mirror of
https://github.com/Froxlor/Froxlor.git
synced 2024-09-21 02:17:34 +00:00
use Request-wrapper-class for every access to $_GET superglobal
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
parent
fce310049a
commit
7934684982
@ -98,7 +98,7 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
|
|||||||
|
|
||||||
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "switched user and is now '" . $destination_user . "'");
|
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "switched user and is now '" . $destination_user . "'");
|
||||||
|
|
||||||
$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
|
$target = Request::get('target', 'index');
|
||||||
$redirect = "customer_" . $target . ".php";
|
$redirect = "customer_" . $target . ".php";
|
||||||
if (!file_exists(Froxlor::getInstallDir() . "/" . $redirect)) {
|
if (!file_exists(Froxlor::getInstallDir() . "/" . $redirect)) {
|
||||||
$redirect = "customer_index.php";
|
$redirect = "customer_index.php";
|
||||||
|
@ -55,7 +55,7 @@ if ($action == 'logout') {
|
|||||||
$result = $result['switched_user'];
|
$result = $result['switched_user'];
|
||||||
session_regenerate_id(true);
|
session_regenerate_id(true);
|
||||||
CurrentUser::setData($result);
|
CurrentUser::setData($result);
|
||||||
$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
|
$target = Request::get('target', 'index');
|
||||||
$redirect = "admin_" . $target . ".php";
|
$redirect = "admin_" . $target . ".php";
|
||||||
if (!file_exists(\Froxlor\Froxlor::getInstallDir() . "/" . $redirect)) {
|
if (!file_exists(\Froxlor\Froxlor::getInstallDir() . "/" . $redirect)) {
|
||||||
$redirect = "admin_index.php";
|
$redirect = "admin_index.php";
|
||||||
@ -111,7 +111,7 @@ if ($page == 'overview') {
|
|||||||
|
|
||||||
$overview['number_domains'] = $number_domains['number_domains'];
|
$overview['number_domains'] = $number_domains['number_domains'];
|
||||||
|
|
||||||
if ((isset($_GET['lookfornewversion']) && $_GET['lookfornewversion'] == 'yes') || (isset($lookfornewversion) && $lookfornewversion == 'yes')) {
|
if (Request::get('lookfornewversion') == 'yes' || (isset($lookfornewversion) && $lookfornewversion == 'yes')) {
|
||||||
try {
|
try {
|
||||||
$json_result = Froxlor::getLocal($userinfo)->checkUpdate();
|
$json_result = Froxlor::getLocal($userinfo)->checkUpdate();
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
|
@ -107,7 +107,7 @@ if ($page == 'message') {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
} elseif ($action == 'showsuccess') {
|
} elseif ($action == 'showsuccess') {
|
||||||
$sentitems = isset($_GET['sentitems']) ? (int)$_GET['sentitems'] : 0;
|
$sentitems = Request::get('sentitems', 0);
|
||||||
|
|
||||||
if ($sentitems == 0) {
|
if ($sentitems == 0) {
|
||||||
$note_type = 'info';
|
$note_type = 'info';
|
||||||
|
@ -48,7 +48,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
|||||||
Settings::loadSettingsInto($settings_data);
|
Settings::loadSettingsInto($settings_data);
|
||||||
|
|
||||||
if (Request::post('send') == 'send') {
|
if (Request::post('send') == 'send') {
|
||||||
$_part = isset($_GET['part']) ? $_GET['part'] : '';
|
$_part = Request::get('part', '');
|
||||||
if ($_part == '') {
|
if ($_part == '') {
|
||||||
$_part = Request::post('part', '');
|
$_part = Request::post('part', '');
|
||||||
}
|
}
|
||||||
@ -97,7 +97,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
|||||||
Response::dynamicError($e->getMessage(), $e->getCode());
|
Response::dynamicError($e->getMessage(), $e->getCode());
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$_part = isset($_GET['part']) ? $_GET['part'] : '';
|
$_part = Request::get('part', '');
|
||||||
if ($_part == '') {
|
if ($_part == '') {
|
||||||
$_part = Request::post('part', '');
|
$_part = Request::post('part', '');
|
||||||
}
|
}
|
||||||
@ -235,7 +235,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
|||||||
$integrity = new IntegrityCheck();
|
$integrity = new IntegrityCheck();
|
