diff --git a/2fa.php b/2fa.php
index b90cc0d2..635acf31 100644
--- a/2fa.php
+++ b/2fa.php
@@ -33,6 +33,7 @@ use Froxlor\FroxlorLogger;
use Froxlor\FroxlorTwoFactorAuth;
use Froxlor\Settings;
use Froxlor\UI\Panel\UI;
+use Froxlor\UI\Request;
use Froxlor\UI\Response;
use Froxlor\PhpHelper;
use Froxlor\User;
@@ -63,7 +64,7 @@ if ($action == 'delete') {
]);
Response::standardSuccess('2fa.2fa_removed');
} elseif ($action == 'preadd') {
- $type = isset($_POST['type_2fa']) ? $_POST['type_2fa'] : '0';
+ $type = Request::post('type_2fa', '0');
$data = "";
if ($type > 0) {
@@ -107,9 +108,9 @@ if ($action == 'delete') {
Response::dynamicError('Select one of the possible values for 2FA');
}
} elseif ($action == 'add') {
- $type = isset($_POST['type_2fa']) ? $_POST['type_2fa'] : '0';
- $data = isset($_POST['data_2fa']) ? $_POST['data_2fa'] : '';
- $code = isset($_POST['codevalidation']) ? $_POST['codevalidation'] : '';
+ $type = Request::post('type_2fa', '0');
+ $data = Request::post('data_2fa', '');
+ $code = Request::post('codevalidation', '');
// validate
$result = $tfa->verifyCode($data, $code, 3);
diff --git a/admin_admins.php b/admin_admins.php
index 98a522f2..2399f778 100644
--- a/admin_admins.php
+++ b/admin_admins.php
@@ -106,7 +106,7 @@ if (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettin
Response::standardError('youcantdeleteyourself');
}
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
Admins::getLocal($userinfo, [
'id' => $id
])->delete();
@@ -122,9 +122,9 @@ if (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettin
}
}
} elseif ($action == 'add') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- Admins::getLocal($userinfo, $_POST)->add();
+ Admins::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -159,9 +159,9 @@ if (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettin
$result = json_decode($json_result, true)['data'];
if ($result['loginname'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- Admins::getLocal($userinfo, $_POST)->update();
+ Admins::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
diff --git a/admin_apcuinfo.php b/admin_apcuinfo.php
index f4a7e340..f9d96cff 100644
--- a/admin_apcuinfo.php
+++ b/admin_apcuinfo.php
@@ -33,6 +33,7 @@
use Froxlor\FroxlorLogger;
use Froxlor\UI\Panel\UI;
+use Froxlor\UI\Request;
use Froxlor\UI\Response;
use Froxlor\UI\HTML;
@@ -42,7 +43,7 @@ require __DIR__ . '/lib/init.php';
$horizontal_bar_size = 950; // 1280px window width
if ($action == 'delete' && function_exists('apcu_clear_cache') && $userinfo['change_serversettings'] == '1') {
- if ($_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
apcu_clear_cache();
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "cleared APCu cache");
header('Location: ' . $linker->getLink([
diff --git a/admin_autoupdate.php b/admin_autoupdate.php
index dcaedae8..0c76152b 100644
--- a/admin_autoupdate.php
+++ b/admin_autoupdate.php
@@ -32,6 +32,7 @@ use Froxlor\FileDir;
use Froxlor\Install\AutoUpdate;
use Froxlor\Settings;
use Froxlor\UI\Panel\UI;
+use Froxlor\UI\Request;
use Froxlor\UI\Response;
if ($page != 'error') {
@@ -110,7 +111,7 @@ if ($page == 'overview') {
} // download the new archive
elseif ($page == 'getdownload') {
// retrieve the new version from the form
- $newversion = isset($_POST['newversion']) ? $_POST['newversion'] : null;
+ $newversion = Request::post('newversion');
$result = 6;
// valid?
@@ -130,8 +131,8 @@ elseif ($page == 'getdownload') {
]);
} // extract and install new version
elseif ($page == 'extract') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
- $toExtract = isset($_POST['archive']) ? $_POST['archive'] : null;
+ if (Request::post('send') == 'send') {
+ $toExtract = Request::post('archive');
$localArchive = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/updates/' . $toExtract);
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "Extracting " . $localArchive . " to " . Froxlor::getInstallDir());
$result = AutoUpdate::extractZip($localArchive);
@@ -145,7 +146,7 @@ elseif ($page == 'extract') {
// redirect to update-page
Response::redirectTo('admin_updates.php');
} else {
- $toExtract = isset($_GET['archive']) ? $_GET['archive'] : null;
+ $toExtract = Request::get('archive');
$localArchive = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/updates/' . $toExtract);
}
@@ -192,7 +193,7 @@ elseif ($page == 'extract') {
} // display error
elseif ($page == 'error') {
// retrieve error-number via url-parameter
- $errno = isset($_GET['errno']) ? (int)$_GET['errno'] : 0;
+ $errno = Request::get('errno', 0);
// 2 = no Zlib
// 3 = custom version detected
diff --git a/admin_configfiles.php b/admin_configfiles.php
index 2de1a5fd..51af0972 100644
--- a/admin_configfiles.php
+++ b/admin_configfiles.php
@@ -93,14 +93,14 @@ if ($userinfo['change_serversettings'] == '1') {
asort($distributions_select);
}
- if ($distribution != "" && isset($_POST['finish'])) {
+ if ($distribution != "" && !empty(Request::post('finish'))) {
$valid_keys = ['http', 'dns', 'smtp', 'mail', 'antispam', 'ftp', 'system', 'distro'];
unset($_POST['finish']);
unset($_POST['csrf_token']);
- $params = $_POST;
+ $params = Request::postAll();
$params['distro'] = $distribution;
$params['system'] = [];
- foreach ($_POST['system'] as $sysdaemon) {
+ foreach (Request::post('system', []) as $sysdaemon) {
$params['system'][] = $sysdaemon;
}
// validate params
diff --git a/admin_cronjobs.php b/admin_cronjobs.php
index 3a77e694..fc4a48d2 100644
--- a/admin_cronjobs.php
+++ b/admin_cronjobs.php
@@ -68,9 +68,9 @@ if (($page == 'cronjobs' || $page == 'overview') && $userinfo['change_serversett
}
$result = json_decode($json_result, true)['data'];
if ($result['cronfile'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- Cronjobs::getLocal($userinfo, $_POST)->update();
+ Cronjobs::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
diff --git a/admin_customers.php b/admin_customers.php
index 72062cca..2b348d9e 100644
--- a/admin_customers.php
+++ b/admin_customers.php
@@ -119,7 +119,7 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
}
$result = json_decode($json_result, true)['data'];
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
$json_result = Customers::getLocal($userinfo, [
'id' => $id
@@ -147,11 +147,11 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
}
$result = json_decode($json_result, true)['data'];
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
$json_result = Customers::getLocal($userinfo, [
'id' => $id,
- 'delete_userfiles' => (isset($_POST['delete_userfiles']) ? (int)$_POST['delete_userfiles'] : 0)
+ 'delete_userfiles' => Request::post('delete_userfiles', 0)
])->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
