friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Some more "escapeTags" removed

This commit is contained in:
Michael 2021-11-06 20:25:21 +00:00
parent 8e65bdd011
commit 359dad4244
17 changed files with 76 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mod/message.php
View File

@ -70,10 +70,10 @@ function message_post(App $a)
return; return;
} }
$replyto = !empty($_REQUEST['replyto']) ? Strings::escapeTags(trim($_REQUEST['replyto'])) : ''; $replyto = !empty($_REQUEST['replyto']) ? trim($_REQUEST['replyto']) : '';
$subject = !empty($_REQUEST['subject']) ? Strings::escapeTags(trim($_REQUEST['subject'])) : ''; $subject = !empty($_REQUEST['subject']) ? trim($_REQUEST['subject']) : '';
$body = !empty($_REQUEST['body']) ? Strings::escapeHtml(trim($_REQUEST['body'])) : ''; $body = !empty($_REQUEST['body']) ? Strings::escapeHtml(trim($_REQUEST['body'])) : '';
$recipient = !empty($_REQUEST['recipient']) ? intval($_REQUEST['recipient']) : 0; $recipient = !empty($_REQUEST['recipient']) ? intval($_REQUEST['recipient']) : 0;
$ret = Mail::send($recipient, $body, $subject, $replyto); $ret = Mail::send($recipient, $body, $subject, $replyto);
$norecip = false; $norecip = false;

10
mod/photos.php
View File

@ -291,11 +291,11 @@ function photos_post(App $a)
} }
if (DI::args()->getArgc() > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || isset($_POST['albname']))) { if (DI::args()->getArgc() > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || isset($_POST['albname']))) {
$desc = !empty($_POST['desc']) ? Strings::escapeTags(trim($_POST['desc'])) : ''; $desc = !empty($_POST['desc']) ? trim($_POST['desc']) : '';
$rawtags = !empty($_POST['newtag']) ? Strings::escapeTags(trim($_POST['newtag'])) : ''; $rawtags = !empty($_POST['newtag']) ? trim($_POST['newtag']) : '';
$item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0; $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0;
$albname = !empty($_POST['albname']) ? trim($_POST['albname']) : ''; $albname = !empty($_POST['albname']) ? trim($_POST['albname']) : '';
$origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : ''; $origaname = !empty($_POST['origaname']) ? trim($_POST['origaname']) : '';
$resource_id = DI::args()->getArgv()[3]; $resource_id = DI::args()->getArgv()[3];

15
mod/settings.php
View File

@ -37,7 +37,6 @@ use Friendica\Model\User;
use Friendica\Module\BaseSettings; use Friendica\Module\BaseSettings;
use Friendica\Module\Security\Login; use Friendica\Module\Security\Login;
use Friendica\Protocol\Email; use Friendica\Protocol\Email;
use Friendica\Util\Strings;
use Friendica\Util\Temporal; use Friendica\Util\Temporal;
use Friendica\Worker\Delivery; use Friendica\Worker\Delivery;
@ -216,14 +215,14 @@ function settings_post(App $a)
} }
} }
$username = (!empty($_POST['username']) ? Strings::escapeTags(trim($_POST['username'])) : ''); $username = (!empty($_POST['username']) ? trim($_POST['username']) : '');
$email = (!empty($_POST['email']) ? Strings::escapeTags(trim($_POST['email'])) : ''); $email = (!empty($_POST['email']) ? trim($_POST['email']) : '');
$timezone = (!empty($_POST['timezone']) ? Strings::escapeTags(trim($_POST['timezone'])) : ''); $timezone = (!empty($_POST['timezone']) ? trim($_POST['timezone']) : '');
$language = (!empty($_POST['language']) ? Strings::escapeTags(trim($_POST['language'])) : ''); $language = (!empty($_POST['language']) ? trim($_POST['language']) : '');
$defloc = (!empty($_POST['defloc']) ? Strings::escapeTags(trim($_POST['defloc'])) : ''); $defloc = (!empty($_POST['defloc']) ? trim($_POST['defloc']) : '');
$maxreq = (!empty($_POST['maxreq']) ? intval($_POST['maxreq']) : 0); $maxreq = (!empty($_POST['maxreq']) ? intval($_POST['maxreq']) : 0);
$expire = (!empty($_POST['expire']) ? intval($_POST['expire']) : 0); $expire = (!empty($_POST['expire']) ? intval($_POST['expire']) : 0);
$def_gid = (!empty($_POST['group-selection']) ? intval($_POST['group-selection']) : 0); $def_gid = (!empty($_POST['group-selection']) ? intval($_POST['group-selection']) : 0);

