aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--engine/lib/api.php29
1 files changed, 16 insertions, 13 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php
index d6e4557cb..6aae62616 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -143,8 +143,9 @@ function authenticate_method($method) {
throw new APIException(sprintf(elgg_echo('APIException:MethodCallNotImplemented'), $method));
}
- // make sure that POST variables are available if relevant
- if (get_call_method() === 'POST') {
+ // make sure that POST variables are available if needed
+ // @todo this may not be needed anymore due to adding %{QUERY_STRING} in .htaccess in 1.7.2
+ if (get_call_method() === 'POST' && empty($_POST)) {
include_post_data();
}
@@ -269,19 +270,11 @@ function get_parameters_for_method($method) {
/**
* Get POST data
* Since this is called through a handler, we need to manually get the post data
- * @return POST data from PHP
+ * @return POST data as string encoded as multipart/form-data
*/
function get_post_data() {
- global $GLOBALS;
- $postdata = '';
- if (isset($GLOBALS['HTTP_RAW_POST_DATA']))
- $postdata = $GLOBALS['HTTP_RAW_POST_DATA'];
-
- // Attempt another method to return post data (incase always_populate_raw_post_data is switched off)
- if (!$postdata) {
- $postdata = file_get_contents('php://input');
- }
+ $postdata = file_get_contents('php://input');
return $postdata;
}
@@ -296,11 +289,21 @@ function include_post_data() {
if (isset($postdata)) {
$query_arr = elgg_parse_str($postdata);
+
+ // grrrr... magic quotes is turned on so we need to strip slashes
+ if (ini_get_bool('magic_quotes_gpc')) {
+ if (function_exists('stripslashes_deep')) {
+ // defined in input.php to handle magic quotes
+ $query_arr = stripslashes_deep($query_arr);
+ }
+ }
+
if (is_array($query_arr)) {
- foreach($query_arr as $name => $val) {
+ foreach ($query_arr as $name => $val) {
set_input($name, $val);
}
}
+
}
}