1
0
Fork 0

Merge pull request #10958 from annando/escapeTags

Some more "escapeTags" removed
This commit is contained in:
Hypolite Petovan 2021-11-06 16:35:50 -04:00 committed by GitHub
commit f99d37d87e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 76 additions and 89 deletions

View file

@ -70,10 +70,10 @@ function message_post(App $a)
return;
}
$replyto = !empty($_REQUEST['replyto']) ? Strings::escapeTags(trim($_REQUEST['replyto'])) : '';
$subject = !empty($_REQUEST['subject']) ? Strings::escapeTags(trim($_REQUEST['subject'])) : '';
$body = !empty($_REQUEST['body']) ? Strings::escapeHtml(trim($_REQUEST['body'])) : '';
$recipient = !empty($_REQUEST['recipient']) ? intval($_REQUEST['recipient']) : 0;
$replyto = !empty($_REQUEST['replyto']) ? trim($_REQUEST['replyto']) : '';
$subject = !empty($_REQUEST['subject']) ? trim($_REQUEST['subject']) : '';
$body = !empty($_REQUEST['body']) ? Strings::escapeHtml(trim($_REQUEST['body'])) : '';
$recipient = !empty($_REQUEST['recipient']) ? intval($_REQUEST['recipient']) : 0;
$ret = Mail::send($recipient, $body, $subject, $replyto);
$norecip = false;

View file

@ -291,11 +291,11 @@ function photos_post(App $a)
}
if (DI::args()->getArgc() > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || isset($_POST['albname']))) {
$desc = !empty($_POST['desc']) ? Strings::escapeTags(trim($_POST['desc'])) : '';
$rawtags = !empty($_POST['newtag']) ? Strings::escapeTags(trim($_POST['newtag'])) : '';
$item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0;
$albname = !empty($_POST['albname']) ? trim($_POST['albname']) : '';
$origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : '';
$desc = !empty($_POST['desc']) ? trim($_POST['desc']) : '';
$rawtags = !empty($_POST['newtag']) ? trim($_POST['newtag']) : '';
$item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0;
$albname = !empty($_POST['albname']) ? trim($_POST['albname']) : '';
$origaname = !empty($_POST['origaname']) ? trim($_POST['origaname']) : '';
$resource_id = DI::args()->getArgv()[3];

View file

@ -37,7 +37,6 @@ use Friendica\Model\User;
use Friendica\Module\BaseSettings;
use Friendica\Module\Security\Login;
use Friendica\Protocol\Email;
use Friendica\Util\Strings;
use Friendica\Util\Temporal;
use Friendica\Worker\Delivery;
@ -216,14 +215,14 @@ function settings_post(App $a)
}
}
$username = (!empty($_POST['username']) ? Strings::escapeTags(trim($_POST['username'])) : '');
$email = (!empty($_POST['email']) ? Strings::escapeTags(trim($_POST['email'])) : '');
$timezone = (!empty($_POST['timezone']) ? Strings::escapeTags(trim($_POST['timezone'])) : '');
$language = (!empty($_POST['language']) ? Strings::escapeTags(trim($_POST['language'])) : '');
$username = (!empty($_POST['username']) ? trim($_POST['username']) : '');
$email = (!empty($_POST['email']) ? trim($_POST['email']) : '');
$timezone = (!empty($_POST['timezone']) ? trim($_POST['timezone']) : '');
$language = (!empty($_POST['language']) ? trim($_POST['language']) : '');
$defloc = (!empty($_POST['defloc']) ? Strings::escapeTags(trim($_POST['defloc'])) : '');
$maxreq = (!empty($_POST['maxreq']) ? intval($_POST['maxreq']) : 0);
$expire = (!empty($_POST['expire']) ? intval($_POST['expire']) : 0);
$defloc = (!empty($_POST['defloc']) ? trim($_POST['defloc']) : '');
$maxreq = (!empty($_POST['maxreq']) ? intval($_POST['maxreq']) : 0);
$expire = (!empty($_POST['expire']) ? intval($_POST['expire']) : 0);
$def_gid = (!empty($_POST['group-selection']) ? intval($_POST['group-selection']) : 0);

