diff options
author | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-09-24 18:46:38 +0000 |
---|---|---|
committer | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-09-24 18:46:38 +0000 |
commit | 902c59bac60e7e9c8b494aff311effbe257963a4 (patch) | |
tree | dc1c4ace13968a062a612c796a5de357fab60a51 /engine/lib | |
parent | 6c037137c078b8ebe04efb6923b7f04921badb66 (diff) | |
download | elgg-902c59bac60e7e9c8b494aff311effbe257963a4.tar.gz elgg-902c59bac60e7e9c8b494aff311effbe257963a4.tar.bz2 |
Refs #2459: Merged [6927] to trunk.
git-svn-id: http://code.elgg.org/elgg/trunk@6964 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r-- | engine/lib/api.php | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php index d6e4557cb..6aae62616 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -143,8 +143,9 @@ function authenticate_method($method) { throw new APIException(sprintf(elgg_echo('APIException:MethodCallNotImplemented'), $method)); } - // make sure that POST variables are available if relevant - if (get_call_method() === 'POST') { + // make sure that POST variables are available if needed + // @todo this may not be needed anymore due to adding %{QUERY_STRING} in .htaccess in 1.7.2 + if (get_call_method() === 'POST' && empty($_POST)) { include_post_data(); } @@ -269,19 +270,11 @@ function get_parameters_for_method($method) { /** * Get POST data * Since this is called through a handler, we need to manually get the post data - * @return POST data from PHP + * @return POST data as string encoded as multipart/form-data */ function get_post_data() { - global $GLOBALS; - $postdata = ''; - if (isset($GLOBALS['HTTP_RAW_POST_DATA'])) - $postdata = $GLOBALS['HTTP_RAW_POST_DATA']; - - // Attempt another method to return post data (incase always_populate_raw_post_data is switched off) - if (!$postdata) { - $postdata = file_get_contents('php://input'); - } + $postdata = file_get_contents('php://input'); return $postdata; } @@ -296,11 +289,21 @@ function include_post_data() { if (isset($postdata)) { $query_arr = elgg_parse_str($postdata); + + // grrrr... magic quotes is turned on so we need to strip slashes + if (ini_get_bool('magic_quotes_gpc')) { + if (function_exists('stripslashes_deep')) { + // defined in input.php to handle magic quotes + $query_arr = stripslashes_deep($query_arr); + } + } + if (is_array($query_arr)) { - foreach($query_arr as $name => $val) { + foreach ($query_arr as $name => $val) { set_input($name, $val); } } + } } |