From 3a1e4602492cec1c8f3d2aabab2c866022f43bf1 Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Tue, 18 Jul 2017 21:38:53 +0200 Subject: Changed $_GET, $_POST and $_REQUEST to use the Request object --- includes/pages/admin_active.php | 27 ++++++++------- includes/pages/admin_arrive.php | 12 ++++--- includes/pages/admin_free.php | 16 ++++----- includes/pages/admin_groups.php | 21 +++++++----- includes/pages/admin_import.php | 48 +++++++++++++------------- includes/pages/admin_log.php | 2 +- includes/pages/admin_news.php | 17 +++++----- includes/pages/admin_questions.php | 15 +++++---- includes/pages/admin_rooms.php | 36 ++++++++++---------- includes/pages/admin_shifts.php | 69 +++++++++++++++++++------------------- includes/pages/admin_user.php | 58 ++++++++++++++++---------------- includes/pages/guest_login.php | 63 +++++++++++++++++----------------- includes/pages/guest_stats.php | 5 +-- includes/pages/user_atom.php | 9 ++--- includes/pages/user_ical.php | 5 +-- includes/pages/user_messages.php | 16 +++++---- includes/pages/user_myshifts.php | 25 +++++++------- includes/pages/user_news.php | 47 ++++++++++++++------------ includes/pages/user_questions.php | 9 ++--- includes/pages/user_settings.php | 55 ++++++++++++++++-------------- includes/pages/user_shifts.php | 9 ++--- 21 files changed, 297 insertions(+), 267 deletions(-) (limited to 'includes/pages') diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php index d21afabe..2e06f90d 100644 --- a/includes/pages/admin_active.php +++ b/includes/pages/admin_active.php @@ -17,6 +17,7 @@ function admin_active() { $tshirt_sizes = config('tshirt_sizes'); $shift_sum_formula = config('shift_sum_formula'); + $request = request(); $msg = ''; $search = ''; @@ -25,16 +26,16 @@ function admin_active() $limit = ''; $set_active = ''; - if (isset($_REQUEST['search'])) { + if ($request->has('search')) { $search = strip_request_item('search'); } - $show_all_shifts = isset($_REQUEST['show_all_shifts']); + $show_all_shifts = $request->has('show_all_shifts'); - if (isset($_REQUEST['set_active'])) { + if ($request->has('set_active')) { $valid = true; - if (isset($_REQUEST['count']) && preg_match('/^\d+$/', $_REQUEST['count'])) { + if ($request->has('count') && preg_match('/^\d+$/', $request->input('count'))) { $count = strip_request_item('count'); if ($count < $forced_count) { error(sprintf( @@ -51,7 +52,7 @@ function admin_active() if ($valid) { $limit = ' LIMIT ' . $count; } - if (isset($_REQUEST['ack'])) { + if ($request->has('ack')) { DB::update('UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0'); $users = DB::select(sprintf(' SELECT @@ -89,8 +90,8 @@ function admin_active() } } - if (isset($_REQUEST['active']) && preg_match('/^\d+$/', $_REQUEST['active'])) { - $user_id = $_REQUEST['active']; + if ($request->has('active') && preg_match('/^\d+$/', $request->input('active'))) { + $user_id = $request->input('active'); $user_source = User($user_id); if ($user_source != null) { DB::update('UPDATE `User` SET `Aktiv`=1 WHERE `UID`=? LIMIT 1', [$user_id]); @@ -99,8 +100,8 @@ function admin_active() } else { $msg = error(_('Angel not found.'), true); } - } elseif (isset($_REQUEST['not_active']) && preg_match('/^\d+$/', $_REQUEST['not_active'])) { - $user_id = $_REQUEST['not_active']; + } elseif ($request->has('not_active') && preg_match('/^\d+$/', $request->input('not_active'))) { + $user_id = $request->input('not_active'); $user_source = User($user_id); if ($user_source != null) { DB::update('UPDATE `User` SET `Aktiv`=0 WHERE `UID`=? LIMIT 1', [$user_id]); @@ -109,8 +110,8 @@ function admin_active() } else { $msg = error(_('Angel not found.'), true); } - } elseif (isset($_REQUEST['tshirt']) && preg_match('/^\d+$/', $_REQUEST['tshirt'])) { - $user_id = $_REQUEST['tshirt']; + } elseif ($request->has('tshirt') && preg_match('/^\d+$/', $request->input('tshirt'))) { + $user_id = $request->input('tshirt'); $user_source = User($user_id); if ($user_source != null) { DB::update('UPDATE `User` SET `Tshirt`=1 WHERE `UID`=? LIMIT 1', [$user_id]); @@ -119,8 +120,8 @@ function admin_active() } else { $msg = error('Angel not found.', true); } - } elseif (isset($_REQUEST['not_tshirt']) && preg_match('/^\d+$/', $_REQUEST['not_tshirt'])) { - $user_id = $_REQUEST['not_tshirt']; + } elseif ($request->has('not_tshirt') && preg_match('/^\d+$/', $request->input('not_tshirt'))) { + $user_id = $request->input('not_tshirt'); $user_source = User($user_id); if ($user_source != null) { DB::update('UPDATE `User` SET `Tshirt`=0 WHERE `UID`=? LIMIT 1', [$user_id]); diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php index 77155dae..ebeccb8c 100644 --- a/includes/pages/admin_arrive.php +++ b/includes/pages/admin_arrive.php @@ -17,12 +17,14 @@ function admin_arrive() { $msg = ''; $search = ''; - if (isset($_REQUEST['search'])) { + $request = request(); + + if ($request->has('search')) { $search = strip_request_item('search'); } - if (isset($_REQUEST['reset']) && preg_match('/^\d*$/', $_REQUEST['reset'])) { - $user_id = $_REQUEST['reset']; + if ($request->has('reset') && preg_match('/^\d*$/', $request->input('reset'))) { + $user_id = $request->input('reset'); $user_source = User($user_id); if ($user_source != null) { DB::update(' @@ -37,8 +39,8 @@ function admin_arrive() } else { $msg = error(_('Angel not found.'), true); } - } elseif (isset($_REQUEST['arrived']) && preg_match('/^\d*$/', $_REQUEST['arrived'])) { - $user_id = $_REQUEST['arrived']; + } elseif ($request->has('arrived') && preg_match('/^\d*$/', $request->input('arrived'))) { + $user_id = $request->input('arrived'); $user_source = User($user_id); if ($user_source != null) { DB::update(' diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php index daaead22..ebf227a4 100644 --- a/includes/pages/admin_free.php +++ b/includes/pages/admin_free.php @@ -16,20 +16,20 @@ function admin_free_title() function admin_free() { global $privileges; + $request = request(); $search = ''; - if (isset($_REQUEST['search'])) { + if ($request->has('search')) { $search = strip_request_item('search'); } $angelTypeSearch = ''; - if (empty($_REQUEST['angeltype'])) { - $_REQUEST['angeltype'] = ''; - } else { + $angelType = $request->input('angeltype', ''); + if (!empty($angelType)) { $angelTypeSearch = ' INNER JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id` = ' - . DB::getPdo()->quote($_REQUEST['angeltype']) + . DB::getPdo()->quote($angelType) . ' AND `UserAngelTypes`.`user_id` = `User`.`UID`'; - if (isset($_REQUEST['confirmed_only'])) { + if ($request->has('confirmed_only')) { $angelTypeSearch .= ' AND `UserAngelTypes`.