diff --git a/core/includes/ajax.inc b/core/includes/ajax.inc
index 42843fa..99756ec 100644
--- a/core/includes/ajax.inc
+++ b/core/includes/ajax.inc
@@ -228,17 +228,19 @@
* functions.
*/
function ajax_render($commands = array()) {
+ $ajax_page_state = Drupal::request()->request->get('ajax_page_state');
+
// Ajax responses aren't rendered with html.tpl.php, so we have to call
// drupal_get_css() and drupal_get_js() here, in order to have new files added
// during this request to be loaded by the page. We only want to send back
// files that the page hasn't already loaded, so we implement simple diffing
// logic using array_diff_key().
foreach (array('css', 'js') as $type) {
- // It is highly suspicious if $_POST['ajax_page_state'][$type] is empty,
+ // It is highly suspicious if $ajax_page_state[$type] is empty,
// since the base page ought to have at least one JS file and one CSS file
// loaded. It probably indicates an error, and rather than making the page
// reload all of the files, instead we return no new files.
- if (empty($_POST['ajax_page_state'][$type])) {
+ if (empty($ajax_page_state[$type])) {
$items[$type] = array();
}
else {
@@ -257,7 +259,7 @@ function ajax_render($commands = array()) {
}
}
// Ensure that the page doesn't reload what it already has.
- $items[$type] = array_diff_key($items[$type], $_POST['ajax_page_state'][$type]);
+ $items[$type] = array_diff_key($items[$type], $ajax_page_state[$type]);
}
}
@@ -303,7 +305,7 @@ function ajax_render($commands = array()) {
* Gets a form submitted via #ajax during an Ajax callback.
*
* This will load a form from the form cache used during Ajax operations. It
- * pulls the form info from $_POST.
+ * pulls the form info from the Drupal::request()->request object.
*
* @return
* An array containing the $form and $form_state. Use the list() function
@@ -315,16 +317,16 @@ function ajax_render($commands = array()) {
function ajax_get_form() {
$form_state = form_state_defaults();
- $form_build_id = $_POST['form_build_id'];
+ $form_build_id = Drupal::request()->request->get('form_build_id');
// Get the form from the cache.
$form = form_get_cache($form_build_id, $form_state);
if (!$form) {
- // If $form cannot be loaded from the cache, the form_build_id in $_POST
- // must be invalid, which means that someone performed a POST request onto
- // system/ajax without actually viewing the concerned form in the browser.
- // This is likely a hacking attempt as it never happens under normal
- // circumstances, so we just do nothing.
+ // If $form cannot be loaded from the cache, the form_build_id in
+ // Drupal::request()->request must be invalid, which means that someone
+ // performed a POST request onto system/ajax without actually viewing
+ // the concerned form in the browser. This is likely a hacking attempt as
+ // it never happens under normal circumstances, so we just do nothing.
watchdog('ajax', 'Invalid form POST data.', array(), WATCHDOG_WARNING);
drupal_exit();
}
@@ -340,7 +342,7 @@ function ajax_get_form() {
// The form needs to be processed; prepare for that by setting a few internal
// variables.
- $form_state['input'] = $_POST;
+ $form_state['input'] = Drupal::request()->request->all();
$form_id = $form['#form_id'];
return array($form, $form_state, $form_id, $form_build_id);
@@ -402,9 +404,10 @@ function ajax_form_callback() {
* @see file_menu()
*/
function ajax_base_page_theme() {
- if (!empty($_POST['ajax_page_state']['theme']) && !empty($_POST['ajax_page_state']['theme_token'])) {
- $theme = $_POST['ajax_page_state']['theme'];
- $token = $_POST['ajax_page_state']['theme_token'];
+ $ajax_page_state = Drupal::request()->request->get('ajax_page_state');
+ if (!empty($ajax_page_state['theme']) && !empty($ajax_page_state['theme_token'])) {
+ $theme = $ajax_page_state['theme'];
+ $token = $ajax_page_state['theme_token'];
// Prevent a request forgery from giving a person access to a theme they
// shouldn't be otherwise allowed to see. However, since everyone is allowed
diff --git a/core/includes/batch.inc b/core/includes/batch.inc
index ff0b4cb..283cf3e 100644
--- a/core/includes/batch.inc
+++ b/core/includes/batch.inc
@@ -21,7 +21,7 @@
*
* @param $id
* The ID of the batch to load. When a progressive batch is being processed,
- * the relevant ID is found in $_REQUEST['id'].
+ * the relevant ID is found in Drupal::request()->get('id').
*
* @return
* An array representing the batch, or FALSE if no batch was found.
@@ -45,13 +45,14 @@ function batch_load($id) {
function _batch_page() {
$batch = &batch_get();
- if (!isset($_REQUEST['id'])) {
+ $request = Drupal::request();
+ if (is_null($request->get('id'))) {
return FALSE;
}
// Retrieve the current state of the batch.
if (!$batch) {
- $batch = batch_load($_REQUEST['id']);
+ $batch = batch_load($request->get('id'));
if (!$batch) {
drupal_set_message(t('No active batch.'), 'error');
drupal_goto();
@@ -70,7 +71,7 @@ function _batch_page() {
}
}
- $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
+ $op = !is_null($request->get('op')) ? $request->get('op') : '';
$output = NULL;
switch ($op) {
case 'start':
@@ -454,7 +455,7 @@ function _batch_finished() {
if ($_batch['progressive']) {
// Revert the 'destination' that was saved in batch_process().
if (isset($_batch['destination'])) {
- $_GET['destination'] = $_batch['destination'];
+ Drupal::request()->query->set('destination', $_batch['destination']);
}
// Determine the target path to redirect to.
diff --git a/core/includes/common.inc b/core/includes/common.inc
index 5e8e2d1..5ff9283 100644
--- a/core/includes/common.inc
+++ b/core/includes/common.inc
@@ -430,7 +430,7 @@ function drupal_get_feeds($delimiter = "\n") {
* Processes a URL query parameter array to remove unwanted elements.
*
* @param $query
- * (optional) An array to be processed. Defaults to $_GET.
+ * (optional) An array to be processed. Defaults to Drupal::request()->query->all().
* @param $exclude
* (optional) A list of $query array keys to remove. Use "parent[child]" to
* exclude nested items.
@@ -443,7 +443,7 @@ function drupal_get_feeds($delimiter = "\n") {
function drupal_get_query_parameters(array $query = NULL, array $exclude = array(), $parent = '') {
// Set defaults, if none given.
if (!isset($query)) {
- $query = $_GET;
+ $query = Drupal::request()->query->all();
}
// If $exclude is empty, there is nothing to filter.
if (empty($exclude)) {
@@ -498,7 +498,7 @@ function drupal_get_query_array($query) {
* urlencode()) all query parameters.
*
* @param $query
- * The query parameter array to be processed, e.g. $_GET.
+ * The query parameter array to be processed, e.g. Drupal::request()->query->all().
* @param $parent
* Internal use only. Used to build the $query array key for nested items.
*
@@ -555,8 +555,8 @@ function drupal_get_destination() {
return $destination;
}
- if (isset($_GET['destination'])) {
- $destination = array('destination' => $_GET['destination']);
+ if (!is_null(Drupal::request()->query->get('destination'))) {
+ $destination = array('destination' => Drupal::request()->query->get('destination'));
}
else {
$path = current_path();
@@ -579,7 +579,7 @@ function drupal_get_destination() {
* The returned array contains a 'path' that may be passed separately to url().
* For example:
* @code
- * $options = drupal_parse_url($_GET['destination']);
+ * $options = drupal_parse_url(Drupal::request()->query->get('destination'));
* $my_url = url($options['path'], $options);
* $my_link = l('Example link', $options['path'], $options);
* @endcode
@@ -590,7 +590,7 @@ function drupal_get_destination() {
* $options['query'] and the fragment into $options['fragment'].
*
* @param $url
- * The URL string to parse, f.e. $_GET['destination'].
+ * The URL string to parse, f.e. Drupal::request()->query->get('destination').
*
* @return
* An associative array containing the keys:
@@ -666,10 +666,10 @@ function drupal_encode_path($path) {
* URL is formatted correctly.
*
* If a destination was specified in the current request's URI (i.e.,
- * $_GET['destination']) then it will override the $path and $options values
- * passed to this function. This provides the flexibility to build a link to
- * user/login and override the default redirection so that the user is
- * redirected to a specific path after logging in:
+ * Drupal::request()->query->get('destination')) then it will override the
+ * $path and $options values passed to this function. This provides the
+ * flexibility to build a link to user/login and override the default redirection
+ * so that the user is redirected to a specific path after logging in:
* @code
* $query = array('destination' => "node/$node->nid");
* $link = l(t('Log in'), 'user/login', array('query' => $query));
@@ -704,13 +704,14 @@ function drupal_encode_path($path) {
* @see url()
*/
function drupal_goto($path = '', array $options = array(), $http_response_code = 302) {
- // A destination in $_GET always overrides the function arguments.
- // We do not allow absolute URLs to be passed via $_GET, as this can be an
- // attack vector, with the following exception:
+ // A destination in Drupal::request()->query always overrides the function arguments.
+ // We do not allow absolute URLs to be passed via Drupal::request()->query, as this
+ // can be an attack vector, with the following exception:
// - Absolute URLs that point to this site (i.e. same base URL and
// base path) are allowed.
- if (isset($_GET['destination']) && (!url_is_external($_GET['destination']) || _external_url_is_local($_GET['destination']))) {
- $destination = drupal_parse_url($_GET['destination']);
+ $destination = Drupal::request()->query->get('destination');
+ if (isset($destination) && (!url_is_external($destination) || _external_url_is_local($destination))) {
+ $destination = drupal_parse_url($destination);
$path = $destination['path'];
$options['query'] = $destination['query'];
$options['fragment'] = $destination['fragment'];
@@ -1650,7 +1651,7 @@ function _format_date_callback(array $matches = NULL, $new_langcode = NULL) {
* before a date can be created.
*
* @return string
- * A string as defined in \DrupalComponent\Datetime\DateTimePlus.php: either
+ * A string as defined in DrupalComponent\Datetime\DateTimePlus.php: either
* 'intl' or 'php', depending on whether IntlDateFormatter is available.
*/
function datetime_default_format_type() {
@@ -3165,20 +3166,21 @@ function drupal_html_id($id) {
// function's $seen_ids static variable to that state information in order
// to have it properly initialized for this page request. However, no such
// page state API exists, so instead, ajax.js adds all of the in-use HTML
- // IDs to the POST data of Ajax submissions. Direct use of $_POST is
- // normally not recommended as it could open up security risks, but because
- // the raw POST data is cast to a number before being returned by this
- // function, this usage is safe.
- if (empty($_POST['ajax_html_ids'])) {
+ // IDs to the POST data of Ajax submissions. Direct use of
+ // Drupal::request()->request is normally not recommended as it could
+ // open up security risks, but because the raw POST data is cast to a number
+ // before being returned by this function, this usage is safe.
+ $ajax_html_ids = Drupal::request()->request->get('ajax_html_ids');
+ if (empty($ajax_html_ids)) {
$seen_ids_init = array();
}
else {
// This function ensures uniqueness by appending a counter to the base id
// requested by the calling function after the first occurrence of that
- // requested id. $_POST['ajax_html_ids'] contains the ids as they were
- // returned by this function, potentially with the appended counter, so
- // we parse that to reconstruct the $seen_ids array.
- $ajax_html_ids = explode(' ', $_POST['ajax_html_ids']);
+ // requested id. Drupal::request()->request->get('ajax_html_ids') contains
+ // the ids as they were returned by this function, potentially with the
+ // appended counter, so we parse that to reconstruct the $seen_ids array.
+ $ajax_html_ids = explode(' ', $ajax_html_ids);
foreach ($ajax_html_ids as $seen_id) {
// We rely on '--' being used solely for separating a base id from the
// counter, which this function ensures when returning an id.
@@ -5430,7 +5432,7 @@ function show(&$element) {
* @see drupal_render_cache_set()
*/
function drupal_render_cache_get($elements) {
- if (!in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD')) || !$cid = drupal_render_cid_create($elements)) {
+ if (!in_array(Drupal::request()->server->get('REQUEST_METHOD'), array('GET', 'HEAD')) || !$cid = drupal_render_cid_create($elements)) {
return FALSE;
}
$bin = isset($elements['#cache']['bin']) ? $elements['#cache']['bin'] : 'cache';
@@ -5462,7 +5464,7 @@ function drupal_render_cache_get($elements) {
*/
function drupal_render_cache_set(&$markup, $elements) {
// Create the cache ID for the element.
- if (!in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD')) || !$cid = drupal_render_cid_create($elements)) {
+ if (!in_array(Drupal::request()->server->get('REQUEST_METHOD'), array('GET', 'HEAD')) || !$cid = drupal_render_cid_create($elements)) {
return FALSE;
}
diff --git a/core/includes/errors.inc b/core/includes/errors.inc
index f581599..92d7018 100644
--- a/core/includes/errors.inc
+++ b/core/includes/errors.inc
@@ -220,7 +220,8 @@ function _drupal_log_error($error, $fatal = FALSE) {
}
}
- if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
+ $http_x_requested_with = Drupal::request()->server->get('HTTP_X_REQUESTED_WITH');
+ if (!is_null($http_x_requested_with) && $http_x_requested_with == 'XMLHttpRequest') {
if ($fatal) {
if (error_displayable($error)) {
// When called from JavaScript, simply output the error message.
diff --git a/core/includes/form.inc b/core/includes/form.inc
index 23f66c2..780779e 100644
--- a/core/includes/form.inc
+++ b/core/includes/form.inc
@@ -266,8 +266,9 @@ function drupal_get_form($form_arg) {
* understanding of security implications. In almost all cases, code should
* use the data in the 'values' array exclusively. The most common use of
* this key is for multi-step forms that need to clear some of the user
- * input when setting 'rebuild'. The values correspond to $_POST or $_GET,
- * depending on the 'method' chosen.
+ * input when setting 'rebuild'. The values correspond to
+ * Drupal::request()->request or Drupal::request()->query depending on
+ * the 'method' chosen.
* - always_process: If TRUE and the method is GET, a form_id is not
* necessary. This should only be used on RESTful GET forms that do NOT
* write data, as this could lead to security issues. It is useful so that
@@ -281,8 +282,8 @@ function drupal_get_form($form_arg) {
* invoked via drupal_form_submit(). Defaults to FALSE.
* - process_input: Boolean flag. TRUE signifies correct form submission.
* This is always TRUE for programmed forms coming from drupal_form_submit()
- * (see 'programmed' key), or if the form_id coming from the $_POST data is
- * set and matches the current form_id.
+ * (see 'programmed' key), or if the form_id coming from the
+ * Drupal::request()->request data is set and matches the current form_id.
* - submitted: If TRUE, the form has been submitted. Defaults to FALSE.
* - executed: If TRUE, the form was submitted and has been processed and
* executed. Defaults to FALSE.
