Merge pull request #10960 from annando/escapeTags
"escapeTags" is finally removed
This commit is contained in:
commit
42acc45772
11 changed files with 11 additions and 34 deletions
|
@ -204,7 +204,7 @@ function photos_post(App $a)
|
|||
}
|
||||
|
||||
// RENAME photo album
|
||||
$newalbum = Strings::escapeTags(trim($_POST['albumname']));
|
||||
$newalbum = trim($_POST['albumname'] ?? '');
|
||||
if ($newalbum != $album) {
|
||||
Photo::update(['album' => $newalbum], ['album' => $album, 'uid' => $page_owner_uid]);
|
||||
// Update the photo albums cache
|
||||
|
|
|
@ -32,7 +32,6 @@ use Friendica\Model\Item;
|
|||
use Friendica\Model\Post;
|
||||
use Friendica\Model\Tag;
|
||||
use Friendica\Protocol\Activity;
|
||||
use Friendica\Util\Strings;
|
||||
use Friendica\Util\XML;
|
||||
use Friendica\Worker\Delivery;
|
||||
|
||||
|
@ -42,15 +41,15 @@ function tagger_content(App $a) {
|
|||
return;
|
||||
}
|
||||
|
||||
$term = Strings::escapeTags(trim($_GET['term']));
|
||||
$term = trim($_GET['term'] ?? '');
|
||||
// no commas allowed
|
||||
$term = str_replace([',',' '],['','_'],$term);
|
||||
$term = str_replace([',',' ', '<', '>'],['','_', '', ''], $term);
|
||||
|
||||
if (!$term) {
|
||||
return;
|
||||
}
|
||||
|
||||
$item_id = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : 0);
|
||||
$item_id = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1]) : 0);
|
||||
|
||||
Logger::notice('tagger: tag ' . $term . ' item ' . $item_id);
|
||||
|
||||
|
|
|
@ -48,7 +48,6 @@ class BaseSearch extends BaseModule
|
|||
*/
|
||||
public static function performContactSearch($search, $prefix = '')
|
||||
{
|
||||
$a = DI::app();
|
||||
$config = DI::config();
|
||||
|
||||
$type = Search::TYPE_ALL;
|
||||
|
|
|
@ -58,7 +58,7 @@ class Invite extends BaseModule
|
|||
|
||||
|
||||
$recipients = !empty($_POST['recipients']) ? explode("\n", $_POST['recipients']) : [];
|
||||
$message = !empty($_POST['message']) ? Strings::escapeTags(trim($_POST['message'])) : '';
|
||||
$message = !empty($_POST['message']) ? Strings::escapeHtml(trim($_POST['message'])) : '';
|
||||
|
||||
$total = 0;
|
||||
$invitation_only = false;
|
||||
|
|
|
@ -25,7 +25,6 @@ use Friendica\Content\Widget;
|
|||
use Friendica\DI;
|
||||
use Friendica\Module\BaseSearch;
|
||||
use Friendica\Module\Security\Login;
|
||||
use Friendica\Util\Strings;
|
||||
|
||||
/**
|
||||
* Directory search module
|
||||
|
@ -39,7 +38,7 @@ class Directory extends BaseSearch
|
|||
return Login::form();
|
||||
}
|
||||
|
||||
$search = Strings::escapeTags(trim(rawurldecode($_REQUEST['search'] ?? '')));
|
||||
$search = trim(rawurldecode($_REQUEST['search'] ?? ''));
|
||||
|
||||
if (empty(DI::page()['aside'])) {
|
||||
DI::page()['aside'] = '';
|
||||
|
|
|
@ -38,13 +38,12 @@ use Friendica\Model\Post;
|
|||
use Friendica\Model\Tag;
|
||||
use Friendica\Module\BaseSearch;
|
||||
use Friendica\Network\HTTPException;
|
||||
use Friendica\Util\Strings;
|
||||
|
||||
class Index extends BaseSearch
|
||||
{
|
||||
public static function content(array $parameters = [])
|
||||
{
|
||||
$search = (!empty($_GET['q']) ? Strings::escapeTags(trim(rawurldecode($_GET['q']))) : '');
|
||||
$search = (!empty($_GET['q']) ? trim(rawurldecode($_GET['q'])) : '');
|
||||
|
||||
if (DI::config()->get('system', 'block_public') && !Session::isAuthenticated()) {
|
||||
throw new HTTPException\ForbiddenException(DI::l10n()->t('Public access denied.'));
|
||||
|
@ -88,7 +87,7 @@ class Index extends BaseSearch
|
|||
$tag = false;