`confirm_user_id`'; } $angelTypeSearch .= ') '; @@ -105,10 +105,10 @@ function admin_free() form_text('search', _('Search'), $search) ]), div('col-md-4', [ - form_select('angeltype', _('Angeltype'), $angel_types, $_REQUEST['angeltype']) + form_select('angeltype', _('Angeltype'), $angel_types, $angelType) ]), div('col-md-2', [ - form_checkbox('confirmed_only', _('Only confirmed'), isset($_REQUEST['confirmed_only'])) + form_checkbox('confirmed_only', _('Only confirmed'), $request->has('confirmed_only')) ]), div('col-md-2', [ form_submit('submit', _('Search')) diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index 4011ccf1..c483a79d 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -16,8 +16,10 @@ function admin_groups_title() function admin_groups() { $html = ''; + $request = request(); $groups = DB::select('SELECT * FROM `Groups` ORDER BY `Name`'); - if (!isset($_REQUEST['action'])) { + + if (!$request->has('action')) { $groups_table = []; foreach ($groups as $group) { $privileges = DB::select(' @@ -51,10 +53,10 @@ function admin_groups() ], $groups_table) ]); } else { - switch ($_REQUEST['action']) { + switch ($request->input('action')) { case 'edit': - if (isset($_REQUEST['id']) && preg_match('/^-\d{1,11}$/', $_REQUEST['id'])) { - $group_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^-\d{1,11}$/', $request->input('id'))) { + $group_id = $request->input('id'); } else { return error('Incomplete call, missing Groups ID.', true); } @@ -99,21 +101,22 @@ function admin_groups() break; case 'save': - if (isset($_REQUEST['id']) && preg_match('/^-\d{1,11}$/', $_REQUEST['id'])) { - $group_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^-\d{1,11}$/', $request->input('id'))) { + $group_id = $request->input('id'); } else { return error('Incomplete call, missing Groups ID.', true); } $group = DB::select('SELECT * FROM `Groups` WHERE `UID`=? LIMIT 1', [$group_id]); - if (!is_array($_REQUEST['privileges'])) { - $_REQUEST['privileges'] = []; + $privileges = $request->get('privileges'); + if (!is_array($privileges)) { + $privileges = []; } if (!empty($group)) { $group = array_shift($group); DB::delete('DELETE FROM `GroupPrivileges` WHERE `group_id`=?', [$group_id]); $privilege_names = []; - foreach ($_REQUEST['privileges'] as $privilege) { + foreach ($privileges as $privilege) { if (preg_match('/^\d{1,}$/', $privilege)) { $group_privileges_source = DB::select( 'SELECT `name` FROM `Privileges` WHERE `id`=? LIMIT 1', diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php index 7a246b4b..3cbed9f9 100644 --- a/includes/pages/admin_import.php +++ b/includes/pages/admin_import.php @@ -15,21 +15,21 @@ function admin_import_title() */ function admin_import() { - global $rooms_import; - global $user; + global $rooms_import, $user; $html = ''; $import_dir = __DIR__ . '/../../import'; + $request = request(); $step = 'input'; if ( - isset($_REQUEST['step']) - && in_array($step, [ + $request->has('step') + && in_array($request->input('step'), [ 'input', 'check', 'import' ]) ) { - $step = $_REQUEST['step']; + $step = $request->input('step'); } if ($test_handle = @fopen($import_dir . '/tmp', 'w')) { @@ -57,25 +57,25 @@ function admin_import() case 'input': $valid = false; - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { $valid = true; - if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) { - $shifttype_id = $_REQUEST['shifttype_id']; + if ($request->has('shifttype_id') && isset($shifttypes[$request->input('shifttype_id')])) { + $shifttype_id = $request->input('shifttype_id'); } else { $valid = false; error(_('Please select a shift type.')); } - if (isset($_REQUEST['add_minutes_start']) && is_numeric(trim($_REQUEST['add_minutes_start']))) { - $add_minutes_start = trim($_REQUEST['add_minutes_start']); + if ($request->has('add_minutes_start') && is_numeric(trim($request->input('add_minutes_start')))) { + $add_minutes_start = trim($request->input('add_minutes_start')); } else { $valid = false; error(_('Please enter an amount of minutes to add to a talk\'s begin.')); } - if (isset($_REQUEST['add_minutes_end']) && is_numeric(trim($_REQUEST['add_minutes_end']))) { - $add_minutes_end = trim($_REQUEST['add_minutes_end']); + if ($request->has('add_minutes_end') && is_numeric(trim($request->input('add_minutes_end')))) { + $add_minutes_end = trim($request->input('add_minutes_end')); } else { $valid = false; error(_('Please enter an amount of minutes to add to a talk\'s end.')); @@ -133,22 +133,22 @@ function admin_import() redirect(page_link_to('admin_import')); } - if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) { - $shifttype_id = $_REQUEST['shifttype_id']; + if ($request->has('shifttype_id') && isset($shifttypes[$request->input('shifttype_id')])) { + $shifttype_id = $request->input('shifttype_id'); } else { error(_('Please select a shift type.')); redirect(page_link_to('admin_import')); } - if (isset($_REQUEST['add_minutes_start']) && is_numeric(trim($_REQUEST['add_minutes_start']))) { - $add_minutes_start = trim($_REQUEST['add_minutes_start']); + if ($request->has('add_minutes_start') && is_numeric(trim($request->input('add_minutes_start')))) { + $add_minutes_start = trim($request->input('add_minutes_start')); } else { error(_('Please enter an amount of minutes to add to a talk\'s begin.')); redirect(page_link_to('admin_import')); } - if (isset($_REQUEST['add_minutes_end']) && is_numeric(trim($_REQUEST['add_minutes_end']))) { - $add_minutes_end = trim($_REQUEST['add_minutes_end']); + if ($request->has('add_minutes_end') && is_numeric(trim($request->input(('add_minutes_end'))))) { + $add_minutes_end = trim($request->input('add_minutes_end')); } else { error(_('Please enter an amount of minutes to add to a talk\'s end.')); redirect(page_link_to('admin_import')); @@ -227,22 +227,22 @@ function admin_import() redirect(page_link_to('admin_import')); } - if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) { - $shifttype_id = $_REQUEST['shifttype_id']; + if ($request->has('shifttype_id') && isset($shifttypes[$request->input('shifttype_id')])) { + $shifttype_id = $request->input('shifttype_id'); } else { error(_('Please select a shift type.')); redirect(page_link_to('admin_import')); } - if (isset($_REQUEST['add_minutes_start']) && is_numeric(trim($_REQUEST['add_minutes_start']))) { - $add_minutes_start = trim($_REQUEST['add_minutes_start']); + if ($request->has('add_minutes_start') && is_numeric(trim($request->input('add_minutes_start')))) { + $add_minutes_start = trim($request->input('add_minutes_start')); } else { error(_('Please enter an amount of minutes to add to a talk\'s begin.')); redirect(page_link_to('admin_import')); } - if (isset($_REQUEST['add_minutes_end']) && is_numeric(trim($_REQUEST['add_minutes_end']))) { - $add_minutes_end = trim($_REQUEST['add_minutes_end']); + if ($request->has('add_minutes_end') && is_numeric(trim($request->input('add_minutes_end')))) { + $add_minutes_end = trim($request->input('add_minutes_end')); } else { error(_('Please enter an amount of minutes to add to a talk\'s end.')); redirect(page_link_to('admin_import')); diff --git a/includes/pages/admin_log.php b/includes/pages/admin_log.php index 9e5e5827..03c9abb0 100644 --- a/includes/pages/admin_log.php +++ b/includes/pages/admin_log.php @@ -14,7 +14,7 @@ function admin_log_title() function admin_log() { $filter = ''; - if (isset($_REQUEST['keyword'])) { + if (request()->has('keyword')) { $filter = strip_request_item('keyword'); } $log_entries_source = LogEntries_filter($filter); diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index bc242831..7f8ca1ba 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -8,14 +8,15 @@ use Engelsystem\Database\DB; function admin_news() { global $user; + $request = request(); - if (!isset($_GET['action'])) { + if (!$request->has('action')) { redirect(page_link_to('news')); } $html = '

' . _('Edit news entry') . '

' . msg(); - if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { - $news_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $news_id = $request->input('id'); } else { return error('Incomplete call, missing News ID.', true); } @@ -25,7 +26,7 @@ function admin_news() return error('No News found.', true); } - switch ($_REQUEST['action']) { + switch ($request->input('action')) { case 'edit': $news = array_shift($news); $user_source = User($news['UID']); @@ -56,14 +57,14 @@ function admin_news() ', [ time(), - $_POST["eBetreff"], - $_POST["eText"], + $request->post('eBetreff'), + $request->post('eText'), $user['UID'], - isset($_POST["eTreffen"]) ? 1 : 0, + $request->has('eTreffen') ? 1 : 0, $news_id ] ); - engelsystem_log('News updated: ' . $_POST['eBetreff']); + engelsystem_log('News updated: ' . $request->post('eBetreff')); success(_('News entry updated.')); redirect(page_link_to('news')); break; diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index 098701e3..d05bace6 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -38,8 +38,9 @@ function admin_new_questions() function admin_questions() { global $user; + $request = request(); - if (!isset($_REQUEST['action'])) { + if (!$request->has('action')) { $unanswered_questions_table = []; $questions = DB::select('SELECT * FROM `Questions` WHERE `AID` IS NULL'); foreach ($questions as $question) { @@ -96,10 +97,10 @@ function admin_questions() ], $answered_questions_table) ]); } else { - switch ($_REQUEST['action']) { + switch ($request->input('action')) { case 'answer': - if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { - $question_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $question_id = $request->input('id'); } else { return error('Incomplete call, missing Question ID.', true); } @@ -112,7 +113,7 @@ function admin_questions() $answer = trim( preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', - strip_tags($_REQUEST['answer']) + strip_tags($request->input('answer')) )); if ($answer != '') { @@ -138,8 +139,8 @@ function admin_questions() } break; case 'delete': - if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { - $question_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $question_id = $request->input('id'); } else { return error('Incomplete call, missing Question ID.', true); } diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php index d483f99e..3045242b 100644 --- a/includes/pages/admin_rooms.php +++ b/includes/pages/admin_rooms.php @@ -17,6 +17,8 @@ function admin_rooms() { $rooms_source = DB::select('SELECT * FROM `Room` ORDER BY `Name`'); $rooms = []; + $request = request(); + foreach ($rooms_source as $room) { $rooms[] = [ 'name' => Room_name_render($room), @@ -30,7 +32,7 @@ function admin_rooms() } $room = null; - if (isset($_REQUEST['show'])) { + if ($request->has('show')) { $msg = ''; $name = ''; $from_pentabarf = ''; @@ -47,7 +49,7 @@ function admin_rooms() } if (test_request_int('id')) { - $room = Room($_REQUEST['id'], false); + $room = Room($request->input('id'), false); if ($room === false) { engelsystem_error('Unable to load room.'); } @@ -55,7 +57,7 @@ function admin_rooms() redirect(page_link_to('admin_rooms')); } - $room_id = $_REQUEST['id']; + $room_id = $request->input('id'); $name = $room['Name']; $from_pentabarf = $room['FromPentabarf']; $public = $room['show']; @@ -70,11 +72,11 @@ function admin_rooms() } } - if ($_REQUEST['show'] == 'edit') { - if (isset($_REQUEST['submit'])) { + if ($request->input('show') == 'edit') { + if ($request->has('submit')) { $valid = true; - if (isset($_REQUEST['name']) && strlen(strip_request_item('name')) > 0) { + if ($request->has('name') && strlen(strip_request_item('name')) > 0) { $name = strip_request_item('name'); if ( isset($room) @@ -91,19 +93,17 @@ function admin_rooms() $msg .= error(_('Please enter a name.'), true); } - if (isset($_REQUEST['from_pentabarf'])) { + $from_pentabarf = ''; + if ($request->has('from_pentabarf')) { $from_pentabarf = 'Y'; - } else { - $from_pentabarf = ''; } - if (isset($_REQUEST['public'])) { + $public = ''; + if ($request->has('public')) { $public = 'Y'; - } else { - $public = ''; } - if (isset($_REQUEST['number'])) { + if ($request->has('number')) { $number = strip_request_item('number'); } else { $valid = false; @@ -111,10 +111,10 @@ function admin_rooms() foreach ($angeltypes as $angeltype_id => $angeltype) { if ( - isset($_REQUEST['angeltype_count_' . $angeltype_id]) - && preg_match('/^\d{1,4}$/', $_REQUEST['angeltype_count_' . $angeltype_id]) + $request->has('angeltype_count_' . $angeltype_id) + && preg_match('/^\d{1,4}$/', $request->input('angeltype_count_' . $angeltype_id)) ) { - $angeltypes_count[$angeltype_id] = $_REQUEST['angeltype_count_' . $angeltype_id]; + $angeltypes_count[$angeltype_id] = $request->input('angeltype_count_' . $angeltype_id); } else { $valid = false; $msg .