Some removed escapeTags calls

2021-11-05 19:59:18 +00:00 · 2021-11-05 19:59:18 +00:00 · 23b10cf2ae
parent 0e2e488521
commit 23b10cf2ae
16 changed files with 39 additions and 50 deletions
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@ -29,7 +29,7 @@ use Friendica\Util\Strings;
 function lostpass_post(App $a)
 {
-	$loginame = Strings::escapeTags(trim($_POST['login-name']));
+	$loginame = trim($_POST['login-name']);
 	if (!$loginame) {
 		DI::baseUrl()->redirect();
 	}
--- a/mod/pubsub.php
+++ b/mod/pubsub.php
@ -50,14 +50,14 @@ function hub_post_return()
 function pubsub_init(App $a)
 {
-	$nick       = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : '');
+	$nick       = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1])   : '');
-	$contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2])       : 0 );
+	$contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 );
 	if ($_SERVER['REQUEST_METHOD'] === 'GET') {
-		$hub_mode      = Strings::escapeTags(trim($_GET['hub_mode'] ?? ''));
+		$hub_mode      = trim($_GET['hub_mode']         ?? '');
-		$hub_topic     = Strings::escapeTags(trim($_GET['hub_topic'] ?? ''));
+		$hub_topic     = trim($_GET['hub_topic']        ?? '');
-		$hub_challenge = Strings::escapeTags(trim($_GET['hub_challenge'] ?? ''));
+		$hub_challenge = trim($_GET['hub_challenge']    ?? '');
-		$hub_verify    = Strings::escapeTags(trim($_GET['hub_verify_token'] ?? ''));
+		$hub_verify    = trim($_GET['hub_verify_token'] ?? '');
 		Logger::notice('Subscription from ' . $_SERVER['REMOTE_ADDR'] . ' Mode: ' . $hub_mode . ' Nick: ' . $nick);
 		Logger::debug('Data: ', ['get' => $_GET]);
@ -110,8 +110,8 @@ function pubsub_post(App $a)
 	Logger::info('Feed arrived from ' . $_SERVER['REMOTE_ADDR'] . ' for ' .  DI::args()->getCommand() . ' with user-agent: ' . $_SERVER['HTTP_USER_AGENT']);
 	Logger::debug('Data: ' . $xml);
-	$nick       = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : '');
+	$nick       = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1])   : '');
-	$contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2])       : 0 );
+	$contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 );
 	$importer = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]);
 	if (!DBA::isResult($importer)) {
--- a/mod/pubsubhubbub.php
+++ b/mod/pubsubhubbub.php
@ -26,10 +26,6 @@ use Friendica\DI;
 use Friendica\Model\PushSubscriber;
 use Friendica\Util\Strings;
 function post_var($name) {
 	return !empty($_POST[$name]) ? Strings::escapeTags(trim($_POST[$name])) : '';
 }
 function pubsubhubbub_init(App $a) {
 	// PuSH subscription must be considered "public" so just block it
 	// if public access isn't enabled.
@ -48,11 +44,11 @@ function pubsubhubbub_init(App $a) {
 	// [hub_topic] => http://friendica.local/dfrn_poll/sazius
 	if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-		$hub_mode = post_var('hub_mode');
+		$hub_mode         = $_POST['hub_mode']         ?? '';
-		$hub_callback = post_var('hub_callback');
+		$hub_callback     = $_POST['hub_callback']     ?? '';
-		$hub_verify_token = post_var('hub_verify_token');
+		$hub_verify_token = $_POST['hub_verify_token'] ?? '';
-		$hub_secret = post_var('hub_secret');
+		$hub_secret       = $_POST['hub_secret']       ?? '';
-		$hub_topic = post_var('hub_topic');
+		$hub_topic        = $_POST['hub_topic']        ?? '';
 		// check for valid hub_mode
 		if ($hub_mode === 'subscribe') {
--- a/mod/salmon.php
+++ b/mod/salmon.php
@ -24,7 +24,6 @@ use Friendica\Core\Logger;
 use Friendica\Core\Protocol;
 use Friendica\Database\DBA;
 use Friendica\DI;
 use Friendica\Model\Contact;
 use Friendica\Model\GServer;
 use Friendica\Model\Post;
 use Friendica\Protocol\ActivityNamespace;
@ -42,7 +41,7 @@ function salmon_post(App $a, $xml = '') {
 	Logger::debug('new salmon ' . $xml);
-	$nick       = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : '');
+	$nick = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1]) : '');
 	$importer = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]);
 	if (! DBA::isResult($importer)) {
--- a/mod/tagrm.php
+++ b/mod/tagrm.php
@ -23,10 +23,8 @@ use Friendica\App;
