Some removed escapeTags calls
This commit is contained in:
parent
0e2e488521
commit
23b10cf2ae
|
@ -29,7 +29,7 @@ use Friendica\Util\Strings;
|
||||||
|
|
||||||
function lostpass_post(App $a)
|
function lostpass_post(App $a)
|
||||||
{
|
{
|
||||||
$loginame = Strings::escapeTags(trim($_POST['login-name']));
|
$loginame = trim($_POST['login-name']);
|
||||||
if (!$loginame) {
|
if (!$loginame) {
|
||||||
DI::baseUrl()->redirect();
|
DI::baseUrl()->redirect();
|
||||||
}
|
}
|
||||||
|
|
|
@ -50,14 +50,14 @@ function hub_post_return()
|
||||||
|
|
||||||
function pubsub_init(App $a)
|
function pubsub_init(App $a)
|
||||||
{
|
{
|
||||||
$nick = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : '');
|
$nick = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1]) : '');
|
||||||
$contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 );
|
$contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 );
|
||||||
|
|
||||||
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||||
$hub_mode = Strings::escapeTags(trim($_GET['hub_mode'] ?? ''));
|
$hub_mode = trim($_GET['hub_mode'] ?? '');
|
||||||
$hub_topic = Strings::escapeTags(trim($_GET['hub_topic'] ?? ''));
|
$hub_topic = trim($_GET['hub_topic'] ?? '');
|
||||||
$hub_challenge = Strings::escapeTags(trim($_GET['hub_challenge'] ?? ''));
|
$hub_challenge = trim($_GET['hub_challenge'] ?? '');
|
||||||
$hub_verify = Strings::escapeTags(trim($_GET['hub_verify_token'] ?? ''));
|
$hub_verify = trim($_GET['hub_verify_token'] ?? '');
|
||||||
|
|
||||||
Logger::notice('Subscription from ' . $_SERVER['REMOTE_ADDR'] . ' Mode: ' . $hub_mode . ' Nick: ' . $nick);
|
Logger::notice('Subscription from ' . $_SERVER['REMOTE_ADDR'] . ' Mode: ' . $hub_mode . ' Nick: ' . $nick);
|
||||||
Logger::debug('Data: ', ['get' => $_GET]);
|
Logger::debug('Data: ', ['get' => $_GET]);
|
||||||
|
@ -110,7 +110,7 @@ function pubsub_post(App $a)
|
||||||
Logger::info('Feed arrived from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . DI::args()->getCommand() . ' with user-agent: ' . $_SERVER['HTTP_USER_AGENT']);
|
Logger::info('Feed arrived from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . DI::args()->getCommand() . ' with user-agent: ' . $_SERVER['HTTP_USER_AGENT']);
|
||||||
Logger::debug('Data: ' . $xml);
|
Logger::debug('Data: ' . $xml);
|
||||||
|
|
||||||
$nick = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : '');
|
$nick = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1]) : '');
|
||||||
$contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 );
|
$contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 );
|
||||||
|
|
||||||
$importer = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]);
|
$importer = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]);
|
||||||
|
|
|
@ -26,10 +26,6 @@ use Friendica\DI;
|
||||||
use Friendica\Model\PushSubscriber;
|
use Friendica\Model\PushSubscriber;
|
||||||
use Friendica\Util\Strings;
|
use Friendica\Util\Strings;
|
||||||
|
|
||||||
function post_var($name) {
|
|
||||||
return !empty($_POST[$name]) ? Strings::escapeTags(trim($_POST[$name])) : '';
|
|
||||||
}
|
|
||||||
|
|
||||||
function pubsubhubbub_init(App $a) {
|
function pubsubhubbub_init(App $a) {
|
||||||
// PuSH subscription must be considered "public" so just block it
|
// PuSH subscription must be considered "public" so just block it
|
||||||
// if public access isn't enabled.
|
// if public access isn't enabled.
