]> git.mxchange.org Git - friendica.git/blobdiff - src/BaseModule.php
projects / friendica.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Improved poll texts for different conditions
[friendica.git] / src / BaseModule.php
diff --git a/src/BaseModule.php b/src/BaseModule.php
index a74c02713114242f97881994863421d6f0875df6..c03a77e29e2e3cc935e7b43e2907d280efc89a23 100644 (file)
--- a/src/BaseModule.php
+++ b/src/BaseModule.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2010-2021, the Friendica project
+ * @copyright Copyright (C) 2010-2022, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -128,8 +128,10 @@ abstract class BaseModule implements ICanHandleRequests
         *
         * Extend this method if the module is supposed to process DELETE requests.
         * Doesn't display any content
+        *
+        * @param string[] $request The $_REQUEST content
         */
-       protected function delete()
+       protected function delete(array $request = [])
        {
        }
 
@@ -138,8 +140,10 @@ abstract class BaseModule implements ICanHandleRequests
         *
         * Extend this method if the module is supposed to process PATCH requests.
         * Doesn't display any content
+        *
+        * @param string[] $request The $_REQUEST content
         */
-       protected function patch()
+       protected function patch(array $request = [])
        {
        }
 
@@ -150,10 +154,9 @@ abstract class BaseModule implements ICanHandleRequests
         * Doesn't display any content
         *
         * @param string[] $request The $_REQUEST content
-        * @param string[] $post    The $_POST content
         *
         */
-       protected function post(array $request = [], array $post = [])
+       protected function post(array $request = [])
        {
                // $this->baseUrl->redirect('module');
        }
@@ -163,34 +166,36 @@ abstract class BaseModule implements ICanHandleRequests
         *
         * Extend this method if the module is supposed to process PUT requests.
         * Doesn't display any content
+        *
+        * @param string[] $request The $_REQUEST content
         */
-       protected function put()
+       protected function put(array $request = [])
        {
        }
 
        /**
         * {@inheritDoc}
         */
-       public function run(array $post = [], array $request = []): ResponseInterface
+       public function run(array $request = []): ResponseInterface
        {
                // @see https://github.com/tootsuite/mastodon/blob/c3aef491d66aec743a3a53e934a494f653745b61/config/initializers/cors.rb
-               if (substr($request['pagename'] ?? '', 0, 12) == '.well-known/') {
+               if (substr($this->args->getQueryString(), 0, 12) == '.well-known/') {
                        $this->response->setHeader('*', 'Access-Control-Allow-Origin');
                        $this->response->setHeader('*', 'Access-Control-Allow-Headers');
                        $this->response->setHeader(Router::GET, 'Access-Control-Allow-Methods');
                        $this->response->setHeader('false', 'Access-Control-Allow-Credentials');
-               } elseif (substr($request['pagename'] ?? '', 0, 8) == 'profile/') {
+               } elseif (substr($this->args->getQueryString(), 0, 8) == 'profile/') {
                        $this->response->setHeader('*', 'Access-Control-Allow-Origin');
                        $this->response->setHeader('*', 'Access-Control-Allow-Headers');
                        $this->response->setHeader(Router::GET, 'Access-Control-Allow-Methods');
                        $this->response->setHeader('false', 'Access-Control-Allow-Credentials');
-               } elseif (substr($request['pagename'] ?? '', 0, 4) == 'api/') {
+               } elseif (substr($this->args->getQueryString(), 0, 4) == 'api/') {
                        $this->response->setHeader('*', 'Access-Control-Allow-Origin');
                        $this->response->setHeader('*', 'Access-Control-Allow-Headers');
                        $this->response->setHeader(implode(',', Router::ALLOWED_METHODS), 'Access-Control-Allow-Methods');
                        $this->response->setHeader('false', 'Access-Control-Allow-Credentials');
                        $this->response->setHeader('Link', 'Access-Control-Expose-Headers');
-               } elseif (substr($request['pagename'] ?? '', 0, 11) == 'oauth/token') {
+               } elseif (substr($this->args->getQueryString(), 0, 11) == 'oauth/token') {
                        $this->response->setHeader('*', 'Access-Control-Allow-Origin');
                        $this->response->setHeader('*', 'Access-Control-Allow-Headers');
                        $this->response->setHeader(Router::POST, 'Access-Control-Allow-Methods');
@@ -206,19 +211,19 @@ abstract class BaseModule implements ICanHandleRequests
 
                $this->profiler->set(microtime(true) - $timestamp, 'init');
 