 use Friendica\Content\Text\BBCode;
 use Friendica\Database\DBA;
 use Friendica\DI;
 use Friendica\Model\Item;
 use Friendica\Model\Post;
 use Friendica\Model\Tag;
 use Friendica\Util\Strings;
 function tagrm_post(App $a)
 {
@ -40,7 +38,7 @@ function tagrm_post(App $a)
 	$tags = [];
 	foreach ($_POST['tag'] ?? [] as $tag) {
-		$tags[] = hex2bin(Strings::escapeTags(trim($tag)));
+		$tags[] = hex2bin(trim($tag));
 	}
 	$item_id = $_POST['item'] ?? 0;
@ -89,7 +87,7 @@ function tagrm_content(App $a)
 	}
 	if (DI::args()->getArgc()== 3) {
-		update_tags(DI::args()->getArgv()[1], [Strings::escapeTags(trim(hex2bin(DI::args()->getArgv()[2])))]);
+		update_tags(DI::args()->getArgv()[1], [trim(hex2bin(DI::args()->getArgv()[2]))]);
 		DI::baseUrl()->redirect($photo_return);
 	}
--- a/mod/unfollow.php
+++ b/mod/unfollow.php
@ -37,7 +37,7 @@ function unfollow_post(App $a)
 		// NOTREACHED
 	}
-	$url = Strings::escapeTags(trim($_REQUEST['url'] ?? ''));
+	$url = trim($_REQUEST['url'] ?? '');
 	unfollow_process($url);
 }
@ -53,7 +53,7 @@ function unfollow_content(App $a)
 	}
 	$uid = local_user();
-	$url = Strings::escapeTags(trim($_REQUEST['url']));
+	$url = trim($_REQUEST['url']);
 	$condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)",
 		local_user(), Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url),
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@ -366,7 +366,7 @@ class Item
 	public static function guid($item, $notify)
 	{
 		if (!empty($item['guid'])) {
-			return Strings::escapeTags(trim($item['guid']));
+			return trim($item['guid']);
 		}
 		if ($notify) {
--- a/src/Model/User.php
+++ b/src/Model/User.php
@ -911,18 +911,18 @@ class User
 		$using_invites = DI::config()->get('system', 'invitation_only');
-		$invite_id  = !empty($data['invite_id'])  ? Strings::escapeTags(trim($data['invite_id']))  : '';
+		$invite_id  = !empty($data['invite_id'])  ? trim($data['invite_id'])  : '';
-		$username   = !empty($data['username'])   ? Strings::escapeTags(trim($data['username']))   : '';
+		$username   = !empty($data['username'])   ? trim($data['username'])   : '';
-		$nickname   = !empty($data['nickname'])   ? Strings::escapeTags(trim($data['nickname']))   : '';
+		$nickname   = !empty($data['nickname'])   ? trim($data['nickname'])   : '';
-		$email      = !empty($data['email'])      ? Strings::escapeTags(trim($data['email']))      : '';
+		$email      = !empty($data['email'])      ? trim($data['email'])      : '';
-		$openid_url = !empty($data['openid_url']) ? Strings::escapeTags(trim($data['openid_url'])) : '';
+		$openid_url = !empty($data['openid_url']) ? trim($data['openid_url']) : '';
-		$photo      = !empty($data['photo'])      ? Strings::escapeTags(trim($data['photo']))      : '';
+		$photo      = !empty($data['photo'])      ? trim($data['photo'])      : '';
-		$password   = !empty($data['password'])   ? trim($data['password'])           : '';
+		$password   = !empty($data['password'])   ? trim($data['password'])   : '';
-		$password1  = !empty($data['password1'])  ? trim($data['password1'])          : '';
+		$password1  = !empty($data['password1'])  ? trim($data['password1'])  : '';
-		$confirm    = !empty($data['confirm'])    ? trim($data['confirm'])            : '';
+		$confirm    = !empty($data['confirm'])    ? trim($data['confirm'])    : '';
 		$blocked    = !empty($data['blocked']);
 		$verified   = !empty($data['verified']);
-		$language   = !empty($data['language'])   ? Strings::escapeTags(trim($data['language']))   : 'en';
+		$language   = !empty($data['language'])   ? trim($data['language'])   : 'en';
 		$netpublish = $publish = !empty($data['profile_publish_reg']);
--- a/src/Module/Admin/Item/Delete.php
+++ b/src/Module/Admin/Item/Delete.php
@ -40,7 +40,7 @@ class Delete extends BaseAdmin
 		self::checkFormSecurityTokenRedirectOnError('/admin/item/delete', 'admin_deleteitem');
 		if (!empty($_POST['page_deleteitem_submit'])) {
-			$guid = trim(Strings::escapeTags($_POST['deleteitemguid']));
+			$guid = trim($_POST['deleteitemguid']);
 			// The GUID should not include a "/", so if there is one, we got an URL
 			// and the last part of it is most likely the GUID.
