From bbfd05c0c40703399e633151713a09c6f9fbe9a0 Mon Sep 17 00:00:00 2001
From: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Mon, 25 Jan 2010 18:19:44 +0000
Subject: Fixes #1450, Fixes #1461: Using $_SERVER['REQUEST_URI'] to pull in
 GET params on apache servers.

git-svn-id: http://code.elgg.org/elgg/trunk@3840 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/actions.php | 25 ++++---------------------
 engine/lib/input.php   | 17 +++++++++++++++++
 2 files changed, 21 insertions(+), 21 deletions(-)

(limited to 'engine/lib')

diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index eafb42155..bd3bdb80a 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -21,6 +21,9 @@
 function action($action, $forwarder = "") {
 	global $CONFIG;
 
+	// set GET params
+	elgg_set_input_from_uri();
+
 	// @todo REMOVE THESE EXCEPTIONS IN 1.8.
 	// These are only to provide a way to disable plugins that overwrite core
 	// UI without tokens.  (And for installation because of session_id problems)
@@ -31,27 +34,7 @@ function action($action, $forwarder = "") {
 
 	if (!in_array($action, $exceptions)) {
 		// All actions require a token.
-		if (!action_gatekeeper()) {
-			$message = "ERROR: $action was called without an action token and has been ignored.  This is usually caused by outdated 3rd party plugins.";
-
-			error_log($message);
-			register_error($message);
-			forward();
-		}
-	}
-
-	// if there are any query parameters, make them available from get_input
-	if (strpos($_SERVER['REQUEST_URI'], '?') !== FALSE) {
-		$query = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1);
-		if (isset($query)) {
-			parse_str($query, $query_arr);
-			if (is_array($query_arr)) {
-				foreach($query_arr as $name => $val) {
-					// should we trim name and val?
-					set_input($name, $val);
-				}
-			}
-		}
+		action_gatekeeper();
 	}
 
 	$forwarder = str_replace($CONFIG->url, "", $forwarder);
diff --git a/engine/lib/input.php b/engine/lib/input.php
index f59061312..27204682f 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -166,6 +166,23 @@ function autop($pee, $br = 1) {
 	return $pee;
 }
 
+/**
+ * Examins $_SERVER['REQUEST_URI'] and set_input()s on each.
+ * Required if the params are sent as GET and not forwarded by mod_rewrite.
+ *
+ * @return bool on success
+ */
+function elgg_set_input_from_uri() {
+	$query = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY);
+	parse_str($query, $query_arr);
+
+	if (is_array($query_arr)) {
+		foreach($query_arr as $name => $val) {
+			set_input($name, $val);
+		}
+	}
+}
+
 /**
  * Page handler for autocomplete endpoint.
  *
-- 
cgit v1.2.3