- updated all code to use the request class instead of any direct access to

super globals
- disabled super globals in common.php. See commit r9101 for
  more information
- cleaned up/simplified a few lines along the way.

git-svn-id: file:///svn/phpbb/trunk@9102 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/adm/index.php

@@ -175,7 +175,7 @@ function adm_page_footer($copyright_html = true)
 		$mtime = explode(' ', microtime());
 		$totaltime = $mtime[0] + $mtime[1] - $starttime;
 
-		if (!empty($_REQUEST['explain']) && $auth->acl_get('a_') && defined('DEBUG_EXTRA') && method_exists($db, 'sql_report'))
+		if (request::variable('explain', false) && $auth->acl_get('a_') && defined('DEBUG_EXTRA') && method_exists($db, 'sql_report'))
 		{
 			$db->sql_report('display');
 		}

phpBB/common.php

@@ -200,6 +200,9 @@ require(PHPBB_ROOT_PATH . 'includes/utf/utf_tools.' . PHP_EXT);
 // Set PHP error handler to ours
 set_error_handler(defined('PHPBB_MSG_HANDLER') ? PHPBB_MSG_HANDLER : 'msg_handler');
 
+// enforce the use of the request class
+request::disable_super_globals();
+
 // Instantiate some basic classes
 $user		= new user();
 $auth		= new auth();

phpBB/docs/coding-guidelines.html

@@ -875,7 +875,7 @@ $submit = (isset($HTTP_POST_VARS['submit'])) ? true : false;
 	<p class="good">// Use request var and define a default variable (use the correct type)</p>
 	<div class="codebox"><pre>
 $start = request_var('start', 0);
-$submit = (isset($_POST['submit'])) ? true : false;
+$submit = request::is_set_post('submit');
 	</pre></div>
 
 	<p class="bad">// $start is an int, the following use of request_var therefore is not allowed</p>

phpBB/download/file.php

@@ -30,13 +30,13 @@ else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'
 	exit;
 }
 
-if (isset($_GET['avatar']))
+if (request::is_set('avatar', request::GET))
 {
 	// worst-case default
 	$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';
 
 	$config = cache::obtain_config();
-	$filename = $_GET['avatar'];
+	$filename = request::variable('avatar', '', false, request::GET);
 	$avatar_group = false;
 	$exit = false;
 	

phpBB/includes/acp/acp_attachments.php

@@ -31,7 +31,7 @@ class acp_attachments
 		$user->add_lang(array('posting', 'viewtopic', 'acp/attachments'));
 
 		$error = $notify = array();
-		$submit = (isset($_POST['submit'])) ? true : false;
+		$submit = request::is_set_post('submit');
 		$action = request_var('action', '');
 
 		$form_key = 'acp_attach';
@@ -128,7 +128,7 @@ class acp_attachments
 				);
 
 				$this->new_config = $config;
-				$cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => '')) : $this->new_config;
+				$cfg_array = (request::is_set('config')) ? request_var('config', array('' => '')) : $this->new_config;
 				$error = array();
 
 				// We validate the complete config if whished
@@ -297,7 +297,7 @@ class acp_attachments
 
 			case 'extensions':
 
-				if ($submit || isset($_POST['add_extension_check']))
+				if ($submit || request::is_set_post('add_extension_check'))
 				{
 					if ($submit)
 					{
@@ -361,7 +361,7 @@ class acp_attachments
 					// Add Extension?
 					$add_extension			= strtolower(request_var('add_extension', ''));
 					$add_extension_group	= request_var('add_group_select', 0);
-					$add					= (isset($_POST['add_extension_check'])) ? true : false;
+					$add					= request::is_set_post('add_extension_check');
 
 					if ($add_extension && $add)
 					{
@@ -402,7 +402,7 @@ class acp_attachments
 				$template->assign_vars(array(
 					'S_EXTENSIONS'			=> true,
 					'ADD_EXTENSION'			=> (isset($add_extension)) ? $add_extension : '',
-					'GROUP_SELECT_OPTIONS'	=> (isset($_POST['add_extension_check'])) ? $this->group_select('add_group_select', $add_extension_group, 'extension_group') : $this->group_select('add_group_select', false, 'extension_group'))
+					'GROUP_SELECT_OPTIONS'	=> (request::is_set_post('add_extension_check')) ? $this->group_select('add_group_select', $add_extension_group, 'extension_group') : $this->group_select('add_group_select', false, 'extension_group'))
 				);
 
 				$sql = 'SELECT *
@@ -512,10 +512,10 @@ class acp_attachments
 						$size_select	= request_var('size_select', 'b');
 						$forum_select	= request_var('forum_select', false);
 						$allowed_forums	= request_var('allowed_forums', array(0));
-						$allow_in_pm	= (isset($_POST['allow_in_pm'])) ? true : false;
+						$allow_in_pm	= request::is_set_post('allow_in_pm');
 						$max_filesize	= request_var('max_filesize', 0);
 						$max_filesize	= ($size_select == 'kb') ? round($max_filesize * 1024) : (($size_select == 'mb') ? round($max_filesize * 1048576) : $max_filesize);
-						$allow_group	= (isset($_POST['allow_group'])) ? true : false;
+						$allow_group	= request::is_set_post('allow_group');
 
 						if ($max_filesize == $config['max_filesize'])
 						{
@@ -593,7 +593,7 @@ class acp_attachments
 				);
 
 				$group_id = request_var('g', 0);
-				$action = (isset($_POST['add'])) ? 'add' : $action;
+				$action = request::is_set_post('add');
 
 				switch ($action)
 				{
@@ -876,8 +876,8 @@ class acp_attachments
 
 				if ($submit)
 				{
-					$delete_files = (isset($_POST['delete'])) ? array_keys(request_var('delete', array('' => 0))) : array();
+					$delete_files = array_keys(request::variable('delete', array('' => 0), false, request::POST));
-					$add_files = (isset($_POST['add'])) ? array_keys(request_var('add', array('' => 0))) : array();
+					$add_files = array_keys(request::variable('add', array('' => 0), false, request::POST));
 					$post_ids = request_var('post_id', array('' => 0));
 
 					if (sizeof($delete_files))
@@ -1231,14 +1231,14 @@ class acp_attachments
 	{
 		global $db, $user;
 
-		if (isset($_REQUEST['securesubmit']))
+		if (request::is_set('securesubmit'))
 		{
 			// Grab the list of entries
 			$ips = request_var('ips', '');
 			$ip_list = array_unique(explode("\n", $ips));
 			$ip_list_log = implode(', ', $ip_list);
 
-			$ip_exclude = (!empty($_POST['ipexclude'])) ? 1 : 0;
+			$ip_exclude = (int) request::variable('ipexclude', false, false, request::POST);
 
 			$iplist = array();
 			$hostlist = array();
@@ -1385,7 +1385,7 @@ class acp_attachments
 
 			trigger_error($user->lang['SECURE_DOWNLOAD_UPDATE_SUCCESS'] . adm_back_link($this->u_action));
 		}
-		else if (isset($_POST['unsecuresubmit']))
+		else if (request::is_set_post('unsecuresubmit'))
 		{
 			$unip_sql = request_var('unip', array(0));
 

phpBB/includes/acp/acp_ban.php

@@ -29,8 +29,8 @@ class acp_ban
 
 		include(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT);
 
-		$bansubmit	= (isset($_POST['bansubmit'])) ? true : false;
+		$bansubmit	= request::is_set_post('bansubmit');
-		$unbansubmit = (isset($_POST['unbansubmit'])) ? true : false;
+		$unbansubmit = request::is_set_post('unbansubmit');
 		$current_time = time();
 
 		$user->add_lang(array('acp/ban', 'acp/users'));

phpBB/includes/acp/acp_board.php

@@ -32,7 +32,7 @@ class acp_board
 		$user->add_lang('acp/board');
 
 		$action	= request_var('action', '');
-		$submit = (isset($_POST['submit'])) ? true : false;
+		$submit = request::is_set_post('submit');
 
 		$form_key = 'acp_board';
 		add_form_key($form_key);
@@ -371,7 +371,7 @@ class acp_board
 		}
 
 		$this->new_config = $config;
-		$cfg_array = (isset($_REQUEST['config'])) ? utf8_normalize_nfc(request_var('config', array('' => ''), true)) : $this->new_config;
+		$cfg_array = (request::is_set('config')) ? utf8_normalize_nfc(request_var('config', array('' => ''), true)) : $this->new_config;
 		$error = array();
 
 		// We validate the complete config if whished

phpBB/includes/acp/acp_bots.php

@@ -28,11 +28,11 @@ class acp_bots
 		global $config, $db, $user, $auth, $template, $cache;
 
 		$action = request_var('action', '');
-		$submit = (isset($_POST['submit'])) ? true : false;
+		$submit = request::is_set_post('submit');
 		$mark	= request_var('mark', array(0));
 		$bot_id	= request_var('id', 0);
 
-		if (isset($_POST['add']))
+		if (request::is_set_post('add'))
 		{
 			$action = 'add';
 		}

phpBB/includes/acp/acp_captcha.php

@@ -36,7 +36,7 @@ class acp_captcha
 		$configure = request_var('configure', false);
 		
 		// Oh, they are just here for the view
-		if (isset($_GET['captcha_demo']))
+		if (request::is_set('captcha_demo', request::GET))
 		{
 			$this->deliver_demo($selected);
 		}
@@ -109,7 +109,7 @@ class acp_captcha
 				
 				foreach ($config_vars as $config_var => $template_var)
 				{
-					$template->assign_var($template_var, (isset($_REQUEST[$config_var])) ? request_var($config_var, '') : $config[$config_var]) ;
+					$template->assign_var($template_var, request_var($config_var, $config[$config_var])) ;
 				}
 
 				$template->assign_vars(array(

phpBB/includes/acp/acp_database.php

@@ -33,7 +33,7 @@ class acp_database
 		$this->page_title = 'ACP_DATABASE';
 
 		$action	= request_var('action', '');
-		$submit = (isset($_POST['submit'])) ? true : false;
+		$submit = request::is_set_post('submit');
 
 		$template->assign_vars(array(
 			'MODE'	=> $mode

phpBB/includes/acp/acp_disallow.php

@@ -38,8 +38,8 @@ class acp_disallow
 		$form_key = 'acp_disallow';
 		add_form_key($form_key);
 
-		$disallow = (isset($_POST['disallow'])) ? true : false;
+		$disallow = request::is_set_post('disallow');
-		$allow = (isset($_POST['allow'])) ? true : false;
+		$allow = request::is_set_post('allow');
 
 		if (($allow || $disallow) && !check_form_key($form_key))
 		{

phpBB/includes/acp/acp_email.php

@@ -35,7 +35,7 @@ class acp_email
 		add_form_key($form_key);
 
 		// Set some vars
-		$submit = (isset($_POST['submit'])) ? true : false;
+		$submit = request::is_set_post('submit');
 		$error = array();
 
 		$usernames	= request_var('usernames', '', true);
@@ -48,7 +48,7 @@ class acp_email
 		{
 			// Error checking needs to go here ... if no subject and/or no message then skip
 			// over the send and return to the form
-			$use_queue		= (isset($_POST['send_immediately'])) ? false : true;
+			$use_queue		= request::is_set_post('send_immediately');
 			$priority		= request_var('mail_priority_flag', MAIL_NORMAL_PRIORITY);
 
 			if (!check_form_key($form_key))

phpBB/includes/acp/acp_forums.php

@@ -36,7 +36,7 @@ class acp_forums
 		add_form_key($form_key);
 
 		$action		= request_var('action', '');
-		$update		= (isset($_POST['update'])) ? true : false;
+		$update		= request::is_set_post('update');
 		$forum_id	= request_var('f', 0);
 
 		$this->parent_id	= request_var('parent_id', 0);

phpBB/includes/acp/acp_groups.php

@@ -37,14 +37,14 @@ class acp_groups
 		include(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT);
 
 		// Check and set some common vars
-		$action		= (isset($_POST['add'])) ? 'add' : ((isset($_POST['addusers'])) ? 'addusers' : request_var('action', ''));
+		$action		= (request::is_set_post('add')) ? 'add' : ((request::is_set_post('addusers')) ? 'addusers' : request_var('action', ''));
 		$group_id	= request_var('g', 0);
 		$mark_ary	= request_var('mark', array(0));
 		$name_ary	= request_var('usernames', '', true);
 		$leader		= request_var('leader', 0);
 		$default	= request_var('default', 0);
 		$start		= request_var('start', 0);
-		$update		= (isset($_POST['update'])) ? true : false;
+		$update		= request::is_set_post('update');
 
