From 13c17d0cc9cc901c74469ece3c7646f830ca9623 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Sun, 23 Nov 2003 22:46:01 +0000
Subject: [PATCH] Commit JeLuF's register_globals fixes, first phase

---
 includes/Article.php                    |  5 +++++
 includes/EditPage.php                   | 10 ++++++++++
 includes/Setup.php                      | 13 +++++++++----
 includes/SpecialAsksql.php              |  2 ++
 includes/SpecialBlockip.php             |  9 +++++++--
 includes/SpecialEmailuser.php           |  6 +++++-
 includes/SpecialImagelist.php           |  3 +++
 includes/SpecialPreferences.php         | 22 ++++++++++++++++++++--
 includes/SpecialRecentchanges.php       |  5 +++++
 includes/SpecialRecentchangeslinked.php |  4 ++++
 includes/SpecialUndelete.php            |  2 ++
 includes/SpecialUnusedimages.php        |  3 +++
 includes/SpecialUpload.php              | 22 ++++++++++++++++++++++
 includes/SpecialUserlogin.php           | 15 +++++++++++++++
 includes/SpecialWatchlist.php           |  4 ++++
 includes/User.php                       |  5 +++++
 16 files changed, 121 insertions(+), 9 deletions(-)

diff --git a/includes/Article.php b/includes/Article.php
index 7592c7b3a6..c988c80a88 100644
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -42,6 +42,8 @@ class Article {
 	function getContent( $noredir = false )
 	{
 		global $action,$section,$count; # From query string
+		$section = $_REQUEST["section"];
+		$count   = $_REQUEST['count'];
 		$fname =  "Article::getContent"; 
 		wfProfileIn( $fname );
 
@@ -700,6 +702,8 @@ class Article {
 	{
 		global $wgUser, $wgOut;
 		global $wpConfirm, $wpReason, $image, $oldimage;
+		$wpReason  = $_REQUEST["wpReason"];
+		$wpConfirm = $_REQUEST["wpConfirm"];
 
 		# This code desperately needs to be totally rewritten
 		
@@ -952,6 +956,7 @@ class Article {
 	function rollback()
 	{
 		global $wgUser, $wgLang, $wgOut, $from;
+		$from = $_REQUEST["from"];
 
 		if ( ! $wgUser->isSysop() ) {
 			$wgOut->sysopRequired();
diff --git a/includes/EditPage.php b/includes/EditPage.php
index 43aafdf368..8879d61005 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -22,6 +22,16 @@ class EditPage {
 		global $wgOut, $wgUser, $wgWhitelistEdit;
 		global $wpTextbox1, $wpSummary, $wpSave, $wpPreview;
 		global $wpMinoredit, $wpEdittime, $wpTextbox2;
+		global $wpSection , $wpWatchthis;
+		$wpTextbox1 = $_REQUEST["wpTextbox1"];
+		$wpSummary  = $_REQUEST["wpSummary"];
+		$wpSave     = $_REQUEST["wpSave"];
+		$wpPreview  = $_REQUEST["wpPreview"];
+		$wpMinoredit= $_REQUEST["wpMinoredit"];
+		$wpEdittime = $_REQUEST["wpEdittime"];
+		$wpTextbox2 = $_REQUEST["wpTextbox2"];
+		$wpWatchthis = $_REQUEST["wpWatchthis"];
+		$wpSection = $_REQUEST["wpSection"];
 
 		$fields = array( "wpTextbox1", "wpSummary", "wpTextbox2" );
 		wfCleanFormFields( $fields );
diff --git a/includes/Setup.php b/includes/Setup.php
index 3079dc5e88..5306ca51d9 100644
--- a/includes/Setup.php
+++ b/includes/Setup.php
@@ -91,10 +91,15 @@ if( !$wgCommandLineMode ) {
 	session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain );
 	session_cache_limiter( "private, must-revalidate" );
 	session_start();
-	session_register( "wsUserID" );
-	session_register( "wsUserName" );
-	session_register( "wsUserPassword" );
-	session_register( "wsUploadFiles" );
+	global $wsUserID, $wsUserName, $wsUserPassword, $wsUploadFiles;
+	# Reaad back session variables
+	$wsUserID       = $_SESSION["wsUserID"];
+	$wsUserName     = $_SESSION["wsUserName"];
+	$wsUserPassword = $_SESSION["wsUserPassword"];
+	$wsUploadFiles  = $_SESSION["wsUploadFiles"];
+
+
+
 }
 
