#109 Mattermost fix

jundis · May 11, 2017 · ad3131c · ad3131c
1 parent 1a76f48
commit ad3131c
Show file tree

Hide file tree

Showing 10 changed files with 164 additions and 164 deletions.
diff --git a/cwslack-activities.php b/cwslack-activities.php
@@ -26,9 +26,9 @@
 // Authorization array. Auto encodes API key for auhtorization above.
 $header_data = postHeader($companyname, $apipublickey, $apiprivatekey);
 
-if(empty($_GET['token']) || ($_GET['token'] != $slackactivitiestoken)) die("Slack token invalid."); //If Slack token is not correct, kill the connection. This allows only Slack to access the page for security purposes.
-if(empty($_GET['text'])) die("No text provided."); //If there is no text added, kill the connection.
-$exploded = explode("|",$_GET['text']); //Explode the string attached to the slash command for use in variables.
+if(empty($_REQUEST['token']) || ($_REQUEST['token'] != $slackactivitiestoken)) die("Slack token invalid."); //If Slack token is not correct, kill the connection. This allows only Slack to access the page for security purposes.
+if(empty($_REQUEST['text'])) die("No text provided."); //If there is no text added, kill the connection.
+$exploded = explode("|",$_REQUEST['text']); //Explode the string attached to the slash command for use in variables.
 
 //Check to see if the first command in the text array is actually help, if so redirect to help webpage detailing slash command use.
 if ($exploded[0]=="help") {
@@ -48,7 +48,7 @@
     flush();
     session_write_close();
     if($sendtimeoutwait==true) {
-        cURLPost($_GET["response_url"], array("Content-Type: application/json"), "POST", array("parse" => "full", "response_type" => "ephemeral", "text" => "Please wait..."));
+        cURLPost($_REQUEST["response_url"], array("Content-Type: application/json"), "POST", array("parse" => "full", "response_type" => "ephemeral", "text" => "Please wait..."));
     }
 }
 //End timeout fix block
@@ -95,14 +95,14 @@
 else
 {
     if ($timeoutfix == true) {
-        cURLPost($_GET["response_url"], array("Content-Type: application/json"), "POST", array("parse" => "full", "response_type" => "ephemeral","text" => $return));
+        cURLPost($_REQUEST["response_url"], array("Content-Type: application/json"), "POST", array("parse" => "full", "response_type" => "ephemeral","text" => $return));
     } else {
         die($return); //Post to slack
     }
 	die();
 }
 if ($timeoutfix == true) {
-    cURLPost($_GET["response_url"], array("Content-Type: application/json"), "POST", $return);
+    cURLPost($_REQUEST["response_url"], array("Content-Type: application/json"), "POST", $return);
 } else {
     die(json_encode($return, JSON_PRETTY_PRINT)); //Return properly encoded arrays in JSON for Slack parsing.
 }

diff --git a/cwslack-configs.php b/cwslack-configs.php
@@ -23,10 +23,10 @@
 require_once 'config.php'; //Require config
 require_once 'functions.php'; //Require functions
 
-if(empty($_GET['token']) || ($_GET['token'] != $slackconfigstoken)) die("Slack token invalid."); //If Slack token is not correct, kill the connection. This allows only Slack to access the page for security purposes.
-if(empty($_GET['text'])) die("No text provided."); //If there is no text added, kill the connection.
+if(empty($_REQUEST['token']) || ($_REQUEST['token'] != $slackconfigstoken)) die("Slack token invalid."); //If Slack token is not correct, kill the connection. This allows only Slack to access the page for security purposes.
+if(empty($_REQUEST['text'])) die("No text provided."); //If there is no text added, kill the connection.
 
-$exploded = explode("|",$_GET['text']); //Explode the string attached to the slash command for use in variables.
+$exploded = explode("|",$_REQUEST['text']); //Explode the string attached to the slash command for use in variables.
 
