From 3a1e4602492cec1c8f3d2aabab2c866022f43bf1 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Tue, 18 Jul 2017 21:38:53 +0200
Subject: Changed $_GET, $_POST and $_REQUEST to use the Request object

---
 includes/controller/angeltypes_controller.php      | 22 ++++---
 includes/controller/event_config_controller.php    |  7 ++-
 includes/controller/rooms_controller.php           | 15 +++--
 includes/controller/shift_entries_controller.php   | 30 ++++-----
 includes/controller/shifts_controller.php          | 54 +++++++++-------
 includes/controller/shifttypes_controller.php      | 35 ++++++-----
 includes/controller/user_angeltypes_controller.php | 49 ++++++++-------
 .../controller/user_driver_licenses_controller.php | 24 ++++----
 includes/controller/users_controller.php           | 72 +++++++++++++---------
 includes/engelsystem_provider.php                  |  8 +++
 includes/helper/internationalization_helper.php    |  8 +--
 includes/pages/admin_active.php                    | 27 ++++----
 includes/pages/admin_arrive.php                    | 12 ++--
 includes/pages/admin_free.php                      | 16 ++---
 includes/pages/admin_groups.php                    | 21 ++++---
 includes/pages/admin_import.php                    | 48 +++++++--------
 includes/pages/admin_log.php                       |  2 +-
 includes/pages/admin_news.php                      | 17 ++---
 includes/pages/admin_questions.php                 | 15 ++---
 includes/pages/admin_rooms.php                     | 36 +++++------
 includes/pages/admin_shifts.php                    | 69 +++++++++++----------
 includes/pages/admin_user.php                      | 58 ++++++++---------
 includes/pages/guest_login.php                     | 63 +++++++++----------
 includes/pages/guest_stats.php                     |  5 +-
 includes/pages/user_atom.php                       |  9 +--
 includes/pages/user_ical.php                       |  5 +-
 includes/pages/user_messages.php                   | 16 ++---
 includes/pages/user_myshifts.php                   | 25 ++++----
 includes/pages/user_news.php                       | 47 +++++++-------
 includes/pages/user_questions.php                  |  9 +--
 includes/pages/user_settings.php                   | 55 +++++++++--------
 includes/pages/user_shifts.php                     |  9 +--
 includes/sys_page.php                              | 35 ++++++-----
 includes/sys_template.php                          |  6 +-
 34 files changed, 509 insertions(+), 420 deletions(-)

(limited to 'includes')

diff --git a/includes/controller/angeltypes_controller.php b/includes/controller/angeltypes_controller.php
index daa754eb..346a4d73 100644
--- a/includes/controller/angeltypes_controller.php
+++ b/includes/controller/angeltypes_controller.php
@@ -81,7 +81,7 @@ function angeltype_delete_controller()
 
     $angeltype = load_angeltype();
 
-    if (isset($_REQUEST['confirmed'])) {
+    if (request()->has('confirmed')) {
         AngelType_delete($angeltype);
         success(sprintf(_('Angeltype %s deleted.'), AngelType_name_render($angeltype)));
         redirect(page_link_to('angeltypes'));
@@ -104,8 +104,9 @@ function angeltype_edit_controller()
 
     // In supporter mode only allow to modify description
     $supporter_mode = !in_array('admin_angel_types', $privileges);
+    $request = request();
 
-    if (isset($_REQUEST['angeltype_id'])) {
+    if ($request->has('angeltype_id')) {
         // Edit existing angeltype
         $angeltype = load_angeltype();
 
@@ -121,12 +122,12 @@ function angeltype_edit_controller()
         $angeltype = AngelType_new();
     }
 
-    if (isset($_REQUEST['submit'])) {
+    if ($request->has('submit')) {
         $valid = true;
 
         if (!$supporter_mode) {
-            if (isset($_REQUEST['name'])) {
-                $result = AngelType_validate_name($_REQUEST['name'], $angeltype);
+            if ($request->has('name')) {
+                $result = AngelType_validate_name($request->get('name'), $angeltype);
                 $angeltype['name'] = $result->getValue();
                 if (!$result->isValid()) {
                     $valid = false;
@@ -134,10 +135,10 @@ function angeltype_edit_controller()
                 }
             }
 
-            $angeltype['restricted'] = isset($_REQUEST['restricted']);
-            $angeltype['no_self_signup'] = isset($_REQUEST['no_self_signup']);
+            $angeltype['restricted'] = $request->has('restricted');
+            $angeltype['no_self_signup'] = $request->has('no_self_signup');
 
-            $angeltype['requires_driver_license'] = isset($_REQUEST['requires_driver_license']);
+            $angeltype['requires_driver_license'] = $request->has('requires_driver_license');
         }
 
         $angeltype['description'] = strip_request_item_nl('description', $angeltype['description']);
@@ -262,11 +263,12 @@ function angeltypes_list_controller()
  */
 function load_angeltype()
 {
-    if (!isset($_REQUEST['angeltype_id'])) {
+    $request = request();
+    if (!$request->has('angeltype_id')) {
         redirect(page_link_to('angeltypes'));
     }
 
-    $angeltype = AngelType($_REQUEST['angeltype_id']);
+    $angeltype = AngelType($request->input('angeltype_id'));
     if ($angeltype == null) {
         error(_('Angeltype doesn\'t exist . '));
         redirect(page_link_to('angeltypes'));
diff --git a/includes/controller/event_config_controller.php b/includes/controller/event_config_controller.php
index 06245c47..dcdcf54a 100644
--- a/includes/controller/event_config_controller.php
+++ b/includes/controller/event_config_controller.php
@@ -19,6 +19,7 @@ function event_config_edit_controller()
         redirect('?');
     }
 
+    $request = request();
     $event_name = null;
     $event_welcome_msg = null;
     $buildup_start_date = null;
@@ -36,17 +37,17 @@ function event_config_edit_controller()
         $event_welcome_msg = $event_config['event_welcome_msg'];
     }
 
-    if (isset($_REQUEST['submit'])) {
+    if ($request->has('submit')) {
         $valid = true;
 
-        if (isset($_REQUEST['event_name'])) {
+        if ($request->has('event_name')) {
             $event_name = strip_request_item('event_name');
         }
         if ($event_name == '') {
             $event_name = null;
         }
 
-        if (isset($_REQUEST['event_welcome_msg'])) {
+        if ($request->has('event_welcome_msg')) {
             $event_welcome_msg = strip_request_item_nl('event_welcome_msg');
         }
         if ($event_welcome_msg == '') {
diff --git a/includes/controller/rooms_controller.php b/includes/controller/rooms_controller.php
index 3082a28d..2d6f1a77 100644
--- a/includes/controller/rooms_controller.php
+++ b/includes/controller/rooms_controller.php
@@ -19,6 +19,7 @@ function room_controller()
         redirect(page_link_to());
     }
 
+    $request = request();
     $room = load_room(false);
     if ($room['show'] != 'Y' && !in_array('admin_rooms', $privileges)) {
         redirect(page_link_to());
@@ -42,8 +43,8 @@ function room_controller()
     if (!empty($days)) {
         $selected_day = $days[0];
     }
-    if (isset($_REQUEST['shifts_filter_day'])) {
-        $selected_day = $_REQUEST['shifts_filter_day'];
+    if ($request->has('shifts_filter_day')) {
+        $selected_day = $request->input('shifts_filter_day');
     }
     $shiftsFilter->setStartTime(parse_date('Y-m-d H:i', $selected_day . ' 00:00'));
     $shiftsFilter->setEndTime(parse_date('Y-m-d H:i', $selected_day . ' 23:59'));
@@ -66,11 +67,13 @@ function room_controller()
  */
 function rooms_controller()
 {
-    if (!isset($_REQUEST['action'])) {
-        $_REQUEST['action'] = 'list';
+    $request = request();
+    $action = $request->input('action');
+    if (!$request->has('action')) {
+        $action = 'list';
     }
 
-    switch ($_REQUEST['action']) {
+    switch ($action) {
         case 'view':
             return room_controller();
         case 'list':
@@ -112,7 +115,7 @@ function load_room($onlyVisible = true)
         redirect(page_link_to());
     }
 
-    $room = Room($_REQUEST['room_id'], $onlyVisible);
+    $room = Room(request()->input('room_id'), $onlyVisible);
     if ($room == null) {
         redirect(page_link_to());
     }
diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php
index cb2d9bee..38aad5bb 100644
--- a/includes/controller/shift_entries_controller.php
+++ b/includes/controller/shift_entries_controller.php
@@ -11,9 +11,10 @@ function shift_entry_add_controller()
 {
     global $privileges, $user;
 
+    $request = request();
     $shift_id = 0;
-    if (isset($_REQUEST['shift_id']) && preg_match('/^\d*$/', $_REQUEST['shift_id'])) {
-        $shift_id = $_REQUEST['shift_id'];
+    if ($request->has('shift_id') && preg_match('/^\d*$/', $request->input('shift_id'))) {
+        $shift_id = $request->input('shift_id');
     } else {
         redirect(page_link_to('user_shifts'));
     }
@@ -32,8 +33,8 @@ function shift_entry_add_controller()
     }
 
     $type_id = 0;
-    if (isset($_REQUEST['type_id']) && preg_match('/^\d*$/', $_REQUEST['type_id'])) {
-        $type_id = $_REQUEST['type_id'];
+    if ($request->has('type_id') && preg_match('/^\d*$/', $request->input('type_id'))) {
+        $type_id = $request->input('type_id');
     } else {
         redirect(page_link_to('user_shifts'));
     }
@@ -63,14 +64,14 @@ function shift_entry_add_controller()
     }
 
     if (
-        isset($_REQUEST['user_id'])
-        && preg_match('/^\d*$/', $_REQUEST['user_id'])
+        $request->has('user_id')
+        && preg_match('/^\d*$/', $request->input('user_id'))
         && (
             in_array('user_shifts_admin', $privileges)
             || in_array('shiftentry_edit_angeltype_supporter', $privileges)
         )
     ) {
-        $user_id = $_REQUEST['user_id'];
+        $user_id = $request->input('user_id');
     } else {
         $user_id = $user['UID'];
     }
@@ -92,7 +93,7 @@ function shift_entry_add_controller()
         redirect(shift_link($shift));
     }
 
-    if (isset($_REQUEST['submit'])) {
+    if ($request->has('submit')) {
         $selected_type_id = $type_id;
         if (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter',
                 $privileges)
@@ -103,14 +104,14 @@ function shift_entry_add_controller()
             }
 
             if (
-                isset($_REQUEST['angeltype_id'])
+                $request->has('angeltype_id')
                 && test_request_int('angeltype_id')
                 && count(DB::select(
                     'SELECT `id` FROM `AngelTypes` WHERE `id`=? LIMIT 1',
-                    [$_REQUEST['angeltype_id']]
+                    [$request->input('angeltype_id')]
                 )) > 0
             ) {
-                $selected_type_id = $_REQUEST['angeltype_id'];
+                $selected_type_id = $request->input('angeltype_id');
             }
         }
 
@@ -124,7 +125,7 @@ function shift_entry_add_controller()
         $freeloaded = isset($shift['freeloaded']) ? $shift['freeloaded'] : false;
         $freeload_comment = isset($shift['freeload_comment']) ? $shift['freeload_comment'] : '';
         if (in_array('user_shifts_admin', $privileges)) {
-            $freeloaded = isset($_REQUEST['freeloaded']);
+            $freeloaded = $request->has('freeloaded');
             $freeload_comment = strip_request_item_nl('freeload_comment');
         }
 
@@ -236,11 +237,12 @@ function shift_entry_add_controller()
 function shift_entry_delete_controller()
 {
     global $privileges, $user;
+    $request = request();
 
-    if (!isset($_REQUEST['entry_id']) || !test_request_int('entry_id')) {
+    if (!$request->has('entry_id') || !test_request_int('entry_id')) {
         redirect(page_link_to('user_shifts'));
     }
-    $entry_id = $_REQUEST['entry_id'];
+    $entry_id = $request->input('entry_id');
 
     $shift_entry_source = DB::select('
         SELECT
diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php
index c8b6932a..21c6e160 100644
--- a/includes/controller/shifts_controller.php
+++ b/includes/controller/shifts_controller.php
@@ -44,15 +44,16 @@ function shift_edit_controller()
     // Schicht bearbeiten
     $msg = '';
     $valid = true;
+    $request = request();
 
     if (!in_array('admin_shifts', $privileges)) {
         redirect(page_link_to('user_shifts'));
     }
 
-    if (!isset($_REQUEST['edit_shift']) || !test_request_int('edit_shift')) {
+    if (!$request->has('edit_shift') || !test_request_int('edit_shift')) {
         redirect(page_link_to('user_shifts'));
     }
-    $shift_id = $_REQUEST['edit_shift'];
+    $shift_id = $request->input('edit_shift');
 
     $shift = Shift($shift_id);
 
@@ -73,33 +74,37 @@ function shift_edit_controller()
     $start = $shift['start'];
     $end = $shift['end'];
 
-    if (isset($_REQUEST['submit'])) {
+    if ($request->has('submit')) {
         // Name/Bezeichnung der Schicht, darf leer sein
         $title = strip_request_item('title');
 