@@ -346,7 +347,8 @@ function drupal_build_form($form_id, &$form_state) {
$form_state += form_state_defaults();
if (!isset($form_state['input'])) {
- $form_state['input'] = $form_state['method'] == 'get' ? $_GET : $_POST;
+ $form_state['input'] = $form_state['method'] == 'get'
+ ? Drupal::request()->query->all() : Drupal::request()->request->all();
}
if (isset($_SESSION['batch_form_state'])) {
@@ -680,11 +682,13 @@ function form_load_include(&$form_state, $type, $module, $name = NULL) {
* @param $form_state
* A keyed array containing the current state of the form. Most important is
* the $form_state['values'] collection, a tree of data used to simulate the
- * incoming $_POST information from a user's form submission. If a key is not
- * filled in $form_state['values'], then the default value of the respective
- * element is used. To submit an unchecked checkbox or other control that
- * browsers submit by not having a $_POST entry, include the key, but set the
- * value to NULL.
+ * incoming Drupal::request()->request information from a user's form
+ * submission. If a key is not incoming Drupal::request()->request information
+ * from a user's form submission. If a key is not filled in
+ * $form_state['values'], then the default value of the respective element is
+ * used. To submit an unchecked checkbox or other control that browsers submit
+ * by not having a Drupal::request()->request entry, include the key, but set
+ * the value to NULL.
* @param ...
* Any additional arguments are passed on to the functions called by
* drupal_form_submit(), including the unique form constructor function.
@@ -877,13 +881,13 @@ function drupal_retrieve_form($form_id, &$form_state) {
* A keyed array containing the current state of the form. This
* includes the current persistent storage data for the form, and
* any data passed along by earlier steps when displaying a
- * multi-step form. Additional information, like the sanitized $_POST
- * data, is also accumulated here.
+ * multi-step form. Additional information, like the sanitized
+ * Drupal::request()->request data, is also accumulated here.
*/
function drupal_process_form($form_id, &$form, &$form_state) {
$form_state['values'] = array();
- // With $_GET, these forms are always submitted if requested.
+ // With Drupal::request()->query, these forms are always submitted if requested.
if ($form_state['method'] == 'get' && !empty($form_state['always_process'])) {
if (!isset($form_state['input']['form_build_id'])) {
$form_state['input']['form_build_id'] = $form['#build_id'];
@@ -1281,10 +1285,11 @@ function drupal_validate_form($form_id, &$form, &$form_state) {
* - If none of the above conditions has prevented redirection, then the
* redirect is accomplished by calling drupal_goto(), passing in the value of
* $form_state['redirect'] if it is set, or the current path if it is
- * not. drupal_goto() preferentially uses the value of $_GET['destination']
- * (the 'destination' URL query string) if it is present, so this will
- * override any values set by $form_state['redirect']. Note that during
- * installation, install_goto() is called in place of drupal_goto().
+ * not. drupal_goto() preferentially uses the value of
+ * Drupal::request()->query->get('destination') (the 'destination' URL query
+ * string) if it is present, so this will override any values set by
+ * $form_state['redirect']. Note that during installation, install_goto()
+ * is called in place of drupal_goto().
*
* @param $form_state
* An associative array containing the current state of the form.
@@ -1811,7 +1816,7 @@ function form_error(&$element, $message = '') {
* A keyed array containing the current state of the form. In this
* context, it is used to accumulate information about which button
* was clicked when the form was submitted, as well as the sanitized
- * $_POST data.
+ * Drupal::request()->request data.
*/
function form_builder($form_id, &$element, &$form_state) {
// Initialize as unprocessed.
@@ -2124,7 +2129,8 @@ function _form_builder_handle_input_element($form_id, &$element, &$form_state) {
if (!empty($element['#is_button'])) {
// All buttons in the form need to be tracked for
// form_state_values_clean() and for the form_builder() code that handles
- // a form submission containing no button information in $_POST.
+ // a form submission containing no button information in
+ // Drupal::request()->request.
$form_state['buttons'][] = $element;
if (_form_button_was_clicked($element, $form_state)) {
$form_state['triggering_element'] = $element;
@@ -2184,15 +2190,15 @@ function _form_button_was_clicked($element, &$form_state) {
// standard buttons on a form share the same name (usually 'op'),
// and the specific return value is used to determine which was
// clicked. This ONLY works as long as $form['#name'] puts the
- // value at the top level of the tree of $_POST data.
+ // value at the top level of the tree of Drupal::request()->request data.
if (isset($form_state['input'][$element['#name']]) && $form_state['input'][$element['#name']] == $element['#value']) {
return TRUE;
}
// When image buttons are clicked, browsers do NOT pass the form element
- // value in $_POST. Instead they pass an integer representing the
- // coordinates of the click on the button image. This means that image
- // buttons MUST have unique $form['#name'] values, but the details of
- // their $_POST data should be ignored.
+ // value in Drupal::request()->request. Instead they pass an integer
+ // representing the coordinates of the click on the button image. This
+ // means that image buttons MUST have unique $form['#name'] values, but
+ // the details of their Drupal::request()->request data should be ignored.
elseif (!empty($element['#has_garbage_value']) && isset($element['#value']) && $element['#value'] !== '') {
return TRUE;
}
@@ -2371,7 +2377,8 @@ function form_type_checkboxes_value($element, $input = FALSE) {
// NULL elements from the array before constructing the return value, to
// simulate the behavior of web browsers (which do not send unchecked
// checkboxes to the server at all). This will not affect non-programmatic
- // form submissions, since all values in $_POST are strings.
