From: mchurch Date: Fri, 30 May 2008 17:22:24 +0000 (+0000) Subject: MDL-15058 - Removing usage of super globals and replacing them with optional_param... X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=79b8573591f9d405793fbdfab0c65b725eba1953;p=moodle.git MDL-15058 - Removing usage of super globals and replacing them with optional_param calls. --- diff --git a/mod/wiki/confirmlock.php b/mod/wiki/confirmlock.php index 45eeea7dda..8c4b5d0394 100644 --- a/mod/wiki/confirmlock.php +++ b/mod/wiki/confirmlock.php @@ -15,12 +15,13 @@ require_once("../../config.php"); header('Content-Type: text/plain'); -if(empty($_POST['lockid'])) { +$lockid = optional_param('lockid', 0, PARAM_INT); + +if($lockid == 0) { print 'noid'; exit; } -$lockid=(int)$_POST['lockid']; if($lock=get_record('wiki_locks','id',$lockid)) { $lock->lockedseen=time(); update_record('wiki_locks',$lock); diff --git a/mod/wiki/ewiki/ewiki.php b/mod/wiki/ewiki/ewiki.php index 4ba72c4ae8..cdd7846abc 100644 --- a/mod/wiki/ewiki/ewiki.php +++ b/mod/wiki/ewiki/ewiki.php @@ -479,21 +479,21 @@ function ewiki_page($id=false) { $o = ""; #-- selected page - if (!isset($_REQUEST)) { - $_REQUEST = @array_merge($_GET, $_POST); - } + $action = optional_param('action', EWIKI_DEFAULT_ACTION); + $content = optional_param('content', false); + $version = optional_param('version', false); + if (!strlen($id)) { $id = ewiki_id(); } $id = format_string($id,true); #-- page action - $action = EWIKI_DEFAULT_ACTION; if ($delim = strpos($id, EWIKI_ACTION_SEP_CHAR)) { $action = substr($id, 0, $delim); $id = substr($id, $delim + 1); } - elseif (EWIKI_USE_ACTION_PARAM && isset($_REQUEST["action"])) { - $action = $_REQUEST["action"]; + elseif (!EWIKI_USE_ACTION_PARAM) { + $action = EWIKI_DEFAULT_ACTION; } $GLOBALS["ewiki_id"] = $id; $GLOBALS["ewiki_title"] = ewiki_split_title($id); @@ -503,7 +503,7 @@ function ewiki_page($id=false) { $dquery = array( "id" => $id ); - if (!isset($_REQUEST["content"]) && ($dquery["version"] = @$_REQUEST["version"])) { + if (!$content && ($dquery["version"] = $version)) { $dquery["forced_version"] = $dquery["version"]; } $data = @array_merge($dquery, ewiki_database("GET", $dquery)); @@ -725,6 +725,8 @@ function ewiki_page_view($id, &$data, $action, $all=1) { global $ewiki_plugins, $ewiki_config; $o = ""; + $thanks = optional_param('thankyou', ''); + #-- render requested wiki page <-- goal !!! $render_args = array( "scan_links" => 1, @@ -750,7 +752,7 @@ function ewiki_page_view($id, &$data, $action, $all=1) { foreach ($pf_a as $n => $pf) { $pf($o, $id, $data, $action); } } - if (!empty($_REQUEST["thankyou"]) && $ewiki_config["edit_thank_you"]) { + if (!empty($thankyou) && $ewiki_config["edit_thank_you"]) { $o = ewiki_t("THANKSFORCONTRIBUTION") . $o; } @@ -773,10 +775,10 @@ function ewiki_page_view($id, &$data, $action, $all=1) { further whenever desired */ function ewiki_id() { - ($id = @$_REQUEST["id"]) or - ($id = @$_REQUEST["name"]) or - ($id = @$_REQUEST["page"]) or - ($id = @$_REQUEST["file"]) or + ($id = optional_param("id", '')) or + ($id = optional_param("name", '')) or + ($id = optional_param("page", '')) or + ($id = optional_param("file", '')) or (EWIKI_USE_PATH_INFO) and ($id = ltrim(@$_SERVER["PATH_INFO"], "/")) or (!isset($_REQUEST["id"])) and ($id = trim(strtok($_SERVER["QUERY_STRING"], "&"))); if (!strlen($id) || ($id=="id=")) { @@ -1092,9 +1094,10 @@ function ewiki_page_search($id, &$data, $action) { global $CFG; + $q = optional_param('q', ''); $o = ewiki_make_title($id, $id, 2, $action); - if (! ($q = @$_REQUEST["q"])) { + if ($q == '') { $o .= '
'; $o .= '
'; @@ -1146,6 +1149,9 @@ function ewiki_page_info($id, &$data, $action) { global $ewiki_plugins, $ewiki_config, $ewiki_links; global $CFG, $course; // MOODLE HACK + $pnum = optional_param(EWIKI_UP_PAGENUM, 0); + $pend = optional_param(EWIKI_UP_PAGEEND, 0); + $o = ewiki_make_title($id, ewiki_t("INFOABOUTPAGE")." '{$id}'", 2, $action,"", "_MAY_SPLIT=1"); $flagnames = array( @@ -1160,12 +1166,12 @@ function ewiki_page_info($id, &$data, $action) { #-- versions to show $v_start = $data["version"]; - if ( ($uu=@$_REQUEST[EWIKI_UP_PAGENUM]) && ($uu<=$v_start) ) { - $v_start = $uu; + if ( $pnum && ($pnum<=$v_start) ) { + $v_start = $pnum; } $v_end = $v_start - $ewiki_config["list_limit"] + 1; - if ( ($uu=@$_REQUEST[EWIKI_UP_PAGEEND]) && ($uu<=$v_start) ) { - $v_end = $uu; + if ( $pend && ($pend<=$v_start) ) { + $v_end = $pend; } $v_end = max($v_end, 1); @@ -1349,6 +1355,11 @@ function ewiki_page_edit($id, $data, $action) { global $ewiki_links, $ewiki_author, $ewiki_plugins, $ewiki_ring, $ewiki_errmsg; + $content = optional_param('content', ''); + $version = optional_param('version', ''); + $preview = optional_param('preview', false); + $save = optional_param('save', false); + $hidden_postdata = array(); #-- previous version come back @@ -1358,8 +1369,11 @@ function ewiki_page_edit($id, $data, $action) { $data["version"] = $current["version"]; unset($current); - unset($_REQUEST["content"]); - unset($_REQUEST["version"]); + /// Is this done for somewhere else? + $_REQUEST['content'] = $_POST['content'] = $_GET['content'] = null; + $_REQUEST['version'] = $_POST['version'] = $_GET['version'] = null; + $content = ''; + $version = ''; } #-- edit hacks @@ -1397,21 +1411,21 @@ function ewiki_page_edit($id, $data, $action) { $o = ewiki_make_title($id, ewiki_t("EDITTHISPAGE").(" '{$id}'"), 2, $action, "", "_MAY_SPLIT=1"); #-- preview - if (isset($_REQUEST["preview"])) { + if ($preview) { $o .= $ewiki_plugins["edit_preview"][0]($data); } #-- save - if (isset($_REQUEST["save"])) { + if ($save) { #-- normalize to UNIX newlines - $_REQUEST["content"] = str_replace("\015\012", "\012", $_REQUEST["content"]); - $_REQUEST["content"] = str_replace("\015", "\012", $_REQUEST["content"]); + $content = str_replace("\015\012", "\012", $content); + $content = str_replace("\015", "\012", $content); #-- check for concurrent version saving $error = 0; - if ((@$data["version"] >= 1) && ($data["version"] != @$_REQUEST["version"]) || (@$_REQUEST["version"] < 1)) { + if ((@$data["version"] >= 1) && ($data["version"] != $version) || ($version < 1)) { $pf = $ewiki_plugins["edit_patch"][0]; @@ -1436,7 +1450,7 @@ function ewiki_page_edit($id, $data, $action) { "id" => $id, "version" => @$data["version"] + 1, "flags" => $set_flags, - "content" => $_REQUEST["content"], + "content" => $content, "created" => ($uu=@$data["created"]) ? $uu : time(), "meta" => ($uu=@$data["meta"]) ? $uu : "", "hits" => ($uu=@$data["hits"]) ? $uu : "0", @@ -1518,13 +1532,16 @@ function ewiki_data_update(&$data, $author="") { function ewiki_page_edit_form(&$id, &$data, &$hidden_postdata) { global $ewiki_plugins, $ewiki_config, $moodle_format; + $content = optional_param('content', ''); + $version = optional_param('version', ''); + $o=''; #-- previously edited, or db fetched content - if (@$_REQUEST["content"] || @$_REQUEST["version"]) { + if ($content || $version) { $data = array( - "version" => &$_REQUEST["version"], - "content" => &$_REQUEST["content"] + "version" => $version, + "content" => $content ); } else { @@ -1636,7 +1653,7 @@ function ewiki_page_edit_form_final_imgupload(&$o, &$id, &$data, &$action) { function ewiki_page_edit_preview(&$data) { #### BEGIN MOODLE CHANGES global $moodle_format; - $preview_text=$GLOBALS["ewiki_plugins"]["render"][0]($_REQUEST["content"], 1, EWIKI_ALLOW_HTML || (@$data["flags"]&EWIKI_DB_F_HTML)); + $preview_text=$GLOBALS["ewiki_plugins"]["render"][0](optional_param("content", null), 1, EWIKI_ALLOW_HTML || (@$data["flags"]&EWIKI_DB_F_HTML)); return( '
' . "
" . "
" . ewiki_t("PREVIEW") . "

\n" @@ -2536,8 +2553,10 @@ function ewiki_binary($break=0) { global $ewiki_plugins; global $USER; // MOODLE + $id = optional_param(EWIKI_UP_BINARY, ''); + #-- reject calls - if (!strlen($id = @$_REQUEST[EWIKI_UP_BINARY]) || !EWIKI_IDF_INTERNAL) { + if (!strlen($id) || !EWIKI_IDF_INTERNAL) { return(false); } if (headers_sent()) die("ewiki-binary configuration error"); @@ -2571,7 +2590,8 @@ function ewiki_binary($break=0) { #-- auth only happens when enforced with _PROTECTED_MODE_XXL setting # (authentication for inline images in violation of the WWW spirit) if ((EWIKI_PROTECTED_MODE>=5) && !ewiki_auth($id, $data, "binary-{$do}")) { - return($_REQUEST["id"]="view/BinaryPermissionError"); + $_REQUEST['id'] = $_POST['id'] = $_GET['id'] = "view/BinaryPermissionError"; + return("view/BinaryPermissionError"); } #-- upload an image diff --git a/mod/wiki/ewiki/plugins/email_protect.php b/mod/wiki/ewiki/plugins/email_protect.php index 6604224a13..eaa77e0e1e 100644 --- a/mod/wiki/ewiki/plugins/email_protect.php +++ b/mod/wiki/ewiki/plugins/email_protect.php @@ -34,13 +34,13 @@ $ewiki_t["en"]["PROTE6"] = "the email address you've clicked on is:"; $ewiki_t["en"]["PROTE7"] = "spammers, please eat these:"; - $ewiki_t["de"]["PROTE0"] = "Geschützte EMail-Adresse"; - $ewiki_t["de"]["PROTE1"] = "Die EMail-Adresse, die du angeklickt hast, wird durch dieses Formular vor spambots (automatisierte Suchwerkzeuge, die das Netz zur Freude der MarketingMafia nach Adressen abgrasen) beschützt."; - $ewiki_t["de"]["PROTE2"] = "Die Seite, die du ändern willst, enthält momentan wenigstens eine EMail-Adresse. Um diese zu schützen müssen wir sicherstellen, daß kein Spambot an die Edit-Box kommt (weil dort die Adresse ja im Klartext steht)."; + $ewiki_t["de"]["PROTE0"] = "Gesch�tzte EMail-Adresse"; + $ewiki_t["de"]["PROTE1"] = "Die EMail-Adresse, die du angeklickt hast, wird durch dieses Formular vor spambots (automatisierte Suchwerkzeuge, die das Netz zur Freude der MarketingMafia nach Adressen abgrasen) besch�tzt."; + $ewiki_t["de"]["PROTE2"] = "Die Seite, die du �ndern willst, enth�lt momentan wenigstens eine EMail-Adresse. Um diese zu sch�tzen m�ssen wir sicherstellen, da� kein Spambot an die Edit-Box kommt (weil dort die Adresse ja im Klartext steht)."; $ewiki_t["de"]["PROTE4"] = "Ich bin wirklich kein Spambot!"; $ewiki_t["de"]["PROTE5"] = "noch mehr fingierte Adressen anzeigen"; $ewiki_t["de"]["PROTE6"] = "die EMail-Adresse die du angeklickt hast lautet:"; - $ewiki_t["de"]["PROTE7"] = "Liebe Spammer, bitte freßt das:"; + $ewiki_t["de"]["PROTE7"] = "Liebe Spammer, bitte fre�t das:"; #-- plugin glue $ewiki_plugins["link_url"][] = "ewiki_email_protect_link"; @@ -85,9 +85,11 @@ */ function ewiki_email_protect_edit_hook($id, &$data, &$hidden_postdata) { + $ewiki_up_nospambot = optional_param(EWIKI_UP_NOSPAMBOT, null); + $hidden_postdata[EWIKI_UP_NOSPAMBOT] = 1; - if (empty($_REQUEST[EWIKI_UP_NOSPAMBOT]) + if (empty($ewiki_up_nospambot ) && strpos($data["content"], "@") && preg_match('/\w\w@([-\w]+\.)+\w\w/', $data["content"]) ) { @@ -96,7 +98,7 @@ return($o); } - if (!empty($_POST[EWIKI_UP_NOSPAMBOT]) && empty($_COOKIE[EWIKI_UP_NOSPAMBOT]) && EWIKI_HTTP_HEADERS) { + if (!empty($ewiki_up_nospambot) && empty($_COOKIE[EWIKI_UP_NOSPAMBOT]) && EWIKI_HTTP_HEADERS) { setcookie(EWIKI_UP_NOSPAMBOT, "grant_access", time()+7*24*3600, "/"); } @@ -110,11 +112,14 @@ */ function ewiki_email_protect_form($id, $data=0, $action=0, $text="PROTE1", $url="") { - if ($url || ($email = @$_REQUEST[EWIKI_UP_ENCEMAIL])) { + $ewiki_up_encemail = optional_param(EWIKI_UP_ENCEMAIL, null); + $ewiki_up_nospambot = optional_param(EWIKI_UP_NOSPAMBOT, null); + + if ($url || ($email = $ewiki_up_encemail)) { $html = "

" . ewiki_t("PROTE0") . "

\n"; - if (empty($_REQUEST[EWIKI_UP_NOSPAMBOT])) { #// from GET,POST,COOKIE + if (empty($ewiki_up_nospambot)) { #// from GET,POST,COOKIE (empty($url)) and ($url = ewiki_script("", EWIKI_PAGE_EMAIL)); @@ -172,7 +177,7 @@ while (($rd = strrpos($string, ".")) > strpos($string, "@")) { $string = substr($string, 0, $rd); } - $string = strtr($string, "@.-_", "»·±¯"); + $string = strtr($string, "@.-_", "����"); break; case 1: // encode @@ -230,6 +235,8 @@ global $ewiki_config; + $ewiki_up_requestlv = optional_param(EWIKI_UP_REQUESTLV, 0); + $html = ""; srand(time()/17-1000*microtime()); @@ -276,7 +283,7 @@ $html .= ''.$traps[rand(0, $n_trp)].''; - if (($rl = 1 + @$_REQUEST[EWIKI_UP_REQUESTLV]) < EWIKI_FAKE_EMAIL_LOOP) { + if (($rl = 1 + $ewiki_up_requestlv) < EWIKI_FAKE_EMAIL_LOOP) { $html .= ",\n" . '
$id))); } diff --git a/mod/wiki/ewiki/plugins/moodle/downloads.php b/mod/wiki/ewiki/plugins/moodle/downloads.php index 6e3cc41e0a..9f4ef3530e 100644 --- a/mod/wiki/ewiki/plugins/moodle/downloads.php +++ b/mod/wiki/ewiki/plugins/moodle/downloads.php @@ -116,7 +116,7 @@ function ewiki_page_fileupload($id, $data, $action, $def_sec="") { } if (count($ewiki_upload_sections) > 1) { if (empty($def_sec)) { - $def_sec = $_REQUEST["section"]; + $def_sec = optional_param('section', ''); } $o .= ''.ewiki_t("UPL_INSECT").'
\n". + ' \n". " \n". " \n"; } $ret.=" \n". ' '.get_string("withvirtualpages","wiki").":\n". " \n". - ' \n". + ' \n". " \n". " \n"; $exportformats=array( "0" => get_string("plaintext","wiki") , "1" => get_string("html","wiki")); @@ -105,7 +109,7 @@ function moodle_ewiki_page_wiki_dump($id=0, $data=0, $action=0) { ' '.get_string("exportformats","wiki").":\n". " \n"; if($wiki->htmlmode!=2) { - $ret.= choose_from_menu($exportformats, "exportformats", $_REQUEST["exportformats"], "", "", "", true)."\n"; + $ret.= choose_from_menu($exportformats, "exportformats", $exportformatval, "", "", "", true)."\n"; } else { $ret.= ''. get_string("html","wiki"); @@ -129,7 +133,7 @@ function moodle_ewiki_page_wiki_dump($id=0, $data=0, $action=0) { if(count($exportdestinations)==1) { $ret.=''.$exportdestinations[0]."\n"; } else { - $ret.=choose_from_menu($exportdestinations, "exportdestinations", $_REQUEST["exportdestinations"], "", "", "", true)."\n"; + $ret.=choose_from_menu($exportdestinations, "exportdestinations", $exportdestinationsval, "", "", "", true)."\n"; } $ret.