         // Auswahl der sichtbaren Locations für die Schichten
-        if (isset($_REQUEST['rid']) && preg_match('/^\d+$/', $_REQUEST['rid']) && isset($room[$_REQUEST['rid']])) {
-            $rid = $_REQUEST['rid'];
+        if (
+            $request->has('rid')
+            && preg_match('/^\d+$/', $request->input('rid'))
+            && isset($room[$request->input('rid')])
+        ) {
+            $rid = $request->input('rid');
         } else {
             $valid = false;
             $msg .= error(_('Please select a room.'), true);
         }
 
-        if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) {
-            $shifttype_id = $_REQUEST['shifttype_id'];
+        if ($request->has('shifttype_id') && isset($shifttypes[$request->input('shifttype_id')])) {
+            $shifttype_id = $request->input('shifttype_id');
         } else {
             $valid = false;
             $msg .= error(_('Please select a shifttype.'), true);
         }
 
-        if (isset($_REQUEST['start']) && $tmp = parse_date('Y-m-d H:i', $_REQUEST['start'])) {
+        if ($request->has('start') && $tmp = parse_date('Y-m-d H:i', $request->input('start'))) {
             $start = $tmp;
         } else {
             $valid = false;
             $msg .= error(_('Please enter a valid starting time for the shifts.'), true);
         }
 
-        if (isset($_REQUEST['end']) && $tmp = parse_date('Y-m-d H:i', $_REQUEST['end'])) {
+        if ($request->has('end') && $tmp = parse_date('Y-m-d H:i', $request->input('end'))) {
             $end = $tmp;
         } else {
             $valid = false;
@@ -112,8 +117,8 @@ function shift_edit_controller()
         }
 
         foreach ($needed_angel_types as $needed_angeltype_id => $needed_angeltype_name) {
-            if (isset($_REQUEST['type_' . $needed_angeltype_id]) && test_request_int('type_' . $needed_angeltype_id)) {
-                $needed_angel_types[$needed_angeltype_id] = trim($_REQUEST['type_' . $needed_angeltype_id]);
+            if ($request->has('type_' . $needed_angeltype_id) && test_request_int('type_' . $needed_angeltype_id)) {
+                $needed_angel_types[$needed_angeltype_id] = trim($request->input('type_' . $needed_angeltype_id));
             } else {
                 $valid = false;
                 $msg .= error(sprintf(
@@ -186,16 +191,17 @@ function shift_edit_controller()
 function shift_delete_controller()
 {
     global $privileges;
+    $request = request();
 
     if (!in_array('user_shifts_admin', $privileges)) {
         redirect(page_link_to('user_shifts'));
     }
 
     // Schicht komplett löschen (nur für admins/user mit user_shifts_admin privileg)
-    if (!isset($_REQUEST['delete_shift']) || !preg_match('/^\d*$/', $_REQUEST['delete_shift'])) {
+    if (!$request->has('delete_shift') || !preg_match('/^\d*$/', $request->input('delete_shift'))) {
         redirect(page_link_to('user_shifts'));
     }
-    $shift_id = $_REQUEST['delete_shift'];
+    $shift_id = $request->input('delete_shift');
 
     $shift = Shift($shift_id);
     if ($shift == null) {
@@ -203,7 +209,7 @@ function shift_delete_controller()
     }
 
     // Schicht löschen bestätigt
-    if (isset($_REQUEST['delete'])) {
+    if ($request->has('delete')) {
         Shift_delete($shift_id);
 
         engelsystem_log(
@@ -232,16 +238,17 @@ function shift_delete_controller()
 function shift_controller()
 {
     global $user, $privileges;
+    $request = request();
 
     if (!in_array('user_shifts', $privileges)) {
         redirect(page_link_to('?'));
     }
 
-    if (!isset($_REQUEST['shift_id'])) {
+    if (!$request->has('shift_id')) {
         redirect(page_link_to('user_shifts'));
     }
 
-    $shift = Shift($_REQUEST['shift_id']);
+    $shift = Shift($request->input('shift_id'));
     if ($shift == null) {
         error(_('Shift could not be found.'));
         redirect(page_link_to('user_shifts'));
@@ -285,11 +292,12 @@ function shift_controller()
  */
 function shifts_controller()
 {
-    if (!isset($_REQUEST['action'])) {
+    $request = request();
+    if (!$request->has('action')) {
         redirect(page_link_to('user_shifts'));
     }
 
-    switch ($_REQUEST['action']) {
+    switch ($request->input('action')) {
         case 'view':
             return shift_controller();
         case 'next':
@@ -330,16 +338,17 @@ function shift_next_controller()
 function shifts_json_export_all_controller()
 {
     $api_key = config('api_key');
+    $request = request();
 
     if (empty($api_key)) {
         engelsystem_error('Config contains empty apikey.');
     }
 
-    if (!isset($_REQUEST['api_key'])) {
+    if (!$request->has('api_key')) {
         engelsystem_error('Missing parameter api_key.');
     }
 
-    if ($_REQUEST['api_key'] != $api_key) {
+    if ($request->input('api_key') != $api_key) {
         engelsystem_error('Invalid api_key.');
     }
 
@@ -359,12 +368,13 @@ function shifts_json_export_all_controller()
 function shifts_json_export_controller()
 {
     global $user;
+    $request = request();
 
-    if (!isset($_REQUEST['key']) || !preg_match('/^[\da-f]{32}$/', $_REQUEST['key'])) {
+    if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) {
         engelsystem_error('Missing key.');
     }
 
-    $key = $_REQUEST['key'];
+    $key = $request->input('key');
 
     $user = User_by_api_key($key);
     if ($user == null) {
diff --git a/includes/controller/shifttypes_controller.php b/includes/controller/shifttypes_controller.php
index 9a470e29..acdeb982 100644
--- a/includes/controller/shifttypes_controller.php
+++ b/includes/controller/shifttypes_controller.php
@@ -16,17 +16,18 @@ function shifttype_link($shifttype)
  */
 function shifttype_delete_controller()
 {
-    if (!isset($_REQUEST['shifttype_id'])) {
+    $request = request();
+    if (!$request->has('shifttype_id')) {
         redirect(page_link_to('shifttypes'));
     }
 
-    $shifttype = ShiftType($_REQUEST['shifttype_id']);
+    $shifttype = ShiftType($request->input('shifttype_id'));
 
     if ($shifttype == null) {
         redirect(page_link_to('shifttypes'));
     }
 
-    if (isset($_REQUEST['confirmed'])) {
+    if ($request->has('confirmed')) {
         $result = ShiftType_delete($shifttype['id']);
         if (empty($result)) {
             engelsystem_error('Unable to delete shifttype.');
@@ -56,9 +57,10 @@ function shifttype_edit_controller()
     $description = '';
 
     $angeltypes = AngelTypes();
+    $request = request();
 
-    if (isset($_REQUEST['shifttype_id'])) {
-        $shifttype = ShiftType($_REQUEST['shifttype_id']);
+    if ($request->has('shifttype_id')) {
+        $shifttype = ShiftType($request->input('shifttype_id'));
         if ($shifttype == null) {
             error(_('Shifttype not found.'));
             redirect(page_link_to('shifttypes'));
@@ -69,23 +71,23 @@ function shifttype_edit_controller()
         $description = $shifttype['description'];
     }
 
-    if (isset($_REQUEST['submit'])) {
+    if ($request->has('submit')) {
         $valid = true;
 
-        if (isset($_REQUEST['name']) && $_REQUEST['name'] != '') {
+        if ($request->has('name') && $request->input('name') != '') {
             $name = strip_request_item('name');
         } else {
             $valid = false;
             error(_('Please enter a name.'));
         }
 
-        if (isset($_REQUEST['angeltype_id']) && preg_match('/^\d+$/', $_REQUEST['angeltype_id'])) {
-            $angeltype_id = $_REQUEST['angeltype_id'];
+        if ($request->has('angeltype_id') && preg_match('/^\d+$/', $request->input('angeltype_id'))) {
+            $angeltype_id = $request->input('angeltype_id');
         } else {
             $angeltype_id = null;
         }
 
-        if (isset($_REQUEST['description'])) {
+        if ($request->has('description')) {
             $description = strip_request_item_nl('description');
         }
 
@@ -120,10 +122,11 @@ function shifttype_edit_controller()
  */
 function shifttype_controller()
 {
-    if (!isset($_REQUEST['shifttype_id'])) {
+    $request = request();
+    if (!$request->has('shifttype_id')) {
         redirect(page_link_to('shifttypes'));
     }
-    $shifttype = ShiftType($_REQUEST['shifttype_id']);
+    $shifttype = ShiftType($request->input('shifttype_id'));
     if ($shifttype == null) {
         redirect(page_link_to('shifttypes'));
     }
@@ -174,11 +177,13 @@ function shifttypes_title()
  */
 function shifttypes_controller()
 {
-    if (!isset($_REQUEST['action'])) {
-        $_REQUEST['action'] = 'list';
+    $request = request();
+    $action = 'list';
+    if ($request->has('action')) {
+        $action = $request->input('action');
     }
 
-    switch ($_REQUEST['action']) {
+    switch ($action) {
         case 'view':
             return shifttype_controller();
         case 'edit':
diff --git a/includes/controller/user_angeltypes_controller.php b/includes/controller/user_angeltypes_controller.php
index f31aeecd..41185552 100644
--- a/includes/controller/user_angeltypes_controller.php
+++ b/includes/controller/user_angeltypes_controller.php
@@ -38,13 +38,14 @@ function user_angeltypes_unconfirmed_hint()
 function user_angeltypes_delete_all_controller()
 {
     global $user;
+    $request = request();
 
-    if (!isset($_REQUEST['angeltype_id'])) {
+    if (!$request->has('angeltype_id')) {
         error(_('Angeltype doesn\'t exist.'));
         redirect(page_link_to('angeltypes'));
     }
 
-    $angeltype = AngelType($_REQUEST['angeltype_id']);
+    $angeltype = AngelType($request->input('angeltype_id'));
     if ($angeltype == null) {
         error(_('Angeltype doesn\'t exist.'));
         redirect(page_link_to('angeltypes'));
@@ -55,7 +56,7 @@ function user_angeltypes_delete_all_controller()
         redirect(page_link_to('angeltypes'));
     }
 
-    if (isset($_REQUEST['confirmed'])) {
+    if ($request->has('confirmed')) {
         UserAngelTypes_delete_all($angeltype['id']);
 
         engelsystem_log(sprintf('Denied all users for angeltype %s', AngelType_name_render($angeltype)));
@@ -77,13 +78,14 @@ function user_angeltypes_delete_all_controller()
 function user_angeltypes_confirm_all_controller()
 {
     global $user, $privileges;
+    $request = request();
 
-    if (!isset($_REQUEST['angeltype_id'])) {
+    if (!$request->has('angeltype_id')) {
         error(_('Angeltype doesn\'t exist.'));
         redirect(page_link_to('angeltypes'));
     }
 
-    $angeltype = AngelType($_REQUEST['angeltype_id']);
+    $angeltype = AngelType($request->input('angeltype_id'));
     if ($angeltype == null) {
         error(_('Angeltype doesn\'t exist.'));
         redirect(page_link_to('angeltypes'));
@@ -100,7 +102,7 @@ function user_angeltypes_confirm_all_controller()
         redirect(page_link_to('angeltypes'));
     }
 
-    if (isset($_REQUEST['confirmed'])) {
+    if ($request->has('confirmed')) {
         UserAngelTypes_confirm_all($angeltype['id'], $user);
 
         engelsystem_log(sprintf('Confirmed all users for angeltype %s', AngelType_name_render($angeltype)));
@@ -122,13 +124,14 @@ function user_angeltypes_confirm_all_controller()
 function user_angeltype_confirm_controller()
 {
     global $user;
+    $request = request();
 
-    if (!isset($_REQUEST['user_angeltype_id'])) {
+    if (!$request->has('user_angeltype_id')) {
         error(_('User angeltype doesn\'t exist.'));
         redirect(page_link_to('angeltypes'));
     }
 
-    $user_angeltype = UserAngelType($_REQUEST['user_angeltype_id']);
+    $user_angeltype = UserAngelType($request->input('user_angeltype_id'));
     if ($user_angeltype == null) {
         error(_('User angeltype doesn\'t exist.'));
         redirect(page_link_to('angeltypes'));
@@ -151,7 +154,7 @@ function user_angeltype_confirm_controller()
         redirect(page_link_to('angeltypes'));
     }
 
-    if (isset($_REQUEST['confirmed'])) {
+    if ($request->has('confirmed')) {
         UserAngelType_confirm($user_angeltype['id'], $user);
 
         engelsystem_log(sprintf(
@@ -181,13 +184,14 @@ function user_angeltype_confirm_controller()
 function user_angeltype_delete_controller()
 {
     global $user;
+    $request = request();
 
-    if (!isset($_REQUEST['user_angeltype_id'])) {
+    if (!$request->has('user_angeltype_id')) {
         error(_('User angeltype doesn\'t exist.'));
         redirect(page_link_to('angeltypes'));
     }
 
-    $user_angeltype = UserAngelType($_REQUEST['user_angeltype_id']);
+    $user_angeltype = UserAngelType($request->input('user_angeltype_id'));
     if ($user_angeltype == null) {
         error(_('User angeltype doesn\'t exist.'));
         redirect(page_link_to('angeltypes'));
@@ -210,7 +214,7 @@ function user_angeltype_delete_controller()
         redirect(page_link_to('angeltypes'));
     }
 
