makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 22:28:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/request-class] Replace direct use of GET/REQUEST with request_var.

Browse source 
Now with $_VARs causing fatal errors we should really be able to find and
delete all of these occurances.

PHPBB3-9716
This commit is contained in:
Nils Adermann 2010-03-11 16:08:19 +01:00
parent 76e530196b
commit 6beeda79eb
2 changed files with 9 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
phpBB/includes/session.php
View file

@ -130,7 +130,7 @@ class session
'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)), 'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)),
'page' => $page, 'page' => $page,
'forum' => (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0, 'forum' => request_var('f', 0),
); );
return $page_array; return $page_array;
@ -318,7 +318,7 @@ class session
} }
// Is session_id is set or session_id is set and matches the url param if required // Is session_id is set or session_id is set and matches the url param if required
if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid']))) if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === request_var('sid', ''))))
{ {
$sql = 'SELECT u.*, s.* $sql = 'SELECT u.*, s.*
FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
@ -1591,11 +1591,12 @@ class user extends session
$this->add_lang($lang_set); $this->add_lang($lang_set);
unset($lang_set); unset($lang_set);
if (!empty($_GET['style']) && $auth->acl_get('a_styles') && !defined('ADMIN_START')) $style_request = request_var('style', 0);
if ($style_request && $auth->acl_get('a_styles') && !defined('ADMIN_START'))
{ {
global $SID, $_EXTRA_URL; global $SID, $_EXTRA_URL;
$style = request_var('style', 0); $style = $style_request;
$SID .= '&style=' . $style; $SID .= '&style=' . $style;
$_EXTRA_URL = array('style=' . $style); $_EXTRA_URL = array('style=' . $style);
} }

8
phpBB/viewtopic.php
View file

@ -1732,15 +1732,15 @@ if ($s_can_vote || $s_quick_reply)
// We overwrite $_REQUEST['f'] if there is no forum specified // We overwrite $_REQUEST['f'] if there is no forum specified
// to be able to display the correct online list. // to be able to display the correct online list.
// One downside is that the user currently viewing this topic/post is not taken into account. // One downside is that the user currently viewing this topic/post is not taken into account.
if (empty($_REQUEST['f'])) if (!request_var('f', 0))
{ {
$_REQUEST['f'] = $forum_id; $request->overwrite('f', $forum_id);
} }
// We need to do the same with the topic_id. See #53025. // We need to do the same with the topic_id. See #53025.
if (empty($_REQUEST['t']) && !empty($topic_id)) if (!request_var('t', 0) && !empty($topic_id))
{ {
$_REQUEST['t'] = $topic_id; $request->overwrite('t', $topic_id);
} }
// Output the page // Output the page