 $wgUser = User::loadFromSession();
diff --git a/includes/SpecialAsksql.php b/includes/SpecialAsksql.php
index a4ecf023d3..a52aa1f28c 100644
--- a/includes/SpecialAsksql.php
+++ b/includes/SpecialAsksql.php
@@ -23,6 +23,7 @@ class SqlQueryForm {
 		global $wgOut, $wgUser, $wgLang;
 		global $wpSqlQuery;
 		global $wgLogQueries;
+		$wpSqlQuery = $_REQUEST["wpSqlQuery"];
 
 		$wgOut->setPagetitle( wfMsg( "asksql" ) );
 		$note = wfMsg( "asksqltext" );
@@ -61,6 +62,7 @@ class SqlQueryForm {
 		global $wgOut, $wgUser, $wgServer, $wgScript, $wgArticlePath, $wgLang;
 		global $wpSqlQuery;
 		global $wgDBsqluser, $wgDBsqlpassword;
+		$wpSqlQuery = $_REQUEST["wpSqlQuery"];
 
 		# Use a limit, folks!
 		$wpSqlQuery = trim( $wpSqlQuery );
diff --git a/includes/SpecialBlockip.php b/includes/SpecialBlockip.php
index f03e535db3..6851d997e9 100644
--- a/includes/SpecialBlockip.php
+++ b/includes/SpecialBlockip.php
@@ -23,6 +23,9 @@ class IPBlockForm {
 	{
 		global $wgOut, $wgUser, $wgLang;
 		global $ip, $wpBlockAddress, $wpBlockReason;
+		$wpBlockAddress  = $_REQUEST["wpBlockAddress"];
+		$wpBlockReason   = $_REQUEST["wpBlockReason"];
+		$ip              = $_REQUEST["ip"];
 
 		$wgOut->setPagetitle( wfMsg( "blockip" ) );
 		$wgOut->addWikiText( wfMsg( "blockiptext" ) );
@@ -60,6 +63,9 @@ class IPBlockForm {
 	{
 		global $wgOut, $wgUser, $wgLang;
 		global $ip, $wpBlockAddress, $wpBlockReason, $wgSysopUserBans;
+		$wpBlockAddress  = $_REQUEST["wpBlockAddress"];
+		$wpBlockReason   = $_REQUEST["wpBlockReason"];
+		$ip              = $_REQUEST["ip"];
 		
 		$userId = 0;
 		$wpBlockAddress = trim( $wpBlockAddress );
@@ -103,11 +109,10 @@ class IPBlockForm {
 	function showSuccess()
 	{
 		global $wgOut, $wgUser;
-		global $ip;
 
 		$wgOut->setPagetitle( wfMsg( "blockip" ) );
 		$wgOut->setSubtitle( wfMsg( "blockipsuccesssub" ) );
-		$text = wfMsg( "blockipsuccesstext", $ip );
+		$text = wfMsg( "blockipsuccesstext", $_REQUEST["ip"] );
 		$wgOut->addWikiText( $text );
 	}
 }
diff --git a/includes/SpecialEmailuser.php b/includes/SpecialEmailuser.php
index ababac206f..4140f1486d 100644
--- a/includes/SpecialEmailuser.php
+++ b/includes/SpecialEmailuser.php
@@ -53,6 +53,8 @@ class EmailUserForm {
 	{
 		global $wgOut, $wgUser, $wgLang;
 		global $wpSubject, $wpText, $target;
+		$wpSubject = $_REQUEST["wpSubject"];
+		$wpText    = $_REQUEST["wpText"];
 
 		$wgOut->setPagetitle( wfMsg( "emailpage" ) );
 		$wgOut->addWikiText( wfMsg( "emailpagetext" ) );
@@ -105,9 +107,11 @@ class EmailUserForm {
 	{
 		global $wgOut, $wgUser, $wgLang, $wgOutputEncoding;
 		global $wpSubject, $wpText, $target;
+		$wpSubject = $_REQUEST["wpSubject"];
+		$wpText    = $_REQUEST["wpText"];
 	    
 		$from = wfQuotedPrintable( $wgUser->getName() ) . " <" . $wgUser->getEmail() . ">";
-  	    $to = wfQuotedPrintable( $this->mAddress );
+  	        $to = wfQuotedPrintable( $this->mAddress );
 
