From 585bf44e2b756eac2e1cfce7035ef237bc02a788 Mon Sep 17 00:00:00 2001
From: Christopher Smith <chris@jalakai.co.uk>
Date: Thu, 6 Mar 2014 19:55:56 +0000
Subject: [PATCH] amend $_SERVER to $INPUT->server
---
inc/Mailer.class.php | 15 ++++---
inc/actions.php | 27 ++++++++----
inc/auth.php | 54 +++++++++++++++--------
inc/changelog.php | 8 +++-
inc/common.php | 102 ++++++++++++++++++++++++++++++-------------
inc/infoutils.php | 9 +++-
inc/init.php | 4 ++
inc/mail.php | 9 ++--
inc/pageutils.php | 21 ++++-----
inc/remote.php | 5 ++-
inc/subscription.php | 18 +++++---
inc/template.php | 39 ++++++++++++-----
inc/toolbar.php | 4 +-
13 files changed, 213 insertions(+), 102 deletions(-)
diff --git a/inc/Mailer.class.php b/inc/Mailer.class.php
index e32178bba..e90b45f99 100644
--- a/inc/Mailer.class.php
+++ b/inc/Mailer.class.php
@@ -39,6 +39,8 @@ class Mailer {
*/
public function __construct() {
global $conf;
+ /* @var Input $INPUT */
+ global $INPUT;
$server = parse_url(DOKU_URL, PHP_URL_HOST);
if(strpos($server,'.') === false) $server = $server.'.localhost';
@@ -53,7 +55,7 @@ class Mailer {
// add some default headers for mailfiltering FS#2247
$this->setHeader('X-Mailer', 'DokuWiki');
- $this->setHeader('X-DokuWiki-User', $_SERVER['REMOTE_USER']);
+ $this->setHeader('X-DokuWiki-User', $INPUT->server->str('REMOTE_USER'));
$this->setHeader('X-DokuWiki-Title', $conf['title']);
$this->setHeader('X-DokuWiki-Server', $server);
$this->setHeader('X-Auto-Response-Suppress', 'OOF');
@@ -181,6 +183,9 @@ class Mailer {
public function setBody($text, $textrep = null, $htmlrep = null, $html = null, $wrap = true) {
global $INFO;
global $conf;
+ /* @var Input $INPUT */
+ global $INPUT;
+
$htmlrep = (array)$htmlrep;
$textrep = (array)$textrep;
@@ -218,24 +223,24 @@ class Mailer {
$cip = gethostsbyaddrs($ip);
$trep = array(
'DATE' => dformat(),
- 'BROWSER' => $_SERVER['HTTP_USER_AGENT'],
+ 'BROWSER' => $INPUT->server->str('HTTP_USER_AGENT'),
'IPADDRESS' => $ip,
'HOSTNAME' => $cip,
'TITLE' => $conf['title'],
'DOKUWIKIURL' => DOKU_URL,
- 'USER' => $_SERVER['REMOTE_USER'],
+ 'USER' => $INPUT->server->str('REMOTE_USER'),
'NAME' => $INFO['userinfo']['name'],
'MAIL' => $INFO['userinfo']['mail'],
);
$trep = array_merge($trep, (array)$textrep);
$hrep = array(
'DATE' => '<i>'.hsc(dformat()).'</i>',
- 'BROWSER' => hsc($_SERVER['HTTP_USER_AGENT']),
+ 'BROWSER' => hsc($INPUT->server->str('HTTP_USER_AGENT')),
'IPADDRESS' => '<code>'.hsc($ip).'</code>',
'HOSTNAME' => '<code>'.hsc($cip).'</code>',
'TITLE' => hsc($conf['title']),
'DOKUWIKIURL' => '<a href="'.DOKU_URL.'">'.DOKU_URL.'</a>',
- 'USER' => hsc($_SERVER['REMOTE_USER']),
+ 'USER' => hsc($INPUT->server->str('REMOTE_USER')),
'NAME' => hsc($INFO['userinfo']['name']),
'MAIL' => '<a href="mailto:"'.hsc($INFO['userinfo']['mail']).'">'.
hsc($INFO['userinfo']['mail']).'</a>',
diff --git a/inc/actions.php b/inc/actions.php
index 240dce59a..ef09a0dc7 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -20,6 +20,7 @@ function act_dispatch(){
global $ID;
global $INFO;
global $QUERY;
+ /* @var Input $INPUT */
global $INPUT;
global $lang;
global $conf;
@@ -94,7 +95,7 @@ function act_dispatch(){
// user profile changes
if (in_array($ACT, array('profile','profile_delete'))) {
- if(!$_SERVER['REMOTE_USER']) {
+ if(!$INPUT->server->str('REMOTE_USER')) {
$ACT = 'login';
} else {
switch ($ACT) {
@@ -190,7 +191,7 @@ function act_dispatch(){
unset($evt);
// when action 'show', the intial not 'show' and POST, do a redirect
- if($ACT == 'show' && $preact != 'show' && strtolower($_SERVER['REQUEST_METHOD']) == 'post'){
+ if($ACT == 'show' && $preact != 'show' && strtolower($INPUT->server->str('REQUEST_METHOD')) == 'post'){
act_redirect($ID,$preact);
}
@@ -414,6 +415,8 @@ function act_revert($act){
global $ID;
global $REV;
global $lang;
+ /* @var Input $INPUT */
+ global $INPUT;
// FIXME $INFO['writable'] currently refers to the attic version
// global $INFO;
// if (!$INFO['writable']) {
@@ -445,7 +448,7 @@ function act_revert($act){
session_write_close();
// when done, show current page
- $_SERVER['REQUEST_METHOD'] = 'post'; //should force a redirect
+ $INPUT->server->set('REQUEST_METHOD','post'); //should force a redirect
$REV = '';
return 'show';
}
@@ -493,17 +496,20 @@ function act_redirect_execute($opts){
function act_auth($act){
global $ID;
global $INFO;
+ /* @var Input $INPUT */
+ global $INPUT;
//already logged in?