 
 		// Clear some vars
@@ -303,8 +303,8 @@ class acp_groups
 					$submit_ary = array(
 						'colour'			=> request_var('group_colour', ''),
 						'rank'				=> request_var('group_rank', 0),
-						'receive_pm'		=> isset($_REQUEST['group_receive_pm']) ? 1 : 0,
+						'receive_pm'		=> request::is_set('group_receive_pm') ? 1 : 0,
-						'legend'			=> isset($_REQUEST['group_legend']) ? 1 : 0,
+						'legend'			=> request::is_set('group_legend') ? 1 : 0,
 						'message_limit'		=> request_var('group_message_limit', 0),
 						'max_recipients'	=> request_var('group_max_recipients', 0),
 						'founder_manage'	=> 0,
@@ -312,7 +312,7 @@ class acp_groups
 
 					if ($user->data['user_type'] == USER_FOUNDER)
 					{
-						$submit_ary['founder_manage'] = isset($_REQUEST['group_founder_manage']) ? 1 : 0;
+						$submit_ary['founder_manage'] = request::is_set('group_founder_manage') ? 1 : 0;
 					}
 
 					if (!empty($_FILES['uploadfile']['tmp_name']) || $data['uploadurl'] || $data['remotelink'])
@@ -519,7 +519,7 @@ class acp_groups
 
 				$avatar_img = (!empty($group_row['group_avatar'])) ? get_user_avatar($group_row['group_avatar'], $group_row['group_avatar_type'], $group_row['group_avatar_width'], $group_row['group_avatar_height'], 'GROUP_AVATAR') : '<img src="' . PHPBB_ADMIN_PATH . 'images/no_avatar.gif" alt="" />';
 
-				$display_gallery = (isset($_POST['display_gallery'])) ? true : false;
+				$display_gallery = request::is_set_post('display_gallery');
 
 				if ($config['allow_avatar_local'] && $display_gallery)
 				{

phpBB/includes/acp/acp_icons.php

@@ -32,9 +32,9 @@ class acp_icons
 
 		// Set up general vars
 		$action = request_var('action', '');
-		$action = (isset($_POST['add'])) ? 'add' : $action;
+		$action = (request::is_set_post('add')) ? 'add' : $action;
-		$action = (isset($_POST['edit'])) ? 'edit' : $action;
+		$action = (request::is_set_post('edit')) ? 'edit' : $action;
-		$action = (isset($_POST['import'])) ? 'import' : $action;
+		$action = (request::is_set_post('import')) ? 'import' : $action;
 		$icon_id = request_var('id', 0);
 
 		$mode = ($mode == 'smilies') ? 'smilies' : 'icons';
@@ -309,20 +309,20 @@ class acp_icons
 			case 'modify':
 
 				// Get items to create/modify
-				$images = (isset($_POST['image'])) ? array_keys(request_var('image', array('' => 0))) : array();
+				$images = array_keys(request::variable('image', array('' => 0), false, request::POST));
 				
 				// Now really get the items
-				$image_id		= (isset($_POST['id'])) ? request_var('id', array('' => 0)) : array();
+				$image_id					= request::variable('id',					array('' => 0), false, request::POST);
-				$image_order	= (isset($_POST['order'])) ? request_var('order', array('' => 0)) : array();
+				$image_order				= request::variable('order',				array('' => 0), false, request::POST);
-				$image_width	= (isset($_POST['width'])) ? request_var('width', array('' => 0)) : array();
+				$image_width				= request::variable('width',				array('' => 0), false, request::POST);
-				$image_height	= (isset($_POST['height'])) ? request_var('height', array('' => 0)) : array();
+				$image_height				= request::variable('height',				array('' => 0), false, request::POST);
-				$image_add		= (isset($_POST['add_img'])) ? request_var('add_img', array('' => 0)) : array();
+				$image_add					= request::variable('add_img',				array('' => 0), false, request::POST);
-				$image_emotion	= utf8_normalize_nfc(request_var('emotion', array('' => ''), true));
+				$image_display_on_posting	= request::variable('display_on_posting',	array('' => 0), false, request::POST);
-				$image_code		= utf8_normalize_nfc(request_var('code', array('' => ''), true));
+				$image_emotion				= utf8_normalize_nfc(request_var('emotion',	array('' => ''), true));
-				$image_display_on_posting = (isset($_POST['display_on_posting'])) ? request_var('display_on_posting', array('' => 0)) : array();
+				$image_code					= utf8_normalize_nfc(request_var('code',		array('' => ''), true));
 
 				// Ok, add the relevant bits if we are adding new codes to existing emoticons...
-				if (!empty($_POST['add_additional_code']))
+				if (request::variable('add_additional_code', false, false, request::POST))
 				{
 					$add_image			= request_var('add_image', '');
 					$add_code			= utf8_normalize_nfc(request_var('add_code', '', true));
@@ -338,7 +338,7 @@ class acp_icons
 						$image_width[$add_image] = request_var('add_width', 0);
 						$image_height[$add_image] = request_var('add_height', 0);
 
-						if (!empty($_POST['add_display_on_posting']))
+						if (request::variable('add_display_on_posting', false, false, request::POST))
 						{
 							$image_display_on_posting[$add_image] = 1;
 						}

phpBB/includes/acp/acp_inactive.php

@@ -38,9 +38,9 @@ class acp_inactive
 		$user->add_lang('memberlist');
 
 		$action = request_var('action', '');
-		$mark	= (isset($_REQUEST['mark'])) ? request_var('mark', array(0)) : array();
+		$mark	= request_var('mark', array(0));
 		$start	= request_var('start', 0);
-		$submit = isset($_POST['submit']);
+		$submit = request::is_set_post('submit');
 
 		// Sort keys
 		$sort_days	= request_var('st', 0);

phpBB/includes/acp/acp_jabber.php

@@ -33,7 +33,7 @@ class acp_jabber
 		include_once(PHPBB_ROOT_PATH . 'includes/functions_jabber.' . PHP_EXT);
 
 		$action	= request_var('action', '');
-		$submit = (isset($_POST['submit'])) ? true : false;
+		$submit = request::is_set_post('submit');
 
 		if ($mode != 'settings')
 		{

phpBB/includes/acp/acp_language.php

@@ -34,30 +34,40 @@ class acp_language
 		global $config, $db, $user, $auth, $template, $cache;
 		global $safe_mode, $file_uploads;
 
+		/**
+		* @todo make this work with the request class, might require some additional functionality
+		* inside the request class. Reducing some of the redundance of this code would certainly
+		* not hurt either.
+		*/
+		request::enable_super_globals();
+
 		include_once(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT);
 
 		$this->default_variables();
 
 		// Check and set some common vars
 
-		$action		= (isset($_POST['update_details'])) ? 'update_details' : '';
+		$action		= (request::is_set_post('update_details')) ? 'update_details' : '';
-		$action		= (isset($_POST['download_file'])) ? 'download_file' : $action;
+		$action		= (request::is_set_post('download_file')) ? 'download_file' : $action;
-		$action		= (isset($_POST['upload_file'])) ? 'upload_file' : $action;
+		$action		= (request::is_set_post('upload_file')) ? 'upload_file' : $action;
-		$action		= (isset($_POST['upload_data'])) ? 'upload_data' : $action;
+		$action		= (request::is_set_post('upload_data')) ? 'upload_data' : $action;
-		$action		= (isset($_POST['submit_file'])) ? 'submit_file' : $action;
+		$action		= (request::is_set_post('submit_file')) ? 'submit_file' : $action;
-		$action		= (isset($_POST['remove_store'])) ? 'details' : $action;
+		$action		= (request::is_set_post('remove_store')) ? 'details' : $action;
 
-		$submit = (empty($action) && !isset($_POST['update']) && !isset($_POST['test_connection'])) ? false : true;
+		$submit = (empty($action) && !request::is_set_post('update') && !request::is_set_post('test_connection')) ? false : true;
 		$action = (empty($action)) ? request_var('action', '') : $action;
 
 		$form_name = 'acp_lang';
 		add_form_key('acp_lang');
 
 		$lang_id = request_var('id', 0);
-		if (isset($_POST['missing_file']))
+		if (request::is_set_post('missing_file'))
 		{
 			$missing_file = request_var('missing_file', array('' => 0));
-			list($_REQUEST['language_file'], ) = array_keys($missing_file);
+			/**
+			* @todo Do NOT overwrite a request variable.
+			*/
+			request::overwrite('language_file', key($missing_file));
 		}
 
 		$selected_lang_file = request_var('language_file', '|common.' . PHP_EXT);
@@ -114,11 +124,12 @@ class acp_language
 				$requested_data = call_user_func(array($method, 'data'));
 				foreach ($requested_data as $data => $default)
 				{
+					$default_value = request_var($data, '');
 					$template->assign_block_vars('data', array(
 						'DATA'		=> $data,
 						'NAME'		=> $user->lang[strtoupper($method . '_' . $data)],
 						'EXPLAIN'	=> $user->lang[strtoupper($method . '_' . $data) . '_EXPLAIN'],
-						'DEFAULT'	=> (!empty($_REQUEST[$data])) ? request_var($data, '') : $default
+						'DEFAULT'	=> (empty($default_value)) ? $default : $default_value
 					));
 				}
 
@@ -129,6 +140,9 @@ class acp_language
 					'method'		=> $method)
 				);
 
+				/**
+				* @todo Do not use $_POST here, but request::variable which needs to support more dimensions
+				*/
 				$hidden_data .= build_hidden_fields(array('entry' => $_POST['entry']), true, STRIP);
 
 				$template->assign_vars(array(
@@ -488,7 +502,7 @@ class acp_language
 						}
 				}
 				
-				if (isset($_POST['remove_store']))
+				if (request::is_set_post('remove_store'))
 				{
 					$store_filename = $this->get_filename($lang_iso, $this->language_directory, $this->language_file, true, true);
 

phpBB/includes/acp/acp_logs.php

@@ -33,8 +33,8 @@ class acp_logs
 		$action		= request_var('action', '');
 		$forum_id	= request_var('f', 0);
 		$start		= request_var('start', 0);
-		$deletemark = (!empty($_POST['delmarked'])) ? true : false;
+		$deletemark = request::variable('delmarked', false, false, request::POST);
-		$deleteall	= (!empty($_POST['delall'])) ? true : false;
+		$deleteall	= request::variable('delall', false, false, request::POST);
 		$marked		= request_var('mark', array(0));
 
 		// Sort keys

phpBB/includes/acp/acp_modules.php

@@ -266,7 +266,7 @@ class acp_modules
 				$module_data['module_langname'] = utf8_normalize_nfc(request_var('module_langname', (string) $module_row['module_langname'], true));
 				$module_data['module_mode'] = request_var('module_mode', (string) $module_row['module_mode']);
 
-				$submit = (isset($_POST['submit'])) ? true : false;
+				$submit = request::is_set_post('submit');
 
 				if ($submit)
 				{

phpBB/includes/acp/acp_permission_roles.php

@@ -37,10 +37,10 @@ class acp_permission_roles
 
 		$this->tpl_name = 'acp_permission_roles';
 
-		$submit = (isset($_POST['submit'])) ? true : false;
+		$submit = request::is_set_post('submit');
 		$role_id = request_var('role_id', 0);
 		$action = request_var('action', '');
-		$action = (isset($_POST['add'])) ? 'add' : $action;
+		$action = (request::is_set_post('add')) ? 'add' : $action;
 
 		$form_name = 'acp_permissions';
 		add_form_key($form_name);

phpBB/includes/acp/acp_permissions.php

@@ -59,7 +59,7 @@ class acp_permissions
 		// Set some vars
 		$action = request_var('action', array('' => 0));
 		$action = key($action);
-		$action = (isset($_POST['psubmit'])) ? 'apply_permissions' : $action;
+		$action = (request::is_set_post('psubmit')) ? 'apply_permissions' : $action;
 
 		$all_forums = request_var('all_forums', 0);
 		$subforum_id = request_var('subforum_id', 0);
@@ -229,8 +229,8 @@ class acp_permissions
 						trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
 					}
 					// All users/groups selected?
-					$all_users = (isset($_POST['all_users'])) ? true : false;
+					$all_users = request::is_set_post('all_users');
-					$all_groups = (isset($_POST['all_groups'])) ? true : false;
+					$all_groups = request::is_set_post('all_groups');
 
 					if ($all_users || $all_groups)
 					{
@@ -257,7 +257,7 @@ class acp_permissions
 				break;
 
 				case 'apply_permissions':
-					if (!isset($_POST['setting']))
+					if (!request::is_set_post('setting'))
 					{
 						trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
@@ -270,7 +270,7 @@ class acp_permissions
 				break;
 
 				case 'apply_all_permissions':
-					if (!isset($_POST['setting']))
+					if (!request::is_set_post('setting'))
 					{
 						trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
@@ -376,8 +376,8 @@ class acp_permissions
 				case 'usergroup':
 				case 'usergroup_view':
 
-					$all_users = (isset($_POST['all_users'])) ? true : false;
+					$all_users = request::is_set_post('all_users');
-					$all_groups = (isset($_POST['all_groups'])) ? true : false;
+					$all_groups = request::is_set_post('all_groups');
 
 					if ((sizeof($user_id) && !$all_users) || (sizeof($group_id) && !$all_groups))
 					{
@@ -632,18 +632,14 @@ class acp_permissions
 		list($ug_id, ) = each($psubmit);
 		list($forum_id, ) = each($psubmit[$ug_id]);
 
