From 204ee4714b2a0be1513e6a30b255477f39dac5cb Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Tue, 31 Aug 2010 21:29:11 +0200 Subject: [PATCH] [feature/request-class] Removal of direct access to some superglobals PHPBB3-9716 --- phpBB/includes/functions.php | 12 ++---------- phpBB/ucp.php | 6 +++++- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 029281ee84..81e327143a 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2698,22 +2698,14 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '') { global $user, $template, $db; - global $phpEx, $phpbb_root_path; + global $phpEx, $phpbb_root_path, $request; if (isset($_POST['cancel'])) { return false; } - $confirm = false; - if (isset($_POST['confirm'])) - { - // language frontier - if ($_POST['confirm'] === $user->lang['YES']) - { - $confirm = true; - } - } + $confirm = ($user->lang['YES'] === $request->variable('confirm', '', true, phpbb_request_interface::POST)); if ($check && $confirm) { diff --git a/phpBB/ucp.php b/phpBB/ucp.php index f5a2ec9648..f26f7b048e 100644 --- a/phpBB/ucp.php +++ b/phpBB/ucp.php @@ -136,13 +136,17 @@ switch ($mode) case 'delete_cookies': + global $request; + // Delete Cookies with dynamic names (do NOT delete poll cookies) if (confirm_box(true)) { $set_time = time() - 31536000; - foreach ($_COOKIE as $cookie_name => $cookie_data) + foreach ($request->variable_names(phpbb_request_interface::COOKIE) as $cookie_name) { + $cookie_data = $request->variable($cookie_name, '', true, phpbb_request_interface::COOKIE); + // Only delete board cookies, no other ones... if (strpos($cookie_name, $config['cookie_name'] . '_') !== 0) {