diff options
| author | Andrew Dolgov <[email protected]> | 2009-12-29 18:49:27 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2009-12-29 18:49:27 +0300 |
| commit | b4e75b2a25d0a30d77b2160c8195835c9816cfe0 (patch) | |
| tree | 9900c7c8e7ba8d3719ae8d7430866485838169d3 /modules | |
| parent | 12e55b9017fe02824d52ef8639de11356ae2d4d4 (diff) | |
use POST parameters for frontend requests
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/backend-rpc.php | 52 | ||||
| -rw-r--r-- | modules/help.php | 6 | ||||
| -rw-r--r-- | modules/popup-dialog.php | 10 | ||||
| -rw-r--r-- | modules/pref-feeds.php | 28 | ||||
| -rw-r--r-- | modules/pref-filters.php | 52 | ||||
| -rw-r--r-- | modules/pref-labels.php | 12 | ||||
| -rw-r--r-- | modules/pref-prefs.php | 2 | ||||
| -rw-r--r-- | modules/pref-users.php | 18 |
8 files changed, 90 insertions, 90 deletions
diff --git a/modules/backend-rpc.php b/modules/backend-rpc.php index 2d1a8f90b..019368685 100644 --- a/modules/backend-rpc.php +++ b/modules/backend-rpc.php @@ -1,7 +1,7 @@ <?php function handle_rpc_request($link) { - $subop = $_GET["subop"]; + $subop = $_REQUEST["subop"]; if ($subop == "setpref") { if (WEB_DEMO_MODE) { @@ -10,8 +10,8 @@ print "<rpc-reply>"; - $key = db_escape_string($_GET["key"]); - $value = db_escape_string($_GET["value"]); + $key = db_escape_string($_REQUEST["key"]); + $value = db_escape_string($_REQUEST["value"]); set_pref($link, $key, $value); @@ -23,7 +23,7 @@ } if ($subop == "getLabelCounters") { - $aid = $_GET["aid"]; + $aid = $_REQUEST["aid"]; print "<rpc-reply>"; print "<counters>"; getLabelCounters($link); @@ -50,7 +50,7 @@ print "<rpc-reply>"; print "<counters>"; - $omode = $_GET["omode"]; + $omode = $_REQUEST["omode"]; getAllCounters($link, $omode); print "</counters>"; @@ -61,8 +61,8 @@ } if ($subop == "mark") { - $mark = $_GET["mark"]; - $id = db_escape_string($_GET["id"]); + $mark = $_REQUEST["mark"]; + $id = db_escape_string($_REQUEST["id"]); if ($mark == "1") { $mark = "true"; @@ -87,7 +87,7 @@ } if ($subop == "delete") { - $ids = db_escape_string($_GET["ids"]); + $ids = db_escape_string($_REQUEST["ids"]); $result = db_query($link, "DELETE FROM ttrss_user_entries WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]); @@ -103,7 +103,7 @@ } if ($subop == "unarchive") { - $ids = db_escape_string($_GET["ids"]); + $ids = db_escape_string($_REQUEST["ids"]); $result = db_query($link, "UPDATE ttrss_user_entries SET feed_id = orig_feed_id, orig_feed_id = NULL @@ -120,7 +120,7 @@ } if ($subop == "archive") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { archive_article($link, $id, $_SESSION["uid"]); @@ -183,7 +183,7 @@ } if ($subop == "updateFeed") { - $feed_id = db_escape_string($_GET["feed"]); + $feed_id = db_escape_string($_REQUEST["feed"]); $result = db_query($link, "SELECT feed_url FROM ttrss_feeds WHERE id = '$feed_id' @@ -205,7 +205,7 @@ if ($subop == "forceUpdateAllFeeds" || $subop == "updateAllFeeds") { - $global_unread_caller = sprintf("%d", $_GET["uctr"]); + $global_unread_caller = sprintf("%d", $_REQUEST["uctr"]); $global_unread = getGlobalUnread($link); print "<rpc-reply>"; @@ -214,7 +214,7 @@ if ($global_unread_caller != $global_unread) { - $omode = $_GET["omode"]; + $omode = $_REQUEST["omode"]; if (!$omode) $omode = "tflc"; @@ -251,7 +251,7 @@ print "<rpc-reply>"; print "<counters>"; - getAllCounters($link, $_GET["omode"]); + getAllCounters($link, $_REQUEST["omode"]); print "</counters>"; print_runtime_info($link); print "</rpc-reply>"; @@ -261,14 +261,14 @@ if ($subop == "markSelected") { - $ids = split(",", db_escape_string($_GET["ids"])); - $cmode = sprintf("%d", $_GET["cmode"]); + $ids = split(",", db_escape_string($_REQUEST["ids"])); + $cmode = sprintf("%d", $_REQUEST["cmode"]); markArticlesById($link, $ids, $cmode); print "<rpc-reply>"; print "<counters>"; - getAllCounters($link, $_GET["omode"]); + getAllCounters($link, $_REQUEST["omode"]); print "</counters>"; print_runtime_info($link); print "</rpc-reply>"; @@ -278,14 +278,14 @@ if ($subop == "publishSelected") { - $ids = split(",", db_escape_string($_GET["ids"])); - $cmode = sprintf("%d", $_GET["cmode"]); + $ids = split(",", db_escape_string($_REQUEST["ids"])); + $cmode = sprintf("%d", $_REQUEST["cmode"]); publishArticlesById($link, $ids, $cmode); print "<rpc-reply>"; print "<counters>"; - getAllCounters($link, $_GET["omode"]); + getAllCounters($link, $_REQUEST["omode"]); print "</counters>"; print_runtime_info($link); print "</rpc-reply>"; @@ -301,7 +301,7 @@ print_runtime_info($link); # assign client-passed params to session - $_SESSION["client.userAgent"] = $_GET["ua"]; + $_SESSION["client.userAgent"] = $_REQUEST["ua"]; } print "</rpc-reply>"; @@ -320,7 +320,7 @@ if ($subop == "getArticleLink") { - $id = db_escape_string($_GET["id"]); + $id = db_escape_string($_REQUEST["id"]); $result = db_query($link, "SELECT link FROM ttrss_entries, ttrss_user_entries WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'"); @@ -337,9 +337,9 @@ if ($subop == "setArticleTags") { - $id = db_escape_string($_GET["id"]); + $id = db_escape_string($_REQUEST["id"]); - $tags_str = db_escape_string($_GET["tags_str"]); + $tags_str = db_escape_string($_REQUEST["tags_str"]); $tags = array_unique(trim_array(split(",", $tags_str))); @@ -426,8 +426,8 @@ } if ($subop == "purge") { - $ids = split(",", db_escape_string($_GET["ids"])); - $days = sprintf("%d", $_GET["days"]); + $ids = split(",", db_escape_string($_REQUEST["ids"])); + $days = sprintf("%d", $_REQUEST["days"]); print "<rpc-reply>"; diff --git a/modules/help.php b/modules/help.php index 415870d45..64ec087bb 100644 --- a/modules/help.php +++ b/modules/help.php @@ -1,7 +1,7 @@ <?php function module_help($link) { - if (!$_GET["noheaders"]) { + if (!$_REQUEST["noheaders"]) { print "<html><head> <title>".__('Help')."</title> <link rel=\"stylesheet\" href=\"utility.css\" type=\"text/css\"> @@ -9,7 +9,7 @@ </head><body>"; } - $tid = sprintf("%d", $_GET["tid"]); + $tid = sprintf("%d", $_REQUEST["tid"]); if (file_exists("help/$tid.php")) { include("help/$tid.php"); @@ -21,7 +21,7 @@ onclick=\"javascript:window.close()\" value=\"".__('Close this window')."\"></div>"; - if (!$_GET["noheaders"]) { + if (!$_REQUEST["noheaders"]) { print "</body></html>"; } } diff --git a/modules/popup-dialog.php b/modules/popup-dialog.php index ab28d1746..57237823e 100644 --- a/modules/popup-dialog.php +++ b/modules/popup-dialog.php @@ -1,7 +1,7 @@ <?php function module_popup_dialog($link) { - $id = $_GET["id"]; - $param = db_escape_string($_GET["param"]); + $id = $_REQUEST["id"]; + $param = db_escape_string($_REQUEST["param"]); if ($id == "explainError") { @@ -142,9 +142,9 @@ print "<form id='search_form' onsubmit='return false'>"; - #$active_feed_id = db_escape_string($_GET["param"]); + #$active_feed_id = db_escape_string($_REQUEST["param"]); - $params = split(":", db_escape_string($_GET["param"])); + $params = split(":", db_escape_string($_REQUEST["param"])); $active_feed_id = sprintf("%d", $params[0]); $is_cat = $params[1] == "true"; @@ -221,7 +221,7 @@ if ($id == "quickAddFilter") { - $active_feed_id = db_escape_string($_GET["param"]); + $active_feed_id = db_escape_string($_REQUEST["param"]); print "<div id=\"infoBoxTitle\">".