makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-27 21:58:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'feature/igorw/request-class' into develop

Browse source 
* feature/igorw/request-class:
  [feature/request-class] Convert some remaining cookies
  [feature/request-class] Adjust misleading comment
  [feature/request-class] Remove direct access to _REQUEST in acp_search
  [feature/request-class] Special case of direct access to _REQUEST
This commit is contained in:
Andreas Fischer 2010-12-16 02:22:17 +01:00
commit 442fc61be7
10 changed files with 38 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
phpBB/adm/style/acp_search.html
View file

@ -139,9 +139,11 @@
<p class="quick"> <p class="quick">
<!-- IF backend.S_INDEXED --> <!-- IF backend.S_INDEXED -->
<input class="button2" type="submit" name="action[delete]" value="{L_DELETE_INDEX}" onclick="popup_progress_bar('delete');" /> <input type="hidden" name="action" value="delete" />
<input class="button2" type="submit" value="{L_DELETE_INDEX}" onclick="popup_progress_bar('delete');" />
<!-- ELSE --> <!-- ELSE -->
<input class="button2" type="submit" name="action[create]" value="{L_CREATE_INDEX}" onclick="popup_progress_bar('create');" /> <input type="hidden" name="action" value="create" />
<input class="button2" type="submit" value="{L_CREATE_INDEX}" onclick="popup_progress_bar('create');" />
<!-- ENDIF --> <!-- ENDIF -->
</p> </p>
{S_FORM_TOKEN} {S_FORM_TOKEN}

10
phpBB/includes/acp/acp_search.php
View file

@ -232,15 +232,7 @@ class acp_search
global $db, $user, $auth, $template, $cache; global $db, $user, $auth, $template, $cache;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
if (isset($_REQUEST['action']) && is_array($_REQUEST['action'])) $action = request_var('action', '');
{
$action = request_var('action', array('' => false));
$action = key($action);
}
else
{
$action = request_var('action', '');
}
$this->state = explode(',', $config['search_indexing_state']); $this->state = explode(',', $config['search_indexing_state']);
if (isset($_POST['cancel'])) if (isset($_POST['cancel']))

16
phpBB/includes/auth/auth_db.php
View file

@ -27,6 +27,7 @@ if (!defined('IN_PHPBB'))
function login_db(&$username, &$password) function login_db(&$username, &$password)
{ {
global $db, $config; global $db, $config;
global $request;
// do not allow empty password // do not allow empty password
if (!$password) if (!$password)
@ -96,12 +97,23 @@ function login_db(&$username, &$password)
// If the password convert flag is set we need to convert it // If the password convert flag is set we need to convert it
if ($row['user_pass_convert']) if ($row['user_pass_convert'])
{ {
// enable super globals to get literal value
// this is needed to prevent unicode normalization
$super_globals_disabled = $request->super_globals_disabled();
if ($super_globals_disabled)
{
$request->enable_super_globals();
}
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied // in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
$password_new_format = ''; $password_new_format = $request->variable('password', '', true);
set_var($password_new_format, stripslashes($password_old_format), 'string'); if ($super_globals_disabled)
{
$request->disable_super_globals();
}
if ($password == $password_new_format) if ($password == $password_new_format)
{ {

19
phpBB/includes/functions.php
View file

@ -1148,6 +1148,7 @@ function tz_select($default = '', $truncate = false)
function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $user_id = 0) function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $user_id = 0)
{ {
global $db, $user, $config; global $db, $user, $config;
global $request;
if ($mode == 'all') if ($mode == 'all')
{ {
@ -1162,7 +1163,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
} }
else if ($config['load_anon_lastread'] || $user->data['is_registered']) else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{ {
$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
unset($tracking_topics['tf']); unset($tracking_topics['tf']);
@ -1171,7 +1172,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
$tracking_topics['l'] = base_convert(time() - $config['board_startdate'], 10, 36); $tracking_topics['l'] = base_convert(time() - $config['board_startdate'], 10, 36);
$user->set_cookie('track', tracking_serialize($tracking_topics), time() + 31536000); $user->set_cookie('track', tracking_serialize($tracking_topics), time() + 31536000);
$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking_topics)) : tracking_serialize($tracking_topics); $request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking_topics), phpbb_request_interface::COOKIE);
unset($tracking_topics); unset($tracking_topics);
@ -1241,7 +1242,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
} }
else if ($config['load_anon_lastread'] || $user->data['is_registered']) else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{ {
$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; $tracking = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking = ($tracking) ? tracking_unserialize($tracking) : array(); $tracking = ($tracking) ? tracking_unserialize($tracking) : array();
foreach ($forum_id as $f_id) foreach ($forum_id as $f_id)
@ -1272,7 +1273,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
} }
$user->set_cookie('track', tracking_serialize($tracking), time() + 31536000); $user->set_cookie('track', tracking_serialize($tracking), time() + 31536000);
$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking); $request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), phpbb_request_interface::COOKIE);
unset($tracking); unset($tracking);
} }
@ -1313,7 +1314,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
} }
else if ($config['load_anon_lastread'] || $user->data['is_registered']) else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{ {
$tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; $tracking = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking = ($tracking) ? tracking_unserialize($tracking) : array(); $tracking = ($tracking) ? tracking_unserialize($tracking) : array();
$topic_id36 = base_convert($topic_id, 10, 36); $topic_id36 = base_convert($topic_id, 10, 36);
@ -1328,7 +1329,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
// If the cookie grows larger than 10000 characters we will remove the smallest value // If the cookie grows larger than 10000 characters we will remove the smallest value
// This can result in old topics being unread - but most of the time it should be accurate... // This can result in old topics being unread - but most of the time it should be accurate...
if (isset($_COOKIE[$config['cookie_name'] . '_track']) && strlen($_COOKIE[$config['cookie_name'] . '_track']) > 10000) if (strlen($request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE)) > 10000)
{ {
//echo 'Cookie grown too large' . print_r($tracking, true); //echo 'Cookie grown too large' . print_r($tracking, true);
@ -1368,7 +1369,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
} }
$user->set_cookie('track', tracking_serialize($tracking), time() + 31536000); $user->set_cookie('track', tracking_serialize($tracking), time() + 31536000);
$_COOKIE[$config['cookie_name'] . '_track'] = (STRIP) ? addslashes(tracking_serialize($tracking)) : tracking_serialize($tracking); $request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), phpbb_request_interface::COOKIE);
} }
return; return;
@ -1550,7 +1551,7 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
if (!isset($tracking_topics) || !sizeof($tracking_topics)) if (!isset($tracking_topics) || !sizeof($tracking_topics))
{ {
$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
} }
@ -1760,7 +1761,7 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti
} }
else if ($config['load_anon_lastread'] || $user->data['is_registered']) else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{ {
$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
if (!$user->data['is_registered']) if (!$user->data['is_registered'])