- if(isset($_SERVER['REMOTE_USER']) && $act=='login'){
+ if($INPUT->server->has('REMOTE_USER') && $act=='login'){
return 'show';
}
//handle logout
if($act=='logout'){
$lockedby = checklock($ID); //page still locked?
- if($lockedby == $_SERVER['REMOTE_USER'])
+ if($lockedby == $INPUT->server->str('REMOTE_USER')){
unlock($ID); //try to unlock
+ }
// do the logout stuff
auth_logoff();
@@ -719,10 +725,11 @@ function act_subscription($act){
global $lang;
global $INFO;
global $ID;
+ /* @var Input $INPUT */
global $INPUT;
// subcriptions work for logged in users only
- if(!$_SERVER['REMOTE_USER']) return 'show';
+ if(!$INPUT->server->str('REMOTE_USER')) return 'show';
// get and preprocess data.
$params = array();
@@ -745,9 +752,9 @@ function act_subscription($act){
// Perform action.
$sub = new Subscription();
if($action == 'unsubscribe'){
- $ok = $sub->remove($target, $_SERVER['REMOTE_USER'], $style);
+ $ok = $sub->remove($target, $INPUT->server->str('REMOTE_USER'), $style);
}else{
- $ok = $sub->add($target, $_SERVER['REMOTE_USER'], $style);
+ $ok = $sub->add($target, $INPUT->server->str('REMOTE_USER'), $style);
}
if($ok) {
@@ -776,6 +783,8 @@ function act_subscription($act){
function subscription_handle_post(&$params) {
global $INFO;
global $lang;
+ /* @var Input $INPUT */
+ global $INPUT;
// Get and validate parameters.
if (!isset($params['target'])) {
@@ -806,7 +815,7 @@ function subscription_handle_post(&$params) {
}
if ($is === false) {
throw new Exception(sprintf($lang['subscr_not_subscribed'],
- $_SERVER['REMOTE_USER'],
+ $INPUT->server->str('REMOTE_USER'),
prettyprint_id($target)));
}
// subscription_set deletes a subscription if style = null.
diff --git a/inc/auth.php b/inc/auth.php
index e44e837a7..2bdc3eb00 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -131,6 +131,8 @@ function auth_setup() {
function auth_loadACL() {
global $config_cascade;
global $USERINFO;
+ /* @var Input $INPUT */
+ global $INPUT;
if(!is_readable($config_cascade['acl']['default'])) return array();
@@ -145,10 +147,10 @@ function auth_loadACL() {
// substitute user wildcard first (its 1:1)
if(strstr($line, '%USER%')){
// if user is not logged in, this ACL line is meaningless - skip it
- if (!isset($_SERVER['REMOTE_USER'])) continue;
+ if (!$INPUT->server->has('REMOTE_USER')) continue;
- $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id);
- $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest);
+ $id = str_replace('%USER%',cleanID($INPUT->server->str('REMOTE_USER')),$id);
+ $rest = str_replace('%USER%',auth_nameencode($INPUT->server->str('REMOTE_USER')),$rest);
}
// substitute group wildcard (its 1:m)
@@ -217,6 +219,8 @@ function auth_login($user, $pass, $sticky = false, $silent = false) {
global $lang;
/* @var DokuWiki_Auth_Plugin $auth */
global $auth;
+ /* @var Input $INPUT */
+ global $INPUT;
$sticky ? $sticky = true : $sticky = false; //sanity check
@@ -226,7 +230,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) {
//usual login
if($auth->checkPass($user, $pass)) {
// make logininfo globally available
- $_SERVER['REMOTE_USER'] = $user;
+ $INPUT->server->set('REMOTE_USER', $user);
$secret = auth_cookiesalt(!$sticky, true); //bind non-sticky to session
auth_setCookie($user, auth_encrypt($pass, $secret), $sticky);
return true;
@@ -253,7 +257,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) {
) {
// he has session, cookie and browser right - let him in
- $_SERVER['REMOTE_USER'] = $user;
+ $INPUT->server->set('REMOTE_USER', $user);
$USERINFO = $session['info']; //FIXME move all references to session
return true;
}
@@ -288,7 +292,10 @@ function auth_validateToken($token) {
}
// still here? trust the session data
global $USERINFO;
- $_SERVER['REMOTE_USER'] = $_SESSION[DOKU_COOKIE]['auth']['user'];
+ /* @var Input $INPUT */
+ global $INPUT;
+
+ $INPUT->server->set('REMOTE_USER',$_SESSION[DOKU_COOKIE]['auth']['user']);
$USERINFO = $_SESSION[DOKU_COOKIE]['auth']['info'];
return true;
}
@@ -321,11 +328,14 @@ function auth_createToken() {
* @return string a MD5 sum of various browser headers
*/
function auth_browseruid() {
+ /* @var Input $INPUT */
+ global $INPUT;
+
$ip = clientIP(true);
$uid = '';
- $uid .= $_SERVER['HTTP_USER_AGENT'];
- $uid .= $_SERVER['HTTP_ACCEPT_ENCODING'];
- $uid .= @$_SERVER['HTTP_ACCEPT_CHARSET'];
+ $uid .= $INPUT->server->str('HTTP_USER_AGENT');
+ $uid .= $INPUT->server->str('HTTP_ACCEPT_ENCODING');
+ $uid .= $INPUT->server->str('HTTP_ACCEPT_CHARSET');
$uid .= substr($ip, 0, strpos($ip, '.'));
$uid = strtolower($uid);
return md5($uid);
@@ -511,6 +521,8 @@ function auth_logoff($keepbc = false) {
global $USERINFO;
/* @var DokuWiki_Auth_Plugin $auth */
global $auth;
+ /* @var Input $INPUT */
+ global $INPUT;
// make sure the session is writable (it usually is)
@session_start();
@@ -523,8 +535,7 @@ function auth_logoff($keepbc = false) {