|
||||||
|
@ -48,11 +44,11 @@ function pubsubhubbub_init(App $a) {
|
||||||
// [hub_topic] => http://friendica.local/dfrn_poll/sazius
|
// [hub_topic] => http://friendica.local/dfrn_poll/sazius
|
||||||
|
|
||||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||||
$hub_mode = post_var('hub_mode');
|
$hub_mode = $_POST['hub_mode'] ?? '';
|
||||||
$hub_callback = post_var('hub_callback');
|
$hub_callback = $_POST['hub_callback'] ?? '';
|
||||||
$hub_verify_token = post_var('hub_verify_token');
|
$hub_verify_token = $_POST['hub_verify_token'] ?? '';
|
||||||
$hub_secret = post_var('hub_secret');
|
$hub_secret = $_POST['hub_secret'] ?? '';
|
||||||
$hub_topic = post_var('hub_topic');
|
$hub_topic = $_POST['hub_topic'] ?? '';
|
||||||
|
|
||||||
// check for valid hub_mode
|
// check for valid hub_mode
|
||||||
if ($hub_mode === 'subscribe') {
|
if ($hub_mode === 'subscribe') {
|
||||||
|
|
|
@ -24,7 +24,6 @@ use Friendica\Core\Logger;
|
||||||
use Friendica\Core\Protocol;
|
use Friendica\Core\Protocol;
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
use Friendica\DI;
|
use Friendica\DI;
|
||||||
use Friendica\Model\Contact;
|
|
||||||
use Friendica\Model\GServer;
|
use Friendica\Model\GServer;
|
||||||
use Friendica\Model\Post;
|
use Friendica\Model\Post;
|
||||||
use Friendica\Protocol\ActivityNamespace;
|
use Friendica\Protocol\ActivityNamespace;
|
||||||
|
@ -42,7 +41,7 @@ function salmon_post(App $a, $xml = '') {
|
||||||
|
|
||||||
Logger::debug('new salmon ' . $xml);
|
Logger::debug('new salmon ' . $xml);
|
||||||
|
|
||||||
$nick = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : '');
|
$nick = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1]) : '');
|
||||||
|
|
||||||
$importer = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]);
|
$importer = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]);
|
||||||
if (! DBA::isResult($importer)) {
|
if (! DBA::isResult($importer)) {
|
||||||
|
|
|
@ -23,10 +23,8 @@ use Friendica\App;
|
||||||
use Friendica\Content\Text\BBCode;
|
use Friendica\Content\Text\BBCode;
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
use Friendica\DI;
|
use Friendica\DI;
|
||||||
use Friendica\Model\Item;
|
|
||||||
use Friendica\Model\Post;
|
use Friendica\Model\Post;
|
||||||
use Friendica\Model\Tag;
|
use Friendica\Model\Tag;
|
||||||
use Friendica\Util\Strings;
|
|
||||||
|
|
||||||
function tagrm_post(App $a)
|
function tagrm_post(App $a)
|
||||||
{
|
{
|
||||||
|
@ -40,7 +38,7 @@ function tagrm_post(App $a)
|
||||||
|
|
||||||
$tags = [];
|
$tags = [];
|
||||||
foreach ($_POST['tag'] ?? [] as $tag) {
|
foreach ($_POST['tag'] ?? [] as $tag) {
|
||||||
$tags[] = hex2bin(Strings::escapeTags(trim($tag)));
|
$tags[] = hex2bin(trim($tag));
|
||||||
}
|
}
|
||||||
|
|
||||||
$item_id = $_POST['item'] ?? 0;
|
$item_id = $_POST['item'] ?? 0;
|
||||||
|
@ -89,7 +87,7 @@ function tagrm_content(App $a)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (DI::args()->getArgc()== 3) {
|
if (DI::args()->getArgc()== 3) {
|
||||||
update_tags(DI::args()->getArgv()[1], [Strings::escapeTags(trim(hex2bin(DI::args()->getArgv()[2])))]);
|
update_tags(DI::args()->getArgv()[1], [trim(hex2bin(DI::args()->getArgv()[2]))]);
|
||||||
DI::baseUrl()->redirect($photo_return);
|
DI::baseUrl()->redirect($photo_return);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -37,7 +37,7 @@ function unfollow_post(App $a)
|
||||||
// NOTREACHED
|
// NOTREACHED
|
||||||
}
|
}
|
||||||
|
|
||||||
$url = Strings::escapeTags(trim($_REQUEST['url'] ?? ''));
|
$url = trim($_REQUEST['url'] ?? '');
|
||||||
|
|
||||||
unfollow_process($url);
|
unfollow_process($url);
|
||||||
}
|
}
|
||||||
|
@ -53,7 +53,7 @@ function unfollow_content(App $a)
|
||||||
}
|