6
mod/wallmessage.php
View File

@ -37,10 +37,10 @@ function wallmessage_post(App $a) {
return; return;
} }
$subject = (!empty($_REQUEST['subject']) ? Strings::escapeTags(trim($_REQUEST['subject'])) : ''); $subject = trim($_REQUEST['subject'] ?? '');
$body = (!empty($_REQUEST['body']) ? Strings::escapeHtml(trim($_REQUEST['body'])) : ''); $body = Strings::escapeHtml(trim($_REQUEST['body'] ?? ''));
$recipient = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(DI::args()->getArgv()[1]) : ''); $recipient = ((DI::args()->getArgc() > 1) ? DI::args()->getArgv()[1] : '');
if ((! $recipient) || (! $body)) { if ((! $recipient) || (! $body)) {
return; return;
} }

44
src/Module/Admin/Site.php
View File

@ -128,16 +128,16 @@ class Site extends BaseAdmin
} }
// end relocate // end relocate
$sitename = (!empty($_POST['sitename']) ? Strings::escapeTags(trim($_POST['sitename'])) : ''); $sitename = (!empty($_POST['sitename']) ? trim($_POST['sitename']) : '');
$sender_email = (!empty($_POST['sender_email']) ? Strings::escapeTags(trim($_POST['sender_email'])) : ''); $sender_email = (!empty($_POST['sender_email']) ? trim($_POST['sender_email']) : '');
$banner = (!empty($_POST['banner']) ? trim($_POST['banner']) : false); $banner = (!empty($_POST['banner']) ? trim($_POST['banner']) : false);
$email_banner = (!empty($_POST['email_banner']) ? trim($_POST['email_banner']) : false); $email_banner = (!empty($_POST['email_banner']) ? trim($_POST['email_banner']) : false);
$shortcut_icon = (!empty($_POST['shortcut_icon']) ? Strings::escapeTags(trim($_POST['shortcut_icon'])) : ''); $shortcut_icon = (!empty($_POST['shortcut_icon']) ? trim($_POST['shortcut_icon']) : '');
$touch_icon = (!empty($_POST['touch_icon']) ? Strings::escapeTags(trim($_POST['touch_icon'])) : ''); $touch_icon = (!empty($_POST['touch_icon']) ? trim($_POST['touch_icon']) : '');
$additional_info = (!empty($_POST['additional_info']) ? trim($_POST['additional_info']) : ''); $additional_info = (!empty($_POST['additional_info']) ? trim($_POST['additional_info']) : '');
$language = (!empty($_POST['language']) ? Strings::escapeTags(trim($_POST['language'])) : ''); $language = (!empty($_POST['language']) ? trim($_POST['language']) : '');
$theme = (!empty($_POST['theme']) ? Strings::escapeTags(trim($_POST['theme'])) : ''); $theme = (!empty($_POST['theme']) ? trim($_POST['theme']) : '');
$theme_mobile = (!empty($_POST['theme_mobile']) ? Strings::escapeTags(trim($_POST['theme_mobile'])) : ''); $theme_mobile = (!empty($_POST['theme_mobile']) ? trim($_POST['theme_mobile']) : '');
$maximagesize = (!empty($_POST['maximagesize']) ? intval(trim($_POST['maximagesize'])) : 0); $maximagesize = (!empty($_POST['maximagesize']) ? intval(trim($_POST['maximagesize'])) : 0);
$maximagelength = (!empty($_POST['maximagelength']) ? intval(trim($_POST['maximagelength'])) : -1); $maximagelength = (!empty($_POST['maximagelength']) ? intval(trim($_POST['maximagelength'])) : -1);
$jpegimagequality = (!empty($_POST['jpegimagequality']) ? intval(trim($_POST['jpegimagequality'])) : 100); $jpegimagequality = (!empty($_POST['jpegimagequality']) ? intval(trim($_POST['jpegimagequality'])) : 100);
@ -148,15 +148,15 @@ class Site extends BaseAdmin