 //Check to see if the first command in the text array is actually help, if so redirect to help webpage detailing slash command use.
 if ($exploded[0]=="help") {
@@ -46,7 +46,7 @@
     flush();
     session_write_close();
     if($sendtimeoutwait==true) {
-        cURLPost($_GET["response_url"], array("Content-Type: application/json"), "POST", array("parse" => "full", "response_type" => "ephemeral", "text" => "Please wait..."));
+        cURLPost($_REQUEST["response_url"], array("Content-Type: application/json"), "POST", array("parse" => "full", "response_type" => "ephemeral", "text" => "Please wait..."));
     }
 }
 //End timeout fix block
@@ -86,7 +86,7 @@
 if($dataTData==NULL) //If no contact is returned or your API URL is incorrect.
 {
     if ($timeoutfix == true) {
-        cURLPost($_GET["response_url"], array("Content-Type: application/json"), "POST", array("parse" => "full", "response_type" => "ephemeral","text" => "No configuration found."));
+        cURLPost($_REQUEST["response_url"], array("Content-Type: application/json"), "POST", array("parse" => "full", "response_type" => "ephemeral","text" => "No configuration found."));
     } else {
         die("No configuration found."); //Return properly encoded arrays in JSON for Slack parsing.
     }
@@ -162,7 +162,7 @@
 );
 
 if ($timeoutfix == true) {
-    cURLPost($_GET["response_url"], array("Content-Type: application/json"), "POST", $return);
+    cURLPost($_REQUEST["response_url"], array("Content-Type: application/json"), "POST", $return);
 } else {
     die(json_encode($return, JSON_PRETTY_PRINT)); //Return properly encoded arrays in JSON for Slack parsing.
 }

diff --git a/cwslack-contacts.php b/cwslack-contacts.php
@@ -23,10 +23,10 @@
 require_once 'config.php';
 require_once 'functions.php';
 
-if(empty($_GET['token']) || ($_GET['token'] != $slackcontactstoken)) die("Slack token invalid."); //If Slack token is not correct, kill the connection. This allows only Slack to access the page for security purposes.
-if(empty($_GET['text'])) die("No text provided."); //If there is no text added, kill the connection.
+if(empty($_REQUEST['token']) || ($_REQUEST['token'] != $slackcontactstoken)) die("Slack token invalid."); //If Slack token is not correct, kill the connection. This allows only Slack to access the page for security purposes.
+if(empty($_REQUEST['text'])) die("No text provided."); //If there is no text added, kill the connection.
 
-$exploded = explode(" ",$_GET['text']); //Explode the string attached to the slash command for use in variables.
+$exploded = explode(" ",$_REQUEST['text']); //Explode the string attached to the slash command for use in variables.
 
 //Check to see if the first command in the text array is actually help, if so redirect to help webpage detailing slash command use.
 if ($exploded[0]=="help") {
@@ -46,7 +46,7 @@
     flush();
     session_write_close();
     if($sendtimeoutwait==true) {
-        cURLPost($_GET["response_url"], array("Content-Type: application/json"), "POST", array("parse" => "full", "response_type" => "ephemeral", "text" => "Please wait..."));
+        cURLPost($_REQUEST["response_url"], array("Content-Type: application/json"), "POST", array("parse" => "full", "response_type" => "ephemeral", "text" => "Please wait..."));
     }
 }
 //End timeout fix block
@@ -84,7 +84,7 @@
 if($dataTData==NULL) //If no contact is returned or your API URL is incorrect.
 {
     if ($timeoutfix == true) {
-        cURLPost($_GET["response_url"], array("Content-Type: application/json"), "POST", array("parse" => "full", "response_type" => "ephemeral","text" => "No contact found or your API URL is incorrect."));
+        cURLPost($_REQUEST["response_url"], array("Content-Type: application/json"), "POST", array("parse" => "full", "response_type" => "ephemeral","text" => "No contact found or your API URL is incorrect."));
     } else {
         die("No contact found or your API URL is incorrect."); //Post to slack
     }
@@ -185,7 +185,7 @@
 	);
 
 if ($timeoutfix == true) {
-    cURLPost($_GET["response_url"], array("Content-Type: application/json"), "POST", $return);
+    cURLPost($_REQUEST["response_url"], array("Content-Type: application/json"), "POST", $return);
 } else {
     die(json_encode($return, JSON_PRETTY_PRINT)); //Return properly encoded arrays in JSON for Slack parsing.
 }

diff --git a/cwslack-dbmanage.php b/cwslack-dbmanage.php
@@ -22,12 +22,12 @@
 require_once 'config.php';
 require_once 'functions.php';
 
