Unify request value handling
This commit is contained in:
parent
4319136421
commit
4724000d06
|
@ -260,19 +260,7 @@ abstract class BaseModule implements ICanHandleRequests
|
|||
$request = [];
|
||||
|
||||
foreach ($defaults as $parameter => $defaultvalue) {
|
||||
if (is_string($defaultvalue)) {
|
||||
$request[$parameter] = (string)($input[$parameter] ?? $defaultvalue);
|
||||
} elseif (is_int($defaultvalue)) {
|
||||
$request[$parameter] = filter_var($input[$parameter] ?? $defaultvalue, FILTER_VALIDATE_INT);
|
||||
} elseif (is_float($defaultvalue)) {
|
||||
$request[$parameter] = filter_var($input[$parameter] ?? $defaultvalue, FILTER_VALIDATE_FLOAT);
|
||||
} elseif (is_array($defaultvalue)) {
|
||||
$request[$parameter] = filter_var($input[$parameter] ?? $defaultvalue, FILTER_DEFAULT, ['flags' => FILTER_FORCE_ARRAY]);
|
||||
} elseif (is_bool($defaultvalue)) {
|
||||
$request[$parameter] = filter_var($input[$parameter] ?? $defaultvalue, FILTER_VALIDATE_BOOLEAN);
|
||||
} else {
|
||||
$this->logger->notice('Unhandled default value type', ['parameter' => $parameter, 'type' => gettype($defaultvalue)]);
|
||||
}
|
||||
$request[$parameter] = $this->getRequestValue($input, $parameter, $defaultvalue);
|
||||
}
|
||||
|
||||
foreach ($input ?? [] as $parameter => $value) {
|
||||
|
@ -288,6 +276,50 @@ abstract class BaseModule implements ICanHandleRequests
|
|||
return $request;
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetch a request value and apply default values and check against minimal and maximal values
|
||||
*
|
||||
* @param array $input
|
||||
* @param string $parameter
|
||||
* @param mixed $default
|
||||
* @param mixed $minimal_value
|
||||
* @param mixed $maximum_value
|
||||
* @return mixed
|
||||
*/
|
||||
public function getRequestValue(array $input, string $parameter, $default = null, $minimal_value = null, $maximum_value = null)
|
||||
{
|
||||
if (is_string($default)) {
|
||||
$value = (string)($input[$parameter] ?? $default);
|
||||
} elseif (is_int($default)) {
|
||||
$value = filter_var($input[$parameter] ?? $default, FILTER_VALIDATE_INT);
|
||||
if (!is_null($minimal_value)) {
|
||||
$value = max(filter_var($minimal_value, FILTER_VALIDATE_INT), $value);
|
||||
}
|
||||
if (!is_null($maximum_value)) {
|
||||
$value = min(filter_var($minimal_value, FILTER_VALIDATE_INT), $value);
|
||||
}
|
||||
} elseif (is_float($default)) {
|
||||
$value = filter_var($input[$parameter] ?? $default, FILTER_VALIDATE_FLOAT);
|
||||
if (!is_null($minimal_value)) {
|
||||
$value = max(filter_var($minimal_value, FILTER_VALIDATE_FLOAT), $value);
|
||||
}
|
||||
if (!is_null($maximum_value)) {
|
||||
$value = min(filter_var($minimal_value, FILTER_VALIDATE_FLOAT), $value);
|
||||
}
|
||||
} elseif (is_array($default)) {
|
||||
$value = filter_var($input[$parameter] ?? $default, FILTER_DEFAULT, ['flags' => FILTER_FORCE_ARRAY]);
|
||||
} elseif (is_bool($default)) {
|
||||
$value = filter_var($input[$parameter] ?? $default, FILTER_VALIDATE_BOOLEAN);
|
||||
} elseif (is_null($default)) {
|
||||
$value = $input[$parameter] ?? null;
|
||||
} else {
|
||||
$this->logger->notice('Unhandled default value type', ['parameter' => $parameter, 'type' => gettype($default)]);
|
||||
$value = null;
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
|
||||
/*
|
||||
* Functions used to protect against Cross-Site Request Forgery
|
||||
* The security token has to base on at least one value that an attacker can't know - here it's the session ID and the private key.
