mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-01-18 22:58:10 +01:00
Code Issues Releases Wiki Activity

- updated all code to use the request class instead of any direct access to

Browse Source 
super globals
- disabled super globals in common.php. See commit r9101 for
  more information
- cleaned up/simplified a few lines along the way.

git-svn-id: file:///svn/phpbb/trunk@9102 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Nils Adermann 2008-11-24 00:20:33 +00:00
parent 8427ae3fd4
commit 07e9b83a3d
73 changed files with 369 additions and 347 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/adm/index.php
View File

@ -175,7 +175,7 @@ function adm_page_footer($copyright_html = true)
$mtime = explode(' ', microtime());
$totaltime = $mtime[0] + $mtime[1] - $starttime;
if (!empty($_REQUEST['explain']) && $auth->acl_get('a_') && defined('DEBUG_EXTRA') && method_exists($db, 'sql_report'))
if (request::variable('explain', false) && $auth->acl_get('a_') && defined('DEBUG_EXTRA') && method_exists($db, 'sql_report'))
{
$db->sql_report('display');
}

3
phpBB/common.php
View File

@ -200,6 +200,9 @@ require(PHPBB_ROOT_PATH . 'includes/utf/utf_tools.' . PHP_EXT);
// Set PHP error handler to ours
set_error_handler(defined('PHPBB_MSG_HANDLER') ? PHPBB_MSG_HANDLER : 'msg_handler');
// enforce the use of the request class
request::disable_super_globals();
// Instantiate some basic classes
$user = new user();
$auth = new auth();

2
phpBB/docs/coding-guidelines.html
View File

@ -875,7 +875,7 @@ $submit = (isset($HTTP_POST_VARS['submit'])) ? true : false;
<p class="good">// Use request var and define a default variable (use the correct type)</p>
<div class="codebox"><pre>
$start = request_var('start', 0);
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
</pre></div>
<p class="bad">// $start is an int, the following use of request_var therefore is not allowed</p>

4
phpBB/download/file.php
View File

@ -30,13 +30,13 @@ else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'
exit;
}
if (isset($_GET['avatar']))
if (request::is_set('avatar', request::GET))
{
// worst-case default
$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';
$config = cache::obtain_config();
$filename = $_GET['avatar'];
$filename = request::variable('avatar', '', false, request::GET);
$avatar_group = false;
$exit = false;

26
phpBB/includes/acp/acp_attachments.php
View File

@ -31,7 +31,7 @@ class acp_attachments
$user->add_lang(array('posting', 'viewtopic', 'acp/attachments'));
$error = $notify = array();
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
$action = request_var('action', '');
$form_key = 'acp_attach';
@ -128,7 +128,7 @@ class acp_attachments
);
$this->new_config = $config;
$cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => '')) : $this->new_config;
$cfg_array = (request::is_set('config')) ? request_var('config', array('' => '')) : $this->new_config;
$error = array();
// We validate the complete config if whished
@ -297,7 +297,7 @@ class acp_attachments
case 'extensions':
if ($submit || isset($_POST['add_extension_check']))
if ($submit || request::is_set_post('add_extension_check'))
{
if ($submit)
{
@ -361,7 +361,7 @@ class acp_attachments
// Add Extension?
$add_extension = strtolower(request_var('add_extension', ''));
$add_extension_group = request_var('add_group_select', 0);
$add = (isset($_POST['add_extension_check'])) ? true : false;
$add = request::is_set_post('add_extension_check');
if ($add_extension && $add)
{
@ -402,7 +402,7 @@ class acp_attachments
$template->assign_vars(array(
'S_EXTENSIONS' => true,
'ADD_EXTENSION' => (isset($add_extension)) ? $add_extension : '',
'GROUP_SELECT_OPTIONS' => (isset($_POST['add_extension_check'])) ? $this->group_select('add_group_select', $add_extension_group, 'extension_group') : $this->group_select('add_group_select', false, 'extension_group'))
'GROUP_SELECT_OPTIONS' => (request::is_set_post('add_extension_check')) ? $this->group_select('add_group_select', $add_extension_group, 'extension_group') : $this->group_select('add_group_select', false, 'extension_group'))
);
$sql = 'SELECT *
@ -512,10 +512,10 @@ class acp_attachments
$size_select = request_var('size_select', 'b');
$forum_select = request_var('forum_select', false);
$allowed_forums = request_var('allowed_forums', array(0));
$allow_in_pm = (isset($_POST['allow_in_pm'])) ? true : false;
$allow_in_pm = request::is_set_post('allow_in_pm');
$max_filesize = request_var('max_filesize', 0);
$max_filesize = ($size_select == 'kb') ? round($max_filesize * 1024) : (($size_select == 'mb') ? round($max_filesize * 1048576) : $max_filesize);
$allow_group = (isset($_POST['allow_group'])) ? true : false;
$allow_group = request::is_set_post('allow_group');
if ($max_filesize == $config['max_filesize'])
{
@ -593,7 +593,7 @@ class acp_attachments
);
$group_id = request_var('g', 0);
$action = (isset($_POST['add'])) ? 'add' : $action;
$action = request::is_set_post('add');
switch ($action)
{
@ -876,8 +876,8 @@ class acp_attachments
if ($submit)
{
$delete_files = (isset($_POST['delete'])) ? array_keys(request_var('delete', array('' => 0))) : array();
$add_files = (isset($_POST['add'])) ? array_keys(request_var('add', array('' => 0))) : array();
$delete_files = array_keys(request::variable('delete', array('' => 0), false, request::POST));
$add_files = array_keys(request::variable('add', array('' => 0), false, request::POST));
$post_ids = request_var('post_id', array('' => 0));
if (sizeof($delete_files))
@ -1231,14 +1231,14 @@ class acp_attachments
{
global $db, $user;
if (isset($_REQUEST['securesubmit']))
if (request::is_set('securesubmit'))
{
// Grab the list of entries
$ips = request_var('ips', '');
$ip_list = array_unique(explode("\n", $ips));
$ip_list_log = implode(', ', $ip_list);
$ip_exclude = (!empty($_POST['ipexclude'])) ? 1 : 0;
$ip_exclude = (int) request::variable('ipexclude', false, false, request::POST);
$iplist = array();
$hostlist = array();
@ -1385,7 +1385,7 @@ class acp_attachments
trigger_error($user->lang['SECURE_DOWNLOAD_UPDATE_SUCCESS'] . adm_back_link($this->u_action));
}
else if (isset($_POST['unsecuresubmit']))
else if (request::is_set_post('unsecuresubmit'))
{
$unip_sql = request_var('unip', array(0));

4
phpBB/includes/acp/acp_ban.php
View File

@ -29,8 +29,8 @@ class acp_ban
include(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT);
$bansubmit = (isset($_POST['bansubmit'])) ? true : false;
$unbansubmit = (isset($_POST['unbansubmit'])) ? true : false;
$bansubmit = request::is_set_post('bansubmit');
$unbansubmit = request::is_set_post('unbansubmit');
$current_time = time();
$user->add_lang(array('acp/ban', 'acp/users'));

4
phpBB/includes/acp/acp_board.php
View File

@ -32,7 +32,7 @@ class acp_board
$user->add_lang('acp/board');
$action = request_var('action', '');
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
$form_key = 'acp_board';
add_form_key($form_key);
@ -371,7 +371,7 @@ class acp_board
}
$this->new_config = $config;
$cfg_array = (isset($_REQUEST['config'])) ? utf8_normalize_nfc(request_var('config', array('' => ''), true)) : $this->new_config;
$cfg_array = (request::is_set('config')) ? utf8_normalize_nfc(request_var('config', array('' => ''), true)) : $this->new_config;
$error = array();
// We validate the complete config if whished

4
phpBB/includes/acp/acp_bots.php
View File

@ -28,11 +28,11 @@ class acp_bots
global $config, $db, $user, $auth, $template, $cache;
$action = request_var('action', '');
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
$mark = request_var('mark', array(0));
$bot_id = request_var('id', 0);
if (isset($_POST['add']))
if (request::is_set_post('add'))
{
$action = 'add';
}

4
phpBB/includes/acp/acp_captcha.php
View File

@ -36,7 +36,7 @@ class acp_captcha
$configure = request_var('configure', false);
// Oh, they are just here for the view
if (isset($_GET['captcha_demo']))
if (request::is_set('captcha_demo', request::GET))
{
$this->deliver_demo($selected);
}
@ -109,7 +109,7 @@ class acp_captcha
foreach ($config_vars as $config_var => $template_var)
{
$template->assign_var($template_var, (isset($_REQUEST[$config_var])) ? request_var($config_var, '') : $config[$config_var]) ;
$template->assign_var($template_var, request_var($config_var, $config[$config_var])) ;
}
$template->assign_vars(array(

2
phpBB/includes/acp/acp_database.php
View File

@ -33,7 +33,7 @@ class acp_database
$this->page_title = 'ACP_DATABASE';
$action = request_var('action', '');
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
$template->assign_vars(array(
'MODE' => $mode

4
phpBB/includes/acp/acp_disallow.php
View File

@ -38,8 +38,8 @@ class acp_disallow
$form_key = 'acp_disallow';
add_form_key($form_key);
$disallow = (isset($_POST['disallow'])) ? true : false;
$allow = (isset($_POST['allow'])) ? true : false;
$disallow = request::is_set_post('disallow');
$allow = request::is_set_post('allow');
if (($allow || $disallow) && !check_form_key($form_key))
{

4
phpBB/includes/acp/acp_email.php
View File

@ -35,7 +35,7 @@ class acp_email
add_form_key($form_key);
// Set some vars
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
$error = array();
$usernames = request_var('usernames', '', true);
@ -48,7 +48,7 @@ class acp_email
{
// Error checking needs to go here ... if no subject and/or no message then skip
// over the send and return to the form
$use_queue = (isset($_POST['send_immediately'])) ? false : true;
$use_queue = request::is_set_post('send_immediately');
$priority = request_var('mail_priority_flag', MAIL_NORMAL_PRIORITY);
if (!check_form_key($form_key))

2
phpBB/includes/acp/acp_forums.php
View File

@ -36,7 +36,7 @@ class acp_forums
add_form_key($form_key);
$action = request_var('action', '');
$update = (isset($_POST['update'])) ? true : false;
$update = request::is_set_post('update');
$forum_id = request_var('f', 0);
$this->parent_id = request_var('parent_id', 0);

12
phpBB/includes/acp/acp_groups.php
View File

@ -37,14 +37,14 @@ class acp_groups
include(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT);
// Check and set some common vars
$action = (isset($_POST['add'])) ? 'add' : ((isset($_POST['addusers'])) ? 'addusers' : request_var('action', ''));
$action = (request::is_set_post('add')) ? 'add' : ((request::is_set_post('addusers')) ? 'addusers' : request_var('action', ''));
$group_id = request_var('g', 0);
$mark_ary = request_var('mark', array(0));
$name_ary = request_var('usernames', '', true);
$leader = request_var('leader', 0);
$default = request_var('default', 0);
$start = request_var('start', 0);
$update = (isset($_POST['update'])) ? true : false;
$update = request::is_set_post('update');
// Clear some vars
@ -303,8 +303,8 @@ class acp_groups
$submit_ary = array(
'colour' => request_var('group_colour', ''),
'rank' => request_var('group_rank', 0),
'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0,
'legend' => isset($_REQUEST['group_legend']) ? 1 : 0,
'receive_pm' => request::is_set('group_receive_pm') ? 1 : 0,
'legend' => request::is_set('group_legend') ? 1 : 0,
'message_limit' => request_var('group_message_limit', 0),
'max_recipients' => request_var('group_max_recipients', 0),
'founder_manage' => 0,
@ -312,7 +312,7 @@ class acp_groups
if ($user->data['user_type'] == USER_FOUNDER)
{
$submit_ary['founder_manage'] = isset($_REQUEST['group_founder_manage']) ? 1 : 0;
$submit_ary['founder_manage'] = request::is_set('group_founder_manage') ? 1 : 0;
}
if (!empty($_FILES['uploadfile']['tmp_name']) || $data['uploadurl'] || $data['remotelink'])
@ -519,7 +519,7 @@ class acp_groups
$avatar_img = (!empty($group_row['group_avatar'])) ? get_user_avatar($group_row['group_avatar'], $group_row['group_avatar_type'], $group_row['group_avatar_width'], $group_row['group_avatar_height'], 'GROUP_AVATAR') : '<img src="' . PHPBB_ADMIN_PATH . 'images/no_avatar.gif" alt="" />';
$display_gallery = (isset($_POST['display_gallery'])) ? true : false;
$display_gallery = request::is_set_post('display_gallery');
if ($config['allow_avatar_local'] && $display_gallery)
{

