first pass of _POST to get_request_var_post

routenull0 · Feb 6, 2016 · 8dadf2d · 8dadf2d
1 parent dabfabf
commit 8dadf2d
Show file tree

Hide file tree

Showing 33 changed files with 655 additions and 655 deletions.
diff --git a/aggregate_templates.php b/aggregate_templates.php
@@ -66,41 +66,41 @@
 function aggregate_form_save() {
 	/* make sure we are saving aggregate template */
 	if (!isset($_POST['save_component_template'])) {
-		header('Location: aggregate_templates.php?header=false&action=edit&id=' . $_POST['id']);
+		header('Location: aggregate_templates.php?header=false&action=edit&id=' . get_request_var_post('id'));
 		return null;
 	}
 
 	$save1 = array();
 
 	/* updating existing template or creating a new one? */
-	if (isset($_POST['id']) && $_POST['id'] > 0) {
+	if (isset(get_request_var_post('id')) && $_POST['id'] > 0) {
 		$is_new = false;
-		$save1['id'] = $_POST['id'];
+		$save1['id'] = get_request_var_post('id');
 	} else {
 		$is_new = true;
 		$save1['id'] = 0;
 	}
 
 	/* set some defaults for possibly disabled values */
-	if (!isset($_POST['total']))        $_POST['total']        = 0;
-	if (!isset($_POST['total_type']))   $_POST['total_type']   = 0;
-	if (!isset($_POST['order_type']))   $_POST['order_type']   = 0;
-	if (!isset($_POST['total_prefix'])) $_POST['total_prefix'] = '';
+	if (!isset(get_request_var_post('total')))        $_POST['total']        = 0;
+	if (!isset(get_request_var_post('total_type')))   $_POST['total_type']   = 0;
+	if (!isset(get_request_var_post('order_type')))   $_POST['order_type']   = 0;
+	if (!isset(get_request_var_post('total_prefix'))) $_POST['total_prefix'] = '';
 
 	/* populate aggregate template save array and validate posted values*/
-	$save1['name']              = form_input_validate($_POST['name'], 'name', '', false, 3);
+	$save1['name']              = form_input_validate(get_request_var_post('name'), 'name', '', false, 3);
 	$save1['graph_template_id'] = $_POST['_graph_template_id'];
-	$save1['gprint_prefix']     = form_input_validate($_POST['gprint_prefix'], 'gprint_prefix', '', true, 3);
-	$save1['graph_type']        = form_input_validate($_POST['graph_type'], 'graph_type', '', false, 3);
-	$save1['total']             = form_input_validate($_POST['total'], 'total', '', false, 3);
-	$save1['total_type']        = form_input_validate($_POST['total_type'], 'total_type', '', false, 3);
-	$save1['total_prefix']      = form_input_validate($_POST['total_prefix'], 'total_prefix', '', true, 3);
-	$save1['order_type']        = form_input_validate($_POST['order_type'], 'order_type', '', false, 3);
+	$save1['gprint_prefix']     = form_input_validate(get_request_var_post('gprint_prefix'), 'gprint_prefix', '', true, 3);
+	$save1['graph_type']        = form_input_validate(get_request_var_post('graph_type'), 'graph_type', '', false, 3);
+	$save1['total']             = form_input_validate(get_request_var_post('total'), 'total', '', false, 3);
+	$save1['total_type']        = form_input_validate(get_request_var_post('total_type'), 'total_type', '', false, 3);
+	$save1['total_prefix']      = form_input_validate(get_request_var_post('total_prefix'), 'total_prefix', '', true, 3);
+	$save1['order_type']        = form_input_validate(get_request_var_post('order_type'), 'order_type', '', false, 3);
 	$save1['user_id']           = $_SESSION['sess_user_id'];
 
 	/* form validation failed */
 	if (is_error_message()) {
-		header('Location: aggregate_templates.php?header=false&action=edit&id=' . $_POST['id']);
+		header('Location: aggregate_templates.php?header=false&action=edit&id=' . get_request_var_post('id'));
 		return null;
 	}
 
