From 7adcd1d98360c3975887e5b981954613eeaf1e43 Mon Sep 17 00:00:00 2001
From: Deon George <deon@leenooks.net>
Date: Wed, 3 Aug 2016 16:20:25 +1000
Subject: [PATCH] Removed direct references to $_REQUEST and $_POST

---
 application/classes/Auth/OSB.php               |  2 +-
 .../classes/Controller/Admin/Module/Method.php | 16 ++++++++--------
 application/classes/Controller/Admin/Setup.php |  2 +-
 application/classes/Controller/Login.php       | 10 +++++-----
 .../classes/Controller/TemplateDefault.php     |  4 ++--
 .../classes/Controller/User/Account.php        |  2 +-
 application/classes/Controller/User/Search.php | 10 +++++-----
 includes/kohana                                |  2 +-
 modules/adsl/classes/Controller/Admin/Adsl.php | 18 +++++++++---------
 .../adsl/classes/Controller/Reseller/Adsl.php  |  8 ++++----
 .../adsl/classes/Model/Service/Plugin/Adsl.php |  6 +++---
 .../views/adsl/reseller/billing/exetelvisp.php |  2 +-
 .../views/service/user/plugin/adsl/view.php    |  6 +++---
 .../classes/Controller/Reseller/Charge.php     | 14 +++++++-------
 .../email/classes/Controller/Admin/Email.php   |  6 +++---
 modules/email/classes/Model/Email/Template.php |  6 +++---
 modules/host/classes/Controller/Admin/Host.php |  6 +++---
 modules/lnapp                                  |  2 +-
 .../classes/Controller/Admin/Payment.php       | 18 +++++++++---------
 .../views/payment/admin/addbulk/ezypay.php     |  2 +-
 .../classes/Controller/Admin/Product.php       | 12 ++++++------
 modules/product/classes/Model/Product.php      |  6 +++---
 .../product/classes/Model/Product/Category.php |  6 +++---
 .../classes/Controller/User/Service.php        |  4 ++--
 24 files changed, 85 insertions(+), 85 deletions(-)

diff --git a/application/classes/Auth/OSB.php b/application/classes/Auth/OSB.php
index 8354e5fe..081df456 100644
--- a/application/classes/Auth/OSB.php
+++ b/application/classes/Auth/OSB.php
@@ -182,7 +182,7 @@ class Auth_OSB extends Auth_ORM {
 		$uo = parent::get_user($default);
 
 		// If we are not logged in, see if there is token for the user
-		if (is_null($uo) AND $tokenuser AND ($token=Session::instance()->get('token')) OR (! empty($_REQUEST['token']) AND $token=$_REQUEST['token']))
+		if (is_null($uo) AND $tokenuser AND ($token=Session::instance()->get('token')) OR ($token=Arr::get($_REQUEST,'token')))
 			$uo = $this->_get_token_user($token);
 
 		return $uo;
diff --git a/application/classes/Controller/Admin/Module/Method.php b/application/classes/Controller/Admin/Module/Method.php
index 3c095b6d..55a0a7a5 100644
--- a/application/classes/Controller/Admin/Module/Method.php
+++ b/application/classes/Controller/Admin/Module/Method.php
@@ -23,14 +23,14 @@ class Controller_Admin_Module_Method extends Controller_Admin_Module {
 		if (! $mo->loaded() OR ! in_array($method,$mm['methods']))
 			HTTP::redirect(URL::link('admin','module/list'));
 
-		if ($_POST) {
+		if ($this->request->post()) {
 			$mmo = $mo->module_method;
 			$mmo->name = $method;
 			$mmo->module_id = $mo->id;
-			$mmo->values($_POST);
+			$mmo->values($this->request->post());
 
 			if (! $this->save($mmo))
-				throw HTTP_Exception::factory(501,'Unable to save data :post',array(':post'=>serialize($_POST)));
+				throw HTTP_Exception::factory(501,'Unable to save data :post',array(':post'=>serialize($this->request->post())));
 
 			HTTP::redirect(URL::link('admin','module/edit/'.$mo->id));
 		}
@@ -61,15 +61,15 @@ class Controller_Admin_Module_Method extends Controller_Admin_Module {
 			HTTP::redirect(URL::link('admin','module/list'));
 		}
 
-		if ($_POST) {
-			$mmo->values($_POST);
+		if ($this->request->post()) {
+			$mmo->values($this->request->post());
 
 			if (! $this->save($mmo))
-				throw HTTP_Exception::factory(501,'Unable to save data :post',array(':post'=>serialize($_POST)));
+				throw HTTP_Exception::factory(501,'Unable to save data :post',array(':post'=>serialize($this->request->post())));
 
 			foreach (ORM::factory('Group')->find_all() as $go) {
 				// If the group was defined and no longer
-				if ($mmo->has('group',$go) AND (! isset($_POST['groups']) OR ! in_array($go->id,$_POST['groups']))) {
+				if ($mmo->has('group',$go) AND (! $this->request->post('groups')) OR ! in_array($go->id,$this->request->post('groups'))) {
 					$gmo = ORM::factory('Group_Method',array('method_id'=>$mmo->id,'group_id'=>$go->id));
 
 					if (! $gmo->delete())
@@ -79,7 +79,7 @@ class Controller_Admin_Module_Method extends Controller_Admin_Module {
 							->body(sprintf(_('Unable to delete Group Method for method %s and group %s'),$mmo->name,$go->name));
 
