From a38172dc202deaa622ed8ccc255ce7cdf0bcb39a Mon Sep 17 00:00:00 2001
From: webchick <webchick@24967.no-reply.drupal.org>
Date: Tue, 3 Dec 2013 10:57:07 -0800
Subject: [PATCH] Issue #1998638 by damiankloip, dawehner, kim.pepper,
cosmicdreams, larowlan, Damien Tournoud: Replace all remaining superglobals
(, , etc.) with Symfony Request object.
---
core/includes/ajax.inc | 2 +-
core/includes/bootstrap.inc | 19 ++++++----
core/includes/common.inc | 12 +++---
core/includes/form.inc | 3 +-
core/includes/install.core.inc | 36 ++++++++++--------
core/includes/language.inc | 3 +-
core/includes/pager.inc | 23 ++++++------
core/includes/session.inc | 34 +++++++++--------
core/lib/Drupal/Component/Utility/Url.php | 8 ++--
core/lib/Drupal/Core/Ajax/AjaxResponse.php | 9 +++--
.../RedirectResponseSubscriber.php | 7 ++--
core/lib/Drupal/Core/Form/FormBuilder.php | 18 +++++----
.../Drupal/Core/Form/FormBuilderInterface.php | 31 +++++++++-------
.../Drupal/aggregator/Form/OpmlFeedAdd.php | 3 +-
.../Drupal/config/Form/ConfigImportForm.php | 7 ++--
.../Drupal/editor/Form/EditorImageDialog.php | 4 +-
.../Drupal/editor/Form/EditorLinkDialog.php | 4 +-
core/modules/file/file.module | 37 ++++++++++---------
.../Drupal/node/Plugin/Search/NodeSearch.php | 4 +-
.../search/Controller/SearchController.php | 14 +++----
.../lib/Drupal/simpletest/WebTestBase.php | 11 ++++--
.../OverrideServerVariablesUnitTest.php | 18 ++++++---
.../Tests/Common/HtmlIdentifierUnitTest.php | 13 +++++++
.../Common/TableSortExtenderUnitTest.php | 25 +------------
.../Tests/Entity/EntityViewBuilderTest.php | 4 +-
.../Tests/Form/TriggeringElementTest.php | 2 +-
core/modules/system/system.install | 2 +-
core/modules/system/system.module | 5 ++-
.../tests/modules/ajax_test/ajax_test.module | 5 ++-
.../tests/modules/form_test/form_test.module | 8 ++--
.../tests/modules/menu_test/menu_test.module | 2 +-
.../modules/system_test/system_test.module | 5 ++-
.../Drupal/taxonomy/Form/OverviewTerms.php | 2 +-
core/modules/update/update.manager.inc | 3 +-
.../views/Controller/ViewAjaxController.php | 4 +-
.../Drupal/views/Plugin/views/HandlerBase.php | 2 +-
.../Plugin/views/field/FieldPluginBase.php | 2 +-
.../Plugin/views/filter/FilterPluginBase.php | 2 +-
.../views/lib/Drupal/views/ViewExecutable.php | 6 +--
core/modules/views/views.module | 2 +-
core/modules/views_ui/admin.inc | 4 +-
.../views_ui/ViewEditFormController.php | 3 --
core/profiles/minimal/minimal.profile | 2 +-
core/profiles/standard/standard.profile | 2 +-
core/update.php | 2 +-
45 files changed, 223 insertions(+), 191 deletions(-)
diff --git a/core/includes/ajax.inc b/core/includes/ajax.inc
index 3f2389f57e95..7ef88c2c73cf 100644
--- a/core/includes/ajax.inc
+++ b/core/includes/ajax.inc
@@ -241,7 +241,7 @@ function ajax_render($commands = array()) {
// since the base page ought to have at least one JS file and one CSS file
// loaded. It probably indicates an error, and rather than making the page
// reload all of the files, instead we return no new files.
- if (empty($_POST['ajax_page_state'][$type])) {
+ if (!\Drupal::request()->request->get("ajax_page_state[$type]", NULL, TRUE)) {
$items[$type] = array();
}
else {
diff --git a/core/includes/bootstrap.inc b/core/includes/bootstrap.inc
index e13f54e08bad..2a29937b8f51 100644
--- a/core/includes/bootstrap.inc
+++ b/core/includes/bootstrap.inc
@@ -457,25 +457,28 @@ function config_get_config_directory($type = CONFIG_ACTIVE_DIRECTORY) {
* 'REMOTE_ADDR' key.
*
* @param $variables
- * (optional) An associative array of variables within $_SERVER that should
- * be replaced. If the special element 'url' is provided in this array, it
- * will be used to populate some of the server defaults; it should be set to
- * the URL of the current page request, excluding any $_GET request but
- * including the script name (e.g., http://www.example.com/mysite/index.php).
+ * (optional) An associative array of variables within
+ * \Drupal::request()->server that should be replaced. If the special element
+ * 'url' is provided in this array, it will be used to populate some of the
+ * server defaults; it should be set to the URL of the current page request,
+ * excluding any GET request but including the script name
+ * (e.g., http://www.example.com/mysite/index.php).
*
* @see conf_path()
* @see request_uri()
* @see \Symfony\Component\HttpFoundation\Request::getClientIP()
*/
function drupal_override_server_variables($variables = array()) {
+ $request = \Drupal::request();
+ $server_vars = $request->server->all();
// Allow the provided URL to override any existing values in $_SERVER.
if (isset($variables['url'])) {
$url = parse_url($variables['url']);
if (isset($url['host'])) {
- $_SERVER['HTTP_HOST'] = $url['host'];
+ $server_vars['HTTP_HOST'] = $url['host'];
}
if (isset($url['path'])) {
- $_SERVER['SCRIPT_NAME'] = $url['path'];
+ $server_vars['SCRIPT_NAME'] = $url['path'];
}
unset($variables['url']);
}
@@ -492,7 +495,7 @@ function drupal_override_server_variables($variables = array()) {
'HTTP_USER_AGENT' => NULL,
);
// Replace elements of the $_SERVER array, as appropriate.
- $_SERVER = $variables + $_SERVER + $defaults;
+ $request->server->replace($variables + $server_vars + $defaults);
}
/**
diff --git a/core/includes/common.inc b/core/includes/common.inc
index 6727d4bcdf5b..9973074f6a64 100644
--- a/core/includes/common.inc
+++ b/core/includes/common.inc
@@ -411,7 +411,8 @@ function drupal_get_feeds($delimiter = "\n") {
* Processes a URL query parameter array to remove unwanted elements.
*
* @param $query
- * (optional) An array to be processed. Defaults to $_GET.
+ * (optional) An array to be processed. Defaults to \Drupal::request()->query
+ * parameters.
* @param $exclude
* (optional) A list of $query array keys to remove. Use "parent[child]" to
* exclude nested items.
@@ -490,7 +491,7 @@ function drupal_get_destination() {
* The returned array contains a 'path' that may be passed separately to url().
* For example:
* @code
- * $options = drupal_parse_url($_GET['destination']);
+ * $options = drupal_parse_url(\Drupal::request()->query->get('destination'));
* $my_url = url($options['path'], $options);
* $my_link = l('Example link', $options['path'], $options);
* @endcode
@@ -501,7 +502,7 @@ function drupal_get_destination() {
* $options['query'] and the fragment into $options['fragment'].
*
* @param $url
- * The URL string to parse, f.e. $_GET['destination'].
+ * The URL string to parse.
*
* @return
* An associative array containing the keys:
@@ -1934,6 +1935,7 @@ function drupal_html_id($id) {
// take into account IDs that are already in use on the base page.
$seen_ids_init = &drupal_static(__FUNCTION__ . ':init');
if (!isset($seen_ids_init)) {
+ $ajax_html_ids = \Drupal::request()->request->get('ajax_html_ids');
// Ideally, Drupal would provide an API to persist state information about
// prior page requests in the database, and we'd be able to add this
// function's $seen_ids static variable to that state information in order
@@ -1943,7 +1945,7 @@ function drupal_html_id($id) {
// normally not recommended as it could open up security risks, but because
// the raw POST data is cast to a number before being returned by this
// function, this usage is safe.
- if (empty($_POST['ajax_html_ids'])) {
+ if (empty($ajax_html_ids)) {
$seen_ids_init = array();
}
else {
@@ -1952,7 +1954,7 @@ function drupal_html_id($id) {
// requested id. $_POST['ajax_html_ids'] contains the ids as they were
// returned by this function, potentially with the appended counter, so
// we parse that to reconstruct the $seen_ids array.
