Move include/security to /src/Core/Authentication.php and /src/Util/Security.php
This commit is contained in:
parent
cb4241af69
commit
e7f4dc8454
5 changed files with 16 additions and 13 deletions
|
@ -46,6 +46,7 @@ use Friendica\Model\Term;
|
||||||
use Friendica\Module\Login;
|
use Friendica\Module\Login;
|
||||||
use Friendica\Network\HTTPException;
|
use Friendica\Network\HTTPException;
|
||||||
use Friendica\Util\DateTimeFormat;
|
use Friendica\Util\DateTimeFormat;
|
||||||
|
use Friendica\Util\Security;
|
||||||
use Psr\Http\Message\ResponseInterface;
|
use Psr\Http\Message\ResponseInterface;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
use Symfony\Component\ExpressionLanguage;
|
use Symfony\Component\ExpressionLanguage;
|
||||||
|
@ -53,7 +54,6 @@ use Symfony\Component\ExpressionLanguage;
|
||||||
require_once 'boot.php';
|
require_once 'boot.php';
|
||||||
require_once 'include/conversation.php';
|
require_once 'include/conversation.php';
|
||||||
require_once 'include/dba.php';
|
require_once 'include/dba.php';
|
||||||
require_once 'include/security.php';
|
|
||||||
|
|
||||||
require_once __DIR__ . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php';
|
require_once __DIR__ . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php';
|
||||||
|
|
||||||
|
@ -234,7 +234,7 @@ function advancedcontentfilter_content(App $a)
|
||||||
],
|
],
|
||||||
'$current_theme' => $a->getCurrentTheme(),
|
'$current_theme' => $a->getCurrentTheme(),
|
||||||
'$rules' => advancedcontentfilter_get_rules(),
|
'$rules' => advancedcontentfilter_get_rules(),
|
||||||
'$form_security_token' => get_form_security_token()
|
'$form_security_token' => Security::get_form_security_token()
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -322,7 +322,7 @@ function advancedcontentfilter_post_rules(ServerRequestInterface $request)
|
||||||
throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method'));
|
throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method'));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!check_form_security_token()) {
|
if (!Security::check_form_security_token()) {
|
||||||
throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.'));
|
throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -356,7 +356,7 @@ function advancedcontentfilter_put_rules_id(ServerRequestInterface $request, Res
|
||||||
throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method'));
|
throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method'));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!check_form_security_token()) {
|
if (!Security::check_form_security_token()) {
|
||||||
throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.'));
|
throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -385,7 +385,7 @@ function advancedcontentfilter_delete_rules_id(ServerRequestInterface $request,
|
||||||
throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method'));
|
throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method'));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!check_form_security_token()) {
|
if (!Security::check_form_security_token()) {
|
||||||
throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.'));
|
throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,7 @@ use Friendica\Core\Addon;
|
||||||
use Friendica\Core\Config;
|
use Friendica\Core\Config;
|
||||||
use Friendica\Core\L10n;
|
use Friendica\Core\L10n;
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
|
use Friendica\Util\Security;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Installs the addon hook
|
* Installs the addon hook
|
||||||
|
@ -103,7 +104,7 @@ function gravatar_addon_admin (&$a, &$o) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// output Gravatar settings
|
// output Gravatar settings
|
||||||
$o .= '<input type="hidden" name="form_security_token" value="' .get_form_security_token("gravatarsave") .'">';
|
$o .= '<input type="hidden" name="form_security_token" value="' .Security::get_form_security_token("gravatarsave") .'">';
|
||||||
$o .= replace_macros( $t, [
|
$o .= replace_macros( $t, [
|
||||||
'$submit' => L10n::t('Save Settings'),
|
'$submit' => L10n::t('Save Settings'),
|
||||||
'$default_avatar' => ['avatar', L10n::t('Default avatar image'), $default_avatar, L10n::t('Select default avatar image if none was found at Gravatar. See README'), $default_avatars],
|
'$default_avatar' => ['avatar', L10n::t('Default avatar image'), $default_avatar, L10n::t('Select default avatar image if none was found at Gravatar. See README'), $default_avatars],
|
||||||
|
@ -115,7 +116,7 @@ function gravatar_addon_admin (&$a, &$o) {
|
||||||
* Save admin settings
|
* Save admin settings
|
||||||
*/
|
*/
|
||||||
function gravatar_addon_admin_post (&$a) {
|
function gravatar_addon_admin_post (&$a) {
|
||||||
check_form_security_token('gravatarsave');
|
Security::check_form_security_token('gravatarsave');
|
||||||
|
|
||||||
$default_avatar = ((x($_POST, 'avatar')) ? notags(trim($_POST['avatar'])) : 'identicon');
|