 				// If the group was not defined and now is
-				} elseif (! $mmo->has('group',$go) AND isset($_POST['groups']) AND in_array($go->id,$_POST['groups'])) {
+				} elseif (! $mmo->has('group',$go) AND $this->request->post('groups') AND in_array($go->id,$this->request->post('groups'))) {
 					$gmo = ORM::factory('Group_Method')
 						->values(array(
 							'method_id'=>$mmo->id,
diff --git a/application/classes/Controller/Admin/Setup.php b/application/classes/Controller/Admin/Setup.php
index 84f833ef..1c5bcc97 100644
--- a/application/classes/Controller/Admin/Setup.php
+++ b/application/classes/Controller/Admin/Setup.php
@@ -20,7 +20,7 @@ class Controller_Admin_Setup extends Controller_TemplateDefault {
 	public function action_edit() {
 		$o = Company::instance()->so();
 
-		if ($_POST AND $o->values($_POST)->changed() AND (! $this->save($o)))
+		if ($this->request->post() AND $o->values($this->request->post())->changed() AND (! $this->save($o)))
 			$o->reload();
 
 		Block::factory()
diff --git a/application/classes/Controller/Login.php b/application/classes/Controller/Login.php
index 4731e4f5..9308cae9 100644
--- a/application/classes/Controller/Login.php
+++ b/application/classes/Controller/Login.php
@@ -36,9 +36,9 @@ class Controller_Login extends lnApp_Controller_Login {
 			HTTP::redirect('welcome/index');
 
 		// If the user posted their details to reset their password
-		if ($_POST) {
+		if ($this->request->post()) {
 			// If the username is correct, create a method token
-			if (! empty($_POST['username']) AND ($ao=ORM::factory('Account',array('username'=>$_POST['username']))) AND $ao->loaded()) {
+			if ($this->request->post('username') AND ($ao=ORM::factory('Account',array('username'=>$this->request->post('username')))) AND $ao->loaded()) {
 				$mmto = ORM::factory('Module_Method_Token')
 					->method(array('account','user:resetpassword'))
 					->account($ao)
@@ -66,12 +66,12 @@ class Controller_Login extends lnApp_Controller_Login {
 				}
 
 			// Redirect to our password reset, the Auth will validate the token.
-			} elseif (! empty($_REQUEST['token'])) {
-				HTTP::redirect(URL::link('user','account/resetpassword?token='.$_REQUEST['token']));
+			} elseif ($this->request->query('token')) {
+				HTTP::redirect(URL::link('user','account/resetpassword?token='.$this->request->query('token')));
 			}
 
 			// Show our token screen even if the email was invalid.
-			if (isset($_POST['username']))
+			if ($this->request->post('username'))
 				$output = View::factory('pages/login_reset_sent');
 
 			else
diff --git a/application/classes/Controller/TemplateDefault.php b/application/classes/Controller/TemplateDefault.php
index 47ad8896..144d30ad 100644
--- a/application/classes/Controller/TemplateDefault.php
+++ b/application/classes/Controller/TemplateDefault.php
@@ -42,8 +42,8 @@ abstract class Controller_TemplateDefault extends lnApp_Controller_TemplateDefau
 		if (! $mo->loaded())
 			throw HTTP_Exception::factory(501,'Unknown module :module',array(':module'=>Request::current()->controller()));
 
-		if ($_POST AND isset($_POST['module_config'][$mo->id]))
-			Config::instance()->module_config($mo->name,$_POST['module_config'][$mo->id])->save();
+		if ($this->request->post() AND array_key_exists($mo->id,$this->request->post('module_config')))
+			Config::instance()->module_config($mo->name,$this->request->post('module_config.'.$mo->id))->save();
 
 		if ($config_items) {
 			Block::factory()
diff --git a/application/classes/Controller/User/Account.php b/application/classes/Controller/User/Account.php
index f5d90d2b..4bc6fb0e 100644
--- a/application/classes/Controller/User/Account.php
+++ b/application/classes/Controller/User/Account.php
@@ -19,7 +19,7 @@ class Controller_User_Account extends Controller_Account {
 	 * Enable User to Edit their Account Details
 	 */
 	public function action_edit() {
-		if ($_POST AND $this->ao->values($_POST)->changed() AND (! $this->save($this->ao)))
+		if ($this->request->post() AND $this->ao->values($this->request->post())->changed() AND (! $this->save($this->ao)))
 			$this->ao->reload();
 