View file

@ -37,10 +37,10 @@ function wallmessage_post(App $a) {
return;
}
$subject = (!empty($_REQUEST['subject']) ? Strings::escapeTags(trim($_REQUEST['subject'])) : '');
$body = (!empty($_REQUEST['body']) ? Strings::escapeHtml(trim($_REQUEST['body'])) : '');
$subject = trim($_REQUEST['subject'] ?? '');
$body = Strings::escapeHtml(trim($_REQUEST['body'] ?? ''));
$recipient = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(DI::args()->getArgv()[1]) : '');
$recipient = ((DI::args()->getArgc() > 1) ? DI::args()->getArgv()[1] : '');
if ((! $recipient) || (! $body)) {
return;
}

View file

@ -128,16 +128,16 @@ class Site extends BaseAdmin
}
// end relocate
$sitename = (!empty($_POST['sitename']) ? Strings::escapeTags(trim($_POST['sitename'])) : '');
$sender_email = (!empty($_POST['sender_email']) ? Strings::escapeTags(trim($_POST['sender_email'])) : '');
$sitename = (!empty($_POST['sitename']) ? trim($_POST['sitename']) : '');
$sender_email = (!empty($_POST['sender_email']) ? trim($_POST['sender_email']) : '');
$banner = (!empty($_POST['banner']) ? trim($_POST['banner']) : false);
$email_banner = (!empty($_POST['email_banner']) ? trim($_POST['email_banner']) : false);
$shortcut_icon = (!empty($_POST['shortcut_icon']) ? Strings::escapeTags(trim($_POST['shortcut_icon'])) : '');
$touch_icon = (!empty($_POST['touch_icon']) ? Strings::escapeTags(trim($_POST['touch_icon'])) : '');
$shortcut_icon = (!empty($_POST['shortcut_icon']) ? trim($_POST['shortcut_icon']) : '');
$touch_icon = (!empty($_POST['touch_icon']) ? trim($_POST['touch_icon']) : '');
$additional_info = (!empty($_POST['additional_info']) ? trim($_POST['additional_info']) : '');
$language = (!empty($_POST['language']) ? Strings::escapeTags(trim($_POST['language'])) : '');
$theme = (!empty($_POST['theme']) ? Strings::escapeTags(trim($_POST['theme'])) : '');
$theme_mobile = (!empty($_POST['theme_mobile']) ? Strings::escapeTags(trim($_POST['theme_mobile'])) : '');
$language = (!empty($_POST['language']) ? trim($_POST['language']) : '');
$theme = (!empty($_POST['theme']) ? trim($_POST['theme']) : '');
$theme_mobile = (!empty($_POST['theme_mobile']) ? trim($_POST['theme_mobile']) : '');
$maximagesize = (!empty($_POST['maximagesize']) ? intval(trim($_POST['maximagesize'])) : 0);
$maximagelength = (!empty($_POST['maximagelength']) ? intval(trim($_POST['maximagelength'])) : -1);
$jpegimagequality = (!empty($_POST['jpegimagequality']) ? intval(trim($_POST['jpegimagequality'])) : 100);
@ -148,15 +148,15 @@ class Site extends BaseAdmin
$register_text = (!empty($_POST['register_text']) ? strip_tags(trim($_POST['register_text'])) : '');
$allowed_sites = (!empty($_POST['allowed_sites']) ? Strings::escapeTags(trim($_POST['allowed_sites'])) : '');
$allowed_email = (!empty($_POST['allowed_email']) ? Strings::escapeTags(trim($_POST['allowed_email'])) : '');
$forbidden_nicknames = (!empty($_POST['forbidden_nicknames']) ? strtolower(Strings::escapeTags(trim($_POST['forbidden_nicknames']))) : '');
$system_actor_name = (!empty($_POST['system_actor_name']) ? Strings::escapeTags(trim($_POST['system_actor_name'])) : '');
$allowed_sites = (!empty($_POST['allowed_sites']) ? trim($_POST['allowed_sites']) : '');
$allowed_email = (!empty($_POST['allowed_email']) ? trim($_POST['allowed_email']) : '');
$forbidden_nicknames = (!empty($_POST['forbidden_nicknames']) ? strtolower(trim($_POST['forbidden_nicknames'])) : '');
$system_actor_name = (!empty($_POST['system_actor_name']) ? trim($_POST['system_actor_name']) : '');
$no_oembed_rich_content = !empty($_POST['no_oembed_rich_content']);
$allowed_oembed = (!empty($_POST['allowed_oembed']) ? Strings::escapeTags(trim($_POST['allowed_oembed'])) : '');
