mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-08 17:56:52 +02:00
Code Issues Releases Wiki Activity

- updated all code to use the request class instead of any direct access to

Browse Source 
super globals
- disabled super globals in common.php. See commit r9101 for
  more information
- cleaned up/simplified a few lines along the way.

git-svn-id: file:///svn/phpbb/trunk@9102 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Nils Adermann
2008-11-24 00:20:33 +00:00
parent 8427ae3fd4
commit 07e9b83a3d
73 changed files with 369 additions and 347 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
phpBB/includes/ucp/ucp_attachments.php
View File

@@ -33,8 +33,8 @@ class ucp_attachments
$sort_key = request_var('sk', 'a');
$sort_dir = request_var('sd', 'a');
$delete = (isset($_POST['delete'])) ? true : false;
$confirm = (isset($_POST['confirm'])) ? true : false;
$delete = request::is_set_post('delete');
$confirm = request::is_set_post('confirm');
$delete_ids = array_keys(request_var('attachment', array(0)));
if ($delete && sizeof($delete_ids))

16
phpBB/includes/ucp/ucp_groups.php
View File

@@ -33,8 +33,8 @@ class ucp_groups
$return_page = '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '">', '</a>');
$mark_ary = request_var('mark', array(0));
$submit = (!empty($_POST['submit'])) ? true : false;
$delete = (!empty($_POST['delete'])) ? true : false;
$submit = request::variable('submit', false, false, request::POST);
$delete = request::variable('delete', false, false, request::POST);
$error = $data = array();
switch ($mode)
@@ -43,9 +43,9 @@ class ucp_groups
$this->page_title = 'UCP_USERGROUPS_MEMBER';
if ($submit || isset($_POST['change_default']))
if ($submit || request::is_set_post('change_default'))
{
$action = (isset($_POST['change_default'])) ? 'change_default' : request_var('action', '');
$action = (request::is_set_post('change_default')) ? 'change_default' : request_var('action', '');
$group_id = ($action == 'change_default') ? request_var('default', 0) : request_var('selected', 0);
if (!$group_id)
@@ -411,7 +411,7 @@ class ucp_groups
case 'manage':
$this->page_title = 'UCP_USERGROUPS_MANAGE';
$action = (isset($_POST['addusers'])) ? 'addusers' : request_var('action', '');
$action = (request::is_set_post('addusers')) ? 'addusers' : request_var('action', '');
$group_id = request_var('g', 0);
include(PHPBB_ROOT_PATH . 'includes/functions_display.' . PHP_EXT);
@@ -482,7 +482,7 @@ class ucp_groups
$data = $submit_ary = array();
$update = (isset($_POST['update'])) ? true : false;
$update = request::is_set_post('update');
$error = array();
@@ -505,7 +505,7 @@ class ucp_groups
$submit_ary = array(
'colour' => request_var('group_colour', ''),
'rank' => request_var('group_rank', 0),
'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0,
'receive_pm' => request::is_set('group_receive_pm') ? 1 : 0,
'message_limit' => request_var('group_message_limit', 0),
'max_recipients'=> request_var('group_max_recipients', 0),
);
@@ -672,7 +672,7 @@ class ucp_groups
$type_closed = ($group_type == GROUP_CLOSED) ? ' checked="checked"' : '';
$type_hidden = ($group_type == GROUP_HIDDEN) ? ' checked="checked"' : '';
$display_gallery = (isset($_POST['display_gallery'])) ? true : false;
$display_gallery = request::is_set_post('display_gallery');
if ($config['allow_avatar_local'] && $display_gallery)
{

