From 2b9be4565f8205c2186c4b537e1fa49846bf2fe9 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Thu, 10 Nov 2022 11:52:58 +0100
Subject: [PATCH] some more fixes for undefined vars

This makes more use of $INPUT to access $_SERVER and fixes a warning in
one of the search methods.
---
 inc/Ajax.php              |  2 +-
 inc/Cache/CacheParser.php |  4 +++-
 inc/httputils.php         | 25 +++++++++++--------------
 inc/media.php             |  2 +-
 inc/search.php            |  2 +-
 5 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/inc/Ajax.php b/inc/Ajax.php
index 364613010..fd6abb5e4 100644
--- a/inc/Ajax.php
+++ b/inc/Ajax.php
@@ -165,7 +165,7 @@ class Ajax {
         $id = cleanID($INPUT->str('id'));
         if(empty($id)) return;
 
-        $client = $_SERVER['REMOTE_USER'];
+        $client = $INPUT->server->str('REMOTE_USER');
         if(!$client) $client = clientIP(true);
 
         $draft = new Draft($id, $client);
diff --git a/inc/Cache/CacheParser.php b/inc/Cache/CacheParser.php
index ed476f471..239654226 100644
--- a/inc/Cache/CacheParser.php
+++ b/inc/Cache/CacheParser.php
@@ -20,6 +20,8 @@ class CacheParser extends Cache
      */
     public function __construct($id, $file, $mode)
     {
+        global $INPUT;
+
         if ($id) {
             $this->page = $id;
         }
@@ -27,7 +29,7 @@ class CacheParser extends Cache
         $this->mode = $mode;
 
         $this->setEvent('PARSER_CACHE_USE');
-        parent::__construct($file . $_SERVER['HTTP_HOST'] . $_SERVER['SERVER_PORT'], '.' . $mode);
+        parent::__construct($file . $INPUT->server->str('HTTP_HOST') . $INPUT->server->str('SERVER_PORT'), '.' . $mode);
     }
 
     /**
diff --git a/inc/httputils.php b/inc/httputils.php
index c365f4f5c..00d001f81 100644
--- a/inc/httputils.php
+++ b/inc/httputils.php
@@ -20,6 +20,8 @@ define('HTTP_CHUNK_SIZE',16*1024);
  * @returns  void or exits with previously header() commands executed
  */
 function http_conditionalRequest($timestamp){
+    global $INPUT;
+
     // A PHP implementation of conditional get, see
     //   http://fishbowl.pastiche.org/2002/10/21/http_conditional_get_for_rss_hackers/
     $last_modified = substr(gmdate('r', $timestamp), 0, -5).'GMT';
@@ -28,17 +30,8 @@ function http_conditionalRequest($timestamp){
     header("Last-Modified: $last_modified");
     header("ETag: $etag");
     // See if the client has provided the required headers
-    if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])){
-        $if_modified_since = stripslashes($_SERVER['HTTP_IF_MODIFIED_SINCE']);
-    }else{
-        $if_modified_since = false;
-    }
-
-    if (isset($_SERVER['HTTP_IF_NONE_MATCH'])){
-        $if_none_match = stripslashes($_SERVER['HTTP_IF_NONE_MATCH']);
-    }else{
-        $if_none_match = false;
-    }
+    $if_modified_since = $INPUT->server->filter('stripslashes')->str('HTTP_IF_MODIFIED_SINCE', false);
+    $if_none_match = $INPUT->server->filter('stripslashes')->str('HTTP_IF_NONE_MATCH', false);
 
     if (!$if_modified_since && !$if_none_match){
         return;
@@ -102,16 +95,18 @@ function http_sendfile($file) {
  * @author Andreas Gohr <andi@splitbrain.org>
  */
 function http_rangeRequest($fh,$size,$mime){
+    global $INPUT;
+
     $ranges  = array();
     $isrange = false;
 
     header('Accept-Ranges: bytes');
 
-    if(!isset($_SERVER['HTTP_RANGE'])){
+    if(!$INPUT->server->has('HTTP_RANGE')){
         // no range requested - send the whole file
         $ranges[] = array(0,$size,$size);
     }else{
-        $t = explode('=', $_SERVER['HTTP_RANGE']);
+        $t = explode('=', $INPUT->server->str('HTTP_RANGE'));
         if (!$t[0]=='bytes') {
             // we only understand byte ranges - send the whole file
             $ranges[] = array(0,$size,$size);
@@ -288,6 +283,8 @@ function http_get_raw_post_data() {
  * @param string $text
  */
 function http_status($code = 200, $text = '') {
+    global $INPUT;
+
     static $stati = array(
         200 => 'OK',
         201 => 'Created',
@@ -334,7 +331,7 @@ function http_status($code = 200, $text = '') {
         $text = $stati[$code];
     }
 
-    $server_protocol = (isset($_SERVER['SERVER_PROTOCOL'])) ? $_SERVER['SERVER_PROTOCOL'] : false;
+    $server_protocol = $INPUT->server->str('SERVER_PROTOCOL', false);
 
     if(substr(php_sapi_name(), 0, 3) == 'cgi' || defined('SIMPLE_TEST')) {
         header("Status: {$code} {$text}", true);
diff --git a/inc/media.php b/inc/media.php
index e9841a65e..4cab5603d 100644
--- a/inc/media.php
+++ b/inc/media.php
@@ -308,7 +308,7 @@ function media_upload_xhr($ns,$auth){
     $realSize = stream_copy_to_stream($input, $target);
     fclose($target);
     fclose($input);
-    if (isset($_SERVER["CONTENT_LENGTH"]) && ($realSize != (int)$_SERVER["CONTENT_LENGTH"])){
+    if ($INPUT->server->has('CONTENT_LENGTH') && ($realSize != $INPUT->server->int('CONTENT_LENGTH'))) {
         unlink($path);
         return false;
     }
diff --git a/inc/search.php b/inc/search.php
index a33ba87c5..27ca453c7 100644
--- a/inc/search.php
+++ b/inc/search.php
@@ -198,7 +198,7 @@ function search_media(&$data,$base,$file,$type,$lvl,$opts){
     $info         = array();
     $info['id']   = pathID($file,true);
     if($info['id'] != cleanID($info['id'])){
-        if($opts['showmsg'])
+        if(!empty($opts['showmsg']))
             msg(hsc($info['id']).' is not a valid file name for DokuWiki - skipped',-1);
         return false; // skip non-valid files
     }
-- 
2.11.4.GIT