From f849fa942cabee0742b51c003daea16593227ee6 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 12 Feb 2008 22:07:16 +0000 Subject: [PATCH] * (bug 7681, 11559) Cookie values no longer override GET and POST variables. --- RELEASE-NOTES | 2 ++ includes/WebRequest.php | 24 ++++++++++++++---------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 3c9324b529..12ec96523c 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -383,6 +383,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN * (bug 12732) Fix installer and searching to handle built-in tsearch2 for Postgres. * (bug 12784) Change "bool" types to smallint to handle Postgres 8.3 strictness. * (bug 12301) Allow maintenance/findhooks.php to search hooks in multiple directories. +* (bug 7681, 11559) Cookie values no longer override GET and POST variables. + == Parser changes in 1.12 == diff --git a/includes/WebRequest.php b/includes/WebRequest.php index c20110edb1..18925fb2ca 100644 --- a/includes/WebRequest.php +++ b/includes/WebRequest.php @@ -42,8 +42,17 @@ if ( !function_exists( '__autoload' ) ) { * */ class WebRequest { + var $data = array(); + function __construct() { + /// @fixme This preemtive de-quoting can interfere with other web libraries + /// and increases our memory footprint. It would be cleaner to do on + /// demand; but currently we have no wrapper for $_SERVER etc. $this->checkMagicQuotes(); + + // POST overrides GET data + // We don't use $_REQUEST here to avoid interference from cookies... + $this->data = array_merge( $_GET, $_POST ); } /** @@ -110,7 +119,7 @@ class WebRequest { $matches['title'] = substr( $_SERVER['PATH_INFO'], 1 ); } foreach( $matches as $key => $val) { - $_GET[$key] = $_REQUEST[$key] = $val; + $this->data[$key] = $_GET[$key] = $_REQUEST[$key] = $val; } } } @@ -236,7 +245,7 @@ class WebRequest { * @return string */ function getVal( $name, $default = NULL ) { - $val = $this->getGPCVal( $_REQUEST, $name, $default ); + $val = $this->getGPCVal( $this->data, $name, $default ); if( is_array( $val ) ) { $val = $default; } @@ -257,7 +266,7 @@ class WebRequest { * @return array */ function getArray( $name, $default = NULL ) { - $val = $this->getGPCVal( $_REQUEST, $name, $default ); + $val = $this->getGPCVal( $this->data, $name, $default ); if( is_null( $val ) ) { return null; } else { @@ -362,7 +371,7 @@ class WebRequest { function getValues() { $names = func_get_args(); if ( count( $names ) == 0 ) { - $names = array_keys( $_REQUEST ); + $names = array_keys( $this->data ); } $retVal = array(); @@ -587,7 +596,6 @@ class WebRequest { * */ class FauxRequest extends WebRequest { - var $data = null; var $wasPosted = false; /** @@ -604,13 +612,9 @@ class FauxRequest extends WebRequest { $this->wasPosted = $wasPosted; } - function getVal( $name, $default = NULL ) { - return $this->getGPCVal( $this->data, $name, $default ); - } - function getText( $name, $default = '' ) { # Override; don't recode since we're using internal data - return $this->getVal( $name, $default ); + return (string)$this->getVal( $name, $default ); } function getValues() { -- 2.20.1