friendica
/
friendica-addons
mirror of https://github.com/friendica/friendica-addons.git
2
1
Fork 0
Code Issues Releases 5 Wiki Activity
Browse Source

Merge pull request #756 from JonnyTischbein/move_include_security 

Move include/security to /src/Core/Authentication.php and /src/Util/Security.php
pull/760/head
Hypolite Petovan 4 years ago committed by GitHub
parent
fdc45bdcba 0bb8fdfde2
commit
2ac21ef32a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 20 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      advancedcontentfilter/advancedcontentfilter.php
  2. 6
      gravatar/gravatar.php
  3. 6
      libravatar/libravatar.php
  4. 6
      public_server/public_server.php
  5. 4
      windowsphonepush/windowsphonepush.php

11
advancedcontentfilter/advancedcontentfilter.php
Unescape View File

@ -34,6 +34,7 @@
*/
use Friendica\App;
use Friendica\BaseModule;
use Friendica\Content\Text\Markdown;
use Friendica\Core\Addon;
use Friendica\Core\Cache;
@ -46,6 +47,7 @@ use Friendica\Model\Term;
use Friendica\Module\Login;
use Friendica\Network\HTTPException;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Security;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Symfony\Component\ExpressionLanguage;
@ -53,7 +55,6 @@ use Symfony\Component\ExpressionLanguage;
require_once 'boot.php';
require_once 'include/conversation.php';
require_once 'include/dba.php';
require_once 'include/security.php';
require_once __DIR__ . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php';
@ -234,7 +235,7 @@ function advancedcontentfilter_content(App $a)
],
'$current_theme' => $a->getCurrentTheme(),
'$rules' => advancedcontentfilter_get_rules(),
'$form_security_token' => get_form_security_token()
'$form_security_token' => BaseModule::getFormSecurityToken()
]);
}
}
@ -322,7 +323,7 @@ function advancedcontentfilter_post_rules(ServerRequestInterface $request)
throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method'));
}
if (!check_form_security_token()) {
if (!BaseModule::checkFormSecurityToken()) {
throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.'));
}
@ -356,7 +357,7 @@ function advancedcontentfilter_put_rules_id(ServerRequestInterface $request, Res
throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method'));
}
if (!check_form_security_token()) {
if (!BaseModule::checkFormSecurityToken()) {
throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.'));
}
@ -385,7 +386,7 @@ function advancedcontentfilter_delete_rules_id(ServerRequestInterface $request,
throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method'));
}
if (!check_form_security_token()) {
if (!BaseModule::checkFormSecurityToken()) {
throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.'));
}

6
gravatar/gravatar.php
Unescape View File

@ -7,10 +7,12 @@
*/
use Friendica\App;
use Friendica\BaseModule;
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Database\DBA;
use Friendica\Util\Security;
/**
* Installs the addon hook
@ -103,7 +105,7 @@ function gravatar_addon_admin (&$a, &$o) {
}
// output Gravatar settings
$o .= '<input type="hidden" name="form_security_token" value="' .get_form_security_token("gravatarsave") .'">';
$o .= '<input type="hidden" name="form_security_token" value="' . BaseModule::getFormSecurityToken("gravatarsave") .'">';
$o .= replace_macros( $t, [
'$submit' => L10n::t('Save Settings'),
'$default_avatar' => ['avatar', L10n::t('Default avatar image'), $default_avatar, L10n::t('Select default avatar image if none was found at Gravatar. See README'), $default_avatars],
@ -115,7 +117,7 @@ function gravatar_addon_admin (&$a, &$o) {
* Save admin settings
*/
function gravatar_addon_admin_post (&$a) {
check_form_security_token('gravatarsave');
BaseModule::checkFormSecurityToken('gravatarsave');
$default_avatar = ((x($_POST, 'avatar')) ? notags(trim($_POST['avatar'])) : 'identicon');
$rating = ((x($_POST, 'rating')) ? notags(trim($_POST['rating'])) : 'g');

6
libravatar/libravatar.php
Unescape View File

@ -7,10 +7,12 @@
*/
use Friendica\App;
use Friendica\BaseModule;
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Database\DBA;
use Friendica\Util\Security;
/**
* Installs the addon hook
@ -106,7 +108,7 @@ function libravatar_addon_admin(&$a, &$o)
}
// output Libravatar settings
$o .= '<input type="hidden" name="form_security_token" value="' .get_form_security_token("libravatarsave") .'">';
$o .= '<input type="hidden" name="form_security_token" value="' . BaseModule::getFormSecurityToken("libravatarsave") .'">';
$o .= replace_macros( $t, [
'$submit' => L10n::t('Save Settings'),
'$default_avatar' => ['avatar', L10n::t('Default avatar image'), $default_avatar, L10n::t('Select default avatar image if none was found. See README'), $default_avatars],
@ -118,7 +120,7 @@ function libravatar_addon_admin(&$a, &$o)
*/
function libravatar_addon_admin_post(&$a)
{
check_form_security_token('libravatarrsave');
BaseModule::checkFormSecurityToken('libravatarrsave');
$default_avatar = ((x($_POST, 'avatar')) ? notags(trim($_POST['avatar'])) : 'identicon');
Config::set('libravatar', 'default_avatar', $default_avatar);

6
public_server/public_server.php
Unescape View File

@ -6,11 +6,13 @@
* Author: Keith Fernie <http://friendika.me4.it/profile/keith>
*/
use Friendica\BaseModule;
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Database\DBA;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Security;
function public_server_install()
{
@ -142,7 +144,7 @@ function public_server_login($a, $b)
function public_server_addon_admin_post(&$a)
{
check_form_security_token_redirectOnErr('/admin/addons/publicserver', 'publicserver');
BaseModule::checkFormSecurityTokenRedirectOnError('/admin/addons/publicserver', 'publicserver');
$expiredays = (x($_POST, 'expiredays') ? notags(trim($_POST['expiredays'])) : '');
$expireposts = (x($_POST, 'expireposts') ? notags(trim($_POST['expireposts'])) : '');
$nologin = (x($_POST, 'nologin') ? notags(trim($_POST['nologin'])) : '');
@ -160,7 +162,7 @@ function public_server_addon_admin_post(&$a)
function public_server_addon_admin(&$a, &$o)
{
$token = get_form_security_token("publicserver");
$token = BaseModule::getFormSecurityToken("publicserver");
$t = get_markup_template("admin.tpl", "addon/public_server");
$o = replace_macros($t, [
'$submit' => L10n::t('Save Settings'),

4
windowsphonepush/windowsphonepush.php
Unescape View File

@ -30,6 +30,7 @@ use Friendica\App;
use Friendica\Content\Text\BBCode;
use Friendica\Content\Text\HTML;
use Friendica\Core\Addon;
use Friendica\Core\Authentication;
use Friendica\Core\L10n;
use Friendica\Core\PConfig;
use Friendica\Database\DBA;
@ -471,8 +472,7 @@ function windowsphonepush_login(App $a)
die('This api requires login');
}
require_once 'include/security.php';
authenticate_success($record);
Authentication::setAuthenticatedSessionForUser($record);
$_SESSION["allow_api"] = true;
Addon::callHooks('logged_in', $a->user);
}

Write Preview
Loading…
Cancel
Save