 		$headers =
 			"MIME-Version: 1.0\r\n" .
diff --git a/includes/SpecialImagelist.php b/includes/SpecialImagelist.php
index 9224467145..d7fde56ba0 100644
--- a/includes/SpecialImagelist.php
+++ b/includes/SpecialImagelist.php
@@ -4,6 +4,9 @@ function wfSpecialImagelist()
 {
 	global $wgUser, $wgOut, $wgLang, $sort;
 	global $wpIlMatch, $wpIlSubmit;
+	$sort        = $_REQUEST['sort'];
+	$wpIlMatch   = $_REQUEST["wpIlMatch"];
+	$wpIlSubmit  = $_REQUEST["wpIlSubmit"];
 
 	$fields = array( 'wpIlMatch' );
 	wfCleanFormFields( $fields );
diff --git a/includes/SpecialPreferences.php b/includes/SpecialPreferences.php
index 6c0c396d84..9069347c7d 100644
--- a/includes/SpecialPreferences.php
+++ b/includes/SpecialPreferences.php
@@ -65,6 +65,25 @@ function wfSpecialPreferences()
 	global $wpSkin, $wpMath, $wpDate, $wpUserEmail, $wpEmailFlag, $wpNick, $wpSearch, $wpRecent;
 	global $wpSearchLines, $wpSearchChars, $wpStubs;
 	global $wpRows, $wpCols, $wpHourDiff, $HTTP_POST_VARS;
+	$wpQuickbar    = $_REQUEST["wpQuickbar"];
+	$wpOldpass     = $_REQUEST["wpOldpass"];
+	$wpNewpass     = $_REQUEST["wpNewpass"];
+	$wpRetypePass  = $_REQUEST["wpRetypePass"];
+	$wpSkin        = $_REQUEST["wpSkin"];
+	$wpMath        = $_REQUEST["wpMath"];
+	$wpDate        = $_REQUEST["wpDate"];
+	$wpUserEmail   = $_REQUEST["wpUserEmail"];
+	$wpEmailFlag   = $_REQUEST["wpEmailFlag"];
+	$wpNick        = $_REQUEST["wpNick"];
+	$wpSearch      = $_REQUEST["wpSearch"];
+	$wpRecent      = $_REQUEST["wpRecent"];
+	$wpSearchLines = $_REQUEST["wpSearchLines"];
+	$wpSearchChars = $_REQUEST["wpSearchChars"];
+	$wpStubs       = $_REQUEST["wpStubs"];
+	$wpRows        = $_REQUEST["wpRows"];
+	$wpCols        = $_REQUEST["wpCols"];
+	$wpHourDiff    = $_REQUEST["wpHourDiff"];
+
 
 	if ( "" != $wpNewpass ) {
 		if ( $wpNewpass != $wpRetypePass ) {
@@ -101,8 +120,7 @@ function wfSpecialPreferences()
 	foreach ( $namespaces as $i => $namespaces ) {
 		if ( $i >= 0 ) {
 			$nsvar = "wpNs$i";
-			global $$nsvar;
-			$wgUser->setOption( "searchNs{$i}", validateCheckbox( $$nsvar ) );
+			$wgUser->setOption( "searchNs{$i}", validateCheckbox( $_REQUEST[$nsvar] ) );
 		}
 	}
 
diff --git a/includes/SpecialRecentchanges.php b/includes/SpecialRecentchanges.php
index c0fa2ca88d..bb3855a672 100644
--- a/includes/SpecialRecentchanges.php
+++ b/includes/SpecialRecentchanges.php
@@ -4,6 +4,11 @@ function wfSpecialRecentchanges( $par )
 {
 	global $wgUser, $wgOut, $wgLang, $wgTitle;
 	global $days, $hideminor, $from, $hidebots; # From query string
+	$days      = $_REQUEST["days"];
+	$hideminor = $_REQUEST["hideminor"];
+	$from      = $_REQUEST["from"];
+	$hidebots  = $_REQUEST["hidebots"];
+
 	$fname = "wfSpecialRecentchanges";
 
 	if( $par ) {
diff --git a/includes/SpecialRecentchangeslinked.php b/includes/SpecialRecentchangeslinked.php
index 458cfe6d9b..fa86e3a917 100644
--- a/includes/SpecialRecentchangeslinked.php
+++ b/includes/SpecialRecentchangeslinked.php
@@ -5,6 +5,10 @@ function wfSpecialRecentchangeslinked( $par = NULL )
 {
 	global $wgUser, $wgOut, $wgLang, $wgTitle;
 	global $days, $target, $hideminor; # From query string
+	$days      = $_REQUEST["days"];
+	$hideminor = $_REQUEST["hideminor"];
+	$from      = $_REQUEST["from"];
+
 	$fname = "wfSpecialRecentchangeslinked";
 