- $ajax_html_ids = explode(' ', $_POST['ajax_html_ids']);
+ $ajax_html_ids = explode(' ', $ajax_html_ids);
foreach ($ajax_html_ids as $seen_id) {
// We rely on '--' being used solely for separating a base id from the
// counter, which this function ensures when returning an id.
diff --git a/core/includes/form.inc b/core/includes/form.inc
index 66734457f3cc..87f8edfc66b0 100644
--- a/core/includes/form.inc
+++ b/core/includes/form.inc
@@ -495,7 +495,8 @@ function form_type_checkboxes_value($element, $input = FALSE) {
// NULL elements from the array before constructing the return value, to
// simulate the behavior of web browsers (which do not send unchecked
// checkboxes to the server at all). This will not affect non-programmatic
- // form submissions, since all values in $_POST are strings.
+ // form submissions, since all values in \Drupal::request()->request are
+ // strings.
foreach ($input as $key => $value) {
if (!isset($value)) {
unset($input[$key]);
diff --git a/core/includes/install.core.inc b/core/includes/install.core.inc
index feda4dcdc8a6..e0653b972edd 100644
--- a/core/includes/install.core.inc
+++ b/core/includes/install.core.inc
@@ -253,9 +253,19 @@ function install_state_defaults() {
* modified with information gleaned from the beginning of the page request.
*/
function install_begin_request(&$install_state) {
+ // A request object from the HTTPFoundation to tell us about the request.
+ $request = Request::createFromGlobals();
+
+ // Create a minimal container so that t() and $request will work. This
+ // container will be overriden but it's needed for the very early installation
+ // process when database tasks run.
+ $container = new ContainerBuilder();
+ $container->set('request', $request);
+ \Drupal::setContainer($container);
+
// Add any installation parameters passed in via the URL.
if ($install_state['interactive']) {
- $install_state['parameters'] += $_GET;
+ $install_state['parameters'] += $request->query->all();
}
// Validate certain core settings that are used throughout the installation.
@@ -288,13 +298,10 @@ function install_begin_request(&$install_state) {
// _drupal_load_test_overrides() sets the simpletest_conf_path in-memory
// setting in this case.
if ($install_state['interactive'] && drupal_valid_test_ua() && !settings()->get('simpletest_conf_path')) {
- header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
+ header($request->server->get('SERVER_PROTOCOL') . ' 403 Forbidden');
exit;
}
- // A request object from the HTTPFoundation to tell us about the request.
- $request = Request::createFromGlobals();
-
// If we have a language selected and it is not yet saved in the system
// (eg. pre-database data screens we are unable to persistently store
// the default language), we should set language_default so the proper
@@ -324,10 +331,6 @@ function install_begin_request(&$install_state) {
// Determine whether the configuration system is ready to operate.
$install_state['config_verified'] = install_verify_config_directory(CONFIG_ACTIVE_DIRECTORY) && install_verify_config_directory(CONFIG_STAGING_DIRECTORY);
- // Create a minimal container for t() to work.
- // This container will be overriden but it needed for the very early
- // installation process when database tasks run.
- $container = new ContainerBuilder();
// Register the translation services.
install_register_translation_service($container);
\Drupal::setContainer($container);
@@ -1348,7 +1351,7 @@ function install_select_profile(&$install_state) {
*
* A profile will be selected if:
* - Only one profile is available,
- * - A profile was submitted through $_POST,
+ * - A profile was submitted through \Drupal::request()->request,
* - Exactly one of the profiles is marked as "exclusive".
* If multiple profiles are marked as "exclusive" then no profile will be
* selected.
@@ -1362,12 +1365,13 @@ function install_select_profile(&$install_state) {
*/
function _install_select_profile($profiles) {
// Don't need to choose profile if only one available.
+ $request_params = \Drupal::request()->request;
if (count($profiles) == 1) {
$profile = array_pop($profiles);
return $profile->name;
}
- elseif (!empty($_POST['profile']) && isset($profiles[$_POST['profile']])) {
- return $profiles[$_POST['profile']]->name;
+ elseif ($request_params->has('profile') && ($profile = $request_params->get('profile')) && isset($profiles[$profile])) {
+ return $profiles[$profile]->name;
}
// Check for a profile marked as "exclusive" and ensure that only one
// profile is marked as such.
@@ -1548,6 +1552,7 @@ function install_select_language(&$install_state) {
// Find all available translation files.
$files = install_find_translations();
$install_state['translations'] += $files;
+ $request_params = \Drupal::request()->request;
// If a valid language code is set, continue with the next installation step.
// When translations from the localization server are used, any language code
@@ -1555,9 +1560,9 @@ function install_select_language(&$install_state) {
// langauges available at http://localize.drupal.org.
// When files from the translation directory are used, we only accept
// languages for which a file is available.
- if (!empty($_POST['langcode'])) {
+ if ($request_params->has('langcode')) {
$standard_languages = LanguageManager::getStandardLanguageList();
- $langcode = $_POST['langcode'];
+ $langcode = $request_params->get('langcode');
if ($langcode == 'en' || isset($files[$langcode]) || isset($standard_languages[$langcode])) {
$install_state['parameters']['langcode'] = $langcode;
return;
@@ -2099,7 +2104,8 @@ function install_configure_form($form, &$form_state, &$install_state) {
// especially out of place on the last page of the installer, where it would
// distract from the message that the Drupal installation has completed
// successfully.)
- if (empty($_POST) && (!drupal_verify_install_file(DRUPAL_ROOT . '/' . $settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE) || !drupal_verify_install_file(DRUPAL_ROOT . '/' . $settings_dir, FILE_NOT_WRITABLE, 'dir'))) {
+ $post_params = \Drupal::request()->request->all();
+ if (empty($post_params) && (!drupal_verify_install_file(DRUPAL_ROOT . '/' . $settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE) || !drupal_verify_install_file(DRUPAL_ROOT . '/' . $settings_dir, FILE_NOT_WRITABLE, 'dir'))) {
drupal_set_message(t('All necessary changes to %dir and %file have been made, so you should remove write permissions to them now in order to avoid security risks. If you are unsure how to do so, consult the <a href="@handbook_url">online handbook</a>.', array('%dir' => $settings_dir, '%file' => $settings_file, '@handbook_url' => 'http://drupal.org/server-permissions')), 'warning');
}
diff --git a/core/includes/language.inc b/core/includes/language.inc
index 07cc38354215..618e3a700280 100644
--- a/core/includes/language.inc
+++ b/core/includes/language.inc
@@ -100,7 +100,8 @@
* $langcode = language_from_url($languages);
*
* // If we are on an administrative path, override with the default language.
- * if (isset($_GET['q']) && strtok($_GET['q'], '/') == 'admin') {
+ * $query = \Drupal::request()->query;
+ * if ($query->has('q') && strtok($query->get('q'), '/') == 'admin') {
* return language_default()->id;
* }
* return $langcode;
diff --git a/core/includes/pager.inc b/core/includes/pager.inc
index ba7f65b27e16..987468973863 100644
--- a/core/includes/pager.inc
+++ b/core/includes/pager.inc
@@ -16,13 +16,13 @@
*
* @return
* The number of the current requested page, within the pager represented by
- * $element. This is determined from the URL query parameter $_GET['page'], or
- * 0 by default. Note that this number may differ from the actual page being
- * displayed. For example, if a search for "example text" brings up three
- * pages of results, but a users visits search/node/example+text?page=10, this
- * function will return 10, even though the default pager implementation
- * adjusts for this and still displays the third page of search results at
- * that URL.
+ * $element. This is determined from the URL query parameter
+ * \Drupal::request()->query->get('page'), or 0 by default. Note that this
+ * number may differ from the actual page being displayed. For example, if a
+ * search for "example text" brings up three pages of results, but a users
+ * visits search/node/example+text?page=10, this function will return 10, even
+ * though the default pager implementation adjusts for this and still displays
+ * the third page of search results at that URL.
*
* @see pager_default_initialize()
*/
@@ -109,10 +109,11 @@ function pager_find_page($element = 0) {
*
* @return
* The number of the current page, within the pager represented by $element.
- * This is determined from the URL query parameter $_GET['page'], or 0 by
- * default. However, if a page that does not correspond to the actual range
- * of the result set was requested, this function will return the closest
- * page actually within the result set.
+ * This is determined from the URL query parameter
+ * \Drupal::request()->query->get('page), or 0 by default. However, if a page
+ * that does not correspond to the actual range of the result set was
+ * requested, this function will return the closest page actually within the
+ * result set.
*/
function pager_default_initialize($total, $limit, $element = 0) {
global $pager_page_array, $pager_total, $pager_total_items, $pager_limits;
diff --git a/core/includes/session.inc b/core/includes/session.inc
index 4cc81397e42a..5ffbb8ded8df 100644
--- a/core/includes/session.inc
+++ b/core/includes/session.inc
@@ -83,7 +83,8 @@ function _drupal_session_read($sid) {
// Handle the case of first time visitors and clients that don't store
// cookies (eg. web crawlers).