-    if (isset($_REQUEST['confirmed'])) {
+    if ($request->has('confirmed')) {
         $result = UserAngelType_delete($user_angeltype);
         if ($result === false) {
             engelsystem_error('Unable to delete user angeltype.');
@@ -238,25 +242,26 @@ function user_angeltype_update_controller()
 {
     global $privileges;
     $supporter = false;
+    $request = request();
 
     if (!in_array('admin_angel_types', $privileges)) {
         error(_('You are not allowed to set supporter rights.'));
         redirect(page_link_to('angeltypes'));
     }
 
-    if (!isset($_REQUEST['user_angeltype_id'])) {
+    if (!$request->has('user_angeltype_id')) {
         error(_('User angeltype doesn\'t exist.'));
         redirect(page_link_to('angeltypes'));
     }
 
-    if (isset($_REQUEST['supporter']) && preg_match('/^[01]$/', $_REQUEST['supporter'])) {
-        $supporter = $_REQUEST['supporter'] == '1';
+    if ($request->has('supporter') && preg_match('/^[01]$/', $request->input('supporter'))) {
+        $supporter = $request->input('supporter') == '1';
     } else {
         error(_('No supporter update given.'));
         redirect(page_link_to('angeltypes'));
     }
 
-    $user_angeltype = UserAngelType($_REQUEST['user_angeltype_id']);
+    $user_angeltype = UserAngelType($request->input('user_angeltype_id'));
     if ($user_angeltype == null) {
         error(_('User angeltype doesn\'t exist.'));
         redirect(page_link_to('angeltypes'));
@@ -274,7 +279,7 @@ function user_angeltype_update_controller()
         redirect(page_link_to('angeltypes'));
     }
 
-    if (isset($_REQUEST['confirmed'])) {
+    if ($request->has('confirmed')) {
         UserAngelType_update($user_angeltype['id'], $supporter);
 
         $success_message = sprintf(
@@ -300,7 +305,6 @@ function user_angeltype_update_controller()
 function user_angeltype_add_controller()
 {
     global $user;
-
     $angeltype = load_angeltype();
 
     // User is joining by itself
@@ -316,7 +320,7 @@ function user_angeltype_add_controller()
     // Load possible users, that are not in the angeltype already
     $users_source = Users_by_angeltype_inverted($angeltype);
 
-    if (isset($_REQUEST['submit'])) {
+    if (request()->has('submit')) {
         $user_source = load_user();
 
         if (!UserAngelType_exists($user_source, $angeltype)) {
@@ -366,7 +370,7 @@ function user_angeltype_join_controller($angeltype)
         redirect(page_link_to('angeltypes'));
     }
 
-    if (isset($_REQUEST['confirmed'])) {
+    if (request()->has('confirmed')) {
         $user_angeltype_id = UserAngelType_create($user, $angeltype);
 
         $success_message = sprintf(_('You joined %s.'), $angeltype['name']);
@@ -398,11 +402,12 @@ function user_angeltype_join_controller($angeltype)
  */
 function user_angeltypes_controller()
 {
-    if (!isset($_REQUEST['action'])) {
+    $request = request();
+    if (!$request->has('action')) {
         redirect(page_link_to('angeltypes'));
     }
 
-    switch ($_REQUEST['action']) {
+    switch ($request->input('action')) {
         case 'delete_all':
             return user_angeltypes_delete_all_controller();
         case 'confirm_all':
diff --git a/includes/controller/user_driver_licenses_controller.php b/includes/controller/user_driver_licenses_controller.php
index 3098c8ce..fef278dd 100644
--- a/includes/controller/user_driver_licenses_controller.php
+++ b/includes/controller/user_driver_licenses_controller.php
@@ -74,11 +74,11 @@ function user_driver_license_edit_link($user = null)
 function user_driver_license_load_user()
 {
     global $user;
-
+    $request = request();
     $user_source = $user;
 
-    if (isset($_REQUEST['user_id'])) {
-        $user_source = User($_REQUEST['user_id']);
+    if ($request->has('user_id')) {
+        $user_source = User($request->input('user_id'));
         if ($user_source == null) {
             redirect(user_driver_license_edit_link());
         }
@@ -95,7 +95,7 @@ function user_driver_license_load_user()
 function user_driver_license_edit_controller()
 {
     global $privileges, $user;
-
+    $request = request();
     $user_source = user_driver_license_load_user();
 
     // only privilege admin_user can edit other users driver license information
@@ -111,15 +111,15 @@ function user_driver_license_edit_controller()
         $wants_to_drive = true;
     }
 
-    if (isset($_REQUEST['submit'])) {
-        $wants_to_drive = isset($_REQUEST['wants_to_drive']);
+    if ($request->has('submit')) {
+        $wants_to_drive = $request->has('wants_to_drive');
         if ($wants_to_drive) {
-            $user_driver_license['has_car'] = isset($_REQUEST['has_car']);
-            $user_driver_license['has_license_car'] = isset($_REQUEST['has_license_car']);
-            $user_driver_license['has_license_3_5t_transporter'] = isset($_REQUEST['has_license_3_5t_transporter']);
-            $user_driver_license['has_license_7_5t_truck'] = isset($_REQUEST['has_license_7_5t_truck']);
-            $user_driver_license['has_license_12_5t_truck'] = isset($_REQUEST['has_license_12_5t_truck']);
-            $user_driver_license['has_license_forklift'] = isset($_REQUEST['has_license_forklift']);
+            $user_driver_license['has_car'] = $request->has('has_car');
+            $user_driver_license['has_license_car'] = $request->has('has_license_car');
+            $user_driver_license['has_license_3_5t_transporter'] = $request->has('has_license_3_5t_transporter');
+            $user_driver_license['has_license_7_5t_truck'] = $request->has('has_license_7_5t_truck');
+            $user_driver_license['has_license_12_5t_truck'] = $request->has('has_license_12_5t_truck');
+            $user_driver_license['has_license_forklift'] = $request->has('has_license_forklift');
 
             if (UserDriverLicense_valid($user_driver_license)) {
                 if ($user_driver_license['user_id'] == null) {
diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php
index 84b6bbda..96e2c81b 100644
--- a/includes/controller/users_controller.php
+++ b/includes/controller/users_controller.php
@@ -12,16 +12,18 @@ use Engelsystem\ShiftsFilter;
 function users_controller()
 {
     global $user;
+    $request = request();
 
     if (!isset($user)) {
         redirect(page_link_to(''));
     }
 
-    if (!isset($_REQUEST['action'])) {
-        $_REQUEST['action'] = 'list';
+    $action = 'list';
+    if ($request->has('action')) {
+        $action = $request->input('action');
     }
 
-    switch ($_REQUEST['action']) {
+    switch ($action) {
         case 'view':
             return user_controller();
         case 'delete':
@@ -42,9 +44,10 @@ function users_controller()
 function user_delete_controller()
 {
     global $privileges, $user;
+    $request = request();
 
-    if (isset($_REQUEST['user_id'])) {
-        $user_source = User($_REQUEST['user_id']);
+    if ($request->has('user_id')) {
+        $user_source = User($request->get('user_id'));
     } else {
         $user_source = $user;
     }
@@ -59,11 +62,14 @@ function user_delete_controller()
         redirect(user_link($user));
     }
 
-    if (isset($_REQUEST['submit'])) {
+    if ($request->has('submit')) {
         $valid = true;
 
-        if (!(isset($_REQUEST['password']) && verify_password($_REQUEST['password'], $user['Passwort'],
-                $user['UID']))
+        if (
+        !(
+            $request->has('password')
+            && verify_password($request->input('password'), $user['Passwort'], $user['UID'])
+        )
         ) {
             $valid = false;
             error(_('Your password is incorrect.  Please try it again.'));
@@ -130,9 +136,10 @@ function user_link($user)
 function user_edit_vouchers_controller()
 {
     global $privileges, $user;
+    $request = request();
 
-    if (isset($_REQUEST['user_id'])) {
-        $user_source = User($_REQUEST['user_id']);
+    if ($request->has('user_id')) {
+        $user_source = User($request->input('user_id'));
     } else {
         $user_source = $user;
     }
@@ -141,12 +148,16 @@ function user_edit_vouchers_controller()
         redirect(page_link_to(''));
     }
 
-    if (isset($_REQUEST['submit'])) {
+    if ($request->has('submit')) {
         $valid = true;
 
         $vouchers = '';
-        if (isset($_REQUEST['vouchers']) && test_request_int('vouchers') && trim($_REQUEST['vouchers']) >= 0) {
-            $vouchers = trim($_REQUEST['vouchers']);
+        if (
+            $request->has('vouchers')
+            && test_request_int('vouchers')
+            && trim($request->input('vouchers')) >= 0
+        ) {
+            $vouchers = trim($request->input('vouchers'));
         } else {
             $valid = false;
             error(_('Please enter a valid number of vouchers.'));
@@ -180,10 +191,11 @@ function user_edit_vouchers_controller()
 function user_controller()
 {
     global $privileges, $user;
+    $request = request();
 
     $user_source = $user;
-    if (isset($_REQUEST['user_id'])) {
-        $user_source = User($_REQUEST['user_id']);
+    if ($request->has('user_id')) {
+        $user_source = User($request->input('user_id'));
         if ($user_source == null) {
             error(_('User not found.'));
             redirect('?');
@@ -241,14 +253,15 @@ function user_controller()
 function users_list_controller()
 {
     global $privileges;
+    $request = request();
 
     if (!in_array('admin_user', $privileges)) {
         redirect(page_link_to(''));
     }
 
     $order_by = 'Nick';
-    if (isset($_REQUEST['OrderBy']) && in_array($_REQUEST['OrderBy'], User_sortable_columns())) {
-        $order_by = $_REQUEST['OrderBy'];
+    if ($request->has('OrderBy') && in_array($request->input('OrderBy'), User_sortable_columns())) {
+        $order_by = $request->input('OrderBy');
     }
 
     $users = Users($order_by);
@@ -282,20 +295,21 @@ function users_list_controller()
  */
 function user_password_recovery_set_new_controller()
 {
-    $user_source = User_by_password_recovery_token($_REQUEST['token']);
+    $request = request();
+    $user_source = User_by_password_recovery_token($request->input('token'));
     if ($user_source == null) {
         error(_('Token is not correct.'));
         redirect(page_link_to('login'));
     }
 
-    if (isset($_REQUEST['submit'])) {
+    if ($request->has('submit')) {
         $valid = true;
 
         if (
-            isset($_REQUEST['password'])
-            && strlen($_REQUEST['password']) >= config('min_password_length')
+            $request->has('password')
+            && strlen($request->post('password')) >= config('min_password_length')
         ) {
-            if ($_REQUEST['password'] != $_REQUEST['password2']) {
+            if ($request->post('password') != $request->post('password2')) {
                 $valid = false;
                 error(_('Your passwords don\'t match.'));
             }
@@ -305,7 +319,7 @@ function user_password_recovery_set_new_controller()
         }
 
         if ($valid) {
-            set_password($user_source['UID'], $_REQUEST['password']);
+            set_password($user_source['UID'], $request->post('password'));
             success(_('Password saved.'));
             redirect(page_link_to('login'));
         }
@@ -321,10 +335,11 @@ function user_password_recovery_set_new_controller()
  */
 function user_password_recovery_start_controller()
 {
-    if (isset($_REQUEST['submit'])) {
+    $request = request();
+    if ($request->has('submit')) {
         $valid = true;
 
-        if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) {
+        if ($request->has('email') && strlen(strip_request_item('email')) > 0) {
             $email = strip_request_item('email');
             if (check_email($email)) {
                 $user_source = User_by_email($email);
@@ -367,7 +382,7 @@ function user_password_recovery_start_controller()
  */
 function user_password_recovery_controller()
 {
-    if (isset($_REQUEST['token'])) {
+    if (request()->has('token')) {
         return user_password_recovery_set_new_controller();
     }
 
@@ -391,11 +406,12 @@ function user_password_recovery_title()
  */
 function load_user()
 {
-    if (!isset($_REQUEST['user_id'])) {
+    $request = request();
+    if (!$request->has('user_id')) {
         redirect(page_link_to());
     }
 
-    $user = User($_REQUEST['user_id']);
+    $user = User($request->input('user_id'));
 
     if ($user == null) {
         error(_('User doesn\'t exist.'));
diff --git a/includes/engelsystem_provider.php b/includes/engelsystem_provider.php
index a818e4cd..edfae705 100644
--- a/includes/engelsystem_provider.php
+++ b/includes/engelsystem_provider.php
@@ -3,6 +3,7 @@
 use Engelsystem\Config\Config;
 use Engelsystem\Database\Db;
 use Engelsystem\Exceptions\Handler as ExceptionHandler;
+use Engelsystem\Http\Request;
 
 /**
  * This file includes all needed functions, connects to the db etc.
@@ -31,6 +32,13 @@ if (file_exists(__DIR__ . '/../config/config.php')) {
 date_default_timezone_set($config->get('timezone'));
 