$register_text = (!empty($_POST['register_text']) ? strip_tags(trim($_POST['register_text'])) : ''); $register_text = (!empty($_POST['register_text']) ? strip_tags(trim($_POST['register_text'])) : '');
$allowed_sites = (!empty($_POST['allowed_sites']) ? Strings::escapeTags(trim($_POST['allowed_sites'])) : ''); $allowed_sites = (!empty($_POST['allowed_sites']) ? trim($_POST['allowed_sites']) : '');
$allowed_email = (!empty($_POST['allowed_email']) ? Strings::escapeTags(trim($_POST['allowed_email'])) : ''); $allowed_email = (!empty($_POST['allowed_email']) ? trim($_POST['allowed_email']) : '');
$forbidden_nicknames = (!empty($_POST['forbidden_nicknames']) ? strtolower(Strings::escapeTags(trim($_POST['forbidden_nicknames']))) : ''); $forbidden_nicknames = (!empty($_POST['forbidden_nicknames']) ? strtolower(trim($_POST['forbidden_nicknames'])) : '');
$system_actor_name = (!empty($_POST['system_actor_name']) ? Strings::escapeTags(trim($_POST['system_actor_name'])) : ''); $system_actor_name = (!empty($_POST['system_actor_name']) ? trim($_POST['system_actor_name']) : '');
$no_oembed_rich_content = !empty($_POST['no_oembed_rich_content']); $no_oembed_rich_content = !empty($_POST['no_oembed_rich_content']);
$allowed_oembed = (!empty($_POST['allowed_oembed']) ? Strings::escapeTags(trim($_POST['allowed_oembed'])) : ''); $allowed_oembed = (!empty($_POST['allowed_oembed']) ? trim($_POST['allowed_oembed']) : '');
$block_public = !empty($_POST['block_public']); $block_public = !empty($_POST['block_public']);
$force_publish = !empty($_POST['publish_all']); $force_publish = !empty($_POST['publish_all']);
$global_directory = (!empty($_POST['directory']) ? Strings::escapeTags(trim($_POST['directory'])) : ''); $global_directory = (!empty($_POST['directory']) ? trim($_POST['directory']) : '');
$newuser_private = !empty($_POST['newuser_private']); $newuser_private = !empty($_POST['newuser_private']);
$enotify_no_content = !empty($_POST['enotify_no_content']); $enotify_no_content = !empty($_POST['enotify_no_content']);
$private_addons = !empty($_POST['private_addons']); $private_addons = !empty($_POST['private_addons']);
@ -173,8 +173,8 @@ class Site extends BaseAdmin
$max_author_posts_community_page = (!empty($_POST['max_author_posts_community_page']) ? intval(trim($_POST['max_author_posts_community_page'])) : 0); $max_author_posts_community_page = (!empty($_POST['max_author_posts_community_page']) ? intval(trim($_POST['max_author_posts_community_page'])) : 0);
$verifyssl = !empty($_POST['verifyssl']); $verifyssl = !empty($_POST['verifyssl']);
$proxyuser = (!empty($_POST['proxyuser']) ? Strings::escapeTags(trim($_POST['proxyuser'])) : ''); $proxyuser = (!empty($_POST['proxyuser']) ? trim($_POST['proxyuser']) : '');
$proxy = (!empty($_POST['proxy']) ? Strings::escapeTags(trim($_POST['proxy'])) : ''); $proxy = (!empty($_POST['proxy']) ? trim($_POST['proxy']) : '');
$timeout = (!empty($_POST['timeout']) ? intval(trim($_POST['timeout'])) : 60); $timeout = (!empty($_POST['timeout']) ? intval(trim($_POST['timeout'])) : 60);
$maxloadavg = (!empty($_POST['maxloadavg']) ? intval(trim($_POST['maxloadavg'])) : 20); $maxloadavg = (!empty($_POST['maxloadavg']) ? intval(trim($_POST['maxloadavg'])) : 20);