$insecure_session_name = substr(session_name(), 1);
- if (!isset($_COOKIE[session_name()]) && !isset($_COOKIE[$insecure_session_name])) {
+ $cookies = \Drupal::request()->cookies;
+ if (!$cookies->has(session_name()) && !$cookies->has($insecure_session_name)) {
$user = new UserSession();
return '';
}
@@ -95,9 +96,9 @@ function _drupal_session_read($sid) {
if (\Drupal::request()->isSecure()) {
$values = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.ssid = :ssid", array(':ssid' => $sid))->fetchAssoc();
if (!$values) {
- if (isset($_COOKIE[$insecure_session_name])) {
+ if ($cookies->has($insecure_session_name)) {
$values = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = :sid AND s.uid = 0", array(
- ':sid' => $_COOKIE[$insecure_session_name]))
+ ':sid' => $cookies->get($insecure_session_name)))
->fetchAssoc();
}
}
@@ -188,13 +189,14 @@ function _drupal_session_write($sid, $value) {
// On HTTPS connections, use the session ID as both 'sid' and 'ssid'.
if (\Drupal::request()->isSecure()) {
$key['ssid'] = $sid;
+ $cookies = \Drupal::request()->cookies;
// The "secure pages" setting allows a site to simultaneously use both
// secure and insecure session cookies. If enabled and both cookies are
// presented then use both keys.
if (settings()->get('mixed_mode_sessions', FALSE)) {
$insecure_session_name = substr(session_name(), 1);
- if (isset($_COOKIE[$insecure_session_name])) {
- $key['sid'] = $_COOKIE[$insecure_session_name];
+ if ($cookies->has($insecure_session_name)) {
+ $key['sid'] = $cookies->get($insecure_session_name);
}
}
}
@@ -241,9 +243,8 @@ function drupal_session_initialize() {
session_set_save_handler('_drupal_session_open', '_drupal_session_close', '_drupal_session_read', '_drupal_session_write', '_drupal_session_destroy', '_drupal_session_garbage_collection');
$is_https = \Drupal::request()->isSecure();
- // We use !empty() in the following check to ensure that blank session IDs
- // are not valid.
- if (!empty($_COOKIE[session_name()]) || ($is_https && settings()->get('mixed_mode_sessions', FALSE) && !empty($_COOKIE[substr(session_name(), 1)]))) {
+ $cookies = \Drupal::request()->cookies;
+ if (($cookies->has(session_name()) && ($session_name = $cookies->get(session_name()))) || ($is_https && settings()->get('mixed_mode_sessions', FALSE) && ($cookies->has(substr(session_name(), 1))) && ($session_name = $cookies->get(substr(session_name(), 1))))) {
// If a session cookie exists, initialize the session. Otherwise the
// session is only started on demand in drupal_session_commit(), making
// anonymous users not use a session cookie unless something is stored in
@@ -267,7 +268,7 @@ function drupal_session_initialize() {
if ($is_https && settings()->get('mixed_mode_sessions', FALSE)) {
$insecure_session_name = substr(session_name(), 1);
$session_id = Crypt::hashBase64(uniqid(mt_rand(), TRUE));
- $_COOKIE[$insecure_session_name] = $session_id;
+ $cookies->set($insecure_session_name, $session_id);
}
}
date_default_timezone_set(drupal_get_user_timezone());
@@ -323,7 +324,8 @@ function drupal_session_commit() {
$insecure_session_name = substr(session_name(), 1);
$params = session_get_cookie_params();
$expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
- setcookie($insecure_session_name, $_COOKIE[$insecure_session_name], $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
+ $cookie_params = \Drupal::request()->cookies;
+ setcookie($insecure_session_name, $cookie_params->get($insecure_session_name), $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
}
}
// Write the session data.
@@ -356,11 +358,12 @@ function drupal_session_regenerate() {
}
$is_https = \Drupal::request()->isSecure();
+ $cookies = \Drupal::request()->cookies;
if ($is_https && settings()->get('mixed_mode_sessions', FALSE)) {
$insecure_session_name = substr(session_name(), 1);
- if (!isset($GLOBALS['lazy_session']) && isset($_COOKIE[$insecure_session_name])) {
- $old_insecure_session_id = $_COOKIE[$insecure_session_name];
+ if (!isset($GLOBALS['lazy_session']) && $cookies->has($insecure_session_name)) {
+ $old_insecure_session_id = $cookies->get($insecure_session_name);
}
$params = session_get_cookie_params();
$session_id = Crypt::hashBase64(uniqid(mt_rand(), TRUE) . Crypt::randomBytes(55));
@@ -369,7 +372,7 @@ function drupal_session_regenerate() {
// it will expire when the browser is closed.
$expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
setcookie($insecure_session_name, $session_id, $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
- $_COOKIE[$insecure_session_name] = $session_id;
+ $cookies->set($insecure_session_name, $session_id);
}
if (drupal_session_started()) {
@@ -461,13 +464,14 @@ function _drupal_session_destroy($sid) {
* Force the secure value of the cookie.
*/
function _drupal_session_delete_cookie($name, $secure = NULL) {
- if (isset($_COOKIE[$name]) || (!\Drupal::request()->isSecure() && $secure === TRUE)) {
+ $cookies = \Drupal::request()->cookies;
+ if ($cookies->has($name) || (!\Drupal::request()->isSecure() && $secure === TRUE)) {
$params = session_get_cookie_params();
if ($secure !== NULL) {
$params['secure'] = $secure;
}
setcookie($name, '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
- unset($_COOKIE[$name]);
+ $cookies->remove($name);
}
}
diff --git a/core/lib/Drupal/Component/Utility/Url.php b/core/lib/Drupal/Component/Utility/Url.php
index 4fe96e228860..c7eff3e9526f 100644
--- a/core/lib/Drupal/Component/Utility/Url.php
+++ b/core/lib/Drupal/Component/Utility/Url.php
@@ -34,7 +34,8 @@ class Url {
* http_build_query() directly.
*
* @param array $query
- * The query parameter array to be processed, e.g. $_GET.
+ * The query parameter array to be processed,
+ * e.g. \Drupal::request()->query->all().
* @param string $parent
* Internal use only. Used to build the $query array key for nested items.
*
@@ -118,13 +119,14 @@ public static function filterQueryParameters(array $query, array $exclude = arra
* The returned array contains a 'path' that may be passed separately to url().
* For example:
* @code
- * $options = Url::parse($_GET['destination']);
+ * $options = Url::parse(\Drupal::request()->query->get('destination'));
* $my_url = url($options['path'], $options);
* $my_link = l('Example link', $options['path'], $options);
* @endcode
*
* @param string $url
- * The URL string to parse, f.e. $_GET['destination'].
+ * The URL string to parse, i.e.
+ * \Drupal::request()->query->get('destination').
*
* @return
* An associative array containing the keys:
diff --git a/core/lib/Drupal/Core/Ajax/AjaxResponse.php b/core/lib/Drupal/Core/Ajax/AjaxResponse.php
index 2ed7331590b5..256ea955817f 100644
--- a/core/lib/Drupal/Core/Ajax/AjaxResponse.php
+++ b/core/lib/Drupal/Core/Ajax/AjaxResponse.php
@@ -95,10 +95,11 @@ protected function ajaxRender(Request $request) {
// diffing logic using array_diff_key().
$ajax_page_state = $request->request->get('ajax_page_state');
foreach (array('css', 'js') as $type) {
- // It is highly suspicious if $_POST['ajax_page_state'][$type] is empty,
- // since the base page ought to have at least one JS file and one CSS file
- // loaded. It probably indicates an error, and rather than making the page
- // reload all of the files, instead we return no new files.
+ // It is highly suspicious if
+ // $request->request->get("ajax_page_state[$type]") is empty, since the
+ // base page ought to have at least one JS file and one CSS file loaded.
+ // It probably indicates an error, and rather than making the page reload
+ // all of the files, instead we return no new files.
if (empty($ajax_page_state[$type])) {
$items[$type] = array();
}
diff --git a/core/lib/Drupal/Core/EventSubscriber/RedirectResponseSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/RedirectResponseSubscriber.php
index 609e90963b9c..6cc7916a6c51 100644
--- a/core/lib/Drupal/Core/EventSubscriber/RedirectResponseSubscriber.php
+++ b/core/lib/Drupal/Core/EventSubscriber/RedirectResponseSubscriber.php
@@ -48,9 +48,10 @@ public function checkRedirectUrl(FilterResponseEvent $event) {
$options = array();
$destination = $event->getRequest()->query->get('destination');
- // A destination in $_GET always overrides the current RedirectResponse.
