From b4e75b2a25d0a30d77b2160c8195835c9816cfe0 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 29 Dec 2009 18:49:27 +0300 Subject: use POST parameters for frontend requests --- modules/backend-rpc.php | 52 ++++++++++++++++++++++++------------------------ modules/help.php | 6 +++--- modules/popup-dialog.php | 10 +++++----- modules/pref-feeds.php | 28 +++++++++++++------------- modules/pref-filters.php | 52 ++++++++++++++++++++++++------------------------ modules/pref-labels.php | 12 +++++------ modules/pref-prefs.php | 2 +- modules/pref-users.php | 18 ++++++++--------- 8 files changed, 90 insertions(+), 90 deletions(-) (limited to 'modules') diff --git a/modules/backend-rpc.php b/modules/backend-rpc.php index 2d1a8f90b..019368685 100644 --- a/modules/backend-rpc.php +++ b/modules/backend-rpc.php @@ -1,7 +1,7 @@ "; - $key = db_escape_string($_GET["key"]); - $value = db_escape_string($_GET["value"]); + $key = db_escape_string($_REQUEST["key"]); + $value = db_escape_string($_REQUEST["value"]); set_pref($link, $key, $value); @@ -23,7 +23,7 @@ } if ($subop == "getLabelCounters") { - $aid = $_GET["aid"]; + $aid = $_REQUEST["aid"]; print ""; print ""; getLabelCounters($link); @@ -50,7 +50,7 @@ print ""; print ""; - $omode = $_GET["omode"]; + $omode = $_REQUEST["omode"]; getAllCounters($link, $omode); print ""; @@ -61,8 +61,8 @@ } if ($subop == "mark") { - $mark = $_GET["mark"]; - $id = db_escape_string($_GET["id"]); + $mark = $_REQUEST["mark"]; + $id = db_escape_string($_REQUEST["id"]); if ($mark == "1") { $mark = "true"; @@ -87,7 +87,7 @@ } if ($subop == "delete") { - $ids = db_escape_string($_GET["ids"]); + $ids = db_escape_string($_REQUEST["ids"]); $result = db_query($link, "DELETE FROM ttrss_user_entries WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]); @@ -103,7 +103,7 @@ } if ($subop == "unarchive") { - $ids = db_escape_string($_GET["ids"]); + $ids = db_escape_string($_REQUEST["ids"]); $result = db_query($link, "UPDATE ttrss_user_entries SET feed_id = orig_feed_id, orig_feed_id = NULL @@ -120,7 +120,7 @@ } if ($subop == "archive") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { archive_article($link, $id, $_SESSION["uid"]); @@ -183,7 +183,7 @@ } if ($subop == "updateFeed") { - $feed_id = db_escape_string($_GET["feed"]); + $feed_id = db_escape_string($_REQUEST["feed"]); $result = db_query($link, "SELECT feed_url FROM ttrss_feeds WHERE id = '$feed_id' @@ -205,7 +205,7 @@ if ($subop == "forceUpdateAllFeeds" || $subop == "updateAllFeeds") { - $global_unread_caller = sprintf("%d", $_GET["uctr"]); + $global_unread_caller = sprintf("%d", $_REQUEST["uctr"]); $global_unread = getGlobalUnread($link); print ""; @@ -214,7 +214,7 @@ if ($global_unread_caller != $global_unread) { - $omode = $_GET["omode"]; + $omode = $_REQUEST["omode"]; if (!$omode) $omode = "tflc"; @@ -251,7 +251,7 @@ print ""; print ""; - getAllCounters($link, $_GET["omode"]); + getAllCounters($link, $_REQUEST["omode"]); print ""; print_runtime_info($link); print ""; @@ -261,14 +261,14 @@ if ($subop == "markSelected") { - $ids = split(",", db_escape_string($_GET["ids"])); - $cmode = sprintf("%d", $_GET["cmode"]); + $ids = split(",", db_escape_string($_REQUEST["ids"])); + $cmode = sprintf("%d", $_REQUEST["cmode"]); markArticlesById($link, $ids, $cmode); print ""; print ""; - getAllCounters($link, $_GET["omode"]); + getAllCounters($link, $_REQUEST["omode"]); print ""; print_runtime_info($link); print ""; @@ -278,14 +278,14 @@ if ($subop == "publishSelected") { - $ids = split(",", db_escape_string($_GET["ids"])); - $cmode = sprintf("%d", $_GET["cmode"]); + $ids = split(",", db_escape_string($_REQUEST["ids"])); + $cmode = sprintf("%d", $_REQUEST["cmode"]); publishArticlesById($link, $ids, $cmode); print ""; print ""; - getAllCounters($link, $_GET["omode"]); + getAllCounters($link, $_REQUEST["omode"]); print ""; print_runtime_info($link); print ""; @@ -301,7 +301,7 @@ print_runtime_info($link); # assign client-passed params to session - $_SESSION["client.userAgent"] = $_GET["ua"]; + $_SESSION["client.userAgent"] = $_REQUEST["ua"]; } print ""; @@ -320,7 +320,7 @@ if ($subop == "getArticleLink") { - $id = db_escape_string($_GET["id"]); + $id = db_escape_string($_REQUEST["id"]); $result = db_query($link, "SELECT link FROM ttrss_entries, ttrss_user_entries WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'"); @@ -337,9 +337,9 @@ if ($subop == "setArticleTags") { - $id = db_escape_string($_GET["id"]); + $id = db_escape_string($_REQUEST["id"]); - $tags_str = db_escape_string($_GET["tags_str"]); + $tags_str = db_escape_string($_REQUEST["tags_str"]); $tags = array_unique(trim_array(split(",", $tags_str))); @@ -426,8 +426,8 @@ } if ($subop == "purge") { - $ids = split(",", db_escape_string($_GET["ids"])); - $days = sprintf("%d", $_GET["days"]); + $ids = split(",", db_escape_string($_REQUEST["ids"])); + $days = sprintf("%d", $_REQUEST["days"]); print ""; diff --git a/modules/help.php b/modules/help.php index 415870d45..64ec087bb 100644 --- a/modules/help.php +++ b/modules/help.php @@ -1,7 +1,7 @@ ".__('Help')." @@ -9,7 +9,7 @@ "; } - $tid = sprintf("%d", $_GET["tid"]); + $tid = sprintf("%d", $_REQUEST["tid"]); if (file_exists("help/$tid.php")) { include("help/$tid.php"); @@ -21,7 +21,7 @@ onclick=\"javascript:window.close()\" value=\"".__('Close this window')."\">"; - if (!$_GET["noheaders"]) { + if (!$_REQUEST["noheaders"]) { print ""; } } diff --git a/modules/popup-dialog.php b/modules/popup-dialog.php index ab28d1746..57237823e 100644 --- a/modules/popup-dialog.php +++ b/modules/popup-dialog.php @@ -1,7 +1,7 @@ "; - #$active_feed_id = db_escape_string($_GET["param"]); + #$active_feed_id = db_escape_string($_REQUEST["param"]); - $params = split(":", db_escape_string($_GET["param"])); + $params = split(":", db_escape_string($_REQUEST["param"])); $active_feed_id = sprintf("%d", $params[0]); $is_cat = $params[1] == "true"; @@ -221,7 +221,7 @@ if ($id == "quickAddFilter") { - $active_feed_id = db_escape_string($_GET["param"]); + $active_feed_id = db_escape_string($_REQUEST["param"]); print "
".__('Create Filter')."
"; print "
"; diff --git a/modules/pref-feeds.php b/modules/pref-feeds.php index 73fbe8079..4c9ed19a9 100644 --- a/modules/pref-feeds.php +++ b/modules/pref-feeds.php @@ -15,7 +15,7 @@ $quiet = $_REQUEST["quiet"]; if ($subop == "massSubscribe") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); $subscribed = array(); @@ -64,7 +64,7 @@ print "
"; - $browser_search = db_escape_string($_GET["search"]); + $browser_search = db_escape_string($_REQUEST["search"]); //print "

".__("Showing top 25 registered feeds, sorted by popularity:")."