@@ -167,9 +167,9 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
], $result['loginname']);
}
} elseif ($action == 'add') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- Customers::getLocal($userinfo, $_POST)->add();
+ Customers::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -243,9 +243,9 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
$result = json_decode($json_result, true)['data'];
if ($result['loginname'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- Customers::getLocal($userinfo, $_POST)->update();
+ Customers::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
diff --git a/admin_domains.php b/admin_domains.php
index 1caeb42e..722cf21b 100644
--- a/admin_domains.php
+++ b/admin_domains.php
@@ -100,9 +100,9 @@ if ($page == 'domains' || $page == 'overview') {
]);
if ($result['domain'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send' && $alias_check['count'] == 0) {
+ if (Request::post('send') == 'send' && $alias_check['count'] == 0) {
try {
- Domains::getLocal($userinfo, $_POST)->delete();
+ Domains::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -121,9 +121,9 @@ if ($page == 'domains' || $page == 'overview') {
}
}
} elseif ($action == 'add') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- Domains::getLocal($userinfo, $_POST)->add();
+ Domains::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -355,13 +355,13 @@ if ($page == 'domains' || $page == 'overview') {
$usedips[] = $ipsresultrow['id_ipandports'];
}
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
// remove ssl ip/ports if set is empty
- if (!isset($_POST['ssl_ipandport']) || empty($_POST['ssl_ipandport'])) {
+ if (empty(Request::post('ssl_ipandport'))) {
$_POST['remove_ssl_ipandport'] = true;
}
- Domains::getLocal($userinfo, $_POST)->update();
+ Domains::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -572,13 +572,13 @@ if ($page == 'domains' || $page == 'overview') {
}
}
} elseif ($action == 'jqGetCustomerPHPConfigs') {
- $customerid = intval($_POST['customerid']);
+ $customerid = intval(Request::post('customerid'));
$allowed_phpconfigs = Customer::getCustomerDetail($customerid, 'allowed_phpconfigs');
echo !empty($allowed_phpconfigs) ? $allowed_phpconfigs : json_encode([]);
exit();
} elseif ($action == 'jqSpeciallogfileNote') {
- $domainid = intval($_POST['id']);
- $newval = intval($_POST['newval']);
+ $domainid = intval(Request::post('id'));
+ $newval = intval(Request::post('newval'));
try {
$json_result = Domains::getLocal($userinfo, [
'id' => $domainid
@@ -594,9 +594,9 @@ if ($page == 'domains' || $page == 'overview') {
echo 0;
exit();
} elseif ($action == 'import') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
- $separator = Validate::validate($_POST['separator'], 'separator');
- $offset = (int)Validate::validate($_POST['offset'], 'offset', "/[0-9]/i");
+ if (Request::post('send') == 'send') {
+ $separator = Validate::validate(Request::post('separator'), 'separator');
+ $offset = (int)Validate::validate(Request::post('offset'), 'offset', "/[0-9]/i");
$file_name = $_FILES['file']['tmp_name'];
@@ -636,9 +636,9 @@ if ($page == 'domains' || $page == 'overview') {
]);
}
} elseif ($action == 'duplicate') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- Domains::getLocal($userinfo, $_POST)->duplicate();
+ Domains::getLocal($userinfo, Request::postAll())->duplicate();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
diff --git a/admin_index.php b/admin_index.php
index 0cca79fa..8a3b4262 100644
--- a/admin_index.php
+++ b/admin_index.php
@@ -201,16 +201,16 @@ if ($page == 'overview') {
$languages = Language::getLanguages();
if (!empty($_POST)) {
- if ($_POST['send'] == 'changepassword') {
- $old_password = Validate::validate($_POST['old_password'], 'old password');
+ if (Request::post('send') == 'changepassword') {
+ $old_password = Validate::validate(Request::post('old_password'), 'old password');
if (!Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_ADMINS, 'adminid')) {
Response::standardError('oldpasswordnotcorrect');
}
try {
- $new_password = Crypt::validatePassword($_POST['new_password'], 'new password');
- $new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], 'new password confirm');
+ $new_password = Crypt::validatePassword(Request::post('new_password'), 'new password');
+ $new_password_confirm = Crypt::validatePassword(Request::post('new_password_confirm'), 'new password confirm');
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -244,9 +244,9 @@ if ($page == 'overview') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'changed password');
Response::redirectTo($filename);
}
- } elseif ($_POST['send'] == 'changetheme') {
+ } elseif (Request::post('send') == 'changetheme') {
if (Settings::Get('panel.allow_theme_change_admin') == 1) {
- $theme = Validate::validate($_POST['theme'], 'theme');
+ $theme = Validate::validate(Request::post('theme'), 'theme');
try {
Admins::getLocal($userinfo, [
'id' => $userinfo['adminid'],
@@ -259,8 +259,8 @@ if ($page == 'overview') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "changed his/her theme to '" . $theme . "'");
}
Response::redirectTo($filename);
- } elseif ($_POST['send'] == 'changelanguage') {
- $def_language = Validate::validate($_POST['def_language'], 'default language');
+ } elseif (Request::post('send') == 'changelanguage') {
+ $def_language = Validate::validate(Request::post('def_language'), 'default language');
if (isset($languages[$def_language])) {
try {
diff --git a/admin_ipsandports.php b/admin_ipsandports.php
index c660bc21..905f1348 100644
--- a/admin_ipsandports.php
+++ b/admin_ipsandports.php
@@ -70,7 +70,7 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
$result = json_decode($json_result, true)['data'];
if (isset($result['id']) && $result['id'] == $id) {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
IpsAndPorts::getLocal($userinfo, [
'id' => $id
@@ -91,9 +91,9 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
}
}
} elseif ($action == 'add') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- IpsAndPorts::getLocal($userinfo, $_POST)->add();
+ IpsAndPorts::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -119,9 +119,9 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
$result = json_decode($json_result, true)['data'];
if ($result['ip'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- IpsAndPorts::getLocal($userinfo, $_POST)->update();
+ IpsAndPorts::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -141,7 +141,7 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
}
}
} elseif ($action == 'jqCheckIP') {
- $ip = $_POST['ip'] ?? "";
+ $ip = Request::post('ip', '');
if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6)) {
echo json_encode('
'.lng('error.invalidip', [$ip]).'