$min_memory = (!empty($_POST['min_memory']) ? intval(trim($_POST['min_memory'])) : 0); $min_memory = (!empty($_POST['min_memory']) ? intval(trim($_POST['min_memory'])) : 0);
@ -198,20 +198,20 @@ class Site extends BaseAdmin
$suppress_tags = !empty($_POST['suppress_tags']); $suppress_tags = !empty($_POST['suppress_tags']);
$max_comments = (!empty($_POST['max_comments']) ? intval($_POST['max_comments']) : 0); $max_comments = (!empty($_POST['max_comments']) ? intval($_POST['max_comments']) : 0);
$max_display_comments = (!empty($_POST['max_display_comments']) ? intval($_POST['max_display_comments']) : 0); $max_display_comments = (!empty($_POST['max_display_comments']) ? intval($_POST['max_display_comments']) : 0);
$temppath = (!empty($_POST['temppath']) ? Strings::escapeTags(trim($_POST['temppath'])) : ''); $temppath = (!empty($_POST['temppath']) ? trim($_POST['temppath']) : '');
$singleuser = (!empty($_POST['singleuser']) ? Strings::escapeTags(trim($_POST['singleuser'])) : ''); $singleuser = (!empty($_POST['singleuser']) ? trim($_POST['singleuser']) : '');
$only_tag_search = !empty($_POST['only_tag_search']); $only_tag_search = !empty($_POST['only_tag_search']);
$check_new_version_url = (!empty($_POST['check_new_version_url']) ? Strings::escapeTags(trim($_POST['check_new_version_url'])) : 'none'); $check_new_version_url = (!empty($_POST['check_new_version_url']) ? trim($_POST['check_new_version_url']) : 'none');
$worker_queues = (!empty($_POST['worker_queues']) ? intval($_POST['worker_queues']) : 10); $worker_queues = (!empty($_POST['worker_queues']) ? intval($_POST['worker_queues']) : 10);
$worker_fastlane = !empty($_POST['worker_fastlane']); $worker_fastlane = !empty($_POST['worker_fastlane']);
$relay_directly = !empty($_POST['relay_directly']); $relay_directly = !empty($_POST['relay_directly']);
$relay_scope = (!empty($_POST['relay_scope']) ? Strings::escapeTags(trim($_POST['relay_scope'])) : ''); $relay_scope = (!empty($_POST['relay_scope']) ? trim($_POST['relay_scope']) : '');
$relay_server_tags = (!empty($_POST['relay_server_tags']) ? Strings::escapeTags(trim($_POST['relay_server_tags'])) : ''); $relay_server_tags = (!empty($_POST['relay_server_tags']) ? trim($_POST['relay_server_tags']) : '');
$relay_deny_tags = (!empty($_POST['relay_deny_tags']) ? Strings::escapeTags(trim($_POST['relay_deny_tags'])) : ''); $relay_deny_tags = (!empty($_POST['relay_deny_tags']) ? trim($_POST['relay_deny_tags']) : '');
$relay_user_tags = !empty($_POST['relay_user_tags']); $relay_user_tags = !empty($_POST['relay_user_tags']);
$active_panel = (!empty($_POST['active_panel']) ? "#" . Strings::escapeTags(trim($_POST['active_panel'])) : ''); $active_panel = (!empty($_POST['active_panel']) ? "#" . trim($_POST['active_panel']) : '');
// Has the directory url changed? If yes, then resubmit the existing profiles there // Has the directory url changed? If yes, then resubmit the existing profiles there
if ($global_directory != DI::config()->get('system', 'directory') && ($global_directory != '')) { if ($global_directory != DI::config()->get('system', 'directory') && ($global_directory != '')) {

