Merge pull request #756 from JonnyTischbein/move_include_security

Move include/security to /src/Core/Authentication.php and /src/Util/Security.php
This commit is contained in:
Hypolite Petovan 2018-10-19 08:58:31 -04:00 committed by GitHub
commit 2ac21ef32a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 20 additions and 13 deletions

View file

@ -34,6 +34,7 @@
*/ */
use Friendica\App; use Friendica\App;
use Friendica\BaseModule;
use Friendica\Content\Text\Markdown; use Friendica\Content\Text\Markdown;
use Friendica\Core\Addon; use Friendica\Core\Addon;
use Friendica\Core\Cache; use Friendica\Core\Cache;
@ -46,6 +47,7 @@ use Friendica\Model\Term;
use Friendica\Module\Login; use Friendica\Module\Login;
use Friendica\Network\HTTPException; use Friendica\Network\HTTPException;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use Friendica\Util\Security;
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
use Symfony\Component\ExpressionLanguage; use Symfony\Component\ExpressionLanguage;
@ -53,7 +55,6 @@ use Symfony\Component\ExpressionLanguage;
require_once 'boot.php'; require_once 'boot.php';
require_once 'include/conversation.php'; require_once 'include/conversation.php';
require_once 'include/dba.php'; require_once 'include/dba.php';
require_once 'include/security.php';
require_once __DIR__ . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php'; require_once __DIR__ . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php';
@ -234,7 +235,7 @@ function advancedcontentfilter_content(App $a)
], ],
'$current_theme' => $a->getCurrentTheme(), '$current_theme' => $a->getCurrentTheme(),
'$rules' => advancedcontentfilter_get_rules(), '$rules' => advancedcontentfilter_get_rules(),
'$form_security_token' => get_form_security_token() '$form_security_token' => BaseModule::getFormSecurityToken()
]); ]);
} }
} }
@ -322,7 +323,7 @@ function advancedcontentfilter_post_rules(ServerRequestInterface $request)
throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method')); throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method'));
} }
if (!check_form_security_token()) { if (!BaseModule::checkFormSecurityToken()) {
throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.')); throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.'));
} }
@ -356,7 +357,7 @@ function advancedcontentfilter_put_rules_id(ServerRequestInterface $request, Res
throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method')); throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method'));
} }
if (!check_form_security_token()) { if (!BaseModule::checkFormSecurityToken()) {
throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.')); throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.'));
} }
@ -385,7 +386,7 @@ function advancedcontentfilter_delete_rules_id(ServerRequestInterface $request,
throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method')); throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method'));
} }
if (!check_form_security_token()) { if (!BaseModule::checkFormSecurityToken()) {
throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.')); throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.'));
} }

View file

@ -7,10 +7,12 @@
*/ */
use Friendica\App; use Friendica\App;
use Friendica\BaseModule;
use Friendica\Core\Addon; use Friendica\Core\Addon;
use Friendica\Core\Config; use Friendica\Core\Config;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\Util\Security;
/** /**
* Installs the addon hook * Installs the addon hook
@ -103,7 +105,7 @@ function gravatar_addon_admin (&$a, &$o) {
} }
// output Gravatar settings // output Gravatar settings
$o .= '<input type="hidden" name="form_security_token" value="' .get_form_security_token("gravatarsave") .'">'; $o .= '<input type="hidden" name="form_security_token" value="' . BaseModule::getFormSecurityToken("gravatarsave") .'">';
$o .= replace_macros( $t, [ $o .= replace_macros( $t, [
'$submit' => L10n::t('Save Settings'), '$submit' => L10n::t('Save Settings'),
'$default_avatar' => ['avatar', L10n::t('Default avatar image'), $default_avatar, L10n::t('Select default avatar image if none was found at Gravatar. See README'), $default_avatars], '$default_avatar' => ['avatar', L10n::t('Default avatar image'), $default_avatar, L10n::t('Select default avatar image if none was found at Gravatar. See README'), $default_avatars],
@ -115,7 +117,7 @@ function gravatar_addon_admin (&$a, &$o) {
* Save admin settings * Save admin settings
*/ */
function gravatar_addon_admin_post (&$a) { function gravatar_addon_admin_post (&$a) {
check_form_security_token('gravatarsave'); BaseModule::checkFormSecurityToken('gravatarsave');
$default_avatar = ((x($_POST, 'avatar')) ? notags(trim($_POST['avatar'])) : 'identicon'); $default_avatar = ((x($_POST, 'avatar')) ? notags(trim($_POST['avatar'])) : 'identicon');
$rating = ((x($_POST, 'rating')) ? notags(trim($_POST['rating'])) : 'g'); $rating = ((x($_POST, 'rating')) ? notags(trim($_POST['rating'])) : 'g');

