From 23b10cf2ae5fe10ba21a4b43e1aae17818647661 Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 5 Nov 2021 19:59:18 +0000 Subject: [PATCH] Some removed escapeTags calls --- mod/lostpass.php | 2 +- mod/pubsub.php | 16 ++++++++-------- mod/pubsubhubbub.php | 14 +++++--------- mod/salmon.php | 3 +-- mod/tagrm.php | 6 ++---- mod/unfollow.php | 4 ++-- src/Model/Item.php | 2 +- src/Model/User.php | 20 ++++++++++---------- src/Module/Admin/Item/Delete.php | 2 +- src/Module/Admin/Logs/Settings.php | 2 +- src/Module/Admin/Storage.php | 2 +- src/Module/Register.php | 2 +- src/Module/Xrd.php | 5 ++--- src/Network/Probe.php | 2 -- src/Security/Authentication.php | 3 +-- src/Worker/OnePoll.php | 4 ++-- 16 files changed, 39 insertions(+), 50 deletions(-) diff --git a/mod/lostpass.php b/mod/lostpass.php index 7e5b972457..1ffe000be2 100644 --- a/mod/lostpass.php +++ b/mod/lostpass.php @@ -29,7 +29,7 @@ use Friendica\Util\Strings; function lostpass_post(App $a) { - $loginame = Strings::escapeTags(trim($_POST['login-name'])); + $loginame = trim($_POST['login-name']); if (!$loginame) { DI::baseUrl()->redirect(); } diff --git a/mod/pubsub.php b/mod/pubsub.php index 3727bade9a..f8f62754de 100644 --- a/mod/pubsub.php +++ b/mod/pubsub.php @@ -50,14 +50,14 @@ function hub_post_return() function pubsub_init(App $a) { - $nick = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : ''); - $contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 ); + $nick = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1]) : ''); + $contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 ); if ($_SERVER['REQUEST_METHOD'] === 'GET') { - $hub_mode = Strings::escapeTags(trim($_GET['hub_mode'] ?? '')); - $hub_topic = Strings::escapeTags(trim($_GET['hub_topic'] ?? '')); - $hub_challenge = Strings::escapeTags(trim($_GET['hub_challenge'] ?? '')); - $hub_verify = Strings::escapeTags(trim($_GET['hub_verify_token'] ?? '')); + $hub_mode = trim($_GET['hub_mode'] ?? ''); + $hub_topic = trim($_GET['hub_topic'] ?? ''); + $hub_challenge = trim($_GET['hub_challenge'] ?? ''); + $hub_verify = trim($_GET['hub_verify_token'] ?? ''); Logger::notice('Subscription from ' . $_SERVER['REMOTE_ADDR'] . ' Mode: ' . $hub_mode . ' Nick: ' . $nick); Logger::debug('Data: ', ['get' => $_GET]); @@ -110,8 +110,8 @@ function pubsub_post(App $a) Logger::info('Feed arrived from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . DI::args()->getCommand() . ' with user-agent: ' . $_SERVER['HTTP_USER_AGENT']); Logger::debug('Data: ' . $xml); - $nick = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : ''); - $contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 ); + $nick = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1]) : ''); + $contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 ); $importer = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]); if (!DBA::isResult($importer)) { diff --git a/mod/pubsubhubbub.php b/mod/pubsubhubbub.php index 2cc2394c19..6cd9599504 100644 --- a/mod/pubsubhubbub.php +++ b/mod/pubsubhubbub.php @@ -26,10 +26,6 @@ use Friendica\DI; use Friendica\Model\PushSubscriber; use Friendica\Util\Strings; -function post_var($name) { - return !empty($_POST[$name]) ? Strings::escapeTags(trim($_POST[$name])) : ''; -} - function pubsubhubbub_init(App $a) { // PuSH subscription must be considered "public" so just block it // if public access isn't enabled. @@ -48,11 +44,11 @@ function pubsubhubbub_init(App $a) { // [hub_topic] => http://friendica.local/dfrn_poll/sazius