From e7f4dc845451756ee8b633d280c9a1e2a9f48253 Mon Sep 17 00:00:00 2001 From: Jonny Tischbein Date: Wed, 17 Oct 2018 18:58:05 +0200 Subject: [PATCH] Move include/security to /src/Core/Authentication.php and /src/Util/Security.php --- advancedcontentfilter/advancedcontentfilter.php | 10 +++++----- gravatar/gravatar.php | 5 +++-- libravatar/libravatar.php | 5 +++-- public_server/public_server.php | 5 +++-- windowsphonepush/windowsphonepush.php | 4 ++-- 5 files changed, 16 insertions(+), 13 deletions(-) diff --git a/advancedcontentfilter/advancedcontentfilter.php b/advancedcontentfilter/advancedcontentfilter.php index 74728c042..05d55e53e 100644 --- a/advancedcontentfilter/advancedcontentfilter.php +++ b/advancedcontentfilter/advancedcontentfilter.php @@ -46,6 +46,7 @@ use Friendica\Model\Term; use Friendica\Module\Login; use Friendica\Network\HTTPException; use Friendica\Util\DateTimeFormat; +use Friendica\Util\Security; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Symfony\Component\ExpressionLanguage; @@ -53,7 +54,6 @@ use Symfony\Component\ExpressionLanguage; require_once 'boot.php'; require_once 'include/conversation.php'; require_once 'include/dba.php'; -require_once 'include/security.php'; require_once __DIR__ . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php'; @@ -234,7 +234,7 @@ function advancedcontentfilter_content(App $a) ], '$current_theme' => $a->getCurrentTheme(), '$rules' => advancedcontentfilter_get_rules(), - '$form_security_token' => get_form_security_token() + '$form_security_token' => Security::get_form_security_token() ]); } } @@ -322,7 +322,7 @@ function advancedcontentfilter_post_rules(ServerRequestInterface $request) throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method')); } - if (!check_form_security_token()) { + if (!Security::check_form_security_token()) { throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.')); } @@ -356,7 +356,7 @@ function advancedcontentfilter_put_rules_id(ServerRequestInterface $request, Res throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method')); } - if (!check_form_security_token()) { + if (!Security::check_form_security_token()) { throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.')); } @@ -385,7 +385,7 @@ function advancedcontentfilter_delete_rules_id(ServerRequestInterface $request, throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method')); } - if (!check_form_security_token()) { + if (!Security::check_form_security_token()) { throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.')); } diff --git a/gravatar/gravatar.php b/gravatar/gravatar.php index 00d8e5b32..bb8c9f271 100644 --- a/gravatar/gravatar.php +++ b/gravatar/gravatar.php @@ -11,6 +11,7 @@ use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Database\DBA; +use Friendica\Util\Security; /** * Installs the addon hook @@ -103,7 +104,7 @@ function gravatar_addon_admin (&$a, &$o) { } // output Gravatar settings - $o .= ''; + $o .= ''; $o .= replace_macros( $t, [ '$submit' => L10n::t('Save Settings'), '$default_avatar' => ['avatar', L10n::t('Default avatar image'), $default_avatar, L10n::t('Select default avatar image if none was found at Gravatar. See README'), $default_avatars], @@ -115,7 +116,7 @@ function gravatar_addon_admin (&$a, &$o) { * Save admin settings */ function gravatar_addon_admin_post (&$a) { - check_form_security_token('gravatarsave'); + Security::check_form_security_token('gravatarsave'); $default_avatar = ((x($_POST, 'avatar')) ? notags(trim($_POST['avatar'])) : 'identicon'); $rating = ((x($_POST, 'rating')) ? notags(trim($_POST['rating'])) : 'g'); diff --git a/libravatar/libravatar.php b/libravatar/libravatar.php index ee283f0c5..787231bfc 100644 --- a/libravatar/libravatar.php +++ b/libravatar/libravatar.php @@ -11,6 +11,7 @@ use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Database\DBA; +use Friendica\Util\Security; /** * Installs the addon hook @@ -106,7 +107,7 @@ function libravatar_addon_admin(&$a, &$o) } // output Libravatar settings - $o .= ''; + $o .= ''; $o .= replace_macros( $t, [ '$submit' => L10n::t('Save Settings'), '$default_avatar' => ['avatar', L10n::t('Default avatar image'), $default_avatar, L10n::t('Select default avatar image if none was found. See README'), $default_avatars], @@ -118,7 +119,7 @@ function libravatar_addon_admin(&$a, &$o) */ function libravatar_addon_admin_post(&$a) { - check_form_security_token('libravatarrsave'); + Security::check_form_security_token('libravatarrsave'); $default_avatar = ((x($_POST, 'avatar')) ? notags(trim($_POST['avatar'])) : 'identicon'); Config::set('libravatar', 'default_avatar', $default_avatar); diff --git a/public_server/public_server.php b/public_server/public_server.php index 64f9d5d22..2e020b866 100644 --- a/public_server/public_server.php +++ b/public_server/public_server.php @@ -11,6 +11,7 @@ use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Database\DBA; use Friendica\Util\DateTimeFormat; +use Friendica\Util\Security; function public_server_install() { @@ -142,7 +143,7 @@ function public_server_login($a, $b) function public_server_addon_admin_post(&$a) { - check_form_security_token_redirectOnErr('/admin/addons/publicserver', 'publicserver'); + Security::check_form_security_token_redirectOnErr('/admin/addons/publicserver', 'publicserver'); $expiredays = (x($_POST, 'expiredays') ? notags(trim($_POST['expiredays'])) : ''); $expireposts = (x($_POST, 'expireposts') ? notags(trim($_POST['expireposts'])) : ''); $nologin = (x($_POST, 'nologin') ? notags(trim($_POST['nologin'])) : ''); @@ -160,7 +161,7 @@ function public_server_addon_admin_post(&$a) function public_server_addon_admin(&$a, &$o) { - $token = get_form_security_token("publicserver"); + $token = Security::get_form_security_token("publicserver"); $t = get_markup_template("admin.tpl", "addon/public_server"); $o = replace_macros($t, [ '$submit' => L10n::t('Save Settings'), diff --git a/windowsphonepush/windowsphonepush.php b/windowsphonepush/windowsphonepush.php index 589d22232..ff9c4464e 100644 --- a/windowsphonepush/windowsphonepush.php +++ b/windowsphonepush/windowsphonepush.php @@ -30,6 +30,7 @@ use Friendica\App; use Friendica\Content\Text\BBCode; use Friendica\Content\Text\HTML; use Friendica\Core\Addon; +use Friendica\Core\Authentication; use Friendica\Core\L10n; use Friendica\Core\PConfig; use Friendica\Database\DBA; @@ -471,8 +472,7 @@ function windowsphonepush_login(App $a) die('This api requires login'); } - require_once 'include/security.php'; - authenticate_success($record); + Authentication::success($record); $_SESSION["allow_api"] = true; Addon::callHooks('logged_in', $a->user); }