-               switch ($this->server['REQUEST_METHOD'] ?? Router::GET) {
+               switch ($this->args->getMethod()) {
                        case Router::DELETE:
-                               $this->delete();
+                               $this->delete($request);
                                break;
                        case Router::PATCH:
-                               $this->patch();
+                               $this->patch($request);
                                break;
                        case Router::POST:
-                               Core\Hook::callAll($this->args->getModuleName() . '_mod_post', $post);
-                               $this->post($request, $post);
+                               Core\Hook::callAll($this->args->getModuleName() . '_mod_post', $request);
+                               $this->post($request);
                                break;
                        case Router::PUT:
-                               $this->put();
+                               $this->put($request);
                                break;
                }
 
@@ -231,7 +236,7 @@ abstract class BaseModule implements ICanHandleRequests
                        $arr = ['content' => ''];
                        Hook::callAll(static::class . '_mod_content', $arr);
                        $this->response->addContent($arr['content']);
-                       $this->response->addContent($this->content($_REQUEST));
+                       $this->response->addContent($this->content($request));
                } catch (HTTPException $e) {
                        $this->response->addContent((new ModuleHTTPException())->content($e));
                } finally {
@@ -255,19 +260,7 @@ abstract class BaseModule implements ICanHandleRequests
                $request = [];
 
                foreach ($defaults as $parameter => $defaultvalue) {
-                       if (is_string($defaultvalue)) {
-                               $request[$parameter] = $input[$parameter] ?? $defaultvalue;
-                       } elseif (is_int($defaultvalue)) {
-                               $request[$parameter] = (int)($input[$parameter] ?? $defaultvalue);
-                       } elseif (is_float($defaultvalue)) {
-                               $request[$parameter] = (float)($input[$parameter] ?? $defaultvalue);
-                       } elseif (is_array($defaultvalue)) {
-                               $request[$parameter] = $input[$parameter] ?? [];
-                       } elseif (is_bool($defaultvalue)) {
-                               $request[$parameter] = in_array(strtolower($input[$parameter] ?? ''), ['true', '1']);
-                       } else {
-                               $this->logger->notice('Unhandled default value type', ['parameter' => $parameter, 'type' => gettype($defaultvalue)]);
-                       }
+                       $request[$parameter] = $this->getRequestValue($input, $parameter, $defaultvalue);
                }
 
                foreach ($input ?? [] as $parameter => $value) {
@@ -283,6 +276,50 @@ abstract class BaseModule implements ICanHandleRequests
                return $request;
        }
 
+       /**
+        * Fetch a request value and apply default values and check against minimal and maximal values
+        *
+        * @param array $input 
+        * @param string $parameter 
+        * @param mixed $default 
+        * @param mixed $minimal_value 
+        * @param mixed $maximum_value 
+        * @return mixed 
+        */
+       public function getRequestValue(array $input, string $parameter, $default = null, $minimal_value = null, $maximum_value = null)
+       {
+               if (is_string($default)) {
+                       $value = (string)($input[$parameter] ?? $default);
+               } elseif (is_int($default)) {
+                       $value = filter_var($input[$parameter] ?? $default, FILTER_VALIDATE_INT);
+                       if (!is_null($minimal_value)) {
+                               $value = max(filter_var($minimal_value, FILTER_VALIDATE_INT), $value);
+                       }
+                       if (!is_null($maximum_value)) {
+                               $value = min(filter_var($maximum_value, FILTER_VALIDATE_INT), $value);
+                       }
+               } elseif (is_float($default)) {
+                       $value = filter_var($input[$parameter] ?? $default, FILTER_VALIDATE_FLOAT);
+                       if (!is_null($minimal_value)) {
+                               $value = max(filter_var($minimal_value, FILTER_VALIDATE_FLOAT), $value);
+                       }
+                       if (!is_null($maximum_value)) {
+                               $value = min(filter_var($maximum_value, FILTER_VALIDATE_FLOAT), $value);
+                       }
+               } elseif (is_array($default)) {
+                       $value = filter_var($input[$parameter] ?? $default, FILTER_DEFAULT, ['flags' => FILTER_FORCE_ARRAY]);
+               } elseif (is_bool($default)) {
+                       $value = filter_var($input[$parameter] ?? $default, FILTER_VALIDATE_BOOLEAN);
+               } elseif (is_null($default)) {
+                       $value = $input[$parameter] ?? null;
+               } else {
+                       $this->logger->notice('Unhandled default value type', ['parameter' => $parameter, 'type' => gettype($default)]);
+                       $value = null;
+               }
+
+               return $value;
+       }
+
        /*
         * Functions used to protect against Cross-Site Request Forgery
         * The security token has to base on at least one value that an attacker can't know - here it's the session ID and the private key.
Unnamed repository; edit this file 'description' to name the repository.