');
} elseif (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)) {
diff --git a/admin_logger.php b/admin_logger.php
index 28fb9638..334b0c72 100644
--- a/admin_logger.php
+++ b/admin_logger.php
@@ -31,6 +31,7 @@ use Froxlor\UI\Collection;
use Froxlor\UI\HTML;
use Froxlor\UI\Listing;
use Froxlor\UI\Panel\UI;
+use Froxlor\UI\Request;
use Froxlor\UI\Response;
if ($page == 'log' && $userinfo['change_serversettings'] == '1') {
@@ -55,7 +56,7 @@ if ($page == 'log' && $userinfo['change_serversettings'] == '1') {
]
]);
} elseif ($action == 'truncate') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
SysLog::getLocal($userinfo, [
'min_to_keep' => 10
diff --git a/admin_message.php b/admin_message.php
index 34343acc..c5d9913b 100644
--- a/admin_message.php
+++ b/admin_message.php
@@ -42,11 +42,11 @@ if ($page == 'message') {
if ($action == '') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'viewed panel_message');
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
- if ($_POST['recipient'] == 0 && $userinfo['customers_see_all'] == '1') {
+ if (Request::post('send') == 'send') {
+ if (Request::post('recipient', -1) == 0 && $userinfo['customers_see_all'] == '1') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'sending messages to admins');
$result = Database::query('SELECT `name`, `email` FROM `' . TABLE_PANEL_ADMINS . "`");
- } elseif ($_POST['recipient'] == 1) {
+ } elseif (Request::post('recipient', -1) == 1) {
if ($userinfo['customers_see_all'] == '1') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'sending messages to ALL customers');
$result = Database::query('SELECT `firstname`, `name`, `company`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . "`");
@@ -63,8 +63,8 @@ if ($page == 'message') {
Response::standardError('norecipientsgiven');
}
- $subject = $_POST['subject'];
- $message = wordwrap($_POST['message'], 70);
+ $subject = Request::post('subject');
+ $message = wordwrap(Request::post('message'), 70);
if (!empty($message)) {
$mailcounter = 0;
diff --git a/admin_mysqlserver.php b/admin_mysqlserver.php
index 699a2441..a213d080 100644
--- a/admin_mysqlserver.php
+++ b/admin_mysqlserver.php
@@ -70,7 +70,7 @@ if (($page == 'mysqlserver' || $page == 'overview') && $userinfo['change_servers
$result = json_decode($json_result, true)['data'];
if (isset($result['id']) && $result['id'] == $id) {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
MysqlServer::getLocal($userinfo, [
'id' => $id
@@ -91,9 +91,9 @@ if (($page == 'mysqlserver' || $page == 'overview') && $userinfo['change_servers
}
}
} elseif ($action == 'add') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- MysqlServer::getLocal($userinfo, $_POST)->add();
+ MysqlServer::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -119,9 +119,9 @@ if (($page == 'mysqlserver' || $page == 'overview') && $userinfo['change_servers
$result = json_decode($json_result, true)['data'];
if (isset($result['id']) && $result['id'] == $id) {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- MysqlServer::getLocal($userinfo, $_POST)->update();
+ MysqlServer::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
diff --git a/admin_opcacheinfo.php b/admin_opcacheinfo.php
index eddace9e..443a11d1 100644
--- a/admin_opcacheinfo.php
+++ b/admin_opcacheinfo.php
@@ -38,7 +38,7 @@ use Froxlor\UI\Panel\UI;
use Froxlor\UI\Response;
if ($action == 'reset' && function_exists('opcache_reset') && $userinfo['change_serversettings'] == '1') {
- if ($_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
opcache_reset();
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "reset OPcache");
header('Location: ' . $linker->getLink([
diff --git a/admin_phpsettings.php b/admin_phpsettings.php
index 208692e2..13b14f36 100644
--- a/admin_phpsettings.php
+++ b/admin_phpsettings.php
@@ -62,9 +62,9 @@ if ($page == 'overview') {
if ($action == 'add') {
if ((int)$userinfo['change_serversettings'] == 1) {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- PhpSettings::getLocal($userinfo, $_POST)->add();
+ PhpSettings::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -114,7 +114,7 @@ if ($page == 'overview') {
if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config
{
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
PhpSettings::getLocal($userinfo, [
'id' => $id
@@ -148,9 +148,9 @@ if ($page == 'overview') {
$result = json_decode($json_result, true)['data'];
if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1) {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- PhpSettings::getLocal($userinfo, $_POST)->update();
+ PhpSettings::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -200,9 +200,9 @@ if ($page == 'overview') {
if ($action == 'add') {
if ((int)$userinfo['change_serversettings'] == 1) {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- FpmDaemons::getLocal($userinfo, $_POST)->add();
+ FpmDaemons::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -239,9 +239,9 @@ if ($page == 'overview') {
if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config
{
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- FpmDaemons::getLocal($userinfo, $_POST)->delete();
+ FpmDaemons::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -271,9 +271,9 @@ if ($page == 'overview') {
$result = json_decode($json_result, true)['data'];
if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1) {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- FpmDaemons::getLocal($userinfo, $_POST)->update();
+ FpmDaemons::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
diff --git a/admin_plans.php b/admin_plans.php
index f25ccd6f..0a3bb097 100644
--- a/admin_plans.php
+++ b/admin_plans.php
@@ -73,7 +73,7 @@ if ($page == '' || $page == 'overview') {
$result = json_decode($json_result, true)['data'];
if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['adminid'] == $result['adminid']) {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
HostingPlans::getLocal($userinfo, [
'id' => $id
@@ -96,9 +96,9 @@ if ($page == '' || $page == 'overview') {
Response::standardError('nopermissionsorinvalidid');
}
} elseif ($action == 'add') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- HostingPlans::getLocal($userinfo, $_POST)->add();
+ HostingPlans::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -176,9 +176,9 @@ if ($page == '' || $page == 'overview') {
}
$result['allowed_phpconfigs'] = json_encode($result['allowed_phpconfigs']);
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- HostingPlans::getLocal($userinfo, $_POST)->update();
+ HostingPlans::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
diff --git a/admin_settings.php b/admin_settings.php
index 8d6fe497..057ff9d9 100644
--- a/admin_settings.php
+++ b/admin_settings.php
@@ -47,10 +47,10 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
$settings_data = PhpHelper::loadConfigArrayDir('./actions/admin/settings/');
Settings::loadSettingsInto($settings_data);
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
$_part = isset($_GET['part']) ? $_GET['part'] : '';
if ($_part == '') {
- $_part = isset($_POST['part']) ? $_POST['part'] : '';
+ $_part = Request::post('part', '');
}
if ($_part != '') {
@@ -69,12 +69,12 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
}
// check if the session timeout is too low #815
- if (isset($_POST['session_sessiontimeout']) && $_POST['session_sessiontimeout'] < 60) {
+ if (Request::post('session_sessiontimeout', 0) < 60) {
Response::standardError(['session_timeout', 'session_timeout_desc']);
}
try {
- if (Form::processForm($settings_data, $_POST, [
+ if (Form::processForm($settings_data, Request::postAll(), [
'filename' => $filename,
'action' => $action,
'page' => $page,
@@ -99,7 +99,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
} else {
$_part = isset($_GET['part']) ? $_GET['part'] : '';
if ($_part == '') {
- $_part = isset($_POST['part']) ? $_POST['part'] : '';
+ $_part = Request::post('part', '');
}
$fields = Form::buildForm($settings_data, $_part);
@@ -140,7 +140,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
'phpinfo' => $phpinfo
]);
} elseif ($page == 'rebuildconfigs' && $userinfo['change_serversettings'] == '1') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "rebuild configfiles");