@@ -140,7 +140,7 @@ function aggregate_form_save() {
 
 	if (!$id) {
 		raise_message(2);
-		header('Location: aggregate_templates.php?header=false&action=edit&id=' . $_POST['id']);
+		header('Location: aggregate_templates.php?header=false&action=edit&id=' . get_request_var_post('id'));
 		return null;
 	}
 
@@ -222,7 +222,7 @@ function aggregate_form_save() {
 
 	raise_message(1);
 
-	header('Location: aggregate_templates.php?header=false&action=edit&id=' . (empty($id) ? $_POST['id'] : $id));
+	header('Location: aggregate_templates.php?header=false&action=edit&id=' . (empty($id) ? get_request_var_post('id') : $id));
 }
 
 
@@ -246,11 +246,11 @@ function aggregate_form_actions() {
 	/* ==================================================== */
 
 	/* if we are to save this form, instead of display it */
-	if (isset($_POST['selected_items'])) {
-		$selected_items = sanitize_unserialize_selected_items($_POST['selected_items']);
+	if (isset(get_request_var_post('selected_items'))) {
+		$selected_items = sanitize_unserialize_selected_items(get_request_var_post('selected_items'));
 
 		if ($selected_items != false) {
-			if ($_POST['drp_action'] == '1') { /* delete */
+			if (get_request_var_post('drp_action') == '1') { /* delete */
 				db_execute('DELETE FROM aggregate_graph_templates WHERE ' . array_to_sql_or($selected_items, 'id'));
 				db_execute('DELETE FROM aggregate_graph_templates_item WHERE ' . array_to_sql_or($selected_items, 'aggregate_template_id'));
 				db_execute('DELETE FROM aggregate_graph_templates_graph WHERE ' . array_to_sql_or($selected_items, 'aggregate_template_id'));
@@ -281,10 +281,10 @@ function aggregate_form_actions() {
 
 	form_start('aggregate_templates.php');
 
-	html_start_box($aggregate_actions{$_POST['drp_action']}, '60%', '', '3', 'center', '');
+	html_start_box($aggregate_actions{get_request_var_post('drp_action')}, '60%', '', '3', 'center', '');
 
 	if (isset($aggregate_array) && sizeof($aggregate_array)) {
-		if ($_POST['drp_action'] == '1') { /* delete */
+		if (get_request_var_post('drp_action') == '1') { /* delete */
 			print "<tr>
 					<td class='textArea'>
 						<p>Are you sure you want to Delete the following Aggregate Graph Template(s)?</p>
@@ -303,7 +303,7 @@ function aggregate_form_actions() {
 		<td class='saveRow'>
 			<input type='hidden' name='action' value='actions'>
 			<input type='hidden' name='selected_items' value='" . (isset($aggregate_array) ? serialize($aggregate_array) : '') . "'>
-			<input type='hidden' name='drp_action' value='" . $_POST['drp_action'] . "'>
+			<input type='hidden' name='drp_action' value='" . get_request_var_post('drp_action') . "'>
 			$save_html
 		</td>
 	</tr>\n";
@@ -333,11 +333,11 @@ function aggregate_template_edit() {
 	}
 
 	/* populate the graph template id if it's set */
-	if (isset($_POST['graph_template_id']) && !isset($template)) {
+	if (isset(get_request_var_post('graph_template_id')) && !isset($template)) {
 		/* ================= input validation ================= */
 		input_validate_input_number(get_request_var('graph_template_id'));
 		/* ==================================================== */
-		$template['graph_template_id'] = $_POST['graph_template_id'];
+		$template['graph_template_id'] = get_request_var_post('graph_template_id');
 		$template['id']                = 0;
 	}
 

diff --git a/auth_changepassword.php b/auth_changepassword.php
@@ -79,25 +79,25 @@
 		$errorMessage = "<span color='#FF0000'>Your current password is not correct.  Please try again.</span>";
 	}
 