10
src/Module/Contact.php
View File

@ -234,10 +234,10 @@ class Contact extends BaseModule
$a = DI::app(); $a = DI::app();
$search = Strings::escapeTags(trim($_GET['search'] ?? '')); $search = trim($_GET['search'] ?? '');
$nets = Strings::escapeTags(trim($_GET['nets'] ?? '')); $nets = trim($_GET['nets'] ?? '');
$rel = Strings::escapeTags(trim($_GET['rel'] ?? '')); $rel = trim($_GET['rel'] ?? '');
$group = Strings::escapeTags(trim($_GET['group'] ?? '')); $group = trim($_GET['group'] ?? '');
$accounttype = $_GET['accounttype'] ?? ''; $accounttype = $_GET['accounttype'] ?? '';
$accounttypeid = User::getAccountTypeByString($accounttype); $accounttypeid = User::getAccountTypeByString($accounttype);
@ -523,7 +523,7 @@ class Contact extends BaseModule
'$submit' => DI::l10n()->t('Submit'), '$submit' => DI::l10n()->t('Submit'),
'$lbl_info1' => $lbl_info1, '$lbl_info1' => $lbl_info1,
'$lbl_info2' => DI::l10n()->t('Their personal note'), '$lbl_info2' => DI::l10n()->t('Their personal note'),
'$reason' => trim(Strings::escapeTags($contact['reason'])), '$reason' => trim($contact['reason']),
'$infedit' => DI::l10n()->t('Edit contact notes'), '$infedit' => DI::l10n()->t('Edit contact notes'),
'$common_link' => 'contact/' . $contact['id'] . '/contacts/common', '$common_link' => 'contact/' . $contact['id'] . '/contacts/common',
'$relation_text' => $relation_text, '$relation_text' => $relation_text,

5
src/Module/Directory.php
View File

@ -32,7 +32,6 @@ use Friendica\DI;
use Friendica\Model; use Friendica\Model;
use Friendica\Model\Profile; use Friendica\Model\Profile;
use Friendica\Network\HTTPException; use Friendica\Network\HTTPException;
use Friendica\Util\Strings;
/** /**
* Shows the local directory of this node * Shows the local directory of this node
@ -59,9 +58,7 @@ class Directory extends BaseModule
Nav::setSelected('directory'); Nav::setSelected('directory');
$search = (!empty($_REQUEST['search']) ? $search = trim(rawurldecode($_REQUEST['search'] ?? ''));
Strings::escapeTags(trim(rawurldecode($_REQUEST['search']))) :
'');
$gDirPath = ''; $gDirPath = '';
$dirURL = $config->get('system', 'directory'); $dirURL = $config->get('system', 'directory');

5
src/Module/Group.php
View File

@ -27,7 +27,6 @@ use Friendica\Core\System;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\DI; use Friendica\DI;
use Friendica\Model; use Friendica\Model;
use Friendica\Util\Strings;
require_once 'boot.php'; require_once 'boot.php';
@ -50,7 +49,7 @@ class Group extends BaseModule
if ((DI::args()->getArgc() == 2) && (DI::args()->getArgv()[1] === 'new')) { if ((DI::args()->getArgc() == 2) && (DI::args()->getArgv()[1] === 'new')) {
BaseModule::checkFormSecurityTokenRedirectOnError('/group/new', 'group_edit'); BaseModule::checkFormSecurityTokenRedirectOnError('/group/new', 'group_edit');
$name = Strings::escapeTags(trim($_POST['groupname'])); $name = trim($_POST['groupname']);
$r = Model\Group::create(local_user(), $name); $r = Model\Group::create(local_user(), $name);
if ($r) { if ($r) {
$r = Model\Group::getIdByName(local_user(), $name); $r = Model\Group::getIdByName(local_user(), $name);
@ -72,7 +71,7 @@ class Group extends BaseModule
notice(DI::l10n()->t('Group not found.')); notice(DI::l10n()->t('Group not found.'));
DI::baseUrl()->redirect('contact'); DI::baseUrl()->redirect('contact');
} }
$groupname = Strings::escapeTags(trim($_POST['groupname'])); $groupname = trim($_POST['groupname']);
if (strlen($groupname) && ($groupname != $group['name'])) { if (strlen($groupname) && ($groupname != $group['name'])) {
if (!Model\Group::update($group['id'], $groupname)) { if (!Model\Group::update($group['id'], $groupname)) {
notice(DI::l10n()->t('Group name was not changed.')); notice(DI::l10n()->t('Group name was not changed.'));

