aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-09-24 18:46:38 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-09-24 18:46:38 +0000
commit902c59bac60e7e9c8b494aff311effbe257963a4 (patch)
treedc1c4ace13968a062a612c796a5de357fab60a51 /engine/lib
parent6c037137c078b8ebe04efb6923b7f04921badb66 (diff)
downloadelgg-902c59bac60e7e9c8b494aff311effbe257963a4.tar.gz
elgg-902c59bac60e7e9c8b494aff311effbe257963a4.tar.bz2
Refs #2459: Merged [6927] to trunk.
git-svn-id: http://code.elgg.org/elgg/trunk@6964 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/api.php29
1 files changed, 16 insertions, 13 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php
index d6e4557cb..6aae62616 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -143,8 +143,9 @@ function authenticate_method($method) {
throw new APIException(sprintf(elgg_echo('APIException:MethodCallNotImplemented'), $method));
}
- // make sure that POST variables are available if relevant
- if (get_call_method() === 'POST') {
+ // make sure that POST variables are available if needed
+ // @todo this may not be needed anymore due to adding %{QUERY_STRING} in .htaccess in 1.7.2
+ if (get_call_method() === 'POST' && empty($_POST)) {
include_post_data();
}
@@ -269,19 +270,11 @@ function get_parameters_for_method($method) {
/**
* Get POST data
* Since this is called through a handler, we need to manually get the post data
- * @return POST data from PHP
+ * @return POST data as string encoded as multipart/form-data
*/
function get_post_data() {
- global $GLOBALS;
- $postdata = '';
- if (isset($GLOBALS['HTTP_RAW_POST_DATA']))
- $postdata = $GLOBALS['HTTP_RAW_POST_DATA'];
-
- // Attempt another method to return post data (incase always_populate_raw_post_data is switched off)
- if (!$postdata) {
- $postdata = file_get_contents('php://input');
- }
+ $postdata = file_get_contents('php://input');
return $postdata;
}
@@ -296,11 +289,21 @@ function include_post_data() {
if (isset($postdata)) {
$query_arr = elgg_parse_str($postdata);
+
+ // grrrr... magic quotes is turned on so we need to strip slashes
+ if (ini_get_bool('magic_quotes_gpc')) {
+ if (function_exists('stripslashes_deep')) {
+ // defined in input.php to handle magic quotes
+ $query_arr = stripslashes_deep($query_arr);
+ }
+ }
+
if (is_array($query_arr)) {
- foreach($query_arr as $name => $val) {
+ foreach ($query_arr as $name => $val) {
set_input($name, $val);
}
}
+
}
}