= error(sprintf(_('Please enter needed angels for type %s.'), $angeltype), true); @@ -209,8 +209,8 @@ function admin_rooms() form_submit('submit', _('Save')) ]) ]); - } elseif ($_REQUEST['show'] == 'delete') { - if (isset($_REQUEST['ack'])) { + } elseif ($request->input('show') == 'delete') { + if ($request->has('ack')) { if (!Room_delete($room_id)) { engelsystem_error('Unable to delete room.'); } diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index 06071233..5b53f9cd 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -18,7 +18,7 @@ function admin_shifts_title() function admin_shifts() { $valid = true; - + $request = request(); $start = parse_date('Y-m-d H:i', date('Y-m-d') . ' 00:00'); $end = $start; $mode = 'single'; @@ -52,14 +52,14 @@ function admin_shifts() $shifttypes[$shifttype['id']] = $shifttype['name']; } - if (isset($_REQUEST['preview']) || isset($_REQUEST['back'])) { - if (isset($_REQUEST['shifttype_id'])) { - $shifttype = ShiftType($_REQUEST['shifttype_id']); + if ($request->has('preview') || $request->has('back')) { + if ($request->has('shifttype_id')) { + $shifttype = ShiftType($request->input('shifttype_id')); if ($shifttype == null) { $valid = false; error(_('Please select a shift type.')); } else { - $shifttype_id = $_REQUEST['shifttype_id']; + $shifttype_id = $request->input('shifttype_id'); } } else { $valid = false; @@ -71,25 +71,25 @@ function admin_shifts() // Auswahl der sichtbaren Locations für die Schichten if ( - isset($_REQUEST['rid']) - && preg_match('/^\d+$/', $_REQUEST['rid']) - && isset($room_array[$_REQUEST['rid']]) + $request->has('rid') + && preg_match('/^\d+$/', $request->input('rid')) + && isset($room_array[$request->input('rid')]) ) { - $rid = $_REQUEST['rid']; + $rid = $request->input('rid'); } else { $valid = false; $rid = $rooms[0]['RID']; error(_('Please select a location.')); } - if (isset($_REQUEST['start']) && $tmp = parse_date('Y-m-d H:i', $_REQUEST['start'])) { + if ($request->has('start') && $tmp = parse_date('Y-m-d H:i', $request->input('start'))) { $start = $tmp; } else { $valid = false; error(_('Please select a start time.')); } - if (isset($_REQUEST['end']) && $tmp = parse_date('Y-m-d H:i', $_REQUEST['end'])) { + if ($request->has('end') && $tmp = parse_date('Y-m-d H:i', $request->input('end'))) { $end = $tmp; } else { $valid = false; @@ -101,24 +101,24 @@ function admin_shifts() error(_('The shifts end has to be after its start.')); } - if (isset($_REQUEST['mode'])) { - if ($_REQUEST['mode'] == 'single') { + if ($request->has('mode')) { + if ($request->input('mode') == 'single') { $mode = 'single'; - } elseif ($_REQUEST['mode'] == 'multi') { - if (isset($_REQUEST['length']) && preg_match('/^\d+$/', trim($_REQUEST['length']))) { + } elseif ($request->input('mode') == 'multi') { + if ($request->has('length') && preg_match('/^\d+$/', trim($request->input('length')))) { $mode = 'multi'; - $length = trim($_REQUEST['length']); + $length = trim($request->input('length')); } else { $valid = false; error(_('Please enter a shift duration in minutes.')); } - } elseif ($_REQUEST['mode'] == 'variable') { + } elseif ($request->input('mode') == 'variable') { if ( - isset($_REQUEST['change_hours']) - && preg_match('/^(\d{2}(,|$))/', trim(str_replace(' ', '', $_REQUEST['change_hours']))) + $request->has('change_hours') + && preg_match('/^(\d{2}(,|$))/', trim(str_replace(' ', '', $request->input('change_hours')))) ) { $mode = 'variable'; - $change_hours = array_map('trim', explode(',', $_REQUEST['change_hours'])); + $change_hours = array_map('trim', explode(',', $request->input('change_hours'))); } else { $valid = false; error(_('Please split the shift-change hours by colons.')); @@ -129,17 +129,17 @@ function admin_shifts() error(_('Please select a mode.')); } - if (isset($_REQUEST['angelmode'])) { - if ($_REQUEST['angelmode'] == 'location') { + if ($request->has('angelmode')) { + if ($request->input('angelmode') == 'location') { $angelmode = 'location'; - } elseif ($_REQUEST['angelmode'] == 'manually') { + } elseif ($request->input('angelmode') == 'manually') { $angelmode = 'manually'; foreach ($types as $type) { if ( - isset($_REQUEST['type_' . $type['id']]) - && preg_match('/^\d+$/', trim($_REQUEST['type_' . $type['id']])) + $request->has('type_' . $type['id']) + && preg_match('/^\d+$/', trim($request->input('type_' . $type['id']))) ) { - $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]); + $needed_angel_types[$type['id']] = trim($request->input('type_' . $type['id'])); } else { $valid = false; error(sprintf(_('Please check the needed angels for team %s.'), $type['name'])); @@ -159,7 +159,7 @@ function admin_shifts() } // Beim Zurück-Knopf das Formular zeigen - if (isset($_REQUEST['back'])) { + if ($request->has('back')) { $valid = false; } @@ -304,9 +304,9 @@ function admin_shifts() ]) ]); } - } elseif (isset($_REQUEST['submit'])) { + } elseif ($request->has('submit')) { if ( - !isset($_SESSION['admin_shifts_shifts']) + !$request->has('admin_shifts_shifts') || !isset($_SESSION['admin_shifts_types']) || !is_array($_SESSION['admin_shifts_shifts']) || !is_array($_SESSION['admin_shifts_types']) @@ -360,8 +360,9 @@ function admin_shifts() unset($_SESSION['admin_shifts_types']); } - if (!isset($_REQUEST['rid'])) { - $_REQUEST['rid'] = null; + $rid = null; + if ($request->has('rid')) { + $rid = $request->input('rid'); } $angel_types = ''; foreach ($types as $type) { @@ -378,7 +379,7 @@ function admin_shifts() form([ form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), form_text('title', _('Title'), $title), - form_select('rid', _('Room'), $room_array, $_REQUEST['rid']), + form_select('rid', _('Room'), $room_array, $rid), div('row', [ div('col-md-6', [ form_text('start', _('Start'), date('Y-m-d H:i', $start)), @@ -386,7 +387,7 @@ function admin_shifts() form_info(_('Mode'), ''), form_radio('mode', _('Create one shift'), $mode == 'single', 'single'), form_radio('mode', _('Create multiple shifts'), $mode == 'multi', 'multi'), - form_text('length', _('Length'), !empty($_REQUEST['length']) ? $_REQUEST['length'] : '120'), + form_text('length', _('Length'), $request->has('length') ? $request->input('length') : '120'), form_radio( 'mode', _('Create multiple shifts with variable length'), @@ -396,7 +397,7 @@ function admin_shifts() form_text( 'change_hours', _('Shift change hours'), - !empty($_REQUEST['change_hours']) ? $_REQUEST['change_hours'] : '00, 04, 08, 10, 12, 14, 16, 18, 20, 22' + $request->has('change_hours') ? $request->input('input') : '00, 04, 08, 10, 12, 14, 16, 18, 20, 22' ) ]), div('col-md-6', [ diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 8f833087..510e2292 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -17,6 +17,7 @@ function admin_user() { global $user, $privileges; $tshirt_sizes = config('tshirt_sizes'); + $request = request(); foreach ($tshirt_sizes as $key => $size) { if (empty($size)) { @@ -26,12 +27,12 @@ function admin_user() $html = ''; - if (!isset($_REQUEST['id'])) { + if (!$request->has('id')) { redirect(users_link()); } - $user_id = $_REQUEST['id']; - if (!isset($_REQUEST['action'])) { + $user_id = $request->input('id'); + if (!$request->has('action')) { $user_source = User($user_id); if ($user_source == null) { error(_('This user does not exist.')); @@ -171,7 +172,7 @@ function admin_user() $html .= "