28
phpBB/includes/acp/acp_icons.php
View File

@ -32,9 +32,9 @@ class acp_icons
// Set up general vars
$action = request_var('action', '');
$action = (isset($_POST['add'])) ? 'add' : $action;
$action = (isset($_POST['edit'])) ? 'edit' : $action;
$action = (isset($_POST['import'])) ? 'import' : $action;
$action = (request::is_set_post('add')) ? 'add' : $action;
$action = (request::is_set_post('edit')) ? 'edit' : $action;
$action = (request::is_set_post('import')) ? 'import' : $action;
$icon_id = request_var('id', 0);
$mode = ($mode == 'smilies') ? 'smilies' : 'icons';
@ -309,20 +309,20 @@ class acp_icons
case 'modify':
// Get items to create/modify
$images = (isset($_POST['image'])) ? array_keys(request_var('image', array('' => 0))) : array();
$images = array_keys(request::variable('image', array('' => 0), false, request::POST));
// Now really get the items
$image_id = (isset($_POST['id'])) ? request_var('id', array('' => 0)) : array();
$image_order = (isset($_POST['order'])) ? request_var('order', array('' => 0)) : array();
$image_width = (isset($_POST['width'])) ? request_var('width', array('' => 0)) : array();
$image_height = (isset($_POST['height'])) ? request_var('height', array('' => 0)) : array();
$image_add = (isset($_POST['add_img'])) ? request_var('add_img', array('' => 0)) : array();
$image_emotion = utf8_normalize_nfc(request_var('emotion', array('' => ''), true));
$image_code = utf8_normalize_nfc(request_var('code', array('' => ''), true));
$image_display_on_posting = (isset($_POST['display_on_posting'])) ? request_var('display_on_posting', array('' => 0)) : array();
$image_id = request::variable('id', array('' => 0), false, request::POST);
$image_order = request::variable('order', array('' => 0), false, request::POST);
$image_width = request::variable('width', array('' => 0), false, request::POST);
$image_height = request::variable('height', array('' => 0), false, request::POST);
$image_add = request::variable('add_img', array('' => 0), false, request::POST);
$image_display_on_posting = request::variable('display_on_posting', array('' => 0), false, request::POST);
$image_emotion = utf8_normalize_nfc(request_var('emotion', array('' => ''), true));
$image_code = utf8_normalize_nfc(request_var('code', array('' => ''), true));
// Ok, add the relevant bits if we are adding new codes to existing emoticons...
if (!empty($_POST['add_additional_code']))
if (request::variable('add_additional_code', false, false, request::POST))
{
$add_image = request_var('add_image', '');
$add_code = utf8_normalize_nfc(request_var('add_code', '', true));
@ -338,7 +338,7 @@ class acp_icons
$image_width[$add_image] = request_var('add_width', 0);
$image_height[$add_image] = request_var('add_height', 0);
if (!empty($_POST['add_display_on_posting']))
if (request::variable('add_display_on_posting', false, false, request::POST))
{
$image_display_on_posting[$add_image] = 1;
}

4
phpBB/includes/acp/acp_inactive.php
View File

@ -38,9 +38,9 @@ class acp_inactive
$user->add_lang('memberlist');
$action = request_var('action', '');
$mark = (isset($_REQUEST['mark'])) ? request_var('mark', array(0)) : array();
$mark = request_var('mark', array(0));
$start = request_var('start', 0);
$submit = isset($_POST['submit']);
$submit = request::is_set_post('submit');
// Sort keys
$sort_days = request_var('st', 0);

2
phpBB/includes/acp/acp_jabber.php
View File

@ -33,7 +33,7 @@ class acp_jabber
include_once(PHPBB_ROOT_PATH . 'includes/functions_jabber.' . PHP_EXT);
$action = request_var('action', '');
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
if ($mode != 'settings')
{

36
phpBB/includes/acp/acp_language.php
View File

@ -34,30 +34,40 @@ class acp_language
global $config, $db, $user, $auth, $template, $cache;
global $safe_mode, $file_uploads;
/**
* @todo make this work with the request class, might require some additional functionality
* inside the request class. Reducing some of the redundance of this code would certainly
* not hurt either.
*/
request::enable_super_globals();
include_once(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT);
$this->default_variables();
// Check and set some common vars
$action = (isset($_POST['update_details'])) ? 'update_details' : '';
$action = (isset($_POST['download_file'])) ? 'download_file' : $action;
$action = (isset($_POST['upload_file'])) ? 'upload_file' : $action;
$action = (isset($_POST['upload_data'])) ? 'upload_data' : $action;
$action = (isset($_POST['submit_file'])) ? 'submit_file' : $action;
$action = (isset($_POST['remove_store'])) ? 'details' : $action;
$action = (request::is_set_post('update_details')) ? 'update_details' : '';
$action = (request::is_set_post('download_file')) ? 'download_file' : $action;
$action = (request::is_set_post('upload_file')) ? 'upload_file' : $action;
$action = (request::is_set_post('upload_data')) ? 'upload_data' : $action;
$action = (request::is_set_post('submit_file')) ? 'submit_file' : $action;
$action = (request::is_set_post('remove_store')) ? 'details' : $action;
$submit = (empty($action) && !isset($_POST['update']) && !isset($_POST['test_connection'])) ? false : true;
$submit = (empty($action) && !request::is_set_post('update') && !request::is_set_post('test_connection')) ? false : true;
$action = (empty($action)) ? request_var('action', '') : $action;
$form_name = 'acp_lang';
add_form_key('acp_lang');
$lang_id = request_var('id', 0);
if (isset($_POST['missing_file']))
if (request::is_set_post('missing_file'))
{
$missing_file = request_var('missing_file', array('' => 0));
list($_REQUEST['language_file'], ) = array_keys($missing_file);
/**
* @todo Do NOT overwrite a request variable.
*/
request::overwrite('language_file', key($missing_file));
}
$selected_lang_file = request_var('language_file', '|common.' . PHP_EXT);
@ -114,11 +124,12 @@ class acp_language
$requested_data = call_user_func(array($method, 'data'));
foreach ($requested_data as $data => $default)
{
$default_value = request_var($data, '');
$template->assign_block_vars('data', array(
'DATA' => $data,
'NAME' => $user->lang[strtoupper($method . '_' . $data)],
'EXPLAIN' => $user->lang[strtoupper($method . '_' . $data) . '_EXPLAIN'],
'DEFAULT' => (!empty($_REQUEST[$data])) ? request_var($data, '') : $default
'DEFAULT' => (empty($default_value)) ? $default : $default_value
));
}
@ -129,6 +140,9 @@ class acp_language
'method' => $method)
);
/**
* @todo Do not use $_POST here, but request::variable which needs to support more dimensions
*/
$hidden_data .= build_hidden_fields(array('entry' => $_POST['entry']), true, STRIP);
$template->assign_vars(array(
@ -488,7 +502,7 @@ class acp_language
}
}
if (isset($_POST['remove_store']))
if (request::is_set_post('remove_store'))
{
$store_filename = $this->get_filename($lang_iso, $this->language_directory, $this->language_file, true, true);

4
phpBB/includes/acp/acp_logs.php
View File

@ -33,8 +33,8 @@ class acp_logs
$action = request_var('action', '');
$forum_id = request_var('f', 0);
$start = request_var('start', 0);
$deletemark = (!empty($_POST['delmarked'])) ? true : false;
$deleteall = (!empty($_POST['delall'])) ? true : false;
$deletemark = request::variable('delmarked', false, false, request::POST);
$deleteall = request::variable('delall', false, false, request::POST);
$marked = request_var('mark', array(0));
// Sort keys

2
phpBB/includes/acp/acp_modules.php
View File

@ -266,7 +266,7 @@ class acp_modules
$module_data['module_langname'] = utf8_normalize_nfc(request_var('module_langname', (string) $module_row['module_langname'], true));
$module_data['module_mode'] = request_var('module_mode', (string) $module_row['module_mode']);
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
if ($submit)
{

4
phpBB/includes/acp/acp_permission_roles.php
View File

@ -37,10 +37,10 @@ class acp_permission_roles
$this->tpl_name = 'acp_permission_roles';
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
$role_id = request_var('role_id', 0);
$action = request_var('action', '');
$action = (isset($_POST['add'])) ? 'add' : $action;
$action = (request::is_set_post('add')) ? 'add' : $action;
$form_name = 'acp_permissions';
add_form_key($form_name);

32
phpBB/includes/acp/acp_permissions.php
View File

@ -59,7 +59,7 @@ class acp_permissions
// Set some vars
$action = request_var('action', array('' => 0));
$action = key($action);
$action = (isset($_POST['psubmit'])) ? 'apply_permissions' : $action;
$action = (request::is_set_post('psubmit')) ? 'apply_permissions' : $action;
$all_forums = request_var('all_forums', 0);
$subforum_id = request_var('subforum_id', 0);
@ -229,8 +229,8 @@ class acp_permissions
trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
}
// All users/groups selected?
$all_users = (isset($_POST['all_users'])) ? true : false;
$all_groups = (isset($_POST['all_groups'])) ? true : false;
$all_users = request::is_set_post('all_users');
$all_groups = request::is_set_post('all_groups');
if ($all_users || $all_groups)
{
@ -257,7 +257,7 @@ class acp_permissions
break;
case 'apply_permissions':
if (!isset($_POST['setting']))
if (!request::is_set_post('setting'))
{
trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@ -270,7 +270,7 @@ class acp_permissions
break;
case 'apply_all_permissions':
if (!isset($_POST['setting']))
if (!request::is_set_post('setting'))
{
trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@ -376,8 +376,8 @@ class acp_permissions
case 'usergroup':
case 'usergroup_view':
$all_users = (isset($_POST['all_users'])) ? true : false;
$all_groups = (isset($_POST['all_groups'])) ? true : false;
$all_users = request::is_set_post('all_users');
$all_groups = request::is_set_post('all_groups');
if ((sizeof($user_id) && !$all_users) || (sizeof($group_id) && !$all_groups))
{
@ -632,18 +632,14 @@ class acp_permissions
list($ug_id, ) = each($psubmit);
list($forum_id, ) = each($psubmit[$ug_id]);
if (empty($_POST['setting']) || empty($_POST['setting'][$ug_id]) || empty($_POST['setting'][$ug_id][$forum_id]) || !is_array($_POST['setting'][$ug_id][$forum_id]))
$auth_settings = request::variable('setting', array(0 => array(0 => array('' => 0))), false, request::POST);
if (!isset($auth_settings[$ug_id][$forum_id]) || !sizeof($auth_settings[$ug_id][$forum_id])))
{
trigger_error('WRONG_PERMISSION_SETTING_FORMAT', E_USER_WARNING);
}
// We obtain and check $_POST['setting'][$ug_id][$forum_id] directly and not using request_var() because request_var()
// currently does not support the amount of dimensions required. ;)
// $auth_settings = request_var('setting', array(0 => array(0 => array('' => 0))));
$auth_settings = array_map('intval', $_POST['setting'][$ug_id][$forum_id]);
// Do we have a role we want to set?
$assigned_role = (isset($_POST['role'][$ug_id][$forum_id])) ? (int) $_POST['role'][$ug_id][$forum_id] : 0;
$assigned_role = request::variable(array('role', $ug_id, $forum_id), 0, false, request::POST));
// Do the admin want to set these permissions to other items too?
$inherit = request_var('inherit', array(0 => array(0)));
@ -713,23 +709,21 @@ class acp_permissions
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$auth_settings = (isset($_POST['setting'])) ? $_POST['setting'] : array();
$auth_roles = (isset($_POST['role'])) ? $_POST['role'] : array();
$auth_settings = request::variable('setting', array(0 => array(0 => array('' => 0))), false, request::POST);
$auth_roles = request::variable('role', array(0 => array(0 => 0)), false, request::POST);
$ug_ids = $forum_ids = array();
// We need to go through the auth settings
foreach ($auth_settings as $ug_id => $forum_auth_row)
{
$ug_id = (int) $ug_id;
$ug_ids[] = $ug_id;
foreach ($forum_auth_row as $forum_id => $auth_options)
{
$forum_id = (int) $forum_id;
$forum_ids[] = $forum_id;
// Check role...
$assigned_role = (isset($auth_roles[$ug_id][$forum_id])) ? (int) $auth_roles[$ug_id][$forum_id] : 0;
$assigned_role = (isset($auth_roles[$ug_id][$forum_id])) ? $auth_roles[$ug_id][$forum_id] : 0;
// If the auth settings differ from the assigned role, then do not set a role...
if ($assigned_role)