-		if (empty($_POST['setting']) || empty($_POST['setting'][$ug_id]) || empty($_POST['setting'][$ug_id][$forum_id]) || !is_array($_POST['setting'][$ug_id][$forum_id]))
+		$auth_settings = request::variable('setting', array(0 => array(0 => array('' => 0))), false, request::POST);
+		if (!isset($auth_settings[$ug_id][$forum_id]) || !sizeof($auth_settings[$ug_id][$forum_id])))
 		{
 			trigger_error('WRONG_PERMISSION_SETTING_FORMAT', E_USER_WARNING);
 		}
 
-		// We obtain and check $_POST['setting'][$ug_id][$forum_id] directly and not using request_var() because request_var()
-		// currently does not support the amount of dimensions required. ;)
-		//		$auth_settings = request_var('setting', array(0 => array(0 => array('' => 0))));
-		$auth_settings = array_map('intval', $_POST['setting'][$ug_id][$forum_id]);
-
 		// Do we have a role we want to set?
-		$assigned_role = (isset($_POST['role'][$ug_id][$forum_id])) ? (int) $_POST['role'][$ug_id][$forum_id] : 0;
+		$assigned_role = request::variable(array('role', $ug_id, $forum_id), 0, false, request::POST));
 
 		// Do the admin want to set these permissions to other items too?
 		$inherit = request_var('inherit', array(0 => array(0)));
@@ -713,23 +709,21 @@ class acp_permissions
 			trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
 		}
 
-		$auth_settings = (isset($_POST['setting'])) ? $_POST['setting'] : array();
+		$auth_settings = request::variable('setting', array(0 => array(0 => array('' => 0))), false, request::POST);
-		$auth_roles = (isset($_POST['role'])) ? $_POST['role'] : array();
+		$auth_roles = request::variable('role', array(0 => array(0 => 0)), false, request::POST);
 		$ug_ids = $forum_ids = array();
 
 		// We need to go through the auth settings
 		foreach ($auth_settings as $ug_id => $forum_auth_row)
 		{
-			$ug_id = (int) $ug_id;
 			$ug_ids[] = $ug_id;
 
 			foreach ($forum_auth_row as $forum_id => $auth_options)
 			{
-				$forum_id = (int) $forum_id;
 				$forum_ids[] = $forum_id;
 
 				// Check role...
-				$assigned_role = (isset($auth_roles[$ug_id][$forum_id])) ? (int) $auth_roles[$ug_id][$forum_id] : 0;
+				$assigned_role = (isset($auth_roles[$ug_id][$forum_id])) ? $auth_roles[$ug_id][$forum_id] : 0;
 
 				// If the auth settings differ from the assigned role, then do not set a role...
 				if ($assigned_role)

phpBB/includes/acp/acp_profile.php

@@ -38,7 +38,7 @@ class acp_profile
 		$this->tpl_name = 'acp_profile';
 		$this->page_title = 'ACP_CUSTOM_PROFILE_FIELDS';
 
-		$action = (isset($_POST['create'])) ? 'create' : request_var('action', '');
+		$action = (request::is_set_post('create')) ? 'create' : request_var('action', '');
 
 		$error = array();
 		$s_hidden_fields = '';
@@ -287,8 +287,8 @@ class acp_profile
 				$field_id = request_var('field_id', 0);
 				$step = request_var('step', 1);
 
-				$submit = (isset($_REQUEST['next']) || isset($_REQUEST['prev'])) ? true : false;
+				$submit = (request::is_set('next') || request::is_set('prev')) ? true : false;
-				$save = (isset($_REQUEST['save'])) ? true : false;
+				$save = request::is_set('save');
 
 				// The language id of default language
 				$this->edit_lang_id = $this->lang_defs['iso'][$config['default_lang']];
@@ -399,7 +399,7 @@ class acp_profile
 				$cp->vars['lang_default_value']	= utf8_normalize_nfc(request_var('lang_default_value', $field_row['lang_default_value'], true));
 
 				// Field option...
-				if (isset($_REQUEST['field_option']))
+				if (request::is_set('field_option'))
 				{
 					$field_option = request_var('field_option', '');
 
@@ -463,7 +463,7 @@ class acp_profile
 					}
 					else if ($field_type == FIELD_TEXT && $key == 'field_length')
 					{
-						if (isset($_REQUEST['rows']))
+						if (request::is_set('rows'))
 						{
 							$cp->vars['rows'] = request_var('rows', 0);
 							$cp->vars['columns'] = request_var('columns', 0);
@@ -487,16 +487,27 @@ class acp_profile
 							$cp->vars['field_default_value_day'] = $now['mday'];
 							$cp->vars['field_default_value_month'] = $now['mon'];
 							$cp->vars['field_default_value_year'] = $now['year'];
-							$var = $_POST['field_default_value'] = 'now';
+
+							$var = 'now';
+							/**
+							* @todo Do NOT overwrite a request variable.
+							*/
+							request::overwrite('field_default_value', $var, request::REQUEST);
+							request::overwrite('field_default_value', $var, request::POST);
 						}
 						else
 						{
-							if (isset($_REQUEST['field_default_value_day']))
+							if (request::is_set('field_default_value_day'))
 							{
 								$cp->vars['field_default_value_day'] = request_var('field_default_value_day', 0);
 								$cp->vars['field_default_value_month'] = request_var('field_default_value_month', 0);
 								$cp->vars['field_default_value_year'] = request_var('field_default_value_year', 0);
-								$var = $_POST['field_default_value'] = sprintf('%2d-%2d-%4d', $cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']);
+								$var = sprintf('%2d-%2d-%4d', $cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']);
+								/**
+								* @todo Do NOT overwrite a request variable.
+								*/
+								request::overwrite('field_default_value', $var, request::REQUEST);
+								request::overwrite('field_default_value', $var, request::POST);
 							}
 							else
 							{
@@ -622,7 +633,7 @@ class acp_profile
 					}
 				}
 
-				$step = (isset($_REQUEST['next'])) ? $step + 1 : ((isset($_REQUEST['prev'])) ? $step - 1 : $step);
+				$step = (request::is_set('next')) ? $step + 1 : ((request::is_set('prev')) ? $step - 1 : $step);
 
 				if (sizeof($error))
 				{
@@ -642,7 +653,7 @@ class acp_profile
 
 					foreach ($key_ary as $key)
 					{
-						if ($field_type == FIELD_TEXT && $key == 'field_length' && isset($_REQUEST['rows']))
+						if ($field_type == FIELD_TEXT && $key == 'field_length' && request::is_set('rows'))
 						{
 							$cp->vars['rows'] = request_var('rows', 0);
 							$cp->vars['columns'] = request_var('columns', 0);
@@ -656,21 +667,21 @@ class acp_profile
 							{
 								$_new_key_ary[$key] = 'now';
 							}
-							else if (isset($_REQUEST['field_default_value_day']))
+							else if (request::is_set('field_default_value_day'))
 							{
 								$cp->vars['field_default_value_day'] = request_var('field_default_value_day', 0);
 								$cp->vars['field_default_value_month'] = request_var('field_default_value_month', 0);
 								$cp->vars['field_default_value_year'] = request_var('field_default_value_year', 0);
-								$_new_key_ary[$key]  = sprintf('%2d-%2d-%4d', $cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']);
+								$_new_key_ary[$key] = sprintf('%2d-%2d-%4d', $cp->vars['field_default_value_day'], $cp->vars['field_default_value_month'], $cp->vars['field_default_value_year']);
 							}
 						}
-						else if ($field_type == FIELD_BOOL && $key == 'l_lang_options' && isset($_REQUEST['l_lang_options']))
+						else if ($field_type == FIELD_BOOL && $key == 'l_lang_options' && request::is_set('l_lang_options'))
 						{
 							$_new_key_ary[$key] = utf8_normalize_nfc(request_var($key, array(array('')), true));
 						}
 						else
 						{
-							if (!isset($_REQUEST[$key]))
+							if (!request::is_set($key))
 							{
 								$var = false;
 							}
@@ -680,7 +691,11 @@ class acp_profile
 							}
 							else
 							{
-								$_new_key_ary[$key] = (is_array($_REQUEST[$key])) ? utf8_normalize_nfc(request_var($key, array(''), true)) : utf8_normalize_nfc(request_var($key, '', true));
+								$_new_key_ary[$key] = utf8_normalize_nfc(request_var($key, array(''), true));
+								if (!sizeof($_new_key_ary[$key]))
+								{
+									$_new_key_ary[$key] = utf8_normalize_nfc(request_var($key, '', true));
+								}
 							}
 						}
 					}

phpBB/includes/acp/acp_prune.php

@@ -55,7 +55,7 @@ class acp_prune
 
 		$all_forums = request_var('all_forums', 0);
 		$forum_id = request_var('f', array(0));
-		$submit = (isset($_POST['submit'])) ? true : false;
+		$submit = request::is_set_post('submit');
 
 		if ($all_forums)
 		{
@@ -231,7 +231,7 @@ class acp_prune
 
 		$user->add_lang('memberlist');
 
-		$prune = (isset($_POST['prune'])) ? true : false;
+		$prune = request::is_set_post('prune');
 
 		if ($prune)
 		{

phpBB/includes/acp/acp_ranks.php

@@ -31,8 +31,8 @@ class acp_ranks
 
 		// Set up general vars
 		$action = request_var('action', '');
-		$action = (isset($_POST['add'])) ? 'add' : $action;
+		$action = (request::is_set_post('add')) ? 'add' : $action;
-		$action = (isset($_POST['save'])) ? 'save' : $action;
+		$action = (request::is_set_post('save')) ? 'save' : $action;
 		$rank_id = request_var('id', 0);
 
 		$this->tpl_name = 'acp_ranks';

phpBB/includes/acp/acp_reasons.php

@@ -31,7 +31,7 @@ class acp_reasons
 
 		// Set up general vars
 		$action = request_var('action', '');
-		$submit = (isset($_POST['submit'])) ? true : false;
+		$submit = request::is_set_post('submit');
 		$reason_id = request_var('id', 0);
 
 		$this->tpl_name = 'acp_reasons';

phpBB/includes/acp/acp_search.php

@@ -52,7 +52,7 @@ class acp_search
 	{
 		global $db, $user, $auth, $template, $cache, $config;
 
-		$submit = (isset($_POST['submit'])) ? true : false;
+		$submit = request::is_set_post('submit');
 
 		$search_types = $this->get_search_types();
 
@@ -99,7 +99,7 @@ class acp_search
 		unset($search);
 		unset($error);
 
-		$cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => ''), true) : array();
+		$cfg_array = request_var('config', array('' => ''), true);
 		$updated = request_var('updated', false);
 
 		foreach ($settings as $config_name => $var_type)
@@ -228,9 +228,9 @@ class acp_search
 	{
 		global $db, $user, $auth, $template, $cache, $config;
 
-		if (isset($_REQUEST['action']) && is_array($_REQUEST['action']))
+		$action = request_var('action', array('' => false));
+		if (sizeof($action))
 		{
-			$action = request_var('action', array('' => false));
 			$action = key($action);
 		}
 		else
@@ -239,7 +239,7 @@ class acp_search
 		}
 		$this->state = explode(',', $config['search_indexing_state']);
 
-		if (isset($_POST['cancel']))
+		if (request::is_set_post('cancel'))
 		{
 			$action = '';
 			$this->state = array();

phpBB/includes/acp/acp_styles.php

@@ -50,7 +50,7 @@ class acp_styles
 		$this->page_title = 'ACP_CAT_STYLES';
 
 		$action = request_var('action', '');
-		$action = (isset($_POST['add'])) ? 'add' : $action;
+		$action = (request::is_set_post('add')) ? 'add' : $action;
 		$style_id = request_var('id', 0);
 
 		// Fill the configuration variables
@@ -646,7 +646,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		$template_data	= htmlspecialchars_decode($template_data);
 		$template_file	= utf8_normalize_nfc(request_var('template_file', '', true));
 		$text_rows		= max(5, min(999, request_var('text_rows', 20)));
-		$save_changes	= (isset($_POST['save'])) ? true : false;
+		$save_changes	= request::is_set_post('save');
 
 		// make sure template_file path doesn't go upwards
 		$template_file = str_replace('..', '.', $template_file);
@@ -805,7 +805,7 @@ parse_css_file = {PARSE_CSS_FILE}
 
 		$source		= str_replace('/', '.', request_var('source', ''));
 		$file_ary	= array_diff(request_var('delete', array('')), array(''));
-		$submit		= isset($_POST['submit']) ? true : false;
+		$submit		= request::is_set_post('submit');
 
 		$sql = 'SELECT *
 			FROM ' . STYLES_TEMPLATE_TABLE . "
@@ -930,7 +930,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		$theme_data		= htmlspecialchars_decode($theme_data);
 		$theme_file		= utf8_normalize_nfc(request_var('template_file', '', true));
 		$text_rows		= max(5, min(999, request_var('text_rows', 20)));
-		$save_changes	= (isset($_POST['save'])) ? true : false;
+		$save_changes	= request::is_set_post('save');
 
 		// make sure theme_file path doesn't go upwards
 		$theme_file = str_replace('..', '.', $theme_file);
@@ -1111,7 +1111,7 @@ parse_css_file = {PARSE_CSS_FILE}
 
