makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/soft-delete] Use request object instead of direct access

Browse source 
PHPBB3-9567
This commit is contained in:
Joas Schilling 2012-11-09 12:32:27 +01:00
parent fc110a7332
commit 8512543cf4
3 changed files with 43 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
phpBB/includes/mcp/mcp_main.php
View file

@ -110,8 +110,8 @@ class mcp_main
// f parameter is not reliable for permission usage, however we just use it to decide // f parameter is not reliable for permission usage, however we just use it to decide
// which permission we will check later on. So if it is manipulated, we will still catch it later on. // which permission we will check later on. So if it is manipulated, we will still catch it later on.
$forum_id = request_var('f', 0); $forum_id = $request->variable('f', 0);
$topic_ids = (!$quickmod) ? request_var('topic_id_list', array(0)) : array(request_var('t', 0)); $topic_ids = (!$quickmod) ? $request->variable('topic_id_list', array(0)) : array($request->variable('t', 0));
$soft_delete = (($request->is_set_post('confirm') && !$request->is_set_post('delete_permanent')) || !$auth->acl_get('m_delete', $forum_id)) ? true : false; $soft_delete = (($request->is_set_post('confirm') && !$request->is_set_post('delete_permanent')) || !$auth->acl_get('m_delete', $forum_id)) ? true : false;
if (!sizeof($topic_ids)) if (!sizeof($topic_ids))
@ -119,7 +119,7 @@ class mcp_main
trigger_error('NO_TOPIC_SELECTED'); trigger_error('NO_TOPIC_SELECTED');
} }
mcp_delete_topic($topic_ids, $soft_delete, ($soft_delete) ? request_var('delete_reason', '', true) : ''); mcp_delete_topic($topic_ids, $soft_delete, ($soft_delete) ? $request->variable('delete_reason', '', true) : '');
break; break;
case 'delete_post': case 'delete_post':
@ -127,8 +127,8 @@ class mcp_main
// f parameter is not reliable for permission usage, however we just use it to decide // f parameter is not reliable for permission usage, however we just use it to decide
// which permission we will check later on. So if it is manipulated, we will still catch it later on. // which permission we will check later on. So if it is manipulated, we will still catch it later on.
$forum_id = request_var('f', 0); $forum_id = $request->variable('f', 0);
$post_ids = (!$quickmod) ? request_var('post_id_list', array(0)) : array(request_var('p', 0)); $post_ids = (!$quickmod) ? $request->variable('post_id_list', array(0)) : array($request->variable('p', 0));
$soft_delete = (($request->is_set_post('confirm') && !$request->is_set_post('delete_permanent')) || !$auth->acl_get('m_delete', $forum_id)) ? true : false; $soft_delete = (($request->is_set_post('confirm') && !$request->is_set_post('delete_permanent')) || !$auth->acl_get('m_delete', $forum_id)) ? true : false;
if (!sizeof($post_ids)) if (!sizeof($post_ids))
@ -136,13 +136,13 @@ class mcp_main
trigger_error('NO_POST_SELECTED'); trigger_error('NO_POST_SELECTED');
} }
mcp_delete_post($post_ids, $soft_delete, ($soft_delete) ? request_var('delete_reason', '', true) : ''); mcp_delete_post($post_ids, $soft_delete, ($soft_delete) ? $request->variable('delete_reason', '', true) : '');
break; break;
case 'restore_topic': case 'restore_topic':
$user->add_lang('posting'); $user->add_lang('posting');
$topic_ids = (!$quickmod) ? request_var('topic_id_list', array(0)) : array(request_var('t', 0)); $topic_ids = (!$quickmod) ? $request->variable('topic_id_list', array(0)) : array($request->variable('t', 0));
if (!sizeof($topic_ids)) if (!sizeof($topic_ids))
{ {
@ -654,15 +654,15 @@ function mcp_move_topic($topic_ids)
*/ */
function mcp_restore_topic($topic_ids) function mcp_restore_topic($topic_ids)
{ {
global $auth, $user, $db, $phpEx, $phpbb_root_path; global $auth, $user, $db, $phpEx, $phpbb_root_path, $request;
if (!check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('m_approve'))) if (!check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('m_approve')))
{ {
return; return;
} }
$redirect = request_var('redirect', build_url(array('action', 'quickmod'))); $redirect = $request->variable('redirect', build_url(array('action', 'quickmod')));