45
phpBB/includes/acp/acp_profile.php
View File

@ -38,7 +38,7 @@ class acp_profile
$this->tpl_name = 'acp_profile';
$this->page_title = 'ACP_CUSTOM_PROFILE_FIELDS';
$action = (isset($_POST['create'])) ? 'create' : request_var('action', '');
$action = (request::is_set_post('create')) ? 'create' : request_var('action', '');
$error = array();
$s_hidden_fields = '';
@ -287,8 +287,8 @@ class acp_profile
$field_id = request_var('field_id', 0);
$step = request_var('step', 1);
$submit = (isset($_REQUEST['next']) || isset($_REQUEST['prev'])) ? true : false;
$save = (isset($_REQUEST['save'])) ? true : false;
$submit = (request::is_set('next') || request::is_set('prev')) ? true : false;
$save = request::is_set('save');
// The language id of default language
$this->edit_lang_id = $this->lang_defs['iso'][$config['default_lang']];
@ -399,7 +399,7 @@ class acp_profile
$cp->vars['lang_default_value'] = utf8_normalize_nfc(request_var('lang_default_value', $field_row['lang_default_value'], true));
// Field option...
if (isset($_REQUEST['field_option']))
if (request::is_set('field_option'))
{
$field_option = request_var('field_option', '');
@ -463,7 +463,7 @@ class acp_profile
}
else if ($field_type == FIELD_TEXT && $key == 'field_length')
{
if (isset($_REQUEST['rows']))
if (request::is_set('rows'))
{
$cp->vars['rows'] = request_var('rows', 0);
$cp->vars['columns'] = request_var('columns', 0);
@ -487,16 +487,27 @@ class acp_profile
$cp->vars['field_default_value_day'] = $now['mday'];
$cp->vars['field_default_value_month'] = $now['mon'];
$cp->vars['field_default_value_year'] = $now['year'];
$var = $_POST['field_default_value'] = 'now';
$var = 'now';
/**
* @todo Do NOT overwrite a request variable.
*/
request::overwrite('field_default_value', $var, request::REQUEST);
request::overwrite('field_default_value', $var, request::POST);
}
else
{
if (isset($_REQUEST['field_default_value_day']))
if (request::is_set('field_default_value_day'))
{
$cp->vars['field_default_value_day'] = request_var('field_default_value_day', 0);
$cp->vars['field_default_value_month'] = request_var('field_default_value_month', 0);
$cp->vars['field_default_value_year'] = request_var('field_default_value_year', 0);
$var = $_POST['field_default_value'] = sprintf('%2d-%2d-%4d', $cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']);
$var = sprintf('%2d-%2d-%4d', $cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']);
/**
* @todo Do NOT overwrite a request variable.
*/
request::overwrite('field_default_value', $var, request::REQUEST);
request::overwrite('field_default_value', $var, request::POST);
}
else
{
@ -622,7 +633,7 @@ class acp_profile
}
}
$step = (isset($_REQUEST['next'])) ? $step + 1 : ((isset($_REQUEST['prev'])) ? $step - 1 : $step);
$step = (request::is_set('next')) ? $step + 1 : ((request::is_set('prev')) ? $step - 1 : $step);
if (sizeof($error))
{
@ -642,7 +653,7 @@ class acp_profile
foreach ($key_ary as $key)
{
if ($field_type == FIELD_TEXT && $key == 'field_length' && isset($_REQUEST['rows']))
if ($field_type == FIELD_TEXT && $key == 'field_length' && request::is_set('rows'))
{
$cp->vars['rows'] = request_var('rows', 0);
$cp->vars['columns'] = request_var('columns', 0);
@ -656,21 +667,21 @@ class acp_profile
{
$_new_key_ary[$key] = 'now';
}
else if (isset($_REQUEST['field_default_value_day']))
else if (request::is_set('field_default_value_day'))
{
$cp->vars['field_default_value_day'] = request_var('field_default_value_day', 0);
$cp->vars['field_default_value_month'] = request_var('field_default_value_month', 0);
$cp->vars['field_default_value_year'] = request_var('field_default_value_year', 0);
$_new_key_ary[$key] = sprintf('%2d-%2d-%4d', $cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']);
$_new_key_ary[$key] = sprintf('%2d-%2d-%4d', $cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']);
}
}
else if ($field_type == FIELD_BOOL && $key == 'l_lang_options' && isset($_REQUEST['l_lang_options']))
else if ($field_type == FIELD_BOOL && $key == 'l_lang_options' && request::is_set('l_lang_options'))
{
$_new_key_ary[$key] = utf8_normalize_nfc(request_var($key, array(array('')), true));
}
else
{
if (!isset($_REQUEST[$key]))
if (!request::is_set($key))
{
$var = false;
}
@ -680,7 +691,11 @@ class acp_profile
}
else
{
$_new_key_ary[$key] = (is_array($_REQUEST[$key])) ? utf8_normalize_nfc(request_var($key, array(''), true)) : utf8_normalize_nfc(request_var($key, '', true));
$_new_key_ary[$key] = utf8_normalize_nfc(request_var($key, array(''), true));
if (!sizeof($_new_key_ary[$key]))
{
$_new_key_ary[$key] = utf8_normalize_nfc(request_var($key, '', true));
}
}
}
}

4
phpBB/includes/acp/acp_prune.php
View File

@ -55,7 +55,7 @@ class acp_prune
$all_forums = request_var('all_forums', 0);
$forum_id = request_var('f', array(0));
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
if ($all_forums)
{
@ -231,7 +231,7 @@ class acp_prune
$user->add_lang('memberlist');
$prune = (isset($_POST['prune'])) ? true : false;
$prune = request::is_set_post('prune');
if ($prune)
{

4
phpBB/includes/acp/acp_ranks.php
View File

@ -31,8 +31,8 @@ class acp_ranks
// Set up general vars
$action = request_var('action', '');
$action = (isset($_POST['add'])) ? 'add' : $action;
$action = (isset($_POST['save'])) ? 'save' : $action;
$action = (request::is_set_post('add')) ? 'add' : $action;
$action = (request::is_set_post('save')) ? 'save' : $action;
$rank_id = request_var('id', 0);
$this->tpl_name = 'acp_ranks';

2
phpBB/includes/acp/acp_reasons.php
View File

@ -31,7 +31,7 @@ class acp_reasons
// Set up general vars
$action = request_var('action', '');
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
$reason_id = request_var('id', 0);
$this->tpl_name = 'acp_reasons';

10
phpBB/includes/acp/acp_search.php
View File

@ -52,7 +52,7 @@ class acp_search
{
global $db, $user, $auth, $template, $cache, $config;
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
$search_types = $this->get_search_types();
@ -99,7 +99,7 @@ class acp_search
unset($search);
unset($error);
$cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => ''), true) : array();
$cfg_array = request_var('config', array('' => ''), true);
$updated = request_var('updated', false);
foreach ($settings as $config_name => $var_type)
@ -228,9 +228,9 @@ class acp_search
{
global $db, $user, $auth, $template, $cache, $config;
if (isset($_REQUEST['action']) && is_array($_REQUEST['action']))
$action = request_var('action', array('' => false));
if (sizeof($action))
{
$action = request_var('action', array('' => false));
$action = key($action);
}
else
@ -239,7 +239,7 @@ class acp_search
}
$this->state = explode(',', $config['search_indexing_state']);
if (isset($_POST['cancel']))
if (request::is_set_post('cancel'))
{
$action = '';
$this->state = array();

22
phpBB/includes/acp/acp_styles.php
View File

@ -50,7 +50,7 @@ class acp_styles
$this->page_title = 'ACP_CAT_STYLES';
$action = request_var('action', '');
$action = (isset($_POST['add'])) ? 'add' : $action;
$action = (request::is_set_post('add')) ? 'add' : $action;
$style_id = request_var('id', 0);
// Fill the configuration variables
@ -646,7 +646,7 @@ parse_css_file = {PARSE_CSS_FILE}
$template_data = htmlspecialchars_decode($template_data);
$template_file = utf8_normalize_nfc(request_var('template_file', '', true));
$text_rows = max(5, min(999, request_var('text_rows', 20)));
$save_changes = (isset($_POST['save'])) ? true : false;
$save_changes = request::is_set_post('save');
// make sure template_file path doesn't go upwards
$template_file = str_replace('..', '.', $template_file);
@ -805,7 +805,7 @@ parse_css_file = {PARSE_CSS_FILE}
$source = str_replace('/', '.', request_var('source', ''));
$file_ary = array_diff(request_var('delete', array('')), array(''));
$submit = isset($_POST['submit']) ? true : false;
$submit = request::is_set_post('submit');
$sql = 'SELECT *
FROM ' . STYLES_TEMPLATE_TABLE . "
@ -930,7 +930,7 @@ parse_css_file = {PARSE_CSS_FILE}
$theme_data = htmlspecialchars_decode($theme_data);
$theme_file = utf8_normalize_nfc(request_var('template_file', '', true));
$text_rows = max(5, min(999, request_var('text_rows', 20)));
$save_changes = (isset($_POST['save'])) ? true : false;
$save_changes = request::is_set_post('save');
// make sure theme_file path doesn't go upwards
$theme_file = str_replace('..', '.', $theme_file);
@ -1111,7 +1111,7 @@ parse_css_file = {PARSE_CSS_FILE}
$this->page_title = 'EDIT_IMAGESET';
$update = (isset($_POST['update'])) ? true : false;
$update = request::is_set_post('update');
$imgname = request_var('imgname', '');
$imgpath = request_var('imgpath', '');
@ -1172,7 +1172,7 @@ parse_css_file = {PARSE_CSS_FILE}
}
}
if ($update && isset($_POST['imgpath']))
if ($update && request::is_set_post('imgpath'))
{
if ($valid_name)
{
@ -1379,7 +1379,7 @@ parse_css_file = {PARSE_CSS_FILE}
global $db, $template, $user, $cache, $config;
$new_id = request_var('new_id', 0);
$update = (isset($_POST['update'])) ? true : false;
$update = request::is_set_post('update');
$sql_where = '';
switch ($mode)
@ -1514,7 +1514,7 @@ parse_css_file = {PARSE_CSS_FILE}
{
global $db, $template, $user, $cache, $config;
$update = (isset($_POST['update'])) ? true : false;
$update = request::is_set_post('update');
$inc_template = request_var('inc_template', 0);
$inc_theme = request_var('inc_theme', 0);
@ -1911,7 +1911,7 @@ parse_css_file = {PARSE_CSS_FILE}
{
global $template, $db, $config, $user, $safe_mode, $cache;
$update = (isset($_POST['update'])) ? true : false;
$update = request::is_set_post('update');
$l_type = strtoupper($mode);
$error = array();
@ -2269,7 +2269,7 @@ parse_css_file = {PARSE_CSS_FILE}
$element_ary = array('template' => STYLES_TEMPLATE_TABLE, 'theme' => STYLES_THEME_TABLE, 'imageset' => STYLES_IMAGESET_TABLE);
$install_path = request_var('path', '');
$update = (isset($_POST['update'])) ? true : false;
$update = request::is_set_post('update');
// Installing, obtain cfg file contents
if ($install_path)
@ -2432,7 +2432,7 @@ parse_css_file = {PARSE_CSS_FILE}
);
$basis = request_var('basis', 0);
$update = (isset($_POST['update'])) ? true : false;
$update = request::is_set_post('update');
if ($basis)
{