- // We do not allow absolute URLs to be passed via $_GET, as this can be an
- // attack vector, with the following exception:
+ // A destination from \Drupal::request()->query always overrides the
+ // current RedirectResponse. We do not allow absolute URLs to be passed
+ // via \Drupal::request()->query, as this can be an attack vector, with
+ // the following exception:
// - Absolute URLs that point to this site (i.e. same base URL and
// base path) are allowed.
if ($destination && (!url_is_external($destination) || _external_url_is_local($destination))) {
diff --git a/core/lib/Drupal/Core/Form/FormBuilder.php b/core/lib/Drupal/Core/Form/FormBuilder.php
index 6a81eb09b734..03c21dbb56b3 100644
--- a/core/lib/Drupal/Core/Form/FormBuilder.php
+++ b/core/lib/Drupal/Core/Form/FormBuilder.php
@@ -569,7 +569,7 @@ public function retrieveForm($form_id, &$form_state) {
public function processForm($form_id, &$form, &$form_state) {
$form_state['values'] = array();
- // With $_GET, these forms are always submitted if requested.
+ // With GET, these forms are always submitted if requested.
if ($form_state['method'] == 'get' && !empty($form_state['always_process'])) {
if (!isset($form_state['input']['form_build_id'])) {
$form_state['input']['form_build_id'] = $form['#build_id'];
@@ -1485,9 +1485,10 @@ protected function handleInputElement($form_id, &$element, &$form_state) {
$name = array_shift($element['#parents']);
$element['#name'] = $name;
if ($element['#type'] == 'file') {
- // To make it easier to handle $_FILES in file.inc, we place all
+ // To make it easier to handle files in file.inc, we place all
// file fields in the 'files' array. Also, we do not support
// nested file names.
+ // @todo Remove this files prefix now?
$element['#name'] = 'files[' . $element['#name'] . ']';
}
elseif (count($element['#parents'])) {
@@ -1603,7 +1604,8 @@ protected function handleInputElement($form_id, &$element, &$form_state) {
if (!empty($element['#is_button'])) {
// All buttons in the form need to be tracked for
// form_state_values_clean() and for the self::doBuildForm() code that
- // handles a form submission containing no button information in $_POST.
+ // handles a form submission containing no button information in
+ // \Drupal::request()->request.
$form_state['buttons'][] = $element;
if ($this->buttonWasClicked($element, $form_state)) {
$form_state['triggering_element'] = $element;
@@ -1663,15 +1665,15 @@ protected function buttonWasClicked($element, &$form_state) {
// buttons on a form share the same name (usually 'op'), and the specific
// return value is used to determine which was clicked. This ONLY works as
// long as $form['#name'] puts the value at the top level of the tree of
- // $_POST data.
+ // \Drupal::request()->request data.
if (isset($form_state['input'][$element['#name']]) && $form_state['input'][$element['#name']] == $element['#value']) {
return TRUE;
}
// When image buttons are clicked, browsers do NOT pass the form element
- // value in $_POST. Instead they pass an integer representing the
- // coordinates of the click on the button image. This means that image
- // buttons MUST have unique $form['#name'] values, but the details of their
- // $_POST data should be ignored.
+ // value in \Drupal::request()->Request. Instead they pass an integer
+ // representing the coordinates of the click on the button image. This means
+ // that image buttons MUST have unique $form['#name'] values, but the
+ // details of their \Drupal::request()->request data should be ignored.
elseif (!empty($element['#has_garbage_value']) && isset($element['#value']) && $element['#value'] !== '') {
return TRUE;
}
diff --git a/core/lib/Drupal/Core/Form/FormBuilderInterface.php b/core/lib/Drupal/Core/Form/FormBuilderInterface.php
index bbe355afc30f..1ccb527afc37 100644
--- a/core/lib/Drupal/Core/Form/FormBuilderInterface.php
+++ b/core/lib/Drupal/Core/Form/FormBuilderInterface.php
@@ -154,8 +154,9 @@ public function getForm($form_arg);
* understanding of security implications. In almost all cases, code
* should use the data in the 'values' array exclusively. The most common
* use of this key is for multi-step forms that need to clear some of the
- * user input when setting 'rebuild'. The values correspond to $_POST or
- * $_GET, depending on the 'method' chosen.
+ * user input when setting 'rebuild'. The values correspond to
+ * \Drupal::request()->request or \Drupal::request()->query, depending on
+ * the 'method' chosen.
* - always_process: If TRUE and the method is GET, a form_id is not
* necessary. This should only be used on RESTful GET forms that do NOT
* write data, as this could lead to security issues. It is useful so that
@@ -169,8 +170,8 @@ public function getForm($form_arg);
* invoked via self::submitForm(). Defaults to FALSE.
* - process_input: Boolean flag. TRUE signifies correct form submission.
* This is always TRUE for programmed forms coming from self::submitForm()
- * (see 'programmed' key), or if the form_id coming from the $_POST data
- * is set and matches the current form_id.
+ * (see 'programmed' key), or if the form_id coming from the
+ * \Drupal::request()->request data is set and matches the current form_id.
* - submitted: If TRUE, the form has been submitted. Defaults to FALSE.
* - executed: If TRUE, the form was submitted and has been processed and
* executed. Defaults to FALSE.
@@ -309,11 +310,12 @@ public function setCache($form_build_id, $form, $form_state);
* @param $form_state
* A keyed array containing the current state of the form. Most important is
* the $form_state['values'] collection, a tree of data used to simulate the
- * incoming $_POST information from a user's form submission. If a key is
- * not filled in $form_state['values'], then the default value of the
- * respective element is used. To submit an unchecked checkbox or other
- * control that browsers submit by not having a $_POST entry, include the
- * key, but set the value to NULL.
+ * incoming \Drupal::request()->request information from a user's form
+ * submission. If a key is not filled in $form_state['values'], then the
+ * default value of the respective element is used. To submit an unchecked
+ * checkbox or other control that browsers submit by not having a
+ * \Drupal::request()->request entry, include the key, but set the value to
+ * NULL.
* @param ...
* Any additional arguments are passed on to the functions called by
* self::submitForm(), including the unique form constructor function.
@@ -378,8 +380,8 @@ public function retrieveForm($form_id, &$form_state);
* A keyed array containing the current state of the form. This
* includes the current persistent storage data for the form, and
* any data passed along by earlier steps when displaying a
- * multi-step form. Additional information, like the sanitized $_POST
- * data, is also accumulated here.
+ * multi-step form. Additional information, like the sanitized
+ * \Drupal::request()->request data, is also accumulated here.
*
* @return \Symfony\Component\HttpFoundation\RedirectResponse|null
*/
@@ -477,8 +479,9 @@ public function validateForm($form_id, &$form, &$form_state);
* redirect is accomplished by returning a RedirectResponse, passing in the
* value of $form_state['redirect'] if it is set, or the current path if it
* is not. RedirectResponse preferentially uses the value of
- * $_GET['destination'] (the 'destination' URL query string) if it is
- * present, so this will override any values set by $form_state['redirect'].
+ * \Drupal::request->query->get('destination') (the 'destination' URL query
+ * string) if it is present, so this will override any values set by
+ * $form_state['redirect'].
*
* @param $form_state
* An associative array containing the current state of the form.
@@ -599,7 +602,7 @@ public function executeHandlers($type, &$form, &$form_state);
* A keyed array containing the current state of the form. In this
* context, it is used to accumulate information about which button
* was clicked when the form was submitted, as well as the sanitized
- * $_POST data.
+ * \Drupal::request()->request data.
*
* @return array
*/
diff --git a/core/modules/aggregator/lib/Drupal/aggregator/Form/OpmlFeedAdd.php b/core/modules/aggregator/lib/Drupal/aggregator/Form/OpmlFeedAdd.php
index 3a4a131c15ca..b772f40f8a33 100644
--- a/core/modules/aggregator/lib/Drupal/aggregator/Form/OpmlFeedAdd.php
+++ b/core/modules/aggregator/lib/Drupal/aggregator/Form/OpmlFeedAdd.php
@@ -138,7 +138,8 @@ public function buildForm(array $form, array &$form_state) {
*/
public function validateForm(array &$form, array &$form_state) {
// If both fields are empty or filled, cancel.
