diff options
| author | Greg Roach <fisharebest@gmail.com> | 2013-08-29 22:35:00 +0100 |
|---|---|---|
| committer | Greg Roach <fisharebest@gmail.com> | 2013-08-29 22:35:00 +0100 |
| commit | def8f50065a593a06a051ceb58b7686884a8ce58 (patch) | |
| tree | df7cb13b850c7f6332d9c40bc9daf560d0b19586 | |
| parent | cd3cb363db375e0e9b7d5214b33e382f77aa9400 (diff) | |
| download | webtrees-def8f50065a593a06a051ceb58b7686884a8ce58.tar.gz webtrees-def8f50065a593a06a051ceb58b7686884a8ce58.tar.bz2 webtrees-def8f50065a593a06a051ceb58b7686884a8ce58.zip | |
New filter/validation functions for GET/POST variables
124 files changed, 1614 insertions, 1624 deletions
diff --git a/action.php b/action.php index cf1c009df3..ffbef3ec93 100644 --- a/action.php +++ b/action.php @@ -41,11 +41,11 @@ require './includes/session.php'; header('Content-type: text/html; charset=UTF-8'); -switch (safe_POST('action')) { +switch (WT_Filter::post('action')) { case 'accept-changes': // Accept all the pending changes for a record require WT_ROOT.'includes/functions/functions_edit.php'; - $record=WT_GedcomRecord::getInstance(safe_POST_xref('xref')); + $record = WT_GedcomRecord::getInstance(WT_Filter::post('xref', WT_REGEX_XREF)); if ($record && WT_USER_CAN_ACCEPT && $record->canShow() && $record->canEdit()) { WT_FlashMessages::addMessage(/* I18N: %s is the name of an individual, source or other record */ WT_I18N::translate('The changes to “%s” have been accepted.', $record->getFullName())); accept_all_changes($record->getXref(), $record->getGedcomId()); @@ -57,8 +57,8 @@ case 'accept-changes': case 'copy-fact': // Copy a fact to the clipboard require WT_ROOT.'includes/functions/functions_edit.php'; - $xref = safe_POST_xref('xref'); - $fact_id = safe_POST('fact_id'); + $xref = WT_Filter::post('xref', WT_REGEX_XREF); + $fact_id = WT_Filter::post('fact_id'); $record = WT_GedcomRecord::getInstance($xref); @@ -96,8 +96,8 @@ case 'copy-fact': case 'delete-fact': require WT_ROOT.'includes/functions/functions_edit.php'; - $xref = safe_POST_xref('xref'); - $fact_id = safe_POST('fact_id'); + $xref = WT_Filter::post('xref', WT_REGEX_XREF); + $fact_id = WT_Filter::post('fact_id'); $record = WT_GedcomRecord::getInstance($xref); if ($record && $record->canShow() && $record->canEdit()) { @@ -120,7 +120,7 @@ case 'delete-note': case 'delete-repository': case 'delete-source': require WT_ROOT.'includes/functions/functions_edit.php'; - $record=WT_GedcomRecord::getInstance(safe_POST_xref('xref')); + $record=WT_GedcomRecord::getInstance(WT_Filter::post('xref', WT_REGEX_XREF)); if ($record && WT_USER_CAN_EDIT && $record->canShow() && $record->canEdit()) { // Delete links to this record foreach (fetch_all_links($record->getXref(), $record->getGedcomId()) as $xref) { @@ -157,7 +157,7 @@ case 'delete-source': case 'reject-changes': // Reject all the pending changes for a record require WT_ROOT.'includes/functions/functions_edit.php'; - $record=WT_GedcomRecord::getInstance(safe_POST_xref('xref')); + $record=WT_GedcomRecord::getInstance(WT_Filter::post('xref', WT_REGEX_XREF)); if ($record && WT_USER_CAN_ACCEPT && $record->canShow() && $record->canEdit()) { WT_FlashMessages::addMessage(/* I18N: %s is the name of an individual, source or other record */ WT_I18N::translate('The changes to “%s” have been rejected.', $record->getFullName())); reject_all_changes($record->getXref(), $record->getGedcomId()); @@ -168,7 +168,7 @@ case 'reject-changes': case 'theme': // Change the current theme - $theme_dir=safe_POST('theme'); + $theme_dir=WT_Filter::post('theme'); if (WT_Site::preference('ALLOW_USER_THEMES') && in_array($theme_dir, get_theme_names())) { $WT_SESSION->theme_dir=$theme_dir; if (WT_USER_ID) { diff --git a/addmedia.php b/addmedia.php index a99b38d54d..f31086940b 100644 --- a/addmedia.php +++ b/addmedia.php @@ -27,17 +27,17 @@ require './includes/session.php'; require_once WT_ROOT.'includes/functions/functions_print_lists.php'; require WT_ROOT.'includes/functions/functions_edit.php'; -$pid = safe_REQUEST($_REQUEST, 'pid', WT_REGEX_XREF); // edit this media object -$linktoid = safe_REQUEST($_REQUEST, 'linktoid', WT_REGEX_XREF); // create a new media object, linked to this record -$action = safe_REQUEST($_REQUEST, 'action'); -$filename = safe_REQUEST($_REQUEST, 'filename', WT_REGEX_UNSAFE); -$text = safe_REQUEST($_REQUEST, 'text', WT_REGEX_UNSAFE); -$tag = safe_REQUEST($_REQUEST, 'tag', WT_REGEX_UNSAFE); -$islink = safe_REQUEST($_REQUEST, 'islink', WT_REGEX_UNSAFE); -$glevels = safe_REQUEST($_REQUEST, 'glevels', WT_REGEX_UNSAFE); +$pid = WT_Filter::get('pid', WT_REGEX_XREF, WT_Filter::post('pid', WT_REGEX_XREF)); // edit this media object +$linktoid = WT_Filter::get('linktoid', WT_REGEX_XREF, WT_Filter::post('linktoid', WT_REGEX_XREF)); // create a new media object, linked to this record +$action = WT_Filter::get('action', null, WT_Filter::post('action')); +$filename = WT_Filter::get('filename', null, WT_Filter::post('filename')); +$text = WT_Filter::postArray('text'); +$tag = WT_Filter::postArray('tag', WT_REGEX_TAG); +$islink = WT_Filter::postArray('islink'); +$glevels = WT_Filter::postArray('glevels', '[0-9]'); -$folder = safe_POST('folder', WT_REGEX_UNSAFE); -$update_CHAN = !safe_POST_bool('preserve_last_changed'); +$folder = WT_Filter::post('folder'); +$update_CHAN = !WT_Filter::postBool('preserve_last_changed'); $controller = new WT_Controller_Simple(); $controller @@ -224,7 +224,7 @@ case 'create': // Save the information from the “showcreateform” action $controller->pageHeader(); // Build the gedcom record - $newged = "0 @new@ OBJE\n"; + $newged = "0 @new@ OBJE"; if ($tag[0]=='FILE') { // The admin has an edit field to change the file name $text[0] = $folderName . $fileName; @@ -752,5 +752,3 @@ function get_first_tag($level, $tag, $gedrec, $num=1) { } return substr($temp, 2, $length-2); } - - diff --git a/admin_media.php b/admin_media.php index 21618e9e52..0ab1364b81 100644 --- a/admin_media.php +++ b/admin_media.php @@ -21,11 +21,11 @@ require './includes/session.php'; require WT_ROOT . 'includes/functions/functions_edit.php'; // type of file/object to include -$files = safe_GET('files', array('local', 'external', 'unused'), 'local'); +$files = WT_Filter::get('files', 'local|external|unused', 'local'); // family tree setting MEDIA_DIRECTORY $media_folders = all_media_folders(); -$media_folder = safe_GET('media_folder', WT_REGEX_UNSAFE); +$media_folder = WT_Filter::get('media_folder'); // User folders may contain special characters. Restrict to actual folders. if (!array_key_exists($media_folder, $media_folders)) { $media_folder = reset($media_folders); @@ -33,24 +33,24 @@ if (!array_key_exists($media_folder, $media_folders)) { // prefix to filename $media_paths = media_paths($media_folder); -$media_path = safe_GET('media_path', WT_REGEX_UNSAFE); +$media_path = WT_Filter::get('media_path'); // User paths may contain special characters. Restrict to actual paths. if (!array_key_exists($media_path, $media_paths)) { $media_path = reset($media_paths); } // subfolders within $media_path -$subfolders = safe_GET('subfolders', array('include', 'exclude'), 'include'); -$action = safe_GET('action'); +$subfolders = WT_Filter::get('subfolders', 'include|exclude', 'include'); +$action = WT_Filter::get('action'); //////////////////////////////////////////////////////////////////////////////// // POST callback for file deletion //////////////////////////////////////////////////////////////////////////////// -$delete_file = safe_POST('delete', WT_REGEX_UNSAFE); +$delete_file = WT_Filter::post('delete'); if ($delete_file) { $controller = new WT_Controller_Ajax; // Only delete valid (i.e. unused) media files - $media_folder = safe_POST('media_folder', WT_REGEX_UNSAFE); + $media_folder = WT_Filter::post('media_folder'); $disk_files = all_disk_files ($media_folder, '', 'include', ''); if (in_array($delete_file, $disk_files)) { $tmp = WT_DATA_DIR . $media_folder . $delete_file; @@ -81,9 +81,9 @@ if ($delete_file) { switch($action) { case 'load_json': Zend_Session::writeClose(); - $sSearch = safe_GET('sSearch'); - $iDisplayStart = (int)safe_GET('iDisplayStart'); - $iDisplayLength = (int)safe_GET('iDisplayLength'); + $sSearch = WT_Filter::get('sSearch'); + $iDisplayStart = WT_Filter::getInteger('iDisplayStart'); + $iDisplayLength = WT_Filter::getInteger('iDisplayLength'); switch ($files) { case 'local': @@ -123,18 +123,18 @@ case 'load_json': } else { $LIMIT = ""; } - $iSortingCols=safe_GET('iSortingCols'); + $iSortingCols=WT_Filter::getInteger('iSortingCols'); if ($iSortingCols) { $ORDER_BY = " ORDER BY "; for ($i=0; $i<$iSortingCols; ++$i) { // Datatables numbers columns 0, 1, 2, ... // MySQL numbers columns 1, 2, 3, ... - switch (safe_GET('sSortDir_'.$i)) { + switch (WT_Filter::get('sSortDir_'.$i)) { case 'asc': - $ORDER_BY .= (1+(int)safe_GET('iSortCol_'.$i)).' ASC '; + $ORDER_BY .= (1 + WT_Filter::getInteger('iSortCol_'.$i)).' ASC '; break; case 'desc': - $ORDER_BY .= (1+(int)safe_GET('iSortCol_'.$i)).' DESC '; + $ORDER_BY .= (1 + WT_Filter::getInteger('iSortCol_'.$i)).' DESC '; break; } if ($i<$iSortingCols-1) { @@ -181,18 +181,18 @@ case 'load_json': } else { $LIMIT = ""; } - $iSortingCols = safe_GET('iSortingCols'); + $iSortingCols = WT_Filter::getInteger('iSortingCols'); if ($iSortingCols) { $ORDER_BY = " ORDER BY "; for ($i=0; $i<$iSortingCols; ++$i) { // Datatables numbers columns 0, 1, 2, ... // MySQL numbers columns 1, 2, 3, ... - switch (safe_GET('sSortDir_'.$i)) { + switch (WT_Filter::get('sSortDir_'.$i)) { case 'asc': - $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' ASC '; + $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' ASC '; break; case 'desc': - $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' DESC '; + $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' DESC '; break; } if ($i<$iSortingCols-1) { @@ -247,7 +247,7 @@ case 'load_json': // Sort files - only option is column 0 sort($unused_files); - if (safe_GET('sSortDir_0')=='desc') { + if (WT_Filter::get('sSortDir_0')=='desc') { $unused_files = array_reverse($unused_files); } @@ -300,7 +300,7 @@ case 'load_json': header('Content-type: application/json'); echo json_encode(array( // See http://www.datatables.net/usage/server-side - 'sEcho' => (int)safe_GET('sEcho'), + 'sEcho' => WT_Filter::getInteger('sEcho'), // String, but always an integer 'iTotalRecords' => $iTotalRecords, 'iTotalDisplayRecords' => $iTotalDisplayRecords, 'aaData' => $aaData @@ -599,4 +599,4 @@ $controller </thead> <tbody> </tbody> -</table> +</table>
\ No newline at end of file diff --git a/admin_media_upload.php b/admin_media_upload.php index 0560e6c718..b86b329028 100644 --- a/admin_media_upload.php +++ b/admin_media_upload.php @@ -31,12 +31,12 @@ $controller ->requireEditorLogin() /* Editing may be disabled, even for admins */ ->setPageTitle(WT_I18N::translate('Upload media files')); -$action = safe_POST('action'); +$action = WT_Filter::post('action'); if ($action == "upload") { for ($i=1; $i<6; $i++) { if (!empty($_FILES['mediafile'.$i]["name"]) || !empty($_FILES['thumbnail'.$i]["name"])) { - $folder = safe_POST('folder' . $i, WT_REGEX_UNSAFE); + $folder = WT_Filter::post('folder' . $i); // Validate the media folder $folderName = str_replace('\\', '/', $folder); @@ -100,7 +100,7 @@ if ($action == "upload") { } // User-specified filename? - $filename = safe_POST('filename' . $i, WT_REGEX_UNSAFE); + $filename = WT_Filter::post('filename' . $i); // Use the name of the uploaded file? if (!$filename && !empty($_FILES['mediafile' . $i]['name'])) { $filename = $_FILES['mediafile' . $i]['name']; @@ -232,4 +232,4 @@ for ($i=1; $i<6; $i++) { } // Print the Submit button for uploading the media echo '<input type="submit" value="', WT_I18N::translate('Upload'), '">'; -echo '</form>'; +echo '</form>';
\ No newline at end of file diff --git a/admin_module_blocks.php b/admin_module_blocks.php index e970ae6bec..9f1130faf4 100644 --- a/admin_module_blocks.php +++ b/admin_module_blocks.php @@ -30,12 +30,12 @@ $controller $modules=WT_Module::getActiveBlocks(WT_GED_ID, WT_PRIV_HIDE); -$action = safe_POST('action'); +$action = WT_Filter::post('action'); if ($action=='update_mods') { foreach ($modules as $module_name=>$module) { foreach (WT_Tree::getAll() as $tree) { - $value = safe_POST("blockaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel()); + $value = WT_Filter::post("blockaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel()); WT_DB::prepare( "REPLACE INTO `##module_privacy` (module_name, gedcom_id, component, access_level) VALUES (?, ?, 'block', ?)" )->execute(array($module_name, $tree->tree_id, $value)); @@ -89,4 +89,4 @@ if ($action=='update_mods') { </table> <input type="submit" value="<?php echo WT_I18N::translate('save'); ?>"> </form> -</div> +</div>
\ No newline at end of file diff --git a/admin_module_menus.php b/admin_module_menus.php index b86e59fd4f..07794e67f3 100644 --- a/admin_module_menus.php +++ b/admin_module_menus.php @@ -42,17 +42,17 @@ $controller $modules=WT_Module::getActiveMenus(WT_GED_ID, WT_PRIV_HIDE); -$action = safe_POST('action'); +$action = WT_Filter::post('action'); if ($action=='update_mods') { foreach ($modules as $module_name=>$module) { foreach (WT_Tree::getAll() as $tree) { - $access_level = safe_POST("menuaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel()); + $access_level = WT_Filter::post("menuaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel()); WT_DB::prepare( "REPLACE INTO `##module_privacy` (module_name, gedcom_id, component, access_level) VALUES (?, ?, 'menu', ?)" )->execute(array($module_name, $tree->tree_id, $access_level)); } - $order = safe_POST('menuorder-'.$module_name); + $order = WT_Filter::post('menuorder-'.$module_name); WT_DB::prepare( "UPDATE `##module` SET menu_order=? WHERE module_name=?" )->execute(array($order, $module_name)); @@ -110,4 +110,4 @@ if ($action=='update_mods') { </table> <input type="submit" value="<?php echo WT_I18N::translate('save'); ?>"> </form> -</div> +</div>
\ No newline at end of file diff --git a/admin_module_reports.php b/admin_module_reports.php index a6f773a0d2..62d246d129 100644 --- a/admin_module_reports.php +++ b/admin_module_reports.php @@ -30,12 +30,12 @@ $controller $modules=WT_Module::getActiveReports(WT_GED_ID, WT_PRIV_HIDE); -$action = safe_POST('action'); +$action = WT_Filter::post('action'); if ($action=='update_mods') { foreach ($modules as $module_name=>$module) { foreach (WT_Tree::getAll() as $tree) { - $value = safe_POST("reportaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel()); + $value = WT_Filter::post("reportaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel()); WT_DB::prepare( "REPLACE INTO `##module_privacy` (module_name, gedcom_id, component, access_level) VALUES (?, ?, 'report', ?)" )->execute(array($module_name, $tree->tree_id, $value)); @@ -89,4 +89,4 @@ if ($action=='update_mods') { </table> <input type="submit" value="<?php echo WT_I18N::translate('save'); ?>"> </form> -</div> +</div>
\ No newline at end of file diff --git a/admin_module_sidebar.php b/admin_module_sidebar.php index 4b2598f5be..4f7c93f150 100644 --- a/admin_module_sidebar.php +++ b/admin_module_sidebar.php @@ -42,17 +42,17 @@ $controller $modules=WT_Module::getActiveSidebars(WT_GED_ID, WT_PRIV_HIDE); -$action = safe_POST('action'); +$action = WT_Filter::post('action'); if ($action=='update_mods') { foreach ($modules as $module_name=>$module) { foreach (WT_Tree::getAll() as $tree) { - $access_level = safe_POST("sidebaraccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel()); + $access_level = WT_Filter::post("sidebaraccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel()); WT_DB::prepare( "REPLACE INTO `##module_privacy` (module_name, gedcom_id, component, access_level) VALUES (?, ?, 'sidebar', ?)" )->execute(array($module_name, $tree->tree_id, $access_level)); } - $order = safe_POST('sidebarorder-'.$module_name); + $order = WT_Filter::post('sidebarorder-'.$module_name); WT_DB::prepare( "UPDATE `##module` SET sidebar_order=? WHERE module_name=?" )->execute(array($order, $module_name)); @@ -109,4 +109,4 @@ if ($action=='update_mods') { </table> <input type="submit" value="<?php echo WT_I18N::translate('save'); ?>"> </form> -</div> +</div>
\ No newline at end of file diff --git a/admin_module_tabs.php b/admin_module_tabs.php index eba7563682..92c868e33c 100644 --- a/admin_module_tabs.php +++ b/admin_module_tabs.php @@ -42,17 +42,17 @@ $controller $modules=WT_Module::getActiveTabs(WT_GED_ID, WT_PRIV_HIDE); -$action = safe_POST('action'); +$action = WT_Filter::post('action'); if ($action=='update_mods') { foreach ($modules as $module_name=>$module) { foreach (WT_Tree::getAll() as $tree) { - $access_level = safe_POST("tabaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel()); + $access_level = WT_Filter::post("tabaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel()); WT_DB::prepare( "REPLACE INTO `##module_privacy` (module_name, gedcom_id, component, access_level) VALUES (?, ?, 'tab', ?)" )->execute(array($module_name, $tree->tree_id, $access_level)); } - $order = safe_POST('taborder-'.$module_name); + $order = WT_Filter::post('taborder-'.$module_name); WT_DB::prepare( "UPDATE `##module` SET tab_order=? WHERE module_name=?" )->execute(array($order, $module_name)); @@ -110,4 +110,4 @@ if ($action=='update_mods') { </table> <input type="submit" value="<?php echo WT_I18N::translate('save'); ?>"> </form> -</div> +</div>
\ No newline at end of file diff --git a/admin_modules.php b/admin_modules.php index 4013f60680..bf4604ea7e 100644 --- a/admin_modules.php +++ b/admin_modules.php @@ -65,10 +65,10 @@ $modules=WT_Module::getInstalledModules('disabled'); $module_status=WT_DB::prepare("SELECT module_name, status FROM `##module`")->fetchAssoc(); -switch (safe_POST('action')) { +switch (WT_Filter::post('action')) { case 'update_mods': foreach ($modules as $module_name=>$status) { - $new_status=safe_POST("status-{$module_name}"); + $new_status=WT_Filter::post("status-{$module_name}"); if ($new_status!==null) { $new_status=$new_status ? 'enabled' : 'disabled'; if ($new_status!=$status) { @@ -80,9 +80,9 @@ case 'update_mods': break; } -switch (safe_GET('action')) { +switch (WT_Filter::get('action')) { case 'delete_module': - $module_name=safe_GET('module_name'); + $module_name=WT_Filter::get('module_name'); WT_DB::prepare( "DELETE `##block_setting`". " FROM `##block_setting`". @@ -156,4 +156,4 @@ case 'delete_module': <input type="submit" value="<?php echo WT_I18N::translate('save'); ?>"> </form> </div> -</div> +</div>
\ No newline at end of file diff --git a/admin_pgv_to_wt.php b/admin_pgv_to_wt.php index ad03184df1..0e47d7303a 100644 --- a/admin_pgv_to_wt.php +++ b/admin_pgv_to_wt.php @@ -33,9 +33,9 @@ $controller ->requireAdminLogin() ->setPageTitle(WT_I18N::translate('PhpGedView to webtrees transfer wizard')); -$error=''; -$warning=''; -$PGV_PATH=safe_POST('PGV_PATH'); +$error = ''; +$warning = ''; +$PGV_PATH = WT_Filter::post('PGV_PATH'); if ($PGV_PATH) { if (!is_dir($PGV_PATH) || !is_readable($PGV_PATH.'/config.php')) { @@ -1057,4 +1057,4 @@ WT_DB::exec("COMMIT"); echo '<hr>'; echo '<p>', WT_I18N::translate('You need to login again, using your PhpGedView username and password.'), '</p>'; -echo '<a href="index.php"><button>', WT_I18N::translate('continue'), '</button></a>'; +echo '<a href="index.php"><button>', WT_I18N::translate('continue'), '</button></a>';
\ No newline at end of file diff --git a/admin_site_access.php b/admin_site_access.php index 6a612835bd..8ec5792c2b 100644 --- a/admin_site_access.php +++ b/admin_site_access.php @@ -29,16 +29,16 @@ $controller ->addExternalJavascript(WT_JQUERY_JEDITABLE_URL) ->setPageTitle(WT_I18N::translate('Site access rules')); -$action=safe_GET('action'); +$action = WT_Filter::get('action'); switch ($action) { case 'delete': - $user_access_rule_id=safe_GET('site_access_rule_id'); + $user_access_rule_id = WT_Filter::getInteger('site_access_rule_id'); WT_DB::prepare("DELETE FROM `##site_access_rule` WHERE site_access_rule_id=?")->execute(array($user_access_rule_id)); break; case 'allow': case 'deny': case 'robot': - $user_access_rule_id=safe_GET('site_access_rule_id'); + $user_access_rule_id = WT_Filter::getInteger('site_access_rule_id'); WT_DB::prepare("UPDATE `##site_access_rule` SET rule=? WHERE site_access_rule_id=?")->execute(array($action, $user_access_rule_id)); break; case 'load_rules': @@ -51,7 +51,7 @@ case 'load_rules': " WHERE rule<>'unknown'"; $args=array(); - $sSearch=safe_GET('sSearch'); + $sSearch = WT_Filter::get('sSearch'); if ($sSearch) { $sql.= " AND (INET_ATON(?) BETWEEN ip_address_start AND ip_address_end". @@ -66,18 +66,18 @@ case 'load_rules': $args[]=$sSearch; } - $iSortingCols=safe_GET('iSortingCols'); + $iSortingCols = WT_Filter::getInteger('iSortingCols'); if ($iSortingCols) { $sql.=" ORDER BY "; for ($i=0; $i<$iSortingCols; ++$i) { // Datatables numbers columns 0, 1, 2, ... // MySQL numbers columns 1, 2, 3, ... - switch (safe_GET('sSortDir_'.$i)) { + switch (WT_Filter::get('sSortDir_'.$i)) { case 'asc': - $sql.=(1+(int)safe_GET('iSortCol_'.$i)).' ASC '; + $sql.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' ASC '; break; case 'desc': - $sql.=(1+(int)safe_GET('iSortCol_'.$i)).' DESC '; + $sql.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' DESC '; break; } if ($i<$iSortingCols-1) { @@ -88,8 +88,8 @@ case 'load_rules': $sql.=" ORDER BY updated DESC"; } - $iDisplayStart =(int)safe_GET('iDisplayStart'); - $iDisplayLength=(int)safe_GET('iDisplayLength'); + $iDisplayStart = WT_Filter::getInteger('iDisplayStart'); + $iDisplayLength = WT_Filter::getInteger('iDisplayLength'); if ($iDisplayLength>0) { $sql.=" LIMIT " . $iDisplayStart . ',' . $iDisplayLength; } @@ -119,10 +119,10 @@ case 'load_rules': header('Content-type: application/json'); echo json_encode(array( // See http://www.datatables.net/usage/server-side - 'sEcho' =>(int)safe_GET('sEcho'), - 'iTotalRecords' =>$iTotalRecords, - 'iTotalDisplayRecords'=>$iTotalDisplayRecords, - 'aaData' =>$aaData + 'sEcho' => WT_Filter::getInteger('sEcho'), // Always an integer + 'iTotalRecords' => $iTotalRecords, + 'iTotalDisplayRecords' => $iTotalDisplayRecords, + 'aaData' => $aaData )); exit; case 'load_unknown': @@ -135,7 +135,7 @@ case 'load_unknown': " WHERE rule='unknown'"; $args=array(); - $sSearch=safe_GET('sSearch'); + $sSearch = WT_Filter::get('sSearch'); if ($sSearch) { $sql.= " AND (INET_ATON(ip_address_start) LIKE CONCAT('%', ?, '%')". @@ -144,18 +144,18 @@ case 'load_unknown': $args[]=$sSearch; } - $iSortingCols=safe_GET('iSortingCols'); + $iSortingCols = WT_Filter::getInteger('iSortingCols'); if ($iSortingCols) { $sql.=" ORDER BY "; for ($i=0; $i<$iSortingCols; ++$i) { // Datatables numbers columns 0, 1, 2, ... // MySQL numbers columns 1, 2, 3, ... - switch (safe_GET('sSortDir_'.$i)) { + switch (WT_Filter::get('sSortDir_'.$i)) { case 'asc': - $sql.=(1+(int)safe_GET('iSortCol_'.$i)).' ASC '; + $sql.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' ASC '; break; case 'desc': - $sql.=(1+(int)safe_GET('iSortCol_'.$i)).' DESC '; + $sql.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' DESC '; break; } if ($i<$iSortingCols-1) { @@ -166,8 +166,8 @@ case 'load_unknown': $sql.=" ORDER BY updated DESC"; } - $iDisplayStart =(int)safe_GET('iDisplayStart'); - $iDisplayLength=(int)safe_GET('iDisplayLength'); + $iDisplayStart = WT_Filter::getInteger('iDisplayStart'); + $iDisplayLength = WT_Filter::getInteger('iDisplayLength'); if ($iDisplayLength>0) { $sql.=" LIMIT " . $iDisplayStart . ',' . $iDisplayLength; } @@ -189,10 +189,10 @@ case 'load_unknown': header('Content-type: application/json'); echo json_encode(array( // See http://www.datatables.net/usage/server-side - 'sEcho' =>(int)safe_GET('sEcho'), - 'iTotalRecords' =>$iTotalRecords, - 'iTotalDisplayRecords'=>$iTotalDisplayRecords, - 'aaData' =>$aaData + 'sEcho' => WT_Filter::getInteger('sEcho'), // Always an integer + 'iTotalRecords' => $iTotalRecords, + 'iTotalDisplayRecords' => $iTotalDisplayRecords, + 'aaData' => $aaData )); exit; } @@ -300,4 +300,4 @@ WT_DB::exec( <th><?php echo WT_I18N::translate('robot'); ?></th> </tr> </thead> -</table> +</table>
\ No newline at end of file diff --git a/admin_site_change.php b/admin_site_change.php index 9ba602450d..dc02f51c2a 100644 --- a/admin_site_change.php +++ b/admin_site_change.php @@ -39,20 +39,20 @@ $earliest=WT_DB::prepare("SELECT DATE(MIN(change_time)) FROM `##change`")->execu $latest =WT_DB::prepare("SELECT DATE(MAX(change_time)) FROM `##change`")->execute(array())->fetchOne(); // Filtering -$action=safe_GET('action'); -$from =safe_GET('from', '\d\d\d\d-\d\d-\d\d', $earliest); -$to =safe_GET('to', '\d\d\d\d-\d\d-\d\d', $latest); -$type =safe_GET('type', array_keys($statuses)); -$oldged=safe_GET('oldged'); -$newged=safe_GET('newged'); -$xref =safe_GET('xref'); -$user =safe_GET('user'); +$action = WT_Filter::get('action'); +$from = WT_Filter::get('from', '\d\d\d\d-\d\d-\d\d', $earliest); +$to = WT_Filter::get('to', '\d\d\d\d-\d\d-\d\d', $latest); +$type = WT_Filter::get('type', 'accepted|rejected|pending'); +$oldged = WT_Filter::get('oldged'); +$newged = WT_Filter::get('newged'); +$xref = WT_Filter::get('xref', WT_REGEX_XREF); +$user = WT_Filter::get('user'); if (WT_USER_IS_ADMIN) { // Administrators can see all logs - $gedc=safe_GET('gedc'); + $gedc = WT_Filter::get('gedc'); } else { // Managers can only see logs relating to this gedcom - $gedc=WT_GEDCOM; + $gedc = WT_GEDCOM; } $query=array(); @@ -137,33 +137,33 @@ case 'export': exit; case 'load_json': Zend_Session::writeClose(); - $iDisplayStart =(int)safe_GET('iDisplayStart'); - $iDisplayLength=(int)safe_GET('iDisplayLength'); + $iDisplayStart = WT_Filter::getInteger('iDisplayStart'); + $iDisplayLength = WT_Filter::getInteger('iDisplayLength'); set_user_setting(WT_USER_ID, 'admin_site_change_page_size', $iDisplayLength); if ($iDisplayLength>0) { - $LIMIT=" LIMIT " . $iDisplayStart . ',' . $iDisplayLength; + $LIMIT = " LIMIT " . $iDisplayStart . ',' . $iDisplayLength; } else { - $LIMIT=""; + $LIMIT = ""; } - $iSortingCols=safe_GET('iSortingCols'); + $iSortingCols = WT_Filter::getInteger('iSortingCols'); if ($iSortingCols) { $ORDER_BY=' ORDER BY '; for ($i=0; $i<$iSortingCols; ++$i) { // Datatables numbers columns 0, 1, 2, ... // MySQL numbers columns 1, 2, 3, ... - switch (safe_GET('sSortDir_'.$i)) { + switch (WT_Filter::get('sSortDir_'.$i)) { case 'asc': - if ((int)safe_GET('iSortCol_'.$i)==0) { + if (WT_Filter::getInteger('iSortCol_'.$i)==0) { $ORDER_BY.='change_id ASC '; // column 0 is "timestamp", using change_id gives the correct order for events in the same second } else { - $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' ASC '; + $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' ASC '; } break; case 'desc': - if ((int)safe_GET('iSortCol_'.$i)==0) { + if (WT_Filter::getInteger('iSortCol_'.$i)==0) { $ORDER_BY.='change_id DESC '; } else { - $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' DESC '; + $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' DESC '; } break; } @@ -190,10 +190,10 @@ case 'load_json': header('Content-type: application/json'); echo json_encode(array( // See http://www.datatables.net/usage/server-side - 'sEcho' =>(int)safe_GET('sEcho'), - 'iTotalRecords' =>$iTotalRecords, - 'iTotalDisplayRecords'=>$iTotalDisplayRecords, - 'aaData' =>$aaData + 'sEcho' => WT_Filter::getInteger('sEcho'), // Always an integer + 'iTotalRecords' => $iTotalRecords, + 'iTotalDisplayRecords' => $iTotalDisplayRecords, + 'aaData' => $aaData )); exit; } diff --git a/admin_site_logs.php b/admin_site_logs.php index 4dfb92f11a..2271209c46 100644 --- a/admin_site_logs.php +++ b/admin_site_logs.php @@ -32,19 +32,19 @@ $earliest=WT_DB::prepare("SELECT DATE(MIN(log_time)) FROM `##log`")->execute(arr $latest =WT_DB::prepare("SELECT DATE(MAX(log_time)) FROM `##log`")->execute(array())->fetchOne(); // Filtering -$action=safe_GET('action'); -$from =safe_GET('from', '\d\d\d\d-\d\d-\d\d', $earliest); -$to =safe_GET('to', '\d\d\d\d-\d\d-\d\d', $latest); -$type =safe_GET('type', array('auth','change','config','debug','edit','error','media','search')); -$text =safe_GET('text'); -$ip =safe_GET('ip'); -$user =safe_GET('user'); +$action = WT_Filter::get('action'); +$from = WT_Filter::get('from', '\d\d\d\d-\d\d-\d\d', $earliest); +$to = WT_Filter::get('to', '\d\d\d\d-\d\d-\d\d', $latest); +$type = WT_Filter::get('type', 'auth|change|config|debug|edit|error|media|search'); +$text = WT_Filter::get('text'); +$ip = WT_Filter::get('ip'); +$user = WT_Filter::get('user'); if (WT_USER_IS_ADMIN) { // Administrators can see all logs - $gedc=safe_GET('gedc'); + $gedc = WT_Filter::get('gedc'); } else { // Managers can only see logs relating to this gedcom - $gedc=WT_GEDCOM; + $gedc = WT_GEDCOM; } $query=array(); @@ -120,33 +120,33 @@ case 'export': exit; case 'load_json': Zend_Session::writeClose(); - $iDisplayStart =(int)safe_GET('iDisplayStart'); - $iDisplayLength=(int)safe_GET('iDisplayLength'); + $iDisplayStart = WT_Filter::getInteger('iDisplayStart'); + $iDisplayLength = WT_Filter::getInteger('iDisplayLength'); set_user_setting(WT_USER_ID, 'admin_site_log_page_size', $iDisplayLength); if ($iDisplayLength>0) { $LIMIT=" LIMIT " . $iDisplayStart . ',' . $iDisplayLength; } else { $LIMIT=""; } - $iSortingCols=safe_GET('iSortingCols'); + $iSortingCols = WT_Filter::getInteger('iSortingCols'); if ($iSortingCols) { $ORDER_BY=' ORDER BY '; for ($i=0; $i<$iSortingCols; ++$i) { // Datatables numbers columns 0, 1, 2, ... // MySQL numbers columns 1, 2, 3, ... - switch (safe_GET('sSortDir_'.$i)) { + switch (WT_Filter::get('sSortDir_'.$i)) { case 'asc': - if ((int)safe_GET('iSortCol_'.$i)==0) { + if (WT_Filter::getInteger('iSortCol_'.$i)==0) { $ORDER_BY.='log_id ASC '; // column 0 is "timestamp", using log_id gives the correct order for events in the same second } else { - $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' ASC '; + $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' ASC '; } break; case 'desc': - if ((int)safe_GET('iSortCol_'.$i)==0) { + if (WT_Filter::getInteger('iSortCol_'.$i)==0) { $ORDER_BY.='log_id DESC '; } else { - $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' DESC '; + $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' DESC '; } break; } @@ -170,10 +170,10 @@ case 'load_json': header('Content-type: application/json'); echo json_encode(array( // See http://www.datatables.net/usage/server-side - 'sEcho' =>(int)safe_GET('sEcho'), - 'iTotalRecords' =>$iTotalRecords, - 'iTotalDisplayRecords'=>$iTotalDisplayRecords, - 'aaData' =>$aaData + 'sEcho' => WT_Filter::getInteger('sEcho'), // Always an integer + 'iTotalRecords' => $iTotalRecords, + 'iTotalDisplayRecords' => $iTotalDisplayRecords, + 'aaData' => $aaData )); exit; } diff --git a/admin_site_merge.php b/admin_site_merge.php index 3fc8d02699..0bef781685 100644 --- a/admin_site_merge.php +++ b/admin_site_merge.php @@ -36,14 +36,12 @@ require_once WT_ROOT.'includes/functions/functions_edit.php'; require_once WT_ROOT.'includes/functions/functions_import.php'; $ged=$GEDCOM; -$gid1=safe_POST_xref('gid1'); -$gid2=safe_POST_xref('gid2'); -$action=safe_POST('action', WT_REGEX_ALPHA, 'choose'); -$ged2=safe_POST('ged2', WT_REGEX_NOSCRIPT, $GEDCOM); -$keep1=safe_POST('keep1', WT_REGEX_UNSAFE); -$keep2=safe_POST('keep2', WT_REGEX_UNSAFE); -if (empty($keep1)) $keep1=array(); -if (empty($keep2)) $keep2=array(); +$gid1 = WT_Filter::post('gid1', WT_REGEX_XREF); +$gid2 = WT_Filter::post('gid2', WT_REGEX_XREF); +$action = WT_Filter::post('action', 'choose|select|merge', 'choose'); +$ged2 = WT_Filter::post('ged2', '.+', $ged); +$keep1 = WT_Filter::postArray('keep1'); +$keep2 = WT_Filter::postArray('keep2'); if (count(WT_Tree::getAll())==1) { //Removed becasue it doesn't work here for multiple GEDCOMs. Can be reinstated when fixed (https://bugs.launchpad.net/webtrees/+bug/613235) $controller->addExternalJavascript(WT_STATIC_URL.'js/autocomplete.js'); diff --git a/admin_trees_check.php b/admin_trees_check.php index f824667686..2ee70a4448 100644 --- a/admin_trees_check.php +++ b/admin_trees_check.php @@ -40,7 +40,7 @@ echo select_edit_control('ged', WT_Tree::getNameList(), null, WT_GEDCOM); echo '<input type="submit" value="', $controller->getPageTitle(), '">'; echo '</form>'; -if (!safe_GET('go')) { +if (!WT_Filter::get('go')) { exit; } @@ -224,4 +224,4 @@ function warning($message) { if (!$errors) { echo '<p>', WT_I18N::translate('No errors were found.'), '</p>'; -} +}