unset($_SESSION[DOKU_COOKIE]['auth']['info']);
if(!$keepbc && isset($_SESSION[DOKU_COOKIE]['bc']))
unset($_SESSION[DOKU_COOKIE]['bc']);
- if(isset($_SERVER['REMOTE_USER']))
- unset($_SERVER['REMOTE_USER']);
+ $INPUT->server->remove('REMOTE_USER');
$USERINFO = null; //FIXME
$cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir'];
@@ -553,13 +564,16 @@ function auth_ismanager($user = null, $groups = null, $adminonly = false) {
global $USERINFO;
/* @var DokuWiki_Auth_Plugin $auth */
global $auth;
+ /* @var Input $INPUT */
+ global $INPUT;
+
if(!$auth) return false;
if(is_null($user)) {
- if(!isset($_SERVER['REMOTE_USER'])) {
+ if(!$INPUT->server->has('REMOTE_USER')) {
return false;
} else {
- $user = $_SERVER['REMOTE_USER'];
+ $user = $INPUT->server->str('REMOTE_USER');
}
}
if(is_null($groups)) {
@@ -651,9 +665,11 @@ function auth_isMember($memberlist, $user, array $groups) {
function auth_quickaclcheck($id) {
global $conf;
global $USERINFO;
+ /* @var Input $INPUT */
+ global $INPUT;
# if no ACL is used always return upload rights
if(!$conf['useacl']) return AUTH_UPLOAD;
- return auth_aclcheck($id, $_SERVER['REMOTE_USER'], $USERINFO['grps']);
+ return auth_aclcheck($id, $INPUT->server->str('REMOTE_USER'), $USERINFO['grps']);
}
/**
@@ -1058,18 +1074,18 @@ function updateprofile() {
}
if($conf['profileconfirm']) {
- if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) {
+ if(!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) {
msg($lang['badpassconfirm'], -1);
return false;
}
}
- if($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) {
+ if($result = $auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), $changes))) {
// update cookie and session with the changed data
if($changes['pass']) {
list( /*user*/, $sticky, /*pass*/) = auth_getCookie();
$pass = auth_encrypt($changes['pass'], auth_cookiesalt(!$sticky, true));
- auth_setCookie($_SERVER['REMOTE_USER'], $pass, (bool) $sticky);
+ auth_setCookie($INPUT->server->str('REMOTE_USER'), $pass, (bool) $sticky);
}
return true;
}
@@ -1105,13 +1121,13 @@ function auth_deleteprofile(){
}
if($conf['profileconfirm']) {
- if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) {
+ if(!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) {
msg($lang['badpassconfirm'], -1);
return false;
}
}
- $deleted[] = $_SERVER['REMOTE_USER'];
+ $deleted[] = $INPUT->server->str('REMOTE_USER');
if($auth->triggerUserMod('delete', array($deleted))) {
// force and immediate logout including removing the sticky cookie
auth_logoff();
diff --git a/inc/changelog.php b/inc/changelog.php
index 6ff1e0eca..cd46b1ec0 100644
--- a/inc/changelog.php
+++ b/inc/changelog.php
@@ -52,6 +52,8 @@ function parseChangelogLine($line) {
*/
function addLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extra='', $flags=null){
global $conf, $INFO;
+ /** @var Input $INPUT */
+ global $INPUT;
// check for special flags as keys
if (!is_array($flags)) { $flags = array(); }
@@ -65,7 +67,7 @@ function addLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extr
if(!$date) $date = time(); //use current time if none supplied
$remote = (!$flagExternalEdit)?clientIP(true):'127.0.0.1';
- $user = (!$flagExternalEdit)?$_SERVER['REMOTE_USER']:'';
+ $user = (!$flagExternalEdit)?$INPUT->server->str('REMOTE_USER'):'';
$strip = array("\t", "\n");
$logline = array(
@@ -117,12 +119,14 @@ function addLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extr
*/
function addMediaLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extra='', $flags=null){
global $conf;
+ /** @var Input $INPUT */
+ global $INPUT;
$id = cleanid($id);
if(!$date) $date = time(); //use current time if none supplied
$remote = clientIP(true);
- $user = $_SERVER['REMOTE_USER'];
+ $user = $INPUT->server->str('REMOTE_USER');
$strip = array("\t", "\n");
$logline = array(
diff --git a/inc/common.php b/inc/common.php
index 6aad42bd1..9fbebde94 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -56,15 +56,18 @@ function stripctl($string) {
* @return string
*/
function getSecurityToken() {
- return PassHash::hmac('md5', session_id().$_SERVER['REMOTE_USER'], auth_cookiesalt());
+ /** @var Input $INPUT */
+ global $INPUT;
+ return PassHash::hmac('md5', session_id().$INPUT->server->str('REMOTE_USER'), auth_cookiesalt());
}
/**
* Check the secret CSRF token
*/
function checkSecurityToken($token = null) {
+ /** @var Input $INPUT */
global $INPUT;
- if(empty($_SERVER['REMOTE_USER'])) return true; // no logged in user, no need for a check
+ if(!$INPUT->server->str('REMOTE_USER')) return true; // no logged in user, no need for a check
if(is_null($token)) $token = $INPUT->str('sectok');
if(getSecurityToken() != $token) {
@@ -93,14 +96,16 @@ function formSecurityToken($print = true) {
*/
function basicinfo($id, $htmlClient=true){
global $USERINFO;
+ /* @var Input $INPUT */
+ global $INPUT;
// set info about manager/admin status.