- if (empty($form_state['values']['remote']) == empty($_FILES['files']['name']['upload'])) {
+ $file_upload = $this->getRequest()->files->get('files[upload]', NULL, TRUE);
+ if (empty($form_state['values']['remote']) == empty($file_upload)) {
form_set_error('remote', $form_state, $this->t('You must <em>either</em> upload a file or enter a URL.'));
}
}
diff --git a/core/modules/config/lib/Drupal/config/Form/ConfigImportForm.php b/core/modules/config/lib/Drupal/config/Form/ConfigImportForm.php
index be2988ea29c4..729603498fcf 100644
--- a/core/modules/config/lib/Drupal/config/Form/ConfigImportForm.php
+++ b/core/modules/config/lib/Drupal/config/Form/ConfigImportForm.php
@@ -74,11 +74,12 @@ public function buildForm(array $form, array &$form_state) {
* {@inheritdoc}
*/
public function validateForm(array &$form, array &$form_state) {
- if (!empty($_FILES['files']['error']['import_tarball'])) {
- form_set_error('import_tarball', $form_state, $this->t('The import tarball could not be uploaded.'));
+ $file_upload = $this->getRequest()->files->get('files[import_tarball]', NULL, TRUE);
+ if ($file_upload && $file_upload->isValid()) {
+ $form_state['values']['import_tarball'] = $file_upload->getRealPath();
}
else {
- $form_state['values']['import_tarball'] = $_FILES['files']['tmp_name']['import_tarball'];
+ form_set_error('import_tarball', $form_state, $this->t('The import tarball could not be uploaded.'));
}
}
diff --git a/core/modules/editor/lib/Drupal/editor/Form/EditorImageDialog.php b/core/modules/editor/lib/Drupal/editor/Form/EditorImageDialog.php
index 6e78c7f19eda..b3512b54dd0d 100644
--- a/core/modules/editor/lib/Drupal/editor/Form/EditorImageDialog.php
+++ b/core/modules/editor/lib/Drupal/editor/Form/EditorImageDialog.php
@@ -33,8 +33,8 @@ public function getFormId() {
* The filter format for which this dialog corresponds.
*/
public function buildForm(array $form, array &$form_state, FilterFormat $filter_format = NULL) {
- // The default values are set directly from $_POST, provided by the
- // editor plugin opening the dialog.
+ // The default values are set directly from \Drupal::request()->request,
+ // provided by the editor plugin opening the dialog.
if (!isset($form_state['image_element'])) {
$form_state['image_element'] = isset($form_state['input']['editor_object']) ? $form_state['input']['editor_object'] : array();
}
diff --git a/core/modules/editor/lib/Drupal/editor/Form/EditorLinkDialog.php b/core/modules/editor/lib/Drupal/editor/Form/EditorLinkDialog.php
index 9bc2948d8089..0e76f79de916 100644
--- a/core/modules/editor/lib/Drupal/editor/Form/EditorLinkDialog.php
+++ b/core/modules/editor/lib/Drupal/editor/Form/EditorLinkDialog.php
@@ -33,8 +33,8 @@ public function getFormId() {
* The filter format for which this dialog corresponds.
*/
public function buildForm(array $form, array &$form_state, FilterFormat $filter_format = NULL) {
- // The default values are set directly from $_POST, provided by the
- // editor plugin opening the dialog.
+ // The default values are set directly from \Drupal::request()->request,
+ // provided by the editor plugin opening the dialog.
$input = isset($form_state['input']['editor_object']) ? $form_state['input']['editor_object'] : array();
$form['#tree'] = TRUE;
diff --git a/core/modules/file/file.module b/core/modules/file/file.module
index 85d9e94960b0..4f189526cf49 100644
--- a/core/modules/file/file.module
+++ b/core/modules/file/file.module
@@ -773,8 +773,9 @@ function file_save_upload($form_field_name, array &$form_state, $validators = ar
$user = \Drupal::currentUser();
static $upload_cache;
+ $file_upload = \Drupal::request()->files->get("files[$form_field_name]", NULL, TRUE);
// Make sure there's an upload to process.
- if (empty($_FILES['files']['name'][$form_field_name])) {
+ if (empty($file_upload)) {
return NULL;
}
@@ -789,40 +790,39 @@ function file_save_upload($form_field_name, array &$form_state, $validators = ar
// Prepare uploaded files info. Representation is slightly different
// for multiple uploads and we fix that here.
- $uploaded_files = $_FILES;
- if (!is_array($uploaded_files['files']['name'][$form_field_name])) {
- foreach (array('name', 'type', 'tmp_name', 'error', 'size') as $value)
- $uploaded_files['files'][$value][$form_field_name] = array($uploaded_files['files'][$value][$form_field_name]);
+ $uploaded_files = $file_upload;
+ if (!is_array($file_upload)) {
+ $uploaded_files = array($file_upload);
}
$files = array();
- foreach ($uploaded_files['files']['name'][$form_field_name] as $i => $name) {
+ foreach ($uploaded_files as $i => $file_info) {
// Check for file upload errors and return FALSE for this file if a lower
// level system error occurred. For a complete list of errors:
// See http://php.net/manual/features.file-upload.errors.php.
- switch ($uploaded_files['files']['error'][$form_field_name][$i]) {
+ switch ($file_info->getError()) {
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
- drupal_set_message(t('The file %file could not be saved because it exceeds %maxsize, the maximum allowed size for uploads.', array('%file' => $name, '%maxsize' => format_size(file_upload_max_size()))), 'error');
+ drupal_set_message(t('The file %file could not be saved because it exceeds %maxsize, the maximum allowed size for uploads.', array('%file' => $file_info->getFilename(), '%maxsize' => format_size(file_upload_max_size()))), 'error');
$files[$i] = FALSE;
continue;
case UPLOAD_ERR_PARTIAL:
case UPLOAD_ERR_NO_FILE:
- drupal_set_message(t('The file %file could not be saved because the upload did not complete.', array('%file' => $name)), 'error');
+ drupal_set_message(t('The file %file could not be saved because the upload did not complete.', array('%file' => $file_info->getFilename())), 'error');
$files[$i] = FALSE;
continue;
case UPLOAD_ERR_OK:
// Final check that this is a valid upload, if it isn't, use the
// default error handler.
- if (is_uploaded_file($uploaded_files['files']['tmp_name'][$form_field_name][$i])) {
+ if (is_uploaded_file($file_info->getRealPath())) {
break;
}
// Unknown error
default:
- drupal_set_message(t('The file %file could not be saved. An unknown error has occurred.', array('%file' => $name)), 'error');
+ drupal_set_message(t('The file %file could not be saved. An unknown error has occurred.', array('%file' => $file_info->getFilename())), 'error');
$files[$i] = FALSE;
continue;
@@ -831,9 +831,9 @@ function file_save_upload($form_field_name, array &$form_state, $validators = ar
$values = array(
'uid' => $user->id(),
'status' => 0,
- 'filename' => trim(drupal_basename($name, '.')),
- 'uri' => $uploaded_files['files']['tmp_name'][$form_field_name][$i],
- 'filesize' => $uploaded_files['files']['size'][$form_field_name][$i],
+ 'filename' => $file_info->getClientOriginalName(),
+ 'uri' => $file_info->getRealPath(),
+ 'filesize' => $file_info->getSize(),
);
$values['filemime'] = file_get_mimetype($values['filename']);
$file = entity_create('file', $values);
@@ -936,7 +936,7 @@ function file_save_upload($form_field_name, array &$form_state, $validators = ar
// directory. This overcomes open_basedir restrictions for future file
// operations.
$file->uri = $file->destination;
- if (!drupal_move_uploaded_file($uploaded_files['files']['tmp_name'][$form_field_name][$i], $file->getFileUri())) {
+ if (!drupal_move_uploaded_file($file_info->getRealPath(), $file->getFileUri())) {
form_set_error($form_field_name, $form_state, t('File upload error. Could not move uploaded file.'));
watchdog('file', 'Upload error. Could not move uploaded file %file to destination %destination.', array('%file' => $file->filename, '%destination' => $file->uri));
$files[$i] = FALSE;
@@ -1466,7 +1466,8 @@ function file_managed_file_submit($form, &$form_state) {
*/
function file_managed_file_save_upload($element, array &$form_state) {
$upload_name = implode('_', $element['#parents']);
- if (empty($_FILES['files']['name'][$upload_name])) {
+ $file_upload = \Drupal::request()->files->get("files[$upload_name]", NULL, TRUE);
+ if (empty($file_upload)) {
return FALSE;
}
@@ -1478,8 +1479,8 @@ function file_managed_file_save_upload($element, array &$form_state) {
}
// Save attached files to the database.
- $files_uploaded = $element['#multiple'] && count(array_filter($_FILES['files']['name'][$upload_name])) > 0;
- $files_uploaded |= !$element['#multiple'] && !empty($_FILES['files']['name'][$upload_name]);
+ $files_uploaded = $element['#multiple'] && count(array_filter($file_upload)) > 0;
+ $files_uploaded |= !$element['#multiple'] && !empty($file_upload);
if ($files_uploaded) {
if (!$files = file_save_upload($upload_name, $form_state, $element['#upload_validators'], $destination)) {
watchdog('file', 'The file upload failed. %upload', array('%upload' => $upload_name));
diff --git a/core/modules/node/lib/Drupal/node/Plugin/Search/NodeSearch.php b/core/modules/node/lib/Drupal/node/Plugin/Search/NodeSearch.php
index 547562b3e266..17381849fa03 100644
--- a/core/modules/node/lib/Drupal/node/Plugin/Search/NodeSearch.php
+++ b/core/modules/node/lib/Drupal/node/Plugin/Search/NodeSearch.php
@@ -176,8 +176,8 @@ public function execute() {
->searchExpression($keys, $this->getPluginId());
// Handle advanced search filters in the f query string.