\ No newline at end of file diff --git a/admin_trees_config.php b/admin_trees_config.php index 13c590e32a..66f3e1758a 100644 --- a/admin_trees_config.php +++ b/admin_trees_config.php @@ -39,134 +39,134 @@ $PRIVACY_CONSTANTS = array( 'hidden' => WT_I18N::translate('Hide from everyone') ); -switch (safe_POST('action')) { +switch (WT_Filter::post('action')) { case 'delete': WT_DB::prepare( "DELETE FROM `##default_resn` WHERE default_resn_id=?" - )->execute(array(safe_POST('default_resn_id'))); + )->execute(array(WT_Filter::post('default_resn_id'))); // Reload the page, so that the new privacy restrictions are reflected in the header header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.WT_SCRIPT_NAME.'#privacy'); exit; case 'add': - if ((safe_POST('xref') || safe_POST('tag_type')) && safe_POST('resn')) { - if (safe_POST('xref')=='') { + if ((WT_Filter::post('xref') || WT_Filter::post('tag_type')) && WT_Filter::post('resn')) { + if (WT_Filter::post('xref')=='') { WT_DB::prepare( "DELETE FROM `##default_resn` WHERE gedcom_id=? AND tag_type=? AND xref IS NULL" - )->execute(array(WT_GED_ID, safe_POST('tag_type'))); + )->execute(array(WT_GED_ID, WT_Filter::post('tag_type'))); } - if (safe_POST('tag_type')=='') { + if (WT_Filter::post('tag_type')=='') { WT_DB::prepare( "DELETE FROM `##default_resn` WHERE gedcom_id=? AND xref=? AND tag_type IS NULL" - )->execute(array(WT_GED_ID, safe_POST('xref'))); + )->execute(array(WT_GED_ID, WT_Filter::post('xref'))); } WT_DB::prepare( "REPLACE INTO `##default_resn` (gedcom_id, xref, tag_type, resn) VALUES (?, NULLIF(?, ''), NULLIF(?, ''), ?)" - )->execute(array(WT_GED_ID, safe_POST_xref('xref'), safe_POST('tag_type'), safe_POST('resn'))); + )->execute(array(WT_GED_ID, WT_Filter::post('xref', WT_REGEX_XREF), WT_Filter::post('tag_type'), WT_Filter::post('resn'))); } // Reload the page, so that the new privacy restrictions are reflected in the header header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.WT_SCRIPT_NAME.'#privacy'); exit; case 'update': - set_gedcom_setting(WT_GED_ID, 'ABBREVIATE_CHART_LABELS', safe_POST_bool('NEW_ABBREVIATE_CHART_LABELS')); - set_gedcom_setting(WT_GED_ID, 'ADVANCED_NAME_FACTS', safe_POST('NEW_ADVANCED_NAME_FACTS')); - set_gedcom_setting(WT_GED_ID, 'ADVANCED_PLAC_FACTS', safe_POST('NEW_ADVANCED_PLAC_FACTS')); - set_gedcom_setting(WT_GED_ID, 'ALLOW_THEME_DROPDOWN', safe_POST_bool('NEW_ALLOW_THEME_DROPDOWN')); + set_gedcom_setting(WT_GED_ID, 'ABBREVIATE_CHART_LABELS', WT_Filter::postBool('NEW_ABBREVIATE_CHART_LABELS')); + set_gedcom_setting(WT_GED_ID, 'ADVANCED_NAME_FACTS', WT_Filter::post('NEW_ADVANCED_NAME_FACTS')); + set_gedcom_setting(WT_GED_ID, 'ADVANCED_PLAC_FACTS', WT_Filter::post('NEW_ADVANCED_PLAC_FACTS')); + set_gedcom_setting(WT_GED_ID, 'ALLOW_THEME_DROPDOWN', WT_Filter::postBool('NEW_ALLOW_THEME_DROPDOWN')); // For backwards compatibility with webtrees 1.x we store the two calendar formats in one variable // e.g. "gregorian_and_jewish" set_gedcom_setting(WT_GED_ID, 'CALENDAR_FORMAT', implode('_and_', array_unique(array( - safe_POST('NEW_CALENDAR_FORMAT0', 'gregorian|julian|french|jewish|hijri|jalali', 'none'), - safe_POST('NEW_CALENDAR_FORMAT1', 'gregorian|julian|french|jewish|hijri|jalali', 'none') + WT_Filter::post('NEW_CALENDAR_FORMAT0', 'gregorian|julian|french|jewish|hijri|jalali', 'none'), + WT_Filter::post('NEW_CALENDAR_FORMAT1', 'gregorian|julian|french|jewish|hijri|jalali', 'none') )))); - set_gedcom_setting(WT_GED_ID, 'CHART_BOX_TAGS', safe_POST('NEW_CHART_BOX_TAGS')); - set_gedcom_setting(WT_GED_ID, 'COMMON_NAMES_ADD', str_replace(' ', '', safe_POST('NEW_COMMON_NAMES_ADD'))); - set_gedcom_setting(WT_GED_ID, 'COMMON_NAMES_REMOVE', str_replace(' ', '', safe_POST('NEW_COMMON_NAMES_REMOVE'))); - set_gedcom_setting(WT_GED_ID, 'COMMON_NAMES_THRESHOLD', safe_POST('NEW_COMMON_NAMES_THRESHOLD', WT_REGEX_INTEGER, 40)); - set_gedcom_setting(WT_GED_ID, 'CONTACT_USER_ID', safe_POST('NEW_CONTACT_USER_ID')); - set_gedcom_setting(WT_GED_ID, 'DEFAULT_PEDIGREE_GENERATIONS', safe_POST('NEW_DEFAULT_PEDIGREE_GENERATIONS')); - set_gedcom_setting(WT_GED_ID, 'EXPAND_NOTES', safe_POST_bool('NEW_EXPAND_NOTES')); - set_gedcom_setting(WT_GED_ID, 'EXPAND_RELATIVES_EVENTS', safe_POST_bool('NEW_EXPAND_RELATIVES_EVENTS')); - set_gedcom_setting(WT_GED_ID, 'EXPAND_SOURCES', safe_POST_bool('NEW_EXPAND_SOURCES')); - set_gedcom_setting(WT_GED_ID, 'FAM_FACTS_ADD', str_replace(' ', '', safe_POST('NEW_FAM_FACTS_ADD'))); - set_gedcom_setting(WT_GED_ID, 'FAM_FACTS_QUICK', str_replace(' ', '', safe_POST('NEW_FAM_FACTS_QUICK'))); - set_gedcom_setting(WT_GED_ID, 'FAM_FACTS_UNIQUE', str_replace(' ', '', safe_POST('NEW_FAM_FACTS_UNIQUE'))); - set_gedcom_setting(WT_GED_ID, 'FAM_ID_PREFIX', safe_POST('NEW_FAM_ID_PREFIX')); - set_gedcom_setting(WT_GED_ID, 'FULL_SOURCES', safe_POST_bool('NEW_FULL_SOURCES')); - set_gedcom_setting(WT_GED_ID, 'GEDCOM_ID_PREFIX', safe_POST('NEW_GEDCOM_ID_PREFIX')); - set_gedcom_setting(WT_GED_ID, 'GEDCOM_MEDIA_PATH', safe_POST('NEW_GEDCOM_MEDIA_PATH')); - set_gedcom_setting(WT_GED_ID, 'GENERATE_UIDS', safe_POST_bool('NEW_GENERATE_UIDS')); - set_gedcom_setting(WT_GED_ID, 'HIDE_GEDCOM_ERRORS', safe_POST_bool('NEW_HIDE_GEDCOM_ERRORS')); - set_gedcom_setting(WT_GED_ID, 'HIDE_LIVE_PEOPLE', safe_POST_bool('NEW_HIDE_LIVE_PEOPLE')); - set_gedcom_setting(WT_GED_ID, 'GEDCOM_MEDIA_PATH', safe_POST('GEDCOM_MEDIA_PATH')); - set_gedcom_setting(WT_GED_ID, 'INDI_FACTS_ADD', str_replace(' ', '', safe_POST('NEW_INDI_FACTS_ADD'))); - set_gedcom_setting(WT_GED_ID, 'INDI_FACTS_QUICK', str_replace(' ', '', safe_POST('NEW_INDI_FACTS_QUICK'))); - set_gedcom_setting(WT_GED_ID, 'INDI_FACTS_UNIQUE', str_replace(' ', '', safe_POST('NEW_INDI_FACTS_UNIQUE'))); - set_gedcom_setting(WT_GED_ID, 'KEEP_ALIVE_YEARS_BIRTH', safe_POST('KEEP_ALIVE_YEARS_BIRTH', WT_REGEX_INTEGER, 0)); - set_gedcom_setting(WT_GED_ID, 'KEEP_ALIVE_YEARS_DEATH', safe_POST('KEEP_ALIVE_YEARS_DEATH', WT_REGEX_INTEGER, 0)); - set_gedcom_setting(WT_GED_ID, 'LANGUAGE', safe_POST('GEDCOMLANG')); - set_gedcom_setting(WT_GED_ID, 'MAX_ALIVE_AGE', safe_POST('MAX_ALIVE_AGE', WT_REGEX_INTEGER, 100)); - set_gedcom_setting(WT_GED_ID, 'MAX_DESCENDANCY_GENERATIONS', safe_POST('NEW_MAX_DESCENDANCY_GENERATIONS')); - set_gedcom_setting(WT_GED_ID, 'MAX_PEDIGREE_GENERATIONS', safe_POST('NEW_MAX_PEDIGREE_GENERATIONS')); - set_gedcom_setting(WT_GED_ID, 'MEDIA_ID_PREFIX', safe_POST('NEW_MEDIA_ID_PREFIX')); - set_gedcom_setting(WT_GED_ID, 'MEDIA_UPLOAD', safe_POST('NEW_MEDIA_UPLOAD')); - set_gedcom_setting(WT_GED_ID, 'META_DESCRIPTION', safe_POST('NEW_META_DESCRIPTION')); - set_gedcom_setting(WT_GED_ID, 'META_TITLE', safe_POST('NEW_META_TITLE')); - set_gedcom_setting(WT_GED_ID, 'NOTE_ID_PREFIX', safe_POST('NEW_NOTE_ID_PREFIX')); - set_gedcom_setting(WT_GED_ID, 'NO_UPDATE_CHAN', safe_POST_bool('NEW_NO_UPDATE_CHAN')); - set_gedcom_setting(WT_GED_ID, 'PEDIGREE_FULL_DETAILS', safe_POST_bool('NEW_PEDIGREE_FULL_DETAILS')); - set_gedcom_setting(WT_GED_ID, 'PEDIGREE_LAYOUT', safe_POST_bool('NEW_PEDIGREE_LAYOUT')); - set_gedcom_setting(WT_GED_ID, 'PEDIGREE_ROOT_ID', safe_POST_xref('NEW_PEDIGREE_ROOT_ID')); - set_gedcom_setting(WT_GED_ID, 'PEDIGREE_SHOW_GENDER', safe_POST_bool('NEW_PEDIGREE_SHOW_GENDER')); - set_gedcom_setting(WT_GED_ID, 'PREFER_LEVEL2_SOURCES', safe_POST('NEW_PREFER_LEVEL2_SOURCES')); - set_gedcom_setting(WT_GED_ID, 'QUICK_REQUIRED_FACTS', safe_POST('NEW_QUICK_REQUIRED_FACTS')); - set_gedcom_setting(WT_GED_ID, 'QUICK_REQUIRED_FAMFACTS', safe_POST('NEW_QUICK_REQUIRED_FAMFACTS')); - set_gedcom_setting(WT_GED_ID, 'REPO_FACTS_ADD', str_replace(' ', '', safe_POST('NEW_REPO_FACTS_ADD'))); - set_gedcom_setting(WT_GED_ID, 'REPO_FACTS_QUICK', str_replace(' ', '', safe_POST('NEW_REPO_FACTS_QUICK'))); - set_gedcom_setting(WT_GED_ID, 'REPO_FACTS_UNIQUE', str_replace(' ', '', safe_POST('NEW_REPO_FACTS_UNIQUE'))); - set_gedcom_setting(WT_GED_ID, 'REPO_ID_PREFIX', safe_POST('NEW_REPO_ID_PREFIX')); - set_gedcom_setting(WT_GED_ID, 'REQUIRE_AUTHENTICATION', safe_POST_bool('NEW_REQUIRE_AUTHENTICATION')); - set_gedcom_setting(WT_GED_ID, 'SAVE_WATERMARK_IMAGE', safe_POST_bool('NEW_SAVE_WATERMARK_IMAGE')); - set_gedcom_setting(WT_GED_ID, 'SAVE_WATERMARK_THUMB', safe_POST_bool('NEW_SAVE_WATERMARK_THUMB')); - set_gedcom_setting(WT_GED_ID, 'SHOW_AGE_DIFF', safe_POST_bool('NEW_SHOW_AGE_DIFF')); - set_gedcom_setting(WT_GED_ID, 'SHOW_COUNTER', safe_POST_bool('NEW_SHOW_COUNTER')); - set_gedcom_setting(WT_GED_ID, 'SHOW_DEAD_PEOPLE', safe_POST('SHOW_DEAD_PEOPLE')); - set_gedcom_setting(WT_GED_ID, 'SHOW_EST_LIST_DATES', safe_POST_bool('NEW_SHOW_EST_LIST_DATES')); - set_gedcom_setting(WT_GED_ID, 'SHOW_FACT_ICONS', safe_POST_bool('NEW_SHOW_FACT_ICONS')); - set_gedcom_setting(WT_GED_ID, 'SHOW_GEDCOM_RECORD', safe_POST_bool('NEW_SHOW_GEDCOM_RECORD')); - set_gedcom_setting(WT_GED_ID, 'SHOW_HIGHLIGHT_IMAGES', safe_POST_bool('NEW_SHOW_HIGHLIGHT_IMAGES')); - set_gedcom_setting(WT_GED_ID, 'SHOW_LAST_CHANGE', safe_POST_bool('NEW_SHOW_LAST_CHANGE')); - set_gedcom_setting(WT_GED_ID, 'SHOW_LDS_AT_GLANCE', safe_POST_bool('NEW_SHOW_LDS_AT_GLANCE')); - set_gedcom_setting(WT_GED_ID, 'SHOW_LEVEL2_NOTES', safe_POST_bool('NEW_SHOW_LEVEL2_NOTES')); - set_gedcom_setting(WT_GED_ID, 'SHOW_LIVING_NAMES', safe_POST('SHOW_LIVING_NAMES')); - set_gedcom_setting(WT_GED_ID, 'SHOW_MEDIA_DOWNLOAD', safe_POST_bool('NEW_SHOW_MEDIA_DOWNLOAD')); - set_gedcom_setting(WT_GED_ID, 'SHOW_NO_WATERMARK', safe_POST('NEW_SHOW_NO_WATERMARK')); - set_gedcom_setting(WT_GED_ID, 'SHOW_PARENTS_AGE', safe_POST_bool('NEW_SHOW_PARENTS_AGE')); - set_gedcom_setting(WT_GED_ID, 'SHOW_PEDIGREE_PLACES', safe_POST('NEW_SHOW_PEDIGREE_PLACES')); - set_gedcom_setting(WT_GED_ID, 'SHOW_PEDIGREE_PLACES_SUFFIX', safe_POST_bool('NEW_SHOW_PEDIGREE_PLACES_SUFFIX')); - set_gedcom_setting(WT_GED_ID, 'SHOW_PRIVATE_RELATIONSHIPS', safe_POST('SHOW_PRIVATE_RELATIONSHIPS')); - set_gedcom_setting(WT_GED_ID, 'SHOW_RELATIVES_EVENTS', safe_POST('NEW_SHOW_RELATIVES_EVENTS')); - set_gedcom_setting(WT_GED_ID, 'SHOW_STATS', safe_POST_bool('NEW_SHOW_STATS')); - set_gedcom_setting(WT_GED_ID, 'SOURCE_ID_PREFIX', safe_POST('NEW_SOURCE_ID_PREFIX')); - set_gedcom_setting(WT_GED_ID, 'SOUR_FACTS_ADD', str_replace(' ', '', safe_POST('NEW_SOUR_FACTS_ADD'))); - set_gedcom_setting(WT_GED_ID, 'SOUR_FACTS_QUICK', str_replace(' ', '', safe_POST('NEW_SOUR_FACTS_QUICK'))); - set_gedcom_setting(WT_GED_ID, 'SOUR_FACTS_UNIQUE', str_replace(' ', '', safe_POST('NEW_SOUR_FACTS_UNIQUE'))); - set_gedcom_setting(WT_GED_ID, 'SUBLIST_TRIGGER_I', safe_POST('NEW_SUBLIST_TRIGGER_I', WT_REGEX_INTEGER, 200)); - set_gedcom_setting(WT_GED_ID, 'SURNAME_LIST_STYLE', safe_POST('NEW_SURNAME_LIST_STYLE')); - set_gedcom_setting(WT_GED_ID, 'SURNAME_TRADITION', safe_POST('NEW_SURNAME_TRADITION')); - set_gedcom_setting(WT_GED_ID, 'THEME_DIR', safe_POST('NEW_THEME_DIR')); - set_gedcom_setting(WT_GED_ID, 'THUMBNAIL_WIDTH', safe_POST('NEW_THUMBNAIL_WIDTH')); - set_gedcom_setting(WT_GED_ID, 'USE_GEONAMES', safe_POST_bool('NEW_USE_GEONAMES')); - set_gedcom_setting(WT_GED_ID, 'USE_RIN', safe_POST_bool('NEW_USE_RIN')); - set_gedcom_setting(WT_GED_ID, 'USE_SILHOUETTE', safe_POST_bool('NEW_USE_SILHOUETTE')); - set_gedcom_setting(WT_GED_ID, 'WATERMARK_THUMB', safe_POST_bool('NEW_WATERMARK_THUMB')); - set_gedcom_setting(WT_GED_ID, 'WEBMASTER_USER_ID', safe_POST('NEW_WEBMASTER_USER_ID')); - set_gedcom_setting(WT_GED_ID, 'WEBTREES_EMAIL', safe_POST('NEW_WEBTREES_EMAIL')); - set_gedcom_setting(WT_GED_ID, 'WORD_WRAPPED_NOTES', safe_POST_bool('NEW_WORD_WRAPPED_NOTES')); - if (safe_POST('gedcom_title', WT_REGEX_UNSAFE)) { - set_gedcom_setting(WT_GED_ID, 'title', safe_POST('gedcom_title', WT_REGEX_UNSAFE)); + set_gedcom_setting(WT_GED_ID, 'CHART_BOX_TAGS', WT_Filter::post('NEW_CHART_BOX_TAGS')); + set_gedcom_setting(WT_GED_ID, 'COMMON_NAMES_ADD', str_replace(' ', '', WT_Filter::post('NEW_COMMON_NAMES_ADD'))); + set_gedcom_setting(WT_GED_ID, 'COMMON_NAMES_REMOVE', str_replace(' ', '', WT_Filter::post('NEW_COMMON_NAMES_REMOVE'))); + set_gedcom_setting(WT_GED_ID, 'COMMON_NAMES_THRESHOLD', WT_Filter::post('NEW_COMMON_NAMES_THRESHOLD', WT_REGEX_INTEGER, 40)); + set_gedcom_setting(WT_GED_ID, 'CONTACT_USER_ID', WT_Filter::post('NEW_CONTACT_USER_ID')); + set_gedcom_setting(WT_GED_ID, 'DEFAULT_PEDIGREE_GENERATIONS', WT_Filter::post('NEW_DEFAULT_PEDIGREE_GENERATIONS')); + set_gedcom_setting(WT_GED_ID, 'EXPAND_NOTES', WT_Filter::postBool('NEW_EXPAND_NOTES')); + set_gedcom_setting(WT_GED_ID, 'EXPAND_RELATIVES_EVENTS', WT_Filter::postBool('NEW_EXPAND_RELATIVES_EVENTS')); + set_gedcom_setting(WT_GED_ID, 'EXPAND_SOURCES', WT_Filter::postBool('NEW_EXPAND_SOURCES')); + set_gedcom_setting(WT_GED_ID, 'FAM_FACTS_ADD', str_replace(' ', '', WT_Filter::post('NEW_FAM_FACTS_ADD'))); + set_gedcom_setting(WT_GED_ID, 'FAM_FACTS_QUICK', str_replace(' ', '', WT_Filter::post('NEW_FAM_FACTS_QUICK'))); + set_gedcom_setting(WT_GED_ID, 'FAM_FACTS_UNIQUE', str_replace(' ', '', WT_Filter::post('NEW_FAM_FACTS_UNIQUE'))); + set_gedcom_setting(WT_GED_ID, 'FAM_ID_PREFIX', WT_Filter::post('NEW_FAM_ID_PREFIX')); + set_gedcom_setting(WT_GED_ID, 'FULL_SOURCES', WT_Filter::postBool('NEW_FULL_SOURCES')); + set_gedcom_setting(WT_GED_ID, 'GEDCOM_ID_PREFIX', WT_Filter::post('NEW_GEDCOM_ID_PREFIX')); + set_gedcom_setting(WT_GED_ID, 'GEDCOM_MEDIA_PATH', WT_Filter::post('NEW_GEDCOM_MEDIA_PATH')); + set_gedcom_setting(WT_GED_ID, 'GENERATE_UIDS', WT_Filter::postBool('NEW_GENERATE_UIDS')); + set_gedcom_setting(WT_GED_ID, 'HIDE_GEDCOM_ERRORS', WT_Filter::postBool('NEW_HIDE_GEDCOM_ERRORS')); + set_gedcom_setting(WT_GED_ID, 'HIDE_LIVE_PEOPLE', WT_Filter::postBool('NEW_HIDE_LIVE_PEOPLE')); + set_gedcom_setting(WT_GED_ID, 'GEDCOM_MEDIA_PATH', WT_Filter::post('GEDCOM_MEDIA_PATH')); + set_gedcom_setting(WT_GED_ID, 'INDI_FACTS_ADD', str_replace(' ', '', WT_Filter::post('NEW_INDI_FACTS_ADD'))); + set_gedcom_setting(WT_GED_ID, 'INDI_FACTS_QUICK', str_replace(' ', '', WT_Filter::post('NEW_INDI_FACTS_QUICK'))); + set_gedcom_setting(WT_GED_ID, 'INDI_FACTS_UNIQUE', str_replace(' ', '', WT_Filter::post('NEW_INDI_FACTS_UNIQUE'))); + set_gedcom_setting(WT_GED_ID, 'KEEP_ALIVE_YEARS_BIRTH', WT_Filter::post('KEEP_ALIVE_YEARS_BIRTH', WT_REGEX_INTEGER, 0)); + set_gedcom_setting(WT_GED_ID, 'KEEP_ALIVE_YEARS_DEATH', WT_Filter::post('KEEP_ALIVE_YEARS_DEATH', WT_REGEX_INTEGER, 0)); + set_gedcom_setting(WT_GED_ID, 'LANGUAGE', WT_Filter::post('GEDCOMLANG')); + set_gedcom_setting(WT_GED_ID, 'MAX_ALIVE_AGE', WT_Filter::post('MAX_ALIVE_AGE', WT_REGEX_INTEGER, 100)); + set_gedcom_setting(WT_GED_ID, 'MAX_DESCENDANCY_GENERATIONS', WT_Filter::post('NEW_MAX_DESCENDANCY_GENERATIONS')); + set_gedcom_setting(WT_GED_ID, 'MAX_PEDIGREE_GENERATIONS', WT_Filter::post('NEW_MAX_PEDIGREE_GENERATIONS')); + set_gedcom_setting(WT_GED_ID, 'MEDIA_ID_PREFIX', WT_Filter::post('NEW_MEDIA_ID_PREFIX')); + set_gedcom_setting(WT_GED_ID, 'MEDIA_UPLOAD', WT_Filter::post('NEW_MEDIA_UPLOAD')); + set_gedcom_setting(WT_GED_ID, 'META_DESCRIPTION', WT_Filter::post('NEW_META_DESCRIPTION')); + set_gedcom_setting(WT_GED_ID, 'META_TITLE', WT_Filter::post('NEW_META_TITLE')); + set_gedcom_setting(WT_GED_ID, 'NOTE_ID_PREFIX', WT_Filter::post('NEW_NOTE_ID_PREFIX')); + set_gedcom_setting(WT_GED_ID, 'NO_UPDATE_CHAN', WT_Filter::postBool('NEW_NO_UPDATE_CHAN')); + set_gedcom_setting(WT_GED_ID, 'PEDIGREE_FULL_DETAILS', WT_Filter::postBool('NEW_PEDIGREE_FULL_DETAILS')); + set_gedcom_setting(WT_GED_ID, 'PEDIGREE_LAYOUT', WT_Filter::postBool('NEW_PEDIGREE_LAYOUT')); + set_gedcom_setting(WT_GED_ID, 'PEDIGREE_ROOT_ID', WT_Filter::post('NEW_PEDIGREE_ROOT_ID', WT_REGEX_XREF)); + set_gedcom_setting(WT_GED_ID, 'PEDIGREE_SHOW_GENDER', WT_Filter::postBool('NEW_PEDIGREE_SHOW_GENDER')); + set_gedcom_setting(WT_GED_ID, 'PREFER_LEVEL2_SOURCES', WT_Filter::post('NEW_PREFER_LEVEL2_SOURCES')); + set_gedcom_setting(WT_GED_ID, 'QUICK_REQUIRED_FACTS', WT_Filter::post('NEW_QUICK_REQUIRED_FACTS')); + set_gedcom_setting(WT_GED_ID, 'QUICK_REQUIRED_FAMFACTS', WT_Filter::post('NEW_QUICK_REQUIRED_FAMFACTS')); + set_gedcom_setting(WT_GED_ID, 'REPO_FACTS_ADD', str_replace(' ', '', WT_Filter::post('NEW_REPO_FACTS_ADD'))); + set_gedcom_setting(WT_GED_ID, 'REPO_FACTS_QUICK', str_replace(' ', '', WT_Filter::post('NEW_REPO_FACTS_QUICK'))); + set_gedcom_setting(WT_GED_ID, 'REPO_FACTS_UNIQUE', str_replace(' ', '', WT_Filter::post('NEW_REPO_FACTS_UNIQUE'))); + set_gedcom_setting(WT_GED_ID, 'REPO_ID_PREFIX', WT_Filter::post('NEW_REPO_ID_PREFIX')); + set_gedcom_setting(WT_GED_ID, 'REQUIRE_AUTHENTICATION', WT_Filter::postBool('NEW_REQUIRE_AUTHENTICATION')); + set_gedcom_setting(WT_GED_ID, 'SAVE_WATERMARK_IMAGE', WT_Filter::postBool('NEW_SAVE_WATERMARK_IMAGE')); + set_gedcom_setting(WT_GED_ID, 'SAVE_WATERMARK_THUMB', WT_Filter::postBool('NEW_SAVE_WATERMARK_THUMB')); + set_gedcom_setting(WT_GED_ID, 'SHOW_AGE_DIFF', WT_Filter::postBool('NEW_SHOW_AGE_DIFF')); + set_gedcom_setting(WT_GED_ID, 'SHOW_COUNTER', WT_Filter::postBool('NEW_SHOW_COUNTER')); + set_gedcom_setting(WT_GED_ID, 'SHOW_DEAD_PEOPLE', WT_Filter::post('SHOW_DEAD_PEOPLE')); + set_gedcom_setting(WT_GED_ID, 'SHOW_EST_LIST_DATES', WT_Filter::postBool('NEW_SHOW_EST_LIST_DATES')); + set_gedcom_setting(WT_GED_ID, 'SHOW_FACT_ICONS', WT_Filter::postBool('NEW_SHOW_FACT_ICONS')); + set_gedcom_setting(WT_GED_ID, 'SHOW_GEDCOM_RECORD', WT_Filter::postBool('NEW_SHOW_GEDCOM_RECORD')); + set_gedcom_setting(WT_GED_ID, 'SHOW_HIGHLIGHT_IMAGES', WT_Filter::postBool('NEW_SHOW_HIGHLIGHT_IMAGES')); + set_gedcom_setting(WT_GED_ID, 'SHOW_LAST_CHANGE', WT_Filter::postBool('NEW_SHOW_LAST_CHANGE')); + set_gedcom_setting(WT_GED_ID, 'SHOW_LDS_AT_GLANCE', WT_Filter::postBool('NEW_SHOW_LDS_AT_GLANCE')); + set_gedcom_setting(WT_GED_ID, 'SHOW_LEVEL2_NOTES', WT_Filter::postBool('NEW_SHOW_LEVEL2_NOTES')); + set_gedcom_setting(WT_GED_ID, 'SHOW_LIVING_NAMES', WT_Filter::post('SHOW_LIVING_NAMES')); + set_gedcom_setting(WT_GED_ID, 'SHOW_MEDIA_DOWNLOAD', WT_Filter::postBool('NEW_SHOW_MEDIA_DOWNLOAD')); + set_gedcom_setting(WT_GED_ID, 'SHOW_NO_WATERMARK', WT_Filter::post('NEW_SHOW_NO_WATERMARK')); + set_gedcom_setting(WT_GED_ID, 'SHOW_PARENTS_AGE', WT_Filter::postBool('NEW_SHOW_PARENTS_AGE')); + set_gedcom_setting(WT_GED_ID, 'SHOW_PEDIGREE_PLACES', WT_Filter::post('NEW_SHOW_PEDIGREE_PLACES')); + set_gedcom_setting(WT_GED_ID, 'SHOW_PEDIGREE_PLACES_SUFFIX', WT_Filter::postBool('NEW_SHOW_PEDIGREE_PLACES_SUFFIX')); + set_gedcom_setting(WT_GED_ID, 'SHOW_PRIVATE_RELATIONSHIPS', WT_Filter::post('SHOW_PRIVATE_RELATIONSHIPS')); + set_gedcom_setting(WT_GED_ID, 'SHOW_RELATIVES_EVENTS', WT_Filter::post('NEW_SHOW_RELATIVES_EVENTS')); + set_gedcom_setting(WT_GED_ID, 'SHOW_STATS', WT_Filter::postBool('NEW_SHOW_STATS')); + set_gedcom_setting(WT_GED_ID, 'SOURCE_ID_PREFIX', WT_Filter::post('NEW_SOURCE_ID_PREFIX')); + set_gedcom_setting(WT_GED_ID, 'SOUR_FACTS_ADD', str_replace(' ', '', WT_Filter::post('NEW_SOUR_FACTS_ADD'))); + set_gedcom_setting(WT_GED_ID, 'SOUR_FACTS_QUICK', str_replace(' ', '', WT_Filter::post('NEW_SOUR_FACTS_QUICK'))); + set_gedcom_setting(WT_GED_ID, 'SOUR_FACTS_UNIQUE', str_replace(' ', '', WT_Filter::post('NEW_SOUR_FACTS_UNIQUE'))); + set_gedcom_setting(WT_GED_ID, 'SUBLIST_TRIGGER_I', WT_Filter::post('NEW_SUBLIST_TRIGGER_I', WT_REGEX_INTEGER, 200)); + set_gedcom_setting(WT_GED_ID, 'SURNAME_LIST_STYLE', WT_Filter::post('NEW_SURNAME_LIST_STYLE')); + set_gedcom_setting(WT_GED_ID, 'SURNAME_TRADITION', WT_Filter::post('NEW_SURNAME_TRADITION')); + set_gedcom_setting(WT_GED_ID, 'THEME_DIR', WT_Filter::post('NEW_THEME_DIR')); + set_gedcom_setting(WT_GED_ID, 'THUMBNAIL_WIDTH', WT_Filter::post('NEW_THUMBNAIL_WIDTH')); + set_gedcom_setting(WT_GED_ID, 'USE_GEONAMES', WT_Filter::postBool('NEW_USE_GEONAMES')); + set_gedcom_setting(WT_GED_ID, 'USE_RIN', WT_Filter::postBool('NEW_USE_RIN')); + set_gedcom_setting(WT_GED_ID, 'USE_SILHOUETTE', WT_Filter::postBool('NEW_USE_SILHOUETTE')); + set_gedcom_setting(WT_GED_ID, 'WATERMARK_THUMB', WT_Filter::postBool('NEW_WATERMARK_THUMB')); + set_gedcom_setting(WT_GED_ID, 'WEBMASTER_USER_ID', WT_Filter::post('NEW_WEBMASTER_USER_ID')); + set_gedcom_setting(WT_GED_ID, 'WEBTREES_EMAIL', WT_Filter::post('NEW_WEBTREES_EMAIL')); + set_gedcom_setting(WT_GED_ID, 'WORD_WRAPPED_NOTES', WT_Filter::postBool('NEW_WORD_WRAPPED_NOTES')); + if (WT_Filter::post('gedcom_title')) { + set_gedcom_setting(WT_GED_ID, 'title', WT_Filter::post('gedcom_title')); } // Only accept valid folders for NEW_MEDIA_DIRECTORY - $NEW_MEDIA_DIRECTORY = preg_replace('/[\/\\\\]+/', '/', safe_POST('NEW_MEDIA_DIRECTORY') . '/'); + $NEW_MEDIA_DIRECTORY = preg_replace('/[\/\\\\]+/', '/', WT_Filter::post('NEW_MEDIA_DIRECTORY') . '/'); if (substr($NEW_MEDIA_DIRECTORY, 0, 1) == '/') { $NEW_MEDIA_DIRECTORY = substr($NEW_MEDIA_DIRECTORY, 1); } diff --git a/admin_trees_download.php b/admin_trees_download.php index 7235a2985c..1b7130365d 100644 --- a/admin_trees_download.php +++ b/admin_trees_download.php @@ -31,11 +31,11 @@ $controller ->requireManagerLogin(); // Validate user parameters -$action = safe_GET('action', 'download'); -$convert = safe_GET('convert', 'yes', 'no'); -$zip = safe_GET('zip', 'yes', 'no'); -$conv_path = safe_GET('conv_path', WT_REGEX_NOSCRIPT); -$privatize_export = safe_GET('privatize_export', array('none', 'visitor', 'user', 'gedadmin')); +$action = WT_Filter::get('action', 'download'); +$convert = WT_Filter::get('convert', 'yes|no', 'no'); +$zip = WT_Filter::get('zip', 'yes|no', 'no'); +$conv_path = WT_Filter::get('conv_path'); +$privatize_export = WT_Filter::get('privatize_export', 'none|visitor|user|gedadmin'); if ($action == 'download') { $exportOptions = array(); @@ -136,4 +136,4 @@ $controller->pageHeader(); </div> <br> <input type="submit" value="<?php echo WT_I18N::translate('continue'); ?>"> -</form> +</form>
\ No newline at end of file diff --git a/admin_trees_manage.php b/admin_trees_manage.php index b80371e689..d9a803a260 100644 --- a/admin_trees_manage.php +++ b/admin_trees_manage.php @@ -71,7 +71,7 @@ function import_gedcom_file($gedcom_id, $path, $filename) { } // Process GET actions -switch (safe_GET('action')) { +switch (WT_Filter::get('action')) { case 'delete': WT_Tree::delete(WT_GED_ID); header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.WT_SCRIPT_NAME); @@ -79,18 +79,18 @@ case 'delete': } // Process POST actions -switch (safe_POST('action')) { +switch (WT_Filter::post('action')) { case 'setdefault': - WT_Site::preference('DEFAULT_GEDCOM', safe_POST('default_ged')); + WT_Site::preference('DEFAULT_GEDCOM', WT_Filter::post('default_ged')); break; case 'new_ged': - $ged_name=basename(safe_POST('ged_name')); + $ged_name=basename(WT_Filter::post('ged_name')); if ($ged_name) { WT_Tree::create($ged_name); } break; case 'replace_upload': - $gedcom_id=safe_POST('gedcom_id'); + $gedcom_id=WT_Filter::postInteger('gedcom_id'); // Make sure the gedcom still exists if (get_gedcom_from_id($gedcom_id)) { foreach ($_FILES as $FILE) { @@ -99,26 +99,26 @@ case 'replace_upload': } } } - header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.WT_SCRIPT_NAME.'?keep_media'.$gedcom_id.'='.safe_POST_bool('keep_media'.$gedcom_id)); + header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.WT_SCRIPT_NAME.'?keep_media'.$gedcom_id.'='.WT_Filter::postBool('keep_media'.$gedcom_id)); exit; case 'replace_import': - $gedcom_id=safe_POST('gedcom_id'); + $gedcom_id=WT_Filter::postInteger('gedcom_id'); // Make sure the gedcom still exists if (get_gedcom_from_id($gedcom_id)) { - $ged_name=basename(safe_POST('ged_name')); + $ged_name=basename(WT_Filter::post('ged_name')); import_gedcom_file($gedcom_id, WT_DATA_DIR.$ged_name, $ged_name); } - header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.WT_SCRIPT_NAME.'?keep_media'.$gedcom_id.'='.safe_POST_bool('keep_media'.$gedcom_id)); + header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.WT_SCRIPT_NAME.'?keep_media'.$gedcom_id.'='.WT_Filter::postBool('keep_media'.$gedcom_id)); exit; } $controller->pageHeader(); // Process GET actions -switch (safe_GET('action')) { +switch (WT_Filter::get('action')) { case 'uploadform': case 'importform': - $gedcom_id=safe_GET('gedcom_id'); + $gedcom_id=WT_Filter::getInteger('gedcom_id'); $gedcom_name=get_gedcom_from_id($gedcom_id); // Check it exists if (!$gedcom_name) { @@ -129,7 +129,7 @@ case 'importform': $previous_gedcom_filename=get_gedcom_setting($gedcom_id, 'gedcom_filename'); echo '<form name="replaceform" method="post" enctype="multipart/form-data" action="', WT_SCRIPT_NAME, '" onsubmit="var newfile = document.replaceform.ged_name.value; newfile = newfile.substr(newfile.lastIndexOf(\'\\\\\')+1); if (newfile!=\'', WT_Filter::escapeHtml($previous_gedcom_filename), '\' && \'\' != \'', WT_Filter::escapeHtml($previous_gedcom_filename), '\') return confirm(\'', WT_Filter::escapeHtml(WT_I18N::translate('You have selected a GEDCOM with a different name. Is this correct?')), '\'); else return true;">'; echo '<input type="hidden" name="gedcom_id" value="', $gedcom_id, '">'; - if (safe_GET('action')=='uploadform') { + if (WT_Filter::get('action')=='uploadform') { echo '<input type="hidden" name="action" value="replace_upload">'; echo '<input type="file" name="ged_name">'; } else { @@ -199,7 +199,7 @@ foreach (WT_Tree::GetAll() as $tree) { echo '<div id="import', $tree->tree_id, '"></div>'; } $controller->addInlineJavascript( - 'jQuery("#import'.$tree->tree_id.'").load("import.php?gedcom_id='.$tree->tree_id.'&keep_media'.$tree->tree_id.'='.safe_GET('keep_media'.$tree->tree_id).'");' + 'jQuery("#import'.$tree->tree_id.'").load("import.php?gedcom_id='.$tree->tree_id.'&keep_media'.$tree->tree_id.'='.WT_Filter::get('keep_media'.$tree->tree_id).'");' ); echo '<table border="0" width="100%" id="actions', $tree->tree_id, '" style="display:none">'; } else { @@ -264,4 +264,3 @@ if (WT_USER_IS_ADMIN) { '</div>'; } } - diff --git a/admin_users.php b/admin_users.php index e6cd434360..ff89221b12 100644 --- a/admin_users.php +++ b/admin_users.php @@ -32,7 +32,6 @@ $controller require_once WT_ROOT.'includes/functions/functions_edit.php'; // Valid values for form variables -$ALL_ACTIONS=array('cleanup', 'cleanup2', 'createform', 'createuser', 'deleteuser', 'listusers', 'loadrows', 'load1row'); $ALL_THEMES_DIRS=array(); foreach (get_theme_names() as $themename=>$themedir) { $ALL_THEME_DIRS[]=$themedir; @@ -46,33 +45,33 @@ $ALL_EDIT_OPTIONS=array( ); // Form actions -$action =safe_GET('action', $ALL_ACTIONS, 'listusers'); -$usrlang =safe_POST('usrlang', array_keys(WT_I18N::installed_languages())); -$username =safe_POST('username', WT_REGEX_USERNAME); -$filter =safe_POST('filter', WT_REGEX_NOSCRIPT); -$ged =safe_POST('ged', WT_REGEX_NOSCRIPT); +$action = WT_Filter::get('action', null, 'listusers'); +$usrlang = WT_Filter::post('usrlang', implode('|', array_keys(WT_I18N::installed_languages())), WT_LOCALE); +$username = WT_Filter::post('username', WT_REGEX_USERNAME); +$filter = WT_Filter::post('filter'); +$ged = WT_Filter::post('ged'); // Extract form variables -$realname =safe_POST('realname' ); -$pass1 =safe_POST('pass1', WT_REGEX_PASSWORD); -$pass2 =safe_POST('pass2', WT_REGEX_PASSWORD); -$emailaddress =safe_POST('emailaddress', WT_REGEX_EMAIL); -$user_theme =safe_POST('user_theme', $ALL_THEME_DIRS); -$user_language =safe_POST('user_language', array_keys(WT_I18N::installed_languages()), WT_LOCALE); -$new_contact_method=safe_POST('new_contact_method'); -$new_comment =safe_POST('new_comment', WT_REGEX_UNSAFE); -$new_auto_accept =safe_POST_bool('new_auto_accept'); -$canadmin =safe_POST_bool('canadmin'); -$visibleonline =safe_POST_bool('visibleonline'); -$editaccount =safe_POST_bool('editaccount'); -$verified =safe_POST_bool('verified'); -$verified_by_admin =safe_POST_bool('verified_by_admin'); +$realname = WT_Filter::post('realname' ); +$pass1 = WT_Filter::post('pass1', WT_REGEX_PASSWORD); +$pass2 = WT_Filter::post('pass2', WT_REGEX_PASSWORD); +$emailaddress = WT_Filter::postEmail('emailaddress'); +$user_theme = WT_Filter::post('user_theme', $ALL_THEME_DIRS); +$user_language = WT_Filter::post('user_language', implode('|', array_keys(WT_I18N::installed_languages())), WT_LOCALE); +$new_contact_method = WT_Filter::post('new_contact_method'); +$new_comment = WT_Filter::post('new_comment'); +$new_auto_accept = WT_Filter::postBool('new_auto_accept'); +$canadmin = WT_Filter::postBool('canadmin'); +$visibleonline = WT_Filter::postBool('visibleonline'); +$editaccount = WT_Filter::postBool('editaccount'); +$verified = WT_Filter::postBool('verified'); +$verified_by_admin = WT_Filter::postBool('verified_by_admin'); switch ($action) { case 'deleteuser': // Delete a user - but don't delete ourselves! - $username=safe_GET('username'); - $user_id=get_user_id($username); + $username = WT_Filter::get('username'); + $user_id = get_user_id($username); if ($user_id && $user_id!=WT_USER_ID) { delete_user($user_id); AddToLog("deleted user ->{$username}<-", 'auth'); @@ -81,7 +80,7 @@ case 'deleteuser': break; case 'loadrows': // Generate an AJAX/JSON response for datatables to load a block of rows - $sSearch=safe_GET('sSearch'); + $sSearch=WT_Filter::get('sSearch'); $WHERE=" WHERE u.user_id>0"; $ARGS=array(); if ($sSearch) { @@ -93,26 +92,26 @@ case 'loadrows': $ARGS=array($sSearch, $sSearch, $sSearch); } else { } - $iDisplayStart =(int)safe_GET('iDisplayStart'); - $iDisplayLength=(int)safe_GET('iDisplayLength'); + $iDisplayStart = WT_Filter::getInteger('iDisplayStart'); + $iDisplayLength = WT_Filter::getInteger('iDisplayLength'); set_user_setting(WT_USER_ID, 'admin_users_page_size', $iDisplayLength); if ($iDisplayLength>0) { $LIMIT=" LIMIT " . $iDisplayStart . ',' . $iDisplayLength; } else { $LIMIT=""; } - $iSortingCols=(int)safe_GET('iSortingCols'); + $iSortingCols = WT_Filter::getInteger('iSortingCols'); if ($iSortingCols) { $ORDER_BY=' ORDER BY '; for ($i=0; $i<$iSortingCols; ++$i) { // Datatables numbers columns 0, 1, 2, ... // MySQL numbers columns 1, 2, 3, ... - switch (safe_GET('sSortDir_'.$i)) { + switch (WT_Filter::get('sSortDir_'.