|
||||
|
|
|
@ -37,7 +37,7 @@ class Create extends BaseApi
|
|||
$uid = BaseApi::getCurrentUserID();
|
||||
|
||||
// params
|
||||
$name = $request['name'] ?? '';
|
||||
$name = $this->getRequestValue($request, 'name', '');
|
||||
$json = json_decode($request['json'], true);
|
||||
$users = $json['user'];
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ class Show extends BaseApi
|
|||
$type = $this->parameters['extension'] ?? '';
|
||||
|
||||
// params
|
||||
$gid = $request['gid'] ?? 0;
|
||||
$gid = $this->getRequestValue($request, 'gid', 0);
|
||||
|
||||
// get data of the specified group id or all groups if not specified
|
||||
if ($gid != 0) {
|
||||
|
|
|
@ -38,8 +38,8 @@ class Update extends BaseApi
|
|||
$uid = BaseApi::getCurrentUserID();
|
||||
|
||||
// params
|
||||
$gid = $request['gid'] ?? 0;
|
||||
$name = $request['name'] ?? '';
|
||||
$gid = $this->getRequestValue($request, 'gid', 0);
|
||||
$name = $this->getRequestValue($request, 'name', '');
|
||||
$json = json_decode($request['json'], true);
|
||||
$users = $json['user'];
|
||||
|
||||
|
|
|
@ -54,13 +54,13 @@ class Create extends BaseApi
|
|||
$uid = BaseApi::getCurrentUserID();
|
||||
$type = $this->parameters['extension'] ?? '';
|
||||
|
||||
// input params
|
||||
$desc = $request['desc'] ?? null;
|
||||
$album = $request['album'] ?? null;
|
||||
$allow_cid = $request['allow_cid'] ?? null;
|
||||
$deny_cid = $request['deny_cid' ] ?? null;
|
||||
$allow_gid = $request['allow_gid'] ?? null;
|
||||
$deny_gid = $request['deny_gid' ] ?? null;
|
||||
// input params
|
||||
$desc = $this->getRequestValue($request, 'desc');
|
||||
$album = $this->getRequestValue($request, 'album');
|
||||
$allow_cid = $this->getRequestValue($request, 'allow_cid');
|
||||
$deny_cid = $this->getRequestValue($request, 'deny_cid');
|
||||
$allow_gid = $this->getRequestValue($request, 'allow_gid');
|
||||
$deny_gid = $this->getRequestValue($request, 'deny_gid');
|
||||
|
||||
// do several checks on input parameters
|
||||
// we do not allow calls without album string
|
||||
|
|
|
@ -55,14 +55,14 @@ class Update extends BaseApi
|
|||
$type = $this->parameters['extension'] ?? '';
|
||||
|
||||
// input params
|
||||
$photo_id = $request['photo_id'] ?? null;
|
||||
$desc = $request['desc'] ?? null;
|
||||
$album = $request['album'] ?? null;
|
||||
$album_new = $request['album_new'] ?? null;
|
||||
$allow_cid = $request['allow_cid'] ?? null;
|
||||
$deny_cid = $request['deny_cid' ] ?? null;
|
||||
$allow_gid = $request['allow_gid'] ?? null;
|
||||
$deny_gid = $request['deny_gid' ] ?? null;
|
||||
$photo_id = $this->getRequestValue($request, 'photo_id');
|
||||
$desc = $this->getRequestValue($request, 'desc');
|
||||
$album = $this->getRequestValue($request, 'album');
|
||||
$album_new = $this->getRequestValue($request, 'album_new');
|
||||
$allow_cid = $this->getRequestValue($request, 'allow_cid');
|
||||
$deny_cid = $this->getRequestValue($request, 'deny_cid');
|
||||
$allow_gid = $this->getRequestValue($request, 'allow_gid');
|
||||
$deny_gid = $this->getRequestValue($request, 'deny_gid');
|
||||
|
||||
// do several checks on input parameters
|
||||
// we do not allow calls without album string
|
||||
|
|
|
@ -41,10 +41,10 @@ class Conversation extends BaseApi
|
|||
|
||||
// params
|
||||
$id = $this->parameters['id'] ?? 0;
|
||||
$since_id = $request['since_id'] ?? 0;
|
||||
$max_id = $request['max_id'] ?? 0;
|
||||
$count = $request['count'] ?? 20;
|
||||