18
phpBB/includes/ucp/ucp_main.php
View File

@@ -204,7 +204,7 @@ class ucp_main
add_form_key('ucp_front_subscribed');
$unwatch = (isset($_POST['unwatch'])) ? true : false;
$unwatch = request::is_set_post('unwatch');
if ($unwatch)
{
@@ -287,7 +287,7 @@ class ucp_main
}
else
{
$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
$tracking_topics = request::variable($config['cookie_name'] . '_track', '', false, request::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
}
@@ -386,10 +386,10 @@ class ucp_main
$user->add_lang('viewforum');
if (isset($_POST['unbookmark']))
if (request::is_set_post('unbookmark'))
{
$s_hidden_fields = array('unbookmark' => 1);
$topics = (isset($_POST['t'])) ? array_keys(request_var('t', array(0 => 0))) : array();
$topics = array_keys(request::variable('t', array(0 => 0), false, request::POST));
$url = $this->u_action;
if (!sizeof($topics))
@@ -432,10 +432,10 @@ class ucp_main
$user->add_lang('posting');
$edit = (isset($_REQUEST['edit'])) ? true : false;
$submit = (isset($_POST['submit'])) ? true : false;
$draft_id = ($edit) ? intval($_REQUEST['edit']) : 0;
$delete = (isset($_POST['delete'])) ? true : false;
$edit = request::is_set('edit');
$draft_id = request::variable('edit', 0);
$submit = request::is_set_post('submit');
$delete = request::is_set_post('delete');
$s_hidden_fields = ($edit) ? '<input type="hidden" name="edit" value="' . $draft_id . '" />' : '';
$draft_subject = $draft_message = '';
@@ -614,7 +614,7 @@ class ucp_main
$template->assign_vars(array(
'L_TITLE' => $user->lang['UCP_MAIN_' . strtoupper($mode)],
'S_DISPLAY_MARK_ALL' => ($mode == 'watched' || ($mode == 'drafts' && !isset($_GET['edit']))) ? true : false,
'S_DISPLAY_MARK_ALL' => ($mode == 'watched' || ($mode == 'drafts' && !request::is_set('edit', request::GET))) ? true : false,
'S_HIDDEN_FIELDS' => (isset($s_hidden_fields)) ? $s_hidden_fields : '',
'S_UCP_ACTION' => $this->u_action,

10
phpBB/includes/ucp/ucp_pm.php
View File

@@ -18,8 +18,8 @@ if (!defined('IN_PHPBB'))
/**
* Private Message Class
*
* $_REQUEST['folder'] display folder with the id used
* $_REQUEST['folder'] inbox|outbox|sentbox display folder with the associated name
* _REQUEST['folder'] display folder with the id used
* _REQUEST['folder'] inbox|outbox|sentbox display folder with the associated name
*
* Display Messages (default to inbox) - mode=view
* Display single message - mode=view&p=[msg_id] or &p=[msg_id] (short linkage)
@@ -195,8 +195,8 @@ class ucp_pm
// First Handle Mark actions and moving messages
$submit_mark = (isset($_POST['submit_mark'])) ? true : false;
$move_pm = (isset($_POST['move_pm'])) ? true : false;
$submit_mark = request::is_set_post('submit_mark');
$move_pm = request::is_set_post('move_pm');
$mark_option = request_var('mark_option', '');
$dest_folder = request_var('dest_folder', PRIVMSGS_NO_BOX);
@@ -211,7 +211,7 @@ class ucp_pm
// Move PM
if ($move_pm)
{
$move_msg_ids = (isset($_POST['marked_msg_id'])) ? request_var('marked_msg_id', array(0)) : array();
$move_msg_ids = request::variable('marked_msg_id', array(0), false, request::POST);
$cur_folder_id = request_var('cur_folder_id', PRIVMSGS_NO_BOX);
if (move_pm($user->data['user_id'], $user->data['message_limit'], $move_msg_ids, $dest_folder, $cur_folder_id))