Cronjob::inserttask(TaskId::REBUILD_VHOST);
Cronjob::inserttask(TaskId::CREATE_QUOTA);
@@ -158,7 +158,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
]);
}
} elseif ($page == 'updatecounters' && $userinfo['change_serversettings'] == '1') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "updated resource-counters");
$updatecounters = User::updateCounters(true);
UI::view('user/resource-counter.html.twig', [
@@ -170,7 +170,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
]);
}
} elseif ($page == 'wipecleartextmailpws' && $userinfo['change_serversettings'] == '1') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "wiped all cleartext mail passwords");
Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = '';");
Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '0' WHERE `settinggroup` = 'system' AND `varname` = 'mailpwcleartext'");
@@ -181,7 +181,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
]);
}
} elseif ($page == 'wipequotas' && $userinfo['change_serversettings'] == '1') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
$log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "wiped all mailquotas");
// Set the quota to 0 which means unlimited
@@ -194,7 +194,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
]);
}
} elseif ($page == 'enforcequotas' && $userinfo['change_serversettings'] == '1') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
// Fetch all accounts
$result_stmt = Database::query("SELECT `quota`, `customerid` FROM `" . TABLE_MAIL_USERS . "`");
@@ -233,7 +233,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
}
} elseif ($page == 'integritycheck' && $userinfo['change_serversettings'] == '1') {
$integrity = new IntegrityCheck();
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
$integrity->fixAll();
} elseif (isset($_GET['action']) && $_GET['action'] == "fix") {
HTML::askYesNo('admin_integritycheck_reallyfix', $filename, [
@@ -287,7 +287,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
exit();
} elseif (isset($_GET['action']) && $_GET['action'] == "import") {
// import
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
// get uploaded file
if (isset($_FILES["import_file"]["tmp_name"])) {
$imp_content = file_get_contents($_FILES["import_file"]["tmp_name"]);
@@ -330,8 +330,8 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
$note_type = 'info';
$note_msg = lng('admin.smtptestnote');
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
- $test_addr = isset($_POST['test_addr']) ? $_POST['test_addr'] : null;
+ if (Request::post('send') == 'send') {
+ $test_addr = Request::post('test_addr');
// Initialize the mailingsystem
$testmail = new PHPMailer(true);
diff --git a/admin_templates.php b/admin_templates.php
index 7ae618bb..1f535c3f 100644
--- a/admin_templates.php
+++ b/admin_templates.php
@@ -192,7 +192,7 @@ if ($action == '') {
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if ($result['varname'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid
@@ -228,7 +228,7 @@ if ($action == '') {
if (Database::num_rows() > 0) {
$row = $result_stmt->fetch(PDO::FETCH_ASSOC);
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `id` = :id");
@@ -251,13 +251,13 @@ if ($action == '') {
Response::standardError('templatenotfound');
}
} elseif ($action == 'add') {
- if (isset($_POST['prepare']) && $_POST['prepare'] == 'prepare') {
+ if (Request::post('prepare') == 'prepare') {
// email templates
- $language = htmlentities(Validate::validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
+ $language = htmlentities(Validate::validate(Request::post('language'), 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
if (!array_key_exists($language, $languages)) {
Response::standardError('templatelanguageinvalid');
}
- $template = Validate::validate($_POST['template'], 'template');
+ $template = Validate::validate(Request::post('template'), 'template');
$result_stmt = Database::prepare("
SELECT COUNT(*) as def FROM `" . TABLE_PANEL_TEMPLATES . "`
@@ -289,15 +289,15 @@ if ($action == '') {
'formdata' => $template_add_data['template_add'],
'replacers' => $template_add_data['template_replacers']
]);
- } elseif (isset($_POST['send']) && $_POST['send'] == 'send' && !isset($_POST['filesend'])) {
+ } elseif (Request::post('send') == 'send' && empty(Request::post('filesend'))) {
// email templates
- $language = htmlentities(Validate::validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
+ $language = htmlentities(Validate::validate(Request::post('language'), 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
if (!array_key_exists($language, $languages)) {
Response::standardError('templatelanguageinvalid');
}
- $template = Validate::validate($_POST['template'], 'template');
- $subject = Validate::validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
- $mailbody = Validate::validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
+ $template = Validate::validate(Request::post('template'), 'template');
+ $subject = Validate::validate(Request::post('subject'), 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
+ $mailbody = Validate::validate(Request::post('mailbody'), 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
$templates = [];
$result_stmt = Database::prepare("
SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
@@ -347,10 +347,10 @@ if ($action == '') {
'page' => $page
]);
}
- } elseif (isset($_POST['filesend']) && $_POST['filesend'] == 'filesend') {
+ } elseif (Request::post('filesend') == 'filesend') {
// file templates
- $template = Validate::validate($_POST['template'], 'template');
- $filecontent = Validate::validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
+ $template = Validate::validate(Request::post('template'), 'template');
+ $filecontent = Validate::validate(Request::post('filecontent'), 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` SET
@@ -483,9 +483,9 @@ if ($action == '') {
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if ($result['varname'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
- $subject = Validate::validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
- $mailbody = Validate::validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
+ if (Request::post('send') == 'send') {
+ $subject = Validate::validate(Request::post('subject'), 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
+ $mailbody = Validate::validate(Request::post('mailbody'), 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET
@@ -551,8 +551,8 @@ if ($action == '') {
$row = $result_stmt->fetch(PDO::FETCH_ASSOC);
// filetemplates
- if (isset($_POST['filesend']) && $_POST['filesend'] == 'filesend') {
- $filecontent = Validate::validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
+ if (Request::post('filesend') == 'filesend') {
+ $filecontent = Validate::validate(Request::post('filecontent'), 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET
`value` = :value
diff --git a/admin_updates.php b/admin_updates.php
index d2c928aa..0ae3e08c 100644
--- a/admin_updates.php
+++ b/admin_updates.php
@@ -34,6 +34,7 @@ use Froxlor\Install\Update;
use Froxlor\Settings;
use Froxlor\System\Cronjob;
use Froxlor\UI\Panel\UI;
+use Froxlor\UI\Request;
use Froxlor\UI\Response;
use Froxlor\User;
@@ -48,8 +49,8 @@ if ($page == 'overview') {
$successful_update = false;
$message = '';
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
- if ((isset($_POST['update_preconfig']) && isset($_POST['update_changesagreed']) && intval($_POST['update_changesagreed']) != 0) || !isset($_POST['update_preconfig'])) {
+ if (Request::post('send') == 'send') {
+ if ((!empty(Request::post('update_preconfig')) && intval(Request::post('update_changesagreed', 0)) != 0) || empty(Request::post('update_preconfig'))) {
include_once Froxlor::getInstallDir() . 'install/updatesql.php';
User::updateCounters();
diff --git a/api_keys.php b/api_keys.php
index 1a566090..582cdb4b 100644
--- a/api_keys.php
+++ b/api_keys.php
@@ -61,7 +61,7 @@ if ($action == 'delete' && $id > 0) {
'section' => 'index',
'page' => $page
]);
-} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'deletesure' && $id > 0) {
+} elseif (Request::post('send') == 'send' && $action == 'deletesure' && $id > 0) {