$forum_id = request_var('f', 0); $forum_id = $request->variable('f', 0);
$s_hidden_fields = build_hidden_fields(array( $s_hidden_fields = build_hidden_fields(array(
'topic_id_list' => $topic_ids, 'topic_id_list' => $topic_ids,
@ -692,10 +692,10 @@ function mcp_restore_topic($topic_ids)
confirm_box(false, (sizeof($topic_ids) == 1) ? 'RESTORE_TOPIC' : 'RESTORE_TOPICS', $s_hidden_fields); confirm_box(false, (sizeof($topic_ids) == 1) ? 'RESTORE_TOPIC' : 'RESTORE_TOPICS', $s_hidden_fields);
} }
$topic_id = request_var('t', 0); $topic_id = $request->variable('t', 0);
if (!isset($_REQUEST['quickmod'])) if (!$request->is_set('quickmod', phpbb_request_interface::REQUEST))
{ {
$redirect = request_var('redirect', "index.$phpEx"); $redirect = $request->variable('redirect', "index.$phpEx");
$redirect = reapply_sid($redirect); $redirect = reapply_sid($redirect);
$redirect_message = 'PAGE'; $redirect_message = 'PAGE';
} }
@ -726,15 +726,15 @@ function mcp_restore_topic($topic_ids)
*/ */
function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = '') function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = '')
{ {
global $auth, $user, $db, $phpEx, $phpbb_root_path; global $auth, $user, $db, $phpEx, $phpbb_root_path, $request;
if (!check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('m_delete'))) if (!check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('m_delete')))
{ {
return; return;
} }
$redirect = request_var('redirect', build_url(array('action', 'quickmod'))); $redirect = $request->variable('redirect', build_url(array('action', 'quickmod')));
$forum_id = request_var('f', 0); $forum_id = $request->variable('f', 0);
$s_hidden_fields = array( $s_hidden_fields = array(
'topic_id_list' => $topic_ids, 'topic_id_list' => $topic_ids,
@ -820,10 +820,10 @@ function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = ''
confirm_box(false, $l_confirm, build_hidden_fields($s_hidden_fields), 'confirm_delete_body.html'); confirm_box(false, $l_confirm, build_hidden_fields($s_hidden_fields), 'confirm_delete_body.html');
} }
$topic_id = request_var('t', 0); $topic_id = $request->variable('t', 0);
if (!isset($_REQUEST['quickmod'])) if (!$request->is_set('quickmod', phpbb_request_interface::REQUEST))
{ {
$redirect = request_var('redirect', "index.$phpEx"); $redirect = $request->variable('redirect', "index.$phpEx");
$redirect = reapply_sid($redirect); $redirect = reapply_sid($redirect);
$redirect_message = 'PAGE'; $redirect_message = 'PAGE';
} }
@ -854,15 +854,15 @@ function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = ''
*/ */
function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '') function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '')
{ {
global $auth, $user, $db, $phpEx, $phpbb_root_path; global $auth, $user, $db, $phpEx, $phpbb_root_path, $request;
if (!check_ids($post_ids, POSTS_TABLE, 'post_id', array('m_softdelete'))) if (!check_ids($post_ids, POSTS_TABLE, 'post_id', array('m_softdelete')))
{ {
return; return;
} }
$redirect = request_var('redirect', build_url(array('action', 'quickmod'))); $redirect = $request->variable('redirect', build_url(array('action', 'quickmod')));
$forum_id = request_var('f', 0); $forum_id = $request->variable('f', 0);
$s_hidden_fields = array( $s_hidden_fields = array(
'post_id_list' => $post_ids, 'post_id_list' => $post_ids,
@ -926,7 +926,7 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '')
add_log('mod', $row['forum_id'], $row['topic_id'], 'LOG_SOFTDELETE_POST', $row['post_subject'], $post_username); add_log('mod', $row['forum_id'], $row['topic_id'], 'LOG_SOFTDELETE_POST', $row['post_subject'], $post_username);
} }
$topic_id = request_var('t', 0); $topic_id = $request->variable('t', 0);
// Return links // Return links
$return_link = array(); $return_link = array();
@ -980,7 +980,7 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '')
$deleted_topics = ($row = $db->sql_fetchrow($result)) ? ($affected_topics - $row['topics_left']) : $affected_topics; $deleted_topics = ($row = $db->sql_fetchrow($result)) ? ($affected_topics - $row['topics_left']) : $affected_topics;