$i)) { case 'asc': - $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' ASC '; + $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' ASC '; break; case 'desc': - $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' DESC '; + $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' DESC '; break; } if ($i<$iSortingCols-1) { @@ -149,7 +148,7 @@ case 'loadrows': $aData[4]=edit_field_inline('user-email-'. $user_id, $aData[4]); // $aData[5] is a link to an email icon if ($user_id != WT_USER_ID) { - $aData[5]='<i class="icon-email" onclick="return message(\''.$user_name.'\', \'\', \'\', \'\');"></i>'; + $aData[5]='<i class="icon-email" onclick="return message(\''.$user_name.'\', \'\', \'\');"></i>'; } $aData[6]=edit_field_language_inline('user_setting-'.$user_id.'-language', $aData[6]); // $aData[7] is the sortable registration timestamp @@ -181,15 +180,15 @@ case 'loadrows': Zend_Session::writeClose(); header('Content-type: application/json'); echo json_encode(array( // See http://www.datatables.net/usage/server-side - 'sEcho' =>(int)safe_GET('sEcho'), - 'iTotalRecords' =>$iTotalRecords, - 'iTotalDisplayRecords'=>$iTotalDisplayRecords, - 'aaData' =>$aaData + 'sEcho' => WT_Filter::getInteger('sEcho'), // Always an integer + 'iTotalRecords' => $iTotalRecords, + 'iTotalDisplayRecords' => $iTotalDisplayRecords, + 'aaData' => $aaData )); exit; case 'load1row': // Generate an AJAX response for datatables to load expanded row - $user_id=(int)safe_GET('user_id'); + $user_id = WT_Filter::getInteger('user_id'); Zend_Session::writeClose(); header('Content-type: text/html; charset=UTF-8'); echo '<h2>', WT_I18N::translate('Details'), '</h2>'; @@ -289,11 +288,11 @@ case 'createuser': set_user_setting($user_id, 'verified', $verified); set_user_setting($user_id, 'verified_by_admin', $verified_by_admin); foreach (WT_Tree::getAll() as $tree) { - $tree->userPreference($user_id, 'gedcomid', safe_POST_xref('gedcomid'.$tree->tree_id)); - $tree->userPreference($user_id, 'rootid', safe_POST_xref('rootid'.$tree->tree_id)); - $tree->userPreference($user_id, 'canedit', safe_POST('canedit'.$tree->tree_id, array_keys($ALL_EDIT_OPTIONS))); - if (safe_POST_xref('gedcomid'.$tree->tree_id)) { - $tree->userPreference($user_id, 'RELATIONSHIP_PATH_LENGTH', safe_POST_integer('RELATIONSHIP_PATH_LENGTH'.$tree->tree_id, 0, 10, 0)); + $tree->userPreference($user_id, 'gedcomid', WT_Filter::post('gedcomid'.$tree->tree_id, WT_REGEX_XREF)); + $tree->userPreference($user_id, 'rootid', WT_Filter::post('rootid'.$tree->tree_id, WT_REGEX_XREF)); + $tree->userPreference($user_id, 'canedit', WT_Filter::post('canedit'.$tree->tree_id, implode('|', array_keys($ALL_EDIT_OPTIONS)))); + if (WT_Filter::post('gedcomid'.$tree->tree_id, WT_REGEX_XREF)) { + $tree->userPreference($user_id, 'RELATIONSHIP_PATH_LENGTH', WT_Filter::postInteger('RELATIONSHIP_PATH_LENGTH'.$tree->tree_id, 0, 10, 0)); } else { // Do not allow a path length to be set if the individual ID is not $tree->userPreference($user_id, 'RELATIONSHIP_PATH_LENGTH', null); @@ -444,12 +443,12 @@ case 'createform': //Pedigree root person '<td>'; $varname='rootid'.$tree->tree_id; - echo '<input type="text" size="12" name="', $varname, '" id="', $varname, '" value="', WT_Filter::escapeHtml(safe_POST_xref('gedcomid'.$tree->tree_id)), '"> ', print_findindi_link($varname), + echo '<input type="text" size="12" name="', $varname, '" id="', $varname, '" value="', WT_Filter::escapeHtml(WT_Filter::post('gedcomid'.$tree->tree_id, WT_REGEX_XREF)), '"> ', print_findindi_link($varname), '</td>', // GEDCOM INDI Record ID '<td>'; $varname='gedcomid'.$tree->tree_id; - echo '<input type="text" size="12" name="',$varname, '" id="',$varname, '" value="', WT_Filter::escapeHtml(safe_POST_xref('rootid'.$tree->tree_id)), '"> ', print_findindi_link($varname), + echo '<input type="text" size="12" name="',$varname, '" id="',$varname, '" value="', WT_Filter::escapeHtml(WT_Filter::post('rootid'.$tree->tree_id, WT_REGEX_XREF)), '"> ', print_findindi_link($varname), '</td>', '<td>'; $varname='canedit'.$tree->tree_id; @@ -494,7 +493,7 @@ case 'cleanup': <?php // Check for idle users //if (!isset($month)) $month = 1; - $month = safe_GET_integer('month', 1, 12, 6); + $month = WT_Filter::getInteger('month', 1, 12, 6); echo "<tr><th>", WT_I18N::translate('Number of months since the last login for a user’s account to be considered inactive: '), "</th>"; echo "<td><select onchange=\"document.location=options[selectedIndex].value;\">"; for ($i=1; $i<=12; $i++) { @@ -557,7 +556,7 @@ case 'cleanup': case 'cleanup2': foreach (get_all_users() as $user_id=>$user_name) { $var = "del_".str_replace(array(".", "-", " "), array("_", "_", "_"), $user_name); - if (safe_POST($var)=='1') { + if (WT_Filter::post($var)=='1') { delete_user($user_id); AddToLog("deleted user ->{$user_name}<-", 'auth'); echo WT_I18N::translate('Deleted user: '); echo $user_name, "<br>"; @@ -645,7 +644,7 @@ default: }); jQuery(this).addClass("icon-close"); }); - oTable.fnFilter("'.safe_GET('filter', WT_REGEX_USERNAME).'"); + oTable.fnFilter("'.WT_Filter::get('filter').'"); '); break; } diff --git a/admin_users_bulk.php b/admin_users_bulk.php index 0bc8abbcac..3cebb6b3f5 100644 --- a/admin_users_bulk.php +++ b/admin_users_bulk.php @@ -1,52 +1,52 @@ -<?php
-// Administrative User Interface.
-//
-// webtrees: Web based Family History software
-// Copyright (C) 2013 webtrees development team.
-//
-// Derived from PhpGedView
-// Copyright (C) 2002 to 2009 PGV Development Team. All rights reserved.
-//
-// Modifications Copyright (c) 2010 Greg Roach
-//
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; either version 2 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-define('WT_SCRIPT_NAME', 'admin_users_bulk.php');
-require './includes/session.php';
-
-$controller=new WT_Controller_Page();
-$controller
- ->requireAdminLogin()
- ->setPageTitle(WT_I18N::translate('Send broadcast messages'))
- ->pageHeader();
-
-?>
-<div id="users_bulk">
- <p>
- <a href="#" onclick="message('all', 'messaging2', '', ''); return false;">
- <?php echo WT_I18N::translate('Send message to all users'); ?>
- </a>
- </p>
- <p>
- <a href="#" onclick="message('never_logged', 'messaging2', '', ''); return false;">
- <?php echo WT_I18N::translate('Send message to users who have never logged in'); ?>
- </a>
- </p>
- <p>
- <a href="#" onclick="message('last_6mo', 'messaging2', '', ''); return false;">
- <?php echo WT_I18N::translate('Send message to users who have not logged in for 6 months'); ?>
- </a>
- </p>
-</div>
+<?php +// Administrative User Interface. +// +// webtrees: Web based Family History software +// Copyright (C) 2013 webtrees development team. +// +// Derived from PhpGedView +// Copyright (C) 2002 to 2009 PGV Development Team. All rights reserved. +// +// Modifications Copyright (c) 2010 Greg Roach +// +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; either version 2 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program; if not, write to the Free Software +// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +define('WT_SCRIPT_NAME', 'admin_users_bulk.php'); +require './includes/session.php'; + +$controller=new WT_Controller_Page(); +$controller + ->requireAdminLogin() + ->setPageTitle(WT_I18N::translate('Send broadcast messages')) + ->pageHeader(); + +?> +<div id="users_bulk"> + <p> + <a href="#" onclick="message('all', 'messaging2', ''); return false;"> + <?php echo WT_I18N::translate('Send message to all users'); ?> + </a> + </p> + <p> + <a href="#" onclick="message('never_logged', 'messaging2', ''); return false;"> + <?php echo WT_I18N::translate('Send message to users who have never logged in'); ?> + </a> + </p> + <p> + <a href="#" onclick="message('last_6mo', 'messaging2', ''); return false;"> + <?php echo WT_I18N::translate('Send message to users who have not logged in for 6 months'); ?> + </a> + </p> +</div> diff --git a/autocomplete.php b/autocomplete.php index 8a32ea73f2..f0ac7e9f09 100644 --- a/autocomplete.php +++ b/autocomplete.php @@ -26,8 +26,8 @@ header('Content-Type: text/plain; charset=UTF-8'); // We have finished writing session data, so release the lock Zend_Session::writeClose(); -$term=safe_GET('term', WT_REGEX_UNSAFE); // we can search on '"><& etc. -$type=safe_GET('field'); +$term = WT_Filter::get('term'); // we can search on '"><& etc. +$type = WT_Filter::get('field'); switch ($type) { case 'ASSO': // Associates of an individuals, whose name contains the search terms @@ -43,12 +43,11 @@ case 'ASSO': // Associates of an individuals, whose name contains the search ter ->execute(array($term, $term, WT_GED_ID)) ->fetchAll(); // Filter for privacy - and whether they could be alive at the right time - $pid=safe_GET_xref('pid'); - $event_date=safe_GET('event_date'); - $record=WT_GedcomRecord::getInstance($pid); // INDI or FAM - $record=WT_GedcomRecord::getInstance($pid); // INDI or FAM - $tmp=new WT_Date($event_date); - $event_jd=$tmp->JD(); + $pid = WT_Filter::get('pid', WT_REGEX_XREF); + $event_date = WT_Filter::get('event_date'); + $record = WT_GedcomRecord::getInstance($pid); // INDI or FAM + $tmp = new WT_Date($event_date); + $event_jd = $tmp->JD(); // INDI $indi_birth_jd = 0; if ($record instanceof WT_Individual) { @@ -325,8 +324,8 @@ case 'SOUR': // Sources, that include the search terms exit; case 'SOUR_PAGE': // Citation details, for a given source, that contain the search term - $data=array(); - $sid=safe_GET_xref('sid'); + $data = array(); + $sid = WT_Filter::get('sid', WT_REGEX_XREF); // Fetch all data, regardless of privacy $rows= WT_DB::prepare( diff --git a/block_edit.php b/block_edit.php index 69d78eb842..600ee88abd 100644 --- a/block_edit.php +++ b/block_edit.php @@ -21,8 +21,8 @@ define('WT_SCRIPT_NAME', 'block_edit.php'); require './includes/session.php'; -$block_id=safe_GET('block_id'); -$block=WT_DB::prepare( +$block_id = WT_Filter::getInteger('block_id'); +$block = WT_DB::prepare( "SELECT SQL_CACHE * FROM `##block` WHERE block_id=?" )->execute(array($block_id))->fetchOneRow(); @@ -56,4 +56,4 @@ if (array_key_exists('ckeditor', WT_Module::getActiveModules())) { </td> </tr> </table> -</form> +</form>
\ No newline at end of file diff --git a/branches.php b/branches.php index 0c25da5c75..671f47eb17 100644 --- a/branches.php +++ b/branches.php @@ -24,11 +24,10 @@ define('WT_SCRIPT_NAME', 'branches.php'); require './includes/session.php'; -//-- args -$surn = safe_GET('surname', '[^<>&%{};]*'); -$soundex_std = safe_GET_bool('soundex_std'); -$soundex_dm = safe_GET_bool('soundex_dm'); -$ged = safe_GET('ged'); +$surn = WT_Filter::get('surname'); +$soundex_std = WT_Filter::getBool('soundex_std'); +$soundex_dm = WT_Filter::getBool('soundex_dm'); +$ged = WT_Filter::get('ged'); if (empty($ged)) { $ged = $GEDCOM; } @@ -232,4 +231,4 @@ function indis_array($surn, $soundex_std, $soundex_dm) { function sosa_gen($sosa) { $gen = (int)log($sosa, 2)+1; return '<sup title="'.WT_I18N::translate('Generation').'">'.$gen.'</sup>'; -} +}
\ No newline at end of file diff --git a/calendar.php b/calendar.php index 5074e2c9e5..56c86bc758 100644 --- a/calendar.php +++ b/calendar.php @@ -31,14 +31,14 @@ $controller=new WT_Controller_Page(); $controller->setPageTitle(WT_I18N::translate('Anniversary calendar')); $controller->pageHeader(); -$cal =safe_GET('cal', '@#D[A-Z ]+@'); -$day =safe_GET('day', '\d\d?'); -$month =safe_GET('month', '[A-Z]{3,5}'); -$year =safe_GET('year', '\d{1,4}(?: B\.C\.)?|\d\d\d\d\/\d\d|\d+(-\d+|[?]+)?'); -$action =safe_GET('action', array('year', 'today', 'calendar'), 'today'); -$filterev=safe_GET('filterev', array('all', 'bdm', WT_REGEX_TAG), 'bdm'); -$filterof=safe_GET('filterof', array('all', 'living', 'recent'), 'all'); -$filtersx=safe_GET('filtersx', array('M', 'F'), ''); +$cal = WT_Filter::get('cal', '@#D[A-Z ]+@'); +$day = WT_Filter::get('day', '\d\d?'); +$month = WT_Filter::get('month', '[A-Z]{3,5}'); +$year = WT_Filter::get('year', '\d{1,4}(?: B\.C\.)?|\d\d\d\d\/\d\d|\d+(-\d+|[?]+)?'); +$action = WT_Filter::get('action', 'year|today|calendar', 'today'); +$filterev = WT_Filter::get('filterev', 'all|bdm|' . WT_REGEX_TAG, 'bdm'); +$filterof = WT_Filter::get('filterof', 'all|living|recent', 'all'); +$filtersx = WT_Filter::get('filtersx', '[MF]'); if ($cal.$day.$month.$year=='') { // No date specified? Use the most likely calendar diff --git a/downloadbackup.php b/downloadbackup.php index 9ec9f43bf5..c6b404a69d 100644 --- a/downloadbackup.php +++ b/downloadbackup.php @@ -24,7 +24,7 @@ define('WT_SCRIPT_NAME', 'downloadbackup.php'); require './includes/session.php'; -$fname=safe_GET('fname'); +$fname = WT_Filter::get('fname'); if (!WT_USER_GEDCOM_ADMIN || !preg_match('/\.zip$/', $fname)) { $controller=new WT_Controller_Page(); @@ -43,4 +43,4 @@ header('Content-Type: application/zip'); header('Content-Disposition: attachment; filename="'.$fname.'"'); header('Content-length: '.filesize(WT_DATA_DIR.$fname)); header('Content-Transfer-Encoding: binary'); -readfile(WT_DATA_DIR.$fname); +readfile(WT_DATA_DIR.$fname);
\ No newline at end of file diff --git a/edit_changes.php b/edit_changes.php index 13588548bd..b72121cba6 100644 --- a/edit_changes.php +++ b/edit_changes.php @@ -31,10 +31,10 @@ $controller ->setPageTitle(WT_I18N::translate('Pending changes')) ->pageHeader(); -$action =safe_GET('action'); -$change_id=safe_GET('change_id'); -$index =safe_GET('index'); -$ged =safe_GET('ged'); +$action =WT_Filter::get('action'); +$change_id=WT_Filter::getInteger('change_id'); +$index =WT_Filter::get('index'); +$ged =WT_Filter::getInteger('ged'); echo '<script>'; ?> @@ -244,4 +244,4 @@ if ($changed_gedcoms) { $controller->addInlineJavascript('closePopupAndReloadParent();'); } -echo '</div>'; +echo '</div>';
\ No newline at end of file diff --git a/edit_interface.php b/edit_interface.php index 52ff6c397f..9297bcbc80 100644 --- a/edit_interface.php +++ b/edit_interface.php @@ -25,7 +25,7 @@ define('WT_SCRIPT_NAME', 'edit_interface.php'); require './includes/session.php'; require WT_ROOT.'includes/functions/functions_edit.php'; -$action = safe_REQUEST($_REQUEST, 'action'); +$action = WT_Filter::post('action', null, WT_Filter::get('action')); $controller=new WT_Controller_Simple(); $controller @@ -69,8 +69,8 @@ $controller switch ($action) { //////////////////////////////////////////////////////////////////////////////// case 'editraw': - $xref = safe_GET('xref', WT_REGEX_XREF); - $fact_id = safe_GET('fact_id'); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); + $fact_id = WT_Filter::get('fact_id', WT_REGEX_TAG); $record = WT_GedcomRecord::getInstance($xref); check_record_access($record); @@ -120,10 +120,10 @@ case 'editraw': //////////////////////////////////////////////////////////////////////////////// case 'updateraw': - $xref = safe_POST('xref', WT_REGEX_XREF); - $fact_id = safe_POST('fact_id'); - $gedcom = safe_POST('gedcom', WT_REGEX_UNSAFE); - $keep_chan = safe_POST_bool('keep_chan'); + $xref = WT_Filter::post('xref', WT_REGEX_XREF); + $fact_id = WT_Filter::post('fact_id'); + $gedcom = WT_Filter::post('gedcom'); + $keep_chan = WT_Filter::postBool('keep_chan'); $record = WT_GedcomRecord::getInstance($xref); check_record_access($record); @@ -158,8 +158,8 @@ case 'updateraw': //////////////////////////////////////////////////////////////////////////////// case 'edit': - $xref = safe_GET('xref', WT_REGEX_XREF); - $fact_id = safe_GET('fact_id'); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); + $fact_id = WT_Filter::get('fact_id'); $record = WT_GedcomRecord::getInstance($xref); check_record_access($record); @@ -255,8 +255,8 @@ case 'edit': //////////////////////////////////////////////////////////////////////////////// case 'add': - $xref = safe_GET('xref', WT_REGEX_XREF); - $fact = safe_GET('fact', WT_REGEX_TAG); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); + $fact = WT_Filter::get('fact', WT_REGEX_TAG); $record = WT_GedcomRecord::getInstance($xref); check_record_access($record); @@ -313,18 +313,18 @@ case 'add': //////////////////////////////////////////////////////////////////////////////// case 'update': // Update a fact - $xref = safe_POST('xref', WT_REGEX_XREF); - $fact_id = safe_POST('fact_id'); - $keep_chan = safe_POST_bool('keep_chan'); + $xref = WT_Filter::post('xref', WT_REGEX_XREF); + $fact_id = WT_Filter::post('fact_id'); + $keep_chan = WT_Filter::postBool('keep_chan'); $record = WT_GedcomRecord::getInstance($xref); check_record_access($record); // Arrays for each GEDCOM line - $glevels = safe_POST('glevels'); - $tag = safe_POST('tag', WT_REGEX_TAG); - $text = safe_POST('text', WT_REGEX_UNSAFE); - $islink = safe_POST('islink'); + $glevels = WT_Filter::postArray('glevels', '[0-9]'); + $tag = WT_Filter::postArray('tag', WT_REGEX_TAG); + $text = WT_Filter::postArray('text'); + $islink = WT_Filter::postArray('islink', '[01]'); $controller ->setPageTitle(WT_I18N::translate('Edit')) @@ -342,7 +342,7 @@ case 'update': //-- check for photo update if (count($_FILES)>0) { - if (isset($_REQUEST['folder'])) $folder = $_REQUEST['folder']; + $folder = WT_Filter::post('folder'); $uploaded_files = array(); if (substr($folder, 0, 1) == "/") $folder = substr($folder, 1); if (substr($folder, -1, 1) != "/") $folder .= "/"; @@ -402,8 +402,8 @@ case 'update': // Add a new child to an existing family //////////////////////////////////////////////////////////////////////////////// case 'add_child_to_family': - $xref = safe_GET('xref', WT_REGEX_XREF); - $gender = safe_GET('gender', '[MF]', 'U'); + $xref = WT_Filter::getXREF('xref'); + $gender = WT_Filter::get('gender', '[MF]', 'U'); $family = WT_Family::getInstance($xref); check_record_access($family); @@ -416,9 +416,9 @@ case 'add_child_to_family': break; case 'add_child_to_family_action': - $xref = safe_POST('xref', WT_REGEX_XREF); - $PEDI = safe_POST('PEDI'); - $keep_chan = safe_POST_bool('keep_chan'); + $xref = WT_Filter::post('xref', WT_REGEX_XREF); + $PEDI = WT_Filter::post('PEDI'); + $keep_chan = WT_Filter::postBool('keep_chan'); $family = WT_Family::getInstance($xref); check_record_access($family); @@ -435,7 +435,7 @@ case 'add_child_to_family_action': } } $gedrec .= "\n".WT_Gedcom_Code_Pedi::createNewFamcPedi($PEDI, $xref); - if (safe_POST_bool('SOUR_INDI')) { + if (WT_Filter::postBool('SOUR_INDI')) { $gedrec = handle_updates($gedrec); } else { $gedrec = updateRest($gedrec); @@ -460,7 +460,7 @@ case 'add_child_to_family_action': $family->createFact('1 CHIL @' . $new_child->getXref() . '@', !$keep_chan); } - if (safe_POST('goto')=='new') { + if (WT_Filter::post('goto')=='new') { $controller->addInlineJavascript('closePopupAndReloadParent("' . $new_child->getRawUrl() . '");'); } else { $controller->addInlineJavascript('closePopupAndReloadParent();'); @@ -471,7 +471,7 @@ case 'add_child_to_family_action': // Add a new child to an existing individual (creating a one-parent family) //////////////////////////////////////////////////////////////////////////////// case 'add_child_to_individual': - $xref = safe_GET('xref', WT_REGEX_XREF); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); $person = WT_Individual::getInstance($xref); check_record_access($person); @@ -484,8 +484,8 @@ case 'add_child_to_individual': break; case 'add_child_to_individual_action': - $xref = safe_POST('xref', WT_REGEX_XREF); - $PEDI = safe_POST('PEDI'); + $xref = WT_Filter::post('xref', WT_REGEX_XREF); + $PEDI = WT_Filter::post('PEDI'); $person = WT_Individual::getInstance($xref); check_record_access($person); @@ -515,7 +515,7 @@ case 'add_child_to_individual_action': $gedcom.=addNewFact($match); } } - if (safe_POST_bool('SOUR_INDI')) { + if (WT_Filter::postBool('SOUR_INDI')) { $gedcom=handle_updates($gedcom); } else { $gedcom=updateRest($gedcom); @@ -537,8 +537,8 @@ case 'add_child_to_individual_action': // Add a new parent to an existing individual (creating a one-parent family) //////////////////////////////////////////////////////////////////////////////// case 'add_parent_to_individual': - $xref = safe_GET('xref', WT_REGEX_XREF); - $gender = safe_GET('gender', '[MF]', 'U'); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); + $gender = WT_Filter::get('gender', '[MF]', 'U'); $individual = WT_Individual::getInstance($xref); check_record_access($individual); @@ -556,8 +556,8 @@ case 'add_parent_to_individual': break; case 'add_parent_to_individual_action': - $xref = safe_POST('xref', WT_REGEX_XREF); - $PEDI = safe_POST('PEDI'); + $xref = WT_Filter::post('xref', WT_REGEX_XREF); + $PEDI = WT_Filter::post('PEDI'); $person = WT_Individual::getInstance($xref); check_record_access($person); @@ -582,7 +582,7 @@ case 'add_parent_to_individual_action': $gedcom.=addNewFact($match); } } - if (safe_POST_bool('SOUR_INDI')) { + if (WT_Filter::postBool('SOUR_INDI')) { $gedcom=handle_updates($gedcom); } else { $gedcom=updateRest($gedcom); @@ -631,7 +631,7 @@ case 'add_unlinked_indi_action': $gedrec.=addNewFact($match); } } - if (safe_POST_bool('SOUR_INDI')) { + if (WT_Filter::postBool('SOUR_INDI')) { $gedrec = handle_updates($gedrec); } else { $gedrec = updateRest($gedrec); @@ -639,7 +639,7 @@ case 'add_unlinked_indi_action': $new_indi = WT_GedcomRecord::createRecord($gedrec, WT_GED_ID); - if (safe_POST('goto')=='new') { + if (WT_Filter::post('goto')=='new') { $controller->addInlineJavascript('closePopupAndReloadParent("' . $new_indi->getRawUrl() . '");'); } else { $controller->addInlineJavascript('closePopupAndReloadParent();'); @@ -650,8 +650,8 @@ case 'add_unlinked_indi_action': // Add a new spouse to an existing individual (creating a new family) //////////////////////////////////////////////////////////////////////////////// case 'add_spouse_to_individual': - $famtag = safe_GET('famtag', '(HUSB|WIFE)'); - $xref = safe_GET('xref', WT_REGEX_XREF); + $famtag = WT_Filter::get('famtag', 'HUSB|WIFE'); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); $individual = WT_Individual::getInstance($xref); check_record_access($individual); @@ -669,8 +669,8 @@ case 'add_spouse_to_individual': break; case 'add_spouse_to_individual_action': - $xref = safe_POST('xref', WT_REGEX_XREF); // Add a spouse to this individual - $sex = safe_POST('SEX', '[MFU]'); + $xref = WT_Filter::post('xref'); // Add a spouse to this individual + $sex = WT_Filter::post('SEX', '[MFU]', 'U'); $person = WT_Individual::getInstance($xref); check_record_access($person); @@ -688,7 +688,7 @@ case 'add_spouse_to_individual_action': $indi_gedcom.=addNewFact($match); } } - if (safe_POST_bool('SOUR_INDI')) { + if (WT_Filter::postBool('SOUR_INDI')) { $indi_gedcom = handle_updates($indi_gedcom); } else { $indi_gedcom = updateRest($indi_gedcom); @@ -700,7 +700,7 @@ case 'add_spouse_to_individual_action': $fam_gedcom.=addNewFact($match); } } - if (safe_POST_bool('SOUR_FAM')) { + if (WT_Filter::postBool('SOUR_FAM')) { $fam_gedcom = handle_updates($fam_gedcom); } else { $fam_gedcom = updateRest($fam_gedcom); @@ -718,7 +718,7 @@ case 'add_spouse_to_individual_action': $spouse->createFact('1 FAMS @' . $family->getXref() . '@', true); $person->createFact('1 FAMS @' . $family->getXref() . '@', true); - if (safe_POST('goto')=='new') { + if (WT_Filter::post('goto')=='new') { $controller->addInlineJavascript('closePopupAndReloadParent("' . $spouse->getRawUrl() . '");'); } else { $controller->addInlineJavascript('closePopupAndReloadParent();'); @@ -729,8 +729,8 @@ case 'add_spouse_to_individual_action': // Add a new spouse to an existing family //////////////////////////////////////////////////////////////////////////////// case 'add_spouse_to_family': - $xref = safe_GET('xref', WT_REGEX_XREF); - $famtag = safe_GET('famtag', '(HUSB|WIFE)'); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); + $famtag = WT_Filter::get('famtag', 'HUSB|WIFE'); $family = WT_Family::getInstance($xref); check_record_access($family); @@ -748,7 +748,7 @@ case 'add_spouse_to_family': break; case 'add_spouse_to_family_action': - $xref = safe_POST('xref', WT_REGEX_XREF); + $xref = WT_Filter::post('xref', WT_REGEX_XREF); $family = WT_Family::getInstance($xref); check_record_access($family); @@ -767,7 +767,7 @@ case 'add_spouse_to_family_action': } } - if (safe_POST_bool('SOUR_INDI')) { + if (WT_Filter::postBool('SOUR_INDI')) { $gedrec = handle_updates($gedrec); } else { $gedrec = updateRest($gedrec); @@ -787,14 +787,14 @@ case 'add_spouse_to_family_action': $famrec.=addNewFact($match); } } - if (safe_POST_bool('SOUR_FAM')) { + if (WT_Filter::postBool('SOUR_FAM')) { $famrec = handle_updates($famrec); } else { $famrec = updateRest($famrec); } $family->createFact(trim($famrec), true); // trim leading \n - if (safe_POST('goto')=='new') { + if (WT_Filter::post('goto')=='new') { $controller->addInlineJavascript('closePopupAndReloadParent("' . $spouse->getRawUrl() . '");'); } else { $controller->addInlineJavascript('closePopupAndReloadParent();'); @@ -805,7 +805,7 @@ case 'add_spouse_to_family_action': // Link an individual to an existing family, as a child //////////////////////////////////////////////////////////////////////////////// case 'addfamlink': - $xref = safe_GET('xref', WT_REGEX_XREF); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); $person = WT_Individual::getInstance($xref); check_record_access($person); @@ -851,9 +851,9 @@ case 'addfamlink': break; case 'linkfamaction': - $xref = safe_POST('xref', WT_REGEX_XREF); - $famid = safe_POST('famid', WT_REGEX_XREF); - $PEDI = safe_POST('PEDI'); + $xref = WT_Filter::post('xref', WT_REGEX_XREF); + $famid = WT_Filter::post('famid', WT_REGEX_XREF); + $PEDI = WT_Filter::post('PEDI'); $person = WT_Individual::getInstance($xref); $family = WT_Family::getInstance($famid); @@ -895,8 +895,8 @@ case 'linkfamaction': // Link and individual to an existing individual as a spouse //////////////////////////////////////////////////////////////////////////////// case 'linkspouse': - $famtag = safe_GET('famtag', '(HUSB|WIFE)'); - $xref = safe_GET('xref', WT_REGEX_XREF); + $famtag = WT_Filter::get('famtag', 'HUSB|WIFE'); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); $person = WT_Individual::getInstance($xref); check_record_access($person); @@ -951,9 +951,9 @@ case 'linkspouse': break; case 'linkspouseaction': - $xref = safe_POST('xref', WT_REGEX_XREF); - $spid = safe_POST('spid', WT_REGEX_XREF); - $famtag = safe_POST('famtag', '(HUSB|WIFE)'); + $xref = WT_Filter::post('xref', WT_REGEX_XREF); + $spid = WT_Filter::post('spid', WT_REGEX_XREF); + $famtag = WT_Filter::post('famtag', 'HUSB|WIFE'); $person = WT_Individual::getInstance($xref); $spouse = WT_Individual::getInstance($spid); @@ -975,7 +975,7 @@ case 'linkspouseaction': splitSOUR(); $gedcom .= addNewFact('MARR'); - if (safe_POST_bool('SOUR_FAM') || count($tagSOUR)>0) { + if (WT_Filter::postBool('SOUR_FAM') || count($tagSOUR)>0) { // before adding 2 SOUR it needs to add 1 MARR Y first if (addNewFact('MARR') == '') { $gedcom .= "\n1 MARR Y"; @@ -1086,42 +1086,60 @@ case 'addsourceaction': ->pageHeader(); $newgedrec = "0 @XREF@ SOUR"; - if (isset($_REQUEST['EVEN'])) $EVEN = $_REQUEST['EVEN']; - if (!empty($EVEN) && count($EVEN)>0) { - $newgedrec .= "\n1 DATA"; - $newgedrec .= "\n2 EVEN ".implode(",", $EVEN); - if (!empty($EVEN_DATE)) $newgedrec .= "\n3 DATE ".$EVEN_DATE; - if (!empty($EVEN_PLAC)) $newgedrec .= "\n3 PLAC ".$EVEN_PLAC; - if (!empty($AGNC)) $newgedrec .= "\n2 AGNC ".$AGNC; + $ABBR = WT_Filter::post('ABBR'); + if ($ABBR) { + $newgedrec .= "\n1 ABBR " . $ABBR; } - if (isset($_REQUEST['ABBR'])) $ABBR = $_REQUEST['ABBR']; - if (isset($_REQUEST['TITL'])) $TITL = $_REQUEST['TITL']; - if (isset($_REQUEST['_HEB'])) $_HEB = $_REQUEST['_HEB']; - if (isset($_REQUEST['ROMN'])) $ROMN = $_REQUEST['ROMN']; - if (isset($_REQUEST['AUTH'])) $AUTH = $_REQUEST['AUTH']; - if (isset($_REQUEST['PUBL'])) $PUBL = $_REQUEST['PUBL']; - if (isset($_REQUEST['REPO'])) $REPO = $_REQUEST['REPO']; - if (isset($_REQUEST['CALN'])) $CALN = $_REQUEST['CALN']; - if (!empty($ABBR)) $newgedrec .= "\n1 ABBR $ABBR"; - if (!empty($TITL)) { - $newgedrec .= "\n1 TITL $TITL"; - if (!empty($_HEB)) $newgedrec .= "\n2 _HEB $_HEB"; - if (!empty($ROMN)) $newgedrec .= "\n2 ROMN $ROMN"; + $TITL = WT_Filter::post('TITL'); + if ($TITL) { + $newgedrec .= "\n1 TITL " . $TITL; + $_HEB = WT_Filter::post('_HEB'); + if ($_HEB) { + $newgedrec .= "\n2 _HEB " . $_HEB; + } + $ROMN = WT_Filter::post('ROMN'); + if ($ROMN) { + $newgedrec .= "\n2 ROMN " . $ROMN; + } } - if (!empty($AUTH)) $newgedrec .= "\n1 AUTH $AUTH"; - if (!empty($PUBL)) { - foreach (preg_split("/\r?\n/", $PUBL) as $k=>$line) { - if ($k==0) { - $newgedrec .= "\n1 PUBL $line"; - } else { - $newgedrec .= "\n2 CONT $line"; - } + $AUTH = WT_Filter::post('AUTH'); + if ($AUTH) { + $newgedrec .= "\n1 AUTH " . $AUTH; + } + $PUBL = WT_Filter::post('PUBL'); + if ($PUBL) { + $newgedrec .= "\n1 PUBL " . preg_replace('/\r?\n/', "\n2 CONT ", $PUBL); + } + $REPO = WT_Filter::post('REPO', WT_REGEX_XREF); + if ($AUTH) { + $newgedrec .= "\n1 REPO @" . $REPO . "@"; + $CALN = WT_Filter::post('CALN'); + if ($CALN) { + $newgedrec .= "\n1 CALN " . $CALN; } } - if (!empty($REPO)) { - $newgedrec .= "\n1 REPO @$REPO@"; - if (!empty($CALN)) $newgedrec .= "\n2 CALN $CALN"; + $AUTH = WT_Filter::post('AUTH'); + if ($AUTH) { + $newgedrec .= "\n1 AUTH " . $AUTH; } + $EVEN = WT_Filter::postArray('EVEN', WT_REGEX_TAG); + if ($EVEN) { + $newgedrec .= "\n1 DATA"; + $newgedrec .= "\n2 EVEN " . implode(',', $EVEN); + $EVEN_DATE = WT_Filter::post('EVEN_DATE'); + if ($EVEN_DATE) { + $newgedrec .= "\n3 EVEN_DATE " . $EVEN_DATE; + } + $EVEN_PLAC = WT_Filter::post('EVEN_PLAC'); + if ($EVEN_PLAC) { + $newgedrec .= "\n3 EVEN_PLAC " . $EVEN_PLAC; + } + $AGNC = WT_Filter::post('AGNC'); + if ($AGNC) { + $newgedrec .= "\n2 AGNC " . $AGNC; + } + } + $record = WT_GedcomRecord::createRecord($newgedrec, WT_GED_ID); $controller->addInlineJavascript('openerpasteid("' . $record->getXref() . '");'); break; @@ -1168,21 +1186,9 @@ case 'addnoteaction': ->setPageTitle(WT_I18N::translate('Create a new shared note')) ->pageHeader(); - $newgedrec = "0 @XREF@ NOTE"; - - if (isset($_REQUEST['NOTE'])) $NOTE = $_REQUEST['NOTE']; + $gedrec = '0 @XREF@ NOTE ' . preg_replace("/\r?\n/", "\n1 CONT ", WT_Filter::post('NOTE')); - if (!empty($NOTE)) { - foreach (preg_split("/\r?\n/", $NOTE) as $k=>$line) { - if ($k==0) { - $newgedrec .= " {$line}"; - } else { - $newgedrec .