opensourcemirror
/
dokuwiki
mirror of https://github.com/splitbrain/dokuwiki.git
1
0
Fork 0
Code Issues Releases Wiki Activity

amend $_SERVER to $INPUT->server

This commit is contained in:
Christopher Smith 2014-03-06 19:55:56 +00:00
parent 1418498c40
commit 585bf44e2b
13 changed files with 212 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
inc/Mailer.class.php
View File

@ -39,6 +39,8 @@ class Mailer {
*/
public function __construct() {
global $conf;
/* @var Input $INPUT */
global $INPUT;
$server = parse_url(DOKU_URL, PHP_URL_HOST);
if(strpos($server,'.') === false) $server = $server.'.localhost';
@ -53,7 +55,7 @@ class Mailer {
// add some default headers for mailfiltering FS#2247
$this->setHeader('X-Mailer', 'DokuWiki');
$this->setHeader('X-DokuWiki-User', $_SERVER['REMOTE_USER']);
$this->setHeader('X-DokuWiki-User', $INPUT->server->str('REMOTE_USER'));
$this->setHeader('X-DokuWiki-Title', $conf['title']);
$this->setHeader('X-DokuWiki-Server', $server);
$this->setHeader('X-Auto-Response-Suppress', 'OOF');
@ -181,6 +183,9 @@ class Mailer {
public function setBody($text, $textrep = null, $htmlrep = null, $html = null, $wrap = true) {
global $INFO;
global $conf;
/* @var Input $INPUT */
global $INPUT;
$htmlrep = (array)$htmlrep;
$textrep = (array)$textrep;
@ -218,24 +223,24 @@ class Mailer {
$cip = gethostsbyaddrs($ip);
$trep = array(
'DATE' => dformat(),
'BROWSER' => $_SERVER['HTTP_USER_AGENT'],
'BROWSER' => $INPUT->server->str('HTTP_USER_AGENT'),
'IPADDRESS' => $ip,
'HOSTNAME' => $cip,
'TITLE' => $conf['title'],
'DOKUWIKIURL' => DOKU_URL,
'USER' => $_SERVER['REMOTE_USER'],
'USER' => $INPUT->server->str('REMOTE_USER'),
'NAME' => $INFO['userinfo']['name'],
'MAIL' => $INFO['userinfo']['mail'],
);
$trep = array_merge($trep, (array)$textrep);
$hrep = array(
'DATE' => '<i>'.hsc(dformat()).'</i>',
'BROWSER' => hsc($_SERVER['HTTP_USER_AGENT']),
'BROWSER' => hsc($INPUT->server->str('HTTP_USER_AGENT')),
'IPADDRESS' => '<code>'.hsc($ip).'</code>',
'HOSTNAME' => '<code>'.hsc($cip).'</code>',
'TITLE' => hsc($conf['title']),
'DOKUWIKIURL' => '<a href="'.DOKU_URL.'">'.DOKU_URL.'</a>',
'USER' => hsc($_SERVER['REMOTE_USER']),
'USER' => hsc($INPUT->server->str('REMOTE_USER')),
'NAME' => hsc($INFO['userinfo']['name']),
'MAIL' => '<a href="mailto:"'.hsc($INFO['userinfo']['mail']).'">'.
hsc($INFO['userinfo']['mail']).'</a>',

27
inc/actions.php
View File

@ -20,6 +20,7 @@ function act_dispatch(){
global $ID;
global $INFO;
global $QUERY;
/* @var Input $INPUT */
global $INPUT;
global $lang;
global $conf;
@ -94,7 +95,7 @@ function act_dispatch(){
// user profile changes
if (in_array($ACT, array('profile','profile_delete'))) {
if(!$_SERVER['REMOTE_USER']) {
if(!$INPUT->server->str('REMOTE_USER')) {
$ACT = 'login';
} else {
switch ($ACT) {
@ -190,7 +191,7 @@ function act_dispatch(){
unset($evt);
// when action 'show', the intial not 'show' and POST, do a redirect
if($ACT == 'show' && $preact != 'show' && strtolower($_SERVER['REQUEST_METHOD']) == 'post'){
if($ACT == 'show' && $preact != 'show' && strtolower($INPUT->server->str('REQUEST_METHOD')) == 'post'){
act_redirect($ID,$preact);
}
@ -414,6 +415,8 @@ function act_revert($act){
global $ID;
global $REV;
global $lang;
/* @var Input $INPUT */
global $INPUT;
// FIXME $INFO['writable'] currently refers to the attic version
// global $INFO;
// if (!$INFO['writable']) {
@ -445,7 +448,7 @@ function act_revert($act){
session_write_close();
// when done, show current page
$_SERVER['REQUEST_METHOD'] = 'post'; //should force a redirect
$INPUT->server->set('REQUEST_METHOD','post'); //should force a redirect
$REV = '';
return 'show';
}
@ -493,17 +496,20 @@ function act_redirect_execute($opts){
function act_auth($act){
global $ID;
global $INFO;
/* @var Input $INPUT */
global $INPUT;
//already logged in?
if(isset($_SERVER['REMOTE_USER']) && $act=='login'){
if($INPUT->server->has('REMOTE_USER') && $act=='login'){
return 'show';
}
//handle logout
if($act=='logout'){
$lockedby = checklock($ID); //page still locked?
if($lockedby == $_SERVER['REMOTE_USER'])
if($lockedby == $INPUT->server->str('REMOTE_USER')){
unlock($ID); //try to unlock
}
// do the logout stuff
auth_logoff();
@ -719,10 +725,11 @@ function act_subscription($act){
global $lang;
global $INFO;
global $ID;
/* @var Input $INPUT */
global $INPUT;
// subcriptions work for logged in users only
if(!$_SERVER['REMOTE_USER']) return 'show';
if(!$INPUT->server->str('REMOTE_USER')) return 'show';
// get and preprocess data.
$params = array();
@ -745,9 +752,9 @@ function act_subscription($act){
// Perform action.
$sub = new Subscription();
if($action == 'unsubscribe'){
$ok = $sub->remove($target, $_SERVER['REMOTE_USER'], $style);
$ok = $sub->remove($target, $INPUT->server->str('REMOTE_USER'), $style);
}else{
$ok = $sub->add($target, $_SERVER['REMOTE_USER'], $style);
$ok = $sub->add($target, $INPUT->server->str('REMOTE_USER'), $style);
}
if($ok) {
@ -776,6 +783,8 @@ function act_subscription($act){
function subscription_handle_post(&$params) {
global $INFO;
global $lang;
/* @var Input $INPUT */
global $INPUT;
// Get and validate parameters.
if (!isset($params['target'])) {
@ -806,7 +815,7 @@ function subscription_handle_post(&$params) {
}
if ($is === false) {
throw new Exception(sprintf($lang['subscr_not_subscribed'],
$_SERVER['REMOTE_USER'],
$INPUT->server->str('REMOTE_USER'),
prettyprint_id($target)));
}
// subscription_set deletes a subscription if style = null.