- // $_GET['f'] is an array that looks like this in the URL:
- // ?f[]=type:page&f[]=term:27&f[]=term:13&f[]=langcode:en
+ // \Drupal::request()->query->get('f') is an array that looks like this in
+ // the URL: ?f[]=type:page&f[]=term:27&f[]=term:13&f[]=langcode:en
// So $parameters['f'] looks like:
// array('type:page', 'term:27', 'term:13', 'langcode:en');
// We need to parse this out into query conditions.
diff --git a/core/modules/search/lib/Drupal/search/Controller/SearchController.php b/core/modules/search/lib/Drupal/search/Controller/SearchController.php
index bda72592326a..98dae2b1968f 100644
--- a/core/modules/search/lib/Drupal/search/Controller/SearchController.php
+++ b/core/modules/search/lib/Drupal/search/Controller/SearchController.php
@@ -72,8 +72,8 @@ public static function create(ContainerInterface $container) {
public function view(Request $request, $plugin_id = NULL, $keys = NULL) {
$info = FALSE;
$keys = trim($keys);
- // Also try to pull search keywords out of the $_REQUEST variable to
- // support old GET format of searches for existing links.
+ // Also try to pull search keywords from the request to support old GET
+ // format of searches for existing links.
if (!$keys && $request->query->has('keys')) {
$keys = trim($request->query->get('keys'));
}
@@ -105,11 +105,11 @@ public function view(Request $request, $plugin_id = NULL, $keys = NULL) {
// Default results output is an empty string.
$results = array('#markup' => '');
- // Process the search form. Note that if there is $_POST data,
- // search_form_submit() will cause a redirect to search/[path]/[keys],
- // which will get us back to this page callback. In other words, the search
- // form submits with POST but redirects to GET. This way we can keep
- // the search query URL clean as a whistle.
+ // Process the search form. Note that if there is
+ // \Drupal::request()->request data, search_form_submit() will cause a
+ // redirect to search/[path]/[keys], which will get us back to this page
+ // callback. In other words, the search form submits with POST but redirects
+ // to GET. This way we can keep the search query URL clean as a whistle.
if ($request->request->has('form_id') || $request->request->get('form_id') != 'search_form') {
// Only search if there are keywords or non-empty conditions.
if ($plugin->isSearchExecutable()) {
diff --git a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php
index be5f604cd97a..2f4ac6d61996 100644
--- a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php
+++ b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php
@@ -1139,13 +1139,16 @@ protected function curlExec($curl_options, $redirect = FALSE) {
// debug the code running on the child site. In order to make debuggers work
// this bit of information is forwarded. Make sure that the debugger listens
// to at least three external connections.
- if (isset($_COOKIE['XDEBUG_SESSION'])) {
- $cookies[] = 'XDEBUG_SESSION=' . $_COOKIE['XDEBUG_SESSION'];
+ $request = \Drupal::request();
+ $cookie_params = $request->cookies;
+ if ($cookie_params->has('XDEBUG_SESSION')) {
+ $cookies[] = 'XDEBUG_SESSION=' . $cookie_params->get('XDEBUG_SESSION');
}
// For CLI requests, the information is stored in $_SERVER.
- if (isset($_SERVER['XDEBUG_CONFIG'])) {
+ $server = $request->server;
+ if ($server->has('XDEBUG_CONFIG')) {
// $_SERVER['XDEBUG_CONFIG'] has the form "key1=value1 key2=value2 ...".
- $pairs = explode(' ', $_SERVER['XDEBUG_CONFIG']);
+ $pairs = explode(' ', $server->get('XDEBUG_CONFIG'));
foreach ($pairs as $pair) {
list($key, $value) = explode('=', $pair);
// Account for key-value pairs being separated by multiple spaces.
diff --git a/core/modules/system/lib/Drupal/system/Tests/Bootstrap/OverrideServerVariablesUnitTest.php b/core/modules/system/lib/Drupal/system/Tests/Bootstrap/OverrideServerVariablesUnitTest.php
index 0717b105aac8..67ee7b6950fd 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Bootstrap/OverrideServerVariablesUnitTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Bootstrap/OverrideServerVariablesUnitTest.php
@@ -8,11 +8,17 @@
namespace Drupal\system\Tests\Bootstrap;
use Drupal\simpletest\UnitTestBase;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\HttpFoundation\Request;
/**
* Tests for overriding server variables via the API.
*/
class OverrideServerVariablesUnitTest extends UnitTestBase {
+
+ /**
+ * {@inheritdoc}
+ */
public static function getInfo() {
return array(
'name' => 'Overriding server variables',
@@ -40,17 +46,17 @@ function testDrupalOverrideServerVariablesProvidedURL() {
),
);
foreach ($tests as $url => $expected_server_values) {
- // Remember the original value of $_SERVER, since the function call below
- // will modify it.
- $original_server = $_SERVER;
+ $container = \Drupal::getContainer();
+ $request = Request::createFromGlobals();
+ $container->set('request', $request);
+ \Drupal::setContainer($container);
+
// Call drupal_override_server_variables() and ensure that all expected
// $_SERVER variables were modified correctly.
drupal_override_server_variables(array('url' => $url));
foreach ($expected_server_values as $key => $value) {
- $this->assertIdentical($_SERVER[$key], $value);
+ $this->assertIdentical(\Drupal::request()->server->get($key), $value);
}
- // Restore the original value of $_SERVER.
- $_SERVER = $original_server;
}
}
}
diff --git a/core/modules/system/lib/Drupal/system/Tests/Common/HtmlIdentifierUnitTest.php b/core/modules/system/lib/Drupal/system/Tests/Common/HtmlIdentifierUnitTest.php
index a81feb895452..73cd1368c7e9 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Common/HtmlIdentifierUnitTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Common/HtmlIdentifierUnitTest.php
@@ -8,6 +8,7 @@
namespace Drupal\system\Tests\Common;
use Drupal\simpletest\UnitTestBase;
+use Symfony\Component\HttpFoundation\Request;
/**
* Tests cleaning HTML identifiers.
@@ -21,6 +22,18 @@ public static function getInfo() {
);
}
+ /**
+ * {@inheritdoc}
+ */
+ public function setUp() {
+ parent::setUp();
+
+ $container = \Drupal::getContainer();
+ $request = new Request();
+ $container->set('request', $request);
+ \Drupal::setContainer($container);
+ }
+
/**
* Tests that drupal_clean_css_identifier() cleans the identifier properly.
*/
diff --git a/core/modules/system/lib/Drupal/system/Tests/Common/TableSortExtenderUnitTest.php b/core/modules/system/lib/Drupal/system/Tests/Common/TableSortExtenderUnitTest.php
index 241949fce4a4..59eca4a28b47 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Common/TableSortExtenderUnitTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Common/TableSortExtenderUnitTest.php
@@ -15,13 +15,6 @@
*/
class TableSortExtenderUnitTest extends UnitTestBase {
- /**
- * Storage for initial value of $_GET.
- *
- * @var array
- */
- protected $GET = array();
-
public static function getInfo() {
return array(
'name' => 'Tablesort',
@@ -30,20 +23,6 @@ public static function getInfo() {
);
}
- function setUp() {
- // Save the original $_GET to be restored later.
- $this->GET = $_GET;
-
- parent::setUp();
- }
-
- function tearDown() {
- // Revert $_GET.
- $_GET = $this->GET;
-
- parent::tearDown();
- }
-
/**
* Tests tablesort_init().
*/
@@ -52,8 +31,8 @@ function testTableSortInit() {
// Test simple table headers.
$headers = array('foo', 'bar', 'baz');
- // Reset $_GET to prevent parameters from Simpletest and Batch API ending
- // up in $ts['query'].
+ // Reset $requesr->query to prevent parameters from Simpletest and Batch API
+ // ending up in $ts['query'].
$expected_ts = array(
'name' => 'foo',
'sql' => '',
diff --git a/core/modules/system/lib/Drupal/system/Tests/Entity/EntityViewBuilderTest.php b/core/modules/system/lib/Drupal/system/Tests/Entity/EntityViewBuilderTest.php
index b649cf6ac49e..ab1c086a1758 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Entity/EntityViewBuilderTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Entity/EntityViewBuilderTest.php
@@ -40,7 +40,7 @@ public function setUp() {
*/
public function testEntityViewBuilderCache() {
// Force a request via GET so we can get drupal_render() cache working.
- $request_method = $_SERVER['REQUEST_METHOD'];
+ $request_method = \Drupal::request()->server->get('REQUEST_METHOD');
$this->container->get('request')->setMethod('GET');
$entity_test = $this->createTestEntity('entity_test');
@@ -85,7 +85,7 @@ public function testEntityViewBuilderCache() {
*/
public function testEntityViewBuilderCacheWithReferences() {
// Force a request via GET so we can get drupal_render() cache working.