-	if ($user['password'] == md5($_POST['password'])) {
+	if ($user['password'] == md5(get_request_var_post('password'))) {
 		$bad_password = true;
 		$errorMessage = "<span color='#FF0000'>Your new password can not be the same as the old password.  Please try again.</span>";
 	}
 
 	// Secpass checking
 
-	$error = secpass_check_pass($_POST['password']);
+	$error = secpass_check_pass(get_request_var_post('password'));
 	if ($error != '') {
 		$bad_password = true;
 		$errorMessage = "<span color='#FF0000'>$error</span>";
 
 	}
-	if (!secpass_check_history($_SESSION['sess_user_id'], $_POST['password'])) {
+	if (!secpass_check_history($_SESSION['sess_user_id'], get_request_var_post('password'))) {
 		$bad_password = true;
 		$errorMessage = "<span color='#FF0000'>You can not use a previously entered password!</span>";
 	}
 
-	if ($bad_password == false && $_POST['password'] == $_POST['confirm'] && $_POST['password'] != '') {
+	if ($bad_password == false && get_request_var_post('password') == $_POST['confirm'] && $_POST['password'] != '') {
 		// Password change is good to go
 		if (read_config_option('secpass_expirepass') > 0) {
 				db_execute("UPDATE user_auth SET lastchange = " . time() . " WHERE id = " . intval($_SESSION['sess_user_id']) . " AND realm = 0 AND enabled = 'on'");
@@ -116,7 +116,7 @@
 		}
 
 		db_execute_prepared('INSERT IGNORE INTO user_log (username, result, ip) VALUES (?, 3, ?)', array($user['username'], $_SERVER['REMOTE_ADDR']));
-		db_execute_prepared("UPDATE user_auth SET must_change_password = '', password = ? WHERE id = ?", array(md5($_POST['password']), $_SESSION['sess_user_id']));
+		db_execute_prepared("UPDATE user_auth SET must_change_password = '', password = ? WHERE id = ?", array(md5(get_request_var_post('password')), $_SESSION['sess_user_id']));
 
 		kill_session_var('sess_change_password');
 

diff --git a/automation_graph_rules.php b/automation_graph_rules.php
@@ -93,9 +93,9 @@ function save() {
 		input_validate_input_number(get_request_var_post('id'));
 		/* ==================================================== */
 
-		$save['id'] = $_POST['id'];
-		$save['name'] = form_input_validate($_POST['name'], 'name', '', false, 3);
-		$save['snmp_query_id'] = form_input_validate($_POST['snmp_query_id'], 'snmp_query_id', '^[0-9]+$', false, 3);
+		$save['id'] = get_request_var_post('id');
+		$save['name'] = form_input_validate(get_request_var_post('name'), 'name', '', false, 3);
+		$save['snmp_query_id'] = form_input_validate(get_request_var_post('snmp_query_id'), 'snmp_query_id', '^[0-9]+$', false, 3);
 		$save['graph_type_id'] = (isset($_POST['graph_type_id'])) ? form_input_validate($_POST['graph_type_id'], 'graph_type_id', '^[0-9]+$', false, 3) : 0;
 		$save['enabled'] = (isset($_POST['enabled']) ? 'on' : '');
 		if (!is_error_message()) {
@@ -109,7 +109,7 @@ function save() {
 		}
 