= "\n1 CONT {$line}"; - } - } - } - - $record = WT_GedcomRecord::createRecord($newgedrec, WT_GED_ID); + $record = WT_GedcomRecord::createRecord($gedrec, WT_GED_ID); $controller->addInlineJavascript('openerpasteid("' . $record->getXref() . '");'); break; @@ -1207,7 +1213,7 @@ case 'addnoteaction_assisted': //////////////////////////////////////////////////////////////////////////////// case 'addmedia_links': - $pid = safe_GET('pid', WT_REGEX_XREF); + $pid = WT_Filter::get('pid', WT_REGEX_XREF); $person = WT_Individual::getInstance($pid); check_record_access($person); @@ -1230,7 +1236,7 @@ case 'addmedia_links': //////////////////////////////////////////////////////////////////////////////// case 'editsource': - $xref = safe_GET('xref', WT_REGEX_XREF); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); $source = WT_Source::getInstance($xref); check_record_access($source); @@ -1293,7 +1299,7 @@ case 'editsource': // Edit a note record //////////////////////////////////////////////////////////////////////////////// case 'editnote': - $xref = safe_GET('xref', WT_REGEX_XREF); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); $note = WT_Note::getInstance($xref); check_record_access($note); @@ -1329,9 +1335,9 @@ case 'editnote': break; case 'editnoteaction': - $xref = safe_POST('xref', WT_REGEX_XREF); - $keep_chan = safe_POST_bool('keep_chan'); - $note = safe_POST('NOTE', WT_REGEX_UNSAFE); + $xref = WT_Filter::post('xref', WT_REGEX_XREF); + $keep_chan = WT_Filter::postBool('keep_chan'); + $note = WT_Filter::post('NOTE'); $record = WT_Note::getInstance($xref); check_record_access($record); @@ -1415,43 +1421,48 @@ case 'addrepoaction': ->setPageTitle(WT_I18N::translate('Create repository')) ->pageHeader(); - $newgedrec = "0 @XREF@ REPO"; - if (isset($_REQUEST['REPO_NAME'])) $NAME = $_REQUEST['REPO_NAME']; - if (isset($_REQUEST['_HEB'])) $_HEB = $_REQUEST['_HEB']; - if (isset($_REQUEST['ROMN'])) $ROMN = $_REQUEST['ROMN']; - if (isset($_REQUEST['ADDR'])) $ADDR = $_REQUEST['ADDR']; - if (isset($_REQUEST['PHON'])) $PHON = $_REQUEST['PHON']; - if (isset($_REQUEST['FAX'])) $FAX = $_REQUEST['FAX']; - if (isset($_REQUEST['EMAIL'])) $EMAIL = $_REQUEST['EMAIL']; - if (isset($_REQUEST['WWW'])) $WWW = $_REQUEST['WWW']; - - if (!empty($NAME)) { - $newgedrec .= "\n1 NAME $NAME"; - if (!empty($_HEB)) $newgedrec .= "\n2 _HEB $_HEB"; - if (!empty($ROMN)) $newgedrec .= "\n2 ROMN $ROMN"; - } - if (!empty($ADDR)) { - foreach (preg_split("/\r?\n/", $ADDR) as $k=>$line) { - if ($k==0) { - $newgedrec .= "\n1 ADDR {$line}"; - } else { - $newgedrec .= "\n2 CONT {$line}"; - } + $gedrec = "0 @XREF@ REPO"; + $REPO_NAME = WT_Filter::post('REPO_NAME'); + if ($REPO_NAME) { + $gedrec .= "\n1 NAME " . $REPO_NAME; + $_HEB = WT_Filter::post('_HEB'); + if ($_HEB) { + $gedrec .= "\n2 _HEB " . $_HEB; + } + $ROMN = WT_Filter::post('ROMN'); + if ($ROMN) { + $gedrec .= "\n2 ROMN " . $ROMN; } } - if (!empty($PHON)) $newgedrec .= "\n1 PHON $PHON"; - if (!empty($FAX)) $newgedrec .= "\n1 FAX $FAX"; - if (!empty($EMAIL)) $newgedrec .= "\n1 EMAIL $EMAIL"; - if (!empty($WWW)) $newgedrec .= "\n1 WWW $WWW"; + $ADDR = WT_Filter::post('ADDR'); + if ($ADDR) { + $gedrec .= "\n1 ADDR " . preg_replace('/\r?\n/', "\n2 CONT ", $ADDR); + } + $PHON = WT_Filter::post('PHON'); + if ($PHON) { + $newgedrec .= "\n1 PHON " . $PHON; + } + $FAX = WT_Filter::post('FAX'); + if ($FAX) { + $newgedrec .= "\n1 FAX " . $FAX; + } + $EMAIL = WT_Filter::post('EMAIL'); + if ($EMAIL) { + $newgedrec .= "\n1 EMAIL " . $EMAIL; + } + $WWW = WT_Filter::post('WWW'); + if ($WWW) { + $newgedrec .= "\n1 WWW " . $WWW; + } - $record = WT_GedcomRecord::createRecord($newgedrec, WT_GED_ID); + $record = WT_GedcomRecord::createRecord($gedrec, WT_GED_ID); $controller->addInlineJavascript('openerpasteid("' . $record->getXref() . '");'); break; //////////////////////////////////////////////////////////////////////////////// case 'editname': - $xref = safe_GET('xref', WT_REGEX_XREF); - $fact_id = safe_GET('fact_id'); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); + $fact_id = WT_Filter::get('fact_id'); $person = WT_Individual::getInstance($xref); check_record_access($person); @@ -1487,7 +1498,7 @@ case 'editname': //////////////////////////////////////////////////////////////////////////////// case 'addname': - $xref = safe_GET('xref', WT_REGEX_XREF); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); $person = WT_Individual::getInstance($xref); check_record_access($person); @@ -1501,8 +1512,8 @@ case 'addname': //////////////////////////////////////////////////////////////////////////////// case 'paste': - $xref = safe_REQUEST($_REQUEST, 'xref', WT_REGEX_XREF); - $fact = safe_REQUEST($_REQUEST, 'fact', WT_REGEX_UNSAFE); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); + $fact = WT_Filter::get('fact'); $record = WT_GedcomRecord::getInstance($xref); check_record_access($record); @@ -1519,7 +1530,7 @@ case 'paste': // Change the order of media objects //////////////////////////////////////////////////////////////////////////////// case 'reorder_media': - $xref = safe_REQUEST($_REQUEST, 'xref', WT_REGEX_XREF); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); $person = WT_Individual::getInstance($xref); check_record_access($person); @@ -1606,9 +1617,9 @@ case 'reorder_media': break; case 'reorder_media_update': - $xref = safe_POST('xref', WT_REGEX_XREF); - $order1 = safe_POST('order1'); - $keep_chan = safe_POST_bool('keep_chan'); + $xref = WT_Filter::post('xref', WT_REGEX_XREF); + $order1 = WT_Filter::post('order1'); + $keep_chan = WT_Filter::postBool('keep_chan'); $person = WT_Individual::getInstance($xref); check_record_access($person); @@ -1640,8 +1651,8 @@ case 'reorder_media_update': // Change the order of children within a family record //////////////////////////////////////////////////////////////////////////////// case 'reorder_children': - $xref = safe_GET('xref', WT_REGEX_XREF); - $option = safe_GET('option'); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); + $option = WT_Filter::get('option'); $family = WT_Family::getInstance($xref); check_record_access($family); @@ -1706,9 +1717,9 @@ case 'reorder_children': break; case 'reorder_update': - $xref = safe_POST('xref', WT_REGEX_XREF); - $order = safe_POST('order'); - $keep_chan = safe_POST_bool('keep_chan'); + $xref = WT_Filter::post('xref', WT_REGEX_XREF); + $order = WT_Filter::post('order'); + $keep_chan = WT_Filter::postBool('keep_chan'); $family = WT_Family::getInstance($xref); check_record_access($family); @@ -1745,7 +1756,7 @@ case 'reorder_update': // Change the members of a family record //////////////////////////////////////////////////////////////////////////////// case 'changefamily': - $xref = safe_GET('xref', WT_REGEX_XREF); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); $family = WT_Family::getInstance($xref); check_record_access($family); @@ -1905,17 +1916,17 @@ case 'changefamily': break; case 'changefamily_update': - $xref = safe_POST('xref', WT_REGEX_XREF); - $HUSB = safe_POST('HUSB', WT_REGEX_XREF); - $WIFE = safe_POST('WIFE', WT_REGEX_XREF); - $keep_chan = safe_POST_bool('keep_chan'); + $xref = WT_Filter::post('xref', WT_REGEX_XREF); + $HUSB = WT_Filter::post('HUSB', WT_REGEX_XREF); + $WIFE = WT_Filter::post('WIFE', WT_REGEX_XREF); + $keep_chan = WT_Filter::postBool('keep_chan'); //TODO use CHIL[] instead of CHIL<n> - //$CHIL = safe_POST('CHIL', WT_REGEX_XREF); + //$CHIL = WT_Filter::postArray('CHIL', WT_REGEX_XREF); $CHIL = array(); for ($i=0; ;++$i) { if (isset($_POST['CHIL'.$i])) { - $CHIL[] = safe_POST('CHIL'.$i, WT_REGEX_XREF); + $CHIL[] = WT_Filter::post('CHIL'.$i, WT_REGEX_XREF); } else { break; } @@ -2022,8 +2033,8 @@ case 'changefamily_update': // Change the order of FAMS records within an INDI record //////////////////////////////////////////////////////////////////////////////// case 'reorder_fams': - $xref = safe_GET('xref', WT_REGEX_XREF); - $option = safe_GET('option'); + $xref = WT_Filter::get('xref', WT_REGEX_XREF); + $option = WT_Filter::get('option'); $person = WT_Individual::getInstance($xref); check_record_access($person); @@ -2067,9 +2078,9 @@ case 'reorder_fams': break; case 'reorder_fams_update': - $xref = safe_POST('xref', WT_REGEX_XREF); - $order = safe_POST('order'); - $keep_chan = safe_POST_bool('keep_chan'); + $xref = WT_Filter::post('xref', WT_REGEX_XREF); + $order = WT_Filter::post('order'); + $keep_chan = WT_Filter::postBool('keep_chan'); $person = WT_Individual::getInstance($xref); check_record_access($person); diff --git a/editnews.php b/editnews.php index 2515ab70c1..f50aec9a26 100644 --- a/editnews.php +++ b/editnews.php @@ -32,13 +32,13 @@ $controller ->requireMemberLogin() ->pageHeader(); -$action =safe_GET('action', array('compose', 'save', 'delete'), 'compose'); -$news_id =safe_GET('news_id'); -$user_id =safe_REQUEST($_REQUEST, 'user_id'); -$gedcom_id=safe_REQUEST($_REQUEST, 'gedcom_id'); -$date =safe_POST('date', WT_REGEX_INTEGER, WT_TIMESTAMP); -$title =safe_POST('title', WT_REGEX_UNSAFE); -$text =safe_POST('text', WT_REGEX_UNSAFE); +$action = WT_Filter::get('action', 'compose|save|delete', 'compose'); +$news_id = WT_Filter::getInteger('news_id'); +$user_id = WT_Filter::get('user_id', WT_REGEX_INTEGER, WT_Filter::post('user_id', WT_REGEX_INTEGER)); +$gedcom_id = WT_Filter::get('gedcom_id', WT_REGEX_INTEGER, WT_Filter::post('gedcom_id', WT_REGEX_INTEGER)); +$date = WT_Filter::postInteger('date', 0, PHP_INT_MAX, WT_TIMESTAMP); +$title = WT_Filter::post('title'); +$text = WT_Filter::post('text'); switch ($action) { case 'compose': diff --git a/edituser.php b/edituser.php index 57375fc08d..0d546450a8 100644 --- a/edituser.php +++ b/edituser.php @@ -42,17 +42,17 @@ foreach (get_theme_names() as $themename=>$themedir) { } // Extract form variables -$form_action =safe_POST('form_action' ); -$form_username =safe_POST('form_username', WT_REGEX_USERNAME); -$form_realname =safe_POST('form_realname' ); -$form_pass1 =safe_POST('form_pass1', WT_REGEX_PASSWORD); -$form_pass2 =safe_POST('form_pass2', WT_REGEX_PASSWORD); -$form_email =safe_POST('form_email', WT_REGEX_EMAIL, 'email@example.com'); -$form_rootid =safe_POST('form_rootid', WT_REGEX_XREF, WT_USER_ROOT_ID ); -$form_theme =safe_POST('form_theme', $ALL_THEME_DIRS); -$form_language =safe_POST('form_language', array_keys(WT_I18N::installed_languages()), WT_LOCALE ); -$form_contact_method=safe_POST('form_contact_method'); -$form_visible_online=safe_POST_bool('form_visible_online'); +$form_action = WT_Filter::post('form_action'); +$form_username = WT_Filter::post('form_username'); +$form_realname = WT_Filter::post('form_realname' ); +$form_pass1 = WT_Filter::post('form_pass1', WT_REGEX_PASSWORD); +$form_pass2 = WT_Filter::post('form_pass2', WT_REGEX_PASSWORD); +$form_email = WT_Filter::postEmail('form_email'); +$form_rootid = WT_Filter::post('form_rootid', WT_REGEX_XREF); +$form_theme = WT_Filter::post('form_theme', implode('|', $ALL_THEME_DIRS)); +$form_language = WT_Filter::post('form_language', implode('|', array_keys(WT_I18N::installed_languages()), WT_LOCALE)); +$form_contact_method = WT_Filter::post('form_contact_method'); +$form_visible_online = WT_Filter::postBool('form_visible_online'); // Respond to form action if ($form_action=='update') { diff --git a/expand_view.php b/expand_view.php index a5dc6180bf..cd0e553c52 100644 --- a/expand_view.php +++ b/expand_view.php @@ -27,7 +27,7 @@ require './includes/session.php'; Zend_Session::writeClose(); header('Content-Type: text/html; charset=UTF-8'); -$person = WT_Individual::getInstance(safe_GET_xref('pid')); +$person = WT_Individual::getInstance(WT_Filter::get('pid', WT_REGEX_XREF)); if (!$person || !$person->canShow()) { return WT_I18N::translate('Private'); } diff --git a/famlist.php b/famlist.php index 2bef3e777d..98812f5821 100644 --- a/famlist.php +++ b/famlist.php @@ -32,19 +32,19 @@ $controller=new WT_Controller_Page(); // We show three different lists: initials, surnames and individuals // Note that the data may contain special chars, such as surname="<unknown>", -$alpha =safe_GET('alpha', WT_REGEX_UNSAFE); // All surnames beginning with this letter where "@"=unknown and ","=none -$surname =safe_GET('surname', WT_REGEX_UNSAFE); // All indis with this surname. NB - allow ' and " -$show_all=safe_GET('show_all', array('no','yes'), 'no'); // All indis +$alpha = WT_Filter::get('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none +$surname = WT_Filter::get('surname'); // All indis with this surname +$show_all = WT_Filter::get('show_all', 'no|yes', 'no'); // All indis // Long lists can be broken down by given name -$show_all_firstnames=safe_GET('show_all_firstnames', array('no','yes'), 'no'); +$show_all_firstnames = WT_Filter::get('show_all_firstnames', 'no|yes', 'no'); if ($show_all_firstnames=='yes') { $falpha=''; } else { - $falpha=safe_GET('falpha'); // All first names beginning with this letter + $falpha = WT_Filter::get('falpha'); // All first names beginning with this letter } $show_marnm=get_user_setting(WT_USER_ID, WT_SCRIPT_NAME.'_show_marnm'); -switch (safe_GET('show_marnm', array('no','yes'))) { +switch (WT_Filter::get('show_marnm', 'no|yes')) { case 'no': $show_marnm=false; if (WT_USER_ID) { @@ -63,23 +63,23 @@ case 'yes': // i.e. can't specify show_all and surname at the same time. if ($show_all=='yes') { if ($show_all_firstnames=='yes') { - $alpha=''; - $surname=''; - $legend=WT_I18N::translate('All'); - $url=WT_SCRIPT_NAME.'?show_all=yes&ged='.WT_GEDURL; - $show='indi'; + $alpha = ''; + $surname = ''; + $legend = WT_I18N::translate('All'); + $url = WT_SCRIPT_NAME.'?show_all=yes&ged='.WT_GEDURL; + $show = 'indi'; } else if ($falpha) { - $alpha=''; - $surname=''; - $legend=WT_I18N::translate('All').', '.WT_Filter::escapeHtml($falpha).'…'; - $url=WT_SCRIPT_NAME.'?show_all=yes&ged='.WT_GEDURL; - $show='indi'; + $alpha = ''; + $surname = ''; + $legend = WT_I18N::translate('All').', '.WT_Filter::escapeHtml($falpha).'…'; + $url = WT_SCRIPT_NAME.'?show_all=yes&ged='.WT_GEDURL; + $show = 'indi'; } else { - $alpha=''; - $surname=''; - $legend=WT_I18N::translate('All'); - $url=WT_SCRIPT_NAME.'?show_all=yes'.'&ged='.WT_GEDURL; - $show=safe_GET('show', array('surn', 'indi'), 'surn'); + $alpha = ''; + $surname = ''; + $legend = WT_I18N::translate('All'); + $url = WT_SCRIPT_NAME.'?show_all=yes'.'&ged='.WT_GEDURL; + $show = WT_Filter::get('show', 'surn|indi', 'surn'); } } elseif ($surname) { $alpha=WT_Query_Name::initialLetter($surname); // so we can highlight the initial letter @@ -104,25 +104,25 @@ if ($show_all=='yes') { } $show='indi'; // SURN list makes no sense here } elseif ($alpha=='@') { - $show_all='no'; - $legend=$UNKNOWN_NN; - $url=WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&ged='.WT_GEDURL; - $show='indi'; // SURN list makes no sense here + $show_all = 'no'; + $legend = $UNKNOWN_NN; + $url = WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&ged='.WT_GEDURL; + $show = 'indi'; // SURN list makes no sense here } elseif ($alpha==',') { - $show_all='no'; - $legend=WT_I18N::translate('None'); - $url=WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&ged='.WT_GEDURL; - $show='indi'; // SURN list makes no sense here + $show_all = 'no'; + $legend = WT_I18N::translate('None'); + $url = WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&ged='.WT_GEDURL; + $show = 'indi'; // SURN list makes no sense here } elseif ($alpha) { - $show_all='no'; - $legend=WT_Filter::escapeHtml($alpha).'…'; - $url=WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&ged='.WT_GEDURL; - $show=safe_GET('show', array('surn', 'indi'), 'surn'); + $show_all = 'no'; + $legend = WT_Filter::escapeHtml($alpha).'…'; + $url = WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&ged='.WT_GEDURL; + $show = WT_Filter::get('show', 'surn|indi', 'surn'); } else { - $show_all='no'; - $legend='…'; - $url=WT_SCRIPT_NAME.'?ged='.WT_GEDURL; - $show='none'; // Don't show lists until something is chosen + $show_all = 'no'; + $legend = '…'; + $url = WT_SCRIPT_NAME.'?ged='.WT_GEDURL; + $show = 'none'; // Don't show lists until something is chosen } $legend='<span dir="auto">'.$legend.'</span>'; diff --git a/fanchart.php b/fanchart.php index 45f393c080..1df7fbc044 100644 --- a/fanchart.php +++ b/fanchart.php @@ -27,7 +27,7 @@ require WT_ROOT.'includes/functions/functions_edit.php'; $controller=new WT_Controller_Fanchart(); -if (safe_GET_bool('img')) { +if (WT_Filter::getBool('img')) { Zend_Session::writeClose(); $controller->generate_fan_chart('png'); exit; @@ -87,4 +87,4 @@ if ($controller->error_message) { if ($controller->root) { echo '<div id="fan_chart">', $controller->generate_fan_chart('html'), '</div>'; } -echo '</div>'; // close #page-chart +echo '</div>';
\ No newline at end of file @@ -27,15 +27,15 @@ require_once WT_ROOT.'includes/functions/functions_print_lists.php'; $controller=new WT_Controller_Simple(); -$type =safe_GET('type', WT_REGEX_ALPHA, 'indi'); -$filter =safe_GET('filter'); -$action =safe_GET('action'); -$callback =safe_GET('callback', WT_REGEX_NOSCRIPT, 'paste_id'); -$media =safe_GET('media'); -$all =safe_GET_bool('all'); -$subclick =safe_GET('subclick'); -$choose =safe_GET('choose', WT_REGEX_NOSCRIPT, '0all'); -$qs =safe_GET('tags'); +$type = WT_Filter::get('type'); +$filter = WT_Filter::get('filter'); +$action = WT_Filter::get('action'); +$callback = WT_Filter::get('callback', '[a-zA-Z0-9_]+', 'paste_id'); +$media = WT_Filter::get('media'); +$all = WT_Filter::getBool('all'); +$subclick = WT_Filter::get('subclick'); +$choose = WT_Filter::get('choose', '[a-zA-Z0-9_]+', '0all'); +$qs = WT_Filter::get('tags'); // Retrives the currently selected tags in the opener window (reading curTags value of the query string) // $preselDefault will be set to the array of DEFAULT preselected tags @@ -90,7 +90,7 @@ case "source": break; case "specialchar": $controller->setPageTitle(WT_I18N::translate('Find a special character')); - $language_filter=safe_GET('language_filter'); + $language_filter = WT_Filter::get('language_filter'); if (WT_USER_ID) { // Users will probably always want the same language, so remember their setting if (!$language_filter) { @@ -708,4 +708,4 @@ if ($action=="filter") { } } echo '<button onclick="window.close();">', WT_I18N::translate('close'), '</button>'; -echo "</div>"; // Close div="find-page" +echo "</div>"; diff --git a/gedrecord.php b/gedrecord.php index 8c17184c47..3c15d77e10 100644 --- a/gedrecord.php +++ b/gedrecord.php @@ -24,7 +24,7 @@ require './includes/session.php'; $controller=new WT_Controller_Page(); -$obj=WT_GedcomRecord::getInstance(safe_GET_xref('pid')); +$obj = WT_GedcomRecord::getInstance(WT_Filter::get('pid', WT_REGEX_XREF)); if ( $obj instanceof WT_Individual || diff --git a/help_text.php b/help_text.php index ba894bcb6a..f55275ac3f 100644 --- a/help_text.php +++ b/help_text.php @@ -31,7 +31,7 @@ require './includes/session.php'; $controller=new WT_Controller_Ajax(); -$help=safe_GET('help'); +$help = WT_Filter::get('help'); switch ($help) { ////////////////////////////////////////////////////////////////////////////// // This is a list of all known gedcom tags. We list them all here so that @@ -1504,7 +1504,7 @@ default: $title=WT_I18N::translate('Help'); $text=WT_I18N::translate('The help text has not been written for this item.'); // If we've been called from a module, allow the module to provide the help text - $mod=safe_GET('mod', '[A-Za-z0-9_]+'); + $mod = WT_Filter::get('mod', '[A-Za-z0-9_]+'); if (file_exists(WT_ROOT.WT_MODULES_DIR.$mod.'/help_text.php')) { require WT_ROOT.WT_MODULES_DIR.$mod.'/help_text.php'; } @@ -1514,4 +1514,4 @@ default: $controller->pageHeader(); echo '<div class="helpheader">', $title, '</div>'; -echo '<div class="helpcontent">', $text,'</div>'; +echo '<div class="helpcontent">', $text,'</div>';
\ No newline at end of file diff --git a/hourglass_ajax.php b/hourglass_ajax.php index d228630673..ebd1664164 100644 --- a/hourglass_ajax.php +++ b/hourglass_ajax.php @@ -26,12 +26,6 @@ define('WT_SCRIPT_NAME', 'hourglass_ajax.php'); require './includes/session.php'; -/* - * The purpose of this page is to build the left half of the Hourglass chart via Ajax. - * This page only produces a husband and wife with the connecting lines to unite and - * label the pair as a pair. - */ - $controller=new WT_Controller_Hourglass(); header('Content-type: text/html; charset=UTF-8'); @@ -39,7 +33,8 @@ header('Content-type: text/html; charset=UTF-8'); Zend_Session::writeClose(); // -- print html header information -if (isset($_REQUEST['type']) && $_REQUEST['type']=='desc') +if (WT_Filter::get('type')=='desc') { $controller->print_descendency(WT_Individual::getInstance($controller->pid), 1, false); -else +} else { $controller->print_person_pedigree(WT_Individual::getInstance($controller->pid), 0); +} diff --git a/import.php b/import.php index 2f6cc0ba41..0e17256564 100644 --- a/import.php +++ b/import.php @@ -41,7 +41,7 @@ $controller // Don't use ged=XX as we want to be able to run without changing the current gedcom. // This will let us load several gedcoms together, or to edit one while loading another. -$gedcom_id=safe_GET('gedcom_id'); +$gedcom_id = WT_Filter::getInteger('gedcom_id'); // Don't allow the user to cancel the request. We do not want to be left // with an incomplete transaction. @@ -93,7 +93,7 @@ for ($end_time=microtime(true)+1.0; microtime(true)<$end_time; ) { )->execute(array($gedcom_id))->fetchOneRow(); // If we are at the start position, do some tidying up if ($first_time) { - $keep_media=safe_GET_bool('keep_media'.$gedcom_id); + $keep_media=WT_Filter::getBool('keep_media'.$gedcom_id); // Delete any existing genealogical data empty_database($gedcom_id, $keep_media); set_gedcom_setting($gedcom_id, 'imported', false); @@ -234,4 +234,4 @@ WT_DB::exec("COMMIT"); // Reload..... // Use uniqid() to prevent jQuery caching the previous response. -$controller->addInlineJavascript('jQuery("#import'.$gedcom_id.'").load("import.php?gedcom_id='.$gedcom_id.'&u='.uniqid().'");'); +$controller->addInlineJavascript('jQuery("#import'.$gedcom_id.'").load("import.php?gedcom_id='.$gedcom_id.'&u='.uniqid().'");');
\ No newline at end of file diff --git a/includes/functions/functions.php b/includes/functions/functions.php index 54ab48ea81..0690b4ee25 100644 --- a/includes/functions/functions.php +++ b/includes/functions/functions.php @@ -26,96 +26,6 @@ if (!defined('WT_WEBTREES')) { exit; } -//////////////////////////////////////////////////////////////////////////////// -// Extract, sanitise and validate FORM (POST), URL (GET) and COOKIE variables. -// -// Request variables should ALWAYS be accessed through these functions, to -// protect against XSS (cross-site-scripting) attacks. -// -// $var - The variable to check -// $regex - Regular expression to validate the variable (or an array of -// regular expressions). A number of common regexes are defined in -// session.php as constants WT_REGEX_*. If no value is specified, -// the default blocks all characters that could introduce scripts. -// $default - A value to use if $var is undefined or invalid. -// -// You should always know whether your variables are coming from GET or POST, -// and always use the correct function. -// -// NOTE: when using checkboxes, $var is either set (checked) or unset (not -// checked). This lets us use the syntax safe_GET('my_checkbox', 'yes', 'no') -// -// NOTE: when using listboxes, $regex can be an array of valid values. For -// example, you can use safe_POST('lang', array_keys($pgv_language), WT_LOCALE) -// to validate against a list of valid languages and supply a sensible default. -//////////////////////////////////////////////////////////////////////////////// - -function safe_POST($var, $regex=WT_REGEX_NOSCRIPT, $default=null) { - return safe_REQUEST($_POST, $var, $regex, $default); -} -function safe_GET($var, $regex=WT_REGEX_NOSCRIPT, $default=null) { - return safe_REQUEST($_GET, $var, $regex, $default); -} -function safe_COOKIE($var, $regex=WT_REGEX_NOSCRIPT, $default=null) { - return safe_REQUEST($_COOKIE, $var, $regex, $default); -} - -function safe_GET_integer($var, $min, $max, $default) { - $num=safe_GET($var, WT_REGEX_INTEGER, $default); - $num=max($num, $min); - $num=min($num, $max); - return (int)$num; -} -function safe_POST_integer($var, $min, $max, $default) { - $num=safe_POST($var, WT_REGEX_INTEGER, $default); - $num=max($num, $min); - $num=min($num, $max); - return (int)$num; -} - -function safe_GET_bool($var, $true='(y|Y|1|yes|YES|Yes|true|TRUE|True|on)') { - return !is_null(safe_GET($var, $true)); -} -function safe_POST_bool($var, $true='(y|Y|1|yes|YES|Yes|true|TRUE|True|on)') { - return !is_null(safe_POST($var, $true)); -} - -function safe_GET_xref($var, $default=null) { - return safe_GET($var, WT_REGEX_XREF, $default); -} -function safe_POST_xref($var, $default=null) { - return safe_POST($var, WT_REGEX_XREF, $default); -} - -function safe_REQUEST($arr, $var, $regex=WT_REGEX_NOSCRIPT, $default=null) { - if (is_array($regex)) { - $regex='(?:'.join('|', $regex).')'; - } - if (array_key_exists($var, $arr) && preg_match_recursive('~^'.addcslashes($regex, '~').'$~', $arr[$var])) { - return $arr[$var]; - } else { - return $default; - } -} - -function preg_match_recursive($regex, $var) { - if (is_scalar($var)) { - return preg_match($regex, $var); - } else { - if (is_array($var)) { - foreach ($var as $k=>$v) { - if (!preg_match_recursive($regex, $v)) { - return false; - } - } - return true; - } else { - // Neither scalar nor array. Object? - return false; - } - } -} - // Fetch a remote file. Stream wrappers are disabled on // many hosts, and do not allow the detection of timeout. function fetch_remote_file($host, $path, $timeout=3) { @@ -2038,4 +1948,4 @@ function expand_urls($text) { // Use it to emulate the before_needle php 5.3.0 strstr function function strstrb($haystack, $needle){ return substr($haystack, 0, strpos($haystack, $needle)); -} +}
\ No newline at end of file diff --git a/includes/functions/functions_edit.php b/includes/functions/functions_edit.php index 5ba010fb47..5aed6ddfb9 100644 --- a/includes/functions/functions_edit.php +++ b/includes/functions/functions_edit.php @@ -963,7 +963,7 @@ function addSimpleTags($fact) { function addNewName() { global $ADVANCED_NAME_FACTS; - $gedrec="\n1 NAME ".safe_POST('NAME', WT_REGEX_UNSAFE, '//'); + $gedrec="\n1 NAME ".WT_Filter::post('NAME'); $tags=array('NPFX', 'GIVN', 'SPFX', 'SURN', 'NSFX'); @@ -978,7 +978,7 @@ function addNewName() { } foreach (array_unique($tags) as $tag) { - $TAG=safe_POST($tag, WT_REGEX_UNSAFE); + $TAG=WT_Filter::post($tag, WT_REGEX_TAG); if ($TAG) { $gedrec.="\n2 {$tag} {$TAG}"; } @@ -986,7 +986,7 @@ function addNewName() { return $gedrec; } function addNewSex() { - switch (safe_POST('SEX', '[MF]', 'U')) { + switch (WT_Filter::post('SEX', '[MF]', 'U')) { case 'M': return "\n1 SEX M"; case 'F': @@ -998,9 +998,9 @@ function addNewSex() { function addNewFact($fact) { global $tagSOUR, $ADVANCED_PLAC_FACTS; - $FACT=safe_POST($fact, WT_REGEX_UNSAFE); - $DATE=safe_POST("{$fact}_DATE", WT_REGEX_UNSAFE); - $PLAC=safe_POST("{$fact}_PLAC", WT_REGEX_UNSAFE); + $FACT=WT_Filter::post($fact, WT_REGEX_TAG); + $DATE=WT_Filter::post("{$fact}_DATE"); + $PLAC=WT_Filter::post("{$fact}_PLAC"); if ($DATE || $PLAC || $FACT && $FACT!='Y') { if ($FACT && $FACT!='Y') { $gedrec="\n1 {$fact} {$FACT}"; @@ -1015,25 +1015,25 @@ function addNewFact($fact) { if (preg_match_all('/('.WT_REGEX_TAG.')/', $ADVANCED_PLAC_FACTS, $match)) { foreach ($match[1] as $tag) { - $TAG=safe_POST("{$fact}_{$tag}", WT_REGEX_UNSAFE); + $TAG=WT_Filter::post("{$fact}_{$tag}"); if ($TAG) { $gedrec.="\n3 {$tag} {$TAG}"; } } } - $LATI=safe_POST("{$fact}_LATI", WT_REGEX_UNSAFE); - $LONG=safe_POST("{$fact}_LONG", WT_REGEX_UNSAFE); + $LATI=WT_Filter::post("{$fact}_LATI"); + $LONG=WT_Filter::post("{$fact}_LONG"); if ($LATI || $LONG) { $gedrec.="\n3 MAP\n4 LATI {$LATI}\n4 LONG {$LONG}"; } } - if (safe_POST_bool("SOUR_{$fact}")) { + if (WT_Filter::postBool("SOUR_{$fact}")) { return updateSOUR($gedrec, 2); } else { return $gedrec; } } elseif ($FACT=='Y') { - if (safe_POST_bool("SOUR_{$fact}")) { + if (WT_Filter::postBool("SOUR_{$fact}")) { return updateSOUR("\n1 {$fact} Y", 2); } else { return "\n1 {$fact} Y"; @@ -1566,4 +1566,4 @@ function insert_missing_subtags($level1tag, $add_date=false) { add_simple_tag('4 LONG'); } } -} +}
