diff --git a/inc/form.php b/inc/form.php
index e74c52c5d38ec41292dc44652765ef8abd0e0415..bdf520a2ee7ec9db5e9e3fcbdd2d91631539a646 100644
--- a/inc/form.php
+++ b/inc/form.php
@@ -295,8 +295,9 @@ class Doku_Form {
*/
function addRadioSet($name, $entries) {
- $value = (isset($_POST[$name]) && isset($entries[$_POST[$name]])) ?
- $_POST[$name] : key($entries);
+ global $INPUT;
+ $value = (array_key_exists($INPUT->post->str($name), $entries)) ?
+ $INPUT->str($name) : key($entries);
foreach($entries as $val => $cap) {
$data = ($value === $val) ? array('checked' => 'checked') : array();
$this->addElement(form_makeRadioField($name, $val, $cap, '', '', $data));
diff --git a/inc/html.php b/inc/html.php
index be5666353916e9d189f95c7cfad1330e37f3c6c1..08b051f40d011fcee624d8b8de4e8065804cc464 100644
--- a/inc/html.php
+++ b/inc/html.php
@@ -46,6 +46,7 @@ function html_login(){
global $lang;
global $conf;
global $ID;
+ global $INPUT;
print p_locale_xhtml('login');
print '<div class="centeralign">'.NL;
@@ -53,7 +54,7 @@ function html_login(){
$form->startFieldset($lang['btn_login']);
$form->addHidden('id', $ID);
$form->addHidden('do', 'login');
- $form->addElement(form_makeTextField('u', ((!$_REQUEST['http_credentials']) ? $_REQUEST['u'] : ''), $lang['user'], 'focus__this', 'block'));
+ $form->addElement(form_makeTextField('u', ((!$INPUT->bool('http_credentials')) ? $INPUT->str('u') : ''), $lang['user'], 'focus__this', 'block'));
$form->addElement(form_makePasswordField('p', $lang['pass'], '', 'block'));
if($conf['rememberme']) {
$form->addElement(form_makeCheckboxField('r', '1', $lang['remember'], 'remember__me', 'simple'));
@@ -1070,8 +1071,9 @@ function html_diff($text='',$intro=true,$type=null){
global $REV;
global $lang;
global $conf;
+ global $INPUT;
- if(!$type) $type = $_REQUEST['difftype'];
+ if(!$type) $type = $INPUT->str('difftype');
if($type != 'inline') $type = 'sidebyside';
// we're trying to be clever here, revisions to compare can be either
@@ -1079,16 +1081,16 @@ function html_diff($text='',$intro=true,$type=null){
// array in rev2.
$rev1 = $REV;
- if(is_array($_REQUEST['rev2'])){
- $rev1 = (int) $_REQUEST['rev2'][0];
- $rev2 = (int) $_REQUEST['rev2'][1];
+ if(is_array($INPUT->ref('rev2'))){
+ $rev1 = (int) $INPUT->int('rev2')[0];
+ $rev2 = (int) $INPUT->int('rev2')[1];
if(!$rev1){
$rev1 = $rev2;
unset($rev2);
}
}else{
- $rev2 = (int) $_REQUEST['rev2'];
+ $rev2 = $INPUT->int('rev2');
}
$r_minor = '';
@@ -1246,6 +1248,7 @@ function html_register(){
global $lang;
global $conf;
global $ID;
+ global $INPUT;
print p_locale_xhtml('register');
print '<div class="centeralign">'.NL;
@@ -1253,13 +1256,13 @@ function html_register(){
$form->startFieldset($lang['btn_register']);
$form->addHidden('do', 'register');
$form->addHidden('save', '1');
- $form->addElement(form_makeTextField('login', $_POST['login'], $lang['user'], '', 'block', array('size'=>'50')));
+ $form->addElement(form_makeTextField('login', $INPUT->post->str('login'), $lang['user'], '', 'block', array('size'=>'50')));
if (!$conf['autopasswd']) {
$form->addElement(form_makePasswordField('pass', $lang['pass'], '', 'block', array('size'=>'50')));
$form->addElement(form_makePasswordField('passchk', $lang['passchk'], '', 'block', array('size'=>'50')));
}
- $form->addElement(form_makeTextField('fullname', $_POST['fullname'], $lang['fullname'], '', 'block', array('size'=>'50')));
- $form->addElement(form_makeTextField('email', $_POST['email'], $lang['email'], '', 'block', array('size'=>'50')));
+ $form->addElement(form_makeTextField('fullname', $INPUT->post->str('fullname'), $lang['fullname'], '', 'block', array('size'=>'50')));
+ $form->addElement(form_makeTextField('email', $INPUT->post->str('email'), $lang['email'], '', 'block', array('size'=>'50')));
$form->addElement(form_makeButton('submit', '', $lang['btn_register']));
$form->endFieldset();
html_form('register', $form);
@@ -1276,26 +1279,27 @@ function html_register(){
function html_updateprofile(){
global $lang;
global $conf;
+ global $INPUT;
global $ID;
global $INFO;
global $auth;
print p_locale_xhtml('updateprofile');
- if (empty($_POST['fullname'])) $_POST['fullname'] = $INFO['userinfo']['name'];
- if (empty($_POST['email'])) $_POST['email'] = $INFO['userinfo']['mail'];
+ $fullname = $INPUT->post->str('fullname', $INFO['userinfo']['name'], true);