__('Create Filter')."</div>"; print "<div class=\"infoBoxContents\">"; diff --git a/modules/pref-feeds.php b/modules/pref-feeds.php index 73fbe8079..4c9ed19a9 100644 --- a/modules/pref-feeds.php +++ b/modules/pref-feeds.php @@ -15,7 +15,7 @@ $quiet = $_REQUEST["quiet"]; if ($subop == "massSubscribe") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); $subscribed = array(); @@ -64,7 +64,7 @@ print "<div class=\"infoBoxContents\">"; - $browser_search = db_escape_string($_GET["search"]); + $browser_search = db_escape_string($_REQUEST["search"]); //print "<p>".__("Showing top 25 registered feeds, sorted by popularity:")."</p>"; @@ -726,7 +726,7 @@ if ($subop == "remove") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { remove_feed($link, $id, $_SESSION["uid"]); @@ -734,12 +734,12 @@ } if ($subop == "clear") { - $id = db_escape_string($_GET["id"]); + $id = db_escape_string($_REQUEST["id"]); clear_feed_articles($link, $id); } if ($subop == "rescore") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { @@ -901,9 +901,9 @@ if (!WEB_DEMO_MODE) { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); - $cat_id = db_escape_string($_GET["cat_id"]); + $cat_id = db_escape_string($_REQUEST["cat_id"]); if ($cat_id == 0) { $cat_id_qpart = 'NULL'; @@ -938,7 +938,7 @@ if ($action == "save") { $cat_title = db_escape_string(trim($_REQUEST["value"])); - $cat_id = db_escape_string($_GET["cid"]); + $cat_id = db_escape_string($_REQUEST["cid"]); db_query($link, "BEGIN"); @@ -977,7 +977,7 @@ if (!WEB_DEMO_MODE) { - $feed_cat = db_escape_string(trim($_GET["cat"])); + $feed_cat = db_escape_string(trim($_REQUEST["cat"])); $result = db_query($link, "SELECT id FROM ttrss_feed_categories @@ -1000,7 +1000,7 @@ if ($action == "remove") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { remove_feed_category($link, $id, $_SESSION["uid"]); @@ -1111,9 +1111,9 @@ __('Some feeds have update errors (click for details)')."</a>"); } - $feed_search = db_escape_string($_GET["search"]); + $feed_search = db_escape_string($_REQUEST["search"]); - if (array_key_exists("search", $_GET)) { + if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_feed_search"] = $feed_search; } else { $feed_search = $_SESSION["prefs_feed_search"]; @@ -1138,7 +1138,7 @@ onclick=\"javascript:browseFeeds()\" value=\"".__('More Feeds')."\">"; } - $feeds_sort = db_escape_string($_GET["sort"]); + $feeds_sort = db_escape_string($_REQUEST["sort"]); if (!$feeds_sort || $feeds_sort == "undefined") { $feeds_sort = $_SESSION["pref_sort_feeds"]; @@ -1171,7 +1171,7 @@ $show_last_article_checked = ""; $show_last_article_qpart = ""; - if ($_GET["slat"] == "true") { + if ($_REQUEST["slat"] == "true") { $show_last_article_info = true; $show_last_article_checked = "checked"; $show_last_article_qpart = ", (SELECT ".SUBSTRING_FOR_DATE."(MAX(updated),1,16) FROM ttrss_user_entries, diff --git a/modules/pref-filters.php b/modules/pref-filters.php index 238ceb151..a0760de4e 100644 --- a/modules/pref-filters.php +++ b/modules/pref-filters.php @@ -1,11 +1,11 @@ <?php function module_pref_filters($link) { - $subop = $_GET["subop"]; - $quiet = $_GET["quiet"]; + $subop = $_REQUEST["subop"]; + $quiet = $_REQUEST["quiet"]; if ($subop == "edit") { - $filter_id = db_escape_string($_GET["id"]); + $filter_id = db_escape_string($_REQUEST["id"]); $result = db_query($link, "SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]); @@ -173,18 +173,18 @@ if ($subop == "editSave") { - $reg_exp = db_escape_string(trim($_GET["reg_exp"])); - $filter_type = db_escape_string(trim($_GET["filter_type"])); - $filter_id = db_escape_string($_GET["id"]); - $feed_id = db_escape_string($_GET["feed_id"]); - $action_id = db_escape_string($_GET["action_id"]); - $action_param = db_escape_string($_GET["action_param"]); - $action_param_label = db_escape_string($_GET["action_param_label"]); - $enabled = checkbox_to_sql_bool(db_escape_string($_GET["enabled"])); - $inverse = checkbox_to_sql_bool(db_escape_string($_GET["inverse"])); + $reg_exp = db_escape_string(trim($_REQUEST["reg_exp"])); + $filter_type = db_escape_string(trim($_REQUEST["filter_type"])); + $filter_id = db_escape_string($_REQUEST["id"]); + $feed_id = db_escape_string($_REQUEST["feed_id"]); + $action_id = db_escape_string($_REQUEST["action_id"]); + $action_param = db_escape_string($_REQUEST["action_param"]); + $action_param_label = db_escape_string($_REQUEST["action_param_label"]); + $enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"])); + $inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"])); # for the time being, no other filters use params anyway... - $filter_param = db_escape_string($_GET["filter_date_modifier"]); + $filter_param = db_escape_string($_REQUEST["filter_date_modifier"]); if (!$feed_id) { $feed_id = 'NULL'; @@ -218,7 +218,7 @@ if ($subop == "remove") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { db_query($link, "DELETE FROM ttrss_filters WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]); @@ -227,16 +227,16 @@ if ($subop == "add") { - $regexp = db_escape_string(trim($_GET["reg_exp"])); - $filter_type = db_escape_string(trim($_GET["filter_type"])); - $feed_id = db_escape_string($_GET["feed_id"]); - $action_id = db_escape_string($_GET["action_id"]); - $action_param = db_escape_string($_GET["action_param"]); - $action_param_label = db_escape_string($_GET["action_param_label"]); - $inverse = checkbox_to_sql_bool(db_escape_string($_GET["inverse"])); + $regexp = db_escape_string(trim($_REQUEST["reg_exp"])); + $filter_type = db_escape_string(trim($_REQUEST["filter_type"])); + $feed_id = db_escape_string($_REQUEST["feed_id"]); + $action_id = db_escape_string($_REQUEST["action_id"]); + $action_param = db_escape_string($_REQUEST["action_param"]); + $action_param_label = db_escape_string($_REQUEST["action_param_label"]); + $inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"])); # for the time being, no other filters use params anyway... - $filter_param = db_escape_string($_GET["filter_date_modifier"]); + $filter_param = db_escape_string($_REQUEST["filter_date_modifier"]); if (!$regexp) return; @@ -271,7 +271,7 @@ set_pref($link, "_PREFS_ACTIVE_TAB", "filterConfig"); - $sort = db_escape_string($_GET["sort"]); + $sort = db_escape_string($_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "reg_exp"; @@ -290,9 +290,9 @@ } - $filter_search = db_escape_string($_GET["search"]); + $filter_search = db_escape_string($_REQUEST["search"]); - if (array_key_exists("search", $_GET)) { + if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_filter_search"] = $filter_search; } else { $filter_search = $_SESSION["prefs_filter_search"]; @@ -388,7 +388,7 @@ $class = ($lnum % 2) ? "even" : "odd"; $filter_id = $line["id"]; - $edit_filter_id = $_GET["id"]; + $edit_filter_id = $_REQUEST["id"]; $enabled = sql_bool_to_bool($line["enabled"]); $inverse = sql_bool_to_bool($line["inverse"]); diff --git a/modules/pref-labels.php b/modules/pref-labels.php index 02e5a2be9..e67cb7e3b 100644 --- a/modules/pref-labels.php +++ b/modules/pref-labels.php @@ -1,7 +1,7 @@ <?php function module_pref_labels($link) { - $subop = $_GET["subop"]; + $subop = $_REQUEST["subop"]; if ($subop == "color-set") { $kind = db_escape_string($_REQUEST["kind"]); @@ -84,7 +84,7 @@ if ($subop == "remove") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { label_remove($link, $id, $_SESSION["uid"]); @@ -94,7 +94,7 @@ if ($subop == "add") { - $caption = db_escape_string($_GET["caption"]); + $caption = db_escape_string($_REQUEST["caption"]); if ($caption) { @@ -109,15 +109,15 @@ set_pref($link, "_PREFS_ACTIVE_TAB", "labelConfig"); - $sort = db_escape_string($_GET["sort"]); + $sort = db_escape_string($_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "caption"; } - $label_search = db_escape_string($_GET["search"]); + $label_search = db_escape_string($_REQUEST["search"]); - if (array_key_exists("search", $_GET)) { + if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_label_search"] = $label_search; } else { $label_search = $_SESSION["prefs_label_search"]; diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php index 3cd557d97..8159f0f01 100644 --- a/modules/pref-prefs.php +++ b/modules/pref-prefs.php @@ -120,7 +120,7 @@ } else if ($subop == "getHelp") { - $pref_name = db_escape_string($_GET["pn"]); + $pref_name = db_escape_string($_REQUEST["pn"]); $result = db_query($link, "SELECT help_text FROM ttrss_prefs WHERE pref_name = '$pref_name'"); diff --git a/modules/pref-users.php b/modules/pref-users.php index 7a878b18f..6b4df8854 100644 --- a/modules/pref-users.php +++ b/modules/pref-users.php @@ -12,7 +12,7 @@ if ($subop == "user-details") { - $uid = sprintf("%d", $_GET["id"]); + $uid = sprintf("%d", $_REQUEST["id"]); print "<div id=\"infoBoxTitle\">".__('User details')."</div>"; @@ -103,7 +103,7 @@ if ($subop == "edit") { - $id = db_escape_string($_GET["id"]); + $id = db_escape_string($_REQUEST["id"]); print "<div id=\"infoBoxTitle\">".__('User Editor')."</div>"; @@ -213,7 +213,7 @@ if ($_SESSION["access_level"] >= 10) { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { if ($id != $_SESSION["uid"]) { @@ -227,7 +227,7 @@ if ($_SESSION["access_level"] >= 10) { - $login = db_escape_string(trim($_GET["login"])); + $login = db_escape_string(trim($_REQUEST["login"])); $tmp_user_pwd = make_password(8); $pwd_hash = encrypt_password($tmp_user_pwd, $login); @@ -266,7 +266,7 @@ if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { - $uid = db_escape_string($_GET["id"]); + $uid = db_escape_string($_REQUEST["id"]); $result = db_query($link, "SELECT login,email FROM ttrss_users WHERE id = '$uid'"); @@ -346,9 +346,9 @@ set_pref($link, "_PREFS_ACTIVE_TAB", "userConfig"); - $user_search = db_escape_string($_GET["search"]); + $user_search = db_escape_string($_REQUEST["search"]); - if (array_key_exists("search", $_GET)) { + if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_user_search"] = $user_search; } else { $user_search = $_SESSION["prefs_user_search"]; @@ -363,7 +363,7 @@ onclick=\"javascript:updateUsersList()\" value=\"".__('Search')."\"> </div>"; - $sort = db_escape_string($_GET["sort"]); + $sort = db_escape_string($_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "login"; @@ -427,7 +427,7 @@ $class = ($lnum % 2) ? "even" : "odd"; $uid = $line["id"]; - $edit_uid = $_GET["id"]; + $edit_uid = $_REQUEST["id"]; if ($subop == "edit" && $uid != $edit_uid) { $class .= "Grayed"; |