return;
}
- $sitename = (!empty($_POST['sitename']) ? trim($_POST['sitename']) : '');
+ $sitename = (!empty($_POST['sitename']) ? strip_tags(trim($_POST['sitename'])) : '');
$sender_email = (!empty($_POST['sender_email']) ? trim($_POST['sender_email']) : '');
$banner = (!empty($_POST['banner']) ? trim($_POST['banner']) : false);
$email_banner = (!empty($_POST['email_banner']) ? trim($_POST['email_banner']) : false);
$shortcut_icon = (!empty($_POST['shortcut_icon']) ? trim($_POST['shortcut_icon']) : '');
$touch_icon = (!empty($_POST['touch_icon']) ? trim($_POST['touch_icon']) : '');
- $additional_info = (!empty($_POST['additional_info']) ? trim($_POST['additional_info']) : '');
+ $additional_info = (!empty($_POST['additional_info']) ? strip_tags(trim($_POST['additional_info'])) : '');
$language = (!empty($_POST['language']) ? trim($_POST['language']) : '');
$theme = (!empty($_POST['theme']) ? trim($_POST['theme']) : '');
$theme_mobile = (!empty($_POST['theme_mobile']) ? trim($_POST['theme_mobile']) : '');
$jpegimagequality = (!empty($_POST['jpegimagequality']) ? intval(trim($_POST['jpegimagequality'])) : 100);
$register_policy = (!empty($_POST['register_policy']) ? intval(trim($_POST['register_policy'])) : 0);
- $max_registered_users = (!empty($_POST['max_registered_users']) ? intval(trim($_POST['max_registered_users'])) : 0);
+ $max_registered_users = (!empty($_POST['max_registered_users']) ? intval(trim($_POST['max_registered_users'])) : 0);
$daily_registrations = (!empty($_POST['max_daily_registrations']) ? intval(trim($_POST['max_daily_registrations'])) : 0);
$abandon_days = (!empty($_POST['abandon_days']) ? intval(trim($_POST['abandon_days'])) : 0);
new ArrayFilterEvent(ArrayFilterEvent::PROFILE_SETTINGS_POST, $request),
)->getArray();
- $dob = trim($request['dob'] ?? '');
+ $dob = $this->cleanInput($request['dob'] ?? '');
if ($dob && !in_array($dob, ['0000-00-00', DBA::NULL_DATE])) {
$y = substr($dob, 0, 4);
}
}
- $username = trim($request['username'] ?? '');
+ $username = $this->cleanInputText($request['username'] ?? '');
if (!$username) {
$this->systemMessages->addNotice($this->t('Display Name is required.'));
return;
}
- $about = trim($request['about']);
- $address = trim($request['address']);
- $locality = trim($request['locality']);
- $region = trim($request['region']);
- $postal_code = trim($request['postal_code']);
- $country_name = trim($request['country_name']);
+ $about = $this->cleanInputText($request['about']);
+ $address = $this->cleanInputText($request['address']);
+ $locality = $this->cleanInputText($request['locality']);
+ $region = $this->cleanInputText($request['region']);
+ $postal_code = $this->cleanInputText($request['postal_code']);
+ $country_name = $this->cleanInputText($request['country_name']);
$pub_keywords = self::cleanKeywords(trim($request['pub_keywords']));
$prv_keywords = self::cleanKeywords(trim($request['prv_keywords']));
$xmpp = $this->cleanInput(trim($request['xmpp']));
return $profileFields;
}
+ private function cleanInputText(string $input): string
+ {
+ return trim(strip_tags($input));
+ }
+
private function cleanInput(string $input): string
{
- return str_replace(['<', '>', '"', ' '], '', $input);
+ return str_replace(['<', '>', '"', "'", ' '], '', $input);
}
private static function cleanKeywords($keywords): string
$cleaned = [];
foreach ($keywords as $keyword) {
- $keyword = trim($keyword);
+ $keyword = trim(str_replace(['<', '>', '"', "'"], '', $keyword));
$keyword = trim($keyword, '#');
if ($keyword != '') {
$cleaned[] = $keyword;
projects / friendica.git / commitdiff