}
|
||||||
|
|
||||||
$uid = local_user();
|
$uid = local_user();
|
||||||
$url = Strings::escapeTags(trim($_REQUEST['url']));
|
$url = trim($_REQUEST['url']);
|
||||||
|
|
||||||
$condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)",
|
$condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)",
|
||||||
local_user(), Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url),
|
local_user(), Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url),
|
||||||
|
|
|
@ -366,7 +366,7 @@ class Item
|
||||||
public static function guid($item, $notify)
|
public static function guid($item, $notify)
|
||||||
{
|
{
|
||||||
if (!empty($item['guid'])) {
|
if (!empty($item['guid'])) {
|
||||||
return Strings::escapeTags(trim($item['guid']));
|
return trim($item['guid']);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($notify) {
|
if ($notify) {
|
||||||
|
|
|
@ -911,18 +911,18 @@ class User
|
||||||
|
|
||||||
$using_invites = DI::config()->get('system', 'invitation_only');
|
$using_invites = DI::config()->get('system', 'invitation_only');
|
||||||
|
|
||||||
$invite_id = !empty($data['invite_id']) ? Strings::escapeTags(trim($data['invite_id'])) : '';
|
$invite_id = !empty($data['invite_id']) ? trim($data['invite_id']) : '';
|
||||||
$username = !empty($data['username']) ? Strings::escapeTags(trim($data['username'])) : '';
|
$username = !empty($data['username']) ? trim($data['username']) : '';
|
||||||
$nickname = !empty($data['nickname']) ? Strings::escapeTags(trim($data['nickname'])) : '';
|
$nickname = !empty($data['nickname']) ? trim($data['nickname']) : '';
|
||||||
$email = !empty($data['email']) ? Strings::escapeTags(trim($data['email'])) : '';
|
$email = !empty($data['email']) ? trim($data['email']) : '';
|
||||||
$openid_url = !empty($data['openid_url']) ? Strings::escapeTags(trim($data['openid_url'])) : '';
|
$openid_url = !empty($data['openid_url']) ? trim($data['openid_url']) : '';
|
||||||
$photo = !empty($data['photo']) ? Strings::escapeTags(trim($data['photo'])) : '';
|
$photo = !empty($data['photo']) ? trim($data['photo']) : '';
|
||||||
$password = !empty($data['password']) ? trim($data['password']) : '';
|
$password = !empty($data['password']) ? trim($data['password']) : '';
|
||||||
$password1 = !empty($data['password1']) ? trim($data['password1']) : '';
|
$password1 = !empty($data['password1']) ? trim($data['password1']) : '';
|
||||||
$confirm = !empty($data['confirm']) ? trim($data['confirm']) : '';
|
$confirm = !empty($data['confirm']) ? trim($data['confirm']) : '';
|
||||||
$blocked = !empty($data['blocked']);
|
$blocked = !empty($data['blocked']);
|
||||||
$verified = !empty($data['verified']);
|
$verified = !empty($data['verified']);
|
||||||
$language = !empty($data['language']) ? Strings::escapeTags(trim($data['language'])) : 'en';
|
$language = !empty($data['language']) ? trim($data['language']) : 'en';
|
||||||
|
|
||||||
$netpublish = $publish = !empty($data['profile_publish_reg']);
|
$netpublish = $publish = !empty($data['profile_publish_reg']);
|
||||||
|
|
||||||
|
|
|
@ -40,7 +40,7 @@ class Delete extends BaseAdmin
|
||||||
self::checkFormSecurityTokenRedirectOnError('/admin/item/delete', 'admin_deleteitem');
|
self::checkFormSecurityTokenRedirectOnError('/admin/item/delete', 'admin_deleteitem');
|
||||||
|
|
||||||
if (!empty($_POST['page_deleteitem_submit'])) {
|
if (!empty($_POST['page_deleteitem_submit'])) {
|
||||||
$guid = trim(Strings::escapeTags($_POST['deleteitemguid']));
|
$guid = trim($_POST['deleteitemguid']);
|
||||||
// The GUID should not include a "/", so if there is one, we got an URL
|
// The GUID should not include a "/", so if there is one, we got an URL
|
||||||
// and the last part of it is most likely the GUID.