54
inc/auth.php
View File

@ -131,6 +131,8 @@ function auth_setup() {
function auth_loadACL() {
global $config_cascade;
global $USERINFO;
/* @var Input $INPUT */
global $INPUT;
if(!is_readable($config_cascade['acl']['default'])) return array();
@ -145,10 +147,10 @@ function auth_loadACL() {
// substitute user wildcard first (its 1:1)
if(strstr($line, '%USER%')){
// if user is not logged in, this ACL line is meaningless - skip it
if (!isset($_SERVER['REMOTE_USER'])) continue;
if (!$INPUT->server->has('REMOTE_USER')) continue;
$id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id);
$rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest);
$id = str_replace('%USER%',cleanID($INPUT->server->str('REMOTE_USER')),$id);
$rest = str_replace('%USER%',auth_nameencode($INPUT->server->str('REMOTE_USER')),$rest);
}
// substitute group wildcard (its 1:m)
@ -217,6 +219,8 @@ function auth_login($user, $pass, $sticky = false, $silent = false) {
global $lang;
/* @var DokuWiki_Auth_Plugin $auth */
global $auth;
/* @var Input $INPUT */
global $INPUT;
$sticky ? $sticky = true : $sticky = false; //sanity check
@ -226,7 +230,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) {
//usual login
if($auth->checkPass($user, $pass)) {
// make logininfo globally available
$_SERVER['REMOTE_USER'] = $user;
$INPUT->server->set('REMOTE_USER', $user);
$secret = auth_cookiesalt(!$sticky, true); //bind non-sticky to session
auth_setCookie($user, auth_encrypt($pass, $secret), $sticky);
return true;
@ -253,7 +257,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) {
) {
// he has session, cookie and browser right - let him in
$_SERVER['REMOTE_USER'] = $user;
$INPUT->server->set('REMOTE_USER', $user);
$USERINFO = $session['info']; //FIXME move all references to session
return true;
}
@ -288,7 +292,10 @@ function auth_validateToken($token) {
}
// still here? trust the session data
global $USERINFO;
$_SERVER['REMOTE_USER'] = $_SESSION[DOKU_COOKIE]['auth']['user'];
/* @var Input $INPUT */
global $INPUT;
$INPUT->server->set('REMOTE_USER',$_SESSION[DOKU_COOKIE]['auth']['user']);
$USERINFO = $_SESSION[DOKU_COOKIE]['auth']['info'];
return true;
}
@ -321,11 +328,14 @@ function auth_createToken() {
* @return string a MD5 sum of various browser headers
*/
function auth_browseruid() {
/* @var Input $INPUT */
global $INPUT;
$ip = clientIP(true);
$uid = '';
$uid .= $_SERVER['HTTP_USER_AGENT'];
$uid .= $_SERVER['HTTP_ACCEPT_ENCODING'];
$uid .= @$_SERVER['HTTP_ACCEPT_CHARSET'];
$uid .= $INPUT->server->str('HTTP_USER_AGENT');
$uid .= $INPUT->server->str('HTTP_ACCEPT_ENCODING');
$uid .= $INPUT->server->str('HTTP_ACCEPT_CHARSET');
$uid .= substr($ip, 0, strpos($ip, '.'));
$uid = strtolower($uid);
return md5($uid);
@ -511,6 +521,8 @@ function auth_logoff($keepbc = false) {
global $USERINFO;
/* @var DokuWiki_Auth_Plugin $auth */
global $auth;
/* @var Input $INPUT */
global $INPUT;
// make sure the session is writable (it usually is)
@session_start();
@ -523,8 +535,7 @@ function auth_logoff($keepbc = false) {
unset($_SESSION[DOKU_COOKIE]['auth']['info']);
if(!$keepbc && isset($_SESSION[DOKU_COOKIE]['bc']))
unset($_SESSION[DOKU_COOKIE]['bc']);
if(isset($_SERVER['REMOTE_USER']))
unset($_SERVER['REMOTE_USER']);
$INPUT->server->remove('REMOTE_USER');
$USERINFO = null; //FIXME
$cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir'];
@ -553,13 +564,16 @@ function auth_ismanager($user = null, $groups = null, $adminonly = false) {
global $USERINFO;
/* @var DokuWiki_Auth_Plugin $auth */
global $auth;
/* @var Input $INPUT */
global $INPUT;
if(!$auth) return false;
if(is_null($user)) {
if(!isset($_SERVER['REMOTE_USER'])) {
if(!$INPUT->server->has('REMOTE_USER')) {
return false;
} else {
$user = $_SERVER['REMOTE_USER'];
$user = $INPUT->server->str('REMOTE_USER');
}
}
if(is_null($groups)) {
@ -651,9 +665,11 @@ function auth_isMember($memberlist, $user, array $groups) {
function auth_quickaclcheck($id) {
global $conf;
global $USERINFO;
/* @var Input $INPUT */
global $INPUT;
# if no ACL is used always return upload rights
if(!$conf['useacl']) return AUTH_UPLOAD;
return auth_aclcheck($id, $_SERVER['REMOTE_USER'], $USERINFO['grps']);
return auth_aclcheck($id, $INPUT->server->str('REMOTE_USER'), $USERINFO['grps']);
}
/**
@ -1058,18 +1074,18 @@ function updateprofile() {
}
if($conf['profileconfirm']) {
if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) {
if(!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) {
msg($lang['badpassconfirm'], -1);
return false;
}
}
if($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) {
if($result = $auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), $changes))) {
// update cookie and session with the changed data
if($changes['pass']) {
list( /*user*/, $sticky, /*pass*/) = auth_getCookie();
$pass = auth_encrypt($changes['pass'], auth_cookiesalt(!$sticky, true));
auth_setCookie($_SERVER['REMOTE_USER'], $pass, (bool) $sticky);
auth_setCookie($INPUT->server->str('REMOTE_USER'), $pass, (bool) $sticky);
}
return true;
}
@ -1105,13 +1121,13 @@ function auth_deleteprofile(){
}
if($conf['profileconfirm']) {
if(!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) {
if(!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) {
msg($lang['badpassconfirm'], -1);
return false;
}
}
$deleted[] = $_SERVER['REMOTE_USER'];
$deleted[] = $INPUT->server->str('REMOTE_USER');
if($auth->triggerUserMod('delete', array($deleted))) {
// force and immediate logout including removing the sticky cookie
auth_logoff();