+ // form submissions, since all values in Drupal::request()->request are
+ // strings.
foreach ($input as $key => $value) {
if (!isset($value)) {
unset($input[$key]);
@@ -5136,9 +5143,9 @@ function batch_process($redirect = NULL, $url = 'batch', $redirect_callback = 'd
// Clear the way for the drupal_goto() redirection to the batch processing
// page, by saving and unsetting the 'destination', if there is any.
- if (isset($_GET['destination'])) {
- $batch['destination'] = $_GET['destination'];
- unset($_GET['destination']);
+ if (!is_null(Drupal::request()->query->get('destination'))) {
+ $batch['destination'] = Drupal::request()->query->get('destination');
+ Drupal::request()->query->remove('destination');
}
// Store the batch.
diff --git a/core/includes/install.core.inc b/core/includes/install.core.inc
index 32c0b49..edd35d6 100644
--- a/core/includes/install.core.inc
+++ b/core/includes/install.core.inc
@@ -196,8 +196,8 @@ function install_state_defaults() {
// An array of available installation profiles.
'profiles' => array(),
// An array of server variables that will be substituted into the global
- // $_SERVER array via drupal_override_server_variables(). Used by
- // non-interactive installations only.
+ // Drupal::request()->server array via drupal_override_server_variables().
+ // Used by non-interactive installations only.
'server' => array(),
// The server URL where the interface translation files can be downloaded.
// Tokens in the pattern will be replaced by appropriate values for the
@@ -249,7 +249,7 @@ function install_state_defaults() {
function install_begin_request(&$install_state) {
// Add any installation parameters passed in via the URL.
if ($install_state['interactive']) {
- $install_state['parameters'] += $_GET;
+ $install_state['parameters'] += Drupal::request()->query->all();
}
// Validate certain core settings that are used throughout the installation.
@@ -263,14 +263,15 @@ function install_begin_request(&$install_state) {
// Allow command line scripts to override server variables used by Drupal.
require_once __DIR__ . '/bootstrap.inc';
+ $server = Drupal::request()->server;
if (!$install_state['interactive']) {
drupal_override_server_variables($install_state['server']);
}
// The user agent header is used to pass a database prefix in the request when
// running tests. However, for security reasons, it is imperative that no
// installation be permitted using such a prefix.
- elseif (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], "simpletest") !== FALSE) {
- header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
+ elseif (!is_null($server->get('HTTP_USER_AGENT')) && strpos($server->get('HTTP_USER_AGENT'), "simpletest") !== FALSE) {
+ header($server->get('SERVER_PROTOCOL') . ' 403 Forbidden');
exit;
}
@@ -1217,7 +1218,7 @@ function install_select_profile(&$install_state) {
*
* A profile will be selected if:
* - Only one profile is available,
- * - A profile was submitted through $_POST,
+ * - A profile was submitted through Drupal::request()->request,
* - Exactly one of the profiles is marked as "exclusive".
* If multiple profiles are marked as "exclusive" then no profile will be
* selected.
@@ -1230,13 +1231,14 @@ function install_select_profile(&$install_state) {
* selected.
*/
function _install_select_profile($profiles) {
+ $request = Drupal::request()->request;
// Don't need to choose profile if only one available.
if (count($profiles) == 1) {
$profile = array_pop($profiles);
return $profile->name;
}
- elseif (!empty($_POST['profile']) && isset($profiles[$_POST['profile']])) {
- return $profiles[$_POST['profile']]->name;
+ elseif (!is_null($request->get('profile')) && isset($profiles[$request->get('profile')])) {
+ return $profiles[$request->get('profile')]->name;
}
// Check for a profile marked as "exclusive" and ensure that only one
// profile is marked as such.
@@ -1413,9 +1415,9 @@ function install_select_language(&$install_state) {
// langauges available at http://localize.drupal.org.
// When files from the translation directory are used, we only accept
// languages for which a file is available.
- if (!empty($_POST['langcode'])) {
+ if (!is_null(Drupal::request()->request->get('langcode'))) {
$standard_languages = standard_language_list();
- $langcode = $_POST['langcode'];
+ $langcode = Drupal::request()->request->get('langcode');
if ($langcode == 'en' || isset($files[$langcode]) || isset($standard_languages[$langcode])) {
$install_state['parameters']['langcode'] = $langcode;
return;
@@ -1815,14 +1817,15 @@ function install_configure_form($form, &$form_state, &$install_state) {
// Warn about settings.php permissions risk
$settings_dir = conf_path();
$settings_file = $settings_dir . '/settings.php';
- // Check that $_POST is empty so we only show this message when the form is
- // first displayed, not on the next page after it is submitted. (We do not
- // want to repeat it multiple times because it is a general warning that is
- // not related to the rest of the installation process; it would also be
- // especially out of place on the last page of the installer, where it would
- // distract from the message that the Drupal installation has completed
- // successfully.)