+ $email = $INPUT->post->str('email', $INFO['userinfo']['mail'], true);
print '<div class="centeralign">'.NL;
$form = new Doku_Form(array('id' => 'dw__register'));
$form->startFieldset($lang['profile']);
$form->addHidden('do', 'profile');
$form->addHidden('save', '1');
- $form->addElement(form_makeTextField('fullname', $_SERVER['REMOTE_USER'], $lang['user'], '', 'block', array('size'=>'50', 'disabled'=>'disabled')));
+ $form->addElement(form_makeTextField('login', $_SERVER['REMOTE_USER'], $lang['user'], '', 'block', array('size'=>'50', 'disabled'=>'disabled')));
$attr = array('size'=>'50');
if (!$auth->canDo('modName')) $attr['disabled'] = 'disabled';
- $form->addElement(form_makeTextField('fullname', $_POST['fullname'], $lang['fullname'], '', 'block', $attr));
+ $form->addElement(form_makeTextField('fullname', $fullname, $lang['fullname'], '', 'block', $attr));
$attr = array('size'=>'50');
if (!$auth->canDo('modMail')) $attr['disabled'] = 'disabled';
- $form->addElement(form_makeTextField('email', $_POST['email'], $lang['email'], '', 'block', $attr));
+ $form->addElement(form_makeTextField('email', $email, $lang['email'], '', 'block', $attr));
$form->addElement(form_makeTag('br'));
if ($auth->canDo('modPass')) {
$form->addElement(form_makePasswordField('newpass', $lang['newpass'], '', 'block', array('size'=>'50')));
@@ -1320,6 +1324,7 @@ function html_updateprofile(){
* @triggers HTML_EDITFORM_OUTPUT
*/
function html_edit(){
+ global $INPUT;
global $ID;
global $REV;
global $DATE;
@@ -1332,8 +1337,8 @@ function html_edit(){
global $TEXT;
global $RANGE;
- if (isset($_REQUEST['changecheck'])) {
- $check = $_REQUEST['changecheck'];
+ if ($INPUT->has('changecheck')) {
+ $check = $INPUT->str('changecheck');
} elseif(!$INFO['exists']){
// $TEXT has been loaded from page template
$check = md5('');
@@ -1368,8 +1373,8 @@ function html_edit(){
$data = array('form' => $form,
'wr' => $wr,
'media_manager' => true,
- 'target' => (isset($_REQUEST['target']) && $wr &&
- $RANGE !== '') ? $_REQUEST['target'] : 'section',
+ 'target' => ($INPUT->has('target') && $wr &&
+ $RANGE !== '') ? $INPUT->str('target') : 'section',
'intro_locale' => $include);
if ($data['target'] !== 'section') {
@@ -1456,6 +1461,7 @@ function html_edit_form($param) {
function html_minoredit(){
global $conf;
global $lang;
+ global $INPUT;
// minor edits are for logged in users only
if(!$conf['useacl'] || !$_SERVER['REMOTE_USER']){
return false;
@@ -1463,7 +1469,7 @@ function html_minoredit(){
$p = array();
$p['tabindex'] = 3;
- if(!empty($_REQUEST['minor'])) $p['checked']='checked';
+ if($INPUT->bool('minor')) $p['checked']='checked';
return form_makeCheckboxField('minor', '1', $lang['minoredit'], 'minoredit', 'nowrap', $p);
}
@@ -1669,8 +1675,9 @@ function html_resendpwd() {
global $lang;
global $conf;
global $ID;
+ global $INPUT;
- $token = preg_replace('/[^a-f0-9]+/','',$_REQUEST['pwauth']);
+ $token = preg_replace('/[^a-f0-9]+/','',$INPUT->str('pwauth'));
if(!$conf['autopasswd'] && $token){
print p_locale_xhtml('resetpwd');
@@ -1695,7 +1702,7 @@ function html_resendpwd() {
$form->addHidden('do', 'resendpwd');
$form->addHidden('save', '1');
$form->addElement(form_makeTag('br'));
- $form->addElement(form_makeTextField('login', $_POST['login'], $lang['user'], '', 'block'));
+ $form->addElement(form_makeTextField('login', $INPUT->post->str('login'), $lang['user'], '', 'block'));
$form->addElement(form_makeTag('br'));
$form->addElement(form_makeTag('br'));
$form->addElement(form_makeButton('submit', '', $lang['btn_resendpwd']));
diff --git a/inc/parser/code.php b/inc/parser/code.php
index 4d94dcf4ec4e36b1d9d1abcac8f2963a569f429a..ff44a4e1ed060e38eb7afb4d49f0befab3097afb 100644
--- a/inc/parser/code.php
+++ b/inc/parser/code.php
@@ -16,11 +16,12 @@ class Doku_Renderer_code extends Doku_Renderer {
* When the correct block was found it exits the script.
*/
function code($text, $language = NULL, $filename='' ) {
+ global $INPUT;
if(!$language) $language = 'txt';
if(!$filename) $filename = 'snippet.'.$language;
$filename = basename($filename);
- if($this->_codeblock == $_REQUEST['codeblock']){
+ if($this->_codeblock == $INPUT->str('codeblock')){
header("Content-Type: text/plain; charset=utf-8");
header("Content-Disposition: attachment; filename=$filename");
header("X-Robots-Tag: noindex");