From dc7a5b27ef74f4e4cfb1c307ffc26ed6a7f5e459 Mon Sep 17 00:00:00 2001 From: webchick Date: Wed, 4 Dec 2013 21:13:05 -0800 Subject: [PATCH] Revert of Issue #1998638, since it broke drush si and other command-line scripts. --- core/includes/ajax.inc | 2 +- core/includes/bootstrap.inc | 19 ++++------ core/includes/common.inc | 12 +++--- core/includes/form.inc | 3 +- core/includes/install.core.inc | 36 ++++++++---------- core/includes/language.inc | 3 +- core/includes/pager.inc | 23 ++++++------ core/includes/session.inc | 34 ++++++++--------- core/lib/Drupal/Component/Utility/Url.php | 8 ++-- core/lib/Drupal/Core/Ajax/AjaxResponse.php | 9 ++--- .../RedirectResponseSubscriber.php | 7 ++-- core/lib/Drupal/Core/Form/FormBuilder.php | 18 ++++----- .../Drupal/Core/Form/FormBuilderInterface.php | 31 +++++++--------- .../Drupal/aggregator/Form/OpmlFeedAdd.php | 3 +- .../Drupal/config/Form/ConfigImportForm.php | 7 ++-- .../Drupal/editor/Form/EditorImageDialog.php | 4 +- .../Drupal/editor/Form/EditorLinkDialog.php | 4 +- core/modules/file/file.module | 37 +++++++++---------- .../Drupal/node/Plugin/Search/NodeSearch.php | 4 +- .../search/Controller/SearchController.php | 14 +++---- .../lib/Drupal/simpletest/WebTestBase.php | 11 ++---- .../OverrideServerVariablesUnitTest.php | 18 +++------ .../Tests/Common/HtmlIdentifierUnitTest.php | 13 ------- .../Common/TableSortExtenderUnitTest.php | 25 ++++++++++++- .../Tests/Entity/EntityViewBuilderTest.php | 4 +- .../Tests/Form/TriggeringElementTest.php | 2 +- core/modules/system/system.install | 2 +- core/modules/system/system.module | 2 +- .../tests/modules/ajax_test/ajax_test.module | 5 +-- .../tests/modules/form_test/form_test.module | 8 ++-- .../tests/modules/menu_test/menu_test.module | 2 +- .../modules/system_test/system_test.module | 5 +-- .../Drupal/taxonomy/Form/OverviewTerms.php | 2 +- core/modules/update/update.manager.inc | 3 +- .../views/Controller/ViewAjaxController.php | 4 +- .../Drupal/views/Plugin/views/HandlerBase.php | 2 +- .../Plugin/views/field/FieldPluginBase.php | 2 +- .../Plugin/views/filter/FilterPluginBase.php | 2 +- .../views/lib/Drupal/views/ViewExecutable.php | 6 +-- core/modules/views/views.module | 2 +- core/modules/views_ui/admin.inc | 4 +- .../views_ui/ViewEditFormController.php | 3 ++ core/profiles/minimal/minimal.profile | 2 +- core/profiles/standard/standard.profile | 2 +- core/update.php | 2 +- 45 files changed, 190 insertions(+), 221 deletions(-) diff --git a/core/includes/ajax.inc b/core/includes/ajax.inc index 7ef88c2c73c..3f2389f57e9 100644 --- a/core/includes/ajax.inc +++ b/core/includes/ajax.inc @@ -241,7 +241,7 @@ function ajax_render($commands = array()) { // since the base page ought to have at least one JS file and one CSS file // loaded. It probably indicates an error, and rather than making the page // reload all of the files, instead we return no new files. - if (!\Drupal::request()->request->get("ajax_page_state[$type]", NULL, TRUE)) { + if (empty($_POST['ajax_page_state'][$type])) { $items[$type] = array(); } else { diff --git a/core/includes/bootstrap.inc b/core/includes/bootstrap.inc index 2a29937b8f5..e13f54e08ba 100644 --- a/core/includes/bootstrap.inc +++ b/core/includes/bootstrap.inc @@ -457,28 +457,25 @@ function config_get_config_directory($type = CONFIG_ACTIVE_DIRECTORY) { * 'REMOTE_ADDR' key. * * @param $variables - * (optional) An associative array of variables within - * \Drupal::request()->server that should be replaced. If the special element - * 'url' is provided in this array, it will be used to populate some of the - * server defaults; it should be set to the URL of the current page request, - * excluding any GET request but including the script name - * (e.g., http://www.example.com/mysite/index.php). + * (optional) An associative array of variables within $_SERVER that should + * be replaced. If the special element 'url' is provided in this array, it + * will be used to populate some of the server defaults; it should be set to + * the URL of the current page request, excluding any $_GET request but + * including the script name (e.g., http://www.example.com/mysite/index.php). * * @see conf_path() * @see request_uri() * @see \Symfony\Component\HttpFoundation\Request::getClientIP() */ function drupal_override_server_variables($variables = array()) { - $request = \Drupal::request(); - $server_vars = $request->server->all(); // Allow the provided URL to override any existing values in $_SERVER. if (isset($variables['url'])) { $url = parse_url($variables['url']); if (isset($url['host'])) { - $server_vars['HTTP_HOST'] = $url['host']; + $_SERVER['HTTP_HOST'] = $url['host']; } if (isset($url['path'])) { - $server_vars['SCRIPT_NAME'] = $url['path']; + $_SERVER['SCRIPT_NAME'] = $url['path']; } unset($variables['url']); } @@ -495,7 +492,7 @@ function drupal_override_server_variables($variables = array()) { 'HTTP_USER_AGENT' => NULL, ); // Replace elements of the $_SERVER array, as appropriate. - $request->server->replace($variables + $server_vars + $defaults); + $_SERVER = $variables + $_SERVER + $defaults; } /** diff --git a/core/includes/common.inc b/core/includes/common.inc index 12ccffd8b63..09bae8a31fc 100644 --- a/core/includes/common.inc +++ b/core/includes/common.inc @@ -411,8 +411,7 @@ function drupal_get_feeds($delimiter = "\n") { * Processes a URL query parameter array to remove unwanted elements. * * @param $query - * (optional) An array to be processed. Defaults to \Drupal::request()->query - * parameters. + * (optional) An array to be processed. Defaults to $_GET. * @param $exclude * (optional) A list of $query array keys to remove. Use "parent[child]" to * exclude nested items. @@ -491,7 +490,7 @@ function drupal_get_destination() { * The returned array contains a 'path' that may be passed separately to url(). * For example: * @code - * $options = drupal_parse_url(\Drupal::request()->query->get('destination')); + * $options = drupal_parse_url($_GET['destination']); * $my_url = url($options['path'], $options); * $my_link = l('Example link', $options['path'], $options); * @endcode @@ -502,7 +501,7 @@ function drupal_get_destination() { * $options['query'] and the fragment into $options['fragment']. * * @param $url - * The URL string to parse. + * The URL string to parse, f.e. $_GET['destination']. * * @return * An associative array containing the keys: @@ -1887,7 +1886,6 @@ function drupal_html_id($id) { // take into account IDs that are already in use on the base page. $seen_ids_init = &drupal_static(__FUNCTION__ . ':init'); if (!isset($seen_ids_init)) { - $ajax_html_ids = \Drupal::request()->request->get('ajax_html_ids'); // Ideally, Drupal would provide an API to persist state information about // prior page requests in the database, and we'd be able to add this // function's $seen_ids static variable to that state information in order @@ -1897,7 +1895,7 @@ function drupal_html_id($id) { // normally not recommended as it could open up security risks, but because // the raw POST data is cast to a number before being returned by this // function, this usage is safe. - if (empty($ajax_html_ids)) { + if (empty($_POST['ajax_html_ids'])) { $seen_ids_init = array(); } else { @@ -1906,7 +1904,7 @@ function drupal_html_id($id) { // requested id. $_POST['ajax_html_ids'] contains the ids as they were // returned by this function, potentially with the appended counter, so // we parse that to reconstruct the $seen_ids array. - $ajax_html_ids = explode(' ', $ajax_html_ids); + $ajax_html_ids = explode(' ', $_POST['ajax_html_ids']); foreach ($ajax_html_ids as $seen_id) { // We rely on '--' being used solely for separating a base id from the // counter, which this function ensures when returning an id. diff --git a/core/includes/form.inc b/core/includes/form.inc index 87f8edfc66b..66734457f3c 100644 --- a/core/includes/form.inc +++ b/core/includes/form.inc @@ -495,8 +495,7 @@ function form_type_checkboxes_value($element, $input = FALSE) { // NULL elements from the array before constructing the return value, to // simulate the behavior of web browsers (which do not send unchecked // checkboxes to the server at all). This will not affect non-programmatic - // form submissions, since all values in \Drupal::request()->request are - // strings. + // form submissions, since all values in $_POST are strings. foreach ($input as $key => $value) { if (!isset($value)) { unset($input[$key]); diff --git a/core/includes/install.core.inc b/core/includes/install.core.inc index e0653b972ed..feda4dcdc8a 100644 --- a/core/includes/install.core.inc +++ b/core/includes/install.core.inc @@ -253,19 +253,9 @@ function install_state_defaults() { * modified with information gleaned from the beginning of the page request. */ function install_begin_request(&$install_state) { - // A request object from the HTTPFoundation to tell us about the request. - $request = Request::createFromGlobals(); - - // Create a minimal container so that t() and $request will work. This - // container will be overriden but it's needed for the very early installation - // process when database tasks run. - $container = new ContainerBuilder(); - $container->set('request', $request); - \Drupal::setContainer($container); - // Add any installation parameters passed in via the URL. if ($install_state['interactive']) { - $install_state['parameters'] += $request->query->all(); + $install_state['parameters'] += $_GET; } // Validate certain core settings that are used throughout the installation. @@ -298,10 +288,13 @@ function install_begin_request(&$install_state) { // _drupal_load_test_overrides() sets the simpletest_conf_path in-memory // setting in this case. if ($install_state['interactive'] && drupal_valid_test_ua() && !settings()->get('simpletest_conf_path')) { - header($request->server->get('SERVER_PROTOCOL') . ' 403 Forbidden'); + header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); exit; } + // A request object from the HTTPFoundation to tell us about the request. + $request = Request::createFromGlobals(); + // If we have a language selected and it is not yet saved in the system // (eg. pre-database data screens we are unable to persistently store // the default language), we should set language_default so the proper @@ -331,6 +324,10 @@ function install_begin_request(&$install_state) { // Determine whether the configuration system is ready to operate. $install_state['config_verified'] = install_verify_config_directory(CONFIG_ACTIVE_DIRECTORY) && install_verify_config_directory(CONFIG_STAGING_DIRECTORY); + // Create a minimal container for t() to work. + // This container will be overriden but it needed for the very early + // installation process when database tasks run. + $container = new ContainerBuilder(); // Register the translation services. install_register_translation_service($container); \Drupal::setContainer($container); @@ -1351,7 +1348,7 @@ function install_select_profile(&$install_state) { * * A profile will be selected if: * - Only one profile is available, - * - A profile was submitted through \Drupal::request()->request, + * - A profile was submitted through $_POST, * - Exactly one of the profiles is marked as "exclusive". * If multiple profiles are marked as "exclusive" then no profile will be * selected. @@ -1365,13 +1362,12 @@ function install_select_profile(&$install_state) { */ function _install_select_profile($profiles) { // Don't need to choose profile if only one available. - $request_params = \Drupal::request()->request; if (count($profiles) == 1) { $profile = array_pop($profiles); return $profile->name; } - elseif ($request_params->has('profile') && ($profile = $request_params->get('profile')) && isset($profiles[$profile])) { - return $profiles[$profile]->name; + elseif (!empty($_POST['profile']) && isset($profiles[$_POST['profile']])) { + return $profiles[$_POST['profile']]->name; } // Check for a profile marked as "exclusive" and ensure that only one // profile is marked as such. @@ -1552,7 +1548,6 @@ function install_select_language(&$install_state) { // Find all available translation files. $files = install_find_translations(); $install_state['translations'] += $files; - $request_params = \Drupal::request()->request; // If a valid language code is set, continue with the next installation step. // When translations from the localization server are used, any language code @@ -1560,9 +1555,9 @@ function install_select_language(&$install_state) { // langauges available at http://localize.drupal.org. // When files from the translation directory are used, we only accept // languages for which a file is available. - if ($request_params->has('langcode')) { + if (!empty($_POST['langcode'])) { $standard_languages = LanguageManager::getStandardLanguageList(); - $langcode = $request_params->get('langcode'); + $langcode = $_POST['langcode']; if ($langcode == 'en' || isset($files[$langcode]) || isset($standard_languages[$langcode])) { $install_state['parameters']['langcode'] = $langcode; return; @@ -2104,8 +2099,7 @@ function install_configure_form($form, &$form_state, &$install_state) { // especially out of place on the last page of the installer, where it would // distract from the message that the Drupal installation has completed // successfully.) - $post_params = \Drupal::request()->request->all(); - if (empty($post_params) && (!drupal_verify_install_file(DRUPAL_ROOT . '/' . $settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE) || !drupal_verify_install_file(DRUPAL_ROOT . '/' . $settings_dir, FILE_NOT_WRITABLE, 'dir'))) { + if (empty($_POST) && (!drupal_verify_install_file(DRUPAL_ROOT . '/' . $settings_file, FILE_EXIST|FILE_READABLE|FILE_NOT_WRITABLE) || !drupal_verify_install_file(DRUPAL_ROOT . '/' . $settings_dir, FILE_NOT_WRITABLE, 'dir'))) { drupal_set_message(t('All necessary changes to %dir and %file have been made, so you should remove write permissions to them now in order to avoid security risks. If you are unsure how to do so, consult the online handbook.', array('%dir' => $settings_dir, '%file' => $settings_file, '@handbook_url' => 'http://drupal.org/server-permissions')), 'warning'); } diff --git a/core/includes/language.inc b/core/includes/language.inc index 618e3a70028..07cc3835421 100644 --- a/core/includes/language.inc +++ b/core/includes/language.inc @@ -100,8 +100,7 @@ const LANGUAGE_NEGOTIATION_INTERFACE = 'language-interface'; * $langcode = language_from_url($languages); * * // If we are on an administrative path, override with the default language. - * $query = \Drupal::request()->query; - * if ($query->has('q') && strtok($query->get('q'), '/') == 'admin') { + * if (isset($_GET['q']) && strtok($_GET['q'], '/') == 'admin') { * return language_default()->id; * } * return $langcode; diff --git a/core/includes/pager.inc b/core/includes/pager.inc index 98746897386..ba7f65b27e1 100644 --- a/core/includes/pager.inc +++ b/core/includes/pager.inc @@ -16,13 +16,13 @@ use Drupal\Component\Utility\Url; * * @return * The number of the current requested page, within the pager represented by - * $element. This is determined from the URL query parameter - * \Drupal::request()->query->get('page'), or 0 by default. Note that this - * number may differ from the actual page being displayed. For example, if a - * search for "example text" brings up three pages of results, but a users - * visits search/node/example+text?page=10, this function will return 10, even - * though the default pager implementation adjusts for this and still displays - * the third page of search results at that URL. + * $element. This is determined from the URL query parameter $_GET['page'], or + * 0 by default. Note that this number may differ from the actual page being + * displayed. For example, if a search for "example text" brings up three + * pages of results, but a users visits search/node/example+text?page=10, this + * function will return 10, even though the default pager implementation + * adjusts for this and still displays the third page of search results at + * that URL. * * @see pager_default_initialize() */ @@ -109,11 +109,10 @@ function pager_find_page($element = 0) { * * @return * The number of the current page, within the pager represented by $element. - * This is determined from the URL query parameter - * \Drupal::request()->query->get('page), or 0 by default. However, if a page - * that does not correspond to the actual range of the result set was - * requested, this function will return the closest page actually within the - * result set. + * This is determined from the URL query parameter $_GET['page'], or 0 by + * default. However, if a page that does not correspond to the actual range + * of the result set was requested, this function will return the closest + * page actually within the result set. */ function pager_default_initialize($total, $limit, $element = 0) { global $pager_page_array, $pager_total, $pager_total_items, $pager_limits; diff --git a/core/includes/session.inc b/core/includes/session.inc index 5ffbb8ded8d..4cc81397e42 100644 --- a/core/includes/session.inc +++ b/core/includes/session.inc @@ -83,8 +83,7 @@ function _drupal_session_read($sid) { // Handle the case of first time visitors and clients that don't store // cookies (eg. web crawlers). $insecure_session_name = substr(session_name(), 1); - $cookies = \Drupal::request()->cookies; - if (!