diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php
index 496b2f1a152590e453590041f0fb537d216cadd0..9989269cfcd0bc7a74721fc3f66c7fba7ce8c6cd 100644
--- a/lib/exe/ajax.php
+++ b/lib/exe/ajax.php
@@ -14,10 +14,10 @@ session_write_close();
header('Content-Type: text/html; charset=utf-8');
//call the requested function
-if(isset($_POST['call'])){
- $call = $_POST['call'];
-}else if(isset($_GET['call'])){
- $call = $_GET['call'];
+if($INPUT->post->has('call')){
+ $call = $INPUT->post->str('call');
+}else if($INPUT->get->has('call')){
+ $call = $INPUT->get->str('call');
}else{
exit;
}
@@ -43,9 +43,10 @@ if(function_exists($callfn)){
function ajax_qsearch(){
global $conf;
global $lang;
+ global $INPUT;
- $query = $_POST['q'];
- if(empty($query)) $query = $_GET['q'];
+ $query = $INPUT->post->str('q');
+ if(empty($query)) $query = $INPUT->get->str('q');
if(empty($query)) return;
$query = urldecode($query);
@@ -81,9 +82,10 @@ function ajax_qsearch(){
function ajax_suggestions() {
global $conf;
global $lang;
+ global $INPUT;
- $query = cleanID($_POST['q']);
- if(empty($query)) $query = cleanID($_GET['q']);
+ $query = cleanID($INPUT->post->str('q'));
+ if(empty($query)) $query = cleanID($INPUT->get->str('q'));
if(empty($query)) return;
$data = array();
@@ -121,8 +123,9 @@ function ajax_lock(){
global $lang;
global $ID;
global $INFO;
+ global $INPUT;
- $ID = cleanID($_POST['id']);
+ $ID = cleanID($INPUT->post->str('id'));
if(empty($ID)) return;
$INFO = pageinfo();
@@ -137,15 +140,15 @@ function ajax_lock(){
echo 1;
}
- if($conf['usedraft'] && $_POST['wikitext']){
+ if($conf['usedraft'] && $INPUT->post->str('wikitext')){
$client = $_SERVER['REMOTE_USER'];
if(!$client) $client = clientIP(true);
$draft = array('id' => $ID,
- 'prefix' => substr($_POST['prefix'], 0, -1),
- 'text' => $_POST['wikitext'],
- 'suffix' => $_POST['suffix'],
- 'date' => (int) $_POST['date'],
+ 'prefix' => substr($INPUT->post->str('prefix'), 0, -1),
+ 'text' => $INPUT->post->str('wikitext'),
+ 'suffix' => $INPUT->post->str('suffix'),
+ 'date' => $INPUT->post->int('date'),
'client' => $client,
);
$cname = getCacheName($draft['client'].$ID,'.draft');
@@ -180,9 +183,10 @@ function ajax_draftdel(){
*/
function ajax_medians(){
global $conf;
+ global $INPUT;
// wanted namespace
- $ns = cleanID($_POST['ns']);
+ $ns = cleanID($INPUT->post->str('ns'));
$dir = utf8_encodeFN(str_replace(':','/',$ns));
$lvl = count(explode(':',$ns));
@@ -203,9 +207,10 @@ function ajax_medians(){
function ajax_medialist(){
global $conf;
global $NS;
+ global $INPUT;
- $NS = cleanID($_POST['ns']);
- if ($_POST['do'] == 'media') {
+ $NS = cleanID($INPUT->post->str('ns'));
+ if ($INPUT->post->str('do') == 'media') {
tpl_mediaFileList();
} else {
tpl_mediaContent(true);
@@ -241,7 +246,7 @@ function ajax_mediadiff(){
global $INPUT;
if ($INPUT->has('image')) $image = cleanID($INPUT->str('image'));
- $NS = $_POST['ns'];
+ $NS = $INPUT->post->str('ns');
$auth = auth_quickaclcheck("$NS:*");
media_diff($image, $NS, $auth, true);
}
@@ -310,9 +315,10 @@ function dir_delete($path) {
*/
function ajax_index(){
global $conf;
+ global $INPUT;
// wanted namespace
- $ns = cleanID($_POST['idx']);
+ $ns = cleanID($INPUT->post->str('idx'));
$dir = utf8_encodeFN(str_replace(':','/',$ns));
$lvl = count(explode(':',$ns));
@@ -333,8 +339,9 @@ function ajax_index(){
function ajax_linkwiz(){
global $conf;
global $lang;
+ global $INPUT;
- $q = ltrim(trim($_POST['q']),':');
+ $q = ltrim(trim($INPUT->post->str('q')),':');
$id = noNS($q);
$ns = getNS($q);