View file

@ -7,10 +7,12 @@
*/ */
use Friendica\App; use Friendica\App;
use Friendica\BaseModule;
use Friendica\Core\Addon; use Friendica\Core\Addon;
use Friendica\Core\Config; use Friendica\Core\Config;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\Util\Security;
/** /**
* Installs the addon hook * Installs the addon hook
@ -106,7 +108,7 @@ function libravatar_addon_admin(&$a, &$o)
} }
// output Libravatar settings // output Libravatar settings
$o .= '<input type="hidden" name="form_security_token" value="' .get_form_security_token("libravatarsave") .'">'; $o .= '<input type="hidden" name="form_security_token" value="' . BaseModule::getFormSecurityToken("libravatarsave") .'">';
$o .= replace_macros( $t, [ $o .= replace_macros( $t, [
'$submit' => L10n::t('Save Settings'), '$submit' => L10n::t('Save Settings'),
'$default_avatar' => ['avatar', L10n::t('Default avatar image'), $default_avatar, L10n::t('Select default avatar image if none was found. See README'), $default_avatars], '$default_avatar' => ['avatar', L10n::t('Default avatar image'), $default_avatar, L10n::t('Select default avatar image if none was found. See README'), $default_avatars],
@ -118,7 +120,7 @@ function libravatar_addon_admin(&$a, &$o)
*/ */
function libravatar_addon_admin_post(&$a) function libravatar_addon_admin_post(&$a)
{ {
check_form_security_token('libravatarrsave'); BaseModule::checkFormSecurityToken('libravatarrsave');
$default_avatar = ((x($_POST, 'avatar')) ? notags(trim($_POST['avatar'])) : 'identicon'); $default_avatar = ((x($_POST, 'avatar')) ? notags(trim($_POST['avatar'])) : 'identicon');
Config::set('libravatar', 'default_avatar', $default_avatar); Config::set('libravatar', 'default_avatar', $default_avatar);

View file

@ -6,11 +6,13 @@
* Author: Keith Fernie <http://friendika.me4.it/profile/keith> * Author: Keith Fernie <http://friendika.me4.it/profile/keith>
*/ */
use Friendica\BaseModule;
use Friendica\Core\Addon; use Friendica\Core\Addon;
use Friendica\Core\Config; use Friendica\Core\Config;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use Friendica\Util\Security;
function public_server_install() function public_server_install()
{ {
@ -142,7 +144,7 @@ function public_server_login($a, $b)
function public_server_addon_admin_post(&$a) function public_server_addon_admin_post(&$a)
{ {
check_form_security_token_redirectOnErr('/admin/addons/publicserver', 'publicserver'); BaseModule::checkFormSecurityTokenRedirectOnError('/admin/addons/publicserver', 'publicserver');
$expiredays = (x($_POST, 'expiredays') ? notags(trim($_POST['expiredays'])) : ''); $expiredays = (x($_POST, 'expiredays') ? notags(trim($_POST['expiredays'])) : '');
$expireposts = (x($_POST, 'expireposts') ? notags(trim($_POST['expireposts'])) : ''); $expireposts = (x($_POST, 'expireposts') ? notags(trim($_POST['expireposts'])) : '');
$nologin = (x($_POST, 'nologin') ? notags(trim($_POST['nologin'])) : ''); $nologin = (x($_POST, 'nologin') ? notags(trim($_POST['nologin'])) : '');
@ -160,7 +162,7 @@ function public_server_addon_admin_post(&$a)
function public_server_addon_admin(&$a, &$o) function public_server_addon_admin(&$a, &$o)
{ {
$token = get_form_security_token("publicserver"); $token = BaseModule::getFormSecurityToken("publicserver");
$t = get_markup_template("admin.tpl", "addon/public_server"); $t = get_markup_template("admin.tpl", "addon/public_server");
$o = replace_macros($t, [ $o = replace_macros($t, [
'$submit' => L10n::t('Save Settings'), '$submit' => L10n::t('Save Settings'),

View file

@ -30,6 +30,7 @@ use Friendica\App;
use Friendica\Content\Text\BBCode; use Friendica\Content\Text\BBCode;
use Friendica\Content\Text\HTML; use Friendica\Content\Text\HTML;
use Friendica\Core\Addon; use Friendica\Core\Addon;
use Friendica\Core\Authentication;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Core\PConfig; use Friendica\Core\PConfig;
use Friendica\Database\DBA; use Friendica\Database\DBA;
@ -471,8 +472,7 @@ function windowsphonepush_login(App $a)
die('This api requires login'); die('This api requires login');
} }
require_once 'include/security.php'; Authentication::setAuthenticatedSessionForUser($record);
authenticate_success($record);
$_SESSION["allow_api"] = true; $_SESSION["allow_api"] = true;
Addon::callHooks('logged_in', $a->user); Addon::callHooks('logged_in', $a->user);
} }