 		Block::factory()
diff --git a/application/classes/Controller/User/Search.php b/application/classes/Controller/User/Search.php
index 6fbf3dde..1d15eee0 100644
--- a/application/classes/Controller/User/Search.php
+++ b/application/classes/Controller/User/Search.php
@@ -20,13 +20,13 @@ class Controller_User_Search extends Controller_Search {
 	public function action_ajaxlist() {
 		$result = array();
 
-		if (isset($_REQUEST['term']) AND trim($_REQUEST['term'])) {
-			$result = Arr::merge($result,ORM::factory('Account')->list_autocomplete($_REQUEST['term'],'url','id',array('ACC %s: %s'=>array('id','name()')),array(),array('urlprefix'=>URL::link('reseller','account/view/'))));
-			$result = Arr::merge($result,ORM::factory('Service')->list_autocomplete($_REQUEST['term'],'url','id',array('SVC %s: %s'=>array('id','name()')),array(),array('urlprefix'=>URL::link('user','service/view/'))));
-			$result = Arr::merge($result,ORM::factory('Invoice')->list_autocomplete($_REQUEST['term'],'url','id',array('INV %s: %s'=>array('id','account->name()')),array(),array('urlprefix'=>URL::link('user','invoice/view/'))));
+		if ($this->request->query('term')) {
+			$result = Arr::merge($result,ORM::factory('Account')->list_autocomplete($this->request->query('term'),'url','id',array('ACC %s: %s'=>array('id','name()')),array(),array('urlprefix'=>URL::link('reseller','account/view/'))));
+			$result = Arr::merge($result,ORM::factory('Service')->list_autocomplete($this->request->query('term'),'url','id',array('SVC %s: %s'=>array('id','name()')),array(),array('urlprefix'=>URL::link('user','service/view/'))));
+			$result = Arr::merge($result,ORM::factory('Invoice')->list_autocomplete($this->request->query('term'),'url','id',array('INV %s: %s'=>array('id','account->name()')),array(),array('urlprefix'=>URL::link('user','invoice/view/'))));
 
 			foreach (array('Service_Plugin_Adsl','Service_Plugin_Domain','Service_Plugin_Host') as $o)
-				$result = Arr::merge($result,ORM::factory($o)->list_autocomplete($_REQUEST['term'],'url','service_id',array('SVC %s: %s'=>array('service_id','service->name()')),array(),array('urlprefix'=>URL::link('user','service/view/'))));
+				$result = Arr::merge($result,ORM::factory($o)->list_autocomplete($this->request->query('term'),'url','service_id',array('SVC %s: %s'=>array('service_id','service->name()')),array(),array('urlprefix'=>URL::link('user','service/view/'))));
 		}
 
 		$this->response->headers('Content-Type','application/json');
diff --git a/includes/kohana b/includes/kohana
index 0a7e8b34..64156527 160000
--- a/includes/kohana
+++ b/includes/kohana
@@ -1 +1 @@
-Subproject commit 0a7e8b349df4e965b30b3de3af3c23b6bdee40b6
+Subproject commit 6415652743526a9b25a53b0cab4ffa0db020f42b
diff --git a/modules/adsl/classes/Controller/Admin/Adsl.php b/modules/adsl/classes/Controller/Admin/Adsl.php
index d698ffa8..5d782fa6 100644
--- a/modules/adsl/classes/Controller/Admin/Adsl.php
+++ b/modules/adsl/classes/Controller/Admin/Adsl.php
@@ -65,23 +65,23 @@ class Controller_Admin_Adsl extends Controller_Adsl {
 	public function action_edit() {
 		$apo = ORM::factory('Product_Plugin_Adsl',$this->request->param('id'));
 
-		if (! $qpo->loaded())
+		if (! $apo->loaded())
 			throw HTTP_Exception::factory(403,'Plan either doesnt exist, or you are not authorised to see it');
 
-		$this->meta->title = 'ADSL Plan: '.$qpo->name();
+		$this->meta->title = 'ADSL Plan: '.$apo->name();
 
 		$test_result = array();
 
 		if (! $apo->loaded())
 			HTTP::redirect(URL::link('admin','adsl/list'));
 
-		if ($_POST) {
-			if ($apo->values($_POST)->changed() AND (! $this->save($apo)))
+		if ($this->request->post()) {
+			if ($apo->values($this->request->post())->changed() AND (! $this->save($apo)))
 				$apo->reload();
 
-			if (isset($_POST['test'])) {
-				$charge = isset($_POST['test']['charge']) ? $_POST['test']['charge'] : FALSE;
-				$test_result = $apo->allowance($_POST['test'],FALSE,$charge,TRUE);
+			if ($this->request->post('test')) {
+				$charge = $this->request->post('test.charge');
+				$test_result = $apo->allowance($this->request->post('test'),FALSE,$charge,TRUE);
 			}
 		}
 