- if (empty($_POST) && (!drupal_verify_install_file(DRUPAL_ROOT . '/' . $settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE) || !drupal_verify_install_file(DRUPAL_ROOT . '/' . $settings_dir, FILE_NOT_WRITABLE, 'dir'))) {
+ // Check that Drupal::request()-> request is empty so we only show this
+ // message when the form is first displayed, not on the next page after it is
+ // submitted. (We do not want to repeat it multiple times because it is a
+ // general warning that is not related to the rest of the installation
+ // process; it would also be especially out of place on the last page of the
+ // installer, where it would distract from the message that the Drupal
+ // installation has completed successfully.)
+ $request = Drupal::request()->request->all();
+ if (empty($request) && (!drupal_verify_install_file(DRUPAL_ROOT . '/' . $settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE) || !drupal_verify_install_file(DRUPAL_ROOT . '/' . $settings_dir, FILE_NOT_WRITABLE, 'dir'))) {
drupal_set_message(st('All necessary changes to %dir and %file have been made, so you should remove write permissions to them now in order to avoid security risks. If you are unsure how to do so, consult the online handbook.', array('%dir' => $settings_dir, '%file' => $settings_file, '@handbook_url' => 'http://drupal.org/server-permissions')), 'warning');
}
@@ -2072,7 +2075,7 @@ function install_check_translations($install_state) {
'title' => st('Translation'),
'value' => st('The %language translation is not available.', array('%language' => $language)),
'severity' => REQUIREMENT_ERROR,
- 'description' => st('The %language translation file is not available at the translation server. Choose a different language or select English and translate your website later.', array('%language' => $language, '!url' => check_url($_SERVER['SCRIPT_NAME']))),
+ 'description' => st('The %language translation file is not available at the translation server. Choose a different language or select English and translate your website later.', array('%language' => $language, '!url' => check_url(Drupal::request()->server->get('SCRIPT_NAME')))),
);
}
else {
@@ -2091,7 +2094,7 @@ function install_check_translations($install_state) {
'title' => st('Translation'),
'value' => st('The %language translation could not be downloaded.', array('%language' => $language)),
'severity' => REQUIREMENT_ERROR,
- 'description' => st('The %language translation file could not be downloaded. Choose a different language or select English and translate your website later.', array('%language' => $language, '!url' => check_url($_SERVER['SCRIPT_NAME']))),
+ 'description' => st('The %language translation file could not be downloaded. Choose a different language or select English and translate your website later.', array('%language' => $language, '!url' => check_url(Drupal::request()->server->get('SCRIPT_NAME')))),
);
}
}
@@ -2460,5 +2463,5 @@ function install_configure_form_submit($form, &$form_state) {
user_login_finalize();
// Record when this install ran.
- variable_set('install_time', $_SERVER['REQUEST_TIME']);
+ variable_set('install_time', Drupal::request()->server->get('REQUEST_TIME'));
}
diff --git a/core/includes/install.inc b/core/includes/install.inc
index 84dd851..ab97e2d 100644
--- a/core/includes/install.inc
+++ b/core/includes/install.inc
@@ -893,7 +893,7 @@ function install_goto($path) {
* @see drupal_requirements_url()
*/
function drupal_current_script_url($query = array()) {
- $uri = $_SERVER['SCRIPT_NAME'];
+ $uri = Drupal::request()->server->get('SCRIPT_NAME');
$query = array_merge(drupal_get_query_parameters(), $query);
if (!empty($query)) {
$uri .= '?' . drupal_http_build_query($query);
diff --git a/core/includes/language.inc b/core/includes/language.inc
index 74d5752..36caa88 100644
--- a/core/includes/language.inc
+++ b/core/includes/language.inc
@@ -89,7 +89,8 @@
* $langcode = language_from_url($languages);
*
* // If we are on an administrative path, override with the default language.
- * if (isset($_GET['q']) && strtok($_GET['q'], '/') == 'admin') {
+ * if (!is_null(\Drupal::request()->query->get('q'))
+ * && strtok(\Drupal::request()->query->get('q'), '/') == 'admin') {
* return language_default()->langcode;
* }
* return $langcode;
diff --git a/core/includes/mail.inc b/core/includes/mail.inc
index c9ff601..a30c3a9 100644
--- a/core/includes/mail.inc
+++ b/core/includes/mail.inc
@@ -10,7 +10,7 @@
*
* $settings['mail_line_endings'] will override this setting.
*/
-define('MAIL_LINE_ENDINGS', isset($_SERVER['WINDIR']) || strpos($_SERVER['SERVER_SOFTWARE'], 'Win32') !== FALSE ? "\r\n" : "\n");
+define('MAIL_LINE_ENDINGS', !is_null(Drupal::request()->server->get('WINDIR')) || strpos(Drupal::request()->server->get('SERVER_SOFTWARE'), 'Win32') !== FALSE ? "\r\n" : "\n");
/**
* Composes and optionally sends an e-mail message.
diff --git a/core/includes/pager.inc b/core/includes/pager.inc
index 4c497ba..b2f2623 100644
--- a/core/includes/pager.inc
+++ b/core/includes/pager.inc
@@ -16,17 +16,19 @@
* @return
* The number of the current requested page, within the pager represented by
* $element. This is determined from the URL query parameter $_GET['page'], or
- * 0 by default. Note that this number may differ from the actual page being
- * displayed. For example, if a search for "example text" brings up three
- * pages of results, but a users visits search/node/example+text?page=10, this
- * function will return 10, even though the default pager implementation
- * adjusts for this and still displays the third page of search results at
- * that URL.
