Remarked all usage of helper_ensure_post() and removed its implementa…

…tion. The remarked ones will be used as markers until replaced by security tokens. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5366 f5dc347c-c33d-0410-90a0-b07cc1902cb9
silecs · Jun 14, 2008 · dad345f · dad345f
1 parent 7b59a2e
commit dad345f
Show file tree

Hide file tree

Showing 42 changed files with 47 additions and 57 deletions.
diff --git a/account_delete.php b/account_delete.php
@@ -43,7 +43,7 @@
 	# (none)
 
 	#============ Permissions ============
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	auth_ensure_user_authenticated();
 

diff --git a/account_prefs_reset.php b/account_prefs_reset.php
@@ -47,7 +47,7 @@
 	$f_redirect_url	= gpc_get_string( 'redirect_url', 'account_prefs_page.php' );
 
 	#============ Permissions ============
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	auth_ensure_user_authenticated();
 

diff --git a/account_prefs_update.php b/account_prefs_update.php
@@ -29,7 +29,7 @@
 
 	require_once( $t_core_path.'user_pref_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	auth_ensure_user_authenticated();
 

diff --git a/account_prof_add.php b/account_prof_add.php
@@ -1,4 +1,4 @@
-<?php
+3<?php
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
@@ -29,7 +29,7 @@
 
 	require_once( $t_core_path.'profile_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	auth_ensure_user_authenticated();
 

diff --git a/account_prof_update.php b/account_prof_update.php
@@ -30,7 +30,7 @@
 
 	require_once( $t_core_path.'profile_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	auth_ensure_user_authenticated();
 

diff --git a/account_sponsor_update.php b/account_sponsor_update.php
@@ -31,7 +31,7 @@
 
 	require_once( $t_core_path.'email_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	auth_ensure_user_authenticated();
 

diff --git a/adm_config_delete.php b/adm_config_delete.php
@@ -23,7 +23,7 @@
 
 	require_once( 'core.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	$f_user_id = gpc_get_int( 'user_id' );
 	$f_project_id = gpc_get_int( 'project_id' );

diff --git a/adm_config_set.php b/adm_config_set.php
@@ -26,7 +26,8 @@
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
-	helper_ensure_post();
+
+	# helper_ensure_post();
 
 	$f_user_id = gpc_get_int( 'user_id' );
 	$f_project_id = gpc_get_int( 'project_id' );

diff --git a/bug_assign.php b/bug_assign.php
@@ -28,7 +28,8 @@
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'bug_api.php' );
-	helper_ensure_post();
+
+	# helper_ensure_post();
 
 	$f_bug_id = gpc_get_int( 'bug_id' );
 	$t_bug = bug_get( $f_bug_id );

diff --git a/bug_assign_reporter.php b/bug_assign_reporter.php
@@ -29,7 +29,7 @@
 
 	require_once( $t_core_path.'bug_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	$f_bug_id = gpc_get_int( 'bug_id' );
 

diff --git a/bug_file_add.php b/bug_file_add.php
@@ -29,7 +29,7 @@
 
 	require_once( $t_core_path.'file_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	$f_bug_id	= gpc_get_int( 'bug_id', -1 );
 	$f_file		= gpc_get_file( 'file', -1 );

diff --git a/bug_file_delete.php b/bug_file_delete.php
@@ -29,7 +29,7 @@
 
 	require_once( $t_core_path.'file_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	$f_file_id = gpc_get_int( 'file_id' );
 

diff --git a/bug_monitor.php b/bug_monitor.php
@@ -29,7 +29,7 @@
 
 	require_once( $t_core_path.'bug_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	$f_bug_id	= gpc_get_int( 'bug_id' );
 	$t_bug = bug_get( $f_bug_id, true );

diff --git a/bug_relationship_add.php b/bug_relationship_add.php
@@ -29,7 +29,7 @@
 	$t_core_path = config_get( 'core_path' );
 	require_once( $t_core_path . 'relationship_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	$f_rel_type = gpc_get_int( 'rel_type' );
 	$f_src_bug_id = gpc_get_int( 'src_bug_id' );

diff --git a/bug_relationship_delete.php b/bug_relationship_delete.php
@@ -36,7 +36,7 @@
 	$t_core_path = config_get( 'core_path' );
 	require_once( $t_core_path . 'relationship_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	$f_rel_id = gpc_get_int( 'rel_id' );
 	$f_bug_id = gpc_get_int( 'bug_id' );

diff --git a/bug_reminder.php b/bug_reminder.php
@@ -31,7 +31,7 @@
 	require_once( $t_core_path.'email_api.php' );
 	require_once( $t_core_path.'bugnote_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	$f_bug_id		= gpc_get_int( 'bug_id' );
 	$f_to			= gpc_get_int_array( 'to' );

diff --git a/bug_report.php b/bug_report.php
@@ -1,4 +1,4 @@
-<?php
+3<?php
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - [email protected]
@@ -32,7 +32,7 @@
 	require_once( $t_core_path.'bug_api.php' );
 	require_once( $t_core_path.'custom_field_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	access_ensure_project_level( config_get('report_bug_threshold' ) );
 

diff --git a/bug_set_sponsorship.php b/bug_set_sponsorship.php
@@ -27,7 +27,7 @@
 
 	require_once( $t_core_path . 'sponsorship_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	if ( config_get( 'enable_sponsorship' ) == OFF ) {
 		trigger_error( ERROR_SPONSORSHIP_NOT_ENABLED, ERROR );

diff --git a/bugnote_add.php b/bugnote_add.php
@@ -30,7 +30,7 @@
 	require_once( $t_core_path.'bug_api.php' );
 	require_once( $t_core_path.'bugnote_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	$f_bug_id		= gpc_get_int( 'bug_id' );
 	$f_private		= gpc_get_bool( 'private' );

diff --git a/bugnote_delete.php b/bugnote_delete.php
@@ -32,7 +32,7 @@
 	require_once( $t_core_path.'bugnote_api.php' );
 	require_once( $t_core_path.'current_user_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	$f_bugnote_id = gpc_get_int( 'bugnote_id' );
 

diff --git a/bugnote_set_view_state.php b/bugnote_set_view_state.php
@@ -30,8 +30,8 @@
 	require_once( $t_core_path.'bug_api.php' );
 	require_once( $t_core_path.'bugnote_api.php' );
 
-    helper_ensure_post();
-    
+	# helper_ensure_post();
+
 	$f_bugnote_id	= gpc_get_int( 'bugnote_id' );
 	$f_private		= gpc_get_bool( 'private' );
 

diff --git a/bugnote_update.php b/bugnote_update.php
@@ -31,7 +31,7 @@
 	require_once( $t_core_path.'bugnote_api.php' );
 	require_once( $t_core_path.'current_user_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	$f_bugnote_id	 = gpc_get_int( 'bugnote_id' );
 	$f_bugnote_text	 = gpc_get_string( 'bugnote_text', '' );

diff --git a/core/helper_api.php b/core/helper_api.php
@@ -504,17 +504,5 @@ function helper_duration_to_minutes( $p_hhmm ) {
 		}
 
 		return (int)$t_min;
-	}	
-
-	#
-	#-------------------------------------------------
-	# check access method is POST, return if true, else call error handler
-	function helper_ensure_post()
-	{
-		if ( isset( $_SERVER['REQUEST_METHOD'] ) && ( strtoupper( $_SERVER['REQUEST_METHOD'] ) != 'POST' ) ) {
-			trigger_error( ERROR_INVALID_REQUEST_METHOD, ERROR );
-		}
-
 	}
-
-?>
+?>
diff --git a/lost_pwd.php b/lost_pwd.php
@@ -27,7 +27,7 @@
 
 	require_once( 'core.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	# lost password feature disabled or reset password via email disabled -> stop here!
 	if( OFF == config_get( 'lost_password_feature' ) ||

diff --git a/manage_columns_copy.php b/manage_columns_copy.php
@@ -29,7 +29,7 @@
 	require_once( $t_core_path . 'gpc_api.php' );
 	require_once( $t_core_path . 'helper_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	auth_reauthenticate();
 

diff --git a/manage_config_columns_reset.php b/manage_config_columns_reset.php
@@ -27,7 +27,7 @@
 
 	require_once( $t_core_path . 'config_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	auth_ensure_user_authenticated();
 	auth_reauthenticate();