@@ -161,10 +161,10 @@ class Controller_Admin_Adsl extends Controller_Adsl {
 	 * Reconcile billing for an ADSL supplier
 	 */
 	public function action_traffic() {
-		if (empty($_POST['sid']))
+		if (! $this->request->post('sid'))
 			HTTP::redirect(URL::link('admin','adsl/index'));
 
-		$aso = ORM::factory('ADSL_Supplier',$_POST['sid']);
+		$aso = ORM::factory('ADSL_Supplier',$this->request->post('sid'));
 		if (! $aso->loaded())
 			HTTP::redirect(URL::link('admin','adsl/index'));
 
diff --git a/modules/adsl/classes/Controller/Reseller/Adsl.php b/modules/adsl/classes/Controller/Reseller/Adsl.php
index 214fef5b..ad5618a5 100644
--- a/modules/adsl/classes/Controller/Reseller/Adsl.php
+++ b/modules/adsl/classes/Controller/Reseller/Adsl.php
@@ -19,10 +19,10 @@ class Controller_Reseller_Adsl extends Controller_Adsl {
 	 * Reconcile billing for an ADSL supplier
 	 */
 	public function action_billing() {
-		if (empty($_POST['sid']) OR ! $_FILES)
+		if (! $this->request->post('sid') OR ! $_FILES)
 			HTTP::redirect(URL::link('reseller','adsl/index'));
 
-		$aso = ORM::factory('ADSL_Supplier',$_POST['sid']);
+		$aso = ORM::factory('ADSL_Supplier',$this->request->post('sid'));
 
 		// Process upload
 		$files = Validation::factory($_FILES)
@@ -59,8 +59,8 @@ class Controller_Reseller_Adsl extends Controller_Adsl {
 	public function action_index() {
 		$output = '';
 
-		if ($_POST and isset($_POST['sid'])) {
-			$aso = ORM::factory('ADSL_Supplier',$_POST['sid']);
+		if ($this->request->post() AND $this->request->post('sid')) {
+			$aso = ORM::factory('ADSL_Supplier',$this->request->post('sid'));
 			if (! $aso->loaded())
 				HTTP::redirect('adsl/index');
 
diff --git a/modules/adsl/classes/Model/Service/Plugin/Adsl.php b/modules/adsl/classes/Model/Service/Plugin/Adsl.php
index 4d60c7fb..f2859da8 100644
--- a/modules/adsl/classes/Model/Service/Plugin/Adsl.php
+++ b/modules/adsl/classes/Model/Service/Plugin/Adsl.php
@@ -333,8 +333,8 @@ class Model_Service_Plugin_Adsl extends Model_Service_Plugin {
 		$c=0;
 		// If we came in via a post to show a particular month, then show that, otherwise show the yearly result
 		if (! is_null($month) AND trim($month)) {
-			$highchart->title(sprintf('DSL traffic usage for %s',$_POST['month']));
-			$x = $this->get_traffic_typedaily(strtotime($_POST['month'].'-01'));
+			$highchart->title(sprintf('DSL traffic usage for %s',Arr::get($_POST,'month')));
+			$x = $this->get_traffic_typedaily(strtotime(Arr::get($_POST,'month').'-01'));
 
 		} else {
 			$highchart->title(sprintf('Monthly DSL traffic usage as at %s',$this->traffic->find_last()->date));
@@ -417,7 +417,7 @@ class Model_Service_Plugin_Adsl extends Model_Service_Plugin {
 	public function traffic_table($month=NULL) {
 		// If we came in via a post to show a particular month, then show that, otherwise show the yearly result
 		if (! is_null($month) AND trim($month)) {
-			$x = $this->get_traffic_dailytype(strtotime($_POST['month'].'-01'));
+			$x = $this->get_traffic_dailytype(strtotime(Arr::get($_POST,'month').'-01'));
 			$index = 'Date';
 
 		} else {
diff --git a/modules/adsl/views/adsl/reseller/billing/exetelvisp.php b/modules/adsl/views/adsl/reseller/billing/exetelvisp.php
index 62ef272f..c5182ebe 100644
--- a/modules/adsl/views/adsl/reseller/billing/exetelvisp.php
+++ b/modules/adsl/views/adsl/reseller/billing/exetelvisp.php
@@ -2,7 +2,7 @@
 	<fieldset>
 		<legend>Exetel VISP Billing</legend>
 