$db->sql_freeresult($result); $db->sql_freeresult($result);
$topic_id = request_var('t', 0); $topic_id = $request->variable('t', 0);
// Return links // Return links
$return_link = array(); $return_link = array();
@ -1056,7 +1056,7 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '')
confirm_box(false, $l_confirm, build_hidden_fields($s_hidden_fields), 'confirm_delete_body.html'); confirm_box(false, $l_confirm, build_hidden_fields($s_hidden_fields), 'confirm_delete_body.html');
} }
$redirect = request_var('redirect', "index.$phpEx"); $redirect = $request->variable('redirect', "index.$phpEx");
$redirect = reapply_sid($redirect); $redirect = reapply_sid($redirect);
if (!$success_msg) if (!$success_msg)

29
phpBB/includes/mcp/mcp_queue.php
View file

@ -32,7 +32,7 @@ class mcp_queue
public function main($id, $mode) public function main($id, $mode)
{ {
global $auth, $db, $user, $template, $cache; global $auth, $db, $user, $template, $cache, $request;
global $config, $phpbb_root_path, $phpEx, $action; global $config, $phpbb_root_path, $phpEx, $action;
include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx); include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
@ -49,8 +49,8 @@ class mcp_queue
case 'restore': case 'restore':
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
$post_id_list = request_var('post_id_list', array(0)); $post_id_list = $request->variable('post_id_list', array(0));
$topic_id_list = request_var('topic_id_list', array(0)); $topic_id_list = $request->variable('topic_id_list', array(0));
if ($action != 'disapprove') if ($action != 'disapprove')
{ {
@ -263,7 +263,7 @@ class mcp_queue
$user->add_lang(array('viewtopic', 'viewforum')); $user->add_lang(array('viewtopic', 'viewforum'));
$topic_id = request_var('t', 0); $topic_id = $request->variable('t', 0);
$forum_info = array(); $forum_info = array();
if ($topic_id) if ($topic_id)
@ -503,7 +503,7 @@ class mcp_queue
trigger_error('NOT_AUTHORISED'); trigger_error('NOT_AUTHORISED');
} }
$redirect = request_var('redirect', build_url(array('quickmod'))); $redirect = $request->variable('redirect', build_url(array('quickmod')));
$success_msg = $post_url = ''; $success_msg = $post_url = '';
$approve_log = array(); $approve_log = array();
@ -519,7 +519,7 @@ class mcp_queue
if (confirm_box(true)) if (confirm_box(true))
{ {
$notify_poster = ($action == 'approve' && isset($_REQUEST['notify_poster'])) ? true : false; $notify_poster = ($action == 'approve' && isset($_REQUEST['notify_poster']));
$topic_info = array(); $topic_info = array();
@ -642,7 +642,7 @@ class mcp_queue
confirm_box(false, strtoupper($action) . '_POST' . ((sizeof($post_id_list) == 1) ? '' : 'S'), $s_hidden_fields, 'mcp_approve.html'); confirm_box(false, strtoupper($action) . '_POST' . ((sizeof($post_id_list) == 1) ? '' : 'S'), $s_hidden_fields, 'mcp_approve.html');
} }
$redirect = request_var('redirect', "index.$phpEx"); $redirect = $request->variable('redirect', "index.$phpEx");
$redirect = reapply_sid($redirect); $redirect = reapply_sid($redirect);
if (!$success_msg) if (!$success_msg)
@ -696,7 +696,7 @@ class mcp_queue
trigger_error('NOT_AUTHORISED'); trigger_error('NOT_AUTHORISED');
} }
$redirect = request_var('redirect', build_url(array('quickmod'))); $redirect = $request->variable('redirect', build_url(array('quickmod')));
$success_msg = $topic_url = ''; $success_msg = $topic_url = '';
$approve_log = array(); $approve_log = array();
@ -806,7 +806,7 @@ class mcp_queue
confirm_box(false, strtoupper($action) . '_TOPIC' . ((sizeof($topic_id_list) == 1) ? '' : 'S'), $s_hidden_fields, 'mcp_approve.html'); confirm_box(false, strtoupper($action) . '_TOPIC' . ((sizeof($topic_id_list) == 1) ? '' : 'S'), $s_hidden_fields, 'mcp_approve.html');
} }
$redirect = request_var('redirect', "index.$phpEx"); $redirect = $request->variable('redirect', "index.$phpEx");
$redirect = reapply_sid($redirect); $redirect = reapply_sid($redirect);
if (!$success_msg) if (!$success_msg)