$info['isadmin'] = false;
$info['ismanager'] = false;
- if(isset($_SERVER['REMOTE_USER'])) {
+ if($INPUT->server->has('REMOTE_USER')) {
$info['userinfo'] = $USERINFO;
$info['perm'] = auth_quickaclcheck($id);
- $info['client'] = $_SERVER['REMOTE_USER'];
+ $info['client'] = $INPUT->server->str('REMOTE_USER');
if($info['perm'] == AUTH_ADMIN) {
$info['isadmin'] = true;
@@ -111,7 +116,7 @@ function basicinfo($id, $htmlClient=true){
// if some outside auth were used only REMOTE_USER is set
if(!$info['userinfo']['name']) {
- $info['userinfo']['name'] = $_SERVER['REMOTE_USER'];
+ $info['userinfo']['name'] = $INPUT->server->str('REMOTE_USER');
}
} else {
@@ -140,6 +145,8 @@ function pageinfo() {
global $REV;
global $RANGE;
global $lang;
+ /* @var Input $INPUT */
+ global $INPUT;
$info = basicinfo($ID);
@@ -148,7 +155,7 @@ function pageinfo() {
$info['id'] = $ID;
$info['rev'] = $REV;
- if(isset($_SERVER['REMOTE_USER'])) {
+ if($INPUT->server->has('REMOTE_USER')) {
$sub = new Subscription();
$info['subscribed'] = $sub->user_subscription();
} else {
@@ -356,11 +363,14 @@ function breadcrumbs() {
*/
function idfilter($id, $ue = true) {
global $conf;
+ /* @var Input $INPUT */
+ global $INPUT;
+
if($conf['useslash'] && $conf['userewrite']) {
$id = strtr($id, ':', '/');
} elseif(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' &&
$conf['userewrite'] &&
- strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') === false
+ strpos($INPUT->server->str('SERVER_SOFTWARE'), 'Microsoft-IIS') === false
) {
$id = strtr($id, ':', ';');
}
@@ -588,6 +598,8 @@ function checkwordblock($text = '') {
global $SUM;
global $conf;
global $INFO;
+ /* @var Input $INPUT */
+ global $INPUT;
if(!$conf['usewordblock']) return false;
@@ -620,9 +632,9 @@ function checkwordblock($text = '') {
if(count($re) && preg_match('#('.join('|', $re).')#si', $text, $matches)) {
// prepare event data
$data['matches'] = $matches;
- $data['userinfo']['ip'] = $_SERVER['REMOTE_ADDR'];
- if($_SERVER['REMOTE_USER']) {
- $data['userinfo']['user'] = $_SERVER['REMOTE_USER'];
+ $data['userinfo']['ip'] = $INPUT->server->str('REMOTE_ADDR');
+ if($INPUT->server->str('REMOTE_USER')) {
+ $data['userinfo']['user'] = $INPUT->server->str('REMOTE_USER');
$data['userinfo']['name'] = $INFO['userinfo']['name'];
$data['userinfo']['mail'] = $INFO['userinfo']['mail'];
}
@@ -648,12 +660,17 @@ function checkwordblock($text = '') {
* @return string
*/
function clientIP($single = false) {
+ /* @var Input $INPUT */
+ global $INPUT;
+
$ip = array();
- $ip[] = $_SERVER['REMOTE_ADDR'];
- if(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
- $ip = array_merge($ip, explode(',', str_replace(' ', '', $_SERVER['HTTP_X_FORWARDED_FOR'])));
- if(!empty($_SERVER['HTTP_X_REAL_IP']))
- $ip = array_merge($ip, explode(',', str_replace(' ', '', $_SERVER['HTTP_X_REAL_IP'])));
+ $ip[] = $INPUT->server->str('REMOTE_ADDR');
+ if($INPUT->server->str('HTTP_X_FORWARDED_FOR')) {
+ $ip = array_merge($ip, explode(',', str_replace(' ', '', $INPUT->server->str('HTTP_X_FORWARDED_FOR'))));
+ }
+ if($INPUT->server->str('HTTP_X_REAL_IP')) {
+ $ip = array_merge($ip, explode(',', str_replace(' ', '', $INPUT->server->str('HTTP_X_REAL_IP'))));
+ }
// some IPv4/v6 regexps borrowed from Feyd
// see: http://forums.devnetwork.net/viewtopic.php?f=38&t=53479
@@ -712,16 +729,18 @@ function clientIP($single = false) {
* @link http://www.brainhandles.com/2007/10/15/detecting-mobile-browsers/#code
*/
function clientismobile() {
+ /* @var Input $INPUT */
+ global $INPUT;
- if(isset($_SERVER['HTTP_X_WAP_PROFILE'])) return true;
+ if($INPUT->server->has('HTTP_X_WAP_PROFILE')) return true;
- if(preg_match('/wap\.|\.wap/i', $_SERVER['HTTP_ACCEPT'])) return true;
