Move include/security tp /src/Core/Authentication and /src/Util/Security

mod/admin.php

@@ -25,6 +25,7 @@ use Friendica\Util\Arrays;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Temporal;
 use Friendica\Util\Network;
+use Friendica\Util\Security;
 
 require_once 'include/enotify.php';
 require_once 'include/text.php';
@@ -313,7 +314,7 @@ function admin_page_tos(App $a)
 		'$preview' => L10n::t('Privacy Statement Preview'),
 		'$privtext' => $tos->privacy_complete,
 		'$tostext' => ['tostext', L10n::t('The Terms of Service'), Config::get('system', 'tostext'), L10n::t('Enter the Terms of Service for your node here. You can use BBCode. Headers of sections should be [h2] and below.')],
-		'$form_security_token' => get_form_security_token("admin_tos"),
+		'$form_security_token' => Security::get_form_security_token("admin_tos"),
 		'$submit' => L10n::t('Save Settings'),
 	]);
 }
@@ -324,7 +325,7 @@ function admin_page_tos(App $a)
  */
 function admin_page_tos_post(App $a)
 {
-	check_form_security_token_redirectOnErr('/admin/tos', 'admin_tos');
+	Security::check_form_security_token_redirectOnErr('/admin/tos', 'admin_tos');
 
 	if (!x($_POST, "page_tos")) {
 		return;
@@ -384,7 +385,7 @@ function admin_page_blocklist(App $a)
 		'$entries' => $blocklistform,
 		'$baseurl' => System::baseUrl(true),
 		'$confirm_delete' => L10n::t('Delete entry from blocklist?'),
-		'$form_security_token' => get_form_security_token("admin_blocklist")
+		'$form_security_token' => Security::get_form_security_token("admin_blocklist")
 	]);
 }
 
@@ -399,7 +400,7 @@ function admin_page_blocklist_post(App $a)
 		return;
 	}
 
-	check_form_security_token_redirectOnErr('/admin/blocklist', 'admin_blocklist');
+	Security::check_form_security_token_redirectOnErr('/admin/blocklist', 'admin_blocklist');
 
 	if (x($_POST['page_blocklist_save'])) {
 		//  Add new item to blocklist
@@ -442,7 +443,7 @@ function admin_page_contactblock_post(App $a)
 	$contact_url = x($_POST, 'contact_url') ? $_POST['contact_url'] : '';
 	$contacts    = x($_POST, 'contacts')    ? $_POST['contacts']    : [];
 
-	check_form_security_token_redirectOnErr('/admin/contactblock', 'admin_contactblock');
+	Security::check_form_security_token_redirectOnErr('/admin/contactblock', 'admin_contactblock');
 
 	if (x($_POST, 'page_contactblock_block')) {
 		$contact_id = Contact::getIdForURL($contact_url);
@@ -499,7 +500,7 @@ function admin_page_contactblock(App $a)
 		'$h_newblock'  => L10n::t('Block New Remote Contact'),
 		'$th_contacts' => [L10n::t('Photo'), L10n::t('Name'), L10n::t('Address'), L10n::t('Profile URL')],
 
-		'$form_security_token' => get_form_security_token("admin_contactblock"),
+		'$form_security_token' => Security::get_form_security_token("admin_contactblock"),
 
 		// values //
 		'$baseurl'    => System::baseUrl(true),
@@ -534,7 +535,7 @@ function admin_page_deleteitem(App $a)
 		'$intro2' => L10n::t('You need to know the GUID of the item. You can find it e.g. by looking at the display URL. The last part of http://example.com/display/123456 is the GUID, here 123456.'),
 		'$deleteitemguid' => ['deleteitemguid', L10n::t("GUID"), '', L10n::t("The GUID of the item you want to delete."), 'required', 'autofocus'],
 		'$baseurl' => System::baseUrl(),
-		'$form_security_token' => get_form_security_token("admin_deleteitem")
+		'$form_security_token' => Security::get_form_security_token("admin_deleteitem")
 	]);
 }
 