 		if ((is_error_message()) || (empty($_POST["id"]))) {
-			header('Location: automation_graph_rules.php?header=false&action=edit&id=' . (empty($rule_id) ? $_POST['id'] : $rule_id));
+			header('Location: automation_graph_rules.php?header=false&action=edit&id=' . (empty($rule_id) ? get_request_var_post('id') : $rule_id));
 		}else{
 			header('Location: automation_graph_rules.php?header=false');
 		}
@@ -119,10 +119,10 @@ function save() {
 		input_validate_input_number(get_request_var_post('item_id'));
 		/* ==================================================== */
 		$save = array();
-		$save['id']        = form_input_validate($_POST['item_id'], 'item_id', '^[0-9]+$', false, 3);
-		$save['rule_id']   = form_input_validate($_POST['id'], 'id', '^[0-9]+$', false, 3);
-		$save['sequence']  = form_input_validate($_POST['sequence'], 'sequence', '^[0-9]+$', false, 3);
-		$save['operation'] = form_input_validate($_POST['operation'], 'operation', '^[-0-9]+$', true, 3);
+		$save['id']        = form_input_validate(get_request_var_post('item_id'), 'item_id', '^[0-9]+$', false, 3);
+		$save['rule_id']   = form_input_validate(get_request_var_post('id'), 'id', '^[0-9]+$', false, 3);
+		$save['sequence']  = form_input_validate(get_request_var_post('sequence'), 'sequence', '^[0-9]+$', false, 3);
+		$save['operation'] = form_input_validate(get_request_var_post('operation'), 'operation', '^[-0-9]+$', true, 3);
 		$save['field']     = form_input_validate(((isset($_POST['field']) && $_POST['field'] != '0') ? $_POST['field'] : ''), 'field', '', true, 3);
 		$save['operator']  = form_input_validate((isset($_POST['operator']) ? $_POST['operator'] : ''), 'operator', '^[0-9]+$', true, 3);
 		$save['pattern']   = form_input_validate((isset($_POST['pattern']) ? $_POST['pattern'] : ''), 'pattern', '', true, 3);
@@ -138,9 +138,9 @@ function save() {
 		}
 
 		if (is_error_message()) {
-			header('Location: automation_graph_rules.php?header=false&action=item_edit&id=' . $_POST['id'] . '&item_id=' . (empty($item_id) ? $_POST['item_id'] : $item_id) . '&rule_type=' . AUTOMATION_RULE_TYPE_GRAPH_ACTION);
+			header('Location: automation_graph_rules.php?header=false&action=item_edit&id=' . get_request_var_post('id') . '&item_id=' . (empty($item_id) ? get_request_var_post('item_id') : $item_id) . '&rule_type=' . AUTOMATION_RULE_TYPE_GRAPH_ACTION);
 		}else{
-			header('Location: automation_graph_rules.php?header=false&action=edit&id=' . $_POST['id'] . '&rule_type=' . AUTOMATION_RULE_TYPE_GRAPH_ACTION);
+			header('Location: automation_graph_rules.php?header=false&action=edit&id=' . get_request_var_post('id') . '&rule_type=' . AUTOMATION_RULE_TYPE_GRAPH_ACTION);
 		}
 	}elseif (isset($_POST['save_component_automation_match_item'])) {
 		/* ================= input validation ================= */
@@ -149,11 +149,11 @@ function save() {
 		/* ==================================================== */
 
 		unset($save);
-		$save['id'] = form_input_validate($_POST['item_id'], 'item_id', '^[0-9]+$', false, 3);
-		$save['rule_id'] = form_input_validate($_POST['id'], 'id', '^[0-9]+$', false, 3);
+		$save['id'] = form_input_validate(get_request_var_post('item_id'), 'item_id', '^[0-9]+$', false, 3);
+		$save['rule_id'] = form_input_validate(get_request_var_post('id'), 'id', '^[0-9]+$', false, 3);
 		$save['rule_type'] = AUTOMATION_RULE_TYPE_GRAPH_MATCH;
-		$save['sequence'] = form_input_validate($_POST['sequence'], 'sequence', '^[0-9]+$', false, 3);
-		$save['operation'] = form_input_validate($_POST['operation'], 'operation', '^[-0-9]+$', true, 3);
+		$save['sequence'] = form_input_validate(get_request_var_post('sequence'), 'sequence', '^[0-9]+$', false, 3);
+		$save['operation'] = form_input_validate(get_request_var_post('operation'), 'operation', '^[-0-9]+$', true, 3);
 		$save['field'] = form_input_validate(((isset($_POST['field']) && $_POST['field'] != '0') ? $_POST['field'] : ''), 'field', '', true, 3);
 		$save['operator'] = form_input_validate((isset($_POST['operator']) ? $_POST['operator'] : ''), 'operator', '^[0-9]+$', true, 3);
 		$save['pattern'] = form_input_validate((isset($_POST['pattern']) ? $_POST['pattern'] : ''), 'pattern', '', true, 3);
@@ -169,9 +169,9 @@ function save() {
 		}
 
