mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-01 14:30:32 +02:00
Code Issues Releases Wiki Activity

[feature/system-cron] use phpbb_request instead of plain superglobals

Browse Source 
PHPBB3-9596
This commit is contained in:
Igor Wiedler
2010-10-29 13:29:00 +02:00
committed by Oleg Pudeyev
parent 5a95340ee8
commit e48b850ab5
3 changed files with 12 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/cron.php
View File

@@ -89,7 +89,7 @@ if ($cron_lock->lock())
{ {
if ($task->is_parametrized()) if ($task->is_parametrized())
{ {
$task->parse_parameters($_GET); $task->parse_parameters($request);
} }
if ($task->is_ready()) if ($task->is_ready())
{ {

13
phpBB/includes/cron/task/core/prune_forum.php
View File

@@ -103,20 +103,19 @@ class phpbb_cron_task_core_prune_forum extends phpbb_cron_task_base implements p
} }
/** /**
* Parses parameters found in $params, which is an array. * Parses parameters found in $request, which is an instance of
* phpbb_request_interface.
* *
* $params may contain user input and is not trusted. * It is expected to have a key f whose value is id of the forum to be pruned.
*
* $params is expected to have a key f whose value is id of the forum to be pruned.
*/ */
public function parse_parameters($params) public function parse_parameters(phpbb_request_interface $request)
{ {
global $db; global $db;
$this->forum_data = null; $this->forum_data = null;
if (isset($params['f'])) if ($request->is_set('f'))
{ {
$forum_id = (int) $params['f']; $forum_id = $request->variable('f', 0);
$sql = 'SELECT forum_id, prune_next, enable_prune, prune_days, prune_viewed, forum_flags, prune_freq $sql = 'SELECT forum_id, prune_next, enable_prune, prune_days, prune_viewed, forum_flags, prune_freq
FROM ' . FORUMS_TABLE . " FROM ' . FORUMS_TABLE . "

12
phpBB/includes/cron/task/parametrized.php
View File

@@ -37,13 +37,11 @@ interface phpbb_cron_task_parametrized extends phpbb_cron_task
public function get_parameters(); public function get_parameters();
/** /**
* Parses parameters found in $params, which is an array. * Parses parameters found in $request, which is an instance of
* phpbb_request_interface.
* *
* $params contains user input and must not be trusted. * $request contains user input and must not be trusted.
* In normal operation $params contains the same data that was returned by * Cron task must validate all data before using it.
* get_parameters method. However, a malicious user can supply arbitrary
* data in $params.
* Cron task must validate all keys and values in $params before using them.
*/ */
public function parse_parameters($params); public function parse_parameters(phpbb_request_interface $request);
} }