+ * $element. This is determined from the URL query parameter
+ * Drupal::request()->query->get('page'), or 0 by default. Note that this
+ * number may differ from the actual page being displayed. For example, if a
+ * search for "example text" brings up three pages of results, but a users
+ * visits search/node/example+text?page=10, this function will return 10,
+ * even though the default pager implementation adjusts for this and still
+ * displays the third page of search results at that URL.
*
* @see pager_default_initialize()
*/
function pager_find_page($element = 0) {
- $page = isset($_GET['page']) ? $_GET['page'] : '';
+ $page = !is_null(Drupal::request()->query->get('page'))
+ ? Drupal::request()->query->get('page') : '';
$page_array = explode(',', $page);
if (!isset($page_array[$element])) {
$page_array[$element] = 0;
@@ -108,10 +110,11 @@ function pager_find_page($element = 0) {
*
* @return
* The number of the current page, within the pager represented by $element.
- * This is determined from the URL query parameter $_GET['page'], or 0 by
- * default. However, if a page that does not correspond to the actual range
- * of the result set was requested, this function will return the closest
- * page actually within the result set.
+ * This is determined from the URL query parameter
+ * Drupal::request()->query->get('page'), or 0 by default. However, if a page
+ * that does not correspond to the actual range of the result set was
+ * requested, this function will return the closest page actually within the
+ * result set.
*/
function pager_default_initialize($total, $limit, $element = 0) {
global $pager_page_array, $pager_total, $pager_total_items, $pager_limits;
@@ -136,7 +139,7 @@ function pager_default_initialize($total, $limit, $element = 0) {
function pager_get_query_parameters() {
$query = &drupal_static(__FUNCTION__);
if (!isset($query)) {
- $query = drupal_get_query_parameters($_GET, array('page'));
+ $query = drupal_get_query_parameters(Drupal::request()->query->all(), array('page'));
}
return $query;
}
@@ -345,7 +348,8 @@ function theme_pager_link($variables) {
$parameters = $variables['parameters'];
$attributes = $variables['attributes'];
- $page = isset($_GET['page']) ? $_GET['page'] : '';
+ $page = !is_null(Drupal::request()->query->get('page'))
+ ? Drupal::request()->query->get('page') : '';
if ($new_page = implode(',', pager_load_array($page_new[$element], $element, explode(',', $page)))) {
$parameters['page'] = $new_page;
}
diff --git a/core/includes/session.inc b/core/includes/session.inc
index 17c73d7..9145743 100644
--- a/core/includes/session.inc
+++ b/core/includes/session.inc
@@ -81,7 +81,7 @@ function _drupal_session_read($sid) {
// Handle the case of first time visitors and clients that don't store
// cookies (eg. web crawlers).
$insecure_session_name = substr(session_name(), 1);
- if (!isset($_COOKIE[session_name()]) && !isset($_COOKIE[$insecure_session_name])) {
+ if (is_null(Drupal::request()->cookies->get(session_name())) && is_null(Drupal::request()->cookies->get($insecure_session_name))) {
$user = drupal_anonymous_user();
return '';
}
@@ -93,9 +93,9 @@ function _drupal_session_read($sid) {
if (Drupal::request()->isSecure()) {
$user = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.ssid = :ssid", array(':ssid' => $sid))->fetchObject();
if (!$user) {
- if (isset($_COOKIE[$insecure_session_name])) {
+ if (!is_null(Drupal::request()->cookies->get($insecure_session_name))) {
$user = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = :sid AND s.uid = 0", array(
- ':sid' => $_COOKIE[$insecure_session_name]))
+ ':sid' => Drupal::request()->cookies->get($insecure_session_name)))
->fetchObject();
}
}
@@ -192,8 +192,8 @@ function _drupal_session_write($sid, $value) {
// presented then use both keys.
if (settings()->get('mixed_mode_sessions', FALSE)) {
$insecure_session_name = substr(session_name(), 1);
- if (isset($_COOKIE[$insecure_session_name])) {
- $key['sid'] = $_COOKIE[$insecure_session_name];
+ if (!is_null(Drupal::request()->cookies->get($insecure_session_name))) {
+ $key['sid'] = Drupal::request()->cookies->get($insecure_session_name);
}
}
}
@@ -242,7 +242,7 @@ function drupal_session_initialize() {
$is_https = Drupal::request()->isSecure();
// We use !empty() in the following check to ensure that blank session IDs
// are not valid.
