diff --git a/core/includes/common.inc b/core/includes/common.inc index e4c9505..8797c9b 100644 --- a/core/includes/common.inc +++ b/core/includes/common.inc @@ -434,7 +434,7 @@ function drupal_get_feeds($delimiter = "\n") { * Processes a URL query parameter array to remove unwanted elements. * * @param $query - * (optional) An array to be processed. Defaults to $_GET. + * (optional) An array to be processed. Defaults to query string parameters. * @param $exclude * (optional) A list of $query array keys to remove. Use "parent[child]" to * exclude nested items. @@ -447,7 +447,7 @@ function drupal_get_feeds($delimiter = "\n") { function drupal_get_query_parameters(array $query = NULL, array $exclude = array(), $parent = '') { // Set defaults, if none given. if (!isset($query)) { - $query = $_GET; + $query = Drupal::request()->query->all(); } // If $exclude is empty, there is nothing to filter. if (empty($exclude)) { @@ -559,8 +559,9 @@ function drupal_get_destination() { return $destination; } - if (isset($_GET['destination'])) { - $destination = array('destination' => $_GET['destination']); + $destination_param = Drupal::request()->query->get('destination'); + if (isset($destination_param)) { + $destination = array('destination' => $destination_param); } else { $path = current_path(); @@ -713,8 +714,10 @@ function drupal_goto($path = '', array $options = array(), $http_response_code = // attack vector, with the following exception: // - Absolute URLs that point to this site (i.e. same base URL and // base path) are allowed. - if (isset($_GET['destination']) && (!url_is_external($_GET['destination']) || _external_url_is_local($_GET['destination']))) { - $destination = drupal_parse_url($_GET['destination']); + $request = Drupal::request(); + $destination_param = $request->query->get('destination'); + if (isset($destination_param) && (!url_is_external($destination_param) || _external_url_is_local($destination_param))) { + $destination = drupal_parse_url($destination_param); $path = $destination['path']; $options['query'] = $destination['query']; $options['fragment'] = $destination['fragment']; @@ -2914,7 +2917,8 @@ function drupal_html_id($id) { // normally not recommended as it could open up security risks, but because // the raw POST data is cast to a number before being returned by this // function, this usage is safe. - if (empty($_POST['ajax_html_ids'])) { + $request = Drupal::request(); + if (!$request->request->has('ajax_html_ids')) { $seen_ids_init = array(); } else { @@ -2923,7 +2927,7 @@ function drupal_html_id($id) { // requested id. $_POST['ajax_html_ids'] contains the ids as they were // returned by this function, potentially with the appended counter, so // we parse that to reconstruct the $seen_ids array. - $ajax_html_ids = explode(' ', $_POST['ajax_html_ids']); + $ajax_html_ids = explode(' ', $request->request->get('ajax_html_ids')); foreach ($ajax_html_ids as $seen_id) { // We rely on '--' being used solely for separating a base id from the // counter, which this function ensures when returning an id. @@ -5185,7 +5189,7 @@ function show(&$element) { * @see drupal_render_cache_set() */ function drupal_render_cache_get($elements) { - if (!in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD')) || !$cid = drupal_render_cid_create($elements)) { + if (!Drupal::request()->isMethodSafe() || !$cid = drupal_render_cid_create($elements)) { return FALSE; } $bin = isset($elements['#cache']['bin']) ? $elements['#cache']['bin'] : 'cache'; @@ -5217,7 +5221,8 @@ function drupal_render_cache_get($elements) { */ function drupal_render_cache_set(&$markup, $elements) { // Create the cache ID for the element. - if (!in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD')) || !$cid = drupal_render_cid_create($elements)) { + $request = Drupal::request(); + if (!$request->isMethodSafe() || !$cid = drupal_render_cid_create($elements)) { return FALSE; }