use POST parameters for frontend requests

[tt-rss.git] / modules / backend-rpc.php

diff --git a/modules/backend-rpc.php b/modules/backend-rpc.php
index 2d1a8f90b61a7f094946ab0b560664bc08eeab3a..019368685d4738c3bd2c1f26f03cc9d1de7eba68 100644 (file)
--- a/modules/backend-rpc.php
+++ b/modules/backend-rpc.php
@@ -1,7 +1,7 @@
 <?php
        function handle_rpc_request($link) {
 
-               $subop = $_GET["subop"];
+               $subop = $_REQUEST["subop"];
 
                if ($subop == "setpref") {
                        if (WEB_DEMO_MODE) {
@@ -10,8 +10,8 @@
 
                        print "<rpc-reply>";
 
-                       $key = db_escape_string($_GET["key"]);
-                       $value = db_escape_string($_GET["value"]);
+                       $key = db_escape_string($_REQUEST["key"]);
+                       $value = db_escape_string($_REQUEST["value"]);
 
                        set_pref($link, $key, $value);
 
@@ -23,7 +23,7 @@
                }
 
                if ($subop == "getLabelCounters") {
-                       $aid = $_GET["aid"];            
+                       $aid = $_REQUEST["aid"];                
                        print "<rpc-reply>";
                        print "<counters>";
                        getLabelCounters($link);
@@ -50,7 +50,7 @@
                        print "<rpc-reply>";                    
                        print "<counters>";
 
-                       $omode = $_GET["omode"];
+                       $omode = $_REQUEST["omode"];
 
                        getAllCounters($link, $omode);
                        print "</counters>";
@@ -61,8 +61,8 @@
                }
 
                if ($subop == "mark") {
-                       $mark = $_GET["mark"];
-                       $id = db_escape_string($_GET["id"]);
+                       $mark = $_REQUEST["mark"];
+                       $id = db_escape_string($_REQUEST["id"]);
 
                        if ($mark == "1") {
                                $mark = "true";
@@ -87,7 +87,7 @@
                }
 
                if ($subop == "delete") {
-                       $ids = db_escape_string($_GET["ids"]);
+                       $ids = db_escape_string($_REQUEST["ids"]);
 
                        $result = db_query($link, "DELETE FROM ttrss_user_entries                               
                                WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
@@ -103,7 +103,7 @@
                }
 
                if ($subop == "unarchive") {
-                       $ids = db_escape_string($_GET["ids"]);
+                       $ids = db_escape_string($_REQUEST["ids"]);
 
                        $result = db_query($link, "UPDATE ttrss_user_entries 
                                SET feed_id = orig_feed_id, orig_feed_id = NULL
@@ -120,7 +120,7 @@
                }
 
                if ($subop == "archive") {
-                       $ids = split(",", db_escape_string($_GET["ids"]));
+                       $ids = split(",", db_escape_string($_REQUEST["ids"]));
 
                        foreach ($ids as $id) {
                                archive_article($link, $id, $_SESSION["uid"]);
@@ -183,7 +183,7 @@
                }
 
                if ($subop == "updateFeed") {
-                       $feed_id = db_escape_string($_GET["feed"]);
+                       $feed_id = db_escape_string($_REQUEST["feed"]);
 
                        $result = db_query($link, 
                                "SELECT feed_url FROM ttrss_feeds WHERE id = '$feed_id'
@@ -205,7 +205,7 @@
 
                if ($subop == "forceUpdateAllFeeds" || $subop == "updateAllFeeds") {
        
-                       $global_unread_caller = sprintf("%d", $_GET["uctr"]);
+                       $global_unread_caller = sprintf("%d", $_REQUEST["uctr"]);
                        $global_unread = getGlobalUnread($link);
 
                        print "<rpc-reply>";
@@ -214,7 +214,7 @@
 
                        if ($global_unread_caller != $global_unread) {
 
-                               $omode = $_GET["omode"];
+                               $omode = $_REQUEST["omode"];
         
                                if (!$omode) $omode = "tflc";
 
@@ -251,7 +251,7 @@
 
                        print "<rpc-reply>";
                        print "<counters>";
-                       getAllCounters($link, $_GET["omode"]);
+                       getAllCounters($link, $_REQUEST["omode"]);
                        print "</counters>";
                        print_runtime_info($link);
                        print "</rpc-reply>";
@@ -261,14 +261,14 @@
 
                if ($subop == "markSelected") {
 
-                       $ids = split(",", db_escape_string($_GET["ids"]));
-                       $cmode = sprintf("%d", $_GET["cmode"]);
+                       $ids = split(",", db_escape_string($_REQUEST["ids"]));
+                       $cmode = sprintf("%d", $_REQUEST["cmode"]);
 
                        markArticlesById($link, $ids, $cmode);
 
                        print "<rpc-reply>";
                        print "<counters>";
-                       getAllCounters($link, $_GET["omode"]);
+                       getAllCounters($link, $_REQUEST["omode"]);
                        print "</counters>";
                        print_runtime_info($link);
                        print "</rpc-reply>";
@@ -278,14 +278,14 @@
 
                if ($subop == "publishSelected") {
 
-                       $ids = split(",", db_escape_string($_GET["ids"]));
-                       $cmode = sprintf("%d", $_GET["cmode"]);
+                       $ids = split(",", db_escape_string($_REQUEST["ids"]));
+                       $cmode = sprintf("%d", $_REQUEST["cmode"]);
 
                        publishArticlesById($link, $ids, $cmode);
 
                        print "<rpc-reply>";
                        print "<counters>";
-                       getAllCounters($link, $_GET["omode"]);
+                       getAllCounters($link, $_REQUEST["omode"]);
                        print "</counters>";
                        print_runtime_info($link);
                        print "</rpc-reply>";
@@ -301,7 +301,7 @@
                                print_runtime_info($link);
 
                                # assign client-passed params to session
-                               $_SESSION["client.userAgent"] = $_GET["ua"];
+                               $_SESSION["client.userAgent"] = $_REQUEST["ua"];
 
                        }
                        print "</rpc-reply>";
@@ -320,7 +320,7 @@
 
                if ($subop == "getArticleLink") {
 
-                       $id = db_escape_string($_GET["id"]);
+                       $id = db_escape_string($_REQUEST["id"]);
 
                        $result = db_query($link, "SELECT link FROM ttrss_entries, ttrss_user_entries
                                WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'");
@@ -337,9 +337,9 @@
 
                if ($subop == "setArticleTags") {
 
-                       $id = db_escape_string($_GET["id"]);
+                       $id = db_escape_string($_REQUEST["id"]);
 
-                       $tags_str = db_escape_string($_GET["tags_str"]);
+                       $tags_str = db_escape_string($_REQUEST["tags_str"]);
 
                        $tags = array_unique(trim_array(split(",", $tags_str)));
 
@@ -426,8 +426,8 @@
                }
 
                if ($subop == "purge") {
-                       $ids = split(",", db_escape_string($_GET["ids"]));
-                       $days = sprintf("%d", $_GET["days"]);
+                       $ids = split(",", db_escape_string($_REQUEST["ids"]));
+                       $days = sprintf("%d", $_REQUEST["days"]);
 
                        print "<rpc-reply>";