@ -852,17 +852,16 @@ class mcp_queue
static public function disapprove_posts($post_id_list, $id, $mode) static public function disapprove_posts($post_id_list, $id, $mode)
{ {
global $db, $template, $user, $config; global $db, $template, $user, $config;
global $phpEx, $phpbb_root_path; global $phpEx, $phpbb_root_path, $request;
global $request;
if (!check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_approve'))) if (!check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_approve')))
{ {
trigger_error('NOT_AUTHORISED'); trigger_error('NOT_AUTHORISED');
} }
$redirect = request_var('redirect', build_url(array('t', 'mode', 'quickmod')) . "&mode=$mode"); $redirect = $request->variable('redirect', build_url(array('t', 'mode', 'quickmod')) . "&mode=$mode");
$reason = utf8_normalize_nfc(request_var('reason', '', true)); $reason = $request->variable('reason', '', true);
$reason_id = request_var('reason_id', 0); $reason_id = $request->variable('reason_id', 0);
$success_msg = $additional_msg = ''; $success_msg = $additional_msg = '';
$s_hidden_fields = build_hidden_fields(array( $s_hidden_fields = build_hidden_fields(array(
@ -1097,7 +1096,7 @@ class mcp_queue
confirm_box(false, 'DISAPPROVE_POST' . ((sizeof($post_id_list) == 1) ? '' : 'S'), $s_hidden_fields, 'mcp_approve.html'); confirm_box(false, 'DISAPPROVE_POST' . ((sizeof($post_id_list) == 1) ? '' : 'S'), $s_hidden_fields, 'mcp_approve.html');
} }
$redirect = request_var('redirect', "index.$phpEx"); $redirect = $request->variable('redirect', "index.$phpEx");
$redirect = reapply_sid($redirect); $redirect = reapply_sid($redirect);
if (!$success_msg) if (!$success_msg)

6
phpBB/posting.php
View file

@ -35,7 +35,7 @@ $submit = (isset($_POST['post'])) ? true : false;
$preview = (isset($_POST['preview'])) ? true : false; $preview = (isset($_POST['preview'])) ? true : false;
$save = (isset($_POST['save'])) ? true : false; $save = (isset($_POST['save'])) ? true : false;
$load = (isset($_POST['load'])) ? true : false; $load = (isset($_POST['load'])) ? true : false;
$confirm = (isset($_POST['confirm'])) ? true : false; $confirm = $request->is_set_post('confirm');
$cancel = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false; $cancel = (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false;
$refresh = (isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['cancel_unglobalise']) || $save || $load || $preview); $refresh = (isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['cancel_unglobalise']) || $save || $load || $preview);
@ -328,7 +328,7 @@ if ($mode == 'delete' || $mode == 'soft_delete')
trigger_error('NO_POST'); trigger_error('NO_POST');
} }
$soft_delete_reason = ($mode == 'soft_delete' && $auth->acl_get('m_softdelete', $forum_id)) ? utf8_normalize_nfc(request_var('delete_reason', '', true)) : ''; $soft_delete_reason = ($mode == 'soft_delete' && $auth->acl_get('m_softdelete', $forum_id)) ? $request->variable('delete_reason', '', true) : '';
handle_post_delete($forum_id, $topic_id, $post_id, $post_data, ($mode == 'soft_delete'), $soft_delete_reason); handle_post_delete($forum_id, $topic_id, $post_id, $post_data, ($mode == 'soft_delete'), $soft_delete_reason);
return; return;
} }
@ -1119,7 +1119,7 @@ if ($submit || $preview || $refresh)
// Handle delete mode... // Handle delete mode...
if ($request->is_set_post('delete') || $request->is_set_post('delete_permanent')) if ($request->is_set_post('delete') || $request->is_set_post('delete_permanent'))
{ {
$soft_delete_reason = (!$request->is_set_post('delete_permanent') && $auth->acl_get('m_softdelete', $forum_id)) ? utf8_normalize_nfc(request_var('delete_reason', '', true)) : ''; $soft_delete_reason = (!$request->is_set_post('delete_permanent') && $auth->acl_get('m_softdelete', $forum_id)) ? $request->variable('delete_reason', '', true) : '';
handle_post_delete($forum_id, $topic_id, $post_id, $post_data, !$request->is_set_post('delete_permanent'), $soft_delete_reason); handle_post_delete($forum_id, $topic_id, $post_id, $post_data, !$request->is_set_post('delete_permanent'), $soft_delete_reason);
return; return;
} }