]> git.mxchange.org Git - friendica.git/commitdiff
projects / friendica.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0e2e488)
Some removed escapeTags calls
authorMichael <heluecht@pirati.ca>
Fri, 5 Nov 2021 19:59:18 +0000 (19:59 +0000)
committerMichael <heluecht@pirati.ca>
Fri, 5 Nov 2021 19:59:18 +0000 (19:59 +0000)
16 files changed:
mod/lostpass.php patch | blob | history
mod/pubsub.php patch | blob | history
mod/pubsubhubbub.php patch | blob | history
mod/salmon.php patch | blob | history
mod/tagrm.php patch | blob | history
mod/unfollow.php patch | blob | history
src/Model/Item.php patch | blob | history
src/Model/User.php patch | blob | history
src/Module/Admin/Item/Delete.php patch | blob | history
src/Module/Admin/Logs/Settings.php patch | blob | history
src/Module/Admin/Storage.php patch | blob | history
src/Module/Register.php patch | blob | history
src/Module/Xrd.php patch | blob | history
src/Network/Probe.php patch | blob | history
src/Security/Authentication.php patch | blob | history
src/Worker/OnePoll.php patch | blob | history

diff --git a/mod/lostpass.php b/mod/lostpass.php
index 7e5b9724578b83d3f8924e084c7a1498ca6ce975..1ffe000be2c26d655e6ba5a12111a5f912802c86 100644 (file)
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -29,7 +29,7 @@ use Friendica\Util\Strings;
 
 function lostpass_post(App $a)
 {
-       $loginame = Strings::escapeTags(trim($_POST['login-name']));
+       $loginame = trim($_POST['login-name']);
        if (!$loginame) {
                DI::baseUrl()->redirect();
        }
diff --git a/mod/pubsub.php b/mod/pubsub.php
index 3727bade9ac19786d9d5a259dd7e657c049f9a88..f8f62754de8630359453f560530e2239e03736d0 100644 (file)
--- a/mod/pubsub.php
+++ b/mod/pubsub.php
@@ -50,14 +50,14 @@ function hub_post_return()
 
 function pubsub_init(App $a)
 {
-       $nick       = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : '');
-       $contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2])       : 0 );
+       $nick       = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1])   : '');
+       $contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 );
 
        if ($_SERVER['REQUEST_METHOD'] === 'GET') {
-               $hub_mode      = Strings::escapeTags(trim($_GET['hub_mode'] ?? ''));
-               $hub_topic     = Strings::escapeTags(trim($_GET['hub_topic'] ?? ''));
-               $hub_challenge = Strings::escapeTags(trim($_GET['hub_challenge'] ?? ''));
-               $hub_verify    = Strings::escapeTags(trim($_GET['hub_verify_token'] ?? ''));
+               $hub_mode      = trim($_GET['hub_mode']         ?? '');
+               $hub_topic     = trim($_GET['hub_topic']        ?? '');
+               $hub_challenge = trim($_GET['hub_challenge']    ?? '');
+               $hub_verify    = trim($_GET['hub_verify_token'] ?? '');
 
                Logger::notice('Subscription from ' . $_SERVER['REMOTE_ADDR'] . ' Mode: ' . $hub_mode . ' Nick: ' . $nick);
                Logger::debug('Data: ', ['get' => $_GET]);
@@ -110,8 +110,8 @@ function pubsub_post(App $a)
        Logger::info('Feed arrived from ' . $_SERVER['REMOTE_ADDR'] . ' for ' .  DI::args()->getCommand() . ' with user-agent: ' . $_SERVER['HTTP_USER_AGENT']);
        Logger::debug('Data: ' . $xml);
 
-       $nick       = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : '');
-       $contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2])       : 0 );
+       $nick       = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1])   : '');
+       $contact_id = ((DI::args()->getArgc() > 2) ? intval(DI::args()->getArgv()[2]) : 0 );
 
        $importer = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]);
        if (!DBA::isResult($importer)) {
diff --git a/mod/pubsubhubbub.php b/mod/pubsubhubbub.php
index 2cc2394c19c42ad5ef8cf37fb4e35aa78df9c784..6cd95995043049b9bc3e84adb1603267427e76dc 100644 (file)
--- a/mod/pubsubhubbub.php
+++ b/mod/pubsubhubbub.php
@@ -26,10 +26,6 @@ use Friendica\DI;
 use Friendica\Model\PushSubscriber;
 use Friendica\Util\Strings;
 
-function post_var($name) {
-       return !empty($_POST[$name]) ? Strings::escapeTags(trim($_POST[$name])) : '';
-}
-
 function pubsubhubbub_init(App $a) {
        // PuSH subscription must be considered "public" so just block it
        // if public access isn't enabled.
@@ -48,11 +44,11 @@ function pubsubhubbub_init(App $a) {
        // [hub_topic] => http://friendica.local/dfrn_poll/sazius
 
        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-               $hub_mode = post_var('hub_mode');
-               $hub_callback = post_var('hub_callback');
-               $hub_verify_token = post_var('hub_verify_token');
-               $hub_secret = post_var('hub_secret');
-               $hub_topic = post_var('hub_topic');
+               $hub_mode         = $_POST['hub_mode']         ?? '';
+               $hub_callback     = $_POST['hub_callback']     ?? '';
+               $hub_verify_token = $_POST['hub_verify_token'] ?? '';
+               $hub_secret       = $_POST['hub_secret']       ?? '';
+               $hub_topic        = $_POST['hub_topic']        ?? '';
 
                // check for valid hub_mode
                if ($hub_mode === 'subscribe') {
diff --git a/mod/salmon.php b/mod/salmon.php
index 3d32d3e3a9c461b54ec73c68ad1b224090591960..ad4950762148f888585a20140dc593a032dc7fc0 100644 (file)
--- a/mod/salmon.php
+++ b/mod/salmon.php
@@ -24,7 +24,6 @@ use Friendica\Core\Logger;
 use Friendica\Core\Protocol;
 use Friendica\Database\DBA;
 use Friendica\DI;
-use Friendica\Model\Contact;
 use Friendica\Model\GServer;
 use Friendica\Model\Post;
 use Friendica\Protocol\ActivityNamespace;
@@ -42,7 +41,7 @@ function salmon_post(App $a, $xml = '') {
 
        Logger::debug('new salmon ' . $xml);
 
-       $nick       = ((DI::args()->getArgc() > 1) ? Strings::escapeTags(trim(DI::args()->getArgv()[1])) : '');
+       $nick = ((DI::args()->getArgc() > 1) ? trim(DI::args()->getArgv()[1]) : '');
 
        $importer = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]);
        if (! DBA::isResult($importer)) {
diff --git a/mod/tagrm.php b/mod/tagrm.php
index b60823e31a47bfb0aee2d31c061324addf854e31..32cb19e691a461c97298e7b6300c79e6f53c8d00 100644 (file)
--- a/mod/tagrm.php
+++ b/mod/tagrm.php
@@ -23,10 +23,8 @@ use Friendica\App;
 use Friendica\Content\Text\BBCode;
 use Friendica\Database\DBA;
 use Friendica\DI;
-use Friendica\Model\Item;
 use Friendica\Model\Post;
 use Friendica\Model\Tag;
-use Friendica\Util\Strings;
 
 function tagrm_post(App $a)
 {
@@ -40,7 +38,7 @@ function tagrm_post(App $a)
 
        $tags = [];
        foreach ($_POST['tag'] ?? [] as $tag) {
-               $tags[] = hex2bin(Strings::escapeTags(trim($tag)));
+               $tags[] = hex2bin(trim($tag));
        }
 
        $item_id = $_POST['item'] ?? 0;
@@ -89,7 +87,7 @@ function tagrm_content(App $a)
        }
 
        if (DI::args()->getArgc()== 3) {
-               update_tags(DI::args()->getArgv()[1], [Strings::escapeTags(trim(hex2bin(DI::args()->getArgv()[2])))]);
+               update_tags(DI::args()->getArgv()[1], [trim(hex2bin(DI::args()->getArgv()[2]))]);
                DI::baseUrl()->redirect($photo_return);
        }
 
diff --git a/mod/unfollow.php b/mod/unfollow.php
index ac8ed40c31b969383f941b79ed04ae09a615a271..92bded2faa501b4f1741d26f08596f5d30e9a72c 100644 (file)
--- a/mod/unfollow.php
+++ b/mod/unfollow.php
@@ -37,7 +37,7 @@ function unfollow_post(App $a)
                // NOTREACHED
        }
 
-       $url = Strings::escapeTags(trim($_REQUEST['url'] ?? ''));
+       $url = trim($_REQUEST['url'] ?? '');
 
        unfollow_process($url);
 }
@@ -53,7 +53,7 @@ function unfollow_content(App $a)
        }
 
        $uid = local_user();
-       $url = Strings::escapeTags(trim($_REQUEST['url']));
+       $url = trim($_REQUEST['url']);
 
        $condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)",
                local_user(), Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url),
diff --git a/src/Model/Item.php b/src/Model/Item.php
index 094fa3b029c902553a9d174f27bfd087f25a46c6..923d72c11bcd37cf7955897553759bc9c93d2d45 100644 (file)
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -366,7 +366,7 @@ class Item
        public static function guid($item, $notify)
        {
                if (!empty($item['guid'])) {
-                       return Strings::escapeTags(trim($item['guid']));
+                       return trim($item['guid']);
                }
 
                if ($notify) {
diff --git a/src/Model/User.php b/src/Model/User.php
index 92f50dd25cdc89e920e67c80dd0f664cf25b4e9e..57d5560a47cec7d4ad7e68c64f01b829c3309da7 100644 (file)
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -911,18 +911,18 @@ class User
 
                $using_invites = DI::config()->get('system', 'invitation_only');
 
-               $invite_id  = !empty($data['invite_id'])  ? Strings::escapeTags(trim($data['invite_id']))  : '';
-               $username   = !empty($data['username'])   ? Strings::escapeTags(trim($data['username']))   : '';
-               $nickname   = !empty($data['nickname'])   ? Strings::escapeTags(trim($data['nickname']))   : '';
-               $email      = !empty($data['email'])      ? Strings::escapeTags(trim($data['email']))      : '';
-               $openid_url = !empty($data['openid_url']) ? Strings::escapeTags(trim($data['openid_url'])) : '';
-               $photo      = !empty($data['photo'])      ? Strings::escapeTags(trim($data['photo']))      : '';
-               $password   = !empty($data['password'])   ? trim($data['password'])           : '';
-               $password1  = !empty($data['password1'])  ? trim($data['password1'])          : '';
-               $confirm    = !empty($data['confirm'])    ? trim($data['confirm'])            : '';
+               $invite_id  = !empty($data['invite_id'])  ? trim($data['invite_id'])  : '';
+               $username   = !empty($data['username'])   ? trim($data['username'])   : '';
+               $nickname   = !empty($data['nickname'])   ? trim($data['nickname'])   : '';
+               $email      = !empty($data['email'])      ? trim($data['email'])      : '';
+               $openid_url = !empty($data['openid_url']) ? trim($data['openid_url']) : '';
+               $photo      = !empty($data['photo'])      ? trim($data['photo'])      : '';
+               $password   = !empty($data['password'])   ? trim($data['password'])   : '';
+               $password1  = !empty($data['password1'])  ? trim($data['password1'])  : '';
+               $confirm    = !empty($data['confirm'])    ? trim($data['confirm'])    : '';
                $blocked    = !empty($data['blocked']);
                $verified   = !empty($data['verified']);
-               $language   = !empty($data['language'])   ? Strings::escapeTags(trim($data['language']))   : 'en';
+               $language   = !empty($data['language'])   ? trim($data['language'])   : 'en';
 
                $netpublish = $publish = !empty($data['profile_publish_reg']);
 
diff --git a/src/Module/Admin/Item/Delete.php b/src/Module/Admin/Item/Delete.php
index f34ce7238108e5e8eb5514f124ee5c15c0ed2d1b..7afc3b09038e2c888d6d218fc183a6467a9993d1 100644 (file)
--- a/src/Module/Admin/Item/Delete.php
+++ b/src/Module/Admin/Item/Delete.php
@@ -40,7 +40,7 @@ class Delete extends BaseAdmin
                self::checkFormSecurityTokenRedirectOnError('/admin/item/delete', 'admin_deleteitem');
 
                if (!empty($_POST['page_deleteitem_submit'])) {
-                       $guid = trim(Strings::escapeTags($_POST['deleteitemguid']));
+                       $guid = trim($_POST['deleteitemguid']);
                        // The GUID should not include a "/", so if there is one, we got an URL
                        // and the last part of it is most likely the GUID.
                        if (strpos($guid, '/')) {
diff --git a/src/Module/Admin/Logs/Settings.php b/src/Module/Admin/Logs/Settings.php
index 8219362aa21e961443b6aee90859500e0c69eaaa..b0fcaebc33117d00e07a34870cd7681e6dff4233 100644 (file)
--- a/src/Module/Admin/Logs/Settings.php
+++ b/src/Module/Admin/Logs/Settings.php
@@ -39,7 +39,7 @@ class Settings extends BaseAdmin
 
                self::checkFormSecurityTokenRedirectOnError('/admin/logs', 'admin_logs');
 
-               $logfile   = (!empty($_POST['logfile']) ? Strings::escapeTags(trim($_POST['logfile'])) : '');
+               $logfile   = (!empty($_POST['logfile']) ? trim($_POST['logfile']) : '');
                $debugging = !empty($_POST['debugging']);
                $loglevel  = ($_POST['loglevel'] ?? '') ?: LogLevel::ERROR;
 
diff --git a/src/Module/Admin/Storage.php b/src/Module/Admin/Storage.php
index dfee3d2365a63dc4c6354e8c48d61f818b96cc0d..51e70d841ebc73eba194a95627ea649e7e499ff4 100644 (file)
--- a/src/Module/Admin/Storage.php
+++ b/src/Module/Admin/Storage.php
@@ -37,7 +37,7 @@ class Storage extends BaseAdmin
 
                self::checkFormSecurityTokenRedirectOnError('/admin/storage', 'admin_storage');
 
-               $storagebackend = Strings::escapeTags(trim($parameters['name'] ?? ''));
+               $storagebackend = trim($parameters['name'] ?? '');
 
                try {
                        /** @var ICanConfigureStorage|false $newStorageConfig */
diff --git a/src/Module/Register.php b/src/Module/Register.php
index e4a417fbaf11f87b28f13f4584e6c90cda522bbe..909e61a998688f6e4118140ced1f3ffbd3cdcaa7 100644 (file)
--- a/src/Module/Register.php
+++ b/src/Module/Register.php
@@ -302,7 +302,7 @@ class Register extends BaseModule
 
                $using_invites = DI::config()->get('system', 'invitation_only');
                $num_invites   = DI::config()->get('system', 'number_invites');
-               $invite_id = (!empty($_POST['invite_id']) ? Strings::escapeTags(trim($_POST['invite_id'])) : '');
+               $invite_id = (!empty($_POST['invite_id']) ? trim($_POST['invite_id']) : '');
 
                if (intval(DI::config()->get('config', 'register_policy')) === self::OPEN) {
                        if ($using_invites && $invite_id) {
diff --git a/src/Module/Xrd.php b/src/Module/Xrd.php
index 1d4082de1a16eb7223e71405f4b892eb9246b3e5..66404f4567d30b06887620af5a7dadbd79168044 100644 (file)
--- a/src/Module/Xrd.php
+++ b/src/Module/Xrd.php
@@ -30,7 +30,6 @@ use Friendica\Model\Photo;
 use Friendica\Model\User;
 use Friendica\Protocol\ActivityNamespace;
 use Friendica\Protocol\Salmon;
-use Friendica\Util\Strings;
 
 /**
  * Prints responses to /.well-known/webfinger  or /xrd requests
@@ -45,7 +44,7 @@ class Xrd extends BaseModule
                                return;
                        }
 
-                       $uri = urldecode(Strings::escapeTags(trim($_GET['uri'])));
+                       $uri = urldecode(trim($_GET['uri']));
                        if (strpos($_SERVER['HTTP_ACCEPT'] ?? '', 'application/jrd+json') !== false)  {
                                $mode = 'json';
                        } else {
@@ -56,7 +55,7 @@ class Xrd extends BaseModule
                                return;
                        }
 
-                       $uri = urldecode(Strings::escapeTags(trim($_GET['resource'])));
+                       $uri = urldecode(trim($_GET['resource']));
                        if (strpos($_SERVER['HTTP_ACCEPT'] ?? '', 'application/xrd+xml') !== false)  {
                                $mode = 'xml';
                        } else {
diff --git a/src/Network/Probe.php b/src/Network/Probe.php
index 64855b83a1b6180093614af2ba9a8ea7fa2c5bf5..10d03fa038a755bbbd3583be010441a4fb0f449a 100644 (file)
--- a/src/Network/Probe.php
+++ b/src/Network/Probe.php
@@ -1996,8 +1996,6 @@ class Probe
                                                        $data["name"] .= $perspart->text;
                                                }
                                        }
-
-                                       $data["name"] = Strings::escapeTags($data["name"]);
                                }
                        }
                }
diff --git a/src/Security/Authentication.php b/src/Security/Authentication.php
index d8d8ba4b424330eea6c00a549d96940a19057d43..b570af7802b9501d5fa3a0086f5e682b8389fdc5 100644 (file)
--- a/src/Security/Authentication.php
+++ b/src/Security/Authentication.php
@@ -37,7 +37,6 @@ use Friendica\Network\HTTPException;
 use Friendica\Security\TwoFactor\Repository\TrustedBrowser;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Network;
-use Friendica\Util\Strings;
 use LightOpenID;
 use Friendica\Core\L10n;
 use Psr\Log\LoggerInterface;
@@ -247,7 +246,7 @@ class Authentication
                                ['uid' => User::getIdFromPasswordAuthentication($username, $password)]
                        );
                } catch (Exception $e) {
-                       $this->logger->warning('authenticate: failed login attempt', ['action' => 'login', 'username' => Strings::escapeTags($username), 'ip' => $_SERVER['REMOTE_ADDR']]);
+                       $this->logger->warning('authenticate: failed login attempt', ['action' => 'login', 'username' => $username, 'ip' => $_SERVER['REMOTE_ADDR']]);
                        notice($this->l10n->t('Login failed. Please check your credentials.'));
                        $this->baseUrl->redirect();
                }
diff --git a/src/Worker/OnePoll.php b/src/Worker/OnePoll.php
index a5567841e1609ea880122077368a0144e8e0548e..b2c49c9f1dfa5af17227ea438c2770e1588285e3 100644 (file)
--- a/src/Worker/OnePoll.php
+++ b/src/Worker/OnePoll.php
@@ -102,7 +102,7 @@ class OnePoll
 
                if ($success) {
                        self::updateContact($contact, ['failed' => false, 'last-update' => $updated, 'success_update' => $updated]);
-                       Contact::unmarkForArchival($contact);   
+                       Contact::unmarkForArchival($contact);
                } else {
                        self::updateContact($contact, ['failed' => true, 'last-update' => $updated, 'failure_update' => $updated]);
                        Contact::markForArchival($contact);
@@ -317,7 +317,7 @@ class OnePoll
                                                        $datarray['title'] .= $subpart->text;
                                                }
                                        }
-                                       $datarray['title'] = Strings::escapeTags(trim($datarray['title']));
+                                       $datarray['title'] = trim($datarray['title']);
 
                                        //$datarray['title'] = Strings::escapeTags(trim($meta->subject));
                                        $datarray['created'] = DateTimeFormat::utc($meta->date);
Unnamed repository; edit this file 'description' to name the repository.