 	$wgOut->setPagetitle( wfMsg( "recentchanges" ) );
diff --git a/includes/SpecialUndelete.php b/includes/SpecialUndelete.php
index 6c8a24b254..8d308d3707 100644
--- a/includes/SpecialUndelete.php
+++ b/includes/SpecialUndelete.php
@@ -3,6 +3,8 @@
 function wfSpecialUndelete( $par )
 {
     global $wgLang, $wgUser, $wgOut, $action, $target, $timestamp, $restore;
+    $restore   = $_REQUEST["restore"];
+    $timestamp = $_REQUEST["timestamp"];
     
 	if( $par != "" ) $target = $par;
     if( isset($target ) ) {
diff --git a/includes/SpecialUnusedimages.php b/includes/SpecialUnusedimages.php
index a594be0471..9b32f55913 100644
--- a/includes/SpecialUnusedimages.php
+++ b/includes/SpecialUnusedimages.php
@@ -4,6 +4,9 @@ function wfSpecialUnusedimages()
 {
 	global $wgUser, $wgOut, $wgLang, $wgTitle;
 	global $limit, $offset; # From query string
+	$limit  = $_REQUEST["limit"];
+	$offset = $_REQUEST["offset"];
+
 	$fname = "wfSpecialUnusedimages";
 
 	list( $limit, $offset ) = wfCheckLimits();
diff --git a/includes/SpecialUpload.php b/includes/SpecialUpload.php
index 16ab982063..5f69dc2c52 100644
--- a/includes/SpecialUpload.php
+++ b/includes/SpecialUpload.php
@@ -4,6 +4,8 @@ function wfSpecialUpload()
 {
 	global $wgUser, $wgOut, $wpUpload, $wpReUpload, $action;
 	global $wgDisableUploads;
+	$wpUpload   = $_REQUEST["wpUpload"];
+	$wpReUpload = $_REQUEST["wpReUpload"];
 	
 	$fields = array( "wpUploadFile", "wpUploadDescription" );
 	wfCleanFormFields( $fields );
@@ -39,6 +41,16 @@ function processUpload()
 	global $wpUploadSaveName, $wpUploadTempName, $wpUploadSize;
 	global $wgSavedFile, $wgUploadOldVersion, $wpUploadOldVersion;
 	global $wgUseCopyrightUpload , $wpUploadCopyStatus , $wpUploadSource ;
+	$wpUploadAffirm       = $_REQUEST["wpUploadAffirm"];
+	$wpUploadFile         = $_REQUEST["wpUploadFile"];
+	$wpUploadDescription  = $_REQUEST["wpUploadDescription"];
+	$wpIgnoreWarning      = $_REQUEST["wpIgnoreWarning"];
+	$wpUploadSaveName     = $_REQUEST["wpUploadSaveName"];
+	$wpUploadTempName     = $_REQUEST["wpUploadTempName"];
+	$wpUploadSize         = $_REQUEST["wpUploadSize"];
+	$wpUploadOldVersion   = $_REQUEST["wpUploadOldVersion"];
+	$wpUploadCopyStatus   = $_REQUEST["wpUploadCopyStatus"];
+	$wpUploadSource       = $_REQUEST["wpUploadSource"];
 
 	if ( $wgUseCopyrightUpload )
 	  {
@@ -144,6 +156,7 @@ function unsaveUploadedFile()
 {
 	global $wpSessionKey, $wpUploadOldVersion;
 	global $wgUploadDirectory, $wgOut, $wsUploadFiles;
+	$wpSessionKey       = $_REQUEST["wpSessionKey"];
 	
 	$wgSavedFile = $wsUploadFiles[$wpSessionKey];
 	$wgUploadOldVersion = $wpUploadOldVersion;
@@ -173,6 +186,7 @@ function uploadWarning( $warning )
 	global $wgSavedFile, $wgUploadOldVersion;
 	global $wpSessionKey, $wpUploadOldVersion, $wsUploadFiles;
 	global $wgUseCopyrightUpload , $wpUploadCopyStatus , $wpUploadSource ;
+	$wpSessionKey       = $_REQUEST["wpSessionKey"];
 
 	# wgSavedFile is stored in the session not the form, for security
 	$wpSessionKey = mt_rand( 0, 0x7fffffff );
@@ -225,6 +239,14 @@ function mainUploadForm( $msg )
 	global $wpUploadDescription, $wpIgnoreWarning;
 	global $wgUseCopyrightUpload , $wpUploadSource , $wpUploadCopyStatus ;
 