$allowed_oembed = (!empty($_POST['allowed_oembed']) ? trim($_POST['allowed_oembed']) : '');
$block_public = !empty($_POST['block_public']);
$force_publish = !empty($_POST['publish_all']);
$global_directory = (!empty($_POST['directory']) ? Strings::escapeTags(trim($_POST['directory'])) : '');
$global_directory = (!empty($_POST['directory']) ? trim($_POST['directory']) : '');
$newuser_private = !empty($_POST['newuser_private']);
$enotify_no_content = !empty($_POST['enotify_no_content']);
$private_addons = !empty($_POST['private_addons']);
@ -173,8 +173,8 @@ class Site extends BaseAdmin
$max_author_posts_community_page = (!empty($_POST['max_author_posts_community_page']) ? intval(trim($_POST['max_author_posts_community_page'])) : 0);
$verifyssl = !empty($_POST['verifyssl']);
$proxyuser = (!empty($_POST['proxyuser']) ? Strings::escapeTags(trim($_POST['proxyuser'])) : '');
$proxy = (!empty($_POST['proxy']) ? Strings::escapeTags(trim($_POST['proxy'])) : '');
$proxyuser = (!empty($_POST['proxyuser']) ? trim($_POST['proxyuser']) : '');
$proxy = (!empty($_POST['proxy']) ? trim($_POST['proxy']) : '');
$timeout = (!empty($_POST['timeout']) ? intval(trim($_POST['timeout'])) : 60);
$maxloadavg = (!empty($_POST['maxloadavg']) ? intval(trim($_POST['maxloadavg'])) : 20);
$min_memory = (!empty($_POST['min_memory']) ? intval(trim($_POST['min_memory'])) : 0);
@ -198,20 +198,20 @@ class Site extends BaseAdmin
$suppress_tags = !empty($_POST['suppress_tags']);
$max_comments = (!empty($_POST['max_comments']) ? intval($_POST['max_comments']) : 0);
$max_display_comments = (!empty($_POST['max_display_comments']) ? intval($_POST['max_display_comments']) : 0);
$temppath = (!empty($_POST['temppath']) ? Strings::escapeTags(trim($_POST['temppath'])) : '');
$singleuser = (!empty($_POST['singleuser']) ? Strings::escapeTags(trim($_POST['singleuser'])) : '');
$temppath = (!empty($_POST['temppath']) ? trim($_POST['temppath']) : '');
$singleuser = (!empty($_POST['singleuser']) ? trim($_POST['singleuser']) : '');
$only_tag_search = !empty($_POST['only_tag_search']);
$check_new_version_url = (!empty($_POST['check_new_version_url']) ? Strings::escapeTags(trim($_POST['check_new_version_url'])) : 'none');
$check_new_version_url = (!empty($_POST['check_new_version_url']) ? trim($_POST['check_new_version_url']) : 'none');
$worker_queues = (!empty($_POST['worker_queues']) ? intval($_POST['worker_queues']) : 10);
$worker_fastlane = !empty($_POST['worker_fastlane']);
$relay_directly = !empty($_POST['relay_directly']);
$relay_scope = (!empty($_POST['relay_scope']) ? Strings::escapeTags(trim($_POST['relay_scope'])) : '');
$relay_server_tags = (!empty($_POST['relay_server_tags']) ? Strings::escapeTags(trim($_POST['relay_server_tags'])) : '');
$relay_deny_tags = (!empty($_POST['relay_deny_tags']) ? Strings::escapeTags(trim($_POST['relay_deny_tags'])) : '');
$relay_scope = (!empty($_POST['relay_scope']) ? trim($_POST['relay_scope']) : '');
$relay_server_tags = (!empty($_POST['relay_server_tags']) ? trim($_POST['relay_server_tags']) : '');
$relay_deny_tags = (!empty($_POST['relay_deny_tags']) ? trim($_POST['relay_deny_tags']) : '');
$relay_user_tags = !empty($_POST['relay_user_tags']);
$active_panel = (!empty($_POST['active_panel']) ? "#" . Strings::escapeTags(trim($_POST['active_panel'])) : '');
$active_panel = (!empty($_POST['active_panel']) ? "#" . trim($_POST['active_panel']) : '');
// Has the directory url changed? If yes, then resubmit the existing profiles there
if ($global_directory != DI::config()->get('system', 'directory') && ($global_directory != '')) {