\ No newline at end of file diff --git a/includes/functions/functions_print.php b/includes/functions/functions_print.php index 8ca4fec079..6ea8a1b962 100644 --- a/includes/functions/functions_print.php +++ b/includes/functions/functions_print.php @@ -318,7 +318,7 @@ function whoisonline() { $content .= '<div class="logged_in_name">'; $content .= WT_Filter::escapeHtml(getUserFullName($user_id) . ' - ' . $user_name); if (true || WT_USER_ID!=$user_id && get_user_setting($user_id, 'contactmethod')!="none") { - $content .= ' <a class="icon-email" href="#" onclick="return message(\''.$user_name . '\', \'\', \''.addslashes(urlencode(get_query_url())).'\', \'\');" title="' . WT_I18N::translate('Send Message').'"></a>'; + $content .= ' <a class="icon-email" href="#" onclick="return message(\'' . WT_Filter::escapeJs($user_name) . '\', \'\', \'' . WT_Filter::escapeJs(get_query_url()) . '\');" title="' . WT_I18N::translate('Send Message').'"></a>'; } $i++; $content .= '</div>'; @@ -332,18 +332,18 @@ function whoisonline() { // Print a link to allow email/messaging contact with a user // Optionally specify a method (used for webmaster/genealogy contacts) function user_contact_link($user_id) { - $method=get_user_setting($user_id, 'contactmethod'); + $method = get_user_setting($user_id, 'contactmethod'); - $fullname=getUserFullName($user_id); + $fullname = getUserFullName($user_id); switch ($method) { case 'none': return ''; case 'mailto': $email=getUserEmail($user_id); - return '<a href="mailto:'.WT_Filter::escapeHtml($email).'">'.WT_Filter::escapeHtml($fullname).'</a>'; + return '<a href="mailto:' . WT_Filter::escapeHtml($email).'">'.WT_Filter::escapeHtml($fullname).'</a>'; default: - return "<a href='#' onclick='message(\"".get_user_name($user_id)."\", \"".$method."\", \"".addslashes(urlencode(get_query_url()))."\", \"\");return false;'>".$fullname."</a>"; + return "<a href='#' onclick='message(\"" . WT_Filter::escapeJs(get_user_name($user_id)) . "\", \"" . $method . "\", \"" . WT_Filter::escapeJs(get_query_url()) . "\", \"\");return false;'>" . WT_Filter::escapeHtml($fullname) . '</a>'; } } @@ -557,7 +557,7 @@ function print_privacy_error() { echo '<div class="error">', WT_I18N::translate('For more information contact'), ' ', '<a href="mailto:'.WT_Filter::escapeHtml($email).'">'.WT_Filter::escapeHtml($fullname).'</a>', '</div>'; break; default: - echo '<div class="error">', WT_I18N::translate('For more information contact'), ' ', "<a href='#' onclick='message(\"", get_user_name($user_id), "\", \"", $method, "\", \"", addslashes(urlencode(get_query_url())), "\", \"\");return false;'>", $fullname, '</a>', '</div>'; + echo '<div class="error">', WT_I18N::translate('For more information contact'), ' ', "<a href='#' onclick='message(\"", WT_Filter::escapeHtml(get_user_name($user_id)), "\", \"", $method, "\", \"", WT_Filter::escapeJs(get_query_url()), "\", \"\"); return false;'>", WT_Filter::escapeHtml($fullname), '</a>', '</div>'; break; } } diff --git a/includes/hitcount.php b/includes/hitcount.php index 2c985b718e..dc8cfb8bd2 100644 --- a/includes/hitcount.php +++ b/includes/hitcount.php @@ -29,32 +29,35 @@ if (!defined('WT_WEBTREES')) { // Only record hits for certain pages switch (WT_SCRIPT_NAME) { case 'index.php': - switch (safe_REQUEST($_REQUEST, 'ctype', array('gedcom', 'user'), WT_USER_ID ? 'user' : 'gedcom')) { + switch (WT_Filter::get('ctype', 'gedcom|user', WT_USER_ID ? 'user' : 'gedcom')) { case 'user': $page_parameter='user:'.WT_USER_ID; break; - default: + case 'gedcom': $page_parameter='gedcom:'.WT_GED_ID; break; + default: + $page_parameter=''; + break; } break; case 'individual.php': - $page_parameter=safe_GET('pid', WT_REGEX_XREF); + $page_parameter=WT_Filter::get('pid', WT_REGEX_XREF); break; case 'family.php': - $page_parameter=safe_GET('famid', WT_REGEX_XREF); + $page_parameter=WT_Filter::get('famid', WT_REGEX_XREF); break; case 'source.php': - $page_parameter=safe_GET('sid', WT_REGEX_XREF); + $page_parameter=WT_Filter::get('sid', WT_REGEX_XREF); break; case 'repo.php': - $page_parameter=safe_GET('rid', WT_REGEX_XREF); + $page_parameter=WT_Filter::get('rid', WT_REGEX_XREF); break; case 'note.php': - $page_parameter=safe_GET('nid', WT_REGEX_XREF); + $page_parameter=WT_Filter::get('nid', WT_REGEX_XREF); break; case 'mediaviewer.php': - $page_parameter=safe_GET('mid', WT_REGEX_XREF); + $page_parameter=WT_Filter::get('mid', WT_REGEX_XREF); break; default: $page_parameter=''; diff --git a/includes/session.php b/includes/session.php index ad6b840f75..7fa23f5c82 100644 --- a/includes/session.php +++ b/includes/session.php @@ -85,10 +85,6 @@ define('WT_REGEX_ALPHANUM', '[a-zA-Z0-9]+'); define('WT_REGEX_BYTES', '[0-9]+[bBkKmMgG]?'); define('WT_REGEX_USERNAME', '[^<>"%{};]+'); define('WT_REGEX_PASSWORD', '.{'.WT_MINIMUM_PASSWORD_LENGTH.',}'); -define('WT_REGEX_NOSCRIPT', '[^<>"&%{};]*'); -define('WT_REGEX_URL', '[\/0-9A-Za-z_!~*\'().;?:@&=+$,%#-]+'); // Simple list of valid chars -define('WT_REGEX_EMAIL', '[^\s<>"&%{};@]+@[^\s<>"&%{};@]+'); -define('WT_REGEX_UNSAFE', '[\x00-\xFF]*'); // Use with care and apply additional validation! // UTF8 representation of various characters define('WT_UTF8_BOM', "\xEF\xBB\xBF"); // U+FEFF @@ -436,7 +432,7 @@ require WT_ROOT.'includes/config_data.php'; // If we are logged in, and logout=1 has been added to the URL, log out // If we were logged in, but our account has been deleted, log out. -if (WT_USER_ID && (safe_GET_bool('logout') || !WT_USER_NAME)) { +if (WT_USER_ID && (WT_Filter::getBool('logout') || !WT_USER_NAME)) { userLogout(WT_USER_ID); header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH); exit; @@ -470,13 +466,13 @@ if (WT_USER_ID) { } // Set the theme -if (substr(WT_SCRIPT_NAME, 0, 5)=='admin' || WT_SCRIPT_NAME=='module.php' && substr(safe_GET('mod_action'), 0, 5)=='admin') { +if (substr(WT_SCRIPT_NAME, 0, 5)=='admin' || WT_SCRIPT_NAME=='module.php' && substr(WT_Filter::get('mod_action'), 0, 5)=='admin') { // Administration scripts begin with “admin” and use a special administration theme define('WT_THEME_DIR', WT_THEMES_DIR.'_administration/'); } else { if (WT_Site::preference('ALLOW_USER_THEMES')) { // Requested change of theme? - $THEME_DIR=safe_GET('theme', get_theme_names()); + $THEME_DIR = WT_Filter::get('theme'); unset($_GET['theme']); // Last theme used? if (!$THEME_DIR && in_array($WT_SESSION->theme_dir, get_theme_names())) { @@ -33,41 +33,41 @@ define('WT_SCRIPT_NAME', 'index.php'); require './includes/session.php'; // The only option for action is "ajax" -$action=safe_REQUEST($_REQUEST, 'action', 'ajax'); +$action = WT_Filter::get('action'); // The default view depends on whether we are logged in -$ctype=safe_REQUEST($_REQUEST, 'ctype', array('gedcom', 'user'), WT_USER_ID ? 'user' : 'gedcom'); +$ctype = WT_Filter::get('ctype', 'gedcom|user', WT_USER_ID ? 'user' : 'gedcom'); -//-- get the blocks list +// Get the blocks list if (WT_USER_ID && $ctype=='user') { - $blocks=get_user_blocks(WT_USER_ID); + $blocks = get_user_blocks(WT_USER_ID); } else { - $blocks=get_gedcom_blocks(WT_GED_ID); + $blocks = get_gedcom_blocks(WT_GED_ID); } -$all_blocks=WT_Module::getActiveBlocks(); +$all_blocks = WT_Module::getActiveBlocks(); -// The latest version is shown on the administration page. This updates it every 3 days. +// The latest version is shown on the administration page. This updates it every day. // TODO: send an email notification to the admin when new versions are available. fetch_latest_version(); // We generate individual blocks using AJAX -if ($action=='ajax') { - $controller=new WT_Controller_Ajax(); +if ($action == 'ajax') { + $controller = new WT_Controller_Ajax(); $controller->pageHeader(); // Check we’re displaying an allowable block. - $block_id=safe_GET('block_id'); + $block_id = WT_Filter::getInteger('block_id'); if (array_key_exists($block_id, $blocks['main'])) { - $module_name=$blocks['main'][$block_id]; + $module_name = $blocks['main'][$block_id]; } elseif (array_key_exists($block_id, $blocks['side'])) { - $module_name=$blocks['side'][$block_id]; + $module_name = $blocks['side'][$block_id]; } else { exit; } if (array_key_exists($module_name, $all_blocks)) { - $class_name=$module_name.'_WT_Module'; - $module=new $class_name; + $class_name = $module_name.'_WT_Module'; + $module = new $class_name; $module->getBlock($block_id); } if (WT_DEBUG) { @@ -147,4 +147,4 @@ echo '<div id="link_change_blocks">'; if (WT_USER_GEDCOM_ADMIN && $ctype=='gedcom') echo '<a href="index_edit.php?gedcom_id='.WT_GED_ID.'" onclick="return modalDialog(\'index_edit.php?gedcom_id='.WT_GED_ID.'\', \'', WT_I18N::translate('Change the blocks on this page'), '\');">', WT_I18N::translate('Change the blocks on this page'), '</a>'; if ($SHOW_COUNTER) {echo '<span>'.WT_I18N::translate('Hit Count:').' '.$hitCount.'</span>';} echo '</div>', // <div id="link_change_blocks"> - '</div>'; // <div id="home-page"> + '</div>'; // <div id="home-page">
\ No newline at end of file diff --git a/index_edit.php b/index_edit.php index 1350d60d68..a164c43d12 100644 --- a/index_edit.php +++ b/index_edit.php @@ -27,11 +27,11 @@ require './includes/session.php'; $controller=new WT_Controller_Ajax(); // Only one of $user_id and $gedcom_id should be set -$user_id=safe_REQUEST($_REQUEST, 'user_id'); +$user_id = WT_Filter::get('user_id', WT_REGEX_INTEGER, WT_Filter::post('user_id', WT_REGEX_INTEGER)); if ($user_id) { - $gedcom_id=null; + $gedcom_id = null; } else { - $gedcom_id=safe_REQUEST($_REQUEST, 'gedcom_id'); + $gedcom_id = WT_Filter::get('gedcom_id', WT_REGEX_INTEGER, WT_Filter::post('gedcom_id', WT_REGEX_INTEGER)); } // Only an admin can edit the "default" page @@ -47,7 +47,7 @@ if ( exit; } -$action=safe_GET('action'); +$action = WT_Filter::get('action'); if (isset($_REQUEST['main'])) { $main=$_REQUEST['main']; diff --git a/indilist.php b/indilist.php index c50aa56958..eaeff0ce23 100644 --- a/indilist.php +++ b/indilist.php @@ -32,19 +32,19 @@ $controller=new WT_Controller_Page(); // We show three different lists: initials, surnames and individuals // Note that the data may contain special chars, such as surname="<unknown>", -$alpha =safe_GET('alpha', WT_REGEX_UNSAFE); // All surnames beginning with this letter where "@"=unknown and ","=none -$surname =safe_GET('surname', WT_REGEX_UNSAFE); // All indis with this surname. NB - allow ' and " -$show_all=safe_GET('show_all', array('no','yes'), 'no'); // All indis +$alpha = WT_Filter::get('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none +$surname = WT_Filter::get('surname'); // All indis with this surname. +$show_all = WT_Filter::get('show_all', 'no|yes', 'no'); // All indis // Long lists can be broken down by given name -$show_all_firstnames=safe_GET('show_all_firstnames', array('no','yes'), 'no'); +$show_all_firstnames = WT_Filter::get('show_all_firstnames', 'no|yes', 'no'); if ($show_all_firstnames=='yes') { $falpha=''; } else { - $falpha=safe_GET('falpha'); // All first names beginning with this letter + $falpha = WT_Filter::get('falpha'); // All first names beginning with this letter } $show_marnm=get_user_setting(WT_USER_ID, WT_SCRIPT_NAME.'_show_marnm'); -switch (safe_GET('show_marnm', array('no','yes'))) { +switch (WT_Filter::get('show_marnm', 'no|yes')) { case 'no': $show_marnm=false; if (WT_USER_ID) { @@ -63,23 +63,23 @@ case 'yes': // i.e. can't specify show_all and surname at the same time. if ($show_all=='yes') { if ($show_all_firstnames=='yes') { - $alpha=''; - $surname=''; - $legend=WT_I18N::translate('All'); - $url=WT_SCRIPT_NAME.'?show_all=yes&ged='.WT_GEDURL; - $show='indi'; + $alpha = ''; + $surname = ''; + $legend = WT_I18N::translate('All'); + $url = WT_SCRIPT_NAME.'?show_all=yes&ged='.WT_GEDURL; + $show = 'indi'; } else if ($falpha) { - $alpha=''; - $surname=''; - $legend=WT_I18N::translate('All').', '.WT_Filter::escapeHtml($falpha).'…'; - $url=WT_SCRIPT_NAME.'?show_all=yes&ged='.WT_GEDURL; - $show='indi'; + $alpha = ''; + $surname = ''; + $legend = WT_I18N::translate('All').', '.WT_Filter::escapeHtml($falpha).'…'; + $url = WT_SCRIPT_NAME.'?show_all=yes&ged='.WT_GEDURL; + $show = 'indi'; } else { - $alpha=''; - $surname=''; - $legend=WT_I18N::translate('All'); - $url=WT_SCRIPT_NAME.'?show_all=yes'.'&ged='.WT_GEDURL; - $show=safe_GET('show', array('surn', 'indi'), 'surn'); + $alpha = ''; + $surname = ''; + $legend = WT_I18N::translate('All'); + $url = WT_SCRIPT_NAME.'?show_all=yes'.'&ged='.WT_GEDURL; + $show = WT_Filter::get('show', 'surn|indi', 'surn'); } } elseif ($surname) { $alpha=WT_Query_Name::initialLetter($surname); // so we can highlight the initial letter @@ -104,25 +104,25 @@ if ($show_all=='yes') { } $show='indi'; // SURN list makes no sense here } elseif ($alpha=='@') { - $show_all='no'; - $legend=$UNKNOWN_NN; - $url=WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&ged='.WT_GEDURL; - $show='indi'; // SURN list makes no sense here + $show_all = 'no'; + $legend = $UNKNOWN_NN; + $url = WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&ged='.WT_GEDURL; + $show = 'indi'; // SURN list makes no sense here } elseif ($alpha==',') { - $show_all='no'; - $legend=WT_I18N::translate('None'); - $url=WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&ged='.WT_GEDURL; - $show='indi'; // SURN list makes no sense here + $show_all = 'no'; + $legend = WT_I18N::translate('None'); + $url = WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&ged='.WT_GEDURL; + $show = 'indi'; // SURN list makes no sense here } elseif ($alpha) { $show_all='no'; - $legend=WT_Filter::escapeHtml($alpha).'…'; - $url=WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&ged='.WT_GEDURL; - $show=safe_GET('show', array('surn', 'indi'), 'surn'); + $legend = WT_Filter::escapeHtml($alpha).'…'; + $url = WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&ged='.WT_GEDURL; + $show = WT_Filter::get('show', 'surn|indi', 'surn'); } else { - $show_all='no'; - $legend='…'; - $url=WT_SCRIPT_NAME.'?ged='.WT_GEDURL; - $show='none'; // Don't show lists until something is chosen + $show_all = 'no'; + $legend = '…'; + $url = WT_SCRIPT_NAME.'?ged='.WT_GEDURL; + $show = 'none'; // Don't show lists until something is chosen } $legend='<span dir="auto">'.$legend.'</span>'; diff --git a/individual.php b/individual.php index e9e1e4de59..58e0b8be01 100644 --- a/individual.php +++ b/individual.php @@ -33,7 +33,7 @@ $controller ->addInlineJavascript('var catch_and_ignore; function paste_id(value) {catch_and_ignore = value;}'); // For the "find" links if ($controller->record && $controller->record->canShow()) { - if (safe_GET('action')=='ajax') { + if (WT_Filter::get('action')=='ajax') { $controller->ajaxRequest(); exit; } @@ -256,4 +256,4 @@ echo '</div>', //close indi_left $sidebar_html, '<a href="#" id="separator" title="', WT_I18N::translate('Click here to open or close the sidebar'), '"></a>',//clickable element to open/close sidebar - '<div style="clear:both;"> </div></div>'; // close #main + '<div style="clear:both;"> </div></div>'; // close #main
\ No newline at end of file diff --git a/inverselink.php b/inverselink.php index e4e4e9b5db..167e6c2651 100644 --- a/inverselink.php +++ b/inverselink.php @@ -35,10 +35,10 @@ $controller ->pageHeader(); //-- page parameters and checking -$linktoid = safe_GET_xref('linktoid'); -$mediaid = safe_GET_xref('mediaid'); -$linkto = safe_GET ('linkto', array('person', 'source', 'family', 'manage', 'repository', 'note')); -$action = safe_GET ('action', WT_REGEX_ALPHA, 'choose'); +$linktoid = WT_Filter::get('linktoid', WT_REGEX_XREF); +$mediaid = WT_Filter::get('mediaid', WT_REGEX_XREF); +$linkto = WT_Filter::get('linkto', 'person|source|family|manage|repository|note'); +$action = WT_Filter::get('action', 'choose|update', 'choose'); // If GedFAct_assistant/_MEDIA/ installed ====================== if ($linkto=='manage' && array_key_exists('GEDFact_assistant', WT_Module::getActiveModules())) { diff --git a/js/webtrees-1.5.0.js b/js/webtrees-1.5.0.js index 2c0da618e8..a7f9c5c7db 100644 --- a/js/webtrees-1.5.0.js +++ b/js/webtrees-1.5.0.js @@ -1221,8 +1221,8 @@ function ilinkitem(mediaid, type, ged) { return false; } -function message(username, method, url, subject) { - window.open('message.php?to='+username+'&method='+method+'&url='+url+'&subject='+subject, '_blank', mesg_window_specs); +function message(username, method, url) { + window.open('message.php?to='+username+'&method='+method+'&url='+url, '_blank', mesg_window_specs); return false; } diff --git a/library/WT/Controller/Ancestry.php b/library/WT/Controller/Ancestry.php index dabacdadb6..c1bccc4384 100644 --- a/library/WT/Controller/Ancestry.php +++ b/library/WT/Controller/Ancestry.php @@ -46,11 +46,11 @@ class WT_Controller_Ancestry extends WT_Controller_Chart { parent::__construct(); // Extract form parameters - $this->show_full =safe_GET('show_full', array('0', '1'), $PEDIGREE_FULL_DETAILS); - $this->show_cousins =safe_GET('show_cousins', array('0', '1'), '0'); - $this->chart_style =safe_GET_integer('chart_style', 0, 3, 0); - $box_width =safe_GET_integer('box_width', 50, 300, 100); - $PEDIGREE_GENERATIONS=safe_GET_integer('PEDIGREE_GENERATIONS', 2, $MAX_PEDIGREE_GENERATIONS, $DEFAULT_PEDIGREE_GENERATIONS); + $this->show_full = WT_Filter::getInteger('show_full', 0, 1, $PEDIGREE_FULL_DETAILS); + $this->show_cousins = WT_Filter::getInteger('show_cousins', 0, 1); + $this->chart_style = WT_Filter::getInteger('chart_style', 0, 3); + $box_width = WT_Filter::getInteger('box_width', 50, 300, 100); + $PEDIGREE_GENERATIONS = WT_Filter::getInteger('PEDIGREE_GENERATIONS', 2, $MAX_PEDIGREE_GENERATIONS, $DEFAULT_PEDIGREE_GENERATIONS); // This is passed as a global. A parameter would be better... $show_full=$this->show_full; @@ -157,4 +157,4 @@ class WT_Controller_Ancestry extends WT_Controller_Chart { } echo '</li>'; } -} +}
\ No newline at end of file diff --git a/library/WT/Controller/Chart.php b/library/WT/Controller/Chart.php index f418e0c12a..9b7176b4e3 100644 --- a/library/WT/Controller/Chart.php +++ b/library/WT/Controller/Chart.php @@ -31,7 +31,7 @@ class WT_Controller_Chart extends WT_Controller_Page { public function __construct() { parent::__construct(); - $this->rootid = safe_GET_xref('rootid'); + $this->rootid = WT_Filter::get('rootid', WT_REGEX_XREF); if ($this->rootid) { $this->root = WT_Individual::getInstance($this->rootid); } else { diff --git a/library/WT/Controller/Compact.php b/library/WT/Controller/Compact.php index 36621e208f..5d21848056 100644 --- a/library/WT/Controller/Compact.php +++ b/library/WT/Controller/Compact.php @@ -37,7 +37,7 @@ class WT_Controller_Compact extends WT_Controller_Chart { parent::__construct(); // Extract the request parameters - $this->show_thumbs=safe_GET_bool('show_thumbs'); + $this->show_thumbs = WT_Filter::getBool('show_thumbs'); if ($this->root && $this->root->canShowName()) { $this->setPageTitle( @@ -124,4 +124,4 @@ class WT_Controller_Compact extends WT_Controller_Chart { return $text; } -} +}
\ No newline at end of file diff --git a/library/WT/Controller/Descendancy.php b/library/WT/Controller/Descendancy.php index 5bcd08409c..7f8cc1d510 100644 --- a/library/WT/Controller/Descendancy.php +++ b/library/WT/Controller/Descendancy.php @@ -57,11 +57,10 @@ class WT_Controller_Descendancy extends WT_Controller_Chart { parent::__construct(); // Extract parameters from form - $this->show_full =safe_GET('show_full', array('0', '1'), $PEDIGREE_FULL_DETAILS); - $this->chart_style=safe_GET_integer('chart_style', 0, 3, 0); - $this->generations=safe_GET_integer('generations', 2, $MAX_DESCENDANCY_GENERATIONS, $DEFAULT_PEDIGREE_GENERATIONS); - $this->box_width =safe_GET_integer('box_width', 50, 300, 100); - $box_width =safe_GET_integer('box_width', 50, 300, 100); + $this->show_full = WT_Filter::getInteger('show_full', 0, 1, $PEDIGREE_FULL_DETAILS); + $this->chart_style = WT_Filter::getInteger('chart_style', 0, 3, 0); + $this->generations = WT_Filter::getInteger('generations', 2, $MAX_DESCENDANCY_GENERATIONS, $DEFAULT_PEDIGREE_GENERATIONS); + $this->box_width = WT_Filter::getInteger('box_width', 50, 300, 100); // This is passed as a global. A parameter would be better... $show_full=$this->show_full; @@ -69,18 +68,18 @@ class WT_Controller_Descendancy extends WT_Controller_Chart { if (!isset($this->personcount)) $this->personcount = 1; // -- size of the detailed boxes based upon optional width parameter - $Dbwidth=($box_width*$bwidth)/100; - $Dbheight=($box_width*$bheight)/100; - $bwidth=$Dbwidth; - $bheight=$Dbheight; + $Dbwidth = ($this->box_width*$bwidth)/100; + $Dbheight = ($this->box_width*$bheight)/100; + $bwidth = $Dbwidth; + $bheight = $Dbheight; // -- adjust size of the compact box if (!$this->show_full) { - $bwidth = $cbwidth; + $bwidth = $cbwidth; $bheight = $cbheight; } - $pbwidth = $bwidth+12; + $pbwidth = $bwidth+12; $pbheight = $bheight+14; // Validate form variables diff --git a/library/WT/Controller/Family.php b/library/WT/Controller/Family.php index 1c23c87727..e9dad051cf 100644 --- a/library/WT/Controller/Family.php +++ b/library/WT/Controller/Family.php @@ -36,7 +36,7 @@ class WT_Controller_Family extends WT_Controller_GedcomRecord { $pbwidth = $bwidth + 12; $pbheight = $bheight + 14; - $xref = safe_GET_xref('famid'); + $xref = WT_Filter::get('famid', WT_REGEX_XREF); $this->record = WT_Family::getInstance($xref); parent::__construct(); diff --git a/library/WT/Controller/Familybook.php b/library/WT/Controller/Familybook.php index 9cd1ade561..8e4824c094 100644 --- a/library/WT/Controller/Familybook.php +++ b/library/WT/Controller/Familybook.php @@ -28,7 +28,7 @@ if (!defined('WT_WEBTREES')) { class WT_Controller_Familybook extends WT_Controller_Chart { // Data for the view - public $pid =" "; + public $pid =null; public $show_full =null; public $show_spouse=null; public $descent =null; @@ -45,12 +45,12 @@ class WT_Controller_Familybook extends WT_Controller_Chart { $MAX_DESCENDANCY_GENERATIONS=get_gedcom_setting(WT_GED_ID, 'MAX_DESCENDANCY_GENERATIONS'); // Extract the request parameters - $this->pid =safe_GET_xref('rootid'); - $this->show_full =safe_GET('show_full', array('0', '1'), $PEDIGREE_FULL_DETAILS); - $this->show_spouse=safe_GET('show_spouse', '1', '0'); - $this->descent =safe_GET_integer('descent', 0, 9, 5); - $this->generations=safe_GET_integer('generations', 2, $MAX_DESCENDANCY_GENERATIONS, 2); - $this->box_width =safe_GET_integer('box_width', 50, 300, 100); + $this->pid = WT_Filter::get('rootid', WT_REGEX_XREF); + $this->show_full = WT_Filter::getInteger('show_full', 0, 1, $PEDIGREE_FULL_DETAILS); + $this->show_spouse = WT_Filter::getInteger('show_spouse', 0, 1); + $this->descent = WT_Filter::getInteger('descent', 0, 9, 5); + $this->generations = WT_Filter::getInteger('generations', 2, $MAX_DESCENDANCY_GENERATIONS, 2); + $this->box_width = WT_Filter::getInteger('box_width', 50, 300, 100); // Box sizes are set globally in the theme. Modify them here. global $bwidth, $bheight, $cbwidth, $cbheight, $Dbwidth, $bhalfheight, $Dbheight; diff --git a/library/WT/Controller/Fanchart.php b/library/WT/Controller/Fanchart.php index 94a13ae58e..2606857ad4 100644 --- a/library/WT/Controller/Fanchart.php +++ b/library/WT/Controller/Fanchart.php @@ -40,9 +40,9 @@ class WT_Controller_Fanchart extends WT_Controller_Chart { $default_generations=get_gedcom_setting(WT_GED_ID, 'DEFAULT_PEDIGREE_GENERATIONS'); // Extract the request parameters - $this->fan_style =safe_GET_integer('fan_style', 2, 4, 3); - $this->fan_width =safe_GET_integer('fan_width', 50, 300, 100); - $this->generations=safe_GET_integer('generations', 2, 9, $default_generations); + $this->fan_style = WT_Filter::getInteger('fan_style', 2, 4, 3); + $this->fan_width = WT_Filter::getInteger('fan_width', 50, 300, 100); + $this->generations = WT_Filter::getInteger('generations', 2, 9, $default_generations); if ($this->root && $this->root->canShowName()) { $this->setPageTitle( @@ -210,8 +210,15 @@ class WT_Controller_Fanchart extends WT_Controller_Chart { $pid = $treeid[$sosa]; $person = WT_Individual::getInstance($pid); if ($person) { - $name = $person->getFullName(); - $addname = $person->getAddName(); + $name = WT_Filter::unescapeHtml($person->getFullName()); + $addname = WT_Filter::unescapeHtml($person->getAddName()); + + $text = reverseText($name); + if ($addname) { + $text .= "\n" . reverseText($addname); + } + + $text .= "\n" . WT_Filter::unescapeHtml($person->getLifeSpan()); switch($person->getSex()) { case 'M': @@ -227,14 +234,6 @@ class WT_Controller_Fanchart extends WT_Controller_Chart { ImageFilledArc($image, $cx, $cy, $rx, $rx, $deg1, $deg2, $bg, IMG_ARC_PIE); - $text = reverseText($name) . "\n"; - if (!empty($addname)) $text .= reverseText($addname). "\n"; - - $text .= $person->getLifeSpan(); - - $text = strip_tags($text); - $text = htmlspecialchars_decode($text); - // split and center text by lines $wmax = (int)($angle*7/$fanChart['size']*$scale); $wmax = min($wmax, 35*$scale); diff --git a/library/WT/Controller/Hourglass.php b/library/WT/Controller/Hourglass.php index 777e007b43..f662aa9604 100644 --- a/library/WT/Controller/Hourglass.php +++ b/library/WT/Controller/Hourglass.php @@ -52,12 +52,11 @@ class WT_Controller_Hourglass extends WT_Controller_Chart { parent::__construct(); // Extract parameters from from - $this->pid =safe_GET_xref('rootid'); - $this->show_full =safe_GET('show_full', array('0', '1'), $PEDIGREE_FULL_DETAILS); - $this->show_spouse=safe_GET('show_spouse', array('0', '1'), '0'); - $this->generations=safe_GET_integer('generations', 2, $MAX_DESCENDANCY_GENERATIONS, 3); - $this->box_width =safe_GET_integer('box_width', 50, 300, 100); - $box_width =safe_GET_integer('box_width', 50, 300, 100); + $this->pid = WT_Filter::get('rootid', WT_REGEX_XREF); + $this->show_full = WT_Filter::getInteger('show_full', 0, 1, $PEDIGREE_FULL_DETAILS); + $this->show_spouse = WT_Filter::getInteger('show_spouse', 0, 1, 0); + $this->generations = WT_Filter::getInteger('generations', 2, $MAX_DESCENDANCY_GENERATIONS, 3); + $this->box_width = WT_Filter::getInteger('box_width', 50, 300, 100); // This is passed as a global. A parameter would be better... $show_full=$this->show_full; @@ -74,8 +73,8 @@ class WT_Controller_Hourglass extends WT_Controller_Chart { } // -- size of the detailed boxes based upon optional width parameter - $Dbwidth=($box_width*$bwidth)/100; - $Dbheight=($box_width*$bheight)/100; + $Dbwidth=($this->box_width*$bwidth)/100; + $Dbheight=($this->box_width*$bheight)/100; $bwidth=$Dbwidth; $bheight=$Dbheight; diff --git a/library/WT/Controller/Individual.php b/library/WT/Controller/Individual.php index a540683e13..e7ca13b6bb 100644 --- a/library/WT/Controller/Individual.php +++ b/library/WT/Controller/Individual.php @@ -38,7 +38,7 @@ class WT_Controller_Individual extends WT_Controller_GedcomRecord { function __construct() { global $USE_RIN; - $xref = safe_GET_xref('pid'); + $xref = WT_Filter::get('pid', WT_REGEX_XREF); $this->record = WT_Individual::getInstance($xref); if (!$this->record && $USE_RIN) { @@ -87,7 +87,7 @@ class WT_Controller_Individual extends WT_Controller_GedcomRecord { } // Initialise tabs - $tab=safe_GET('module'); + $tab=WT_Filter::get('module'); // A request for a non-existant tab? if (array_key_exists($tab, $this->tabs)) { diff --git a/library/WT/Controller/Lifespan.php b/library/WT/Controller/Lifespan.php index 2621efab05..d5d7eaae75 100644 --- a/library/WT/Controller/Lifespan.php +++ b/library/WT/Controller/Lifespan.php @@ -83,19 +83,19 @@ class WT_Controller_Lifespan extends WT_Controller_Page { $this->endDate = $this->currentYear; // Request parameters - $newpid=safe_GET_xref('newpid'); - $remove=safe_GET_xref('remove'); - $pids =safe_GET_xref('pids'); - $clear =safe_GET_bool('clear'); - $addfam=safe_GET_bool('addFamily'); - $place =safe_GET('place'); - $beginYear=safe_GET_integer('beginYear', 0, date('Y')+100, 0); - $endYear =safe_GET_integer('endYear', 0, date('Y')+100, 0); + $newpid = WT_Filter::get('newpid', WT_REGEX_XREF); + $remove = WT_Filter::get('remove', WT_REGEX_XREF); + $pids = WT_Filter::getArray('pids', WT_REGEX_XREF); + $clear = WT_Filter::getBool('clear'); + $addfam = WT_Filter::getBool('addFamily'); + $place = WT_Filter::get('place'); + $beginYear = WT_Filter::getInteger('beginYear', 0, date('Y')+100, 0); + $endYear = WT_Filter::getInteger('endYear', 0, date('Y')+100, 0); if ($clear) { // Empty list $this->pids=array(); - } elseif (is_array($pids)) { + } elseif ($pids) { // List of specified records $this->pids=$pids; } elseif ($place) { diff --git a/library/WT/Controller/Media.php b/library/WT/Controller/Media.php index c19cc7c997..12066c7831 100644 --- a/library/WT/Controller/Media.php +++ b/library/WT/Controller/Media.php @@ -32,7 +32,7 @@ require_once WT_ROOT.'includes/functions/functions_import.php'; class WT_Controller_Media extends WT_Controller_GedcomRecord { public function __construct() { - $xref = safe_GET_xref('mid'); + $xref = WT_Filter::get('mid', WT_REGEX_XREF); $this->record = WT_Media::getInstance($xref); parent::__construct(); diff --git a/library/WT/Controller/Note.php b/library/WT/Controller/Note.php index 77a693ec49..42fd3b4b0c 100644 --- a/library/WT/Controller/Note.php +++ b/library/WT/Controller/Note.php @@ -31,7 +31,7 @@ require_once WT_ROOT.'includes/functions/functions_import.php'; class WT_Controller_Note extends WT_Controller_GedcomRecord { public function __construct() { - $xref = safe_GET_xref('nid'); + $xref = WT_Filter::get('nid', WT_REGEX_XREF); $this->record = WT_Note::getInstance($xref); parent::__construct(); diff --git a/library/WT/Controller/Pedigree.php b/library/WT/Controller/Pedigree.php index ad68d9bc27..82c18cd354 100644 --- a/library/WT/Controller/Pedigree.php +++ b/library/WT/Controller/Pedigree.php @@ -60,10 +60,10 @@ class WT_Controller_Pedigree extends WT_Controller_Chart { $this->shadowoffsetX = $shadowoffsetX; $this->shadowoffsetY = $shadowoffsetY; - $this->show_full =safe_GET('show_full', array('0', '1'), $PEDIGREE_FULL_DETAILS); - $this->talloffset=safe_GET('talloffset', array('0', '1', '2', '3'), $PEDIGREE_LAYOUT); - $this->box_width =safe_GET_integer('box_width', 50, 300, 100); - $this->PEDIGREE_GENERATIONS=safe_GET_integer('PEDIGREE_GENERATIONS', 2, $MAX_PEDIGREE_GENERATIONS, $DEFAULT_PEDIGREE_GENERATIONS); + $this->show_full = WT_Filter::getInteger('show_full', 0, 1, $PEDIGREE_FULL_DETAILS); + $this->talloffset = WT_Filter::getInteger('talloffset', 0, 3, $PEDIGREE_LAYOUT); + $this->box_width = WT_Filter::getInteger('box_width', 50, 300, 100); + $this->PEDIGREE_GENERATIONS = WT_Filter::getInteger('PEDIGREE_GENERATIONS', 2, $MAX_PEDIGREE_GENERATIONS, $DEFAULT_PEDIGREE_GENERATIONS); if ($this->talloffset==1) $this->talloffset=1; // Make SURE this is an integer if ($this->talloffset>1 && $this->PEDIGREE_GENERATIONS>8) $this->PEDIGREE_GENERATIONS=8; @@ -253,4 +253,4 @@ class WT_Controller_Pedigree extends WT_Controller_Chart { if ($f<count($treeid)) adjust_subtree($f, $diff); if ($m<count($treeid)) adjust_subtree($m, $diff); } -} +}