+	$wpUpload            = $_REQUEST["wpUpload"];
+	$wpUploadAffirm      = $_REQUEST["wpUploadAffirm"];
+	$wpUploadFile        = $_REQUEST["wpUploadFile"];
+	$wpUploadDescription = $_REQUEST["wpUploadDescription"];
+	$wpIgnoreWarning     = $_REQUEST["wpIgnoreWarning"];
+	$wpUploadSource      = $_REQUEST["wpUploadSource"];
+	$wpUploadCopyStatus  = $_REQUEST["wpUploadCopyStatus"];
+
 	if ( "" != $msg ) {
 		$sub = wfMsg( "uploaderror" );
 		$wgOut->addHTML( "<h2>{$sub}</h2>\n" .
diff --git a/includes/SpecialUserlogin.php b/includes/SpecialUserlogin.php
index f84f640224..96e553c87f 100644
--- a/includes/SpecialUserlogin.php
+++ b/includes/SpecialUserlogin.php
@@ -5,6 +5,10 @@ function wfSpecialUserlogin()
 	global $wpCreateaccount, $wpCreateaccountMail;
 	global $wpLoginattempt, $wpMailmypassword;
 	global $action;
+	$wpCreateaccount     = $_REQUEST["wpCreateaccount"];
+	$wpCreateaccountMail = $_REQUEST["wpCreateaccountMail"];
+	$wpLoginattempt      = $_REQUEST["wpLoginattempt"];
+	$wpMailmypassword    = $_REQUEST["wpMailmypassword"];
 
 	$fields = array( "wpName", "wpPassword", "wpName",
 	  "wpPassword", "wpRetype", "wpEmail" );
@@ -27,6 +31,8 @@ function wfSpecialUserlogin()
 /* private */ function addNewAccountMailPassword()
 {
 	global $wgOut, $wpEmail, $wpName;
+	$wpEmail = $_REQUEST["wpEmail"];
+	$wpName  = $_REQUEST["wpName"];
 	
 	if ("" == $wpEmail) {
 		mainLoginForm( wfMsg( "noemail", $wpName ) );
@@ -60,6 +66,11 @@ function wfSpecialUserlogin()
 {
 	global $wgUser, $wgOut, $wpPassword, $wpRetype, $wpName, $wpRemember;
 	global $wpEmail, $wgDeferredUpdateList;
+	$wpPassword = $_REQUEST["wpPassword"];
+	$wpRetype   = $_REQUEST["wpRetype"];
+	$wpName     = $_REQUEST["wpName"];
+	$wpRemember = $_REQUEST["wpRemember"];
+	$wpEmail    = $_REQUEST["wpEmail"];
 
 	$u = addNewAccountInternal();
 
@@ -81,6 +92,7 @@ function wfSpecialUserlogin()
                 return;
         }
 
+
 	if (!$wgUser->isAllowedToCreateAccount()) {
 		userNotPrivilegedMessage();
 		return;
@@ -125,6 +137,9 @@ function wfSpecialUserlogin()
 {
 	global $wgUser, $wpName, $wpPassword, $wpRemember;
 	global $returnto;
+	$wpPassword = $_REQUEST["wpPassword"];
+	$wpName     = $_REQUEST["wpName"];
+	$wpRemember = $_REQUEST["wpRemember"];
 
         if (!cookieCheck()) {
                 return;
diff --git a/includes/SpecialWatchlist.php b/includes/SpecialWatchlist.php
index 7ec0fdd297..61c2aa13ca 100644
--- a/includes/SpecialWatchlist.php
+++ b/includes/SpecialWatchlist.php
@@ -6,6 +6,10 @@ function wfSpecialWatchlist()
 {
 	global $wgUser, $wgOut, $wgLang, $wgTitle;
 	global $days, $limit, $target; # From query string
+	$days      = $_REQUEST["days"];
+	$limit     = $_REQUEST["limit"];
+	$target    = $_REQUEST["target"];
+
 	$fname = "wfSpecialWatchlist";
 
 	$wgOut->setPagetitle( wfMsg( "watchlist" ) );
diff --git a/includes/User.php b/includes/User.php
index 06be141555..0adb815f32 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -493,6 +493,11 @@ class User {
 		} else {
 			setcookie( "{$wgDBname}Password", "", time() - 3600 );
 		}
+		# Store Session variables
+		$_SESSION["wsUserID"]       = $wsUserID;
+		$_SESSION["wsUserName"]     = $wsUserName;
+		$_SESSION["wsUserPassword"] = $wsUserPassword;
+		$_SESSION["wsUploadFiles"]  = $wsUploadFiles;
 	}
 
 	function logout()
-- 
2.20.1