3
phpBB/includes/functions_display.php
View file

@ -23,6 +23,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
{ {
global $db, $auth, $user, $template; global $db, $auth, $user, $template;
global $phpbb_root_path, $phpEx, $config; global $phpbb_root_path, $phpEx, $config;
global $request;
$forum_rows = $subforums = $forum_ids = $forum_ids_moderator = $forum_moderators = $active_forum_ary = array(); $forum_rows = $subforums = $forum_ids = $forum_ids_moderator = $forum_moderators = $active_forum_ary = array();
$parent_id = $visible_forums = 0; $parent_id = $visible_forums = 0;
@ -69,7 +70,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
} }
else if ($config['load_anon_lastread'] || $user->data['is_registered']) else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{ {
$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
if (!$user->data['is_registered']) if (!$user->data['is_registered'])

3
phpBB/includes/session.php
View file

@ -206,6 +206,7 @@ class session
function session_begin($update_session_page = true) function session_begin($update_session_page = true)
{ {
global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path; global $phpEx, $SID, $_SID, $_EXTRA_URL, $db, $config, $phpbb_root_path;
global $request;
// Give us some basic information // Give us some basic information
$this->time_now = time(); $this->time_now = time();
@ -241,7 +242,7 @@ class session
$this->forwarded_for = ''; $this->forwarded_for = '';
} }
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u'])) if ($request->is_set($config['cookie_name'] . '_sid', phpbb_request_interface::COOKIE) || $request->is_set($config['cookie_name'] . '_u', phpbb_request_interface::COOKIE))
{ {
$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true); $this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true);
$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true); $this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true);

2
phpBB/includes/ucp/ucp_main.php
View file

@ -288,7 +288,7 @@ class ucp_main
} }
else else
{ {
$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
} }

2
phpBB/search.php
View file

@ -652,7 +652,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
if ($config['load_anon_lastread'] || ($user->data['is_registered'] && !$config['load_db_lastread'])) if ($config['load_anon_lastread'] || ($user->data['is_registered'] && !$config['load_db_lastread']))
{ {
$tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; $tracking_topics = $request->variable($config['cookie_name'] . '_track', '', true, phpbb_request_interface::COOKIE);
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
} }

4
phpBB/viewtopic.php
View file

@ -701,9 +701,9 @@ if (!empty($topic_data['poll_start']))
// Cookie based guest tracking ... I don't like this but hum ho // Cookie based guest tracking ... I don't like this but hum ho
// it's oft requested. This relies on "nice" users who don't feel // it's oft requested. This relies on "nice" users who don't feel
// the need to delete cookies to mess with results. // the need to delete cookies to mess with results.
if (isset($_COOKIE[$config['cookie_name'] . '_poll_' . $topic_id])) if ($request->is_set($config['cookie_name'] . '_poll_' . $topic_id, phpbb_request_interface::COOKIE))
{ {
$cur_voted_id = explode(',', $_COOKIE[$config['cookie_name'] . '_poll_' . $topic_id]); $cur_voted_id = explode(',', $request->variable($config['cookie_name'] . '_poll_' . $topic_id, '', true, phpbb_request_interface::COOKIE));
$cur_voted_id = array_map('intval', $cur_voted_id); $cur_voted_id = array_map('intval', $cur_voted_id);
} }
} }

2
tests/request/request_var.php
View file

@ -87,7 +87,7 @@ class phpbb_request_var_test extends phpbb_test_case
$this->unset_variables('var'); $this->unset_variables('var');
// cannot set $_REQUEST directly because in phpbb_request implementation // cannot set $_REQUEST directly because in phpbb_request implementation
// $_REQUEST = $_GET + $_POST // $_REQUEST = $_POST + $_GET
$_POST['var'] = array( $_POST['var'] = array(
0 => array( 0 => array(
'b' => array( 'b' => array(