 
+/**
+ * Initialize Request
+ */
+$request = new Request();
+$request->create();
+$request::setInstance($request);
+
 /**
  * Check for maintenance
  */
diff --git a/includes/helper/internationalization_helper.php b/includes/helper/internationalization_helper.php
index ed16de15..d2dbcdbd 100644
--- a/includes/helper/internationalization_helper.php
+++ b/includes/helper/internationalization_helper.php
@@ -26,12 +26,12 @@ function locale_short()
 function gettext_init()
 {
     $locales = config('locales');
-    $default_locale = config('default_locale');
+    $request = request();
 
-    if (isset($_REQUEST['set_locale']) && isset($locales[$_REQUEST['set_locale']])) {
-        $_SESSION['locale'] = $_REQUEST['set_locale'];
+    if ($request->has('set_locale') && isset($locales[$request->input('set_locale')])) {
+        $_SESSION['locale'] = $request->input('set_locale');
     } elseif (!isset($_SESSION['locale'])) {
-        $_SESSION['locale'] = $default_locale;
+        $_SESSION['locale'] = config('default_locale');
     }
 
     gettext_locale();
diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php
index d21afabe..2e06f90d 100644
--- a/includes/pages/admin_active.php
+++ b/includes/pages/admin_active.php
@@ -17,6 +17,7 @@ function admin_active()
 {
     $tshirt_sizes = config('tshirt_sizes');
     $shift_sum_formula = config('shift_sum_formula');
+    $request = request();
 
     $msg = '';
     $search = '';
@@ -25,16 +26,16 @@ function admin_active()
     $limit = '';
     $set_active = '';
 
-    if (isset($_REQUEST['search'])) {
+    if ($request->has('search')) {
         $search = strip_request_item('search');
     }
 
-    $show_all_shifts = isset($_REQUEST['show_all_shifts']);
+    $show_all_shifts = $request->has('show_all_shifts');
 
-    if (isset($_REQUEST['set_active'])) {
+    if ($request->has('set_active')) {
         $valid = true;
 
-        if (isset($_REQUEST['count']) && preg_match('/^\d+$/', $_REQUEST['count'])) {
+        if ($request->has('count') && preg_match('/^\d+$/', $request->input('count'))) {
             $count = strip_request_item('count');
             if ($count < $forced_count) {
                 error(sprintf(
@@ -51,7 +52,7 @@ function admin_active()
         if ($valid) {
             $limit = ' LIMIT ' . $count;
         }
-        if (isset($_REQUEST['ack'])) {
+        if ($request->has('ack')) {
             DB::update('UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0');
             $users = DB::select(sprintf('
                   SELECT
@@ -89,8 +90,8 @@ function admin_active()
         }
     }
 
-    if (isset($_REQUEST['active']) && preg_match('/^\d+$/', $_REQUEST['active'])) {
-        $user_id = $_REQUEST['active'];
+    if ($request->has('active') && preg_match('/^\d+$/', $request->input('active'))) {
+        $user_id = $request->input('active');
         $user_source = User($user_id);
         if ($user_source != null) {
             DB::update('UPDATE `User` SET `Aktiv`=1 WHERE `UID`=? LIMIT 1', [$user_id]);
@@ -99,8 +100,8 @@ function admin_active()
         } else {
             $msg = error(_('Angel not found.'), true);
         }
-    } elseif (isset($_REQUEST['not_active']) && preg_match('/^\d+$/', $_REQUEST['not_active'])) {
-        $user_id = $_REQUEST['not_active'];
+    } elseif ($request->has('not_active') && preg_match('/^\d+$/', $request->input('not_active'))) {
+        $user_id = $request->input('not_active');
         $user_source = User($user_id);
         if ($user_source != null) {
             DB::update('UPDATE `User` SET `Aktiv`=0 WHERE `UID`=? LIMIT 1', [$user_id]);
@@ -109,8 +110,8 @@ function admin_active()
         } else {
             $msg = error(_('Angel not found.'), true);
         }
-    } elseif (isset($_REQUEST['tshirt']) && preg_match('/^\d+$/', $_REQUEST['tshirt'])) {
-        $user_id = $_REQUEST['tshirt'];
+    } elseif ($request->has('tshirt') && preg_match('/^\d+$/', $request->input('tshirt'))) {
+        $user_id = $request->input('tshirt');
         $user_source = User($user_id);
         if ($user_source != null) {
             DB::update('UPDATE `User` SET `Tshirt`=1 WHERE `UID`=? LIMIT 1', [$user_id]);
@@ -119,8 +120,8 @@ function admin_active()
         } else {
             $msg = error('Angel not found.', true);
         }
-    } elseif (isset($_REQUEST['not_tshirt']) && preg_match('/^\d+$/', $_REQUEST['not_tshirt'])) {
-        $user_id = $_REQUEST['not_tshirt'];
+    } elseif ($request->has('not_tshirt') && preg_match('/^\d+$/', $request->input('not_tshirt'))) {
+        $user_id = $request->input('not_tshirt');
         $user_source = User($user_id);
         if ($user_source != null) {
             DB::update('UPDATE `User` SET `Tshirt`=0 WHERE `UID`=? LIMIT 1', [$user_id]);
diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php
index 77155dae..ebeccb8c 100644
--- a/includes/pages/admin_arrive.php
+++ b/includes/pages/admin_arrive.php
@@ -17,12 +17,14 @@ function admin_arrive()
 {
     $msg = '';
     $search = '';
-    if (isset($_REQUEST['search'])) {
+    $request = request();
+
+    if ($request->has('search')) {
         $search = strip_request_item('search');
     }
 
-    if (isset($_REQUEST['reset']) && preg_match('/^\d*$/', $_REQUEST['reset'])) {
-        $user_id = $_REQUEST['reset'];
+    if ($request->has('reset') && preg_match('/^\d*$/', $request->input('reset'))) {
+        $user_id = $request->input('reset');
         $user_source = User($user_id);
         if ($user_source != null) {
             DB::update('
@@ -37,8 +39,8 @@ function admin_arrive()
         } else {
             $msg = error(_('Angel not found.'), true);
         }
-    } elseif (isset($_REQUEST['arrived']) && preg_match('/^\d*$/', $_REQUEST['arrived'])) {
-        $user_id = $_REQUEST['arrived'];
+    } elseif ($request->has('arrived') && preg_match('/^\d*$/', $request->input('arrived'))) {
+        $user_id = $request->input('arrived');
         $user_source = User($user_id);
         if ($user_source != null) {
             DB::update('
diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php
index daaead22..ebf227a4 100644
--- a/includes/pages/admin_free.php
+++ b/includes/pages/admin_free.php
@@ -16,20 +16,20 @@ function admin_free_title()
 function admin_free()
 {
     global $privileges;
+    $request = request();
 
     $search = '';
-    if (isset($_REQUEST['search'])) {
+    if ($request->has('search')) {
         $search = strip_request_item('search');
     }
 
     $angelTypeSearch = '';
-    if (empty($_REQUEST['angeltype'])) {
-        $_REQUEST['angeltype'] = '';
-    } else {
+    $angelType = $request->input('angeltype', '');
+    if (!empty($angelType)) {
         $angelTypeSearch = ' INNER JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id` = '
-            . DB::getPdo()->quote($_REQUEST['angeltype'])
+            . DB::getPdo()->quote($angelType)
             . ' AND `UserAngelTypes`.`user_id` = `User`.`UID`';
-        if (isset($_REQUEST['confirmed_only'])) {
+        if ($request->has('confirmed_only')) {
             $angelTypeSearch .= ' AND `UserAngelTypes`.`confirm_user_id`';
         }
         $angelTypeSearch .= ') ';
@@ -105,10 +105,10 @@ function admin_free()
                     form_text('search', _('Search'), $search)
                 ]),
                 div('col-md-4', [
-                    form_select('angeltype', _('Angeltype'), $angel_types, $_REQUEST['angeltype'])
+                    form_select('angeltype', _('Angeltype'), $angel_types, $angelType)
                 ]),
                 div('col-md-2', [
-                    form_checkbox('confirmed_only', _('Only confirmed'), isset($_REQUEST['confirmed_only']))
+                    form_checkbox('confirmed_only', _('Only confirmed'), $request->has('confirmed_only'))
                 ]),
                 div('col-md-2', [
                     form_submit('submit', _('Search'))
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
index 4011ccf1..c483a79d 100644
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@@ -16,8 +16,10 @@ function admin_groups_title()
 function admin_groups()
 {
     $html = '';
+    $request = request();
     $groups = DB::select('SELECT * FROM `Groups` ORDER BY `Name`');
-    if (!isset($_REQUEST['action'])) {
+
+    if (!$request->has('action')) {
         $groups_table = [];
         foreach ($groups as $group) {
             $privileges = DB::select('
@@ -51,10 +53,10 @@ function admin_groups()
             ], $groups_table)
         ]);
     } else {
-        switch ($_REQUEST['action']) {
+        switch ($request->input('action')) {
             case 'edit':
-                if (isset($_REQUEST['id']) && preg_match('/^-\d{1,11}$/', $_REQUEST['id'])) {
-                    $group_id = $_REQUEST['id'];
+                if ($request->has('id') && preg_match('/^-\d{1,11}$/', $request->input('id'))) {
+                    $group_id = $request->input('id');
                 } else {
                     return error('Incomplete call, missing Groups ID.', true);
                 }
@@ -99,21 +101,22 @@ function admin_groups()
                 break;
 
             case 'save':
-                if (isset($_REQUEST['id']) && preg_match('/^-\d{1,11}$/', $_REQUEST['id'])) {
-                    $group_id = $_REQUEST['id'];
+                if ($request->has('id') && preg_match('/^-\d{1,11}$/', $request->input('id'))) {
+                    $group_id = $request->input('id');
                 } else {
                     return error('Incomplete call, missing Groups ID.', true);
                 }
 
                 $group = DB::select('SELECT * FROM `Groups` WHERE `UID`=? LIMIT 1', [$group_id]);
-                if (!is_array($_REQUEST['privileges'])) {
-                    $_REQUEST['privileges'] = [];
+                $privileges = $request->get('privileges');
+                if (!is_array($privileges)) {
+                    $privileges = [];
                 }
                 if (!empty($group)) {
                     $group = array_shift($group);
                     DB::delete('DELETE FROM `GroupPrivileges` WHERE `group_id`=?', [$group_id]);
                     $privilege_names = [];
-                    foreach ($_REQUEST['privileges'] as $privilege) {
+                    foreach ($privileges as $privilege) {
                         if (preg_match('/^\d{1,}$/', $privilege)) {
                             $group_privileges_source = DB::select(
                                 'SELECT `name` FROM `Privileges` WHERE `id`=? LIMIT 1',
diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php
index 7a246b4b..3cbed9f9 100644
--- a/includes/pages/admin_import.php
+++ b/includes/pages/admin_import.php
@@ -15,21 +15,21 @@ function admin_import_title()
  */
 function admin_import()
 {
-    global $rooms_import;
-    global $user;
+    global $rooms_import, $user;
     $html = '';
     $import_dir = __DIR__ . '/../../import';
+    $request = request();
 
     $step = 'input';
     if (
-        isset($_REQUEST['step'])
-        && in_array($step, [
+        $request->has('step')
+        && in_array($request->input('step'), [
             'input',
             'check',
             'import'
         ])
     ) {
-        $step = $_REQUEST['step'];
+        $step = $request->input('step');
     }
 
     if ($test_handle = @fopen($import_dir . '/tmp', 'w')) {
@@ -57,25 +57,25 @@ function admin_import()
         case 'input':
             $valid = false;
 
-            if (isset($_REQUEST['submit'])) {
+            if ($request->has('submit')) {
                 $valid = true;
 
-                if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) {
-                    $shifttype_id = $_REQUEST['shifttype_id'];
+                if ($request->has('shifttype_id') && isset($shifttypes[$request->input('shifttype_id')])) {
+                    $shifttype_id = $request->input('shifttype_id');
                 } else {
                     $valid = false;
                     error(_('Please select a shift type.'));
                 }
 
-                if (isset($_REQUEST['add_minutes_start']) && is_numeric(trim($_REQUEST['add_minutes_start']))) {
-                    $add_minutes_start = trim($_REQUEST['add_minutes_start']);
+                if ($request->has('add_minutes_start') && is_numeric(trim($request->input('add_minutes_start')))) {
+                    $add_minutes_start = trim($request->input('add_minutes_start'));
                 } else {
                     $valid = false;
                     error(_('Please enter an amount of minutes to add to a talk\'s begin.'));
                 }
 
-                if (isset($_REQUEST['add_minutes_end']) && is_numeric(trim($_REQUEST['add_minutes_end']))) {
-                    $add_minutes_end = trim($_REQUEST['add_minutes_end']);
+                if ($request->has('add_minutes_end') && is_numeric(trim($request->input('add_minutes_end')))) {
+                    $add_minutes_end = trim($request->input('add_minutes_end'));
                 } else {
                     $valid = false;
                     error(_('Please enter an amount of minutes to add to a talk\'s end.'));
@@ -133,22 +133,22 @@ function admin_import()
                 redirect(page_link_to('admin_import'));
             }
 
-            if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) {
-                $shifttype_id = $_REQUEST['shifttype_id'];
+            if ($request->has('shifttype_id') && isset($shifttypes[$request->input('shifttype_id')])) {
+                $shifttype_id = $request->input('shifttype_id');
             } else {
                 error(_('Please select a shift type.'));
                 redirect(page_link_to('admin_import'));
             }
 
-            if (isset($_REQUEST['add_minutes_start']) && is_numeric(trim($_REQUEST['add_minutes_start']))) {
-                $add_minutes_start = trim($_REQUEST['add_minutes_start']);
+            if ($request->has('add_minutes_start') && is_numeric(trim($request->input('add_minutes_start')))) {
+                $add_minutes_start = trim($request->input('add_minutes_start'));
             } else {
                 error(_('Please enter an amount of minutes to add to a talk\'s begin.'));
                 redirect(page_link_to('admin_import'));
             }
 
-            if (isset($_REQUEST['add_minutes_end']) && is_numeric(trim($_REQUEST['add_minutes_end']))) {
-                $add_minutes_end = trim($_REQUEST['add_minutes_end']);
+            if ($request->has('add_minutes_end') && is_numeric(trim($request->input(('add_minutes_end'))))) {
+                $add_minutes_end = trim($request->input('add_minutes_end'));
             } else {
                 error(_('Please enter an amount of minutes to add to a talk\'s end.'));
                 redirect(page_link_to('admin_import'));
@@ -227,22 +227,22 @@ function admin_import()
                 redirect(page_link_to('admin_import'));
             }
 
-            if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) {
-                $shifttype_id = $_REQUEST['shifttype_id'];
+            if ($request->has('shifttype_id') && isset($shifttypes[$request->input('shifttype_id')])) {
+                $shifttype_id = $request->input('shifttype_id');
             } else {
                 error(_('Please select a shift type.'));
                 redirect(page_link_to('admin_import'));
             }
 
-            if (isset($_REQUEST['add_minutes_start']) && is_numeric(trim($_REQUEST['add_minutes_start']))) {
-                $add_minutes_start = trim($_REQUEST['add_minutes_start']);
+            if ($request->has('add_minutes_start') && is_numeric(trim($request->input('add_minutes_start')))) {
+                $add_minutes_start = trim($request->input('add_minutes_start'));
             } else {
                 error(_('Please enter an amount of minutes to add to a talk\'s begin.'));
                 redirect(page_link_to('admin_import'));
             }
 
-            if (isset($_REQUEST['add_minutes_end']) && is_numeric(trim($_REQUEST['add_minutes_end']))) {
-                $add_minutes_end = trim($_REQUEST['add_minutes_end']);
+            if ($request->has('add_minutes_end') && is_numeric(trim($request->input('add_minutes_end')))) {
+                $add_minutes_end = trim($request->input('add_minutes_end'));
             } else {
                 error(_('Please enter an amount of minutes to add to a talk\'s end.'));
                 redirect(page_link_to('admin_import'));
diff --git a/includes/pages/admin_log.php b/includes/pages/admin_log.php
index 9e5e5827..03c9abb0 100644
--- a/includes/pages/admin_log.php
+++ b/includes/pages/admin_log.php
@@ -14,7 +14,7 @@ function admin_log_title()
 function admin_log()
 {
     $filter = '';
-    if (isset($_REQUEST['keyword'])) {
+    if (request()->has('keyword')) {
         $filter = strip_request_item('keyword');
     }
     $log_entries_source = LogEntries_filter($filter);
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php
index bc242831..7f8ca1ba 100644
--- a/includes/pages/admin_news.php
+++ b/includes/pages/admin_news.php
@@ -8,14 +8,15 @@ use Engelsystem\Database\DB;
 function admin_news()
 {
     global $user;
+    $request = request();
 
-    if (!isset($_GET['action'])) {
+    if (!$request->has('action')) {
         redirect(page_link_to('news'));
     }
 
     $html = '<div class="col-md-12"><h1>' . _('Edit news entry') . '</h1>' . msg();
-    if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) {
-        $news_id = $_REQUEST['id'];
+    if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) {
+        $news_id = $request->input('id');
     } else {
         return error('Incomplete call, missing News ID.', true);
     }
@@ -25,7 +26,7 @@ function admin_news()
         return error('No News found.', true);
     }
 
-    switch ($_REQUEST['action']) {
+    switch ($request->input('action')) {
         case 'edit':
             $news = array_shift($news);
             $user_source = User($news['UID']);
@@ -56,14 +57,14 @@ function admin_news()
                 ',
                 [
                     time(),
-                    $_POST["eBetreff"],
-                    $_POST["eText"],
+                    $request->post('eBetreff'),
+                    $request->post('eText'),
                     $user['UID'],
-                    isset($_POST["eTreffen"]) ? 1 : 0,
+                    $request->has('eTreffen') ? 1 : 0,
                     $news_id
                 ]
             );
-            engelsystem_log('News updated: ' . $_POST['eBetreff']);
+            engelsystem_log('News updated: ' . $request->post('eBetreff'));
             success(_('News entry updated.'));
             redirect(page_link_to('news'));
             break;
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php
index 098701e3..d05bace6 100644
--- a/includes/pages/admin_questions.php
+++ b/includes/pages/admin_questions.php
@@ -38,8 +38,9 @@ function admin_new_questions()
 function admin_questions()
 {
     global $user;
+    $request = request();
 
-    if (!isset($_REQUEST['action'])) {
+    if (!$request->has('action')) {
         $unanswered_questions_table = [];
         $questions = DB::select('SELECT * FROM `Questions` WHERE `AID` IS NULL');
         foreach ($questions as $question) {
@@ -96,10 +97,10 @@ function admin_questions()
             ], $answered_questions_table)
         ]);
     } else {
-        switch ($_REQUEST['action']) {
+        switch ($request->input('action')) {
             case 'answer':
-                if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) {
-                    $question_id = $_REQUEST['id'];
+                if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) {
+                    $question_id = $request->input('id');
                 } else {
                     return error('Incomplete call, missing Question ID.', true);
                 }
@@ -112,7 +113,7 @@ function admin_questions()
                     $answer = trim(
                         preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui",
                             '',
-                            strip_tags($_REQUEST['answer'])
+                            strip_tags($request->input('answer'))
                         ));
 
                     if ($answer != '') {
@@ -138,8 +139,8 @@ function admin_questions()
                 }
                 break;
             case 'delete':
-                if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) {
-                    $question_id = $_REQUEST['id'];
+                if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) {
+                    $question_id = $request->input('id');
                 } else {
                     return error('Incomplete call, missing Question ID.', true);
                 }
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php
index d483f99e..3045242b 100644
--- a/includes/pages/admin_rooms.php
+++ b/includes/pages/admin_rooms.php
@@ -17,6 +17,8 @@ function admin_rooms()
 {
     $rooms_source = DB::select('SELECT * FROM `Room` ORDER BY `Name`');
     $rooms = [];
+    $request = request();
+
     foreach ($rooms_source as $room) {
         $rooms[] = [
             'name'           => Room_name_render($room),
@@ -30,7 +32,7 @@ function admin_rooms()
     }
     $room = null;
 
-    if (isset($_REQUEST['show'])) {
+    if ($request->has('show')) {
         $msg = '';
         $name = '';
         $from_pentabarf = '';
@@ -47,7 +49,7 @@ function admin_rooms()
         }
 
         if (test_request_int('id')) {
-            $room = Room($_REQUEST['id'], false);
+            $room = Room($request->input('id'), false);
             if ($room === false) {
                 engelsystem_error('Unable to load room.');
             }
@@ -55,7 +57,7 @@ function admin_rooms()
                 redirect(page_link_to('admin_rooms'));
             }
 
-            $room_id = $_REQUEST['id'];
+            $room_id = $request->input('id');
             $name = $room['Name'];
             $from_pentabarf = $room['FromPentabarf'];
             $public = $room['show'];
@@ -70,11 +72,11 @@ function admin_rooms()
             }
         }
 
-        if ($_REQUEST['show'] == 'edit') {
-            if (isset($_REQUEST['submit'])) {
+        if ($request->input('show') == 'edit') {
+            if ($request->has('submit')) {
                 $valid = true;
 
-                if (isset($_REQUEST['name']) && strlen(strip_request_item('name')) > 0) {
+                if ($request->has('name') && strlen(strip_request_item('name')) > 0) {
                     $name = strip_request_item('name');
                     if (
                         isset($room)
@@ -91,19 +93,17 @@ function admin_rooms()
                     $msg .= error(_('Please enter a name.'), true);
                 }
 
-                if (isset($_REQUEST['from_pentabarf'])) {
+                $from_pentabarf = '';
+                if ($request->has('from_pentabarf')) {
                     $from_pentabarf = 'Y';
-                } else {
-                    $from_pentabarf = '';
                 }
 
-                if (isset($_REQUEST['public'])) {
+                $public = '';
+                if ($request->has('public')) {
                     $public = 'Y';
-                } else {
-                    $public = '';
                 }
 
-                if (isset($_REQUEST['number'])) {
+                if ($request->has('number')) {
                     $number = strip_request_item('number');
                 } else {
                     $valid = false;
@@ -111,10 +111,10 @@ function admin_rooms()
 
                 foreach ($angeltypes as $angeltype_id => $angeltype) {
                     if (
-                        isset($_REQUEST['angeltype_count_' . $angeltype_id])
-                        && preg_match('/^\d{1,4}$/', $_REQUEST['angeltype_count_' . $angeltype_id])
+                        $request->has('angeltype_count_' . $angeltype_id)
+                        && preg_match('/^\d{1,4}$/', $request->input('angeltype_count_' . $angeltype_id))
                     ) {
-                        $angeltypes_count[$angeltype_id] = $_REQUEST['angeltype_count_' . $angeltype_id];
+                        $angeltypes_count[$angeltype_id] = $request->input('angeltype_count_' . $angeltype_id);
                     } else {
                         $valid = false;
                         $msg .= error(sprintf(_('Please enter needed angels for type %s.'), $angeltype), true);
@@ -209,8 +209,8 @@ function admin_rooms()
                     form_submit('submit', _('Save'))
                 ])
             ]);
-        } elseif ($_REQUEST['show'] == 'delete') {
-            if (isset($_REQUEST['ack'])) {
+        } elseif ($request->input('show') == 'delete') {
+            if ($request->has('ack')) {
                 if (!Room_delete($room_id)) {
                     engelsystem_error('Unable to delete room.');
                 }
diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php
index 06071233..5b53f9cd 100644
--- a/includes/pages/admin_shifts.php
+++ b/includes/pages/admin_shifts.php
@@ -18,7 +18,7 @@ function admin_shifts_title()
 function admin_shifts()
 {
     $valid = true;
-
+    $request = request();
     $start = parse_date('Y-m-d H:i', date('Y-m-d') . ' 00:00');
     $end = $start;
     $mode = 'single';
@@ -52,14 +52,14 @@ function admin_shifts()
         $shifttypes[$shifttype['id']] = $shifttype['name'];
     }
 
-    if (isset($_REQUEST['preview']) || isset($_REQUEST['back'])) {
-        if (isset($_REQUEST['shifttype_id'])) {
-            $shifttype = ShiftType($_REQUEST['shifttype_id']);
+    if ($request->has('preview') || $request->has('back')) {
+        if ($request->has('shifttype_id')) {
+            $shifttype = ShiftType($request->input('shifttype_id'));
             if ($shifttype == null) {
                 $valid = false;
                 error(_('Please select a shift type.'));
             } else {
-                $shifttype_id = $_REQUEST['shifttype_id'];
+                $shifttype_id = $request->input('shifttype_id');
             }
         } else {
             $valid = false;
@@ -71,25 +71,25 @@ function admin_shifts()
 
         // Auswahl der sichtbaren Locations für die Schichten
         if (
-            isset($_REQUEST['rid'])
-            && preg_match('/^\d+$/', $_REQUEST['rid'])
-            && isset($room_array[$_REQUEST['rid']])
+            $request->has('rid')
+            && preg_match('/^\d+$/', $request->input('rid'))
+            && isset($room_array[$request->input('rid')])
         ) {
-            $rid = $_REQUEST['rid'];
+            $rid = $request->input('rid');
         } else {
             $valid = false;
             $rid = $rooms[0]['RID'];
             error(_('Please select a location.'));
         }
 
-        if (isset($_REQUEST['start']) && $tmp = parse_date('Y-m-d H:i', $_REQUEST['start'])) {
+        if ($request->has('start') && $tmp = parse_date('Y-m-d H:i', $request->input('start'))) {
             $start = $tmp;
         } else {
             $valid = false;
             error(_('Please select a start time.'));
         }
 
-        if (isset($_REQUEST['end']) && $tmp = parse_date('Y-m-d H:i', $_REQUEST['end'])) {
+        if ($request->has('end') && $tmp = parse_date('Y-m-d H:i', $request->input('end'))) {
             $end = $tmp;
         } else {
             $valid = false;
@@ -101,24 +101,24 @@ function admin_shifts()
             error(_('The shifts end has to be after its start.'));
         }
 