@@ -552,7 +553,7 @@ function admin_page_deleteitem_post(App $a)
 		return;
 	}
 
-	check_form_security_token_redirectOnErr('/admin/deleteitem/', 'admin_deleteitem');
+	Security::check_form_security_token_redirectOnErr('/admin/deleteitem/', 'admin_deleteitem');
 
 	if (x($_POST['page_deleteitem_submit'])) {
 		$guid = trim(notags($_POST['deleteitemguid']));
@@ -945,7 +946,7 @@ function admin_page_summary(App $a)
  */
 function admin_page_site_post(App $a)
 {
-	check_form_security_token_redirectOnErr('/admin/site', 'admin_site');
+	Security::check_form_security_token_redirectOnErr('/admin/site', 'admin_site');
 
 	if (!empty($_POST['republish_directory'])) {
 		Worker::add(PRIORITY_LOW, 'Directory');
@@ -1541,7 +1542,7 @@ function admin_page_site(App $a)
 		'$relay_server_tags' 	=> ['relay_server_tags', L10n::t("Server tags"), Config::get('system','relay_server_tags'), L10n::t("Comma separated list of tags for the 'tags' subscription.")],
 		'$relay_user_tags' 	=> ['relay_user_tags', L10n::t("Allow user tags"), Config::get('system', 'relay_user_tags', true), L10n::t("If enabled, the tags from the saved searches will used for the 'tags' subscription in addition to the 'relay_server_tags'.")],
 
-		'$form_security_token'	=> get_form_security_token("admin_site"),
+		'$form_security_token'	=> Security::get_form_security_token("admin_site"),
 		'$relocate_button'      => L10n::t('Start Relocation'),
 	]);
 }
@@ -1656,7 +1657,7 @@ function admin_page_users_post(App $a)
 	$nu_email    = defaults($_POST, 'new_user_email'   , '');
 	$nu_language = Config::get('system', 'language');
 
-	check_form_security_token_redirectOnErr('/admin/users', 'admin_users');
+	Security::check_form_security_token_redirectOnErr('/admin/users', 'admin_users');
 
 	if (!($nu_name === "") && !($nu_email === "") && !($nu_nickname === "")) {
 		try {
@@ -1772,14 +1773,14 @@ function admin_page_users(App $a)
 		}
 		switch ($a->argv[2]) {
 			case "delete":
-				check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
+				Security::check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
 				// delete user
 				User::remove($uid);
 
 				notice(L10n::t("User '%s' deleted", $user['username']) . EOL);
 				break;
 			case "block":
-				check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
+				Security::check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
 				q("UPDATE `user` SET `blocked` = %d WHERE `uid` = %s",
 					intval(1 - $user['blocked']),
 					intval($uid)
@@ -1930,7 +1931,7 @@ function admin_page_users(App $a)
 		'$confirm_delete_multi' => L10n::t('Selected users will be deleted!\n\nEverything these users had posted on this site will be permanently deleted!\n\nAre you sure?'),
 		'$confirm_delete' => L10n::t('The user {0} will be deleted!\n\nEverything this user has posted on this site will be permanently deleted!\n\nAre you sure?'),
 
-		'$form_security_token' => get_form_security_token("admin_users"),
+		'$form_security_token' => Security::get_form_security_token("admin_users"),
 
 		// values //
 		'$baseurl' => System::baseUrl(true),
@@ -1975,7 +1976,7 @@ function admin_page_addons(App $a)
 		}
 
 		if (x($_GET, "a") && $_GET['a'] == "t") {
-			check_form_security_token_redirectOnErr('/admin/addons', 'admin_themes', 't');
+			Security::check_form_security_token_redirectOnErr('/admin/addons', 'admin_themes', 't');
 
 			// Toggle addon status
 			$idx = array_search($addon, $a->addons);
@@ -2037,7 +2038,7 @@ function admin_page_addons(App $a)
 			'$screenshot' => '',
 			'$readme' => $readme,
 
-			'$form_security_token' => get_form_security_token("admin_themes"),
+			'$form_security_token' => Security::get_form_security_token("admin_themes"),
 		]);
 	}
 
@@ -2045,7 +2046,7 @@ function admin_page_addons(App $a)
 	 * List addons
 	 */
 	if (x($_GET, "a") && $_GET['a'] == "r") {
-		check_form_security_token_redirectOnErr(System::baseUrl() . '/admin/addons', 'admin_themes', 't');
+		Security::check_form_security_token_redirectOnErr(System::baseUrl() . '/admin/addons', 'admin_themes', 't');
 		Addon::reload();
 		info("Addons reloaded");
 		goaway(System::baseUrl() . '/admin/addons');
@@ -2088,7 +2089,7 @@ function admin_page_addons(App $a)
 		'$addons' => $addons,
 		'$pcount' => count($addons),
 		'$noplugshint' => L10n::t('There are currently no addons available on your node. You can find the official addon repository at %1$s and might find other interesting addons in the open addon registry at %2$s', 'https://github.com/friendica/friendica-addons', 'http://addons.friendi.ca'),
-		'$form_security_token' => get_form_security_token("admin_themes"),
+		'$form_security_token' => Security::get_form_security_token("admin_themes"),
 	]);
 }
 