View file

@ -234,10 +234,10 @@ class Contact extends BaseModule
$a = DI::app();
$search = Strings::escapeTags(trim($_GET['search'] ?? ''));
$nets = Strings::escapeTags(trim($_GET['nets'] ?? ''));
$rel = Strings::escapeTags(trim($_GET['rel'] ?? ''));
$group = Strings::escapeTags(trim($_GET['group'] ?? ''));
$search = trim($_GET['search'] ?? '');
$nets = trim($_GET['nets'] ?? '');
$rel = trim($_GET['rel'] ?? '');
$group = trim($_GET['group'] ?? '');
$accounttype = $_GET['accounttype'] ?? '';
$accounttypeid = User::getAccountTypeByString($accounttype);
@ -523,7 +523,7 @@ class Contact extends BaseModule
'$submit' => DI::l10n()->t('Submit'),
'$lbl_info1' => $lbl_info1,
'$lbl_info2' => DI::l10n()->t('Their personal note'),
'$reason' => trim(Strings::escapeTags($contact['reason'])),
'$reason' => trim($contact['reason']),
'$infedit' => DI::l10n()->t('Edit contact notes'),
'$common_link' => 'contact/' . $contact['id'] . '/contacts/common',
'$relation_text' => $relation_text,

View file

@ -32,7 +32,6 @@ use Friendica\DI;
use Friendica\Model;
use Friendica\Model\Profile;
use Friendica\Network\HTTPException;
use Friendica\Util\Strings;
/**
* Shows the local directory of this node
@ -59,9 +58,7 @@ class Directory extends BaseModule
Nav::setSelected('directory');
$search = (!empty($_REQUEST['search']) ?
Strings::escapeTags(trim(rawurldecode($_REQUEST['search']))) :
'');
$search = trim(rawurldecode($_REQUEST['search'] ?? ''));
$gDirPath = '';
$dirURL = $config->get('system', 'directory');

View file

@ -27,7 +27,6 @@ use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Model;
use Friendica\Util\Strings;
require_once 'boot.php';
@ -50,7 +49,7 @@ class Group extends BaseModule
if ((DI::args()->getArgc() == 2) && (DI::args()->getArgv()[1] === 'new')) {
BaseModule::checkFormSecurityTokenRedirectOnError('/group/new', 'group_edit');
$name = Strings::escapeTags(trim($_POST['groupname']));
$name = trim($_POST['groupname']);
$r = Model\Group::create(local_user(), $name);
if ($r) {
$r = Model\Group::getIdByName(local_user(), $name);
@ -72,7 +71,7 @@ class Group extends BaseModule
notice(DI::l10n()->t('Group not found.'));
DI::baseUrl()->redirect('contact');
}
$groupname = Strings::escapeTags(trim($_POST['groupname']));
$groupname = trim($_POST['groupname']);
if (strlen($groupname) && ($groupname != $group['name'])) {
if (!Model\Group::update($group['id'], $groupname)) {
notice(DI::l10n()->t('Group name was not changed.'));

View file

@ -26,7 +26,6 @@ use Friendica\Content\Nav;
use Friendica\Content\Text\Markdown;
use Friendica\DI;
use Friendica\Network\HTTPException;
use Friendica\Util\Strings;
/**
* Shows the friendica help based on the /doc/ directory
@ -59,7 +58,7 @@ class Help extends BaseModule
$title = basename($path);
$filename = $path;
$text = self::loadDocFile('doc/' . $path . '.md', $lang);
DI::page()['title'] = DI::l10n()->t('Help:') . ' ' . str_replace('-', ' ', Strings::escapeTags($title));
DI::page()['title'] = DI::l10n()->t('Help:') . ' ' . str_replace('-', ' ', $title);
}
$home = self::loadDocFile('doc/Home.md', $lang);