8
inc/changelog.php
View File

@ -52,6 +52,8 @@ function parseChangelogLine($line) {
*/
function addLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extra='', $flags=null){
global $conf, $INFO;
/** @var Input $INPUT */
global $INPUT;
// check for special flags as keys
if (!is_array($flags)) { $flags = array(); }
@ -65,7 +67,7 @@ function addLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extr
if(!$date) $date = time(); //use current time if none supplied
$remote = (!$flagExternalEdit)?clientIP(true):'127.0.0.1';
$user = (!$flagExternalEdit)?$_SERVER['REMOTE_USER']:'';
$user = (!$flagExternalEdit)?$INPUT->server->str('REMOTE_USER'):'';
$strip = array("\t", "\n");
$logline = array(
@ -117,12 +119,14 @@ function addLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extr
*/
function addMediaLogEntry($date, $id, $type=DOKU_CHANGE_TYPE_EDIT, $summary='', $extra='', $flags=null){
global $conf;
/** @var Input $INPUT */
global $INPUT;
$id = cleanid($id);
if(!$date) $date = time(); //use current time if none supplied
$remote = clientIP(true);
$user = $_SERVER['REMOTE_USER'];
$user = $INPUT->server->str('REMOTE_USER');
$strip = array("\t", "\n");
$logline = array(