-		<?php echo Form::hidden('sid',$_POST['sid']); ?>
+		<?php echo Form::hidden('sid',Arr::get($_POST,'sid')); ?>
 		<?php echo Form::file('csv',array('label'=>'Invoice File','required')); ?>
 	</fieldset>
 
diff --git a/modules/adsl/views/service/user/plugin/adsl/view.php b/modules/adsl/views/service/user/plugin/adsl/view.php
index 7b24fc30..bd5d78c0 100644
--- a/modules/adsl/views/service/user/plugin/adsl/view.php
+++ b/modules/adsl/views/service/user/plugin/adsl/view.php
@@ -53,7 +53,7 @@
 		<form class="form-inline" method="POST">
 			<div class="dl-horizontal">
 				<dt>View Traffic for</dt>
-				<dd><?php echo Form::select('month',array_merge(array(''),$o->get_traffic_months()),(isset($_POST['month']) ? $_POST['month'] : ''),array('class'=>'input-small','nocg'=>TRUE)); ?>
+				<dd><?php echo Form::select('month',array_merge(array(''),$o->get_traffic_months()),Arr::get($_POST,'month',''),array('class'=>'input-small','nocg'=>TRUE)); ?>
 				<button type="submit" class="btn btn-mini">Submit</button></dd>
 			</div> <!-- dl-horizontal -->
 		</form>
@@ -66,11 +66,11 @@
 
 			<div class="tab-content">
 				<div class="tab-pane active" id="tab1">
-					<?php echo $o->traffic_graph(isset($_POST['month']) ? $_POST['month'] : ''); ?>
+					<?php echo $o->traffic_graph(Arr::get($_POST,'month','')); ?>
 				</div> <!-- /tab-pane -->
 
 				<div class="tab-pane" id="tab2">
-					<?php echo $o->traffic_table(isset($_POST['month']) ? $_POST['month'] : ''); ?>
+					<?php echo $o->traffic_table(Arr::get($_POST,'month','')); ?>
 				</div> <!-- /tab-pane -->
 
 			</div> <!-- /tab-content -->
diff --git a/modules/charge/classes/Controller/Reseller/Charge.php b/modules/charge/classes/Controller/Reseller/Charge.php
index a47f43d0..3d8e0b27 100644
--- a/modules/charge/classes/Controller/Reseller/Charge.php
+++ b/modules/charge/classes/Controller/Reseller/Charge.php
@@ -29,12 +29,12 @@ class Controller_Reseller_Charge extends Controller_Charge {
 	public function action_ajaxlist() {
 		$result = array();
 
-		if (isset($_REQUEST['term']) AND trim($_REQUEST['term'])) {
-			$result = Arr::merge($result,ORM::factory('Account')->list_autocomplete($_REQUEST['term'],'id','id',array('%s: %s'=>array('refnum()','name()'))));
-			$result = Arr::merge($result,ORM::factory('Service')->list_autocomplete($_REQUEST['term'],'account_id','id',array('%s: %s (%s)'=>array('account->refnum()','account->name()','name()'))));
+		if ($this->request->query('term')) {
+			$result = Arr::merge($result,ORM::factory('Account')->list_autocomplete($this->request->query('term'),'id','id',array('%s: %s'=>array('refnum()','name()'))));
+			$result = Arr::merge($result,ORM::factory('Service')->list_autocomplete($this->request->query('term'),'account_id','id',array('%s: %s (%s)'=>array('account->refnum()','account->name()','name()'))));
 
 			foreach (array('Service_Plugin_Adsl','Service_Plugin_Domain','Service_Plugin_Host') as $o)
-				$result = Arr::merge($result,ORM::factory($o)->list_autocomplete($_REQUEST['term'],'account_id','service->account_id',array('%s: %s (%s)'=>array('service->account->refnum()','service->account->name()','service->name()'))));
+				$result = Arr::merge($result,ORM::factory($o)->list_autocomplete($this->request->query('term'),'account_id','service->account_id',array('%s: %s (%s)'=>array('service->account->refnum()','service->account->name()','service->name()'))));
 		}
  
 		$this->response->headers('Content-Type','application/json');
@@ -44,8 +44,8 @@ class Controller_Reseller_Charge extends Controller_Charge {
 	public function action_ajaxlistservice() {
 		$result = array();
 
-		if (isset($_REQUEST['key']) AND trim($_REQUEST['key']))
-			$result = Arr::merge($result,ORM::factory('Service')->list_autocomplete('','id','id',array('%s: %s'=>array('refnum(TRUE)','name()')),array(array('account_id','=',$_REQUEST['key']))));
+		if ($this->request->query('key'))
+			$result = Arr::merge($result,ORM::factory('Service')->list_autocomplete('','id','id',array('%s: %s'=>array('refnum(TRUE)','name()')),array(array('account_id','=',$this->request->query('key')))));
  
 		$this->response->headers('Content-Type','application/json');
 		$this->response->body(json_encode(array_values($result)));
@@ -56,7 +56,7 @@ class Controller_Reseller_Charge extends Controller_Charge {
 
 		$this->meta->title = sprintf('Charge: %s (%s)',$co->name(),$co->account->name());
 
-		if ($_POST AND $co->values($_POST)->changed() AND (! $this->save($co)))
+		if ($this->request->post() AND $co->values($this->request->post())->changed() AND (! $this->save($co)))
 			$co->reload();
 