View file

@ -30,7 +30,6 @@ use Friendica\Core\Theme;
use Friendica\DI;
use Friendica\Network\HTTPException;
use Friendica\Util\BasePath;
use Friendica\Util\Strings;
use Friendica\Util\Temporal;
class Install extends BaseModule
@ -380,10 +379,8 @@ class Install extends BaseModule
private static function checkSetting(Cache $configCache, array $post, $cat, $key, $default = null)
{
$configCache->set($cat, $key,
Strings::escapeTags(
trim(($post[sprintf('%s-%s', $cat, $key)] ?? '') ?:
($default ?? $configCache->get($cat, $key))
)
trim(($post[sprintf('%s-%s', $cat, $key)] ?? '') ?:
($default ?? $configCache->get($cat, $key))
)
);
}

View file

@ -32,7 +32,6 @@ use Friendica\DI;
use Friendica\Model\Contact;
use Friendica\Model\Post;
use Friendica\Network\HTTPException;
use Friendica\Util\Strings;
/**
* ACL selector json backend
@ -69,7 +68,7 @@ class Acl extends BaseModule
private static function globalContactSearch()
{
// autocomplete for global contact search (e.g. navbar search)
$search = Strings::escapeTags(trim($_REQUEST['search']));
$search = trim($_REQUEST['search']);
$mode = $_REQUEST['smode'];
$page = $_REQUEST['page'] ?? 1;

View file

@ -27,7 +27,6 @@ use Friendica\Core\Renderer;
use Friendica\Core\Session;
use Friendica\DI;
use Friendica\Module\Register;
use Friendica\Util\Strings;
/**
* Login module
@ -187,16 +186,16 @@ class Login extends BaseModule
if (is_array($attr) && count($attr)) {
foreach ($attr as $k => $v) {
if ($k === 'namePerson/friendly') {
$nick = Strings::escapeTags(trim($v));
$nick = trim($v);
}
if ($k === 'namePerson/first') {
$first = Strings::escapeTags(trim($v));
$first = trim($v);
}
if ($k === 'namePerson') {
$args['username'] = Strings::escapeTags(trim($v));
$args['username'] = trim($v);
}
if ($k === 'contact/email') {
$args['email'] = Strings::escapeTags(trim($v));
$args['email'] = trim($v);
}
if ($k === 'media/image/aspect11') {
$photosq = bin2hex(trim($v));
@ -219,7 +218,7 @@ class Login extends BaseModule
$args['photo'] = $photo;
}
$args['openid_url'] = Strings::escapeTags(trim(Session::get('openid_identity')));
$args['openid_url'] = trim(Session::get('openid_identity'));
return 'register?' . http_build_query($args);
}

View file

@ -30,7 +30,6 @@ use Friendica\DI;
use Friendica\Model\User;
use Friendica\Module\BaseSettings;
use Friendica\Network\HTTPException;
use Friendica\Util\Strings;
/**
* Module to update user settings
@ -47,9 +46,9 @@ class Display extends BaseSettings
$user = User::getById(local_user());
$theme = !empty($_POST['theme']) ? Strings::escapeTags(trim($_POST['theme'])) : $user['theme'];
$mobile_theme = !empty($_POST['mobile_theme']) ? Strings::escapeTags(trim($_POST['mobile_theme'])) : '';
$enable_smile = !empty($_POST['enable_smile']) ? intval($_POST['enable_smile']) : 0;
$theme = !empty($_POST['theme']) ? trim($_POST['theme']) : $user['theme'];
$mobile_theme = !empty($_POST['mobile_theme']) ? trim($_POST['mobile_theme']) : '';
$enable_smile = !empty($_POST['enable_smile']) ? intval($_POST['enable_smile']) : 0;
$first_day_of_week = !empty($_POST['first_day_of_week']) ? intval($_POST['first_day_of_week']) : 0;
$infinite_scroll = !empty($_POST['infinite_scroll']) ? intval($_POST['infinite_scroll']) : 0;
$no_auto_update = !empty($_POST['no_auto_update']) ? intval($_POST['no_auto_update']) : 0;

