summaryrefslogtreecommitdiffstats
path: root/application/controllers
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2017-05-12 21:50:05 +0200
committerFlorian Pritz <bluewind@xinu.at>2017-05-12 21:50:05 +0200
commitd2707dd055538298bd3ccced73ddcfb08d353986 (patch)
treec8c292f9321b13d1a2d8e490bbb8db5a0ddd6d36 /application/controllers
parenta252d6c6fbd2b9989ab630d74ef476fb9e54bcc6 (diff)
Catch incorrect POST parameters (array vs string)
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/controllers')
-rw-r--r--application/controllers/api/v2/file.php4
-rw-r--r--application/controllers/file/file_default.php10
-rw-r--r--application/controllers/file/multipaste.php6
3 files changed, 10 insertions, 10 deletions
diff --git a/application/controllers/api/v2/file.php b/application/controllers/api/v2/file.php
index 6eb0ae43b..6f95d5525 100644
--- a/application/controllers/api/v2/file.php
+++ b/application/controllers/api/v2/file.php
@@ -71,14 +71,14 @@ class file extends \controllers\api\api_controller {
public function delete()
{
$this->muser->require_access("apikey");
- $ids = $this->input->post("ids");
+ $ids = $this->input->post_array("ids");
return \service\files::delete($ids);
}
public function create_multipaste()
{
$this->muser->require_access("basic");
- $ids = $this->input->post("ids");
+ $ids = $this->input->post_array("ids");
$userid = $this->muser->get_userid();
$limits = $this->muser->get_upload_id_limits();
diff --git a/application/controllers/file/file_default.php b/application/controllers/file/file_default.php
index 2a26c380c..f4f106990 100644
--- a/application/controllers/file/file_default.php
+++ b/application/controllers/file/file_default.php
@@ -565,7 +565,7 @@ class File_default extends MY_Controller {
private function _append_multipaste_queue()
{
- $ids = $this->input->post("ids");
+ $ids = $this->input->post_array("ids");
if ($ids === false) {
$ids = [];
}
@@ -658,7 +658,7 @@ class File_default extends MY_Controller {
{
$this->muser->require_access("apikey");
- $ids = $this->input->post("ids");
+ $ids = $this->input->post_array("ids");
$ret = \service\files::delete($ids);
@@ -675,7 +675,7 @@ class File_default extends MY_Controller {
{
$this->muser->require_access("basic");
- $ids = $this->input->post("ids");
+ $ids = $this->input->post_array("ids");
$userid = $this->muser->get_userid();
$limits = $this->muser->get_upload_id_limits();
@@ -690,8 +690,8 @@ class File_default extends MY_Controller {
public function do_websubmit()
{
$files = getNormalizedFILES();
- $contents = $this->input->post("content");
- $filenames = $this->input->post("filename");
+ $contents = $this->input->post_array("content");
+ $filenames = $this->input->post_array("filename");
if (!is_array($filenames) || !is_array($contents)) {
throw new \exceptions\UserInputException('file/websubmit/invalid-form', 'The submitted POST form is invalid');
diff --git a/application/controllers/file/multipaste.php b/application/controllers/file/multipaste.php
index 759a781f0..50367697c 100644
--- a/application/controllers/file/multipaste.php
+++ b/application/controllers/file/multipaste.php
@@ -19,7 +19,7 @@ class Multipaste extends MY_Controller {
public function append_multipaste_queue() {
$this->muser->require_access("basic");
- $ids = $this->input->post("ids");
+ $ids = $this->input->post_array("ids");
if ($ids === false) {
$ids = [];
}
@@ -55,7 +55,7 @@ class Multipaste extends MY_Controller {
public function form_submit() {
$this->muser->require_access("basic");
- $ids = $this->input->post('ids');
+ $ids = $this->input->post_array('ids');
$process = $this->input->post('process');
if ($ids === false) {
@@ -87,7 +87,7 @@ class Multipaste extends MY_Controller {
public function ajax_submit() {
$this->muser->require_access("basic");
- $ids = $this->input->post('ids');
+ $ids = $this->input->post_array('ids');
if ($ids === false) {
$ids = [];