 		$this->page_title = 'EDIT_IMAGESET';
 
-		$update		= (isset($_POST['update'])) ? true : false;
+		$update		= request::is_set_post('update');
 
 		$imgname	= request_var('imgname', '');
 		$imgpath	= request_var('imgpath', '');
@@ -1172,7 +1172,7 @@ parse_css_file = {PARSE_CSS_FILE}
 				}
 			}
 
-			if ($update && isset($_POST['imgpath']))
+			if ($update && request::is_set_post('imgpath'))
 			{
 				if ($valid_name)
 				{
@@ -1379,7 +1379,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		global $db, $template, $user, $cache, $config;
 
 		$new_id = request_var('new_id', 0);
-		$update = (isset($_POST['update'])) ? true : false;
+		$update = request::is_set_post('update');
 		$sql_where = '';
 
 		switch ($mode)
@@ -1514,7 +1514,7 @@ parse_css_file = {PARSE_CSS_FILE}
 	{
 		global $db, $template, $user, $cache, $config;
 
-		$update = (isset($_POST['update'])) ? true : false;
+		$update = request::is_set_post('update');
 
 		$inc_template = request_var('inc_template', 0);
 		$inc_theme = request_var('inc_theme', 0);
@@ -1911,7 +1911,7 @@ parse_css_file = {PARSE_CSS_FILE}
 	{
 		global $template, $db, $config, $user, $safe_mode, $cache;
 
-		$update = (isset($_POST['update'])) ? true : false;
+		$update = request::is_set_post('update');
 		$l_type = strtoupper($mode);
 
 		$error = array();
@@ -2269,7 +2269,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		$element_ary = array('template' => STYLES_TEMPLATE_TABLE, 'theme' => STYLES_THEME_TABLE, 'imageset' => STYLES_IMAGESET_TABLE);
 
 		$install_path = request_var('path', '');
-		$update = (isset($_POST['update'])) ? true : false;
+		$update = request::is_set_post('update');
 
 		// Installing, obtain cfg file contents
 		if ($install_path)
@@ -2432,7 +2432,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		);
 
 		$basis = request_var('basis', 0);
-		$update = (isset($_POST['update'])) ? true : false;
+		$update = request::is_set_post('update');
 
 		if ($basis)
 		{

phpBB/includes/acp/acp_users.php

@@ -42,7 +42,7 @@ class acp_users
 		$user_id	= request_var('u', 0);
 		$action		= request_var('action', '');
 
-		$submit		= (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false;
+		$submit		= (request::is_set_post('update') && !request::is_set_post('cancel')) ? true : false;
 
 		$form_name = 'acp_users';
 		add_form_key($form_name);
@@ -937,8 +937,8 @@ class acp_users
 
 				// Set up general vars
 				$start		= request_var('start', 0);
-				$deletemark = (isset($_POST['delmarked'])) ? true : false;
+				$deletemark = request::is_set_post('delmarked');
-				$deleteall	= (isset($_POST['delall'])) ? true : false;
+				$deleteall	= request::is_set_post('delall');
 				$marked		= request_var('mark', array(0));
 				$message	= utf8_normalize_nfc(request_var('message', '', true));
 
@@ -1474,7 +1474,7 @@ class acp_users
 				// Generate users avatar
 				$avatar_img = ($user_row['user_avatar']) ? get_user_avatar($user_row['user_avatar'], $user_row['user_avatar_type'], $user_row['user_avatar_width'], $user_row['user_avatar_height']) : '<img src="' . PHPBB_ADMIN_PATH . 'images/no_avatar.gif" alt="" />';
 
-				$display_gallery = (isset($_POST['display_gallery'])) ? true : false;
+				$display_gallery = request::is_set_post('display_gallery');
 				$avatar_select = basename(request_var('avatar_select', ''));
 				$category = basename(request_var('category', ''));
 
@@ -1551,7 +1551,7 @@ class acp_users
 				$enable_urls	= ($config['allow_sig_links']) ? ((request_var('disable_magic_url', false)) ? false : true) : false;
 				$signature		= utf8_normalize_nfc(request_var('signature', (string) $user_row['user_sig'], true));
 
-				$preview		= (isset($_POST['preview'])) ? true : false;
+				$preview		= request::is_set_post('preview');
 
 				if ($submit || $preview)
 				{
@@ -1636,7 +1636,7 @@ class acp_users
 			case 'attach':
 
 				$start		= request_var('start', 0);
-				$deletemark = (isset($_POST['delmarked'])) ? true : false;
+				$deletemark = request::is_set_post('delmarked');
 				$marked		= request_var('mark', array(0));
 
 				// Sort keys

phpBB/includes/acp/acp_words.php

@@ -32,7 +32,7 @@ class acp_words
 
 		// Set up general vars
 		$action = request_var('action', '');
-		$action = (isset($_POST['add'])) ? 'add' : ((isset($_POST['save'])) ? 'save' : $action);
+		$action = (request::is_set_post('add')) ? 'add' : ((request::is_set_post('save')) ? 'save' : $action);
 
 		$s_hidden_fields = '';
 		$word_info = array();

phpBB/includes/auth/auth_db.php

@@ -100,9 +100,15 @@ function login_db(&$username, &$password)
 	/*if ($row['user_pass_convert'])
 	{
 		// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
+		$disabled = request::super_globals_disabled();
+		request::enable_super_globals();
 		$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
 		$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
 		$password_new_format = '';
+		if ($disabled)
+		{
+			request::disable_super_globals();
+		}
 
 		set_var($password_new_format, stripslashes($password_old_format), 'string');
 

phpBB/includes/captcha/plugins/phpbb_captcha_gd_plugin.php

@@ -87,7 +87,7 @@ class phpbb_captcha_gd extends phpbb_default_captcha implements phpbb_captcha_pl
 		{
 			foreach ($captcha_vars as $captcha_var => $template_var)
 			{
-				$var = (isset($_REQUEST[$captcha_var])) ? request_var($captcha_var, 0) : $config[$captcha_var];
+				$var = request_var($captcha_var, (int) $config[$captcha_var]);
 				$template->assign_var($template_var, $var);
 			}
 			$template->assign_vars(array(

phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php

@@ -96,7 +96,7 @@ class phpbb_recaptcha extends phpbb_default_captcha implements phpbb_captcha_plu
 		{
 			foreach ($captcha_vars as $captcha_var => $template_var)
 			{
-				$var = (isset($_REQUEST[$captcha_var])) ? request_var($captcha_var, '') : ((isset($config[$captcha_var])) ? $config[$captcha_var] : '');
+				$var = request_var($captcha_var, (isset($config[$captcha_var])) ? (string) $config[$captcha_var] : '');
 				$template->assign_var($template_var, $var);
 			}
 			$template->assign_vars(array(

phpBB/includes/db/dbal.php

@@ -632,7 +632,7 @@ class dbal
 	{
 		global $cache, $starttime, $user;
 
-		if (empty($_REQUEST['explain']))
+		if (!request::variable('explain', false))
 		{
 			return false;
 		}

phpBB/includes/functions_display.php

@@ -68,7 +68,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 	}
 	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
 	{
-		$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+		$tracking_topics = request::variable($config['cookie_name'] . '_track', '', false, request::COOKIE);
 		$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
 
 		if (!$user->data['is_registered'])
@@ -1044,7 +1044,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
 		if (!is_null($notify_status) && $notify_status !== '')
 		{
 
-			if (isset($_GET['unwatch']))
+			if (request::is_set('unwatch', request::GET))
 			{
 				$uid = request_var('uid', 0);
 				if ($uid != $user_id)
@@ -1053,7 +1053,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
 					$message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
 					trigger_error($message);
 				}
-				if ($_GET['unwatch'] == $mode)
+				if (request::variable('unwatch', '', false, request::GET) == $mode)
 				{
 					$is_watching = 0;
 
@@ -1086,12 +1086,12 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
 		}
 		else
 		{
-			if (isset($_GET['watch']))
+			if (request::is_set('watch', request::GET))
 			{
 				$token = request_var('hash', '');
 				$redirect_url = append_sid("view$mode", "$u_url=$match_id&amp;start=$start");
 
-				if ($_GET['watch'] == $mode && check_link_hash($token, "{$mode}_$match_id"))
+				if (request::variable('watch', '', false, request::GET) == $mode && check_link_hash($token, "{$mode}_$match_id"))
 				{
 					$is_watching = true;
 
@@ -1117,7 +1117,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
 	}
 	else
 	{
-		if (isset($_GET['unwatch']) && $_GET['unwatch'] == $mode)
+		if (request::variable('unwatch', '', false, request::GET) == $mode)
 		{
 			login_box();
 		}

phpBB/includes/functions_module.php

@@ -358,7 +358,7 @@ class p_master
 		$forum_id = ($forum_id === false) ? $this->acl_forum_id : $forum_id;
 
 		$is_auth = false;
-		eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z0-9_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z0-9_]+)#', '#cfg_([a-z0-9_]+)#', '#request_([a-zA-Z0-9_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']', '!empty($_REQUEST[\'\\1\'])'), $module_auth) . ');');
+		eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z0-9_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z0-9_]+)#', '#cfg_([a-z0-9_]+)#', '#request_([a-zA-Z0-9_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']', 'request::variable(\'\\1\', false)'), $module_auth) . ');');
 
 		return $is_auth;
 	}

phpBB/includes/functions_privmsgs.php

@@ -870,7 +870,7 @@ function handle_mark_actions($user_id, $mark_action)
 
 	$msg_ids		= request_var('marked_msg_id', array(0));
 	$cur_folder_id	= request_var('cur_folder_id', PRIVMSGS_NO_BOX);
-	$confirm		= (isset($_POST['confirm'])) ? true : false;
+	$confirm		= request::is_set_post('confirm');
 
 	if (!sizeof($msg_ids))
 	{

phpBB/includes/functions_profile_fields.php

@@ -562,19 +562,19 @@ class custom_profile
 		// checkbox - only testing for isset
 		if ($profile_row['field_type'] == FIELD_BOOL && $profile_row['field_length'] == 2)
 		{
-			$value = (isset($_REQUEST[$profile_row['field_ident']])) ? true : ((!isset($user->profile_fields[$user_ident]) || $preview) ? $default_value : $user->profile_fields[$user_ident]);
+			$value = (request::is_set($profile_row['field_ident'])) ? true : ((!isset($user->profile_fields[$user_ident]) || $preview) ? $default_value : $user->profile_fields[$user_ident]);
 		}
 		else if ($profile_row['field_type'] == FIELD_INT)
 		{
-			if (isset($_REQUEST[$profile_row['field_ident']]))
+			if (request::is_set($profile_row['field_ident']))
 			{
-				$value = ($_REQUEST[$profile_row['field_ident']] === '') ? NULL : request_var($profile_row['field_ident'], $default_value);
+				$value = (request_var($profile_row['field_ident'], '') === '') ? null : request_var($profile_row['field_ident'], $default_value);
 			}
 			else
 			{
 				if (!$preview && isset($user->profile_fields[$user_ident]) && is_null($user->profile_fields[$user_ident]))
 				{
-					$value = NULL;
+					$value = null;
 				}
 				else if (!isset($user->profile_fields[$user_ident]) || $preview)
 				{
@@ -590,7 +590,7 @@ class custom_profile
 		}
 		else
 		{
-			$value = (isset($_REQUEST[$profile_row['field_ident']])) ? request_var($profile_row['field_ident'], $default_value, true) : ((!isset($user->profile_fields[$user_ident]) || $preview) ? $default_value : $user->profile_fields[$user_ident]);
+			$value = (request::is_set($profile_row['field_ident'])) ? request_var($profile_row['field_ident'], $default_value, true) : ((!isset($user->profile_fields[$user_ident]) || $preview) ? $default_value : $user->profile_fields[$user_ident]);
 			
 			if (gettype($value) == 'string')
 			{
@@ -633,7 +633,7 @@ class custom_profile
 
 		$now = getdate();
 
-		if (!isset($_REQUEST[$profile_row['field_ident'] . '_day']))
+		if (!request::is_set($profile_row['field_ident'] . '_day'))
 		{
 			if ($profile_row['field_default_value'] == 'now')
 			{
@@ -845,7 +845,7 @@ class custom_profile
 		{
 			case FIELD_DATE:
 
-				if (!isset($_REQUEST[$var_name . '_day']))
+				if (!request::is_set($var_name . '_day'))
 				{
 					if ($profile_row['field_default_value'] == 'now')
 					{
@@ -868,7 +868,7 @@ class custom_profile
 				// Checkbox
 				if ($profile_row['field_length'] == 2)
 				{
-					$var = (isset($_REQUEST[$var_name])) ? 1 : 0;
+					$var = request::is_set($var_name) ? 1 : 0;
 				}
 				else
 				{
@@ -882,7 +882,7 @@ class custom_profile
 			break;
 
 			case FIELD_INT:
-				if (isset($_REQUEST[$var_name]) && $_REQUEST[$var_name] === '')
+				if (request::is_set($var_name) && request_var($var_name, '') === '')
 				{
 					$var = NULL;
 				}

phpBB/includes/functions_user.php

@@ -2170,7 +2170,7 @@ function avatar_process_user(&$error, $custom_userdata = false)
 			$sql_ary['user_avatar'] = $category . '/' . $sql_ary['user_avatar'];
 		}
 	}
-	else if (isset($_POST['delete']) && $change_avatar)
+	else if (request::is_set_post('delete') && $change_avatar)
 	{
 		$sql_ary['user_avatar'] = '';
 		$sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;

phpBB/includes/mcp/mcp_ban.php

@@ -32,8 +32,8 @@ class mcp_ban
 		// Include the admin banning interface...
 		include(PHPBB_ROOT_PATH . 'includes/acp/acp_ban.' . PHP_EXT);
 