$chk = (AREA == 'admin' && $userinfo['customers_see_all'] == '1') ? true : false;
if (AREA == 'customer') {
$chk_stmt = Database::prepare("
@@ -94,7 +94,7 @@ if ($action == 'delete' && $id > 0) {
]);
}
} elseif ($action == 'add') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_API_KEYS . "` SET
`apikey` = :key, `secret` = :secret, `adminid` = :aid, `customerid` = :cid, `valid_until` = '-1', `allowed_from` = ''
diff --git a/customer_domains.php b/customer_domains.php
index e06010a0..1fb05339 100644
--- a/customer_domains.php
+++ b/customer_domains.php
@@ -106,9 +106,9 @@ if ($page == 'overview' || $page == 'domains') {
]);
if (isset($result['parentdomainid']) && $result['parentdomainid'] != '0' && $alias_check['count'] == 0) {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- SubDomains::getLocal($userinfo, $_POST)->delete();
+ SubDomains::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -127,9 +127,9 @@ if ($page == 'overview' || $page == 'domains') {
}
} elseif ($action == 'add') {
if ($userinfo['subdomains_used'] < $userinfo['subdomains'] || $userinfo['subdomains'] == '-1') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- SubDomains::getLocal($userinfo, $_POST)->add();
+ SubDomains::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -248,9 +248,9 @@ if ($page == 'overview' || $page == 'domains') {
Response::standardError('domaincannotbeedited', $result['domain']);
}
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- SubDomains::getLocal($userinfo, $_POST)->update();
+ SubDomains::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -395,8 +395,8 @@ if ($page == 'overview' || $page == 'domains') {
Response::standardError('domains_canteditdomain');
}
} elseif ($action == 'jqSpeciallogfileNote') {
- $domainid = intval($_POST['id']);
- $newval = intval($_POST['newval']);
+ $domainid = intval(Request::post('id'));
+ $newval = intval(Request::post('newval'));
try {
$json_result = SubDomains::getLocal($userinfo, [
'id' => $domainid
diff --git a/customer_email.php b/customer_email.php
index 8a5616de..c3d8e6f5 100644
--- a/customer_email.php
+++ b/customer_email.php
@@ -30,6 +30,7 @@ use Froxlor\Api\Commands\EmailAccounts;
use Froxlor\Api\Commands\EmailDomains;
use Froxlor\Api\Commands\EmailForwarders;
use Froxlor\Api\Commands\Emails;
+use Froxlor\Cron\Mail\Rspamd;
use Froxlor\CurrentUser;
use Froxlor\Database\Database;
use Froxlor\FroxlorLogger;
@@ -160,11 +161,11 @@ if ($page == 'email_domain') {
$result = json_decode($json_result, true)['data'];
if (isset($result['email']) && $result['email'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
Emails::getLocal($userinfo, [
'id' => $id,
- 'delete_userfiles' => ($_POST['delete_userfiles'] ?? 0)
+ 'delete_userfiles' => Request::post('delete_userfiles', 0)
])->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
@@ -187,9 +188,9 @@ if ($page == 'email_domain') {
}
} elseif ($action == 'add') {
if ($userinfo['emails_used'] < $userinfo['emails'] || $userinfo['emails'] == '-1') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- $json_result = Emails::getLocal($userinfo, $_POST)->add();
+ $json_result = Emails::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -244,12 +245,12 @@ if ($page == 'email_domain') {
$result = json_decode($json_result, true)['data'];
if (isset($result['email']) && $result['email'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
Emails::getLocal($userinfo, [
'id' => $id,
- 'spam_tag_level' => $_POST['spam_tag_level'] ?? \Froxlor\Cron\Mail\Rspamd::DEFAULT_MARK_LVL,
- 'spam_kill_level' => $_POST['spam_kill_level'] ?? \Froxlor\Cron\Mail\Rspamd::DEFAULT_REJECT_LVL
+ 'spam_tag_level' => Request::post('spam_tag_level', Rspamd::DEFAULT_MARK_LVL),
+ 'spam_kill_level' => Request::post('spam_kill_level', Rspamd::DEFAULT_REJECT_LVL)
])->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
@@ -386,9 +387,9 @@ if ($page == 'email_domain') {
}
$result = json_decode($json_result, true)['data'];
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- EmailAccounts::getLocal($userinfo, $_POST)->add();
+ EmailAccounts::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -457,9 +458,9 @@ if ($page == 'email_domain') {
$result = json_decode($json_result, true)['data'];
if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- EmailAccounts::getLocal($userinfo, $_POST)->update();
+ EmailAccounts::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -516,9 +517,9 @@ if ($page == 'email_domain') {
$result = json_decode($json_result, true)['data'];
if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- EmailAccounts::getLocal($userinfo, $_POST)->update();
+ EmailAccounts::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -575,9 +576,9 @@ if ($page == 'email_domain') {
$result = json_decode($json_result, true)['data'];
if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- EmailAccounts::getLocal($userinfo, $_POST)->delete();
+ EmailAccounts::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -611,9 +612,9 @@ if ($page == 'email_domain') {
$result = json_decode($json_result, true)['data'];
if (isset($result['email']) && $result['email'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- EmailForwarders::getLocal($userinfo, $_POST)->add();
+ EmailForwarders::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -673,22 +674,15 @@ if ($page == 'email_domain') {
$result = json_decode($json_result, true)['data'];
if (isset($result['destination']) && $result['destination'] != '') {
- if (isset($_POST['forwarderid'])) {
- $forwarderid = intval($_POST['forwarderid']);
- } elseif (isset($_GET['forwarderid'])) {
- $forwarderid = intval($_GET['forwarderid']);
- } else {
- $forwarderid = 0;
- }
-
+ $forwarderid = Request::any('forwarderid', 0);
$result['destination'] = explode(' ', $result['destination']);
if (isset($result['destination'][$forwarderid]) && $result['email'] != $result['destination'][$forwarderid]) {
$forwarder = $result['destination'][$forwarderid];
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- EmailForwarders::getLocal($userinfo, $_POST)->delete();
+ EmailForwarders::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
diff --git a/customer_extras.php b/customer_extras.php
index b7e91e33..16cb4f9d 100644
--- a/customer_extras.php
+++ b/customer_extras.php
@@ -97,9 +97,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
$result = json_decode($json_result, true)['data'];
if (isset($result['username']) && $result['username'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- DirProtections::getLocal($userinfo, $_POST)->delete();
+ DirProtections::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -119,9 +119,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
}
}
} elseif ($action == 'add') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- DirProtections::getLocal($userinfo, $_POST)->add();
+ DirProtections::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -149,9 +149,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
$result = json_decode($json_result, true)['data'];
if (isset($result['username']) && $result['username'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- DirProtections::getLocal($userinfo, $_POST)->update();
+ DirProtections::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -222,9 +222,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
$result = json_decode($json_result, true)['data'];
if (isset($result['customerid']) && $result['customerid'] != '' && $result['customerid'] == $userinfo['customerid']) {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- DirOptions::getLocal($userinfo, $_POST)->delete();
+ DirOptions::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -240,9 +240,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
}
}
} elseif ($action == 'add') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- DirOptions::getLocal($userinfo, $_POST)->add();
+ DirOptions::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -271,9 +271,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
$result = json_decode($json_result, true)['data'];
if ((isset($result['customerid'])) && ($result['customerid'] != '') && ($result['customerid'] == $userinfo['customerid'])) {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- DirOptions::getLocal($userinfo, $_POST)->update();