 		Script::factory()
diff --git a/modules/email/classes/Controller/Admin/Email.php b/modules/email/classes/Controller/Admin/Email.php
index 4aefb360..6e09fcb8 100644
--- a/modules/email/classes/Controller/Admin/Email.php
+++ b/modules/email/classes/Controller/Admin/Email.php
@@ -20,11 +20,11 @@ class Controller_Admin_Email extends Controller_Email {
 	public function action_ajaxtemplatetranslate() {
 		$eto = ORM::factory('Email_Template',$this->request->param('id'));
 
-		if (! $eto->loaded() OR ! isset($_REQUEST['key'])) {
+		if (! $eto->loaded() OR ! $this->request->query('key')) {
 			$output = _('Unable to find translate data');
 
 		} else {
-			$eto = $eto->translate->where('language_id','=',$_REQUEST['key'])->find();
+			$eto = $eto->translate->where('language_id','=',$this->request->query('key'))->find();
 
 			$output = View::factory('email/admin/ajaxtemplatetranslate')
 				->set('o',$eto);
@@ -83,7 +83,7 @@ class Controller_Admin_Email extends Controller_Email {
 	private function add_edit_template($id=NULL,$output='') {
 		$eto = ORM::factory('Email_Template',$id);
 
-		if ($_POST) {
+		if ($this->request->post()) {
 			// @todo To update the setup ID
 			$eto->email_setup_id = '1';
 
diff --git a/modules/email/classes/Model/Email/Template.php b/modules/email/classes/Model/Email/Template.php
index 82e1661b..1d52a9aa 100644
--- a/modules/email/classes/Model/Email/Template.php
+++ b/modules/email/classes/Model/Email/Template.php
@@ -37,13 +37,13 @@ class Model_Email_Template extends ORM_OSB {
 		parent::save();
 
 		// Save our Translated Message
-		if ($x = array_diff_key($_POST,$this->_object) AND ! empty($_POST['language_id']) AND ! empty($_POST['translate']) AND is_array($_POST['translate'])) {
-			$to = $this->translate->where('language_id','=',$_POST['language_id'])->find();
+		if ($x = array_diff_key($_POST,$this->_object) AND Arr::get($_POST,'language_id']) AND is_array(Arr::get($_POST,'translate'))) {
+			$to = $this->translate->where('language_id','=',Arr::get($_POST,'language_id'))->find();
 
 			// For a new entry, we need to set the product_id
 			if (! $to->loaded()) {
 				$to->product_id = $this->id;
-				$to->language_id = $_POST['language_id'];
+				$to->language_id = Arr::get($_POST,'language_id');
 			}
 
 			$to->values($x['translate'])->save();
diff --git a/modules/host/classes/Controller/Admin/Host.php b/modules/host/classes/Controller/Admin/Host.php
index 54739974..3b9ab79d 100644
--- a/modules/host/classes/Controller/Admin/Host.php
+++ b/modules/host/classes/Controller/Admin/Host.php
@@ -22,7 +22,7 @@ class Controller_Admin_Host extends Controller_TemplateDefault_Admin {
 
 		$o = array(
 			'u'=>$hso->manage_username ? $hso->manage_username : strtolower($hso->name),
-			'p'=>(! $k OR ! $this->request->is_ajax() OR ! $hso->loaded() OR ! isset($_REQUEST['k']) OR $k != $_REQUEST['k']) ? Random::char() : $hso->manage_password,
+			'p'=>(! $k OR ! $this->request->is_ajax() OR ! $hso->loaded() OR $k != $this->request->query('k')) ? Random::char() : $hso->manage_password,
 		);
 
 		$this->response->headers('Content-Type','application/json');
@@ -57,8 +57,8 @@ class Controller_Admin_Host extends Controller_TemplateDefault_Admin {
 		if (! $hso->loaded())
 			HTTP::redirect('welcome/index');
 
-		if ($_POST) {
-			$hso->values($_POST);
+		if ($this->request->post()) {
+			$hso->values($this->request->post());
 
 			if ($hso->changed() AND ! $hso->save())
 				throw new Kohana_Exception('Unable to save record?');
diff --git a/modules/lnapp b/modules/lnapp
index 4bbf00a3..a7616960 160000
--- a/modules/lnapp
+++ b/modules/lnapp
@@ -1 +1 @@
-Subproject commit 4bbf00a3d19198c28886877828e67816569aa0ec
+Subproject commit a7616960f01f1019ecf2fe041a06af0d67a5e697
diff --git a/modules/payment/classes/Controller/Admin/Payment.php b/modules/payment/classes/Controller/Admin/Payment.php
index f4476b22..db467c7d 100644
--- a/modules/payment/classes/Controller/Admin/Payment.php
+++ b/modules/payment/classes/Controller/Admin/Payment.php
@@ -29,8 +29,8 @@ class Controller_Admin_Payment extends Controller_Payment {
 	public function action_addbulk() {
 		$output = '';
 