-		$bansubmit		= (isset($_POST['bansubmit'])) ? true : false;
+		$bansubmit		= request::is_set_post('bansubmit');
-		$unbansubmit	= (isset($_POST['unbansubmit'])) ? true : false;
+		$unbansubmit	= request::is_set_post('unbansubmit');
 		$current_time	= time();
 
 		$user->add_lang(array('acp/ban', 'acp/users'));

phpBB/includes/mcp/mcp_forum.php

@@ -33,7 +33,10 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 	if ($merge_select)
 	{
 		// Fixes a "bug" that makes forum_view use the same ordering as topic_view
-		unset($_POST['sk'], $_POST['sd'], $_REQUEST['sk'], $_REQUEST['sd']);
+		request::overwrite('sk', null, request::POST);
+		request::overwrite('sd', null, request::POST);
+		request::overwrite('sk', null, request::REQUEST);
+		request::overwrite('sd', null, request::REQUEST);
 	}
 
 	$forum_id			= $forum_info['forum_id'];

phpBB/includes/mcp/mcp_main.php

@@ -576,21 +576,15 @@ function mcp_move_topic($topic_ids)
 			}
 		}
 	}
-	else if (isset($_POST['confirm']))
+	else if (request::is_set_post('confirm'))
 	{
 		$additional_msg = $user->lang['FORUM_NOT_EXIST'];
 	}
 
-	if (!$to_forum_id || $additional_msg)
+	if ($to_forum_id && !$additional_msg && confirm_box(true))
-	{
-		unset($_POST['confirm']);
-		unset($_REQUEST['confirm_key']);
-	}
-
-	if (confirm_box(true))
 	{
 		$topic_data = get_topic_data($topic_ids);
-		$leave_shadow = (isset($_POST['move_leave_shadow'])) ? true : false;
+		$leave_shadow = request::is_set_post('move_leave_shadow');
 
 		$topics_moved = sizeof($topic_ids);
 		$topics_authed_moved = 0;
@@ -789,7 +783,7 @@ function mcp_delete_topic($topic_ids)
 		confirm_box(false, (sizeof($topic_ids) == 1) ? 'DELETE_TOPIC' : 'DELETE_TOPICS', $s_hidden_fields);
 	}
 
-	if (!isset($_REQUEST['quickmod']))
+	if (!request::is_set('quickmod'))
 	{
 		$redirect = request_var('redirect', 'index.' . PHP_EXT);
 		$redirect = reapply_sid($redirect);
@@ -982,18 +976,12 @@ function mcp_fork_topic($topic_ids)
 			}
 		}
 	}
-	else if (isset($_POST['confirm']))
+	else if (request::is_set_post('confirm'))
 	{
 		$additional_msg = $user->lang['FORUM_NOT_EXIST'];
 	}
 
-	if ($additional_msg)
+	if (!$additional_msg && confirm_box(true))
-	{
-		unset($_POST['confirm']);
-		unset($_REQUEST['confirm_key']);
-	}
-
-	if (confirm_box(true))
 	{
 		$topic_data = get_topic_data($topic_ids, 'f_post');
 

phpBB/includes/mcp/mcp_queue.php

@@ -484,7 +484,7 @@ function approve_post($post_id_list, $id, $mode)
 
 	if (confirm_box(true))
 	{
-		$notify_poster = (isset($_REQUEST['notify_poster'])) ? true : false;
+		$notify_poster = request::is_set('notify_poster');
 
 		// If Topic -> total_topics = total_topics+1, total_posts = total_posts+1, forum_topics = forum_topics+1, forum_posts = forum_posts+1
 		// If Post -> total_posts = total_posts+1, forum_posts = forum_posts+1, topic_replies = topic_replies+1
@@ -803,7 +803,7 @@ function disapprove_post($post_id_list, $id, $mode)
 		'redirect'		=> $redirect)
 	);
 
-	$notify_poster = (isset($_REQUEST['notify_poster'])) ? true : false;
+	$notify_poster = request::is_set('notify_poster');
 	$disapprove_reason = '';
 
 	if ($reason_id)
@@ -818,7 +818,6 @@ function disapprove_post($post_id_list, $id, $mode)
 		if (!$row || (!$reason && strtolower($row['reason_title']) == 'other'))
 		{
 			$additional_msg = $user->lang['NO_REASON_DISAPPROVAL'];
-			unset($_POST['confirm']);
 		}
 		else
 		{
@@ -837,7 +836,7 @@ function disapprove_post($post_id_list, $id, $mode)
 
 	$post_info = get_post_data($post_id_list, 'm_approve');
 
-	if (confirm_box(true))
+	if (!$additional_message && confirm_box(true))
 	{
 
 		// If Topic -> forum_topics_real -= 1

phpBB/includes/mcp/mcp_topic.php

@@ -45,7 +45,7 @@ function mcp_topic_view($id, $mode, $action)
 	$forum_id		= request_var('f', 0);
 	$to_topic_id	= request_var('to_topic_id', 0);
 	$to_forum_id	= request_var('to_forum_id', 0);
-	$sort			= isset($_POST['sort']) ? true : false;
+	$sort			= request::is_set_post('sort');
 	$submitted_id_list	= request_var('post_ids', array(0));
 	$checked_ids = $post_id_list = request_var('post_id_list', array(0));
 

phpBB/includes/mcp/mcp_warn.php

@@ -195,7 +195,7 @@ class mcp_warn
 
 		$post_id = request_var('p', 0);
 		$forum_id = request_var('f', 0);
-		$notify = (isset($_REQUEST['notify_user'])) ? true : false;
+		$notify = request::is_set('notify_user');
 		$warning = utf8_normalize_nfc(request_var('warning', '', true));
 
 		$sql = 'SELECT u.*, p.*
@@ -337,7 +337,7 @@ class mcp_warn
 
 		$user_id = request_var('u', 0);
 		$username = request_var('username', '', true);
-		$notify = (isset($_REQUEST['notify_user'])) ? true : false;
+		$notify = request::is_set('notify_user');
 		$warning = utf8_normalize_nfc(request_var('warning', '', true));
 
 		$sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";

phpBB/includes/message_parser.php

@@ -1317,8 +1317,8 @@ class parse_message extends bbcode_firstpass
 		$this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true));
 		$upload_file = (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none' && trim($_FILES[$form_name]['name'])) ? true : false;
 
-		$add_file		= (isset($_POST['add_file'])) ? true : false;
+		$add_file		= request::is_set_post('add_file');
-		$delete_file	= (isset($_POST['delete_file'])) ? true : false;
+		$delete_file	= request::is_set_post('delete_file');
 
 		// First of all adjust comments if changed
 		$actual_comment_list = utf8_normalize_nfc(request_var('comment_list', array(''), true));
@@ -1500,7 +1500,7 @@ class parse_message extends bbcode_firstpass
 		global $user, $db, $config;
 
 		$this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true));
-		$attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array();
+		$attachment_data = request::variable('attachment_data', array(0 => array('' => '')), true, request::POST);
 		$this->attachment_data = array();
 
 		$check_user_id = ($check_user_id === false) ? $user->data['user_id'] : $check_user_id;
@@ -1536,11 +1536,11 @@ class parse_message extends bbcode_firstpass
 
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$pos = $not_orphan[$row['attach_id']];
+				$pos = $not_orphan[(int) $row['attach_id']];
 				$this->attachment_data[$pos] = $row;
-				set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
+				$this->attachment_data[$pos]['attach_comment'] = utf8_normalize_nfc($attachment_data[$pos]['attach_comment']);
 
-				unset($not_orphan[$row['attach_id']]);
+				unset($not_orphan[(int) $row['attach_id']]);
 			}
 			$db->sql_freeresult($result);
 		}
@@ -1562,11 +1562,11 @@ class parse_message extends bbcode_firstpass
 
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$pos = $orphan[$row['attach_id']];
+				$pos = $orphan[(int) $row['attach_id']];
 				$this->attachment_data[$pos] = $row;
-				set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
+				$this->attachment_data[$pos]['attach_comment'] = utf8_normalize_nfc($attachment_data[$pos]['attach_comment']);
 
-				unset($orphan[$row['attach_id']]);
+				unset($orphan[(int) $row['attach_id']]);
 			}
 			$db->sql_freeresult($result);
 		}

phpBB/includes/session.php

@@ -240,9 +240,10 @@ class session
 		}
 
 		// Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number
-		$this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : '';
+		$forum = request_var('f', 0);
+		$this->page['page'] .= ($forum) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . $forum . 'x' : '';
 
-		if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
+		if (request::is_set($config['cookie_name'] . '_sid', request::COOKIE) || request::is_set($config['cookie_name'] . '_u', request::COOKIE))
 		{
 			$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true);
 			$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true);
@@ -287,7 +288,7 @@ class session
 		}
 
 		// Is session_id is set or session_id is set and matches the url param if required
-		if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid'])))
+		if (!empty($this->session_id) && (!defined('NEED_SID') || $this->session_id === request::variable('sid', '', false, request::GET)))
 		{
 			$sql = 'SELECT u.*, s.*
 				FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
@@ -1496,7 +1497,7 @@ class user extends session
 		$this->add_lang($lang_set);
 		unset($lang_set);
 
-		if (!empty($_GET['style']) && $auth->acl_get('a_styles'))
+		if (request::variable('style', false, false, request::GET) && $auth->acl_get('a_styles'))
 		{
 			global $SID, $_EXTRA_URL;
 

phpBB/includes/ucp/ucp_attachments.php

@@ -33,8 +33,8 @@ class ucp_attachments
 		$sort_key	= request_var('sk', 'a');
 		$sort_dir	= request_var('sd', 'a');
 
-		$delete		= (isset($_POST['delete'])) ? true : false;
+		$delete		= request::is_set_post('delete');
-		$confirm	= (isset($_POST['confirm'])) ? true : false;
+		$confirm	= request::is_set_post('confirm');
 		$delete_ids	= array_keys(request_var('attachment', array(0)));
 
 		if ($delete && sizeof($delete_ids))

phpBB/includes/ucp/ucp_groups.php

@@ -33,8 +33,8 @@ class ucp_groups
 		$return_page = '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '">', '</a>');
 
 		$mark_ary	= request_var('mark', array(0));
-		$submit		= (!empty($_POST['submit'])) ? true : false;
+		$submit		= request::variable('submit', false, false, request::POST);
-		$delete		= (!empty($_POST['delete'])) ? true : false;
+		$delete		= request::variable('delete', false, false, request::POST);
 		$error = $data = array();
 
 		switch ($mode)
@@ -43,9 +43,9 @@ class ucp_groups
 		
 				$this->page_title = 'UCP_USERGROUPS_MEMBER';
 
-				if ($submit || isset($_POST['change_default']))
+				if ($submit || request::is_set_post('change_default'))
 				{
-					$action = (isset($_POST['change_default'])) ? 'change_default' : request_var('action', '');
+					$action = (request::is_set_post('change_default')) ? 'change_default' : request_var('action', '');
 					$group_id = ($action == 'change_default') ? request_var('default', 0) : request_var('selected', 0);
 
 					if (!$group_id)
@@ -411,7 +411,7 @@ class ucp_groups
 			case 'manage':
 
 				$this->page_title = 'UCP_USERGROUPS_MANAGE';
-				$action		= (isset($_POST['addusers'])) ? 'addusers' : request_var('action', '');
+				$action		= (request::is_set_post('addusers')) ? 'addusers' : request_var('action', '');
 				$group_id	= request_var('g', 0);
 				
 				include(PHPBB_ROOT_PATH . 'includes/functions_display.' . PHP_EXT);
@@ -482,7 +482,7 @@ class ucp_groups
 
 						$data = $submit_ary = array();
 
-						$update	= (isset($_POST['update'])) ? true : false;
+						$update	= request::is_set_post('update');
 
 						$error = array();
 
@@ -505,7 +505,7 @@ class ucp_groups
 							$submit_ary = array(
 								'colour'		=> request_var('group_colour', ''),
 								'rank'			=> request_var('group_rank', 0),
-								'receive_pm'	=> isset($_REQUEST['group_receive_pm']) ? 1 : 0,
+								'receive_pm'	=> request::is_set('group_receive_pm') ? 1 : 0,
 								'message_limit'	=> request_var('group_message_limit', 0),
 								'max_recipients'=> request_var('group_max_recipients', 0),
 							);
@@ -672,7 +672,7 @@ class ucp_groups
 						$type_closed	= ($group_type == GROUP_CLOSED) ? ' checked="checked"' : '';
 						$type_hidden	= ($group_type == GROUP_HIDDEN) ? ' checked="checked"' : '';
 