\ No newline at end of file diff --git a/library/WT/Controller/Repository.php b/library/WT/Controller/Repository.php index 0ce83b8a38..96b4b58ab0 100644 --- a/library/WT/Controller/Repository.php +++ b/library/WT/Controller/Repository.php @@ -31,7 +31,7 @@ require_once WT_ROOT.'includes/functions/functions_import.php'; class WT_Controller_Repository extends WT_Controller_GedcomRecord { public function __construct() { - $xref = safe_GET_xref('rid'); + $xref = WT_Filter::get('rid', WT_REGEX_XREF); $this->record = WT_Repository::getInstance($xref); parent::__construct(); diff --git a/library/WT/Controller/Search.php b/library/WT/Controller/Search.php index f4f7a9e9f7..47f5ffed96 100644 --- a/library/WT/Controller/Search.php +++ b/library/WT/Controller/Search.php @@ -79,10 +79,13 @@ class WT_Controller_Search extends WT_Controller_Page { function __construct() { parent::__construct(); - // action comes from $_GET (menus) or $_POST (form submission) - $this->action=safe_REQUEST($_REQUEST, 'action', array('advanced', 'general', 'soundex', 'replace'), 'general'); + // $action comes from $_GET (menus) or $_POST (form submission) + $this->action = WT_Filter::get('action', 'advanced|general|soundex|replace'); + if (!$this->action) { + $this->action = WT_Filter::post('action', 'advanced|general|soundex|replace'); + } - $topsearch=safe_POST_bool('topsearch'); + $topsearch = WT_Filter::postBool('topsearch'); if ($topsearch) { $this->isPostBack = true; @@ -92,25 +95,15 @@ class WT_Controller_Search extends WT_Controller_Page { $this->srnote = 'yes'; } - // Get the query and remove slashes - if (isset ($_REQUEST["query"])) { - // Reset the "Search" text from the page header - if (strlen($_REQUEST["query"])<2) { - $this->query=""; - $this->myquery=""; - } else { - $this->query = $_REQUEST["query"]; - $this->myquery = WT_Filter::escapeHtml($this->query); - } - } - if (isset ($_REQUEST["replace"])) { - $this->replace = $_REQUEST["replace"]; + // Get the query + $this->query = WT_Filter::post('query', '.{2,}'); + $this->myquery = WT_Filter::escapeHtml($this->query); - if (isset($_REQUEST["replaceNames"])) $this->replaceNames = true; - if (isset($_REQUEST["replacePlaces"])) $this->replacePlaces = true; - if (isset($_REQUEST["replacePlacesWord"])) $this->replacePlacesWord = true; - if (isset($_REQUEST["replaceAll"])) $this->replaceAll = true; - } + $this->replace = WT_Filter::post('replace'); + $this->replaceNames = WT_Filter::postBool('replaceNames'); + $this->replacePlaces = WT_Filter::postBool('replacePlaces'); + $this->replacePlacesWord = WT_Filter::postBool('replacePlacesWord'); + $this->replaceAll = WT_Filter::postBool('replaceAll'); // TODO: fetch each variable independently, using appropriate validation // Aquire all the variables values from the $_REQUEST @@ -137,29 +130,14 @@ class WT_Controller_Search extends WT_Controller_Page { } // vars use for soundex search - if (!empty ($_REQUEST["firstname"])) { - $this->firstname = $_REQUEST["firstname"]; - } else { - $this->firstname=""; - } - if (!empty ($_REQUEST["lastname"])) { - $this->lastname = $_REQUEST["lastname"]; - } else { - $this->lastname=""; - } - if (!empty ($_REQUEST["place2"])) { - $this->place = $_REQUEST["place2"]; - } else { - $this->place=""; - } - if (!empty ($_REQUEST["year"])) { - $this->year = $_REQUEST["year"]; - } else { - $this->year=""; - } + $this->firstname = WT_Filter::post('firstname'); + $this->lastname = WT_Filter::post('lastname'); + $this->place2 = WT_Filter::post('place2'); + $this->year = WT_Filter::post('year'); + // Set the search result titles for soundex searches if ($this->firstname || $this->lastname || $this->place) { - $this->myquery=WT_Filter::escapeHtml(implode(' ', array($this->firstname, $this->lastname, $this->place))); + $this->myquery = WT_Filter::escapeHtml(implode(' ', array($this->firstname, $this->lastname, $this->place))); }; if (!empty ($_REQUEST["name"])) { diff --git a/library/WT/Controller/Source.php b/library/WT/Controller/Source.php index 607cda59be..4914123578 100644 --- a/library/WT/Controller/Source.php +++ b/library/WT/Controller/Source.php @@ -31,7 +31,7 @@ require_once WT_ROOT.'includes/functions/functions_import.php'; class WT_Controller_Source extends WT_Controller_GedcomRecord { public function __construct() { - $xref = safe_GET_xref('sid'); + $xref = WT_Filter::get('sid', WT_REGEX_XREF); $this->record = WT_Source::getInstance($xref); parent::__construct(); diff --git a/library/WT/Controller/Timeline.php b/library/WT/Controller/Timeline.php index 53523a5613..2206881c9d 100644 --- a/library/WT/Controller/Timeline.php +++ b/library/WT/Controller/Timeline.php @@ -50,20 +50,17 @@ class WT_Controller_Timeline extends WT_Controller_Page { $this->baseyear = date("Y"); //-- new pid - $newpid=safe_GET_xref('newpid'); + $newpid = WT_Filter::get('newpid', WT_REGEX_XREF); //-- pids array - $this->pids=safe_GET_xref('pids'); - if (!is_array($this->pids)) { - $this->pids = array(); - } + $this->pids = WT_Filter::getArray('pids', WT_REGEX_XREF); //-- make sure that arrays are indexed by numbers $this->pids = array_values($this->pids); if (!empty($newpid) && !in_array($newpid, $this->pids)) { $this->pids[] = $newpid; } if (count($this->pids)==0) $this->pids[] = $this->getSignificantIndividual()->getXref(); - $remove = safe_GET_xref('remove'); + $remove = WT_Filter::get('remove', WT_REGEX_XREF); //-- cleanup user input $newpids = array(); foreach ($this->pids as $value) { @@ -123,7 +120,7 @@ class WT_Controller_Timeline extends WT_Controller_Page { } } } - $scale=safe_GET_integer('scale', 0, 200, 0); + $scale = WT_Filter::getInteger('scale', 0, 200); if ($scale==0) { $this->scale = round(($this->topyear-$this->baseyear)/20 * count($this->indifacts)/4); if ($this->scale<6) $this->scale = 6; diff --git a/library/WT/Filter.php b/library/WT/Filter.php index 1d8d984b8d..f3b3847a10 100644 --- a/library/WT/Filter.php +++ b/library/WT/Filter.php @@ -24,17 +24,15 @@ if (!defined('WT_WEBTREES')) { } class WT_Filter { - const ENCODING = 'UTF-8'; - ////////////////////////////////////////////////////////////////////////////// // Escape a string for use in HTML ////////////////////////////////////////////////////////////////////////////// public static function escapeHtml($string) { if (defined('ENT_SUBSTITUTE')) { // PHP5.4 allows us to substitute invalid UTF8 sequences - return htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, self::ENCODING); + return htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); } else { - return htmlspecialchars($string, ENT_QUOTES, self::ENCODING); + return htmlspecialchars($string, ENT_QUOTES, 'UTF-8'); } } @@ -53,9 +51,9 @@ class WT_Filter { if (strlen($x[0]) == 1) { return sprintf('\\x%02X', ord($x[0])); } elseif (function_exists('iconv')) { - return sprintf('\\u%04s', strtoupper(bin2hex(iconv(self::ENCODING, 'UTF-16BE', $x[0])))); + return sprintf('\\u%04s', strtoupper(bin2hex(iconv('UTF-8', 'UTF-16BE', $x[0])))); } elseif (function_exists('mb_convert_encoding')) { - return sprintf('\\u%04s', strtoupper(bin2hex(mb_convert_encoding($x[0], 'UTF-16BE', self::ENCODING)))); + return sprintf('\\u%04s', strtoupper(bin2hex(mb_convert_encoding($x[0], 'UTF-16BE', 'UTF-8')))); } else { return $x[0]; } @@ -66,6 +64,121 @@ class WT_Filter { // Unescape an HTML string, giving just the literal text ////////////////////////////////////////////////////////////////////////////// public static function unescapeHtml($string) { - return html_entity_decode(strip_tags($string), ENT_QUOTES, self::ENCODING); + return html_entity_decode(strip_tags($string), ENT_QUOTES, 'UTF-8'); + } + + ////////////////////////////////////////////////////////////////////////////// + // Validate INPUT requests + ////////////////////////////////////////////////////////////////////////////// + private static function _input($source, $variable, $regexp=null, $default=null) { + if ($regexp) { + return filter_input( + $source, + $variable, + FILTER_VALIDATE_REGEXP, + array( + 'options' => array( + 'regexp' => '/^(' . $regexp . ')$/u', + 'default' => $default, + ), + ) + ); + } else { + return filter_input( + $source, + $variable, + FILTER_CALLBACK, + array( + 'options' => function($x) {return mb_check_encoding($x, 'UTF-8') ? $x : false;}, + ) + ) ?: $default; + } + } + + private static function _inputArray($source, $variable, $regexp=null, $default=null) { + if ($regexp) { + // PHP5.3 requires the $tmp variable + $tmp = filter_input_array( + $source, + array( + $variable => array( + 'flags' => FILTER_REQUIRE_ARRAY, + 'filter' => FILTER_VALIDATE_REGEXP, + 'options' => array( + 'regexp' => '/^(' . $regexp . ')$/u', + 'default' => $default, + ), + ), + ) + ); + return $tmp[$variable] ?: array(); + } else { + // PHP5.3 requires the $tmp variable + $tmp = filter_input_array( + $source, + array( + $variable => array( + 'flags' => FILTER_REQUIRE_ARRAY, + 'filter' => FILTER_CALLBACK, + 'options' => function($x) {return mb_check_encoding($x, 'UTF-8') ? $x : false;} + ), + ) + ); + return $tmp[$variable] ?: array(); + } + } + + ////////////////////////////////////////////////////////////////////////////// + // Validate GET requests + ////////////////////////////////////////////////////////////////////////////// + public static function get($variable, $regexp=null, $default=null) { + return self::_input(INPUT_GET, $variable, $regexp, $default); + } + + public static function getArray($variable, $regexp=null, $default=null) { + return self::_inputArray(INPUT_GET, $variable, $regexp, $default); + } + + public static function getBool($variable) { + return filter_input(INPUT_GET, $variable, FILTER_VALIDATE_BOOLEAN); + } + + public static function getInteger($variable, $min=0, $max=PHP_INT_MAX, $default=0) { + return filter_input(INPUT_GET, $variable, FILTER_VALIDATE_INT, array('options'=>array('min_range'=>$min, 'max_range'=>$max, 'default'=>$default))); + } + + public static function getEmail($variable, $default=null) { + return filter_input(INPUT_GET, $variable, FILTER_VALIDATE_EMAIL ?: $default); + } + + public static function getUrl($variable, $default=null) { + return filter_input(INPUT_GET, $variable, FILTER_VALIDATE_URL) ?: $default; + } + + ////////////////////////////////////////////////////////////////////////////// + // Validate POST requests + ////////////////////////////////////////////////////////////////////////////// + public static function post($variable, $regexp=null, $default=null) { + return self::_input(INPUT_POST, $variable, $regexp, $default); + } + + public static function postArray($variable, $regexp=null, $default=null) { + return self::_inputArray(INPUT_POST, $variable, $regexp, $default); + } + + public static function postBool($variable) { + return filter_input(INPUT_POST, $variable, FILTER_VALIDATE_BOOLEAN); + } + + public static function postInteger($variable, $min=0, $max=PHP_INT_MAX, $default=0) { + return filter_input(INPUT_POST, $variable, FILTER_VALIDATE_INT, array('options'=>array('min_range'=>$min, 'max_range'=>$max, 'default'=>$default))); + } + + public static function postEmail($variable, $default=null) { + return filter_input(INPUT_POST, $variable, FILTER_VALIDATE_EMAIL) ?: $default; + } + + public static function postUrl($variable, $default=null) { + return filter_input(INPUT_POST, $variable, FILTER_VALIDATE_URL) ?: $default; } } diff --git a/library/WT/GedcomRecord.php b/library/WT/GedcomRecord.php index 3b26851d52..89357e7a2d 100644 --- a/library/WT/GedcomRecord.php +++ b/library/WT/GedcomRecord.php @@ -864,13 +864,13 @@ class WT_GedcomRecord { public function updateFact($fact_id, $gedcom, $update_chan) { if (strpos("\r", $gedcom)!==false) { // MSDOS line endings will break things in horrible ways - throw new Exception('Evil line endings found in WT_GedcomRecord::updateRecord(' . $gedcom . ')'); + throw new Exception('Evil line endings found in WT_GedcomRecord::updateFact(' . $gedcom . ')'); } if ($this->pending==='') { throw new Exception('Cannot edit a deleted record'); } if ($gedcom && !preg_match('/^1 ' . WT_REGEX_TAG . '/', $gedcom)) { - throw new Exception('Invalid GEDCOM data passed to WT_GedcomRecord::updateFact()'); + throw new Exception('Invalid GEDCOM data passed to WT_GedcomRecord::updateFact(' . $gedcom . ')'); } if ($this->pending) { @@ -1052,4 +1052,4 @@ class WT_GedcomRecord { } } } -} +}
\ No newline at end of file diff --git a/library/WT/Stats.php b/library/WT/Stats.php index 703c3cb317..05bb0a37d9 100644 --- a/library/WT/Stats.php +++ b/library/WT/Stats.php @@ -3415,9 +3415,9 @@ class WT_Stats { } if (WT_USER_ID != $user_id && get_user_setting($user_id, 'contactmethod') != 'none') { if ($type == 'list') { - $content .= '<br><a class="icon-email" href="#" onclick="return message(\''.$user_id.'\', \'\', \''.addslashes(urlencode(get_query_url())).'\', \'\');" title="'.WT_I18N::translate('Send Message').'"></a>'; + $content .= '<br><a class="icon-email" href="#" onclick="return message(\'' . WT_Filter::escapeJs($user_id) . '\', \'\', \'' . WT_Filter::escapeJs(get_query_url()) . '\');" title="' . WT_I18N::translate('Send Message') . '"></a>'; } else { - $content .= ' <a class="icon-email" href="#" onclick="return message(\''.$user_id.'\', \'\', \''.addslashes(urlencode(get_query_url())).'\', \'\');" title="'.WT_I18N::translate('Send Message').'"></a>'; + $content .= ' <a class="icon-email" href="#" onclick="return message(\'' . WT_Filter::escapeJs($user_id) . '\', \'\', \'' . WT_Filter::escapeJs(get_query_url()) . '\');" title="' . WT_I18N::translate('Send Message') . '"></a>'; } } if ($type == 'list') { @@ -3675,9 +3675,9 @@ class WT_Stats { $v = array_shift($bits); $cfg[$v] = join('=', $bits); } - $block = new $class_name; - $block_id=safe_GET('block_id'); - $content = $block->getBlock($block_id, false, $cfg); + $block = new $class_name; + $block_id = WT_Filter::getInteger('block_id'); + $content = $block->getBlock($block_id, false, $cfg); return $content; } @@ -31,32 +31,32 @@ if (WT_USER_ID && WT_GED_ID) { exit; } -$controller=new WT_Controller_Page(); +$controller = new WT_Controller_Page(); $REQUIRE_ADMIN_AUTH_REGISTRATION = WT_Site::preference('REQUIRE_ADMIN_AUTH_REGISTRATION'); -$action =safe_POST('action'); -$user_realname =safe_POST('user_realname'); -$user_name =safe_POST('user_name', WT_REGEX_USERNAME); -$user_email =safe_POST('user_email', WT_REGEX_EMAIL); -$user_password01=safe_POST('user_password01', WT_REGEX_PASSWORD); -$user_password02=safe_POST('user_password02', WT_REGEX_PASSWORD); -$user_comments =safe_POST('user_comments'); -$user_password =safe_POST('user_password', WT_REGEX_UNSAFE); // Can use any password that was previously stored -$user_hashcode =safe_POST('user_hashcode'); -$url =safe_POST('url', WT_REGEX_URL); -$username =safe_POST('username', WT_REGEX_USERNAME); -$password =safe_POST('password', WT_REGEX_UNSAFE); // Can use any password that was previously stored -$usertime =safe_POST('usertime'); +$action = WT_Filter::post('action'); +$user_realname = WT_Filter::post('user_realname'); +$user_name = WT_Filter::post('user_name', WT_REGEX_USERNAME); +$user_email = WT_Filter::postEmail('user_email'); +$user_password01 = WT_Filter::post('user_password01', WT_REGEX_PASSWORD); +$user_password02 = WT_Filter::post('user_password02', WT_REGEX_PASSWORD); +$user_comments = WT_Filter::post('user_comments'); +$user_password = WT_Filter::post('user_password'); +$user_hashcode = WT_Filter::post('user_hashcode'); +$url = WT_Filter::postUrl('url'); +$username = WT_Filter::post('username'); +$password = WT_Filter::post('password'); // Can use any password that was previously stored +$usertime = WT_Filter::post('usertime'); // These parameters may come from the URL which is emailed to users. -if (empty($action)) $action = safe_GET('action'); -if (empty($user_name)) $user_name = safe_GET('user_name', WT_REGEX_USERNAME); -if (empty($user_hashcode)) $user_hashcode = safe_GET('user_hashcode'); +if (empty($action)) $action = WT_Filter::get('action'); +if (empty($user_name)) $user_name = WT_Filter::get('user_name', WT_REGEX_USERNAME); +if (empty($user_hashcode)) $user_hashcode = WT_Filter::get('user_hashcode'); // This parameter may come from generated login links if (!$url) { - $url=safe_GET('url', WT_REGEX_URL); + $url=WT_Filter::getUrl('url'); } $message=''; @@ -191,9 +191,9 @@ case 'requestpw': ->setPageTitle(WT_I18N::translate('Lost password request')) ->pageHeader(); echo '<div id="login-page">'; - $user_name=safe_POST('new_passwd_username', WT_REGEX_USERNAME); + $user_name = WT_Filter::post('new_passwd_username', WT_REGEX_USERNAME); - $user_id=WT_DB::prepare( + $user_id = WT_DB::prepare( "SELECT user_id FROM `##user` WHERE ? IN (user_name, email)" )->execute(array($user_name))->fetchOne(); if ($user_id) { @@ -561,4 +561,4 @@ case 'verify_hash': echo '</div>'; echo '</div>'; break; -} +}
\ No newline at end of file diff --git a/mediafirewall.php b/mediafirewall.php index b853ceab6f..1e88d111aa 100644 --- a/mediafirewall.php +++ b/mediafirewall.php @@ -26,8 +26,8 @@ require './includes/session.php'; Zend_Session::writeClose(); -$mid = safe_GET_xref('mid'); -$thumb = safe_GET_bool('thumb'); +$mid = WT_Filter::get('mid', WT_REGEX_XREF); +$thumb = WT_Filter::getBool('thumb'); $media = WT_Media::getInstance($mid); // Send a “Not found” error as an image @@ -252,7 +252,7 @@ $protocol = $_SERVER["SERVER_PROTOCOL"]; // determine if we are using HTTP/1.0 $filetime = $media->getFiletime($which); $filetimeHeader = gmdate("D, d M Y H:i:s", $filetime).' GMT'; $expireOffset = 3600 * 24; // tell browser to cache this image for 24 hours -if (safe_GET('cb')) $expireOffset = $expireOffset * 7; // if cb parameter was sent, cache for 7 days +if (WT_Filter::get('cb')) $expireOffset = $expireOffset * 7; // if cb parameter was sent, cache for 7 days $expireHeader = gmdate("D, d M Y H:i:s", WT_TIMESTAMP + $expireOffset) . " GMT"; $type = isImageTypeSupported($imgsize['ext']); diff --git a/medialist.php b/medialist.php index 29e15e4c16..f54ddd6b8e 100644 --- a/medialist.php +++ b/medialist.php @@ -26,25 +26,25 @@ require './includes/session.php'; require_once WT_ROOT.'includes/functions/functions_edit.php'; require_once WT_ROOT.'includes/functions/functions_print_facts.php'; -$controller=new WT_Controller_Page(); +$controller = new WT_Controller_Page(); $controller->setPageTitle(WT_I18N::translate('Media objects')); -$search = safe_GET('search'); -$sortby = safe_GET('sortby', 'file', 'title'); +$search = WT_Filter::get('search'); +$sortby = WT_Filter::get('sortby', 'file|title', 'title'); if (!WT_USER_CAN_EDIT && !WT_USER_CAN_ACCEPT) { $sortby='title'; } -$max = safe_GET('max', array('10', '20', '30', '40', '50', '75', '100', '125', '150', '200'), '20'); -$start = safe_GET('start', WT_REGEX_INTEGER); -$folder = safe_GET('folder'); -$build = 'no'; -$reset = safe_GET('reset'); -$apply_filter = safe_GET('apply_filter'); -$filter1 = safe_GET('filter1'); -$or = WT_I18N::translate('or'); -$and = WT_I18N::translate('and'); -$columns = safe_GET('columns', array('1', '2'), '2'); -$subdirs = safe_GET('subdirs'); +$max = WT_Filter::get('max', '10|20|30|40|50|75|100|125|150|200', '20'); +$start = WT_Filter::getInteger('start'); +$folder = WT_Filter::get('folder'); +$build = 'no'; +$reset = WT_Filter::get('reset'); +$apply_filter = WT_Filter::get('apply_filter'); +$filter1 = WT_Filter::get('filter1'); +$or = WT_I18N::translate('or'); +$and = WT_I18N::translate('and'); +$columns = WT_Filter::getInteger('columns', 1, 2, 2); +$subdirs = WT_Filter::get('subdirs'); $currentdironly = ($subdirs=='on') ? false : true; // reset all variables @@ -366,5 +366,5 @@ if ($search) { echo '</table><br>'; } echo '</div> - </div>';// close medialist-page -} + </div>'; +}
\ No newline at end of file diff --git a/message.php b/message.php index 1b940819e3..f3182fb671 100644 --- a/message.php +++ b/message.php @@ -24,17 +24,17 @@ define('WT_SCRIPT_NAME', 'message.php'); require './includes/session.php'; -// Variables are initialised from $_GET (so we can set initial values in URLs), +// Some variables are initialised from $_GET (so we can set initial values in URLs), // but are submitted in $_POST so we can have long body text. -$subject =safe_REQUEST($_REQUEST, 'subject', WT_REGEX_UNSAFE); // Messages may legitimately contain "<", etc. -$body =safe_REQUEST($_REQUEST, 'body', WT_REGEX_UNSAFE); -$from_name =safe_REQUEST($_REQUEST, 'from_name', WT_REGEX_UNSAFE); -$from_email=safe_REQUEST($_REQUEST, 'from_email', WT_REGEX_EMAIL); -$url =safe_REQUEST($_REQUEST, 'url', WT_REGEX_URL); -$method =safe_REQUEST($_REQUEST, 'method', array('messaging', 'messaging2', 'messaging3', 'mailto', 'none'), 'messaging2'); -$to =safe_REQUEST($_REQUEST, 'to'); -$action =safe_REQUEST($_REQUEST, 'action', array('compose', 'send'), 'compose'); +$subject = WT_Filter::post('subject'); +$body = WT_Filter::post('body'); +$from_name = WT_Filter::post('from_name'); +$from_email = WT_Filter::post('from_email'); +$action = WT_Filter::post('action', 'compose|send', 'compose'); +$to = WT_Filter::post('to', null, WT_Filter::get('to')); +$method = WT_Filter::post('method', 'messaging|messaging2|messaging3|mailto|none', WT_Filter::get('method', 'messaging|messaging2|messaging3|mailto|none', 'messaging2')); +$url = WT_Filter::postUrl('url', WT_Filter::getUrl('url')); $controller=new WT_Controller_Simple(); $controller->setPageTitle(WT_I18N::translate('webtrees Message')); diff --git a/module.php b/module.php index 16bed2df1d..3d80f77e32 100644 --- a/module.php +++ b/module.php @@ -24,11 +24,13 @@ define('WT_SCRIPT_NAME', 'module.php'); require './includes/session.php'; -$all_modules=WT_Module::getActiveModules(); -$mod=safe_REQUEST($_REQUEST, 'mod', array_keys($all_modules)); -if ($mod) { - $module=$all_modules[$mod]; - $module->modAction(safe_REQUEST($_REQUEST, 'mod_action')); +$all_modules = WT_Module::getActiveModules(); +$mod = WT_Filter::get('mod'); +$mod_action = WT_Filter::get('mod_action'); + +if ($mod && array_key_exists($mod, $all_modules)) { + $module = $all_modules[$mod]; + $module->modAction($mod_action); } else { - header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH); -} + header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH); +}
\ No newline at end of file diff --git a/modules_v3/GEDFact_assistant/CENS_ctrl.php b/modules_v3/GEDFact_assistant/CENS_ctrl.php index 3987c3a2f1..2a799b8299 100644 --- a/modules_v3/GEDFact_assistant/CENS_ctrl.php +++ b/modules_v3/GEDFact_assistant/CENS_ctrl.php @@ -23,7 +23,7 @@ // along with this program; if not, write to the Free Software // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -$xref = safe_GET('xref', WT_REGEX_XREF); +$xref = WT_Filter::get('xref', WT_REGEX_XREF); $person = WT_Individual::getInstance($xref); check_record_access($person); diff --git a/modules_v3/GEDFact_assistant/_CENS/census_3_find.php b/modules_v3/GEDFact_assistant/_CENS/census_3_find.php index cb9385e17c..e4d4be9d98 100644 --- a/modules_v3/GEDFact_assistant/_CENS/census_3_find.php +++ b/modules_v3/GEDFact_assistant/_CENS/census_3_find.php @@ -23,10 +23,10 @@ $controller=new WT_Controller_Simple(); -$filter =safe_GET('filter'); -$action =safe_GET('action'); -$callback =safe_GET('callback', WT_REGEX_NOSCRIPT, 'paste_id'); -$multiple =safe_GET_bool('multiple'); +$filter = WT_Filter::get('filter'); +$action = WT_Filter::get('action'); +$callback = WT_Filter::get('callback'); +$multiple = WT_Filter::getBool('multiple'); $controller ->setPageTitle(WT_I18N::translate('Find an individual')) @@ -188,4 +188,4 @@ if ($action=="filter") { echo "</table>"; } echo '<button onclick="window.close();">', WT_I18N::translate('close'), '</button>'; -echo "</div>"; // Close div that centers table +echo "</div>"; // Close div that centers table
\ No newline at end of file diff --git a/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php b/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php index 609c068684..8a7b0de135 100644 --- a/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php +++ b/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php @@ -26,10 +26,10 @@ // GEDFact Media assistant replacement code for inverselink.php: =========================== //-- extra page parameters and checking -$more_links = safe_REQUEST($_REQUEST, 'more_links', WT_REGEX_UNSAFE); -$exist_links = safe_REQUEST($_REQUEST, 'exist_links', WT_REGEX_UNSAFE); -$gid = safe_GET_xref('gid'); -$update_CHAN = safe_REQUEST($_REQUEST, 'preserve_last_changed', WT_REGEX_UNSAFE); +$more_links = WT_Filter::get('more_links'); +$exist_links = WT_Filter::get('exist_links'); +$gid = WT_Filter::get('gid', WT_REGEX_XREF); +$update_CHAN = WT_Filter::get('preserve_last_changed'); $controller->addExternalJavascript(WT_STATIC_URL.'js/autocomplete.js'); diff --git a/modules_v3/GEDFact_assistant/module.php b/modules_v3/GEDFact_assistant/module.php index 2b5b12ea25..191c822552 100644 --- a/modules_v3/GEDFact_assistant/module.php +++ b/modules_v3/GEDFact_assistant/module.php @@ -62,17 +62,17 @@ class GEDFact_assistant_WT_Module extends WT_Module { $controller=new WT_Controller_Simple(); $type ='indi'; - $filter =safe_GET('filter'); - $action =safe_GET('action'); + $filter =WT_Filter::get('filter'); + $action =WT_Filter::get('action'); $callback ='paste_id'; - $media =safe_GET('media'); - $external_links =safe_GET('external_links'); - $directory =safe_GET('directory', WT_REGEX_NOSCRIPT, $MEDIA_DIRECTORY); - $multiple =safe_GET_bool('multiple'); - $showthumb =safe_GET_bool('showthumb'); - $all =safe_GET_bool('all'); - $subclick =safe_GET('subclick'); - $choose =safe_GET('choose', WT_REGEX_NOSCRIPT, '0all'); + $media =WT_Filter::get('media'); + $external_links =WT_Filter::get('external_links'); + $directory =WT_Filter::get('directory'); + $multiple =WT_Filter::getBool('multiple'); + $showthumb =WT_Filter::getBool('showthumb'); + $all =WT_Filter::getBool('all'); + $subclick =WT_Filter::get('subclick'); + $choose =WT_Filter::get('choose'); $controller ->setPageTitle(WT_I18N::translate('Find an individual')) @@ -168,7 +168,7 @@ class GEDFact_assistant_WT_Module extends WT_Module { } private static function media_query_3a() { - $iid2 = safe_GET('iid'); + $iid2 = WT_Filter::get('iid', WT_REGEX_XREF); $controller=new WT_Controller_Simple(); $controller diff --git a/modules_v3/batch_update/admin_batch_update.php b/modules_v3/batch_update/admin_batch_update.php index 5330031567..ebeb48f8ee 100644 --- a/modules_v3/batch_update/admin_batch_update.php +++ b/modules_v3/batch_update/admin_batch_update.php @@ -111,14 +111,14 @@ class batch_update { // Constructor - initialise variables and validate user-input function __construct() { - $this->plugins=self::getPluginList(); // List of available plugins - $this->plugin =safe_GET('plugin', array_keys($this->plugins)); // User parameters - $this->xref =safe_GET('xref', WT_REGEX_XREF); - $this->action =safe_GET('action'); - $this->data =safe_GET('data'); + $this->plugins=self::getPluginList(); // List of available plugins + $this->plugin =WT_Filter::get('plugin'); // User parameters + $this->xref =WT_Filter::get('xref', WT_REGEX_XREF); + $this->action =WT_Filter::get('action'); + $this->data =WT_Filter::get('data'); // Don't do any processing until a plugin is chosen. - if ($this->plugin) { + if ($this->plugin && array_key_exists($this->plugin, $this->plugins)) { $this->PLUGIN=new $this->plugin; $this->PLUGIN->getOptions(); $this->getAllXrefs(); @@ -333,7 +333,7 @@ class base_plugin { // Default option is just the "don't update CHAN record" function getOptions() { - $this->chan=safe_GET_bool('chan'); + $this->chan=WT_Filter::getBool('chan'); } // Default option is just the "don't update CHAN record" diff --git a/modules_v3/batch_update/plugins/married_names.php b/modules_v3/batch_update/plugins/married_names.php index 64f9a34381..13d7a1356f 100644 --- a/modules_v3/batch_update/plugins/married_names.php +++ b/modules_v3/batch_update/plugins/married_names.php @@ -94,7 +94,7 @@ class married_names_bu_plugin extends base_plugin { // Add an option for different surname styles function getOptions() { parent::getOptions(); - $this->surname=safe_GET('surname', array('add', 'replace'), 'replace'); + $this->surname = WT_Filter::get('surname', 'add|replace', 'replace'); } function getOptionsForm() { @@ -107,4 +107,4 @@ class married_names_bu_plugin extends base_plugin { ($this->surname=='add' ? ' selected="selected"' : ''). '">'.WT_I18N::translate('Wife’s maiden surname becomes new given name').'</option></select></td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/batch_update/plugins/search_replace.php b/modules_v3/batch_update/plugins/search_replace.php index 61b27b3b59..c4ac0ebad7 100644 --- a/modules_v3/batch_update/plugins/search_replace.php +++ b/modules_v3/batch_update/plugins/search_replace.php @@ -56,10 +56,10 @@ class search_replace_bu_plugin extends base_plugin { function getOptions() { parent::getOptions(); - $this->search =safe_GET('search', WT_REGEX_UNSAFE); - $this->replace=safe_GET('replace', WT_REGEX_UNSAFE); - $this->method =safe_GET('method', array('exact', 'words', 'wildcards', 'regex'), 'exact'); - $this->case =safe_GET('case', 'i'); + $this->search = WT_Filter::get('search'); + $this->replace = WT_Filter::get('replace'); + $this->method = WT_Filter::get('method', 'exact|words|wildcards|regex', 'exact'); + $this->case = WT_Filter::get('case', 'i'); $this->error=''; switch ($this->method) { diff --git a/modules_v3/charts/module.php b/modules_v3/charts/module.php index 3ae04a4916..19cdf14c69 100644 --- a/modules_v3/charts/module.php +++ b/modules_v3/charts/module.php @@ -184,10 +184,10 @@ class charts_WT_Module extends WT_Module implements WT_Module_Block { $PEDIGREE_ROOT_ID=get_gedcom_setting(WT_GED_ID, 'PEDIGREE_ROOT_ID'); - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'details', safe_POST_bool('details')); - set_block_setting($block_id, 'type', safe_POST('type', array('pedigree', 'descendants', 'hourglass', 'treenav'), 'pedigree')); - set_block_setting($block_id, 'pid', safe_POST('pid', WT_REGEX_XREF)); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'details', WT_Filter::postBool('details')); + set_block_setting($block_id, 'type', WT_Filter::post('type', 'pedigree|descendants|hourglass|treenav', 'pedigree')); + set_block_setting($block_id, 'pid', WT_Filter::post('pid', WT_REGEX_XREF)); exit; } diff --git a/modules_v3/clippings/clippings_ctrl.php b/modules_v3/clippings/clippings_ctrl.php index 41e536df3d..9e52fb1fbf 100644 --- a/modules_v3/clippings/clippings_ctrl.php +++ b/modules_v3/clippings/clippings_ctrl.php @@ -61,18 +61,18 @@ class WT_Controller_Clippings { $WT_SESSION->cart[WT_GED_ID]=array(); } - $this->action = safe_GET("action"); - $this->id = safe_GET('id'); - $convert = safe_GET('convert',"yes","no"); - $this->Zip = safe_GET('Zip'); - $this->IncludeMedia = safe_GET('IncludeMedia'); - $this->conv_path = safe_GET('conv_path', WT_REGEX_NOSCRIPT); - $this->privatize_export = safe_GET('privatize_export', array('none', 'visitor', 'user', 'gedadmin'), 'visitor'); - $this->level1 = safe_GET('level1', WT_REGEX_INTEGER, PHP_INT_MAX); - $this->level2 = safe_GET('level2', WT_REGEX_INTEGER, PHP_INT_MAX); - $this->level3 = safe_GET('level3', WT_REGEX_INTEGER, PHP_INT_MAX); - $others = safe_GET('others'); - $this->type = safe_GET('type'); + $this->action = WT_Filter::get('action'); + $this->id = WT_Filter::get('id'); + $convert = WT_Filter::get('convert', 'yes|no', 'no'); + $this->Zip = WT_Filter::get('Zip'); + $this->IncludeMedia = WT_Filter::get('IncludeMedia'); + $this->conv_path = WT_Filter::get('conv_path'); + $this->privatize_export = WT_Filter::get('privatize_export', 'none|visitor|user|gedadmin', 'visitor'); + $this->level1 = WT_Filter::getInteger('level1'); + $this->level2 = WT_Filter::getInteger('level2'); + $this->level3 = WT_Filter::getInteger('level3'); + $others = WT_Filter::get('others'); + $this->type = WT_Filter::get('type'); if (($this->privatize_export=='none' || $this->privatize_export=='none') && !WT_USER_GEDCOM_ADMIN) { $this->privatize_export='visitor'; @@ -413,4 +413,4 @@ class WT_Controller_Clippings { return 0; } } -} +}
\ No newline at end of file diff --git a/modules_v3/clippings/module.php b/modules_v3/clippings/module.php index 0a73e4419f..0561799db7 100644 --- a/modules_v3/clippings/module.php +++ b/modules_v3/clippings/module.php @@ -178,7 +178,7 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module } else { // Keep track of the INDI from the parent page, otherwise it will // get lost after ajax updates - $pid=safe_GET_xref('pid'); + $pid=WT_Filter::get('pid', WT_REGEX_XREF); if ($clip_ctrl->action != 'download' && $clip_ctrl->action != 'add') { ?> <table><tr><td class="width33" valign="top" rowspan="3"> @@ -373,13 +373,13 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module $clip_ctrl = new WT_Controller_Clippings(); - $add = safe_GET_xref('add',''); - $add1 = safe_GET_xref('add1',''); - $remove = safe_GET('remove', WT_REGEX_XREF); - $others = safe_GET('others', WT_REGEX_ALPHANUM, ''); - $clip_ctrl->level1 = safe_GET('level1'); - $clip_ctrl->level2 = safe_GET('level2'); - $clip_ctrl->level3 = safe_GET('level3'); + $add = WT_Filter::get('add', WT_REGEX_XREF); + $add1 = WT_Filter::get('add1', WT_REGEX_XREF); + $remove = WT_Filter::get('remove', WT_REGEX_XREF); + $others = WT_Filter::get('others'); + $clip_ctrl->level1 = WT_Filter::get('level1'); + $clip_ctrl->level2 = WT_Filter::get('level2'); + $clip_ctrl->level3 = WT_Filter::get('level3'); if (!empty($add)) { $record = WT_GedcomRecord::getInstance($add); if ($record) { @@ -430,7 +430,7 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module // Keep track of the INDI from the parent page, otherwise it will // get lost after ajax updates - $pid=safe_GET_xref('pid'); + $pid=WT_Filter::get('pid', WT_REGEX_XREF); if (!$WT_SESSION->cart[WT_GED_ID]) { $out=WT_I18N::translate('Your clippings cart is empty.'); @@ -550,7 +550,7 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module public function downloadForm($clip_ctrl) { global $GEDCOM_MEDIA_PATH; - $pid=safe_GET_xref('pid'); + $pid=WT_Filter::get('pid', WT_REGEX_XREF); $out = '<script>'; $out .= 'function cancelDownload() { diff --git a/modules_v3/descendancy/module.php b/modules_v3/descendancy/module.php index 8f5f3f59ab..41207c5917 100644 --- a/modules_v3/descendancy/module.php +++ b/modules_v3/descendancy/module.php @@ -64,9 +64,9 @@ class descendancy_WT_Module extends WT_Module implements WT_Module_Sidebar { // Implement WT_Module_Sidebar public function getSidebarAjaxContent() { - $search=safe_GET('search'); - $pid =safe_GET('pid', WT_REGEX_XREF); - $famid =safe_GET('famid', WT_REGEX_XREF); + $search = WT_Filter::get('search'); + $pid = WT_Filter::get('pid', WT_REGEX_XREF); + $famid = WT_Filter::get('famid', WT_REGEX_XREF); $individual = WT_Individual::getInstance($pid); $family = WT_Family::getInstance($famid); diff --git a/modules_v3/extra_info/module.php b/modules_v3/extra_info/module.php index e58a66a3e6..296e8caaab 100644 --- a/modules_v3/extra_info/module.php +++ b/modules_v3/extra_info/module.php @@ -1,98 +1,98 @@ -<?php
-// A sidebar to show extra/non-genealogical information about an individual
-//
-// webtrees: Web based Family History software
-// Copyright (C) 2013 webtrees development team.