$cookies->has(session_name()) && !$cookies->has($insecure_session_name)) { + if (!isset($_COOKIE[session_name()]) && !isset($_COOKIE[$insecure_session_name])) { $user = new UserSession(); return ''; } @@ -96,9 +95,9 @@ function _drupal_session_read($sid) { if (\Drupal::request()->isSecure()) { $values = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.ssid = :ssid", array(':ssid' => $sid))->fetchAssoc(); if (!$values) { - if ($cookies->has($insecure_session_name)) { + if (isset($_COOKIE[$insecure_session_name])) { $values = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = :sid AND s.uid = 0", array( - ':sid' => $cookies->get($insecure_session_name))) + ':sid' => $_COOKIE[$insecure_session_name])) ->fetchAssoc(); } } @@ -189,14 +188,13 @@ function _drupal_session_write($sid, $value) { // On HTTPS connections, use the session ID as both 'sid' and 'ssid'. if (\Drupal::request()->isSecure()) { $key['ssid'] = $sid; - $cookies = \Drupal::request()->cookies; // The "secure pages" setting allows a site to simultaneously use both // secure and insecure session cookies. If enabled and both cookies are // presented then use both keys. if (settings()->get('mixed_mode_sessions', FALSE)) { $insecure_session_name = substr(session_name(), 1); - if ($cookies->has($insecure_session_name)) { - $key['sid'] = $cookies->get($insecure_session_name); + if (isset($_COOKIE[$insecure_session_name])) { + $key['sid'] = $_COOKIE[$insecure_session_name]; } } } @@ -243,8 +241,9 @@ function drupal_session_initialize() { session_set_save_handler('_drupal_session_open', '_drupal_session_close', '_drupal_session_read', '_drupal_session_write', '_drupal_session_destroy', '_drupal_session_garbage_collection'); $is_https = \Drupal::request()->isSecure(); - $cookies = \Drupal::request()->cookies; - if (($cookies->has(session_name()) && ($session_name = $cookies->get(session_name()))) || ($is_https && settings()->get('mixed_mode_sessions', FALSE) && ($cookies->has(substr(session_name(), 1))) && ($session_name = $cookies->get(substr(session_name(), 1))))) { + // We use !empty() in the following check to ensure that blank session IDs + // are not valid. + if (!empty($_COOKIE[session_name()]) || ($is_https && settings()->get('mixed_mode_sessions', FALSE) && !empty($_COOKIE[substr(session_name(), 1)]))) { // If a session cookie exists, initialize the session. Otherwise the // session is only started on demand in drupal_session_commit(), making // anonymous users not use a session cookie unless something is stored in @@ -268,7 +267,7 @@ function drupal_session_initialize() { if ($is_https && settings()->get('mixed_mode_sessions', FALSE)) { $insecure_session_name = substr(session_name(), 1); $session_id = Crypt::hashBase64(uniqid(mt_rand(), TRUE)); - $cookies->set($insecure_session_name, $session_id); + $_COOKIE[$insecure_session_name] = $session_id; } } date_default_timezone_set(drupal_get_user_timezone()); @@ -324,8 +323,7 @@ function drupal_session_commit() { $insecure_session_name = substr(session_name(), 1); $params = session_get_cookie_params(); $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0; - $cookie_params = \Drupal::request()->cookies; - setcookie($insecure_session_name, $cookie_params->get($insecure_session_name), $expire, $params['path'], $params['domain'], FALSE, $params['httponly']); + setcookie($insecure_session_name, $_COOKIE[$insecure_session_name], $expire, $params['path'], $params['domain'], FALSE, $params['httponly']); } } // Write the session data. @@ -358,12 +356,11 @@ function drupal_session_regenerate() { } $is_https = \Drupal::request()->isSecure(); - $cookies = \Drupal::request()->cookies; if ($is_https && settings()->get('mixed_mode_sessions', FALSE)) { $insecure_session_name = substr(session_name(), 1); - if (!isset($GLOBALS['lazy_session']) && $cookies->has($insecure_session_name)) { - $old_insecure_session_id = $cookies->get($insecure_session_name); + if (!isset($GLOBALS['lazy_session']) && isset($_COOKIE[$insecure_session_name])) { + $old_insecure_session_id = $_COOKIE[$insecure_session_name]; } $params = session_get_cookie_params(); $session_id = Crypt::hashBase64(uniqid(mt_rand(), TRUE) . Crypt::randomBytes(55)); @@ -372,7 +369,7 @@ function drupal_session_regenerate() { // it will expire when the browser is closed. $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0; setcookie($insecure_session_name, $session_id, $expire, $params['path'], $params['domain'], FALSE, $params['httponly']); - $cookies->set($insecure_session_name, $session_id); + $_COOKIE[$insecure_session_name] = $session_id; } if (drupal_session_started()) { @@ -464,14 +461,13 @@ function _drupal_session_destroy($sid) { * Force the secure value of the cookie. */ function _drupal_session_delete_cookie($name, $secure = NULL) { - $cookies = \Drupal::request()->cookies; - if ($cookies->has($name) || (!\Drupal::request()->isSecure() && $secure === TRUE)) { + if (isset($_COOKIE[$name]) || (!\Drupal::request()->isSecure() && $secure === TRUE)) { $params = session_get_cookie_params(); if ($secure !== NULL) { $params['secure'] = $secure; } setcookie($name, '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']); - $cookies->remove($name); + unset($_COOKIE[$name]); } } diff --git a/core/lib/Drupal/Component/Utility/Url.php b/core/lib/Drupal/Component/Utility/Url.php index c7eff3e9526..4fe96e22886 100644 --- a/core/lib/Drupal/Component/Utility/Url.php +++ b/core/lib/Drupal/Component/Utility/Url.php @@ -34,8 +34,7 @@ class Url { * http_build_query() directly. * * @param array $query - * The query parameter array to be processed, - * e.g. \Drupal::request()->query->all(). + * The query parameter array to be processed, e.g. $_GET. * @param string $parent * Internal use only. Used to build the $query array key for nested items. * @@ -119,14 +118,13 @@ class Url { * The returned array contains a 'path' that may be passed separately to url(). * For example: * @code - * $options = Url::parse(\Drupal::request()->query->get('destination')); + * $options = Url::parse($_GET['destination']); * $my_url = url($options['path'], $options); * $my_link = l('Example link', $options['path'], $options); * @endcode * * @param string $url - * The URL string to parse, i.e. - * \Drupal::request()->query->get('destination'). + * The URL string to parse, f.e. $_GET['destination']. * * @return * An associative array containing the keys: diff --git a/core/lib/Drupal/Core/Ajax/AjaxResponse.php b/core/lib/Drupal/Core/Ajax/AjaxResponse.php index 256ea955817..2ed7331590b 100644 --- a/core/lib/Drupal/Core/Ajax/AjaxResponse.php +++ b/core/lib/Drupal/Core/Ajax/AjaxResponse.php @@ -95,11 +95,10 @@ class AjaxResponse extends JsonResponse { // diffing logic using array_diff_key(). $ajax_page_state = $request->request->get('ajax_page_state'); foreach (array('css', 'js') as $type) { - // It is highly suspicious if - // $request->request->get("ajax_page_state[$type]") is empty, since the - // base page ought to have at least one JS file and one CSS file loaded. - // It probably indicates an error, and rather than making the page reload - // all of the files, instead we return no new files. + // It is highly suspicious if $_POST['ajax_page_state'][$type] is empty, + // since the base page ought to have at least one JS file and one CSS file + // loaded. It probably indicates an error, and rather than making the page + // reload all of the files, instead we return no new files. if (empty($ajax_page_state[$type])) { $items[$type] = array(); } diff --git a/core/lib/Drupal/Core/EventSubscriber/RedirectResponseSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/RedirectResponseSubscriber.php index 6cc7916a6c5..609e90963b9 100644 --- a/core/lib/Drupal/Core/EventSubscriber/RedirectResponseSubscriber.php +++ b/core/lib/Drupal/Core/EventSubscriber/RedirectResponseSubscriber.php @@ -48,10 +48,9 @@ class RedirectResponseSubscriber implements EventSubscriberInterface { $options = array(); $destination = $event->getRequest()->query->get('destination'); - // A destination from \Drupal::request()->query always overrides the - // current RedirectResponse. We do not allow absolute URLs to be passed - // via \Drupal::request()->query, as this can be an attack vector, with - // the following exception: + // A destination in $_GET always overrides the current RedirectResponse. + // We do not allow absolute URLs to be passed via $_GET, as this can be an + // attack vector, with the following exception: // - Absolute URLs that point to this site (i.e. same base URL and // base