|
||||
if (!empty($_GET['tag'])) {
|
||||
$tag = true;
|
||||
$search = '#' . Strings::escapeTags(trim(rawurldecode($_GET['tag'])));
|
||||
$search = '#' . trim(rawurldecode($_GET['tag']));
|
||||
}
|
||||
|
||||
// contruct a wrapper for the search header
|
||||
|
|
|
@ -25,14 +25,13 @@ use Friendica\BaseModule;
|
|||
use Friendica\Core\Search;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\DI;
|
||||
use Friendica\Util\Strings;
|
||||
|
||||
class Saved extends BaseModule
|
||||
{
|
||||
public static function init(array $parameters = [])
|
||||
{
|
||||
$action = DI::args()->get(2, 'none');
|
||||
$search = Strings::escapeTags(trim(rawurldecode($_GET['term'] ?? '')));
|
||||
$search = trim(rawurldecode($_GET['term'] ?? ''));
|
||||
|
||||
$return_url = $_GET['return_url'] ?? Search::getSearchPath($search);
|
||||
|
||||
|
|
|
@ -59,22 +59,6 @@ class Strings
|
|||
return !empty($hexCode) ? @preg_match("/^[a-f0-9]{2,}$/i", $hexCode) && !(strlen($hexCode) & 1) : false;
|
||||
}
|
||||
|
||||
/**
|
||||
* This is our primary input filter.
|
||||
*
|
||||
* Use this on any text input where angle chars are not valid or permitted
|
||||
* They will be replaced with safer brackets. This may be filtered further
|
||||
* if these are not allowed either.
|
||||
*
|
||||
* @param string $string Input string
|
||||
* @return string Filtered string
|
||||
* @deprecated since 2020.09 Please use Smarty default HTML escaping for templates or htmlspecialchars() otherwise
|
||||
*/
|
||||
public static function escapeTags($string)
|
||||
{
|
||||
return str_replace(["<", ">"], ['[', ']'], $string);
|
||||
}
|
||||
|
||||
/**
|
||||
* Use this on "body" or "content" input where angle chars shouldn't be removed,
|
||||
* and allow them to be safely displayed.
|
||||
|
|
|
@ -90,10 +90,8 @@ class StringsTest extends TestCase
|
|||
{
|
||||
$invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
|
||||
|
||||
$validstring = Strings::escapeTags($invalidstring);
|
||||
$escapedString = Strings::escapeHtml($invalidstring);
|
||||
|
||||
self::assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
|
||||
self::assertEquals(
|
||||
"<submit type="button" onclick="alert('failed!');" />",
|
||||
$escapedString
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
<div id="directory-search-wrapper">
|
||||
<form id="directory-search-form" action="{{$search_mod}}" method="get">
|
||||
<span class="dirsearch-desc">{{$desc nofilter}}</span>
|
||||
<span class="dirsearch-desc">{{$desc}}</span>
|
||||
<input type="text" name="search" id="directory-search" class="search-input" onfocus="this.select();" value="{{$search}}" />
|
||||
<input type="submit" name="submit" id="directory-search-submit" value="{{$submit}}" class="button" />
|
||||
</form>
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
<div class="col-md-2"></div>
|
||||
<div class="col-md-8 ">
|
||||
<div class="form-group form-group-search">
|
||||
<input type="text" name="search" id="directory-search" class="search-input form-control form-search" onfocus="this.select();" value="{{$search}}" placeholder="{{$desc nofilter}}"/>
|
||||
<input type="text" name="search" id="directory-search" class="search-input form-control form-search" onfocus="this.select();" value="{{$search}}" placeholder="{{$desc}}"/>
|
||||
<button class="btn btn-default btn-sm form-button-search" type="submit" id="directory-search-submit">{{$submit}}</button>
|
||||
</div>
|
||||
</div>
|
||||
|
|
Loading…
Reference in a new issue