bitPickups/friendica_2020-09-1_sharedHosting
1
0
Fork 0
Code Pull requests Activity

Some removed escapeTags calls

Browse source
This commit is contained in:
Michael 2021-11-05 19:59:18 +00:00
commit 23b10cf2ae
16 changed files with 39 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

2
mod/lostpass.php
View file

@ -29,7 +29,7 @@ use Friendica\Util\Strings;
function lostpass_post(App $a)
{
$loginame = Strings::escapeTags(trim($_POST['login-name']));
$loginame = trim($_POST['login-name']);
if (!$loginame) {
DI::baseUrl()->redirect();
}

16
mod/pubsub.php
View file

@ -50,14 +50,14 @@ function hub_post_return()
function pubsub_init(App $a)
{
$nick = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : '');
$contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 );
$nick = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1]) : '');
$contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 );
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$hub_mode = Strings::escapeTags(trim($_GET['hub_mode'] ?? ''));
$hub_topic = Strings::escapeTags(trim($_GET['hub_topic'] ?? ''));
$hub_challenge = Strings::escapeTags(trim($_GET['hub_challenge'] ?? ''));
$hub_verify = Strings::escapeTags(trim($_GET['hub_verify_token'] ?? ''));
$hub_mode = trim($_GET['hub_mode'] ?? '');
$hub_topic = trim($_GET['hub_topic'] ?? '');
$hub_challenge = trim($_GET['hub_challenge'] ?? '');
$hub_verify = trim($_GET['hub_verify_token'] ?? '');
Logger::notice('Subscription from ' . $_SERVER['REMOTE_ADDR'] . ' Mode: ' . $hub_mode . ' Nick: ' . $nick);
Logger::debug('Data: ', ['get' => $_GET]);
@ -110,8 +110,8 @@ function pubsub_post(App $a)
Logger::info('Feed arrived from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . DI::args()->getCommand() . ' with user-agent: ' . $_SERVER['HTTP_USER_AGENT']);
Logger::debug('Data: ' . $xml);
$nick = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : '');
$contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 );
$nick = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1]) : '');
$contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 );
$importer = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]);
if (!DBA::isResult($importer)) {

14
mod/pubsubhubbub.php
View file

@ -26,10 +26,6 @@ use Friendica\DI;
use Friendica\Model\PushSubscriber;
use Friendica\Util\Strings;
function post_var($name) {
return !empty($_POST[$name]) ? Strings::escapeTags(trim($_POST[$name])) : '';
}
function pubsubhubbub_init(App $a) {
// PuSH subscription must be considered "public" so just block it
// if public access isn't enabled.
@ -48,11 +44,11 @@ function pubsubhubbub_init(App $a) {
// [hub_topic] => http://friendica.local/dfrn_poll/sazius
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$hub_mode = post_var('hub_mode');
$hub_callback = post_var('hub_callback');
$hub_verify_token = post_var('hub_verify_token');
$hub_secret = post_var('hub_secret');
$hub_topic = post_var('hub_topic');
$hub_mode = $_POST['hub_mode'] ?? '';
$hub_callback = $_POST['hub_callback'] ?? '';
$hub_verify_token = $_POST['hub_verify_token'] ?? '';
$hub_secret = $_POST['hub_secret'] ?? '';
$hub_topic = $_POST['hub_topic'] ?? '';
// check for valid hub_mode
if ($hub_mode === 'subscribe') {

3
mod/salmon.php
View file

@ -24,7 +24,6 @@ use Friendica\Core\Logger;
use Friendica\Core\Protocol;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Model\Contact;
use Friendica\Model\GServer;
use Friendica\Model\Post;
use Friendica\Protocol\ActivityNamespace;
@ -42,7 +41,7 @@ function salmon_post(App $a, $xml = '') {
Logger::debug('new salmon ' . $xml);
$nick = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : '');
$nick = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1]) : '');
$importer = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]);
if (! DBA::isResult($importer)) {

6
mod/tagrm.php
View file

@ -23,10 +23,8 @@ use Friendica\App;
use Friendica\Content\Text\BBCode;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Model\Item;
use Friendica\Model\Post;
use Friendica\Model\Tag;
use Friendica\Util\Strings;
function tagrm_post(App $a)
{
@ -40,7 +38,7 @@ function tagrm_post(App $a)
$tags = [];
foreach ($_POST['tag'] ?? [] as $tag) {
$tags[] = hex2bin(Strings::escapeTags(trim($tag)));
$tags[] = hex2bin(trim($tag));
}
$item_id = $_POST['item'] ?? 0;
@ -89,7 +87,7 @@ function tagrm_content(App $a)
}
if (DI::args()->getArgc()== 3) {
update_tags(DI::args()->getArgv()[1], [Strings::escapeTags(trim(hex2bin(DI::args()->getArgv()[2])))]);
update_tags(DI::args()->getArgv()[1], [trim(hex2bin(DI::args()->getArgv()[2]))]);
DI::baseUrl()->redirect($photo_return);
}

4
mod/unfollow.php
View file

@ -37,7 +37,7 @@ function unfollow_post(App $a)
// NOTREACHED
}
$url = Strings::escapeTags(trim($_REQUEST['url'] ?? ''));
$url = trim($_REQUEST['url'] ?? '');
unfollow_process($url);
}
@ -53,7 +53,7 @@ function unfollow_content(App $a)
}
$uid = local_user();
$url = Strings::escapeTags(trim($_REQUEST['url']));
$url = trim($_REQUEST['url']);
$condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)",
local_user(), Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url),