12
phpBB/includes/acp/acp_users.php
View File

@ -42,7 +42,7 @@ class acp_users
$user_id = request_var('u', 0);
$action = request_var('action', '');
$submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false;
$submit = (request::is_set_post('update') && !request::is_set_post('cancel')) ? true : false;
$form_name = 'acp_users';
add_form_key($form_name);
@ -937,8 +937,8 @@ class acp_users
// Set up general vars
$start = request_var('start', 0);
$deletemark = (isset($_POST['delmarked'])) ? true : false;
$deleteall = (isset($_POST['delall'])) ? true : false;
$deletemark = request::is_set_post('delmarked');
$deleteall = request::is_set_post('delall');
$marked = request_var('mark', array(0));
$message = utf8_normalize_nfc(request_var('message', '', true));
@ -1474,7 +1474,7 @@ class acp_users
// Generate users avatar
$avatar_img = ($user_row['user_avatar']) ? get_user_avatar($user_row['user_avatar'], $user_row['user_avatar_type'], $user_row['user_avatar_width'], $user_row['user_avatar_height']) : '<img src="' . PHPBB_ADMIN_PATH . 'images/no_avatar.gif" alt="" />';
$display_gallery = (isset($_POST['display_gallery'])) ? true : false;
$display_gallery = request::is_set_post('display_gallery');
$avatar_select = basename(request_var('avatar_select', ''));
$category = basename(request_var('category', ''));
@ -1551,7 +1551,7 @@ class acp_users
$enable_urls = ($config['allow_sig_links']) ? ((request_var('disable_magic_url', false)) ? false : true) : false;
$signature = utf8_normalize_nfc(request_var('signature', (string) $user_row['user_sig'], true));
$preview = (isset($_POST['preview'])) ? true : false;
$preview = request::is_set_post('preview');
if ($submit || $preview)
{
@ -1636,7 +1636,7 @@ class acp_users
case 'attach':
$start = request_var('start', 0);
$deletemark = (isset($_POST['delmarked'])) ? true : false;
$deletemark = request::is_set_post('delmarked');
$marked = request_var('mark', array(0));
// Sort keys

2
phpBB/includes/acp/acp_words.php
View File

@ -32,7 +32,7 @@ class acp_words
// Set up general vars
$action = request_var('action', '');
$action = (isset($_POST['add'])) ? 'add' : ((isset($_POST['save'])) ? 'save' : $action);
$action = (request::is_set_post('add')) ? 'add' : ((request::is_set_post('save')) ? 'save' : $action);
$s_hidden_fields = '';
$word_info = array();

6
phpBB/includes/auth/auth_db.php
View File

@ -100,9 +100,15 @@ function login_db(&$username, &$password)
/*if ($row['user_pass_convert'])
{
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$disabled = request::super_globals_disabled();
request::enable_super_globals();
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
$password_new_format = '';
if ($disabled)
{
request::disable_super_globals();
}
set_var($password_new_format, stripslashes($password_old_format), 'string');

2
phpBB/includes/captcha/plugins/phpbb_captcha_gd_plugin.php
View File

@ -87,7 +87,7 @@ class phpbb_captcha_gd extends phpbb_default_captcha implements phpbb_captcha_pl
{
foreach ($captcha_vars as $captcha_var => $template_var)
{
$var = (isset($_REQUEST[$captcha_var])) ? request_var($captcha_var, 0) : $config[$captcha_var];
$var = request_var($captcha_var, (int) $config[$captcha_var]);
$template->assign_var($template_var, $var);
}
$template->assign_vars(array(

2
phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php
View File

@ -96,7 +96,7 @@ class phpbb_recaptcha extends phpbb_default_captcha implements phpbb_captcha_plu
{
foreach ($captcha_vars as $captcha_var => $template_var)
{
$var = (isset($_REQUEST[$captcha_var])) ? request_var($captcha_var, '') : ((isset($config[$captcha_var])) ? $config[$captcha_var] : '');
$var = request_var($captcha_var, (isset($config[$captcha_var])) ? (string) $config[$captcha_var] : '');
$template->assign_var($template_var, $var);
}
$template->assign_vars(array(

2
phpBB/includes/db/dbal.php
View File

@ -632,7 +632,7 @@ class dbal
{
global $cache, $starttime, $user;
if (empty($_REQUEST['explain']))
if (!request::variable('explain', false))
{
return false;
}

12
phpBB/includes/functions_display.php
View File

@ -68,7 +68,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
}
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
$tracking_topics = request::variable($config['cookie_name'] . '_track', '', false, request::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
if (!$user->data['is_registered'])
@ -1044,7 +1044,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
if (!is_null($notify_status) && $notify_status !== '')
{
if (isset($_GET['unwatch']))
if (request::is_set('unwatch', request::GET))
{
$uid = request_var('uid', 0);
if ($uid != $user_id)
@ -1053,7 +1053,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
$message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
trigger_error($message);
}
if ($_GET['unwatch'] == $mode)
if (request::variable('unwatch', '', false, request::GET) == $mode)
{
$is_watching = 0;
@ -1086,12 +1086,12 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
}
else
{
if (isset($_GET['watch']))
if (request::is_set('watch', request::GET))
{
$token = request_var('hash', '');
$redirect_url = append_sid("view$mode", "$u_url=$match_id&amp;start=$start");
if ($_GET['watch'] == $mode && check_link_hash($token, "{$mode}_$match_id"))
if (request::variable('watch', '', false, request::GET) == $mode && check_link_hash($token, "{$mode}_$match_id"))
{
$is_watching = true;
@ -1117,7 +1117,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
}
else
{
if (isset($_GET['unwatch']) && $_GET['unwatch'] == $mode)
if (request::variable('unwatch', '', false, request::GET) == $mode)
{
login_box();
}

2
phpBB/includes/functions_module.php
View File

@ -358,7 +358,7 @@ class p_master
$forum_id = ($forum_id === false) ? $this->acl_forum_id : $forum_id;
$is_auth = false;
eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z0-9_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z0-9_]+)#', '#cfg_([a-z0-9_]+)#', '#request_([a-zA-Z0-9_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']', '!empty($_REQUEST[\'\\1\'])'), $module_auth) . ');');
eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z0-9_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z0-9_]+)#', '#cfg_([a-z0-9_]+)#', '#request_([a-zA-Z0-9_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']', 'request::variable(\'\\1\', false)'), $module_auth) . ');');
return $is_auth;
}

2
phpBB/includes/functions_privmsgs.php
View File

@ -870,7 +870,7 @@ function handle_mark_actions($user_id, $mark_action)
$msg_ids = request_var('marked_msg_id', array(0));
$cur_folder_id = request_var('cur_folder_id', PRIVMSGS_NO_BOX);
$confirm = (isset($_POST['confirm'])) ? true : false;
$confirm = request::is_set_post('confirm');
if (!sizeof($msg_ids))
{

18
phpBB/includes/functions_profile_fields.php
View File

@ -562,19 +562,19 @@ class custom_profile
// checkbox - only testing for isset
if ($profile_row['field_type'] == FIELD_BOOL && $profile_row['field_length'] == 2)
{
$value = (isset($_REQUEST[$profile_row['field_ident']])) ? true : ((!isset($user->profile_fields[$user_ident]) || $preview) ? $default_value : $user->profile_fields[$user_ident]);
$value = (request::is_set($profile_row['field_ident'])) ? true : ((!isset($user->profile_fields[$user_ident]) || $preview) ? $default_value : $user->profile_fields[$user_ident]);
}
else if ($profile_row['field_type'] == FIELD_INT)
{
if (isset($_REQUEST[$profile_row['field_ident']]))
if (request::is_set($profile_row['field_ident']))
{
$value = ($_REQUEST[$profile_row['field_ident']] === '') ? NULL : request_var($profile_row['field_ident'], $default_value);
$value = (request_var($profile_row['field_ident'], '') === '') ? null : request_var($profile_row['field_ident'], $default_value);
}
else
{
if (!$preview && isset($user->profile_fields[$user_ident]) && is_null($user->profile_fields[$user_ident]))
{
$value = NULL;
$value = null;
}
else if (!isset($user->profile_fields[$user_ident]) || $preview)
{
@ -590,7 +590,7 @@ class custom_profile
}
else
{
$value = (isset($_REQUEST[$profile_row['field_ident']])) ? request_var($profile_row['field_ident'], $default_value, true) : ((!isset($user->profile_fields[$user_ident]) || $preview) ? $default_value : $user->profile_fields[$user_ident]);
$value = (request::is_set($profile_row['field_ident'])) ? request_var($profile_row['field_ident'], $default_value, true) : ((!isset($user->profile_fields[$user_ident]) || $preview) ? $default_value : $user->profile_fields[$user_ident]);
if (gettype($value) == 'string')
{
@ -633,7 +633,7 @@ class custom_profile
$now = getdate();
if (!isset($_REQUEST[$profile_row['field_ident'] . '_day']))
if (!request::is_set($profile_row['field_ident'] . '_day'))
{
if ($profile_row['field_default_value'] == 'now')
{
@ -845,7 +845,7 @@ class custom_profile
{
case FIELD_DATE:
if (!isset($_REQUEST[$var_name . '_day']))
if (!request::is_set($var_name . '_day'))
{
if ($profile_row['field_default_value'] == 'now')
{
@ -868,7 +868,7 @@ class custom_profile
// Checkbox
if ($profile_row['field_length'] == 2)
{
$var = (isset($_REQUEST[$var_name])) ? 1 : 0;
$var = request::is_set($var_name) ? 1 : 0;
}
else
{
@ -882,7 +882,7 @@ class custom_profile
break;
case FIELD_INT:
if (isset($_REQUEST[$var_name]) && $_REQUEST[$var_name] === '')
if (request::is_set($var_name) && request_var($var_name, '') === '')
{
$var = NULL;
}