"; } else { - switch ($_REQUEST['action']) { + switch ($request->input('action')) { case 'save_groups': if ($user_id != $user['UID']) { $my_highest_group = DB::select( @@ -212,13 +213,14 @@ function admin_user() $grouplist[] = $group['UID']; } - if (!is_array($_REQUEST['groups'])) { - $_REQUEST['groups'] = []; + $groupsRequest = $request->input('groups'); + if (!is_array($groupsRequest)) { + $groupsRequest = []; } DB::delete('DELETE FROM `UserGroups` WHERE `uid`=?', [$user_id]); $user_groups_info = []; - foreach ($_REQUEST['groups'] as $group) { + foreach ($groupsRequest as $group) { if (in_array($group, $grouplist)) { DB::insert( 'INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, ?)', @@ -244,7 +246,7 @@ function admin_user() $force_active = $user['force_active']; $user_source = User($user_id); if (in_array('admin_active', $privileges)) { - $force_active = $_REQUEST['force_active']; + $force_active = $request->input('force_active'); } $sql = ' UPDATE `User` SET @@ -255,7 +257,7 @@ function admin_user() `Handy` = ?, `Alter` =?, `DECT` = ?, - ' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($_POST["eemail"]) . ',' : '') . ' + ' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($request->post('eemail')) . ',' : '') . ' `jabber` = ?, `Size` = ?, `Gekommen`= ?, @@ -266,34 +268,34 @@ function admin_user() WHERE `UID` = ? LIMIT 1'; DB::update($sql, [ - $_POST['eNick'], - $_POST['eName'], - $_POST['eVorname'], - $_POST['eTelefon'], - $_POST['eHandy'], - $_POST['eAlter'], - $_POST['eDECT'], - $_POST['ejabber'], - $_POST['eSize'], - $_POST['eGekommen'], - $_POST['eAktiv'], + $request->post('eNick'), + $request->post('eName'), + $request->post('eVorname'), + $request->post('eTelefon'), + $request->post('eHandy'), + $request->post('eAlter'), + $request->post('eDECT'), + $request->post('ejabber'), + $request->post('eSize'), + $request->post('eGekommen'), + $request->post('eAktiv'), $force_active, - $_POST['eTshirt'], - $_POST['Hometown'], + $request->post('eTshirt'), + $request->post('Hometown'), $user_id, ]); engelsystem_log( - 'Updated user: ' . $_POST['eNick'] . ', ' . $_POST['eSize'] - . ', arrived: ' . $_POST['eGekommen'] - . ', active: ' . $_POST['eAktiv'] - . ', tshirt: ' . $_POST['eTshirt'] + 'Updated user: ' . $request->post('eNick') . ', ' . $request->post('eSize') + . ', arrived: ' . $request->post('eVorname') + . ', active: ' . $request->post('eAktiv') + . ', tshirt: ' . $request->post('eTshirt') ); $html .= success('Änderung wurde gespeichert...' . "\n", true); break; case 'change_pw': - if ($_REQUEST['new_pw'] != '' && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { - set_password($user_id, $_REQUEST['new_pw']); + if ($request->post('new_pw') != '' && $request->post('new_pw') == $request->post('new_pw2')) { + set_password($user_id, $request->post('new_pw')); $user_source = User($user_id); engelsystem_log('Set new password for ' . User_Nick_render($user_source)); $html .= success('Passwort neu gesetzt.', true); diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index 99970a01..858ced80 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -38,6 +38,7 @@ function guest_register() $enable_tshirt_size = config('enable_tshirt_size'); $min_password_length = config('min_password_length'); $event_config = EventConfig(); + $request = request(); $msg = ''; $nick = ''; @@ -73,11 +74,11 @@ function guest_register() } } - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { $valid = true; - if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) { - $nick = User_validate_Nick($_REQUEST['nick']); + if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 1) { + $nick = User_validate_Nick($request->input('nick')); if (count(DB::select('SELECT `UID` FROM `User` WHERE `Nick`=? LIMIT 1', [$nick])) > 0) { $valid = false; $msg .= error(sprintf(_('Your nick "%s" already exists.'), $nick), true); @@ -86,11 +87,11 @@ function guest_register() $valid = false; $msg .= error(sprintf( _('Your nick "%s" is too short (min. 2 characters).'), - User_validate_Nick($_REQUEST['nick']) + User_validate_Nick($request->input('nick')) ), true); } - if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { + if ($request->has('mail') && strlen(strip_request_item('mail')) > 0) { $mail = strip_request_item('mail'); if (!check_email($mail)) { $valid = false; @@ -101,15 +102,15 @@ function guest_register() $msg .= error(_('Please enter your e-mail.'), true); } - if (isset($_REQUEST['email_shiftinfo'])) { + if ($request->has('email_shiftinfo')) { $email_shiftinfo = true; } - if (isset($_REQUEST['email_by_human_allowed'])) { + if ($request->has('email_by_human_allowed')) { $email_by_human_allowed = true; } - if (isset($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { + if ($request->has('jabber') && strlen(strip_request_item('jabber')) > 0) { $jabber = strip_request_item('jabber'); if (!check_email($jabber)) { $valid = false; @@ -118,16 +119,16 @@ function guest_register() } if ($enable_tshirt_size) { - if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']]) && $_REQUEST['tshirt_size'] != '') { - $tshirt_size = $_REQUEST['tshirt_size']; + if ($request->has('tshirt_size') && isset($tshirt_sizes[$request->input('tshirt_size')])) { + $tshirt_size = $request->input('tshirt_size'); } else { $valid = false; $msg .= error(_('Please select your shirt size.'), true); } } - if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) { - if ($_REQUEST['password'] != $_REQUEST['password2']) { + if ($request->has('password') && strlen($request->post('password')) >= $min_password_length) { + if ($request->post('password') != $request->post('password2')) { $valid = false; $msg .= error(_('Your passwords don\'t match.'), true); } @@ -139,8 +140,8 @@ function guest_register() ), true); } - if (isset($_REQUEST['planned_arrival_date'])) { - $tmp = parse_date('Y-m-d H:i', $_REQUEST['planned_arrival_date'] . ' 00:00'); + if ($request->has('planned_arrival_date')) { + $tmp = parse_date('Y-m-d H:i', $request->input('planned_arrival_date') . ' 00:00'); $result = User_validate_planned_arrival_date($tmp); $planned_arrival_date = $result->getValue(); if (!