 		if (is_error_message()) {
-			header('Location: automation_graph_rules.php?header=false&action=item_edit&id=' . $_POST['id'] . '&item_id=' . (empty($item_id) ? $_POST['item_id'] : $item_id) . '&rule_type=' . AUTOMATION_RULE_TYPE_GRAPH_MATCH);
+			header('Location: automation_graph_rules.php?header=false&action=item_edit&id=' . get_request_var_post('id') . '&item_id=' . (empty($item_id) ? get_request_var_post('item_id') : $item_id) . '&rule_type=' . AUTOMATION_RULE_TYPE_GRAPH_MATCH);
 		}else{
-			header('Location: automation_graph_rules.php?header=false&action=edit&id=' . $_POST['id'] . '&rule_type=' . AUTOMATION_RULE_TYPE_GRAPH_MATCH);
+			header('Location: automation_graph_rules.php?header=false&action=edit&id=' . get_request_var_post('id') . '&rule_type=' . AUTOMATION_RULE_TYPE_GRAPH_MATCH);
 		}
 	} else {
 		raise_message(2);
@@ -187,26 +187,26 @@ function automation_graph_rules_form_actions() {
 	global $config, $colors, $automation_graph_rules_actions;
 
 	/* if we are to save this form, instead of display it */
-	if (isset($_POST['selected_items'])) {
-		$selected_items = sanitize_unserialize_selected_items($_POST['selected_items']);
+	if (isset(get_request_var_post('selected_items'))) {
+		$selected_items = sanitize_unserialize_selected_items(get_request_var_post('selected_items'));
 
 		if ($selected_items != false) {
-			if ($_POST['drp_action'] == AUTOMATION_ACTION_GRAPH_DELETE) { /* delete */
+			if (get_request_var_post('drp_action') == AUTOMATION_ACTION_GRAPH_DELETE) { /* delete */
 				db_execute('DELETE FROM automation_graph_rules WHERE ' . array_to_sql_or($selected_items, 'id'));
 				db_execute('DELETE FROM automation_graph_rule_items WHERE ' . array_to_sql_or($selected_items, 'rule_id'));
 				db_execute('DELETE FROM automation_match_rule_items WHERE ' . array_to_sql_or($selected_items, 'rule_id'));
-			}elseif ($_POST['drp_action'] == AUTOMATION_ACTION_GRAPH_DUPLICATE) { /* duplicate */
+			}elseif (get_request_var_post('drp_action') == AUTOMATION_ACTION_GRAPH_DUPLICATE) { /* duplicate */
 				for ($i=0;($i<count($selected_items));$i++) {
 					cacti_log('form_actions duplicate: ' . $selected_items[$i] . ' name: ' . $_POST['name_format'], true, 'AUTOMATION TRACE', POLLER_VERBOSITY_MEDIUM);
 					duplicate_automation_graph_rules($selected_items[$i], $_POST['name_format']);
 				}
-			}elseif ($_POST['drp_action'] == AUTOMATION_ACTION_GRAPH_ENABLE) { /* enable */
+			}elseif (get_request_var_post('drp_action') == AUTOMATION_ACTION_GRAPH_ENABLE) { /* enable */
 				for ($i=0;($i<count($selected_items));$i++) {
 					cacti_log('form_actions enable: ' . $selected_items[$i], true, 'AUTOMATION TRACE', POLLER_VERBOSITY_MEDIUM);
 
