From d2707dd055538298bd3ccced73ddcfb08d353986 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Fri, 12 May 2017 21:50:05 +0200 Subject: Catch incorrect POST parameters (array vs string) Signed-off-by: Florian Pritz --- application/controllers/api/v2/file.php | 4 ++-- application/controllers/file/file_default.php | 10 +++++----- application/controllers/file/multipaste.php | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) (limited to 'application/controllers') diff --git a/application/controllers/api/v2/file.php b/application/controllers/api/v2/file.php index 6eb0ae43b..6f95d5525 100644 --- a/application/controllers/api/v2/file.php +++ b/application/controllers/api/v2/file.php @@ -71,14 +71,14 @@ class file extends \controllers\api\api_controller { public function delete() { $this->muser->require_access("apikey"); - $ids = $this->input->post("ids"); + $ids = $this->input->post_array("ids"); return \service\files::delete($ids); } public function create_multipaste() { $this->muser->require_access("basic"); - $ids = $this->input->post("ids"); + $ids = $this->input->post_array("ids"); $userid = $this->muser->get_userid(); $limits = $this->muser->get_upload_id_limits(); diff --git a/application/controllers/file/file_default.php b/application/controllers/file/file_default.php index 2a26c380c..f4f106990 100644 --- a/application/controllers/file/file_default.php +++ b/application/controllers/file/file_default.php @@ -565,7 +565,7 @@ class File_default extends MY_Controller { private function _append_multipaste_queue() { - $ids = $this->input->post("ids"); + $ids = $this->input->post_array("ids"); if ($ids === false) { $ids = []; } @@ -658,7 +658,7 @@ class File_default extends MY_Controller { { $this->muser->require_access("apikey"); - $ids = $this->input->post("ids"); + $ids = $this->input->post_array("ids"); $ret = \service\files::delete($ids); @@ -675,7 +675,7 @@ class File_default extends MY_Controller { { $this->muser->require_access("basic"); - $ids = $this->input->post("ids"); + $ids = $this->input->post_array("ids"); $userid = $this->muser->get_userid(); $limits = $this->muser->get_upload_id_limits(); @@ -690,8 +690,8 @@ class File_default extends MY_Controller { public function do_websubmit() { $files = getNormalizedFILES(); - $contents = $this->input->post("content"); - $filenames = $this->input->post("filename"); + $contents = $this->input->post_array("content"); + $filenames = $this->input->post_array("filename"); if (!is_array($filenames) || !is_array($contents)) { throw new \exceptions\UserInputException('file/websubmit/invalid-form', 'The submitted POST form is invalid'); diff --git a/application/controllers/file/multipaste.php b/application/controllers/file/multipaste.php index 759a781f0..50367697c 100644 --- a/application/controllers/file/multipaste.php +++ b/application/controllers/file/multipaste.php @@ -19,7 +19,7 @@ class Multipaste extends MY_Controller { public function append_multipaste_queue() { $this->muser->require_access("basic"); - $ids = $this->input->post("ids"); + $ids = $this->input->post_array("ids"); if ($ids === false) { $ids = []; } @@ -55,7 +55,7 @@ class Multipaste extends MY_Controller { public function form_submit() { $this->muser->require_access("basic"); - $ids = $this->input->post('ids'); + $ids = $this->input->post_array('ids'); $process = $this->input->post('process'); if ($ids === false) { @@ -87,7 +87,7 @@ class Multipaste extends MY_Controller { public function ajax_submit() { $this->muser->require_access("basic"); - $ids = $this->input->post('ids'); + $ids = $this->input->post_array('ids'); if ($ids === false) { $ids = []; -- cgit v1.2.3-24-g4f1b