-if(empty($_GET['token']) || ($_GET['token'] != $slackdbmantoken)) die("Slack token invalid."); //If Slack token is not correct, kill the connection. This allows only Slack to access the page for security purposes.
-if(empty($_GET['text'])) die("No text provided."); //If there is no text added, kill the connection.
-$exploded = explode(" ",$_GET['text']); //Explode the string attached to the slash command for use in variables.
+if(empty($_REQUEST['token']) || ($_REQUEST['token'] != $slackdbmantoken)) die("Slack token invalid."); //If Slack token is not correct, kill the connection. This allows only Slack to access the page for security purposes.
+if(empty($_REQUEST['text'])) die("No text provided."); //If there is no text added, kill the connection.
+$exploded = explode(" ",$_REQUEST['text']); //Explode the string attached to the slash command for use in variables.
 
 $explodeadmins = explode("|", $adminlist); //Explode list of acceptable admins.
-if(!in_array($_GET["user_name"],$explodeadmins))
+if(!in_array($_REQUEST["user_name"],$explodeadmins))
 {
     die("You are not authorized to access this command. Only the following users can: " . implode(", ",$explodeadmins));
 }

diff --git a/cwslack-follow.php b/cwslack-follow.php
@@ -24,11 +24,11 @@
 
 $link=0;
 
-if(empty($_GET['method']) || ($_GET['method'] != $followtoken && $_GET['method'] != $unfollowtoken)){
-	if(empty($_GET['token']) || $_GET['token'] != $slackfollowtoken) die("Slack token invalid."); //If Slack token is not correct, kill the connection. This allows only Slack to access the page for security purposes.
-	if(empty($_GET['text'])) die("No text provided."); //If there is no text added, kill the connection.
+if(empty($_REQUEST['method']) || ($_REQUEST['method'] != $followtoken && $_REQUEST['method'] != $unfollowtoken)){
+	if(empty($_REQUEST['token']) || $_REQUEST['token'] != $slackfollowtoken) die("Slack token invalid."); //If Slack token is not correct, kill the connection. This allows only Slack to access the page for security purposes.
+	if(empty($_REQUEST['text'])) die("No text provided."); //If there is no text added, kill the connection.
 
-	$exploded = explode(" ",$_GET['text']); //Explode the string attached to the slash command for use in variables.
+	$exploded = explode(" ",$_REQUEST['text']); //Explode the string attached to the slash command for use in variables.
 } else {
 	$link=1;
 }
@@ -53,7 +53,7 @@
 
 if($link==0){
 	$ticketnumber = $exploded[0]; //Read ticket number to variable for convenience.
-	$username = $_GET['user_name']; //Read Slack username to variable for convenience.
+	$username = $_REQUEST['user_name']; //Read Slack username to variable for convenience.
 
 	if (array_key_exists(1,$exploded)) //If a second string exists in the slash command array, make it the command.
 	{
@@ -62,14 +62,14 @@
 }
 else
 {
-	$ticketnumber = $_GET['srnumber'];
+	$ticketnumber = $_REQUEST['srnumber'];
 	$mysql = mysqli_connect($dbhost, $dbusername, $dbpassword, $dbdatabase);
 	if (!$mysql) //Check for errors
 	{
 		die("Connection Error: " . mysqli_connect_error());
 	}
 
-	$val1 = mysqli_real_escape_string($mysql,$_GET['memberid']);
+	$val1 = mysqli_real_escape_string($mysql,$_REQUEST['memberid']);
 	$sql = "SELECT slackuser FROM usermap where cwname = '".$val1."'";
 
 	$result = mysqli_query($mysql, $sql); //Run result
@@ -81,15 +81,15 @@
 	}
 	else
 	{
-		$username = $_GET['memberid'];
+		$username = $_REQUEST['memberid'];
 	}
 	mysqli_close($mysql);
 
-	if($_GET['method']==$followtoken)
+	if($_REQUEST['method']==$followtoken)
 	{
 		//For future use.
 	}
-	else if ($_GET['method']==$unfollowtoken)
+	else if ($_REQUEST['method']==$unfollowtoken)
 	{
 		$command="unfollow"; //Set command to unfollow if it matches the CW unfollowtoken
 	}