-        if (isset($_REQUEST['mode'])) {
-            if ($_REQUEST['mode'] == 'single') {
+        if ($request->has('mode')) {
+            if ($request->input('mode') == 'single') {
                 $mode = 'single';
-            } elseif ($_REQUEST['mode'] == 'multi') {
-                if (isset($_REQUEST['length']) && preg_match('/^\d+$/', trim($_REQUEST['length']))) {
+            } elseif ($request->input('mode') == 'multi') {
+                if ($request->has('length') && preg_match('/^\d+$/', trim($request->input('length')))) {
                     $mode = 'multi';
-                    $length = trim($_REQUEST['length']);
+                    $length = trim($request->input('length'));
                 } else {
                     $valid = false;
                     error(_('Please enter a shift duration in minutes.'));
                 }
-            } elseif ($_REQUEST['mode'] == 'variable') {
+            } elseif ($request->input('mode') == 'variable') {
                 if (
-                    isset($_REQUEST['change_hours'])
-                    && preg_match('/^(\d{2}(,|$))/', trim(str_replace(' ', '', $_REQUEST['change_hours'])))
+                    $request->has('change_hours')
+                    && preg_match('/^(\d{2}(,|$))/', trim(str_replace(' ', '', $request->input('change_hours'))))
                 ) {
                     $mode = 'variable';
-                    $change_hours = array_map('trim', explode(',', $_REQUEST['change_hours']));
+                    $change_hours = array_map('trim', explode(',', $request->input('change_hours')));
                 } else {
                     $valid = false;
                     error(_('Please split the shift-change hours by colons.'));
@@ -129,17 +129,17 @@ function admin_shifts()
             error(_('Please select a mode.'));
         }
 
-        if (isset($_REQUEST['angelmode'])) {
-            if ($_REQUEST['angelmode'] == 'location') {
+        if ($request->has('angelmode')) {
+            if ($request->input('angelmode') == 'location') {
                 $angelmode = 'location';
-            } elseif ($_REQUEST['angelmode'] == 'manually') {
+            } elseif ($request->input('angelmode') == 'manually') {
                 $angelmode = 'manually';
                 foreach ($types as $type) {
                     if (
-                        isset($_REQUEST['type_' . $type['id']])
-                        && preg_match('/^\d+$/', trim($_REQUEST['type_' . $type['id']]))
+                        $request->has('type_' . $type['id'])
+                        && preg_match('/^\d+$/', trim($request->input('type_' . $type['id'])))
                     ) {
-                        $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]);
+                        $needed_angel_types[$type['id']] = trim($request->input('type_' . $type['id']));
                     } else {
                         $valid = false;
                         error(sprintf(_('Please check the needed angels for team %s.'), $type['name']));
@@ -159,7 +159,7 @@ function admin_shifts()
         }
 
         // Beim Zurück-Knopf das Formular zeigen
-        if (isset($_REQUEST['back'])) {
+        if ($request->has('back')) {
             $valid = false;
         }
 
@@ -304,9 +304,9 @@ function admin_shifts()
                 ])
             ]);
         }
-    } elseif (isset($_REQUEST['submit'])) {
+    } elseif ($request->has('submit')) {
         if (
-            !isset($_SESSION['admin_shifts_shifts'])
+            !$request->has('admin_shifts_shifts')
             || !isset($_SESSION['admin_shifts_types'])
             || !is_array($_SESSION['admin_shifts_shifts'])
             || !is_array($_SESSION['admin_shifts_types'])
@@ -360,8 +360,9 @@ function admin_shifts()
         unset($_SESSION['admin_shifts_types']);
     }
 
-    if (!isset($_REQUEST['rid'])) {
-        $_REQUEST['rid'] = null;
+    $rid = null;
+    if ($request->has('rid')) {
+        $rid = $request->input('rid');
     }
     $angel_types = '';
     foreach ($types as $type) {
@@ -378,7 +379,7 @@ function admin_shifts()
         form([
             form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id),
             form_text('title', _('Title'), $title),
-            form_select('rid', _('Room'), $room_array, $_REQUEST['rid']),
+            form_select('rid', _('Room'), $room_array, $rid),
             div('row', [
                 div('col-md-6', [
                     form_text('start', _('Start'), date('Y-m-d H:i', $start)),
@@ -386,7 +387,7 @@ function admin_shifts()
                     form_info(_('Mode'), ''),
                     form_radio('mode', _('Create one shift'), $mode == 'single', 'single'),
                     form_radio('mode', _('Create multiple shifts'), $mode == 'multi', 'multi'),
-                    form_text('length', _('Length'), !empty($_REQUEST['length']) ? $_REQUEST['length'] : '120'),
+                    form_text('length', _('Length'), $request->has('length') ? $request->input('length') : '120'),
                     form_radio(
                         'mode',
                         _('Create multiple shifts with variable length'),
@@ -396,7 +397,7 @@ function admin_shifts()
                     form_text(
                         'change_hours',
                         _('Shift change hours'),
-                        !empty($_REQUEST['change_hours']) ? $_REQUEST['change_hours'] : '00, 04, 08, 10, 12, 14, 16, 18, 20, 22'
+                        $request->has('change_hours') ? $request->input('input') : '00, 04, 08, 10, 12, 14, 16, 18, 20, 22'
                     )
                 ]),
                 div('col-md-6', [
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 8f833087..510e2292 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -17,6 +17,7 @@ function admin_user()
 {
     global $user, $privileges;
     $tshirt_sizes = config('tshirt_sizes');
+    $request = request();
 
     foreach ($tshirt_sizes as $key => $size) {
         if (empty($size)) {
@@ -26,12 +27,12 @@ function admin_user()
 
     $html = '';
 
-    if (!isset($_REQUEST['id'])) {
+    if (!$request->has('id')) {
         redirect(users_link());
     }
 
-    $user_id = $_REQUEST['id'];
-    if (!isset($_REQUEST['action'])) {
+    $user_id = $request->input('id');
+    if (!$request->has('action')) {
         $user_source = User($user_id);
         if ($user_source == null) {
             error(_('This user does not exist.'));
@@ -171,7 +172,7 @@ function admin_user()
 
         $html .= "<hr />";
     } else {
-        switch ($_REQUEST['action']) {
+        switch ($request->input('action')) {
             case 'save_groups':
                 if ($user_id != $user['UID']) {
                     $my_highest_group = DB::select(
@@ -212,13 +213,14 @@ function admin_user()
                             $grouplist[] = $group['UID'];
                         }
 
-                        if (!is_array($_REQUEST['groups'])) {
-                            $_REQUEST['groups'] = [];
+                        $groupsRequest = $request->input('groups');
+                        if (!is_array($groupsRequest)) {
+                            $groupsRequest = [];
                         }
 
                         DB::delete('DELETE FROM `UserGroups` WHERE `uid`=?', [$user_id]);
                         $user_groups_info = [];
-                        foreach ($_REQUEST['groups'] as $group) {
+                        foreach ($groupsRequest as $group) {
                             if (in_array($group, $grouplist)) {
                                 DB::insert(
                                     'INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, ?)',
@@ -244,7 +246,7 @@ function admin_user()
                 $force_active = $user['force_active'];
                 $user_source = User($user_id);
                 if (in_array('admin_active', $privileges)) {
-                    $force_active = $_REQUEST['force_active'];
+                    $force_active = $request->input('force_active');
                 }
                 $sql = '
                     UPDATE `User` SET
@@ -255,7 +257,7 @@ function admin_user()
                       `Handy` = ?,
                       `Alter` =?,
                       `DECT` = ?,
-                      ' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($_POST["eemail"]) . ',' : '') . '
+                      ' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($request->post('eemail')) . ',' : '') . '
                       `jabber` = ?,
                       `Size` = ?,
                       `Gekommen`= ?,
@@ -266,34 +268,34 @@ function admin_user()
                       WHERE `UID` = ?
                       LIMIT 1';
                 DB::update($sql, [
-                    $_POST['eNick'],
-                    $_POST['eName'],
-                    $_POST['eVorname'],
-                    $_POST['eTelefon'],
-                    $_POST['eHandy'],
-                    $_POST['eAlter'],
-                    $_POST['eDECT'],
-                    $_POST['ejabber'],
-                    $_POST['eSize'],
-                    $_POST['eGekommen'],
-                    $_POST['eAktiv'],
+                    $request->post('eNick'),
+                    $request->post('eName'),
+                    $request->post('eVorname'),
+                    $request->post('eTelefon'),
+                    $request->post('eHandy'),
+                    $request->post('eAlter'),
+                    $request->post('eDECT'),
+                    $request->post('ejabber'),
+                    $request->post('eSize'),
+                    $request->post('eGekommen'),
+                    $request->post('eAktiv'),
                     $force_active,
-                    $_POST['eTshirt'],
-                    $_POST['Hometown'],
+                    $request->post('eTshirt'),
+                    $request->post('Hometown'),
                     $user_id,
                 ]);
                 engelsystem_log(
-                    'Updated user: ' . $_POST['eNick'] . ', ' . $_POST['eSize']
-                    . ', arrived: ' . $_POST['eGekommen']
-                    . ', active: ' . $_POST['eAktiv']
-                    . ', tshirt: ' . $_POST['eTshirt']
+                    'Updated user: ' . $request->post('eNick') . ', ' . $request->post('eSize')
+                    . ', arrived: ' . $request->post('eVorname')
+                    . ', active: ' . $request->post('eAktiv')
+                    . ', tshirt: ' . $request->post('eTshirt')
                 );
                 $html .= success('Änderung wurde gespeichert...' . "\n", true);
                 break;
 
             case 'change_pw':
-                if ($_REQUEST['new_pw'] != '' && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
-                    set_password($user_id, $_REQUEST['new_pw']);
+                if ($request->post('new_pw') != '' && $request->post('new_pw') == $request->post('new_pw2')) {
+                    set_password($user_id, $request->post('new_pw'));
                     $user_source = User($user_id);
                     engelsystem_log('Set new password for ' . User_Nick_render($user_source));
                     $html .= success('Passwort neu gesetzt.', true);
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index 99970a01..858ced80 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -38,6 +38,7 @@ function guest_register()
     $enable_tshirt_size = config('enable_tshirt_size');
     $min_password_length = config('min_password_length');
     $event_config = EventConfig();
+    $request = request();
 
     $msg = '';
     $nick = '';
@@ -73,11 +74,11 @@ function guest_register()
         }
     }
 
-    if (isset($_REQUEST['submit'])) {
+    if ($request->has('submit')) {
         $valid = true;
 
-        if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) {
-            $nick = User_validate_Nick($_REQUEST['nick']);
+        if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 1) {
+            $nick = User_validate_Nick($request->input('nick'));
             if (count(DB::select('SELECT `UID` FROM `User` WHERE `Nick`=? LIMIT 1', [$nick])) > 0) {
                 $valid = false;
                 $msg .= error(sprintf(_('Your nick &quot;%s&quot; already exists.'), $nick), true);
@@ -86,11 +87,11 @@ function guest_register()
             $valid = false;
             $msg .= error(sprintf(
                 _('Your nick &quot;%s&quot; is too short (min. 2 characters).'),
-                User_validate_Nick($_REQUEST['nick'])
+                User_validate_Nick($request->input('nick'))
             ), true);
         }
 
-        if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
+        if ($request->has('mail') && strlen(strip_request_item('mail')) > 0) {
             $mail = strip_request_item('mail');
             if (!check_email($mail)) {
                 $valid = false;
@@ -101,15 +102,15 @@ function guest_register()
             $msg .= error(_('Please enter your e-mail.'), true);
         }
 
-        if (isset($_REQUEST['email_shiftinfo'])) {
+        if ($request->has('email_shiftinfo')) {
             $email_shiftinfo = true;
         }
 
-        if (isset($_REQUEST['email_by_human_allowed'])) {
+        if ($request->has('email_by_human_allowed')) {
             $email_by_human_allowed = true;
         }
 
-        if (isset($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) {
+        if ($request->has('jabber') && strlen(strip_request_item('jabber')) > 0) {
             $jabber = strip_request_item('jabber');
             if (!check_email($jabber)) {
                 $valid = false;
@@ -118,16 +119,16 @@ function guest_register()
         }
 
         if ($enable_tshirt_size) {
-            if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']]) && $_REQUEST['tshirt_size'] != '') {
-                $tshirt_size = $_REQUEST['tshirt_size'];
+            if ($request->has('tshirt_size') && isset($tshirt_sizes[$request->input('tshirt_size')])) {
+                $tshirt_size = $request->input('tshirt_size');
             } else {
                 $valid = false;
                 $msg .= error(_('Please select your shirt size.'), true);
             }
         }
 
-        if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) {
-            if ($_REQUEST['password'] != $_REQUEST['password2']) {
+        if ($request->has('password') && strlen($request->post('password')) >= $min_password_length) {
+            if ($request->post('password') != $request->post('password2')) {
                 $valid = false;
                 $msg .= error(_('Your passwords don\'t match.'), true);
             }
@@ -139,8 +140,8 @@ function guest_register()
             ), true);
         }
 
-        if (isset($_REQUEST['planned_arrival_date'])) {
-            $tmp = parse_date('Y-m-d H:i', $_REQUEST['planned_arrival_date'] . ' 00:00');
+        if ($request->has('planned_arrival_date')) {
+            $tmp = parse_date('Y-m-d H:i', $request->input('planned_arrival_date') . ' 00:00');
             $result = User_validate_planned_arrival_date($tmp);
             $planned_arrival_date = $result->getValue();
             if (!$result->isValid()) {
@@ -151,34 +152,34 @@ function guest_register()
 