+ if(preg_match('/wap\.|\.wap/i', $INPUT->server->str('HTTP_ACCEPT'))) return true;
- if(!isset($_SERVER['HTTP_USER_AGENT'])) return false;
+ if(!$INPUT->server->has('HTTP_USER_AGENT')) return false;
$uamatches = 'midp|j2me|avantg|docomo|novarra|palmos|palmsource|240x320|opwv|chtml|pda|windows ce|mmp\/|blackberry|mib\/|symbian|wireless|nokia|hand|mobi|phone|cdm|up\.b|audio|SIE\-|SEC\-|samsung|HTC|mot\-|mitsu|sagem|sony|alcatel|lg|erics|vx|NEC|philips|mmm|xx|panasonic|sharp|wap|sch|rover|pocket|benq|java|pt|pg|vox|amoi|bird|compal|kg|voda|sany|kdd|dbt|sendo|sgh|gradi|jb|\d\d\di|moto';
- if(preg_match("/$uamatches/i", $_SERVER['HTTP_USER_AGENT'])) return true;
+ if(preg_match("/$uamatches/i", $INPUT->server->str('HTTP_USER_AGENT'))) return true;
return false;
}
@@ -761,6 +780,9 @@ function gethostsbyaddrs($ips) {
*/
function checklock($id) {
global $conf;
+ /* @var Input $INPUT */
+ global $INPUT;
+
$lock = wikiLockFN($id);
//no lockfile
@@ -774,7 +796,7 @@ function checklock($id) {
//my own lock
@list($ip, $session) = explode("\n", io_readFile($lock));
- if($ip == $_SERVER['REMOTE_USER'] || $ip == clientIP() || $session == session_id()) {
+ if($ip == $INPUT->server->str('REMOTE_USER') || $ip == clientIP() || $session == session_id()) {
return false;
}
@@ -788,14 +810,16 @@ function checklock($id) {
*/
function lock($id) {
global $conf;
+ /* @var Input $INPUT */
+ global $INPUT;
if($conf['locktime'] == 0) {
return;
}
$lock = wikiLockFN($id);
- if($_SERVER['REMOTE_USER']) {
- io_saveFile($lock, $_SERVER['REMOTE_USER']);
+ if($INPUT->server->str('REMOTE_USER')) {
+ io_saveFile($lock, $INPUT->server->str('REMOTE_USER'));
} else {
io_saveFile($lock, clientIP()."\n".session_id());
}
@@ -809,10 +833,13 @@ function lock($id) {
* @return bool true if a lock was removed
*/
function unlock($id) {
+ /* @var Input $INPUT */
+ global $INPUT;
+
$lock = wikiLockFN($id);
if(@file_exists($lock)) {
@list($ip, $session) = explode("\n", io_readFile($lock));
- if($ip == $_SERVER['REMOTE_USER'] || $ip == clientIP() || $session == session_id()) {
+ if($ip == $INPUT->server->str('REMOTE_USER') || $ip == clientIP() || $session == session_id()) {
@unlink($lock);
return true;
}
@@ -938,6 +965,8 @@ function parsePageTemplate(&$data) {
global $USERINFO;
global $conf;
+ /* @var Input $INPUT */
+ global $INPUT;
// replace placeholders
$file = noNS($id);
@@ -969,7 +998,7 @@ function parsePageTemplate(&$data) {
utf8_ucfirst($page),
utf8_ucwords($page),
utf8_strtoupper($page),
- $_SERVER['REMOTE_USER'],
+ $INPUT->server->str('REMOTE_USER'),
$USERINFO['name'],
$USERINFO['mail'],
$conf['dformat'],
@@ -1050,6 +1079,9 @@ function saveWikiText($id, $text, $summary, $minor = false) {
global $conf;
global $lang;
global $REV;
+ /* @var Input $INPUT */
+ global $INPUT;
+
// ignore if no changes were made
if($text == rawWiki($id, '')) {
return;
@@ -1112,7 +1144,7 @@ function saveWikiText($id, $text, $summary, $minor = false) {
$type = DOKU_CHANGE_TYPE_CREATE;
} else if($wasRemoved) {
$type = DOKU_CHANGE_TYPE_DELETE;
- } else if($minor && $conf['useacl'] && $_SERVER['REMOTE_USER']) {
+ } else if($minor && $conf['useacl'] && $INPUT->server->str('REMOTE_USER')) {
$type = DOKU_CHANGE_TYPE_MINOR_EDIT;
} //minor edits only for logged in users
@@ -1164,6 +1196,8 @@ function saveOldRevision($id) {
*/
function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace = array()) {
global $conf;
+ /* @var Input $INPUT */
+ global $INPUT;
// decide if there is something to do, eg. whom to mail
if($who == 'admin') {
@@ -1172,7 +1206,7 @@ function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace =
$to = $conf['notify'];
} elseif($who == 'subscribers') {
if(!actionOK('subscribe')) return false; //subscribers enabled?