=" \n". " \n". diff --git a/mod/wiki/ewiki/plugins/notify.php b/mod/wiki/ewiki/plugins/notify.php index 7992c3886e..7e245b7b9d 100644 --- a/mod/wiki/ewiki/plugins/notify.php +++ b/mod/wiki/ewiki/plugins/notify.php @@ -46,17 +46,17 @@ _END_OF_STRING; #-- translation.de -$ewiki_t["de"]["NOTIFY_SUBJECT"] = '"$id" wurde geändert [notify:...]'; +$ewiki_t["de"]["NOTIFY_SUBJECT"] = '"$id" wurde ge�ndert [notify:...]'; $ewiki_t["de"]["NOTIFY_BODY"] = <<<_END_OF_STRING Hi, -Eine WikiSeite hat sich geändert, und du wolltest ja unbedingt wissen, -wenn das passiert. Die geänderte Seite war '\$id' und +Eine WikiSeite hat sich ge�ndert, und du wolltest ja unbedingt wissen, +wenn das passiert. Die ge�nderte Seite war '\$id' und ist leicht zu finden unter folgender URL: \$link Wenn du diese Benachrichtigungen nicht mehr bekommen willst, solltest du -deine [notify:...]-Adresse aus der entsprechenden Edit-Box herauslöschen: +deine [notify:...]-Adresse aus der entsprechenden Edit-Box herausl�schen: \$edit_link (\$wiki_title auf http://\$server/) @@ -72,9 +72,12 @@ _END_OF_STRING; function ewiki_notify_edit_hook($id, $data, &$hidden_postdata) { global $ewiki_t, $ewiki_plugins; + + $content = optional_param('content', ''); $ret_err = 0; + $save = optional_param('save', false); - if (!isset($_REQUEST["save"])) { + if ($save === false) { return(false); } @@ -90,12 +93,12 @@ function ewiki_notify_edit_hook($id, $data, &$hidden_postdata) { #-- save page versions temporarily as files $fn1 = EWIKI_TMP."/ewiki.tmp.notify.diff.".md5($data["content"]); - $fn2 = EWIKI_TMP."/ewiki.tmp.notify.diff.".md5($_REQUEST["content"]); + $fn2 = EWIKI_TMP."/ewiki.tmp.notify.diff.".md5($content); $f = fopen($fn1, "w"); fwrite($f, $data["content"]); fclose($f); $f = fopen($fn2, "w"); - fwrite($f, $_REQUEST["content"]); + fwrite($f, $content); fclose($f); #-- set mtime of the old one (GNU diff will report it) touch($fn1, $data["lastmodified"]); diff --git a/mod/wiki/ewiki/plugins/patchsaving.php b/mod/wiki/ewiki/plugins/patchsaving.php index 9cec59c524..6b1b0f5345 100644 --- a/mod/wiki/ewiki/plugins/patchsaving.php +++ b/mod/wiki/ewiki/plugins/patchsaving.php @@ -19,19 +19,22 @@ if (function_exists("is_executable") && is_executable(EWIKI_BIN_PATCH) && is_exe function ewiki_edit_patch($id, &$data) { + $version = optional_param('version', null); + $content = optional_param('content', ''); + $r = false; $base = ewiki_database( "GET", - array("id"=>$id, "version"=>$_REQUEST["version"]) + array("id"=>$id, "version"=>$version) ); if (!$base) { return(false); } $fn_base = EWIKI_TMP."/ewiki.base.".md5($base["content"]); - $fn_requ = EWIKI_TMP."/ewiki..requ.".md5($_REQUEST["content"]); - $fn_patch = EWIKI_TMP."/ewiki.patch.".md5($base["content"])."-".md5($_REQUEST["content"]); + $fn_requ = EWIKI_TMP."/ewiki..requ.".md5($content); + $fn_patch = EWIKI_TMP."/ewiki.patch.".md5($base["content"])."-".md5($content); $fn_curr = EWIKI_TMP."/ewiki.curr.".md5($data["content"]); if ($f = fopen($fn_base, "w")) { @@ -43,7 +46,7 @@ function ewiki_edit_patch($id, &$data) { } if ($f = fopen($fn_requ, "w")) { - fwrite($f, $_REQUEST["content"]); + fwrite($f, $content); fclose($f); } else { @@ -67,8 +70,9 @@ function ewiki_edit_patch($id, &$data) { exec("patch $fn_curr $fn_patch", $output, $retval); if (!$retval) { - $_REQUEST["version"] = $curr["version"]; - $_REQUEST["content"] = implode("", file($fn_curr)); + /// mrc - ?? what is $curr supposed to be ?? + $_REQUEST["version"] = $_POST["version"] = $_GET["version"] = $curr["version"]; + $_REQUEST["content"] = $_POST["content"] = $_GET["content"] = implode("", file($fn_curr)); $r = true; }