3
src/Module/Help.php
View File

@ -26,7 +26,6 @@ use Friendica\Content\Nav;
use Friendica\Content\Text\Markdown; use Friendica\Content\Text\Markdown;
use Friendica\DI; use Friendica\DI;
use Friendica\Network\HTTPException; use Friendica\Network\HTTPException;
use Friendica\Util\Strings;
/** /**
* Shows the friendica help based on the /doc/ directory * Shows the friendica help based on the /doc/ directory
@ -59,7 +58,7 @@ class Help extends BaseModule
$title = basename($path); $title = basename($path);
$filename = $path; $filename = $path;
$text = self::loadDocFile('doc/' . $path . '.md', $lang); $text = self::loadDocFile('doc/' . $path . '.md', $lang);
DI::page()['title'] = DI::l10n()->t('Help:') . ' ' . str_replace('-', ' ', Strings::escapeTags($title)); DI::page()['title'] = DI::l10n()->t('Help:') . ' ' . str_replace('-', ' ', $title);
} }
$home = self::loadDocFile('doc/Home.md', $lang); $home = self::loadDocFile('doc/Home.md', $lang);

7
src/Module/Install.php
View File

@ -30,7 +30,6 @@ use Friendica\Core\Theme;
use Friendica\DI; use Friendica\DI;
use Friendica\Network\HTTPException; use Friendica\Network\HTTPException;
use Friendica\Util\BasePath; use Friendica\Util\BasePath;
use Friendica\Util\Strings;
use Friendica\Util\Temporal; use Friendica\Util\Temporal;
class Install extends BaseModule class Install extends BaseModule
@ -380,10 +379,8 @@ class Install extends BaseModule
private static function checkSetting(Cache $configCache, array $post, $cat, $key, $default = null) private static function checkSetting(Cache $configCache, array $post, $cat, $key, $default = null)
{ {
$configCache->set($cat, $key, $configCache->set($cat, $key,
Strings::escapeTags( trim(($post[sprintf('%s-%s', $cat, $key)] ?? '') ?:
trim(($post[sprintf('%s-%s', $cat, $key)] ?? '') ?: ($default ?? $configCache->get($cat, $key))
($default ?? $configCache->get($cat, $key))
)
) )
); );
} }

3
src/Module/Search/Acl.php
View File

@ -32,7 +32,6 @@ use Friendica\DI;
use Friendica\Model\Contact; use Friendica\Model\Contact;
use Friendica\Model\Post; use Friendica\Model\Post;
use Friendica\Network\HTTPException; use Friendica\Network\HTTPException;
use Friendica\Util\Strings;
/** /**
* ACL selector json backend * ACL selector json backend
@ -69,7 +68,7 @@ class Acl extends BaseModule
private static function globalContactSearch() private static function globalContactSearch()
{ {
// autocomplete for global contact search (e.g. navbar search) // autocomplete for global contact search (e.g. navbar search)
$search = Strings::escapeTags(trim($_REQUEST['search'])); $search = trim($_REQUEST['search']);
$mode = $_REQUEST['smode']; $mode = $_REQUEST['smode'];
$page = $_REQUEST['page'] ?? 1; $page = $_REQUEST['page'] ?? 1;

11
src/Module/Security/Login.php
View File

@ -27,7 +27,6 @@ use Friendica\Core\Renderer;
use Friendica\Core\Session; use Friendica\Core\Session;
use Friendica\DI; use Friendica\DI;
use Friendica\Module\Register; use Friendica\Module\Register;
use Friendica\Util\Strings;
/** /**
* Login module * Login module
@ -187,16 +186,16 @@ class Login extends BaseModule
if (is_array($attr) && count($attr)) { if (is_array($attr) && count($attr)) {
foreach ($attr as $k => $v) { foreach ($attr as $k => $v) {
if ($k === 'namePerson/friendly') { if ($k === 'namePerson/friendly') {
$nick = Strings::escapeTags(trim($v)); $nick = trim($v);
} }
if ($k === 'namePerson/first') { if ($k === 'namePerson/first') {
$first = Strings::escapeTags(trim($v)); $first = trim($v);
} }
if ($k === 'namePerson') { if ($k === 'namePerson') {
$args['username'] = Strings::escapeTags(trim($v)); $args['username'] = trim($v);
} }
if ($k === 'contact/email') { if ($k === 'contact/email') {
$args['email'] = Strings::escapeTags(trim($v)); $args['email'] = trim($v);
} }
if ($k === 'media/image/aspect11') { if ($k === 'media/image/aspect11') {
$photosq = bin2hex(trim($v)); $photosq = bin2hex(trim($v));
@ -219,7 +218,7 @@ class Login extends BaseModule
$args['photo'] = $photo; $args['photo'] = $photo;
} }
$args['openid_url'] = Strings::escapeTags(trim(Session::get('openid_identity'))); $args['openid_url'] = trim(Session::get('openid_identity'));
return 'register?' . http_build_query($args); return 'register?' . http_build_query($args);
} }