$result->isValid()) { @@ -151,34 +152,34 @@ function guest_register() $selected_angel_types = []; foreach (array_keys($angel_types) as $angel_type_id) { - if (isset($_REQUEST['angel_types_' . $angel_type_id])) { + if ($request->has('angel_types_' . $angel_type_id)) { $selected_angel_types[] = $angel_type_id; } } // Trivia - if (isset($_REQUEST['lastname'])) { + if ($request->has('lastname')) { $lastName = strip_request_item('lastname'); } - if (isset($_REQUEST['prename'])) { + if ($request->has('prename')) { $preName = strip_request_item('prename'); } - if (isset($_REQUEST['age']) && preg_match('/^\d{0,4}$/', $_REQUEST['age'])) { + if ($request->has('age') && preg_match('/^\d{0,4}$/', $request->input('age'))) { $age = strip_request_item('age'); } - if (isset($_REQUEST['tel'])) { + if ($request->has('tel')) { $tel = strip_request_item('tel'); } - if (isset($_REQUEST['dect'])) { + if ($request->has('dect')) { $dect = strip_request_item('dect'); } - if (isset($_REQUEST['mobile'])) { + if ($request->has('mobile')) { $mobile = strip_request_item('mobile'); } - if (isset($_REQUEST['hometown'])) { + if ($request->has('hometown')) { $hometown = strip_request_item('hometown'); } - if (isset($_REQUEST['comment'])) { + if ($request->has('comment')) { $comment = strip_request_item_nl('comment'); } @@ -233,7 +234,7 @@ function guest_register() // Assign user-group and set password $user_id = DB::getPdo()->lastInsertId(); DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -2)', [$user_id]); - set_password($user_id, $_REQUEST['password']); + set_password($user_id, $request->post('password')); // Assign angel-types $user_angel_types_info = []; @@ -391,18 +392,18 @@ function guest_logout() function guest_login() { $nick = ''; - + $request = request(); unset($_SESSION['uid']); $valid = true; - if (isset($_REQUEST['submit'])) { - if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 0) { - $nick = User_validate_Nick($_REQUEST['nick']); + if ($request->has('submit')) { + if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 0) { + $nick = User_validate_Nick($request->input('nick')); $login_user = DB::select('SELECT * FROM `User` WHERE `Nick`=?', [$nick]); if (count($login_user) > 0) { $login_user = $login_user[0]; - if (isset($_REQUEST['password'])) { - if (!verify_password($_REQUEST['password'], $login_user['Passwort'], $login_user['UID'])) { + if ($request->has('password')) { + if (!verify_password($request->post('password'), $login_user['Passwort'], $login_user['UID'])) { $valid = false; error(_('Your password is incorrect. Please try it again.')); } @@ -487,6 +488,6 @@ function get_register_hint() ]); } - //FIXME: return error(_('Registration is disabled.'), true); + //@TODO: FIXME: return error(_('Registration is disabled.'), true); return error('Registration is disabled.', true); } diff --git a/includes/pages/guest_stats.php b/includes/pages/guest_stats.php index 6b6f0572..8aa6f740 100644 --- a/includes/pages/guest_stats.php +++ b/includes/pages/guest_stats.php @@ -5,9 +5,10 @@ use Engelsystem\Database\DB; function guest_stats() { $apiKey = config('api_key'); + $request = request(); - if (isset($_REQUEST['api_key'])) { - if ($_REQUEST['api_key'] == $apiKey && !empty($apiKey)) { + if ($request->has('api_key')) { + if (!empty($apiKey) && $request->input('api_key') == $apiKey) { $stats = []; list($user_count) = DB::select('SELECT count(*) AS `user_count` FROM `User`'); diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php index d7c77d52..a1e2580a 100644 --- a/includes/pages/user_atom.php +++ b/includes/pages/user_atom.php @@ -3,16 +3,17 @@ use Engelsystem\Database\DB; /** - * Publically available page to feed the news to feedreaders + * Publically available page to feed the news to feed readers */ function user_atom() { global $user; + $request = request(); - if (!isset($_REQUEST['key']) || !preg_match('/^[\da-f]{32}$/', $_REQUEST['key'])) { + if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { engelsystem_error('Missing key.'); } - $key = $_REQUEST['key']; + $key = $request->input('key'); $user = User_by_api_key($key); if ($user == null) { @@ -25,7 +26,7 @@ function user_atom() $news = DB::select(' SELECT * FROM `News` - ' . (empty($_REQUEST['meetings']) ? '' : 'WHERE `Treffen` = 1 ') . ' + ' . (!$request->has('meetings') ? '' : 'WHERE `Treffen` = 1 ') . ' ORDER BY `ID` DESC LIMIT ' . (int)config('display_news') ); diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php index ce474a9e..8d22c4eb 100644 --- a/includes/pages/user_ical.php +++ b/includes/pages/user_ical.php @@ -6,11 +6,12 @@ function user_ical() { global $user; + $request = request(); - if (!isset($_REQUEST['key']) || !preg_match('/^[\da-f]{32}$/', $_REQUEST['key'])) { + if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { engelsystem_error('Missing key.'); } - $key = $_REQUEST['key']; + $key = $request->input('key'); $user = User_by_api_key($key); if ($user == null) { diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php index dd22cd66..a811970d 100644 --- a/includes/pages/user_messages.php +++ b/includes/pages/user_messages.php @@ -35,8 +35,9 @@ function user_unread_messages() function user_messages() { global $user; + $request = request(); - if (!isset($_REQUEST['action'])) { + if (!$request->has('action')) { $users = DB::select( 'SELECT `UID`, `Nick` FROM `User` WHERE NOT `UID`=? ORDER BY `Nick`', [$user['UID']] @@ -121,10 +122,10 @@ function user_messages() ], page_link_to('user_messages') . '&action=send') ]); } else { - switch ($_REQUEST['action']) { + switch ($request->input('action')) { case 'read': - if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { - $message_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $message_id = $request->input('id'); } else { return error(_('Incomplete call, missing Message ID.'), true); } @@ -145,8 +146,8 @@ function user_messages() break; case 'delete': - if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { - $message_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $message_id = $request->input('id'); } else { return error(_('Incomplete call, missing Message ID.'), true); } @@ -164,7 +165,8 @@ function user_messages() break; case 'send': - if (Message_send($_REQUEST['to'], $_REQUEST['text'])) { + // @TODO: Validation? + if (Message_send($request->input('to'), $request->input('text'))) { redirect(page_link_to('user_messages')); } else { return error(_('Transmitting was terminated with an Error.'), true); diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index 6048093a..14b5b8ee 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -18,14 +18,15 @@ function myshifts_title() function user_myshifts() { global $user, $privileges; + $request = request(); if ( - isset($_REQUEST['id']) + $request->has('id') && in_array('user_shifts_admin', $privileges) - && preg_match('/^\d{1,}$/', $_REQUEST['id']) - && count(DB::select('SELECT `UID` FROM `User` WHERE `UID`=?', [$_REQUEST['id']])) > 0 + && preg_match('/^\d{1,}$/', $request->input('id')) + && count(DB::select('SELECT `UID` FROM `User` WHERE `UID`=?', [$request->input('id')])) > 0 ) { - $user_id = $_REQUEST['id']; + $user_id = $request->input('id'); } else { $user_id = $user['UID']; } @@ -33,8 +34,8 @@ function user_myshifts() $shifts_user = DB::select('SELECT * FROM `User` WHERE `UID`=? LIMIT 1', [$user_id]); $shifts_user = array_shift($shifts_user); - if (isset($_REQUEST['reset'])) { - if ($_REQUEST['reset'] == 'ack') { + if ($request->has('reset')) { + if ($request->input('reset') == 'ack') { User_reset_api_key($user); success(_('Key changed.')); redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); @@ -46,8 +47,8 @@ function user_myshifts() ), button(page_link_to('user_myshifts') . '&reset=ack', _('Continue'), 'btn-danger') ]); - } elseif (isset($_REQUEST['edit']) && preg_match('/^\d*$/', $_REQUEST['edit'])) { - $user_id = $_REQUEST['edit']; + } elseif ($request->has('edit') && preg_match('/^\d*$/', $request->input('edit'))) { + $user_id = $request->input('edit'); $shift = DB::select(' SELECT `ShiftEntry`.`freeloaded`, @@ -77,10 +78,10 @@ function user_myshifts() $freeloaded = $shift['freeloaded']; $freeload_comment = $shift['freeload_comment']; - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { $valid = true; if (in_array('user_shifts_admin', $privileges)) { - $freeloaded = isset($_REQUEST['freeloaded']); + $freeloaded = $request->has('freeloaded'); $freeload_comment = strip_request_item_nl('freeload_comment'); if ($freeloaded && $freeload_comment == '') { $valid = false; @@ -128,8 +129,8 @@ function user_myshifts() } else { redirect(page_link_to('user_myshifts')); } - } elseif (isset($_REQUEST['cancel']) && preg_match('/^\d*$/', $_REQUEST['cancel'])) { - $user_id = $_REQUEST['cancel']; + } elseif ($request->has('cancel') && preg_match('/^\d*$/', $request->input('cancel'))) { + $user_id = $request->input('cancel'); $shift = DB::select(' SELECT * FROM `Shifts` diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index b1e337b6..9bdcb6fb 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -33,9 +33,10 @@ function user_meetings() { $display_news = config('display_news'); $html = '

' . meetings_title() . '

' . msg(); + $request = request(); - if (isset($_REQUEST['page']) && preg_match('/^\d{1,}$/', $_REQUEST['page'])) { - $page = $_REQUEST['page']; + if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) { + $page = $request->input('page'); } else { $page = 0; } @@ -56,9 +57,9 @@ function user_meetings() $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news); $html .= '
' . '
    '; for ($i = 0; $i < $dis_rows; $i++) { - if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) { + if ($request->has('page') && $i == $request->input('page')) { $html .= '
  • '; - } elseif (!isset($_REQUEST['page']) && $i == 0) { + } elseif (!$request->has('page') && $i == 0) { $html .= '
  • '; } else { $html .= '
  • '; @@ -116,17 +117,19 @@ function user_news_comments() { global $user; + $request = request(); + $html = '

    ' . user_news_comments_title() . '

    '; if ( - isset($_REQUEST['nid']) - && preg_match('/^\d{1,}$/', $_REQUEST['nid']) - && count(DB::select('SELECT `ID` FROM `News` WHERE `ID`=? LIMIT 1', [$_REQUEST['nid']])) > 0 + $request->has('nid') + && preg_match('/^\d{1,}$/', $request->input('nid')) + && count(DB::select('SELECT `ID` FROM `News` WHERE `ID`=? LIMIT 1', [$request->input('nid')])) > 0 ) { - $nid = $_REQUEST['nid']; + $nid = $request->input('nid'); $news = DB::select('SELECT * FROM `News` WHERE `ID`=? LIMIT 1', [$nid]); $news = array_shift($news); - if (isset($_REQUEST['text'])) { - $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); + if ($request->has('text')) { + $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($request->input('text'))); DB::insert(' INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`) VALUES (?, ?, ?, ?) @@ -179,12 +182,14 @@ function user_news() { global $privileges, $user; $display_news = config('display_news'); + $request = request(); $html = '

    ' . news_title() . '

    ' . msg(); - if (isset($_POST['text']) && isset($_POST['betreff']) && in_array('admin_news', $privileges)) { - if (!isset($_POST['treffen']) || !in_array('admin_news', $privileges)) { - $_POST['treffen'] = 0; + $isMeeting = $request->post('treffen'); + if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) { + if (!$request->has('treffen') || !in_array('admin_news', $privileges)) { + $isMeeting = 0; } DB::insert(' INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) @@ -192,19 +197,19 @@ function user_news() ', [ time(), - $_POST['betreff'], - $_POST['text'], + $request->post('betreff'), + $request->post('text'), $user['UID'], - $_POST['treffen'], + $isMeeting, ] ); - engelsystem_log('Created news: ' . $_POST['betreff'] . ', treffen: ' . $_POST['treffen']); + engelsystem_log('Created news: ' . $_POST['betreff'] . ', treffen: ' . $isMeeting); success(_('Entry saved.')); redirect(page_link_to('news')); } - if (isset($_REQUEST['page']) && preg_match('/^\d{1,}$/', $_REQUEST['page'])) { - $page = $_REQUEST['page']; + if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) { + $page = $request->input('page'); } else { $page = 0; } @@ -225,9 +230,9 @@ function user_news() $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news); $html .= '
    ' . '
      '; for ($i = 0; $i < $dis_rows; $i++) { - if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) { + if ($request->has('page') && $i == $request->input('page')) { $html .= '
    • '; - } elseif (!isset($_REQUEST['page']) && $i == 0) { + } elseif (!$request->has('page') && $i == 0) { $html .= '
    • '; } else { $html .= '
