diff options
Diffstat (limited to 'engine/lib/api.php')
-rw-r--r-- | engine/lib/api.php | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php index d6e4557cb..6aae62616 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -143,8 +143,9 @@ function authenticate_method($method) { throw new APIException(sprintf(elgg_echo('APIException:MethodCallNotImplemented'), $method)); } - // make sure that POST variables are available if relevant - if (get_call_method() === 'POST') { + // make sure that POST variables are available if needed + // @todo this may not be needed anymore due to adding %{QUERY_STRING} in .htaccess in 1.7.2 + if (get_call_method() === 'POST' && empty($_POST)) { include_post_data(); } @@ -269,19 +270,11 @@ function get_parameters_for_method($method) { /** * Get POST data * Since this is called through a handler, we need to manually get the post data - * @return POST data from PHP + * @return POST data as string encoded as multipart/form-data */ function get_post_data() { - global $GLOBALS; - $postdata = ''; - if (isset($GLOBALS['HTTP_RAW_POST_DATA'])) - $postdata = $GLOBALS['HTTP_RAW_POST_DATA']; - - // Attempt another method to return post data (incase always_populate_raw_post_data is switched off) - if (!$postdata) { - $postdata = file_get_contents('php://input'); - } + $postdata = file_get_contents('php://input'); return $postdata; } @@ -296,11 +289,21 @@ function include_post_data() { if (isset($postdata)) { $query_arr = elgg_parse_str($postdata); + + // grrrr... magic quotes is turned on so we need to strip slashes + if (ini_get_bool('magic_quotes_gpc')) { + if (function_exists('stripslashes_deep')) { + // defined in input.php to handle magic quotes + $query_arr = stripslashes_deep($query_arr); + } + } + if (is_array($query_arr)) { - foreach($query_arr as $name => $val) { + foreach ($query_arr as $name => $val) { set_input($name, $val); } } + } } |