+ DirOptions::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -306,10 +306,10 @@ if ($page == 'overview' || $page == 'htpasswds') {
if (Settings::Get('system.exportenabled') == 1) {
if ($action == 'abort') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "customer_extras::export - aborted scheduled data export job");
try {
- DataDump::getLocal($userinfo, $_POST)->delete();
+ DataDump::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -336,9 +336,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
Response::dynamicError($e->getMessage());
}
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- DataDump::getLocal($userinfo, $_POST)->add();
+ DataDump::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
diff --git a/customer_ftp.php b/customer_ftp.php
index 05521405..234929d5 100644
--- a/customer_ftp.php
+++ b/customer_ftp.php
@@ -87,9 +87,9 @@ if ($page == 'overview' || $page == 'accounts') {
$result = json_decode($json_result, true)['data'];
if (isset($result['username']) && $result['username'] != $userinfo['loginname']) {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- Ftps::getLocal($userinfo, $_POST)->delete();
+ Ftps::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -108,9 +108,9 @@ if ($page == 'overview' || $page == 'accounts') {
}
} elseif ($action == 'add') {
if ($userinfo['ftps_used'] < $userinfo['ftps'] || $userinfo['ftps'] == '-1') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- Ftps::getLocal($userinfo, $_POST)->add();
+ Ftps::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -164,9 +164,9 @@ if ($page == 'overview' || $page == 'accounts') {
$result = json_decode($json_result, true)['data'];
if (isset($result['username']) && $result['username'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- Ftps::getLocal($userinfo, $_POST)->update();
+ Ftps::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
diff --git a/customer_index.php b/customer_index.php
index 70cb2ae3..1e369090 100644
--- a/customer_index.php
+++ b/customer_index.php
@@ -38,6 +38,7 @@ use Froxlor\Settings;
use Froxlor\System\Cronjob;
use Froxlor\System\Crypt;
use Froxlor\UI\Panel\UI;
+use Froxlor\UI\Request;
use Froxlor\UI\Response;
use Froxlor\Validate\Validate;
@@ -141,16 +142,16 @@ if ($page == 'overview') {
$languages = Language::getLanguages();
if (!empty($_POST)) {
- if ($_POST['send'] == 'changepassword') {
- $old_password = Validate::validate($_POST['old_password'], 'old password');
+ if (Request::post('send') == 'changepassword') {
+ $old_password = Validate::validate(Request::post('old_password'), 'old password');
if (!Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_CUSTOMERS, 'customerid')) {
Response::standardError('oldpasswordnotcorrect');
}
try {
- $new_password = Crypt::validatePassword($_POST['new_password'], 'new password');
- $new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], 'new password confirm');
+ $new_password = Crypt::validatePassword(Request::post('new_password'), 'new password');
+ $new_password_confirm = Crypt::validatePassword(Request::post('new_password_confirm'), 'new password confirm');
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -185,7 +186,7 @@ if ($page == 'overview') {
$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, 'changed password');
// Update ftp password
- if (isset($_POST['change_main_ftp']) && $_POST['change_main_ftp'] == 'true') {
+ if (Request::post('change_main_ftp') == 'true') {
$cryptPassword = Crypt::makeCryptPassword($new_password);
$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
SET `password` = :password
@@ -201,7 +202,7 @@ if ($page == 'overview') {
}
// Update statistics password
- if (isset($_POST['change_stats']) && $_POST['change_stats'] == 'true') {
+ if (Request::post('change_stats') == 'true') {
$new_stats_password = Crypt::makeCryptPassword($new_password, true);
$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`
@@ -218,7 +219,7 @@ if ($page == 'overview') {
}
// Update global myqsl user password
- if ($userinfo['mysqls'] != 0 && isset($_POST['change_global_mysql']) && $_POST['change_global_mysql'] == 'true') {
+ if ($userinfo['mysqls'] != 0 && Request::post('change_global_mysql') == 'true') {
$allowed_mysqlservers = json_decode($userinfo['allowed_mysqlserver'] ?? '[]', true);
foreach ($allowed_mysqlservers as $dbserver) {
// require privileged access for target db-server
@@ -235,9 +236,9 @@ if ($page == 'overview') {
Response::redirectTo($filename);
}
- } elseif ($_POST['send'] == 'changetheme') {
+ } elseif (Request::post('send') == 'changetheme') {
if (Settings::Get('panel.allow_theme_change_customer') == 1) {
- $theme = Validate::validate($_POST['theme'], 'theme');
+ $theme = Validate::validate(Request::post('theme'), 'theme');
try {
Customers::getLocal($userinfo, [
'id' => $userinfo['customerid'],
@@ -250,8 +251,8 @@ if ($page == 'overview') {
$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "changed default theme to '" . $theme . "'");
}
Response::redirectTo($filename);
- } elseif ($_POST['send'] == 'changelanguage') {
- $def_language = Validate::validate($_POST['def_language'], 'default language');
+ } elseif (Request::post('send') == 'changelanguage') {
+ $def_language = Validate::validate(Request::post('def_language'), 'default language');
if (isset($languages[$def_language])) {
try {
Customers::getLocal($userinfo, [
diff --git a/customer_mysql.php b/customer_mysql.php
index df044a64..b8bdffd0 100644
--- a/customer_mysql.php
+++ b/customer_mysql.php
@@ -123,9 +123,9 @@ if ($page == 'overview' || $page == 'mysqls') {
$result['dbserver'] = 0;
}
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- Mysqls::getLocal($userinfo, $_POST)->delete();
+ Mysqls::getLocal($userinfo, Request::postAll())->delete();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -146,9 +146,9 @@ if ($page == 'overview' || $page == 'mysqls') {
}
} elseif ($action == 'add') {
if ($userinfo['mysqls_used'] < $userinfo['mysqls'] || $userinfo['mysqls'] == '-1') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- Mysqls::getLocal($userinfo, $_POST)->add();
+ Mysqls::getLocal($userinfo, Request::postAll())->add();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -186,9 +186,9 @@ if ($page == 'overview' || $page == 'mysqls') {
$result = json_decode($json_result, true)['data'];
if (isset($result['databasename']) && $result['databasename'] != '') {
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
try {
- $json_result = Mysqls::getLocal($userinfo, $_POST)->update();
+ $json_result = Mysqls::getLocal($userinfo, Request::postAll())->update();
} catch (Exception $e) {
Response::dynamicError($e->getMessage());
}
@@ -223,9 +223,9 @@ if ($page == 'overview' || $page == 'mysqls') {
Response::dynamicError('No permission');
}
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
- $new_password = Crypt::validatePassword($_POST['mysql_password']);
+ $new_password = Crypt::validatePassword(Request::post('mysql_password'));
foreach ($allowed_mysqlservers as $dbserver) {
// require privileged access for target db-server
Database::needRoot(true, $dbserver, false);
diff --git a/dns_editor.php b/dns_editor.php
index 9d2e41bb..6d3d9c52 100644
--- a/dns_editor.php
+++ b/dns_editor.php
@@ -30,6 +30,7 @@ if (!defined('AREA')) {
use Froxlor\Api\Commands\DomainZones;
use Froxlor\Dns\Dns;
+use Froxlor\Settings;
use Froxlor\UI\Collection;
use Froxlor\UI\HTML;
use Froxlor\UI\Listing;
@@ -42,11 +43,11 @@ use Froxlor\UI\Response;
$domain_id = (int)Request::any('domain_id');
-$record = isset($_POST['dns_record']) ? trim($_POST['dns_record']) : null;
-$type = isset($_POST['dns_type']) ? $_POST['dns_type'] : 'A';
-$prio = isset($_POST['dns_mxp']) ? (int)$_POST['dns_mxp'] : null;
-$content = isset($_POST['dns_content']) ? trim($_POST['dns_content']) : null;
-$ttl = isset($_POST['dns_ttl']) ? (int)$_POST['dns_ttl'] : 18000;
+$record = Request::post('dns_record', null);
+$type = Request::post('dns_type', 'A');
+$prio = Request::post('dns_mxp');
+$content = Request::post('dns_content');
+$ttl = (int)Request::post('dns_ttl', Settings::get('system.defaultttl'));
// get domain-name
$domain = Dns::getAllowedDomainEntry($domain_id, AREA, $userinfo);
@@ -82,9 +83,9 @@ if ($action == 'add_record' && !empty($_POST)) {