||||||
if (Request::post('send') == 'send') {
|
if (Request::post('send') == 'send') {
|
||||||
$integrity->fixAll();
|
$integrity->fixAll();
|
||||||
} elseif (isset($_GET['action']) && $_GET['action'] == "fix") {
|
} elseif (Request::get('action') == "fix") {
|
||||||
HTML::askYesNo('admin_integritycheck_reallyfix', $filename, [
|
HTML::askYesNo('admin_integritycheck_reallyfix', $filename, [
|
||||||
'page' => $page
|
'page' => $page
|
||||||
]);
|
]);
|
||||||
@ -273,7 +273,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
|||||||
Response::standardError('jsonextensionnotfound');
|
Response::standardError('jsonextensionnotfound');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_GET['action']) && $_GET['action'] == "export") {
|
if (Request::get('action') == "export") {
|
||||||
// export
|
// export
|
||||||
try {
|
try {
|
||||||
$json_result = Froxlor::getLocal($userinfo)->exportSettings();
|
$json_result = Froxlor::getLocal($userinfo)->exportSettings();
|
||||||
@ -285,7 +285,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
|
|||||||
header('Content-type: application/json');
|
header('Content-type: application/json');
|
||||||
echo $json_export;
|
echo $json_export;
|
||||||
exit();
|
exit();
|
||||||
} elseif (isset($_GET['action']) && $_GET['action'] == "import") {
|
} elseif (Request::get('action') == "import") {
|
||||||
// import
|
// import
|
||||||
if (Request::post('send') == 'send') {
|
if (Request::post('send') == 'send') {
|
||||||
// get uploaded file
|
// get uploaded file
|
||||||
|
@ -371,7 +371,7 @@ if ($action == '') {
|
|||||||
Response::redirectTo($filename, [
|
Response::redirectTo($filename, [
|
||||||
'page' => $page
|
'page' => $page
|
||||||
]);
|
]);
|
||||||
} elseif (!isset($_GET['files'])) {
|
} elseif (empty(Request::get('files'))) {
|
||||||
// email templates
|
// email templates
|
||||||
$add = false;
|
$add = false;
|
||||||
$language_options = [];
|
$language_options = [];
|
||||||
|
@ -56,7 +56,7 @@ if ($action == 'logout') {
|
|||||||
$result = $result['switched_user'];
|
$result = $result['switched_user'];
|
||||||
session_regenerate_id(true);
|
session_regenerate_id(true);
|
||||||
CurrentUser::setData($result);
|
CurrentUser::setData($result);
|
||||||
$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
|
$target = Request::get('target', 'index');
|
||||||
$redirect = "admin_" . $target . ".php";
|
$redirect = "admin_" . $target . ".php";
|
||||||
if (!file_exists(Froxlor::getInstallDir() . "/" . $redirect)) {
|
if (!file_exists(Froxlor::getInstallDir() . "/" . $redirect)) {
|
||||||
$redirect = "admin_index.php";
|
$redirect = "admin_index.php";
|
||||||
|
@ -72,7 +72,7 @@ if ($action == 'add_record' && !empty($_POST)) {
|
|||||||
$errors = str_replace("\n", "<br>", $e->getMessage());
|
$errors = str_replace("\n", "<br>", $e->getMessage());
|
||||||
}
|
}
|
||||||
} elseif ($action == 'delete') {
|
} elseif ($action == 'delete') {
|
||||||
$entry_id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
|
$entry_id = (int)Request::get('id', 0);
|
||||||
HTML::askYesNo('dnsentry_reallydelete', $filename, [
|
HTML::askYesNo('dnsentry_reallydelete', $filename, [
|
||||||
'id' => $entry_id,
|
'id' => $entry_id,
|
||||||
'domain_id' => $domain_id,
|
'domain_id' => $domain_id,
|
||||||
|
@ -54,7 +54,7 @@ if ($action == '2fa_entercode') {
|
|||||||
Response::redirectTo('index.php');
|
Response::redirectTo('index.php');
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
$smessage = isset($_GET['showmessage']) ? (int)$_GET['showmessage'] : 0;
|
$smessage = (int)Request::get('showmessage', 0);
|
||||||
$message = "";
|
$message = "";
|
||||||
if ($smessage > 0) {
|
if ($smessage > 0) {
|
||||||
$message = lng('error.2fa_wrongcode');
|
$message = lng('error.2fa_wrongcode');
|
||||||
@ -412,7 +412,7 @@ if ($action == '2fa_entercode') {
|
|||||||
}
|
}
|
||||||
exit();
|
exit();
|
||||||
} else {
|
} else {
|
||||||
$smessage = isset($_GET['showmessage']) ? (int)$_GET['showmessage'] : 0;
