clones/Froxlor
1
0
Fork 0
mirror of https://github.com/Froxlor/Froxlor.git synced 2024-09-21 02:17:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

use Request-wrapper-class for every access to $_GET superglobal

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann 2024-05-09 16:03:46 +02:00
parent fce310049a
commit 7934684982
No known key found for this signature in database
GPG Key ID: C121F97338D7A352
9 changed files with 31 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
admin_customers.php
View File

@ -98,7 +98,7 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "switched user and is now '" . $destination_user . "'"); $log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "switched user and is now '" . $destination_user . "'");
$target = (isset($_GET['target']) ? $_GET['target'] : 'index'); $target = Request::get('target', 'index');
$redirect = "customer_" . $target . ".php"; $redirect = "customer_" . $target . ".php";
if (!file_exists(Froxlor::getInstallDir() . "/" . $redirect)) { if (!file_exists(Froxlor::getInstallDir() . "/" . $redirect)) {
$redirect = "customer_index.php"; $redirect = "customer_index.php";

4
admin_index.php
View File

@ -55,7 +55,7 @@ if ($action == 'logout') {
$result = $result['switched_user']; $result = $result['switched_user'];
session_regenerate_id(true); session_regenerate_id(true);
CurrentUser::setData($result); CurrentUser::setData($result);
$target = (isset($_GET['target']) ? $_GET['target'] : 'index'); $target = Request::get('target', 'index');
$redirect = "admin_" . $target . ".php"; $redirect = "admin_" . $target . ".php";
if (!file_exists(\Froxlor\Froxlor::getInstallDir() . "/" . $redirect)) { if (!file_exists(\Froxlor\Froxlor::getInstallDir() . "/" . $redirect)) {
$redirect = "admin_index.php"; $redirect = "admin_index.php";
@ -111,7 +111,7 @@ if ($page == 'overview') {
$overview['number_domains'] = $number_domains['number_domains']; $overview['number_domains'] = $number_domains['number_domains'];
if ((isset($_GET['lookfornewversion']) && $_GET['lookfornewversion'] == 'yes') || (isset($lookfornewversion) && $lookfornewversion == 'yes')) { if (Request::get('lookfornewversion') == 'yes' || (isset($lookfornewversion) && $lookfornewversion == 'yes')) {
try { try {
$json_result = Froxlor::getLocal($userinfo)->checkUpdate(); $json_result = Froxlor::getLocal($userinfo)->checkUpdate();
} catch (Exception $e) { } catch (Exception $e) {

2
admin_message.php
View File

@ -107,7 +107,7 @@ if ($page == 'message') {
} }
} }
} elseif ($action == 'showsuccess') { } elseif ($action == 'showsuccess') {
$sentitems = isset($_GET['sentitems']) ? (int)$_GET['sentitems'] : 0; $sentitems = Request::get('sentitems', 0);
if ($sentitems == 0) { if ($sentitems == 0) {
$note_type = 'info'; $note_type = 'info';

10
admin_settings.php
View File

@ -48,7 +48,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
Settings::loadSettingsInto($settings_data); Settings::loadSettingsInto($settings_data);
if (Request::post('send') == 'send') { if (Request::post('send') == 'send') {
$_part = isset($_GET['part']) ? $_GET['part'] : ''; $_part = Request::get('part', '');
if ($_part == '') { if ($_part == '') {
$_part = Request::post('part', ''); $_part = Request::post('part', '');
} }
@ -97,7 +97,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
Response::dynamicError($e->getMessage(), $e->getCode()); Response::dynamicError($e->getMessage(), $e->getCode());
} }
} else { } else {
$_part = isset($_GET['part']) ? $_GET['part'] : ''; $_part = Request::get('part', '');
if ($_part == '') { if ($_part == '') {
$_part = Request::post('part', ''); $_part = Request::post('part', '');
} }
@ -235,7 +235,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
$integrity = new IntegrityCheck(); $integrity = new IntegrityCheck();
if (Request::post('send') == 'send') { if (Request::post('send') == 'send') {
$integrity->fixAll(); $integrity->fixAll();
} elseif (isset($_GET['action']) && $_GET['action'] == "fix") { } elseif (Request::get('action') == "fix") {
HTML::askYesNo('admin_integritycheck_reallyfix', $filename, [ HTML::askYesNo('admin_integritycheck_reallyfix', $filename, [
'page' => $page 'page' => $page
]); ]);
@ -273,7 +273,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
Response::standardError('jsonextensionnotfound'); Response::standardError('jsonextensionnotfound');
} }
if (isset($_GET['action']) && $_GET['action'] == "export") { if (Request::get('action') == "export") {
// export // export
try { try {
$json_result = Froxlor::getLocal($userinfo)->exportSettings(); $json_result = Froxlor::getLocal($userinfo)->exportSettings();
@ -285,7 +285,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
header('Content-type: application/json'); header('Content-type: application/json');
echo $json_export; echo $json_export;
exit(); exit();
} elseif (isset($_GET['action']) && $_GET['action'] == "import") { } elseif (Request::get('action') == "import") {
// import // import
if (Request::post('send') == 'send') { if (Request::post('send') == 'send') {
// get uploaded file // get uploaded file

2
admin_templates.php
View File

@ -371,7 +371,7 @@ if ($action == '') {
Response::redirectTo($filename, [ Response::redirectTo($filename, [
'page' => $page 'page' => $page
]); ]);
} elseif (!isset($_GET['files'])) { } elseif (empty(Request::get('files'))) {
// email templates // email templates
$add = false; $add = false;
$language_options = []; $language_options = [];