- if($conf['useacl'] && $_SERVER['REMOTE_USER'] && $minor) return false; //skip minors
+ if($conf['useacl'] && $INPUT->server->str('REMOTE_USER') && $minor) return false; //skip minors
$data = array('id' => $id, 'addresslist' => '', 'self' => false);
trigger_event(
'COMMON_NOTIFY_ADDRESSLIST', $data,
@@ -1197,10 +1231,13 @@ function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace =
* @author Todd Augsburger <todd@rollerorgans.com>
*/
function getGoogleQuery() {
- if(!isset($_SERVER['HTTP_REFERER'])) {
+ /* @var Input $INPUT */
+ global $INPUT;
+
+ if(!$INPUT->server->has('HTTP_REFERER')) {
return '';
}
- $url = parse_url($_SERVER['HTTP_REFERER']);
+ $url = parse_url($INPUT->server->str('HTTP_REFERER'));
// only handle common SEs
if(!preg_match('/(google|bing|yahoo|ask|duckduckgo|babylon|aol|yandex)/',$url['host'])) return '';
@@ -1523,6 +1560,9 @@ function is_mem_available($mem, $bytes = 1048576) {
* @author Andreas Gohr <andi@splitbrain.org>
*/
function send_redirect($url) {
+ /* @var Input $INPUT */
+ global $INPUT;
+
//are there any undisplayed messages? keep them in session for display
global $MSG;
if(isset($MSG) && count($MSG) && !defined('NOSESSION')) {
@@ -1546,9 +1586,9 @@ function send_redirect($url) {
}
// check if running on IIS < 6 with CGI-PHP
- if(isset($_SERVER['SERVER_SOFTWARE']) && isset($_SERVER['GATEWAY_INTERFACE']) &&
- (strpos($_SERVER['GATEWAY_INTERFACE'], 'CGI') !== false) &&
- (preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($_SERVER['SERVER_SOFTWARE']), $matches)) &&
+ if($INPUT->server->has('SERVER_SOFTWARE') && $INPUT->server->has('GATEWAY_INTERFACE') &&
+ (strpos($INPUT->server->str('GATEWAY_INTERFACE'), 'CGI') !== false) &&
+ (preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($INPUT->server->str('SERVER_SOFTWARE')), $matches)) &&
$matches[1] < 6
) {
header('Refresh: 0;url='.$url);
diff --git a/inc/infoutils.php b/inc/infoutils.php
index 3636d86a1..0992040d9 100644
--- a/inc/infoutils.php
+++ b/inc/infoutils.php
@@ -102,6 +102,8 @@ function getVersion(){
function check(){
global $conf;
global $INFO;
+ /* @var Input $INPUT */
+ global $INPUT;
if ($INFO['isadmin'] || $INFO['ismanager']){
msg('DokuWiki version: '.getVersion(),1);
@@ -204,7 +206,7 @@ function check(){
}
if($INFO['userinfo']['name']){
- msg('You are currently logged in as '.$_SERVER['REMOTE_USER'].' ('.$INFO['userinfo']['name'].')',0);
+ msg('You are currently logged in as '.$INPUT->server->str('REMOTE_USER').' ('.$INFO['userinfo']['name'].')',0);
msg('You are part of the groups '.join($INFO['userinfo']['grps'],', '),0);
}else{
msg('You are currently not logged in',0);
@@ -361,6 +363,9 @@ function dbg($msg,$hidden=false){
*/
function dbglog($msg,$header=''){
global $conf;
+ /* @var Input $INPUT */
+ global $INPUT;
+
// The debug log isn't automatically cleaned thus only write it when
// debugging has been enabled by the user.
if($conf['allowdebug'] !== 1) return;
@@ -373,7 +378,7 @@ function dbglog($msg,$header=''){
$file = $conf['cachedir'].'/debug.log';
$fh = fopen($file,'a');
if($fh){
- fwrite($fh,date('H:i:s ').$_SERVER['REMOTE_ADDR'].': '.$msg."\n");
+ fwrite($fh,date('H:i:s ').$INPUT->server->str('REMOTE_ADDR').': '.$msg."\n");
fclose($fh);
}
}
diff --git a/inc/init.php b/inc/init.php
index bcd96e5e4..4ff239787 100644
--- a/inc/init.php
+++ b/inc/init.php
@@ -402,6 +402,10 @@ function remove_magic_quotes(&$array) {
* Returns the full absolute URL to the directory where
* DokuWiki is installed in (includes a trailing slash)
*
+ * !! Can not access $_SERVER values through $INPUT
+ * !! here as this function is called before $INPUT is
+ * !! initialized.
+ *
* @author Andreas Gohr <andi@splitbrain.org>
*/
function getBaseURL($abs=null){
diff --git a/inc/mail.php b/inc/mail.php
index 0b60c0a5b..9994ac63e 100644
--- a/inc/mail.php
+++ b/inc/mail.php
@@ -40,6 +40,8 @@ if (!defined('PREG_PATTERN_VALID_EMAIL')) define('PREG_PATTERN_VALID_EMAIL', '['
function mail_setup(){
global $conf;
global $USERINFO;
+ /** @var Input $INPUT */
+ global $INPUT;
// auto constructed address
$host = @parse_url(DOKU_URL,PHP_URL_HOST);
@@ -53,11 +55,8 @@ function mail_setup(){
$replace['@MAIL@'] = $noreply;
}
- if(!empty($_SERVER['REMOTE_USER'])){
- $replace['@USER@'] = $_SERVER['REMOTE_USER'];
- }else{
- $replace['@USER@'] = 'noreply';
- }
+ // use 'noreply' if no user
+ $replace['@USER@'] = $INPUT->server->str('REMOTE_USER', 'noreply', true);
if(!empty($USERINFO['name'])){
$replace['@NAME@'] = $USERINFO['name'];
diff --git a/inc/pageutils.php b/inc/pageutils.php
index 9c2794387..8474c5697 100644
--- a/inc/pageutils.php
+++ b/inc/pageutils.php
@@ -19,6 +19,7 @@
* @author Andreas Gohr <andi@splitbrain.org>
*/
function getID($param='id',$clean=true){