2
phpBB/includes/functions_user.php
View File

@ -2170,7 +2170,7 @@ function avatar_process_user(&$error, $custom_userdata = false)
$sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar'];
}
}
else if (isset($_POST['delete']) && $change_avatar)
else if (request::is_set_post('delete') && $change_avatar)
{
$sql_ary['user_avatar'] = '';
$sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;

4
phpBB/includes/mcp/mcp_ban.php
View File

@ -32,8 +32,8 @@ class mcp_ban
// Include the admin banning interface...
include(PHPBB_ROOT_PATH . 'includes/acp/acp_ban.' . PHP_EXT);
$bansubmit = (isset($_POST['bansubmit'])) ? true : false;
$unbansubmit = (isset($_POST['unbansubmit'])) ? true : false;
$bansubmit = request::is_set_post('bansubmit');
$unbansubmit = request::is_set_post('unbansubmit');
$current_time = time();
$user->add_lang(array('acp/ban', 'acp/users'));

5
phpBB/includes/mcp/mcp_forum.php
View File

@ -33,7 +33,10 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
if ($merge_select)
{
// Fixes a "bug" that makes forum_view use the same ordering as topic_view
unset($_POST['sk'], $_POST['sd'], $_REQUEST['sk'], $_REQUEST['sd']);
request::overwrite('sk', null, request::POST);
request::overwrite('sd', null, request::POST);
request::overwrite('sk', null, request::REQUEST);
request::overwrite('sd', null, request::REQUEST);
}
$forum_id = $forum_info['forum_id'];

24
phpBB/includes/mcp/mcp_main.php
View File

@ -576,21 +576,15 @@ function mcp_move_topic($topic_ids)
}
}
}
else if (isset($_POST['confirm']))
else if (request::is_set_post('confirm'))
{
$additional_msg = $user->lang['FORUM_NOT_EXIST'];
}
if (!$to_forum_id || $additional_msg)
{
unset($_POST['confirm']);
unset($_REQUEST['confirm_key']);
}
if (confirm_box(true))
if ($to_forum_id && !$additional_msg && confirm_box(true))
{
$topic_data = get_topic_data($topic_ids);
$leave_shadow = (isset($_POST['move_leave_shadow'])) ? true : false;
$leave_shadow = request::is_set_post('move_leave_shadow');
$topics_moved = sizeof($topic_ids);
$topics_authed_moved = 0;
@ -789,7 +783,7 @@ function mcp_delete_topic($topic_ids)
confirm_box(false, (sizeof($topic_ids) == 1) ? 'DELETE_TOPIC' : 'DELETE_TOPICS', $s_hidden_fields);
}
if (!isset($_REQUEST['quickmod']))
if (!request::is_set('quickmod'))
{
$redirect = request_var('redirect', 'index.' . PHP_EXT);
$redirect = reapply_sid($redirect);
@ -982,18 +976,12 @@ function mcp_fork_topic($topic_ids)
}
}
}
else if (isset($_POST['confirm']))
else if (request::is_set_post('confirm'))
{
$additional_msg = $user->lang['FORUM_NOT_EXIST'];
}
if ($additional_msg)
{
unset($_POST['confirm']);
unset($_REQUEST['confirm_key']);
}
if (confirm_box(true))
if (!$additional_msg && confirm_box(true))
{
$topic_data = get_topic_data($topic_ids, 'f_post');

7
phpBB/includes/mcp/mcp_queue.php
View File

@ -484,7 +484,7 @@ function approve_post($post_id_list, $id, $mode)
if (confirm_box(true))
{
$notify_poster = (isset($_REQUEST['notify_poster'])) ? true : false;
$notify_poster = request::is_set('notify_poster');
// If Topic -> total_topics = total_topics+1, total_posts = total_posts+1, forum_topics = forum_topics+1, forum_posts = forum_posts+1
// If Post -> total_posts = total_posts+1, forum_posts = forum_posts+1, topic_replies = topic_replies+1
@ -803,7 +803,7 @@ function disapprove_post($post_id_list, $id, $mode)
'redirect' => $redirect)
);
$notify_poster = (isset($_REQUEST['notify_poster'])) ? true : false;
$notify_poster = request::is_set('notify_poster');
$disapprove_reason = '';
if ($reason_id)
@ -818,7 +818,6 @@ function disapprove_post($post_id_list, $id, $mode)
if (!$row || (!$reason && strtolower($row['reason_title']) == 'other'))
{
$additional_msg = $user->lang['NO_REASON_DISAPPROVAL'];
unset($_POST['confirm']);
}
else
{
@ -837,7 +836,7 @@ function disapprove_post($post_id_list, $id, $mode)
$post_info = get_post_data($post_id_list, 'm_approve');
if (confirm_box(true))
if (!$additional_message && confirm_box(true))
{
// If Topic -> forum_topics_real -= 1

2
phpBB/includes/mcp/mcp_topic.php
View File

@ -45,7 +45,7 @@ function mcp_topic_view($id, $mode, $action)
$forum_id = request_var('f', 0);
$to_topic_id = request_var('to_topic_id', 0);
$to_forum_id = request_var('to_forum_id', 0);
$sort = isset($_POST['sort']) ? true : false;
$sort = request::is_set_post('sort');
$submitted_id_list = request_var('post_ids', array(0));
$checked_ids = $post_id_list = request_var('post_id_list', array(0));

4
phpBB/includes/mcp/mcp_warn.php
View File

@ -195,7 +195,7 @@ class mcp_warn
$post_id = request_var('p', 0);
$forum_id = request_var('f', 0);
$notify = (isset($_REQUEST['notify_user'])) ? true : false;
$notify = request::is_set('notify_user');
$warning = utf8_normalize_nfc(request_var('warning', '', true));
$sql = 'SELECT u.*, p.*
@ -337,7 +337,7 @@ class mcp_warn
$user_id = request_var('u', 0);
$username = request_var('username', '', true);
$notify = (isset($_REQUEST['notify_user'])) ? true : false;
$notify = request::is_set('notify_user');
$warning = utf8_normalize_nfc(request_var('warning', '', true));
$sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";

18
phpBB/includes/message_parser.php
View File

@ -1317,8 +1317,8 @@ class parse_message extends bbcode_firstpass
$this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true));
$upload_file = (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none' && trim($_FILES[$form_name]['name'])) ? true : false;
$add_file = (isset($_POST['add_file'])) ? true : false;
$delete_file = (isset($_POST['delete_file'])) ? true : false;
$add_file = request::is_set_post('add_file');
$delete_file = request::is_set_post('delete_file');
// First of all adjust comments if changed
$actual_comment_list = utf8_normalize_nfc(request_var('comment_list', array(''), true));
@ -1500,7 +1500,7 @@ class parse_message extends bbcode_firstpass
global $user, $db, $config;
$this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true));
$attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array();
$attachment_data = request::variable('attachment_data', array(0 => array('' => '')), true, request::POST);
$this->attachment_data = array();
$check_user_id = ($check_user_id === false) ? $user->data['user_id'] : $check_user_id;
@ -1536,11 +1536,11 @@ class parse_message extends bbcode_firstpass
while ($row = $db->sql_fetchrow($result))
{
$pos = $not_orphan[$row['attach_id']];
$pos = $not_orphan[(int) $row['attach_id']];
$this->attachment_data[$pos] = $row;
set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
$this->attachment_data[$pos]['attach_comment'] = utf8_normalize_nfc($attachment_data[$pos]['attach_comment']);
unset($not_orphan[$row['attach_id']]);
unset($not_orphan[(int) $row['attach_id']]);
}
$db->sql_freeresult($result);
}
@ -1562,11 +1562,11 @@ class parse_message extends bbcode_firstpass
while ($row = $db->sql_fetchrow($result))
{
$pos = $orphan[$row['attach_id']];
$pos = $orphan[(int) $row['attach_id']];
$this->attachment_data[$pos] = $row;
set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
$this->attachment_data[$pos]['attach_comment'] = utf8_normalize_nfc($attachment_data[$pos]['attach_comment']);
unset($orphan[$row['attach_id']]);
unset($orphan[(int) $row['attach_id']]);
}
$db->sql_freeresult($result);
}

9
phpBB/includes/session.php
View File

@ -240,9 +240,10 @@ class session
}
// Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number
$this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : '';
$forum = request_var('f', 0);
$this->page['page'] .= ($forum) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . $forum . 'x' : '';
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
if (request::is_set($config['cookie_name'] . '_sid', request::COOKIE) || request::is_set($config['cookie_name'] . '_u', request::COOKIE))
{
$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true);
$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true);
@ -287,7 +288,7 @@ class session
}
// Is session_id is set or session_id is set and matches the url param if required
if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid'])))
if (!empty($this->session_id) && (!defined('NEED_SID') || $this->session_id === request::variable('sid', '', false, request::GET)))
{
$sql = 'SELECT u.*, s.*
FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
@ -1496,7 +1497,7 @@ class user extends session
$this->add_lang($lang_set);
unset($lang_set);
if (!empty($_GET['style']) && $auth->acl_get('a_styles'))
if (request::variable('style', false, false, request::GET) && $auth->acl_get('a_styles'))
{
global $SID, $_EXTRA_URL;

4
phpBB/includes/ucp/ucp_attachments.php
View File

@ -33,8 +33,8 @@ class ucp_attachments
$sort_key = request_var('sk', 'a');
$sort_dir = request_var('sd', 'a');
$delete = (isset($_POST['delete'])) ? true : false;
$confirm = (isset($_POST['confirm'])) ? true : false;
$delete = request::is_set_post('delete');
$confirm = request::is_set_post('confirm');
$delete_ids = array_keys(request_var('attachment', array(0)));
if ($delete && sizeof($delete_ids))

16
phpBB/includes/ucp/ucp_groups.php
View File

@ -33,8 +33,8 @@ class ucp_groups
$return_page = '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '">', '</a>');
$mark_ary = request_var('mark', array(0));
$submit = (!empty($_POST['submit'])) ? true : false;
$delete = (!empty($_POST['delete'])) ? true : false;
$submit = request::variable('submit', false, false, request::POST);
$delete = request::variable('delete', false, false, request::POST);
$error = $data = array();
switch ($mode)
@ -43,9 +43,9 @@ class ucp_groups
$this->page_title = 'UCP_USERGROUPS_MEMBER';
if ($submit || isset($_POST['change_default']))
if ($submit || request::is_set_post('change_default'))
{
$action = (isset($_POST['change_default'])) ? 'change_default' : request_var('action', '');
$action = (request::is_set_post('change_default')) ? 'change_default' : request_var('action', '');
$group_id = ($action == 'change_default') ? request_var('default', 0) : request_var('selected', 0);
if (!$group_id)
@ -411,7 +411,7 @@ class ucp_groups
case 'manage':
$this->page_title = 'UCP_USERGROUPS_MANAGE';
$action = (isset($_POST['addusers'])) ? 'addusers' : request_var('action', '');
$action = (request::is_set_post('addusers')) ? 'addusers' : request_var('action', '');
$group_id = request_var('g', 0);
include(PHPBB_ROOT_PATH . 'includes/functions_display.' . PHP_EXT);
@ -482,7 +482,7 @@ class ucp_groups
$data = $submit_ary = array();
$update = (isset($_POST['update'])) ? true : false;
$update = request::is_set_post('update');
$error = array();
@ -505,7 +505,7 @@ class ucp_groups
$submit_ary = array(
'colour' => request_var('group_colour', ''),
'rank' => request_var('group_rank', 0),
'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0,
'receive_pm' => request::is_set('group_receive_pm') ? 1 : 0,
'message_limit' => request_var('group_message_limit', 0),
'max_recipients'=> request_var('group_max_recipients', 0),
);
@ -672,7 +672,7 @@ class ucp_groups
$type_closed = ($group_type == GROUP_CLOSED) ? ' checked="checked"' : '';
$type_hidden = ($group_type == GROUP_HIDDEN) ? ' checked="checked"' : '';
$display_gallery = (isset($_POST['display_gallery'])) ? true : false;
$display_gallery = request::is_set_post('display_gallery');
if ($config['allow_avatar_local'] && $display_gallery)
{