 			if (strpos($guid, '/')) {
--- a/src/Module/Admin/Logs/Settings.php
+++ b/src/Module/Admin/Logs/Settings.php
@ -39,7 +39,7 @@ class Settings extends BaseAdmin
 		self::checkFormSecurityTokenRedirectOnError('/admin/logs', 'admin_logs');
-		$logfile   = (!empty($_POST['logfile']) ? Strings::escapeTags(trim($_POST['logfile'])) : '');
+		$logfile   = (!empty($_POST['logfile']) ? trim($_POST['logfile']) : '');
 		$debugging = !empty($_POST['debugging']);
 		$loglevel  = ($_POST['loglevel'] ?? '') ?: LogLevel::ERROR;
--- a/src/Module/Admin/Storage.php
+++ b/src/Module/Admin/Storage.php
@ -37,7 +37,7 @@ class Storage extends BaseAdmin
 		self::checkFormSecurityTokenRedirectOnError('/admin/storage', 'admin_storage');
-		$storagebackend = Strings::escapeTags(trim($parameters['name'] ?? ''));
+		$storagebackend = trim($parameters['name'] ?? '');
 		try {
 			/** @var ICanConfigureStorage|false $newStorageConfig */
--- a/src/Module/Register.php
+++ b/src/Module/Register.php
@ -302,7 +302,7 @@ class Register extends BaseModule
 		$using_invites = DI::config()->get('system', 'invitation_only');
 		$num_invites   = DI::config()->get('system', 'number_invites');
-		$invite_id = (!empty($_POST['invite_id']) ? Strings::escapeTags(trim($_POST['invite_id'])) : '');
+		$invite_id = (!empty($_POST['invite_id']) ? trim($_POST['invite_id']) : '');
 		if (intval(DI::config()->get('config', 'register_policy')) === self::OPEN) {
 			if ($using_invites && $invite_id) {
--- a/src/Module/Xrd.php
+++ b/src/Module/Xrd.php
@ -30,7 +30,6 @@ use Friendica\Model\Photo;
 use Friendica\Model\User;
 use Friendica\Protocol\ActivityNamespace;
 use Friendica\Protocol\Salmon;
 use Friendica\Util\Strings;
 /**
 * Prints responses to /.well-known/webfinger  or /xrd requests
@ -45,7 +44,7 @@ class Xrd extends BaseModule
 				return;
 			}
-			$uri = urldecode(Strings::escapeTags(trim($_GET['uri'])));
+			$uri = urldecode(trim($_GET['uri']));
 			if (strpos($_SERVER['HTTP_ACCEPT'] ?? '', 'application/jrd+json') !== false)  {
 				$mode = 'json';
 			} else {
@ -56,7 +55,7 @@ class Xrd extends BaseModule
 				return;
 			}
-			$uri = urldecode(Strings::escapeTags(trim($_GET['resource'])));
+			$uri = urldecode(trim($_GET['resource']));
 			if (strpos($_SERVER['HTTP_ACCEPT'] ?? '', 'application/xrd+xml') !== false)  {
 				$mode = 'xml';
 			} else {
--- a/src/Network/Probe.php
+++ b/src/Network/Probe.php
@ -1996,8 +1996,6 @@ class Probe
 							$data["name"] .= $perspart->text;
 						}
 					}
 					$data["name"] = Strings::escapeTags($data["name"]);
 				}
 			}
 		}
--- a/src/Security/Authentication.php
+++ b/src/Security/Authentication.php
@ -37,7 +37,6 @@ use Friendica\Network\HTTPException;
 use Friendica\Security\TwoFactor\Repository\TrustedBrowser;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Network;
 use Friendica\Util\Strings;
 use LightOpenID;
 use Friendica\Core\L10n;
 use Psr\Log\LoggerInterface;
@ -247,7 +246,7 @@ class Authentication
 				['uid' => User::getIdFromPasswordAuthentication($username, $password)]
 			);
 		} catch (Exception $e) {
-			$this->logger->warning('authenticate: failed login attempt', ['action' => 'login', 'username' => Strings::escapeTags($username), 'ip' => $_SERVER['REMOTE_ADDR']]);
+			$this->logger->warning('authenticate: failed login attempt', ['action' => 'login', 'username' => $username, 'ip' => $_SERVER['REMOTE_ADDR']]);
 			notice($this->l10n->t('Login failed. Please check your credentials.'));
 			$this->baseUrl->redirect();
 		}
--- a/src/Worker/OnePoll.php
+++ b/src/Worker/OnePoll.php
@ -102,7 +102,7 @@ class OnePoll
 		if ($success) {
 			self::updateContact($contact, ['failed' => false, 'last-update' => $updated, 'success_update' => $updated]);
-			Contact::unmarkForArchival($contact);	
+			Contact::unmarkForArchival($contact);
 		} else {
 			self::updateContact($contact, ['failed' => true, 'last-update' => $updated, 'failure_update' => $updated]);
 			Contact::markForArchival($contact);
@ -317,7 +317,7 @@ class OnePoll
 							$datarray['title'] .= $subpart->text;
 						}
 					}
-					$datarray['title'] = Strings::escapeTags(trim($datarray['title']));
+					$datarray['title'] = trim($datarray['title']);
 					//$datarray['title'] = Strings::escapeTags(trim($meta->subject));
 					$datarray['created'] = DateTimeFormat::utc($meta->date);