7
src/Module/Settings/Display.php
View File

@ -30,7 +30,6 @@ use Friendica\DI;
use Friendica\Model\User; use Friendica\Model\User;
use Friendica\Module\BaseSettings; use Friendica\Module\BaseSettings;
use Friendica\Network\HTTPException; use Friendica\Network\HTTPException;
use Friendica\Util\Strings;
/** /**
* Module to update user settings * Module to update user settings
@ -47,9 +46,9 @@ class Display extends BaseSettings
$user = User::getById(local_user()); $user = User::getById(local_user());
$theme = !empty($_POST['theme']) ? Strings::escapeTags(trim($_POST['theme'])) : $user['theme']; $theme = !empty($_POST['theme']) ? trim($_POST['theme']) : $user['theme'];
$mobile_theme = !empty($_POST['mobile_theme']) ? Strings::escapeTags(trim($_POST['mobile_theme'])) : ''; $mobile_theme = !empty($_POST['mobile_theme']) ? trim($_POST['mobile_theme']) : '';
$enable_smile = !empty($_POST['enable_smile']) ? intval($_POST['enable_smile']) : 0; $enable_smile = !empty($_POST['enable_smile']) ? intval($_POST['enable_smile']) : 0;
$first_day_of_week = !empty($_POST['first_day_of_week']) ? intval($_POST['first_day_of_week']) : 0; $first_day_of_week = !empty($_POST['first_day_of_week']) ? intval($_POST['first_day_of_week']) : 0;
$infinite_scroll = !empty($_POST['infinite_scroll']) ? intval($_POST['infinite_scroll']) : 0; $infinite_scroll = !empty($_POST['infinite_scroll']) ? intval($_POST['infinite_scroll']) : 0;
$no_auto_update = !empty($_POST['no_auto_update']) ? intval($_POST['no_auto_update']) : 0; $no_auto_update = !empty($_POST['no_auto_update']) ? intval($_POST['no_auto_update']) : 0;

25
src/Module/Settings/Profile/Index.php
View File

@ -37,7 +37,6 @@ use Friendica\Module\BaseSettings;
use Friendica\Module\Security\Login; use Friendica\Module\Security\Login;
use Friendica\Network\HTTPException; use Friendica\Network\HTTPException;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use Friendica\Util\Strings;
use Friendica\Util\Temporal; use Friendica\Util\Temporal;
class Index extends BaseSettings class Index extends BaseSettings
@ -79,23 +78,23 @@ class Index extends BaseSettings
} }
} }
$name = Strings::escapeTags(trim($_POST['name'] ?? '')); $name = trim($_POST['name'] ?? '');
if (!strlen($name)) { if (!strlen($name)) {
notice(DI::l10n()->t('Profile Name is required.')); notice(DI::l10n()->t('Profile Name is required.'));
return; return;
} }
$about = Strings::escapeTags(trim($_POST['about'])); $about = trim($_POST['about']);
$address = Strings::escapeTags(trim($_POST['address'])); $address = trim($_POST['address']);
$locality = Strings::escapeTags(trim($_POST['locality'])); $locality = trim($_POST['locality']);
$region = Strings::escapeTags(trim($_POST['region'])); $region = trim($_POST['region']);
$postal_code = Strings::escapeTags(trim($_POST['postal_code'])); $postal_code = trim($_POST['postal_code']);
$country_name = Strings::escapeTags(trim($_POST['country_name'])); $country_name = trim($_POST['country_name']);
$pub_keywords = self::cleanKeywords(Strings::escapeTags(trim($_POST['pub_keywords']))); $pub_keywords = self::cleanKeywords(trim($_POST['pub_keywords']));
$prv_keywords = self::cleanKeywords(Strings::escapeTags(trim($_POST['prv_keywords']))); $prv_keywords = self::cleanKeywords(trim($_POST['prv_keywords']));
$xmpp = Strings::escapeTags(trim($_POST['xmpp'])); $xmpp = trim($_POST['xmpp']);
$matrix = Strings::escapeTags(trim($_POST['matrix'])); $matrix = trim($_POST['matrix']);
$homepage = Strings::escapeTags(trim($_POST['homepage'])); $homepage = trim($_POST['homepage']);
if ((strpos($homepage, 'http') !== 0) && (strlen($homepage))) { if ((strpos($homepage, 'http') !== 0) && (strlen($homepage))) {
// neither http nor https in URL, add them // neither http nor https in URL, add them
$homepage = 'http://' . $homepage; $homepage = 'http://' . $homepage;