18
phpBB/includes/ucp/ucp_main.php
View File

@ -204,7 +204,7 @@ class ucp_main
add_form_key('ucp_front_subscribed');
$unwatch = (isset($_POST['unwatch'])) ? true : false;
$unwatch = request::is_set_post('unwatch');
if ($unwatch)
{
@ -287,7 +287,7 @@ class ucp_main
}
else
{
$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
$tracking_topics = request::variable($config['cookie_name'] . '_track', '', false, request::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
}
@ -386,10 +386,10 @@ class ucp_main
$user->add_lang('viewforum');
if (isset($_POST['unbookmark']))
if (request::is_set_post('unbookmark'))
{
$s_hidden_fields = array('unbookmark' => 1);
$topics = (isset($_POST['t'])) ? array_keys(request_var('t', array(0 => 0))) : array();
$topics = array_keys(request::variable('t', array(0 => 0), false, request::POST));
$url = $this->u_action;
if (!sizeof($topics))
@ -432,10 +432,10 @@ class ucp_main
$user->add_lang('posting');
$edit = (isset($_REQUEST['edit'])) ? true : false;
$submit = (isset($_POST['submit'])) ? true : false;
$draft_id = ($edit) ? intval($_REQUEST['edit']) : 0;
$delete = (isset($_POST['delete'])) ? true : false;
$edit = request::is_set('edit');
$draft_id = request::variable('edit', 0);
$submit = request::is_set_post('submit');
$delete = request::is_set_post('delete');
$s_hidden_fields = ($edit) ? '<input type="hidden" name="edit" value="' . $draft_id . '" />' : '';
$draft_subject = $draft_message = '';
@ -614,7 +614,7 @@ class ucp_main
$template->assign_vars(array(
'L_TITLE' => $user->lang['UCP_MAIN_' . strtoupper($mode)],
'S_DISPLAY_MARK_ALL' => ($mode == 'watched' || ($mode == 'drafts' && !isset($_GET['edit']))) ? true : false,
'S_DISPLAY_MARK_ALL' => ($mode == 'watched' || ($mode == 'drafts' && !request::is_set('edit', request::GET))) ? true : false,
'S_HIDDEN_FIELDS' => (isset($s_hidden_fields)) ? $s_hidden_fields : '',
'S_UCP_ACTION' => $this->u_action,

10
phpBB/includes/ucp/ucp_pm.php
View File

@ -18,8 +18,8 @@ if (!defined('IN_PHPBB'))
/**
* Private Message Class
*
* $_REQUEST['folder'] display folder with the id used
* $_REQUEST['folder'] inbox|outbox|sentbox display folder with the associated name
* _REQUEST['folder'] display folder with the id used
* _REQUEST['folder'] inbox|outbox|sentbox display folder with the associated name
*
* Display Messages (default to inbox) - mode=view
* Display single message - mode=view&p=[msg_id] or &p=[msg_id] (short linkage)
@ -195,8 +195,8 @@ class ucp_pm
// First Handle Mark actions and moving messages
$submit_mark = (isset($_POST['submit_mark'])) ? true : false;
$move_pm = (isset($_POST['move_pm'])) ? true : false;
$submit_mark = request::is_set_post('submit_mark');
$move_pm = request::is_set_post('move_pm');
$mark_option = request_var('mark_option', '');
$dest_folder = request_var('dest_folder', PRIVMSGS_NO_BOX);
@ -211,7 +211,7 @@ class ucp_pm
// Move PM
if ($move_pm)
{
$move_msg_ids = (isset($_POST['marked_msg_id'])) ? request_var('marked_msg_id', array(0)) : array();
$move_msg_ids = request::variable('marked_msg_id', array(0), false, request::POST);
$cur_folder_id = request_var('cur_folder_id', PRIVMSGS_NO_BOX);
if (move_pm($user->data['user_id'], $user->data['message_limit'], $move_msg_ids, $dest_folder, $cur_folder_id))

68
phpBB/includes/ucp/ucp_pm_compose.php
View File

@ -44,28 +44,21 @@ function compose_pm($id, $mode, $action)
$msg_id = request_var('p', 0);
$draft_id = request_var('d', 0);
$lastclick = request_var('lastclick', 0);
$address_list = request_var('address_list', array('' => array(0 => '')));
// Do NOT use request_var or specialchars here
$address_list = isset($_REQUEST['address_list']) ? $_REQUEST['address_list'] : array();
$submit = request::is_set_post('post');
$preview = request::is_set_post('preview');
$save = request::is_set_post('save');
$load = request::is_set_post('load');
$cancel = (request::is_set_post('cancel') && !$save) ? true : false;
$delete = request::is_set_post('delete');
if (!is_array($address_list))
{
$address_list = array();
}
$remove_u = request::is_set('remove_u');
$remove_g = request::is_set('remove_g');
$add_to = request::is_set('add_to');
$add_bcc = request::is_set('add_bcc');
$submit = (isset($_POST['post'])) ? true : false;
$preview = (isset($_POST['preview'])) ? true : false;
$save = (isset($_POST['save'])) ? true : false;
$load = (isset($_POST['load'])) ? true : false;
$cancel = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false;
$delete = (isset($_POST['delete'])) ? true : false;
$remove_u = (isset($_REQUEST['remove_u'])) ? true : false;
$remove_g = (isset($_REQUEST['remove_g'])) ? true : false;
$add_to = (isset($_REQUEST['add_to'])) ? true : false;
$add_bcc = (isset($_REQUEST['add_bcc'])) ? true : false;
$refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || $save || $load
$refresh = request::is_set_post('add_file') || request::is_set_post('delete_file') || $save || $load
|| $remove_u || $remove_g || $add_to || $add_bcc;
$action = ($delete && !$preview && !$refresh && $submit) ? 'delete' : $action;
@ -625,10 +618,10 @@ function compose_pm($id, $mode, $action)
$icon_id = request_var('icon', 0);
$enable_bbcode = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true;
$enable_smilies = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true;
$enable_urls = (isset($_POST['disable_magic_url'])) ? 0 : 1;
$enable_sig = (!$config['allow_sig'] ||!$config['allow_sig_pm']) ? false : ((isset($_POST['attach_sig'])) ? true : false);
$enable_bbcode = (!$bbcode_status || request::is_set_post('disable_bbcode')) ? false : true;
$enable_smilies = (!$smilies_status || request::is_set_post'disable_smilies')) ? false : true;
$enable_urls = (request::is_set_post('disable_magic_url')) ? 0 : 1;
$enable_sig = (!$config['allow_sig'] ||!$config['allow_sig_pm']) ? false : request::is_set_post('attach_sig');
if ($submit)
{
@ -1002,7 +995,7 @@ function compose_pm($id, $mode, $action)
$s_hidden_fields = '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
$s_hidden_fields .= (isset($check_value)) ? '<input type="hidden" name="status_switch" value="' . $check_value . '" />' : '';
$s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . ((isset($_REQUEST['draft_loaded'])) ? intval($_REQUEST['draft_loaded']) : $draft_id) . '" />' : '';
$s_hidden_fields .= ($draft_id || request::is_set('draft_loaded')) ? '<input type="hidden" name="draft_loaded" value="' . request_var('draft_loaded', (int) $draft_id) . '" />' : '';
$form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_pm_attach'] || !$auth->acl_get('u_pm_attach')) ? '' : ' enctype="multipart/form-data"';
@ -1047,7 +1040,7 @@ function compose_pm($id, $mode, $action)
'S_HIDDEN_ADDRESS_FIELD' => $s_hidden_address_field,
'S_HIDDEN_FIELDS' => $s_hidden_fields,
'S_CLOSE_PROGRESS_WINDOW' => isset($_POST['add_file']),
'S_CLOSE_PROGRESS_WINDOW' => request::is_set_post('add_file'),
'U_PROGRESS_BAR' => append_sid('posting', 'f=0&amp;mode=popup'),
'UA_PROGRESS_BAR' => addslashes(append_sid('posting', 'f=0&amp;mode=popup')),
));
@ -1079,32 +1072,25 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
global $auth, $db, $user;
// Delete User [TO/BCC]
if ($remove_u && !empty($_REQUEST['remove_u']) && is_array($_REQUEST['remove_u']))
$remove_user_id = request_var('remove_u', array(0 => false));
if ($remove_u && sizeof($remove_user_id))
{
$remove_user_id = array_keys($_REQUEST['remove_u']);
if (isset($remove_user_id[0]))
{
unset($address_list['u'][(int) $remove_user_id[0]]);
}
unset($address_list['u'][(int) key($remove_user_id)]);
}
// Delete Group [TO/BCC]
if ($remove_g && !empty($_REQUEST['remove_g']) && is_array($_REQUEST['remove_g']))
$remove_group_id = request_var('remove_g', array(0 => false));
if ($remove_g && sizeof($remove_group_id))
{
$remove_group_id = array_keys($_REQUEST['remove_g']);
if (isset($remove_group_id[0]))
{
unset($address_list['g'][(int) $remove_group_id[0]]);
}
unset($address_list['g'][(int) key($remove_group_id)]);
}
// Add Selected Groups
$group_list = request_var('group_list', array(0));
// Build usernames to add
$usernames = (isset($_REQUEST['username'])) ? array(request_var('username', '', true)) : array();
$username = request_var('username', '', true)
$usernames = ($username) ? array($username) : array();
$username_list = request_var('username_list', '', true);
if ($username_list)
{
@ -1152,7 +1138,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
}
// Add Friends if specified
$friend_list = (isset($_REQUEST['add_' . $type]) && is_array($_REQUEST['add_' . $type])) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array();
$friend_list = array_keys(request_var('add_' . $type, array(0 => false)));
$user_id_ary = array_merge($user_id_ary, $friend_list);
foreach ($user_id_ary as $user_id)

14
phpBB/includes/ucp/ucp_pm_options.php
View File

@ -27,7 +27,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
add_form_key('ucp_pm_options');
// Change "full folder" setting - what to do if folder is full
if (isset($_POST['fullfolder']))
if (request::is_set_post('fullfolder'))
{
check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url);
$full_action = request_var('full_action', 0);
@ -68,7 +68,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
}
// Add Folder
if (isset($_POST['addfolder']))
if (request::is_set_post('addfolder'))
{
if (check_form_key('ucp_pm_options'))
{
@ -120,7 +120,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
}
// Rename folder
if (isset($_POST['rename_folder']))
if (request::is_set_post('rename_folder'))
{
if (check_form_key('ucp_pm_options'))
{
@ -165,7 +165,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
}
// Remove Folder
if (isset($_POST['remove_folder']))
if (request::is_set_post('remove_folder'))
{
$remove_folder_id = request_var('remove_folder_id', 0);
@ -276,7 +276,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
}
// Add Rule
if (isset($_POST['add_rule']))
if (request::is_set_post('add_rule'))
{
if (check_form_key('ucp_pm_options'))
{
@ -345,7 +345,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
}
// Remove Rule
if (isset($_POST['delete_rule']) && !isset($_POST['cancel']))
if (request::is_set_post('delete_rule') && !request::is_set_post('cancel'))
{
$delete_id = array_keys(request_var('delete_rule', array(0 => 0)));
$delete_id = (!empty($delete_id[0])) ? $delete_id[0] : 0;
@ -494,7 +494,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
$rule_option = request_var('rule_option', 0);
$cond_option = request_var('cond_option', '');
$action_option = request_var('action_option', '');
$back = (isset($_REQUEST['back'])) ? request_var('back', array('' => 0)) : array();
$back = request_var('back', array('' => 0));
if (sizeof($back))
{