68
phpBB/includes/ucp/ucp_pm_compose.php
View File

@@ -44,28 +44,21 @@ function compose_pm($id, $mode, $action)
$msg_id = request_var('p', 0);
$draft_id = request_var('d', 0);
$lastclick = request_var('lastclick', 0);
$address_list = request_var('address_list', array('' => array(0 => '')));
// Do NOT use request_var or specialchars here
$address_list = isset($_REQUEST['address_list']) ? $_REQUEST['address_list'] : array();
$submit = request::is_set_post('post');
$preview = request::is_set_post('preview');
$save = request::is_set_post('save');
$load = request::is_set_post('load');
$cancel = (request::is_set_post('cancel') && !$save) ? true : false;
$delete = request::is_set_post('delete');
if (!is_array($address_list))
{
$address_list = array();
}
$remove_u = request::is_set('remove_u');
$remove_g = request::is_set('remove_g');
$add_to = request::is_set('add_to');
$add_bcc = request::is_set('add_bcc');
$submit = (isset($_POST['post'])) ? true : false;
$preview = (isset($_POST['preview'])) ? true : false;
$save = (isset($_POST['save'])) ? true : false;
$load = (isset($_POST['load'])) ? true : false;
$cancel = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false;
$delete = (isset($_POST['delete'])) ? true : false;
$remove_u = (isset($_REQUEST['remove_u'])) ? true : false;
$remove_g = (isset($_REQUEST['remove_g'])) ? true : false;
$add_to = (isset($_REQUEST['add_to'])) ? true : false;
$add_bcc = (isset($_REQUEST['add_bcc'])) ? true : false;
$refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || $save || $load
$refresh = request::is_set_post('add_file') || request::is_set_post('delete_file') || $save || $load
|| $remove_u || $remove_g || $add_to || $add_bcc;
$action = ($delete && !$preview && !$refresh && $submit) ? 'delete' : $action;
@@ -625,10 +618,10 @@ function compose_pm($id, $mode, $action)
$icon_id = request_var('icon', 0);
$enable_bbcode = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true;
$enable_smilies = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true;
$enable_urls = (isset($_POST['disable_magic_url'])) ? 0 : 1;
$enable_sig = (!$config['allow_sig'] ||!$config['allow_sig_pm']) ? false : ((isset($_POST['attach_sig'])) ? true : false);
$enable_bbcode = (!$bbcode_status || request::is_set_post('disable_bbcode')) ? false : true;
$enable_smilies = (!$smilies_status || request::is_set_post'disable_smilies')) ? false : true;
$enable_urls = (request::is_set_post('disable_magic_url')) ? 0 : 1;
$enable_sig = (!$config['allow_sig'] ||!$config['allow_sig_pm']) ? false : request::is_set_post('attach_sig');
if ($submit)
{
@@ -1002,7 +995,7 @@ function compose_pm($id, $mode, $action)
$s_hidden_fields = '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
$s_hidden_fields .= (isset($check_value)) ? '<input type="hidden" name="status_switch" value="' . $check_value . '" />' : '';
$s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . ((isset($_REQUEST['draft_loaded'])) ? intval($_REQUEST['draft_loaded']) : $draft_id) . '" />' : '';
$s_hidden_fields .= ($draft_id || request::is_set('draft_loaded')) ? '<input type="hidden" name="draft_loaded" value="' . request_var('draft_loaded', (int) $draft_id) . '" />' : '';
$form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_pm_attach'] || !$auth->acl_get('u_pm_attach')) ? '' : ' enctype="multipart/form-data"';
@@ -1047,7 +1040,7 @@ function compose_pm($id, $mode, $action)
'S_HIDDEN_ADDRESS_FIELD' => $s_hidden_address_field,
'S_HIDDEN_FIELDS' => $s_hidden_fields,
'S_CLOSE_PROGRESS_WINDOW' => isset($_POST['add_file']),
'S_CLOSE_PROGRESS_WINDOW' => request::is_set_post('add_file'),
'U_PROGRESS_BAR' => append_sid('posting', 'f=0&amp;mode=popup'),
'UA_PROGRESS_BAR' => addslashes(append_sid('posting', 'f=0&amp;mode=popup')),
));
@@ -1079,32 +1072,25 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
global $auth, $db, $user;
// Delete User [TO/BCC]
if ($remove_u && !empty($_REQUEST['remove_u']) && is_array($_REQUEST['remove_u']))
$remove_user_id = request_var('remove_u', array(0 => false));
if ($remove_u && sizeof($remove_user_id))
{
$remove_user_id = array_keys($_REQUEST['remove_u']);
if (isset($remove_user_id[0]))
{
unset($address_list['u'][(int) $remove_user_id[0]]);
}
unset($address_list['u'][(int) key($remove_user_id)]);
}
// Delete Group [TO/BCC]
if ($remove_g && !empty($_REQUEST['remove_g']) && is_array($_REQUEST['remove_g']))
$remove_group_id = request_var('remove_g', array(0 => false));
if ($remove_g && sizeof($remove_group_id))
{
$remove_group_id = array_keys($_REQUEST['remove_g']);
if (isset($remove_group_id[0]))
{
unset($address_list['g'][(int) $remove_group_id[0]]);
}
unset($address_list['g'][(int) key($remove_group_id)]);
}
// Add Selected Groups
$group_list = request_var('group_list', array(0));
// Build usernames to add
$usernames = (isset($_REQUEST['username'])) ? array(request_var('username', '', true)) : array();
$username = request_var('username', '', true)
$usernames = ($username) ? array($username) : array();
$username_list = request_var('username_list', '', true);
if ($username_list)
{
@@ -1152,7 +1138,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
}
// Add Friends if specified
$friend_list = (isset($_REQUEST['add_' . $type]) && is_array($_REQUEST['add_' . $type])) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array();
$friend_list = array_keys(request_var('add_' . $type, array(0 => false)));
$user_id_ary = array_merge($user_id_ary, $friend_list);
foreach ($user_id_ary as $user_id)