|
// and the last part of it is most likely the GUID.
|
||||||
if (strpos($guid, '/')) {
|
if (strpos($guid, '/')) {
|
||||||
|
|
|
@ -39,7 +39,7 @@ class Settings extends BaseAdmin
|
||||||
|
|
||||||
self::checkFormSecurityTokenRedirectOnError('/admin/logs', 'admin_logs');
|
self::checkFormSecurityTokenRedirectOnError('/admin/logs', 'admin_logs');
|
||||||
|
|
||||||
$logfile = (!empty($_POST['logfile']) ? Strings::escapeTags(trim($_POST['logfile'])) : '');
|
$logfile = (!empty($_POST['logfile']) ? trim($_POST['logfile']) : '');
|
||||||
$debugging = !empty($_POST['debugging']);
|
$debugging = !empty($_POST['debugging']);
|
||||||
$loglevel = ($_POST['loglevel'] ?? '') ?: LogLevel::ERROR;
|
$loglevel = ($_POST['loglevel'] ?? '') ?: LogLevel::ERROR;
|
||||||
|
|
||||||
|
|
|
@ -37,7 +37,7 @@ class Storage extends BaseAdmin
|
||||||
|
|
||||||
self::checkFormSecurityTokenRedirectOnError('/admin/storage', 'admin_storage');
|
self::checkFormSecurityTokenRedirectOnError('/admin/storage', 'admin_storage');
|
||||||
|
|
||||||
$storagebackend = Strings::escapeTags(trim($parameters['name'] ?? ''));
|
$storagebackend = trim($parameters['name'] ?? '');
|
||||||
|
|
||||||
try {
|
try {
|
||||||
/** @var ICanConfigureStorage|false $newStorageConfig */
|
/** @var ICanConfigureStorage|false $newStorageConfig */
|
||||||
|
|
|
@ -302,7 +302,7 @@ class Register extends BaseModule
|
||||||
|
|
||||||
$using_invites = DI::config()->get('system', 'invitation_only');
|
$using_invites = DI::config()->get('system', 'invitation_only');
|
||||||
$num_invites = DI::config()->get('system', 'number_invites');
|
$num_invites = DI::config()->get('system', 'number_invites');
|
||||||
$invite_id = (!empty($_POST['invite_id']) ? Strings::escapeTags(trim($_POST['invite_id'])) : '');
|
$invite_id = (!empty($_POST['invite_id']) ? trim($_POST['invite_id']) : '');
|
||||||
|
|
||||||
if (intval(DI::config()->get('config', 'register_policy')) === self::OPEN) {
|
if (intval(DI::config()->get('config', 'register_policy')) === self::OPEN) {
|
||||||
if ($using_invites && $invite_id) {
|
if ($using_invites && $invite_id) {
|
||||||
|
|
|
@ -30,7 +30,6 @@ use Friendica\Model\Photo;
|
||||||
use Friendica\Model\User;
|
use Friendica\Model\User;
|
||||||
use Friendica\Protocol\ActivityNamespace;
|
use Friendica\Protocol\ActivityNamespace;
|
||||||
use Friendica\Protocol\Salmon;
|
use Friendica\Protocol\Salmon;
|
||||||
use Friendica\Util\Strings;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Prints responses to /.well-known/webfinger or /xrd requests
|
* Prints responses to /.well-known/webfinger or /xrd requests
|
||||||
|
@ -45,7 +44,7 @@ class Xrd extends BaseModule
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$uri = urldecode(Strings::escapeTags(trim($_GET['uri'])));
|
$uri = urldecode(trim($_GET['uri']));
|
||||||
if (strpos($_SERVER['HTTP_ACCEPT'] ?? '', 'application/jrd+json') !== false) {
|
if (strpos($_SERVER['HTTP_ACCEPT'] ?? '', 'application/jrd+json') !== false) {
|
||||||
$mode = 'json';
|
$mode = 'json';
|
||||||
} else {
|
} else {
|
||||||
|
@ -56,7 +55,7 @@ class Xrd extends BaseModule
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$uri = urldecode(Strings::escapeTags(trim($_GET['resource'])));
|
$uri = urldecode(trim($_GET['resource']));
|
||||||
if (strpos($_SERVER['HTTP_ACCEPT'] ?? '', 'application/xrd+xml') !== false) {
|
if (strpos($_SERVER['HTTP_ACCEPT'] ?? '', 'application/xrd+xml') !== false) {
|
||||||
$mode = 'xml';
|
$mode = 'xml';
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -1996,8 +1996,6 @@ class Probe
|
||||||
$data["name"] .= $perspart->text;
|
$data["name"] .= $perspart->text;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$data["name"] = Strings::escapeTags($data["name"]);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -37,7 +37,6 @@ use Friendica\Network\HTTPException;
|
||||||
use Friendica\Security\TwoFactor\Repository\TrustedBrowser;
|
use Friendica\Security\TwoFactor\Repository\TrustedBrowser;
|
||||||
use Friendica\Util\DateTimeFormat;
|
use Friendica\Util\DateTimeFormat;
|
||||||
use Friendica\Util\Network;
|
use Friendica\Util\Network;
|
||||||
use Friendica\Util\Strings;
|
|
||||||
use LightOpenID;
|
use LightOpenID;
|
||||||
use Friendica\Core\L10n;
|
use Friendica\Core\L10n;
|
||||||
use Psr\Log\LoggerInterface;
|
use Psr\Log\LoggerInterface;
|
||||||
|
@ -247,7 +246,7 @@ class Authentication
|
||||||
['uid' => User::getIdFromPasswordAuthentication($username, $password)]
|
['uid' => User::getIdFromPasswordAuthentication($username, $password)]
|
||||||
);
|
);
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
$this->logger->warning('authenticate: failed login attempt', ['action' => 'login', 'username' => Strings::escapeTags($username), 'ip' => $_SERVER['REMOTE_ADDR']]);
|
$this->logger->warning('authenticate: failed login attempt', ['action' => 'login', 'username' => $username, 'ip' => $_SERVER['REMOTE_ADDR']]);
|
||||||
notice($this->l10n->t('Login failed. Please check your credentials.'));
|
notice($this->l10n->t('Login failed. Please check your credentials.'));
|
||||||
$this->baseUrl->redirect();
|
$this->baseUrl->redirect();
|
||||||
}
|
}
|
||||||
|
|
|
@ -317,7 +317,7 @@ class OnePoll
|
||||||
$datarray['title'] .= $subpart->text;
|
$datarray['title'] .= $subpart->text;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$datarray['title'] = Strings::escapeTags(trim($datarray['title']));
|
$datarray['title'] = trim($datarray['title']);
|
||||||
|
|
||||||
//$datarray['title'] = Strings::escapeTags(trim($meta->subject));
|
//$datarray['title'] = Strings::escapeTags(trim($meta->subject));
|
||||||
$datarray['created'] = DateTimeFormat::utc($meta->date);
|
$datarray['created'] = DateTimeFormat::utc($meta->date);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user