_id)
@@ -1286,5 +1282,3 @@ function get_recipients($address_list, $num_recipients = 1)
 
 	return $recipient;
 }
-
-?>
-\ No newline at end of file