path) are allowed. if ($destination && (!url_is_external($destination) || _external_url_is_local($destination))) { diff --git a/core/lib/Drupal/Core/Form/FormBuilder.php b/core/lib/Drupal/Core/Form/FormBuilder.php index 620c6c9e8fc..8dfcf017fd5 100644 --- a/core/lib/Drupal/Core/Form/FormBuilder.php +++ b/core/lib/Drupal/Core/Form/FormBuilder.php @@ -569,7 +569,7 @@ class FormBuilder implements FormBuilderInterface { public function processForm($form_id, &$form, &$form_state) { $form_state['values'] = array(); - // With GET, these forms are always submitted if requested. + // With $_GET, these forms are always submitted if requested. if ($form_state['method'] == 'get' && !empty($form_state['always_process'])) { if (!isset($form_state['input']['form_build_id'])) { $form_state['input']['form_build_id'] = $form['#build_id']; @@ -1490,10 +1490,9 @@ class FormBuilder implements FormBuilderInterface { $name = array_shift($element['#parents']); $element['#name'] = $name; if ($element['#type'] == 'file') { - // To make it easier to handle files in file.inc, we place all + // To make it easier to handle $_FILES in file.inc, we place all // file fields in the 'files' array. Also, we do not support // nested file names. - // @todo Remove this files prefix now? $element['#name'] = 'files[' . $element['#name'] . ']'; } elseif (count($element['#parents'])) { @@ -1609,8 +1608,7 @@ class FormBuilder implements FormBuilderInterface { if (!empty($element['#is_button'])) { // All buttons in the form need to be tracked for // form_state_values_clean() and for the self::doBuildForm() code that - // handles a form submission containing no button information in - // \Drupal::request()->request. + // handles a form submission containing no button information in $_POST. $form_state['buttons'][] = $element; if ($this->buttonWasClicked($element, $form_state)) { $form_state['triggering_element'] = $element; @@ -1670,15 +1668,15 @@ class FormBuilder implements FormBuilderInterface { // buttons on a form share the same name (usually 'op'), and the specific // return value is used to determine which was clicked. This ONLY works as // long as $form['#name'] puts the value at the top level of the tree of - // \Drupal::request()->request data. + // $_POST data. if (isset($form_state['input'][$element['#name']]) && $form_state['input'][$element['#name']] == $element['#value']) { return TRUE; } // When image buttons are clicked, browsers do NOT pass the form element - // value in \Drupal::request()->Request. Instead they pass an integer - // representing the coordinates of the click on the button image. This means - // that image buttons MUST have unique $form['#name'] values, but the - // details of their \Drupal::request()->request data should be ignored. + // value in $_POST. Instead they pass an integer representing the + // coordinates of the click on the button image. This means that image + // buttons MUST have unique $form['#name'] values, but the details of their + // $_POST data should be ignored. elseif (!empty($element['#has_garbage_value']) && isset($element['#value']) && $element['#value'] !== '') { return TRUE; } diff --git a/core/lib/Drupal/Core/Form/FormBuilderInterface.php b/core/lib/Drupal/Core/Form/FormBuilderInterface.php index 1ccb527afc3..bbe355afc30 100644 --- a/core/lib/Drupal/Core/Form/FormBuilderInterface.php +++ b/core/lib/Drupal/Core/Form/FormBuilderInterface.php @@ -154,9 +154,8 @@ interface FormBuilderInterface extends FormErrorInterface { * understanding of security implications. In almost all cases, code * should use the data in the 'values' array exclusively. The most common * use of this key is for multi-step forms that need to clear some of the - * user input when setting 'rebuild'. The values correspond to - * \Drupal::request()->request or \Drupal::request()->query, depending on - * the 'method' chosen. + * user input when setting 'rebuild'. The values correspond to $_POST or + * $_GET, depending on the 'method' chosen. * - always_process: If TRUE and the method is GET, a form_id is not * necessary. This should only be used on RESTful GET forms that do NOT * write data, as this could lead to security issues. It is useful so that @@ -170,8 +169,8 @@ interface FormBuilderInterface extends FormErrorInterface { * invoked via self::submitForm(). Defaults to FALSE. * - process_input: Boolean flag. TRUE signifies correct form submission. * This is always TRUE for programmed forms coming from self::submitForm() - * (see 'programmed' key), or if the form_id coming from the - * \Drupal::request()->request data is set and matches the current form_id. + * (see 'programmed' key), or if the form_id coming from the $_POST data + * is set and matches the current form_id. * - submitted: If TRUE, the form has been submitted. Defaults to FALSE. * - executed: If TRUE, the form was submitted and has been processed and * executed. Defaults to FALSE. @@ -310,12 +309,11 @@ interface FormBuilderInterface extends FormErrorInterface { * @param $form_state * A keyed array containing the current state of the form. Most important is * the $form_state['values'] collection, a tree of data used to simulate the - * incoming \Drupal::request()->request information from a user's form - * submission. If a key is not filled in $form_state['values'], then the - * default value of the respective element is used. To submit an unchecked - * checkbox or other control that browsers submit by not having a - * \Drupal::request()->request entry, include the key, but set the value to - * NULL. + * incoming $_POST information from a user's form submission. If a key is + * not filled in $form_state['values'], then the default value of the + * respective element is used. To submit an unchecked checkbox or other + * control that browsers submit by not having a $_POST entry, include the + * key, but set the value to NULL. * @param ... * Any additional arguments are passed on to the functions called by * self::submitForm(), including the unique form constructor function. @@ -380,8 +378,8 @@ interface FormBuilderInterface extends FormErrorInterface { * A keyed array containing the current state of the form. This * includes the current persistent storage data for the form, and * any data passed along by earlier steps when displaying a - * multi-step form. Additional information, like the sanitized - * \Drupal::request()->request data, is also accumulated here. + * multi-step form. Additional information, like the sanitized $_POST + * data, is also accumulated here. * * @return \Symfony\Component\HttpFoundation\RedirectResponse|null */ @@ -479,9 +477,8 @@ interface FormBuilderInterface extends FormErrorInterface { * redirect is accomplished by returning a RedirectResponse, passing in the * value of $form_state['redirect'] if it is set, or the current path if it * is not. RedirectResponse preferentially uses the value of - * \Drupal::request->query->get('destination') (the 'destination' URL query - * string) if it is present, so this will override any values set by - * $form_state['redirect']. + * $_GET['destination'] (the 'destination' URL query string) if it is + * present, so this will override any values set by $form_state['redirect']. * * @param $form_state * An associative array containing the current state of the form. @@ -602,7 +599,7 @@ interface FormBuilderInterface extends FormErrorInterface { * A keyed array containing the current state of the form. In this * context, it is used to accumulate information about which button * was clicked when the form was submitted, as well as the sanitized - * \Drupal::request()->request data. + * $_POST data. * * @return array */ diff --git a/core/modules/aggregator/lib/Drupal/aggregator/Form/OpmlFeedAdd.php b/core/modules/aggregator/lib/Drupal/aggregator/Form/OpmlFeedAdd.php index b772f40f8a3..3a4a131c15c 100644 --- a/core/modules/aggregator/lib/Drupal/aggregator/Form/OpmlFeedAdd.php +++ b/core/modules/aggregator/lib/Drupal/aggregator/Form/OpmlFeedAdd.php @@ -138,8 +138,7 @@ class OpmlFeedAdd extends FormBase { */ public function validateForm(array &$form, array &$form_state) { // If both fields are empty or filled, cancel. - $file_upload = $this->getRequest()->files->get('files[upload]', NULL, TRUE); - if (empty($form_state['values']['remote']) == empty($file_upload)) { + if (empty($form_state['values']['remote']) == empty($_FILES['files']['name']['upload'])) { form_set_error('remote', $form_state, $this->t('You must either upload a file or enter a URL.')); } } diff --git a/core/modules/config/lib/Drupal/config/Form/ConfigImportForm.php b/core/modules/config/lib/Drupal/config/Form/ConfigImportForm.php index 729603498fc..be2988ea29c 100644 --- a/core/modules/config/lib/Drupal/config/Form/ConfigImportForm.php +++ b/core/modules/config/lib/Drupal/config/Form/ConfigImportForm.php @@ -74,12 +74,11 @@ class ConfigImportForm extends FormBase { * {@inheritdoc} */ public function validateForm(array &$form, array &$form_state) { - $file_upload = $this->getRequest()->files->get('files[import_tarball]', NULL, TRUE); - if ($file_upload && $file_upload->isValid()) { - $form_state['values']['import_tarball'] = $file_upload->getRealPath(); + if (!empty($_FILES['files']['error']['import_tarball'])) { + form_set_error('import_tarball', $form_state, $this->t('The import tarball could not be uploaded.')); } else { - form_set_error('import_tarball', $form_state, $this->t('The import tarball could not be uploaded.')); + $form_state['values']['import_tarball'] = $_FILES['files']['tmp_name']['import_tarball']; } } diff --git a/core/modules/editor/lib/Drupal/editor/Form/EditorImageDialog.php b/core/modules/editor/lib/Drupal/editor/Form/EditorImageDialog.php index b3512b54dd0..6e78c7f19ed 100644 --- a/core/modules/editor/lib/Drupal/editor/Form/EditorImageDialog.php +++ b/core/modules/editor/lib/Drupal/editor/Form/EditorImageDialog.php @@ -33,8 +33,8 @@ class EditorImageDialog extends FormBase { * The filter format for which this dialog corresponds. */ public function buildForm(array $form, array &$form_state, FilterFormat $filter_format = NULL) { - // The default values are set directly from \Drupal::request()->request, - // provided by the editor plugin opening the dialog. + // The default values are set directly from $_POST, provided by the + // editor plugin opening the dialog. if (!isset($form_state['image_element'])) { $form_state['image_element'] = isset($form_state['input']['editor_object']) ? $form_state['input']['editor_object'] : array(); } diff --git a/core/modules/editor/lib/Drupal/editor/Form/EditorLinkDialog.php b/core/modules/editor/lib/Drupal/editor/Form/EditorLinkDialog.php index 0e76f79de91..9bc2948d808 100644 --- a/core/modules/editor/lib/Drupal/editor/Form/EditorLinkDialog.php +++ b/core/modules/editor/lib/Drupal/editor/Form/EditorLinkDialog.php @@ -33,8 +33,8 @@ class EditorLinkDialog extends FormBase { * The filter format for which this dialog corresponds. */ public function buildForm(array $form, array &$form_state, FilterFormat $filter_format = NULL) { - // The default values are set directly from \Drupal::request()->request, - // provided by the editor plugin opening the dialog. + // The default values are set directly from $_POST, provided by the + // editor plugin opening the dialog. $input = isset($form_state['input']['editor_object']) ? $form_state['input']['editor_object'] : array(); $form['#tree'] = TRUE; diff --git a/core/modules/file/file.module b/core/modules/file/file.module index f2b0feffc46..db827fa76c5 100644 --- a/core/modules/file/file.module +++ b/core/modules/file/file.module @@ -777,9 +777,8 @@ function file_save_upload($form_field_name, array &$form_state, $validators = ar $user = \Drupal::currentUser(); static $upload_cache; - $file_upload = \Drupal::request()->files->get("files[$form_field_name]", NULL, TRUE); // Make sure there's an upload to process. - if (empty($file_upload)) { + if (empty($_FILES['files']['name'][$form_field_name])) { return NULL; } @@ -794,39 +793,40 @@ function file_save_upload($form_field_name, array &$form_state, $validators = ar // Prepare uploaded files info. Representation is slightly different // for multiple uploads and we fix that here. - $uploaded_files = $file_upload; - if (!is_array($file_upload)) { - $uploaded_files = array($file_upload); + $uploaded_files = $_FILES; + if (!is_array($uploaded_files['files']['name'][$form_field_name])) { + foreach (array('name', 'type', 'tmp_name', 'error', 'size') as $value) + $uploaded_files['files'][$value][$form_field_name] = array($uploaded_files['files'][$value][$form_field_name]); } $files = array(); - foreach ($uploaded_files as $i => $file_info) { + foreach ($uploaded_files['files']['name'][$form_field_name] as $i => $name) { // Check for file upload errors and return FALSE for this file if a lower // level system error occurred. For a complete list of errors: // See http://php.net/manual/features.file-upload.errors.php. - switch ($file_info->getError()) { + switch ($uploaded_files['files']['error'][$form_field_name][$i]) { case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: - drupal_set_message(t('The file %file could not be saved because it exceeds %maxsize, the maximum allowed size for uploads.', array('%file' => $file_info->getFilename(), '%maxsize' => format_size(file_upload_max_size()))), 'error'); + drupal_set_message(t('The file %file could not be saved because it exceeds %maxsize, the maximum allowed size for uploads.', array('%file' => $name, '%maxsize' => format_size(file_upload_max_size()))), 'error'); $files[$i] = FALSE; continue; case UPLOAD_ERR_PARTIAL: case UPLOAD_ERR_NO_FILE: - drupal_set_message(t('The file %file could not be saved because the upload did not complete.', array('%file' => $file_info->getFilename())), 'error'); + drupal_set_message(t('The file %file could not be saved because the upload did not complete.', array('%file' => $name)), 'error'); $files[$i] = FALSE; continue; case UPLOAD_ERR_OK: // Final check that this is a valid upload, if it isn't, use the // default error handler. - if (is_uploaded_file($file_info->getRealPath())) { + if (is_uploaded_file($uploaded_files['files']['tmp_name'][$form_field_name][$i])) { break; } // Unknown error default: - drupal_set_message(t('The file %file could not be saved. An unknown error has occurred.', array('%file' => $file_info->getFilename())), 'error'); + drupal_set_message(t('The file %file could not be saved. An unknown error has occurred.', array('%file' => $name)), 'error'); $files[$i] = FALSE; continue; @@ -835,9 +835,9 @@ function file_save_upload($form_field_name, array &$form_state, $validators = ar $values = array( 'uid' => $user->id(), 'status' => 0, - 'filename' => $file_info->getClientOriginalName(), - 'uri' => $file_info->getRealPath(), - 'filesize' => $file_info->getSize(), + 'filename' => trim(drupal_basename($name, '.')), + 'uri' => $uploaded_files['files']['tmp_name'][$form_field_name][$i], + 'filesize' => $uploaded_files['files']['size'][$form_field_name][$i], ); $values['filemime'] = file_get_mimetype($values['filename']); $file = entity_create('file', $values); @@ -940,7 +940,7 @@ function file_save_upload($form_field_name, array &$form_state, $validators = ar // directory. This overcomes open_basedir restrictions for future file // operations. $file->uri = $file->destination; - if (!drupal_move_uploaded_file($file_info->getRealPath(), $file->getFileUri())) { + if (!drupal_move_uploaded_file($uploaded_files['files']['tmp_name'][$form_field_name][$i], $file->getFileUri())) { form_set_error($form_field_name, $form_state, t('File upload error. Could not move uploaded file.')); watchdog('file', 'Upload error. Could not move uploaded file %file to destination %destination.', array('%file' => $file->filename, '%destination' => $file->uri)); $files[$i] = FALSE; @@ -1470,8 +1470,7 @@ function file_managed_file_submit($form, &$form_state) { */ function file_managed_file_save_upload($element, array &$form_state) { $upload_name = implode('_', $element['#parents']); - $file_upload = \Drupal::request()->files->get("files[$upload_name]", NULL, TRUE); - if (empty($file_upload)) { + if (empty($_FILES['files']['name'][$upload_name])) { return FALSE; } @@ -1483,8 +1482,8 @@ function file_managed_file_save_upload($element, array &$form_state) { } // Save attached files to the database. - $files_uploaded = $element['#multiple'] && count(array_filter($file_upload)) > 0; - $files_uploaded |= !$element['#multiple'] && !empty($file_upload); + $files_uploaded = $element['#multiple'] && count(array_filter($_FILES['files']['name'][$upload_name])) > 0; + $files_uploaded |= !$element['#multiple'] && !empty($_FILES['files']['name'][$upload_name]); if ($files_uploaded) { if (!