-						$display_gallery = (isset($_POST['display_gallery'])) ? true : false;
+						$display_gallery = request::is_set_post('display_gallery');
 
 						if ($config['allow_avatar_local'] && $display_gallery)
 						{

phpBB/includes/ucp/ucp_main.php

@@ -204,7 +204,7 @@ class ucp_main
 
 				add_form_key('ucp_front_subscribed');
 
-				$unwatch = (isset($_POST['unwatch'])) ? true : false;
+				$unwatch = request::is_set_post('unwatch');
 
 				if ($unwatch)
 				{
@@ -287,7 +287,7 @@ class ucp_main
 					}
 					else
 					{
-						$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+						$tracking_topics = request::variable($config['cookie_name'] . '_track', '', false, request::COOKIE);
 						$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
 					}
 
@@ -386,10 +386,10 @@ class ucp_main
 
 				$user->add_lang('viewforum');
 
-				if (isset($_POST['unbookmark']))
+				if (request::is_set_post('unbookmark'))
 				{
 					$s_hidden_fields = array('unbookmark' => 1);
-					$topics = (isset($_POST['t'])) ? array_keys(request_var('t', array(0 => 0))) : array();
+					$topics = array_keys(request::variable('t', array(0 => 0), false, request::POST));
 					$url = $this->u_action;
 
 					if (!sizeof($topics))
@@ -432,10 +432,10 @@ class ucp_main
 
 				$user->add_lang('posting');
 
-				$edit		= (isset($_REQUEST['edit'])) ? true : false;
+				$edit		= request::is_set('edit');
-				$submit		= (isset($_POST['submit'])) ? true : false;
+				$draft_id	= request::variable('edit', 0);
-				$draft_id	= ($edit) ? intval($_REQUEST['edit']) : 0;
+				$submit		= request::is_set_post('submit');
-				$delete		= (isset($_POST['delete'])) ? true : false;
+				$delete		= request::is_set_post('delete');
 
 				$s_hidden_fields = ($edit) ? '<input type="hidden" name="edit" value="' . $draft_id . '" />' : '';
 				$draft_subject = $draft_message = '';
@@ -614,7 +614,7 @@ class ucp_main
 		$template->assign_vars(array(
 			'L_TITLE'			=> $user->lang['UCP_MAIN_' . strtoupper($mode)],
 
-			'S_DISPLAY_MARK_ALL'	=> ($mode == 'watched' || ($mode == 'drafts' && !isset($_GET['edit']))) ? true : false,
+			'S_DISPLAY_MARK_ALL'	=> ($mode == 'watched' || ($mode == 'drafts' && !request::is_set('edit', request::GET))) ? true : false,
 			'S_HIDDEN_FIELDS'		=> (isset($s_hidden_fields)) ? $s_hidden_fields : '',
 			'S_UCP_ACTION'			=> $this->u_action,
 

phpBB/includes/ucp/ucp_pm.php

@@ -18,8 +18,8 @@ if (!defined('IN_PHPBB'))
 /**
 * Private Message Class
 *
-* $_REQUEST['folder'] display folder with the id used
+* _REQUEST['folder'] display folder with the id used
-* $_REQUEST['folder'] inbox|outbox|sentbox display folder with the associated name
+* _REQUEST['folder'] inbox|outbox|sentbox display folder with the associated name
 *
 *	Display Messages (default to inbox) - mode=view
 *	Display single message - mode=view&p=[msg_id] or &p=[msg_id] (short linkage)
@@ -195,8 +195,8 @@ class ucp_pm
 
 
 				// First Handle Mark actions and moving messages
-				$submit_mark	= (isset($_POST['submit_mark'])) ? true : false;
+				$submit_mark	= request::is_set_post('submit_mark');
-				$move_pm		= (isset($_POST['move_pm'])) ? true : false;
+				$move_pm		= request::is_set_post('move_pm');
 				$mark_option	= request_var('mark_option', '');
 				$dest_folder	= request_var('dest_folder', PRIVMSGS_NO_BOX);
 
@@ -211,7 +211,7 @@ class ucp_pm
 				// Move PM
 				if ($move_pm)
 				{
-					$move_msg_ids	= (isset($_POST['marked_msg_id'])) ? request_var('marked_msg_id', array(0)) : array();
+					$move_msg_ids	= request::variable('marked_msg_id', array(0), false, request::POST);
 					$cur_folder_id	= request_var('cur_folder_id', PRIVMSGS_NO_BOX);
 
 					if (move_pm($user->data['user_id'], $user->data['message_limit'], $move_msg_ids, $dest_folder, $cur_folder_id))

phpBB/includes/ucp/ucp_pm_compose.php

@@ -44,28 +44,21 @@ function compose_pm($id, $mode, $action)
 	$msg_id			= request_var('p', 0);
 	$draft_id		= request_var('d', 0);
 	$lastclick		= request_var('lastclick', 0);
+	$address_list	= request_var('address_list', array('' => array(0 => '')));
 
-	// Do NOT use request_var or specialchars here
+	$submit		= request::is_set_post('post');
-	$address_list	= isset($_REQUEST['address_list']) ? $_REQUEST['address_list'] : array();
+	$preview	= request::is_set_post('preview');
+	$save		= request::is_set_post('save');
+	$load		= request::is_set_post('load');
+	$cancel		= (request::is_set_post('cancel') && !$save) ? true : false;
+	$delete		= request::is_set_post('delete');
 
-	if (!is_array($address_list))
+	$remove_u	= request::is_set('remove_u');
-	{
+	$remove_g	= request::is_set('remove_g');
-		$address_list = array();
+	$add_to		= request::is_set('add_to');
-	}
+	$add_bcc	= request::is_set('add_bcc');
 
-	$submit		= (isset($_POST['post'])) ? true : false;
+	$refresh	= request::is_set_post('add_file') || request::is_set_post('delete_file') || $save || $load
-	$preview	= (isset($_POST['preview'])) ? true : false;
-	$save		= (isset($_POST['save'])) ? true : false;
-	$load		= (isset($_POST['load'])) ? true : false;
-	$cancel		= (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false;
-	$delete		= (isset($_POST['delete'])) ? true : false;
-
-	$remove_u	= (isset($_REQUEST['remove_u'])) ? true : false;
-	$remove_g	= (isset($_REQUEST['remove_g'])) ? true : false;
-	$add_to		= (isset($_REQUEST['add_to'])) ? true : false;
-	$add_bcc	= (isset($_REQUEST['add_bcc'])) ? true : false;
-
-	$refresh	= isset($_POST['add_file']) || isset($_POST['delete_file']) || $save || $load
 		|| $remove_u || $remove_g || $add_to || $add_bcc;
 
 	$action		= ($delete && !$preview && !$refresh && $submit) ? 'delete' : $action;
@@ -625,10 +618,10 @@ function compose_pm($id, $mode, $action)
 
 		$icon_id			= request_var('icon', 0);
 
-		$enable_bbcode 		= (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true;
+		$enable_bbcode 		= (!$bbcode_status || request::is_set_post('disable_bbcode')) ? false : true;
-		$enable_smilies		= (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true;
+		$enable_smilies		= (!$smilies_status || request::is_set_post'disable_smilies')) ? false : true;
-		$enable_urls 		= (isset($_POST['disable_magic_url'])) ? 0 : 1;
+		$enable_urls 		= (request::is_set_post('disable_magic_url')) ? 0 : 1;
-		$enable_sig			= (!$config['allow_sig'] ||!$config['allow_sig_pm']) ? false : ((isset($_POST['attach_sig'])) ? true : false);
+		$enable_sig			= (!$config['allow_sig'] ||!$config['allow_sig_pm']) ? false : request::is_set_post('attach_sig');
 
 		if ($submit)
 		{
@@ -1002,7 +995,7 @@ function compose_pm($id, $mode, $action)
 
 	$s_hidden_fields = '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
 	$s_hidden_fields .= (isset($check_value)) ? '<input type="hidden" name="status_switch" value="' . $check_value . '" />' : '';
-	$s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . ((isset($_REQUEST['draft_loaded'])) ? intval($_REQUEST['draft_loaded']) : $draft_id) . '" />' : '';
+	$s_hidden_fields .= ($draft_id || request::is_set('draft_loaded')) ? '<input type="hidden" name="draft_loaded" value="' . request_var('draft_loaded', (int) $draft_id) . '" />' : '';
 
 	$form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_pm_attach'] || !$auth->acl_get('u_pm_attach')) ? '' : ' enctype="multipart/form-data"';
 
@@ -1047,7 +1040,7 @@ function compose_pm($id, $mode, $action)
 		'S_HIDDEN_ADDRESS_FIELD'	=> $s_hidden_address_field,
 		'S_HIDDEN_FIELDS'			=> $s_hidden_fields,
 
-		'S_CLOSE_PROGRESS_WINDOW'	=> isset($_POST['add_file']),
+		'S_CLOSE_PROGRESS_WINDOW'	=> request::is_set_post('add_file'),
 		'U_PROGRESS_BAR'			=> append_sid('posting', 'f=0&amp;mode=popup'),
 		'UA_PROGRESS_BAR'			=> addslashes(append_sid('posting', 'f=0&amp;mode=popup')),
 	));
@@ -1079,32 +1072,25 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
 	global $auth, $db, $user;
 
 	// Delete User [TO/BCC]
-	if ($remove_u && !empty($_REQUEST['remove_u']) && is_array($_REQUEST['remove_u']))
+	$remove_user_id = request_var('remove_u', array(0 => false));
+	if ($remove_u && sizeof($remove_user_id))
 	{
-		$remove_user_id = array_keys($_REQUEST['remove_u']);
+		unset($address_list['u'][(int) key($remove_user_id)]);
-
-		if (isset($remove_user_id[0]))
-		{
-			unset($address_list['u'][(int) $remove_user_id[0]]);
-		}
 	}
 
 	// Delete Group [TO/BCC]
-	if ($remove_g && !empty($_REQUEST['remove_g']) && is_array($_REQUEST['remove_g']))
+	$remove_group_id = request_var('remove_g', array(0 => false));
+	if ($remove_g && sizeof($remove_group_id))
 	{
-		$remove_group_id = array_keys($_REQUEST['remove_g']);
+		unset($address_list['g'][(int) key($remove_group_id)]);
-
-		if (isset($remove_group_id[0]))
-		{
-			unset($address_list['g'][(int) $remove_group_id[0]]);
-		}
 	}
 
 	// Add Selected Groups
 	$group_list = request_var('group_list', array(0));
 
 	// Build usernames to add
-	$usernames = (isset($_REQUEST['username'])) ? array(request_var('username', '', true)) : array();
+	$username = request_var('username', '', true)
+	$usernames = ($username) ? array($username) : array();
 	$username_list = request_var('username_list', '', true);
 	if ($username_list)
 	{
@@ -1152,7 +1138,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
 		}
 
 		// Add Friends if specified
-		$friend_list = (isset($_REQUEST['add_' . $type]) && is_array($_REQUEST['add_' . $type])) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array();
+		$friend_list = array_keys(request_var('add_' . $type, array(0 => false)));
 		$user_id_ary = array_merge($user_id_ary, $friend_list);
 
 		foreach ($user_id_ary as $user_id)

phpBB/includes/ucp/ucp_pm_options.php

@@ -27,7 +27,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
 
 	add_form_key('ucp_pm_options');
 	// Change "full folder" setting - what to do if folder is full
-	if (isset($_POST['fullfolder']))
+	if (request::is_set_post('fullfolder'))
 	{
 		check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url);
 		$full_action = request_var('full_action', 0);
@@ -68,7 +68,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
 	}
 	
 	// Add Folder
-	if (isset($_POST['addfolder']))
+	if (request::is_set_post('addfolder'))
 	{
 		if (check_form_key('ucp_pm_options'))
 		{
@@ -120,7 +120,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
 	}
 
 	// Rename folder
-	if (isset($_POST['rename_folder']))
+	if (request::is_set_post('rename_folder'))
 	{
 		if (check_form_key('ucp_pm_options'))
 		{
@@ -165,7 +165,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
 	}
 
 	// Remove Folder
-	if (isset($_POST['remove_folder']))
+	if (request::is_set_post('remove_folder'))
 	{
 		$remove_folder_id = request_var('remove_folder_id', 0);
 
@@ -276,7 +276,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
 	}
 
 	// Add Rule
-	if (isset($_POST['add_rule']))
+	if (request::is_set_post('add_rule'))
 	{
 		if (check_form_key('ucp_pm_options'))
 		{
@@ -345,7 +345,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
 	}
 
 	// Remove Rule
-	if (isset($_POST['delete_rule']) && !isset($_POST['cancel']))
+	if (request::is_set_post('delete_rule') && !request::is_set_post('cancel'))
 	{
 		$delete_id = array_keys(request_var('delete_rule', array(0 => 0)));
 		$delete_id = (!empty($delete_id[0])) ? $delete_id[0] : 0;
@@ -494,7 +494,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
 	$rule_option	= request_var('rule_option', 0);
 	$cond_option	= request_var('cond_option', '');
 	$action_option	= request_var('action_option', '');
-	$back = (isset($_REQUEST['back'])) ? request_var('back', array('' => 0)) : array();
+	$back = request_var('back', array('' => 0));
 
 	if (sizeof($back))
 	{

phpBB/includes/ucp/ucp_pm_viewfolder.php

@@ -24,7 +24,7 @@ function view_folder($id, $mode, $folder_id, $folder)
 {
 	global $user, $template, $auth, $db, $cache, $config;
 
-	$submit_export = (isset($_POST['submit_export'])) ? true : false;
+	$submit_export = request::is_set_post('submit_export');
 
 	$folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']);
 
@@ -473,7 +473,7 @@ function get_pm_from($folder_id, $folder, $user_id)
 	{
 		$min_post_time = time() - ($sort_days * 86400);
 
-		if (isset($_POST['sort']))
+		if (request::is_set_post('sort'))
 		{
 			$start = 0;
 		}

phpBB/includes/ucp/ucp_pm_viewmessage.php

@@ -234,7 +234,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 		}
 	}
 
-	if (!isset($_REQUEST['view']) || $_REQUEST['view'] != 'print')
+	if (request_var('view', '') != 'print')
 	{
 		// Message History
 		if (message_history($msg_id, $user->data['user_id'], $message_row, $folder))

phpBB/includes/ucp/ucp_prefs.php

@@ -29,7 +29,7 @@ class ucp_prefs
 	{
 		global $config, $db, $user, $auth, $template;
 
-		$submit = (isset($_POST['submit'])) ? true : false;
+		$submit = request::is_set_post('submit');
 		$error = $data = array();
 		$s_hidden_fields = '';
 

phpBB/includes/ucp/ucp_profile.php

@@ -33,9 +33,9 @@ class ucp_profile
 
 		$user->add_lang('posting');
 
-		$preview	= (!empty($_POST['preview'])) ? true : false;
+		$preview	= request::variable('preview', false, false, request::POST);
-		$submit		= (!empty($_POST['submit'])) ? true : false;
+		$submit		= request::variable('submit', false, false, request::POST);
-		$delete		= (!empty($_POST['delete'])) ? true : false;
+		$delete		= request::variable('delete', false, false, request::POST);
 		$error = $data = array();
 		$s_hidden_fields = '';
 

phpBB/includes/ucp/ucp_register.php

@@ -37,9 +37,9 @@ class ucp_register
 
 		include(PHPBB_ROOT_PATH . 'includes/functions_profile_fields.' . PHP_EXT);
 
-		$coppa			= (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false;
+		$coppa			= request::is_set('coppa') ? ((request_var('coppa', false)) ? 1 : 0) : false;
-		$agreed			= (!empty($_POST['agreed'])) ? 1 : 0;
+		$agreed			= request::variable('agreed', false, false, request::POST) ? 1 : 0;
-		$submit			= (isset($_POST['submit'])) ? true : false;
+		$submit			= request::is_set_post('submit');
 		$change_lang	= request_var('change_lang', '');
 		$user_lang		= request_var('lang', $user->lang_name);
 
@@ -71,7 +71,7 @@ class ucp_register
 					$submit = false;
 
 					// Setting back agreed to let the user view the agreement in his/her language
-					$agreed = (empty($_GET['change_lang'])) ? 0 : $agreed;
+					$agreed = (request::is_set_post('change_lang')) ? 0 : $agreed;
 				}
 
 				$user->lang_name = $lang = $use_lang;

phpBB/includes/ucp/ucp_remind.php

@@ -31,7 +31,7 @@ class ucp_remind
 
 		$username	= request_var('username', '', true);
 		$email		= strtolower(request_var('email', ''));
-		$submit		= (isset($_POST['submit'])) ? true : false;
+		$submit		= request::is_set_post('submit');
 
 		if ($submit)
 		{

phpBB/includes/ucp/ucp_resend.php

@@ -31,7 +31,7 @@ class ucp_resend
 
 		$username	= request_var('username', '', true);
 		$email		= strtolower(request_var('email', ''));
-		$submit		= (isset($_POST['submit'])) ? true : false;
+		$submit		= request::is_set_post('submit');
 
 		add_form_key('ucp_resend');
 

phpBB/includes/ucp/ucp_zebra.php

@@ -28,7 +28,7 @@ class ucp_zebra
 	{
 		global $config, $db, $user, $auth, $template;
 
-		$submit	= (isset($_POST['submit']) || isset($_GET['add']) || isset($_GET['remove'])) ? true : false;
+		$submit	= request::is_set_post('submit') || request::is_set('add', request::GET) || request::is_set('remove', request::GET);
 		$s_hidden_fields = '';
 
 		$l_mode = strtoupper($mode);

phpBB/includes/utf/utf_tools.php

@@ -1356,6 +1356,8 @@ function utf8_case_fold_nfc($text, $option = 'full')
 * A wrapper function for the normalizer which takes care of including the class if required and modifies the passed strings
 * to be in NFC (Normalization Form Composition).
 *
+* @todo allow arbitrary array depth
+*
 * @param	mixed	$strings	a string or an array of strings to normalize
 * @return	mixed				the normalized content, preserving array keys if array given.
 */

phpBB/install/install_convert.php

@@ -381,7 +381,7 @@ class install_convert extends module
 			$this->p_master->error($lang['DEV_NO_TEST_FILE'], __LINE__, __FILE__);
 		}
 
-		$submit = (isset($_POST['submit'])) ? true : false;
+		$submit = request::is_set_post('submit');
 
 		$src_dbms			= request_var('src_dbms', $convertor_data['dbms']);
 		$src_dbhost			= request_var('src_dbhost', $convertor_data['dbhost']);
@@ -805,7 +805,7 @@ class install_convert extends module
 
 		if (!$current_table && !$skip_rows)
 		{
-			if (empty($_REQUEST['confirm']))
+			if (!request::variable('confirm', false))
 			{
 				// If avatars / ranks / smilies folders are specified make sure they are writable
 				$bad_folders = array();
@@ -966,7 +966,7 @@ class install_convert extends module
 				));
 
 				return;
-			} // if (empty($_REQUEST['confirm']))
+			} // if (!request::variable('confirm', false))
 
 			$template->assign_block_vars('checks', array(
 				'S_LEGEND'		=> true,

phpBB/install/install_install.php

@@ -559,7 +559,7 @@ class install_install extends module
 		$available_dbms = get_available_dbms(false, true);
 
 		// Has the user opted to test the connection?
-		if (isset($_POST['testdb']))
+		if (request::is_set_post('testdb'))
 		{
 			if (!isset($available_dbms[$data['dbms']]) || !$available_dbms[$data['dbms']]['AVAILABLE'])
 			{
@@ -700,7 +700,7 @@ class install_install extends module
 
 		$data['default_lang'] = ($data['default_lang'] !== '') ? $data['default_lang'] : $data['language'];
 
-		if (isset($_POST['check']))
+		if (request::is_set_post('check'))
 		{
 			$error = array();
 
@@ -954,7 +954,7 @@ class install_install extends module
 			}
 		}
 
-		if (isset($_POST['dldone']))
+		if (request::is_set_post('dldone'))
 		{
 			// Do a basic check to make sure that the file has been uploaded
 			// Note that all we check is that the file has _something_ in it
@@ -981,7 +981,7 @@ class install_install extends module
 		{
 			// OK, so it didn't work let's try the alternatives
 
-			if (isset($_POST['dlconfig']))
+			if (request::is_set_post('dlconfig'))
 			{
 				// They want a copy of the file to download, so send the relevant headers and dump out the data
 				header('Content-Type: text/x-delimtext; name="config.' . PHP_EXT . '"');

phpBB/install/install_update.php

@@ -208,7 +208,7 @@ class install_update extends module
 		$this->include_file('includes/diff/renderer.' . PHP_EXT);
 
 		// Make sure we stay at the file check if checking the files again
-		if (!empty($_POST['check_again']))
+		if (request::variable('check_again', false, false, request::POST))
 		{
 			$sub = $this->p_master->sub = 'file_check';
 		}
@@ -297,7 +297,7 @@ class install_update extends module
 				$action = request_var('action', '');
 
 				// We are directly within an update. To make sure our update list is correct we check its status.
-				$update_list = (!empty($_POST['check_again'])) ? false : $cache->get('_update_list');
+				$update_list = (request::variable('check_again', false, false, request::POST)) ? false : $cache->get('_update_list');
 				$modified = ($update_list !== false) ? @filemtime($cache->cache_dir . 'data_update_list.' . PHP_EXT) : 0;
 
 				// Make sure the list is up-to-date
@@ -644,7 +644,7 @@ class install_update extends module
 							{
 								$cache->put('_diff_files', $file_list);
 
-								if (!empty($_REQUEST['download']))
+								if (request_var('download', false))
 								{
 									$params[] = 'download=1';
 								}
@@ -747,7 +747,7 @@ class install_update extends module
 				$file_list['status'] = -1;
 				$cache->put('_diff_files', $file_list);
 
-				if (!empty($_REQUEST['download']))
+				if (request_var('download', false))
 				{
 					$this->include_file('includes/functions_compress.' . PHP_EXT);
 
@@ -823,7 +823,7 @@ class install_update extends module
 
 					// Choose FTP, if not available use fsock...
 					$method = basename(request_var('method', ''));
-					$submit = (isset($_POST['submit'])) ? true : false;
+					$submit = request::is_set_post('submit');
 					$test_ftp_connection = request_var('test_connection', '');
 
 					if (!$method || !class_exists($method))
@@ -881,7 +881,7 @@ class install_update extends module
 								'DATA'		=> $data,
 								'NAME'		=> $user->lang[strtoupper($method . '_' . $data)],
 								'EXPLAIN'	=> $user->lang[strtoupper($method . '_' . $data) . '_EXPLAIN'],
-								'DEFAULT'	=> (!empty($_REQUEST[$data])) ? request_var($data, '') : $default
+								'DEFAULT'	=> (request_var($data, false)) ? request_var($data, '') : $default
 							));
 						}
 

phpBB/mcp.php

@@ -31,10 +31,10 @@ $template->assign_var('S_IN_MCP', true);
 // Basic parameter data
 $id = request_var('i', '');
 
-if (isset($_REQUEST['mode']) && is_array($_REQUEST['mode']))
+$mode = request_var('mode', array(''));
+if (!empty($mode))
 {
-	$mode = request_var('mode', array(''));
+	$mode = key($mode);
-	list($mode, ) = each($mode);
 }
 else
 {
@@ -52,19 +52,18 @@ if (!$user->data['is_registered'])
 	login_box('', $user->lang['LOGIN_EXPLAIN_MCP']);
 }
 
-$quickmod = (isset($_REQUEST['quickmod'])) ? true : false;
+$quickmod		= request::is_set('quickmod');
-$action = request_var('action', '');
+$action			= request_var('action', '');
-$action_ary = request_var('action', array('' => 0));
+$action_ary		= request_var('action', array('' => 0));
-
+$forum_action	= request_var('forum_action', '');
-$forum_action = request_var('forum_action', '');
-if ($forum_action !== '' && !empty($_POST['sort']))
-{
-	$action = $forum_action;
-}
 
 if (sizeof($action_ary))
 {
-	list($action, ) = each($action_ary);
+	$action = key($action_ary);
+}
+else if (!empty($forum_action) && request::variable('sort', false, false, request::POST))
+{
+	$action = $forum_action;
 }
 unset($action_ary);
 

phpBB/memberlist.php

@@ -56,7 +56,7 @@ switch ($mode)
 }
 
 $start	= request_var('start', 0);
-$submit = (isset($_POST['submit'])) ? true : false;
+$submit = request::is_set_post('submit');
 
 $default_key = 'c';
 $sort_key = request_var('sk', $default_key);
@@ -741,8 +741,8 @@ switch ($mode)
 		$email_lang = request_var('lang', $config['default_lang']);
 		$subject	= utf8_normalize_nfc(request_var('subject', '', true));
 		$message	= utf8_normalize_nfc(request_var('message', '', true));
-		$cc			= (isset($_POST['cc_email'])) ? true : false;
+		$cc			= request::is_set_post('cc_email');
-		$submit		= (isset($_POST['submit'])) ? true : false;
+		$submit		= request::is_set_post('submit');
 
 		if ($submit)
 		{
@@ -948,7 +948,7 @@ switch ($mode)
 		// We validate form and field here, only id/class allowed
 		$form = (!preg_match('/^[a-z0-9_-]+$/i', $form)) ? '' : $form;
 		$field = (!preg_match('/^[a-z0-9_-]+$/i', $field)) ? '' : $field;
-		if (($mode == 'searchuser' || sizeof(array_intersect(array_keys($_GET), $search_params)) > 0) && ($config['load_search'] || $auth->acl_get('a_')))
+		if (($mode == 'searchuser' || sizeof(array_intersect(request::variable_names(request::GET), $search_params)) > 0) && ($config['load_search'] || $auth->acl_get('a_')))
 		{
 			$username	= request_var('username', '', true);
 			$email		= strtolower(request_var('email', ''));
@@ -1238,7 +1238,7 @@ switch ($mode)
 
 		foreach ($check_params as $key => $call)
 		{
-			if (!isset($_REQUEST[$key]))
+			if (!request::is_set($key))
 			{
 				continue;
 			}

phpBB/posting.php

@@ -32,14 +32,14 @@ $forum_id	= request_var('f', 0);
 $draft_id	= request_var('d', 0);
 $lastclick	= request_var('lastclick', 0);
 
