Sekretaerbaer-Netz/friendica-sekretaerbaer-netz
1
0
Fork 0
forked from Friendica/friendica
Code Pull requests Activity

Clean input values

Browse source
This commit is contained in:
Michael 2025-05-24 19:03:22 +00:00
parent 8e0a3d00bb
commit 0db3d4a70f
3 changed files with 20 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/Module/Admin/Site.php
View file

@ -41,13 +41,13 @@ class Site extends BaseAdmin
return;
}
$sitename = (!empty($_POST['sitename']) ? trim($_POST['sitename']) : '');
$sitename = (!empty($_POST['sitename']) ? strip_tags(trim($_POST['sitename'])) : '');
$sender_email = (!empty($_POST['sender_email']) ? trim($_POST['sender_email']) : '');
$banner = (!empty($_POST['banner']) ? trim($_POST['banner']) : false);
$email_banner = (!empty($_POST['email_banner']) ? trim($_POST['email_banner']) : false);
$shortcut_icon = (!empty($_POST['shortcut_icon']) ? trim($_POST['shortcut_icon']) : '');
$touch_icon = (!empty($_POST['touch_icon']) ? trim($_POST['touch_icon']) : '');
$additional_info = (!empty($_POST['additional_info']) ? trim($_POST['additional_info']) : '');
$additional_info = (!empty($_POST['additional_info']) ? strip_tags(trim($_POST['additional_info'])) : '');
$language = (!empty($_POST['language']) ? trim($_POST['language']) : '');
$theme = (!empty($_POST['theme']) ? trim($_POST['theme']) : '');
$theme_mobile = (!empty($_POST['theme_mobile']) ? trim($_POST['theme_mobile']) : '');
@ -57,7 +57,7 @@ class Site extends BaseAdmin
$jpegimagequality = (!empty($_POST['jpegimagequality']) ? intval(trim($_POST['jpegimagequality'])) : 100);
$register_policy = (!empty($_POST['register_policy']) ? intval(trim($_POST['register_policy'])) : 0);
$max_registered_users = (!empty($_POST['max_registered_users']) ? intval(trim($_POST['max_registered_users'])) : 0);
$max_registered_users = (!empty($_POST['max_registered_users']) ? intval(trim($_POST['max_registered_users'])) : 0);
$daily_registrations = (!empty($_POST['max_daily_registrations']) ? intval(trim($_POST['max_daily_registrations'])) : 0);
$abandon_days = (!empty($_POST['abandon_days']) ? intval(trim($_POST['abandon_days'])) : 0);

4
src/Module/Profile/Photos.php
View file

@ -128,8 +128,8 @@ class Photos extends \Friendica\Module\BaseProfile
$request = $hook_data['request'] ?? $request;
// Determine the album to use
$album = trim($request['album'] ?? '');
$newalbum = trim($request['newalbum'] ?? '');
$album = strip_tags(trim($request['album'] ?? ''));
$newalbum = strip_tags(trim($request['newalbum'] ?? ''));
$this->logger->debug('album= ' . $album . ' newalbum= ' . $newalbum);

25
src/Module/Settings/Profile/Index.php
View file

@ -99,7 +99,7 @@ class Index extends BaseSettings
new ArrayFilterEvent(ArrayFilterEvent::PROFILE_SETTINGS_POST, $request),
)->getArray();
$dob = trim($request['dob'] ?? '');
$dob = $this->cleanInput($request['dob'] ?? '');
if ($dob && !in_array($dob, ['0000-00-00', DBA::NULL_DATE])) {
$y = substr($dob, 0, 4);
@ -121,18 +121,18 @@ class Index extends BaseSettings
}
}
$username = trim($request['username'] ?? '');
$username = $this->cleanInputText($request['username'] ?? '');
if (!$username) {
$this->systemMessages->addNotice($this->t('Display Name is required.'));
return;
}
$about = trim($request['about']);
$address = trim($request['address']);
$locality = trim($request['locality']);
$region = trim($request['region']);
$postal_code = trim($request['postal_code']);
$country_name = trim($request['country_name']);
$about = $this->cleanInputText($request['about']);
$address = $this->cleanInputText($request['address']);
$locality = $this->cleanInputText($request['locality']);
$region = $this->cleanInputText($request['region']);
$postal_code = $this->cleanInputText($request['postal_code']);
$country_name = $this->cleanInputText($request['country_name']);
$pub_keywords = self::cleanKeywords(trim($request['pub_keywords']));
$prv_keywords = self::cleanKeywords(trim($request['prv_keywords']));
$xmpp = $this->cleanInput(trim($request['xmpp']));
@ -377,9 +377,14 @@ class Index extends BaseSettings
return $profileFields;
}
private function cleanInputText(string $input): string
{
return trim(strip_tags($input));
}
private function cleanInput(string $input): string
{
return str_replace(['<', '>', '"', ' '], '', $input);
return str_replace(['<', '>', '"', "'", ' '], '', $input);
}
private static function cleanKeywords($keywords): string
@ -389,7 +394,7 @@ class Index extends BaseSettings
$cleaned = [];
foreach ($keywords as $keyword) {
$keyword = trim($keyword);
$keyword = trim(str_replace(['<', '>', '"', "'"], '', $keyword));
$keyword = trim($keyword, '#');
if ($keyword != '') {
$cleaned[] = $keyword;