diff --git a/manage_config_columns_set.php b/manage_config_columns_set.php
@@ -28,7 +28,7 @@
 	require_once( $t_core_path . 'columns_api.php' );
 	require_once( $t_core_path . 'gpc_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	# @@@ access_ensure_project_level( config_get( 'manage_project_threshold' ) );
 

diff --git a/manage_config_work_threshold_set.php b/manage_config_work_threshold_set.php
@@ -26,7 +26,7 @@
 	$t_core_path = config_get( 'core_path' );
 	require_once( $t_core_path.'email_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	auth_reauthenticate();
 

diff --git a/manage_config_workflow_set.php b/manage_config_workflow_set.php
@@ -26,7 +26,7 @@
 	$t_core_path = config_get( 'core_path' );
 	require_once( $t_core_path.'email_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	auth_reauthenticate();
 

diff --git a/manage_plugin_install.php b/manage_plugin_install.php
@@ -23,7 +23,7 @@
 define( 'PLUGINS_DISABLED', true );
 require_once( 'core.php' );
 
-helper_ensure_post();
+# helper_ensure_post();
 
 auth_reauthenticate();
 access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );

diff --git a/manage_plugin_uninstall.php b/manage_plugin_uninstall.php
@@ -23,7 +23,7 @@
 define( 'PLUGINS_DISABLED', true );
 require_once( 'core.php' );
 
-helper_ensure_post();
+# helper_ensure_post();
 
 auth_reauthenticate();
 access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );

diff --git a/manage_plugin_update.php b/manage_plugin_update.php
@@ -23,7 +23,7 @@
 define( 'PLUGINS_DISABLED', true );
 require_once( 'core.php' );
 
-helper_ensure_post();
+# helper_ensure_post();
 
 auth_reauthenticate();
 access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );

diff --git a/manage_plugin_upgrade.php b/manage_plugin_upgrade.php
@@ -23,7 +23,7 @@
 define( 'PLUGINS_DISABLED', true );
 require_once( 'core.php' );
 
-helper_ensure_post();
+# helper_ensure_post();
 
 auth_reauthenticate();
 access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );

diff --git a/manage_user_proj_delete.php b/manage_user_proj_delete.php
@@ -23,7 +23,7 @@
 
 	require_once( 'core.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	auth_reauthenticate();
 

diff --git a/manage_user_prune.php b/manage_user_prune.php
@@ -23,7 +23,7 @@
 
 	require_once( 'core.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	auth_reauthenticate();
 

diff --git a/print_all_bug_options_reset.php b/print_all_bug_options_reset.php
@@ -30,7 +30,7 @@
 	require_once( $t_core_path.'current_user_api.php' );
 	require( 'print_all_bug_options_inc.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	auth_ensure_user_authenticated();
 

diff --git a/print_all_bug_options_update.php b/print_all_bug_options_update.php
@@ -26,7 +26,7 @@
 	require_once( 'core.php' );
 	require( 'print_all_bug_options_inc.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	auth_ensure_user_authenticated();
 

diff --git a/proj_doc_add.php b/proj_doc_add.php
@@ -27,7 +27,7 @@
 
 	require_once( $t_core_path.'file_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	# Check if project documentation feature is enabled.
 	if ( OFF == config_get( 'enable_project_documentation' ) ) {

diff --git a/proj_doc_delete.php b/proj_doc_delete.php
@@ -23,7 +23,7 @@
 
 	require_once( 'core.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	# Check if project documentation feature is enabled.
 	if ( OFF == config_get( 'enable_project_documentation' ) ) {

diff --git a/proj_doc_update.php b/proj_doc_update.php
@@ -27,7 +27,7 @@
 
 	require_once( $t_core_path.'file_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	# Check if project documentation feature is enabled.
 	if ( OFF == config_get( 'enable_project_documentation' ) ||

diff --git a/query_delete.php b/query_delete.php
@@ -28,7 +28,7 @@
 	require_once( $t_core_path.'string_api.php' );
 	require_once( $t_core_path.'date_api.php' );
 
-	helper_ensure_post();
+	# helper_ensure_post();
 
 	auth_ensure_user_authenticated();
 	compress_enable();