-$submit		= (isset($_POST['post'])) ? true : false;
+$submit		= request::is_set_post('post');
-$preview	= (isset($_POST['preview'])) ? true : false;
+$preview	= request::is_set_post('preview');
-$save		= (isset($_POST['save'])) ? true : false;
+$save		= request::is_set_post('save');
-$load		= (isset($_POST['load'])) ? true : false;
+$load		= request::is_set_post('load');
-$delete		= (isset($_POST['delete'])) ? true : false;
+$delete		= request::is_set_post('delete');
-$cancel		= (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false;
+$cancel		= (request::is_set_post('cancel') && !request::is_set_post('save')) ? true : false;
 
-$refresh	= (isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['cancel_unglobalise']) || $save || $load) ? true : false;
+$refresh	= (request::is_set_post('add_file') || request::is_set_post('delete_file') || request::is_set_post('cancel_unglobalise') || $save || $load) ? true : false;
 $mode		= ($delete && !$preview && !$refresh && $submit) ? 'delete' : request_var('mode', '');
 
 $error = $post_data = array();
@@ -574,35 +574,37 @@ $solved_captcha = false;
 
 if ($submit || $preview || $refresh)
 {
+	$edit_reason = utf8_normalize_nfc(request_var('edit_reason', '', true));
+
 	$post_data['topic_cur_post_id']	= request_var('topic_cur_post_id', 0);
 	$post_data['post_subject']		= utf8_normalize_nfc(request_var('subject', '', true));
 	$message_parser->message		= utf8_normalize_nfc(request_var('message', '', true));
 
 	$post_data['username']			= utf8_normalize_nfc(request_var('username', $post_data['username'], true));
-	$post_data['post_edit_reason']	= (!empty($_POST['edit_reason']) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? utf8_normalize_nfc(request_var('edit_reason', '', true)) : '';
+	$post_data['post_edit_reason']	= (!empty($edit_reason) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? $edit_reason : '';
 
 	$post_data['orig_topic_type']	= $post_data['topic_type'];
 	$post_data['topic_type']		= request_var('topic_type', (($mode != 'post') ? (int) $post_data['topic_type'] : POST_NORMAL));
 	$post_data['topic_time_limit']	= request_var('topic_time_limit', (($mode != 'post') ? (int) $post_data['topic_time_limit'] : 0));
 	$post_data['icon_id']			= request_var('icon', 0);
 
-	$post_data['enable_bbcode']		= (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true;
+	$post_data['enable_bbcode']		= (!$bbcode_status || request::is_set_post('disable_bbcode')) ? false : true;
-	$post_data['enable_smilies']	= (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true;
+	$post_data['enable_smilies']	= (!$smilies_status || request::is_set_post('disable_smilies')) ? false : true;
-	$post_data['enable_urls']		= (isset($_POST['disable_magic_url'])) ? 0 : 1;
+	$post_data['enable_urls']		= request::is_set_post('disable_magic_url');
-	$post_data['enable_sig']		= (!$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig')) ? false : ((isset($_POST['attach_sig']) && $user->data['is_registered']) ? true : false);
+	$post_data['enable_sig']		= (!$config['allow_sig'] || !$auth->acl_get('f_sigs', $forum_id) || !$auth->acl_get('u_sig')) ? false : ((request::is_set_post('attach_sig') && $user->data['is_registered']) ? true : false);
 
 	if ($config['allow_topic_notify'] && $user->data['is_registered'])
 	{
-		$notify = (isset($_POST['notify'])) ? true : false;
+		$notify = request::is_set_post('notify');
 	}
 	else
 	{
 		$notify = false;
 	}
 
-	$topic_lock			= (isset($_POST['lock_topic'])) ? true : false;
+	$topic_lock			= request::is_set_post('lock_topic');
-	$post_lock			= (isset($_POST['lock_post'])) ? true : false;
+	$post_lock			= request::is_set_post('lock_post');
-	$poll_delete		= (isset($_POST['poll_delete'])) ? true : false;
+	$poll_delete		= request::is_set_post('poll_delete');
 
 	if ($submit)
 	{
@@ -652,7 +654,7 @@ if ($submit || $preview || $refresh)
 		$post_data['poll_length']		= request_var('poll_length', 0);
 		$post_data['poll_option_text']	= utf8_normalize_nfc(request_var('poll_option_text', '', true));
 		$post_data['poll_max_options']	= request_var('poll_max_options', 1);
-		$post_data['poll_vote_change']	= ($auth->acl_get('f_votechg', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0;
+		$post_data['poll_vote_change']	= ($auth->acl_get('f_votechg', $forum_id) && request::is_set_post('poll_vote_change')) ? 1 : 0;
 	}
 
 	// If replying/quoting and last post id has changed
@@ -1228,7 +1230,7 @@ if ($config['enable_post_confirm'] && !$user->data['is_registered'] && $solved_c
 
 $s_hidden_fields = ($mode == 'reply' || $mode == 'quote') ? '<input type="hidden" name="topic_cur_post_id" value="' . $post_data['topic_last_post_id'] . '" />' : '';
 $s_hidden_fields .= '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
-$s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . request_var('draft_loaded', $draft_id) . '" />' : '';
+$s_hidden_fields .= ($draft_id || request::is_set('draft_loaded')) ? '<input type="hidden" name="draft_loaded" value="' . request_var('draft_loaded', $draft_id) . '" />' : '';
 
 // Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview
 if ($solved_captcha !== false)
@@ -1269,7 +1271,7 @@ $template->assign_vars(array(
 	'UA_PROGRESS_BAR'		=> addslashes(append_sid('posting', "f=$forum_id&amp;mode=popup")),
 
 	'S_PRIVMSGS'				=> false,
-	'S_CLOSE_PROGRESS_WINDOW'	=> (isset($_POST['add_file'])) ? true : false,
+	'S_CLOSE_PROGRESS_WINDOW'	=> request::is_set_post('add_file'),
 	'S_EDIT_POST'				=> ($mode == 'edit') ? true : false,
 	'S_EDIT_REASON'				=> ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
 	'S_DISPLAY_USERNAME'		=> (!$user->data['is_registered'] || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS)) ? true : false,
@@ -1319,7 +1321,7 @@ if (($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_
 		'L_POLL_OPTIONS_EXPLAIN'	=> sprintf($user->lang['POLL_OPTIONS_' . (($mode == 'edit') ? 'EDIT_' : '') . 'EXPLAIN'], $config['max_poll_options']),
 
 		'VOTE_CHANGE_CHECKED'	=> (!empty($post_data['poll_vote_change'])) ? ' checked="checked"' : '',
-		'POLL_TITLE'			=> (isset($post_data['poll_title'])) ? $post_data['poll_title'] : '',
+// 		'POLL_TITLE'			=> (isset($post_data['poll_title'])) ? $post_data['poll_title'] : '',
 		'POLL_OPTIONS'			=> (!empty($post_data['poll_options'])) ? implode("\n", $post_data['poll_options']) : '',
 		'POLL_MAX_OPTIONS'		=> (isset($post_data['poll_max_options'])) ? (int) $post_data['poll_max_options'] : 1,
 		'POLL_LENGTH'			=> $post_data['poll_length'])

phpBB/report.php

@@ -28,7 +28,7 @@ $reason_id		= request_var('reason_id', 0);
 $report_text	= utf8_normalize_nfc(request_var('report_text', '', true));
 $user_notify	= ($user->data['is_registered']) ? request_var('notify', 0) : false;
 
-$submit = (isset($_POST['submit'])) ? true : false;
+$submit = request::is_set_post('submit');
 
 if (!$post_id)
 {
@@ -38,7 +38,7 @@ if (!$post_id)
 $redirect_url = append_sid('viewtopic', "f=$forum_id&p=$post_id") . "#p$post_id";
 
 // Has the report been cancelled?
-if (isset($_POST['cancel']))
+if (request::is_set_post('cancel'))
 {
 	redirect($redirect_url);
 }

phpBB/search.php

@@ -562,7 +562,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 
 			if ($config['load_anon_lastread'] || ($user->data['is_registered'] && !$config['load_db_lastread']))
 			{
-				$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : '';
+				$tracking_topics = request::variable($config['cookie_name'] . '_track', '', false, request::COOKIE);
 				$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
 			}
 
@@ -1038,11 +1038,17 @@ for ($i = 100; $i <= 1000 ; $i += 100)
 
 $s_hidden_fields = array('t' => $topic_id);
 
+/**
+* @todo get rid of this global $_SID voodoo!
+*/
 if ($_SID)
 {
 	$s_hidden_fields['sid'] = $_SID;
 }
 
+/**
+* @todo get rid of this global $_EXTRA_URL voodoo, too!
+*/
 if (!empty($_EXTRA_URL))
 {
 	foreach ($_EXTRA_URL as $url_param)

phpBB/ucp.php

@@ -58,7 +58,7 @@ switch ($mode)
 	break;
 
 	case 'register':
-		if ($user->data['is_registered'] || isset($_REQUEST['not_agreed']))
+		if ($user->data['is_registered'] || request::is_set('not_agreed'))
 		{
 			redirect(append_sid('index'));
 		}
@@ -81,7 +81,7 @@ switch ($mode)
 	break;
 
 	case 'logout':
-		if ($user->data['user_id'] != ANONYMOUS && isset($_GET['sid']) && !is_array($_GET['sid']) && $_GET['sid'] === $user->session_id)
+		if ($user->data['user_id'] != ANONYMOUS && request::variable('sid', '', false, request::GET) === $user->session_id)
 		{
 			$user->session_kill();
 			$user->session_begin();
@@ -140,7 +140,8 @@ switch ($mode)
 		{
 			$set_time = time() - 31536000;
 
-			foreach ($_COOKIE as $cookie_name => $cookie_data)
+			$cookies = request::variable_names(request::COOKIE);
+			foreach ($cookies as $cookie_name)
 			{
 				$cookie_name = str_replace($config['cookie_name'] . '_', '', $cookie_name);
 

phpBB/viewforum.php

@@ -75,7 +75,7 @@ if (!$forum_data)
 $user->setup('viewforum', $forum_data['forum_style']);
 
 // Redirect to login upon emailed notification links
-if (isset($_GET['e']) && !$user->data['is_registered'])
+if (request::is_set('e', request::GET) && !$user->data['is_registered'])
 {
 	login_box('', $user->lang['LOGIN_NOTIFY_FORUM']);
 }
@@ -238,7 +238,7 @@ if ($sort_days)
 	$topics_count = (int) $db->sql_fetchfield('num_topics');
 	$db->sql_freeresult($result);
 
-	if (isset($_POST['sort']))
+	if (request::is_set_post('sort'))
 	{
 		$start = 0;
 	}

phpBB/viewtopic.php

@@ -348,7 +348,7 @@ if ($topic_data['forum_password'])
 }
 
 // Redirect to login or to the correct post upon emailed notification links
-if (isset($_GET['e']))
+if (request::is_set('e', request::GET))
 {
 	$jump_to = request_var('e', 0);
 
@@ -417,7 +417,7 @@ if ($sort_days)
 
 	$limit_posts_time = "AND p.post_time >= $min_post_time ";
 
-	if (isset($_POST['sort']))
+	if (request::is_set_post('sort'))
 	{
 		$start = 0;
 	}
@@ -673,10 +673,10 @@ if (!empty($topic_data['poll_start']))
 		// Cookie based guest tracking ... I don't like this but hum ho
 		// it's oft requested. This relies on "nice" users who don't feel
 		// the need to delete cookies to mess with results.
-		if (isset($_COOKIE[$config['cookie_name'] . '_poll_' . $topic_id]))
+		$cur_voted_list = request::variable($config['cookie_name'] . '_poll_' . $topic_id, '', false, request::COOKIE);
+		if (!empty($cur_voted_list))
 		{
-			$cur_voted_id = explode(',', $_COOKIE[$config['cookie_name'] . '_poll_' . $topic_id]);
+			$cur_voted_id = array_map('intval', explode(',', $cur_voted_list));
-			$cur_voted_id = array_map('intval', $cur_voted_id);
 		}
 	}
 
@@ -1580,12 +1580,15 @@ else if (!$all_marked_read)
 	}
 }
 
-// We overwrite $_REQUEST['f'] if there is no forum specified
+/**
+* @todo Do NOT overwrite a request variable.
+*/
+// We overwrite the 'f' request variable if there is no forum specified
 // to be able to display the correct online list.
 // One downside is that the user currently viewing this topic/post is not taken into account.
-if (empty($_REQUEST['f']))
+if (empty(request::variable('f', '')))
 {
-	$_REQUEST['f'] = $forum_id;
+	request::overwrite('f', $forum_id);
 }
 
 // Output the page