         $selected_angel_types = [];
         foreach (array_keys($angel_types) as $angel_type_id) {
-            if (isset($_REQUEST['angel_types_' . $angel_type_id])) {
+            if ($request->has('angel_types_' . $angel_type_id)) {
                 $selected_angel_types[] = $angel_type_id;
             }
         }
 
         // Trivia
-        if (isset($_REQUEST['lastname'])) {
+        if ($request->has('lastname')) {
             $lastName = strip_request_item('lastname');
         }
-        if (isset($_REQUEST['prename'])) {
+        if ($request->has('prename')) {
             $preName = strip_request_item('prename');
         }
-        if (isset($_REQUEST['age']) && preg_match('/^\d{0,4}$/', $_REQUEST['age'])) {
+        if ($request->has('age') && preg_match('/^\d{0,4}$/', $request->input('age'))) {
             $age = strip_request_item('age');
         }
-        if (isset($_REQUEST['tel'])) {
+        if ($request->has('tel')) {
             $tel = strip_request_item('tel');
         }
-        if (isset($_REQUEST['dect'])) {
+        if ($request->has('dect')) {
             $dect = strip_request_item('dect');
         }
-        if (isset($_REQUEST['mobile'])) {
+        if ($request->has('mobile')) {
             $mobile = strip_request_item('mobile');
         }
-        if (isset($_REQUEST['hometown'])) {
+        if ($request->has('hometown')) {
             $hometown = strip_request_item('hometown');
         }
-        if (isset($_REQUEST['comment'])) {
+        if ($request->has('comment')) {
             $comment = strip_request_item_nl('comment');
         }
 
@@ -233,7 +234,7 @@ function guest_register()
             // Assign user-group and set password
             $user_id = DB::getPdo()->lastInsertId();
             DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -2)', [$user_id]);
-            set_password($user_id, $_REQUEST['password']);
+            set_password($user_id, $request->post('password'));
 
             // Assign angel-types
             $user_angel_types_info = [];
@@ -391,18 +392,18 @@ function guest_logout()
 function guest_login()
 {
     $nick = '';
-
+    $request = request();
     unset($_SESSION['uid']);
     $valid = true;
 
-    if (isset($_REQUEST['submit'])) {
-        if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 0) {
-            $nick = User_validate_Nick($_REQUEST['nick']);
+    if ($request->has('submit')) {
+        if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 0) {
+            $nick = User_validate_Nick($request->input('nick'));
             $login_user = DB::select('SELECT * FROM `User` WHERE `Nick`=?', [$nick]);
             if (count($login_user) > 0) {
                 $login_user = $login_user[0];
-                if (isset($_REQUEST['password'])) {
-                    if (!verify_password($_REQUEST['password'], $login_user['Passwort'], $login_user['UID'])) {
+                if ($request->has('password')) {
+                    if (!verify_password($request->post('password'), $login_user['Passwort'], $login_user['UID'])) {
                         $valid = false;
                         error(_('Your password is incorrect.  Please try it again.'));
                     }
@@ -487,6 +488,6 @@ function get_register_hint()
         ]);
     }
 
-    //FIXME: return error(_('Registration is disabled.'), true);
+    //@TODO: FIXME: return error(_('Registration is disabled.'), true);
     return error('Registration is <a href="https://engelsystem.de/33c3/overwhelmed.html">disabled</a>.', true);
 }
diff --git a/includes/pages/guest_stats.php b/includes/pages/guest_stats.php
index 6b6f0572..8aa6f740 100644
--- a/includes/pages/guest_stats.php
+++ b/includes/pages/guest_stats.php
@@ -5,9 +5,10 @@ use Engelsystem\Database\DB;
 function guest_stats()
 {
     $apiKey = config('api_key');
+    $request = request();
 
-    if (isset($_REQUEST['api_key'])) {
-        if ($_REQUEST['api_key'] == $apiKey && !empty($apiKey)) {
+    if ($request->has('api_key')) {
+        if (!empty($apiKey) && $request->input('api_key') == $apiKey) {
             $stats = [];
 
             list($user_count) = DB::select('SELECT count(*) AS `user_count` FROM `User`');
diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php
index d7c77d52..a1e2580a 100644
--- a/includes/pages/user_atom.php
+++ b/includes/pages/user_atom.php
@@ -3,16 +3,17 @@
 use Engelsystem\Database\DB;
 
 /**
- * Publically available page to feed the news to feedreaders
+ * Publically available page to feed the news to feed readers
  */
 function user_atom()
 {
     global $user;
+    $request = request();
 
-    if (!isset($_REQUEST['key']) || !preg_match('/^[\da-f]{32}$/', $_REQUEST['key'])) {
+    if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) {
         engelsystem_error('Missing key.');
     }
-    $key = $_REQUEST['key'];
+    $key = $request->input('key');
 
     $user = User_by_api_key($key);
     if ($user == null) {
@@ -25,7 +26,7 @@ function user_atom()
     $news = DB::select('
         SELECT *
         FROM `News`
-        ' . (empty($_REQUEST['meetings']) ? '' : 'WHERE `Treffen` = 1 ') . '
+        ' . (!$request->has('meetings') ? '' : 'WHERE `Treffen` = 1 ') . '
         ORDER BY `ID`
         DESC LIMIT ' . (int)config('display_news')
     );
diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php
index ce474a9e..8d22c4eb 100644
--- a/includes/pages/user_ical.php
+++ b/includes/pages/user_ical.php
@@ -6,11 +6,12 @@
 function user_ical()
 {
     global $user;
+    $request = request();
 
-    if (!isset($_REQUEST['key']) || !preg_match('/^[\da-f]{32}$/', $_REQUEST['key'])) {
+    if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) {
         engelsystem_error('Missing key.');
     }
-    $key = $_REQUEST['key'];
+    $key = $request->input('key');
 
     $user = User_by_api_key($key);
     if ($user == null) {
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index dd22cd66..a811970d 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -35,8 +35,9 @@ function user_unread_messages()
 function user_messages()
 {
     global $user;
+    $request = request();
 
-    if (!isset($_REQUEST['action'])) {
+    if (!$request->has('action')) {
         $users = DB::select(
             'SELECT `UID`, `Nick` FROM `User` WHERE NOT `UID`=? ORDER BY `Nick`',
             [$user['UID']]
@@ -121,10 +122,10 @@ function user_messages()
             ], page_link_to('user_messages') . '&action=send')
         ]);
     } else {
-        switch ($_REQUEST['action']) {
+        switch ($request->input('action')) {
             case 'read':
-                if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) {
-                    $message_id = $_REQUEST['id'];
+                if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) {
+                    $message_id = $request->input('id');
                 } else {
                     return error(_('Incomplete call, missing Message ID.'), true);
                 }
@@ -145,8 +146,8 @@ function user_messages()
                 break;
 
             case 'delete':
-                if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) {
-                    $message_id = $_REQUEST['id'];
+                if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) {
+                    $message_id = $request->input('id');
                 } else {
                     return error(_('Incomplete call, missing Message ID.'), true);
                 }
@@ -164,7 +165,8 @@ function user_messages()
                 break;
 
             case 'send':
-                if (Message_send($_REQUEST['to'], $_REQUEST['text'])) {
+                // @TODO: Validation?
+                if (Message_send($request->input('to'), $request->input('text'))) {
                     redirect(page_link_to('user_messages'));
                 } else {
                     return error(_('Transmitting was terminated with an Error.'), true);
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index 6048093a..14b5b8ee 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -18,14 +18,15 @@ function myshifts_title()
 function user_myshifts()
 {
     global $user, $privileges;
+    $request = request();
 
     if (
-        isset($_REQUEST['id'])
+        $request->has('id')
         && in_array('user_shifts_admin', $privileges)
-        && preg_match('/^\d{1,}$/', $_REQUEST['id'])
-        && count(DB::select('SELECT `UID` FROM `User` WHERE `UID`=?', [$_REQUEST['id']])) > 0
+        && preg_match('/^\d{1,}$/', $request->input('id'))
+        && count(DB::select('SELECT `UID` FROM `User` WHERE `UID`=?', [$request->input('id')])) > 0
     ) {
-        $user_id = $_REQUEST['id'];
+        $user_id = $request->input('id');
     } else {
         $user_id = $user['UID'];
     }
@@ -33,8 +34,8 @@ function user_myshifts()
     $shifts_user = DB::select('SELECT * FROM `User` WHERE `UID`=? LIMIT 1', [$user_id]);
     $shifts_user = array_shift($shifts_user);
 
-    if (isset($_REQUEST['reset'])) {
-        if ($_REQUEST['reset'] == 'ack') {
+    if ($request->has('reset')) {
+        if ($request->input('reset') == 'ack') {
             User_reset_api_key($user);
             success(_('Key changed.'));
             redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']);
@@ -46,8 +47,8 @@ function user_myshifts()
             ),
             button(page_link_to('user_myshifts') . '&reset=ack', _('Continue'), 'btn-danger')
         ]);
-    } elseif (isset($_REQUEST['edit']) && preg_match('/^\d*$/', $_REQUEST['edit'])) {
-        $user_id = $_REQUEST['edit'];
+    } elseif ($request->has('edit') && preg_match('/^\d*$/', $request->input('edit'))) {
+        $user_id = $request->input('edit');
         $shift = DB::select('
                 SELECT
                     `ShiftEntry`.`freeloaded`,
@@ -77,10 +78,10 @@ function user_myshifts()
             $freeloaded = $shift['freeloaded'];
             $freeload_comment = $shift['freeload_comment'];
 
-            if (isset($_REQUEST['submit'])) {
+            if ($request->has('submit')) {
                 $valid = true;
                 if (in_array('user_shifts_admin', $privileges)) {
-                    $freeloaded = isset($_REQUEST['freeloaded']);
+                    $freeloaded = $request->has('freeloaded');
                     $freeload_comment = strip_request_item_nl('freeload_comment');
                     if ($freeloaded && $freeload_comment == '') {
                         $valid = false;
@@ -128,8 +129,8 @@ function user_myshifts()
         } else {
             redirect(page_link_to('user_myshifts'));
         }
-    } elseif (isset($_REQUEST['cancel']) && preg_match('/^\d*$/', $_REQUEST['cancel'])) {
-        $user_id = $_REQUEST['cancel'];
+    } elseif ($request->has('cancel') && preg_match('/^\d*$/', $request->input('cancel'))) {
+        $user_id = $request->input('cancel');
         $shift = DB::select('
                 SELECT *
                 FROM `Shifts`
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
index b1e337b6..9bdcb6fb 100644
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@@ -33,9 +33,10 @@ function user_meetings()
 {
     $display_news = config('display_news');
     $html = '<div class="col-md-12"><h1>' . meetings_title() . '</h1>' . msg();
+    $request = request();
 
-    if (isset($_REQUEST['page']) && preg_match('/^\d{1,}$/', $_REQUEST['page'])) {
-        $page = $_REQUEST['page'];
+    if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) {
+        $page = $request->input('page');
     } else {
         $page = 0;
     }
@@ -56,9 +57,9 @@ function user_meetings()
     $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news);
     $html .= '<div class="text-center">' . '<ul class="pagination">';
     for ($i = 0; $i < $dis_rows; $i++) {
-        if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) {
+        if ($request->has('page') && $i == $request->input('page')) {
             $html .= '<li class="active">';
-        } elseif (!isset($_REQUEST['page']) && $i == 0) {
+        } elseif (!$request->has('page') && $i == 0) {
             $html .= '<li class="active">';
         } else {
             $html .= '<li>';
@@ -116,17 +117,19 @@ function user_news_comments()
 {
     global $user;
 
+    $request = request();
+
     $html = '<div class="col-md-12"><h1>' . user_news_comments_title() . '</h1>';
     if (
-        isset($_REQUEST['nid'])
-        && preg_match('/^\d{1,}$/', $_REQUEST['nid'])
-        && count(DB::select('SELECT `ID` FROM `News` WHERE `ID`=? LIMIT 1', [$_REQUEST['nid']])) > 0
+        $request->has('nid')
+        && preg_match('/^\d{1,}$/', $request->input('nid'))
+        && count(DB::select('SELECT `ID` FROM `News` WHERE `ID`=? LIMIT 1', [$request->input('nid')])) > 0
     ) {
-        $nid = $_REQUEST['nid'];
+        $nid = $request->input('nid');
         $news = DB::select('SELECT * FROM `News` WHERE `ID`=? LIMIT 1', [$nid]);
         $news = array_shift($news);
-        if (isset($_REQUEST['text'])) {
-            $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
+        if ($request->has('text')) {
+            $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($request->input('text')));
             DB::insert('
                     INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`)
                     VALUES (?, ?, ?, ?)
@@ -179,12 +182,14 @@ function user_news()
 {
     global $privileges, $user;
     $display_news = config('display_news');
+    $request = request();
 
     $html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg();
 