+ /** @var Input $INPUT */
global $INPUT;
global $conf;
global $ACT;
@@ -27,7 +28,7 @@ function getID($param='id',$clean=true){
//construct page id from request URI
if(empty($id) && $conf['userewrite'] == 2){
- $request = $_SERVER['REQUEST_URI'];
+ $request = $INPUT->server->str('REQUEST_URI');
$script = '';
//get the script URL
@@ -36,15 +37,15 @@ function getID($param='id',$clean=true){
if($param != 'id') {
$relpath = 'lib/exe/';
}
- $script = $conf['basedir'].$relpath.utf8_basename($_SERVER['SCRIPT_FILENAME']);
-
- }elseif($_SERVER['PATH_INFO']){
- $request = $_SERVER['PATH_INFO'];
- }elseif($_SERVER['SCRIPT_NAME']){
- $script = $_SERVER['SCRIPT_NAME'];
- }elseif($_SERVER['DOCUMENT_ROOT'] && $_SERVER['SCRIPT_FILENAME']){
- $script = preg_replace ('/^'.preg_quote($_SERVER['DOCUMENT_ROOT'],'/').'/','',
- $_SERVER['SCRIPT_FILENAME']);
+ $script = $conf['basedir'].$relpath.utf8_basename($INPUT->server->str('SCRIPT_FILENAME'));
+
+ }elseif($INPUT->server->str('PATH_INFO')){
+ $request = $INPUT->server->str('PATH_INFO');
+ }elseif($INPUT->server->str('SCRIPT_NAME')){
+ $script = $INPUT->server->str('SCRIPT_NAME');
+ }elseif($INPUT->server->str('DOCUMENT_ROOT') && $INPUT->server->str('SCRIPT_FILENAME')){
+ $script = preg_replace ('/^'.preg_quote($INPUT->server->str('DOCUMENT_ROOT'),'/').'/','',
+ $INPUT->server->str('SCRIPT_FILENAME'));
$script = '/'.$script;
}
diff --git a/inc/remote.php b/inc/remote.php
index 2ef28afd2..e27aa74f8 100644
--- a/inc/remote.php
+++ b/inc/remote.php
@@ -169,6 +169,9 @@ class RemoteAPI {
public function hasAccess() {
global $conf;
global $USERINFO;
+ /** @var Input $INPUT */
+ global $INPUT;
+
if (!$conf['remote']) {
return false;
}
@@ -179,7 +182,7 @@ class RemoteAPI {
return true;
}
- return auth_isMember($conf['remoteuser'], $_SERVER['REMOTE_USER'], (array) $USERINFO['grps']);
+ return auth_isMember($conf['remoteuser'], $INPUT->server->str('REMOTE_USER'), (array) $USERINFO['grps']);
}
/**
diff --git a/inc/subscription.php b/inc/subscription.php
index ddf30706b..adf1b821c 100644
--- a/inc/subscription.php
+++ b/inc/subscription.php
@@ -256,8 +256,10 @@ class Subscription {
if(!$this->isenabled()) return false;
global $ID;
+ /** @var Input $INPUT */
+ global $INPUT;
if(!$id) $id = $ID;
- if(!$user) $user = $_SERVER['REMOTE_USER'];
+ if(!$user) $user = $INPUT->server->str('REMOTE_USER');
$subs = $this->subscribers($id, $user);
if(!count($subs)) return false;
@@ -292,13 +294,15 @@ class Subscription {
global $auth;
global $conf;
global $USERINFO;
+ /** @var Input $INPUT */
+ global $INPUT;
$count = 0;
$subscriptions = $this->subscribers($page, null, array('digest', 'list'));
// remember current user info
$olduinfo = $USERINFO;
- $olduser = $_SERVER['REMOTE_USER'];
+ $olduser = $INPUT->server->str('REMOTE_USER');
foreach($subscriptions as $target => $users) {
if(!$this->lock($target)) continue;
@@ -315,7 +319,7 @@ class Subscription {
// Work as the user to make sure ACLs apply correctly
$USERINFO = $auth->getUserData($user);
- $_SERVER['REMOTE_USER'] = $user;
+ $INPUT->server->set('REMOTE_USER',$user);
if($USERINFO === false) continue;
if(!$USERINFO['mail']) continue;
@@ -334,7 +338,7 @@ class Subscription {
foreach($changes as $rev) {
$n = 0;
while(!is_null($rev) && $rev['date'] >= $lastupdate &&
- ($_SERVER['REMOTE_USER'] === $rev['user'] ||
+ ($INPUT->server->str('REMOTE_USER') === $rev['user'] ||
$rev['type'] === DOKU_CHANGE_TYPE_MINOR_EDIT)) {
$rev = getRevisions($rev['id'], $n++, 1);
$rev = (count($rev) > 0) ? $rev[0] : null;
@@ -369,7 +373,7 @@ class Subscription {
// restore current user info
$USERINFO = $olduinfo;
- $_SERVER['REMOTE_USER'] = $olduser;
+ $INPUT->server->set('REMOTE_USER',$olduser);
return $count;
}
@@ -654,6 +658,8 @@ class Subscription {
/** @var DokuWiki_Auth_Plugin $auth */
global $auth;
global $conf;
+ /** @var Input $INPUT */
+ global $INPUT;
$id = $data['id'];
$self = $data['self'];
@@ -667,7 +673,7 @@ class Subscription {
$userinfo = $auth->getUserData($user);
if($userinfo === false) continue;
if(!$userinfo['mail']) continue;
- if(!$self && $user == $_SERVER['REMOTE_USER']) continue; //skip our own changes
+ if(!$self && $user == $INPUT->server->str('REMOTE_USER')) continue; //skip our own changes
$level = auth_aclcheck($id, $user, $userinfo['grps']);
if($level >= AUTH_READ) {
diff --git a/inc/template.php b/inc/template.php
index c0dfbb845..88964fada 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -291,6 +291,8 @@ function tpl_metaheaders($alt = true) {
global $lang;
global $conf;
global $updateVersion;
+ /** @var Input $INPUT */
+ global $INPUT;
// prepare the head array
$head = array();
@@ -401,7 +403,7 @@ function tpl_metaheaders($alt = true) {
// make $INFO and other vars available to JavaScripts