-//
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; either version 2 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-if (!defined('WT_WEBTREES')) {
- header('HTTP/1.0 403 Forbidden');
- exit;
-}
-
-class extra_info_WT_Module extends WT_Module implements WT_Module_Sidebar {
- // Extend WT_Module
- public function getTitle() {
- return /* I18N: Name of a module/sidebar */ WT_I18N::translate('Extra information');
- }
-
- // Extend WT_Module
- public function getDescription() {
- return /* I18N: Description of the “Extra information” module */ WT_I18N::translate('A sidebar showing non-genealogical information about an indivdual.');
- }
-
- // Implement WT_Module_Sidebar
- public function defaultSidebarOrder() {
- return 10;
- }
-
- // Implement WT_Module_Sidebar
- public function hasSidebarContent() {
- return true;
- }
-
- // Implement WT_Module_Sidebar
- public function getSidebarContent() {
- global $SHOW_COUNTER, $controller;
-
- $indifacts = array();
- // The individual's own facts
- foreach ($controller->record->getFacts() as $fact) {
- if (self::showFact($fact)) {
- $indifacts[] = $fact;
- }
- }
-
- ob_start();
- if (!$indifacts) {
- echo WT_I18N::translate('There are no Facts for this individual.');
- } else {
- foreach ($indifacts as $fact) {
- print_fact($fact, $controller->record);
- }
- }
- echo '<div id="hitcounter">';
- if ($SHOW_COUNTER && (empty($SEARCH_SPIDER))) {
- //print indi counter only if displaying a non-private person
- require WT_ROOT.'includes/hitcount.php';
- echo WT_I18N::translate('Hit Count:'). ' '. $hitCount;
- }
- echo '</div>';// close #hitcounter
- return strip_tags(ob_get_clean(), '<a><div><span>');
- }
-
- // Implement WT_Module_Sidebar
- public function getSidebarAjaxContent() {
- return '';
- }
-
- // Does this module display a particular fact
- public static function showFact(WT_Fact $fact) {
- switch ($fact->getTag()) {
- case 'AFN':
- case 'CHAN':
- case 'IDNO':
- case 'REFN':
- case 'RFN':
- case 'RIN':
- case 'SSN':
- case '_UID':
- return true;
- default:
- return false;
- }
- }
-}
+<?php +// A sidebar to show extra/non-genealogical information about an individual +// +// webtrees: Web based Family History software +// Copyright (C) 2013 webtrees development team. +// +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; either version 2 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program; if not, write to the Free Software +// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +if (!defined('WT_WEBTREES')) { + header('HTTP/1.0 403 Forbidden'); + exit; +} + +class extra_info_WT_Module extends WT_Module implements WT_Module_Sidebar { + // Extend WT_Module + public function getTitle() { + return /* I18N: Name of a module/sidebar */ WT_I18N::translate('Extra information'); + } + + // Extend WT_Module + public function getDescription() { + return /* I18N: Description of the “Extra information” module */ WT_I18N::translate('A sidebar showing non-genealogical information about an indivdual.'); + } + + // Implement WT_Module_Sidebar + public function defaultSidebarOrder() { + return 10; + } + + // Implement WT_Module_Sidebar + public function hasSidebarContent() { + return true; + } + + // Implement WT_Module_Sidebar + public function getSidebarContent() { + global $SHOW_COUNTER, $controller; + + $indifacts = array(); + // The individual's own facts + foreach ($controller->record->getFacts() as $fact) { + if (self::showFact($fact)) { + $indifacts[] = $fact; + } + } + + ob_start(); + if (!$indifacts) { + echo WT_I18N::translate('There are no Facts for this individual.'); + } else { + foreach ($indifacts as $fact) { + print_fact($fact, $controller->record); + } + } + echo '<div id="hitcounter">'; + if ($SHOW_COUNTER && (empty($SEARCH_SPIDER))) { + //print indi counter only if displaying a non-private person + require WT_ROOT.'includes/hitcount.php'; + echo WT_I18N::translate('Hit Count:'). ' '. $hitCount; + } + echo '</div>';// close #hitcounter + return strip_tags(ob_get_clean(), '<a><div><span>'); + } + + // Implement WT_Module_Sidebar + public function getSidebarAjaxContent() { + return ''; + } + + // Does this module display a particular fact + public static function showFact(WT_Fact $fact) { + switch ($fact->getTag()) { + case 'AFN': + case 'CHAN': + case 'IDNO': + case 'REFN': + case 'RFN': + case 'RIN': + case 'SSN': + case '_UID': + return true; + default: + return false; + } + } +} diff --git a/modules_v3/families/module.php b/modules_v3/families/module.php index c88e0db853..d06dea1379 100644 --- a/modules_v3/families/module.php +++ b/modules_v3/families/module.php @@ -64,9 +64,9 @@ class families_WT_Module extends WT_Module implements WT_Module_Sidebar { // Implement WT_Module_Sidebar public function getSidebarAjaxContent() { - $alpha =safe_GET('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none - $surname =safe_GET('surname', '[^<>&%{};]*'); // All indis with this surname. NB - allow ' and " - $search =safe_GET('search'); + $alpha = WT_Filter::get('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none + $surname = WT_Filter::get('surname'); // All indis with this surname. + $search = WT_Filter::get('search'); if ($search) { return $this->search($search); @@ -254,4 +254,4 @@ class families_WT_Module extends WT_Module implements WT_Module_Sidebar { $out .= '</ul>'; return $out; } -} +}
\ No newline at end of file diff --git a/modules_v3/faq/module.php b/modules_v3/faq/module.php index 7a68f5210f..2d2c8a6f28 100644 --- a/modules_v3/faq/module.php +++ b/modules_v3/faq/module.php @@ -98,39 +98,39 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block private function edit() { require_once WT_ROOT.'includes/functions/functions_edit.php'; - if (safe_POST_bool('save')) { - $block_id=safe_POST('block_id'); + if (WT_Filter::postBool('save')) { + $block_id = WT_Filter::postInteger('block_id'); if ($block_id) { WT_DB::prepare( "UPDATE `##block` SET gedcom_id=NULLIF(?, ''), block_order=? WHERE block_id=?" )->execute(array( - safe_POST('gedcom_id'), - (int)safe_POST('block_order'), + WT_Filter::postInteger('gedcom_id'), + WT_Filter::postInteger('block_order'), $block_id )); } else { WT_DB::prepare( "INSERT INTO `##block` (gedcom_id, module_name, block_order) VALUES (NULLIF(?, ''), ?, ?)" )->execute(array( - safe_POST('gedcom_id'), + WT_Filter::postInteger('gedcom_id'), $this->getName(), - (int)safe_POST('block_order') + WT_Filter::postInteger('block_order') )); $block_id=WT_DB::getInstance()->lastInsertId(); } - set_block_setting($block_id, 'header', safe_POST('header', WT_REGEX_UNSAFE)); - set_block_setting($block_id, 'faqbody', safe_POST('faqbody', WT_REGEX_UNSAFE)); // allow html - $languages=array(); + set_block_setting($block_id, 'header', WT_Filter::post('header')); + set_block_setting($block_id, 'faqbody', WT_Filter::post('faqbody')); + $languages = array(); foreach (WT_I18N::installed_languages() as $code=>$name) { - if (safe_POST_bool('lang_'.$code)) { - $languages[]=$code; + if (WT_Filter::postBool('lang_'.$code)) { + $languages[] = $code; } } set_block_setting($block_id, 'languages', implode(',', $languages)); $this->config(); } else { - $block_id=safe_GET('block_id'); - $controller=new WT_Controller_Page(); + $block_id = WT_Filter::getInteger('block_id'); + $controller = new WT_Controller_Page(); if ($block_id) { $controller->setPageTitle(WT_I18N::translate('Edit FAQ item')); $header=get_block_setting($block_id, 'header'); @@ -192,7 +192,7 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block } private function delete() { - $block_id=safe_GET('block_id'); + $block_id = WT_Filter::getInteger('block_id'); WT_DB::prepare( "DELETE FROM `##block_setting` WHERE block_id=?" @@ -204,7 +204,7 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block } private function moveup() { - $block_id=safe_GET('block_id'); + $block_id = WT_Filter::getInteger('block_id'); $block_order=WT_DB::prepare( "SELECT block_order FROM `##block` WHERE block_id=?" @@ -229,7 +229,7 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block } private function movedown() { - $block_id=safe_GET('block_id'); + $block_id=WT_Filter::get('block_id'); $block_order=WT_DB::prepare( "SELECT block_order FROM `##block` WHERE block_id=?" @@ -431,4 +431,4 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block $menu = new WT_Menu(WT_I18N::translate('FAQ'), 'module.php?mod=faq&mod_action=show', 'menu-help'); return $menu; } -} +}
\ No newline at end of file diff --git a/modules_v3/gedcom_favorites/module.php b/modules_v3/gedcom_favorites/module.php index 274e7b71d0..6e564d21bb 100644 --- a/modules_v3/gedcom_favorites/module.php +++ b/modules_v3/gedcom_favorites/module.php @@ -45,43 +45,43 @@ class gedcom_favorites_WT_Module extends WT_Module implements WT_Module_Block { self::updateSchema(); // make sure the favorites table has been created - $action=safe_GET('action'); + $action = WT_Filter::get('action'); switch ($action) { case 'deletefav': - $favorite_id=safe_GET('favorite_id'); + $favorite_id = WT_Filter::getInteger('favorite_id'); if ($favorite_id) { self::deleteFavorite($favorite_id); } unset($_GET['action']); break; case 'addfav': - $gid =safe_GET('gid'); - $favnote =safe_GET('favnote'); - $url =safe_GET('url', WT_REGEX_URL); - $favtitle=safe_GET('favtitle'); + $gid = WT_Filter::get('gid', WT_REGEX_XREF); + $favnote = WT_Filter::get('favnote'); + $url = WT_Filter::getUrl('url'); + $favtitle = WT_Filter::get('favtitle'); if ($gid) { - $record=WT_GedcomRecord::getInstance($gid); + $record = WT_GedcomRecord::getInstance($gid); if ($record && $record->canShow()) { self::addFavorite(array( - 'user_id' =>$ctype=='user' ? WT_USER_ID : null, - 'gedcom_id'=>WT_GED_ID, - 'gid' =>$record->getXref(), - 'type' =>$record::RECORD_TYPE, - 'url' =>null, - 'note' =>$favnote, - 'title' =>$favtitle, + 'user_id' => $ctype=='user' ? WT_USER_ID : null, + 'gedcom_id' => WT_GED_ID, + 'gid' => $record->getXref(), + 'type' => $record::RECORD_TYPE, + 'url' => null, + 'note' => $favnote, + 'title' => $favtitle, )); } } elseif ($url) { self::addFavorite(array( - 'user_id' =>$ctype=='user' ? WT_USER_ID : null, - 'gedcom_id'=>WT_GED_ID, - 'gid' =>null, - 'type' =>'URL', - 'url' =>$url, - 'note' =>$favnote, - 'title' =>$favtitle ? $favtitle : $url, + 'user_id' => $ctype=='user' ? WT_USER_ID : null, + 'gedcom_id' => WT_GED_ID, + 'gid' => null, + 'type' => 'URL', + 'url' => $url, + 'note' => $favnote, + 'title' => $favtitle ? $favtitle : $url, )); } unset($_GET['action']); @@ -227,8 +227,8 @@ class gedcom_favorites_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } diff --git a/modules_v3/gedcom_news/module.php b/modules_v3/gedcom_news/module.php index 6c71383241..6449ec759e 100644 --- a/modules_v3/gedcom_news/module.php +++ b/modules_v3/gedcom_news/module.php @@ -49,9 +49,9 @@ class gedcom_news_WT_Module extends WT_Module implements WT_Module_Block { public function getBlock($block_id, $template=true, $cfg=null) { global $ctype; - switch (safe_GET('action')) { + switch (WT_Filter::get('action')) { case 'deletenews': - $news_id=safe_GET('news_id'); + $news_id=WT_Filter::get('news_id'); if ($news_id) { deleteNews($news_id); } @@ -157,9 +157,9 @@ class gedcom_news_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'limit', safe_POST('limit')); - set_block_setting($block_id, 'flag', safe_POST('flag')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'limit', WT_Filter::post('limit')); + set_block_setting($block_id, 'flag', WT_Filter::post('flag')); exit; } diff --git a/modules_v3/gedcom_stats/module.php b/modules_v3/gedcom_stats/module.php index 5dc97367d7..d571ee9f5a 100644 --- a/modules_v3/gedcom_stats/module.php +++ b/modules_v3/gedcom_stats/module.php @@ -229,27 +229,27 @@ class gedcom_stats_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'show_last_update', safe_POST_bool('show_last_update')); - set_block_setting($block_id, 'show_common_surnames', safe_POST_bool('show_common_surnames')); - set_block_setting($block_id, 'stat_indi', safe_POST_bool('stat_indi')); - set_block_setting($block_id, 'stat_fam', safe_POST_bool('stat_fam')); - set_block_setting($block_id, 'stat_sour', safe_POST_bool('stat_sour')); - set_block_setting($block_id, 'stat_other', safe_POST_bool('stat_other')); - set_block_setting($block_id, 'stat_media', safe_POST_bool('stat_media')); - set_block_setting($block_id, 'stat_repo', safe_POST_bool('stat_repo')); - set_block_setting($block_id, 'stat_surname', safe_POST_bool('stat_surname')); - set_block_setting($block_id, 'stat_events', safe_POST_bool('stat_events')); - set_block_setting($block_id, 'stat_users', safe_POST_bool('stat_users')); - set_block_setting($block_id, 'stat_first_birth', safe_POST_bool('stat_first_birth')); - set_block_setting($block_id, 'stat_last_birth', safe_POST_bool('stat_last_birth')); - set_block_setting($block_id, 'stat_first_death', safe_POST_bool('stat_first_death')); - set_block_setting($block_id, 'stat_last_death', safe_POST_bool('stat_last_death')); - set_block_setting($block_id, 'stat_long_life', safe_POST_bool('stat_long_life')); - set_block_setting($block_id, 'stat_avg_life', safe_POST_bool('stat_avg_life')); - set_block_setting($block_id, 'stat_most_chil', safe_POST_bool('stat_most_chil')); - set_block_setting($block_id, 'stat_avg_chil', safe_POST_bool('stat_avg_chil')); - set_block_setting($block_id, 'stat_link', safe_POST_bool('stat_link')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'show_last_update', WT_Filter::postBool('show_last_update')); + set_block_setting($block_id, 'show_common_surnames', WT_Filter::postBool('show_common_surnames')); + set_block_setting($block_id, 'stat_indi', WT_Filter::postBool('stat_indi')); + set_block_setting($block_id, 'stat_fam', WT_Filter::postBool('stat_fam')); + set_block_setting($block_id, 'stat_sour', WT_Filter::postBool('stat_sour')); + set_block_setting($block_id, 'stat_other', WT_Filter::postBool('stat_other')); + set_block_setting($block_id, 'stat_media', WT_Filter::postBool('stat_media')); + set_block_setting($block_id, 'stat_repo', WT_Filter::postBool('stat_repo')); + set_block_setting($block_id, 'stat_surname', WT_Filter::postBool('stat_surname')); + set_block_setting($block_id, 'stat_events', WT_Filter::postBool('stat_events')); + set_block_setting($block_id, 'stat_users', WT_Filter::postBool('stat_users')); + set_block_setting($block_id, 'stat_first_birth', WT_Filter::postBool('stat_first_birth')); + set_block_setting($block_id, 'stat_last_birth', WT_Filter::postBool('stat_last_birth')); + set_block_setting($block_id, 'stat_first_death', WT_Filter::postBool('stat_first_death')); + set_block_setting($block_id, 'stat_last_death', WT_Filter::postBool('stat_last_death')); + set_block_setting($block_id, 'stat_long_life', WT_Filter::postBool('stat_long_life')); + set_block_setting($block_id, 'stat_avg_life', WT_Filter::postBool('stat_avg_life')); + set_block_setting($block_id, 'stat_most_chil', WT_Filter::postBool('stat_most_chil')); + set_block_setting($block_id, 'stat_avg_chil', WT_Filter::postBool('stat_avg_chil')); + set_block_setting($block_id, 'stat_link', WT_Filter::postBool('stat_link')); exit; } @@ -373,4 +373,4 @@ class gedcom_stats_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('stat_link', $stat_link); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/googlemap/admin_places.php b/modules_v3/googlemap/admin_places.php index 9157fceb44..5af60cbecc 100644 --- a/modules_v3/googlemap/admin_places.php +++ b/modules_v3/googlemap/admin_places.php @@ -29,11 +29,11 @@ if (!defined('WT_WEBTREES')) { require WT_ROOT.WT_MODULES_DIR.'googlemap/defaultconfig.php'; require WT_ROOT.'includes/functions/functions_edit.php'; -$action=safe_REQUEST($_REQUEST, 'action'); -if (isset($_REQUEST['parent'])) $parent=safe_REQUEST($_REQUEST, 'parent'); -if (isset($_REQUEST['inactive'])) $inactive=safe_GET_bool('inactive'); -if (isset($_REQUEST['mode'])) $mode=safe_REQUEST($_REQUEST, 'mode'); -if (isset($_REQUEST['deleteRecord'])) $deleteRecord=safe_REQUEST($_REQUEST, 'deleteRecord'); +$action = WT_Filter::get('action'); +$parent = WT_Filter::get('parent'); +$inactive = WT_Filter::getBool('inactive'); +$mode = WT_Filter::get('mode'); +$deleteRecord = WT_Filter::get('deleteRecord'); if (!isset($parent)) $parent=0; if (!isset($inactive)) $inactive=false; diff --git a/modules_v3/googlemap/module.php b/modules_v3/googlemap/module.php index 549ef20b5c..a1c2df71b6 100644 --- a/modules_v3/googlemap/module.php +++ b/modules_v3/googlemap/module.php @@ -192,7 +192,7 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu require WT_ROOT.WT_MODULES_DIR.'googlemap/defaultconfig.php'; require WT_ROOT.'includes/functions/functions_edit.php'; - $action=safe_REQUEST($_REQUEST, 'action'); + $action = WT_Filter::post('action'); $controller=new WT_Controller_Page(); $controller @@ -203,25 +203,25 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu if ($action=='update') { - set_module_setting('googlemap', 'GM_MAP_TYPE', $_POST['NEW_GM_MAP_TYPE']); - set_module_setting('googlemap', 'GM_USE_STREETVIEW', $_POST['NEW_GM_USE_STREETVIEW']); - set_module_setting('googlemap', 'GM_MIN_ZOOM', $_POST['NEW_GM_MIN_ZOOM']); - set_module_setting('googlemap', 'GM_MAX_ZOOM', $_POST['NEW_GM_MAX_ZOOM']); - set_module_setting('googlemap', 'GM_XSIZE', $_POST['NEW_GM_XSIZE']); - set_module_setting('googlemap', 'GM_YSIZE', $_POST['NEW_GM_YSIZE']); - set_module_setting('googlemap', 'GM_PRECISION_0', $_POST['NEW_GM_PRECISION_0']); - set_module_setting('googlemap', 'GM_PRECISION_1', $_POST['NEW_GM_PRECISION_1']); - set_module_setting('googlemap', 'GM_PRECISION_2', $_POST['NEW_GM_PRECISION_2']); - set_module_setting('googlemap', 'GM_PRECISION_3', $_POST['NEW_GM_PRECISION_3']); - set_module_setting('googlemap', 'GM_PRECISION_4', $_POST['NEW_GM_PRECISION_4']); - set_module_setting('googlemap', 'GM_PRECISION_5', $_POST['NEW_GM_PRECISION_5']); - set_module_setting('googlemap', 'GM_DEFAULT_TOP_VALUE', $_POST['NEW_GM_DEFAULT_TOP_LEVEL']); - set_module_setting('googlemap', 'GM_COORD', $_POST['NEW_GM_COORD']); - set_module_setting('googlemap', 'GM_PLACE_HIERARCHY', $_POST['NEW_GM_PLACE_HIERARCHY']); - set_module_setting('googlemap', 'GM_PH_XSIZE', $_POST['NEW_GM_PH_XSIZE']); - set_module_setting('googlemap', 'GM_PH_YSIZE', $_POST['NEW_GM_PH_YSIZE']); - set_module_setting('googlemap', 'GM_PH_MARKER', $_POST['NEW_GM_PH_MARKER']); - set_module_setting('googlemap', 'GM_DISP_SHORT_PLACE', $_POST['NEW_GM_DISP_SHORT_PLACE']); + set_module_setting('googlemap', 'GM_MAP_TYPE', WT_Filter::post('NEW_GM_MAP_TYPE')); + set_module_setting('googlemap', 'GM_USE_STREETVIEW', WT_Filter::post('NEW_GM_USE_STREETVIEW')); + set_module_setting('googlemap', 'GM_MIN_ZOOM', WT_Filter::post('NEW_GM_MIN_ZOOM')); + set_module_setting('googlemap', 'GM_MAX_ZOOM', WT_Filter::post('NEW_GM_MAX_ZOOM')); + set_module_setting('googlemap', 'GM_XSIZE', WT_Filter::post('NEW_GM_XSIZE')); + set_module_setting('googlemap', 'GM_YSIZE', WT_Filter::post('NEW_GM_YSIZE')); + set_module_setting('googlemap', 'GM_PRECISION_0', WT_Filter::post('NEW_GM_PRECISION_0')); + set_module_setting('googlemap', 'GM_PRECISION_1', WT_Filter::post('NEW_GM_PRECISION_1')); + set_module_setting('googlemap', 'GM_PRECISION_2', WT_Filter::post('NEW_GM_PRECISION_2')); + set_module_setting('googlemap', 'GM_PRECISION_3', WT_Filter::post('NEW_GM_PRECISION_3')); + set_module_setting('googlemap', 'GM_PRECISION_4', WT_Filter::post('NEW_GM_PRECISION_4')); + set_module_setting('googlemap', 'GM_PRECISION_5', WT_Filter::post('NEW_GM_PRECISION_5')); + set_module_setting('googlemap', 'GM_DEFAULT_TOP_VALUE', WT_Filter::post('NEW_GM_DEFAULT_TOP_LEVEL')); + set_module_setting('googlemap', 'GM_COORD', WT_Filter::post('NEW_GM_COORD')); + set_module_setting('googlemap', 'GM_PLACE_HIERARCHY', WT_Filter::post('NEW_GM_PLACE_HIERARCHY')); + set_module_setting('googlemap', 'GM_PH_XSIZE', WT_Filter::post('NEW_GM_PH_XSIZE')); + set_module_setting('googlemap', 'GM_PH_YSIZE', WT_Filter::post('NEW_GM_PH_YSIZE')); + set_module_setting('googlemap', 'GM_PH_MARKER', WT_Filter::post('NEW_GM_PH_MARKER')); + set_module_setting('googlemap', 'GM_DISP_SHORT_PLACE', WT_Filter::post('NEW_GM_DISP_SHORT_PLACE')); for ($i=1; $i<=9; $i++) { set_module_setting('googlemap', 'GM_PREFIX_'.$i, $_POST['NEW_GM_PREFIX_'.$i]); @@ -447,13 +447,11 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu ->setPageTitle(WT_I18N::translate('Select flag')) ->pageHeader(); - $countries=WT_Stats::get_all_countries(); - $action=safe_REQUEST($_REQUEST, 'action'); + $countries = WT_Stats::get_all_countries(); + $action = WT_Filter::post('action'); - if (isset($_REQUEST['countrySelected'])) $countrySelected = $_REQUEST['countrySelected']; - if (!isset($countrySelected)) $countrySelected='Countries'; - if (isset($_REQUEST['stateSelected'])) $stateSelected = $_REQUEST['stateSelected']; - if (!isset($stateSelected)) $stateSelected='States'; + $countrySelected = WT_Filter::post('countrySelected', null, 'Countries'); + $stateSelected = WT_Filter::post('stateSelected', null, 'States'); $country = array(); $rep = opendir(WT_ROOT.WT_MODULES_DIR.'googlemap/places/flags/'); @@ -649,8 +647,8 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu require_once WT_ROOT.WT_MODULES_DIR.'googlemap/googlemap.php'; // Default is show for both of these. - $hideflags = safe_GET('hideflags'); - $hidelines = safe_GET('hidelines'); + $hideflags = WT_Filter::get('hideflags'); + $hidelines = WT_Filter::get('hidelines'); $controller=new WT_Controller_Pedigree(); @@ -1431,11 +1429,11 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu require_once WT_ROOT.WT_MODULES_DIR.'googlemap/googlemap.php'; require_once WT_ROOT.'includes/functions/functions_edit.php'; - $action = safe_GET('action', '','go'); - $gedcom_id = safe_GET('gedcom_id', array_keys(WT_Tree::getAll()), WT_GED_ID); - $country = safe_GET('country', WT_REGEX_UNSAFE, 'XYZ'); - $state = safe_GET('state', WT_REGEX_UNSAFE, 'XYZ'); - $matching = safe_GET_bool('matching'); + $action = WT_Filter::get('action', '','go'); + $gedcom_id = WT_Filter::getInteger('gedcom_id'); + $country = WT_Filter::get('country', '.+', 'XYZ'); + $state = WT_Filter::get('state', '.+', 'XYZ'); + $matching = WT_Filter::getBool('matching'); if (!empty($WT_SESSION['placecheck_gedcom_id'])) { $gedcom_id = $WT_SESSION['placecheck_gedcom_id']; diff --git a/modules_v3/googlemap/placehierarchy.php b/modules_v3/googlemap/placehierarchy.php index 83337cf665..d94c2e93f8 100644 --- a/modules_v3/googlemap/placehierarchy.php +++ b/modules_v3/googlemap/placehierarchy.php @@ -128,7 +128,7 @@ function create_map($placelevels) { // *** ENABLE STREETVIEW *** (boolean) ========================================================= $STREETVIEW = get_module_setting('googlemap', 'GM_USE_STREETVIEW'); // ============================================================================================= - $parent = safe_GET('parent', WT_REGEX_UNSAFE); + $parent = WT_Filter::get('parent'); // create the map echo '<table style="margin:20px auto 0 auto;"><tr valign="top"><td>'; @@ -197,7 +197,7 @@ function create_map($placelevels) { } '); - $parent = safe_GET('parent'); + $parent = WT_Filter::get('parent'); global $TBLPREFIX, $pl_lati, $pl_long; if ($level>=1) { $pl_lati = str_replace(array('N', 'S', ','), array('', '-', '.'), $latlng['pl_lati']); // WT_placelocation lati @@ -657,4 +657,4 @@ function map_scripts($numfound, $level, $parent, $linklevels, $placelevels, $pla } } $controller->addInlineJavascript(ob_get_clean()); -} +}
\ No newline at end of file diff --git a/modules_v3/googlemap/places_edit.php b/modules_v3/googlemap/places_edit.php index 6ce75d4e4c..6ff8a0f14c 100644 --- a/modules_v3/googlemap/places_edit.php +++ b/modules_v3/googlemap/places_edit.php @@ -29,9 +29,9 @@ if (!defined('WT_WEBTREES')) { require WT_ROOT.WT_MODULES_DIR.'googlemap/defaultconfig.php'; require WT_ROOT.'includes/functions/functions_edit.php'; -$action=safe_REQUEST($_REQUEST, 'action'); -if (isset($_REQUEST['placeid'])) $placeid = $_REQUEST['placeid']; -if (isset($_REQUEST['place_name'])) $place_name = $_REQUEST['place_name']; +$action = WT_Filter::get('action'); +$placeid = WT_Filter::get('placeid'); +$place_name = WT_Filter::get('place_name'); $controller=new WT_Controller_Simple(); $controller diff --git a/modules_v3/html/module.php b/modules_v3/html/module.php index 3221f8f5dc..0f20a36114 100644 --- a/modules_v3/html/module.php +++ b/modules_v3/html/module.php @@ -133,15 +133,15 @@ class html_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'gedcom', safe_POST('gedcom')); - set_block_setting($block_id, 'title', $_POST['title']); - set_block_setting($block_id, 'html', $_POST['html']); - set_block_setting($block_id, 'show_timestamp', safe_POST_bool('show_timestamp')); - set_block_setting($block_id, 'timestamp', safe_POST('timestamp')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'gedcom', WT_Filter::post('gedcom')); + set_block_setting($block_id, 'title', WT_Filter::post('title')); + set_block_setting($block_id, 'html', WT_Filter::post('html')); + set_block_setting($block_id, 'show_timestamp', WT_Filter::postBool('show_timestamp')); + set_block_setting($block_id, 'timestamp', WT_Filter::post('timestamp')); $languages=array(); foreach (WT_I18N::installed_languages() as $code=>$name) { - if (safe_POST_bool('lang_'.$code)) { + if (WT_Filter::postBool('lang_'.$code)) { $languages[]=$code; } } @@ -327,4 +327,4 @@ class html_WT_Module extends WT_Module implements WT_Module_Block { echo edit_language_checkboxes('lang_', $languages); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/individuals/module.php b/modules_v3/individuals/module.php index c6f2950916..09caef3268 100644 --- a/modules_v3/individuals/module.php +++ b/modules_v3/individuals/module.php @@ -64,9 +64,9 @@ class individuals_WT_Module extends WT_Module implements WT_Module_Sidebar { // Implement WT_Module_Sidebar public function getSidebarAjaxContent() { - $alpha =safe_GET('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none - $surname =safe_GET('surname', '[^<>&%{};]*'); // All indis with this surname. NB - allow ' and " - $search =safe_GET('search'); + $alpha = WT_Filter::get('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none + $surname = WT_Filter::get('surname'); // All indis with this surname. + $search = WT_Filter::get('search'); if ($search) { return $this->search($search); @@ -230,4 +230,4 @@ class individuals_WT_Module extends WT_Module implements WT_Module_Sidebar { $out .= '</ul>'; return $out; } -} +}
\ No newline at end of file diff --git a/modules_v3/random_media/module.php b/modules_v3/random_media/module.php index b64c6b6c0f..ee73211253 100644 --- a/modules_v3/random_media/module.php +++ b/modules_v3/random_media/module.php @@ -43,7 +43,7 @@ class random_media_WT_Module extends WT_Module implements WT_Module_Block { $filter =get_block_setting($block_id, 'filter', 'all'); $controls=get_block_setting($block_id, 'controls', true); - $start =get_block_setting($block_id, 'start', false) || safe_GET_bool('start'); + $start =get_block_setting($block_id, 'start', false) || WT_Filter::getBool('start'); $block =get_block_setting($block_id, 'block', true); // We can apply the filters using SQL @@ -217,39 +217,39 @@ class random_media_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'filter', safe_POST('filter', array('indi', 'event', 'all'), 'all')); - set_block_setting($block_id, 'controls', safe_POST_bool('controls')); - set_block_setting($block_id, 'start', safe_POST_bool('start')); - set_block_setting($block_id, 'filter_avi', safe_POST_bool('filter_avi')); - set_block_setting($block_id, 'filter_bmp', safe_POST_bool('filter_bmp')); - set_block_setting($block_id, 'filter_gif', safe_POST_bool('filter_gif')); - set_block_setting($block_id, 'filter_jpeg', safe_POST_bool('filter_jpeg')); - set_block_setting($block_id, 'filter_mp3', safe_POST_bool('filter_mp3')); - set_block_setting($block_id, 'filter_ole', safe_POST_bool('filter_ole')); - set_block_setting($block_id, 'filter_pcx', safe_POST_bool('filter_pcx')); - set_block_setting($block_id, 'filter_pdf', safe_POST_bool('filter_pdf')); - set_block_setting($block_id, 'filter_png', safe_POST_bool('filter_png')); - set_block_setting($block_id, 'filter_tiff', safe_POST_bool('filter_tiff')); - set_block_setting($block_id, 'filter_wav', safe_POST_bool('filter_wav')); - set_block_setting($block_id, 'filter_audio', safe_POST_bool('filter_audio')); - set_block_setting($block_id, 'filter_book', safe_POST_bool('filter_book')); - set_block_setting($block_id, 'filter_card', safe_POST_bool('filter_card')); - set_block_setting($block_id, 'filter_certificate', safe_POST_bool('filter_certificate')); - set_block_setting($block_id, 'filter_coat', safe_POST_bool('filter_coat')); - set_block_setting($block_id, 'filter_document', safe_POST_bool('filter_document')); - set_block_setting($block_id, 'filter_electronic', safe_POST_bool('filter_electronic')); - set_block_setting($block_id, 'filter_fiche', safe_POST_bool('filter_fiche')); - set_block_setting($block_id, 'filter_film', safe_POST_bool('filter_film')); - set_block_setting($block_id, 'filter_magazine', safe_POST_bool('filter_magazine')); - set_block_setting($block_id, 'filter_manuscript', safe_POST_bool('filter_manuscript')); - set_block_setting($block_id, 'filter_map', safe_POST_bool('filter_map')); - set_block_setting($block_id, 'filter_newspaper', safe_POST_bool('filter_newspaper')); - set_block_setting($block_id, 'filter_other', safe_POST_bool('filter_other')); - set_block_setting($block_id, 'filter_painting', safe_POST_bool('filter_painting')); - set_block_setting($block_id, 'filter_photo', safe_POST_bool('filter_photo')); - set_block_setting($block_id, 'filter_tombstone', safe_POST_bool('filter_tombstone')); - set_block_setting($block_id, 'filter_video', safe_POST_bool('filter_video')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'filter', WT_Filter::post('filter', 'indi|event|all', 'all')); + set_block_setting($block_id, 'controls', WT_Filter::postBool('controls')); + set_block_setting($block_id, 'start', WT_Filter::postBool('start')); + set_block_setting($block_id, 'filter_avi', WT_Filter::postBool('filter_avi')); + set_block_setting($block_id, 'filter_bmp', WT_Filter::postBool('filter_bmp')); + set_block_setting($block_id, 'filter_gif', WT_Filter::postBool('filter_gif')); + set_block_setting($block_id, 'filter_jpeg', WT_Filter::postBool('filter_jpeg')); + set_block_setting($block_id, 'filter_mp3', WT_Filter::postBool('filter_mp3')); + set_block_setting($block_id, 'filter_ole', WT_Filter::postBool('filter_ole')); + set_block_setting($block_id, 'filter_pcx', WT_Filter::postBool('filter_pcx')); + set_block_setting($block_id, 'filter_pdf', WT_Filter::postBool('filter_pdf')); + set_block_setting($block_id, 'filter_png', WT_Filter::postBool('filter_png')); + set_block_setting($block_id, 'filter_tiff', WT_Filter::postBool('filter_tiff')); + set_block_setting($block_id, 'filter_wav', WT_Filter::postBool('filter_wav')); + set_block_setting($block_id, 'filter_audio', WT_Filter::postBool('filter_audio')); + set_block_setting($block_id, 'filter_book', WT_Filter::postBool('filter_book')); + set_block_setting($block_id, 'filter_card', WT_Filter::postBool('filter_card')); + set_block_setting($block_id, 'filter_certificate', WT_Filter::postBool('filter_certificate')); + set_block_setting($block_id, 'filter_coat', WT_Filter::postBool('filter_coat')); + set_block_setting($block_id, 'filter_document', WT_Filter::postBool('filter_document')); + set_block_setting($block_id, 'filter_electronic', WT_Filter::postBool('filter_electronic')); + set_block_setting($block_id, 'filter_fiche', WT_Filter::postBool('filter_fiche')); + set_block_setting($block_id, 'filter_film', WT_Filter::postBool('filter_film')); + set_block_setting($block_id, 'filter_magazine', WT_Filter::postBool('filter_magazine')); + set_block_setting($block_id, 'filter_manuscript', WT_Filter::postBool('filter_manuscript')); + set_block_setting($block_id, 'filter_map', WT_Filter::postBool('filter_map')); + set_block_setting($block_id, 'filter_newspaper', WT_Filter::postBool('filter_newspaper')); + set_block_setting($block_id, 'filter_other', WT_Filter::postBool('filter_other')); + set_block_setting($block_id, 'filter_painting', WT_Filter::postBool('filter_painting')); + set_block_setting($block_id, 'filter_photo', WT_Filter::postBool('filter_photo')); + set_block_setting($block_id, 'filter_tombstone', WT_Filter::postBool('filter_tombstone')); + set_block_setting($block_id, 'filter_video', WT_Filter::postBool('filter_video')); exit; } @@ -384,4 +384,4 @@ class random_media_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('start', $start); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/recent_changes/module.php b/modules_v3/recent_changes/module.php index 128c62cd2f..15506cc60a 100644 --- a/modules_v3/recent_changes/module.php +++ b/modules_v3/recent_changes/module.php @@ -118,12 +118,12 @@ class recent_changes_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'days', safe_POST_integer('days', 1, 30, 7)); - set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table')); - set_block_setting($block_id, 'sortStyle', safe_POST('sortStyle', array('name', 'date_asc', 'date_desc'), 'date_desc')); - set_block_setting($block_id, 'hide_empty', safe_POST_bool('hide_empty')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'days', WT_Filter::postInteger('days', 1, 30, 7)); + set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table')); + set_block_setting($block_id, 'sortStyle', WT_Filter::post('sortStyle', 'name|date_asc|date_desc', 'date_desc')); + set_block_setting($block_id, 'hide_empty', WT_Filter::postBool('hide_empty')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -173,4 +173,4 @@ class recent_changes_WT_Module extends WT_Module implements WT_Module_Block { echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/review_changes/module.php b/modules_v3/review_changes/module.php index 1975ed9b98..88a00724fc 100644 --- a/modules_v3/review_changes/module.php +++ b/modules_v3/review_changes/module.php @@ -155,10 +155,10 @@ class review_changes_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'days', safe_POST_integer('num', 1, 180, 7)); - set_block_setting($block_id, 'sendmail', safe_POST_bool('sendmail')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'days', WT_Filter::postInteger('num', 1, 180, 7)); + set_block_setting($block_id, 'sendmail', WT_Filter::postBool('sendmail')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -181,4 +181,4 @@ class review_changes_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('block', $block); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/sitemap/module.php b/modules_v3/sitemap/module.php index 2be8b119dd..2f19f180af 100644 --- a/modules_v3/sitemap/module.php +++ b/modules_v3/sitemap/module.php @@ -45,7 +45,7 @@ class sitemap_WT_Module extends WT_Module implements WT_Module_Config { break; case 'generate': Zend_Session::writeClose(); - $this->generate(safe_GET('file')); + $this->generate(WT_Filter::get('file')); break; default: header('HTTP/1.0 404 Not Found'); @@ -216,9 +216,9 @@ class sitemap_WT_Module extends WT_Module implements WT_Module_Config { ->pageHeader(); // Save the updated preferences - if (safe_POST('action', 'save')=='save') { + if (WT_Filter::post('action')=='save') { foreach (WT_Tree::getAll() as $tree) { - set_gedcom_setting($tree->tree_id, 'include_in_sitemap', safe_POST_bool('include'.$tree->tree_id)); + set_gedcom_setting($tree->tree_id, 'include_in_sitemap', WT_Filter::postBool('include'.$tree->tree_id)); } // Clear cache and force files to be regenerated WT_DB::prepare( @@ -270,4 +270,4 @@ class sitemap_WT_Module extends WT_Module implements WT_Module_Config { public function getConfigLink() { return 'module.php?mod='.$this->getName().'&mod_action=admin'; } -} +}
\ No newline at end of file diff --git a/modules_v3/stories/module.php b/modules_v3/stories/module.php index c65619de0c..cff1d265e8 100644 --- a/modules_v3/stories/module.php +++ b/modules_v3/stories/module.php @@ -169,35 +169,35 @@ class stories_WT_Module extends WT_Module implements WT_Module_Block, WT_Module_ require_once WT_ROOT.'includes/functions/functions_edit.php'; if (WT_USER_CAN_EDIT) { - if (safe_POST_bool('save')) { - $block_id=safe_POST('block_id'); + if (WT_Filter::postBool('save')) { + $block_id=WT_Filter::postInteger('block_id'); if ($block_id) { WT_DB::prepare( "UPDATE `##block` SET gedcom_id=?, xref=? WHERE block_id=?" - )->execute(array(safe_POST('gedcom_id'), safe_POST('xref'), $block_id)); + )->execute(array(WT_Filter::postInteger('gedcom_id'), WT_Filter::post('xref', WT_REGEX_XREF), $block_id)); } else { WT_DB::prepare( "INSERT INTO `##block` (gedcom_id, xref, module_name, block_order) VALUES (?, ?, ?, ?)" )->execute(array( - safe_POST('gedcom_id'), - safe_POST('xref'), + WT_Filter::postInteger('gedcom_id'), + WT_Filter::post('xref', WT_REGEX_XREF), $this->getName(), 0 )); $block_id=WT_DB::getInstance()->lastInsertId(); } - set_block_setting($block_id, 'title', safe_POST('title', WT_REGEX_UNSAFE)); // allow html - set_block_setting($block_id, 'story_body', safe_POST('story_body', WT_REGEX_UNSAFE)); // allow html + set_block_setting($block_id, 'title', WT_Filter::post('title')); + set_block_setting($block_id, 'story_body', WT_Filter::post('story_body')); $languages=array(); foreach (WT_I18N::installed_languages() as $code=>$name) { - if (safe_POST_bool('lang_'.$code)) { + if (WT_Filter::postBool('lang_'.$code)) { $languages[]=$code; } } set_block_setting($block_id, 'languages', implode(',', $languages)); $this->config(); } else { - $block_id=safe_GET('block_id'); + $block_id=WT_Filter::getInteger('block_id'); $controller=new WT_Controller_Page(); if ($block_id) { @@ -215,7 +215,7 @@ class stories_WT_Module extends WT_Module implements WT_Module_Block, WT_Module_ $title=''; $story_body=''; $gedcom_id=WT_GED_ID; - $xref=safe_GET('xref', WT_REGEX_XREF); + $xref=WT_Filter::get('xref', WT_REGEX_XREF); } $controller ->pageHeader() @@ -274,7 +274,7 @@ class stories_WT_Module extends WT_Module implements WT_Module_Block, WT_Module_ private function delete() { if (WT_USER_CAN_EDIT) { - $block_id=safe_GET('block_id'); + $block_id=WT_Filter::getInteger('block_id'); $block_order=WT_DB::prepare( "SELECT block_order FROM `##block` WHERE block_id=?" diff --git a/modules_v3/theme_select/module.php b/modules_v3/theme_select/module.php index f0ac4823cd..7ff0e91016 100644 --- a/modules_v3/theme_select/module.php +++ b/modules_v3/theme_select/module.php @@ -1,77 +1,77 @@ -<?php
-// Classes and libraries for module system
-//
-// webtrees: Web based Family History software
-// Copyright (C) 2013 webtrees development team.