2
customer_index.php
View File

@ -56,7 +56,7 @@ if ($action == 'logout') {
$result = $result['switched_user']; $result = $result['switched_user'];
session_regenerate_id(true); session_regenerate_id(true);
CurrentUser::setData($result); CurrentUser::setData($result);
$target = (isset($_GET['target']) ? $_GET['target'] : 'index'); $target = Request::get('target', 'index');
$redirect = "admin_" . $target . ".php"; $redirect = "admin_" . $target . ".php";
if (!file_exists(Froxlor::getInstallDir() . "/" . $redirect)) { if (!file_exists(Froxlor::getInstallDir() . "/" . $redirect)) {
$redirect = "admin_index.php"; $redirect = "admin_index.php";

2
dns_editor.php
View File

@ -72,7 +72,7 @@ if ($action == 'add_record' && !empty($_POST)) {
$errors = str_replace("\n", "<br>", $e->getMessage()); $errors = str_replace("\n", "<br>", $e->getMessage());
} }
} elseif ($action == 'delete') { } elseif ($action == 'delete') {
$entry_id = isset($_GET['id']) ? (int)$_GET['id'] : 0; $entry_id = (int)Request::get('id', 0);
HTML::askYesNo('dnsentry_reallydelete', $filename, [ HTML::askYesNo('dnsentry_reallydelete', $filename, [
'id' => $entry_id, 'id' => $entry_id,
'domain_id' => $domain_id, 'domain_id' => $domain_id,

8
index.php
View File

@ -54,7 +54,7 @@ if ($action == '2fa_entercode') {
Response::redirectTo('index.php'); Response::redirectTo('index.php');
exit(); exit();
} }
$smessage = isset($_GET['showmessage']) ? (int)$_GET['showmessage'] : 0; $smessage = (int)Request::get('showmessage', 0);
$message = ""; $message = "";
if ($smessage > 0) { if ($smessage > 0) {
$message = lng('error.2fa_wrongcode'); $message = lng('error.2fa_wrongcode');
@ -412,7 +412,7 @@ if ($action == '2fa_entercode') {
} }
exit(); exit();
} else { } else {
$smessage = isset($_GET['showmessage']) ? (int)$_GET['showmessage'] : 0; $smessage = (int)Request::get('showmessage', 0);
$message = ''; $message = '';
$successmessage = ''; $successmessage = '';
@ -683,9 +683,9 @@ if ($action == 'resetpwd') {
"oldest" => time() - 86400 "oldest" => time() - 86400
]); ]);
if (isset($_GET['resetcode']) && strlen($_GET['resetcode']) == 50) { $activationcode = Request::get('resetcode');
if (!empty($activationcode) && strlen($activationcode) == 50) {
// Check if activation code is valid // Check if activation code is valid
$activationcode = $_GET['resetcode'];
$timestamp = substr($activationcode, 15, 10); $timestamp = substr($activationcode, 15, 10);
$third = substr($activationcode, 25, 15); $third = substr($activationcode, 25, 15);
$check = substr($activationcode, 40, 10); $check = substr($activationcode, 40, 10);

24
lib/Froxlor/UI/HTML.php
View File

@ -33,10 +33,9 @@ class HTML
/** /**
* Build Navigation Sidebar * Build Navigation Sidebar
* *
* @param * @param array $navigation data
* array navigation data * @param array $userinfo the userinfo of the user
* @param *
* array userinfo the userinfo of the user
* @return array the content of the navigation bar according to user-permissions * @return array the content of the navigation bar according to user-permissions
*/ */
public static function buildNavigation(array $navigation, array $userinfo) public static function buildNavigation(array $navigation, array $userinfo)
@ -44,12 +43,19 @@ class HTML
$returnvalue = []; $returnvalue = [];
// sanitize user-given input (url-manipulation) // sanitize user-given input (url-manipulation)
if (isset($_GET['page']) && is_array($_GET['page'])) { $req_page = Request::get('page');
$_GET['page'] = (string)$_GET['page'][0]; if (!empty($req_page) && is_array($req_page)) {
$req_page = (string)array_shift($req_page);
} }
if (isset($_GET['action']) && is_array($_GET['action'])) { // need to preserve this
$_GET['action'] = (string)$_GET['action'][0]; $_GET['page'] = $req_page;
$req_action = Request::get('action');
if (!empty($req_action) && is_array($req_action)) {
$req_action = (string)array_shift($req_action);
} }
// need to preserve this
$_GET['action'] = $req_action;
foreach ($navigation as $box) { foreach ($navigation as $box) {
if ((!isset($box['show_element']) || $box['show_element'] === true) && (!isset($box['required_resources']) || $box['required_resources'] == '' || (isset($userinfo[$box['required_resources']]) && ((int)$userinfo[$box['required_resources']] > 0 || $userinfo[$box['required_resources']] == '-1')))) { if ((!isset($box['show_element']) || $box['show_element'] === true) && (!isset($box['required_resources']) || $box['required_resources'] == '' || (isset($userinfo[$box['required_resources']]) && ((int)$userinfo[$box['required_resources']] > 0 || $userinfo[$box['required_resources']] == '-1')))) {
@ -69,7 +75,7 @@ class HTML
} }
if ( if (
((empty($_GET['page']) && substr_count($element['url'], "page=") == 0) || (isset($_GET['page']) && substr_count($element['url'], "page=" . $_GET['page']) > 0)) ((empty($req_page) && substr_count($element['url'], "page=") == 0) || (!empty($req_page) && substr_count($element['url'], "page=" . $req_page) > 0))
&& substr_count($element['url'], basename($_SERVER["SCRIPT_FILENAME"])) > 0 && substr_count($element['url'], basename($_SERVER["SCRIPT_FILENAME"])) > 0
) { ) {
$active = true; $active = true;