-		if ($_POST AND isset($_POST['payer'])) {
-			$c = Kohana::classname('Payment_Bulk_'.$_POST['payer']);
+		if ($this->request->post() AND $this->request->post('payer')) {
+			$c = Kohana::classname('Payment_Bulk_'.$this->request->post('payer'));
 			$o = new $c();
 
 			$output .= (! $_FILES) ? $o->form() : $o->process();
@@ -56,10 +56,10 @@ class Controller_Admin_Payment extends Controller_Payment {
 		$invoices = array();
 
 		// Get our invoices paid by this payment ID
-		$po = ORM::factory('Payment',isset($_REQUEST['pid']) ? $_REQUEST['pid'] : NULL);
+		$po = ORM::factory('Payment',$this->request->query('pid'));
 
 		// Get all our other outstanding invoices
-		foreach (ORM::factory('Account',$_REQUEST['key'])->invoices_due() as $io) {
+		foreach (ORM::factory('Account',$this->request->query('key'))->invoices_due() as $io) {
 			$pio = $po->payment_item;
 			$pio->invoice_id = $io->id;
 
@@ -73,9 +73,9 @@ class Controller_Admin_Payment extends Controller_Payment {
 	public function action_ajaxlist() {
 		$result = array();
 
-		if (isset($_REQUEST['term']) AND trim($_REQUEST['term'])) {
-			$result = Arr::merge($result,ORM::factory('Account')->list_autocomplete($_REQUEST['term'],'id','id',array('ACC %s: %s'=>array('id','name()'))));
-			$result = Arr::merge($result,ORM::factory('Invoice')->list_autocomplete($_REQUEST['term'],'id','account_id',array('INV %s: %s'=>array('id','account->name()'))));
+		if ($this->request->query('term'))
+			$result = Arr::merge($result,ORM::factory('Account')->list_autocomplete($this->request->query('term'),'id','id',array('ACC %s: %s'=>array('id','name()'))));
+			$result = Arr::merge($result,ORM::factory('Invoice')->list_autocomplete($this->request->query('term'),'id','account_id',array('INV %s: %s'=>array('id','account->name()'))));
 		}
 
 		$this->response->headers('Content-Type','application/json');
@@ -99,8 +99,8 @@ class Controller_Admin_Payment extends Controller_Payment {
 			$po->values($this->request->post());
 
 			// Update our invoice payment items
-			if (isset($_POST['payment_item']) AND count($_POST['payment_item']))
-				foreach ($_POST['payment_item'] as $k=>$v) {
+			if (is_array($this->request->post('payment_item')) AND count($this->request->post('payment_item')))
+				foreach ($this->request->post('payment_item') as $k=>$v) {
 					$pio = $po->payment_item;
 					$pio->invoice_id = $k;
 					$pio = $po->add_item($pio);
diff --git a/modules/payment/views/payment/admin/addbulk/ezypay.php b/modules/payment/views/payment/admin/addbulk/ezypay.php
index 907be0a6..377168ae 100644
--- a/modules/payment/views/payment/admin/addbulk/ezypay.php
+++ b/modules/payment/views/payment/admin/addbulk/ezypay.php
@@ -2,7 +2,7 @@
 	<fieldset>
 		<legend>Ezypay Payment</legend>
 
-		<?php echo Form::hidden('payer',$_POST['payer']); ?>
+		<?php echo Form::hidden('payer',Arr::get($_POST,'payer')); ?>
 		<?php echo Form::file('transaction',array('label'=>'Transaction File','required','help-block'=>'AddItems')); ?>
 		<?php echo Form::file('payment',array('label'=>'Payment File','required','help-block'=>'BillDetails')); ?>
 	</fieldset>
diff --git a/modules/product/classes/Controller/Admin/Product.php b/modules/product/classes/Controller/Admin/Product.php
index 0d2a5257..5a5fb755 100644
--- a/modules/product/classes/Controller/Admin/Product.php
+++ b/modules/product/classes/Controller/Admin/Product.php
@@ -37,11 +37,11 @@ class Controller_Admin_Product extends Controller_Product {
 	public function action_ajaxtranslate() {
 		$po = ORM::factory('Product',$this->request->param('id'));
 
-		if (! $po->loaded() OR ! isset($_REQUEST['key'])) {
+		if (! $po->loaded() OR ! $this->request->query('key')) {
 			$output = _('Unable to find translate data');
 
 		} else {
-			$pto = $po->translate->where('language_id','=',$_REQUEST['key'])->find();
+			$pto = $po->translate->where('language_id','=',$this->request->query('key'))->find();
 
 			$output = View::factory('product/admin/ajaxtranslate')
 				->set('o',$pto);
@@ -56,11 +56,11 @@ class Controller_Admin_Product extends Controller_Product {
 	public function action_ajaxtranslatecategory() {
 		$pco = ORM::factory('Product_Category',$this->request->param('id'));
 
-		if (! $pco->loaded() OR ! isset($_REQUEST['key'])) {
+		if (! $pco->loaded() OR ! $this->request->query('key')) {
 			$output = _('Unable to find translate data');
 