2
view/theme/frio/templates/photo_view.tpl
View File

@ -63,7 +63,7 @@
<div id="photo-photo-end"></div> <div id="photo-photo-end"></div>
{{* The photo description *}} {{* The photo description *}}
<div id="photo-caption">{{$desc nofilter}}</div> <div id="photo-caption">{{$desc}}</div>
{{* Tags and mentions *}} {{* Tags and mentions *}}
{{if $tags}} {{if $tags}}

2
view/theme/quattro/templates/photo_view.tpl
View File

@ -24,7 +24,7 @@
<div id="photo-photo"><a href="{{$photo.href}}" title="{{$photo.title}}"><img src="{{$photo.src}}" /></a></div> <div id="photo-photo"><a href="{{$photo.href}}" title="{{$photo.title}}"><img src="{{$photo.src}}" /></a></div>
{{if $prevlink}}<div id="photo-prev-link"><a href="{{$prevlink.0}}">{{$prevlink.1 nofilter}}</a></div>{{/if}} {{if $prevlink}}<div id="photo-prev-link"><a href="{{$prevlink.0}}">{{$prevlink.1 nofilter}}</a></div>{{/if}}
{{if $nextlink}}<div id="photo-next-link"><a href="{{$nextlink.0}}">{{$nextlink.1 nofilter}}</a></div>{{/if}} {{if $nextlink}}<div id="photo-next-link"><a href="{{$nextlink.0}}">{{$nextlink.1 nofilter}}</a></div>{{/if}}
<div id="photo-caption">{{$desc nofilter}}</div> <div id="photo-caption">{{$desc}}</div>
{{if $tags}} {{if $tags}}
<div id="in-this-photo-text">{{$tags.0}}</div> <div id="in-this-photo-text">{{$tags.0}}</div>
<div id="in-this-photo">{{$tags.1}}</div> <div id="in-this-photo">{{$tags.1}}</div>

2
view/theme/vier/templates/photo_view.tpl
View File

@ -26,7 +26,7 @@
<div id="photo-photo"><a href="{{$photo.href}}" title="{{$photo.title}}"><img src="{{$photo.src}}" /></a></div> <div id="photo-photo"><a href="{{$photo.href}}" title="{{$photo.title}}"><img src="{{$photo.src}}" /></a></div>
{{if $nextlink}}<div id="photo-next-link"><a href="{{$nextlink.0}}">{{$nextlink.1 nofilter}}</a></div>{{/if}} {{if $nextlink}}<div id="photo-next-link"><a href="{{$nextlink.0}}">{{$nextlink.1 nofilter}}</a></div>{{/if}}
<div id="photo-photo-end"></div> <div id="photo-photo-end"></div>
<div id="photo-caption">{{$desc nofilter}}</div> <div id="photo-caption">{{$desc}}</div>
{{if $tags}} {{if $tags}}
<div id="in-this-photo-text">{{$tags.0}}</div> <div id="in-this-photo-text">{{$tags.0}}</div>
<div id="in-this-photo">{{$tags.1}}</div> <div id="in-this-photo">{{$tags.1}}</div>