Merge pull request #6225 from annando/http-error

[friendica.git] / src / Module / Login.php

diff --git a/src/Module/Login.php b/src/Module/Login.php
index 751d4d4cce5a5dfc037908b54e922e98801424c8..82d70498281fc6547a6e7a79520c6bca96793c8b 100644 (file)
--- a/src/Module/Login.php
+++ b/src/Module/Login.php
@@ -17,6 +17,7 @@ use Friendica\Database\DBA;
 use Friendica\Model\User;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Network;
+use Friendica\Util\Strings;
 use LightOpenID;
 
 require_once 'boot.php';
@@ -33,11 +34,11 @@ class Login extends BaseModule
        {
                $a = self::getApp();
 
-               if (x($_SESSION, 'theme')) {
+               if (!empty($_SESSION['theme'])) {
                        unset($_SESSION['theme']);
                }
 
-               if (x($_SESSION, 'mobile-theme')) {
+               if (!empty($_SESSION['mobile-theme'])) {
                        unset($_SESSION['mobile-theme']);
                }
 
@@ -45,7 +46,7 @@ class Login extends BaseModule
                        $a->internalRedirect();
                }
 
-               return self::form($_SESSION['return_path'], intval(Config::get('config', 'register_policy')) !== REGISTER_CLOSED);
+               return self::form(defaults($_SESSION, 'return_path', null), intval(Config::get('config', 'register_policy')) !== REGISTER_CLOSED);
        }
 
        public static function post()
@@ -67,7 +68,7 @@ class Login extends BaseModule
                        self::openIdAuthentication($openid_url, !empty($_POST['remember']));
                }
 
-               if (x($_POST, 'auth-params') && $_POST['auth-params'] === 'login') {
+               if (!empty($_POST['auth-params']) && $_POST['auth-params'] === 'login') {
                        self::passwordAuthentication(
                                trim($_POST['username']),
                                trim($_POST['password']),
@@ -148,7 +149,7 @@ class Login extends BaseModule
                                );
                        }
                } catch (Exception $e) {
-                       Logger::log('authenticate: failed login attempt: ' . notags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']);
+                       Logger::log('authenticate: failed login attempt: ' . Strings::escapeTags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']);
                        info('Login failed. Please check your credentials.' . EOL);
                        $a->internalRedirect();
                }
@@ -162,7 +163,7 @@ class Login extends BaseModule
                $_SESSION['last_login_date'] = DateTimeFormat::utcNow();
                Authentication::setAuthenticatedSessionForUser($record, true, true);
 
-               if (x($_SESSION, 'return_path')) {
+               if (!empty($_SESSION['return_path'])) {
                        $return_path = $_SESSION['return_path'];
                        unset($_SESSION['return_path']);
                } else {
@@ -220,15 +221,15 @@ class Login extends BaseModule
                        }
                }
 
-               if (isset($_SESSION) && x($_SESSION, 'authenticated')) {
-                       if (x($_SESSION, 'visitor_id') && !x($_SESSION, 'uid')) {
+               if (!empty($_SESSION['authenticated'])) {
+                       if (!empty($_SESSION['visitor_id']) && empty($_SESSION['uid'])) {
                                $contact = DBA::selectFirst('contact', [], ['id' => $_SESSION['visitor_id']]);
                                if (DBA::isResult($contact)) {
                                        self::getApp()->contact = $contact;
                                }
                        }
 
-                       if (x($_SESSION, 'uid')) {
+                       if (!empty($_SESSION['uid'])) {
                                // already logged in user returning
                                $check = Config::get('system', 'paranoia');
                                // extra paranoia - if the IP changed, log them out