if ($_SERVER['REQUEST_METHOD'] === 'POST') { - $hub_mode = post_var('hub_mode'); - $hub_callback = post_var('hub_callback'); - $hub_verify_token = post_var('hub_verify_token'); - $hub_secret = post_var('hub_secret'); - $hub_topic = post_var('hub_topic'); + $hub_mode = $_POST['hub_mode'] ?? ''; + $hub_callback = $_POST['hub_callback'] ?? ''; + $hub_verify_token = $_POST['hub_verify_token'] ?? ''; + $hub_secret = $_POST['hub_secret'] ?? ''; + $hub_topic = $_POST['hub_topic'] ?? ''; // check for valid hub_mode if ($hub_mode === 'subscribe') { diff --git a/mod/salmon.php b/mod/salmon.php index 3d32d3e3a9..ad49507621 100644 --- a/mod/salmon.php +++ b/mod/salmon.php @@ -24,7 +24,6 @@ use Friendica\Core\Logger; use Friendica\Core\Protocol; use Friendica\Database\DBA; use Friendica\DI; -use Friendica\Model\Contact; use Friendica\Model\GServer; use Friendica\Model\Post; use Friendica\Protocol\ActivityNamespace; @@ -42,7 +41,7 @@ function salmon_post(App $a, $xml = '') { Logger::debug('new salmon ' . $xml); - $nick = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : ''); + $nick = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1]) : ''); $importer = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]); if (! DBA::isResult($importer)) { diff --git a/mod/tagrm.php b/mod/tagrm.php index b60823e31a..32cb19e691 100644 --- a/mod/tagrm.php +++ b/mod/tagrm.php @@ -23,10 +23,8 @@ use Friendica\App; use Friendica\Content\Text\BBCode; use Friendica\Database\DBA; use Friendica\DI; -use Friendica\Model\Item; use Friendica\Model\Post; use Friendica\Model\Tag; -use Friendica\Util\Strings; function tagrm_post(App $a) { @@ -40,7 +38,7 @@ function tagrm_post(App $a) $tags = []; foreach ($_POST['tag'] ?? [] as $tag) { - $tags[] = hex2bin(Strings::escapeTags(trim($tag))); + $tags[] = hex2bin(trim($tag)); } $item_id = $_POST['item'] ?? 0; @@ -89,7 +87,7 @@ function tagrm_content(App $a) } if (DI::args()->getArgc()== 3) { - update_tags(DI::args()->getArgv()[1], [Strings::escapeTags(trim(hex2bin(DI::args()->getArgv()[2])))]); + update_tags(DI::args()->getArgv()[1], [trim(hex2bin(DI::args()->getArgv()[2]))]); DI::baseUrl()->redirect($photo_return); } diff --git a/mod/unfollow.php b/mod/unfollow.php index ac8ed40c31..92bded2faa 100644 --- a/mod/unfollow.php +++ b/mod/unfollow.php @@ -37,7 +37,7 @@ function unfollow_post(App $a) // NOTREACHED } - $url = Strings::escapeTags(trim($_REQUEST['url'] ?? '')); + $url = trim($_REQUEST['url'] ?? ''); unfollow_process($url); } @@ -53,7 +53,7 @@ function unfollow_content(App $a) } $uid = local_user(); - $url = Strings::escapeTags(trim($_REQUEST['url'])); + $url = trim($_REQUEST['url']); $condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)", local_user(), Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url), diff --git a/src/Model/Item.php b/src/Model/Item.php index 094fa3b029..923d72c11b 100644 --- a/src/Model/Item.php +++ b/src/Model/Item.php @@ -366,7 +366,7 @@ class Item public static function guid($item, $notify) { if (!empty($item['guid'])) { - return Strings::escapeTags(trim($item['guid'])); + return trim($item['guid']); } if ($notify) { diff --git a/src/Model/User.php b/src/Model/User.php index 92f50dd25c..57d5560a47 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -911,18 +911,18 @@ class User $using_invites = DI::config()->get('system', 'invitation_only'); - $invite_id = !empty($data['invite_id']) ? Strings::escapeTags(trim($data['invite_id'])) : ''; - $username = !empty($data['username']) ? Strings::escapeTags(trim($data['username'])) : ''; - $nickname = !empty($data['nickname']) ? Strings::escapeTags(trim($data['nickname'])) : ''; - $email = !empty($data['email']) ? Strings::escapeTags(trim($data['email'])) : ''; - $openid_url = !empty($data['openid_url']) ? Strings::escapeTags(trim($data['openid_url'])) : ''; - $photo = !empty($data['photo']) ? Strings::escapeTags(trim($data['photo'])) : ''; - $password = !empty($data['password']) ? trim($data['password']) : ''; - $password1 = !empty($data['password1']) ? trim($data['password1']) : ''; - $confirm = !empty($data['confirm']) ? trim($data['confirm']) : ''; + $invite_id = !empty($data['invite_id']) ? trim($data['invite_id']) : ''; + $username = !empty($data['username']) ? trim($data['username']) : ''; + $nickname = !empty($data['nickname']) ? trim($data['nickname']) : ''; + $email = !empty($data['email']) ? trim($data['email']) : ''; + $openid_url = !empty($data['openid_url']) ? trim($data['openid_url']) : ''; + $photo = !empty($data['photo']) ? trim($data['photo']) : ''; + $password = !empty($data['password']) ? trim($data['password']) : ''; + $password1 = !empty($data['password1']) ? trim($data['password1']) : ''; + $confirm = !empty($data['confirm']) ? trim($data['confirm']) : ''; $blocked = !empty($data['blocked']); $verified = !empty($data['verified']); - $language = !empty($data['language']) ? Strings::escapeTags(trim($data['language'])) : 'en'; + $language = !empty($data['language']) ? trim($data['language']) : 'en'; $netpublish = $publish = !empty($data['profile_publish_reg']); diff --git a/src/Module/Admin/Item/Delete.php b/src/Module/Admin/Item/Delete.php index f34ce72381..7afc3b0903 100644 --- a/src/Module/Admin/Item/Delete.php +++ b/src/Module/Admin/Item/Delete.php @@ -40,7 +40,7 @@ class Delete extends BaseAdmin self::checkFormSecurityTokenRedirectOnError('/admin/item/delete', 'admin_deleteitem'); if (!empty($_POST['page_deleteitem_submit'])) { - $guid = trim(Strings::escapeTags($_POST['deleteitemguid'])); + $guid = trim($_POST['deleteitemguid']); // The GUID should not include a "/", so if there is one, we got an URL // and the last part of it is most likely the GUID. if (strpos($guid, '/')) { diff --git a/src/Module/Admin/Logs/Settings.php b/src/Module/Admin/Logs/Settings.php index 8219362aa2..b0fcaebc33 100644 --- a/src/Module/Admin/Logs/Settings.php +++ b/src/Module/Admin/Logs/Settings.php @@ -39,7 +39,7 @@ class Settings extends BaseAdmin self::checkFormSecurityTokenRedirectOnError('/admin/logs', 'admin_logs'); - $logfile = (!empty($_POST['logfile']) ? Strings::escapeTags(trim($_POST['logfile'])) : ''); + $logfile = (!empty($_POST['logfile']) ? trim($_POST['logfile']) : ''); $debugging = !empty($_POST['debugging']); $loglevel = ($_POST['loglevel'] ?? '') ?: LogLevel::ERROR; diff --git a/src/Module/Admin/Storage.php b/src/Module/Admin/Storage.php index dfee3d2365..51e70d841e 100644 --- a/src/Module/Admin/Storage.php +++ b/src/Module/Admin/Storage.php @@ -37,7 +37,7 @@ class Storage extends BaseAdmin self::checkFormSecurityTokenRedirectOnError('/admin/storage', 'admin_storage'); - $storagebackend = Strings::escapeTags(trim($parameters['name'] ?? '')); + $storagebackend = trim($parameters['name'] ?? ''); try { /** @var ICanConfigureStorage|false $newStorageConfig */ diff --git a/src/Module/Register.php b/src/Module/Register.php index e4a417fbaf..909e61a998 100644 --- a/src/Module/Register.php +++ b/src/Module/Register.php @@ -302,7 +302,7 @@ class Register extends