$files = file_save_upload($upload_name, $form_state, $element['#upload_validators'], $destination)) { watchdog('file', 'The file upload failed. %upload', array('%upload' => $upload_name)); diff --git a/core/modules/node/lib/Drupal/node/Plugin/Search/NodeSearch.php b/core/modules/node/lib/Drupal/node/Plugin/Search/NodeSearch.php index 17381849fa0..547562b3e26 100644 --- a/core/modules/node/lib/Drupal/node/Plugin/Search/NodeSearch.php +++ b/core/modules/node/lib/Drupal/node/Plugin/Search/NodeSearch.php @@ -176,8 +176,8 @@ class NodeSearch extends SearchPluginBase implements AccessibleInterface, Search ->searchExpression($keys, $this->getPluginId()); // Handle advanced search filters in the f query string. - // \Drupal::request()->query->get('f') is an array that looks like this in - // the URL: ?f[]=type:page&f[]=term:27&f[]=term:13&f[]=langcode:en + // $_GET['f'] is an array that looks like this in the URL: + // ?f[]=type:page&f[]=term:27&f[]=term:13&f[]=langcode:en // So $parameters['f'] looks like: // array('type:page', 'term:27', 'term:13', 'langcode:en'); // We need to parse this out into query conditions. diff --git a/core/modules/search/lib/Drupal/search/Controller/SearchController.php b/core/modules/search/lib/Drupal/search/Controller/SearchController.php index 98dae2b1968..bda72592326 100644 --- a/core/modules/search/lib/Drupal/search/Controller/SearchController.php +++ b/core/modules/search/lib/Drupal/search/Controller/SearchController.php @@ -72,8 +72,8 @@ class SearchController extends ControllerBase implements ContainerInjectionInter public function view(Request $request, $plugin_id = NULL, $keys = NULL) { $info = FALSE; $keys = trim($keys); - // Also try to pull search keywords from the request to support old GET - // format of searches for existing links. + // Also try to pull search keywords out of the $_REQUEST variable to + // support old GET format of searches for existing links. if (!$keys && $request->query->has('keys')) { $keys = trim($request->query->get('keys')); } @@ -105,11 +105,11 @@ class SearchController extends ControllerBase implements ContainerInjectionInter // Default results output is an empty string. $results = array('#markup' => ''); - // Process the search form. Note that if there is - // \Drupal::request()->request data, search_form_submit() will cause a - // redirect to search/[path]/[keys], which will get us back to this page - // callback. In other words, the search form submits with POST but redirects - // to GET. This way we can keep the search query URL clean as a whistle. + // Process the search form. Note that if there is $_POST data, + // search_form_submit() will cause a redirect to search/[path]/[keys], + // which will get us back to this page callback. In other words, the search + // form submits with POST but redirects to GET. This way we can keep + // the search query URL clean as a whistle. if ($request->request->has('form_id') || $request->request->get('form_id') != 'search_form') { // Only search if there are keywords or non-empty conditions. if ($plugin->isSearchExecutable()) { diff --git a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php index 219762f4332..6ba4428fb1b 100644 --- a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php +++ b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php @@ -1139,16 +1139,13 @@ abstract class WebTestBase extends TestBase { // debug the code running on the child site. In order to make debuggers work // this bit of information is forwarded. Make sure that the debugger listens // to at least three external connections. - $request = \Drupal::request(); - $cookie_params = $request->cookies; - if ($cookie_params->has('XDEBUG_SESSION')) { - $cookies[] = 'XDEBUG_SESSION=' . $cookie_params->get('XDEBUG_SESSION'); + if (isset($_COOKIE['XDEBUG_SESSION'])) { + $cookies[] = 'XDEBUG_SESSION=' . $_COOKIE['XDEBUG_SESSION']; } // For CLI requests, the information is stored in $_SERVER. - $server = $request->server; - if ($server->has('XDEBUG_CONFIG')) { + if (isset($_SERVER['XDEBUG_CONFIG'])) { // $_SERVER['XDEBUG_CONFIG'] has the form "key1=value1 key2=value2 ...". - $pairs = explode(' ', $server->get('XDEBUG_CONFIG')); + $pairs = explode(' ', $_SERVER['XDEBUG_CONFIG']); foreach ($pairs as $pair) { list($key, $value) = explode('=', $pair); // Account for key-value pairs being separated by multiple spaces. diff --git a/core/modules/system/lib/Drupal/system/Tests/Bootstrap/OverrideServerVariablesUnitTest.php b/core/modules/system/lib/Drupal/system/Tests/Bootstrap/OverrideServerVariablesUnitTest.php index 67ee7b6950f..0717b105aac 100644 --- a/core/modules/system/lib/Drupal/system/Tests/Bootstrap/OverrideServerVariablesUnitTest.php +++ b/core/modules/system/lib/Drupal/system/Tests/Bootstrap/OverrideServerVariablesUnitTest.php @@ -8,17 +8,11 @@ namespace Drupal\system\Tests\Bootstrap; use Drupal\simpletest\UnitTestBase; -use Symfony\Component\DependencyInjection\ContainerBuilder; -use Symfony\Component\HttpFoundation\Request; /** * Tests for overriding server variables via the API. */ class OverrideServerVariablesUnitTest extends UnitTestBase { - - /** - * {@inheritdoc} - */ public static function getInfo() { return array( 'name' => 'Overriding server variables', @@ -46,17 +40,17 @@ class OverrideServerVariablesUnitTest extends UnitTestBase { ), ); foreach ($tests as $url => $expected_server_values) { - $container = \Drupal::getContainer(); - $request = Request::createFromGlobals(); - $container->set('request', $request); - \Drupal::setContainer($container); - + // Remember the original value of $_SERVER, since the function call below + // will modify it. + $original_server = $_SERVER; // Call drupal_override_server_variables() and ensure that all expected // $_SERVER variables were modified correctly. drupal_override_server_variables(array('url' => $url)); foreach ($expected_server_values as $key => $value) { - $this->assertIdentical(\Drupal::request()->server->get($key), $value); + $this->assertIdentical($_SERVER[$key], $value); } + // Restore the original value of $_SERVER. + $_SERVER = $original_server; } } } diff --git a/core/modules/system/lib/Drupal/system/Tests/Common/HtmlIdentifierUnitTest.php b/core/modules/system/lib/Drupal/system/Tests/Common/HtmlIdentifierUnitTest.php index 73cd1368c7e..a81feb89545 100644 --- a/core/modules/system/lib/Drupal/system/Tests/Common/HtmlIdentifierUnitTest.php +++ b/core/modules/system/lib/Drupal/system/Tests/Common/HtmlIdentifierUnitTest.php @@ -8,7 +8,6 @@ namespace Drupal\system\Tests\Common; use Drupal\simpletest\UnitTestBase; -use Symfony\Component\HttpFoundation\Request; /** * Tests cleaning HTML identifiers. @@ -22,18 +21,6 @@ class HtmlIdentifierUnitTest extends UnitTestBase { ); } - /** - * {@inheritdoc} - */ - public function setUp() { - parent::setUp(); - - $container = \Drupal::getContainer(); - $request = new Request(); - $container->set('request', $request); - \Drupal::setContainer($container); - } - /** * Tests that drupal_clean_css_identifier() cleans the identifier properly. */ diff --git a/core/modules/system/lib/Drupal/system/Tests/Common/TableSortExtenderUnitTest.php b/core/modules/system/lib/Drupal/system/Tests/Common/TableSortExtenderUnitTest.php index 59eca4a28b4..241949fce4a 100644 --- a/core/modules/system/lib/Drupal/system/Tests/Common/TableSortExtenderUnitTest.php +++ b/core/modules/system/lib/Drupal/system/Tests/Common/TableSortExtenderUnitTest.php @@ -15,6 +15,13 @@ use Symfony\Component\HttpFoundation\Request; */ class TableSortExtenderUnitTest extends UnitTestBase { + /** + * Storage for initial value of $_GET. + * + * @var array + */ + protected $GET = array(); + public static function getInfo() { return array( 'name' => 'Tablesort', @@ -23,6 +30,20 @@ class TableSortExtenderUnitTest extends UnitTestBase { ); } + function setUp() { + // Save the original $_GET to be restored later. + $this->GET = $_GET; + + parent::setUp(); + } + + function tearDown() { + // Revert $_GET. + $_GET = $this->GET; + + parent::tearDown(); + } + /** * Tests tablesort_init(). */ @@ -31,8 +52,8 @@ class TableSortExtenderUnitTest extends UnitTestBase { // Test simple table headers. $headers = array('foo', 'bar', 'baz'); - // Reset $requesr->query to prevent parameters from Simpletest and Batch API - // ending up in $ts['query']. + // Reset $_GET to prevent parameters from Simpletest and Batch API ending + // up in $ts['query']. $expected_ts = array( 'name' => 'foo', 'sql' => '', diff --git a/core/modules/system/lib/Drupal/system/Tests/Entity/EntityViewBuilderTest.php b/core/modules/system/lib/Drupal/system/Tests/Entity/EntityViewBuilderTest.php index ab1c086a175..b649cf6ac49 100644 --- a/core/modules/system/lib/Drupal/system/Tests/Entity/EntityViewBuilderTest.php +++ b/core/modules/system/lib/Drupal/system/Tests/Entity/EntityViewBuilderTest.php @@ -40,7 +40,7 @@ class EntityViewBuilderTest extends EntityUnitTestBase { */ public function testEntityViewBuilderCache() { // Force a request via GET so we can get drupal_render() cache working. - $request_method = \Drupal::request()->server->get('REQUEST_METHOD'); + $request_method = $_SERVER['REQUEST_METHOD']; $this->container->get('request')->setMethod('GET'); $entity_test = $this->createTestEntity('entity_test'); @@ -85,7 +85,7 @@ class EntityViewBuilderTest extends EntityUnitTestBase { */ public function testEntityViewBuilderCacheWithReferences() { // Force a request via GET so we can get drupal_render() cache working. - $request_method = \Drupal::request()->server->get('REQUEST_METHOD'); + $request_method = $_SERVER['REQUEST_METHOD']; $this->container->get('request')->setMethod('GET'); // Create an entity reference field and an entity that will be referenced. diff --git a/core/modules/system/lib/Drupal/system/Tests/Form/TriggeringElementTest.php b/core/modules/system/lib/Drupal/system/Tests/Form/TriggeringElementTest.php index 1c4f1df637a..2ca12a1a6de 100644 --- a/core/modules/system/lib/Drupal/system/Tests/Form/TriggeringElementTest.php +++ b/core/modules/system/lib/Drupal/system/Tests/Form/TriggeringElementTest.php @@ -95,7 +95,7 @@ class TriggeringElementTest extends WebTestBase { // trying to get around security safeguards could easily do. We have to do // a little trickery here, to work around the safeguards in drupalPostForm(): by // renaming the text field that is in the form to 'button1', we can get the - // data we want into \Drupal::request()->request. + // data we want into $_POST. $elements = $this->xpath('//form[@id="' . $form_html_id . '"]//input[@name="text"]'); $elements[0]['name'] = 'button1'; $this->drupalPostForm(NULL, array('button1' => 'button1'), NULL, array(), array(), $form_html_id); diff --git a/core/modules/system/system.install b/core/modules/system/system.install index af38deefc32..3c5e9d02e22 100644 --- a/core/modules/system/system.install +++ b/core/modules/system/system.install @@ -44,7 +44,7 @@ function system_requirements($phase) { } // Web server information. - $software = \Drupal::request()->server->get('SERVER_SOFTWARE'); + $software = $_SERVER['SERVER_SOFTWARE']; $requirements['webserver'] = array( 'title' => t('Web server'), 'value' => $software, diff --git a/core/modules/system/system.module b/core/modules/system/system.module index af1a020240f..c0a3389d8a0 100644 --- a/core/modules/system/system.module +++ b/core/modules/system/system.module @@ -2733,7 +2733,7 @@ function system_default_region($theme) { function system_admin_compact_mode() { // PHP converts dots into underscores in cookie names to avoid problems with // its parser, so we use a converted cookie name. - return \Drupal::request()->cookies->get('Drupal_visitor_admin_compact_mode', \Drupal::config('system.site')->get('admin_compact_mode')); + return isset($_COOKIE['Drupal_visitor_admin_compact_mode']) ? $_COOKIE['Drupal_visitor_admin_compact_mode'] : \Drupal::config('system.site')->get('admin_compact_mode'); } /** diff --git a/core/modules/system/tests/modules/ajax_test/ajax_test.module b/core/modules/system/tests/modules/ajax_test/ajax_test.module index ec2f239318b..f42844fb7f0 100644 --- a/core/modules/system/tests/modules/ajax_test/ajax_test.module +++ b/core/modules/system/tests/modules/ajax_test/ajax_test.module @@ -78,9 +78,8 @@ function ajax_test_order() { */ function ajax_test_error() { $message = ''; - $query = \Drupal::request()->query; - if ($query->has('message')) { - $message = $query->get('message'); + if (!empty($_GET['message'])) { + $message = $_GET['message']; } $response = new AjaxResponse(); $response->addCommand(new AlertCommand($message)); diff --git a/core/modules/system/tests/modules/form_test/form_test.module b/core/modules/system/tests/modules/form_test/form_test.module index a9328686619..bcd8483e4e2 100644 --- a/core/modules/system/tests/modules/form_test/form_test.module +++ b/core/modules/system/tests/modules/form_test/form_test.module @@ -605,7 +605,7 @@ function form_test_storage_form($form, &$form_state) { '#value' => 'Save', ); - if (\Drupal::request()->get('cache')) { + if (isset($_REQUEST['cache'])) { // Manually activate caching, so we can test that the storage keeps working // when it's enabled. $form_state['cache'] = TRUE; @@ -624,7 +624,7 @@ function form_test_storage_element_validate_value_cached($element, &$form_state) // This presumes that another submitted form value triggers a validation error // elsewhere in the form. Form API should still update the cached form storage // though. - if (\Drupal::request()->get('cache') && $form_state['values']['value'] == 'change_title') { + if (isset($_REQUEST['cache']) && $form_state['values']['value'] == 'change_title') { $form_state['storage']['thing']['changed'] = TRUE; } } @@ -1760,7 +1760,7 @@ function form_test_state_persist_submit($form, &$form_state) { function form_test_form_form_test_state_persist_alter(&$form, &$form_state) { // Simulate a form alter implementation inserting form elements that enable // caching of the form, e.g. elements having #ajax. - if (\Drupal::request()->get('cache')) { + if (!empty($_REQUEST['cache'])) { $form_state['cache'] = TRUE; } } @@ -1973,7 +1973,7 @@ function form_test_form_user_register_form_alter(&$form, &$form_state) { '#submit' => array('form_test_user_register_form_rebuild'), ); // If requested, add the test field by attaching the node page form. - if (\Drupal::request()->request->has('field')) { + if (!empty($_REQUEST['field'])) { $node = entity_create('node', array( 'type' => 'page', )); diff --git a/core/modules/system/tests/modules/menu_test/menu_test.module b/core/modules/system/tests/modules/menu_test/menu_test.module index 4ba4ad4ddfd..ab2ef302894 100644 --- a/core/modules/system/tests/modules/menu_test/menu_test.module +++ b/core/modules/system/tests/modules/menu_test/menu_test.module @@ -11,7 +11,7 @@ use Drupal\menu_link\Entity\MenuLink; * Implements hook_menu(). */ function menu_test_menu() { - // The name of the menu changes during the course of the test. Using a GET. + // The name of the menu changes during the course of the test. Using a $_GET. $items['menu_name_test'] = array( 'title' => 'Test menu_name router item', 'route_name' => 'menu_test.menu_name_test', diff --git a/core/modules/system/tests/modules/system_test/system_test.module b/core/modules/system/tests/modules/system_test/system_test.module index aa93e6d672a..56ae2061c9c 100644 --- a/core/modules/system/tests/modules/system_test/system_test.module +++ b/core/modules/system/tests/modules/system_test/system_test.module @@ -8,9 +8,8 @@ use Symfony\Component\HttpFoundation\RedirectResponse; * @deprecated \Drupal\system_test\Controller\SystemTestController::setHeader() */ function system_test_set_header() { - $query = \Drupal::request()->query->all(); - drupal_add_http_header($query['name'], $query['value']); - return t('The following header was set: %name: %value', array('%name' => $query['name'], '%value' => $query['value'])); + drupal_add_http_header($_GET['name'], $_GET['value']); + return t('The following header was set: %name: %value', array('%name' => $_GET['name'], '%value' => $_GET['value'])); } /** diff --git a/core/modules/taxonomy/lib/Drupal/taxonomy/Form/OverviewTerms.php b/core/modules/taxonomy/lib/Drupal/taxonomy/Form/OverviewTerms.php index 25edaad9803..d0fc0a3ec71 100644 --- a/core/modules/taxonomy/lib/Drupal/taxonomy/Form/OverviewTerms.php +++ b/core/modules/taxonomy/lib/Drupal/taxonomy/Form/OverviewTerms.php @@ -170,7 +170,7 @@ class OverviewTerms extends FormBase { // error. Ensure the form is rebuilt in the same order as the user // submitted. if (!empty($form_state['input'])) { - // Get the POST order. + // Get the $_POST order. $order = array_flip(array_keys($form_state['input']['terms'])); // Update our form with the new order. $current_page = array_merge($order, $current_page); diff --git a/core/modules/update/update.manager.inc b/core/modules/update/update.manager.inc index 19c0dc19abb..d4bde27110b 100644 --- a/core/modules/update/update.manager.inc +++ b/core/modules/update/update.manager.inc @@ -632,8 +632,7 @@ function _update_manager_check_backends(&$form, $operation) { * @see update_manager_install_form_submit() */ function update_manager_install_form_validate($form, &$form_state) { - $uploaded_file = \Drupal::request()->files->get('files[project_upload]', NULL, TRUE); - if (!($form_state['values']['project_url'] XOR !empty($uploaded_file))) { + if (!($form_state['values']['project_url'] XOR !empty($_FILES['files']['name']['project_upload']))) { form_set_error('project_url', $form_state, t('You must either provide a URL or upload an archive file to install.')); } } diff --git a/core/modules/views/lib/Drupal/views/Controller/ViewAjaxController.php b/core/modules/views/lib/Drupal/views/Controller/ViewAjaxController.php index 307d63f62a1..e1aae782f55 100644 --- a/core/modules/views/lib/Drupal/views/Controller/ViewAjaxController.php +++ b/core/modules/views/lib/Drupal/views/Controller/ViewAjaxController.php @@ -106,8 +106,8 @@ class ViewAjaxController implements ContainerInjectionInterface { $request->attributes->set('_system_path', $path); } - // Add all POST data, because AJAX is always a post and many things, - // such as tablesorts, exposed filters and paging assume GET. + // Add all $_POST data, because AJAX is always a post and many things, + // such as tablesorts, exposed filters and paging assume $_GET. $request_all = $request->request->all(); $query_all = $request->query->all(); $request->query->replace($request_all + $query_all); diff --git a/core/modules/views/lib/Drupal/views/Plugin/views/HandlerBase.php b/core/modules/views/lib/Drupal/views/Plugin/views/HandlerBase.php index 0a51c881b9f..311bb9a4678 100644 --- a/core/modules/views/lib/Drupal/views/Plugin/views/HandlerBase.php +++ b/core/modules/views/lib/Drupal/views/Plugin/views/HandlerBase.php @@ -446,7 +446,7 @@ abstract class HandlerBase extends PluginBase { $this->buildExposeForm($form, $form_state); // When we click the expose button, we add new gadgets to the form but they - // have no data in POST so their defaults get wiped out. This prevents + // have no data in $_POST so their defaults get wiped out. This prevents // these defaults from getting wiped out. This setting will only be TRUE // during a 2nd pass rerender. if (!empty($form_state['force_expose_options'])) { diff --git a/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php b/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php index db4a5d8e295..0c505f069ba 100644 --- a/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php +++ b/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php @@ -1484,7 +1484,7 @@ abstract class FieldPluginBase extends HandlerBase { $tokens['!' . $count] = isset($this->view->args[$count - 1]) ? strip_tags(decode_entities($this->view->args[$count - 1])) : ''; } - // Get flattened set of tokens for any array depth in query parameters. + // Get flattened set of tokens for any array depth in $_GET parameters. $tokens += $this->getTokenValuesRecursive(\Drupal::request()->query->all()); // Now add replacements for our fields. diff --git a/core/modules/views/lib/Drupal/views/Plugin/views/filter/FilterPluginBase.php b/core/modules/views/lib/Drupal/views/Plugin/views/filter/FilterPluginBase.php index 91a9d84118f..a05b44763d1 100644 --- a/core/modules/views/lib/Drupal/views/Plugin/views/filter/FilterPluginBase.php +++ b/core/modules/views/lib/Drupal/views/Plugin/views/filter/FilterPluginBase.php @@ -352,7 +352,7 @@ abstract class FilterPluginBase extends HandlerBase { $this->buildExposedFiltersGroupForm($form, $form_state); // When we click the expose button, we add new gadgets to the form but they - // have no data in POST so their defaults get wiped out. This prevents + // have no data in $_POST so their defaults get wiped out. This prevents // these defaults from getting wiped out. This setting will only be TRUE // during a 2nd pass rerender. if (!empty($form_state['force_build_group_options'])) { diff --git a/core/modules/views/lib/Drupal/views/ViewExecutable.php b/core/modules/views/lib/Drupal/views/ViewExecutable.php index 60884d6bfc9..4b0c0ab243b 100644 --- a/core/modules/views/lib/Drupal/views/ViewExecutable.php +++ b/core/modules/views/lib/Drupal/views/ViewExecutable.php @@ -556,7 +556,7 @@ class ViewExecutable { /** * Set the exposed filters input to an array. If unset they will be taken - * from \Drupal::request()->query when the time comes. + * from $_GET when the time comes. */ public function setExposedInput($filters) { $this->exposed_input = $filters; @@ -566,8 +566,8 @@ class ViewExecutable { * Figure out what the exposed input for this view is. */ public function getExposedInput() { - // Fill our input either from \Drupal::request()->query or from something - // previously set on the view. + // Fill our input either from $_GET or from something previously set on the + // view. if (empty($this->exposed_input)) { $this->exposed_input = \Drupal::request()->query->all(); // unset items that are definitely not our input: diff --git a/core/modules/views/views.module b/core/modules/views/views.module index 7954af0a27a..d9f2fdaf776 100644 --- a/core/modules/views/views.module +++ b/core/modules/views/views.module @@ -1099,7 +1099,7 @@ function views_exposed_form($form, &$form_state) { $form['actions'] = array('#type' => 'actions'); $form['actions']['submit'] = array( - // Prevent from showing up in \Drupal::request()->query. + // Prevent from showing up in $_GET. '#name' => '', '#type' => 'submit', '#value' => t('Apply'), diff --git a/core/modules/views_ui/admin.inc b/core/modules/views_ui/admin.inc index f93725a471d..b1c8d9c6a52 100644 --- a/core/modules/views_ui/admin.inc +++ b/core/modules/views_ui/admin.inc @@ -339,10 +339,10 @@ function views_ui_build_form_path($form_state) { * #process callback for a button; determines if a button is the form's triggering element. * * The Form API has logic to determine the form's triggering element based on - * the data in POST. However, it only checks buttons based on a single #value + * the data in $_POST. However, it only checks buttons based on a single #value * per button. This function may be added to a button's #process callbacks to * extend button click detection to support multiple #values per button. If the - * data in POST matches any value in the button's #values array, then the + * data in $_POST matches any value in the button's #values array, then the * button is detected as having been clicked. This can be used when the value * (label) of the same logical button may be different based on context (e.g., * "Apply" vs. "Apply and continue"). diff --git a/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php b/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php index 05b011d886a..f8fd10a431d 100644 --- a/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php +++ b/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php @@ -292,6 +292,9 @@ class ViewEditFormController extends ViewFormControllerBase { if (($display->getPluginId() == 'page') && ($old_path == $destination) && ($old_path != $view->getExecutable()->displayHandlers->get($id)->getOption('path'))) { $destination = $view->getExecutable()->displayHandlers->get($id)->getOption('path'); $query->remove('destination'); + // @todo For whatever reason drupal_goto is still using $_GET. + // @see http://drupal.org/node/1668866 + unset($_GET['destination']); } } $form_state['redirect'] = $destination; diff --git a/core/profiles/minimal/minimal.profile b/core/profiles/minimal/minimal.profile index ed291da4d91..fe6da8c3287 100644 --- a/core/profiles/minimal/minimal.profile +++ b/core/profiles/minimal/minimal.profile @@ -11,5 +11,5 @@ */ function minimal_form_install_configure_form_alter(&$form, $form_state) { // Pre-populate the site name with the server name. - $form['site_information']['site_name']['#default_value'] = \Drupal::request()->server->get('SERVER_NAME'); + $form['site_information']['site_name']['#default_value'] = $_SERVER['SERVER_NAME']; } diff --git a/core/profiles/standard/standard.profile b/core/profiles/standard/standard.profile index 209107d1953..d554c937939 100644 --- a/core/profiles/standard/standard.profile +++ b/core/profiles/standard/standard.profile @@ -11,5 +11,5 @@ */ function standard_form_install_configure_form_alter(&$form, $form_state) { // Pre-populate the site name with the server name. - $form['site_information']['site_name']['#default_value'] = \Drupal::request()->server->get('SERVER_NAME'); + $form['site_information']['site_name']['#default_value'] = $_SERVER['SERVER_NAME']; } diff --git a/core/update.php b/core/update.php index 48059208471..add3646becc 100644 --- a/core/update.php +++ b/core/update.php @@ -221,7 +221,7 @@ function update_info_page() { */ function update_access_denied_page() { drupal_add_http_header('Status', '403 Forbidden'); - header(\Drupal::request()->server->get('SERVER_PROTOCOL') . ' 403 Forbidden'); + header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); watchdog('access denied', 'update.php', NULL, WATCHDOG_WARNING); drupal_set_title('Access denied'); return '

Access denied. You are not authorized to access this page. Log in using either an account with the administer software updates permission or the site maintenance account (the account you created during installation). If you cannot log in, you will have to edit settings.php to bypass this access check. To do this: