From bbfd05c0c40703399e633151713a09c6f9fbe9a0 Mon Sep 17 00:00:00 2001 From: brettp Date: Mon, 25 Jan 2010 18:19:44 +0000 Subject: Fixes #1450, Fixes #1461: Using $_SERVER['REQUEST_URI'] to pull in GET params on apache servers. git-svn-id: http://code.elgg.org/elgg/trunk@3840 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/actions.php | 25 ++++--------------------- engine/lib/input.php | 17 +++++++++++++++++ 2 files changed, 21 insertions(+), 21 deletions(-) (limited to 'engine') diff --git a/engine/lib/actions.php b/engine/lib/actions.php index eafb42155..bd3bdb80a 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -21,6 +21,9 @@ function action($action, $forwarder = "") { global $CONFIG; + // set GET params + elgg_set_input_from_uri(); + // @todo REMOVE THESE EXCEPTIONS IN 1.8. // These are only to provide a way to disable plugins that overwrite core // UI without tokens. (And for installation because of session_id problems) @@ -31,27 +34,7 @@ function action($action, $forwarder = "") { if (!in_array($action, $exceptions)) { // All actions require a token. - if (!action_gatekeeper()) { - $message = "ERROR: $action was called without an action token and has been ignored. This is usually caused by outdated 3rd party plugins."; - - error_log($message); - register_error($message); - forward(); - } - } - - // if there are any query parameters, make them available from get_input - if (strpos($_SERVER['REQUEST_URI'], '?') !== FALSE) { - $query = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1); - if (isset($query)) { - parse_str($query, $query_arr); - if (is_array($query_arr)) { - foreach($query_arr as $name => $val) { - // should we trim name and val? - set_input($name, $val); - } - } - } + action_gatekeeper(); } $forwarder = str_replace($CONFIG->url, "", $forwarder); diff --git a/engine/lib/input.php b/engine/lib/input.php index f59061312..27204682f 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -166,6 +166,23 @@ function autop($pee, $br = 1) { return $pee; } +/** + * Examins $_SERVER['REQUEST_URI'] and set_input()s on each. + * Required if the params are sent as GET and not forwarded by mod_rewrite. + * + * @return bool on success + */ +function elgg_set_input_from_uri() { + $query = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY); + parse_str($query, $query_arr); + + if (is_array($query_arr)) { + foreach($query_arr as $name => $val) { + set_input($name, $val); + } + } +} + /** * Page handler for autocomplete endpoint. * -- cgit v1.2.3