14
phpBB/includes/ucp/ucp_pm_options.php
View File

@@ -27,7 +27,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
add_form_key('ucp_pm_options');
// Change "full folder" setting - what to do if folder is full
if (isset($_POST['fullfolder']))
if (request::is_set_post('fullfolder'))
{
check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url);
$full_action = request_var('full_action', 0);
@@ -68,7 +68,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
}
// Add Folder
if (isset($_POST['addfolder']))
if (request::is_set_post('addfolder'))
{
if (check_form_key('ucp_pm_options'))
{
@@ -120,7 +120,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
}
// Rename folder
if (isset($_POST['rename_folder']))
if (request::is_set_post('rename_folder'))
{
if (check_form_key('ucp_pm_options'))
{
@@ -165,7 +165,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
}
// Remove Folder
if (isset($_POST['remove_folder']))
if (request::is_set_post('remove_folder'))
{
$remove_folder_id = request_var('remove_folder_id', 0);
@@ -276,7 +276,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
}
// Add Rule
if (isset($_POST['add_rule']))
if (request::is_set_post('add_rule'))
{
if (check_form_key('ucp_pm_options'))
{
@@ -345,7 +345,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
}
// Remove Rule
if (isset($_POST['delete_rule']) && !isset($_POST['cancel']))
if (request::is_set_post('delete_rule') && !request::is_set_post('cancel'))
{
$delete_id = array_keys(request_var('delete_rule', array(0 => 0)));
$delete_id = (!empty($delete_id[0])) ? $delete_id[0] : 0;
@@ -494,7 +494,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
$rule_option = request_var('rule_option', 0);
$cond_option = request_var('cond_option', '');
$action_option = request_var('action_option', '');
$back = (isset($_REQUEST['back'])) ? request_var('back', array('' => 0)) : array();
$back = request_var('back', array('' => 0));
if (sizeof($back))
{