'page' => $page,
'domain_id' => $domain_id
]);
-} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'deletesure' && !empty($_POST)) {
- $entry_id = isset($_POST['id']) ? (int)$_POST['id'] : 0;
- $domain_id = isset($_POST['domain_id']) ? (int)$_POST['domain_id'] : 0;
+} elseif (Request::post('send') == 'send' && $action == 'deletesure' && !empty($_POST)) {
+ $entry_id = (int)Request::post('id', 0);
+ $domain_id = (int)Request::post('domain_id', 0);
// remove entry
if ($entry_id > 0 && $domain_id > 0) {
try {
diff --git a/error_report.php b/error_report.php
index 0f234745..6e0c5813 100644
--- a/error_report.php
+++ b/error_report.php
@@ -77,7 +77,7 @@ if (!empty($errid)) {
$mail_html = nl2br($mail_body);
// send actual report to dev-team
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
+ if (Request::post('send') == 'send') {
// send mail and say thanks
$_mailerror = false;
try {
diff --git a/index.php b/index.php
index 743bfe71..34599367 100644
--- a/index.php
+++ b/index.php
@@ -71,7 +71,7 @@ if ($action == '2fa_entercode') {
Response::redirectTo('index.php');
exit();
}
- $code = isset($_POST['2fa_code']) ? $_POST['2fa_code'] : null;
+ $code = Request::post('2fa_code');
// verify entered code
$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));
// get user-data
@@ -162,8 +162,8 @@ if ($action == '2fa_entercode') {
exit();
} elseif ($action == 'login') {
if (!empty($_POST)) {
- $loginname = Validate::validate($_POST['loginname'], 'loginname');
- $password = Validate::validate($_POST['password'], 'password');
+ $loginname = Validate::validate(Request::post('loginname'), 'loginname');
+ $password = Validate::validate(Request::post('password'), 'password');
$select_additional = '';
if (Settings::Get('panel.db_version') >= 202312230) {
@@ -485,8 +485,8 @@ if ($action == 'forgotpwd') {
$message = '';
if (!empty($_POST)) {
- $loginname = Validate::validate($_POST['loginname'], 'loginname');
- $email = Validate::validateEmail($_POST['loginemail']);
+ $loginname = Validate::validate(Request::post('loginname'), 'loginname');
+ $email = Validate::validateEmail(Request::post('loginemail'));
$result_stmt = Database::prepare("SELECT `adminid`, `customerid`, `customernumber`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_CUSTOMERS . "`
WHERE `loginname`= :loginname
AND `email`= :email");
@@ -700,8 +700,8 @@ if ($action == 'resetpwd') {
if ($result !== false) {
try {
- $new_password = Crypt::validatePassword($_POST['new_password'], true);
- $new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], true);
+ $new_password = Crypt::validatePassword(Request::post('new_password'), true);
+ $new_password_confirm = Crypt::validatePassword(Request::post('new_password_confirm'), true);
} catch (Exception $e) {
$message = $e->getMessage();
}
diff --git a/install/updates/froxlor/update_2.1.inc.php b/install/updates/froxlor/update_2.1.inc.php
index 3b982ea0..b7b55d58 100644
--- a/install/updates/froxlor/update_2.1.inc.php
+++ b/install/updates/froxlor/update_2.1.inc.php
@@ -247,3 +247,8 @@ if (Froxlor::isFroxlorVersion('2.1.7')) {
Update::showUpdateStep("Updating from 2.1.7 to 2.1.8", false);
Froxlor::updateToVersion('2.1.8');
}
+
+if (Froxlor::isFroxlorVersion('2.1.8')) {
+ Update::showUpdateStep("Updating from 2.1.8 to 2.1.9", false);
+ Froxlor::updateToVersion('2.1.9');
+}
diff --git a/install/updates/froxlor/update_2.2.inc.php b/install/updates/froxlor/update_2.2.inc.php
index f81f127b..a94c714e 100644
--- a/install/updates/froxlor/update_2.2.inc.php
+++ b/install/updates/froxlor/update_2.2.inc.php
@@ -35,7 +35,7 @@ if (!defined('_CRON_UPDATE')) {
}
}
-if (Froxlor::isFroxlorVersion('2.1.8')) {
+if (Froxlor::isFroxlorVersion('2.1.9')) {
Update::showUpdateStep("Enhancing virtual email table");
Database::query("ALTER TABLE `" . TABLE_MAIL_VIRTUAL . "` ADD `spam_tag_level` float(4,1) NOT NULL DEFAULT 7.0;");
Database::query("ALTER TABLE `" . TABLE_MAIL_VIRTUAL . "` ADD `spam_kill_level` float(4,1) NOT NULL DEFAULT 14.0;");
diff --git a/lib/Froxlor/Api/Commands/DomainZones.php b/lib/Froxlor/Api/Commands/DomainZones.php
index eebe6b8d..4a3020a1 100644
--- a/lib/Froxlor/Api/Commands/DomainZones.php
+++ b/lib/Froxlor/Api/Commands/DomainZones.php
@@ -115,7 +115,7 @@ class DomainZones extends ApiCommand implements ResourceEntity
// validation
$errors = [];
- if (empty($record)) {
+ if (empty(trim($record))) {
$record = "@";
}
diff --git a/lib/Froxlor/Cli/UpdateCommand.php b/lib/Froxlor/Cli/UpdateCommand.php
index d7a255eb..bca38420 100644
--- a/lib/Froxlor/Cli/UpdateCommand.php
+++ b/lib/Froxlor/Cli/UpdateCommand.php
@@ -58,6 +58,7 @@ final class UpdateCommand extends CliCommand
if ($input->getOption('database')) {
$result = $this->validateRequirements($output, true);
if ($result == self::SUCCESS) {
+ require Froxlor::getInstallDir() . '/lib/functions.php';
if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
$output->writeln('' . lng('updates.dbupdate_required') . '>');
if ($input->getOption('check-only')) {
diff --git a/lib/Froxlor/Cron/Traffic/ReportsCron.php b/lib/Froxlor/Cron/Traffic/ReportsCron.php
index 01828c1d..cd8babaf 100644
--- a/lib/Froxlor/Cron/Traffic/ReportsCron.php
+++ b/lib/Froxlor/Cron/Traffic/ReportsCron.php
@@ -211,7 +211,7 @@ class ReportsCron extends FroxlorCron
$_mailerror = false;
$mailerr_msg = "";
try {
- $mail->SetFrom($row['email'], $row['name']);
+ $mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
$mail->Subject = $mail_subject;
$mail->AltBody = $mail_body;
$mail->MsgHTML(nl2br($mail_body));
@@ -297,7 +297,7 @@ class ReportsCron extends FroxlorCron
$_mailerror = false;
$mailerr_msg = "";
try {
- $mail->SetFrom($row['email'], $row['name']);
+ $mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
$mail->Subject = $mail_subject;
$mail->Body = $mail_body;
$mail->MsgHTML(nl2br($mail_body));
@@ -472,7 +472,7 @@ class ReportsCron extends FroxlorCron
$_mailerror = false;
$mailerr_msg = "";
try {
- $mail->SetFrom($row['email'], $row['name']);
+ $mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
$mail->Subject = $mail_subject;
$mail->AltBody = $mail_body;
$mail->MsgHTML(nl2br($mail_body));
diff --git a/lib/Froxlor/PhpHelper.php b/lib/Froxlor/PhpHelper.php
index 9a7243e1..77c18993 100644
--- a/lib/Froxlor/PhpHelper.php
+++ b/lib/Froxlor/PhpHelper.php
@@ -417,6 +417,9 @@ class PhpHelper
'admin_pass',
'admin_pass_confirm',
'panel_password_special_char',
+ 'old_password',
+ 'new_password',
+ 'new_password_confirm',
];
if (!empty($global)) {
$tmp = $global;
diff --git a/lib/Froxlor/Settings/Store.php b/lib/Froxlor/Settings/Store.php
index 9b82ca0a..be5f2cb9 100644
--- a/lib/Froxlor/Settings/Store.php
+++ b/lib/Froxlor/Settings/Store.php
@@ -36,6 +36,7 @@ use Froxlor\PhpHelper;
use Froxlor\Settings;
use Froxlor\System\Cronjob;
use Froxlor\System\IPTools;
+use Froxlor\UI\Request;
use Froxlor\Validate\Validate;
use PDO;
@@ -465,7 +466,7 @@ class Store
}
// Delete file?
- if ($fielddata['value'] !== "" && array_key_exists($fieldname . '_delete', $_POST) && $_POST[$fieldname . '_delete']) {
+ if ($fielddata['value'] !== "" && array_key_exists($fieldname . '_delete', $_POST) && Request::post($fieldname . '_delete')) {
@unlink(Froxlor::getInstallDir() . '/' . explode('?', $fielddata['value'], 2)[0]);
$save_to = '';
}
diff --git a/lib/Froxlor/UI/Request.php b/lib/Froxlor/UI/Request.php
index e053e8b1..8817ca93 100644
--- a/lib/Froxlor/UI/Request.php
+++ b/lib/Froxlor/UI/Request.php
@@ -30,14 +30,16 @@ use voku\helper\AntiXSS;
class Request
{
+ private static $cleaned = false;
+
/**
* Get key from current $_GET or $_POST request.
*
* @param $key
- * @param string|null $default
+ * @param mixed|null $default
* @return mixed|string|null
*/
- public static function any($key, string $default = null)
+ public static function any($key, $default = null)
{
self::cleanAll();
@@ -48,10 +50,10 @@ class Request
* Get key from current $_GET request.
*
* @param $key
- * @param string|null $default
+ * @param mixed|null $default
* @return mixed|string|null
*/
- public static function get($key, string $default = null)
+ public static function get($key, $default = null)
{
self::cleanAll();
@@ -62,37 +64,53 @@ class Request
* Get key from current $_POST request.