- if (!empty($_COOKIE[session_name()]) || ($is_https && settings()->get('mixed_mode_sessions', FALSE) && !empty($_COOKIE[substr(session_name(), 1)]))) {
+ if (!is_null(Drupal::request()->cookies->get(session_name())) || ($is_https && settings()->get('mixed_mode_sessions', FALSE) && !is_null(Drupal::request()->cookies->get(substr(session_name(), 1))))) {
// If a session cookie exists, initialize the session. Otherwise the
// session is only started on demand in drupal_session_commit(), making
// anonymous users not use a session cookie unless something is stored in
@@ -266,7 +266,7 @@ function drupal_session_initialize() {
if ($is_https && settings()->get('mixed_mode_sessions', FALSE)) {
$insecure_session_name = substr(session_name(), 1);
$session_id = Crypt::hashBase64(uniqid(mt_rand(), TRUE));
- $_COOKIE[$insecure_session_name] = $session_id;
+ Drupal::request()->cookies->set($insecure_session_name, $session_id);
}
}
date_default_timezone_set(drupal_get_user_timezone());
@@ -322,7 +322,7 @@ function drupal_session_commit() {
$insecure_session_name = substr(session_name(), 1);
$params = session_get_cookie_params();
$expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
- setcookie($insecure_session_name, $_COOKIE[$insecure_session_name], $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
+ setcookie($insecure_session_name, Drupal::request()->cookies->get($insecure_session_name), $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
}
}
// Write the session data.
@@ -358,8 +358,8 @@ function drupal_session_regenerate() {
if ($is_https && settings()->get('mixed_mode_sessions', FALSE)) {
$insecure_session_name = substr(session_name(), 1);
- if (!isset($GLOBALS['lazy_session']) && isset($_COOKIE[$insecure_session_name])) {
- $old_insecure_session_id = $_COOKIE[$insecure_session_name];
+ if (!isset($GLOBALS['lazy_session']) && !is_null(Drupal::request()->cookies->get($insecure_session_name))) {
+ $old_insecure_session_id = Drupal::request()->cookies->get($insecure_session_name);
}
$params = session_get_cookie_params();
$session_id = Crypt::hashBase64(uniqid(mt_rand(), TRUE) . Crypt::randomBytes(55));
@@ -368,7 +368,7 @@ function drupal_session_regenerate() {
// it will expire when the browser is closed.
$expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
setcookie($insecure_session_name, $session_id, $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
- $_COOKIE[$insecure_session_name] = $session_id;
+ Drupal::request()->cookies->set($insecure_session_name, $session_id);
}
if (drupal_session_started()) {
@@ -460,13 +460,13 @@ function _drupal_session_destroy($sid) {
* Force the secure value of the cookie.
*/
function _drupal_session_delete_cookie($name, $secure = NULL) {
- if (isset($_COOKIE[$name]) || (!Drupal::request()->isSecure() && $secure === TRUE)) {
+ if (!is_null(Drupal::request()->cookies->get($name)) || (!Drupal::request()->isSecure() && $secure === TRUE)) {
$params = session_get_cookie_params();
if ($secure !== NULL) {
$params['secure'] = $secure;
}
setcookie($name, '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
- unset($_COOKIE[$name]);
+ Drupal::request()->cookies->remove($name);
}
}
diff --git a/core/includes/tablesort.inc b/core/includes/tablesort.inc
index c42b1f4..5e47cdd 100644
--- a/core/includes/tablesort.inc
+++ b/core/includes/tablesort.inc
@@ -100,7 +100,7 @@ function tablesort_cell($cell, $header, $ts, $i) {
* page request except for those pertaining to table sorting.
*/
function tablesort_get_query_parameters() {
- return drupal_get_query_parameters($_GET, array('sort', 'order'));
+ return drupal_get_query_parameters(Drupal::request()->query->all(), array('sort', 'order'));
}
/**
@@ -115,7 +115,8 @@ function tablesort_get_query_parameters() {
* - "sql": The name of the database field to sort on.
*/
function tablesort_get_order($headers) {
- $order = isset($_GET['order']) ? $_GET['order'] : '';
+ $order = !is_null(Drupal::request()->query->get('order'))
+ ? Drupal::request()->query->get('order') : '';
foreach ($headers as $header) {
if (is_array($header)) {
if (isset($header['data']) && $order == $header['data']) {
@@ -150,8 +151,9 @@ function tablesort_get_order($headers) {
* The current sort direction ("asc" or "desc").
*/
function tablesort_get_sort($headers) {
- if (isset($_GET['sort'])) {
- return (strtolower($_GET['sort']) == 'desc') ? 'desc' : 'asc';
+ if (!is_null(Drupal::request()->query->get('sort'))) {
+ return (strtolower(Drupal::request()->query->get('sort')) == 'desc')
+ ? 'desc' : 'asc';
}
// The user has not specified a sort. Use the default for the currently sorted
// header if specified; otherwise use "asc".
diff --git a/core/tests/bootstrap.php b/core/tests/bootstrap.php
index 08d8871..d8bca60 100644
--- a/core/tests/bootstrap.php
+++ b/core/tests/bootstrap.php
@@ -19,7 +19,7 @@
require __DIR__ . "/../../core/lib/Drupal.php";
// Look into removing this later.
-define('REQUEST_TIME', (int) $_SERVER['REQUEST_TIME']);
+define('REQUEST_TIME', (int) Drupal::request()->server->get('REQUEST_TIME'));
// Set sane locale settings, to ensure consistent string, dates, times and
// numbers handling.