$json = new JSON();
$script = "var NS='".$INFO['namespace']."';";
- if($conf['useacl'] && !empty($_SERVER['REMOTE_USER'])) {
+ if($conf['useacl'] && $INPUT->server->str('REMOTE_USER')) {
$script .= "var SIG='".toolbar_signature()."';";
}
$script .= 'var JSINFO = '.$json->encode($JSINFO).';';
@@ -603,6 +605,8 @@ function tpl_get_action($type) {
global $REV;
global $ACT;
global $conf;
+ /** @var Input $INPUT */
+ global $INPUT;
// check disabled actions and fix the badly named ones
if($type == 'history') $type = 'revisions';
@@ -672,7 +676,7 @@ function tpl_get_action($type) {
break;
case 'login':
$params['sectok'] = getSecurityToken();
- if(isset($_SERVER['REMOTE_USER'])) {
+ if($INPUT->server->has('REMOTE_USER')) {
if(!actionOK('logout')) {
return false;
}
@@ -681,12 +685,12 @@ function tpl_get_action($type) {
}
break;
case 'register':
- if(!empty($_SERVER['REMOTE_USER'])) {
+ if($INPUT->server->str('REMOTE_USER')) {
return false;
}
break;
case 'resendpwd':
- if(!empty($_SERVER['REMOTE_USER'])) {
+ if($INPUT->server->str('REMOTE_USER')) {
return false;
}
break;
@@ -703,14 +707,14 @@ function tpl_get_action($type) {
$params['sectok'] = getSecurityToken();
break;
case 'subscribe':
- if(!$_SERVER['REMOTE_USER']) {
+ if(!$INPUT->server->str('REMOTE_USER')) {
return false;
}
break;
case 'backlink':
break;
case 'profile':
- if(!isset($_SERVER['REMOTE_USER'])) {
+ if(!$INPUT->server->has('REMOTE_USER')) {
return false;
}
break;
@@ -886,8 +890,11 @@ function tpl_youarehere($sep = ' » ') {
function tpl_userinfo() {
global $lang;
global $INFO;
- if(isset($_SERVER['REMOTE_USER'])) {
- print $lang['loggedinas'].': <bdi>'.hsc($INFO['userinfo']['name']).'</bdi> (<bdi>'.hsc($_SERVER['REMOTE_USER']).'</bdi>)';
+ /** @var Input $INPUT */
+ global $INPUT;
+
+ if($INPUT->server->str('REMOTE_USER')) {
+ print $lang['loggedinas'].': <bdi>'.hsc($INFO['userinfo']['name']).'</bdi> (<bdi>'.hsc($INPUT->server->str('REMOTE_USER')).'</bdi>)';
return true;
}
return false;
@@ -1030,6 +1037,7 @@ function tpl_img_getTag($tags, $alt = '', $src = null) {
*/
function tpl_img($maxwidth = 0, $maxheight = 0, $link = true, $params = null) {
global $IMG;
+ /** @var Input $INPUT */
global $INPUT;
$w = tpl_img_getTag('File.Width');
$h = tpl_img_getTag('File.Height');
@@ -1242,6 +1250,7 @@ function tpl_mediaContent($fromajax = false, $sort='natural') {
global $INUSE;
global $NS;
global $JUMPTO;
+ /** @var Input $INPUT */
global $INPUT;
$do = $INPUT->extract('do')->str('do');
@@ -1291,6 +1300,7 @@ function tpl_mediaFileList() {
global $NS;
global $JUMPTO;
global $lang;
+ /** @var Input $INPUT */
global $INPUT;
$opened_tab = $INPUT->str('tab_files');
@@ -1331,7 +1341,9 @@ function tpl_mediaFileList() {
* @author Kate Arzamastseva <pshns@ukr.net>
*/
function tpl_mediaFileDetails($image, $rev) {
- global $AUTH, $NS, $conf, $DEL, $lang, $INPUT;
+ global $AUTH, $NS, $conf, $DEL, $lang;
+ /** @var Input $INPUT */
+ global $INPUT;
$removed = (!file_exists(mediaFN($image)) && file_exists(mediaMetaFN($image, '.changes')) && $conf['mediarevisions']);
if(!$image || (!file_exists(mediaFN($image)) && !$removed) || $DEL) return;
@@ -1409,12 +1421,14 @@ function tpl_actiondropdown($empty = '', $button = '>') {
global $ID;
global $REV;
global $lang;
+ /** @var Input $INPUT */
+ global $INPUT;
echo '<form action="'.script().'" method="get" accept-charset="utf-8">';
echo '<div class="no">';
echo '<input type="hidden" name="id" value="'.$ID.'" />';
if($REV) echo '<input type="hidden" name="rev" value="'.$REV.'" />';
- if (!empty($_SERVER['REMOTE_USER'])) {
+ if ($INPUT->server->str('REMOTE_USER')) {
echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />';
}
@@ -1780,11 +1794,14 @@ function tpl_media() {
*/
function tpl_classes() {
global $ACT, $conf, $ID, $INFO;
+ /** @var Input $INPUT */
+ global $INPUT;
+
$classes = array(
'dokuwiki',
'mode_'.$ACT,
'tpl_'.$conf['template'],
- !empty($_SERVER['REMOTE_USER']) ? 'loggedIn' : '',
+ $INPUT->server->bool('REMOTE_USER') ? 'loggedIn' : '',
$INFO['exists'] ? '' : 'notFound',
($ID == $conf['start']) ? 'home' : '',
);
diff --git a/inc/toolbar.php b/inc/toolbar.php
index d8d2f209b..7cc29e866 100644
--- a/inc/toolbar.php
+++ b/inc/toolbar.php
@@ -241,10 +241,12 @@ function toolbar_JSdefines($varname){
function toolbar_signature(){
global $conf;
global $INFO;
+ /** @var Input $INPUT */
+ global $INPUT;
$sig = $conf['signature'];
$sig = dformat(null,$sig);
- $sig = str_replace('@USER@',$_SERVER['REMOTE_USER'],$sig);
+ $sig = str_replace('@USER@',$INPUT->server->str('REMOTE_USER'),$sig);
$sig = str_replace('@NAME@',$INFO['userinfo']['name'],$sig);
$sig = str_replace('@MAIL@',$INFO['userinfo']['mail'],$sig);
$sig = str_replace('@DATE@',dformat(),$sig);
--
GitLab