*
* @param $key
- * @param string|null $default
+ * @param mixed|null $default
* @return mixed|string|null
*/
- public static function post($key, string $default = null)
+ public static function post($key, $default = null)
{
self::cleanAll();
return $_POST[$key] ?? $default;
}
+ /**
+ * return complete $_POST array
+ *
+ * @return array
+ */
+ public static function postAll()
+ {
+ self::cleanAll();
+
+ return $_POST ?? [];
+ }
+
/**
* Check for xss attempts and clean important globals and
* unsetting every variable registered in $_REQUEST and as variable itself
*/
public static function cleanAll()
{
- foreach ($_REQUEST as $key => $value) {
- if (isset($$key)) {
- unset($$key);
+ if (!self::$cleaned) {
+ foreach ($_REQUEST as $key => $value) {
+ if (isset($$key)) {
+ unset($$key);
+ }
}
+ unset($value);
+
+ $antiXss = new AntiXSS();
+
+ // check $_GET
+ PhpHelper::cleanGlobal($_GET, $antiXss);
+ // check $_POST
+ PhpHelper::cleanGlobal($_POST, $antiXss);
+ // check $_COOKIE
+ PhpHelper::cleanGlobal($_COOKIE, $antiXss);
+
+ self::$cleaned = true;
}
- unset($value);
-
- $antiXss = new AntiXSS();
-
- // check $_GET
- PhpHelper::cleanGlobal($_GET, $antiXss);
- // check $_POST
- PhpHelper::cleanGlobal($_POST, $antiXss);
- // check $_COOKIE
- PhpHelper::cleanGlobal($_COOKIE, $antiXss);
}
/**
diff --git a/lib/Froxlor/Validate/Check.php b/lib/Froxlor/Validate/Check.php
index 2d5229b1..70c3c9f5 100644
--- a/lib/Froxlor/Validate/Check.php
+++ b/lib/Froxlor/Validate/Check.php
@@ -28,6 +28,7 @@ namespace Froxlor\Validate;
use Froxlor\Database\Database;
use Froxlor\FileDir;
use Froxlor\Settings;
+use Froxlor\UI\Request;
class Check
{
@@ -73,7 +74,7 @@ class Check
// interface is to be enabled
if ((int)$newfieldvalue == 1) {
// check for POST value of the other field == 1 (active)
- if (isset($_POST[$check_array[$fieldname]['other_post_field']]) && (int)$_POST[$check_array[$fieldname]['other_post_field']] == 1) {
+ if ((int)Request::post($check_array[$fieldname]['other_post_field'], 0) == 1) {
// the other interface is activated already and STAYS activated
if ((int)Settings::Get($check_array[$fieldname]['other_enabled']) == 1) {
$returnvalue = [
@@ -83,8 +84,12 @@ class Check
} else {
// fcgid is being validated before fpm -> "ask" fpm about its state
if ($fieldname == 'system_mod_fcgid_enabled') {
- $returnvalue = self::checkFcgidPhpFpm('system_phpfpm_enabled', null,
- $check_array[$fieldname]['other_post_field'], null);
+ $returnvalue = self::checkFcgidPhpFpm(
+ 'system_phpfpm_enabled',
+ null,
+ $check_array[$fieldname]['other_post_field'],
+ null
+ );
} else {
// not, bot are nogo
$returnvalue = $returnvalue = [
@@ -117,8 +122,16 @@ class Check
$mysql_access_host_array = array_unique(array_map('trim', explode(',', $newfieldvalue)));
foreach ($mysql_access_host_array as $host_entry) {
- if (Validate::validate_ip2($host_entry, true, 'invalidip', true, true, true, true,
- false) == false && Validate::validateDomain($host_entry) == false && Validate::validateLocalHostname($host_entry) == false && $host_entry != '%') {
+ if (Validate::validate_ip2(
+ $host_entry,
+ true,
+ 'invalidip',
+ true,
+ true,
+ true,
+ true,
+ false
+ ) == false && Validate::validateDomain($host_entry) == false && Validate::validateLocalHostname($host_entry) == false && $host_entry != '%') {
return [
self::FORMFIELDS_PLAUSIBILITY_CHECK_ERROR,
'invalidmysqlhost',
@@ -204,8 +217,11 @@ class Check
}
// neither dir can be within the other nor can they be equal
- if (substr($newdir, 0, strlen($cdir)) == $cdir || substr($cdir, 0,
- strlen($newdir)) == $newdir || $newdir == $cdir) {
+ if (substr($newdir, 0, strlen($cdir)) == $cdir || substr(
+ $cdir,
+ 0,
+ strlen($newdir)
+ ) == $newdir || $newdir == $cdir) {
$returnvalue = [
self::FORMFIELDS_PLAUSIBILITY_CHECK_ERROR,
'fcgidpathcannotbeincustomerdoc'
@@ -264,8 +280,11 @@ class Check
}
$returnvalue = [];
- if (Validate::validateUsername($newfieldvalue, Settings::Get('panel.unix_names'),
- Database::getSqlUsernameLength() - strlen($allnewfieldvalues['customer_mysqlprefix'])) === true) {
+ if (Validate::validateUsername(
+ $newfieldvalue,
+ Settings::Get('panel.unix_names'),
+ Database::getSqlUsernameLength() - strlen($allnewfieldvalues['customer_mysqlprefix'])
+ ) === true) {
$returnvalue = [
self::FORMFIELDS_PLAUSIBILITY_CHECK_OK
];
@@ -330,7 +349,7 @@ class Check
];
}
// check if the pgp public key is a valid key
- putenv('GNUPGHOME='.sys_get_temp_dir());
+ putenv('GNUPGHOME=' . sys_get_temp_dir());
if (gnupg_import(gnupg_init(), $newfieldvalue) === false) {
return [
self::FORMFIELDS_PLAUSIBILITY_CHECK_ERROR,
diff --git a/lib/configfiles/noble.xml b/lib/configfiles/noble.xml
index 8a583a7c..479ce504 100644
--- a/lib/configfiles/noble.xml
+++ b/lib/configfiles/noble.xml
@@ -1,6 +1,6 @@
-
diff --git a/lib/init.php b/lib/init.php
index 4583f681..c4cc5bdc 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -361,7 +361,7 @@ if (CurrentUser::hasSession()) {
UI::twig()->addGlobal('csrf_token', $csrf_token);
// check if csrf token is valid
if (in_array($_SERVER['REQUEST_METHOD'], ['POST', 'PUT', 'PATCH', 'DELETE'])) {
- $current_token = $_POST['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
+ $current_token = Request::post('csrf_token', $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null);
if ($current_token != CurrentUser::getField('csrf_token')) {
http_response_code(403);
Response::dynamicError('CSRF validation failed');
diff --git a/ssl_certificates.php b/ssl_certificates.php
index bd917e68..3b73f3de 100644
--- a/ssl_certificates.php
+++ b/ssl_certificates.php
@@ -55,7 +55,7 @@ if ($action == 'delete') {
'section' => 'domains',
'page' => $page
]);
-} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'deletesure' && $id > 0) {
+} elseif (Request::post('send') == 'send' && $action == 'deletesure' && $id > 0) {
try {
$json_result = Certificates::getLocal($userinfo, [
'id' => $id
diff --git a/ssl_editor.php b/ssl_editor.php
index d4b7bab3..b0d1c770 100644
--- a/ssl_editor.php
+++ b/ssl_editor.php
@@ -33,6 +33,7 @@ use Froxlor\Api\Commands\SubDomains;
use Froxlor\Database\Database;
use Froxlor\PhpHelper;
use Froxlor\UI\Panel\UI;
+use Froxlor\UI\Request;
use Froxlor\UI\Response;
// This file is being included in admin_domains and customer_domains
@@ -49,13 +50,13 @@ if ($action == '' || $action == 'view') {
}
$result_domain = json_decode($json_result, true)['data'];
- if (isset($_POST['send']) && $_POST['send'] == 'send') {
- $do_insert = isset($_POST['do_insert']) && ((($_POST['do_insert'] == 1) ? true : false));
+ if (Request::post('send') == 'send') {
+ $do_insert = Request::post('do_insert', 0) == 1;
try {
if ($do_insert) {
- Certificates::getLocal($userinfo, $_POST)->add();
+ Certificates::getLocal($userinfo, Request::postAll())->add();
} else {
- Certificates::getLocal($userinfo, $_POST)->update();
+ Certificates::getLocal($userinfo, Request::postAll())->update();
}
} catch (Exception $e) {
Response::dynamicError($e->getMessage());