$default_avatar = ((x($_POST, 'avatar')) ? notags(trim($_POST['avatar'])) : 'identicon');
|
||||||
$rating = ((x($_POST, 'rating')) ? notags(trim($_POST['rating'])) : 'g');
|
$rating = ((x($_POST, 'rating')) ? notags(trim($_POST['rating'])) : 'g');
|
||||||
|
|
|
@ -11,6 +11,7 @@ use Friendica\Core\Addon;
|
||||||
use Friendica\Core\Config;
|
use Friendica\Core\Config;
|
||||||
use Friendica\Core\L10n;
|
use Friendica\Core\L10n;
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
|
use Friendica\Util\Security;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Installs the addon hook
|
* Installs the addon hook
|
||||||
|
@ -106,7 +107,7 @@ function libravatar_addon_admin(&$a, &$o)
|
||||||
}
|
}
|
||||||
|
|
||||||
// output Libravatar settings
|
// output Libravatar settings
|
||||||
$o .= '<input type="hidden" name="form_security_token" value="' .get_form_security_token("libravatarsave") .'">';
|
$o .= '<input type="hidden" name="form_security_token" value="' .Security::get_form_security_token("libravatarsave") .'">';
|
||||||
$o .= replace_macros( $t, [
|
$o .= replace_macros( $t, [
|
||||||
'$submit' => L10n::t('Save Settings'),
|
'$submit' => L10n::t('Save Settings'),
|
||||||
'$default_avatar' => ['avatar', L10n::t('Default avatar image'), $default_avatar, L10n::t('Select default avatar image if none was found. See README'), $default_avatars],
|
'$default_avatar' => ['avatar', L10n::t('Default avatar image'), $default_avatar, L10n::t('Select default avatar image if none was found. See README'), $default_avatars],
|
||||||
|
@ -118,7 +119,7 @@ function libravatar_addon_admin(&$a, &$o)
|
||||||
*/
|
*/
|
||||||
function libravatar_addon_admin_post(&$a)
|
function libravatar_addon_admin_post(&$a)
|
||||||
{
|
{
|
||||||
check_form_security_token('libravatarrsave');
|
Security::check_form_security_token('libravatarrsave');
|
||||||
|
|
||||||
$default_avatar = ((x($_POST, 'avatar')) ? notags(trim($_POST['avatar'])) : 'identicon');
|
$default_avatar = ((x($_POST, 'avatar')) ? notags(trim($_POST['avatar'])) : 'identicon');
|
||||||
Config::set('libravatar', 'default_avatar', $default_avatar);
|
Config::set('libravatar', 'default_avatar', $default_avatar);
|
||||||
|
|
|
@ -11,6 +11,7 @@ use Friendica\Core\Config;
|
||||||
use Friendica\Core\L10n;
|
use Friendica\Core\L10n;
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
use Friendica\Util\DateTimeFormat;
|
use Friendica\Util\DateTimeFormat;
|
||||||
|
use Friendica\Util\Security;
|
||||||
|
|
||||||
function public_server_install()
|
function public_server_install()
|
||||||
{
|
{
|
||||||
|
@ -142,7 +143,7 @@ function public_server_login($a, $b)
|
||||||
|
|
||||||
function public_server_addon_admin_post(&$a)
|
function public_server_addon_admin_post(&$a)
|
||||||
{
|
{
|
||||||
check_form_security_token_redirectOnErr('/admin/addons/publicserver', 'publicserver');
|
Security::check_form_security_token_redirectOnErr('/admin/addons/publicserver', 'publicserver');
|
||||||
$expiredays = (x($_POST, 'expiredays') ? notags(trim($_POST['expiredays'])) : '');
|
$expiredays = (x($_POST, 'expiredays') ? notags(trim($_POST['expiredays'])) : '');
|
||||||
$expireposts = (x($_POST, 'expireposts') ? notags(trim($_POST['expireposts'])) : '');
|
$expireposts = (x($_POST, 'expireposts') ? notags(trim($_POST['expireposts'])) : '');
|
||||||
$nologin = (x($_POST, 'nologin') ? notags(trim($_POST['nologin'])) : '');
|
$nologin = (x($_POST, 'nologin') ? notags(trim($_POST['nologin'])) : '');
|
||||||
|
@ -160,7 +161,7 @@ function public_server_addon_admin_post(&$a)
|
||||||
|
|
||||||
function public_server_addon_admin(&$a, &$o)
|
function public_server_addon_admin(&$a, &$o)
|
||||||
{
|
{
|
||||||
$token = get_form_security_token("publicserver");
|
$token = Security::get_form_security_token("publicserver");
|
||||||
$t = get_markup_template("admin.tpl", "addon/public_server");
|
$t = get_markup_template("admin.tpl", "addon/public_server");
|
||||||
$o = replace_macros($t, [
|
$o = replace_macros($t, [
|
||||||
'$submit' => L10n::t('Save Settings'),
|
'$submit' => L10n::t('Save Settings'),
|
||||||
|
|
|
@ -30,6 +30,7 @@ use Friendica\App;
|
||||||
use Friendica\Content\Text\BBCode;
|
use Friendica\Content\Text\BBCode;
|
||||||
use Friendica\Content\Text\HTML;
|
use Friendica\Content\Text\HTML;
|
||||||
use Friendica\Core\Addon;
|
use Friendica\Core\Addon;
|
||||||
|
use Friendica\Core\Authentication;
|
||||||
use Friendica\Core\L10n;
|
use Friendica\Core\L10n;
|
||||||
use Friendica\Core\PConfig;
|
use Friendica\Core\PConfig;
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
|
@ -471,8 +472,7 @@ function windowsphonepush_login(App $a)
|
||||||
die('This api requires login');
|
die('This api requires login');
|
||||||
}
|
}
|
||||||
|
|
||||||
require_once 'include/security.php';
|
Authentication::success($record);
|
||||||
authenticate_success($record);
|
|
||||||
$_SESSION["allow_api"] = true;
|
$_SESSION["allow_api"] = true;
|
||||||
Addon::callHooks('logged_in', $a->user);
|
Addon::callHooks('logged_in', $a->user);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue