From 0e01568ccd5b5ce081eff83e2ed0b888e0b6db55 Mon Sep 17 00:00:00 2001 From: Adam Magness Date: Thu, 8 Nov 2018 10:20:03 -0500 Subject: [PATCH] escape_tags calls implement escapeTags function --- mod/admin.php | 4 ++-- mod/dirfind.php | 8 ++++---- mod/events.php | 11 ++++++----- mod/fsuggest.php | 2 +- mod/item.php | 18 +++++++++--------- mod/message.php | 4 ++-- mod/network.php | 6 +++--- mod/profile.php | 4 ++-- mod/profiles.php | 28 ++++++++++++++-------------- mod/wallmessage.php | 4 ++-- src/Model/Item.php | 2 +- src/Module/Contact.php | 4 ++-- src/Module/Hashtag.php | 3 ++- src/Util/Strings.php | 2 +- src/Worker/OnePoll.php | 2 +- tests/include/TextTest.php | 2 +- 16 files changed, 53 insertions(+), 51 deletions(-) diff --git a/mod/admin.php b/mod/admin.php index 0be43036be..730d21984d 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -2478,9 +2478,9 @@ function admin_page_viewlogs(App $a) } $seek = fseek($fp, 0 - $size, SEEK_END); if ($seek === 0) { - $data = escape_tags(fread($fp, $size)); + $data = Strings::escapeTags(fread($fp, $size)); while (!feof($fp)) { - $data .= escape_tags(fread($fp, 4096)); + $data .= Strings::escapeTags(fread($fp, 4096)); } } } diff --git a/mod/dirfind.php b/mod/dirfind.php index df4bda7227..cf58098ab9 100644 --- a/mod/dirfind.php +++ b/mod/dirfind.php @@ -126,8 +126,8 @@ function dirfind_content(App $a, $prefix = "") { (`url` LIKE '%s' OR `name` LIKE '%s' OR `location` LIKE '%s' OR `addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql", DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora), - DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), - DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2))); + DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), + DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2))); $results = q("SELECT `nurl` FROM `gcontact` @@ -138,8 +138,8 @@ function dirfind_content(App $a, $prefix = "") { GROUP BY `nurl` ORDER BY `updated` DESC LIMIT %d, %d", DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora), - DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), - DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), + DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), + DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), DBA::escape(Strings::escapeTags($search2)), $pager->getStart(), $pager->getItemsPerPage()); $j = new stdClass(); $j->total = $count[0]["total"]; diff --git a/mod/events.php b/mod/events.php index c9461a48ec..540a5b1650 100644 --- a/mod/events.php +++ b/mod/events.php @@ -19,6 +19,7 @@ use Friendica\Model\Item; use Friendica\Model\Profile; use Friendica\Module\Login; use Friendica\Util\DateTimeFormat; +use Friendica\Util\Strings; use Friendica\Util\Temporal; require_once 'include/items.php'; @@ -59,8 +60,8 @@ function events_post(App $a) $cid = !empty($_POST['cid']) ? intval($_POST['cid']) : 0; $uid = local_user(); - $start_text = escape_tags(defaults($_REQUEST, 'start_text', '')); - $finish_text = escape_tags(defaults($_REQUEST, 'finish_text', '')); + $start_text = Strings::escapeTags(defaults($_REQUEST, 'start_text', '')); + $finish_text = Strings::escapeTags(defaults($_REQUEST, 'finish_text', '')); $adjust = intval(defaults($_POST, 'adjust', 0)); $nofinish = intval(defaults($_POST, 'nofinish', 0)); @@ -96,9 +97,9 @@ function events_post(App $a) // and we'll waste a bunch of time responding to it. Time that // could've been spent doing something else. - $summary = escape_tags(trim(defaults($_POST, 'summary', ''))); - $desc = escape_tags(trim(defaults($_POST, 'desc', ''))); - $location = escape_tags(trim(defaults($_POST, 'location', ''))); + $summary = Strings::escapeTags(trim(defaults($_POST, 'summary', ''))); + $desc = Strings::escapeTags(trim(defaults($_POST, 'desc', ''))); + $location = Strings::escapeTags(trim(defaults($_POST, 'location', ''))); $type = 'event'; $action = ($event_id == '') ? 'new' : "event/" . $event_id; diff --git a/mod/fsuggest.php b/mod/fsuggest.php index f87046f6c9..7768c8cf8c 100644 --- a/mod/fsuggest.php +++ b/mod/fsuggest.php @@ -37,7 +37,7 @@ function fsuggest_post(App $a) $hash = Strings::getRandomHex(); - $note = escape_tags(trim(defaults($_POST, 'note', ''))); + $note = Strings::escapeTags(trim(defaults($_POST, 'note', ''))); if ($new_contact) { $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", diff --git a/mod/item.php b/mod/item.php index c2088c4542..c6f359cf48 100644 --- a/mod/item.php +++ b/mod/item.php @@ -205,7 +205,7 @@ function item_post(App $a) { $app = $orig_post['app']; $categories = $orig_post['file']; $title = Strings::removeTags(trim($_REQUEST['title'])); - $body = escape_tags(trim($_REQUEST['body'])); + $body = Strings::escapeTags(trim($_REQUEST['body'])); $private = $orig_post['private']; $pubmail_enabled = $orig_post['pubmail']; $network = $orig_post['network']; @@ -236,14 +236,14 @@ function item_post(App $a) { $str_contact_deny = perms2str(defaults($_REQUEST, 'contact_deny', '')); } - $title = Strings::removeTags(trim(defaults($_REQUEST, 'title' , ''))); - $location = Strings::removeTags(trim(defaults($_REQUEST, 'location', ''))); - $coord = Strings::removeTags(trim(defaults($_REQUEST, 'coord' , ''))); - $verb = Strings::removeTags(trim(defaults($_REQUEST, 'verb' , ''))); - $emailcc = Strings::removeTags(trim(defaults($_REQUEST, 'emailcc' , ''))); - $body = escape_tags(trim(defaults($_REQUEST, 'body' , ''))); - $network = Strings::removeTags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN))); - $guid = System::createUUID(); + $title = Strings::removeTags(trim(defaults($_REQUEST, 'title' , ''))); + $location = Strings::removeTags(trim(defaults($_REQUEST, 'location', ''))); + $coord = Strings::removeTags(trim(defaults($_REQUEST, 'coord' , ''))); + $verb = Strings::removeTags(trim(defaults($_REQUEST, 'verb' , ''))); + $emailcc = Strings::removeTags(trim(defaults($_REQUEST, 'emailcc' , ''))); + $body = Strings::escapeTags(trim(defaults($_REQUEST, 'body' , ''))); + $network = Strings::removeTags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN))); + $guid = System::createUUID(); $postopts = defaults($_REQUEST, 'postopts', ''); diff --git a/mod/message.php b/mod/message.php index 959420bfe1..afb3391474 100644 --- a/mod/message.php +++ b/mod/message.php @@ -61,7 +61,7 @@ function message_post(App $a) $replyto = x($_REQUEST, 'replyto') ? Strings::removeTags(trim($_REQUEST['replyto'])) : ''; $subject = x($_REQUEST, 'subject') ? Strings::removeTags(trim($_REQUEST['subject'])) : ''; - $body = x($_REQUEST, 'body') ? escape_tags(trim($_REQUEST['body'])) : ''; + $body = x($_REQUEST, 'body') ? Strings::escapeTags(trim($_REQUEST['body'])) : ''; $recipient = x($_REQUEST, 'messageto') ? intval($_REQUEST['messageto']) : 0; $ret = Mail::send($recipient, $body, $subject, $replyto); @@ -254,7 +254,7 @@ function message_content(App $a) '$preid' => $preid, '$subject' => L10n::t('Subject:'), '$subjtxt' => x($_REQUEST, 'subject') ? strip_tags($_REQUEST['subject']) : '', - '$text' => x($_REQUEST, 'body') ? escape_tags(htmlspecialchars($_REQUEST['body'])) : '', + '$text' => x($_REQUEST, 'body') ? Strings::escapeTags(htmlspecialchars($_REQUEST['body'])) : '', '$readonly' => '', '$yourmessage' => L10n::t('Your message:'), '$select' => $select, diff --git a/mod/network.php b/mod/network.php index 5e5f095db1..e1c077b6c5 100644 --- a/mod/network.php +++ b/mod/network.php @@ -42,7 +42,7 @@ function network_init(App $a) Hook::add('head', __FILE__, 'network_infinite_scroll_head'); - $search = (x($_GET, 'search') ? escape_tags($_GET['search']) : ''); + $search = (x($_GET, 'search') ? Strings::escapeTags($_GET['search']) : ''); if (($search != '') && !empty($_GET['submit'])) { $a->internalRedirect('search?search=' . urlencode($search)); @@ -519,9 +519,9 @@ function networkThreadedView(App $a, $update, $parent) for ($x = 1; $x < $a->argc; $x ++) { if (is_a_date_arg($a->argv[$x])) { if ($datequery) { - $datequery2 = escape_tags($a->argv[$x]); + $datequery2 = Strings::escapeTags($a->argv[$x]); } else { - $datequery = escape_tags($a->argv[$x]); + $datequery = Strings::escapeTags($a->argv[$x]); $_GET['order'] = 'post'; } } elseif (intval($a->argv[$x])) { diff --git a/mod/profile.php b/mod/profile.php index a006c88682..d07631dced 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -115,9 +115,9 @@ function profile_content(App $a, $update = 0) for ($x = 2; $x < $a->argc; $x ++) { if (is_a_date_arg($a->argv[$x])) { if ($datequery) { - $datequery2 = escape_tags($a->argv[$x]); + $datequery2 = Strings::escapeTags($a->argv[$x]); } else { - $datequery = escape_tags($a->argv[$x]); + $datequery = Strings::escapeTags($a->argv[$x]); } } else { $category = $a->argv[$x]; diff --git a/mod/profiles.php b/mod/profiles.php index d6faadd44a..00fdc6a29c 100644 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -208,7 +208,7 @@ function profiles_post(App $a) { return; } - $dob = $_POST['dob'] ? escape_tags(trim($_POST['dob'])) : '0000-00-00'; + $dob = $_POST['dob'] ? Strings::escapeTags(trim($_POST['dob'])) : '0000-00-00'; $y = substr($dob, 0, 4); if ((! ctype_digit($y)) || ($y < 1900)) { @@ -323,19 +323,19 @@ function profiles_post(App $a) { $politic = Strings::removeTags(trim($_POST['politic'])); $religion = Strings::removeTags(trim($_POST['religion'])); - $likes = escape_tags(trim($_POST['likes'])); - $dislikes = escape_tags(trim($_POST['dislikes'])); - - $about = escape_tags(trim($_POST['about'])); - $interest = escape_tags(trim($_POST['interest'])); - $contact = escape_tags(trim($_POST['contact'])); - $music = escape_tags(trim($_POST['music'])); - $book = escape_tags(trim($_POST['book'])); - $tv = escape_tags(trim($_POST['tv'])); - $film = escape_tags(trim($_POST['film'])); - $romance = escape_tags(trim($_POST['romance'])); - $work = escape_tags(trim($_POST['work'])); - $education = escape_tags(trim($_POST['education'])); + $likes = Strings::escapeTags(trim($_POST['likes'])); + $dislikes = Strings::escapeTags(trim($_POST['dislikes'])); + + $about = Strings::escapeTags(trim($_POST['about'])); + $interest = Strings::escapeTags(trim($_POST['interest'])); + $contact = Strings::escapeTags(trim($_POST['contact'])); + $music = Strings::escapeTags(trim($_POST['music'])); + $book = Strings::escapeTags(trim($_POST['book'])); + $tv = Strings::escapeTags(trim($_POST['tv'])); + $film = Strings::escapeTags(trim($_POST['film'])); + $romance = Strings::escapeTags(trim($_POST['romance'])); + $work = Strings::escapeTags(trim($_POST['work'])); + $education = Strings::escapeTags(trim($_POST['education'])); $hide_friends = (($_POST['hide-friends'] == 1) ? 1: 0); diff --git a/mod/wallmessage.php b/mod/wallmessage.php index aa5186452d..f2fb04442c 100644 --- a/mod/wallmessage.php +++ b/mod/wallmessage.php @@ -21,7 +21,7 @@ function wallmessage_post(App $a) { } $subject = ((x($_REQUEST,'subject')) ? Strings::removeTags(trim($_REQUEST['subject'])) : ''); - $body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : ''); + $body = ((x($_REQUEST,'body')) ? Strings::escapeTags(trim($_REQUEST['body'])) : ''); $recipient = (($a->argc > 1) ? Strings::removeTags($a->argv[1]) : ''); if ((! $recipient) || (! $body)) { @@ -132,7 +132,7 @@ function wallmessage_content(App $a) { '$recipname' => $user['username'], '$nickname' => $user['nickname'], '$subjtxt' => ((x($_REQUEST, 'subject')) ? strip_tags($_REQUEST['subject']) : ''), - '$text' => ((x($_REQUEST, 'body')) ? escape_tags(htmlspecialchars($_REQUEST['body'])) : ''), + '$text' => ((x($_REQUEST, 'body')) ? Strings::escapeTags(htmlspecialchars($_REQUEST['body'])) : ''), '$readonly' => '', '$yourmessage' => L10n::t('Your message:'), '$parent' => '', diff --git a/src/Model/Item.php b/src/Model/Item.php index 4790f9f6d7..c2238c1c45 100644 --- a/src/Model/Item.php +++ b/src/Model/Item.php @@ -3447,7 +3447,7 @@ class Item extends BaseObject $filesubtype = 'unkn'; } - $title = escape_tags(trim(!empty($mtch[4]) ? $mtch[4] : $mtch[1])); + $title = Strings::escapeTags(trim(!empty($mtch[4]) ? $mtch[4] : $mtch[1])); $title .= ' ' . $mtch[2] . ' ' . L10n::t('bytes'); $icon = '
'; diff --git a/src/Module/Contact.php b/src/Module/Contact.php index c25665f247..75e2af7b27 100644 --- a/src/Module/Contact.php +++ b/src/Module/Contact.php @@ -214,14 +214,14 @@ class Contact extends BaseModule $fetch_further_information = intval(defaults($_POST, 'fetch_further_information', 0)); - $ffi_keyword_blacklist = escape_tags(trim(defaults($_POST, 'ffi_keyword_blacklist', ''))); + $ffi_keyword_blacklist = Strings::escapeTags(trim(defaults($_POST, 'ffi_keyword_blacklist', ''))); $priority = intval(defaults($_POST, 'poll', 0)); if ($priority > 5 || $priority < 0) { $priority = 0; } - $info = escape_tags(trim($_POST['info'])); + $info = Strings::escapeTags(trim($_POST['info'])); $r = DBA::update('contact', [ 'profile-id' => $profile_id, diff --git a/src/Module/Hashtag.php b/src/Module/Hashtag.php index bfe1eee7de..b016b4da40 100644 --- a/src/Module/Hashtag.php +++ b/src/Module/Hashtag.php @@ -7,6 +7,7 @@ namespace Friendica\Module; use Friendica\BaseModule; use Friendica\Core\System; use Friendica\Database\DBA; +use Friendica\Util\Strings; require_once 'include/dba.php'; require_once 'include/text.php'; @@ -21,7 +22,7 @@ class Hashtag extends BaseModule { $result = []; - $t = escape_tags($_REQUEST['t']); + $t = Strings::escapeTags($_REQUEST['t']); if (empty($t)) { System::jsonExit($result); } diff --git a/src/Util/Strings.php b/src/Util/Strings.php index f536e60a12..bf31f62fa0 100644 --- a/src/Util/Strings.php +++ b/src/Util/Strings.php @@ -56,7 +56,7 @@ class Strings * * @return string */ - public static function escapeTags($string) // escape_tags() + public static function escapeTags($string) { return htmlspecialchars($string, ENT_COMPAT, 'UTF-8', false); } diff --git a/src/Worker/OnePoll.php b/src/Worker/OnePoll.php index 5de6df174f..f9ff0b1a6a 100644 --- a/src/Worker/OnePoll.php +++ b/src/Worker/OnePoll.php @@ -507,7 +507,7 @@ class OnePoll Logger::log("Mail: can't fetch msg ".$msg_uid." for ".$mailconf['user']); continue; } - $datarray['body'] = escape_tags($r['body']); + $datarray['body'] = Strings::escapeTags($r['body']); $datarray['body'] = BBCode::limitBodySize($datarray['body']); Logger::log("Mail: Importing ".$msg_uid." for ".$mailconf['user']); diff --git a/tests/include/TextTest.php b/tests/include/TextTest.php index 89e1dfcbdb..d4c9c1ec47 100644 --- a/tests/include/TextTest.php +++ b/tests/include/TextTest.php @@ -240,7 +240,7 @@ class TextTest extends TestCase $invalidstring=''; $validstring = Friendica\Util\Strings::removeTags($invalidstring); - $escapedString=escape_tags($invalidstring); + $escapedString = Friendica\Util\Strings::escapeTags($invalidstring); $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring); $this->assertEquals( -- 2.39.5