102
inc/common.php
View File

@ -56,15 +56,18 @@ function stripctl($string) {
* @return string
*/
function getSecurityToken() {
return PassHash::hmac('md5', session_id().$_SERVER['REMOTE_USER'], auth_cookiesalt());
/** @var Input $INPUT */
global $INPUT;
return PassHash::hmac('md5', session_id().$INPUT->server->str('REMOTE_USER'), auth_cookiesalt());
}
/**
* Check the secret CSRF token
*/
function checkSecurityToken($token = null) {
/** @var Input $INPUT */
global $INPUT;
if(empty($_SERVER['REMOTE_USER'])) return true; // no logged in user, no need for a check
if(!$INPUT->server->str('REMOTE_USER')) return true; // no logged in user, no need for a check
if(is_null($token)) $token = $INPUT->str('sectok');
if(getSecurityToken() != $token) {
@ -93,14 +96,16 @@ function formSecurityToken($print = true) {
*/
function basicinfo($id, $htmlClient=true){
global $USERINFO;
/* @var Input $INPUT */
global $INPUT;
// set info about manager/admin status.
$info['isadmin'] = false;
$info['ismanager'] = false;
if(isset($_SERVER['REMOTE_USER'])) {
if($INPUT->server->has('REMOTE_USER')) {
$info['userinfo'] = $USERINFO;
$info['perm'] = auth_quickaclcheck($id);
$info['client'] = $_SERVER['REMOTE_USER'];
$info['client'] = $INPUT->server->str('REMOTE_USER');
if($info['perm'] == AUTH_ADMIN) {
$info['isadmin'] = true;
@ -111,7 +116,7 @@ function basicinfo($id, $htmlClient=true){
// if some outside auth were used only REMOTE_USER is set
if(!$info['userinfo']['name']) {
$info['userinfo']['name'] = $_SERVER['REMOTE_USER'];
$info['userinfo']['name'] = $INPUT->server->str('REMOTE_USER');
}
} else {
@ -140,6 +145,8 @@ function pageinfo() {
global $REV;
global $RANGE;
global $lang;
/* @var Input $INPUT */
global $INPUT;
$info = basicinfo($ID);
@ -148,7 +155,7 @@ function pageinfo() {
$info['id'] = $ID;
$info['rev'] = $REV;
if(isset($_SERVER['REMOTE_USER'])) {
if($INPUT->server->has('REMOTE_USER')) {
$sub = new Subscription();
$info['subscribed'] = $sub->user_subscription();
} else {
@ -356,11 +363,14 @@ function breadcrumbs() {
*/
function idfilter($id, $ue = true) {
global $conf;
/* @var Input $INPUT */
global $INPUT;
if($conf['useslash'] && $conf['userewrite']) {
$id = strtr($id, ':', '/');
} elseif(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN' &&
$conf['userewrite'] &&
strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') === false
strpos($INPUT->server->str('SERVER_SOFTWARE'), 'Microsoft-IIS') === false
) {
$id = strtr($id, ':', ';');
}
@ -588,6 +598,8 @@ function checkwordblock($text = '') {
global $SUM;
global $conf;
global $INFO;
/* @var Input $INPUT */
global $INPUT;
if(!$conf['usewordblock']) return false;
@ -620,9 +632,9 @@ function checkwordblock($text = '') {
if(count($re) && preg_match('#('.join('|', $re).')#si', $text, $matches)) {
// prepare event data
$data['matches'] = $matches;
$data['userinfo']['ip'] = $_SERVER['REMOTE_ADDR'];
if($_SERVER['REMOTE_USER']) {
$data['userinfo']['user'] = $_SERVER['REMOTE_USER'];
$data['userinfo']['ip'] = $INPUT->server->str('REMOTE_ADDR');
if($INPUT->server->str('REMOTE_USER')) {
$data['userinfo']['user'] = $INPUT->server->str('REMOTE_USER');
$data['userinfo']['name'] = $INFO['userinfo']['name'];
$data['userinfo']['mail'] = $INFO['userinfo']['mail'];
}
@ -648,12 +660,17 @@ function checkwordblock($text = '') {
* @return string
*/
function clientIP($single = false) {
/* @var Input $INPUT */
global $INPUT;
$ip = array();
$ip[] = $_SERVER['REMOTE_ADDR'];
if(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
$ip = array_merge($ip, explode(',', str_replace(' ', '', $_SERVER['HTTP_X_FORWARDED_FOR'])));
if(!empty($_SERVER['HTTP_X_REAL_IP']))
$ip = array_merge($ip, explode(',', str_replace(' ', '', $_SERVER['HTTP_X_REAL_IP'])));
$ip[] = $INPUT->server->str('REMOTE_ADDR');
if($INPUT->server->str('HTTP_X_FORWARDED_FOR')) {
$ip = array_merge($ip, explode(',', str_replace(' ', '', $INPUT->server->str('HTTP_X_FORWARDED_FOR'))));
}
if($INPUT->server->str('HTTP_X_REAL_IP')) {
$ip = array_merge($ip, explode(',', str_replace(' ', '', $INPUT->server->str('HTTP_X_REAL_IP'))));
}
// some IPv4/v6 regexps borrowed from Feyd
// see: http://forums.devnetwork.net/viewtopic.php?f=38&t=53479
@ -712,16 +729,18 @@ function clientIP($single = false) {
* @link http://www.brainhandles.com/2007/10/15/detecting-mobile-browsers/#code
*/
function clientismobile() {
/* @var Input $INPUT */
global $INPUT;
if(isset($_SERVER['HTTP_X_WAP_PROFILE'])) return true;
if($INPUT->server->has('HTTP_X_WAP_PROFILE')) return true;
if(preg_match('/wap\.|\.wap/i', $_SERVER['HTTP_ACCEPT'])) return true;
if(preg_match('/wap\.|\.wap/i', $INPUT->server->str('HTTP_ACCEPT'))) return true;
if(!isset($_SERVER['HTTP_USER_AGENT'])) return false;
if(!$INPUT->server->has('HTTP_USER_AGENT')) return false;
$uamatches = 'midp|j2me|avantg|docomo|novarra|palmos|palmsource|240x320|opwv|chtml|pda|windows ce|mmp\/|blackberry|mib\/|symbian|wireless|nokia|hand|mobi|phone|cdm|up\.b|audio|SIE\-|SEC\-|samsung|HTC|mot\-|mitsu|sagem|sony|alcatel|lg|erics|vx|NEC|philips|mmm|xx|panasonic|sharp|wap|sch|rover|pocket|benq|java|pt|pg|vox|amoi|bird|compal|kg|voda|sany|kdd|dbt|sendo|sgh|gradi|jb|\d\d\di|moto';