View file

@ -37,7 +37,6 @@ use Friendica\Module\BaseSettings;
use Friendica\Module\Security\Login;
use Friendica\Network\HTTPException;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Strings;
use Friendica\Util\Temporal;
class Index extends BaseSettings
@ -79,23 +78,23 @@ class Index extends BaseSettings
}
}
$name = Strings::escapeTags(trim($_POST['name'] ?? ''));
$name = trim($_POST['name'] ?? '');
if (!strlen($name)) {
notice(DI::l10n()->t('Profile Name is required.'));
return;
}
$about = Strings::escapeTags(trim($_POST['about']));
$address = Strings::escapeTags(trim($_POST['address']));
$locality = Strings::escapeTags(trim($_POST['locality']));
$region = Strings::escapeTags(trim($_POST['region']));
$postal_code = Strings::escapeTags(trim($_POST['postal_code']));
$country_name = Strings::escapeTags(trim($_POST['country_name']));
$pub_keywords = self::cleanKeywords(Strings::escapeTags(trim($_POST['pub_keywords'])));
$prv_keywords = self::cleanKeywords(Strings::escapeTags(trim($_POST['prv_keywords'])));
$xmpp = Strings::escapeTags(trim($_POST['xmpp']));
$matrix = Strings::escapeTags(trim($_POST['matrix']));
$homepage = Strings::escapeTags(trim($_POST['homepage']));
$about = trim($_POST['about']);
$address = trim($_POST['address']);
$locality = trim($_POST['locality']);
$region = trim($_POST['region']);
$postal_code = trim($_POST['postal_code']);
$country_name = trim($_POST['country_name']);
$pub_keywords = self::cleanKeywords(trim($_POST['pub_keywords']));
$prv_keywords = self::cleanKeywords(trim($_POST['prv_keywords']));
$xmpp = trim($_POST['xmpp']);
$matrix = trim($_POST['matrix']);
$homepage = trim($_POST['homepage']);
if ((strpos($homepage, 'http') !== 0) && (strlen($homepage))) {
// neither http nor https in URL, add them
$homepage = 'http://' . $homepage;

View file

@ -63,7 +63,7 @@
<div id="photo-photo-end"></div>
{{* The photo description *}}
<div id="photo-caption">{{$desc nofilter}}</div>
<div id="photo-caption">{{$desc}}</div>
{{* Tags and mentions *}}
{{if $tags}}

View file

@ -24,7 +24,7 @@
<div id="photo-photo"><a href="{{$photo.href}}" title="{{$photo.title}}"><img src="{{$photo.src}}" /></a></div>
{{if $prevlink}}<div id="photo-prev-link"><a href="{{$prevlink.0}}">{{$prevlink.1 nofilter}}</a></div>{{/if}}
{{if $nextlink}}<div id="photo-next-link"><a href="{{$nextlink.0}}">{{$nextlink.1 nofilter}}</a></div>{{/if}}
<div id="photo-caption">{{$desc nofilter}}</div>
<div id="photo-caption">{{$desc}}</div>
{{if $tags}}
<div id="in-this-photo-text">{{$tags.0}}</div>
<div id="in-this-photo">{{$tags.1}}</div>

View file

@ -26,7 +26,7 @@
<div id="photo-photo"><a href="{{$photo.href}}" title="{{$photo.title}}"><img src="{{$photo.src}}" /></a></div>
{{if $nextlink}}<div id="photo-next-link"><a href="{{$nextlink.0}}">{{$nextlink.1 nofilter}}</a></div>{{/if}}
<div id="photo-photo-end"></div>
<div id="photo-caption">{{$desc nofilter}}</div>
<div id="photo-caption">{{$desc}}</div>
{{if $tags}}
<div id="in-this-photo-text">{{$tags.0}}</div>
<div id="in-this-photo">{{$tags.1}}</div>