X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FBaseModule.php;h=ced1e55c397c51d81f2f6b866cac58ea83f422f3;hb=66db55f0cdb7340602154f2fa411daab6aae9459;hp=cb8f8c790de7317e064db3ee88b97c704e02b3bb;hpb=f69dab6d1c51d54a9647bc2f191c34954cce2023;p=friendica.git diff --git a/src/BaseModule.php b/src/BaseModule.php index cb8f8c790d..ced1e55c39 100644 --- a/src/BaseModule.php +++ b/src/BaseModule.php @@ -22,6 +22,7 @@ namespace Friendica; use Friendica\Core\Logger; +use Friendica\Model\User; /** * All modules in Friendica should extend BaseModule, although not all modules @@ -135,10 +136,9 @@ abstract class BaseModule */ public static function getFormSecurityToken($typename = '') { - $a = DI::app(); - + $user = User::getById(DI::app()->getLoggedInUserId(), ['guid', 'prvkey']); $timestamp = time(); - $sec_hash = hash('whirlpool', ($a->user['guid'] ?? '') . ($a->user['prvkey'] ?? '') . session_id() . $timestamp . $typename); + $sec_hash = hash('whirlpool', ($user['guid'] ?? '') . ($user['prvkey'] ?? '') . session_id() . $timestamp . $typename); return $timestamp . '.' . $sec_hash; } @@ -163,14 +163,14 @@ abstract class BaseModule $max_livetime = 10800; // 3 hours - $a = DI::app(); + $user = User::getById(DI::app()->getLoggedInUserId(), ['guid', 'prvkey']); $x = explode('.', $hash); if (time() > (intval($x[0]) + $max_livetime)) { return false; } - $sec_hash = hash('whirlpool', ($a->user['guid'] ?? '') . ($a->user['prvkey'] ?? '') . session_id() . $x[0] . $typename); + $sec_hash = hash('whirlpool', ($user['guid'] ?? '') . ($user['prvkey'] ?? '') . session_id() . $x[0] . $typename); return ($sec_hash == $x[1]); } @@ -183,9 +183,8 @@ abstract class BaseModule public static function checkFormSecurityTokenRedirectOnError($err_redirect, $typename = '', $formname = 'form_security_token') { if (!self::checkFormSecurityToken($typename, $formname)) { - $a = DI::app(); - Logger::log('checkFormSecurityToken failed: user ' . $a->user['guid'] . ' - form element ' . $typename); - Logger::log('checkFormSecurityToken failed: _REQUEST data: ' . print_r($_REQUEST, true), Logger::DATA); + Logger::notice('checkFormSecurityToken failed: user ' . DI::app()->getLoggedInUserNickname() . ' - form element ' . $typename); + Logger::debug('checkFormSecurityToken failed', ['request' => $_REQUEST]); notice(self::getFormSecurityStandardErrorMessage()); DI::baseUrl()->redirect($err_redirect); } @@ -194,9 +193,8 @@ abstract class BaseModule public static function checkFormSecurityTokenForbiddenOnError($typename = '', $formname = 'form_security_token') { if (!self::checkFormSecurityToken($typename, $formname)) { - $a = DI::app(); - Logger::log('checkFormSecurityToken failed: user ' . $a->user['guid'] . ' - form element ' . $typename); - Logger::log('checkFormSecurityToken failed: _REQUEST data: ' . print_r($_REQUEST, true), Logger::DATA); + Logger::notice('checkFormSecurityToken failed: user ' . DI::app()->getLoggedInUserNickname() . ' - form element ' . $typename); + Logger::debug('checkFormSecurityToken failed', ['request' => $_REQUEST]); throw new \Friendica\Network\HTTPException\ForbiddenException(); }