BaseModule $using_invites = DI::config()->get('system', 'invitation_only'); $num_invites = DI::config()->get('system', 'number_invites'); - $invite_id = (!empty($_POST['invite_id']) ? Strings::escapeTags(trim($_POST['invite_id'])) : ''); + $invite_id = (!empty($_POST['invite_id']) ? trim($_POST['invite_id']) : ''); if (intval(DI::config()->get('config', 'register_policy')) === self::OPEN) { if ($using_invites && $invite_id) { diff --git a/src/Module/Xrd.php b/src/Module/Xrd.php index 1d4082de1a..66404f4567 100644 --- a/src/Module/Xrd.php +++ b/src/Module/Xrd.php @@ -30,7 +30,6 @@ use Friendica\Model\Photo; use Friendica\Model\User; use Friendica\Protocol\ActivityNamespace; use Friendica\Protocol\Salmon; -use Friendica\Util\Strings; /** * Prints responses to /.well-known/webfinger or /xrd requests @@ -45,7 +44,7 @@ class Xrd extends BaseModule return; } - $uri = urldecode(Strings::escapeTags(trim($_GET['uri']))); + $uri = urldecode(trim($_GET['uri'])); if (strpos($_SERVER['HTTP_ACCEPT'] ?? '', 'application/jrd+json') !== false) { $mode = 'json'; } else { @@ -56,7 +55,7 @@ class Xrd extends BaseModule return; } - $uri = urldecode(Strings::escapeTags(trim($_GET['resource']))); + $uri = urldecode(trim($_GET['resource'])); if (strpos($_SERVER['HTTP_ACCEPT'] ?? '', 'application/xrd+xml') !== false) { $mode = 'xml'; } else { diff --git a/src/Network/Probe.php b/src/Network/Probe.php index 64855b83a1..10d03fa038 100644 --- a/src/Network/Probe.php +++ b/src/Network/Probe.php @@ -1996,8 +1996,6 @@ class Probe $data["name"] .= $perspart->text; } } - - $data["name"] = Strings::escapeTags($data["name"]); } } } diff --git a/src/Security/Authentication.php b/src/Security/Authentication.php index d8d8ba4b42..b570af7802 100644 --- a/src/Security/Authentication.php +++ b/src/Security/Authentication.php @@ -37,7 +37,6 @@ use Friendica\Network\HTTPException; use Friendica\Security\TwoFactor\Repository\TrustedBrowser; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; -use Friendica\Util\Strings; use LightOpenID; use Friendica\Core\L10n; use Psr\Log\LoggerInterface; @@ -247,7 +246,7 @@ class Authentication ['uid' => User::getIdFromPasswordAuthentication($username, $password)] ); } catch (Exception $e) { - $this->logger->warning('authenticate: failed login attempt', ['action' => 'login', 'username' => Strings::escapeTags($username), 'ip' => $_SERVER['REMOTE_ADDR']]); + $this->logger->warning('authenticate: failed login attempt', ['action' => 'login', 'username' => $username, 'ip' => $_SERVER['REMOTE_ADDR']]); notice($this->l10n->t('Login failed. Please check your credentials.')); $this->baseUrl->redirect(); } diff --git a/src/Worker/OnePoll.php b/src/Worker/OnePoll.php index a5567841e1..b2c49c9f1d 100644 --- a/src/Worker/OnePoll.php +++ b/src/Worker/OnePoll.php @@ -102,7 +102,7 @@ class OnePoll if ($success) { self::updateContact($contact, ['failed' => false, 'last-update' => $updated, 'success_update' => $updated]); - Contact::unmarkForArchival($contact); + Contact::unmarkForArchival($contact); } else { self::updateContact($contact, ['failed' => true, 'last-update' => $updated, 'failure_update' => $updated]); Contact::markForArchival($contact); @@ -317,7 +317,7 @@ class OnePoll $datarray['title'] .= $subpart->text; } } - $datarray['title'] = Strings::escapeTags(trim($datarray['title'])); + $datarray['title'] = trim($datarray['title']); //$datarray['title'] = Strings::escapeTags(trim($meta->subject)); $datarray['created'] = DateTimeFormat::utc($meta->date);