if(preg_match("/$uamatches/i", $_SERVER['HTTP_USER_AGENT'])) return true;
if(preg_match("/$uamatches/i", $INPUT->server->str('HTTP_USER_AGENT'))) return true;
return false;
}
@ -761,6 +780,9 @@ function gethostsbyaddrs($ips) {
*/
function checklock($id) {
global $conf;
/* @var Input $INPUT */
global $INPUT;
$lock = wikiLockFN($id);
//no lockfile
@ -774,7 +796,7 @@ function checklock($id) {
//my own lock
@list($ip, $session) = explode("\n", io_readFile($lock));
if($ip == $_SERVER['REMOTE_USER'] || $ip == clientIP() || $session == session_id()) {
if($ip == $INPUT->server->str('REMOTE_USER') || $ip == clientIP() || $session == session_id()) {
return false;
}
@ -788,14 +810,16 @@ function checklock($id) {
*/
function lock($id) {
global $conf;
/* @var Input $INPUT */
global $INPUT;
if($conf['locktime'] == 0) {
return;
}
$lock = wikiLockFN($id);
if($_SERVER['REMOTE_USER']) {
io_saveFile($lock, $_SERVER['REMOTE_USER']);
if($INPUT->server->str('REMOTE_USER')) {
io_saveFile($lock, $INPUT->server->str('REMOTE_USER'));
} else {
io_saveFile($lock, clientIP()."\n".session_id());
}
@ -809,10 +833,13 @@ function lock($id) {
* @return bool true if a lock was removed
*/
function unlock($id) {
/* @var Input $INPUT */
global $INPUT;
$lock = wikiLockFN($id);
if(@file_exists($lock)) {
@list($ip, $session) = explode("\n", io_readFile($lock));
if($ip == $_SERVER['REMOTE_USER'] || $ip == clientIP() || $session == session_id()) {
if($ip == $INPUT->server->str('REMOTE_USER') || $ip == clientIP() || $session == session_id()) {
@unlink($lock);
return true;
}
@ -938,6 +965,8 @@ function parsePageTemplate(&$data) {
global $USERINFO;
global $conf;
/* @var Input $INPUT */
global $INPUT;
// replace placeholders
$file = noNS($id);
@ -969,7 +998,7 @@ function parsePageTemplate(&$data) {
utf8_ucfirst($page),
utf8_ucwords($page),
utf8_strtoupper($page),
$_SERVER['REMOTE_USER'],
$INPUT->server->str('REMOTE_USER'),
$USERINFO['name'],
$USERINFO['mail'],
$conf['dformat'],
@ -1050,6 +1079,9 @@ function saveWikiText($id, $text, $summary, $minor = false) {
global $conf;
global $lang;
global $REV;
/* @var Input $INPUT */
global $INPUT;
// ignore if no changes were made
if($text == rawWiki($id, '')) {
return;
@ -1112,7 +1144,7 @@ function saveWikiText($id, $text, $summary, $minor = false) {
$type = DOKU_CHANGE_TYPE_CREATE;
} else if($wasRemoved) {
$type = DOKU_CHANGE_TYPE_DELETE;
} else if($minor && $conf['useacl'] && $_SERVER['REMOTE_USER']) {
} else if($minor && $conf['useacl'] && $INPUT->server->str('REMOTE_USER')) {
$type = DOKU_CHANGE_TYPE_MINOR_EDIT;
} //minor edits only for logged in users
@ -1164,6 +1196,8 @@ function saveOldRevision($id) {
*/
function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace = array()) {
global $conf;
/* @var Input $INPUT */
global $INPUT;
// decide if there is something to do, eg. whom to mail
if($who == 'admin') {
@ -1172,7 +1206,7 @@ function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace =
$to = $conf['notify'];
} elseif($who == 'subscribers') {
if(!actionOK('subscribe')) return false; //subscribers enabled?
if($conf['useacl'] && $_SERVER['REMOTE_USER'] && $minor) return false; //skip minors
if($conf['useacl'] && $INPUT->server->str('REMOTE_USER') && $minor) return false; //skip minors
$data = array('id' => $id, 'addresslist' => '', 'self' => false);
trigger_event(
'COMMON_NOTIFY_ADDRESSLIST', $data,
@ -1197,10 +1231,13 @@ function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace =
* @author Todd Augsburger <todd@rollerorgans.com>
*/
function getGoogleQuery() {
if(!isset($_SERVER['HTTP_REFERER'])) {
/* @var Input $INPUT */
global $INPUT;
if(!$INPUT->server->has('HTTP_REFERER')) {
return '';
}
$url = parse_url($_SERVER['HTTP_REFERER']);
$url = parse_url($INPUT->server->str('HTTP_REFERER'));
// only handle common SEs
if(!preg_match('/(google|bing|yahoo|ask|duckduckgo|babylon|aol|yandex)/',$url['host'])) return '';
@ -1523,6 +1560,9 @@ function is_mem_available($mem, $bytes = 1048576) {
* @author Andreas Gohr <andi@splitbrain.org>
*/
function send_redirect($url) {
/* @var Input $INPUT */
global $INPUT;
//are there any undisplayed messages? keep them in session for display
global $MSG;
if(isset($MSG) && count($MSG) && !defined('NOSESSION')) {
@ -1546,9 +1586,9 @@ function send_redirect($url) {
}
// check if running on IIS < 6 with CGI-PHP
if(isset($_SERVER['SERVER_SOFTWARE']) && isset($_SERVER['GATEWAY_INTERFACE']) &&
(strpos($_SERVER['GATEWAY_INTERFACE'], 'CGI') !== false) &&
(preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($_SERVER['SERVER_SOFTWARE']), $matches)) &&
if($INPUT->server->has('SERVER_SOFTWARE') && $INPUT->server->has('GATEWAY_INTERFACE') &&
(strpos($INPUT->server->str('GATEWAY_INTERFACE'), 'CGI') !== false) &&
(preg_match('|^Microsoft-IIS/(\d)\.\d$|', trim($INPUT->server->str('SERVER_SOFTWARE')), $matches)) &&
$matches[1] < 6
) {
header('Refresh: 0;url='.$url);

9
inc/infoutils.php
View File

@ -102,6 +102,8 @@ function getVersion(){
function check(){
global $conf;
global $INFO;
/* @var Input $INPUT */
global $INPUT;
if ($INFO['isadmin'] || $INFO['ismanager']){
msg('DokuWiki version: '.getVersion(),1);
@ -204,7 +206,7 @@ function check(){
}
if($INFO['userinfo']['name']){
msg('You are currently logged in as '.$_SERVER['REMOTE_USER'].' ('.$INFO['userinfo']['name'].')',0);
msg('You are currently logged in as '.$INPUT->server->str('REMOTE_USER').' ('.$INFO['userinfo']['name'].')',0);
msg('You are part of the groups '.join($INFO['userinfo']['grps'],', '),0);
}else{
msg('You are currently not logged in',0);
@ -361,6 +363,9 @@ function dbg($msg,$hidden=false){
*/
function dbglog($msg,$header=''){
global $conf;
/* @var Input $INPUT */
global $INPUT;
// The debug log isn't automatically cleaned thus only write it when
// debugging has been enabled by the user.
if($conf['allowdebug'] !== 1) return;
@ -373,7 +378,7 @@ function dbglog($msg,$header=''){
$file = $conf['cachedir'].'/debug.log';
$fh = fopen($file,'a');
if($fh){
fwrite($fh,date('H:i:s ').$_SERVER['REMOTE_ADDR'].': '.$msg."\n");
fwrite($fh,date('H:i:s ').$INPUT->server->str('REMOTE_ADDR').': '.$msg."\n");
fclose($fh);
}
}

4
inc/init.php
View File

@ -402,6 +402,10 @@ function remove_magic_quotes(&$array) {
* Returns the full absolute URL to the directory where
* DokuWiki is installed in (includes a trailing slash)
*
* !! Can not access $_SERVER values through $INPUT
* !! here as this function is called before $INPUT is
* !! initialized.
*
* @author Andreas Gohr <andi@splitbrain.org>
*/
function getBaseURL($abs=null){

9
inc/mail.php
View File

@ -40,6 +40,8 @@ if (!defined('PREG_PATTERN_VALID_EMAIL')) define('PREG_PATTERN_VALID_EMAIL', '['
function mail_setup(){
global $conf;
global $USERINFO;
/** @var Input $INPUT */
global $INPUT;
// auto constructed address
$host = @parse_url(DOKU_URL,PHP_URL_HOST);
@ -53,11 +55,8 @@ function mail_setup(){
$replace['@MAIL@'] = $noreply;
}
if(!empty($_SERVER['REMOTE_USER'])){
$replace['@USER@'] = $_SERVER['REMOTE_USER'];
}else{
$replace['@USER@'] = 'noreply';
}
// use 'noreply' if no user
$replace['@USER@'] = $INPUT->server->str('REMOTE_USER', 'noreply', true);
if(!empty($USERINFO['name'])){
$replace['@NAME@'] = $USERINFO['name'];

19
inc/pageutils.php
View File

@ -19,6 +19,7 @@
* @author Andreas Gohr <andi@splitbrain.org>
*/
function getID($param='id',$clean=true){
/** @var Input $INPUT */
global $INPUT;
global $conf;
global $ACT;
@ -27,7 +28,7 @@ function getID($param='id',$clean=true){
//construct page id from request URI
if(empty($id) && $conf['userewrite'] == 2){
$request = $_SERVER['REQUEST_URI'];
$request = $INPUT->server->str('REQUEST_URI');
$script = '';
//get the script URL
@ -36,15 +37,15 @@ function getID($param='id',$clean=true){
if($param != 'id') {
$relpath = 'lib/exe/';
}
$script = $conf['basedir'].$relpath.utf8_basename($_SERVER['SCRIPT_FILENAME']);
$script = $conf['basedir'].$relpath.utf8_basename($INPUT->server->str('SCRIPT_FILENAME'));
}elseif($_SERVER['PATH_INFO']){
$request = $_SERVER['PATH_INFO'];
}elseif($_SERVER['SCRIPT_NAME']){
$script = $_SERVER['SCRIPT_NAME'];
}elseif($_SERVER['DOCUMENT_ROOT'] && $_SERVER['SCRIPT_FILENAME']){
$script = preg_replace ('/^'.preg_quote($_SERVER['DOCUMENT_ROOT'],'/').'/','',
$_SERVER['SCRIPT_FILENAME']);
}elseif($INPUT->server->str('PATH_INFO')){
$request = $INPUT->server->str('PATH_INFO');
}elseif($INPUT->server->str('SCRIPT_NAME')){
$script = $INPUT->server->str('SCRIPT_NAME');
}elseif($INPUT->server->str('DOCUMENT_ROOT') && $INPUT->server->str('SCRIPT_FILENAME')){
$script = preg_replace ('/^'.preg_quote($INPUT->server->str('DOCUMENT_ROOT'),'/').'/','',
$INPUT->server->str('SCRIPT_FILENAME'));
$script = '/'.$script;
}