4
phpBB/includes/ucp/ucp_pm_viewfolder.php
View File

@ -24,7 +24,7 @@ function view_folder($id, $mode, $folder_id, $folder)
{
global $user, $template, $auth, $db, $cache, $config;
$submit_export = (isset($_POST['submit_export'])) ? true : false;
$submit_export = request::is_set_post('submit_export');
$folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']);
@ -473,7 +473,7 @@ function get_pm_from($folder_id, $folder, $user_id)
{
$min_post_time = time() - ($sort_days * 86400);
if (isset($_POST['sort']))
if (request::is_set_post('sort'))
{
$start = 0;
}

2
phpBB/includes/ucp/ucp_pm_viewmessage.php
View File

@ -234,7 +234,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
}
}
if (!isset($_REQUEST['view']) || $_REQUEST['view'] != 'print')
if (request_var('view', '') != 'print')
{
// Message History
if (message_history($msg_id, $user->data['user_id'], $message_row, $folder))

2
phpBB/includes/ucp/ucp_prefs.php
View File

@ -29,7 +29,7 @@ class ucp_prefs
{
global $config, $db, $user, $auth, $template;
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
$error = $data = array();
$s_hidden_fields = '';

6
phpBB/includes/ucp/ucp_profile.php
View File

@ -33,9 +33,9 @@ class ucp_profile
$user->add_lang('posting');
$preview = (!empty($_POST['preview'])) ? true : false;
$submit = (!empty($_POST['submit'])) ? true : false;
$delete = (!empty($_POST['delete'])) ? true : false;
$preview = request::variable('preview', false, false, request::POST);
$submit = request::variable('submit', false, false, request::POST);
$delete = request::variable('delete', false, false, request::POST);
$error = $data = array();
$s_hidden_fields = '';

8
phpBB/includes/ucp/ucp_register.php
View File

@ -37,9 +37,9 @@ class ucp_register
include(PHPBB_ROOT_PATH . 'includes/functions_profile_fields.' . PHP_EXT);
$coppa = (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false;
$agreed = (!empty($_POST['agreed'])) ? 1 : 0;
$submit = (isset($_POST['submit'])) ? true : false;
$coppa = request::is_set('coppa') ? ((request_var('coppa', false)) ? 1 : 0) : false;
$agreed = request::variable('agreed', false, false, request::POST) ? 1 : 0;
$submit = request::is_set_post('submit');
$change_lang = request_var('change_lang', '');
$user_lang = request_var('lang', $user->lang_name);
@ -71,7 +71,7 @@ class ucp_register
$submit = false;
// Setting back agreed to let the user view the agreement in his/her language
$agreed = (empty($_GET['change_lang'])) ? 0 : $agreed;
$agreed = (request::is_set_post('change_lang')) ? 0 : $agreed;
}
$user->lang_name = $lang = $use_lang;

2
phpBB/includes/ucp/ucp_remind.php
View File

@ -31,7 +31,7 @@ class ucp_remind
$username = request_var('username', '', true);
$email = strtolower(request_var('email', ''));
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
if ($submit)
{

2
phpBB/includes/ucp/ucp_resend.php
View File

@ -31,7 +31,7 @@ class ucp_resend
$username = request_var('username', '', true);
$email = strtolower(request_var('email', ''));
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
add_form_key('ucp_resend');

2
phpBB/includes/ucp/ucp_zebra.php
View File

@ -28,7 +28,7 @@ class ucp_zebra
{
global $config, $db, $user, $auth, $template;
$submit = (isset($_POST['submit']) || isset($_GET['add']) || isset($_GET['remove'])) ? true : false;
$submit = request::is_set_post('submit') || request::is_set('add', request::GET) || request::is_set('remove', request::GET);
$s_hidden_fields = '';
$l_mode = strtoupper($mode);

2
phpBB/includes/utf/utf_tools.php
View File

@ -1356,6 +1356,8 @@ function utf8_case_fold_nfc($text, $option = 'full')
* A wrapper function for the normalizer which takes care of including the class if required and modifies the passed strings
* to be in NFC (Normalization Form Composition).
*
* @todo allow arbitrary array depth
*
* @param mixed $strings a string or an array of strings to normalize
* @return mixed the normalized content, preserving array keys if array given.
*/

6
phpBB/install/install_convert.php
View File

@ -381,7 +381,7 @@ class install_convert extends module
$this->p_master->error($lang['DEV_NO_TEST_FILE'], __LINE__, __FILE__);
}
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
$src_dbms = request_var('src_dbms', $convertor_data['dbms']);
$src_dbhost = request_var('src_dbhost', $convertor_data['dbhost']);
@ -805,7 +805,7 @@ class install_convert extends module
if (!$current_table && !$skip_rows)
{
if (empty($_REQUEST['confirm']))
if (!request::variable('confirm', false))
{
// If avatars / ranks / smilies folders are specified make sure they are writable
$bad_folders = array();
@ -966,7 +966,7 @@ class install_convert extends module
));
return;
} // if (empty($_REQUEST['confirm']))
} // if (!request::variable('confirm', false))
$template->assign_block_vars('checks', array(
'S_LEGEND' => true,

8
phpBB/install/install_install.php
View File

@ -559,7 +559,7 @@ class install_install extends module
$available_dbms = get_available_dbms(false, true);
// Has the user opted to test the connection?
if (isset($_POST['testdb']))
if (request::is_set_post('testdb'))
{
if (!isset($available_dbms[$data['dbms']]) || !$available_dbms[$data['dbms']]['AVAILABLE'])
{
@ -700,7 +700,7 @@ class install_install extends module
$data['default_lang'] = ($data['default_lang'] !== '') ? $data['default_lang'] : $data['language'];
if (isset($_POST['check']))
if (request::is_set_post('check'))
{
$error = array();
@ -954,7 +954,7 @@ class install_install extends module
}
}
if (isset($_POST['dldone']))
if (request::is_set_post('dldone'))
{
// Do a basic check to make sure that the file has been uploaded
// Note that all we check is that the file has _something_ in it
@ -981,7 +981,7 @@ class install_install extends module
{
// OK, so it didn't work let's try the alternatives
if (isset($_POST['dlconfig']))
if (request::is_set_post('dlconfig'))
{
// They want a copy of the file to download, so send the relevant headers and dump out the data
header('Content-Type: text/x-delimtext; name="config.' . PHP_EXT . '"');

12
phpBB/install/install_update.php
View File

@ -208,7 +208,7 @@ class install_update extends module
$this->include_file('includes/diff/renderer.' . PHP_EXT);
// Make sure we stay at the file check if checking the files again
if (!empty($_POST['check_again']))
if (request::variable('check_again', false, false, request::POST))
{
$sub = $this->p_master->sub = 'file_check';
}
@ -297,7 +297,7 @@ class install_update extends module
$action = request_var('action', '');
// We are directly within an update. To make sure our update list is correct we check its status.
$update_list = (!empty($_POST['check_again'])) ? false : $cache->get('_update_list');
$update_list = (request::variable('check_again', false, false, request::POST)) ? false : $cache->get('_update_list');
$modified = ($update_list !== false) ? @filemtime($cache->cache_dir . 'data_update_list.' . PHP_EXT) : 0;
// Make sure the list is up-to-date
@ -644,7 +644,7 @@ class install_update extends module
{
$cache->put('_diff_files', $file_list);
if (!empty($_REQUEST['download']))
if (request_var('download', false))
{
$params[] = 'download=1';
}
@ -747,7 +747,7 @@ class install_update extends module
$file_list['status'] = -1;
$cache->put('_diff_files', $file_list);
if (!empty($_REQUEST['download']))
if (request_var('download', false))
{
$this->include_file('includes/functions_compress.' . PHP_EXT);
@ -823,7 +823,7 @@ class install_update extends module
// Choose FTP, if not available use fsock...
$method = basename(request_var('method', ''));
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
$test_ftp_connection = request_var('test_connection', '');
if (!$method || !class_exists($method))
@ -881,7 +881,7 @@ class install_update extends module
'DATA' => $data,
'NAME' => $user->lang[strtoupper($method . '_' . $data)],
'EXPLAIN' => $user->lang[strtoupper($method . '_' . $data) . '_EXPLAIN'],
'DEFAULT' => (!empty($_REQUEST[$data])) ? request_var($data, '') : $default
'DEFAULT' => (request_var($data, false)) ? request_var($data, '') : $default
));
}

25
phpBB/mcp.php
View File

@ -31,10 +31,10 @@ $template->assign_var('S_IN_MCP', true);
// Basic parameter data
$id = request_var('i', '');
if (isset($_REQUEST['mode']) && is_array($_REQUEST['mode']))
$mode = request_var('mode', array(''));
if (!empty($mode))
{
$mode = request_var('mode', array(''));
list($mode, ) = each($mode);
$mode = key($mode);
}
else
{
@ -52,19 +52,18 @@ if (!$user->data['is_registered'])
login_box('', $user->lang['LOGIN_EXPLAIN_MCP']);
}
$quickmod = (isset($_REQUEST['quickmod'])) ? true : false;
$action = request_var('action', '');
$action_ary = request_var('action', array('' => 0));
$forum_action = request_var('forum_action', '');
if ($forum_action !== '' && !empty($_POST['sort']))
{
$action = $forum_action;
}
$quickmod = request::is_set('quickmod');
$action = request_var('action', '');
$action_ary = request_var('action', array('' => 0));
$forum_action = request_var('forum_action', '');
if (sizeof($action_ary))
{
list($action, ) = each($action_ary);
$action = key($action_ary);
}
else if (!empty($forum_action) && request::variable('sort', false, false, request::POST))
{
$action = $forum_action;
}
unset($action_ary);

10
phpBB/memberlist.php
View File

@ -56,7 +56,7 @@ switch ($mode)
}
$start = request_var('start', 0);
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
$default_key = 'c';
$sort_key = request_var('sk', $default_key);
@ -741,8 +741,8 @@ switch ($mode)
$email_lang = request_var('lang', $config['default_lang']);
$subject = utf8_normalize_nfc(request_var('subject', '', true));
$message = utf8_normalize_nfc(request_var('message', '', true));
$cc = (isset($_POST['cc_email'])) ? true : false;
$submit = (isset($_POST['submit'])) ? true : false;
$cc = request::is_set_post('cc_email');
$submit = request::is_set_post('submit');
if ($submit)
{
@ -948,7 +948,7 @@ switch ($mode)
// We validate form and field here, only id/class allowed
$form = (!preg_match('/^[a-z0-9_-]+$/i', $form)) ? '' : $form;
$field = (!preg_match('/^[a-z0-9_-]+$/i', $field)) ? '' : $field;
if (($mode == 'searchuser' || sizeof(array_intersect(array_keys($_GET), $search_params)) > 0) && ($config['load_search'] || $auth->acl_get('a_')))
if (($mode == 'searchuser' || sizeof(array_intersect(request::variable_names(request::GET), $search_params)) > 0) && ($config['load_search'] || $auth->acl_get('a_')))
{
$username = request_var('username', '', true);
$email = strtolower(request_var('email', ''));
@ -1238,7 +1238,7 @@ switch ($mode)
foreach ($check_params as $key => $call)
{
if (!isset($_REQUEST[$key]))
if (!request::is_set($key))
{
continue;
}