4
phpBB/includes/ucp/ucp_pm_viewfolder.php
View File

@@ -24,7 +24,7 @@ function view_folder($id, $mode, $folder_id, $folder)
{
global $user, $template, $auth, $db, $cache, $config;
$submit_export = (isset($_POST['submit_export'])) ? true : false;
$submit_export = request::is_set_post('submit_export');
$folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']);
@@ -473,7 +473,7 @@ function get_pm_from($folder_id, $folder, $user_id)
{
$min_post_time = time() - ($sort_days * 86400);
if (isset($_POST['sort']))
if (request::is_set_post('sort'))
{
$start = 0;
}

2
phpBB/includes/ucp/ucp_pm_viewmessage.php
View File

@@ -234,7 +234,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
}
}
if (!isset($_REQUEST['view']) || $_REQUEST['view'] != 'print')
if (request_var('view', '') != 'print')
{
// Message History
if (message_history($msg_id, $user->data['user_id'], $message_row, $folder))

2
phpBB/includes/ucp/ucp_prefs.php
View File

@@ -29,7 +29,7 @@ class ucp_prefs
{
global $config, $db, $user, $auth, $template;
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
$error = $data = array();
$s_hidden_fields = '';

6
phpBB/includes/ucp/ucp_profile.php
View File

@@ -33,9 +33,9 @@ class ucp_profile
$user->add_lang('posting');
$preview = (!empty($_POST['preview'])) ? true : false;
$submit = (!empty($_POST['submit'])) ? true : false;
$delete = (!empty($_POST['delete'])) ? true : false;
$preview = request::variable('preview', false, false, request::POST);
$submit = request::variable('submit', false, false, request::POST);
$delete = request::variable('delete', false, false, request::POST);
$error = $data = array();
$s_hidden_fields = '';

8
phpBB/includes/ucp/ucp_register.php
View File

@@ -37,9 +37,9 @@ class ucp_register
include(PHPBB_ROOT_PATH . 'includes/functions_profile_fields.' . PHP_EXT);
$coppa = (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false;
$agreed = (!empty($_POST['agreed'])) ? 1 : 0;
$submit = (isset($_POST['submit'])) ? true : false;
$coppa = request::is_set('coppa') ? ((request_var('coppa', false)) ? 1 : 0) : false;
$agreed = request::variable('agreed', false, false, request::POST) ? 1 : 0;
$submit = request::is_set_post('submit');
$change_lang = request_var('change_lang', '');
$user_lang = request_var('lang', $user->lang_name);
@@ -71,7 +71,7 @@ class ucp_register
$submit = false;
// Setting back agreed to let the user view the agreement in his/her language
$agreed = (empty($_GET['change_lang'])) ? 0 : $agreed;
$agreed = (request::is_set_post('change_lang')) ? 0 : $agreed;
}
$user->lang_name = $lang = $use_lang;

2
phpBB/includes/ucp/ucp_remind.php
View File

@@ -31,7 +31,7 @@ class ucp_remind
$username = request_var('username', '', true);
$email = strtolower(request_var('email', ''));
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
if ($submit)
{

2
phpBB/includes/ucp/ucp_resend.php
View File

@@ -31,7 +31,7 @@ class ucp_resend
$username = request_var('username', '', true);
$email = strtolower(request_var('email', ''));
$submit = (isset($_POST['submit'])) ? true : false;
$submit = request::is_set_post('submit');
add_form_key('ucp_resend');

2
phpBB/includes/ucp/ucp_zebra.php
View File

@@ -28,7 +28,7 @@ class ucp_zebra
{
global $config, $db, $user, $auth, $template;
$submit = (isset($_POST['submit']) || isset($_GET['add']) || isset($_GET['remove'])) ? true : false;
$submit = request::is_set_post('submit') || request::is_set('add', request::GET) || request::is_set('remove', request::GET);
$s_hidden_fields = '';
$l_mode = strtoupper($mode);