-    if (isset($_POST['text']) && isset($_POST['betreff']) && in_array('admin_news', $privileges)) {
-        if (!isset($_POST['treffen']) || !in_array('admin_news', $privileges)) {
-            $_POST['treffen'] = 0;
+    $isMeeting = $request->post('treffen');
+    if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) {
+        if (!$request->has('treffen') || !in_array('admin_news', $privileges)) {
+            $isMeeting = 0;
         }
         DB::insert('
             INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`)
@@ -192,19 +197,19 @@ function user_news()
             ',
             [
                 time(),
-                $_POST['betreff'],
-                $_POST['text'],
+                $request->post('betreff'),
+                $request->post('text'),
                 $user['UID'],
-                $_POST['treffen'],
+                $isMeeting,
             ]
         );
-        engelsystem_log('Created news: ' . $_POST['betreff'] . ', treffen: ' . $_POST['treffen']);
+        engelsystem_log('Created news: ' . $_POST['betreff'] . ', treffen: ' . $isMeeting);
         success(_('Entry saved.'));
         redirect(page_link_to('news'));
     }
 
-    if (isset($_REQUEST['page']) && preg_match('/^\d{1,}$/', $_REQUEST['page'])) {
-        $page = $_REQUEST['page'];
+    if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) {
+        $page = $request->input('page');
     } else {
         $page = 0;
     }
@@ -225,9 +230,9 @@ function user_news()
     $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news);
     $html .= '<div class="text-center">' . '<ul class="pagination">';
     for ($i = 0; $i < $dis_rows; $i++) {
-        if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) {
+        if ($request->has('page') && $i == $request->input('page')) {
             $html .= '<li class="active">';
-        } elseif (!isset($_REQUEST['page']) && $i == 0) {
+        } elseif (!$request->has('page') && $i == 0) {
             $html .= '<li class="active">';
         } else {
             $html .= '<li>';
diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php
index 5cb60db3..fdf76aee 100644
--- a/includes/pages/user_questions.php
+++ b/includes/pages/user_questions.php
@@ -16,8 +16,9 @@ function questions_title()
 function user_questions()
 {
     global $user;
+    $request = request();
 
-    if (!isset($_REQUEST['action'])) {
+    if (!$request->has('action')) {
         $open_questions = DB::select(
             'SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`=?',
             [$user['UID']]
@@ -34,7 +35,7 @@ function user_questions()
 
         return Questions_view($open_questions, $answered_questions, page_link_to('user_questions') . '&action=ask');
     } else {
-        switch ($_REQUEST['action']) {
+        switch ($request->input('action')) {
             case 'ask':
                 $question = strip_request_item_nl('question');
                 if ($question != '') {
@@ -56,8 +57,8 @@ function user_questions()
                 }
                 break;
             case 'delete':
-                if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) {
-                    $question_id = $_REQUEST['id'];
+                if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) {
+                    $question_id = $request->input('id');
                 } else {
                     return error(_('Incomplete call, missing Question ID.'), true);
                 }
diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php
index a2a486f4..69e5a7fb 100644
--- a/includes/pages/user_settings.php
+++ b/includes/pages/user_settings.php
@@ -21,9 +21,10 @@ function settings_title()
 function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes)
 {
     $valid = true;
+    $request = request();
 
-    if (isset($_REQUEST['mail'])) {
-        $result = User_validate_mail($_REQUEST['mail']);
+    if ($request->has('mail')) {
+        $result = User_validate_mail($request->input('mail'));
         $user_source['email'] = $result->getValue();
         if (!$result->isValid()) {
             $valid = false;
@@ -34,11 +35,11 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes)
         error(_('Please enter your e-mail.'));
     }
 
-    $user_source['email_shiftinfo'] = isset($_REQUEST['email_shiftinfo']);
-    $user_source['email_by_human_allowed'] = isset($_REQUEST['email_by_human_allowed']);
+    $user_source['email_shiftinfo'] = $request->has('email_shiftinfo');
+    $user_source['email_by_human_allowed'] = $request->has('email_by_human_allowed');
 
-    if (isset($_REQUEST['jabber'])) {
-        $result = User_validate_jabber($_REQUEST['jabber']);
+    if ($request->has('jabber')) {
+        $result = User_validate_jabber($request->input('jabber'));
         $user_source['jabber'] = $result->getValue();
         if (!$result->isValid()) {
             $valid = false;
@@ -46,14 +47,14 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes)
         }
     }
 
-    if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']])) {
-        $user_source['Size'] = $_REQUEST['tshirt_size'];
+    if ($request->has('tshirt_size') && isset($tshirt_sizes[$request->input('tshirt_size')])) {
+        $user_source['Size'] = $request->input('tshirt_size');
     } elseif ($enable_tshirt_size) {
         $valid = false;
     }
 
-    if (isset($_REQUEST['planned_arrival_date'])) {
-        $tmp = parse_date('Y-m-d H:i', $_REQUEST['planned_arrival_date'] . ' 00:00');
+    if ($request->has('planned_arrival_date')) {
+        $tmp = parse_date('Y-m-d H:i', $request->input('planned_arrival_date') . ' 00:00');
         $result = User_validate_planned_arrival_date($tmp);
         $user_source['planned_arrival_date'] = $result->getValue();
         if (!$result->isValid()) {
@@ -62,8 +63,8 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes)
         }
     }
 
-    if (isset($_REQUEST['planned_departure_date'])) {
-        $tmp = parse_date('Y-m-d H:i', $_REQUEST['planned_departure_date'] . ' 00:00');
+    if ($request->has('planned_departure_date')) {
+        $tmp = parse_date('Y-m-d H:i', $request->input('planned_departure_date') . ' 00:00');
         $result = User_validate_planned_departure_date($user_source['planned_arrival_date'], $tmp);
         $user_source['planned_departure_date'] = $result->getValue();
         if (!$result->isValid()) {
@@ -97,16 +98,17 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes)
  */
 function user_settings_password($user_source)
 {
+    $request = request();
     if (
-        !isset($_REQUEST['password'])
-        || !verify_password($_REQUEST['password'], $user_source['Passwort'], $user_source['UID'])
+        !$request->has('password')
+        || !verify_password($request->post('password'), $user_source['Passwort'], $user_source['UID'])
     ) {
         error(_('-> not OK. Please try again.'));
-    } elseif (strlen($_REQUEST['new_password']) < config('min_password_length')) {
+    } elseif (strlen($request->post('new_password')) < config('min_password_length')) {
         error(_('Your password is to short (please use at least 6 characters).'));
-    } elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) {
+    } elseif ($request->post('new_password') != $request->post('new_password2')) {
         error(_('Your passwords don\'t match.'));
-    } elseif (set_password($user_source['UID'], $_REQUEST['new_password'])) {
+    } elseif (set_password($user_source['UID'], $request->post('new_password'))) {
         success(_('Password saved.'));
     } else {
         error(_('Failed setting password.'));
@@ -124,9 +126,10 @@ function user_settings_password($user_source)
 function user_settings_theme($user_source, $themes)
 {
     $valid = true;
+    $request = request();
 
-    if (isset($_REQUEST['theme']) && isset($themes[$_REQUEST['theme']])) {
-        $user_source['color'] = $_REQUEST['theme'];
+    if ($request->has('theme') && isset($themes[$request->input('theme')])) {
+        $user_source['color'] = $request->input('theme');
     } else {
         $valid = false;
     }
@@ -160,9 +163,10 @@ function user_settings_theme($user_source, $themes)
 function user_settings_locale($user_source, $locales)
 {
     $valid = true;
+    $request = request();
 
-    if (isset($_REQUEST['language']) && isset($locales[$_REQUEST['language']])) {
-        $user_source['Sprache'] = $_REQUEST['language'];
+    if ($request->has('language') && isset($locales[$request->input('language')])) {
+        $user_source['Sprache'] = $request->input('language');
     } else {
         $valid = false;
     }
@@ -195,6 +199,7 @@ function user_settings_locale($user_source, $locales)
 function user_settings()
 {
     global $themes, $user;
+    $request = request();
 
     $enable_tshirt_size = config('enable_tshirt_size');
     $tshirt_sizes = config('tshirt_sizes');
@@ -220,13 +225,13 @@ function user_settings()
 
     $user_source = $user;
 
-    if (isset($_REQUEST['submit'])) {
+    if ($request->has('submit')) {
         $user_source = user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes);
-    } elseif (isset($_REQUEST['submit_password'])) {
+    } elseif ($request->has('submit_password')) {
         user_settings_password($user_source);
-    } elseif (isset($_REQUEST['submit_theme'])) {
+    } elseif ($request->has('submit_theme')) {
         $user_source = user_settings_theme($user_source, $themes);
-    } elseif (isset($_REQUEST['submit_language'])) {
+    } elseif ($request->has('submit_language')) {
         $user_source = user_settings_locale($user_source, $locales);
     }
 
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index 55e49e4f..4dabdfb5 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -23,20 +23,21 @@ function shifts_title()
 function user_shifts()
 {
     global $user;
+    $request = request();
 
     if (User_is_freeloader($user)) {
         redirect(page_link_to('user_myshifts'));
     }
 
     // Löschen einzelner Schicht-Einträge (Also Belegung einer Schicht von Engeln) durch Admins
-    if (isset($_REQUEST['entry_id'])) {
+    if ($request->has('entry_id')) {
         shift_entry_delete_controller();
         return '';
-    } elseif (isset($_REQUEST['edit_shift'])) {
+    } elseif ($request->has('edit_shift')) {
         return shift_edit_controller();
-    } elseif (isset($_REQUEST['delete_shift'])) {
+    } elseif ($request->has('delete_shift')) {
         return shift_delete_controller();
-    } elseif (isset($_REQUEST['shift_id'])) {
+    } elseif ($request->has('shift_id')) {
         return shift_entry_add_controller();
     }
     return view_user_shifts();
diff --git a/includes/sys_page.php b/includes/sys_page.php
index b2199988..501106ff 100644
--- a/includes/sys_page.php
+++ b/includes/sys_page.php
@@ -18,12 +18,14 @@ function check_request_datetime($date_name, $time_name, $allowed_days, $default_
 {
     $time = date('H:i', $default_value);
     $day = date('Y-m-d', $default_value);
+    $request = request();
 
-    if (isset($_REQUEST[$time_name]) && preg_match('#^\d{1,2}:\d\d$#', trim($_REQUEST[$time_name]))) {
-        $time = trim($_REQUEST[$time_name]);
+    if ($request->has($time_name) && preg_match('#^\d{1,2}:\d\d$#', trim($request->input($time_name)))) {
+        $time = trim($request->input($time_name));
     }
-    if (isset($_REQUEST[$date_name]) && in_array($_REQUEST[$date_name], $allowed_days)) {
-        $day = $_REQUEST[$date_name];
+
+    if ($request->has($date_name) && in_array($request->input($date_name), $allowed_days)) {
+        $day = $request->input($date_name);
     }
 
     return parse_date('Y-m-d H:i', $day . ' ' . $time);
@@ -94,8 +96,9 @@ function select_array($data, $key_name, $value_name)
  */
 function check_request_int_array($name, $default = [])
 {
-    if (isset($_REQUEST[$name]) && is_array($_REQUEST[$name])) {
-        return array_filter($_REQUEST[$name], 'is_numeric');
+    $request = request();
+    if ($request->has($name) && is_array($request->input($name))) {
+        return array_filter($request->input($name), 'is_numeric');
     }
     return $default;
 }
@@ -111,10 +114,11 @@ function check_request_int_array($name, $default = [])
  */
 function check_request_date($name, $error_message = null, $null_allowed = false)
 {
-    if (!isset($_REQUEST[$name])) {
+    $request = request();
+    if (!$request->has($name)) {
         return new ValidationResult($null_allowed, null);
     }
-    return check_date($_REQUEST[$name], $error_message, $null_allowed);
+    return check_date($request->input($name), $error_message, $null_allowed);
 }
 
 /**
@@ -148,8 +152,9 @@ function check_date($input, $error_message = null, $null_allowed = false)
  */
 function strip_request_item($name, $default_value = null)
 {
-    if (isset($_REQUEST[$name])) {
-        return strip_item($_REQUEST[$name]);
+    $request = request();
+    if ($request->has($name)) {
+        return strip_item($request->input($name));
     }
     return $default_value;
 }
@@ -163,8 +168,9 @@ function strip_request_item($name, $default_value = null)
  */
 function test_request_int($name)
 {
-    if (isset($_REQUEST[$name])) {
-        return preg_match('/^\d*$/', $_REQUEST[$name]);
+    $request = request();
+    if ($request->has($name)) {
+        return preg_match('/^\d*$/', $request->input($name));
     }
     return false;
 }
@@ -178,8 +184,9 @@ function test_request_int($name)
  */
 function strip_request_item_nl($name, $default_value = null)
 {
-    if (isset($_REQUEST[$name])) {
-        return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($_REQUEST[$name]));
+    $request = request();
+    if ($request->has($name)) {
+        return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($request->get($name)));
     }
     return $default_value;
 }
diff --git a/includes/sys_template.php b/includes/sys_template.php
index 7aa458b8..1d3943b7 100644
--- a/includes/sys_template.php
+++ b/includes/sys_template.php
@@ -335,11 +335,11 @@ function table_buttons($buttons = [])
 /**
  * Load and render template
  *
- * @param string $file
- * @param string $data
+ * @param string   $file
+ * @param string[] $data
  * @return string
  */
-function template_render($file, $data)
+function template_render($file, $data = [])
 {
     if (file_exists($file)) {
         $template = file_get_contents($file);
-- 
cgit v1.2.3-54-g00ecf