42
phpBB/posting.php
View File

@ -32,14 +32,14 @@ $forum_id = request_var('f', 0);
$draft_id = request_var('d', 0);
$lastclick = request_var('lastclick', 0);
$submit = (isset($_POST['post'])) ? true : false;
$preview = (isset($_POST['preview'])) ? true : false;
$save = (isset($_POST['save'])) ? true : false;
$load = (isset($_POST['load'])) ? true : false;
$delete = (isset($_POST['delete'])) ? true : false;
$cancel = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false;
$submit = request::is_set_post('post');
$preview = request::is_set_post('preview');
$save = request::is_set_post('save');
$load = request::is_set_post('load');
$delete = request::is_set_post('delete');
$cancel = (request::is_set_post('cancel') && !request::is_set_post('save')) ? true : false;
$refresh = (isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['cancel_unglobalise']) || $save || $load) ? true : false;
$refresh = (request::is_set_post('add_file') || request::is_set_post('delete_file') || request::is_set_post('cancel_unglobalise') || $save || $load) ? true : false;
$mode = ($delete && !$preview && !$refresh && $submit) ? 'delete' : request_var('mode', '');
$error = $post_data = array();
@ -574,35 +574,37 @@ $solved_captcha = false;
if ($submit || $preview || $refresh)
{
$edit_reason = utf8_normalize_nfc(request_var('edit_reason', '', true));
$post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0);
$post_data['post_subject'] = utf8_normalize_nfc(request_var('subject', '', true));
$message_parser->message = utf8_normalize_nfc(request_var('message', '', true));
$post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true));
$post_data['post_edit_reason'] = (!empty($_POST['edit_reason']) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? utf8_normalize_nfc(request_var('edit_reason', '', true)) : '';
$post_data['post_edit_reason'] = (!empty($edit_reason) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? $edit_reason : '';
$post_data['orig_topic_type'] = $post_data['topic_type'];
$post_data['topic_type'] = request_var('topic_type', (($mode != 'post') ? (int) $post_data['topic_type'] : POST_NORMAL));
$post_data['topic_time_limit'] = request_var('topic_time_limit', (($mode != 'post') ? (int) $post_data['topic_time_limit'] : 0));
$post_data['icon_id'] = request_var('icon', 0);
$post_data['enable_bbcode'] = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true;
$post_data['enable_smilies'] = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true;
$post_data['enable_urls'] = (isset($_POST['disable_magic_url'])) ? 0 : 1;
$post_data['enable_sig'] = (!$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig')) ? false : ((isset($_POST['attach_sig']) && $user->data['is_registered']) ? true : false);
$post_data['enable_bbcode'] = (!$bbcode_status || request::is_set_post('disable_bbcode')) ? false : true;
$post_data['enable_smilies'] = (!$smilies_status || request::is_set_post('disable_smilies')) ? false : true;
$post_data['enable_urls'] = request::is_set_post('disable_magic_url');
$post_data['enable_sig'] = (!$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig')) ? false : ((request::is_set_post('attach_sig') && $user->data['is_registered']) ? true : false);
if ($config['allow_topic_notify'] && $user->data['is_registered'])
{
$notify = (isset($_POST['notify'])) ? true : false;
$notify = request::is_set_post('notify');
}
else
{
$notify = false;
}
$topic_lock = (isset($_POST['lock_topic'])) ? true : false;
$post_lock = (isset($_POST['lock_post'])) ? true : false;
$poll_delete = (isset($_POST['poll_delete'])) ? true : false;
$topic_lock = request::is_set_post('lock_topic');
$post_lock = request::is_set_post('lock_post');
$poll_delete = request::is_set_post('poll_delete');
if ($submit)
{
@ -652,7 +654,7 @@ if ($submit || $preview || $refresh)
$post_data['poll_length'] = request_var('poll_length', 0);
$post_data['poll_option_text'] = utf8_normalize_nfc(request_var('poll_option_text', '', true));
$post_data['poll_max_options'] = request_var('poll_max_options', 1);
$post_data['poll_vote_change'] = ($auth->acl_get('f_votechg', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0;
$post_data['poll_vote_change'] = ($auth->acl_get('f_votechg', $forum_id) && request::is_set_post('poll_vote_change')) ? 1 : 0;
}
// If replying/quoting and last post id has changed
@ -1228,7 +1230,7 @@ if ($config['enable_post_confirm'] && !$user->data['is_registered'] && $solved_c
$s_hidden_fields = ($mode == 'reply' || $mode == 'quote') ? '<input type="hidden" name="topic_cur_post_id" value="' . $post_data['topic_last_post_id'] . '" />' : '';
$s_hidden_fields .= '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
$s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . request_var('draft_loaded', $draft_id) . '" />' : '';
$s_hidden_fields .= ($draft_id || request::is_set('draft_loaded')) ? '<input type="hidden" name="draft_loaded" value="' . request_var('draft_loaded', $draft_id) . '" />' : '';
// Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview
if ($solved_captcha !== false)
@ -1269,7 +1271,7 @@ $template->assign_vars(array(
'UA_PROGRESS_BAR' => addslashes(append_sid('posting', "f=$forum_id&amp;mode=popup")),
'S_PRIVMSGS' => false,
'S_CLOSE_PROGRESS_WINDOW' => (isset($_POST['add_file'])) ? true : false,
'S_CLOSE_PROGRESS_WINDOW' => request::is_set_post('add_file'),
'S_EDIT_POST' => ($mode == 'edit') ? true : false,
'S_EDIT_REASON' => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
'S_DISPLAY_USERNAME' => (!$user->data['is_registered'] || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS)) ? true : false,
@ -1319,7 +1321,7 @@ if (($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_
'L_POLL_OPTIONS_EXPLAIN' => sprintf($user->lang['POLL_OPTIONS_' . (($mode == 'edit') ? 'EDIT_' : '') . 'EXPLAIN'], $config['max_poll_options']),
'VOTE_CHANGE_CHECKED' => (!empty($post_data['poll_vote_change'])) ? ' checked="checked"' : '',
'POLL_TITLE' => (isset($post_data['poll_title'])) ? $post_data['poll_title'] : '',
// 'POLL_TITLE' => (isset($post_data['poll_title'])) ? $post_data['poll_title'] : '',
'POLL_OPTIONS' => (!empty($post_data['poll_options'])) ? implode("\n", $post_data['poll_options']) : '',
'POLL_MAX_OPTIONS' => (isset($post_data['poll_max_options'])) ? (int) $post_data['poll_max_options'] : 1,
'POLL_LENGTH' => $post_data['poll_length'])

4
phpBB/report.php
View File

@ -28,7 +28,7 @@ $reason_id = request_var('reason_id', 0);
$report_text = utf8_normalize_nfc(request_var('report_text', '', true));
$user_notify = ($user->data['is_registered']) ? request_var('notify', 0) : false;
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
if (!$post_id)
{
@ -38,7 +38,7 @@ if (!$post_id)
$redirect_url = append_sid('viewtopic', "f=$forum_id&amp;p=$post_id") . "#p$post_id";
// Has the report been cancelled?
if (isset($_POST['cancel']))
if (request::is_set_post('cancel'))
{
redirect($redirect_url);
}

8
phpBB/search.php
View File

@ -562,7 +562,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
if ($config['load_anon_lastread'] || ($user->data['is_registered'] && !$config['load_db_lastread']))
{
$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
$tracking_topics = request::variable($config['cookie_name'] . '_track', '', false, request::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
}
@ -1038,11 +1038,17 @@ for ($i = 100; $i <= 1000 ; $i += 100)
$s_hidden_fields = array('t' => $topic_id);
/**
* @todo get rid of this global $_SID voodoo!
*/
if ($_SID)
{
$s_hidden_fields['sid'] = $_SID;
}
/**
* @todo get rid of this global $_EXTRA_URL voodoo, too!
*/
if (!empty($_EXTRA_URL))
{
foreach ($_EXTRA_URL as $url_param)

7
phpBB/ucp.php
View File

@ -58,7 +58,7 @@ switch ($mode)
break;
case 'register':
if ($user->data['is_registered'] || isset($_REQUEST['not_agreed']))
if ($user->data['is_registered'] || request::is_set('not_agreed'))
{
redirect(append_sid('index'));
}
@ -81,7 +81,7 @@ switch ($mode)
break;
case 'logout':
if ($user->data['user_id'] != ANONYMOUS && isset($_GET['sid']) && !is_array($_GET['sid']) && $_GET['sid'] === $user->session_id)
if ($user->data['user_id'] != ANONYMOUS && request::variable('sid', '', false, request::GET) === $user->session_id)
{
$user->session_kill();
$user->session_begin();
@ -140,7 +140,8 @@ switch ($mode)
{
$set_time = time() - 31536000;
foreach ($_COOKIE as $cookie_name => $cookie_data)
$cookies = request::variable_names(request::COOKIE);
foreach ($cookies as $cookie_name)
{
$cookie_name = str_replace($config['cookie_name'] . '_', '', $cookie_name);

4
phpBB/viewforum.php
View File

@ -75,7 +75,7 @@ if (!$forum_data)
$user->setup('viewforum', $forum_data['forum_style']);
// Redirect to login upon emailed notification links
if (isset($_GET['e']) && !$user->data['is_registered'])
if (request::is_set('e', request::GET) && !$user->data['is_registered'])
{
login_box('', $user->lang['LOGIN_NOTIFY_FORUM']);
}
@ -238,7 +238,7 @@ if ($sort_days)
$topics_count = (int) $db->sql_fetchfield('num_topics');
$db->sql_freeresult($result);
if (isset($_POST['sort']))
if (request::is_set_post('sort'))
{
$start = 0;
}

19
phpBB/viewtopic.php
View File

@ -348,7 +348,7 @@ if ($topic_data['forum_password'])
}
// Redirect to login or to the correct post upon emailed notification links
if (isset($_GET['e']))
if (request::is_set('e', request::GET))
{
$jump_to = request_var('e', 0);
@ -417,7 +417,7 @@ if ($sort_days)
$limit_posts_time = "AND p.post_time >= $min_post_time ";
if (isset($_POST['sort']))
if (request::is_set_post('sort'))
{
$start = 0;
}
@ -673,10 +673,10 @@ if (!empty($topic_data['poll_start']))
// Cookie based guest tracking ... I don't like this but hum ho
// it's oft requested. This relies on "nice" users who don't feel
// the need to delete cookies to mess with results.
if (isset($_COOKIE[$config['cookie_name'] . '_poll_' . $topic_id]))
$cur_voted_list = request::variable($config['cookie_name'] . '_poll_' . $topic_id, '', false, request::COOKIE);
if (!empty($cur_voted_list))
{
$cur_voted_id = explode(',', $_COOKIE[$config['cookie_name'] . '_poll_' . $topic_id]);
$cur_voted_id = array_map('intval', $cur_voted_id);
$cur_voted_id = array_map('intval', explode(',', $cur_voted_list));
}
}
@ -1580,12 +1580,15 @@ else if (!$all_marked_read)
}
}
// We overwrite $_REQUEST['f'] if there is no forum specified
/**
* @todo Do NOT overwrite a request variable.
*/
// We overwrite the 'f' request variable if there is no forum specified
// to be able to display the correct online list.
// One downside is that the user currently viewing this topic/post is not taken into account.
if (empty($_REQUEST['f']))
if (empty(request::variable('f', '')))
{
$_REQUEST['f'] = $forum_id;
request::overwrite('f', $forum_id);
}
// Output the page