5
inc/remote.php
View File

@ -169,6 +169,9 @@ class RemoteAPI {
public function hasAccess() {
global $conf;
global $USERINFO;
/** @var Input $INPUT */
global $INPUT;
if (!$conf['remote']) {
return false;
}
@ -179,7 +182,7 @@ class RemoteAPI {
return true;
}
return auth_isMember($conf['remoteuser'], $_SERVER['REMOTE_USER'], (array) $USERINFO['grps']);
return auth_isMember($conf['remoteuser'], $INPUT->server->str('REMOTE_USER'), (array) $USERINFO['grps']);
}
/**

18
inc/subscription.php
View File

@ -256,8 +256,10 @@ class Subscription {
if(!$this->isenabled()) return false;
global $ID;
/** @var Input $INPUT */
global $INPUT;
if(!$id) $id = $ID;
if(!$user) $user = $_SERVER['REMOTE_USER'];
if(!$user) $user = $INPUT->server->str('REMOTE_USER');
$subs = $this->subscribers($id, $user);
if(!count($subs)) return false;
@ -292,13 +294,15 @@ class Subscription {
global $auth;
global $conf;
global $USERINFO;
/** @var Input $INPUT */
global $INPUT;
$count = 0;
$subscriptions = $this->subscribers($page, null, array('digest', 'list'));
// remember current user info
$olduinfo = $USERINFO;
$olduser = $_SERVER['REMOTE_USER'];
$olduser = $INPUT->server->str('REMOTE_USER');
foreach($subscriptions as $target => $users) {
if(!$this->lock($target)) continue;
@ -315,7 +319,7 @@ class Subscription {
// Work as the user to make sure ACLs apply correctly
$USERINFO = $auth->getUserData($user);
$_SERVER['REMOTE_USER'] = $user;
$INPUT->server->set('REMOTE_USER',$user);
if($USERINFO === false) continue;
if(!$USERINFO['mail']) continue;
@ -334,7 +338,7 @@ class Subscription {
foreach($changes as $rev) {
$n = 0;
while(!is_null($rev) && $rev['date'] >= $lastupdate &&
($_SERVER['REMOTE_USER'] === $rev['user'] ||
($INPUT->server->str('REMOTE_USER') === $rev['user'] ||
$rev['type'] === DOKU_CHANGE_TYPE_MINOR_EDIT)) {
$rev = getRevisions($rev['id'], $n++, 1);
$rev = (count($rev) > 0) ? $rev[0] : null;
@ -369,7 +373,7 @@ class Subscription {
// restore current user info
$USERINFO = $olduinfo;
$_SERVER['REMOTE_USER'] = $olduser;
$INPUT->server->set('REMOTE_USER',$olduser);
return $count;
}
@ -654,6 +658,8 @@ class Subscription {
/** @var DokuWiki_Auth_Plugin $auth */
global $auth;
global $conf;
/** @var Input $INPUT */
global $INPUT;
$id = $data['id'];
$self = $data['self'];
@ -667,7 +673,7 @@ class Subscription {
$userinfo = $auth->getUserData($user);
if($userinfo === false) continue;
if(!$userinfo['mail']) continue;
if(!$self && $user == $_SERVER['REMOTE_USER']) continue; //skip our own changes
if(!$self && $user == $INPUT->server->str('REMOTE_USER')) continue; //skip our own changes
$level = auth_aclcheck($id, $user, $userinfo['grps']);
if($level >= AUTH_READ) {