$page = $request['page'] ?? 1;
|
||||
$since_id = $this->getRequestValue($request, 'since_id', 0);
|
||||
$max_id = $this->getRequestValue($request, 'max_id', 0);
|
||||
$count = $this->getRequestValue($request, 'count', 20);
|
||||
$page = $this->getRequestValue($request, 'page', 1);
|
||||
|
||||
$start = max(0, ($page - 1) * $count);
|
||||
|
||||
|
|
|
@ -58,12 +58,12 @@ abstract class DirectMessagesEndpoint extends BaseApi
|
|||
protected function getMessages(array $request, int $uid, array $condition)
|
||||
{
|
||||
// params
|
||||
$count = filter_var($request['count'] ?? 20, FILTER_VALIDATE_INT, ['options' => ['max_range' => 100]]);
|
||||
$page = filter_var($request['page'] ?? 1, FILTER_VALIDATE_INT, ['options' => ['min_range' => 1]]);
|
||||
$since_id = filter_var($request['since_id'] ?? 0, FILTER_VALIDATE_INT);
|
||||
$max_id = filter_var($request['max_id'] ?? 0, FILTER_VALIDATE_INT);
|
||||
$min_id = filter_var($request['min_id'] ?? 0, FILTER_VALIDATE_INT);
|
||||
$verbose = filter_var($request['friendica_verbose'] ?? false, FILTER_VALIDATE_BOOLEAN);
|
||||
$count = $this->getRequestValue($request, 'count', 20, 1, 100);
|
||||
$page = $this->getRequestValue($request, 'page', 1, 1);
|
||||
$since_id = $this->getRequestValue($request, 'since_id', 0, 1);
|
||||
$max_id = $this->getRequestValue($request, 'max_id', 0, 1);
|
||||
$min_id = $this->getRequestValue($request, 'min_id', 0, 1);
|
||||
$verbose = $this->getRequestValue($request, 'friendica_verbose', false);
|
||||
|
||||
// pagination
|
||||
$start = max(0, ($page - 1) * $count);
|
||||
|
|
|
@ -45,10 +45,10 @@ class Favorites extends BaseApi
|
|||
Logger::info(BaseApi::LOG_PREFIX . 'for {self}', ['module' => 'api', 'action' => 'favorites']);
|
||||
|
||||
// params
|
||||
$since_id = $request['since_id'] ?? 0;
|
||||
$max_id = $request['max_id'] ?? 0;
|
||||
$count = $request['count'] ?? 20;
|
||||
$page = $request['page'] ?? 1;
|
||||
$count = $this->getRequestValue($request, 'count', 20, 1, 100);
|
||||
$page = $this->getRequestValue($request, 'page', 1, 1);
|
||||
$since_id = $this->getRequestValue($request, 'since_id', 0, 1);
|
||||
$max_id = $this->getRequestValue($request, 'max_id', 0, 1);
|
||||
|
||||
$start = max(0, ($page - 1) * $count);
|
||||
|
||||
|
|
|
@ -60,7 +60,7 @@ class Create extends BaseApi
|
|||
$uid = BaseApi::getCurrentUserID();
|
||||
|
||||
// params
|
||||
$name = $request['name'] ?? '';
|
||||
$name = $this->getRequestValue($request, 'name', '');
|
||||
|
||||
if ($name == '') {
|
||||
throw new HTTPException\BadRequestException('group name not specified');
|
||||
|
|
|
@ -60,7 +60,7 @@ class Destroy extends BaseApi
|
|||
$uid = BaseApi::getCurrentUserID();
|
||||
|
||||
// params
|
||||
$gid = $request['list_id'] ?? 0;
|
||||
$gid = $this->getRequestValue($request, 'list_id', 0);
|
||||
|
||||
// error if no gid specified
|
||||
if ($gid == 0) {
|
||||
|
|
|
@ -65,12 +65,12 @@ class Statuses extends BaseApi
|
|||
}
|
||||
|
||||
// params
|
||||
$count = $request['count'] ?? 20;
|
||||
$page = $request['page'] ?? 1;
|
||||
$since_id = $request['since_id'] ?? 0;
|
||||
$max_id = $request['max_id'] ?? 0;
|
||||
$exclude_replies = (!empty($request['exclude_replies']) ? 1 : 0);
|
||||
$conversation_id = $request['conversation_id'] ?? 0;
|
||||
$count = $this->getRequestValue($request, 'count', 20);
|
||||
$page = $this->getRequestValue($request, 'page', 1);
|
||||
$since_id = $this->getRequestValue($request, 'since_id', 0);
|
||||