|
$smessage = (int)Request::get('showmessage', 0);
|
||||||
$message = '';
|
$message = '';
|
||||||
$successmessage = '';
|
$successmessage = '';
|
||||||
|
|
||||||
@ -683,9 +683,9 @@ if ($action == 'resetpwd') {
|
|||||||
"oldest" => time() - 86400
|
"oldest" => time() - 86400
|
||||||
]);
|
]);
|
||||||
|
|
||||||
if (isset($_GET['resetcode']) && strlen($_GET['resetcode']) == 50) {
|
$activationcode = Request::get('resetcode');
|
||||||
|
if (!empty($activationcode) && strlen($activationcode) == 50) {
|
||||||
// Check if activation code is valid
|
// Check if activation code is valid
|
||||||
$activationcode = $_GET['resetcode'];
|
|
||||||
$timestamp = substr($activationcode, 15, 10);
|
$timestamp = substr($activationcode, 15, 10);
|
||||||
$third = substr($activationcode, 25, 15);
|
$third = substr($activationcode, 25, 15);
|
||||||
$check = substr($activationcode, 40, 10);
|
$check = substr($activationcode, 40, 10);
|
||||||
|
@ -33,10 +33,9 @@ class HTML
|
|||||||
/**
|
/**
|
||||||
* Build Navigation Sidebar
|
* Build Navigation Sidebar
|
||||||
*
|
*
|
||||||
* @param
|
* @param array $navigation data
|
||||||
* array navigation data
|
* @param array $userinfo the userinfo of the user
|
||||||
* @param
|
*
|
||||||
* array userinfo the userinfo of the user
|
|
||||||
* @return array the content of the navigation bar according to user-permissions
|
* @return array the content of the navigation bar according to user-permissions
|
||||||
*/
|
*/
|
||||||
public static function buildNavigation(array $navigation, array $userinfo)
|
public static function buildNavigation(array $navigation, array $userinfo)
|
||||||
@ -44,12 +43,19 @@ class HTML
|
|||||||
$returnvalue = [];
|
$returnvalue = [];
|
||||||
|
|
||||||
// sanitize user-given input (url-manipulation)
|
// sanitize user-given input (url-manipulation)
|
||||||
if (isset($_GET['page']) && is_array($_GET['page'])) {
|
$req_page = Request::get('page');
|
||||||
$_GET['page'] = (string)$_GET['page'][0];
|
if (!empty($req_page) && is_array($req_page)) {
|
||||||
|
$req_page = (string)array_shift($req_page);
|
||||||
}
|
}
|
||||||
if (isset($_GET['action']) && is_array($_GET['action'])) {
|
// need to preserve this
|
||||||
$_GET['action'] = (string)$_GET['action'][0];
|
$_GET['page'] = $req_page;
|
||||||
|
|
||||||
|
$req_action = Request::get('action');
|
||||||
|
if (!empty($req_action) && is_array($req_action)) {
|
||||||
|
$req_action = (string)array_shift($req_action);
|
||||||
}
|
}
|
||||||
|
// need to preserve this
|
||||||
|
$_GET['action'] = $req_action;
|
||||||
|
|
||||||
foreach ($navigation as $box) {
|
foreach ($navigation as $box) {
|
||||||
if ((!isset($box['show_element']) || $box['show_element'] === true) && (!isset($box['required_resources']) || $box['required_resources'] == '' || (isset($userinfo[$box['required_resources']]) && ((int)$userinfo[$box['required_resources']] > 0 || $userinfo[$box['required_resources']] == '-1')))) {
|
if ((!isset($box['show_element']) || $box['show_element'] === true) && (!isset($box['required_resources']) || $box['required_resources'] == '' || (isset($userinfo[$box['required_resources']]) && ((int)$userinfo[$box['required_resources']] > 0 || $userinfo[$box['required_resources']] == '-1')))) {
|
||||||
@ -69,7 +75,7 @@ class HTML
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (
|
if (
|
||||||
((empty($_GET['page']) && substr_count($element['url'], "page=") == 0) || (isset($_GET['page']) && substr_count($element['url'], "page=" . $_GET['page']) > 0))
|
((empty($req_page) && substr_count($element['url'], "page=") == 0) || (!empty($req_page) && substr_count($element['url'], "page=" . $req_page) > 0))
|
||||||
&& substr_count($element['url'], basename($_SERVER["SCRIPT_FILENAME"])) > 0
|
&& substr_count($element['url'], basename($_SERVER["SCRIPT_FILENAME"])) > 0
|
||||||
) {
|
) {
|
||||||
$active = true;
|
$active = true;
|
||||||
|
Loading…
Reference in New Issue
Block a user