"; @@ -726,7 +726,7 @@ if ($subop == "remove") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { remove_feed($link, $id, $_SESSION["uid"]); @@ -734,12 +734,12 @@ } if ($subop == "clear") { - $id = db_escape_string($_GET["id"]); + $id = db_escape_string($_REQUEST["id"]); clear_feed_articles($link, $id); } if ($subop == "rescore") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { @@ -901,9 +901,9 @@ if (!WEB_DEMO_MODE) { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); - $cat_id = db_escape_string($_GET["cat_id"]); + $cat_id = db_escape_string($_REQUEST["cat_id"]); if ($cat_id == 0) { $cat_id_qpart = 'NULL'; @@ -938,7 +938,7 @@ if ($action == "save") { $cat_title = db_escape_string(trim($_REQUEST["value"])); - $cat_id = db_escape_string($_GET["cid"]); + $cat_id = db_escape_string($_REQUEST["cid"]); db_query($link, "BEGIN"); @@ -977,7 +977,7 @@ if (!WEB_DEMO_MODE) { - $feed_cat = db_escape_string(trim($_GET["cat"])); + $feed_cat = db_escape_string(trim($_REQUEST["cat"])); $result = db_query($link, "SELECT id FROM ttrss_feed_categories @@ -1000,7 +1000,7 @@ if ($action == "remove") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { remove_feed_category($link, $id, $_SESSION["uid"]); @@ -1111,9 +1111,9 @@ __('Some feeds have update errors (click for details)').""); } - $feed_search = db_escape_string($_GET["search"]); + $feed_search = db_escape_string($_REQUEST["search"]); - if (array_key_exists("search", $_GET)) { + if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_feed_search"] = $feed_search; } else { $feed_search = $_SESSION["prefs_feed_search"]; @@ -1138,7 +1138,7 @@ onclick=\"javascript:browseFeeds()\" value=\"".__('More Feeds')."\">"; } - $feeds_sort = db_escape_string($_GET["sort"]); + $feeds_sort = db_escape_string($_REQUEST["sort"]); if (!$feeds_sort || $feeds_sort == "undefined") { $feeds_sort = $_SESSION["pref_sort_feeds"]; @@ -1171,7 +1171,7 @@ $show_last_article_checked = ""; $show_last_article_qpart = ""; - if ($_GET["slat"] == "true") { + if ($_REQUEST["slat"] == "true") { $show_last_article_info = true; $show_last_article_checked = "checked"; $show_last_article_qpart = ", (SELECT ".SUBSTRING_FOR_DATE."(MAX(updated),1,16) FROM ttrss_user_entries, diff --git a/modules/pref-filters.php b/modules/pref-filters.php index 238ceb151..a0760de4e 100644 --- a/modules/pref-filters.php +++ b/modules/pref-filters.php @@ -1,11 +1,11 @@ ".__('User details')."
"; @@ -103,7 +103,7 @@ if ($subop == "edit") { - $id = db_escape_string($_GET["id"]); + $id = db_escape_string($_REQUEST["id"]); print "
".__('User Editor')."
"; @@ -213,7 +213,7 @@ if ($_SESSION["access_level"] >= 10) { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { if ($id != $_SESSION["uid"]) { @@ -227,7 +227,7 @@ if ($_SESSION["access_level"] >= 10) { - $login = db_escape_string(trim($_GET["login"])); + $login = db_escape_string(trim($_REQUEST["login"])); $tmp_user_pwd = make_password(8); $pwd_hash = encrypt_password($tmp_user_pwd, $login); @@ -266,7 +266,7 @@ if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { - $uid = db_escape_string($_GET["id"]); + $uid = db_escape_string($_REQUEST["id"]); $result = db_query($link, "SELECT login,email FROM ttrss_users WHERE id = '$uid'"); @@ -346,9 +346,9 @@ set_pref($link, "_PREFS_ACTIVE_TAB", "userConfig"); - $user_search = db_escape_string($_GET["search"]); + $user_search = db_escape_string($_REQUEST["search"]); - if (array_key_exists("search", $_GET)) { + if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_user_search"] = $user_search; } else { $user_search = $_SESSION["prefs_user_search"]; @@ -363,7 +363,7 @@ onclick=\"javascript:updateUsersList()\" value=\"".__('Search')."\">
"; - $sort = db_escape_string($_GET["sort"]); + $sort = db_escape_string($_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "login"; @@ -427,7 +427,7 @@ $class = ($lnum % 2) ? "even" : "odd"; $uid = $line["id"]; - $edit_uid = $_GET["id"]; + $edit_uid = $_REQUEST["id"]; if ($subop == "edit" && $uid != $edit_uid) { $class .= "Grayed"; -- cgit v1.2.3-54-g00ecf