39
inc/template.php
View File

@ -291,6 +291,8 @@ function tpl_metaheaders($alt = true) {
global $lang;
global $conf;
global $updateVersion;
/** @var Input $INPUT */
global $INPUT;
// prepare the head array
$head = array();
@ -401,7 +403,7 @@ function tpl_metaheaders($alt = true) {
// make $INFO and other vars available to JavaScripts
$json = new JSON();
$script = "var NS='".$INFO['namespace']."';";
if($conf['useacl'] && !empty($_SERVER['REMOTE_USER'])) {
if($conf['useacl'] && $INPUT->server->str('REMOTE_USER')) {
$script .= "var SIG='".toolbar_signature()."';";
}
$script .= 'var JSINFO = '.$json->encode($JSINFO).';';
@ -603,6 +605,8 @@ function tpl_get_action($type) {
global $REV;
global $ACT;
global $conf;
/** @var Input $INPUT */
global $INPUT;
// check disabled actions and fix the badly named ones
if($type == 'history') $type = 'revisions';
@ -672,7 +676,7 @@ function tpl_get_action($type) {
break;
case 'login':
$params['sectok'] = getSecurityToken();
if(isset($_SERVER['REMOTE_USER'])) {
if($INPUT->server->has('REMOTE_USER')) {
if(!actionOK('logout')) {
return false;
}
@ -681,12 +685,12 @@ function tpl_get_action($type) {
}
break;
case 'register':
if(!empty($_SERVER['REMOTE_USER'])) {
if($INPUT->server->str('REMOTE_USER')) {
return false;
}
break;
case 'resendpwd':
if(!empty($_SERVER['REMOTE_USER'])) {
if($INPUT->server->str('REMOTE_USER')) {
return false;
}
break;
@ -703,14 +707,14 @@ function tpl_get_action($type) {
$params['sectok'] = getSecurityToken();
break;
case 'subscribe':
if(!$_SERVER['REMOTE_USER']) {
if(!$INPUT->server->str('REMOTE_USER')) {
return false;
}
break;
case 'backlink':
break;
case 'profile':
if(!isset($_SERVER['REMOTE_USER'])) {
if(!$INPUT->server->has('REMOTE_USER')) {
return false;
}
break;
@ -886,8 +890,11 @@ function tpl_youarehere($sep = ' » ') {
function tpl_userinfo() {
global $lang;
global $INFO;
if(isset($_SERVER['REMOTE_USER'])) {
print $lang['loggedinas'].': <bdi>'.hsc($INFO['userinfo']['name']).'</bdi> (<bdi>'.hsc($_SERVER['REMOTE_USER']).'</bdi>)';
/** @var Input $INPUT */
global $INPUT;
if($INPUT->server->str('REMOTE_USER')) {
print $lang['loggedinas'].': <bdi>'.hsc($INFO['userinfo']['name']).'</bdi> (<bdi>'.hsc($INPUT->server->str('REMOTE_USER')).'</bdi>)';
return true;
}
return false;
@ -1030,6 +1037,7 @@ function tpl_img_getTag($tags, $alt = '', $src = null) {
*/
function tpl_img($maxwidth = 0, $maxheight = 0, $link = true, $params = null) {
global $IMG;
/** @var Input $INPUT */
global $INPUT;
$w = tpl_img_getTag('File.Width');
$h = tpl_img_getTag('File.Height');
@ -1242,6 +1250,7 @@ function tpl_mediaContent($fromajax = false, $sort='natural') {
global $INUSE;
global $NS;
global $JUMPTO;
/** @var Input $INPUT */
global $INPUT;
$do = $INPUT->extract('do')->str('do');
@ -1291,6 +1300,7 @@ function tpl_mediaFileList() {
global $NS;
global $JUMPTO;
global $lang;
/** @var Input $INPUT */
global $INPUT;
$opened_tab = $INPUT->str('tab_files');
@ -1331,7 +1341,9 @@ function tpl_mediaFileList() {
* @author Kate Arzamastseva <pshns@ukr.net>
*/
function tpl_mediaFileDetails($image, $rev) {
global $AUTH, $NS, $conf, $DEL, $lang, $INPUT;
global $AUTH, $NS, $conf, $DEL, $lang;
/** @var Input $INPUT */
global $INPUT;
$removed = (!file_exists(mediaFN($image)) && file_exists(mediaMetaFN($image, '.changes')) && $conf['mediarevisions']);
if(!$image || (!file_exists(mediaFN($image)) && !$removed) || $DEL) return;
@ -1409,12 +1421,14 @@ function tpl_actiondropdown($empty = '', $button = '&gt;') {
global $ID;
global $REV;
global $lang;
/** @var Input $INPUT */
global $INPUT;
echo '<form action="'.script().'" method="get" accept-charset="utf-8">';
echo '<div class="no">';
echo '<input type="hidden" name="id" value="'.$ID.'" />';
if($REV) echo '<input type="hidden" name="rev" value="'.$REV.'" />';
if (!empty($_SERVER['REMOTE_USER'])) {
if ($INPUT->server->str('REMOTE_USER')) {
echo '<input type="hidden" name="sectok" value="'.getSecurityToken().'" />';
}
@ -1780,11 +1794,14 @@ function tpl_media() {
*/
function tpl_classes() {
global $ACT, $conf, $ID, $INFO;
/** @var Input $INPUT */
global $INPUT;
$classes = array(
'dokuwiki',
'mode_'.$ACT,
'tpl_'.$conf['template'],
!empty($_SERVER['REMOTE_USER']) ? 'loggedIn' : '',
$INPUT->server->bool('REMOTE_USER') ? 'loggedIn' : '',
$INFO['exists'] ? '' : 'notFound',
($ID == $conf['start']) ? 'home' : '',
);

4
inc/toolbar.php
View File

@ -241,10 +241,12 @@ function toolbar_JSdefines($varname){
function toolbar_signature(){
global $conf;
global $INFO;
/** @var Input $INPUT */
global $INPUT;
$sig = $conf['signature'];
$sig = dformat(null,$sig);
$sig = str_replace('@USER@',$_SERVER['REMOTE_USER'],$sig);
$sig = str_replace('@USER@',$INPUT->server->str('REMOTE_USER'),$sig);
$sig = str_replace('@NAME@',$INFO['userinfo']['name'],$sig);
$sig = str_replace('@MAIL@',$INFO['userinfo']['mail'],$sig);
$sig = str_replace('@DATE@',dformat(),$sig);