    • '; diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php index 5cb60db3..fdf76aee 100644 --- a/includes/pages/user_questions.php +++ b/includes/pages/user_questions.php @@ -16,8 +16,9 @@ function questions_title() function user_questions() { global $user; + $request = request(); - if (!isset($_REQUEST['action'])) { + if (!$request->has('action')) { $open_questions = DB::select( 'SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`=?', [$user['UID']] @@ -34,7 +35,7 @@ function user_questions() return Questions_view($open_questions, $answered_questions, page_link_to('user_questions') . '&action=ask'); } else { - switch ($_REQUEST['action']) { + switch ($request->input('action')) { case 'ask': $question = strip_request_item_nl('question'); if ($question != '') { @@ -56,8 +57,8 @@ function user_questions() } break; case 'delete': - if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { - $question_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $question_id = $request->input('id'); } else { return error(_('Incomplete call, missing Question ID.'), true); } diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index a2a486f4..69e5a7fb 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -21,9 +21,10 @@ function settings_title() function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) { $valid = true; + $request = request(); - if (isset($_REQUEST['mail'])) { - $result = User_validate_mail($_REQUEST['mail']); + if ($request->has('mail')) { + $result = User_validate_mail($request->input('mail')); $user_source['email'] = $result->getValue(); if (!$result->isValid()) { $valid = false; @@ -34,11 +35,11 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) error(_('Please enter your e-mail.')); } - $user_source['email_shiftinfo'] = isset($_REQUEST['email_shiftinfo']); - $user_source['email_by_human_allowed'] = isset($_REQUEST['email_by_human_allowed']); + $user_source['email_shiftinfo'] = $request->has('email_shiftinfo'); + $user_source['email_by_human_allowed'] = $request->has('email_by_human_allowed'); - if (isset($_REQUEST['jabber'])) { - $result = User_validate_jabber($_REQUEST['jabber']); + if ($request->has('jabber')) { + $result = User_validate_jabber($request->input('jabber')); $user_source['jabber'] = $result->getValue(); if (!$result->isValid()) { $valid = false; @@ -46,14 +47,14 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) } } - if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']])) { - $user_source['Size'] = $_REQUEST['tshirt_size']; + if ($request->has('tshirt_size') && isset($tshirt_sizes[$request->input('tshirt_size')])) { + $user_source['Size'] = $request->input('tshirt_size'); } elseif ($enable_tshirt_size) { $valid = false; } - if (isset($_REQUEST['planned_arrival_date'])) { - $tmp = parse_date('Y-m-d H:i', $_REQUEST['planned_arrival_date'] . ' 00:00'); + if ($request->has('planned_arrival_date')) { + $tmp = parse_date('Y-m-d H:i', $request->input('planned_arrival_date') . ' 00:00'); $result = User_validate_planned_arrival_date($tmp); $user_source['planned_arrival_date'] = $result->getValue(); if (!$result->isValid()) { @@ -62,8 +63,8 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) } } - if (isset($_REQUEST['planned_departure_date'])) { - $tmp = parse_date('Y-m-d H:i', $_REQUEST['planned_departure_date'] . ' 00:00'); + if ($request->has('planned_departure_date')) { + $tmp = parse_date('Y-m-d H:i', $request->input('planned_departure_date') . ' 00:00'); $result = User_validate_planned_departure_date($user_source['planned_arrival_date'], $tmp); $user_source['planned_departure_date'] = $result->getValue(); if (!$result->isValid()) { @@ -97,16 +98,17 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) */ function user_settings_password($user_source) { + $request = request(); if ( - !isset($_REQUEST['password']) - || !verify_password($_REQUEST['password'], $user_source['Passwort'], $user_source['UID']) + !$request->has('password') + || !verify_password($request->post('password'), $user_source['Passwort'], $user_source['UID']) ) { error(_('-> not OK. Please try again.')); - } elseif (strlen($_REQUEST['new_password']) < config('min_password_length')) { + } elseif (strlen($request->post('new_password')) < config('min_password_length')) { error(_('Your password is to short (please use at least 6 characters).')); - } elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) { + } elseif ($request->post('new_password') != $request->post('new_password2')) { error(_('Your passwords don\'t match.')); - } elseif (set_password($user_source['UID'], $_REQUEST['new_password'])) { + } elseif (set_password($user_source['UID'], $request->post('new_password'))) { success(_('Password saved.')); } else { error(_('Failed setting password.')); @@ -124,9 +126,10 @@ function user_settings_password($user_source) function user_settings_theme($user_source, $themes) { $valid = true; + $request = request(); - if (isset($_REQUEST['theme']) && isset($themes[$_REQUEST['theme']])) { - $user_source['color'] = $_REQUEST['theme']; + if ($request->has('theme') && isset($themes[$request->input('theme')])) { + $user_source['color'] = $request->input('theme'); } else { $valid = false; } @@ -160,9 +163,10 @@ function user_settings_theme($user_source, $themes) function user_settings_locale($user_source, $locales) { $valid = true; + $request = request(); - if (isset($_REQUEST['language']) && isset($locales[$_REQUEST['language']])) { - $user_source['Sprache'] = $_REQUEST['language']; + if ($request->has('language') && isset($locales[$request->input('language')])) { + $user_source['Sprache'] = $request->input('language'); } else { $valid = false; } @@ -195,6 +199,7 @@ function user_settings_locale($user_source, $locales) function user_settings() { global $themes, $user; + $request = request(); $enable_tshirt_size = config('enable_tshirt_size'); $tshirt_sizes = config('tshirt_sizes'); @@ -220,13 +225,13 @@ function user_settings() $user_source = $user; - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { $user_source = user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes); - } elseif (isset($_REQUEST['submit_password'])) { + } elseif ($request->has('submit_password')) { user_settings_password($user_source); - } elseif (isset($_REQUEST['submit_theme'])) { + } elseif ($request->has('submit_theme')) { $user_source = user_settings_theme($user_source, $themes); - } elseif (isset($_REQUEST['submit_language'])) { + } elseif ($request->has('submit_language')) { $user_source = user_settings_locale($user_source, $locales); } diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index 55e49e4f..4dabdfb5 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -23,20 +23,21 @@ function shifts_title() function user_shifts() { global $user; + $request = request(); if (User_is_freeloader($user)) { redirect(page_link_to('user_myshifts')); } // Löschen einzelner Schicht-Einträge (Also Belegung einer Schicht von Engeln) durch Admins - if (isset($_REQUEST['entry_id'])) { + if ($request->has('entry_id')) { shift_entry_delete_controller(); return ''; - } elseif (isset($_REQUEST['edit_shift'])) { + } elseif ($request->has('edit_shift')) { return shift_edit_controller(); - } elseif (isset($_REQUEST['delete_shift'])) { + } elseif ($request->has('delete_shift')) { return shift_delete_controller(); - } elseif (isset($_REQUEST['shift_id'])) { + } elseif ($request->has('shift_id')) { return shift_entry_add_controller(); } return view_user_shifts(); -- cgit v1.2.3-54-g00ecf