@@ -2223,7 +2224,7 @@ function admin_page_themes(App $a)
 		}
 
 		if (x($_GET, "a") && $_GET['a'] == "t") {
-			check_form_security_token_redirectOnErr('/admin/themes', 'admin_themes', 't');
+			Security::check_form_security_token_redirectOnErr('/admin/themes', 'admin_themes', 't');
 
 			// Toggle theme status
 
@@ -2305,13 +2306,13 @@ function admin_page_themes(App $a)
 			'$screenshot' => $screenshot,
 			'$readme' => $readme,
 
-			'$form_security_token' => get_form_security_token("admin_themes"),
+			'$form_security_token' => Security::get_form_security_token("admin_themes"),
 		]);
 	}
 
 	// reload active themes
 	if (x($_GET, "a") && $_GET['a'] == "r") {
-		check_form_security_token_redirectOnErr(System::baseUrl() . '/admin/themes', 'admin_themes', 't');
+		Security::check_form_security_token_redirectOnErr(System::baseUrl() . '/admin/themes', 'admin_themes', 't');
 		foreach ($themes as $th) {
 			if ($th['allowed']) {
 				Theme::uninstall($th['name']);
@@ -2344,7 +2345,7 @@ function admin_page_themes(App $a)
 		'$noplugshint'         => L10n::t('No themes found on the system. They should be placed in %1$s', '<code>/view/themes</code>'),
 		'$experimental'        => L10n::t('[Experimental]'),
 		'$unsupported'         => L10n::t('[Unsupported]'),
-		'$form_security_token' => get_form_security_token("admin_themes"),
+		'$form_security_token' => Security::get_form_security_token("admin_themes"),
 	]);
 }
 
@@ -2356,7 +2357,7 @@ function admin_page_themes(App $a)
 function admin_page_logs_post(App $a)
 {
 	if (x($_POST, "page_logs")) {
-		check_form_security_token_redirectOnErr('/admin/logs', 'admin_logs');
+		Security::check_form_security_token_redirectOnErr('/admin/logs', 'admin_logs');
 
 		$logfile   = ((x($_POST,'logfile'))   ? notags(trim($_POST['logfile']))  : '');
 		$debugging = ((x($_POST,'debugging')) ? true                             : false);
@@ -2418,7 +2419,7 @@ function admin_page_logs(App $a)
 		'$debugging' => ['debugging', L10n::t("Enable Debugging"), Config::get('system', 'debugging'), ""],
 		'$logfile' => ['logfile', L10n::t("Log file"), Config::get('system', 'logfile'), L10n::t("Must be writable by web server. Relative to your Friendica top-level directory.")],
 		'$loglevel' => ['loglevel', L10n::t("Log level"), Config::get('system', 'loglevel'), "", $log_choices],
-		'$form_security_token' => get_form_security_token("admin_logs"),
+		'$form_security_token' => Security::get_form_security_token("admin_logs"),
 		'$phpheader' => L10n::t("PHP logging"),
 		'$phphint' => L10n::t("To temporarily enable logging of PHP errors and warnings you can prepend the following to the index.php file of your installation. The filename set in the 'error_log' line is relative to the friendica top-level directory and must be writeable by the web server. The option '1' for 'log_errors' and 'display_errors' is to enable these options, set to '0' to disable them."),
 		'$phplogcode' => "error_reporting(E_ERROR | E_WARNING | E_PARSE);\nini_set('error_log','php.out');\nini_set('log_errors','1');\nini_set('display_errors', '1');",
@@ -2489,7 +2490,7 @@ function admin_page_viewlogs(App $a)
  */
 function admin_page_features_post(App $a)
 {
-	check_form_security_token_redirectOnErr('/admin/features', 'admin_manage_features');
+	Security::check_form_security_token_redirectOnErr('/admin/features', 'admin_manage_features');
 
 	logger('postvars: ' . print_r($_POST, true), LOGGER_DATA);
 
@@ -2554,7 +2555,7 @@ function admin_page_features(App $a)
 
 		$tpl = get_markup_template('admin/settings_features.tpl');
 		$o = replace_macros($tpl, [
-			'$form_security_token' => get_form_security_token("admin_manage_features"),
+			'$form_security_token' => Security::get_form_security_token("admin_manage_features"),
 			'$title' => L10n::t('Manage Additional Features'),
 			'$features' => $arr,
 			'$submit' => L10n::t('Save Settings'),