-//
-// Derived from PhpGedView
-// Copyright (C) 2010 John Finlay
-//
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; either version 2 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-if (!defined('WT_WEBTREES')) {
- header('HTTP/1.0 403 Forbidden');
- exit;
-}
-
-class theme_select_WT_Module extends WT_Module implements WT_Module_Block {
- // Extend class WT_Module
- public function getTitle() {
- return /* I18N: Name of a module */ WT_I18N::translate('Theme change');
- }
-
- // Extend class WT_Module
- public function getDescription() {
- return /* I18N: Description of the “Theme change” module */ WT_I18N::translate('An alternative way to select a new theme.');
- }
-
- // Implement class WT_Module_Block
- public function getBlock($block_id, $template=true, $cfg=null) {
- $id=$this->getName().$block_id;
- $class=$this->getName().'_block';
- $title=$this->getTitle();
- $menu=WT_MenuBar::getThemeMenu();
- if ($menu) {
- $content='<div class="center theme_form">'.WT_MenuBar::getThemeMenu().'</div><br>';
-
- if ($template) {
- require WT_THEME_DIR.'templates/block_main_temp.php';
- } else {
- return $content;
- }
- } else {
- return '';
- }
- }
-
- // Implement class WT_Module_Block
- public function loadAjax() {
- return false;
- }
-
- // Implement class WT_Module_Block
- public function isUserBlock() {
- return true;
- }
-
- // Implement class WT_Module_Block
- public function isGedcomBlock() {
- return true;
- }
-
- // Implement class WT_Module_Block
- public function configureBlock($block_id) {
- }
-}
+<?php +// Classes and libraries for module system +// +// webtrees: Web based Family History software +// Copyright (C) 2013 webtrees development team. +// +// Derived from PhpGedView +// Copyright (C) 2010 John Finlay +// +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; either version 2 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program; if not, write to the Free Software +// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +if (!defined('WT_WEBTREES')) { + header('HTTP/1.0 403 Forbidden'); + exit; +} + +class theme_select_WT_Module extends WT_Module implements WT_Module_Block { + // Extend class WT_Module + public function getTitle() { + return /* I18N: Name of a module */ WT_I18N::translate('Theme change'); + } + + // Extend class WT_Module + public function getDescription() { + return /* I18N: Description of the “Theme change” module */ WT_I18N::translate('An alternative way to select a new theme.'); + } + + // Implement class WT_Module_Block + public function getBlock($block_id, $template=true, $cfg=null) { + $id=$this->getName().$block_id; + $class=$this->getName().'_block'; + $title=$this->getTitle(); + $menu=WT_MenuBar::getThemeMenu(); + if ($menu) { + $content='<div class="center theme_form">'.WT_MenuBar::getThemeMenu().'</div><br>'; + + if ($template) { + require WT_THEME_DIR.'templates/block_main_temp.php'; + } else { + return $content; + } + } else { + return ''; + } + } + + // Implement class WT_Module_Block + public function loadAjax() { + return false; + } + + // Implement class WT_Module_Block + public function isUserBlock() { + return true; + } + + // Implement class WT_Module_Block + public function isGedcomBlock() { + return true; + } + + // Implement class WT_Module_Block + public function configureBlock($block_id) { + } +} diff --git a/modules_v3/todays_events/module.php b/modules_v3/todays_events/module.php index 630577abbd..44824dc46d 100644 --- a/modules_v3/todays_events/module.php +++ b/modules_v3/todays_events/module.php @@ -109,12 +109,12 @@ class todays_events_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'filter', safe_POST_bool('filter')); - set_block_setting($block_id, 'onlyBDM', safe_POST_bool('onlyBDM')); - set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table')); - set_block_setting($block_id, 'sortStyle', safe_POST('sortStyle', array('alpha', 'anniv'), 'alpha')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'filter', WT_Filter::postBool('filter')); + set_block_setting($block_id, 'onlyBDM', WT_Filter::postBool('onlyBDM')); + set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table')); + set_block_setting($block_id, 'sortStyle', WT_Filter::post('sortStyle', 'alpha|anniv', 'alpha')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -158,4 +158,4 @@ class todays_events_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('block', $block); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/todo/module.php b/modules_v3/todo/module.php index 02d46539de..1526f8d07d 100644 --- a/modules_v3/todo/module.php +++ b/modules_v3/todo/module.php @@ -155,11 +155,11 @@ class todo_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'show_other', safe_POST_bool('show_other')); - set_block_setting($block_id, 'show_unassigned', safe_POST_bool('show_unassigned')); - set_block_setting($block_id, 'show_future', safe_POST_bool('show_future')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'show_other', WT_Filter::postBool('show_other')); + set_block_setting($block_id, 'show_unassigned', WT_Filter::postBool('show_unassigned')); + set_block_setting($block_id, 'show_future', WT_Filter::postBool('show_future')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -193,4 +193,4 @@ class todo_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('block', $block); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/top10_givnnames/module.php b/modules_v3/top10_givnnames/module.php index 8515cd7593..bb4c9d4d8b 100644 --- a/modules_v3/top10_givnnames/module.php +++ b/modules_v3/top10_givnnames/module.php @@ -126,10 +126,10 @@ class top10_givnnames_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'num', safe_POST_integer('num', 1, 10000, 10)); - set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'num', WT_Filter::postInteger('num', 1, 10000, 10)); + set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -156,4 +156,4 @@ class top10_givnnames_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('block', $block); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/top10_pageviews/module.php b/modules_v3/top10_pageviews/module.php index 2a1525d902..6fa08522b7 100644 --- a/modules_v3/top10_pageviews/module.php +++ b/modules_v3/top10_pageviews/module.php @@ -120,10 +120,10 @@ class top10_pageviews_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'num', safe_POST_integer('num', 1, 10000, 10)); - set_block_setting($block_id, 'count_placement', safe_POST('count_placement', array('before', 'after'), 'before')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'num', WT_Filter::postInteger('num', 1, 10000, 10)); + set_block_setting($block_id, 'count_placement', WT_Filter::post('count_placement', 'before|after', 'before')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } require_once WT_ROOT.'includes/functions/functions_edit.php'; @@ -149,4 +149,4 @@ class top10_pageviews_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('block', $block); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/top10_surnames/module.php b/modules_v3/top10_surnames/module.php index 0670cc8534..a2c44f790e 100644 --- a/modules_v3/top10_surnames/module.php +++ b/modules_v3/top10_surnames/module.php @@ -139,10 +139,10 @@ class top10_surnames_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'num', safe_POST_integer('num', 1, 10000, 10)); - set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'array', 'table', 'tagcloud'), 'table')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'num', WT_Filter::postInteger('num', 1, 10000, 10)); + set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|array|table|tagcloud', 'table')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -181,4 +181,4 @@ class top10_surnames_WT_Module extends WT_Module implements WT_Module_Block { } return $countb - $counta; } -} +}
\ No newline at end of file diff --git a/modules_v3/tree/class_treeview.php b/modules_v3/tree/class_treeview.php index 62cd94b12a..bdd742e741 100644 --- a/modules_v3/tree/class_treeview.php +++ b/modules_v3/tree/class_treeview.php @@ -35,7 +35,7 @@ class TreeView { $this->name = $name; // Read if all partners must be shown or not - $allPartners = safe_GET('allPartners'); + $allPartners = WT_Filter::get('allPartners'); // if allPartners not specified in url, we try to read the cookie if ($allPartners == '') { if (isset($_COOKIE['allPartners'])) @@ -121,7 +121,7 @@ class TreeView { foreach ($person->getSpouseFamilies() as $family) { $spouse = $family->getSpouse($person); if ($spouse) { - $r .= $this->getPersonDetails($person, $family->getSpouse($person), $family); + $r .= $this->getPersonDetails($person, $spouse, $family); } } return $r; diff --git a/modules_v3/tree/module.php b/modules_v3/tree/module.php index e38bcd78fd..155073d1ea 100644 --- a/modules_v3/tree/module.php +++ b/modules_v3/tree/module.php @@ -130,8 +130,8 @@ class tree_WT_Module extends WT_Module implements WT_Module_Tab { //$controller->pageHeader(); Zend_Session::writeClose(); header('Content-Type: text/html; charset=UTF-8'); - $pid = safe_GET('pid'); - $i = safe_GET('instance'); + $pid = WT_Filter::get('pid', WT_REGEX_XREF); + $i = WT_Filter::get('instance'); $tv = new TreeView($i); echo $tv->getDetails($pid); break; @@ -141,8 +141,8 @@ class tree_WT_Module extends WT_Module implements WT_Module_Tab { //$controller->pageHeader(); Zend_Session::writeClose(); header('Content-Type: text/html; charset=UTF-8'); - $q = $_REQUEST['q']; - $i = safe_GET('instance'); + $q = WT_Filter::get('q'); + $i = WT_Filter::get('instance'); $tv = new TreeView($i); echo $tv->getPersons($q); break; diff --git a/modules_v3/upcoming_events/module.php b/modules_v3/upcoming_events/module.php index 2986247386..06f2a1e2eb 100644 --- a/modules_v3/upcoming_events/module.php +++ b/modules_v3/upcoming_events/module.php @@ -112,13 +112,13 @@ class upcoming_events_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'days', safe_POST_integer('days', 1, 30, 7)); - set_block_setting($block_id, 'filter', safe_POST_bool('filter')); - set_block_setting($block_id, 'onlyBDM', safe_POST_bool('onlyBDM')); - set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table')); - set_block_setting($block_id, 'sortStyle', safe_POST('sortStyle', array('alpha', 'anniv'), 'alpha')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'days', WT_Filter::postInteger('days', 1, 30, 7)); + set_block_setting($block_id, 'filter', WT_Filter::postBool('filter')); + set_block_setting($block_id, 'onlyBDM', WT_Filter::postBool('onlyBDM')); + set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table')); + set_block_setting($block_id, 'sortStyle', WT_Filter::post('sortStyle', 'alpha|anniv', 'alpha')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -170,4 +170,4 @@ class upcoming_events_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('block', $block); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/user_blog/module.php b/modules_v3/user_blog/module.php index f975ddeb1d..81e519438d 100644 --- a/modules_v3/user_blog/module.php +++ b/modules_v3/user_blog/module.php @@ -49,9 +49,9 @@ class user_blog_WT_Module extends WT_Module implements WT_Module_Block { public function getBlock($block_id, $template=true, $cfg=null) { global $ctype; - switch (safe_GET('action')) { + switch (WT_Filter::get('action')) { case 'deletenews': - $news_id=safe_GET('news_id'); + $news_id=WT_Filter::getInteger('news_id'); if ($news_id) { deleteNews($news_id); } @@ -124,4 +124,4 @@ class user_blog_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { } -} +}
\ No newline at end of file diff --git a/modules_v3/user_favorites/module.php b/modules_v3/user_favorites/module.php index 66ddc86f7d..b74eb676a5 100644 --- a/modules_v3/user_favorites/module.php +++ b/modules_v3/user_favorites/module.php @@ -64,16 +64,16 @@ class user_favorites_WT_Module extends gedcom_favorites_WT_Module { switch($modAction) { case 'menu-add-favorite': // Process the "add to user favorites" menu item on indi/fam/etc. pages - $record=WT_GedcomRecord::getInstance(safe_POST_xref('xref')); + $record = WT_GedcomRecord::getInstance(WT_Filter::post('xref', WT_REGEX_XREF)); if (WT_USER_ID && $record->canShowName()) { self::addFavorite(array( - 'user_id' =>WT_USER_ID, - 'gedcom_id'=>$record->getGedcomId(), - 'gid' =>$record->getXref(), - 'type' =>$record::RECORD_TYPE, - 'url' =>null, - 'note' =>null, - 'title' =>null, + 'user_id' => WT_USER_ID, + 'gedcom_id' => $record->getGedcomId(), + 'gid' => $record->getXref(), + 'type' => $record::RECORD_TYPE, + 'url' => null, + 'note' => null, + 'title' => null, )); WT_FlashMessages::addMessage(/* I18N: %s is the name of an individual, source or other record */ WT_I18N::translate('“%s” has been added to your favorites.', $record->getFullName())); } diff --git a/modules_v3/user_messages/module.php b/modules_v3/user_messages/module.php index 6a89860edd..5d8048acac 100644 --- a/modules_v3/user_messages/module.php +++ b/modules_v3/user_messages/module.php @@ -44,8 +44,8 @@ class user_messages_WT_Module extends WT_Module implements WT_Module_Block { require_once WT_ROOT.'includes/functions/functions_print_facts.php'; // Block actions - $action=safe_GET('action'); - $message_id=safe_GET('message_id'); + $action = WT_Filter::get('action'); + $message_id = WT_Filter::getInteger('message_id'); if ($action=='deletemessage') { if (is_array($message_id)) { foreach ($message_id as $msg_id) { @@ -79,7 +79,7 @@ class user_messages_WT_Module extends WT_Module implements WT_Module_Block { $content.='</option>'; } } - $content.='</select> <input type="button" value="'.WT_I18N::translate('Send').'" onclick="message(document.messageform.touser.options[document.messageform.touser.selectedIndex].value, \'messaging2\', \'\', \'\'); return false;"><br><br>'; + $content.='</select> <input type="button" value="'.WT_I18N::translate('Send').'" onclick="message(document.messageform.touser.options[document.messageform.touser.selectedIndex].value, \'messaging2\', \'\'); return false;"><br><br>'; } if (count($messages)==0) { $content.=WT_I18N::translate('You have no pending messages.')."<br>"; @@ -149,8 +149,8 @@ class user_messages_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } diff --git a/modules_v3/yahrzeit/module.php b/modules_v3/yahrzeit/module.php index 3d1291d133..8582aeb849 100644 --- a/modules_v3/yahrzeit/module.php +++ b/modules_v3/yahrzeit/module.php @@ -223,10 +223,10 @@ class yahrzeit_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'days', safe_POST_integer('days', 1, 30, 7)); - set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'days', WT_Filter::postInteger('days', 1, 30, 7)); + set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -254,4 +254,4 @@ class yahrzeit_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('block', $block); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/placelist.php b/placelist.php index 35eac00414..aebc99946e 100644 --- a/placelist.php +++ b/placelist.php @@ -25,14 +25,12 @@ define('WT_SCRIPT_NAME', 'placelist.php'); require './includes/session.php'; require_once WT_ROOT.'includes/functions/functions_print_lists.php'; -$controller=new WT_Controller_Page(); +$controller = new WT_Controller_Page(); + +$action = WT_Filter::get('action', 'find|show', 'find'); +$display = WT_Filter::get('display', 'hierarchy|list', 'hierarchy'); +$parent = WT_Filter::getArray('parent'); -$action =safe_GET('action', array('find', 'show'), 'find'); -$display=safe_GET('display', array('hierarchy', 'list'), 'hierarchy'); -$parent =safe_GET('parent', WT_REGEX_UNSAFE); // Place names may include HTML chars. "Sunny View Cemetery", Smallville, <unknown>, Texas, USA" -if (!is_array($parent)) { - $parent = array(); -} $level=count($parent); if ($display=='hierarchy') { @@ -248,4 +246,4 @@ case 'hierarchy': break; } -echo '</div>'; // <div id="place-hierarchy"> +echo '</div>'; // <div id="place-hierarchy">
\ No newline at end of file diff --git a/relationship.php b/relationship.php index 52677df7f1..9298c1187d 100644 --- a/relationship.php +++ b/relationship.php @@ -25,14 +25,14 @@ define('WT_SCRIPT_NAME', 'relationship.php'); require './includes/session.php'; require WT_ROOT.'includes/functions/functions_edit.php'; -$controller=new WT_Controller_Page(); +$controller = new WT_Controller_Page(); -$pid1 =safe_GET_xref('pid1'); -$pid2 =safe_GET_xref('pid2'); -$show_full =safe_GET('show_full', array('0', '1'), $PEDIGREE_FULL_DETAILS); -$path_to_find=safe_GET('path_to_find', '[0-9]+', 0); -$followspouse=safe_GET_bool('followspouse'); -$asc =safe_GET_bool('asc'); +$pid1 = WT_Filter::get('pid1', WT_REGEX_XREF); +$pid2 = WT_Filter::get('pid2', WT_REGEX_XREF); +$show_full = WT_Filter::getInteger('show_full', 0, 1, $PEDIGREE_FULL_DETAILS); +$path_to_find = WT_Filter::getInteger('path_to_find'); +$followspouse = WT_Filter::getBool('followspouse'); +$asc = WT_Filter::getBool('asc'); $asc = $asc ? -1 : 1; diff --git a/reportengine.php b/reportengine.php index 0217b74417..defcb3fa59 100644 --- a/reportengine.php +++ b/reportengine.php @@ -28,14 +28,14 @@ require './includes/session.php'; $controller=new WT_Controller_Page(); -$famid =safe_GET('famid'); -$pid =safe_GET('pid'); -$action =safe_GET('action', array('choose', 'setup', 'run'), 'choose'); -$report =safe_GET('report'); -$output =safe_GET('output', array('HTML', 'PDF'), 'PDF'); -$vars =safe_GET('vars'); -$varnames=safe_GET('varnames'); -$type =safe_GET('type'); +$famid =WT_Filter::get('famid'); +$pid =WT_Filter::get('pid'); +$action =WT_Filter::get('action', 'choose|setup|run', 'choose'); +$report =WT_Filter::get('report'); +$output =WT_Filter::get('output', 'HTML|PDF', 'PDF'); +$vars =WT_Filter::get('vars'); +$varnames=WT_Filter::get('varnames'); +$type =WT_Filter::get('type'); if (!is_array($vars)) { $vars=array(); } @@ -509,4 +509,4 @@ exit; // here, so we can add comments $x=/* I18N: An option in a list-box */ WT_I18N::translate('sort by date of birth'); $x=/* I18N: An option in a list-box */ WT_I18N::translate('sort by date of marriage'); -$x=/* I18N: An option in a list-box */ WT_I18N::translate('sort by date of death'); +$x=/* I18N: An option in a list-box */ WT_I18N::translate('sort by date of death');
\ No newline at end of file @@ -40,11 +40,11 @@ function fail() { // The id must be a valid CSS identifier, so it can be used in HTML. // We use "[A-Za-z0-9_]+" separated by "-". -$id=safe_POST('id', '[a-zA-Z0-9_-]+'); +$id=WT_Filter::post('id', '[a-zA-Z0-9_-]+'); list($table, $id1, $id2, $id3)=explode('-', $id.'---'); // The replacement value. -$value=safe_POST('value', WT_REGEX_UNSAFE); +$value=WT_Filter::post('value'); // Every switch must have a default case, and every case must end in ok() or fail() @@ -311,4 +311,4 @@ case 'module': default: // An unrecognised table fail(); -} +}
\ No newline at end of file @@ -64,7 +64,7 @@ require 'includes/functions/functions_utf-8.php'; require 'includes/functions/functions_edit.php'; $WT_REQUEST=new Zend_Controller_Request_Http(); $WT_SESSION=new stdClass; $WT_SESSION->locale=null; // Can't use Zend_Session until we've checked ini_set -define('WT_LOCALE', WT_I18N::init(safe_POST('lang', '[@a-zA-Z_]+'))); +define('WT_LOCALE', WT_I18N::init(WT_Filter::post('lang', '[@a-zA-Z_]+'))); header('Content-Type: text/html; charset=UTF-8'); @@ -936,4 +936,4 @@ function to_mb($str) { if (substr($str, -1, 1)=='G') { return floor(1024*substr($str, 0, strlen($str)-1)); } -} +}
\ No newline at end of file diff --git a/statistics.php b/statistics.php index 69be880696..e241a7b8ad 100644 --- a/statistics.php +++ b/statistics.php @@ -28,8 +28,8 @@ define('WT_SCRIPT_NAME', 'statistics.php'); require './includes/session.php'; // check for on demand content loading -$tab = safe_GET('tab', WT_REGEX_NOSCRIPT, 0); -$ajax = safe_GET('ajax', WT_REGEX_NOSCRIPT, 0); +$tab = WT_Filter::getInteger('tab', 0, 3); +$ajax = WT_Filter::getBool('ajax'); if (!$ajax) { $controller=new WT_Controller_Page(); diff --git a/statisticsplot.php b/statisticsplot.php index 669dacb7fb..f5dd76fa88 100644 --- a/statisticsplot.php +++ b/statisticsplot.php @@ -822,7 +822,7 @@ function set_params($current, $indfam, $xg, $zg, $titstr, $xt, $yt, $gx, $gz, $m } //-- ========= start of main program ========= -$action = safe_REQUEST($_REQUEST, 'action', WT_REGEX_XREF); +$action = WT_Filter::post('action'); if ($action=='update') { $x_as = $_POST['x-as']; diff --git a/themes/_administration/header.php b/themes/_administration/header.php index 104054b668..662e7702bd 100644 --- a/themes/_administration/header.php +++ b/themes/_administration/header.php @@ -84,18 +84,18 @@ echo // Side menu '<div id="admin_menu" class="ui-widget-content">', '<ul>', - '<li><a ', (WT_SCRIPT_NAME=="admin.php" ? 'class="current" ' : ''), 'href="admin.php">', WT_I18N::translate('Administration'), '</a></li>'; + '<li><a ', (WT_SCRIPT_NAME=='admin.php' ? 'class="current" ' : ''), 'href="admin.php">', WT_I18N::translate('Administration'), '</a></li>'; if (WT_USER_IS_ADMIN) { echo '<li><ul>', - '<li><a ', (WT_SCRIPT_NAME=="admin_site_config.php" ? 'class="current" ' : ''), 'href="admin_site_config.php">', WT_I18N::translate('Site configuration' ), '</a></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_site_logs.php" ? 'class="current" ' : ''), 'href="admin_site_logs.php">', WT_I18N::translate('Logs' ), '</a></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_site_readme.php" ? 'class="current" ' : ''), 'href="admin_site_readme.php">', WT_I18N::translate('README documentation' ), '</a></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_site_info.php" ? 'class="current" ' : ''), 'href="admin_site_info.php">', WT_I18N::translate('PHP information' ), '</a></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_site_access.php" ? 'class="current" ' : ''), 'href="admin_site_access.php">', WT_I18N::translate('Site access rules' ), '</a></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_site_clean.php" ? 'class="current" ' : ''), 'href="admin_site_clean.php">', WT_I18N::translate('Clean up data folder'), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_site_config.php' ? 'class="current" ' : ''), 'href="admin_site_config.php">', WT_I18N::translate('Site configuration' ), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_site_logs.php' ? 'class="current" ' : ''), 'href="admin_site_logs.php">', WT_I18N::translate('Logs' ), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_site_readme.php' ? 'class="current" ' : ''), 'href="admin_site_readme.php">', WT_I18N::translate('README documentation' ), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_site_info.php' ? 'class="current" ' : ''), 'href="admin_site_info.php">', WT_I18N::translate('PHP information' ), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_site_access.php' ? 'class="current" ' : ''), 'href="admin_site_access.php">', WT_I18N::translate('Site access rules' ), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_site_clean.php' ? 'class="current" ' : ''), 'href="admin_site_clean.php">', WT_I18N::translate('Clean up data folder'), '</a></li>', '</ul></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_trees_manage.php" ? 'class="current" ' : ''), 'href="admin_trees_manage.php">', WT_I18N::translate('Family trees' ), '</a></li>'; + '<li><a ', (WT_SCRIPT_NAME=='admin_trees_manage.php' ? 'class="current" ' : ''), 'href="admin_trees_manage.php">', WT_I18N::translate('Family trees' ), '</a></li>'; } else { echo '<li>', WT_I18N::translate('Family trees'), '</li>'; } @@ -105,49 +105,49 @@ foreach (WT_Tree::getAll() as $tree) { if (userGedcomAdmin(WT_USER_ID, $tree->tree_id)) { // Add a title="" element, since long tree titles are cropped echo - '<li><span><a ', (WT_SCRIPT_NAME=="admin_trees_config.php" && WT_GED_ID==$tree->tree_id ? 'class="current" ' : ''), 'href="admin_trees_config.php?ged='.$tree->tree_name_url.'" title="', WT_Filter::escapeHtml($tree->tree_title), '" dir="auto">', $tree->tree_title_html, + '<li><span><a ', (WT_SCRIPT_NAME=='admin_trees_config.php' && WT_GED_ID==$tree->tree_id ? 'class="current" ' : ''), 'href="admin_trees_config.php?ged='.$tree->tree_name_url.'" title="', WT_Filter::escapeHtml($tree->tree_title), '" dir="auto">', $tree->tree_title_html, '</a></span></li>'; } } echo - '<li><a ', (WT_SCRIPT_NAME=="admin_site_merge.php" ? 'class="current" ' : ''), 'href="admin_site_merge.php">', WT_I18N::translate('Merge records'), '</a></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_site_other.php" ? 'class="current" ' : ''), 'href="admin_site_other.php">', WT_I18N::translate('Add unlinked records'), '</a></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_trees_check.php" ? 'class="current" ' : ''), 'href="admin_trees_check.php">', WT_I18N::translate('Check for errors'), '</a></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_site_change.php" ? 'class="current" ' : ''), 'href="admin_site_change.php">', WT_I18N::translate('Changes log'),'</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_site_merge.php' ? 'class="current" ' : ''), 'href="admin_site_merge.php">', WT_I18N::translate('Merge records'), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_site_other.php' ? 'class="current" ' : ''), 'href="admin_site_other.php">', WT_I18N::translate('Add unlinked records'), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_trees_check.php' ? 'class="current" ' : ''), 'href="admin_trees_check.php">', WT_I18N::translate('Check for errors'), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_site_change.php' ? 'class="current" ' : ''), 'href="admin_site_change.php">', WT_I18N::translate('Changes log'),'</a></li>', '<li><a href="index_edit.php?gedcom_id=-1" onclick="return modalDialog(\'index_edit.php?gedcom_id=-1'.'\', \'', WT_I18N::translate('Set the default blocks for new family trees'), '\');">', WT_I18N::translate('Set the default blocks'), '</a></li>', '</ul></li>'; if (WT_USER_IS_ADMIN) { echo - '<li><a ', (WT_SCRIPT_NAME=="admin_users.php" && safe_GET('action')!="cleanup"&& safe_GET('action')!="createform" ? 'class="current" ' : ''), 'href="admin_users.php">', + '<li><a ', (WT_SCRIPT_NAME=='admin_users.php' && WT_Filter::get('action')!="cleanup"&& WT_Filter::get('action')!="createform" ? 'class="current" ' : ''), 'href="admin_users.php">', WT_I18N::translate('Users'), '</a></li>', '<li><ul>', - '<li><a ', (WT_SCRIPT_NAME=="admin_users.php" && safe_GET('action')=="createform" ? 'class="current" ' : ''), 'href="admin_users.php?action=createform">', WT_I18N::translate('Add a new user'), '</a></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_users_bulk.php" ? 'class="current" ' : ''), 'href="admin_users_bulk.php">', WT_I18N::translate('Send broadcast messages'), '</a>', - '<li><a ', (WT_SCRIPT_NAME=="admin_masquerade.php" ? 'class="current" ' : ''), 'href="admin_masquerade.php">', WT_I18N::translate('Masquerade'), '</a>', - '<li><a ', (WT_SCRIPT_NAME=="admin_users.php" && safe_GET('action')=="cleanup" ? 'class="current" ' : ''), 'href="admin_users.php?action=cleanup">', WT_I18N::translate('Delete inactive users'), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_users.php' && WT_Filter::get('action')=='createform' ? 'class="current" ' : ''), 'href="admin_users.php?action=createform">', WT_I18N::translate('Add a new user'), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_users_bulk.php' ? 'class="current" ' : ''), 'href="admin_users_bulk.php">', WT_I18N::translate('Send broadcast messages'), '</a>', + '<li><a ', (WT_SCRIPT_NAME=='admin_masquerade.php' ? 'class="current" ' : ''), 'href="admin_masquerade.php">', WT_I18N::translate('Masquerade'), '</a>', + '<li><a ', (WT_SCRIPT_NAME=='admin_users.php' && WT_Filter::get('action')=='cleanup' ? 'class="current" ' : ''), 'href="admin_users.php?action=cleanup">', WT_I18N::translate('Delete inactive users'), '</a></li>', '<li><a href="index_edit.php?user_id=-1" onclick="return modalDialog(\'index_edit.php?user_id=-1'.'\', \'', WT_I18N::translate('Set the default blocks for new users'), '\');">', WT_I18N::translate('Set the default blocks'), '</a></li>', '</ul></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_media.php" ? 'class="current" ' : ''), 'href="admin_media.php">', WT_I18N::translate('Media'), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_media.php' ? 'class="current" ' : ''), 'href="admin_media.php">', WT_I18N::translate('Media'), '</a></li>', '<li><ul>', - '<li><a ', (WT_SCRIPT_NAME=="admin_media_upload.php" ? 'class="current" ' : ''), 'href="admin_media_upload.php">', WT_I18N::translate('Upload media files'), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_media_upload.php' ? 'class="current" ' : ''), 'href="admin_media_upload.php">', WT_I18N::translate('Upload media files'), '</a></li>', '</ul></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_modules.php" ? 'class="current" ' : ''), 'href="admin_modules.php">', + '<li><a ', (WT_SCRIPT_NAME=='admin_modules.php' ? 'class="current" ' : ''), 'href="admin_modules.php">', WT_I18N::translate('Modules'), '</a></li>', '<li><ul>', - '<li><a ', (WT_SCRIPT_NAME=="admin_module_menus.php" ? 'class="current" ' : ''), 'href="admin_module_menus.php">', WT_I18N::translate('Menus' ), '</a></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_module_tabs.php" ? 'class="current" ' : ''), 'href="admin_module_tabs.php">', WT_I18N::translate('Tabs' ), '</a></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_module_blocks.php" ? 'class="current" ' : ''), 'href="admin_module_blocks.php">', WT_I18N::translate('Blocks' ), '</a></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_module_sidebar.php" ? 'class="current" ' : ''), 'href="admin_module_sidebar.php">', WT_I18N::translate('Sidebar'), '</a></li>', - '<li><a ', (WT_SCRIPT_NAME=="admin_module_reports.php" ? 'class="current" ' : ''), 'href="admin_module_reports.php">', WT_I18N::translate('Reports'), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_module_menus.php' ? 'class="current" ' : ''), 'href="admin_module_menus.php">', WT_I18N::translate('Menus' ), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_module_tabs.php' ? 'class="current" ' : ''), 'href="admin_module_tabs.php">', WT_I18N::translate('Tabs' ), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_module_blocks.php' ? 'class="current" ' : ''), 'href="admin_module_blocks.php">', WT_I18N::translate('Blocks' ), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_module_sidebar.php' ? 'class="current" ' : ''), 'href="admin_module_sidebar.php">', WT_I18N::translate('Sidebar'), '</a></li>', + '<li><a ', (WT_SCRIPT_NAME=='admin_module_reports.php' ? 'class="current" ' : ''), 'href="admin_module_reports.php">', WT_I18N::translate('Reports'), '</a></li>', '</ul></li>'; foreach (WT_Module::getActiveModules(true) as $module) { if ($module instanceof WT_Module_Config) { - echo '<li><span><a ', (WT_SCRIPT_NAME=="module.php" && safe_GET('mod')==$module->getName() ? 'class="current" ' : ''), 'href="', $module->getConfigLink(), '">', $module->getTitle(), '</a></span></li>'; + echo '<li><span><a ', (WT_SCRIPT_NAME=='module.php' && WT_Filter::get('mod')==$module->getName() ? 'class="current" ' : ''), 'href="', $module->getConfigLink(), '">', $module->getTitle(), '</a></span></li>'; } } } @@ -155,4 +155,4 @@ echo '</ul>', '</div>', '<div id="admin_content" class="ui-widget-content">', - WT_FlashMessages::getHtmlMessages(); // Feedback from asynchronous actions; + WT_FlashMessages::getHtmlMessages(); // Feedback from asynchronous actions;
\ No newline at end of file diff --git a/themes/_administration/theme.php b/themes/_administration/theme.php index 802178b07e..81f80a1ffa 100644 --- a/themes/_administration/theme.php +++ b/themes/_administration/theme.php @@ -1,42 +1,42 @@ -<?php
-// Administration theme
-//
-// webtrees: Web based Family History software
-// Copyright (C) 2013 webtrees development team.
-//
-// Derived from PhpGedView
-// Copyright (C) 2002 to 2009 PGV Development Team. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; either version 2 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-if (!defined('WT_WEBTREES')) {
- header('HTTP/1.0 403 Forbidden');
- exit;
-}
-
-$theme_name = "_administration"; // need double quotes, as file is scanned/parsed by script
-$headerfile = WT_THEME_DIR.'header.php';
-$footerfile = WT_THEME_DIR.'footer.php';
-
-//- main icons
-$WT_IMAGES=array(
- // lightbox module uses this in manage media links, and also admin_media.php for delete folder.
- 'remove' =>WT_THEME_URL.'images/delete.png',
-
- // need different sizes before moving to CSS
- 'default_image_F'=>WT_THEME_URL.'images/silhouette_female.png',
- 'default_image_M'=>WT_THEME_URL.'images/silhouette_male.png',
- 'default_image_U'=>WT_THEME_URL.'images/silhouette_unknown.png',
-);
+<?php +// Administration theme +// +// webtrees: Web based Family History software +// Copyright (C) 2013 webtrees development team. +// +// Derived from PhpGedView +// Copyright (C) 2002 to 2009 PGV Development Team. All rights reserved. +// +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; either version 2 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program; if not, write to the Free Software +// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +if (!defined('WT_WEBTREES')) { + header('HTTP/1.0 403 Forbidden'); + exit; +} + +$theme_name = "_administration"; // need double quotes, as file is scanned/parsed by script +$headerfile = WT_THEME_DIR.'header.php'; +$footerfile = WT_THEME_DIR.'footer.php'; + +//- main icons +$WT_IMAGES=array( + // lightbox module uses this in manage media links, and also admin_media.php for delete folder. + 'remove' =>WT_THEME_URL.'images/delete.png', + + // need different sizes before moving to CSS + 'default_image_F'=>WT_THEME_URL.'images/silhouette_female.png', + 'default_image_M'=>WT_THEME_URL.'images/silhouette_male.png', + 'default_image_U'=>WT_THEME_URL.'images/silhouette_unknown.png', +); |