- $request_method = $_SERVER['REQUEST_METHOD'];
+ $request_method = \Drupal::request()->server->get('REQUEST_METHOD');
$this->container->get('request')->setMethod('GET');
// Create an entity reference field and an entity that will be referenced.
diff --git a/core/modules/system/lib/Drupal/system/Tests/Form/TriggeringElementTest.php b/core/modules/system/lib/Drupal/system/Tests/Form/TriggeringElementTest.php
index 2ca12a1a6de3..1c4f1df637a7 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Form/TriggeringElementTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Form/TriggeringElementTest.php
@@ -95,7 +95,7 @@ function testAttemptAccessControlBypass() {
// trying to get around security safeguards could easily do. We have to do
// a little trickery here, to work around the safeguards in drupalPostForm(): by
// renaming the text field that is in the form to 'button1', we can get the
- // data we want into $_POST.
+ // data we want into \Drupal::request()->request.
$elements = $this->xpath('//form[@id="' . $form_html_id . '"]//input[@name="text"]');
$elements[0]['name'] = 'button1';
$this->drupalPostForm(NULL, array('button1' => 'button1'), NULL, array(), array(), $form_html_id);
diff --git a/core/modules/system/system.install b/core/modules/system/system.install
index 3c5e9d02e224..af38deefc325 100644
--- a/core/modules/system/system.install
+++ b/core/modules/system/system.install
@@ -44,7 +44,7 @@ function system_requirements($phase) {
}
// Web server information.
- $software = $_SERVER['SERVER_SOFTWARE'];
+ $software = \Drupal::request()->server->get('SERVER_SOFTWARE');
$requirements['webserver'] = array(
'title' => t('Web server'),
'value' => $software,
diff --git a/core/modules/system/system.module b/core/modules/system/system.module
index 7f9806a4e933..17d7fb0cfb3e 100644
--- a/core/modules/system/system.module
+++ b/core/modules/system/system.module
@@ -2722,7 +2722,8 @@ function system_default_region($theme) {
*
* If the submit handler for a form that implements confirm_form() is invoked,
* the user successfully confirmed the action. You should never directly
- * inspect $_POST to see if an action was confirmed.
+ * inspect $_POST or \Drupal::request()->request to see if an action was
+ * confirmed.
*
* Note - if the parameters $question, $description, $yes, or $no could contain
* any user input (such as node titles or taxonomy terms), it is the
@@ -2817,7 +2818,7 @@ function confirm_form($form, $question, $path, $description = NULL, $yes = NULL,
function system_admin_compact_mode() {
// PHP converts dots into underscores in cookie names to avoid problems with
// its parser, so we use a converted cookie name.
- return isset($_COOKIE['Drupal_visitor_admin_compact_mode']) ? $_COOKIE['Drupal_visitor_admin_compact_mode'] : \Drupal::config('system.site')->get('admin_compact_mode');
+ return \Drupal::request()->cookies->get('Drupal_visitor_admin_compact_mode', \Drupal::config('system.site')->get('admin_compact_mode'));
}
/**
diff --git a/core/modules/system/tests/modules/ajax_test/ajax_test.module b/core/modules/system/tests/modules/ajax_test/ajax_test.module
index f42844fb7f0b..ec2f239318bd 100644
--- a/core/modules/system/tests/modules/ajax_test/ajax_test.module
+++ b/core/modules/system/tests/modules/ajax_test/ajax_test.module
@@ -78,8 +78,9 @@ function ajax_test_order() {
*/
function ajax_test_error() {
$message = '';
- if (!empty($_GET['message'])) {
- $message = $_GET['message'];
+ $query = \Drupal::request()->query;
+ if ($query->has('message')) {
+ $message = $query->get('message');
}
$response = new AjaxResponse();
$response->addCommand(new AlertCommand($message));
diff --git a/core/modules/system/tests/modules/form_test/form_test.module b/core/modules/system/tests/modules/form_test/form_test.module
index bcd8483e4e20..a9328686619b 100644
--- a/core/modules/system/tests/modules/form_test/form_test.module
+++ b/core/modules/system/tests/modules/form_test/form_test.module
@@ -605,7 +605,7 @@ function form_test_storage_form($form, &$form_state) {
'#value' => 'Save',
);
- if (isset($_REQUEST['cache'])) {
+ if (\Drupal::request()->get('cache')) {
// Manually activate caching, so we can test that the storage keeps working
// when it's enabled.
$form_state['cache'] = TRUE;
@@ -624,7 +624,7 @@ function form_test_storage_element_validate_value_cached($element, &$form_state)
// This presumes that another submitted form value triggers a validation error
// elsewhere in the form. Form API should still update the cached form storage
// though.
- if (isset($_REQUEST['cache']) && $form_state['values']['value'] == 'change_title') {
+ if (\Drupal::request()->get('cache') && $form_state['values']['value'] == 'change_title') {
$form_state['storage']['thing']['changed'] = TRUE;
}
}
@@ -1760,7 +1760,7 @@ function form_test_state_persist_submit($form, &$form_state) {
function form_test_form_form_test_state_persist_alter(&$form, &$form_state) {
// Simulate a form alter implementation inserting form elements that enable
// caching of the form, e.g. elements having #ajax.
- if (!empty($_REQUEST['cache'])) {
+ if (\Drupal::request()->get('cache')) {
$form_state['cache'] = TRUE;
}
}
@@ -1973,7 +1973,7 @@ function form_test_form_user_register_form_alter(&$form, &$form_state) {
'#submit' => array('form_test_user_register_form_rebuild'),
);
// If requested, add the test field by attaching the node page form.
- if (!empty($_REQUEST['field'])) {
+ if (\Drupal::request()->request->has('field')) {
$node = entity_create('node', array(
'type' => 'page',
));
diff --git a/core/modules/system/tests/modules/menu_test/menu_test.module b/core/modules/system/tests/modules/menu_test/menu_test.module
index ab2ef302894b..4ba4ad4ddfd4 100644
--- a/core/modules/system/tests/modules/menu_test/menu_test.module
+++ b/core/modules/system/tests/modules/menu_test/menu_test.module
@@ -11,7 +11,7 @@
* Implements hook_menu().
*/
function menu_test_menu() {
- // The name of the menu changes during the course of the test. Using a $_GET.
+ // The name of the menu changes during the course of the test. Using a GET.
$items['menu_name_test'] = array(
'title' => 'Test menu_name router item',
'route_name' => 'menu_test.menu_name_test',
diff --git a/core/modules/system/tests/modules/system_test/system_test.module b/core/modules/system/tests/modules/system_test/system_test.module
index 56ae2061c9c4..aa93e6d672ae 100644
--- a/core/modules/system/tests/modules/system_test/system_test.module
+++ b/core/modules/system/tests/modules/system_test/system_test.module
@@ -8,8 +8,9 @@
* @deprecated \Drupal\system_test\Controller\SystemTestController::setHeader()
*/
function system_test_set_header() {
- drupal_add_http_header($_GET['name'], $_GET['value']);
- return t('The following header was set: %name: %value', array('%name' => $_GET['name'], '%value' => $_GET['value']));
+ $query = \Drupal::request()->query->all();
+ drupal_add_http_header($query['name'], $query['value']);
+ return t('The following header was set: %name: %value', array('%name' => $query['name'], '%value' => $query['value']));
}
/**
diff --git a/core/modules/taxonomy/lib/Drupal/taxonomy/Form/OverviewTerms.php b/core/modules/taxonomy/lib/Drupal/taxonomy/Form/OverviewTerms.php
index d0fc0a3ec711..25edaad98034 100644
--- a/core/modules/taxonomy/lib/Drupal/taxonomy/Form/OverviewTerms.php
+++ b/core/modules/taxonomy/lib/Drupal/taxonomy/Form/OverviewTerms.php
@@ -170,7 +170,7 @@ public function buildForm(array $form, array &$form_state, VocabularyInterface $
// error. Ensure the form is rebuilt in the same order as the user
// submitted.
if (!empty($form_state['input'])) {
- // Get the $_POST order.
+ // Get the POST order.
$order = array_flip(array_keys($form_state['input']['terms']));
// Update our form with the new order.
$current_page = array_merge($order, $current_page);
diff --git a/core/modules/update/update.manager.inc b/core/modules/update/update.manager.inc
index e411c2f9734d..a257685e86a6 100644
--- a/core/modules/update/update.manager.inc
+++ b/core/modules/update/update.manager.inc
@@ -632,7 +632,8 @@ function _update_manager_check_backends(&$form, $operation) {
* @see update_manager_install_form_submit()
*/
function update_manager_install_form_validate($form, &$form_state) {
- if (!($form_state['values']['project_url'] XOR !empty($_FILES['files']['name']['project_upload']))) {
+ $uploaded_file = \Drupal::request()->files->get('files[project_upload]', NULL, TRUE);
+ if (!($form_state['values']['project_url'] XOR !empty($uploaded_file))) {
form_set_error('project_url', $form_state, t('You must either provide a URL or upload an archive file to install.'));
}
}
diff --git a/core/modules/views/lib/Drupal/views/Controller/ViewAjaxController.php b/core/modules/views/lib/Drupal/views/Controller/ViewAjaxController.php
index e1aae782f553..307d63f62a1d 100644
--- a/core/modules/views/lib/Drupal/views/Controller/ViewAjaxController.php
+++ b/core/modules/views/lib/Drupal/views/Controller/ViewAjaxController.php
@@ -106,8 +106,8 @@ public function ajaxView(Request $request) {
$request->attributes->set('_system_path', $path);
}
- // Add all $_POST data, because AJAX is always a post and many things,
- // such as tablesorts, exposed filters and paging assume $_GET.
+ // Add all POST data, because AJAX is always a post and many things,
+ // such as tablesorts, exposed filters and paging assume GET.
$request_all = $request->request->all();
$query_all = $request->query->all();
$request->query->replace($request_all + $query_all);
diff --git a/core/modules/views/lib/Drupal/views/Plugin/views/HandlerBase.php b/core/modules/views/lib/Drupal/views/Plugin/views/HandlerBase.php
index 311bb9a46782..0a51c881b9f9 100644
--- a/core/modules/views/lib/Drupal/views/Plugin/views/HandlerBase.php
+++ b/core/modules/views/lib/Drupal/views/Plugin/views/HandlerBase.php
@@ -446,7 +446,7 @@ public function showExposeForm(&$form, &$form_state) {
$this->buildExposeForm($form, $form_state);
// When we click the expose button, we add new gadgets to the form but they
- // have no data in $_POST so their defaults get wiped out. This prevents
+ // have no data in POST so their defaults get wiped out. This prevents
// these defaults from getting wiped out. This setting will only be TRUE
// during a 2nd pass rerender.
if (!empty($form_state['force_expose_options'])) {
diff --git a/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php b/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php
index dc02ae3c9bce..fad42d604f28 100644
--- a/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php
+++ b/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php
@@ -1482,7 +1482,7 @@ public function getRenderTokens($item) {
$tokens['!' . $count] = isset($this->view->args[$count - 1]) ? strip_tags(decode_entities($this->view->args[$count - 1])) : '';
}
- // Get flattened set of tokens for any array depth in $_GET parameters.
+ // Get flattened set of tokens for any array depth in query parameters.
$tokens += $this->getTokenValuesRecursive(\Drupal::request()->query->all());
// Now add replacements for our fields.
diff --git a/core/modules/views/lib/Drupal/views/Plugin/views/filter/FilterPluginBase.php b/core/modules/views/lib/Drupal/views/Plugin/views/filter/FilterPluginBase.php
index a05b44763d13..91a9d84118fd 100644
--- a/core/modules/views/lib/Drupal/views/Plugin/views/filter/FilterPluginBase.php
+++ b/core/modules/views/lib/Drupal/views/Plugin/views/filter/FilterPluginBase.php
@@ -352,7 +352,7 @@ public function showBuildGroupForm(&$form, &$form_state) {
$this->buildExposedFiltersGroupForm($form, $form_state);
// When we click the expose button, we add new gadgets to the form but they
- // have no data in $_POST so their defaults get wiped out. This prevents
+ // have no data in POST so their defaults get wiped out. This prevents
// these defaults from getting wiped out. This setting will only be TRUE
// during a 2nd pass rerender.
if (!empty($form_state['force_build_group_options'])) {
diff --git a/core/modules/views/lib/Drupal/views/ViewExecutable.php b/core/modules/views/lib/Drupal/views/ViewExecutable.php
index 4b0c0ab243b9..60884d6bfc9e 100644
--- a/core/modules/views/lib/Drupal/views/ViewExecutable.php
+++ b/core/modules/views/lib/Drupal/views/ViewExecutable.php
@@ -556,7 +556,7 @@ public function ajaxEnabled() {
/**
* Set the exposed filters input to an array. If unset they will be taken
- * from $_GET when the time comes.
+ * from \Drupal::request()->query when the time comes.
*/
public function setExposedInput($filters) {
$this->exposed_input = $filters;
@@ -566,8 +566,8 @@ public function setExposedInput($filters) {
* Figure out what the exposed input for this view is.
*/
public function getExposedInput() {
- // Fill our input either from $_GET or from something previously set on the
- // view.
+ // Fill our input either from \Drupal::request()->query or from something
+ // previously set on the view.
if (empty($this->exposed_input)) {
$this->exposed_input = \Drupal::request()->query->all();
// unset items that are definitely not our input:
diff --git a/core/modules/views/views.module b/core/modules/views/views.module
index 5cdf601df8c1..c33ab873dcea 100644
--- a/core/modules/views/views.module
+++ b/core/modules/views/views.module
@@ -1099,7 +1099,7 @@ function views_exposed_form($form, &$form_state) {
$form['actions'] = array('#type' => 'actions');
$form['actions']['submit'] = array(
- // Prevent from showing up in $_GET.
+ // Prevent from showing up in \Drupal::request()->query.
'#name' => '',
'#type' => 'submit',
'#value' => t('Apply'),
diff --git a/core/modules/views_ui/admin.inc b/core/modules/views_ui/admin.inc
index b1c8d9c6a522..f93725a471d0 100644
--- a/core/modules/views_ui/admin.inc
+++ b/core/modules/views_ui/admin.inc
@@ -339,10 +339,10 @@ function views_ui_build_form_path($form_state) {
* #process callback for a button; determines if a button is the form's triggering element.
*
* The Form API has logic to determine the form's triggering element based on
- * the data in $_POST. However, it only checks buttons based on a single #value
+ * the data in POST. However, it only checks buttons based on a single #value
* per button. This function may be added to a button's #process callbacks to
* extend button click detection to support multiple #values per button. If the
- * data in $_POST matches any value in the button's #values array, then the
+ * data in POST matches any value in the button's #values array, then the
* button is detected as having been clicked. This can be used when the value
* (label) of the same logical button may be different based on context (e.g.,
* "Apply" vs. "Apply and continue").
diff --git a/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php b/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php
index f8fd10a431df..05b011d886a7 100644
--- a/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php
+++ b/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php
@@ -292,9 +292,6 @@ public function submit(array $form, array &$form_state) {
if (($display->getPluginId() == 'page') && ($old_path == $destination) && ($old_path != $view->getExecutable()->displayHandlers->get($id)->getOption('path'))) {
$destination = $view->getExecutable()->displayHandlers->get($id)->getOption('path');
$query->remove('destination');
- // @todo For whatever reason drupal_goto is still using $_GET.
- // @see http://drupal.org/node/1668866
- unset($_GET['destination']);
}
}
$form_state['redirect'] = $destination;
diff --git a/core/profiles/minimal/minimal.profile b/core/profiles/minimal/minimal.profile
index fe6da8c3287c..ed291da4d912 100644
--- a/core/profiles/minimal/minimal.profile
+++ b/core/profiles/minimal/minimal.profile
@@ -11,5 +11,5 @@
*/
function minimal_form_install_configure_form_alter(&$form, $form_state) {
// Pre-populate the site name with the server name.
- $form['site_information']['site_name']['#default_value'] = $_SERVER['SERVER_NAME'];
+ $form['site_information']['site_name']['#default_value'] = \Drupal::request()->server->get('SERVER_NAME');
}
diff --git a/core/profiles/standard/standard.profile b/core/profiles/standard/standard.profile
index d554c9379399..209107d1953d 100644
--- a/core/profiles/standard/standard.profile
+++ b/core/profiles/standard/standard.profile
@@ -11,5 +11,5 @@
*/
function standard_form_install_configure_form_alter(&$form, $form_state) {
// Pre-populate the site name with the server name.
- $form['site_information']['site_name']['#default_value'] = $_SERVER['SERVER_NAME'];
+ $form['site_information']['site_name']['#default_value'] = \Drupal::request()->server->get('SERVER_NAME');
}
diff --git a/core/update.php b/core/update.php
index add3646becc3..48059208471e 100644
--- a/core/update.php
+++ b/core/update.php
@@ -221,7 +221,7 @@ function update_info_page() {
*/
function update_access_denied_page() {
drupal_add_http_header('Status', '403 Forbidden');
- header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
+ header(\Drupal::request()->server->get('SERVER_PROTOCOL') . ' 403 Forbidden');
watchdog('access denied', 'update.php', NULL, WATCHDOG_WARNING);
drupal_set_title('Access denied');
return '<p>Access denied. You are not authorized to access this page. Log in using either an account with the <em>administer software updates</em> permission or the site maintenance account (the account you created during installation). If you cannot log in, you will have to edit <code>settings.php</code> to bypass this access check. To do this:</p>
--
GitLab