 					db_execute("UPDATE automation_graph_rules SET enabled='on' WHERE id=" . $selected_items[$i]);
 				}
-			}elseif ($_POST['drp_action'] == AUTOMATION_ACTION_GRAPH_DISABLE) { /* disable */
+			}elseif (get_request_var_post('drp_action') == AUTOMATION_ACTION_GRAPH_DISABLE) { /* disable */
 				for ($i=0;($i<count($selected_items));$i++) {
 					cacti_log('form_actions disable: ' . $selected_items[$i], true, 'AUTOMATION TRACE', POLLER_VERBOSITY_MEDIUM);
 
@@ -238,16 +238,16 @@ function automation_graph_rules_form_actions() {
 
 	form_start('automation_graph_rules.php', 'automation_graph_rules');
 
-	html_start_box($automation_graph_rules_actions{$_POST['drp_action']}, '60%', $colors['header_panel'], '3', 'center', '');
+	html_start_box($automation_graph_rules_actions{get_request_var_post('drp_action')}, '60%', $colors['header_panel'], '3', 'center', '');
 
-	if ($_POST['drp_action'] == AUTOMATION_ACTION_GRAPH_DELETE) { /* delete */
+	if (get_request_var_post('drp_action') == AUTOMATION_ACTION_GRAPH_DELETE) { /* delete */
 		print "	<tr>
 			<td class='textArea'>
 				<p>Are you sure you want to delete the following Rules?  If so, press 'Continue'.</p>
 				<ul>$automation_graph_rules_list</ul>
 			</td>
 		</tr>";
-	}elseif ($_POST['drp_action'] == AUTOMATION_ACTION_GRAPH_DUPLICATE) { /* duplicate */
+	}elseif (get_request_var_post('drp_action') == AUTOMATION_ACTION_GRAPH_DUPLICATE) { /* duplicate */
 		print "<tr>
 			<td class='textArea'>
 				<p>Click 'Continue' to duplicate the following Rule(s). You can
@@ -256,15 +256,15 @@ function automation_graph_rules_form_actions() {
 				<p>Title Format:<br>"; form_text_box('name_format', '<rule_name> (1)', '', '255', '30', 'text'); print "</p>
 			</td>
 		</tr>\n";
-	}elseif ($_POST['drp_action'] == AUTOMATION_ACTION_GRAPH_ENABLE) { /* enable */
+	}elseif (get_request_var_post('drp_action') == AUTOMATION_ACTION_GRAPH_ENABLE) { /* enable */
 		print "<tr>
 			<td class='textArea'>
 				<p>Click 'Continue' to enable the following Rule(s).</p>
 				<ul>$automation_graph_rules_list</ul>
 				<p>Make sure, that those rules have successfully been tested!</p>
 			</td>
 		</tr>\n";
-	}elseif ($_POST['drp_action'] == AUTOMATION_ACTION_GRAPH_DISABLE) { /* disable */
+	}elseif (get_request_var_post('drp_action') == AUTOMATION_ACTION_GRAPH_DISABLE) { /* disable */
 		print "<tr>
 			<td class='textArea'>
 				<p>Click 'Continue' to disable the following Rule(s).</p>
@@ -284,7 +284,7 @@ function automation_graph_rules_form_actions() {
 		<td class='saveRow'>
 			<input type='hidden' name='action' value='actions'>
 			<input type='hidden' name='selected_items' value='" . (isset($automation_graph_rules_array) ? serialize($automation_graph_rules_array) : '') . "'>
-			<input type='hidden' name='drp_action' value='" . $_POST['drp_action'] . "'>
+			<input type='hidden' name='drp_action' value='" . get_request_var_post('drp_action') . "'>
 			$save_html
 		</td>
 	</tr>\n";