From 6beeda79eb5a001b589e987d832acf4ea0ae5b4f Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Thu, 11 Mar 2010 16:08:19 +0100 Subject: [PATCH] [feature/request-class] Replace direct use of GET/REQUEST with request_var. Now with $_VARs causing fatal errors we should really be able to find and delete all of these occurances. PHPBB3-9716 --- phpBB/includes/session.php | 9 +++++---- phpBB/viewtopic.php | 8 ++++---- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index cc216392b8..0e6a23762e 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -130,7 +130,7 @@ class session 'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)), 'page' => $page, - 'forum' => (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0, + 'forum' => request_var('f', 0), ); return $page_array; @@ -318,7 +318,7 @@ class session } // Is session_id is set or session_id is set and matches the url param if required - if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid']))) + if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === request_var('sid', '')))) { $sql = 'SELECT u.*, s.* FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u @@ -1591,11 +1591,12 @@ class user extends session $this->add_lang($lang_set); unset($lang_set); - if (!empty($_GET['style']) && $auth->acl_get('a_styles') && !defined('ADMIN_START')) + $style_request = request_var('style', 0); + if ($style_request && $auth->acl_get('a_styles') && !defined('ADMIN_START')) { global $SID, $_EXTRA_URL; - $style = request_var('style', 0); + $style = $style_request; $SID .= '&style=' . $style; $_EXTRA_URL = array('style=' . $style); } diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 498088c5c8..fecd87bbc1 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -1732,15 +1732,15 @@ if ($s_can_vote || $s_quick_reply) // We overwrite $_REQUEST['f'] if there is no forum specified // to be able to display the correct online list. // One downside is that the user currently viewing this topic/post is not taken into account. -if (empty($_REQUEST['f'])) +if (!request_var('f', 0)) { - $_REQUEST['f'] = $forum_id; + $request->overwrite('f', $forum_id); } // We need to do the same with the topic_id. See #53025. -if (empty($_REQUEST['t']) && !empty($topic_id)) +if (!request_var('t', 0) && !empty($topic_id)) { - $_REQUEST['t'] = $topic_id; + $request->overwrite('t', $topic_id); } // Output the page