$max_id = $this->getRequestValue($request, 'max_id', 0);
|
||||
$exclude_replies = $this->getRequestValue($request, 'exclude_replies', false);
|
||||
$conversation_id = $this->getRequestValue($request, 'conversation_id', 0);
|
||||
|
||||
$start = max(0, ($page - 1) * $count);
|
||||
|
||||
|
@ -83,7 +83,7 @@ class Statuses extends BaseApi
|
|||
$condition[0] .= " AND `id` <= ?";
|
||||
$condition[] = $max_id;
|
||||
}
|
||||
if ($exclude_replies > 0) {
|
||||
if ($exclude_replies) {
|
||||
$condition[0] .= ' AND `gravity` = ?';
|
||||
$condition[] = GRAVITY_PARENT;
|
||||
}
|
||||
|
|
|
@ -60,8 +60,8 @@ class Update extends BaseApi
|
|||
$uid = BaseApi::getCurrentUserID();
|
||||
|
||||
// params
|
||||
$gid = $request['list_id'] ?? 0;
|
||||
$name = $request['name'] ?? '';
|
||||
$gid = $this->getRequestValue($request, 'list_id', 0);
|
||||
$name = $this->getRequestValue($request, 'name', '');
|
||||
|
||||
// error if no gid specified
|
||||
if ($gid == 0) {
|
||||
|
|
|
@ -43,12 +43,12 @@ class HomeTimeline extends BaseApi
|
|||
// get last network messages
|
||||
|
||||
// params
|
||||
$count = $_REQUEST['count'] ?? 20;
|
||||
$page = $_REQUEST['page'] ?? 0;
|
||||
$since_id = $_REQUEST['since_id'] ?? 0;
|
||||
$max_id = $_REQUEST['max_id'] ?? 0;
|
||||
$exclude_replies = !empty($_REQUEST['exclude_replies']);
|
||||
$conversation_id = $_REQUEST['conversation_id'] ?? 0;
|
||||
$count = $this->getRequestValue($request, 'count', 20, 1, 100);
|
||||
$page = $this->getRequestValue($request, 'page', 1, 1);
|
||||
$since_id = $this->getRequestValue($request, 'since_id', 0, 1);
|
||||
$max_id = $this->getRequestValue($request, 'max_id', 0, 1);
|
||||
$exclude_replies = $this->getRequestValue($request, 'exclude_replies', false);
|
||||
$conversation_id = $this->getRequestValue($request, 'conversation_id', 0);
|
||||
|
||||
$start = max(0, ($page - 1) * $count);
|
||||
|
||||
|
|
|
@ -42,10 +42,10 @@ class Mentions extends BaseApi
|
|||
// get last network messages
|
||||
|
||||
// params
|
||||
$since_id = $_REQUEST['since_id'] ?? 0;
|
||||
$max_id = $_REQUEST['max_id'] ?? 0;
|
||||
$count = $_REQUEST['count'] ?? 20;
|
||||
$page = $_REQUEST['page'] ?? 1;
|
||||
$count = $this->getRequestValue($request, 'count', 20, 1, 100);
|
||||
$page = $this->getRequestValue($request, 'page', 1, 1);
|
||||
$since_id = $this->getRequestValue($request, 'since_id', 0, 1);
|
||||
$max_id = $this->getRequestValue($request, 'max_id', 0, 1);
|
||||
|
||||
$start = max(0, ($page - 1) * $count);
|
||||
|
||||
|
|
|
@ -41,12 +41,12 @@ class PublicTimeline extends BaseApi
|
|||
// get last network messages
|
||||
|
||||
// params
|
||||
$count = $_REQUEST['count'] ?? 20;
|
||||
$page = $_REQUEST['page'] ?? 1;
|
||||
$since_id = $_REQUEST['since_id'] ?? 0;
|
||||
$max_id = $_REQUEST['max_id'] ?? 0;
|
||||
$exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0);
|
||||
$conversation_id = $_REQUEST['conversation_id'] ?? 0;
|
||||
$count = $this->getRequestValue($request, 'count', 20, 1, 100);
|
||||
$page = $this->getRequestValue($request, 'page', 1, 1);
|
||||
$since_id = $this->getRequestValue($request, 'since_id', 0, 1);
|
||||
$max_id = $this->getRequestValue($request, 'max_id', 0, 1);
|
||||
$exclude_replies = $this->getRequestValue($request, 'exclude_replies', false);
|
||||
$conversation_id = $this->getRequestValue($request, 'conversation_id', 0);
|
||||
|
||||
$start = max(0, ($page - 1) * $count);
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user