 		} else {
-			$pcto = $pco->translate->where('language_id','=',$_REQUEST['key'])->find();
+			$pcto = $pco->translate->where('language_id','=',$this->request->query('key'))->find();
 
 			$output = View::factory('product/category/admin/ajaxtranslate')
 				->set('o',$pcto);
@@ -78,7 +78,7 @@ class Controller_Admin_Product extends Controller_Product {
 		if (! $pco->loaded())
 			HTTP::redirect(URL::link('admin','product/list'));
 
-		if ($_POST AND $pco->values($_POST)->changed() AND (! $this->save($pco)))
+		if ($this->request->post() AND $pco->values($this->request->post())->changed() AND (! $this->save($pco)))
 			$pco->reload();
 
 		Script::factory()
@@ -126,7 +126,7 @@ $(document).ready(function() {
 		if (! $po->loaded())
 			HTTP::redirect('welcome/index');
 
-		if ($_POST AND $po->values($_POST)->changed() AND (! $this->save($po)))
+		if ($this->request->post() AND $po->values($this->request->post())->changed() AND (! $this->save($po)))
 			$po->reload();
 
 		Script::factory()
diff --git a/modules/product/classes/Model/Product.php b/modules/product/classes/Model/Product.php
index d3425826..07e929c4 100644
--- a/modules/product/classes/Model/Product.php
+++ b/modules/product/classes/Model/Product.php
@@ -239,13 +239,13 @@ class Model_Product extends ORM_OSB implements Invoicable {
 		parent::save($validation);
 
 		// Save our Translated Message
-		if ($x = array_diff_key($_POST,$this->_object) AND ! empty($_POST['language_id']) AND ! empty($_POST['translate']) AND is_array($_POST['translate'])) {
-			$to = $this->translate->where('language_id','=',$_POST['language_id'])->find();
+		if ($x = array_diff_key($_POST,$this->_object) AND Arr::get($_POST,'language_id') AND is_array(Arr::get($_POST,'translate'))) {
+			$to = $this->translate->where('language_id','=',Arr::get($_POST,'language_id'))->find();
 
 			// For a new entry, we need to set the product_id
 			if (! $to->loaded()) {
 				$to->product_id = $this->id;
-				$to->language_id = $_POST['language_id'];
+				$to->language_id = Arr::get($_POST,'language_id');
 			}
 
 			$to->values($x['translate'])->save();
diff --git a/modules/product/classes/Model/Product/Category.php b/modules/product/classes/Model/Product/Category.php
index ef13dbf6..3a000d23 100644
--- a/modules/product/classes/Model/Product/Category.php
+++ b/modules/product/classes/Model/Product/Category.php
@@ -62,13 +62,13 @@ class Model_Product_Category extends ORM_OSB {
 		parent::save($validation);
 
 		// Save our Translated Message
-		if ($x = array_diff_key($_POST,$this->_object) AND ! empty($_POST['language_id']) AND ! empty($_POST['translate']) AND is_array($_POST['translate'])) {
-			$to = $this->translate->where('language_id','=',$_POST['language_id'])->find();
+		if ($x = array_diff_key($_POST,$this->_object) AND Arr::get($_POST,'language_id') AND is_array(Arr::get($_POST,'translate'))) {
+			$to = $this->translate->where('language_id','=',Arr::get($_POST,'language_id'))->find();
 
 			// For a new entry, we need to set the product_cat_id
 			if (! $to->loaded()) {
 				$to->product_cat_id = $this->id;
-				$to->language_id = $_POST['language_id'];
+				$to->language_id = Arr::get($_POST,'language_id');
 			}
 
 			$to->values($x['translate'])->save();
diff --git a/modules/service/classes/Controller/User/Service.php b/modules/service/classes/Controller/User/Service.php
index 21ad6410..cb9583cb 100644
--- a/modules/service/classes/Controller/User/Service.php
+++ b/modules/service/classes/Controller/User/Service.php
@@ -22,11 +22,11 @@ class Controller_User_Service extends Controller_Service {
 	public function action_ajaxmanage() {
 		$so = ORM::factory('Service',$this->request->param('id'));
 		$k = Session::instance()->get_once('manage_button');
-		$amo = $so->plugin(isset($_REQUEST['t']) ? $_REQUEST['t'] : '');
+		$amo = $so->plugin($this->request->query('t'));
 
 		$o = array(
 			'u'=>$amo->username() ? $amo->username() : strtolower($amo->name()),
-			'p'=>(! $k OR ! $this->request->is_ajax() OR ! $so->loaded() OR ! isset($_REQUEST['k']) OR $k != $_REQUEST['k']) ? Random::char() : $amo->password(),
+			'p'=>(! $k OR ! $this->request->is_ajax() OR ! $so->loaded() OR $k != $this->request->query('k')) ? Random::char() : $amo->password(),
 		);
 
 		$this->response->headers('Content-Type','application/json');