summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGreg Roach <fisharebest@gmail.com>2013-08-29 22:35:00 +0100
committerGreg Roach <fisharebest@gmail.com>2013-08-29 22:35:00 +0100
commitdef8f50065a593a06a051ceb58b7686884a8ce58 (patch)
treedf7cb13b850c7f6332d9c40bc9daf560d0b19586
parentcd3cb363db375e0e9b7d5214b33e382f77aa9400 (diff)
downloadwebtrees-def8f50065a593a06a051ceb58b7686884a8ce58.tar.gz
webtrees-def8f50065a593a06a051ceb58b7686884a8ce58.tar.bz2
webtrees-def8f50065a593a06a051ceb58b7686884a8ce58.zip
New filter/validation functions for GET/POST variables
-rw-r--r--action.php18
-rw-r--r--addmedia.php24
-rw-r--r--admin_media.php42
-rw-r--r--admin_media_upload.php8
-rw-r--r--admin_module_blocks.php6
-rw-r--r--admin_module_menus.php8
-rw-r--r--admin_module_reports.php6
-rw-r--r--admin_module_sidebar.php8
-rw-r--r--admin_module_tabs.php8
-rw-r--r--admin_modules.php10
-rw-r--r--admin_pgv_to_wt.php8
-rw-r--r--admin_site_access.php52
-rw-r--r--admin_site_change.php48
-rw-r--r--admin_site_logs.php42
-rw-r--r--admin_site_merge.php14
-rw-r--r--admin_trees_check.php4
-rw-r--r--admin_trees_config.php202
-rw-r--r--admin_trees_download.php12
-rw-r--r--admin_trees_manage.php27
-rw-r--r--admin_users.php89
-rw-r--r--admin_users_bulk.php104
-rw-r--r--autocomplete.php19
-rw-r--r--block_edit.php6
-rw-r--r--branches.php11
-rw-r--r--calendar.php16
-rw-r--r--downloadbackup.php4
-rw-r--r--edit_changes.php10
-rw-r--r--edit_interface.php339
-rw-r--r--editnews.php14
-rw-r--r--edituser.php22
-rw-r--r--expand_view.php2
-rw-r--r--famlist.php74
-rw-r--r--fanchart.php4
-rw-r--r--find.php22
-rw-r--r--gedrecord.php2
-rw-r--r--help_text.php6
-rw-r--r--hourglass_ajax.php11
-rw-r--r--import.php6
-rw-r--r--includes/functions/functions.php92
-rw-r--r--includes/functions/functions_edit.php24
-rw-r--r--includes/functions/functions_print.php12
-rw-r--r--includes/hitcount.php19
-rw-r--r--includes/session.php10
-rw-r--r--index.php30
-rw-r--r--index_edit.php8
-rw-r--r--indilist.php72
-rw-r--r--individual.php4
-rw-r--r--inverselink.php8
-rw-r--r--js/webtrees-1.5.0.js4
-rw-r--r--library/WT/Controller/Ancestry.php12
-rw-r--r--library/WT/Controller/Chart.php2
-rw-r--r--library/WT/Controller/Compact.php4
-rw-r--r--library/WT/Controller/Descendancy.php21
-rw-r--r--library/WT/Controller/Family.php2
-rw-r--r--library/WT/Controller/Familybook.php14
-rw-r--r--library/WT/Controller/Fanchart.php25
-rw-r--r--library/WT/Controller/Hourglass.php15
-rw-r--r--library/WT/Controller/Individual.php4
-rw-r--r--library/WT/Controller/Lifespan.php18
-rw-r--r--library/WT/Controller/Media.php2
-rw-r--r--library/WT/Controller/Note.php2
-rw-r--r--library/WT/Controller/Pedigree.php10
-rw-r--r--library/WT/Controller/Repository.php2
-rw-r--r--library/WT/Controller/Search.php62
-rw-r--r--library/WT/Controller/Source.php2
-rw-r--r--library/WT/Controller/Timeline.php11
-rw-r--r--library/WT/Filter.php127
-rw-r--r--library/WT/GedcomRecord.php6
-rw-r--r--library/WT/Stats.php10
-rw-r--r--login.php42
-rw-r--r--mediafirewall.php6
-rw-r--r--medialist.php32
-rw-r--r--message.php18
-rw-r--r--module.php16
-rw-r--r--modules_v3/GEDFact_assistant/CENS_ctrl.php2
-rw-r--r--modules_v3/GEDFact_assistant/_CENS/census_3_find.php10
-rw-r--r--modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php8
-rw-r--r--modules_v3/GEDFact_assistant/module.php22
-rw-r--r--modules_v3/batch_update/admin_batch_update.php14
-rw-r--r--modules_v3/batch_update/plugins/married_names.php4
-rw-r--r--modules_v3/batch_update/plugins/search_replace.php8
-rw-r--r--modules_v3/charts/module.php8
-rw-r--r--modules_v3/clippings/clippings_ctrl.php26
-rw-r--r--modules_v3/clippings/module.php20
-rw-r--r--modules_v3/descendancy/module.php6
-rw-r--r--modules_v3/extra_info/module.php196
-rw-r--r--modules_v3/families/module.php8
-rw-r--r--modules_v3/faq/module.php34
-rw-r--r--modules_v3/gedcom_favorites/module.php46
-rw-r--r--modules_v3/gedcom_news/module.php10
-rw-r--r--modules_v3/gedcom_stats/module.php44
-rw-r--r--modules_v3/googlemap/admin_places.php10
-rw-r--r--modules_v3/googlemap/module.php64
-rw-r--r--modules_v3/googlemap/placehierarchy.php6
-rw-r--r--modules_v3/googlemap/places_edit.php6
-rw-r--r--modules_v3/html/module.php16
-rw-r--r--modules_v3/individuals/module.php8
-rw-r--r--modules_v3/random_media/module.php70
-rw-r--r--modules_v3/recent_changes/module.php14
-rw-r--r--modules_v3/review_changes/module.php10
-rw-r--r--modules_v3/sitemap/module.php8
-rw-r--r--modules_v3/stories/module.php22
-rw-r--r--modules_v3/theme_select/module.php154
-rw-r--r--modules_v3/todays_events/module.php14
-rw-r--r--modules_v3/todo/module.php12
-rw-r--r--modules_v3/top10_givnnames/module.php10
-rw-r--r--modules_v3/top10_pageviews/module.php10
-rw-r--r--modules_v3/top10_surnames/module.php10
-rw-r--r--modules_v3/tree/class_treeview.php4
-rw-r--r--modules_v3/tree/module.php8
-rw-r--r--modules_v3/upcoming_events/module.php16
-rw-r--r--modules_v3/user_blog/module.php6
-rw-r--r--modules_v3/user_favorites/module.php16
-rw-r--r--modules_v3/user_messages/module.php10
-rw-r--r--modules_v3/yahrzeit/module.php10
-rw-r--r--placelist.php14
-rw-r--r--relationship.php14
-rw-r--r--reportengine.php18
-rw-r--r--save.php6
-rw-r--r--setup.php4
-rw-r--r--statistics.php4
-rw-r--r--statisticsplot.php2
-rw-r--r--themes/_administration/header.php56
-rw-r--r--themes/_administration/theme.php84
124 files changed, 1614 insertions, 1624 deletions
diff --git a/action.php b/action.php
index cf1c009df3..ffbef3ec93 100644
--- a/action.php
+++ b/action.php
@@ -41,11 +41,11 @@ require './includes/session.php';
header('Content-type: text/html; charset=UTF-8');
-switch (safe_POST('action')) {
+switch (WT_Filter::post('action')) {
case 'accept-changes':
// Accept all the pending changes for a record
require WT_ROOT.'includes/functions/functions_edit.php';
- $record=WT_GedcomRecord::getInstance(safe_POST_xref('xref'));
+ $record = WT_GedcomRecord::getInstance(WT_Filter::post('xref', WT_REGEX_XREF));
if ($record && WT_USER_CAN_ACCEPT && $record->canShow() && $record->canEdit()) {
WT_FlashMessages::addMessage(/* I18N: %s is the name of an individual, source or other record */ WT_I18N::translate('The changes to “%s” have been accepted.', $record->getFullName()));
accept_all_changes($record->getXref(), $record->getGedcomId());
@@ -57,8 +57,8 @@ case 'accept-changes':
case 'copy-fact':
// Copy a fact to the clipboard
require WT_ROOT.'includes/functions/functions_edit.php';
- $xref = safe_POST_xref('xref');
- $fact_id = safe_POST('fact_id');
+ $xref = WT_Filter::post('xref', WT_REGEX_XREF);
+ $fact_id = WT_Filter::post('fact_id');
$record = WT_GedcomRecord::getInstance($xref);
@@ -96,8 +96,8 @@ case 'copy-fact':
case 'delete-fact':
require WT_ROOT.'includes/functions/functions_edit.php';
- $xref = safe_POST_xref('xref');
- $fact_id = safe_POST('fact_id');
+ $xref = WT_Filter::post('xref', WT_REGEX_XREF);
+ $fact_id = WT_Filter::post('fact_id');
$record = WT_GedcomRecord::getInstance($xref);
if ($record && $record->canShow() && $record->canEdit()) {
@@ -120,7 +120,7 @@ case 'delete-note':
case 'delete-repository':
case 'delete-source':
require WT_ROOT.'includes/functions/functions_edit.php';
- $record=WT_GedcomRecord::getInstance(safe_POST_xref('xref'));
+ $record=WT_GedcomRecord::getInstance(WT_Filter::post('xref', WT_REGEX_XREF));
if ($record && WT_USER_CAN_EDIT && $record->canShow() && $record->canEdit()) {
// Delete links to this record
foreach (fetch_all_links($record->getXref(), $record->getGedcomId()) as $xref) {
@@ -157,7 +157,7 @@ case 'delete-source':
case 'reject-changes':
// Reject all the pending changes for a record
require WT_ROOT.'includes/functions/functions_edit.php';
- $record=WT_GedcomRecord::getInstance(safe_POST_xref('xref'));
+ $record=WT_GedcomRecord::getInstance(WT_Filter::post('xref', WT_REGEX_XREF));
if ($record && WT_USER_CAN_ACCEPT && $record->canShow() && $record->canEdit()) {
WT_FlashMessages::addMessage(/* I18N: %s is the name of an individual, source or other record */ WT_I18N::translate('The changes to “%s” have been rejected.', $record->getFullName()));
reject_all_changes($record->getXref(), $record->getGedcomId());
@@ -168,7 +168,7 @@ case 'reject-changes':
case 'theme':
// Change the current theme
- $theme_dir=safe_POST('theme');
+ $theme_dir=WT_Filter::post('theme');
if (WT_Site::preference('ALLOW_USER_THEMES') && in_array($theme_dir, get_theme_names())) {
$WT_SESSION->theme_dir=$theme_dir;
if (WT_USER_ID) {
diff --git a/addmedia.php b/addmedia.php
index a99b38d54d..f31086940b 100644
--- a/addmedia.php
+++ b/addmedia.php
@@ -27,17 +27,17 @@ require './includes/session.php';
require_once WT_ROOT.'includes/functions/functions_print_lists.php';
require WT_ROOT.'includes/functions/functions_edit.php';
-$pid = safe_REQUEST($_REQUEST, 'pid', WT_REGEX_XREF); // edit this media object
-$linktoid = safe_REQUEST($_REQUEST, 'linktoid', WT_REGEX_XREF); // create a new media object, linked to this record
-$action = safe_REQUEST($_REQUEST, 'action');
-$filename = safe_REQUEST($_REQUEST, 'filename', WT_REGEX_UNSAFE);
-$text = safe_REQUEST($_REQUEST, 'text', WT_REGEX_UNSAFE);
-$tag = safe_REQUEST($_REQUEST, 'tag', WT_REGEX_UNSAFE);
-$islink = safe_REQUEST($_REQUEST, 'islink', WT_REGEX_UNSAFE);
-$glevels = safe_REQUEST($_REQUEST, 'glevels', WT_REGEX_UNSAFE);
+$pid = WT_Filter::get('pid', WT_REGEX_XREF, WT_Filter::post('pid', WT_REGEX_XREF)); // edit this media object
+$linktoid = WT_Filter::get('linktoid', WT_REGEX_XREF, WT_Filter::post('linktoid', WT_REGEX_XREF)); // create a new media object, linked to this record
+$action = WT_Filter::get('action', null, WT_Filter::post('action'));
+$filename = WT_Filter::get('filename', null, WT_Filter::post('filename'));
+$text = WT_Filter::postArray('text');
+$tag = WT_Filter::postArray('tag', WT_REGEX_TAG);
+$islink = WT_Filter::postArray('islink');
+$glevels = WT_Filter::postArray('glevels', '[0-9]');
-$folder = safe_POST('folder', WT_REGEX_UNSAFE);
-$update_CHAN = !safe_POST_bool('preserve_last_changed');
+$folder = WT_Filter::post('folder');
+$update_CHAN = !WT_Filter::postBool('preserve_last_changed');
$controller = new WT_Controller_Simple();
$controller
@@ -224,7 +224,7 @@ case 'create': // Save the information from the “showcreateform” action
$controller->pageHeader();
// Build the gedcom record
- $newged = "0 @new@ OBJE\n";
+ $newged = "0 @new@ OBJE";
if ($tag[0]=='FILE') {
// The admin has an edit field to change the file name
$text[0] = $folderName . $fileName;
@@ -752,5 +752,3 @@ function get_first_tag($level, $tag, $gedrec, $num=1) {
}
return substr($temp, 2, $length-2);
}
-
-
diff --git a/admin_media.php b/admin_media.php
index 21618e9e52..0ab1364b81 100644
--- a/admin_media.php
+++ b/admin_media.php
@@ -21,11 +21,11 @@ require './includes/session.php';
require WT_ROOT . 'includes/functions/functions_edit.php';
// type of file/object to include
-$files = safe_GET('files', array('local', 'external', 'unused'), 'local');
+$files = WT_Filter::get('files', 'local|external|unused', 'local');
// family tree setting MEDIA_DIRECTORY
$media_folders = all_media_folders();
-$media_folder = safe_GET('media_folder', WT_REGEX_UNSAFE);
+$media_folder = WT_Filter::get('media_folder');
// User folders may contain special characters. Restrict to actual folders.
if (!array_key_exists($media_folder, $media_folders)) {
$media_folder = reset($media_folders);
@@ -33,24 +33,24 @@ if (!array_key_exists($media_folder, $media_folders)) {
// prefix to filename
$media_paths = media_paths($media_folder);
-$media_path = safe_GET('media_path', WT_REGEX_UNSAFE);
+$media_path = WT_Filter::get('media_path');
// User paths may contain special characters. Restrict to actual paths.
if (!array_key_exists($media_path, $media_paths)) {
$media_path = reset($media_paths);
}
// subfolders within $media_path
-$subfolders = safe_GET('subfolders', array('include', 'exclude'), 'include');
-$action = safe_GET('action');
+$subfolders = WT_Filter::get('subfolders', 'include|exclude', 'include');
+$action = WT_Filter::get('action');
////////////////////////////////////////////////////////////////////////////////
// POST callback for file deletion
////////////////////////////////////////////////////////////////////////////////
-$delete_file = safe_POST('delete', WT_REGEX_UNSAFE);
+$delete_file = WT_Filter::post('delete');
if ($delete_file) {
$controller = new WT_Controller_Ajax;
// Only delete valid (i.e. unused) media files
- $media_folder = safe_POST('media_folder', WT_REGEX_UNSAFE);
+ $media_folder = WT_Filter::post('media_folder');
$disk_files = all_disk_files ($media_folder, '', 'include', '');
if (in_array($delete_file, $disk_files)) {
$tmp = WT_DATA_DIR . $media_folder . $delete_file;
@@ -81,9 +81,9 @@ if ($delete_file) {
switch($action) {
case 'load_json':
Zend_Session::writeClose();
- $sSearch = safe_GET('sSearch');
- $iDisplayStart = (int)safe_GET('iDisplayStart');
- $iDisplayLength = (int)safe_GET('iDisplayLength');
+ $sSearch = WT_Filter::get('sSearch');
+ $iDisplayStart = WT_Filter::getInteger('iDisplayStart');
+ $iDisplayLength = WT_Filter::getInteger('iDisplayLength');
switch ($files) {
case 'local':
@@ -123,18 +123,18 @@ case 'load_json':
} else {
$LIMIT = "";
}
- $iSortingCols=safe_GET('iSortingCols');
+ $iSortingCols=WT_Filter::getInteger('iSortingCols');
if ($iSortingCols) {
$ORDER_BY = " ORDER BY ";
for ($i=0; $i<$iSortingCols; ++$i) {
// Datatables numbers columns 0, 1, 2, ...
// MySQL numbers columns 1, 2, 3, ...
- switch (safe_GET('sSortDir_'.$i)) {
+ switch (WT_Filter::get('sSortDir_'.$i)) {
case 'asc':
- $ORDER_BY .= (1+(int)safe_GET('iSortCol_'.$i)).' ASC ';
+ $ORDER_BY .= (1 + WT_Filter::getInteger('iSortCol_'.$i)).' ASC ';
break;
case 'desc':
- $ORDER_BY .= (1+(int)safe_GET('iSortCol_'.$i)).' DESC ';
+ $ORDER_BY .= (1 + WT_Filter::getInteger('iSortCol_'.$i)).' DESC ';
break;
}
if ($i<$iSortingCols-1) {
@@ -181,18 +181,18 @@ case 'load_json':
} else {
$LIMIT = "";
}
- $iSortingCols = safe_GET('iSortingCols');
+ $iSortingCols = WT_Filter::getInteger('iSortingCols');
if ($iSortingCols) {
$ORDER_BY = " ORDER BY ";
for ($i=0; $i<$iSortingCols; ++$i) {
// Datatables numbers columns 0, 1, 2, ...
// MySQL numbers columns 1, 2, 3, ...
- switch (safe_GET('sSortDir_'.$i)) {
+ switch (WT_Filter::get('sSortDir_'.$i)) {
case 'asc':
- $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' ASC ';
+ $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' ASC ';
break;
case 'desc':
- $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' DESC ';
+ $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' DESC ';
break;
}
if ($i<$iSortingCols-1) {
@@ -247,7 +247,7 @@ case 'load_json':
// Sort files - only option is column 0
sort($unused_files);
- if (safe_GET('sSortDir_0')=='desc') {
+ if (WT_Filter::get('sSortDir_0')=='desc') {
$unused_files = array_reverse($unused_files);
}
@@ -300,7 +300,7 @@ case 'load_json':
header('Content-type: application/json');
echo json_encode(array( // See http://www.datatables.net/usage/server-side
- 'sEcho' => (int)safe_GET('sEcho'),
+ 'sEcho' => WT_Filter::getInteger('sEcho'), // String, but always an integer
'iTotalRecords' => $iTotalRecords,
'iTotalDisplayRecords' => $iTotalDisplayRecords,
'aaData' => $aaData
@@ -599,4 +599,4 @@ $controller
</thead>
<tbody>
</tbody>
-</table>
+</table> \ No newline at end of file
diff --git a/admin_media_upload.php b/admin_media_upload.php
index 0560e6c718..b86b329028 100644
--- a/admin_media_upload.php
+++ b/admin_media_upload.php
@@ -31,12 +31,12 @@ $controller
->requireEditorLogin() /* Editing may be disabled, even for admins */
->setPageTitle(WT_I18N::translate('Upload media files'));
-$action = safe_POST('action');
+$action = WT_Filter::post('action');
if ($action == "upload") {
for ($i=1; $i<6; $i++) {
if (!empty($_FILES['mediafile'.$i]["name"]) || !empty($_FILES['thumbnail'.$i]["name"])) {
- $folder = safe_POST('folder' . $i, WT_REGEX_UNSAFE);
+ $folder = WT_Filter::post('folder' . $i);
// Validate the media folder
$folderName = str_replace('\\', '/', $folder);
@@ -100,7 +100,7 @@ if ($action == "upload") {
}
// User-specified filename?
- $filename = safe_POST('filename' . $i, WT_REGEX_UNSAFE);
+ $filename = WT_Filter::post('filename' . $i);
// Use the name of the uploaded file?
if (!$filename && !empty($_FILES['mediafile' . $i]['name'])) {
$filename = $_FILES['mediafile' . $i]['name'];
@@ -232,4 +232,4 @@ for ($i=1; $i<6; $i++) {
}
// Print the Submit button for uploading the media
echo '<input type="submit" value="', WT_I18N::translate('Upload'), '">';
-echo '</form>';
+echo '</form>'; \ No newline at end of file
diff --git a/admin_module_blocks.php b/admin_module_blocks.php
index e970ae6bec..9f1130faf4 100644
--- a/admin_module_blocks.php
+++ b/admin_module_blocks.php
@@ -30,12 +30,12 @@ $controller
$modules=WT_Module::getActiveBlocks(WT_GED_ID, WT_PRIV_HIDE);
-$action = safe_POST('action');
+$action = WT_Filter::post('action');
if ($action=='update_mods') {
foreach ($modules as $module_name=>$module) {
foreach (WT_Tree::getAll() as $tree) {
- $value = safe_POST("blockaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel());
+ $value = WT_Filter::post("blockaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel());
WT_DB::prepare(
"REPLACE INTO `##module_privacy` (module_name, gedcom_id, component, access_level) VALUES (?, ?, 'block', ?)"
)->execute(array($module_name, $tree->tree_id, $value));
@@ -89,4 +89,4 @@ if ($action=='update_mods') {
</table>
<input type="submit" value="<?php echo WT_I18N::translate('save'); ?>">
</form>
-</div>
+</div> \ No newline at end of file
diff --git a/admin_module_menus.php b/admin_module_menus.php
index b86e59fd4f..07794e67f3 100644
--- a/admin_module_menus.php
+++ b/admin_module_menus.php
@@ -42,17 +42,17 @@ $controller
$modules=WT_Module::getActiveMenus(WT_GED_ID, WT_PRIV_HIDE);
-$action = safe_POST('action');
+$action = WT_Filter::post('action');
if ($action=='update_mods') {
foreach ($modules as $module_name=>$module) {
foreach (WT_Tree::getAll() as $tree) {
- $access_level = safe_POST("menuaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel());
+ $access_level = WT_Filter::post("menuaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel());
WT_DB::prepare(
"REPLACE INTO `##module_privacy` (module_name, gedcom_id, component, access_level) VALUES (?, ?, 'menu', ?)"
)->execute(array($module_name, $tree->tree_id, $access_level));
}
- $order = safe_POST('menuorder-'.$module_name);
+ $order = WT_Filter::post('menuorder-'.$module_name);
WT_DB::prepare(
"UPDATE `##module` SET menu_order=? WHERE module_name=?"
)->execute(array($order, $module_name));
@@ -110,4 +110,4 @@ if ($action=='update_mods') {
</table>
<input type="submit" value="<?php echo WT_I18N::translate('save'); ?>">
</form>
-</div>
+</div> \ No newline at end of file
diff --git a/admin_module_reports.php b/admin_module_reports.php
index a6f773a0d2..62d246d129 100644
--- a/admin_module_reports.php
+++ b/admin_module_reports.php
@@ -30,12 +30,12 @@ $controller
$modules=WT_Module::getActiveReports(WT_GED_ID, WT_PRIV_HIDE);
-$action = safe_POST('action');
+$action = WT_Filter::post('action');
if ($action=='update_mods') {
foreach ($modules as $module_name=>$module) {
foreach (WT_Tree::getAll() as $tree) {
- $value = safe_POST("reportaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel());
+ $value = WT_Filter::post("reportaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel());
WT_DB::prepare(
"REPLACE INTO `##module_privacy` (module_name, gedcom_id, component, access_level) VALUES (?, ?, 'report', ?)"
)->execute(array($module_name, $tree->tree_id, $value));
@@ -89,4 +89,4 @@ if ($action=='update_mods') {
</table>
<input type="submit" value="<?php echo WT_I18N::translate('save'); ?>">
</form>
-</div>
+</div> \ No newline at end of file
diff --git a/admin_module_sidebar.php b/admin_module_sidebar.php
index 4b2598f5be..4f7c93f150 100644
--- a/admin_module_sidebar.php
+++ b/admin_module_sidebar.php
@@ -42,17 +42,17 @@ $controller
$modules=WT_Module::getActiveSidebars(WT_GED_ID, WT_PRIV_HIDE);
-$action = safe_POST('action');
+$action = WT_Filter::post('action');
if ($action=='update_mods') {
foreach ($modules as $module_name=>$module) {
foreach (WT_Tree::getAll() as $tree) {
- $access_level = safe_POST("sidebaraccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel());
+ $access_level = WT_Filter::post("sidebaraccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel());
WT_DB::prepare(
"REPLACE INTO `##module_privacy` (module_name, gedcom_id, component, access_level) VALUES (?, ?, 'sidebar', ?)"
)->execute(array($module_name, $tree->tree_id, $access_level));
}
- $order = safe_POST('sidebarorder-'.$module_name);
+ $order = WT_Filter::post('sidebarorder-'.$module_name);
WT_DB::prepare(
"UPDATE `##module` SET sidebar_order=? WHERE module_name=?"
)->execute(array($order, $module_name));
@@ -109,4 +109,4 @@ if ($action=='update_mods') {
</table>
<input type="submit" value="<?php echo WT_I18N::translate('save'); ?>">
</form>
-</div>
+</div> \ No newline at end of file
diff --git a/admin_module_tabs.php b/admin_module_tabs.php
index eba7563682..92c868e33c 100644
--- a/admin_module_tabs.php
+++ b/admin_module_tabs.php
@@ -42,17 +42,17 @@ $controller
$modules=WT_Module::getActiveTabs(WT_GED_ID, WT_PRIV_HIDE);
-$action = safe_POST('action');
+$action = WT_Filter::post('action');
if ($action=='update_mods') {
foreach ($modules as $module_name=>$module) {
foreach (WT_Tree::getAll() as $tree) {
- $access_level = safe_POST("tabaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel());
+ $access_level = WT_Filter::post("tabaccess-{$module_name}-{$tree->tree_id}", WT_REGEX_INTEGER, $module->defaultAccessLevel());
WT_DB::prepare(
"REPLACE INTO `##module_privacy` (module_name, gedcom_id, component, access_level) VALUES (?, ?, 'tab', ?)"
)->execute(array($module_name, $tree->tree_id, $access_level));
}
- $order = safe_POST('taborder-'.$module_name);
+ $order = WT_Filter::post('taborder-'.$module_name);
WT_DB::prepare(
"UPDATE `##module` SET tab_order=? WHERE module_name=?"
)->execute(array($order, $module_name));
@@ -110,4 +110,4 @@ if ($action=='update_mods') {
</table>
<input type="submit" value="<?php echo WT_I18N::translate('save'); ?>">
</form>
-</div>
+</div> \ No newline at end of file
diff --git a/admin_modules.php b/admin_modules.php
index 4013f60680..bf4604ea7e 100644
--- a/admin_modules.php
+++ b/admin_modules.php
@@ -65,10 +65,10 @@ $modules=WT_Module::getInstalledModules('disabled');
$module_status=WT_DB::prepare("SELECT module_name, status FROM `##module`")->fetchAssoc();
-switch (safe_POST('action')) {
+switch (WT_Filter::post('action')) {
case 'update_mods':
foreach ($modules as $module_name=>$status) {
- $new_status=safe_POST("status-{$module_name}");
+ $new_status=WT_Filter::post("status-{$module_name}");
if ($new_status!==null) {
$new_status=$new_status ? 'enabled' : 'disabled';
if ($new_status!=$status) {
@@ -80,9 +80,9 @@ case 'update_mods':
break;
}
-switch (safe_GET('action')) {
+switch (WT_Filter::get('action')) {
case 'delete_module':
- $module_name=safe_GET('module_name');
+ $module_name=WT_Filter::get('module_name');
WT_DB::prepare(
"DELETE `##block_setting`".
" FROM `##block_setting`".
@@ -156,4 +156,4 @@ case 'delete_module':
<input type="submit" value="<?php echo WT_I18N::translate('save'); ?>">
</form>
</div>
-</div>
+</div> \ No newline at end of file
diff --git a/admin_pgv_to_wt.php b/admin_pgv_to_wt.php
index ad03184df1..0e47d7303a 100644
--- a/admin_pgv_to_wt.php
+++ b/admin_pgv_to_wt.php
@@ -33,9 +33,9 @@ $controller
->requireAdminLogin()
->setPageTitle(WT_I18N::translate('PhpGedView to webtrees transfer wizard'));
-$error='';
-$warning='';
-$PGV_PATH=safe_POST('PGV_PATH');
+$error = '';
+$warning = '';
+$PGV_PATH = WT_Filter::post('PGV_PATH');
if ($PGV_PATH) {
if (!is_dir($PGV_PATH) || !is_readable($PGV_PATH.'/config.php')) {
@@ -1057,4 +1057,4 @@ WT_DB::exec("COMMIT");
echo '<hr>';
echo '<p>', WT_I18N::translate('You need to login again, using your PhpGedView username and password.'), '</p>';
-echo '<a href="index.php"><button>', WT_I18N::translate('continue'), '</button></a>';
+echo '<a href="index.php"><button>', WT_I18N::translate('continue'), '</button></a>'; \ No newline at end of file
diff --git a/admin_site_access.php b/admin_site_access.php
index 6a612835bd..8ec5792c2b 100644
--- a/admin_site_access.php
+++ b/admin_site_access.php
@@ -29,16 +29,16 @@ $controller
->addExternalJavascript(WT_JQUERY_JEDITABLE_URL)
->setPageTitle(WT_I18N::translate('Site access rules'));
-$action=safe_GET('action');
+$action = WT_Filter::get('action');
switch ($action) {
case 'delete':
- $user_access_rule_id=safe_GET('site_access_rule_id');
+ $user_access_rule_id = WT_Filter::getInteger('site_access_rule_id');
WT_DB::prepare("DELETE FROM `##site_access_rule` WHERE site_access_rule_id=?")->execute(array($user_access_rule_id));
break;
case 'allow':
case 'deny':
case 'robot':
- $user_access_rule_id=safe_GET('site_access_rule_id');
+ $user_access_rule_id = WT_Filter::getInteger('site_access_rule_id');
WT_DB::prepare("UPDATE `##site_access_rule` SET rule=? WHERE site_access_rule_id=?")->execute(array($action, $user_access_rule_id));
break;
case 'load_rules':
@@ -51,7 +51,7 @@ case 'load_rules':
" WHERE rule<>'unknown'";
$args=array();
- $sSearch=safe_GET('sSearch');
+ $sSearch = WT_Filter::get('sSearch');
if ($sSearch) {
$sql.=
" AND (INET_ATON(?) BETWEEN ip_address_start AND ip_address_end".
@@ -66,18 +66,18 @@ case 'load_rules':
$args[]=$sSearch;
}
- $iSortingCols=safe_GET('iSortingCols');
+ $iSortingCols = WT_Filter::getInteger('iSortingCols');
if ($iSortingCols) {
$sql.=" ORDER BY ";
for ($i=0; $i<$iSortingCols; ++$i) {
// Datatables numbers columns 0, 1, 2, ...
// MySQL numbers columns 1, 2, 3, ...
- switch (safe_GET('sSortDir_'.$i)) {
+ switch (WT_Filter::get('sSortDir_'.$i)) {
case 'asc':
- $sql.=(1+(int)safe_GET('iSortCol_'.$i)).' ASC ';
+ $sql.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' ASC ';
break;
case 'desc':
- $sql.=(1+(int)safe_GET('iSortCol_'.$i)).' DESC ';
+ $sql.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' DESC ';
break;
}
if ($i<$iSortingCols-1) {
@@ -88,8 +88,8 @@ case 'load_rules':
$sql.=" ORDER BY updated DESC";
}
- $iDisplayStart =(int)safe_GET('iDisplayStart');
- $iDisplayLength=(int)safe_GET('iDisplayLength');
+ $iDisplayStart = WT_Filter::getInteger('iDisplayStart');
+ $iDisplayLength = WT_Filter::getInteger('iDisplayLength');
if ($iDisplayLength>0) {
$sql.=" LIMIT " . $iDisplayStart . ',' . $iDisplayLength;
}
@@ -119,10 +119,10 @@ case 'load_rules':
header('Content-type: application/json');
echo json_encode(array( // See http://www.datatables.net/usage/server-side
- 'sEcho' =>(int)safe_GET('sEcho'),
- 'iTotalRecords' =>$iTotalRecords,
- 'iTotalDisplayRecords'=>$iTotalDisplayRecords,
- 'aaData' =>$aaData
+ 'sEcho' => WT_Filter::getInteger('sEcho'), // Always an integer
+ 'iTotalRecords' => $iTotalRecords,
+ 'iTotalDisplayRecords' => $iTotalDisplayRecords,
+ 'aaData' => $aaData
));
exit;
case 'load_unknown':
@@ -135,7 +135,7 @@ case 'load_unknown':
" WHERE rule='unknown'";
$args=array();
- $sSearch=safe_GET('sSearch');
+ $sSearch = WT_Filter::get('sSearch');
if ($sSearch) {
$sql.=
" AND (INET_ATON(ip_address_start) LIKE CONCAT('%', ?, '%')".
@@ -144,18 +144,18 @@ case 'load_unknown':
$args[]=$sSearch;
}
- $iSortingCols=safe_GET('iSortingCols');
+ $iSortingCols = WT_Filter::getInteger('iSortingCols');
if ($iSortingCols) {
$sql.=" ORDER BY ";
for ($i=0; $i<$iSortingCols; ++$i) {
// Datatables numbers columns 0, 1, 2, ...
// MySQL numbers columns 1, 2, 3, ...
- switch (safe_GET('sSortDir_'.$i)) {
+ switch (WT_Filter::get('sSortDir_'.$i)) {
case 'asc':
- $sql.=(1+(int)safe_GET('iSortCol_'.$i)).' ASC ';
+ $sql.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' ASC ';
break;
case 'desc':
- $sql.=(1+(int)safe_GET('iSortCol_'.$i)).' DESC ';
+ $sql.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' DESC ';
break;
}
if ($i<$iSortingCols-1) {
@@ -166,8 +166,8 @@ case 'load_unknown':
$sql.=" ORDER BY updated DESC";
}
- $iDisplayStart =(int)safe_GET('iDisplayStart');
- $iDisplayLength=(int)safe_GET('iDisplayLength');
+ $iDisplayStart = WT_Filter::getInteger('iDisplayStart');
+ $iDisplayLength = WT_Filter::getInteger('iDisplayLength');
if ($iDisplayLength>0) {
$sql.=" LIMIT " . $iDisplayStart . ',' . $iDisplayLength;
}
@@ -189,10 +189,10 @@ case 'load_unknown':
header('Content-type: application/json');
echo json_encode(array( // See http://www.datatables.net/usage/server-side
- 'sEcho' =>(int)safe_GET('sEcho'),
- 'iTotalRecords' =>$iTotalRecords,
- 'iTotalDisplayRecords'=>$iTotalDisplayRecords,
- 'aaData' =>$aaData
+ 'sEcho' => WT_Filter::getInteger('sEcho'), // Always an integer
+ 'iTotalRecords' => $iTotalRecords,
+ 'iTotalDisplayRecords' => $iTotalDisplayRecords,
+ 'aaData' => $aaData
));
exit;
}
@@ -300,4 +300,4 @@ WT_DB::exec(
<th><?php echo WT_I18N::translate('robot'); ?></th>
</tr>
</thead>
-</table>
+</table> \ No newline at end of file
diff --git a/admin_site_change.php b/admin_site_change.php
index 9ba602450d..dc02f51c2a 100644
--- a/admin_site_change.php
+++ b/admin_site_change.php
@@ -39,20 +39,20 @@ $earliest=WT_DB::prepare("SELECT DATE(MIN(change_time)) FROM `##change`")->execu
$latest =WT_DB::prepare("SELECT DATE(MAX(change_time)) FROM `##change`")->execute(array())->fetchOne();
// Filtering
-$action=safe_GET('action');
-$from =safe_GET('from', '\d\d\d\d-\d\d-\d\d', $earliest);
-$to =safe_GET('to', '\d\d\d\d-\d\d-\d\d', $latest);
-$type =safe_GET('type', array_keys($statuses));
-$oldged=safe_GET('oldged');
-$newged=safe_GET('newged');
-$xref =safe_GET('xref');
-$user =safe_GET('user');
+$action = WT_Filter::get('action');
+$from = WT_Filter::get('from', '\d\d\d\d-\d\d-\d\d', $earliest);
+$to = WT_Filter::get('to', '\d\d\d\d-\d\d-\d\d', $latest);
+$type = WT_Filter::get('type', 'accepted|rejected|pending');
+$oldged = WT_Filter::get('oldged');
+$newged = WT_Filter::get('newged');
+$xref = WT_Filter::get('xref', WT_REGEX_XREF);
+$user = WT_Filter::get('user');
if (WT_USER_IS_ADMIN) {
// Administrators can see all logs
- $gedc=safe_GET('gedc');
+ $gedc = WT_Filter::get('gedc');
} else {
// Managers can only see logs relating to this gedcom
- $gedc=WT_GEDCOM;
+ $gedc = WT_GEDCOM;
}
$query=array();
@@ -137,33 +137,33 @@ case 'export':
exit;
case 'load_json':
Zend_Session::writeClose();
- $iDisplayStart =(int)safe_GET('iDisplayStart');
- $iDisplayLength=(int)safe_GET('iDisplayLength');
+ $iDisplayStart = WT_Filter::getInteger('iDisplayStart');
+ $iDisplayLength = WT_Filter::getInteger('iDisplayLength');
set_user_setting(WT_USER_ID, 'admin_site_change_page_size', $iDisplayLength);
if ($iDisplayLength>0) {
- $LIMIT=" LIMIT " . $iDisplayStart . ',' . $iDisplayLength;
+ $LIMIT = " LIMIT " . $iDisplayStart . ',' . $iDisplayLength;
} else {
- $LIMIT="";
+ $LIMIT = "";
}
- $iSortingCols=safe_GET('iSortingCols');
+ $iSortingCols = WT_Filter::getInteger('iSortingCols');
if ($iSortingCols) {
$ORDER_BY=' ORDER BY ';
for ($i=0; $i<$iSortingCols; ++$i) {
// Datatables numbers columns 0, 1, 2, ...
// MySQL numbers columns 1, 2, 3, ...
- switch (safe_GET('sSortDir_'.$i)) {
+ switch (WT_Filter::get('sSortDir_'.$i)) {
case 'asc':
- if ((int)safe_GET('iSortCol_'.$i)==0) {
+ if (WT_Filter::getInteger('iSortCol_'.$i)==0) {
$ORDER_BY.='change_id ASC '; // column 0 is "timestamp", using change_id gives the correct order for events in the same second
} else {
- $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' ASC ';
+ $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' ASC ';
}
break;
case 'desc':
- if ((int)safe_GET('iSortCol_'.$i)==0) {
+ if (WT_Filter::getInteger('iSortCol_'.$i)==0) {
$ORDER_BY.='change_id DESC ';
} else {
- $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' DESC ';
+ $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' DESC ';
}
break;
}
@@ -190,10 +190,10 @@ case 'load_json':
header('Content-type: application/json');
echo json_encode(array( // See http://www.datatables.net/usage/server-side
- 'sEcho' =>(int)safe_GET('sEcho'),
- 'iTotalRecords' =>$iTotalRecords,
- 'iTotalDisplayRecords'=>$iTotalDisplayRecords,
- 'aaData' =>$aaData
+ 'sEcho' => WT_Filter::getInteger('sEcho'), // Always an integer
+ 'iTotalRecords' => $iTotalRecords,
+ 'iTotalDisplayRecords' => $iTotalDisplayRecords,
+ 'aaData' => $aaData
));
exit;
}
diff --git a/admin_site_logs.php b/admin_site_logs.php
index 4dfb92f11a..2271209c46 100644
--- a/admin_site_logs.php
+++ b/admin_site_logs.php
@@ -32,19 +32,19 @@ $earliest=WT_DB::prepare("SELECT DATE(MIN(log_time)) FROM `##log`")->execute(arr
$latest =WT_DB::prepare("SELECT DATE(MAX(log_time)) FROM `##log`")->execute(array())->fetchOne();
// Filtering
-$action=safe_GET('action');
-$from =safe_GET('from', '\d\d\d\d-\d\d-\d\d', $earliest);
-$to =safe_GET('to', '\d\d\d\d-\d\d-\d\d', $latest);
-$type =safe_GET('type', array('auth','change','config','debug','edit','error','media','search'));
-$text =safe_GET('text');
-$ip =safe_GET('ip');
-$user =safe_GET('user');
+$action = WT_Filter::get('action');
+$from = WT_Filter::get('from', '\d\d\d\d-\d\d-\d\d', $earliest);
+$to = WT_Filter::get('to', '\d\d\d\d-\d\d-\d\d', $latest);
+$type = WT_Filter::get('type', 'auth|change|config|debug|edit|error|media|search');
+$text = WT_Filter::get('text');
+$ip = WT_Filter::get('ip');
+$user = WT_Filter::get('user');
if (WT_USER_IS_ADMIN) {
// Administrators can see all logs
- $gedc=safe_GET('gedc');
+ $gedc = WT_Filter::get('gedc');
} else {
// Managers can only see logs relating to this gedcom
- $gedc=WT_GEDCOM;
+ $gedc = WT_GEDCOM;
}
$query=array();
@@ -120,33 +120,33 @@ case 'export':
exit;
case 'load_json':
Zend_Session::writeClose();
- $iDisplayStart =(int)safe_GET('iDisplayStart');
- $iDisplayLength=(int)safe_GET('iDisplayLength');
+ $iDisplayStart = WT_Filter::getInteger('iDisplayStart');
+ $iDisplayLength = WT_Filter::getInteger('iDisplayLength');
set_user_setting(WT_USER_ID, 'admin_site_log_page_size', $iDisplayLength);
if ($iDisplayLength>0) {
$LIMIT=" LIMIT " . $iDisplayStart . ',' . $iDisplayLength;
} else {
$LIMIT="";
}
- $iSortingCols=safe_GET('iSortingCols');
+ $iSortingCols = WT_Filter::getInteger('iSortingCols');
if ($iSortingCols) {
$ORDER_BY=' ORDER BY ';
for ($i=0; $i<$iSortingCols; ++$i) {
// Datatables numbers columns 0, 1, 2, ...
// MySQL numbers columns 1, 2, 3, ...
- switch (safe_GET('sSortDir_'.$i)) {
+ switch (WT_Filter::get('sSortDir_'.$i)) {
case 'asc':
- if ((int)safe_GET('iSortCol_'.$i)==0) {
+ if (WT_Filter::getInteger('iSortCol_'.$i)==0) {
$ORDER_BY.='log_id ASC '; // column 0 is "timestamp", using log_id gives the correct order for events in the same second
} else {
- $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' ASC ';
+ $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' ASC ';
}
break;
case 'desc':
- if ((int)safe_GET('iSortCol_'.$i)==0) {
+ if (WT_Filter::getInteger('iSortCol_'.$i)==0) {
$ORDER_BY.='log_id DESC ';
} else {
- $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' DESC ';
+ $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' DESC ';
}
break;
}
@@ -170,10 +170,10 @@ case 'load_json':
header('Content-type: application/json');
echo json_encode(array( // See http://www.datatables.net/usage/server-side
- 'sEcho' =>(int)safe_GET('sEcho'),
- 'iTotalRecords' =>$iTotalRecords,
- 'iTotalDisplayRecords'=>$iTotalDisplayRecords,
- 'aaData' =>$aaData
+ 'sEcho' => WT_Filter::getInteger('sEcho'), // Always an integer
+ 'iTotalRecords' => $iTotalRecords,
+ 'iTotalDisplayRecords' => $iTotalDisplayRecords,
+ 'aaData' => $aaData
));
exit;
}
diff --git a/admin_site_merge.php b/admin_site_merge.php
index 3fc8d02699..0bef781685 100644
--- a/admin_site_merge.php
+++ b/admin_site_merge.php
@@ -36,14 +36,12 @@ require_once WT_ROOT.'includes/functions/functions_edit.php';
require_once WT_ROOT.'includes/functions/functions_import.php';
$ged=$GEDCOM;
-$gid1=safe_POST_xref('gid1');
-$gid2=safe_POST_xref('gid2');
-$action=safe_POST('action', WT_REGEX_ALPHA, 'choose');
-$ged2=safe_POST('ged2', WT_REGEX_NOSCRIPT, $GEDCOM);
-$keep1=safe_POST('keep1', WT_REGEX_UNSAFE);
-$keep2=safe_POST('keep2', WT_REGEX_UNSAFE);
-if (empty($keep1)) $keep1=array();
-if (empty($keep2)) $keep2=array();
+$gid1 = WT_Filter::post('gid1', WT_REGEX_XREF);
+$gid2 = WT_Filter::post('gid2', WT_REGEX_XREF);
+$action = WT_Filter::post('action', 'choose|select|merge', 'choose');
+$ged2 = WT_Filter::post('ged2', '.+', $ged);
+$keep1 = WT_Filter::postArray('keep1');
+$keep2 = WT_Filter::postArray('keep2');
if (count(WT_Tree::getAll())==1) { //Removed becasue it doesn't work here for multiple GEDCOMs. Can be reinstated when fixed (https://bugs.launchpad.net/webtrees/+bug/613235)
$controller->addExternalJavascript(WT_STATIC_URL.'js/autocomplete.js');
diff --git a/admin_trees_check.php b/admin_trees_check.php
index f824667686..2ee70a4448 100644
--- a/admin_trees_check.php
+++ b/admin_trees_check.php
@@ -40,7 +40,7 @@ echo select_edit_control('ged', WT_Tree::getNameList(), null, WT_GEDCOM);
echo '<input type="submit" value="', $controller->getPageTitle(), '">';
echo '</form>';
-if (!safe_GET('go')) {
+if (!WT_Filter::get('go')) {
exit;
}
@@ -224,4 +224,4 @@ function warning($message) {
if (!$errors) {
echo '<p>', WT_I18N::translate('No errors were found.'), '</p>';
-}
+} \ No newline at end of file
diff --git a/admin_trees_config.php b/admin_trees_config.php
index 13c590e32a..66f3e1758a 100644
--- a/admin_trees_config.php
+++ b/admin_trees_config.php
@@ -39,134 +39,134 @@ $PRIVACY_CONSTANTS = array(
'hidden' => WT_I18N::translate('Hide from everyone')
);
-switch (safe_POST('action')) {
+switch (WT_Filter::post('action')) {
case 'delete':
WT_DB::prepare(
"DELETE FROM `##default_resn` WHERE default_resn_id=?"
- )->execute(array(safe_POST('default_resn_id')));
+ )->execute(array(WT_Filter::post('default_resn_id')));
// Reload the page, so that the new privacy restrictions are reflected in the header
header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.WT_SCRIPT_NAME.'#privacy');
exit;
case 'add':
- if ((safe_POST('xref') || safe_POST('tag_type')) && safe_POST('resn')) {
- if (safe_POST('xref')=='') {
+ if ((WT_Filter::post('xref') || WT_Filter::post('tag_type')) && WT_Filter::post('resn')) {
+ if (WT_Filter::post('xref')=='') {
WT_DB::prepare(
"DELETE FROM `##default_resn` WHERE gedcom_id=? AND tag_type=? AND xref IS NULL"
- )->execute(array(WT_GED_ID, safe_POST('tag_type')));
+ )->execute(array(WT_GED_ID, WT_Filter::post('tag_type')));
}
- if (safe_POST('tag_type')=='') {
+ if (WT_Filter::post('tag_type')=='') {
WT_DB::prepare(
"DELETE FROM `##default_resn` WHERE gedcom_id=? AND xref=? AND tag_type IS NULL"
- )->execute(array(WT_GED_ID, safe_POST('xref')));
+ )->execute(array(WT_GED_ID, WT_Filter::post('xref')));
}
WT_DB::prepare(
"REPLACE INTO `##default_resn` (gedcom_id, xref, tag_type, resn) VALUES (?, NULLIF(?, ''), NULLIF(?, ''), ?)"
- )->execute(array(WT_GED_ID, safe_POST_xref('xref'), safe_POST('tag_type'), safe_POST('resn')));
+ )->execute(array(WT_GED_ID, WT_Filter::post('xref', WT_REGEX_XREF), WT_Filter::post('tag_type'), WT_Filter::post('resn')));
}
// Reload the page, so that the new privacy restrictions are reflected in the header
header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.WT_SCRIPT_NAME.'#privacy');
exit;
case 'update':
- set_gedcom_setting(WT_GED_ID, 'ABBREVIATE_CHART_LABELS', safe_POST_bool('NEW_ABBREVIATE_CHART_LABELS'));
- set_gedcom_setting(WT_GED_ID, 'ADVANCED_NAME_FACTS', safe_POST('NEW_ADVANCED_NAME_FACTS'));
- set_gedcom_setting(WT_GED_ID, 'ADVANCED_PLAC_FACTS', safe_POST('NEW_ADVANCED_PLAC_FACTS'));
- set_gedcom_setting(WT_GED_ID, 'ALLOW_THEME_DROPDOWN', safe_POST_bool('NEW_ALLOW_THEME_DROPDOWN'));
+ set_gedcom_setting(WT_GED_ID, 'ABBREVIATE_CHART_LABELS', WT_Filter::postBool('NEW_ABBREVIATE_CHART_LABELS'));
+ set_gedcom_setting(WT_GED_ID, 'ADVANCED_NAME_FACTS', WT_Filter::post('NEW_ADVANCED_NAME_FACTS'));
+ set_gedcom_setting(WT_GED_ID, 'ADVANCED_PLAC_FACTS', WT_Filter::post('NEW_ADVANCED_PLAC_FACTS'));
+ set_gedcom_setting(WT_GED_ID, 'ALLOW_THEME_DROPDOWN', WT_Filter::postBool('NEW_ALLOW_THEME_DROPDOWN'));
// For backwards compatibility with webtrees 1.x we store the two calendar formats in one variable
// e.g. "gregorian_and_jewish"
set_gedcom_setting(WT_GED_ID, 'CALENDAR_FORMAT', implode('_and_', array_unique(array(
- safe_POST('NEW_CALENDAR_FORMAT0', 'gregorian|julian|french|jewish|hijri|jalali', 'none'),
- safe_POST('NEW_CALENDAR_FORMAT1', 'gregorian|julian|french|jewish|hijri|jalali', 'none')
+ WT_Filter::post('NEW_CALENDAR_FORMAT0', 'gregorian|julian|french|jewish|hijri|jalali', 'none'),
+ WT_Filter::post('NEW_CALENDAR_FORMAT1', 'gregorian|julian|french|jewish|hijri|jalali', 'none')
))));
- set_gedcom_setting(WT_GED_ID, 'CHART_BOX_TAGS', safe_POST('NEW_CHART_BOX_TAGS'));
- set_gedcom_setting(WT_GED_ID, 'COMMON_NAMES_ADD', str_replace(' ', '', safe_POST('NEW_COMMON_NAMES_ADD')));
- set_gedcom_setting(WT_GED_ID, 'COMMON_NAMES_REMOVE', str_replace(' ', '', safe_POST('NEW_COMMON_NAMES_REMOVE')));
- set_gedcom_setting(WT_GED_ID, 'COMMON_NAMES_THRESHOLD', safe_POST('NEW_COMMON_NAMES_THRESHOLD', WT_REGEX_INTEGER, 40));
- set_gedcom_setting(WT_GED_ID, 'CONTACT_USER_ID', safe_POST('NEW_CONTACT_USER_ID'));
- set_gedcom_setting(WT_GED_ID, 'DEFAULT_PEDIGREE_GENERATIONS', safe_POST('NEW_DEFAULT_PEDIGREE_GENERATIONS'));
- set_gedcom_setting(WT_GED_ID, 'EXPAND_NOTES', safe_POST_bool('NEW_EXPAND_NOTES'));
- set_gedcom_setting(WT_GED_ID, 'EXPAND_RELATIVES_EVENTS', safe_POST_bool('NEW_EXPAND_RELATIVES_EVENTS'));
- set_gedcom_setting(WT_GED_ID, 'EXPAND_SOURCES', safe_POST_bool('NEW_EXPAND_SOURCES'));
- set_gedcom_setting(WT_GED_ID, 'FAM_FACTS_ADD', str_replace(' ', '', safe_POST('NEW_FAM_FACTS_ADD')));
- set_gedcom_setting(WT_GED_ID, 'FAM_FACTS_QUICK', str_replace(' ', '', safe_POST('NEW_FAM_FACTS_QUICK')));
- set_gedcom_setting(WT_GED_ID, 'FAM_FACTS_UNIQUE', str_replace(' ', '', safe_POST('NEW_FAM_FACTS_UNIQUE')));
- set_gedcom_setting(WT_GED_ID, 'FAM_ID_PREFIX', safe_POST('NEW_FAM_ID_PREFIX'));
- set_gedcom_setting(WT_GED_ID, 'FULL_SOURCES', safe_POST_bool('NEW_FULL_SOURCES'));
- set_gedcom_setting(WT_GED_ID, 'GEDCOM_ID_PREFIX', safe_POST('NEW_GEDCOM_ID_PREFIX'));
- set_gedcom_setting(WT_GED_ID, 'GEDCOM_MEDIA_PATH', safe_POST('NEW_GEDCOM_MEDIA_PATH'));
- set_gedcom_setting(WT_GED_ID, 'GENERATE_UIDS', safe_POST_bool('NEW_GENERATE_UIDS'));
- set_gedcom_setting(WT_GED_ID, 'HIDE_GEDCOM_ERRORS', safe_POST_bool('NEW_HIDE_GEDCOM_ERRORS'));
- set_gedcom_setting(WT_GED_ID, 'HIDE_LIVE_PEOPLE', safe_POST_bool('NEW_HIDE_LIVE_PEOPLE'));
- set_gedcom_setting(WT_GED_ID, 'GEDCOM_MEDIA_PATH', safe_POST('GEDCOM_MEDIA_PATH'));
- set_gedcom_setting(WT_GED_ID, 'INDI_FACTS_ADD', str_replace(' ', '', safe_POST('NEW_INDI_FACTS_ADD')));
- set_gedcom_setting(WT_GED_ID, 'INDI_FACTS_QUICK', str_replace(' ', '', safe_POST('NEW_INDI_FACTS_QUICK')));
- set_gedcom_setting(WT_GED_ID, 'INDI_FACTS_UNIQUE', str_replace(' ', '', safe_POST('NEW_INDI_FACTS_UNIQUE')));
- set_gedcom_setting(WT_GED_ID, 'KEEP_ALIVE_YEARS_BIRTH', safe_POST('KEEP_ALIVE_YEARS_BIRTH', WT_REGEX_INTEGER, 0));
- set_gedcom_setting(WT_GED_ID, 'KEEP_ALIVE_YEARS_DEATH', safe_POST('KEEP_ALIVE_YEARS_DEATH', WT_REGEX_INTEGER, 0));
- set_gedcom_setting(WT_GED_ID, 'LANGUAGE', safe_POST('GEDCOMLANG'));
- set_gedcom_setting(WT_GED_ID, 'MAX_ALIVE_AGE', safe_POST('MAX_ALIVE_AGE', WT_REGEX_INTEGER, 100));
- set_gedcom_setting(WT_GED_ID, 'MAX_DESCENDANCY_GENERATIONS', safe_POST('NEW_MAX_DESCENDANCY_GENERATIONS'));
- set_gedcom_setting(WT_GED_ID, 'MAX_PEDIGREE_GENERATIONS', safe_POST('NEW_MAX_PEDIGREE_GENERATIONS'));
- set_gedcom_setting(WT_GED_ID, 'MEDIA_ID_PREFIX', safe_POST('NEW_MEDIA_ID_PREFIX'));
- set_gedcom_setting(WT_GED_ID, 'MEDIA_UPLOAD', safe_POST('NEW_MEDIA_UPLOAD'));
- set_gedcom_setting(WT_GED_ID, 'META_DESCRIPTION', safe_POST('NEW_META_DESCRIPTION'));
- set_gedcom_setting(WT_GED_ID, 'META_TITLE', safe_POST('NEW_META_TITLE'));
- set_gedcom_setting(WT_GED_ID, 'NOTE_ID_PREFIX', safe_POST('NEW_NOTE_ID_PREFIX'));
- set_gedcom_setting(WT_GED_ID, 'NO_UPDATE_CHAN', safe_POST_bool('NEW_NO_UPDATE_CHAN'));
- set_gedcom_setting(WT_GED_ID, 'PEDIGREE_FULL_DETAILS', safe_POST_bool('NEW_PEDIGREE_FULL_DETAILS'));
- set_gedcom_setting(WT_GED_ID, 'PEDIGREE_LAYOUT', safe_POST_bool('NEW_PEDIGREE_LAYOUT'));
- set_gedcom_setting(WT_GED_ID, 'PEDIGREE_ROOT_ID', safe_POST_xref('NEW_PEDIGREE_ROOT_ID'));
- set_gedcom_setting(WT_GED_ID, 'PEDIGREE_SHOW_GENDER', safe_POST_bool('NEW_PEDIGREE_SHOW_GENDER'));
- set_gedcom_setting(WT_GED_ID, 'PREFER_LEVEL2_SOURCES', safe_POST('NEW_PREFER_LEVEL2_SOURCES'));
- set_gedcom_setting(WT_GED_ID, 'QUICK_REQUIRED_FACTS', safe_POST('NEW_QUICK_REQUIRED_FACTS'));
- set_gedcom_setting(WT_GED_ID, 'QUICK_REQUIRED_FAMFACTS', safe_POST('NEW_QUICK_REQUIRED_FAMFACTS'));
- set_gedcom_setting(WT_GED_ID, 'REPO_FACTS_ADD', str_replace(' ', '', safe_POST('NEW_REPO_FACTS_ADD')));
- set_gedcom_setting(WT_GED_ID, 'REPO_FACTS_QUICK', str_replace(' ', '', safe_POST('NEW_REPO_FACTS_QUICK')));
- set_gedcom_setting(WT_GED_ID, 'REPO_FACTS_UNIQUE', str_replace(' ', '', safe_POST('NEW_REPO_FACTS_UNIQUE')));
- set_gedcom_setting(WT_GED_ID, 'REPO_ID_PREFIX', safe_POST('NEW_REPO_ID_PREFIX'));
- set_gedcom_setting(WT_GED_ID, 'REQUIRE_AUTHENTICATION', safe_POST_bool('NEW_REQUIRE_AUTHENTICATION'));
- set_gedcom_setting(WT_GED_ID, 'SAVE_WATERMARK_IMAGE', safe_POST_bool('NEW_SAVE_WATERMARK_IMAGE'));
- set_gedcom_setting(WT_GED_ID, 'SAVE_WATERMARK_THUMB', safe_POST_bool('NEW_SAVE_WATERMARK_THUMB'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_AGE_DIFF', safe_POST_bool('NEW_SHOW_AGE_DIFF'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_COUNTER', safe_POST_bool('NEW_SHOW_COUNTER'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_DEAD_PEOPLE', safe_POST('SHOW_DEAD_PEOPLE'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_EST_LIST_DATES', safe_POST_bool('NEW_SHOW_EST_LIST_DATES'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_FACT_ICONS', safe_POST_bool('NEW_SHOW_FACT_ICONS'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_GEDCOM_RECORD', safe_POST_bool('NEW_SHOW_GEDCOM_RECORD'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_HIGHLIGHT_IMAGES', safe_POST_bool('NEW_SHOW_HIGHLIGHT_IMAGES'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_LAST_CHANGE', safe_POST_bool('NEW_SHOW_LAST_CHANGE'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_LDS_AT_GLANCE', safe_POST_bool('NEW_SHOW_LDS_AT_GLANCE'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_LEVEL2_NOTES', safe_POST_bool('NEW_SHOW_LEVEL2_NOTES'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_LIVING_NAMES', safe_POST('SHOW_LIVING_NAMES'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_MEDIA_DOWNLOAD', safe_POST_bool('NEW_SHOW_MEDIA_DOWNLOAD'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_NO_WATERMARK', safe_POST('NEW_SHOW_NO_WATERMARK'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_PARENTS_AGE', safe_POST_bool('NEW_SHOW_PARENTS_AGE'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_PEDIGREE_PLACES', safe_POST('NEW_SHOW_PEDIGREE_PLACES'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_PEDIGREE_PLACES_SUFFIX', safe_POST_bool('NEW_SHOW_PEDIGREE_PLACES_SUFFIX'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_PRIVATE_RELATIONSHIPS', safe_POST('SHOW_PRIVATE_RELATIONSHIPS'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_RELATIVES_EVENTS', safe_POST('NEW_SHOW_RELATIVES_EVENTS'));
- set_gedcom_setting(WT_GED_ID, 'SHOW_STATS', safe_POST_bool('NEW_SHOW_STATS'));
- set_gedcom_setting(WT_GED_ID, 'SOURCE_ID_PREFIX', safe_POST('NEW_SOURCE_ID_PREFIX'));
- set_gedcom_setting(WT_GED_ID, 'SOUR_FACTS_ADD', str_replace(' ', '', safe_POST('NEW_SOUR_FACTS_ADD')));
- set_gedcom_setting(WT_GED_ID, 'SOUR_FACTS_QUICK', str_replace(' ', '', safe_POST('NEW_SOUR_FACTS_QUICK')));
- set_gedcom_setting(WT_GED_ID, 'SOUR_FACTS_UNIQUE', str_replace(' ', '', safe_POST('NEW_SOUR_FACTS_UNIQUE')));
- set_gedcom_setting(WT_GED_ID, 'SUBLIST_TRIGGER_I', safe_POST('NEW_SUBLIST_TRIGGER_I', WT_REGEX_INTEGER, 200));
- set_gedcom_setting(WT_GED_ID, 'SURNAME_LIST_STYLE', safe_POST('NEW_SURNAME_LIST_STYLE'));
- set_gedcom_setting(WT_GED_ID, 'SURNAME_TRADITION', safe_POST('NEW_SURNAME_TRADITION'));
- set_gedcom_setting(WT_GED_ID, 'THEME_DIR', safe_POST('NEW_THEME_DIR'));
- set_gedcom_setting(WT_GED_ID, 'THUMBNAIL_WIDTH', safe_POST('NEW_THUMBNAIL_WIDTH'));
- set_gedcom_setting(WT_GED_ID, 'USE_GEONAMES', safe_POST_bool('NEW_USE_GEONAMES'));
- set_gedcom_setting(WT_GED_ID, 'USE_RIN', safe_POST_bool('NEW_USE_RIN'));
- set_gedcom_setting(WT_GED_ID, 'USE_SILHOUETTE', safe_POST_bool('NEW_USE_SILHOUETTE'));
- set_gedcom_setting(WT_GED_ID, 'WATERMARK_THUMB', safe_POST_bool('NEW_WATERMARK_THUMB'));
- set_gedcom_setting(WT_GED_ID, 'WEBMASTER_USER_ID', safe_POST('NEW_WEBMASTER_USER_ID'));
- set_gedcom_setting(WT_GED_ID, 'WEBTREES_EMAIL', safe_POST('NEW_WEBTREES_EMAIL'));
- set_gedcom_setting(WT_GED_ID, 'WORD_WRAPPED_NOTES', safe_POST_bool('NEW_WORD_WRAPPED_NOTES'));
- if (safe_POST('gedcom_title', WT_REGEX_UNSAFE)) {
- set_gedcom_setting(WT_GED_ID, 'title', safe_POST('gedcom_title', WT_REGEX_UNSAFE));
+ set_gedcom_setting(WT_GED_ID, 'CHART_BOX_TAGS', WT_Filter::post('NEW_CHART_BOX_TAGS'));
+ set_gedcom_setting(WT_GED_ID, 'COMMON_NAMES_ADD', str_replace(' ', '', WT_Filter::post('NEW_COMMON_NAMES_ADD')));
+ set_gedcom_setting(WT_GED_ID, 'COMMON_NAMES_REMOVE', str_replace(' ', '', WT_Filter::post('NEW_COMMON_NAMES_REMOVE')));
+ set_gedcom_setting(WT_GED_ID, 'COMMON_NAMES_THRESHOLD', WT_Filter::post('NEW_COMMON_NAMES_THRESHOLD', WT_REGEX_INTEGER, 40));
+ set_gedcom_setting(WT_GED_ID, 'CONTACT_USER_ID', WT_Filter::post('NEW_CONTACT_USER_ID'));
+ set_gedcom_setting(WT_GED_ID, 'DEFAULT_PEDIGREE_GENERATIONS', WT_Filter::post('NEW_DEFAULT_PEDIGREE_GENERATIONS'));
+ set_gedcom_setting(WT_GED_ID, 'EXPAND_NOTES', WT_Filter::postBool('NEW_EXPAND_NOTES'));
+ set_gedcom_setting(WT_GED_ID, 'EXPAND_RELATIVES_EVENTS', WT_Filter::postBool('NEW_EXPAND_RELATIVES_EVENTS'));
+ set_gedcom_setting(WT_GED_ID, 'EXPAND_SOURCES', WT_Filter::postBool('NEW_EXPAND_SOURCES'));
+ set_gedcom_setting(WT_GED_ID, 'FAM_FACTS_ADD', str_replace(' ', '', WT_Filter::post('NEW_FAM_FACTS_ADD')));
+ set_gedcom_setting(WT_GED_ID, 'FAM_FACTS_QUICK', str_replace(' ', '', WT_Filter::post('NEW_FAM_FACTS_QUICK')));
+ set_gedcom_setting(WT_GED_ID, 'FAM_FACTS_UNIQUE', str_replace(' ', '', WT_Filter::post('NEW_FAM_FACTS_UNIQUE')));
+ set_gedcom_setting(WT_GED_ID, 'FAM_ID_PREFIX', WT_Filter::post('NEW_FAM_ID_PREFIX'));
+ set_gedcom_setting(WT_GED_ID, 'FULL_SOURCES', WT_Filter::postBool('NEW_FULL_SOURCES'));
+ set_gedcom_setting(WT_GED_ID, 'GEDCOM_ID_PREFIX', WT_Filter::post('NEW_GEDCOM_ID_PREFIX'));
+ set_gedcom_setting(WT_GED_ID, 'GEDCOM_MEDIA_PATH', WT_Filter::post('NEW_GEDCOM_MEDIA_PATH'));
+ set_gedcom_setting(WT_GED_ID, 'GENERATE_UIDS', WT_Filter::postBool('NEW_GENERATE_UIDS'));
+ set_gedcom_setting(WT_GED_ID, 'HIDE_GEDCOM_ERRORS', WT_Filter::postBool('NEW_HIDE_GEDCOM_ERRORS'));
+ set_gedcom_setting(WT_GED_ID, 'HIDE_LIVE_PEOPLE', WT_Filter::postBool('NEW_HIDE_LIVE_PEOPLE'));
+ set_gedcom_setting(WT_GED_ID, 'GEDCOM_MEDIA_PATH', WT_Filter::post('GEDCOM_MEDIA_PATH'));
+ set_gedcom_setting(WT_GED_ID, 'INDI_FACTS_ADD', str_replace(' ', '', WT_Filter::post('NEW_INDI_FACTS_ADD')));
+ set_gedcom_setting(WT_GED_ID, 'INDI_FACTS_QUICK', str_replace(' ', '', WT_Filter::post('NEW_INDI_FACTS_QUICK')));
+ set_gedcom_setting(WT_GED_ID, 'INDI_FACTS_UNIQUE', str_replace(' ', '', WT_Filter::post('NEW_INDI_FACTS_UNIQUE')));
+ set_gedcom_setting(WT_GED_ID, 'KEEP_ALIVE_YEARS_BIRTH', WT_Filter::post('KEEP_ALIVE_YEARS_BIRTH', WT_REGEX_INTEGER, 0));
+ set_gedcom_setting(WT_GED_ID, 'KEEP_ALIVE_YEARS_DEATH', WT_Filter::post('KEEP_ALIVE_YEARS_DEATH', WT_REGEX_INTEGER, 0));
+ set_gedcom_setting(WT_GED_ID, 'LANGUAGE', WT_Filter::post('GEDCOMLANG'));
+ set_gedcom_setting(WT_GED_ID, 'MAX_ALIVE_AGE', WT_Filter::post('MAX_ALIVE_AGE', WT_REGEX_INTEGER, 100));
+ set_gedcom_setting(WT_GED_ID, 'MAX_DESCENDANCY_GENERATIONS', WT_Filter::post('NEW_MAX_DESCENDANCY_GENERATIONS'));
+ set_gedcom_setting(WT_GED_ID, 'MAX_PEDIGREE_GENERATIONS', WT_Filter::post('NEW_MAX_PEDIGREE_GENERATIONS'));
+ set_gedcom_setting(WT_GED_ID, 'MEDIA_ID_PREFIX', WT_Filter::post('NEW_MEDIA_ID_PREFIX'));
+ set_gedcom_setting(WT_GED_ID, 'MEDIA_UPLOAD', WT_Filter::post('NEW_MEDIA_UPLOAD'));
+ set_gedcom_setting(WT_GED_ID, 'META_DESCRIPTION', WT_Filter::post('NEW_META_DESCRIPTION'));
+ set_gedcom_setting(WT_GED_ID, 'META_TITLE', WT_Filter::post('NEW_META_TITLE'));
+ set_gedcom_setting(WT_GED_ID, 'NOTE_ID_PREFIX', WT_Filter::post('NEW_NOTE_ID_PREFIX'));
+ set_gedcom_setting(WT_GED_ID, 'NO_UPDATE_CHAN', WT_Filter::postBool('NEW_NO_UPDATE_CHAN'));
+ set_gedcom_setting(WT_GED_ID, 'PEDIGREE_FULL_DETAILS', WT_Filter::postBool('NEW_PEDIGREE_FULL_DETAILS'));
+ set_gedcom_setting(WT_GED_ID, 'PEDIGREE_LAYOUT', WT_Filter::postBool('NEW_PEDIGREE_LAYOUT'));
+ set_gedcom_setting(WT_GED_ID, 'PEDIGREE_ROOT_ID', WT_Filter::post('NEW_PEDIGREE_ROOT_ID', WT_REGEX_XREF));
+ set_gedcom_setting(WT_GED_ID, 'PEDIGREE_SHOW_GENDER', WT_Filter::postBool('NEW_PEDIGREE_SHOW_GENDER'));
+ set_gedcom_setting(WT_GED_ID, 'PREFER_LEVEL2_SOURCES', WT_Filter::post('NEW_PREFER_LEVEL2_SOURCES'));
+ set_gedcom_setting(WT_GED_ID, 'QUICK_REQUIRED_FACTS', WT_Filter::post('NEW_QUICK_REQUIRED_FACTS'));
+ set_gedcom_setting(WT_GED_ID, 'QUICK_REQUIRED_FAMFACTS', WT_Filter::post('NEW_QUICK_REQUIRED_FAMFACTS'));
+ set_gedcom_setting(WT_GED_ID, 'REPO_FACTS_ADD', str_replace(' ', '', WT_Filter::post('NEW_REPO_FACTS_ADD')));
+ set_gedcom_setting(WT_GED_ID, 'REPO_FACTS_QUICK', str_replace(' ', '', WT_Filter::post('NEW_REPO_FACTS_QUICK')));
+ set_gedcom_setting(WT_GED_ID, 'REPO_FACTS_UNIQUE', str_replace(' ', '', WT_Filter::post('NEW_REPO_FACTS_UNIQUE')));
+ set_gedcom_setting(WT_GED_ID, 'REPO_ID_PREFIX', WT_Filter::post('NEW_REPO_ID_PREFIX'));
+ set_gedcom_setting(WT_GED_ID, 'REQUIRE_AUTHENTICATION', WT_Filter::postBool('NEW_REQUIRE_AUTHENTICATION'));
+ set_gedcom_setting(WT_GED_ID, 'SAVE_WATERMARK_IMAGE', WT_Filter::postBool('NEW_SAVE_WATERMARK_IMAGE'));
+ set_gedcom_setting(WT_GED_ID, 'SAVE_WATERMARK_THUMB', WT_Filter::postBool('NEW_SAVE_WATERMARK_THUMB'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_AGE_DIFF', WT_Filter::postBool('NEW_SHOW_AGE_DIFF'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_COUNTER', WT_Filter::postBool('NEW_SHOW_COUNTER'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_DEAD_PEOPLE', WT_Filter::post('SHOW_DEAD_PEOPLE'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_EST_LIST_DATES', WT_Filter::postBool('NEW_SHOW_EST_LIST_DATES'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_FACT_ICONS', WT_Filter::postBool('NEW_SHOW_FACT_ICONS'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_GEDCOM_RECORD', WT_Filter::postBool('NEW_SHOW_GEDCOM_RECORD'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_HIGHLIGHT_IMAGES', WT_Filter::postBool('NEW_SHOW_HIGHLIGHT_IMAGES'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_LAST_CHANGE', WT_Filter::postBool('NEW_SHOW_LAST_CHANGE'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_LDS_AT_GLANCE', WT_Filter::postBool('NEW_SHOW_LDS_AT_GLANCE'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_LEVEL2_NOTES', WT_Filter::postBool('NEW_SHOW_LEVEL2_NOTES'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_LIVING_NAMES', WT_Filter::post('SHOW_LIVING_NAMES'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_MEDIA_DOWNLOAD', WT_Filter::postBool('NEW_SHOW_MEDIA_DOWNLOAD'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_NO_WATERMARK', WT_Filter::post('NEW_SHOW_NO_WATERMARK'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_PARENTS_AGE', WT_Filter::postBool('NEW_SHOW_PARENTS_AGE'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_PEDIGREE_PLACES', WT_Filter::post('NEW_SHOW_PEDIGREE_PLACES'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_PEDIGREE_PLACES_SUFFIX', WT_Filter::postBool('NEW_SHOW_PEDIGREE_PLACES_SUFFIX'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_PRIVATE_RELATIONSHIPS', WT_Filter::post('SHOW_PRIVATE_RELATIONSHIPS'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_RELATIVES_EVENTS', WT_Filter::post('NEW_SHOW_RELATIVES_EVENTS'));
+ set_gedcom_setting(WT_GED_ID, 'SHOW_STATS', WT_Filter::postBool('NEW_SHOW_STATS'));
+ set_gedcom_setting(WT_GED_ID, 'SOURCE_ID_PREFIX', WT_Filter::post('NEW_SOURCE_ID_PREFIX'));
+ set_gedcom_setting(WT_GED_ID, 'SOUR_FACTS_ADD', str_replace(' ', '', WT_Filter::post('NEW_SOUR_FACTS_ADD')));
+ set_gedcom_setting(WT_GED_ID, 'SOUR_FACTS_QUICK', str_replace(' ', '', WT_Filter::post('NEW_SOUR_FACTS_QUICK')));
+ set_gedcom_setting(WT_GED_ID, 'SOUR_FACTS_UNIQUE', str_replace(' ', '', WT_Filter::post('NEW_SOUR_FACTS_UNIQUE')));
+ set_gedcom_setting(WT_GED_ID, 'SUBLIST_TRIGGER_I', WT_Filter::post('NEW_SUBLIST_TRIGGER_I', WT_REGEX_INTEGER, 200));
+ set_gedcom_setting(WT_GED_ID, 'SURNAME_LIST_STYLE', WT_Filter::post('NEW_SURNAME_LIST_STYLE'));
+ set_gedcom_setting(WT_GED_ID, 'SURNAME_TRADITION', WT_Filter::post('NEW_SURNAME_TRADITION'));
+ set_gedcom_setting(WT_GED_ID, 'THEME_DIR', WT_Filter::post('NEW_THEME_DIR'));
+ set_gedcom_setting(WT_GED_ID, 'THUMBNAIL_WIDTH', WT_Filter::post('NEW_THUMBNAIL_WIDTH'));
+ set_gedcom_setting(WT_GED_ID, 'USE_GEONAMES', WT_Filter::postBool('NEW_USE_GEONAMES'));
+ set_gedcom_setting(WT_GED_ID, 'USE_RIN', WT_Filter::postBool('NEW_USE_RIN'));
+ set_gedcom_setting(WT_GED_ID, 'USE_SILHOUETTE', WT_Filter::postBool('NEW_USE_SILHOUETTE'));
+ set_gedcom_setting(WT_GED_ID, 'WATERMARK_THUMB', WT_Filter::postBool('NEW_WATERMARK_THUMB'));
+ set_gedcom_setting(WT_GED_ID, 'WEBMASTER_USER_ID', WT_Filter::post('NEW_WEBMASTER_USER_ID'));
+ set_gedcom_setting(WT_GED_ID, 'WEBTREES_EMAIL', WT_Filter::post('NEW_WEBTREES_EMAIL'));
+ set_gedcom_setting(WT_GED_ID, 'WORD_WRAPPED_NOTES', WT_Filter::postBool('NEW_WORD_WRAPPED_NOTES'));
+ if (WT_Filter::post('gedcom_title')) {
+ set_gedcom_setting(WT_GED_ID, 'title', WT_Filter::post('gedcom_title'));
}
// Only accept valid folders for NEW_MEDIA_DIRECTORY
- $NEW_MEDIA_DIRECTORY = preg_replace('/[\/\\\\]+/', '/', safe_POST('NEW_MEDIA_DIRECTORY') . '/');
+ $NEW_MEDIA_DIRECTORY = preg_replace('/[\/\\\\]+/', '/', WT_Filter::post('NEW_MEDIA_DIRECTORY') . '/');
if (substr($NEW_MEDIA_DIRECTORY, 0, 1) == '/') {
$NEW_MEDIA_DIRECTORY = substr($NEW_MEDIA_DIRECTORY, 1);
}
diff --git a/admin_trees_download.php b/admin_trees_download.php
index 7235a2985c..1b7130365d 100644
--- a/admin_trees_download.php
+++ b/admin_trees_download.php
@@ -31,11 +31,11 @@ $controller
->requireManagerLogin();
// Validate user parameters
-$action = safe_GET('action', 'download');
-$convert = safe_GET('convert', 'yes', 'no');
-$zip = safe_GET('zip', 'yes', 'no');
-$conv_path = safe_GET('conv_path', WT_REGEX_NOSCRIPT);
-$privatize_export = safe_GET('privatize_export', array('none', 'visitor', 'user', 'gedadmin'));
+$action = WT_Filter::get('action', 'download');
+$convert = WT_Filter::get('convert', 'yes|no', 'no');
+$zip = WT_Filter::get('zip', 'yes|no', 'no');
+$conv_path = WT_Filter::get('conv_path');
+$privatize_export = WT_Filter::get('privatize_export', 'none|visitor|user|gedadmin');
if ($action == 'download') {
$exportOptions = array();
@@ -136,4 +136,4 @@ $controller->pageHeader();
</div>
<br>
<input type="submit" value="<?php echo WT_I18N::translate('continue'); ?>">
-</form>
+</form> \ No newline at end of file
diff --git a/admin_trees_manage.php b/admin_trees_manage.php
index b80371e689..d9a803a260 100644
--- a/admin_trees_manage.php
+++ b/admin_trees_manage.php
@@ -71,7 +71,7 @@ function import_gedcom_file($gedcom_id, $path, $filename) {
}
// Process GET actions
-switch (safe_GET('action')) {
+switch (WT_Filter::get('action')) {
case 'delete':
WT_Tree::delete(WT_GED_ID);
header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.WT_SCRIPT_NAME);
@@ -79,18 +79,18 @@ case 'delete':
}
// Process POST actions
-switch (safe_POST('action')) {
+switch (WT_Filter::post('action')) {
case 'setdefault':
- WT_Site::preference('DEFAULT_GEDCOM', safe_POST('default_ged'));
+ WT_Site::preference('DEFAULT_GEDCOM', WT_Filter::post('default_ged'));
break;
case 'new_ged':
- $ged_name=basename(safe_POST('ged_name'));
+ $ged_name=basename(WT_Filter::post('ged_name'));
if ($ged_name) {
WT_Tree::create($ged_name);
}
break;
case 'replace_upload':
- $gedcom_id=safe_POST('gedcom_id');
+ $gedcom_id=WT_Filter::postInteger('gedcom_id');
// Make sure the gedcom still exists
if (get_gedcom_from_id($gedcom_id)) {
foreach ($_FILES as $FILE) {
@@ -99,26 +99,26 @@ case 'replace_upload':
}
}
}
- header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.WT_SCRIPT_NAME.'?keep_media'.$gedcom_id.'='.safe_POST_bool('keep_media'.$gedcom_id));
+ header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.WT_SCRIPT_NAME.'?keep_media'.$gedcom_id.'='.WT_Filter::postBool('keep_media'.$gedcom_id));
exit;
case 'replace_import':
- $gedcom_id=safe_POST('gedcom_id');
+ $gedcom_id=WT_Filter::postInteger('gedcom_id');
// Make sure the gedcom still exists
if (get_gedcom_from_id($gedcom_id)) {
- $ged_name=basename(safe_POST('ged_name'));
+ $ged_name=basename(WT_Filter::post('ged_name'));
import_gedcom_file($gedcom_id, WT_DATA_DIR.$ged_name, $ged_name);
}
- header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.WT_SCRIPT_NAME.'?keep_media'.$gedcom_id.'='.safe_POST_bool('keep_media'.$gedcom_id));
+ header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.WT_SCRIPT_NAME.'?keep_media'.$gedcom_id.'='.WT_Filter::postBool('keep_media'.$gedcom_id));
exit;
}
$controller->pageHeader();
// Process GET actions
-switch (safe_GET('action')) {
+switch (WT_Filter::get('action')) {
case 'uploadform':
case 'importform':
- $gedcom_id=safe_GET('gedcom_id');
+ $gedcom_id=WT_Filter::getInteger('gedcom_id');
$gedcom_name=get_gedcom_from_id($gedcom_id);
// Check it exists
if (!$gedcom_name) {
@@ -129,7 +129,7 @@ case 'importform':
$previous_gedcom_filename=get_gedcom_setting($gedcom_id, 'gedcom_filename');
echo '<form name="replaceform" method="post" enctype="multipart/form-data" action="', WT_SCRIPT_NAME, '" onsubmit="var newfile = document.replaceform.ged_name.value; newfile = newfile.substr(newfile.lastIndexOf(\'\\\\\')+1); if (newfile!=\'', WT_Filter::escapeHtml($previous_gedcom_filename), '\' && \'\' != \'', WT_Filter::escapeHtml($previous_gedcom_filename), '\') return confirm(\'', WT_Filter::escapeHtml(WT_I18N::translate('You have selected a GEDCOM with a different name. Is this correct?')), '\'); else return true;">';
echo '<input type="hidden" name="gedcom_id" value="', $gedcom_id, '">';
- if (safe_GET('action')=='uploadform') {
+ if (WT_Filter::get('action')=='uploadform') {
echo '<input type="hidden" name="action" value="replace_upload">';
echo '<input type="file" name="ged_name">';
} else {
@@ -199,7 +199,7 @@ foreach (WT_Tree::GetAll() as $tree) {
echo '<div id="import', $tree->tree_id, '"></div>';
}
$controller->addInlineJavascript(
- 'jQuery("#import'.$tree->tree_id.'").load("import.php?gedcom_id='.$tree->tree_id.'&keep_media'.$tree->tree_id.'='.safe_GET('keep_media'.$tree->tree_id).'");'
+ 'jQuery("#import'.$tree->tree_id.'").load("import.php?gedcom_id='.$tree->tree_id.'&keep_media'.$tree->tree_id.'='.WT_Filter::get('keep_media'.$tree->tree_id).'");'
);
echo '<table border="0" width="100%" id="actions', $tree->tree_id, '" style="display:none">';
} else {
@@ -264,4 +264,3 @@ if (WT_USER_IS_ADMIN) {
'</div>';
}
}
-
diff --git a/admin_users.php b/admin_users.php
index e6cd434360..ff89221b12 100644
--- a/admin_users.php
+++ b/admin_users.php
@@ -32,7 +32,6 @@ $controller
require_once WT_ROOT.'includes/functions/functions_edit.php';
// Valid values for form variables
-$ALL_ACTIONS=array('cleanup', 'cleanup2', 'createform', 'createuser', 'deleteuser', 'listusers', 'loadrows', 'load1row');
$ALL_THEMES_DIRS=array();
foreach (get_theme_names() as $themename=>$themedir) {
$ALL_THEME_DIRS[]=$themedir;
@@ -46,33 +45,33 @@ $ALL_EDIT_OPTIONS=array(
);
// Form actions
-$action =safe_GET('action', $ALL_ACTIONS, 'listusers');
-$usrlang =safe_POST('usrlang', array_keys(WT_I18N::installed_languages()));
-$username =safe_POST('username', WT_REGEX_USERNAME);
-$filter =safe_POST('filter', WT_REGEX_NOSCRIPT);
-$ged =safe_POST('ged', WT_REGEX_NOSCRIPT);
+$action = WT_Filter::get('action', null, 'listusers');
+$usrlang = WT_Filter::post('usrlang', implode('|', array_keys(WT_I18N::installed_languages())), WT_LOCALE);
+$username = WT_Filter::post('username', WT_REGEX_USERNAME);
+$filter = WT_Filter::post('filter');
+$ged = WT_Filter::post('ged');
// Extract form variables
-$realname =safe_POST('realname' );
-$pass1 =safe_POST('pass1', WT_REGEX_PASSWORD);
-$pass2 =safe_POST('pass2', WT_REGEX_PASSWORD);
-$emailaddress =safe_POST('emailaddress', WT_REGEX_EMAIL);
-$user_theme =safe_POST('user_theme', $ALL_THEME_DIRS);
-$user_language =safe_POST('user_language', array_keys(WT_I18N::installed_languages()), WT_LOCALE);
-$new_contact_method=safe_POST('new_contact_method');
-$new_comment =safe_POST('new_comment', WT_REGEX_UNSAFE);
-$new_auto_accept =safe_POST_bool('new_auto_accept');
-$canadmin =safe_POST_bool('canadmin');
-$visibleonline =safe_POST_bool('visibleonline');
-$editaccount =safe_POST_bool('editaccount');
-$verified =safe_POST_bool('verified');
-$verified_by_admin =safe_POST_bool('verified_by_admin');
+$realname = WT_Filter::post('realname' );
+$pass1 = WT_Filter::post('pass1', WT_REGEX_PASSWORD);
+$pass2 = WT_Filter::post('pass2', WT_REGEX_PASSWORD);
+$emailaddress = WT_Filter::postEmail('emailaddress');
+$user_theme = WT_Filter::post('user_theme', $ALL_THEME_DIRS);
+$user_language = WT_Filter::post('user_language', implode('|', array_keys(WT_I18N::installed_languages())), WT_LOCALE);
+$new_contact_method = WT_Filter::post('new_contact_method');
+$new_comment = WT_Filter::post('new_comment');
+$new_auto_accept = WT_Filter::postBool('new_auto_accept');
+$canadmin = WT_Filter::postBool('canadmin');
+$visibleonline = WT_Filter::postBool('visibleonline');
+$editaccount = WT_Filter::postBool('editaccount');
+$verified = WT_Filter::postBool('verified');
+$verified_by_admin = WT_Filter::postBool('verified_by_admin');
switch ($action) {
case 'deleteuser':
// Delete a user - but don't delete ourselves!
- $username=safe_GET('username');
- $user_id=get_user_id($username);
+ $username = WT_Filter::get('username');
+ $user_id = get_user_id($username);
if ($user_id && $user_id!=WT_USER_ID) {
delete_user($user_id);
AddToLog("deleted user ->{$username}<-", 'auth');
@@ -81,7 +80,7 @@ case 'deleteuser':
break;
case 'loadrows':
// Generate an AJAX/JSON response for datatables to load a block of rows
- $sSearch=safe_GET('sSearch');
+ $sSearch=WT_Filter::get('sSearch');
$WHERE=" WHERE u.user_id>0";
$ARGS=array();
if ($sSearch) {
@@ -93,26 +92,26 @@ case 'loadrows':
$ARGS=array($sSearch, $sSearch, $sSearch);
} else {
}
- $iDisplayStart =(int)safe_GET('iDisplayStart');
- $iDisplayLength=(int)safe_GET('iDisplayLength');
+ $iDisplayStart = WT_Filter::getInteger('iDisplayStart');
+ $iDisplayLength = WT_Filter::getInteger('iDisplayLength');
set_user_setting(WT_USER_ID, 'admin_users_page_size', $iDisplayLength);
if ($iDisplayLength>0) {
$LIMIT=" LIMIT " . $iDisplayStart . ',' . $iDisplayLength;
} else {
$LIMIT="";
}
- $iSortingCols=(int)safe_GET('iSortingCols');
+ $iSortingCols = WT_Filter::getInteger('iSortingCols');
if ($iSortingCols) {
$ORDER_BY=' ORDER BY ';
for ($i=0; $i<$iSortingCols; ++$i) {
// Datatables numbers columns 0, 1, 2, ...
// MySQL numbers columns 1, 2, 3, ...
- switch (safe_GET('sSortDir_'.$i)) {
+ switch (WT_Filter::get('sSortDir_'.$i)) {
case 'asc':
- $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' ASC ';
+ $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' ASC ';
break;
case 'desc':
- $ORDER_BY.=(1+(int)safe_GET('iSortCol_'.$i)).' DESC ';
+ $ORDER_BY.=(1 + WT_Filter::getInteger('iSortCol_'.$i)).' DESC ';
break;
}
if ($i<$iSortingCols-1) {
@@ -149,7 +148,7 @@ case 'loadrows':
$aData[4]=edit_field_inline('user-email-'. $user_id, $aData[4]);
// $aData[5] is a link to an email icon
if ($user_id != WT_USER_ID) {
- $aData[5]='<i class="icon-email" onclick="return message(\''.$user_name.'\', \'\', \'\', \'\');"></i>';
+ $aData[5]='<i class="icon-email" onclick="return message(\''.$user_name.'\', \'\', \'\');"></i>';
}
$aData[6]=edit_field_language_inline('user_setting-'.$user_id.'-language', $aData[6]);
// $aData[7] is the sortable registration timestamp
@@ -181,15 +180,15 @@ case 'loadrows':
Zend_Session::writeClose();
header('Content-type: application/json');
echo json_encode(array( // See http://www.datatables.net/usage/server-side
- 'sEcho' =>(int)safe_GET('sEcho'),
- 'iTotalRecords' =>$iTotalRecords,
- 'iTotalDisplayRecords'=>$iTotalDisplayRecords,
- 'aaData' =>$aaData
+ 'sEcho' => WT_Filter::getInteger('sEcho'), // Always an integer
+ 'iTotalRecords' => $iTotalRecords,
+ 'iTotalDisplayRecords' => $iTotalDisplayRecords,
+ 'aaData' => $aaData
));
exit;
case 'load1row':
// Generate an AJAX response for datatables to load expanded row
- $user_id=(int)safe_GET('user_id');
+ $user_id = WT_Filter::getInteger('user_id');
Zend_Session::writeClose();
header('Content-type: text/html; charset=UTF-8');
echo '<h2>', WT_I18N::translate('Details'), '</h2>';
@@ -289,11 +288,11 @@ case 'createuser':
set_user_setting($user_id, 'verified', $verified);
set_user_setting($user_id, 'verified_by_admin', $verified_by_admin);
foreach (WT_Tree::getAll() as $tree) {
- $tree->userPreference($user_id, 'gedcomid', safe_POST_xref('gedcomid'.$tree->tree_id));
- $tree->userPreference($user_id, 'rootid', safe_POST_xref('rootid'.$tree->tree_id));
- $tree->userPreference($user_id, 'canedit', safe_POST('canedit'.$tree->tree_id, array_keys($ALL_EDIT_OPTIONS)));
- if (safe_POST_xref('gedcomid'.$tree->tree_id)) {
- $tree->userPreference($user_id, 'RELATIONSHIP_PATH_LENGTH', safe_POST_integer('RELATIONSHIP_PATH_LENGTH'.$tree->tree_id, 0, 10, 0));
+ $tree->userPreference($user_id, 'gedcomid', WT_Filter::post('gedcomid'.$tree->tree_id, WT_REGEX_XREF));
+ $tree->userPreference($user_id, 'rootid', WT_Filter::post('rootid'.$tree->tree_id, WT_REGEX_XREF));
+ $tree->userPreference($user_id, 'canedit', WT_Filter::post('canedit'.$tree->tree_id, implode('|', array_keys($ALL_EDIT_OPTIONS))));
+ if (WT_Filter::post('gedcomid'.$tree->tree_id, WT_REGEX_XREF)) {
+ $tree->userPreference($user_id, 'RELATIONSHIP_PATH_LENGTH', WT_Filter::postInteger('RELATIONSHIP_PATH_LENGTH'.$tree->tree_id, 0, 10, 0));
} else {
// Do not allow a path length to be set if the individual ID is not
$tree->userPreference($user_id, 'RELATIONSHIP_PATH_LENGTH', null);
@@ -444,12 +443,12 @@ case 'createform':
//Pedigree root person
'<td>';
$varname='rootid'.$tree->tree_id;
- echo '<input type="text" size="12" name="', $varname, '" id="', $varname, '" value="', WT_Filter::escapeHtml(safe_POST_xref('gedcomid'.$tree->tree_id)), '"> ', print_findindi_link($varname),
+ echo '<input type="text" size="12" name="', $varname, '" id="', $varname, '" value="', WT_Filter::escapeHtml(WT_Filter::post('gedcomid'.$tree->tree_id, WT_REGEX_XREF)), '"> ', print_findindi_link($varname),
'</td>',
// GEDCOM INDI Record ID
'<td>';
$varname='gedcomid'.$tree->tree_id;
- echo '<input type="text" size="12" name="',$varname, '" id="',$varname, '" value="', WT_Filter::escapeHtml(safe_POST_xref('rootid'.$tree->tree_id)), '"> ', print_findindi_link($varname),
+ echo '<input type="text" size="12" name="',$varname, '" id="',$varname, '" value="', WT_Filter::escapeHtml(WT_Filter::post('rootid'.$tree->tree_id, WT_REGEX_XREF)), '"> ', print_findindi_link($varname),
'</td>',
'<td>';
$varname='canedit'.$tree->tree_id;
@@ -494,7 +493,7 @@ case 'cleanup':
<?php
// Check for idle users
//if (!isset($month)) $month = 1;
- $month = safe_GET_integer('month', 1, 12, 6);
+ $month = WT_Filter::getInteger('month', 1, 12, 6);
echo "<tr><th>", WT_I18N::translate('Number of months since the last login for a user’s account to be considered inactive: '), "</th>";
echo "<td><select onchange=\"document.location=options[selectedIndex].value;\">";
for ($i=1; $i<=12; $i++) {
@@ -557,7 +556,7 @@ case 'cleanup':
case 'cleanup2':
foreach (get_all_users() as $user_id=>$user_name) {
$var = "del_".str_replace(array(".", "-", " "), array("_", "_", "_"), $user_name);
- if (safe_POST($var)=='1') {
+ if (WT_Filter::post($var)=='1') {
delete_user($user_id);
AddToLog("deleted user ->{$user_name}<-", 'auth');
echo WT_I18N::translate('Deleted user: '); echo $user_name, "<br>";
@@ -645,7 +644,7 @@ default:
});
jQuery(this).addClass("icon-close");
});
- oTable.fnFilter("'.safe_GET('filter', WT_REGEX_USERNAME).'");
+ oTable.fnFilter("'.WT_Filter::get('filter').'");
');
break;
}
diff --git a/admin_users_bulk.php b/admin_users_bulk.php
index 0bc8abbcac..3cebb6b3f5 100644
--- a/admin_users_bulk.php
+++ b/admin_users_bulk.php
@@ -1,52 +1,52 @@
-<?php
-// Administrative User Interface.
-//
-// webtrees: Web based Family History software
-// Copyright (C) 2013 webtrees development team.
-//
-// Derived from PhpGedView
-// Copyright (C) 2002 to 2009 PGV Development Team. All rights reserved.
-//
-// Modifications Copyright (c) 2010 Greg Roach
-//
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; either version 2 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-define('WT_SCRIPT_NAME', 'admin_users_bulk.php');
-require './includes/session.php';
-
-$controller=new WT_Controller_Page();
-$controller
- ->requireAdminLogin()
- ->setPageTitle(WT_I18N::translate('Send broadcast messages'))
- ->pageHeader();
-
-?>
-<div id="users_bulk">
- <p>
- <a href="#" onclick="message('all', 'messaging2', '', ''); return false;">
- <?php echo WT_I18N::translate('Send message to all users'); ?>
- </a>
- </p>
- <p>
- <a href="#" onclick="message('never_logged', 'messaging2', '', ''); return false;">
- <?php echo WT_I18N::translate('Send message to users who have never logged in'); ?>
- </a>
- </p>
- <p>
- <a href="#" onclick="message('last_6mo', 'messaging2', '', ''); return false;">
- <?php echo WT_I18N::translate('Send message to users who have not logged in for 6 months'); ?>
- </a>
- </p>
-</div>
+<?php
+// Administrative User Interface.
+//
+// webtrees: Web based Family History software
+// Copyright (C) 2013 webtrees development team.
+//
+// Derived from PhpGedView
+// Copyright (C) 2002 to 2009 PGV Development Team. All rights reserved.
+//
+// Modifications Copyright (c) 2010 Greg Roach
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 2 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+define('WT_SCRIPT_NAME', 'admin_users_bulk.php');
+require './includes/session.php';
+
+$controller=new WT_Controller_Page();
+$controller
+ ->requireAdminLogin()
+ ->setPageTitle(WT_I18N::translate('Send broadcast messages'))
+ ->pageHeader();
+
+?>
+<div id="users_bulk">
+ <p>
+ <a href="#" onclick="message('all', 'messaging2', ''); return false;">
+ <?php echo WT_I18N::translate('Send message to all users'); ?>
+ </a>
+ </p>
+ <p>
+ <a href="#" onclick="message('never_logged', 'messaging2', ''); return false;">
+ <?php echo WT_I18N::translate('Send message to users who have never logged in'); ?>
+ </a>
+ </p>
+ <p>
+ <a href="#" onclick="message('last_6mo', 'messaging2', ''); return false;">
+ <?php echo WT_I18N::translate('Send message to users who have not logged in for 6 months'); ?>
+ </a>
+ </p>
+</div>
diff --git a/autocomplete.php b/autocomplete.php
index 8a32ea73f2..f0ac7e9f09 100644
--- a/autocomplete.php
+++ b/autocomplete.php
@@ -26,8 +26,8 @@ header('Content-Type: text/plain; charset=UTF-8');
// We have finished writing session data, so release the lock
Zend_Session::writeClose();
-$term=safe_GET('term', WT_REGEX_UNSAFE); // we can search on '"><& etc.
-$type=safe_GET('field');
+$term = WT_Filter::get('term'); // we can search on '"><& etc.
+$type = WT_Filter::get('field');
switch ($type) {
case 'ASSO': // Associates of an individuals, whose name contains the search terms
@@ -43,12 +43,11 @@ case 'ASSO': // Associates of an individuals, whose name contains the search ter
->execute(array($term, $term, WT_GED_ID))
->fetchAll();
// Filter for privacy - and whether they could be alive at the right time
- $pid=safe_GET_xref('pid');
- $event_date=safe_GET('event_date');
- $record=WT_GedcomRecord::getInstance($pid); // INDI or FAM
- $record=WT_GedcomRecord::getInstance($pid); // INDI or FAM
- $tmp=new WT_Date($event_date);
- $event_jd=$tmp->JD();
+ $pid = WT_Filter::get('pid', WT_REGEX_XREF);
+ $event_date = WT_Filter::get('event_date');
+ $record = WT_GedcomRecord::getInstance($pid); // INDI or FAM
+ $tmp = new WT_Date($event_date);
+ $event_jd = $tmp->JD();
// INDI
$indi_birth_jd = 0;
if ($record instanceof WT_Individual) {
@@ -325,8 +324,8 @@ case 'SOUR': // Sources, that include the search terms
exit;
case 'SOUR_PAGE': // Citation details, for a given source, that contain the search term
- $data=array();
- $sid=safe_GET_xref('sid');
+ $data = array();
+ $sid = WT_Filter::get('sid', WT_REGEX_XREF);
// Fetch all data, regardless of privacy
$rows=
WT_DB::prepare(
diff --git a/block_edit.php b/block_edit.php
index 69d78eb842..600ee88abd 100644
--- a/block_edit.php
+++ b/block_edit.php
@@ -21,8 +21,8 @@
define('WT_SCRIPT_NAME', 'block_edit.php');
require './includes/session.php';
-$block_id=safe_GET('block_id');
-$block=WT_DB::prepare(
+$block_id = WT_Filter::getInteger('block_id');
+$block = WT_DB::prepare(
"SELECT SQL_CACHE * FROM `##block` WHERE block_id=?"
)->execute(array($block_id))->fetchOneRow();
@@ -56,4 +56,4 @@ if (array_key_exists('ckeditor', WT_Module::getActiveModules())) {
</td>
</tr>
</table>
-</form>
+</form> \ No newline at end of file
diff --git a/branches.php b/branches.php
index 0c25da5c75..671f47eb17 100644
--- a/branches.php
+++ b/branches.php
@@ -24,11 +24,10 @@
define('WT_SCRIPT_NAME', 'branches.php');
require './includes/session.php';
-//-- args
-$surn = safe_GET('surname', '[^<>&%{};]*');
-$soundex_std = safe_GET_bool('soundex_std');
-$soundex_dm = safe_GET_bool('soundex_dm');
-$ged = safe_GET('ged');
+$surn = WT_Filter::get('surname');
+$soundex_std = WT_Filter::getBool('soundex_std');
+$soundex_dm = WT_Filter::getBool('soundex_dm');
+$ged = WT_Filter::get('ged');
if (empty($ged)) {
$ged = $GEDCOM;
}
@@ -232,4 +231,4 @@ function indis_array($surn, $soundex_std, $soundex_dm) {
function sosa_gen($sosa) {
$gen = (int)log($sosa, 2)+1;
return '<sup title="'.WT_I18N::translate('Generation').'">'.$gen.'</sup>';
-}
+} \ No newline at end of file
diff --git a/calendar.php b/calendar.php
index 5074e2c9e5..56c86bc758 100644
--- a/calendar.php
+++ b/calendar.php
@@ -31,14 +31,14 @@ $controller=new WT_Controller_Page();
$controller->setPageTitle(WT_I18N::translate('Anniversary calendar'));
$controller->pageHeader();
-$cal =safe_GET('cal', '@#D[A-Z ]+@');
-$day =safe_GET('day', '\d\d?');
-$month =safe_GET('month', '[A-Z]{3,5}');
-$year =safe_GET('year', '\d{1,4}(?: B\.C\.)?|\d\d\d\d\/\d\d|\d+(-\d+|[?]+)?');
-$action =safe_GET('action', array('year', 'today', 'calendar'), 'today');
-$filterev=safe_GET('filterev', array('all', 'bdm', WT_REGEX_TAG), 'bdm');
-$filterof=safe_GET('filterof', array('all', 'living', 'recent'), 'all');
-$filtersx=safe_GET('filtersx', array('M', 'F'), '');
+$cal = WT_Filter::get('cal', '@#D[A-Z ]+@');
+$day = WT_Filter::get('day', '\d\d?');
+$month = WT_Filter::get('month', '[A-Z]{3,5}');
+$year = WT_Filter::get('year', '\d{1,4}(?: B\.C\.)?|\d\d\d\d\/\d\d|\d+(-\d+|[?]+)?');
+$action = WT_Filter::get('action', 'year|today|calendar', 'today');
+$filterev = WT_Filter::get('filterev', 'all|bdm|' . WT_REGEX_TAG, 'bdm');
+$filterof = WT_Filter::get('filterof', 'all|living|recent', 'all');
+$filtersx = WT_Filter::get('filtersx', '[MF]');
if ($cal.$day.$month.$year=='') {
// No date specified? Use the most likely calendar
diff --git a/downloadbackup.php b/downloadbackup.php
index 9ec9f43bf5..c6b404a69d 100644
--- a/downloadbackup.php
+++ b/downloadbackup.php
@@ -24,7 +24,7 @@
define('WT_SCRIPT_NAME', 'downloadbackup.php');
require './includes/session.php';
-$fname=safe_GET('fname');
+$fname = WT_Filter::get('fname');
if (!WT_USER_GEDCOM_ADMIN || !preg_match('/\.zip$/', $fname)) {
$controller=new WT_Controller_Page();
@@ -43,4 +43,4 @@ header('Content-Type: application/zip');
header('Content-Disposition: attachment; filename="'.$fname.'"');
header('Content-length: '.filesize(WT_DATA_DIR.$fname));
header('Content-Transfer-Encoding: binary');
-readfile(WT_DATA_DIR.$fname);
+readfile(WT_DATA_DIR.$fname); \ No newline at end of file
diff --git a/edit_changes.php b/edit_changes.php
index 13588548bd..b72121cba6 100644
--- a/edit_changes.php
+++ b/edit_changes.php
@@ -31,10 +31,10 @@ $controller
->setPageTitle(WT_I18N::translate('Pending changes'))
->pageHeader();
-$action =safe_GET('action');
-$change_id=safe_GET('change_id');
-$index =safe_GET('index');
-$ged =safe_GET('ged');
+$action =WT_Filter::get('action');
+$change_id=WT_Filter::getInteger('change_id');
+$index =WT_Filter::get('index');
+$ged =WT_Filter::getInteger('ged');
echo '<script>';
?>
@@ -244,4 +244,4 @@ if ($changed_gedcoms) {
$controller->addInlineJavascript('closePopupAndReloadParent();');
}
-echo '</div>';
+echo '</div>'; \ No newline at end of file
diff --git a/edit_interface.php b/edit_interface.php
index 52ff6c397f..9297bcbc80 100644
--- a/edit_interface.php
+++ b/edit_interface.php
@@ -25,7 +25,7 @@ define('WT_SCRIPT_NAME', 'edit_interface.php');
require './includes/session.php';
require WT_ROOT.'includes/functions/functions_edit.php';
-$action = safe_REQUEST($_REQUEST, 'action');
+$action = WT_Filter::post('action', null, WT_Filter::get('action'));
$controller=new WT_Controller_Simple();
$controller
@@ -69,8 +69,8 @@ $controller
switch ($action) {
////////////////////////////////////////////////////////////////////////////////
case 'editraw':
- $xref = safe_GET('xref', WT_REGEX_XREF);
- $fact_id = safe_GET('fact_id');
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
+ $fact_id = WT_Filter::get('fact_id', WT_REGEX_TAG);
$record = WT_GedcomRecord::getInstance($xref);
check_record_access($record);
@@ -120,10 +120,10 @@ case 'editraw':
////////////////////////////////////////////////////////////////////////////////
case 'updateraw':
- $xref = safe_POST('xref', WT_REGEX_XREF);
- $fact_id = safe_POST('fact_id');
- $gedcom = safe_POST('gedcom', WT_REGEX_UNSAFE);
- $keep_chan = safe_POST_bool('keep_chan');
+ $xref = WT_Filter::post('xref', WT_REGEX_XREF);
+ $fact_id = WT_Filter::post('fact_id');
+ $gedcom = WT_Filter::post('gedcom');
+ $keep_chan = WT_Filter::postBool('keep_chan');
$record = WT_GedcomRecord::getInstance($xref);
check_record_access($record);
@@ -158,8 +158,8 @@ case 'updateraw':
////////////////////////////////////////////////////////////////////////////////
case 'edit':
- $xref = safe_GET('xref', WT_REGEX_XREF);
- $fact_id = safe_GET('fact_id');
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
+ $fact_id = WT_Filter::get('fact_id');
$record = WT_GedcomRecord::getInstance($xref);
check_record_access($record);
@@ -255,8 +255,8 @@ case 'edit':
////////////////////////////////////////////////////////////////////////////////
case 'add':
- $xref = safe_GET('xref', WT_REGEX_XREF);
- $fact = safe_GET('fact', WT_REGEX_TAG);
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
+ $fact = WT_Filter::get('fact', WT_REGEX_TAG);
$record = WT_GedcomRecord::getInstance($xref);
check_record_access($record);
@@ -313,18 +313,18 @@ case 'add':
////////////////////////////////////////////////////////////////////////////////
case 'update':
// Update a fact
- $xref = safe_POST('xref', WT_REGEX_XREF);
- $fact_id = safe_POST('fact_id');
- $keep_chan = safe_POST_bool('keep_chan');
+ $xref = WT_Filter::post('xref', WT_REGEX_XREF);
+ $fact_id = WT_Filter::post('fact_id');
+ $keep_chan = WT_Filter::postBool('keep_chan');
$record = WT_GedcomRecord::getInstance($xref);
check_record_access($record);
// Arrays for each GEDCOM line
- $glevels = safe_POST('glevels');
- $tag = safe_POST('tag', WT_REGEX_TAG);
- $text = safe_POST('text', WT_REGEX_UNSAFE);
- $islink = safe_POST('islink');
+ $glevels = WT_Filter::postArray('glevels', '[0-9]');
+ $tag = WT_Filter::postArray('tag', WT_REGEX_TAG);
+ $text = WT_Filter::postArray('text');
+ $islink = WT_Filter::postArray('islink', '[01]');
$controller
->setPageTitle(WT_I18N::translate('Edit'))
@@ -342,7 +342,7 @@ case 'update':
//-- check for photo update
if (count($_FILES)>0) {
- if (isset($_REQUEST['folder'])) $folder = $_REQUEST['folder'];
+ $folder = WT_Filter::post('folder');
$uploaded_files = array();
if (substr($folder, 0, 1) == "/") $folder = substr($folder, 1);
if (substr($folder, -1, 1) != "/") $folder .= "/";
@@ -402,8 +402,8 @@ case 'update':
// Add a new child to an existing family
////////////////////////////////////////////////////////////////////////////////
case 'add_child_to_family':
- $xref = safe_GET('xref', WT_REGEX_XREF);
- $gender = safe_GET('gender', '[MF]', 'U');
+ $xref = WT_Filter::getXREF('xref');
+ $gender = WT_Filter::get('gender', '[MF]', 'U');
$family = WT_Family::getInstance($xref);
check_record_access($family);
@@ -416,9 +416,9 @@ case 'add_child_to_family':
break;
case 'add_child_to_family_action':
- $xref = safe_POST('xref', WT_REGEX_XREF);
- $PEDI = safe_POST('PEDI');
- $keep_chan = safe_POST_bool('keep_chan');
+ $xref = WT_Filter::post('xref', WT_REGEX_XREF);
+ $PEDI = WT_Filter::post('PEDI');
+ $keep_chan = WT_Filter::postBool('keep_chan');
$family = WT_Family::getInstance($xref);
check_record_access($family);
@@ -435,7 +435,7 @@ case 'add_child_to_family_action':
}
}
$gedrec .= "\n".WT_Gedcom_Code_Pedi::createNewFamcPedi($PEDI, $xref);
- if (safe_POST_bool('SOUR_INDI')) {
+ if (WT_Filter::postBool('SOUR_INDI')) {
$gedrec = handle_updates($gedrec);
} else {
$gedrec = updateRest($gedrec);
@@ -460,7 +460,7 @@ case 'add_child_to_family_action':
$family->createFact('1 CHIL @' . $new_child->getXref() . '@', !$keep_chan);
}
- if (safe_POST('goto')=='new') {
+ if (WT_Filter::post('goto')=='new') {
$controller->addInlineJavascript('closePopupAndReloadParent("' . $new_child->getRawUrl() . '");');
} else {
$controller->addInlineJavascript('closePopupAndReloadParent();');
@@ -471,7 +471,7 @@ case 'add_child_to_family_action':
// Add a new child to an existing individual (creating a one-parent family)
////////////////////////////////////////////////////////////////////////////////
case 'add_child_to_individual':
- $xref = safe_GET('xref', WT_REGEX_XREF);
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
$person = WT_Individual::getInstance($xref);
check_record_access($person);
@@ -484,8 +484,8 @@ case 'add_child_to_individual':
break;
case 'add_child_to_individual_action':
- $xref = safe_POST('xref', WT_REGEX_XREF);
- $PEDI = safe_POST('PEDI');
+ $xref = WT_Filter::post('xref', WT_REGEX_XREF);
+ $PEDI = WT_Filter::post('PEDI');
$person = WT_Individual::getInstance($xref);
check_record_access($person);
@@ -515,7 +515,7 @@ case 'add_child_to_individual_action':
$gedcom.=addNewFact($match);
}
}
- if (safe_POST_bool('SOUR_INDI')) {
+ if (WT_Filter::postBool('SOUR_INDI')) {
$gedcom=handle_updates($gedcom);
} else {
$gedcom=updateRest($gedcom);
@@ -537,8 +537,8 @@ case 'add_child_to_individual_action':
// Add a new parent to an existing individual (creating a one-parent family)
////////////////////////////////////////////////////////////////////////////////
case 'add_parent_to_individual':
- $xref = safe_GET('xref', WT_REGEX_XREF);
- $gender = safe_GET('gender', '[MF]', 'U');
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
+ $gender = WT_Filter::get('gender', '[MF]', 'U');
$individual = WT_Individual::getInstance($xref);
check_record_access($individual);
@@ -556,8 +556,8 @@ case 'add_parent_to_individual':
break;
case 'add_parent_to_individual_action':
- $xref = safe_POST('xref', WT_REGEX_XREF);
- $PEDI = safe_POST('PEDI');
+ $xref = WT_Filter::post('xref', WT_REGEX_XREF);
+ $PEDI = WT_Filter::post('PEDI');
$person = WT_Individual::getInstance($xref);
check_record_access($person);
@@ -582,7 +582,7 @@ case 'add_parent_to_individual_action':
$gedcom.=addNewFact($match);
}
}
- if (safe_POST_bool('SOUR_INDI')) {
+ if (WT_Filter::postBool('SOUR_INDI')) {
$gedcom=handle_updates($gedcom);
} else {
$gedcom=updateRest($gedcom);
@@ -631,7 +631,7 @@ case 'add_unlinked_indi_action':
$gedrec.=addNewFact($match);
}
}
- if (safe_POST_bool('SOUR_INDI')) {
+ if (WT_Filter::postBool('SOUR_INDI')) {
$gedrec = handle_updates($gedrec);
} else {
$gedrec = updateRest($gedrec);
@@ -639,7 +639,7 @@ case 'add_unlinked_indi_action':
$new_indi = WT_GedcomRecord::createRecord($gedrec, WT_GED_ID);
- if (safe_POST('goto')=='new') {
+ if (WT_Filter::post('goto')=='new') {
$controller->addInlineJavascript('closePopupAndReloadParent("' . $new_indi->getRawUrl() . '");');
} else {
$controller->addInlineJavascript('closePopupAndReloadParent();');
@@ -650,8 +650,8 @@ case 'add_unlinked_indi_action':
// Add a new spouse to an existing individual (creating a new family)
////////////////////////////////////////////////////////////////////////////////
case 'add_spouse_to_individual':
- $famtag = safe_GET('famtag', '(HUSB|WIFE)');
- $xref = safe_GET('xref', WT_REGEX_XREF);
+ $famtag = WT_Filter::get('famtag', 'HUSB|WIFE');
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
$individual = WT_Individual::getInstance($xref);
check_record_access($individual);
@@ -669,8 +669,8 @@ case 'add_spouse_to_individual':
break;
case 'add_spouse_to_individual_action':
- $xref = safe_POST('xref', WT_REGEX_XREF); // Add a spouse to this individual
- $sex = safe_POST('SEX', '[MFU]');
+ $xref = WT_Filter::post('xref'); // Add a spouse to this individual
+ $sex = WT_Filter::post('SEX', '[MFU]', 'U');
$person = WT_Individual::getInstance($xref);
check_record_access($person);
@@ -688,7 +688,7 @@ case 'add_spouse_to_individual_action':
$indi_gedcom.=addNewFact($match);
}
}
- if (safe_POST_bool('SOUR_INDI')) {
+ if (WT_Filter::postBool('SOUR_INDI')) {
$indi_gedcom = handle_updates($indi_gedcom);
} else {
$indi_gedcom = updateRest($indi_gedcom);
@@ -700,7 +700,7 @@ case 'add_spouse_to_individual_action':
$fam_gedcom.=addNewFact($match);
}
}
- if (safe_POST_bool('SOUR_FAM')) {
+ if (WT_Filter::postBool('SOUR_FAM')) {
$fam_gedcom = handle_updates($fam_gedcom);
} else {
$fam_gedcom = updateRest($fam_gedcom);
@@ -718,7 +718,7 @@ case 'add_spouse_to_individual_action':
$spouse->createFact('1 FAMS @' . $family->getXref() . '@', true);
$person->createFact('1 FAMS @' . $family->getXref() . '@', true);
- if (safe_POST('goto')=='new') {
+ if (WT_Filter::post('goto')=='new') {
$controller->addInlineJavascript('closePopupAndReloadParent("' . $spouse->getRawUrl() . '");');
} else {
$controller->addInlineJavascript('closePopupAndReloadParent();');
@@ -729,8 +729,8 @@ case 'add_spouse_to_individual_action':
// Add a new spouse to an existing family
////////////////////////////////////////////////////////////////////////////////
case 'add_spouse_to_family':
- $xref = safe_GET('xref', WT_REGEX_XREF);
- $famtag = safe_GET('famtag', '(HUSB|WIFE)');
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
+ $famtag = WT_Filter::get('famtag', 'HUSB|WIFE');
$family = WT_Family::getInstance($xref);
check_record_access($family);
@@ -748,7 +748,7 @@ case 'add_spouse_to_family':
break;
case 'add_spouse_to_family_action':
- $xref = safe_POST('xref', WT_REGEX_XREF);
+ $xref = WT_Filter::post('xref', WT_REGEX_XREF);
$family = WT_Family::getInstance($xref);
check_record_access($family);
@@ -767,7 +767,7 @@ case 'add_spouse_to_family_action':
}
}
- if (safe_POST_bool('SOUR_INDI')) {
+ if (WT_Filter::postBool('SOUR_INDI')) {
$gedrec = handle_updates($gedrec);
} else {
$gedrec = updateRest($gedrec);
@@ -787,14 +787,14 @@ case 'add_spouse_to_family_action':
$famrec.=addNewFact($match);
}
}
- if (safe_POST_bool('SOUR_FAM')) {
+ if (WT_Filter::postBool('SOUR_FAM')) {
$famrec = handle_updates($famrec);
} else {
$famrec = updateRest($famrec);
}
$family->createFact(trim($famrec), true); // trim leading \n
- if (safe_POST('goto')=='new') {
+ if (WT_Filter::post('goto')=='new') {
$controller->addInlineJavascript('closePopupAndReloadParent("' . $spouse->getRawUrl() . '");');
} else {
$controller->addInlineJavascript('closePopupAndReloadParent();');
@@ -805,7 +805,7 @@ case 'add_spouse_to_family_action':
// Link an individual to an existing family, as a child
////////////////////////////////////////////////////////////////////////////////
case 'addfamlink':
- $xref = safe_GET('xref', WT_REGEX_XREF);
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
$person = WT_Individual::getInstance($xref);
check_record_access($person);
@@ -851,9 +851,9 @@ case 'addfamlink':
break;
case 'linkfamaction':
- $xref = safe_POST('xref', WT_REGEX_XREF);
- $famid = safe_POST('famid', WT_REGEX_XREF);
- $PEDI = safe_POST('PEDI');
+ $xref = WT_Filter::post('xref', WT_REGEX_XREF);
+ $famid = WT_Filter::post('famid', WT_REGEX_XREF);
+ $PEDI = WT_Filter::post('PEDI');
$person = WT_Individual::getInstance($xref);
$family = WT_Family::getInstance($famid);
@@ -895,8 +895,8 @@ case 'linkfamaction':
// Link and individual to an existing individual as a spouse
////////////////////////////////////////////////////////////////////////////////
case 'linkspouse':
- $famtag = safe_GET('famtag', '(HUSB|WIFE)');
- $xref = safe_GET('xref', WT_REGEX_XREF);
+ $famtag = WT_Filter::get('famtag', 'HUSB|WIFE');
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
$person = WT_Individual::getInstance($xref);
check_record_access($person);
@@ -951,9 +951,9 @@ case 'linkspouse':
break;
case 'linkspouseaction':
- $xref = safe_POST('xref', WT_REGEX_XREF);
- $spid = safe_POST('spid', WT_REGEX_XREF);
- $famtag = safe_POST('famtag', '(HUSB|WIFE)');
+ $xref = WT_Filter::post('xref', WT_REGEX_XREF);
+ $spid = WT_Filter::post('spid', WT_REGEX_XREF);
+ $famtag = WT_Filter::post('famtag', 'HUSB|WIFE');
$person = WT_Individual::getInstance($xref);
$spouse = WT_Individual::getInstance($spid);
@@ -975,7 +975,7 @@ case 'linkspouseaction':
splitSOUR();
$gedcom .= addNewFact('MARR');
- if (safe_POST_bool('SOUR_FAM') || count($tagSOUR)>0) {
+ if (WT_Filter::postBool('SOUR_FAM') || count($tagSOUR)>0) {
// before adding 2 SOUR it needs to add 1 MARR Y first
if (addNewFact('MARR') == '') {
$gedcom .= "\n1 MARR Y";
@@ -1086,42 +1086,60 @@ case 'addsourceaction':
->pageHeader();
$newgedrec = "0 @XREF@ SOUR";
- if (isset($_REQUEST['EVEN'])) $EVEN = $_REQUEST['EVEN'];
- if (!empty($EVEN) && count($EVEN)>0) {
- $newgedrec .= "\n1 DATA";
- $newgedrec .= "\n2 EVEN ".implode(",", $EVEN);
- if (!empty($EVEN_DATE)) $newgedrec .= "\n3 DATE ".$EVEN_DATE;
- if (!empty($EVEN_PLAC)) $newgedrec .= "\n3 PLAC ".$EVEN_PLAC;
- if (!empty($AGNC)) $newgedrec .= "\n2 AGNC ".$AGNC;
+ $ABBR = WT_Filter::post('ABBR');
+ if ($ABBR) {
+ $newgedrec .= "\n1 ABBR " . $ABBR;
}
- if (isset($_REQUEST['ABBR'])) $ABBR = $_REQUEST['ABBR'];
- if (isset($_REQUEST['TITL'])) $TITL = $_REQUEST['TITL'];
- if (isset($_REQUEST['_HEB'])) $_HEB = $_REQUEST['_HEB'];
- if (isset($_REQUEST['ROMN'])) $ROMN = $_REQUEST['ROMN'];
- if (isset($_REQUEST['AUTH'])) $AUTH = $_REQUEST['AUTH'];
- if (isset($_REQUEST['PUBL'])) $PUBL = $_REQUEST['PUBL'];
- if (isset($_REQUEST['REPO'])) $REPO = $_REQUEST['REPO'];
- if (isset($_REQUEST['CALN'])) $CALN = $_REQUEST['CALN'];
- if (!empty($ABBR)) $newgedrec .= "\n1 ABBR $ABBR";
- if (!empty($TITL)) {
- $newgedrec .= "\n1 TITL $TITL";
- if (!empty($_HEB)) $newgedrec .= "\n2 _HEB $_HEB";
- if (!empty($ROMN)) $newgedrec .= "\n2 ROMN $ROMN";
+ $TITL = WT_Filter::post('TITL');
+ if ($TITL) {
+ $newgedrec .= "\n1 TITL " . $TITL;
+ $_HEB = WT_Filter::post('_HEB');
+ if ($_HEB) {
+ $newgedrec .= "\n2 _HEB " . $_HEB;
+ }
+ $ROMN = WT_Filter::post('ROMN');
+ if ($ROMN) {
+ $newgedrec .= "\n2 ROMN " . $ROMN;
+ }
}
- if (!empty($AUTH)) $newgedrec .= "\n1 AUTH $AUTH";
- if (!empty($PUBL)) {
- foreach (preg_split("/\r?\n/", $PUBL) as $k=>$line) {
- if ($k==0) {
- $newgedrec .= "\n1 PUBL $line";
- } else {
- $newgedrec .= "\n2 CONT $line";
- }
+ $AUTH = WT_Filter::post('AUTH');
+ if ($AUTH) {
+ $newgedrec .= "\n1 AUTH " . $AUTH;
+ }
+ $PUBL = WT_Filter::post('PUBL');
+ if ($PUBL) {
+ $newgedrec .= "\n1 PUBL " . preg_replace('/\r?\n/', "\n2 CONT ", $PUBL);
+ }
+ $REPO = WT_Filter::post('REPO', WT_REGEX_XREF);
+ if ($AUTH) {
+ $newgedrec .= "\n1 REPO @" . $REPO . "@";
+ $CALN = WT_Filter::post('CALN');
+ if ($CALN) {
+ $newgedrec .= "\n1 CALN " . $CALN;
}
}
- if (!empty($REPO)) {
- $newgedrec .= "\n1 REPO @$REPO@";
- if (!empty($CALN)) $newgedrec .= "\n2 CALN $CALN";
+ $AUTH = WT_Filter::post('AUTH');
+ if ($AUTH) {
+ $newgedrec .= "\n1 AUTH " . $AUTH;
}
+ $EVEN = WT_Filter::postArray('EVEN', WT_REGEX_TAG);
+ if ($EVEN) {
+ $newgedrec .= "\n1 DATA";
+ $newgedrec .= "\n2 EVEN " . implode(',', $EVEN);
+ $EVEN_DATE = WT_Filter::post('EVEN_DATE');
+ if ($EVEN_DATE) {
+ $newgedrec .= "\n3 EVEN_DATE " . $EVEN_DATE;
+ }
+ $EVEN_PLAC = WT_Filter::post('EVEN_PLAC');
+ if ($EVEN_PLAC) {
+ $newgedrec .= "\n3 EVEN_PLAC " . $EVEN_PLAC;
+ }
+ $AGNC = WT_Filter::post('AGNC');
+ if ($AGNC) {
+ $newgedrec .= "\n2 AGNC " . $AGNC;
+ }
+ }
+
$record = WT_GedcomRecord::createRecord($newgedrec, WT_GED_ID);
$controller->addInlineJavascript('openerpasteid("' . $record->getXref() . '");');
break;
@@ -1168,21 +1186,9 @@ case 'addnoteaction':
->setPageTitle(WT_I18N::translate('Create a new shared note'))
->pageHeader();
- $newgedrec = "0 @XREF@ NOTE";
-
- if (isset($_REQUEST['NOTE'])) $NOTE = $_REQUEST['NOTE'];
+ $gedrec = '0 @XREF@ NOTE ' . preg_replace("/\r?\n/", "\n1 CONT ", WT_Filter::post('NOTE'));
- if (!empty($NOTE)) {
- foreach (preg_split("/\r?\n/", $NOTE) as $k=>$line) {
- if ($k==0) {
- $newgedrec .= " {$line}";
- } else {
- $newgedrec .= "\n1 CONT {$line}";
- }
- }
- }
-
- $record = WT_GedcomRecord::createRecord($newgedrec, WT_GED_ID);
+ $record = WT_GedcomRecord::createRecord($gedrec, WT_GED_ID);
$controller->addInlineJavascript('openerpasteid("' . $record->getXref() . '");');
break;
@@ -1207,7 +1213,7 @@ case 'addnoteaction_assisted':
////////////////////////////////////////////////////////////////////////////////
case 'addmedia_links':
- $pid = safe_GET('pid', WT_REGEX_XREF);
+ $pid = WT_Filter::get('pid', WT_REGEX_XREF);
$person = WT_Individual::getInstance($pid);
check_record_access($person);
@@ -1230,7 +1236,7 @@ case 'addmedia_links':
////////////////////////////////////////////////////////////////////////////////
case 'editsource':
- $xref = safe_GET('xref', WT_REGEX_XREF);
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
$source = WT_Source::getInstance($xref);
check_record_access($source);
@@ -1293,7 +1299,7 @@ case 'editsource':
// Edit a note record
////////////////////////////////////////////////////////////////////////////////
case 'editnote':
- $xref = safe_GET('xref', WT_REGEX_XREF);
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
$note = WT_Note::getInstance($xref);
check_record_access($note);
@@ -1329,9 +1335,9 @@ case 'editnote':
break;
case 'editnoteaction':
- $xref = safe_POST('xref', WT_REGEX_XREF);
- $keep_chan = safe_POST_bool('keep_chan');
- $note = safe_POST('NOTE', WT_REGEX_UNSAFE);
+ $xref = WT_Filter::post('xref', WT_REGEX_XREF);
+ $keep_chan = WT_Filter::postBool('keep_chan');
+ $note = WT_Filter::post('NOTE');
$record = WT_Note::getInstance($xref);
check_record_access($record);
@@ -1415,43 +1421,48 @@ case 'addrepoaction':
->setPageTitle(WT_I18N::translate('Create repository'))
->pageHeader();
- $newgedrec = "0 @XREF@ REPO";
- if (isset($_REQUEST['REPO_NAME'])) $NAME = $_REQUEST['REPO_NAME'];
- if (isset($_REQUEST['_HEB'])) $_HEB = $_REQUEST['_HEB'];
- if (isset($_REQUEST['ROMN'])) $ROMN = $_REQUEST['ROMN'];
- if (isset($_REQUEST['ADDR'])) $ADDR = $_REQUEST['ADDR'];
- if (isset($_REQUEST['PHON'])) $PHON = $_REQUEST['PHON'];
- if (isset($_REQUEST['FAX'])) $FAX = $_REQUEST['FAX'];
- if (isset($_REQUEST['EMAIL'])) $EMAIL = $_REQUEST['EMAIL'];
- if (isset($_REQUEST['WWW'])) $WWW = $_REQUEST['WWW'];
-
- if (!empty($NAME)) {
- $newgedrec .= "\n1 NAME $NAME";
- if (!empty($_HEB)) $newgedrec .= "\n2 _HEB $_HEB";
- if (!empty($ROMN)) $newgedrec .= "\n2 ROMN $ROMN";
- }
- if (!empty($ADDR)) {
- foreach (preg_split("/\r?\n/", $ADDR) as $k=>$line) {
- if ($k==0) {
- $newgedrec .= "\n1 ADDR {$line}";
- } else {
- $newgedrec .= "\n2 CONT {$line}";
- }
+ $gedrec = "0 @XREF@ REPO";
+ $REPO_NAME = WT_Filter::post('REPO_NAME');
+ if ($REPO_NAME) {
+ $gedrec .= "\n1 NAME " . $REPO_NAME;
+ $_HEB = WT_Filter::post('_HEB');
+ if ($_HEB) {
+ $gedrec .= "\n2 _HEB " . $_HEB;
+ }
+ $ROMN = WT_Filter::post('ROMN');
+ if ($ROMN) {
+ $gedrec .= "\n2 ROMN " . $ROMN;
}
}
- if (!empty($PHON)) $newgedrec .= "\n1 PHON $PHON";
- if (!empty($FAX)) $newgedrec .= "\n1 FAX $FAX";
- if (!empty($EMAIL)) $newgedrec .= "\n1 EMAIL $EMAIL";
- if (!empty($WWW)) $newgedrec .= "\n1 WWW $WWW";
+ $ADDR = WT_Filter::post('ADDR');
+ if ($ADDR) {
+ $gedrec .= "\n1 ADDR " . preg_replace('/\r?\n/', "\n2 CONT ", $ADDR);
+ }
+ $PHON = WT_Filter::post('PHON');
+ if ($PHON) {
+ $newgedrec .= "\n1 PHON " . $PHON;
+ }
+ $FAX = WT_Filter::post('FAX');
+ if ($FAX) {
+ $newgedrec .= "\n1 FAX " . $FAX;
+ }
+ $EMAIL = WT_Filter::post('EMAIL');
+ if ($EMAIL) {
+ $newgedrec .= "\n1 EMAIL " . $EMAIL;
+ }
+ $WWW = WT_Filter::post('WWW');
+ if ($WWW) {
+ $newgedrec .= "\n1 WWW " . $WWW;
+ }
- $record = WT_GedcomRecord::createRecord($newgedrec, WT_GED_ID);
+ $record = WT_GedcomRecord::createRecord($gedrec, WT_GED_ID);
$controller->addInlineJavascript('openerpasteid("' . $record->getXref() . '");');
break;
////////////////////////////////////////////////////////////////////////////////
case 'editname':
- $xref = safe_GET('xref', WT_REGEX_XREF);
- $fact_id = safe_GET('fact_id');
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
+ $fact_id = WT_Filter::get('fact_id');
$person = WT_Individual::getInstance($xref);
check_record_access($person);
@@ -1487,7 +1498,7 @@ case 'editname':
////////////////////////////////////////////////////////////////////////////////
case 'addname':
- $xref = safe_GET('xref', WT_REGEX_XREF);
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
$person = WT_Individual::getInstance($xref);
check_record_access($person);
@@ -1501,8 +1512,8 @@ case 'addname':
////////////////////////////////////////////////////////////////////////////////
case 'paste':
- $xref = safe_REQUEST($_REQUEST, 'xref', WT_REGEX_XREF);
- $fact = safe_REQUEST($_REQUEST, 'fact', WT_REGEX_UNSAFE);
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
+ $fact = WT_Filter::get('fact');
$record = WT_GedcomRecord::getInstance($xref);
check_record_access($record);
@@ -1519,7 +1530,7 @@ case 'paste':
// Change the order of media objects
////////////////////////////////////////////////////////////////////////////////
case 'reorder_media':
- $xref = safe_REQUEST($_REQUEST, 'xref', WT_REGEX_XREF);
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
$person = WT_Individual::getInstance($xref);
check_record_access($person);
@@ -1606,9 +1617,9 @@ case 'reorder_media':
break;
case 'reorder_media_update':
- $xref = safe_POST('xref', WT_REGEX_XREF);
- $order1 = safe_POST('order1');
- $keep_chan = safe_POST_bool('keep_chan');
+ $xref = WT_Filter::post('xref', WT_REGEX_XREF);
+ $order1 = WT_Filter::post('order1');
+ $keep_chan = WT_Filter::postBool('keep_chan');
$person = WT_Individual::getInstance($xref);
check_record_access($person);
@@ -1640,8 +1651,8 @@ case 'reorder_media_update':
// Change the order of children within a family record
////////////////////////////////////////////////////////////////////////////////
case 'reorder_children':
- $xref = safe_GET('xref', WT_REGEX_XREF);
- $option = safe_GET('option');
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
+ $option = WT_Filter::get('option');
$family = WT_Family::getInstance($xref);
check_record_access($family);
@@ -1706,9 +1717,9 @@ case 'reorder_children':
break;
case 'reorder_update':
- $xref = safe_POST('xref', WT_REGEX_XREF);
- $order = safe_POST('order');
- $keep_chan = safe_POST_bool('keep_chan');
+ $xref = WT_Filter::post('xref', WT_REGEX_XREF);
+ $order = WT_Filter::post('order');
+ $keep_chan = WT_Filter::postBool('keep_chan');
$family = WT_Family::getInstance($xref);
check_record_access($family);
@@ -1745,7 +1756,7 @@ case 'reorder_update':
// Change the members of a family record
////////////////////////////////////////////////////////////////////////////////
case 'changefamily':
- $xref = safe_GET('xref', WT_REGEX_XREF);
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
$family = WT_Family::getInstance($xref);
check_record_access($family);
@@ -1905,17 +1916,17 @@ case 'changefamily':
break;
case 'changefamily_update':
- $xref = safe_POST('xref', WT_REGEX_XREF);
- $HUSB = safe_POST('HUSB', WT_REGEX_XREF);
- $WIFE = safe_POST('WIFE', WT_REGEX_XREF);
- $keep_chan = safe_POST_bool('keep_chan');
+ $xref = WT_Filter::post('xref', WT_REGEX_XREF);
+ $HUSB = WT_Filter::post('HUSB', WT_REGEX_XREF);
+ $WIFE = WT_Filter::post('WIFE', WT_REGEX_XREF);
+ $keep_chan = WT_Filter::postBool('keep_chan');
//TODO use CHIL[] instead of CHIL<n>
- //$CHIL = safe_POST('CHIL', WT_REGEX_XREF);
+ //$CHIL = WT_Filter::postArray('CHIL', WT_REGEX_XREF);
$CHIL = array();
for ($i=0; ;++$i) {
if (isset($_POST['CHIL'.$i])) {
- $CHIL[] = safe_POST('CHIL'.$i, WT_REGEX_XREF);
+ $CHIL[] = WT_Filter::post('CHIL'.$i, WT_REGEX_XREF);
} else {
break;
}
@@ -2022,8 +2033,8 @@ case 'changefamily_update':
// Change the order of FAMS records within an INDI record
////////////////////////////////////////////////////////////////////////////////
case 'reorder_fams':
- $xref = safe_GET('xref', WT_REGEX_XREF);
- $option = safe_GET('option');
+ $xref = WT_Filter::get('xref', WT_REGEX_XREF);
+ $option = WT_Filter::get('option');
$person = WT_Individual::getInstance($xref);
check_record_access($person);
@@ -2067,9 +2078,9 @@ case 'reorder_fams':
break;
case 'reorder_fams_update':
- $xref = safe_POST('xref', WT_REGEX_XREF);
- $order = safe_POST('order');
- $keep_chan = safe_POST_bool('keep_chan');
+ $xref = WT_Filter::post('xref', WT_REGEX_XREF);
+ $order = WT_Filter::post('order');
+ $keep_chan = WT_Filter::postBool('keep_chan');
$person = WT_Individual::getInstance($xref);
check_record_access($person);
diff --git a/editnews.php b/editnews.php
index 2515ab70c1..f50aec9a26 100644
--- a/editnews.php
+++ b/editnews.php
@@ -32,13 +32,13 @@ $controller
->requireMemberLogin()
->pageHeader();
-$action =safe_GET('action', array('compose', 'save', 'delete'), 'compose');
-$news_id =safe_GET('news_id');
-$user_id =safe_REQUEST($_REQUEST, 'user_id');
-$gedcom_id=safe_REQUEST($_REQUEST, 'gedcom_id');
-$date =safe_POST('date', WT_REGEX_INTEGER, WT_TIMESTAMP);
-$title =safe_POST('title', WT_REGEX_UNSAFE);
-$text =safe_POST('text', WT_REGEX_UNSAFE);
+$action = WT_Filter::get('action', 'compose|save|delete', 'compose');
+$news_id = WT_Filter::getInteger('news_id');
+$user_id = WT_Filter::get('user_id', WT_REGEX_INTEGER, WT_Filter::post('user_id', WT_REGEX_INTEGER));
+$gedcom_id = WT_Filter::get('gedcom_id', WT_REGEX_INTEGER, WT_Filter::post('gedcom_id', WT_REGEX_INTEGER));
+$date = WT_Filter::postInteger('date', 0, PHP_INT_MAX, WT_TIMESTAMP);
+$title = WT_Filter::post('title');
+$text = WT_Filter::post('text');
switch ($action) {
case 'compose':
diff --git a/edituser.php b/edituser.php
index 57375fc08d..0d546450a8 100644
--- a/edituser.php
+++ b/edituser.php
@@ -42,17 +42,17 @@ foreach (get_theme_names() as $themename=>$themedir) {
}
// Extract form variables
-$form_action =safe_POST('form_action' );
-$form_username =safe_POST('form_username', WT_REGEX_USERNAME);
-$form_realname =safe_POST('form_realname' );
-$form_pass1 =safe_POST('form_pass1', WT_REGEX_PASSWORD);
-$form_pass2 =safe_POST('form_pass2', WT_REGEX_PASSWORD);
-$form_email =safe_POST('form_email', WT_REGEX_EMAIL, 'email@example.com');
-$form_rootid =safe_POST('form_rootid', WT_REGEX_XREF, WT_USER_ROOT_ID );
-$form_theme =safe_POST('form_theme', $ALL_THEME_DIRS);
-$form_language =safe_POST('form_language', array_keys(WT_I18N::installed_languages()), WT_LOCALE );
-$form_contact_method=safe_POST('form_contact_method');
-$form_visible_online=safe_POST_bool('form_visible_online');
+$form_action = WT_Filter::post('form_action');
+$form_username = WT_Filter::post('form_username');
+$form_realname = WT_Filter::post('form_realname' );
+$form_pass1 = WT_Filter::post('form_pass1', WT_REGEX_PASSWORD);
+$form_pass2 = WT_Filter::post('form_pass2', WT_REGEX_PASSWORD);
+$form_email = WT_Filter::postEmail('form_email');
+$form_rootid = WT_Filter::post('form_rootid', WT_REGEX_XREF);
+$form_theme = WT_Filter::post('form_theme', implode('|', $ALL_THEME_DIRS));
+$form_language = WT_Filter::post('form_language', implode('|', array_keys(WT_I18N::installed_languages()), WT_LOCALE));
+$form_contact_method = WT_Filter::post('form_contact_method');
+$form_visible_online = WT_Filter::postBool('form_visible_online');
// Respond to form action
if ($form_action=='update') {
diff --git a/expand_view.php b/expand_view.php
index a5dc6180bf..cd0e553c52 100644
--- a/expand_view.php
+++ b/expand_view.php
@@ -27,7 +27,7 @@ require './includes/session.php';
Zend_Session::writeClose();
header('Content-Type: text/html; charset=UTF-8');
-$person = WT_Individual::getInstance(safe_GET_xref('pid'));
+$person = WT_Individual::getInstance(WT_Filter::get('pid', WT_REGEX_XREF));
if (!$person || !$person->canShow()) {
return WT_I18N::translate('Private');
}
diff --git a/famlist.php b/famlist.php
index 2bef3e777d..98812f5821 100644
--- a/famlist.php
+++ b/famlist.php
@@ -32,19 +32,19 @@ $controller=new WT_Controller_Page();
// We show three different lists: initials, surnames and individuals
// Note that the data may contain special chars, such as surname="<unknown>",
-$alpha =safe_GET('alpha', WT_REGEX_UNSAFE); // All surnames beginning with this letter where "@"=unknown and ","=none
-$surname =safe_GET('surname', WT_REGEX_UNSAFE); // All indis with this surname. NB - allow ' and "
-$show_all=safe_GET('show_all', array('no','yes'), 'no'); // All indis
+$alpha = WT_Filter::get('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none
+$surname = WT_Filter::get('surname'); // All indis with this surname
+$show_all = WT_Filter::get('show_all', 'no|yes', 'no'); // All indis
// Long lists can be broken down by given name
-$show_all_firstnames=safe_GET('show_all_firstnames', array('no','yes'), 'no');
+$show_all_firstnames = WT_Filter::get('show_all_firstnames', 'no|yes', 'no');
if ($show_all_firstnames=='yes') {
$falpha='';
} else {
- $falpha=safe_GET('falpha'); // All first names beginning with this letter
+ $falpha = WT_Filter::get('falpha'); // All first names beginning with this letter
}
$show_marnm=get_user_setting(WT_USER_ID, WT_SCRIPT_NAME.'_show_marnm');
-switch (safe_GET('show_marnm', array('no','yes'))) {
+switch (WT_Filter::get('show_marnm', 'no|yes')) {
case 'no':
$show_marnm=false;
if (WT_USER_ID) {
@@ -63,23 +63,23 @@ case 'yes':
// i.e. can't specify show_all and surname at the same time.
if ($show_all=='yes') {
if ($show_all_firstnames=='yes') {
- $alpha='';
- $surname='';
- $legend=WT_I18N::translate('All');
- $url=WT_SCRIPT_NAME.'?show_all=yes&amp;ged='.WT_GEDURL;
- $show='indi';
+ $alpha = '';
+ $surname = '';
+ $legend = WT_I18N::translate('All');
+ $url = WT_SCRIPT_NAME.'?show_all=yes&amp;ged='.WT_GEDURL;
+ $show = 'indi';
} else if ($falpha) {
- $alpha='';
- $surname='';
- $legend=WT_I18N::translate('All').', '.WT_Filter::escapeHtml($falpha).'…';
- $url=WT_SCRIPT_NAME.'?show_all=yes&amp;ged='.WT_GEDURL;
- $show='indi';
+ $alpha = '';
+ $surname = '';
+ $legend = WT_I18N::translate('All').', '.WT_Filter::escapeHtml($falpha).'…';
+ $url = WT_SCRIPT_NAME.'?show_all=yes&amp;ged='.WT_GEDURL;
+ $show = 'indi';
} else {
- $alpha='';
- $surname='';
- $legend=WT_I18N::translate('All');
- $url=WT_SCRIPT_NAME.'?show_all=yes'.'&amp;ged='.WT_GEDURL;
- $show=safe_GET('show', array('surn', 'indi'), 'surn');
+ $alpha = '';
+ $surname = '';
+ $legend = WT_I18N::translate('All');
+ $url = WT_SCRIPT_NAME.'?show_all=yes'.'&amp;ged='.WT_GEDURL;
+ $show = WT_Filter::get('show', 'surn|indi', 'surn');
}
} elseif ($surname) {
$alpha=WT_Query_Name::initialLetter($surname); // so we can highlight the initial letter
@@ -104,25 +104,25 @@ if ($show_all=='yes') {
}
$show='indi'; // SURN list makes no sense here
} elseif ($alpha=='@') {
- $show_all='no';
- $legend=$UNKNOWN_NN;
- $url=WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&amp;ged='.WT_GEDURL;
- $show='indi'; // SURN list makes no sense here
+ $show_all = 'no';
+ $legend = $UNKNOWN_NN;
+ $url = WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&amp;ged='.WT_GEDURL;
+ $show = 'indi'; // SURN list makes no sense here
} elseif ($alpha==',') {
- $show_all='no';
- $legend=WT_I18N::translate('None');
- $url=WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&amp;ged='.WT_GEDURL;
- $show='indi'; // SURN list makes no sense here
+ $show_all = 'no';
+ $legend = WT_I18N::translate('None');
+ $url = WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&amp;ged='.WT_GEDURL;
+ $show = 'indi'; // SURN list makes no sense here
} elseif ($alpha) {
- $show_all='no';
- $legend=WT_Filter::escapeHtml($alpha).'…';
- $url=WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&amp;ged='.WT_GEDURL;
- $show=safe_GET('show', array('surn', 'indi'), 'surn');
+ $show_all = 'no';
+ $legend = WT_Filter::escapeHtml($alpha).'…';
+ $url = WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&amp;ged='.WT_GEDURL;
+ $show = WT_Filter::get('show', 'surn|indi', 'surn');
} else {
- $show_all='no';
- $legend='…';
- $url=WT_SCRIPT_NAME.'?ged='.WT_GEDURL;
- $show='none'; // Don't show lists until something is chosen
+ $show_all = 'no';
+ $legend = '…';
+ $url = WT_SCRIPT_NAME.'?ged='.WT_GEDURL;
+ $show = 'none'; // Don't show lists until something is chosen
}
$legend='<span dir="auto">'.$legend.'</span>';
diff --git a/fanchart.php b/fanchart.php
index 45f393c080..1df7fbc044 100644
--- a/fanchart.php
+++ b/fanchart.php
@@ -27,7 +27,7 @@ require WT_ROOT.'includes/functions/functions_edit.php';
$controller=new WT_Controller_Fanchart();
-if (safe_GET_bool('img')) {
+if (WT_Filter::getBool('img')) {
Zend_Session::writeClose();
$controller->generate_fan_chart('png');
exit;
@@ -87,4 +87,4 @@ if ($controller->error_message) {
if ($controller->root) {
echo '<div id="fan_chart">', $controller->generate_fan_chart('html'), '</div>';
}
-echo '</div>'; // close #page-chart
+echo '</div>'; \ No newline at end of file
diff --git a/find.php b/find.php
index 18bbd26341..3881f4621b 100644
--- a/find.php
+++ b/find.php
@@ -27,15 +27,15 @@ require_once WT_ROOT.'includes/functions/functions_print_lists.php';
$controller=new WT_Controller_Simple();
-$type =safe_GET('type', WT_REGEX_ALPHA, 'indi');
-$filter =safe_GET('filter');
-$action =safe_GET('action');
-$callback =safe_GET('callback', WT_REGEX_NOSCRIPT, 'paste_id');
-$media =safe_GET('media');
-$all =safe_GET_bool('all');
-$subclick =safe_GET('subclick');
-$choose =safe_GET('choose', WT_REGEX_NOSCRIPT, '0all');
-$qs =safe_GET('tags');
+$type = WT_Filter::get('type');
+$filter = WT_Filter::get('filter');
+$action = WT_Filter::get('action');
+$callback = WT_Filter::get('callback', '[a-zA-Z0-9_]+', 'paste_id');
+$media = WT_Filter::get('media');
+$all = WT_Filter::getBool('all');
+$subclick = WT_Filter::get('subclick');
+$choose = WT_Filter::get('choose', '[a-zA-Z0-9_]+', '0all');
+$qs = WT_Filter::get('tags');
// Retrives the currently selected tags in the opener window (reading curTags value of the query string)
// $preselDefault will be set to the array of DEFAULT preselected tags
@@ -90,7 +90,7 @@ case "source":
break;
case "specialchar":
$controller->setPageTitle(WT_I18N::translate('Find a special character'));
- $language_filter=safe_GET('language_filter');
+ $language_filter = WT_Filter::get('language_filter');
if (WT_USER_ID) {
// Users will probably always want the same language, so remember their setting
if (!$language_filter) {
@@ -708,4 +708,4 @@ if ($action=="filter") {
}
}
echo '<button onclick="window.close();">', WT_I18N::translate('close'), '</button>';
-echo "</div>"; // Close div="find-page"
+echo "</div>";
diff --git a/gedrecord.php b/gedrecord.php
index 8c17184c47..3c15d77e10 100644
--- a/gedrecord.php
+++ b/gedrecord.php
@@ -24,7 +24,7 @@ require './includes/session.php';
$controller=new WT_Controller_Page();
-$obj=WT_GedcomRecord::getInstance(safe_GET_xref('pid'));
+$obj = WT_GedcomRecord::getInstance(WT_Filter::get('pid', WT_REGEX_XREF));
if (
$obj instanceof WT_Individual ||
diff --git a/help_text.php b/help_text.php
index ba894bcb6a..f55275ac3f 100644
--- a/help_text.php
+++ b/help_text.php
@@ -31,7 +31,7 @@ require './includes/session.php';
$controller=new WT_Controller_Ajax();
-$help=safe_GET('help');
+$help = WT_Filter::get('help');
switch ($help) {
//////////////////////////////////////////////////////////////////////////////
// This is a list of all known gedcom tags. We list them all here so that
@@ -1504,7 +1504,7 @@ default:
$title=WT_I18N::translate('Help');
$text=WT_I18N::translate('The help text has not been written for this item.');
// If we've been called from a module, allow the module to provide the help text
- $mod=safe_GET('mod', '[A-Za-z0-9_]+');
+ $mod = WT_Filter::get('mod', '[A-Za-z0-9_]+');
if (file_exists(WT_ROOT.WT_MODULES_DIR.$mod.'/help_text.php')) {
require WT_ROOT.WT_MODULES_DIR.$mod.'/help_text.php';
}
@@ -1514,4 +1514,4 @@ default:
$controller->pageHeader();
echo '<div class="helpheader">', $title, '</div>';
-echo '<div class="helpcontent">', $text,'</div>';
+echo '<div class="helpcontent">', $text,'</div>'; \ No newline at end of file
diff --git a/hourglass_ajax.php b/hourglass_ajax.php
index d228630673..ebd1664164 100644
--- a/hourglass_ajax.php
+++ b/hourglass_ajax.php
@@ -26,12 +26,6 @@
define('WT_SCRIPT_NAME', 'hourglass_ajax.php');
require './includes/session.php';
-/*
- * The purpose of this page is to build the left half of the Hourglass chart via Ajax.
- * This page only produces a husband and wife with the connecting lines to unite and
- * label the pair as a pair.
- */
-
$controller=new WT_Controller_Hourglass();
header('Content-type: text/html; charset=UTF-8');
@@ -39,7 +33,8 @@ header('Content-type: text/html; charset=UTF-8');
Zend_Session::writeClose();
// -- print html header information
-if (isset($_REQUEST['type']) && $_REQUEST['type']=='desc')
+if (WT_Filter::get('type')=='desc') {
$controller->print_descendency(WT_Individual::getInstance($controller->pid), 1, false);
-else
+} else {
$controller->print_person_pedigree(WT_Individual::getInstance($controller->pid), 0);
+}
diff --git a/import.php b/import.php
index 2f6cc0ba41..0e17256564 100644
--- a/import.php
+++ b/import.php
@@ -41,7 +41,7 @@ $controller
// Don't use ged=XX as we want to be able to run without changing the current gedcom.
// This will let us load several gedcoms together, or to edit one while loading another.
-$gedcom_id=safe_GET('gedcom_id');
+$gedcom_id = WT_Filter::getInteger('gedcom_id');
// Don't allow the user to cancel the request. We do not want to be left
// with an incomplete transaction.
@@ -93,7 +93,7 @@ for ($end_time=microtime(true)+1.0; microtime(true)<$end_time; ) {
)->execute(array($gedcom_id))->fetchOneRow();
// If we are at the start position, do some tidying up
if ($first_time) {
- $keep_media=safe_GET_bool('keep_media'.$gedcom_id);
+ $keep_media=WT_Filter::getBool('keep_media'.$gedcom_id);
// Delete any existing genealogical data
empty_database($gedcom_id, $keep_media);
set_gedcom_setting($gedcom_id, 'imported', false);
@@ -234,4 +234,4 @@ WT_DB::exec("COMMIT");
// Reload.....
// Use uniqid() to prevent jQuery caching the previous response.
-$controller->addInlineJavascript('jQuery("#import'.$gedcom_id.'").load("import.php?gedcom_id='.$gedcom_id.'&u='.uniqid().'");');
+$controller->addInlineJavascript('jQuery("#import'.$gedcom_id.'").load("import.php?gedcom_id='.$gedcom_id.'&u='.uniqid().'");'); \ No newline at end of file
diff --git a/includes/functions/functions.php b/includes/functions/functions.php
index 54ab48ea81..0690b4ee25 100644
--- a/includes/functions/functions.php
+++ b/includes/functions/functions.php
@@ -26,96 +26,6 @@ if (!defined('WT_WEBTREES')) {
exit;
}
-////////////////////////////////////////////////////////////////////////////////
-// Extract, sanitise and validate FORM (POST), URL (GET) and COOKIE variables.
-//
-// Request variables should ALWAYS be accessed through these functions, to
-// protect against XSS (cross-site-scripting) attacks.
-//
-// $var - The variable to check
-// $regex - Regular expression to validate the variable (or an array of
-// regular expressions). A number of common regexes are defined in
-// session.php as constants WT_REGEX_*. If no value is specified,
-// the default blocks all characters that could introduce scripts.
-// $default - A value to use if $var is undefined or invalid.
-//
-// You should always know whether your variables are coming from GET or POST,
-// and always use the correct function.
-//
-// NOTE: when using checkboxes, $var is either set (checked) or unset (not
-// checked). This lets us use the syntax safe_GET('my_checkbox', 'yes', 'no')
-//
-// NOTE: when using listboxes, $regex can be an array of valid values. For
-// example, you can use safe_POST('lang', array_keys($pgv_language), WT_LOCALE)
-// to validate against a list of valid languages and supply a sensible default.
-////////////////////////////////////////////////////////////////////////////////
-
-function safe_POST($var, $regex=WT_REGEX_NOSCRIPT, $default=null) {
- return safe_REQUEST($_POST, $var, $regex, $default);
-}
-function safe_GET($var, $regex=WT_REGEX_NOSCRIPT, $default=null) {
- return safe_REQUEST($_GET, $var, $regex, $default);
-}
-function safe_COOKIE($var, $regex=WT_REGEX_NOSCRIPT, $default=null) {
- return safe_REQUEST($_COOKIE, $var, $regex, $default);
-}
-
-function safe_GET_integer($var, $min, $max, $default) {
- $num=safe_GET($var, WT_REGEX_INTEGER, $default);
- $num=max($num, $min);
- $num=min($num, $max);
- return (int)$num;
-}
-function safe_POST_integer($var, $min, $max, $default) {
- $num=safe_POST($var, WT_REGEX_INTEGER, $default);
- $num=max($num, $min);
- $num=min($num, $max);
- return (int)$num;
-}
-
-function safe_GET_bool($var, $true='(y|Y|1|yes|YES|Yes|true|TRUE|True|on)') {
- return !is_null(safe_GET($var, $true));
-}
-function safe_POST_bool($var, $true='(y|Y|1|yes|YES|Yes|true|TRUE|True|on)') {
- return !is_null(safe_POST($var, $true));
-}
-
-function safe_GET_xref($var, $default=null) {
- return safe_GET($var, WT_REGEX_XREF, $default);
-}
-function safe_POST_xref($var, $default=null) {
- return safe_POST($var, WT_REGEX_XREF, $default);
-}
-
-function safe_REQUEST($arr, $var, $regex=WT_REGEX_NOSCRIPT, $default=null) {
- if (is_array($regex)) {
- $regex='(?:'.join('|', $regex).')';
- }
- if (array_key_exists($var, $arr) && preg_match_recursive('~^'.addcslashes($regex, '~').'$~', $arr[$var])) {
- return $arr[$var];
- } else {
- return $default;
- }
-}
-
-function preg_match_recursive($regex, $var) {
- if (is_scalar($var)) {
- return preg_match($regex, $var);
- } else {
- if (is_array($var)) {
- foreach ($var as $k=>$v) {
- if (!preg_match_recursive($regex, $v)) {
- return false;
- }
- }
- return true;
- } else {
- // Neither scalar nor array. Object?
- return false;
- }
- }
-}
-
// Fetch a remote file. Stream wrappers are disabled on
// many hosts, and do not allow the detection of timeout.
function fetch_remote_file($host, $path, $timeout=3) {
@@ -2038,4 +1948,4 @@ function expand_urls($text) {
// Use it to emulate the before_needle php 5.3.0 strstr function
function strstrb($haystack, $needle){
return substr($haystack, 0, strpos($haystack, $needle));
-}
+} \ No newline at end of file
diff --git a/includes/functions/functions_edit.php b/includes/functions/functions_edit.php
index 5ba010fb47..5aed6ddfb9 100644
--- a/includes/functions/functions_edit.php
+++ b/includes/functions/functions_edit.php
@@ -963,7 +963,7 @@ function addSimpleTags($fact) {
function addNewName() {
global $ADVANCED_NAME_FACTS;
- $gedrec="\n1 NAME ".safe_POST('NAME', WT_REGEX_UNSAFE, '//');
+ $gedrec="\n1 NAME ".WT_Filter::post('NAME');
$tags=array('NPFX', 'GIVN', 'SPFX', 'SURN', 'NSFX');
@@ -978,7 +978,7 @@ function addNewName() {
}
foreach (array_unique($tags) as $tag) {
- $TAG=safe_POST($tag, WT_REGEX_UNSAFE);
+ $TAG=WT_Filter::post($tag, WT_REGEX_TAG);
if ($TAG) {
$gedrec.="\n2 {$tag} {$TAG}";
}
@@ -986,7 +986,7 @@ function addNewName() {
return $gedrec;
}
function addNewSex() {
- switch (safe_POST('SEX', '[MF]', 'U')) {
+ switch (WT_Filter::post('SEX', '[MF]', 'U')) {
case 'M':
return "\n1 SEX M";
case 'F':
@@ -998,9 +998,9 @@ function addNewSex() {
function addNewFact($fact) {
global $tagSOUR, $ADVANCED_PLAC_FACTS;
- $FACT=safe_POST($fact, WT_REGEX_UNSAFE);
- $DATE=safe_POST("{$fact}_DATE", WT_REGEX_UNSAFE);
- $PLAC=safe_POST("{$fact}_PLAC", WT_REGEX_UNSAFE);
+ $FACT=WT_Filter::post($fact, WT_REGEX_TAG);
+ $DATE=WT_Filter::post("{$fact}_DATE");
+ $PLAC=WT_Filter::post("{$fact}_PLAC");
if ($DATE || $PLAC || $FACT && $FACT!='Y') {
if ($FACT && $FACT!='Y') {
$gedrec="\n1 {$fact} {$FACT}";
@@ -1015,25 +1015,25 @@ function addNewFact($fact) {
if (preg_match_all('/('.WT_REGEX_TAG.')/', $ADVANCED_PLAC_FACTS, $match)) {
foreach ($match[1] as $tag) {
- $TAG=safe_POST("{$fact}_{$tag}", WT_REGEX_UNSAFE);
+ $TAG=WT_Filter::post("{$fact}_{$tag}");
if ($TAG) {
$gedrec.="\n3 {$tag} {$TAG}";
}
}
}
- $LATI=safe_POST("{$fact}_LATI", WT_REGEX_UNSAFE);
- $LONG=safe_POST("{$fact}_LONG", WT_REGEX_UNSAFE);
+ $LATI=WT_Filter::post("{$fact}_LATI");
+ $LONG=WT_Filter::post("{$fact}_LONG");
if ($LATI || $LONG) {
$gedrec.="\n3 MAP\n4 LATI {$LATI}\n4 LONG {$LONG}";
}
}
- if (safe_POST_bool("SOUR_{$fact}")) {
+ if (WT_Filter::postBool("SOUR_{$fact}")) {
return updateSOUR($gedrec, 2);
} else {
return $gedrec;
}
} elseif ($FACT=='Y') {
- if (safe_POST_bool("SOUR_{$fact}")) {
+ if (WT_Filter::postBool("SOUR_{$fact}")) {
return updateSOUR("\n1 {$fact} Y", 2);
} else {
return "\n1 {$fact} Y";
@@ -1566,4 +1566,4 @@ function insert_missing_subtags($level1tag, $add_date=false) {
add_simple_tag('4 LONG');
}
}
-}
+} \ No newline at end of file
diff --git a/includes/functions/functions_print.php b/includes/functions/functions_print.php
index 8ca4fec079..6ea8a1b962 100644
--- a/includes/functions/functions_print.php
+++ b/includes/functions/functions_print.php
@@ -318,7 +318,7 @@ function whoisonline() {
$content .= '<div class="logged_in_name">';
$content .= WT_Filter::escapeHtml(getUserFullName($user_id) . ' - ' . $user_name);
if (true || WT_USER_ID!=$user_id && get_user_setting($user_id, 'contactmethod')!="none") {
- $content .= ' <a class="icon-email" href="#" onclick="return message(\''.$user_name . '\', \'\', \''.addslashes(urlencode(get_query_url())).'\', \'\');" title="' . WT_I18N::translate('Send Message').'"></a>';
+ $content .= ' <a class="icon-email" href="#" onclick="return message(\'' . WT_Filter::escapeJs($user_name) . '\', \'\', \'' . WT_Filter::escapeJs(get_query_url()) . '\');" title="' . WT_I18N::translate('Send Message').'"></a>';
}
$i++;
$content .= '</div>';
@@ -332,18 +332,18 @@ function whoisonline() {
// Print a link to allow email/messaging contact with a user
// Optionally specify a method (used for webmaster/genealogy contacts)
function user_contact_link($user_id) {
- $method=get_user_setting($user_id, 'contactmethod');
+ $method = get_user_setting($user_id, 'contactmethod');
- $fullname=getUserFullName($user_id);
+ $fullname = getUserFullName($user_id);
switch ($method) {
case 'none':
return '';
case 'mailto':
$email=getUserEmail($user_id);
- return '<a href="mailto:'.WT_Filter::escapeHtml($email).'">'.WT_Filter::escapeHtml($fullname).'</a>';
+ return '<a href="mailto:' . WT_Filter::escapeHtml($email).'">'.WT_Filter::escapeHtml($fullname).'</a>';
default:
- return "<a href='#' onclick='message(\"".get_user_name($user_id)."\", \"".$method."\", \"".addslashes(urlencode(get_query_url()))."\", \"\");return false;'>".$fullname."</a>";
+ return "<a href='#' onclick='message(\"" . WT_Filter::escapeJs(get_user_name($user_id)) . "\", \"" . $method . "\", \"" . WT_Filter::escapeJs(get_query_url()) . "\", \"\");return false;'>" . WT_Filter::escapeHtml($fullname) . '</a>';
}
}
@@ -557,7 +557,7 @@ function print_privacy_error() {
echo '<div class="error">', WT_I18N::translate('For more information contact'), ' ', '<a href="mailto:'.WT_Filter::escapeHtml($email).'">'.WT_Filter::escapeHtml($fullname).'</a>', '</div>';
break;
default:
- echo '<div class="error">', WT_I18N::translate('For more information contact'), ' ', "<a href='#' onclick='message(\"", get_user_name($user_id), "\", \"", $method, "\", \"", addslashes(urlencode(get_query_url())), "\", \"\");return false;'>", $fullname, '</a>', '</div>';
+ echo '<div class="error">', WT_I18N::translate('For more information contact'), ' ', "<a href='#' onclick='message(\"", WT_Filter::escapeHtml(get_user_name($user_id)), "\", \"", $method, "\", \"", WT_Filter::escapeJs(get_query_url()), "\", \"\"); return false;'>", WT_Filter::escapeHtml($fullname), '</a>', '</div>';
break;
}
}
diff --git a/includes/hitcount.php b/includes/hitcount.php
index 2c985b718e..dc8cfb8bd2 100644
--- a/includes/hitcount.php
+++ b/includes/hitcount.php
@@ -29,32 +29,35 @@ if (!defined('WT_WEBTREES')) {
// Only record hits for certain pages
switch (WT_SCRIPT_NAME) {
case 'index.php':
- switch (safe_REQUEST($_REQUEST, 'ctype', array('gedcom', 'user'), WT_USER_ID ? 'user' : 'gedcom')) {
+ switch (WT_Filter::get('ctype', 'gedcom|user', WT_USER_ID ? 'user' : 'gedcom')) {
case 'user':
$page_parameter='user:'.WT_USER_ID;
break;
- default:
+ case 'gedcom':
$page_parameter='gedcom:'.WT_GED_ID;
break;
+ default:
+ $page_parameter='';
+ break;
}
break;
case 'individual.php':
- $page_parameter=safe_GET('pid', WT_REGEX_XREF);
+ $page_parameter=WT_Filter::get('pid', WT_REGEX_XREF);
break;
case 'family.php':
- $page_parameter=safe_GET('famid', WT_REGEX_XREF);
+ $page_parameter=WT_Filter::get('famid', WT_REGEX_XREF);
break;
case 'source.php':
- $page_parameter=safe_GET('sid', WT_REGEX_XREF);
+ $page_parameter=WT_Filter::get('sid', WT_REGEX_XREF);
break;
case 'repo.php':
- $page_parameter=safe_GET('rid', WT_REGEX_XREF);
+ $page_parameter=WT_Filter::get('rid', WT_REGEX_XREF);
break;
case 'note.php':
- $page_parameter=safe_GET('nid', WT_REGEX_XREF);
+ $page_parameter=WT_Filter::get('nid', WT_REGEX_XREF);
break;
case 'mediaviewer.php':
- $page_parameter=safe_GET('mid', WT_REGEX_XREF);
+ $page_parameter=WT_Filter::get('mid', WT_REGEX_XREF);
break;
default:
$page_parameter='';
diff --git a/includes/session.php b/includes/session.php
index ad6b840f75..7fa23f5c82 100644
--- a/includes/session.php
+++ b/includes/session.php
@@ -85,10 +85,6 @@ define('WT_REGEX_ALPHANUM', '[a-zA-Z0-9]+');
define('WT_REGEX_BYTES', '[0-9]+[bBkKmMgG]?');
define('WT_REGEX_USERNAME', '[^<>"%{};]+');
define('WT_REGEX_PASSWORD', '.{'.WT_MINIMUM_PASSWORD_LENGTH.',}');
-define('WT_REGEX_NOSCRIPT', '[^<>"&%{};]*');
-define('WT_REGEX_URL', '[\/0-9A-Za-z_!~*\'().;?:@&=+$,%#-]+'); // Simple list of valid chars
-define('WT_REGEX_EMAIL', '[^\s<>"&%{};@]+@[^\s<>"&%{};@]+');
-define('WT_REGEX_UNSAFE', '[\x00-\xFF]*'); // Use with care and apply additional validation!
// UTF8 representation of various characters
define('WT_UTF8_BOM', "\xEF\xBB\xBF"); // U+FEFF
@@ -436,7 +432,7 @@ require WT_ROOT.'includes/config_data.php';
// If we are logged in, and logout=1 has been added to the URL, log out
// If we were logged in, but our account has been deleted, log out.
-if (WT_USER_ID && (safe_GET_bool('logout') || !WT_USER_NAME)) {
+if (WT_USER_ID && (WT_Filter::getBool('logout') || !WT_USER_NAME)) {
userLogout(WT_USER_ID);
header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH);
exit;
@@ -470,13 +466,13 @@ if (WT_USER_ID) {
}
// Set the theme
-if (substr(WT_SCRIPT_NAME, 0, 5)=='admin' || WT_SCRIPT_NAME=='module.php' && substr(safe_GET('mod_action'), 0, 5)=='admin') {
+if (substr(WT_SCRIPT_NAME, 0, 5)=='admin' || WT_SCRIPT_NAME=='module.php' && substr(WT_Filter::get('mod_action'), 0, 5)=='admin') {
// Administration scripts begin with “admin” and use a special administration theme
define('WT_THEME_DIR', WT_THEMES_DIR.'_administration/');
} else {
if (WT_Site::preference('ALLOW_USER_THEMES')) {
// Requested change of theme?
- $THEME_DIR=safe_GET('theme', get_theme_names());
+ $THEME_DIR = WT_Filter::get('theme');
unset($_GET['theme']);
// Last theme used?
if (!$THEME_DIR && in_array($WT_SESSION->theme_dir, get_theme_names())) {
diff --git a/index.php b/index.php
index 779ddc2679..f7f75a38a9 100644
--- a/index.php
+++ b/index.php
@@ -33,41 +33,41 @@ define('WT_SCRIPT_NAME', 'index.php');
require './includes/session.php';
// The only option for action is "ajax"
-$action=safe_REQUEST($_REQUEST, 'action', 'ajax');
+$action = WT_Filter::get('action');
// The default view depends on whether we are logged in
-$ctype=safe_REQUEST($_REQUEST, 'ctype', array('gedcom', 'user'), WT_USER_ID ? 'user' : 'gedcom');
+$ctype = WT_Filter::get('ctype', 'gedcom|user', WT_USER_ID ? 'user' : 'gedcom');
-//-- get the blocks list
+// Get the blocks list
if (WT_USER_ID && $ctype=='user') {
- $blocks=get_user_blocks(WT_USER_ID);
+ $blocks = get_user_blocks(WT_USER_ID);
} else {
- $blocks=get_gedcom_blocks(WT_GED_ID);
+ $blocks = get_gedcom_blocks(WT_GED_ID);
}
-$all_blocks=WT_Module::getActiveBlocks();
+$all_blocks = WT_Module::getActiveBlocks();
-// The latest version is shown on the administration page. This updates it every 3 days.
+// The latest version is shown on the administration page. This updates it every day.
// TODO: send an email notification to the admin when new versions are available.
fetch_latest_version();
// We generate individual blocks using AJAX
-if ($action=='ajax') {
- $controller=new WT_Controller_Ajax();
+if ($action == 'ajax') {
+ $controller = new WT_Controller_Ajax();
$controller->pageHeader();
// Check we’re displaying an allowable block.
- $block_id=safe_GET('block_id');
+ $block_id = WT_Filter::getInteger('block_id');
if (array_key_exists($block_id, $blocks['main'])) {
- $module_name=$blocks['main'][$block_id];
+ $module_name = $blocks['main'][$block_id];
} elseif (array_key_exists($block_id, $blocks['side'])) {
- $module_name=$blocks['side'][$block_id];
+ $module_name = $blocks['side'][$block_id];
} else {
exit;
}
if (array_key_exists($module_name, $all_blocks)) {
- $class_name=$module_name.'_WT_Module';
- $module=new $class_name;
+ $class_name = $module_name.'_WT_Module';
+ $module = new $class_name;
$module->getBlock($block_id);
}
if (WT_DEBUG) {
@@ -147,4 +147,4 @@ echo '<div id="link_change_blocks">';
if (WT_USER_GEDCOM_ADMIN && $ctype=='gedcom') echo '<a href="index_edit.php?gedcom_id='.WT_GED_ID.'" onclick="return modalDialog(\'index_edit.php?gedcom_id='.WT_GED_ID.'\', \'', WT_I18N::translate('Change the blocks on this page'), '\');">', WT_I18N::translate('Change the blocks on this page'), '</a>';
if ($SHOW_COUNTER) {echo '<span>'.WT_I18N::translate('Hit Count:').' '.$hitCount.'</span>';}
echo '</div>', // <div id="link_change_blocks">
- '</div>'; // <div id="home-page">
+ '</div>'; // <div id="home-page"> \ No newline at end of file
diff --git a/index_edit.php b/index_edit.php
index 1350d60d68..a164c43d12 100644
--- a/index_edit.php
+++ b/index_edit.php
@@ -27,11 +27,11 @@ require './includes/session.php';
$controller=new WT_Controller_Ajax();
// Only one of $user_id and $gedcom_id should be set
-$user_id=safe_REQUEST($_REQUEST, 'user_id');
+$user_id = WT_Filter::get('user_id', WT_REGEX_INTEGER, WT_Filter::post('user_id', WT_REGEX_INTEGER));
if ($user_id) {
- $gedcom_id=null;
+ $gedcom_id = null;
} else {
- $gedcom_id=safe_REQUEST($_REQUEST, 'gedcom_id');
+ $gedcom_id = WT_Filter::get('gedcom_id', WT_REGEX_INTEGER, WT_Filter::post('gedcom_id', WT_REGEX_INTEGER));
}
// Only an admin can edit the "default" page
@@ -47,7 +47,7 @@ if (
exit;
}
-$action=safe_GET('action');
+$action = WT_Filter::get('action');
if (isset($_REQUEST['main'])) {
$main=$_REQUEST['main'];
diff --git a/indilist.php b/indilist.php
index c50aa56958..eaeff0ce23 100644
--- a/indilist.php
+++ b/indilist.php
@@ -32,19 +32,19 @@ $controller=new WT_Controller_Page();
// We show three different lists: initials, surnames and individuals
// Note that the data may contain special chars, such as surname="<unknown>",
-$alpha =safe_GET('alpha', WT_REGEX_UNSAFE); // All surnames beginning with this letter where "@"=unknown and ","=none
-$surname =safe_GET('surname', WT_REGEX_UNSAFE); // All indis with this surname. NB - allow ' and "
-$show_all=safe_GET('show_all', array('no','yes'), 'no'); // All indis
+$alpha = WT_Filter::get('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none
+$surname = WT_Filter::get('surname'); // All indis with this surname.
+$show_all = WT_Filter::get('show_all', 'no|yes', 'no'); // All indis
// Long lists can be broken down by given name
-$show_all_firstnames=safe_GET('show_all_firstnames', array('no','yes'), 'no');
+$show_all_firstnames = WT_Filter::get('show_all_firstnames', 'no|yes', 'no');
if ($show_all_firstnames=='yes') {
$falpha='';
} else {
- $falpha=safe_GET('falpha'); // All first names beginning with this letter
+ $falpha = WT_Filter::get('falpha'); // All first names beginning with this letter
}
$show_marnm=get_user_setting(WT_USER_ID, WT_SCRIPT_NAME.'_show_marnm');
-switch (safe_GET('show_marnm', array('no','yes'))) {
+switch (WT_Filter::get('show_marnm', 'no|yes')) {
case 'no':
$show_marnm=false;
if (WT_USER_ID) {
@@ -63,23 +63,23 @@ case 'yes':
// i.e. can't specify show_all and surname at the same time.
if ($show_all=='yes') {
if ($show_all_firstnames=='yes') {
- $alpha='';
- $surname='';
- $legend=WT_I18N::translate('All');
- $url=WT_SCRIPT_NAME.'?show_all=yes&amp;ged='.WT_GEDURL;
- $show='indi';
+ $alpha = '';
+ $surname = '';
+ $legend = WT_I18N::translate('All');
+ $url = WT_SCRIPT_NAME.'?show_all=yes&amp;ged='.WT_GEDURL;
+ $show = 'indi';
} else if ($falpha) {
- $alpha='';
- $surname='';
- $legend=WT_I18N::translate('All').', '.WT_Filter::escapeHtml($falpha).'…';
- $url=WT_SCRIPT_NAME.'?show_all=yes&amp;ged='.WT_GEDURL;
- $show='indi';
+ $alpha = '';
+ $surname = '';
+ $legend = WT_I18N::translate('All').', '.WT_Filter::escapeHtml($falpha).'…';
+ $url = WT_SCRIPT_NAME.'?show_all=yes&amp;ged='.WT_GEDURL;
+ $show = 'indi';
} else {
- $alpha='';
- $surname='';
- $legend=WT_I18N::translate('All');
- $url=WT_SCRIPT_NAME.'?show_all=yes'.'&amp;ged='.WT_GEDURL;
- $show=safe_GET('show', array('surn', 'indi'), 'surn');
+ $alpha = '';
+ $surname = '';
+ $legend = WT_I18N::translate('All');
+ $url = WT_SCRIPT_NAME.'?show_all=yes'.'&amp;ged='.WT_GEDURL;
+ $show = WT_Filter::get('show', 'surn|indi', 'surn');
}
} elseif ($surname) {
$alpha=WT_Query_Name::initialLetter($surname); // so we can highlight the initial letter
@@ -104,25 +104,25 @@ if ($show_all=='yes') {
}
$show='indi'; // SURN list makes no sense here
} elseif ($alpha=='@') {
- $show_all='no';
- $legend=$UNKNOWN_NN;
- $url=WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&amp;ged='.WT_GEDURL;
- $show='indi'; // SURN list makes no sense here
+ $show_all = 'no';
+ $legend = $UNKNOWN_NN;
+ $url = WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&amp;ged='.WT_GEDURL;
+ $show = 'indi'; // SURN list makes no sense here
} elseif ($alpha==',') {
- $show_all='no';
- $legend=WT_I18N::translate('None');
- $url=WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&amp;ged='.WT_GEDURL;
- $show='indi'; // SURN list makes no sense here
+ $show_all = 'no';
+ $legend = WT_I18N::translate('None');
+ $url = WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&amp;ged='.WT_GEDURL;
+ $show = 'indi'; // SURN list makes no sense here
} elseif ($alpha) {
$show_all='no';
- $legend=WT_Filter::escapeHtml($alpha).'…';
- $url=WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&amp;ged='.WT_GEDURL;
- $show=safe_GET('show', array('surn', 'indi'), 'surn');
+ $legend = WT_Filter::escapeHtml($alpha).'…';
+ $url = WT_SCRIPT_NAME.'?alpha='.rawurlencode($alpha).'&amp;ged='.WT_GEDURL;
+ $show = WT_Filter::get('show', 'surn|indi', 'surn');
} else {
- $show_all='no';
- $legend='…';
- $url=WT_SCRIPT_NAME.'?ged='.WT_GEDURL;
- $show='none'; // Don't show lists until something is chosen
+ $show_all = 'no';
+ $legend = '…';
+ $url = WT_SCRIPT_NAME.'?ged='.WT_GEDURL;
+ $show = 'none'; // Don't show lists until something is chosen
}
$legend='<span dir="auto">'.$legend.'</span>';
diff --git a/individual.php b/individual.php
index e9e1e4de59..58e0b8be01 100644
--- a/individual.php
+++ b/individual.php
@@ -33,7 +33,7 @@ $controller
->addInlineJavascript('var catch_and_ignore; function paste_id(value) {catch_and_ignore = value;}'); // For the "find" links
if ($controller->record && $controller->record->canShow()) {
- if (safe_GET('action')=='ajax') {
+ if (WT_Filter::get('action')=='ajax') {
$controller->ajaxRequest();
exit;
}
@@ -256,4 +256,4 @@ echo
'</div>', //close indi_left
$sidebar_html,
'<a href="#" id="separator" title="', WT_I18N::translate('Click here to open or close the sidebar'), '"></a>',//clickable element to open/close sidebar
- '<div style="clear:both;">&nbsp;</div></div>'; // close #main
+ '<div style="clear:both;">&nbsp;</div></div>'; // close #main \ No newline at end of file
diff --git a/inverselink.php b/inverselink.php
index e4e4e9b5db..167e6c2651 100644
--- a/inverselink.php
+++ b/inverselink.php
@@ -35,10 +35,10 @@ $controller
->pageHeader();
//-- page parameters and checking
-$linktoid = safe_GET_xref('linktoid');
-$mediaid = safe_GET_xref('mediaid');
-$linkto = safe_GET ('linkto', array('person', 'source', 'family', 'manage', 'repository', 'note'));
-$action = safe_GET ('action', WT_REGEX_ALPHA, 'choose');
+$linktoid = WT_Filter::get('linktoid', WT_REGEX_XREF);
+$mediaid = WT_Filter::get('mediaid', WT_REGEX_XREF);
+$linkto = WT_Filter::get('linkto', 'person|source|family|manage|repository|note');
+$action = WT_Filter::get('action', 'choose|update', 'choose');
// If GedFAct_assistant/_MEDIA/ installed ======================
if ($linkto=='manage' && array_key_exists('GEDFact_assistant', WT_Module::getActiveModules())) {
diff --git a/js/webtrees-1.5.0.js b/js/webtrees-1.5.0.js
index 2c0da618e8..a7f9c5c7db 100644
--- a/js/webtrees-1.5.0.js
+++ b/js/webtrees-1.5.0.js
@@ -1221,8 +1221,8 @@ function ilinkitem(mediaid, type, ged) {
return false;
}
-function message(username, method, url, subject) {
- window.open('message.php?to='+username+'&method='+method+'&url='+url+'&subject='+subject, '_blank', mesg_window_specs);
+function message(username, method, url) {
+ window.open('message.php?to='+username+'&method='+method+'&url='+url, '_blank', mesg_window_specs);
return false;
}
diff --git a/library/WT/Controller/Ancestry.php b/library/WT/Controller/Ancestry.php
index dabacdadb6..c1bccc4384 100644
--- a/library/WT/Controller/Ancestry.php
+++ b/library/WT/Controller/Ancestry.php
@@ -46,11 +46,11 @@ class WT_Controller_Ancestry extends WT_Controller_Chart {
parent::__construct();
// Extract form parameters
- $this->show_full =safe_GET('show_full', array('0', '1'), $PEDIGREE_FULL_DETAILS);
- $this->show_cousins =safe_GET('show_cousins', array('0', '1'), '0');
- $this->chart_style =safe_GET_integer('chart_style', 0, 3, 0);
- $box_width =safe_GET_integer('box_width', 50, 300, 100);
- $PEDIGREE_GENERATIONS=safe_GET_integer('PEDIGREE_GENERATIONS', 2, $MAX_PEDIGREE_GENERATIONS, $DEFAULT_PEDIGREE_GENERATIONS);
+ $this->show_full = WT_Filter::getInteger('show_full', 0, 1, $PEDIGREE_FULL_DETAILS);
+ $this->show_cousins = WT_Filter::getInteger('show_cousins', 0, 1);
+ $this->chart_style = WT_Filter::getInteger('chart_style', 0, 3);
+ $box_width = WT_Filter::getInteger('box_width', 50, 300, 100);
+ $PEDIGREE_GENERATIONS = WT_Filter::getInteger('PEDIGREE_GENERATIONS', 2, $MAX_PEDIGREE_GENERATIONS, $DEFAULT_PEDIGREE_GENERATIONS);
// This is passed as a global. A parameter would be better...
$show_full=$this->show_full;
@@ -157,4 +157,4 @@ class WT_Controller_Ancestry extends WT_Controller_Chart {
}
echo '</li>';
}
-}
+} \ No newline at end of file
diff --git a/library/WT/Controller/Chart.php b/library/WT/Controller/Chart.php
index f418e0c12a..9b7176b4e3 100644
--- a/library/WT/Controller/Chart.php
+++ b/library/WT/Controller/Chart.php
@@ -31,7 +31,7 @@ class WT_Controller_Chart extends WT_Controller_Page {
public function __construct() {
parent::__construct();
- $this->rootid = safe_GET_xref('rootid');
+ $this->rootid = WT_Filter::get('rootid', WT_REGEX_XREF);
if ($this->rootid) {
$this->root = WT_Individual::getInstance($this->rootid);
} else {
diff --git a/library/WT/Controller/Compact.php b/library/WT/Controller/Compact.php
index 36621e208f..5d21848056 100644
--- a/library/WT/Controller/Compact.php
+++ b/library/WT/Controller/Compact.php
@@ -37,7 +37,7 @@ class WT_Controller_Compact extends WT_Controller_Chart {
parent::__construct();
// Extract the request parameters
- $this->show_thumbs=safe_GET_bool('show_thumbs');
+ $this->show_thumbs = WT_Filter::getBool('show_thumbs');
if ($this->root && $this->root->canShowName()) {
$this->setPageTitle(
@@ -124,4 +124,4 @@ class WT_Controller_Compact extends WT_Controller_Chart {
return $text;
}
-}
+} \ No newline at end of file
diff --git a/library/WT/Controller/Descendancy.php b/library/WT/Controller/Descendancy.php
index 5bcd08409c..7f8cc1d510 100644
--- a/library/WT/Controller/Descendancy.php
+++ b/library/WT/Controller/Descendancy.php
@@ -57,11 +57,10 @@ class WT_Controller_Descendancy extends WT_Controller_Chart {
parent::__construct();
// Extract parameters from form
- $this->show_full =safe_GET('show_full', array('0', '1'), $PEDIGREE_FULL_DETAILS);
- $this->chart_style=safe_GET_integer('chart_style', 0, 3, 0);
- $this->generations=safe_GET_integer('generations', 2, $MAX_DESCENDANCY_GENERATIONS, $DEFAULT_PEDIGREE_GENERATIONS);
- $this->box_width =safe_GET_integer('box_width', 50, 300, 100);
- $box_width =safe_GET_integer('box_width', 50, 300, 100);
+ $this->show_full = WT_Filter::getInteger('show_full', 0, 1, $PEDIGREE_FULL_DETAILS);
+ $this->chart_style = WT_Filter::getInteger('chart_style', 0, 3, 0);
+ $this->generations = WT_Filter::getInteger('generations', 2, $MAX_DESCENDANCY_GENERATIONS, $DEFAULT_PEDIGREE_GENERATIONS);
+ $this->box_width = WT_Filter::getInteger('box_width', 50, 300, 100);
// This is passed as a global. A parameter would be better...
$show_full=$this->show_full;
@@ -69,18 +68,18 @@ class WT_Controller_Descendancy extends WT_Controller_Chart {
if (!isset($this->personcount)) $this->personcount = 1;
// -- size of the detailed boxes based upon optional width parameter
- $Dbwidth=($box_width*$bwidth)/100;
- $Dbheight=($box_width*$bheight)/100;
- $bwidth=$Dbwidth;
- $bheight=$Dbheight;
+ $Dbwidth = ($this->box_width*$bwidth)/100;
+ $Dbheight = ($this->box_width*$bheight)/100;
+ $bwidth = $Dbwidth;
+ $bheight = $Dbheight;
// -- adjust size of the compact box
if (!$this->show_full) {
- $bwidth = $cbwidth;
+ $bwidth = $cbwidth;
$bheight = $cbheight;
}
- $pbwidth = $bwidth+12;
+ $pbwidth = $bwidth+12;
$pbheight = $bheight+14;
// Validate form variables
diff --git a/library/WT/Controller/Family.php b/library/WT/Controller/Family.php
index 1c23c87727..e9dad051cf 100644
--- a/library/WT/Controller/Family.php
+++ b/library/WT/Controller/Family.php
@@ -36,7 +36,7 @@ class WT_Controller_Family extends WT_Controller_GedcomRecord {
$pbwidth = $bwidth + 12;
$pbheight = $bheight + 14;
- $xref = safe_GET_xref('famid');
+ $xref = WT_Filter::get('famid', WT_REGEX_XREF);
$this->record = WT_Family::getInstance($xref);
parent::__construct();
diff --git a/library/WT/Controller/Familybook.php b/library/WT/Controller/Familybook.php
index 9cd1ade561..8e4824c094 100644
--- a/library/WT/Controller/Familybook.php
+++ b/library/WT/Controller/Familybook.php
@@ -28,7 +28,7 @@ if (!defined('WT_WEBTREES')) {
class WT_Controller_Familybook extends WT_Controller_Chart {
// Data for the view
- public $pid =" ";
+ public $pid =null;
public $show_full =null;
public $show_spouse=null;
public $descent =null;
@@ -45,12 +45,12 @@ class WT_Controller_Familybook extends WT_Controller_Chart {
$MAX_DESCENDANCY_GENERATIONS=get_gedcom_setting(WT_GED_ID, 'MAX_DESCENDANCY_GENERATIONS');
// Extract the request parameters
- $this->pid =safe_GET_xref('rootid');
- $this->show_full =safe_GET('show_full', array('0', '1'), $PEDIGREE_FULL_DETAILS);
- $this->show_spouse=safe_GET('show_spouse', '1', '0');
- $this->descent =safe_GET_integer('descent', 0, 9, 5);
- $this->generations=safe_GET_integer('generations', 2, $MAX_DESCENDANCY_GENERATIONS, 2);
- $this->box_width =safe_GET_integer('box_width', 50, 300, 100);
+ $this->pid = WT_Filter::get('rootid', WT_REGEX_XREF);
+ $this->show_full = WT_Filter::getInteger('show_full', 0, 1, $PEDIGREE_FULL_DETAILS);
+ $this->show_spouse = WT_Filter::getInteger('show_spouse', 0, 1);
+ $this->descent = WT_Filter::getInteger('descent', 0, 9, 5);
+ $this->generations = WT_Filter::getInteger('generations', 2, $MAX_DESCENDANCY_GENERATIONS, 2);
+ $this->box_width = WT_Filter::getInteger('box_width', 50, 300, 100);
// Box sizes are set globally in the theme. Modify them here.
global $bwidth, $bheight, $cbwidth, $cbheight, $Dbwidth, $bhalfheight, $Dbheight;
diff --git a/library/WT/Controller/Fanchart.php b/library/WT/Controller/Fanchart.php
index 94a13ae58e..2606857ad4 100644
--- a/library/WT/Controller/Fanchart.php
+++ b/library/WT/Controller/Fanchart.php
@@ -40,9 +40,9 @@ class WT_Controller_Fanchart extends WT_Controller_Chart {
$default_generations=get_gedcom_setting(WT_GED_ID, 'DEFAULT_PEDIGREE_GENERATIONS');
// Extract the request parameters
- $this->fan_style =safe_GET_integer('fan_style', 2, 4, 3);
- $this->fan_width =safe_GET_integer('fan_width', 50, 300, 100);
- $this->generations=safe_GET_integer('generations', 2, 9, $default_generations);
+ $this->fan_style = WT_Filter::getInteger('fan_style', 2, 4, 3);
+ $this->fan_width = WT_Filter::getInteger('fan_width', 50, 300, 100);
+ $this->generations = WT_Filter::getInteger('generations', 2, 9, $default_generations);
if ($this->root && $this->root->canShowName()) {
$this->setPageTitle(
@@ -210,8 +210,15 @@ class WT_Controller_Fanchart extends WT_Controller_Chart {
$pid = $treeid[$sosa];
$person = WT_Individual::getInstance($pid);
if ($person) {
- $name = $person->getFullName();
- $addname = $person->getAddName();
+ $name = WT_Filter::unescapeHtml($person->getFullName());
+ $addname = WT_Filter::unescapeHtml($person->getAddName());
+
+ $text = reverseText($name);
+ if ($addname) {
+ $text .= "\n" . reverseText($addname);
+ }
+
+ $text .= "\n" . WT_Filter::unescapeHtml($person->getLifeSpan());
switch($person->getSex()) {
case 'M':
@@ -227,14 +234,6 @@ class WT_Controller_Fanchart extends WT_Controller_Chart {
ImageFilledArc($image, $cx, $cy, $rx, $rx, $deg1, $deg2, $bg, IMG_ARC_PIE);
- $text = reverseText($name) . "\n";
- if (!empty($addname)) $text .= reverseText($addname). "\n";
-
- $text .= $person->getLifeSpan();
-
- $text = strip_tags($text);
- $text = htmlspecialchars_decode($text);
-
// split and center text by lines
$wmax = (int)($angle*7/$fanChart['size']*$scale);
$wmax = min($wmax, 35*$scale);
diff --git a/library/WT/Controller/Hourglass.php b/library/WT/Controller/Hourglass.php
index 777e007b43..f662aa9604 100644
--- a/library/WT/Controller/Hourglass.php
+++ b/library/WT/Controller/Hourglass.php
@@ -52,12 +52,11 @@ class WT_Controller_Hourglass extends WT_Controller_Chart {
parent::__construct();
// Extract parameters from from
- $this->pid =safe_GET_xref('rootid');
- $this->show_full =safe_GET('show_full', array('0', '1'), $PEDIGREE_FULL_DETAILS);
- $this->show_spouse=safe_GET('show_spouse', array('0', '1'), '0');
- $this->generations=safe_GET_integer('generations', 2, $MAX_DESCENDANCY_GENERATIONS, 3);
- $this->box_width =safe_GET_integer('box_width', 50, 300, 100);
- $box_width =safe_GET_integer('box_width', 50, 300, 100);
+ $this->pid = WT_Filter::get('rootid', WT_REGEX_XREF);
+ $this->show_full = WT_Filter::getInteger('show_full', 0, 1, $PEDIGREE_FULL_DETAILS);
+ $this->show_spouse = WT_Filter::getInteger('show_spouse', 0, 1, 0);
+ $this->generations = WT_Filter::getInteger('generations', 2, $MAX_DESCENDANCY_GENERATIONS, 3);
+ $this->box_width = WT_Filter::getInteger('box_width', 50, 300, 100);
// This is passed as a global. A parameter would be better...
$show_full=$this->show_full;
@@ -74,8 +73,8 @@ class WT_Controller_Hourglass extends WT_Controller_Chart {
}
// -- size of the detailed boxes based upon optional width parameter
- $Dbwidth=($box_width*$bwidth)/100;
- $Dbheight=($box_width*$bheight)/100;
+ $Dbwidth=($this->box_width*$bwidth)/100;
+ $Dbheight=($this->box_width*$bheight)/100;
$bwidth=$Dbwidth;
$bheight=$Dbheight;
diff --git a/library/WT/Controller/Individual.php b/library/WT/Controller/Individual.php
index a540683e13..e7ca13b6bb 100644
--- a/library/WT/Controller/Individual.php
+++ b/library/WT/Controller/Individual.php
@@ -38,7 +38,7 @@ class WT_Controller_Individual extends WT_Controller_GedcomRecord {
function __construct() {
global $USE_RIN;
- $xref = safe_GET_xref('pid');
+ $xref = WT_Filter::get('pid', WT_REGEX_XREF);
$this->record = WT_Individual::getInstance($xref);
if (!$this->record && $USE_RIN) {
@@ -87,7 +87,7 @@ class WT_Controller_Individual extends WT_Controller_GedcomRecord {
}
// Initialise tabs
- $tab=safe_GET('module');
+ $tab=WT_Filter::get('module');
// A request for a non-existant tab?
if (array_key_exists($tab, $this->tabs)) {
diff --git a/library/WT/Controller/Lifespan.php b/library/WT/Controller/Lifespan.php
index 2621efab05..d5d7eaae75 100644
--- a/library/WT/Controller/Lifespan.php
+++ b/library/WT/Controller/Lifespan.php
@@ -83,19 +83,19 @@ class WT_Controller_Lifespan extends WT_Controller_Page {
$this->endDate = $this->currentYear;
// Request parameters
- $newpid=safe_GET_xref('newpid');
- $remove=safe_GET_xref('remove');
- $pids =safe_GET_xref('pids');
- $clear =safe_GET_bool('clear');
- $addfam=safe_GET_bool('addFamily');
- $place =safe_GET('place');
- $beginYear=safe_GET_integer('beginYear', 0, date('Y')+100, 0);
- $endYear =safe_GET_integer('endYear', 0, date('Y')+100, 0);
+ $newpid = WT_Filter::get('newpid', WT_REGEX_XREF);
+ $remove = WT_Filter::get('remove', WT_REGEX_XREF);
+ $pids = WT_Filter::getArray('pids', WT_REGEX_XREF);
+ $clear = WT_Filter::getBool('clear');
+ $addfam = WT_Filter::getBool('addFamily');
+ $place = WT_Filter::get('place');
+ $beginYear = WT_Filter::getInteger('beginYear', 0, date('Y')+100, 0);
+ $endYear = WT_Filter::getInteger('endYear', 0, date('Y')+100, 0);
if ($clear) {
// Empty list
$this->pids=array();
- } elseif (is_array($pids)) {
+ } elseif ($pids) {
// List of specified records
$this->pids=$pids;
} elseif ($place) {
diff --git a/library/WT/Controller/Media.php b/library/WT/Controller/Media.php
index c19cc7c997..12066c7831 100644
--- a/library/WT/Controller/Media.php
+++ b/library/WT/Controller/Media.php
@@ -32,7 +32,7 @@ require_once WT_ROOT.'includes/functions/functions_import.php';
class WT_Controller_Media extends WT_Controller_GedcomRecord {
public function __construct() {
- $xref = safe_GET_xref('mid');
+ $xref = WT_Filter::get('mid', WT_REGEX_XREF);
$this->record = WT_Media::getInstance($xref);
parent::__construct();
diff --git a/library/WT/Controller/Note.php b/library/WT/Controller/Note.php
index 77a693ec49..42fd3b4b0c 100644
--- a/library/WT/Controller/Note.php
+++ b/library/WT/Controller/Note.php
@@ -31,7 +31,7 @@ require_once WT_ROOT.'includes/functions/functions_import.php';
class WT_Controller_Note extends WT_Controller_GedcomRecord {
public function __construct() {
- $xref = safe_GET_xref('nid');
+ $xref = WT_Filter::get('nid', WT_REGEX_XREF);
$this->record = WT_Note::getInstance($xref);
parent::__construct();
diff --git a/library/WT/Controller/Pedigree.php b/library/WT/Controller/Pedigree.php
index ad68d9bc27..82c18cd354 100644
--- a/library/WT/Controller/Pedigree.php
+++ b/library/WT/Controller/Pedigree.php
@@ -60,10 +60,10 @@ class WT_Controller_Pedigree extends WT_Controller_Chart {
$this->shadowoffsetX = $shadowoffsetX;
$this->shadowoffsetY = $shadowoffsetY;
- $this->show_full =safe_GET('show_full', array('0', '1'), $PEDIGREE_FULL_DETAILS);
- $this->talloffset=safe_GET('talloffset', array('0', '1', '2', '3'), $PEDIGREE_LAYOUT);
- $this->box_width =safe_GET_integer('box_width', 50, 300, 100);
- $this->PEDIGREE_GENERATIONS=safe_GET_integer('PEDIGREE_GENERATIONS', 2, $MAX_PEDIGREE_GENERATIONS, $DEFAULT_PEDIGREE_GENERATIONS);
+ $this->show_full = WT_Filter::getInteger('show_full', 0, 1, $PEDIGREE_FULL_DETAILS);
+ $this->talloffset = WT_Filter::getInteger('talloffset', 0, 3, $PEDIGREE_LAYOUT);
+ $this->box_width = WT_Filter::getInteger('box_width', 50, 300, 100);
+ $this->PEDIGREE_GENERATIONS = WT_Filter::getInteger('PEDIGREE_GENERATIONS', 2, $MAX_PEDIGREE_GENERATIONS, $DEFAULT_PEDIGREE_GENERATIONS);
if ($this->talloffset==1) $this->talloffset=1; // Make SURE this is an integer
if ($this->talloffset>1 && $this->PEDIGREE_GENERATIONS>8) $this->PEDIGREE_GENERATIONS=8;
@@ -253,4 +253,4 @@ class WT_Controller_Pedigree extends WT_Controller_Chart {
if ($f<count($treeid)) adjust_subtree($f, $diff);
if ($m<count($treeid)) adjust_subtree($m, $diff);
}
-}
+} \ No newline at end of file
diff --git a/library/WT/Controller/Repository.php b/library/WT/Controller/Repository.php
index 0ce83b8a38..96b4b58ab0 100644
--- a/library/WT/Controller/Repository.php
+++ b/library/WT/Controller/Repository.php
@@ -31,7 +31,7 @@ require_once WT_ROOT.'includes/functions/functions_import.php';
class WT_Controller_Repository extends WT_Controller_GedcomRecord {
public function __construct() {
- $xref = safe_GET_xref('rid');
+ $xref = WT_Filter::get('rid', WT_REGEX_XREF);
$this->record = WT_Repository::getInstance($xref);
parent::__construct();
diff --git a/library/WT/Controller/Search.php b/library/WT/Controller/Search.php
index f4f7a9e9f7..47f5ffed96 100644
--- a/library/WT/Controller/Search.php
+++ b/library/WT/Controller/Search.php
@@ -79,10 +79,13 @@ class WT_Controller_Search extends WT_Controller_Page {
function __construct() {
parent::__construct();
- // action comes from $_GET (menus) or $_POST (form submission)
- $this->action=safe_REQUEST($_REQUEST, 'action', array('advanced', 'general', 'soundex', 'replace'), 'general');
+ // $action comes from $_GET (menus) or $_POST (form submission)
+ $this->action = WT_Filter::get('action', 'advanced|general|soundex|replace');
+ if (!$this->action) {
+ $this->action = WT_Filter::post('action', 'advanced|general|soundex|replace');
+ }
- $topsearch=safe_POST_bool('topsearch');
+ $topsearch = WT_Filter::postBool('topsearch');
if ($topsearch) {
$this->isPostBack = true;
@@ -92,25 +95,15 @@ class WT_Controller_Search extends WT_Controller_Page {
$this->srnote = 'yes';
}
- // Get the query and remove slashes
- if (isset ($_REQUEST["query"])) {
- // Reset the "Search" text from the page header
- if (strlen($_REQUEST["query"])<2) {
- $this->query="";
- $this->myquery="";
- } else {
- $this->query = $_REQUEST["query"];
- $this->myquery = WT_Filter::escapeHtml($this->query);
- }
- }
- if (isset ($_REQUEST["replace"])) {
- $this->replace = $_REQUEST["replace"];
+ // Get the query
+ $this->query = WT_Filter::post('query', '.{2,}');
+ $this->myquery = WT_Filter::escapeHtml($this->query);
- if (isset($_REQUEST["replaceNames"])) $this->replaceNames = true;
- if (isset($_REQUEST["replacePlaces"])) $this->replacePlaces = true;
- if (isset($_REQUEST["replacePlacesWord"])) $this->replacePlacesWord = true;
- if (isset($_REQUEST["replaceAll"])) $this->replaceAll = true;
- }
+ $this->replace = WT_Filter::post('replace');
+ $this->replaceNames = WT_Filter::postBool('replaceNames');
+ $this->replacePlaces = WT_Filter::postBool('replacePlaces');
+ $this->replacePlacesWord = WT_Filter::postBool('replacePlacesWord');
+ $this->replaceAll = WT_Filter::postBool('replaceAll');
// TODO: fetch each variable independently, using appropriate validation
// Aquire all the variables values from the $_REQUEST
@@ -137,29 +130,14 @@ class WT_Controller_Search extends WT_Controller_Page {
}
// vars use for soundex search
- if (!empty ($_REQUEST["firstname"])) {
- $this->firstname = $_REQUEST["firstname"];
- } else {
- $this->firstname="";
- }
- if (!empty ($_REQUEST["lastname"])) {
- $this->lastname = $_REQUEST["lastname"];
- } else {
- $this->lastname="";
- }
- if (!empty ($_REQUEST["place2"])) {
- $this->place = $_REQUEST["place2"];
- } else {
- $this->place="";
- }
- if (!empty ($_REQUEST["year"])) {
- $this->year = $_REQUEST["year"];
- } else {
- $this->year="";
- }
+ $this->firstname = WT_Filter::post('firstname');
+ $this->lastname = WT_Filter::post('lastname');
+ $this->place2 = WT_Filter::post('place2');
+ $this->year = WT_Filter::post('year');
+
// Set the search result titles for soundex searches
if ($this->firstname || $this->lastname || $this->place) {
- $this->myquery=WT_Filter::escapeHtml(implode(' ', array($this->firstname, $this->lastname, $this->place)));
+ $this->myquery = WT_Filter::escapeHtml(implode(' ', array($this->firstname, $this->lastname, $this->place)));
};
if (!empty ($_REQUEST["name"])) {
diff --git a/library/WT/Controller/Source.php b/library/WT/Controller/Source.php
index 607cda59be..4914123578 100644
--- a/library/WT/Controller/Source.php
+++ b/library/WT/Controller/Source.php
@@ -31,7 +31,7 @@ require_once WT_ROOT.'includes/functions/functions_import.php';
class WT_Controller_Source extends WT_Controller_GedcomRecord {
public function __construct() {
- $xref = safe_GET_xref('sid');
+ $xref = WT_Filter::get('sid', WT_REGEX_XREF);
$this->record = WT_Source::getInstance($xref);
parent::__construct();
diff --git a/library/WT/Controller/Timeline.php b/library/WT/Controller/Timeline.php
index 53523a5613..2206881c9d 100644
--- a/library/WT/Controller/Timeline.php
+++ b/library/WT/Controller/Timeline.php
@@ -50,20 +50,17 @@ class WT_Controller_Timeline extends WT_Controller_Page {
$this->baseyear = date("Y");
//-- new pid
- $newpid=safe_GET_xref('newpid');
+ $newpid = WT_Filter::get('newpid', WT_REGEX_XREF);
//-- pids array
- $this->pids=safe_GET_xref('pids');
- if (!is_array($this->pids)) {
- $this->pids = array();
- }
+ $this->pids = WT_Filter::getArray('pids', WT_REGEX_XREF);
//-- make sure that arrays are indexed by numbers
$this->pids = array_values($this->pids);
if (!empty($newpid) && !in_array($newpid, $this->pids)) {
$this->pids[] = $newpid;
}
if (count($this->pids)==0) $this->pids[] = $this->getSignificantIndividual()->getXref();
- $remove = safe_GET_xref('remove');
+ $remove = WT_Filter::get('remove', WT_REGEX_XREF);
//-- cleanup user input
$newpids = array();
foreach ($this->pids as $value) {
@@ -123,7 +120,7 @@ class WT_Controller_Timeline extends WT_Controller_Page {
}
}
}
- $scale=safe_GET_integer('scale', 0, 200, 0);
+ $scale = WT_Filter::getInteger('scale', 0, 200);
if ($scale==0) {
$this->scale = round(($this->topyear-$this->baseyear)/20 * count($this->indifacts)/4);
if ($this->scale<6) $this->scale = 6;
diff --git a/library/WT/Filter.php b/library/WT/Filter.php
index 1d8d984b8d..f3b3847a10 100644
--- a/library/WT/Filter.php
+++ b/library/WT/Filter.php
@@ -24,17 +24,15 @@ if (!defined('WT_WEBTREES')) {
}
class WT_Filter {
- const ENCODING = 'UTF-8';
-
//////////////////////////////////////////////////////////////////////////////
// Escape a string for use in HTML
//////////////////////////////////////////////////////////////////////////////
public static function escapeHtml($string) {
if (defined('ENT_SUBSTITUTE')) {
// PHP5.4 allows us to substitute invalid UTF8 sequences
- return htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, self::ENCODING);
+ return htmlspecialchars($string, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
} else {
- return htmlspecialchars($string, ENT_QUOTES, self::ENCODING);
+ return htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
}
}
@@ -53,9 +51,9 @@ class WT_Filter {
if (strlen($x[0]) == 1) {
return sprintf('\\x%02X', ord($x[0]));
} elseif (function_exists('iconv')) {
- return sprintf('\\u%04s', strtoupper(bin2hex(iconv(self::ENCODING, 'UTF-16BE', $x[0]))));
+ return sprintf('\\u%04s', strtoupper(bin2hex(iconv('UTF-8', 'UTF-16BE', $x[0]))));
} elseif (function_exists('mb_convert_encoding')) {
- return sprintf('\\u%04s', strtoupper(bin2hex(mb_convert_encoding($x[0], 'UTF-16BE', self::ENCODING))));
+ return sprintf('\\u%04s', strtoupper(bin2hex(mb_convert_encoding($x[0], 'UTF-16BE', 'UTF-8'))));
} else {
return $x[0];
}
@@ -66,6 +64,121 @@ class WT_Filter {
// Unescape an HTML string, giving just the literal text
//////////////////////////////////////////////////////////////////////////////
public static function unescapeHtml($string) {
- return html_entity_decode(strip_tags($string), ENT_QUOTES, self::ENCODING);
+ return html_entity_decode(strip_tags($string), ENT_QUOTES, 'UTF-8');
+ }
+
+ //////////////////////////////////////////////////////////////////////////////
+ // Validate INPUT requests
+ //////////////////////////////////////////////////////////////////////////////
+ private static function _input($source, $variable, $regexp=null, $default=null) {
+ if ($regexp) {
+ return filter_input(
+ $source,
+ $variable,
+ FILTER_VALIDATE_REGEXP,
+ array(
+ 'options' => array(
+ 'regexp' => '/^(' . $regexp . ')$/u',
+ 'default' => $default,
+ ),
+ )
+ );
+ } else {
+ return filter_input(
+ $source,
+ $variable,
+ FILTER_CALLBACK,
+ array(
+ 'options' => function($x) {return mb_check_encoding($x, 'UTF-8') ? $x : false;},
+ )
+ ) ?: $default;
+ }
+ }
+
+ private static function _inputArray($source, $variable, $regexp=null, $default=null) {
+ if ($regexp) {
+ // PHP5.3 requires the $tmp variable
+ $tmp = filter_input_array(
+ $source,
+ array(
+ $variable => array(
+ 'flags' => FILTER_REQUIRE_ARRAY,
+ 'filter' => FILTER_VALIDATE_REGEXP,
+ 'options' => array(
+ 'regexp' => '/^(' . $regexp . ')$/u',
+ 'default' => $default,
+ ),
+ ),
+ )
+ );
+ return $tmp[$variable] ?: array();
+ } else {
+ // PHP5.3 requires the $tmp variable
+ $tmp = filter_input_array(
+ $source,
+ array(
+ $variable => array(
+ 'flags' => FILTER_REQUIRE_ARRAY,
+ 'filter' => FILTER_CALLBACK,
+ 'options' => function($x) {return mb_check_encoding($x, 'UTF-8') ? $x : false;}
+ ),
+ )
+ );
+ return $tmp[$variable] ?: array();
+ }
+ }
+
+ //////////////////////////////////////////////////////////////////////////////
+ // Validate GET requests
+ //////////////////////////////////////////////////////////////////////////////
+ public static function get($variable, $regexp=null, $default=null) {
+ return self::_input(INPUT_GET, $variable, $regexp, $default);
+ }
+
+ public static function getArray($variable, $regexp=null, $default=null) {
+ return self::_inputArray(INPUT_GET, $variable, $regexp, $default);
+ }
+
+ public static function getBool($variable) {
+ return filter_input(INPUT_GET, $variable, FILTER_VALIDATE_BOOLEAN);
+ }
+
+ public static function getInteger($variable, $min=0, $max=PHP_INT_MAX, $default=0) {
+ return filter_input(INPUT_GET, $variable, FILTER_VALIDATE_INT, array('options'=>array('min_range'=>$min, 'max_range'=>$max, 'default'=>$default)));
+ }
+
+ public static function getEmail($variable, $default=null) {
+ return filter_input(INPUT_GET, $variable, FILTER_VALIDATE_EMAIL ?: $default);
+ }
+
+ public static function getUrl($variable, $default=null) {
+ return filter_input(INPUT_GET, $variable, FILTER_VALIDATE_URL) ?: $default;
+ }
+
+ //////////////////////////////////////////////////////////////////////////////
+ // Validate POST requests
+ //////////////////////////////////////////////////////////////////////////////
+ public static function post($variable, $regexp=null, $default=null) {
+ return self::_input(INPUT_POST, $variable, $regexp, $default);
+ }
+
+ public static function postArray($variable, $regexp=null, $default=null) {
+ return self::_inputArray(INPUT_POST, $variable, $regexp, $default);
+ }
+
+ public static function postBool($variable) {
+ return filter_input(INPUT_POST, $variable, FILTER_VALIDATE_BOOLEAN);
+ }
+
+ public static function postInteger($variable, $min=0, $max=PHP_INT_MAX, $default=0) {
+ return filter_input(INPUT_POST, $variable, FILTER_VALIDATE_INT, array('options'=>array('min_range'=>$min, 'max_range'=>$max, 'default'=>$default)));
+ }
+
+ public static function postEmail($variable, $default=null) {
+ return filter_input(INPUT_POST, $variable, FILTER_VALIDATE_EMAIL) ?: $default;
+ }
+
+ public static function postUrl($variable, $default=null) {
+ return filter_input(INPUT_POST, $variable, FILTER_VALIDATE_URL) ?: $default;
}
}
diff --git a/library/WT/GedcomRecord.php b/library/WT/GedcomRecord.php
index 3b26851d52..89357e7a2d 100644
--- a/library/WT/GedcomRecord.php
+++ b/library/WT/GedcomRecord.php
@@ -864,13 +864,13 @@ class WT_GedcomRecord {
public function updateFact($fact_id, $gedcom, $update_chan) {
if (strpos("\r", $gedcom)!==false) {
// MSDOS line endings will break things in horrible ways
- throw new Exception('Evil line endings found in WT_GedcomRecord::updateRecord(' . $gedcom . ')');
+ throw new Exception('Evil line endings found in WT_GedcomRecord::updateFact(' . $gedcom . ')');
}
if ($this->pending==='') {
throw new Exception('Cannot edit a deleted record');
}
if ($gedcom && !preg_match('/^1 ' . WT_REGEX_TAG . '/', $gedcom)) {
- throw new Exception('Invalid GEDCOM data passed to WT_GedcomRecord::updateFact()');
+ throw new Exception('Invalid GEDCOM data passed to WT_GedcomRecord::updateFact(' . $gedcom . ')');
}
if ($this->pending) {
@@ -1052,4 +1052,4 @@ class WT_GedcomRecord {
}
}
}
-}
+} \ No newline at end of file
diff --git a/library/WT/Stats.php b/library/WT/Stats.php
index 703c3cb317..05bb0a37d9 100644
--- a/library/WT/Stats.php
+++ b/library/WT/Stats.php
@@ -3415,9 +3415,9 @@ class WT_Stats {
}
if (WT_USER_ID != $user_id && get_user_setting($user_id, 'contactmethod') != 'none') {
if ($type == 'list') {
- $content .= '<br><a class="icon-email" href="#" onclick="return message(\''.$user_id.'\', \'\', \''.addslashes(urlencode(get_query_url())).'\', \'\');" title="'.WT_I18N::translate('Send Message').'"></a>';
+ $content .= '<br><a class="icon-email" href="#" onclick="return message(\'' . WT_Filter::escapeJs($user_id) . '\', \'\', \'' . WT_Filter::escapeJs(get_query_url()) . '\');" title="' . WT_I18N::translate('Send Message') . '"></a>';
} else {
- $content .= ' <a class="icon-email" href="#" onclick="return message(\''.$user_id.'\', \'\', \''.addslashes(urlencode(get_query_url())).'\', \'\');" title="'.WT_I18N::translate('Send Message').'"></a>';
+ $content .= ' <a class="icon-email" href="#" onclick="return message(\'' . WT_Filter::escapeJs($user_id) . '\', \'\', \'' . WT_Filter::escapeJs(get_query_url()) . '\');" title="' . WT_I18N::translate('Send Message') . '"></a>';
}
}
if ($type == 'list') {
@@ -3675,9 +3675,9 @@ class WT_Stats {
$v = array_shift($bits);
$cfg[$v] = join('=', $bits);
}
- $block = new $class_name;
- $block_id=safe_GET('block_id');
- $content = $block->getBlock($block_id, false, $cfg);
+ $block = new $class_name;
+ $block_id = WT_Filter::getInteger('block_id');
+ $content = $block->getBlock($block_id, false, $cfg);
return $content;
}
diff --git a/login.php b/login.php
index c456413a34..5a80e18d11 100644
--- a/login.php
+++ b/login.php
@@ -31,32 +31,32 @@ if (WT_USER_ID && WT_GED_ID) {
exit;
}
-$controller=new WT_Controller_Page();
+$controller = new WT_Controller_Page();
$REQUIRE_ADMIN_AUTH_REGISTRATION = WT_Site::preference('REQUIRE_ADMIN_AUTH_REGISTRATION');
-$action =safe_POST('action');
-$user_realname =safe_POST('user_realname');
-$user_name =safe_POST('user_name', WT_REGEX_USERNAME);
-$user_email =safe_POST('user_email', WT_REGEX_EMAIL);
-$user_password01=safe_POST('user_password01', WT_REGEX_PASSWORD);
-$user_password02=safe_POST('user_password02', WT_REGEX_PASSWORD);
-$user_comments =safe_POST('user_comments');
-$user_password =safe_POST('user_password', WT_REGEX_UNSAFE); // Can use any password that was previously stored
-$user_hashcode =safe_POST('user_hashcode');
-$url =safe_POST('url', WT_REGEX_URL);
-$username =safe_POST('username', WT_REGEX_USERNAME);
-$password =safe_POST('password', WT_REGEX_UNSAFE); // Can use any password that was previously stored
-$usertime =safe_POST('usertime');
+$action = WT_Filter::post('action');
+$user_realname = WT_Filter::post('user_realname');
+$user_name = WT_Filter::post('user_name', WT_REGEX_USERNAME);
+$user_email = WT_Filter::postEmail('user_email');
+$user_password01 = WT_Filter::post('user_password01', WT_REGEX_PASSWORD);
+$user_password02 = WT_Filter::post('user_password02', WT_REGEX_PASSWORD);
+$user_comments = WT_Filter::post('user_comments');
+$user_password = WT_Filter::post('user_password');
+$user_hashcode = WT_Filter::post('user_hashcode');
+$url = WT_Filter::postUrl('url');
+$username = WT_Filter::post('username');
+$password = WT_Filter::post('password'); // Can use any password that was previously stored
+$usertime = WT_Filter::post('usertime');
// These parameters may come from the URL which is emailed to users.
-if (empty($action)) $action = safe_GET('action');
-if (empty($user_name)) $user_name = safe_GET('user_name', WT_REGEX_USERNAME);
-if (empty($user_hashcode)) $user_hashcode = safe_GET('user_hashcode');
+if (empty($action)) $action = WT_Filter::get('action');
+if (empty($user_name)) $user_name = WT_Filter::get('user_name', WT_REGEX_USERNAME);
+if (empty($user_hashcode)) $user_hashcode = WT_Filter::get('user_hashcode');
// This parameter may come from generated login links
if (!$url) {
- $url=safe_GET('url', WT_REGEX_URL);
+ $url=WT_Filter::getUrl('url');
}
$message='';
@@ -191,9 +191,9 @@ case 'requestpw':
->setPageTitle(WT_I18N::translate('Lost password request'))
->pageHeader();
echo '<div id="login-page">';
- $user_name=safe_POST('new_passwd_username', WT_REGEX_USERNAME);
+ $user_name = WT_Filter::post('new_passwd_username', WT_REGEX_USERNAME);
- $user_id=WT_DB::prepare(
+ $user_id = WT_DB::prepare(
"SELECT user_id FROM `##user` WHERE ? IN (user_name, email)"
)->execute(array($user_name))->fetchOne();
if ($user_id) {
@@ -561,4 +561,4 @@ case 'verify_hash':
echo '</div>';
echo '</div>';
break;
-}
+} \ No newline at end of file
diff --git a/mediafirewall.php b/mediafirewall.php
index b853ceab6f..1e88d111aa 100644
--- a/mediafirewall.php
+++ b/mediafirewall.php
@@ -26,8 +26,8 @@ require './includes/session.php';
Zend_Session::writeClose();
-$mid = safe_GET_xref('mid');
-$thumb = safe_GET_bool('thumb');
+$mid = WT_Filter::get('mid', WT_REGEX_XREF);
+$thumb = WT_Filter::getBool('thumb');
$media = WT_Media::getInstance($mid);
// Send a “Not found” error as an image
@@ -252,7 +252,7 @@ $protocol = $_SERVER["SERVER_PROTOCOL"]; // determine if we are using HTTP/1.0
$filetime = $media->getFiletime($which);
$filetimeHeader = gmdate("D, d M Y H:i:s", $filetime).' GMT';
$expireOffset = 3600 * 24; // tell browser to cache this image for 24 hours
-if (safe_GET('cb')) $expireOffset = $expireOffset * 7; // if cb parameter was sent, cache for 7 days
+if (WT_Filter::get('cb')) $expireOffset = $expireOffset * 7; // if cb parameter was sent, cache for 7 days
$expireHeader = gmdate("D, d M Y H:i:s", WT_TIMESTAMP + $expireOffset) . " GMT";
$type = isImageTypeSupported($imgsize['ext']);
diff --git a/medialist.php b/medialist.php
index 29e15e4c16..f54ddd6b8e 100644
--- a/medialist.php
+++ b/medialist.php
@@ -26,25 +26,25 @@ require './includes/session.php';
require_once WT_ROOT.'includes/functions/functions_edit.php';
require_once WT_ROOT.'includes/functions/functions_print_facts.php';
-$controller=new WT_Controller_Page();
+$controller = new WT_Controller_Page();
$controller->setPageTitle(WT_I18N::translate('Media objects'));
-$search = safe_GET('search');
-$sortby = safe_GET('sortby', 'file', 'title');
+$search = WT_Filter::get('search');
+$sortby = WT_Filter::get('sortby', 'file|title', 'title');
if (!WT_USER_CAN_EDIT && !WT_USER_CAN_ACCEPT) {
$sortby='title';
}
-$max = safe_GET('max', array('10', '20', '30', '40', '50', '75', '100', '125', '150', '200'), '20');
-$start = safe_GET('start', WT_REGEX_INTEGER);
-$folder = safe_GET('folder');
-$build = 'no';
-$reset = safe_GET('reset');
-$apply_filter = safe_GET('apply_filter');
-$filter1 = safe_GET('filter1');
-$or = WT_I18N::translate('or');
-$and = WT_I18N::translate('and');
-$columns = safe_GET('columns', array('1', '2'), '2');
-$subdirs = safe_GET('subdirs');
+$max = WT_Filter::get('max', '10|20|30|40|50|75|100|125|150|200', '20');
+$start = WT_Filter::getInteger('start');
+$folder = WT_Filter::get('folder');
+$build = 'no';
+$reset = WT_Filter::get('reset');
+$apply_filter = WT_Filter::get('apply_filter');
+$filter1 = WT_Filter::get('filter1');
+$or = WT_I18N::translate('or');
+$and = WT_I18N::translate('and');
+$columns = WT_Filter::getInteger('columns', 1, 2, 2);
+$subdirs = WT_Filter::get('subdirs');
$currentdironly = ($subdirs=='on') ? false : true;
// reset all variables
@@ -366,5 +366,5 @@ if ($search) {
echo '</table><br>';
}
echo '</div>
- </div>';// close medialist-page
-}
+ </div>';
+} \ No newline at end of file
diff --git a/message.php b/message.php
index 1b940819e3..f3182fb671 100644
--- a/message.php
+++ b/message.php
@@ -24,17 +24,17 @@
define('WT_SCRIPT_NAME', 'message.php');
require './includes/session.php';
-// Variables are initialised from $_GET (so we can set initial values in URLs),
+// Some variables are initialised from $_GET (so we can set initial values in URLs),
// but are submitted in $_POST so we can have long body text.
-$subject =safe_REQUEST($_REQUEST, 'subject', WT_REGEX_UNSAFE); // Messages may legitimately contain "<", etc.
-$body =safe_REQUEST($_REQUEST, 'body', WT_REGEX_UNSAFE);
-$from_name =safe_REQUEST($_REQUEST, 'from_name', WT_REGEX_UNSAFE);
-$from_email=safe_REQUEST($_REQUEST, 'from_email', WT_REGEX_EMAIL);
-$url =safe_REQUEST($_REQUEST, 'url', WT_REGEX_URL);
-$method =safe_REQUEST($_REQUEST, 'method', array('messaging', 'messaging2', 'messaging3', 'mailto', 'none'), 'messaging2');
-$to =safe_REQUEST($_REQUEST, 'to');
-$action =safe_REQUEST($_REQUEST, 'action', array('compose', 'send'), 'compose');
+$subject = WT_Filter::post('subject');
+$body = WT_Filter::post('body');
+$from_name = WT_Filter::post('from_name');
+$from_email = WT_Filter::post('from_email');
+$action = WT_Filter::post('action', 'compose|send', 'compose');
+$to = WT_Filter::post('to', null, WT_Filter::get('to'));
+$method = WT_Filter::post('method', 'messaging|messaging2|messaging3|mailto|none', WT_Filter::get('method', 'messaging|messaging2|messaging3|mailto|none', 'messaging2'));
+$url = WT_Filter::postUrl('url', WT_Filter::getUrl('url'));
$controller=new WT_Controller_Simple();
$controller->setPageTitle(WT_I18N::translate('webtrees Message'));
diff --git a/module.php b/module.php
index 16bed2df1d..3d80f77e32 100644
--- a/module.php
+++ b/module.php
@@ -24,11 +24,13 @@
define('WT_SCRIPT_NAME', 'module.php');
require './includes/session.php';
-$all_modules=WT_Module::getActiveModules();
-$mod=safe_REQUEST($_REQUEST, 'mod', array_keys($all_modules));
-if ($mod) {
- $module=$all_modules[$mod];
- $module->modAction(safe_REQUEST($_REQUEST, 'mod_action'));
+$all_modules = WT_Module::getActiveModules();
+$mod = WT_Filter::get('mod');
+$mod_action = WT_Filter::get('mod_action');
+
+if ($mod && array_key_exists($mod, $all_modules)) {
+ $module = $all_modules[$mod];
+ $module->modAction($mod_action);
} else {
- header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH);
-}
+ header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH);
+} \ No newline at end of file
diff --git a/modules_v3/GEDFact_assistant/CENS_ctrl.php b/modules_v3/GEDFact_assistant/CENS_ctrl.php
index 3987c3a2f1..2a799b8299 100644
--- a/modules_v3/GEDFact_assistant/CENS_ctrl.php
+++ b/modules_v3/GEDFact_assistant/CENS_ctrl.php
@@ -23,7 +23,7 @@
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-$xref = safe_GET('xref', WT_REGEX_XREF);
+$xref = WT_Filter::get('xref', WT_REGEX_XREF);
$person = WT_Individual::getInstance($xref);
check_record_access($person);
diff --git a/modules_v3/GEDFact_assistant/_CENS/census_3_find.php b/modules_v3/GEDFact_assistant/_CENS/census_3_find.php
index cb9385e17c..e4d4be9d98 100644
--- a/modules_v3/GEDFact_assistant/_CENS/census_3_find.php
+++ b/modules_v3/GEDFact_assistant/_CENS/census_3_find.php
@@ -23,10 +23,10 @@
$controller=new WT_Controller_Simple();
-$filter =safe_GET('filter');
-$action =safe_GET('action');
-$callback =safe_GET('callback', WT_REGEX_NOSCRIPT, 'paste_id');
-$multiple =safe_GET_bool('multiple');
+$filter = WT_Filter::get('filter');
+$action = WT_Filter::get('action');
+$callback = WT_Filter::get('callback');
+$multiple = WT_Filter::getBool('multiple');
$controller
->setPageTitle(WT_I18N::translate('Find an individual'))
@@ -188,4 +188,4 @@ if ($action=="filter") {
echo "</table>";
}
echo '<button onclick="window.close();">', WT_I18N::translate('close'), '</button>';
-echo "</div>"; // Close div that centers table
+echo "</div>"; // Close div that centers table \ No newline at end of file
diff --git a/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php b/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php
index 609c068684..8a7b0de135 100644
--- a/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php
+++ b/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php
@@ -26,10 +26,10 @@
// GEDFact Media assistant replacement code for inverselink.php: ===========================
//-- extra page parameters and checking
-$more_links = safe_REQUEST($_REQUEST, 'more_links', WT_REGEX_UNSAFE);
-$exist_links = safe_REQUEST($_REQUEST, 'exist_links', WT_REGEX_UNSAFE);
-$gid = safe_GET_xref('gid');
-$update_CHAN = safe_REQUEST($_REQUEST, 'preserve_last_changed', WT_REGEX_UNSAFE);
+$more_links = WT_Filter::get('more_links');
+$exist_links = WT_Filter::get('exist_links');
+$gid = WT_Filter::get('gid', WT_REGEX_XREF);
+$update_CHAN = WT_Filter::get('preserve_last_changed');
$controller->addExternalJavascript(WT_STATIC_URL.'js/autocomplete.js');
diff --git a/modules_v3/GEDFact_assistant/module.php b/modules_v3/GEDFact_assistant/module.php
index 2b5b12ea25..191c822552 100644
--- a/modules_v3/GEDFact_assistant/module.php
+++ b/modules_v3/GEDFact_assistant/module.php
@@ -62,17 +62,17 @@ class GEDFact_assistant_WT_Module extends WT_Module {
$controller=new WT_Controller_Simple();
$type ='indi';
- $filter =safe_GET('filter');
- $action =safe_GET('action');
+ $filter =WT_Filter::get('filter');
+ $action =WT_Filter::get('action');
$callback ='paste_id';
- $media =safe_GET('media');
- $external_links =safe_GET('external_links');
- $directory =safe_GET('directory', WT_REGEX_NOSCRIPT, $MEDIA_DIRECTORY);
- $multiple =safe_GET_bool('multiple');
- $showthumb =safe_GET_bool('showthumb');
- $all =safe_GET_bool('all');
- $subclick =safe_GET('subclick');
- $choose =safe_GET('choose', WT_REGEX_NOSCRIPT, '0all');
+ $media =WT_Filter::get('media');
+ $external_links =WT_Filter::get('external_links');
+ $directory =WT_Filter::get('directory');
+ $multiple =WT_Filter::getBool('multiple');
+ $showthumb =WT_Filter::getBool('showthumb');
+ $all =WT_Filter::getBool('all');
+ $subclick =WT_Filter::get('subclick');
+ $choose =WT_Filter::get('choose');
$controller
->setPageTitle(WT_I18N::translate('Find an individual'))
@@ -168,7 +168,7 @@ class GEDFact_assistant_WT_Module extends WT_Module {
}
private static function media_query_3a() {
- $iid2 = safe_GET('iid');
+ $iid2 = WT_Filter::get('iid', WT_REGEX_XREF);
$controller=new WT_Controller_Simple();
$controller
diff --git a/modules_v3/batch_update/admin_batch_update.php b/modules_v3/batch_update/admin_batch_update.php
index 5330031567..ebeb48f8ee 100644
--- a/modules_v3/batch_update/admin_batch_update.php
+++ b/modules_v3/batch_update/admin_batch_update.php
@@ -111,14 +111,14 @@ class batch_update {
// Constructor - initialise variables and validate user-input
function __construct() {
- $this->plugins=self::getPluginList(); // List of available plugins
- $this->plugin =safe_GET('plugin', array_keys($this->plugins)); // User parameters
- $this->xref =safe_GET('xref', WT_REGEX_XREF);
- $this->action =safe_GET('action');
- $this->data =safe_GET('data');
+ $this->plugins=self::getPluginList(); // List of available plugins
+ $this->plugin =WT_Filter::get('plugin'); // User parameters
+ $this->xref =WT_Filter::get('xref', WT_REGEX_XREF);
+ $this->action =WT_Filter::get('action');
+ $this->data =WT_Filter::get('data');
// Don't do any processing until a plugin is chosen.
- if ($this->plugin) {
+ if ($this->plugin && array_key_exists($this->plugin, $this->plugins)) {
$this->PLUGIN=new $this->plugin;
$this->PLUGIN->getOptions();
$this->getAllXrefs();
@@ -333,7 +333,7 @@ class base_plugin {
// Default option is just the "don't update CHAN record"
function getOptions() {
- $this->chan=safe_GET_bool('chan');
+ $this->chan=WT_Filter::getBool('chan');
}
// Default option is just the "don't update CHAN record"
diff --git a/modules_v3/batch_update/plugins/married_names.php b/modules_v3/batch_update/plugins/married_names.php
index 64f9a34381..13d7a1356f 100644
--- a/modules_v3/batch_update/plugins/married_names.php
+++ b/modules_v3/batch_update/plugins/married_names.php
@@ -94,7 +94,7 @@ class married_names_bu_plugin extends base_plugin {
// Add an option for different surname styles
function getOptions() {
parent::getOptions();
- $this->surname=safe_GET('surname', array('add', 'replace'), 'replace');
+ $this->surname = WT_Filter::get('surname', 'add|replace', 'replace');
}
function getOptionsForm() {
@@ -107,4 +107,4 @@ class married_names_bu_plugin extends base_plugin {
($this->surname=='add' ? ' selected="selected"' : '').
'">'.WT_I18N::translate('Wife’s maiden surname becomes new given name').'</option></select></td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/batch_update/plugins/search_replace.php b/modules_v3/batch_update/plugins/search_replace.php
index 61b27b3b59..c4ac0ebad7 100644
--- a/modules_v3/batch_update/plugins/search_replace.php
+++ b/modules_v3/batch_update/plugins/search_replace.php
@@ -56,10 +56,10 @@ class search_replace_bu_plugin extends base_plugin {
function getOptions() {
parent::getOptions();
- $this->search =safe_GET('search', WT_REGEX_UNSAFE);
- $this->replace=safe_GET('replace', WT_REGEX_UNSAFE);
- $this->method =safe_GET('method', array('exact', 'words', 'wildcards', 'regex'), 'exact');
- $this->case =safe_GET('case', 'i');
+ $this->search = WT_Filter::get('search');
+ $this->replace = WT_Filter::get('replace');
+ $this->method = WT_Filter::get('method', 'exact|words|wildcards|regex', 'exact');
+ $this->case = WT_Filter::get('case', 'i');
$this->error='';
switch ($this->method) {
diff --git a/modules_v3/charts/module.php b/modules_v3/charts/module.php
index 3ae04a4916..19cdf14c69 100644
--- a/modules_v3/charts/module.php
+++ b/modules_v3/charts/module.php
@@ -184,10 +184,10 @@ class charts_WT_Module extends WT_Module implements WT_Module_Block {
$PEDIGREE_ROOT_ID=get_gedcom_setting(WT_GED_ID, 'PEDIGREE_ROOT_ID');
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'details', safe_POST_bool('details'));
- set_block_setting($block_id, 'type', safe_POST('type', array('pedigree', 'descendants', 'hourglass', 'treenav'), 'pedigree'));
- set_block_setting($block_id, 'pid', safe_POST('pid', WT_REGEX_XREF));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'details', WT_Filter::postBool('details'));
+ set_block_setting($block_id, 'type', WT_Filter::post('type', 'pedigree|descendants|hourglass|treenav', 'pedigree'));
+ set_block_setting($block_id, 'pid', WT_Filter::post('pid', WT_REGEX_XREF));
exit;
}
diff --git a/modules_v3/clippings/clippings_ctrl.php b/modules_v3/clippings/clippings_ctrl.php
index 41e536df3d..9e52fb1fbf 100644
--- a/modules_v3/clippings/clippings_ctrl.php
+++ b/modules_v3/clippings/clippings_ctrl.php
@@ -61,18 +61,18 @@ class WT_Controller_Clippings {
$WT_SESSION->cart[WT_GED_ID]=array();
}
- $this->action = safe_GET("action");
- $this->id = safe_GET('id');
- $convert = safe_GET('convert',"yes","no");
- $this->Zip = safe_GET('Zip');
- $this->IncludeMedia = safe_GET('IncludeMedia');
- $this->conv_path = safe_GET('conv_path', WT_REGEX_NOSCRIPT);
- $this->privatize_export = safe_GET('privatize_export', array('none', 'visitor', 'user', 'gedadmin'), 'visitor');
- $this->level1 = safe_GET('level1', WT_REGEX_INTEGER, PHP_INT_MAX);
- $this->level2 = safe_GET('level2', WT_REGEX_INTEGER, PHP_INT_MAX);
- $this->level3 = safe_GET('level3', WT_REGEX_INTEGER, PHP_INT_MAX);
- $others = safe_GET('others');
- $this->type = safe_GET('type');
+ $this->action = WT_Filter::get('action');
+ $this->id = WT_Filter::get('id');
+ $convert = WT_Filter::get('convert', 'yes|no', 'no');
+ $this->Zip = WT_Filter::get('Zip');
+ $this->IncludeMedia = WT_Filter::get('IncludeMedia');
+ $this->conv_path = WT_Filter::get('conv_path');
+ $this->privatize_export = WT_Filter::get('privatize_export', 'none|visitor|user|gedadmin', 'visitor');
+ $this->level1 = WT_Filter::getInteger('level1');
+ $this->level2 = WT_Filter::getInteger('level2');
+ $this->level3 = WT_Filter::getInteger('level3');
+ $others = WT_Filter::get('others');
+ $this->type = WT_Filter::get('type');
if (($this->privatize_export=='none' || $this->privatize_export=='none') && !WT_USER_GEDCOM_ADMIN) {
$this->privatize_export='visitor';
@@ -413,4 +413,4 @@ class WT_Controller_Clippings {
return 0;
}
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/clippings/module.php b/modules_v3/clippings/module.php
index 0a73e4419f..0561799db7 100644
--- a/modules_v3/clippings/module.php
+++ b/modules_v3/clippings/module.php
@@ -178,7 +178,7 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module
} else {
// Keep track of the INDI from the parent page, otherwise it will
// get lost after ajax updates
- $pid=safe_GET_xref('pid');
+ $pid=WT_Filter::get('pid', WT_REGEX_XREF);
if ($clip_ctrl->action != 'download' && $clip_ctrl->action != 'add') { ?>
<table><tr><td class="width33" valign="top" rowspan="3">
@@ -373,13 +373,13 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module
$clip_ctrl = new WT_Controller_Clippings();
- $add = safe_GET_xref('add','');
- $add1 = safe_GET_xref('add1','');
- $remove = safe_GET('remove', WT_REGEX_XREF);
- $others = safe_GET('others', WT_REGEX_ALPHANUM, '');
- $clip_ctrl->level1 = safe_GET('level1');
- $clip_ctrl->level2 = safe_GET('level2');
- $clip_ctrl->level3 = safe_GET('level3');
+ $add = WT_Filter::get('add', WT_REGEX_XREF);
+ $add1 = WT_Filter::get('add1', WT_REGEX_XREF);
+ $remove = WT_Filter::get('remove', WT_REGEX_XREF);
+ $others = WT_Filter::get('others');
+ $clip_ctrl->level1 = WT_Filter::get('level1');
+ $clip_ctrl->level2 = WT_Filter::get('level2');
+ $clip_ctrl->level3 = WT_Filter::get('level3');
if (!empty($add)) {
$record = WT_GedcomRecord::getInstance($add);
if ($record) {
@@ -430,7 +430,7 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module
// Keep track of the INDI from the parent page, otherwise it will
// get lost after ajax updates
- $pid=safe_GET_xref('pid');
+ $pid=WT_Filter::get('pid', WT_REGEX_XREF);
if (!$WT_SESSION->cart[WT_GED_ID]) {
$out=WT_I18N::translate('Your clippings cart is empty.');
@@ -550,7 +550,7 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module
public function downloadForm($clip_ctrl) {
global $GEDCOM_MEDIA_PATH;
- $pid=safe_GET_xref('pid');
+ $pid=WT_Filter::get('pid', WT_REGEX_XREF);
$out = '<script>';
$out .= 'function cancelDownload() {
diff --git a/modules_v3/descendancy/module.php b/modules_v3/descendancy/module.php
index 8f5f3f59ab..41207c5917 100644
--- a/modules_v3/descendancy/module.php
+++ b/modules_v3/descendancy/module.php
@@ -64,9 +64,9 @@ class descendancy_WT_Module extends WT_Module implements WT_Module_Sidebar {
// Implement WT_Module_Sidebar
public function getSidebarAjaxContent() {
- $search=safe_GET('search');
- $pid =safe_GET('pid', WT_REGEX_XREF);
- $famid =safe_GET('famid', WT_REGEX_XREF);
+ $search = WT_Filter::get('search');
+ $pid = WT_Filter::get('pid', WT_REGEX_XREF);
+ $famid = WT_Filter::get('famid', WT_REGEX_XREF);
$individual = WT_Individual::getInstance($pid);
$family = WT_Family::getInstance($famid);
diff --git a/modules_v3/extra_info/module.php b/modules_v3/extra_info/module.php
index e58a66a3e6..296e8caaab 100644
--- a/modules_v3/extra_info/module.php
+++ b/modules_v3/extra_info/module.php
@@ -1,98 +1,98 @@
-<?php
-// A sidebar to show extra/non-genealogical information about an individual
-//
-// webtrees: Web based Family History software
-// Copyright (C) 2013 webtrees development team.
-//
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; either version 2 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-if (!defined('WT_WEBTREES')) {
- header('HTTP/1.0 403 Forbidden');
- exit;
-}
-
-class extra_info_WT_Module extends WT_Module implements WT_Module_Sidebar {
- // Extend WT_Module
- public function getTitle() {
- return /* I18N: Name of a module/sidebar */ WT_I18N::translate('Extra information');
- }
-
- // Extend WT_Module
- public function getDescription() {
- return /* I18N: Description of the “Extra information” module */ WT_I18N::translate('A sidebar showing non-genealogical information about an indivdual.');
- }
-
- // Implement WT_Module_Sidebar
- public function defaultSidebarOrder() {
- return 10;
- }
-
- // Implement WT_Module_Sidebar
- public function hasSidebarContent() {
- return true;
- }
-
- // Implement WT_Module_Sidebar
- public function getSidebarContent() {
- global $SHOW_COUNTER, $controller;
-
- $indifacts = array();
- // The individual's own facts
- foreach ($controller->record->getFacts() as $fact) {
- if (self::showFact($fact)) {
- $indifacts[] = $fact;
- }
- }
-
- ob_start();
- if (!$indifacts) {
- echo WT_I18N::translate('There are no Facts for this individual.');
- } else {
- foreach ($indifacts as $fact) {
- print_fact($fact, $controller->record);
- }
- }
- echo '<div id="hitcounter">';
- if ($SHOW_COUNTER && (empty($SEARCH_SPIDER))) {
- //print indi counter only if displaying a non-private person
- require WT_ROOT.'includes/hitcount.php';
- echo WT_I18N::translate('Hit Count:'). ' '. $hitCount;
- }
- echo '</div>';// close #hitcounter
- return strip_tags(ob_get_clean(), '<a><div><span>');
- }
-
- // Implement WT_Module_Sidebar
- public function getSidebarAjaxContent() {
- return '';
- }
-
- // Does this module display a particular fact
- public static function showFact(WT_Fact $fact) {
- switch ($fact->getTag()) {
- case 'AFN':
- case 'CHAN':
- case 'IDNO':
- case 'REFN':
- case 'RFN':
- case 'RIN':
- case 'SSN':
- case '_UID':
- return true;
- default:
- return false;
- }
- }
-}
+<?php
+// A sidebar to show extra/non-genealogical information about an individual
+//
+// webtrees: Web based Family History software
+// Copyright (C) 2013 webtrees development team.
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 2 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+if (!defined('WT_WEBTREES')) {
+ header('HTTP/1.0 403 Forbidden');
+ exit;
+}
+
+class extra_info_WT_Module extends WT_Module implements WT_Module_Sidebar {
+ // Extend WT_Module
+ public function getTitle() {
+ return /* I18N: Name of a module/sidebar */ WT_I18N::translate('Extra information');
+ }
+
+ // Extend WT_Module
+ public function getDescription() {
+ return /* I18N: Description of the “Extra information” module */ WT_I18N::translate('A sidebar showing non-genealogical information about an indivdual.');
+ }
+
+ // Implement WT_Module_Sidebar
+ public function defaultSidebarOrder() {
+ return 10;
+ }
+
+ // Implement WT_Module_Sidebar
+ public function hasSidebarContent() {
+ return true;
+ }
+
+ // Implement WT_Module_Sidebar
+ public function getSidebarContent() {
+ global $SHOW_COUNTER, $controller;
+
+ $indifacts = array();
+ // The individual's own facts
+ foreach ($controller->record->getFacts() as $fact) {
+ if (self::showFact($fact)) {
+ $indifacts[] = $fact;
+ }
+ }
+
+ ob_start();
+ if (!$indifacts) {
+ echo WT_I18N::translate('There are no Facts for this individual.');
+ } else {
+ foreach ($indifacts as $fact) {
+ print_fact($fact, $controller->record);
+ }
+ }
+ echo '<div id="hitcounter">';
+ if ($SHOW_COUNTER && (empty($SEARCH_SPIDER))) {
+ //print indi counter only if displaying a non-private person
+ require WT_ROOT.'includes/hitcount.php';
+ echo WT_I18N::translate('Hit Count:'). ' '. $hitCount;
+ }
+ echo '</div>';// close #hitcounter
+ return strip_tags(ob_get_clean(), '<a><div><span>');
+ }
+
+ // Implement WT_Module_Sidebar
+ public function getSidebarAjaxContent() {
+ return '';
+ }
+
+ // Does this module display a particular fact
+ public static function showFact(WT_Fact $fact) {
+ switch ($fact->getTag()) {
+ case 'AFN':
+ case 'CHAN':
+ case 'IDNO':
+ case 'REFN':
+ case 'RFN':
+ case 'RIN':
+ case 'SSN':
+ case '_UID':
+ return true;
+ default:
+ return false;
+ }
+ }
+}
diff --git a/modules_v3/families/module.php b/modules_v3/families/module.php
index c88e0db853..d06dea1379 100644
--- a/modules_v3/families/module.php
+++ b/modules_v3/families/module.php
@@ -64,9 +64,9 @@ class families_WT_Module extends WT_Module implements WT_Module_Sidebar {
// Implement WT_Module_Sidebar
public function getSidebarAjaxContent() {
- $alpha =safe_GET('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none
- $surname =safe_GET('surname', '[^<>&%{};]*'); // All indis with this surname. NB - allow ' and "
- $search =safe_GET('search');
+ $alpha = WT_Filter::get('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none
+ $surname = WT_Filter::get('surname'); // All indis with this surname.
+ $search = WT_Filter::get('search');
if ($search) {
return $this->search($search);
@@ -254,4 +254,4 @@ class families_WT_Module extends WT_Module implements WT_Module_Sidebar {
$out .= '</ul>';
return $out;
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/faq/module.php b/modules_v3/faq/module.php
index 7a68f5210f..2d2c8a6f28 100644
--- a/modules_v3/faq/module.php
+++ b/modules_v3/faq/module.php
@@ -98,39 +98,39 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block
private function edit() {
require_once WT_ROOT.'includes/functions/functions_edit.php';
- if (safe_POST_bool('save')) {
- $block_id=safe_POST('block_id');
+ if (WT_Filter::postBool('save')) {
+ $block_id = WT_Filter::postInteger('block_id');
if ($block_id) {
WT_DB::prepare(
"UPDATE `##block` SET gedcom_id=NULLIF(?, ''), block_order=? WHERE block_id=?"
)->execute(array(
- safe_POST('gedcom_id'),
- (int)safe_POST('block_order'),
+ WT_Filter::postInteger('gedcom_id'),
+ WT_Filter::postInteger('block_order'),
$block_id
));
} else {
WT_DB::prepare(
"INSERT INTO `##block` (gedcom_id, module_name, block_order) VALUES (NULLIF(?, ''), ?, ?)"
)->execute(array(
- safe_POST('gedcom_id'),
+ WT_Filter::postInteger('gedcom_id'),
$this->getName(),
- (int)safe_POST('block_order')
+ WT_Filter::postInteger('block_order')
));
$block_id=WT_DB::getInstance()->lastInsertId();
}
- set_block_setting($block_id, 'header', safe_POST('header', WT_REGEX_UNSAFE));
- set_block_setting($block_id, 'faqbody', safe_POST('faqbody', WT_REGEX_UNSAFE)); // allow html
- $languages=array();
+ set_block_setting($block_id, 'header', WT_Filter::post('header'));
+ set_block_setting($block_id, 'faqbody', WT_Filter::post('faqbody'));
+ $languages = array();
foreach (WT_I18N::installed_languages() as $code=>$name) {
- if (safe_POST_bool('lang_'.$code)) {
- $languages[]=$code;
+ if (WT_Filter::postBool('lang_'.$code)) {
+ $languages[] = $code;
}
}
set_block_setting($block_id, 'languages', implode(',', $languages));
$this->config();
} else {
- $block_id=safe_GET('block_id');
- $controller=new WT_Controller_Page();
+ $block_id = WT_Filter::getInteger('block_id');
+ $controller = new WT_Controller_Page();
if ($block_id) {
$controller->setPageTitle(WT_I18N::translate('Edit FAQ item'));
$header=get_block_setting($block_id, 'header');
@@ -192,7 +192,7 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block
}
private function delete() {
- $block_id=safe_GET('block_id');
+ $block_id = WT_Filter::getInteger('block_id');
WT_DB::prepare(
"DELETE FROM `##block_setting` WHERE block_id=?"
@@ -204,7 +204,7 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block
}
private function moveup() {
- $block_id=safe_GET('block_id');
+ $block_id = WT_Filter::getInteger('block_id');
$block_order=WT_DB::prepare(
"SELECT block_order FROM `##block` WHERE block_id=?"
@@ -229,7 +229,7 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block
}
private function movedown() {
- $block_id=safe_GET('block_id');
+ $block_id=WT_Filter::get('block_id');
$block_order=WT_DB::prepare(
"SELECT block_order FROM `##block` WHERE block_id=?"
@@ -431,4 +431,4 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block
$menu = new WT_Menu(WT_I18N::translate('FAQ'), 'module.php?mod=faq&amp;mod_action=show', 'menu-help');
return $menu;
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/gedcom_favorites/module.php b/modules_v3/gedcom_favorites/module.php
index 274e7b71d0..6e564d21bb 100644
--- a/modules_v3/gedcom_favorites/module.php
+++ b/modules_v3/gedcom_favorites/module.php
@@ -45,43 +45,43 @@ class gedcom_favorites_WT_Module extends WT_Module implements WT_Module_Block {
self::updateSchema(); // make sure the favorites table has been created
- $action=safe_GET('action');
+ $action = WT_Filter::get('action');
switch ($action) {
case 'deletefav':
- $favorite_id=safe_GET('favorite_id');
+ $favorite_id = WT_Filter::getInteger('favorite_id');
if ($favorite_id) {
self::deleteFavorite($favorite_id);
}
unset($_GET['action']);
break;
case 'addfav':
- $gid =safe_GET('gid');
- $favnote =safe_GET('favnote');
- $url =safe_GET('url', WT_REGEX_URL);
- $favtitle=safe_GET('favtitle');
+ $gid = WT_Filter::get('gid', WT_REGEX_XREF);
+ $favnote = WT_Filter::get('favnote');
+ $url = WT_Filter::getUrl('url');
+ $favtitle = WT_Filter::get('favtitle');
if ($gid) {
- $record=WT_GedcomRecord::getInstance($gid);
+ $record = WT_GedcomRecord::getInstance($gid);
if ($record && $record->canShow()) {
self::addFavorite(array(
- 'user_id' =>$ctype=='user' ? WT_USER_ID : null,
- 'gedcom_id'=>WT_GED_ID,
- 'gid' =>$record->getXref(),
- 'type' =>$record::RECORD_TYPE,
- 'url' =>null,
- 'note' =>$favnote,
- 'title' =>$favtitle,
+ 'user_id' => $ctype=='user' ? WT_USER_ID : null,
+ 'gedcom_id' => WT_GED_ID,
+ 'gid' => $record->getXref(),
+ 'type' => $record::RECORD_TYPE,
+ 'url' => null,
+ 'note' => $favnote,
+ 'title' => $favtitle,
));
}
} elseif ($url) {
self::addFavorite(array(
- 'user_id' =>$ctype=='user' ? WT_USER_ID : null,
- 'gedcom_id'=>WT_GED_ID,
- 'gid' =>null,
- 'type' =>'URL',
- 'url' =>$url,
- 'note' =>$favnote,
- 'title' =>$favtitle ? $favtitle : $url,
+ 'user_id' => $ctype=='user' ? WT_USER_ID : null,
+ 'gedcom_id' => WT_GED_ID,
+ 'gid' => null,
+ 'type' => 'URL',
+ 'url' => $url,
+ 'note' => $favnote,
+ 'title' => $favtitle ? $favtitle : $url,
));
}
unset($_GET['action']);
@@ -227,8 +227,8 @@ class gedcom_favorites_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
diff --git a/modules_v3/gedcom_news/module.php b/modules_v3/gedcom_news/module.php
index 6c71383241..6449ec759e 100644
--- a/modules_v3/gedcom_news/module.php
+++ b/modules_v3/gedcom_news/module.php
@@ -49,9 +49,9 @@ class gedcom_news_WT_Module extends WT_Module implements WT_Module_Block {
public function getBlock($block_id, $template=true, $cfg=null) {
global $ctype;
- switch (safe_GET('action')) {
+ switch (WT_Filter::get('action')) {
case 'deletenews':
- $news_id=safe_GET('news_id');
+ $news_id=WT_Filter::get('news_id');
if ($news_id) {
deleteNews($news_id);
}
@@ -157,9 +157,9 @@ class gedcom_news_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'limit', safe_POST('limit'));
- set_block_setting($block_id, 'flag', safe_POST('flag'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'limit', WT_Filter::post('limit'));
+ set_block_setting($block_id, 'flag', WT_Filter::post('flag'));
exit;
}
diff --git a/modules_v3/gedcom_stats/module.php b/modules_v3/gedcom_stats/module.php
index 5dc97367d7..d571ee9f5a 100644
--- a/modules_v3/gedcom_stats/module.php
+++ b/modules_v3/gedcom_stats/module.php
@@ -229,27 +229,27 @@ class gedcom_stats_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'show_last_update', safe_POST_bool('show_last_update'));
- set_block_setting($block_id, 'show_common_surnames', safe_POST_bool('show_common_surnames'));
- set_block_setting($block_id, 'stat_indi', safe_POST_bool('stat_indi'));
- set_block_setting($block_id, 'stat_fam', safe_POST_bool('stat_fam'));
- set_block_setting($block_id, 'stat_sour', safe_POST_bool('stat_sour'));
- set_block_setting($block_id, 'stat_other', safe_POST_bool('stat_other'));
- set_block_setting($block_id, 'stat_media', safe_POST_bool('stat_media'));
- set_block_setting($block_id, 'stat_repo', safe_POST_bool('stat_repo'));
- set_block_setting($block_id, 'stat_surname', safe_POST_bool('stat_surname'));
- set_block_setting($block_id, 'stat_events', safe_POST_bool('stat_events'));
- set_block_setting($block_id, 'stat_users', safe_POST_bool('stat_users'));
- set_block_setting($block_id, 'stat_first_birth', safe_POST_bool('stat_first_birth'));
- set_block_setting($block_id, 'stat_last_birth', safe_POST_bool('stat_last_birth'));
- set_block_setting($block_id, 'stat_first_death', safe_POST_bool('stat_first_death'));
- set_block_setting($block_id, 'stat_last_death', safe_POST_bool('stat_last_death'));
- set_block_setting($block_id, 'stat_long_life', safe_POST_bool('stat_long_life'));
- set_block_setting($block_id, 'stat_avg_life', safe_POST_bool('stat_avg_life'));
- set_block_setting($block_id, 'stat_most_chil', safe_POST_bool('stat_most_chil'));
- set_block_setting($block_id, 'stat_avg_chil', safe_POST_bool('stat_avg_chil'));
- set_block_setting($block_id, 'stat_link', safe_POST_bool('stat_link'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'show_last_update', WT_Filter::postBool('show_last_update'));
+ set_block_setting($block_id, 'show_common_surnames', WT_Filter::postBool('show_common_surnames'));
+ set_block_setting($block_id, 'stat_indi', WT_Filter::postBool('stat_indi'));
+ set_block_setting($block_id, 'stat_fam', WT_Filter::postBool('stat_fam'));
+ set_block_setting($block_id, 'stat_sour', WT_Filter::postBool('stat_sour'));
+ set_block_setting($block_id, 'stat_other', WT_Filter::postBool('stat_other'));
+ set_block_setting($block_id, 'stat_media', WT_Filter::postBool('stat_media'));
+ set_block_setting($block_id, 'stat_repo', WT_Filter::postBool('stat_repo'));
+ set_block_setting($block_id, 'stat_surname', WT_Filter::postBool('stat_surname'));
+ set_block_setting($block_id, 'stat_events', WT_Filter::postBool('stat_events'));
+ set_block_setting($block_id, 'stat_users', WT_Filter::postBool('stat_users'));
+ set_block_setting($block_id, 'stat_first_birth', WT_Filter::postBool('stat_first_birth'));
+ set_block_setting($block_id, 'stat_last_birth', WT_Filter::postBool('stat_last_birth'));
+ set_block_setting($block_id, 'stat_first_death', WT_Filter::postBool('stat_first_death'));
+ set_block_setting($block_id, 'stat_last_death', WT_Filter::postBool('stat_last_death'));
+ set_block_setting($block_id, 'stat_long_life', WT_Filter::postBool('stat_long_life'));
+ set_block_setting($block_id, 'stat_avg_life', WT_Filter::postBool('stat_avg_life'));
+ set_block_setting($block_id, 'stat_most_chil', WT_Filter::postBool('stat_most_chil'));
+ set_block_setting($block_id, 'stat_avg_chil', WT_Filter::postBool('stat_avg_chil'));
+ set_block_setting($block_id, 'stat_link', WT_Filter::postBool('stat_link'));
exit;
}
@@ -373,4 +373,4 @@ class gedcom_stats_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('stat_link', $stat_link);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/googlemap/admin_places.php b/modules_v3/googlemap/admin_places.php
index 9157fceb44..5af60cbecc 100644
--- a/modules_v3/googlemap/admin_places.php
+++ b/modules_v3/googlemap/admin_places.php
@@ -29,11 +29,11 @@ if (!defined('WT_WEBTREES')) {
require WT_ROOT.WT_MODULES_DIR.'googlemap/defaultconfig.php';
require WT_ROOT.'includes/functions/functions_edit.php';
-$action=safe_REQUEST($_REQUEST, 'action');
-if (isset($_REQUEST['parent'])) $parent=safe_REQUEST($_REQUEST, 'parent');
-if (isset($_REQUEST['inactive'])) $inactive=safe_GET_bool('inactive');
-if (isset($_REQUEST['mode'])) $mode=safe_REQUEST($_REQUEST, 'mode');
-if (isset($_REQUEST['deleteRecord'])) $deleteRecord=safe_REQUEST($_REQUEST, 'deleteRecord');
+$action = WT_Filter::get('action');
+$parent = WT_Filter::get('parent');
+$inactive = WT_Filter::getBool('inactive');
+$mode = WT_Filter::get('mode');
+$deleteRecord = WT_Filter::get('deleteRecord');
if (!isset($parent)) $parent=0;
if (!isset($inactive)) $inactive=false;
diff --git a/modules_v3/googlemap/module.php b/modules_v3/googlemap/module.php
index 549ef20b5c..a1c2df71b6 100644
--- a/modules_v3/googlemap/module.php
+++ b/modules_v3/googlemap/module.php
@@ -192,7 +192,7 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu
require WT_ROOT.WT_MODULES_DIR.'googlemap/defaultconfig.php';
require WT_ROOT.'includes/functions/functions_edit.php';
- $action=safe_REQUEST($_REQUEST, 'action');
+ $action = WT_Filter::post('action');
$controller=new WT_Controller_Page();
$controller
@@ -203,25 +203,25 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu
if ($action=='update') {
- set_module_setting('googlemap', 'GM_MAP_TYPE', $_POST['NEW_GM_MAP_TYPE']);
- set_module_setting('googlemap', 'GM_USE_STREETVIEW', $_POST['NEW_GM_USE_STREETVIEW']);
- set_module_setting('googlemap', 'GM_MIN_ZOOM', $_POST['NEW_GM_MIN_ZOOM']);
- set_module_setting('googlemap', 'GM_MAX_ZOOM', $_POST['NEW_GM_MAX_ZOOM']);
- set_module_setting('googlemap', 'GM_XSIZE', $_POST['NEW_GM_XSIZE']);
- set_module_setting('googlemap', 'GM_YSIZE', $_POST['NEW_GM_YSIZE']);
- set_module_setting('googlemap', 'GM_PRECISION_0', $_POST['NEW_GM_PRECISION_0']);
- set_module_setting('googlemap', 'GM_PRECISION_1', $_POST['NEW_GM_PRECISION_1']);
- set_module_setting('googlemap', 'GM_PRECISION_2', $_POST['NEW_GM_PRECISION_2']);
- set_module_setting('googlemap', 'GM_PRECISION_3', $_POST['NEW_GM_PRECISION_3']);
- set_module_setting('googlemap', 'GM_PRECISION_4', $_POST['NEW_GM_PRECISION_4']);
- set_module_setting('googlemap', 'GM_PRECISION_5', $_POST['NEW_GM_PRECISION_5']);
- set_module_setting('googlemap', 'GM_DEFAULT_TOP_VALUE', $_POST['NEW_GM_DEFAULT_TOP_LEVEL']);
- set_module_setting('googlemap', 'GM_COORD', $_POST['NEW_GM_COORD']);
- set_module_setting('googlemap', 'GM_PLACE_HIERARCHY', $_POST['NEW_GM_PLACE_HIERARCHY']);
- set_module_setting('googlemap', 'GM_PH_XSIZE', $_POST['NEW_GM_PH_XSIZE']);
- set_module_setting('googlemap', 'GM_PH_YSIZE', $_POST['NEW_GM_PH_YSIZE']);
- set_module_setting('googlemap', 'GM_PH_MARKER', $_POST['NEW_GM_PH_MARKER']);
- set_module_setting('googlemap', 'GM_DISP_SHORT_PLACE', $_POST['NEW_GM_DISP_SHORT_PLACE']);
+ set_module_setting('googlemap', 'GM_MAP_TYPE', WT_Filter::post('NEW_GM_MAP_TYPE'));
+ set_module_setting('googlemap', 'GM_USE_STREETVIEW', WT_Filter::post('NEW_GM_USE_STREETVIEW'));
+ set_module_setting('googlemap', 'GM_MIN_ZOOM', WT_Filter::post('NEW_GM_MIN_ZOOM'));
+ set_module_setting('googlemap', 'GM_MAX_ZOOM', WT_Filter::post('NEW_GM_MAX_ZOOM'));
+ set_module_setting('googlemap', 'GM_XSIZE', WT_Filter::post('NEW_GM_XSIZE'));
+ set_module_setting('googlemap', 'GM_YSIZE', WT_Filter::post('NEW_GM_YSIZE'));
+ set_module_setting('googlemap', 'GM_PRECISION_0', WT_Filter::post('NEW_GM_PRECISION_0'));
+ set_module_setting('googlemap', 'GM_PRECISION_1', WT_Filter::post('NEW_GM_PRECISION_1'));
+ set_module_setting('googlemap', 'GM_PRECISION_2', WT_Filter::post('NEW_GM_PRECISION_2'));
+ set_module_setting('googlemap', 'GM_PRECISION_3', WT_Filter::post('NEW_GM_PRECISION_3'));
+ set_module_setting('googlemap', 'GM_PRECISION_4', WT_Filter::post('NEW_GM_PRECISION_4'));
+ set_module_setting('googlemap', 'GM_PRECISION_5', WT_Filter::post('NEW_GM_PRECISION_5'));
+ set_module_setting('googlemap', 'GM_DEFAULT_TOP_VALUE', WT_Filter::post('NEW_GM_DEFAULT_TOP_LEVEL'));
+ set_module_setting('googlemap', 'GM_COORD', WT_Filter::post('NEW_GM_COORD'));
+ set_module_setting('googlemap', 'GM_PLACE_HIERARCHY', WT_Filter::post('NEW_GM_PLACE_HIERARCHY'));
+ set_module_setting('googlemap', 'GM_PH_XSIZE', WT_Filter::post('NEW_GM_PH_XSIZE'));
+ set_module_setting('googlemap', 'GM_PH_YSIZE', WT_Filter::post('NEW_GM_PH_YSIZE'));
+ set_module_setting('googlemap', 'GM_PH_MARKER', WT_Filter::post('NEW_GM_PH_MARKER'));
+ set_module_setting('googlemap', 'GM_DISP_SHORT_PLACE', WT_Filter::post('NEW_GM_DISP_SHORT_PLACE'));
for ($i=1; $i<=9; $i++) {
set_module_setting('googlemap', 'GM_PREFIX_'.$i, $_POST['NEW_GM_PREFIX_'.$i]);
@@ -447,13 +447,11 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu
->setPageTitle(WT_I18N::translate('Select flag'))
->pageHeader();
- $countries=WT_Stats::get_all_countries();
- $action=safe_REQUEST($_REQUEST, 'action');
+ $countries = WT_Stats::get_all_countries();
+ $action = WT_Filter::post('action');
- if (isset($_REQUEST['countrySelected'])) $countrySelected = $_REQUEST['countrySelected'];
- if (!isset($countrySelected)) $countrySelected='Countries';
- if (isset($_REQUEST['stateSelected'])) $stateSelected = $_REQUEST['stateSelected'];
- if (!isset($stateSelected)) $stateSelected='States';
+ $countrySelected = WT_Filter::post('countrySelected', null, 'Countries');
+ $stateSelected = WT_Filter::post('stateSelected', null, 'States');
$country = array();
$rep = opendir(WT_ROOT.WT_MODULES_DIR.'googlemap/places/flags/');
@@ -649,8 +647,8 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu
require_once WT_ROOT.WT_MODULES_DIR.'googlemap/googlemap.php';
// Default is show for both of these.
- $hideflags = safe_GET('hideflags');
- $hidelines = safe_GET('hidelines');
+ $hideflags = WT_Filter::get('hideflags');
+ $hidelines = WT_Filter::get('hidelines');
$controller=new WT_Controller_Pedigree();
@@ -1431,11 +1429,11 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu
require_once WT_ROOT.WT_MODULES_DIR.'googlemap/googlemap.php';
require_once WT_ROOT.'includes/functions/functions_edit.php';
- $action = safe_GET('action', '','go');
- $gedcom_id = safe_GET('gedcom_id', array_keys(WT_Tree::getAll()), WT_GED_ID);
- $country = safe_GET('country', WT_REGEX_UNSAFE, 'XYZ');
- $state = safe_GET('state', WT_REGEX_UNSAFE, 'XYZ');
- $matching = safe_GET_bool('matching');
+ $action = WT_Filter::get('action', '','go');
+ $gedcom_id = WT_Filter::getInteger('gedcom_id');
+ $country = WT_Filter::get('country', '.+', 'XYZ');
+ $state = WT_Filter::get('state', '.+', 'XYZ');
+ $matching = WT_Filter::getBool('matching');
if (!empty($WT_SESSION['placecheck_gedcom_id'])) {
$gedcom_id = $WT_SESSION['placecheck_gedcom_id'];
diff --git a/modules_v3/googlemap/placehierarchy.php b/modules_v3/googlemap/placehierarchy.php
index 83337cf665..d94c2e93f8 100644
--- a/modules_v3/googlemap/placehierarchy.php
+++ b/modules_v3/googlemap/placehierarchy.php
@@ -128,7 +128,7 @@ function create_map($placelevels) {
// *** ENABLE STREETVIEW *** (boolean) =========================================================
$STREETVIEW = get_module_setting('googlemap', 'GM_USE_STREETVIEW');
// =============================================================================================
- $parent = safe_GET('parent', WT_REGEX_UNSAFE);
+ $parent = WT_Filter::get('parent');
// create the map
echo '<table style="margin:20px auto 0 auto;"><tr valign="top"><td>';
@@ -197,7 +197,7 @@ function create_map($placelevels) {
}
');
- $parent = safe_GET('parent');
+ $parent = WT_Filter::get('parent');
global $TBLPREFIX, $pl_lati, $pl_long;
if ($level>=1) {
$pl_lati = str_replace(array('N', 'S', ','), array('', '-', '.'), $latlng['pl_lati']); // WT_placelocation lati
@@ -657,4 +657,4 @@ function map_scripts($numfound, $level, $parent, $linklevels, $placelevels, $pla
}
}
$controller->addInlineJavascript(ob_get_clean());
-}
+} \ No newline at end of file
diff --git a/modules_v3/googlemap/places_edit.php b/modules_v3/googlemap/places_edit.php
index 6ce75d4e4c..6ff8a0f14c 100644
--- a/modules_v3/googlemap/places_edit.php
+++ b/modules_v3/googlemap/places_edit.php
@@ -29,9 +29,9 @@ if (!defined('WT_WEBTREES')) {
require WT_ROOT.WT_MODULES_DIR.'googlemap/defaultconfig.php';
require WT_ROOT.'includes/functions/functions_edit.php';
-$action=safe_REQUEST($_REQUEST, 'action');
-if (isset($_REQUEST['placeid'])) $placeid = $_REQUEST['placeid'];
-if (isset($_REQUEST['place_name'])) $place_name = $_REQUEST['place_name'];
+$action = WT_Filter::get('action');
+$placeid = WT_Filter::get('placeid');
+$place_name = WT_Filter::get('place_name');
$controller=new WT_Controller_Simple();
$controller
diff --git a/modules_v3/html/module.php b/modules_v3/html/module.php
index 3221f8f5dc..0f20a36114 100644
--- a/modules_v3/html/module.php
+++ b/modules_v3/html/module.php
@@ -133,15 +133,15 @@ class html_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'gedcom', safe_POST('gedcom'));
- set_block_setting($block_id, 'title', $_POST['title']);
- set_block_setting($block_id, 'html', $_POST['html']);
- set_block_setting($block_id, 'show_timestamp', safe_POST_bool('show_timestamp'));
- set_block_setting($block_id, 'timestamp', safe_POST('timestamp'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'gedcom', WT_Filter::post('gedcom'));
+ set_block_setting($block_id, 'title', WT_Filter::post('title'));
+ set_block_setting($block_id, 'html', WT_Filter::post('html'));
+ set_block_setting($block_id, 'show_timestamp', WT_Filter::postBool('show_timestamp'));
+ set_block_setting($block_id, 'timestamp', WT_Filter::post('timestamp'));
$languages=array();
foreach (WT_I18N::installed_languages() as $code=>$name) {
- if (safe_POST_bool('lang_'.$code)) {
+ if (WT_Filter::postBool('lang_'.$code)) {
$languages[]=$code;
}
}
@@ -327,4 +327,4 @@ class html_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_language_checkboxes('lang_', $languages);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/individuals/module.php b/modules_v3/individuals/module.php
index c6f2950916..09caef3268 100644
--- a/modules_v3/individuals/module.php
+++ b/modules_v3/individuals/module.php
@@ -64,9 +64,9 @@ class individuals_WT_Module extends WT_Module implements WT_Module_Sidebar {
// Implement WT_Module_Sidebar
public function getSidebarAjaxContent() {
- $alpha =safe_GET('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none
- $surname =safe_GET('surname', '[^<>&%{};]*'); // All indis with this surname. NB - allow ' and "
- $search =safe_GET('search');
+ $alpha = WT_Filter::get('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none
+ $surname = WT_Filter::get('surname'); // All indis with this surname.
+ $search = WT_Filter::get('search');
if ($search) {
return $this->search($search);
@@ -230,4 +230,4 @@ class individuals_WT_Module extends WT_Module implements WT_Module_Sidebar {
$out .= '</ul>';
return $out;
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/random_media/module.php b/modules_v3/random_media/module.php
index b64c6b6c0f..ee73211253 100644
--- a/modules_v3/random_media/module.php
+++ b/modules_v3/random_media/module.php
@@ -43,7 +43,7 @@ class random_media_WT_Module extends WT_Module implements WT_Module_Block {
$filter =get_block_setting($block_id, 'filter', 'all');
$controls=get_block_setting($block_id, 'controls', true);
- $start =get_block_setting($block_id, 'start', false) || safe_GET_bool('start');
+ $start =get_block_setting($block_id, 'start', false) || WT_Filter::getBool('start');
$block =get_block_setting($block_id, 'block', true);
// We can apply the filters using SQL
@@ -217,39 +217,39 @@ class random_media_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'filter', safe_POST('filter', array('indi', 'event', 'all'), 'all'));
- set_block_setting($block_id, 'controls', safe_POST_bool('controls'));
- set_block_setting($block_id, 'start', safe_POST_bool('start'));
- set_block_setting($block_id, 'filter_avi', safe_POST_bool('filter_avi'));
- set_block_setting($block_id, 'filter_bmp', safe_POST_bool('filter_bmp'));
- set_block_setting($block_id, 'filter_gif', safe_POST_bool('filter_gif'));
- set_block_setting($block_id, 'filter_jpeg', safe_POST_bool('filter_jpeg'));
- set_block_setting($block_id, 'filter_mp3', safe_POST_bool('filter_mp3'));
- set_block_setting($block_id, 'filter_ole', safe_POST_bool('filter_ole'));
- set_block_setting($block_id, 'filter_pcx', safe_POST_bool('filter_pcx'));
- set_block_setting($block_id, 'filter_pdf', safe_POST_bool('filter_pdf'));
- set_block_setting($block_id, 'filter_png', safe_POST_bool('filter_png'));
- set_block_setting($block_id, 'filter_tiff', safe_POST_bool('filter_tiff'));
- set_block_setting($block_id, 'filter_wav', safe_POST_bool('filter_wav'));
- set_block_setting($block_id, 'filter_audio', safe_POST_bool('filter_audio'));
- set_block_setting($block_id, 'filter_book', safe_POST_bool('filter_book'));
- set_block_setting($block_id, 'filter_card', safe_POST_bool('filter_card'));
- set_block_setting($block_id, 'filter_certificate', safe_POST_bool('filter_certificate'));
- set_block_setting($block_id, 'filter_coat', safe_POST_bool('filter_coat'));
- set_block_setting($block_id, 'filter_document', safe_POST_bool('filter_document'));
- set_block_setting($block_id, 'filter_electronic', safe_POST_bool('filter_electronic'));
- set_block_setting($block_id, 'filter_fiche', safe_POST_bool('filter_fiche'));
- set_block_setting($block_id, 'filter_film', safe_POST_bool('filter_film'));
- set_block_setting($block_id, 'filter_magazine', safe_POST_bool('filter_magazine'));
- set_block_setting($block_id, 'filter_manuscript', safe_POST_bool('filter_manuscript'));
- set_block_setting($block_id, 'filter_map', safe_POST_bool('filter_map'));
- set_block_setting($block_id, 'filter_newspaper', safe_POST_bool('filter_newspaper'));
- set_block_setting($block_id, 'filter_other', safe_POST_bool('filter_other'));
- set_block_setting($block_id, 'filter_painting', safe_POST_bool('filter_painting'));
- set_block_setting($block_id, 'filter_photo', safe_POST_bool('filter_photo'));
- set_block_setting($block_id, 'filter_tombstone', safe_POST_bool('filter_tombstone'));
- set_block_setting($block_id, 'filter_video', safe_POST_bool('filter_video'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'filter', WT_Filter::post('filter', 'indi|event|all', 'all'));
+ set_block_setting($block_id, 'controls', WT_Filter::postBool('controls'));
+ set_block_setting($block_id, 'start', WT_Filter::postBool('start'));
+ set_block_setting($block_id, 'filter_avi', WT_Filter::postBool('filter_avi'));
+ set_block_setting($block_id, 'filter_bmp', WT_Filter::postBool('filter_bmp'));
+ set_block_setting($block_id, 'filter_gif', WT_Filter::postBool('filter_gif'));
+ set_block_setting($block_id, 'filter_jpeg', WT_Filter::postBool('filter_jpeg'));
+ set_block_setting($block_id, 'filter_mp3', WT_Filter::postBool('filter_mp3'));
+ set_block_setting($block_id, 'filter_ole', WT_Filter::postBool('filter_ole'));
+ set_block_setting($block_id, 'filter_pcx', WT_Filter::postBool('filter_pcx'));
+ set_block_setting($block_id, 'filter_pdf', WT_Filter::postBool('filter_pdf'));
+ set_block_setting($block_id, 'filter_png', WT_Filter::postBool('filter_png'));
+ set_block_setting($block_id, 'filter_tiff', WT_Filter::postBool('filter_tiff'));
+ set_block_setting($block_id, 'filter_wav', WT_Filter::postBool('filter_wav'));
+ set_block_setting($block_id, 'filter_audio', WT_Filter::postBool('filter_audio'));
+ set_block_setting($block_id, 'filter_book', WT_Filter::postBool('filter_book'));
+ set_block_setting($block_id, 'filter_card', WT_Filter::postBool('filter_card'));
+ set_block_setting($block_id, 'filter_certificate', WT_Filter::postBool('filter_certificate'));
+ set_block_setting($block_id, 'filter_coat', WT_Filter::postBool('filter_coat'));
+ set_block_setting($block_id, 'filter_document', WT_Filter::postBool('filter_document'));
+ set_block_setting($block_id, 'filter_electronic', WT_Filter::postBool('filter_electronic'));
+ set_block_setting($block_id, 'filter_fiche', WT_Filter::postBool('filter_fiche'));
+ set_block_setting($block_id, 'filter_film', WT_Filter::postBool('filter_film'));
+ set_block_setting($block_id, 'filter_magazine', WT_Filter::postBool('filter_magazine'));
+ set_block_setting($block_id, 'filter_manuscript', WT_Filter::postBool('filter_manuscript'));
+ set_block_setting($block_id, 'filter_map', WT_Filter::postBool('filter_map'));
+ set_block_setting($block_id, 'filter_newspaper', WT_Filter::postBool('filter_newspaper'));
+ set_block_setting($block_id, 'filter_other', WT_Filter::postBool('filter_other'));
+ set_block_setting($block_id, 'filter_painting', WT_Filter::postBool('filter_painting'));
+ set_block_setting($block_id, 'filter_photo', WT_Filter::postBool('filter_photo'));
+ set_block_setting($block_id, 'filter_tombstone', WT_Filter::postBool('filter_tombstone'));
+ set_block_setting($block_id, 'filter_video', WT_Filter::postBool('filter_video'));
exit;
}
@@ -384,4 +384,4 @@ class random_media_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('start', $start);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/recent_changes/module.php b/modules_v3/recent_changes/module.php
index 128c62cd2f..15506cc60a 100644
--- a/modules_v3/recent_changes/module.php
+++ b/modules_v3/recent_changes/module.php
@@ -118,12 +118,12 @@ class recent_changes_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'days', safe_POST_integer('days', 1, 30, 7));
- set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table'));
- set_block_setting($block_id, 'sortStyle', safe_POST('sortStyle', array('name', 'date_asc', 'date_desc'), 'date_desc'));
- set_block_setting($block_id, 'hide_empty', safe_POST_bool('hide_empty'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'days', WT_Filter::postInteger('days', 1, 30, 7));
+ set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table'));
+ set_block_setting($block_id, 'sortStyle', WT_Filter::post('sortStyle', 'name|date_asc|date_desc', 'date_desc'));
+ set_block_setting($block_id, 'hide_empty', WT_Filter::postBool('hide_empty'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -173,4 +173,4 @@ class recent_changes_WT_Module extends WT_Module implements WT_Module_Block {
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/review_changes/module.php b/modules_v3/review_changes/module.php
index 1975ed9b98..88a00724fc 100644
--- a/modules_v3/review_changes/module.php
+++ b/modules_v3/review_changes/module.php
@@ -155,10 +155,10 @@ class review_changes_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'days', safe_POST_integer('num', 1, 180, 7));
- set_block_setting($block_id, 'sendmail', safe_POST_bool('sendmail'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'days', WT_Filter::postInteger('num', 1, 180, 7));
+ set_block_setting($block_id, 'sendmail', WT_Filter::postBool('sendmail'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -181,4 +181,4 @@ class review_changes_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('block', $block);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/sitemap/module.php b/modules_v3/sitemap/module.php
index 2be8b119dd..2f19f180af 100644
--- a/modules_v3/sitemap/module.php
+++ b/modules_v3/sitemap/module.php
@@ -45,7 +45,7 @@ class sitemap_WT_Module extends WT_Module implements WT_Module_Config {
break;
case 'generate':
Zend_Session::writeClose();
- $this->generate(safe_GET('file'));
+ $this->generate(WT_Filter::get('file'));
break;
default:
header('HTTP/1.0 404 Not Found');
@@ -216,9 +216,9 @@ class sitemap_WT_Module extends WT_Module implements WT_Module_Config {
->pageHeader();
// Save the updated preferences
- if (safe_POST('action', 'save')=='save') {
+ if (WT_Filter::post('action')=='save') {
foreach (WT_Tree::getAll() as $tree) {
- set_gedcom_setting($tree->tree_id, 'include_in_sitemap', safe_POST_bool('include'.$tree->tree_id));
+ set_gedcom_setting($tree->tree_id, 'include_in_sitemap', WT_Filter::postBool('include'.$tree->tree_id));
}
// Clear cache and force files to be regenerated
WT_DB::prepare(
@@ -270,4 +270,4 @@ class sitemap_WT_Module extends WT_Module implements WT_Module_Config {
public function getConfigLink() {
return 'module.php?mod='.$this->getName().'&amp;mod_action=admin';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/stories/module.php b/modules_v3/stories/module.php
index c65619de0c..cff1d265e8 100644
--- a/modules_v3/stories/module.php
+++ b/modules_v3/stories/module.php
@@ -169,35 +169,35 @@ class stories_WT_Module extends WT_Module implements WT_Module_Block, WT_Module_
require_once WT_ROOT.'includes/functions/functions_edit.php';
if (WT_USER_CAN_EDIT) {
- if (safe_POST_bool('save')) {
- $block_id=safe_POST('block_id');
+ if (WT_Filter::postBool('save')) {
+ $block_id=WT_Filter::postInteger('block_id');
if ($block_id) {
WT_DB::prepare(
"UPDATE `##block` SET gedcom_id=?, xref=? WHERE block_id=?"
- )->execute(array(safe_POST('gedcom_id'), safe_POST('xref'), $block_id));
+ )->execute(array(WT_Filter::postInteger('gedcom_id'), WT_Filter::post('xref', WT_REGEX_XREF), $block_id));
} else {
WT_DB::prepare(
"INSERT INTO `##block` (gedcom_id, xref, module_name, block_order) VALUES (?, ?, ?, ?)"
)->execute(array(
- safe_POST('gedcom_id'),
- safe_POST('xref'),
+ WT_Filter::postInteger('gedcom_id'),
+ WT_Filter::post('xref', WT_REGEX_XREF),
$this->getName(),
0
));
$block_id=WT_DB::getInstance()->lastInsertId();
}
- set_block_setting($block_id, 'title', safe_POST('title', WT_REGEX_UNSAFE)); // allow html
- set_block_setting($block_id, 'story_body', safe_POST('story_body', WT_REGEX_UNSAFE)); // allow html
+ set_block_setting($block_id, 'title', WT_Filter::post('title'));
+ set_block_setting($block_id, 'story_body', WT_Filter::post('story_body'));
$languages=array();
foreach (WT_I18N::installed_languages() as $code=>$name) {
- if (safe_POST_bool('lang_'.$code)) {
+ if (WT_Filter::postBool('lang_'.$code)) {
$languages[]=$code;
}
}
set_block_setting($block_id, 'languages', implode(',', $languages));
$this->config();
} else {
- $block_id=safe_GET('block_id');
+ $block_id=WT_Filter::getInteger('block_id');
$controller=new WT_Controller_Page();
if ($block_id) {
@@ -215,7 +215,7 @@ class stories_WT_Module extends WT_Module implements WT_Module_Block, WT_Module_
$title='';
$story_body='';
$gedcom_id=WT_GED_ID;
- $xref=safe_GET('xref', WT_REGEX_XREF);
+ $xref=WT_Filter::get('xref', WT_REGEX_XREF);
}
$controller
->pageHeader()
@@ -274,7 +274,7 @@ class stories_WT_Module extends WT_Module implements WT_Module_Block, WT_Module_
private function delete() {
if (WT_USER_CAN_EDIT) {
- $block_id=safe_GET('block_id');
+ $block_id=WT_Filter::getInteger('block_id');
$block_order=WT_DB::prepare(
"SELECT block_order FROM `##block` WHERE block_id=?"
diff --git a/modules_v3/theme_select/module.php b/modules_v3/theme_select/module.php
index f0ac4823cd..7ff0e91016 100644
--- a/modules_v3/theme_select/module.php
+++ b/modules_v3/theme_select/module.php
@@ -1,77 +1,77 @@
-<?php
-// Classes and libraries for module system
-//
-// webtrees: Web based Family History software
-// Copyright (C) 2013 webtrees development team.
-//
-// Derived from PhpGedView
-// Copyright (C) 2010 John Finlay
-//
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; either version 2 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-if (!defined('WT_WEBTREES')) {
- header('HTTP/1.0 403 Forbidden');
- exit;
-}
-
-class theme_select_WT_Module extends WT_Module implements WT_Module_Block {
- // Extend class WT_Module
- public function getTitle() {
- return /* I18N: Name of a module */ WT_I18N::translate('Theme change');
- }
-
- // Extend class WT_Module
- public function getDescription() {
- return /* I18N: Description of the “Theme change” module */ WT_I18N::translate('An alternative way to select a new theme.');
- }
-
- // Implement class WT_Module_Block
- public function getBlock($block_id, $template=true, $cfg=null) {
- $id=$this->getName().$block_id;
- $class=$this->getName().'_block';
- $title=$this->getTitle();
- $menu=WT_MenuBar::getThemeMenu();
- if ($menu) {
- $content='<div class="center theme_form">'.WT_MenuBar::getThemeMenu().'</div><br>';
-
- if ($template) {
- require WT_THEME_DIR.'templates/block_main_temp.php';
- } else {
- return $content;
- }
- } else {
- return '';
- }
- }
-
- // Implement class WT_Module_Block
- public function loadAjax() {
- return false;
- }
-
- // Implement class WT_Module_Block
- public function isUserBlock() {
- return true;
- }
-
- // Implement class WT_Module_Block
- public function isGedcomBlock() {
- return true;
- }
-
- // Implement class WT_Module_Block
- public function configureBlock($block_id) {
- }
-}
+<?php
+// Classes and libraries for module system
+//
+// webtrees: Web based Family History software
+// Copyright (C) 2013 webtrees development team.
+//
+// Derived from PhpGedView
+// Copyright (C) 2010 John Finlay
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 2 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+if (!defined('WT_WEBTREES')) {
+ header('HTTP/1.0 403 Forbidden');
+ exit;
+}
+
+class theme_select_WT_Module extends WT_Module implements WT_Module_Block {
+ // Extend class WT_Module
+ public function getTitle() {
+ return /* I18N: Name of a module */ WT_I18N::translate('Theme change');
+ }
+
+ // Extend class WT_Module
+ public function getDescription() {
+ return /* I18N: Description of the “Theme change” module */ WT_I18N::translate('An alternative way to select a new theme.');
+ }
+
+ // Implement class WT_Module_Block
+ public function getBlock($block_id, $template=true, $cfg=null) {
+ $id=$this->getName().$block_id;
+ $class=$this->getName().'_block';
+ $title=$this->getTitle();
+ $menu=WT_MenuBar::getThemeMenu();
+ if ($menu) {
+ $content='<div class="center theme_form">'.WT_MenuBar::getThemeMenu().'</div><br>';
+
+ if ($template) {
+ require WT_THEME_DIR.'templates/block_main_temp.php';
+ } else {
+ return $content;
+ }
+ } else {
+ return '';
+ }
+ }
+
+ // Implement class WT_Module_Block
+ public function loadAjax() {
+ return false;
+ }
+
+ // Implement class WT_Module_Block
+ public function isUserBlock() {
+ return true;
+ }
+
+ // Implement class WT_Module_Block
+ public function isGedcomBlock() {
+ return true;
+ }
+
+ // Implement class WT_Module_Block
+ public function configureBlock($block_id) {
+ }
+}
diff --git a/modules_v3/todays_events/module.php b/modules_v3/todays_events/module.php
index 630577abbd..44824dc46d 100644
--- a/modules_v3/todays_events/module.php
+++ b/modules_v3/todays_events/module.php
@@ -109,12 +109,12 @@ class todays_events_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'filter', safe_POST_bool('filter'));
- set_block_setting($block_id, 'onlyBDM', safe_POST_bool('onlyBDM'));
- set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table'));
- set_block_setting($block_id, 'sortStyle', safe_POST('sortStyle', array('alpha', 'anniv'), 'alpha'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'filter', WT_Filter::postBool('filter'));
+ set_block_setting($block_id, 'onlyBDM', WT_Filter::postBool('onlyBDM'));
+ set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table'));
+ set_block_setting($block_id, 'sortStyle', WT_Filter::post('sortStyle', 'alpha|anniv', 'alpha'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -158,4 +158,4 @@ class todays_events_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('block', $block);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/todo/module.php b/modules_v3/todo/module.php
index 02d46539de..1526f8d07d 100644
--- a/modules_v3/todo/module.php
+++ b/modules_v3/todo/module.php
@@ -155,11 +155,11 @@ class todo_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'show_other', safe_POST_bool('show_other'));
- set_block_setting($block_id, 'show_unassigned', safe_POST_bool('show_unassigned'));
- set_block_setting($block_id, 'show_future', safe_POST_bool('show_future'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'show_other', WT_Filter::postBool('show_other'));
+ set_block_setting($block_id, 'show_unassigned', WT_Filter::postBool('show_unassigned'));
+ set_block_setting($block_id, 'show_future', WT_Filter::postBool('show_future'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -193,4 +193,4 @@ class todo_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('block', $block);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/top10_givnnames/module.php b/modules_v3/top10_givnnames/module.php
index 8515cd7593..bb4c9d4d8b 100644
--- a/modules_v3/top10_givnnames/module.php
+++ b/modules_v3/top10_givnnames/module.php
@@ -126,10 +126,10 @@ class top10_givnnames_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'num', safe_POST_integer('num', 1, 10000, 10));
- set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'num', WT_Filter::postInteger('num', 1, 10000, 10));
+ set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -156,4 +156,4 @@ class top10_givnnames_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('block', $block);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/top10_pageviews/module.php b/modules_v3/top10_pageviews/module.php
index 2a1525d902..6fa08522b7 100644
--- a/modules_v3/top10_pageviews/module.php
+++ b/modules_v3/top10_pageviews/module.php
@@ -120,10 +120,10 @@ class top10_pageviews_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'num', safe_POST_integer('num', 1, 10000, 10));
- set_block_setting($block_id, 'count_placement', safe_POST('count_placement', array('before', 'after'), 'before'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'num', WT_Filter::postInteger('num', 1, 10000, 10));
+ set_block_setting($block_id, 'count_placement', WT_Filter::post('count_placement', 'before|after', 'before'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
require_once WT_ROOT.'includes/functions/functions_edit.php';
@@ -149,4 +149,4 @@ class top10_pageviews_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('block', $block);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/top10_surnames/module.php b/modules_v3/top10_surnames/module.php
index 0670cc8534..a2c44f790e 100644
--- a/modules_v3/top10_surnames/module.php
+++ b/modules_v3/top10_surnames/module.php
@@ -139,10 +139,10 @@ class top10_surnames_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'num', safe_POST_integer('num', 1, 10000, 10));
- set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'array', 'table', 'tagcloud'), 'table'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'num', WT_Filter::postInteger('num', 1, 10000, 10));
+ set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|array|table|tagcloud', 'table'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -181,4 +181,4 @@ class top10_surnames_WT_Module extends WT_Module implements WT_Module_Block {
}
return $countb - $counta;
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/tree/class_treeview.php b/modules_v3/tree/class_treeview.php
index 62cd94b12a..bdd742e741 100644
--- a/modules_v3/tree/class_treeview.php
+++ b/modules_v3/tree/class_treeview.php
@@ -35,7 +35,7 @@ class TreeView {
$this->name = $name;
// Read if all partners must be shown or not
- $allPartners = safe_GET('allPartners');
+ $allPartners = WT_Filter::get('allPartners');
// if allPartners not specified in url, we try to read the cookie
if ($allPartners == '') {
if (isset($_COOKIE['allPartners']))
@@ -121,7 +121,7 @@ class TreeView {
foreach ($person->getSpouseFamilies() as $family) {
$spouse = $family->getSpouse($person);
if ($spouse) {
- $r .= $this->getPersonDetails($person, $family->getSpouse($person), $family);
+ $r .= $this->getPersonDetails($person, $spouse, $family);
}
}
return $r;
diff --git a/modules_v3/tree/module.php b/modules_v3/tree/module.php
index e38bcd78fd..155073d1ea 100644
--- a/modules_v3/tree/module.php
+++ b/modules_v3/tree/module.php
@@ -130,8 +130,8 @@ class tree_WT_Module extends WT_Module implements WT_Module_Tab {
//$controller->pageHeader();
Zend_Session::writeClose();
header('Content-Type: text/html; charset=UTF-8');
- $pid = safe_GET('pid');
- $i = safe_GET('instance');
+ $pid = WT_Filter::get('pid', WT_REGEX_XREF);
+ $i = WT_Filter::get('instance');
$tv = new TreeView($i);
echo $tv->getDetails($pid);
break;
@@ -141,8 +141,8 @@ class tree_WT_Module extends WT_Module implements WT_Module_Tab {
//$controller->pageHeader();
Zend_Session::writeClose();
header('Content-Type: text/html; charset=UTF-8');
- $q = $_REQUEST['q'];
- $i = safe_GET('instance');
+ $q = WT_Filter::get('q');
+ $i = WT_Filter::get('instance');
$tv = new TreeView($i);
echo $tv->getPersons($q);
break;
diff --git a/modules_v3/upcoming_events/module.php b/modules_v3/upcoming_events/module.php
index 2986247386..06f2a1e2eb 100644
--- a/modules_v3/upcoming_events/module.php
+++ b/modules_v3/upcoming_events/module.php
@@ -112,13 +112,13 @@ class upcoming_events_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'days', safe_POST_integer('days', 1, 30, 7));
- set_block_setting($block_id, 'filter', safe_POST_bool('filter'));
- set_block_setting($block_id, 'onlyBDM', safe_POST_bool('onlyBDM'));
- set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table'));
- set_block_setting($block_id, 'sortStyle', safe_POST('sortStyle', array('alpha', 'anniv'), 'alpha'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'days', WT_Filter::postInteger('days', 1, 30, 7));
+ set_block_setting($block_id, 'filter', WT_Filter::postBool('filter'));
+ set_block_setting($block_id, 'onlyBDM', WT_Filter::postBool('onlyBDM'));
+ set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table'));
+ set_block_setting($block_id, 'sortStyle', WT_Filter::post('sortStyle', 'alpha|anniv', 'alpha'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -170,4 +170,4 @@ class upcoming_events_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('block', $block);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/user_blog/module.php b/modules_v3/user_blog/module.php
index f975ddeb1d..81e519438d 100644
--- a/modules_v3/user_blog/module.php
+++ b/modules_v3/user_blog/module.php
@@ -49,9 +49,9 @@ class user_blog_WT_Module extends WT_Module implements WT_Module_Block {
public function getBlock($block_id, $template=true, $cfg=null) {
global $ctype;
- switch (safe_GET('action')) {
+ switch (WT_Filter::get('action')) {
case 'deletenews':
- $news_id=safe_GET('news_id');
+ $news_id=WT_Filter::getInteger('news_id');
if ($news_id) {
deleteNews($news_id);
}
@@ -124,4 +124,4 @@ class user_blog_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/user_favorites/module.php b/modules_v3/user_favorites/module.php
index 66ddc86f7d..b74eb676a5 100644
--- a/modules_v3/user_favorites/module.php
+++ b/modules_v3/user_favorites/module.php
@@ -64,16 +64,16 @@ class user_favorites_WT_Module extends gedcom_favorites_WT_Module {
switch($modAction) {
case 'menu-add-favorite':
// Process the "add to user favorites" menu item on indi/fam/etc. pages
- $record=WT_GedcomRecord::getInstance(safe_POST_xref('xref'));
+ $record = WT_GedcomRecord::getInstance(WT_Filter::post('xref', WT_REGEX_XREF));
if (WT_USER_ID && $record->canShowName()) {
self::addFavorite(array(
- 'user_id' =>WT_USER_ID,
- 'gedcom_id'=>$record->getGedcomId(),
- 'gid' =>$record->getXref(),
- 'type' =>$record::RECORD_TYPE,
- 'url' =>null,
- 'note' =>null,
- 'title' =>null,
+ 'user_id' => WT_USER_ID,
+ 'gedcom_id' => $record->getGedcomId(),
+ 'gid' => $record->getXref(),
+ 'type' => $record::RECORD_TYPE,
+ 'url' => null,
+ 'note' => null,
+ 'title' => null,
));
WT_FlashMessages::addMessage(/* I18N: %s is the name of an individual, source or other record */ WT_I18N::translate('“%s” has been added to your favorites.', $record->getFullName()));
}
diff --git a/modules_v3/user_messages/module.php b/modules_v3/user_messages/module.php
index 6a89860edd..5d8048acac 100644
--- a/modules_v3/user_messages/module.php
+++ b/modules_v3/user_messages/module.php
@@ -44,8 +44,8 @@ class user_messages_WT_Module extends WT_Module implements WT_Module_Block {
require_once WT_ROOT.'includes/functions/functions_print_facts.php';
// Block actions
- $action=safe_GET('action');
- $message_id=safe_GET('message_id');
+ $action = WT_Filter::get('action');
+ $message_id = WT_Filter::getInteger('message_id');
if ($action=='deletemessage') {
if (is_array($message_id)) {
foreach ($message_id as $msg_id) {
@@ -79,7 +79,7 @@ class user_messages_WT_Module extends WT_Module implements WT_Module_Block {
$content.='</option>';
}
}
- $content.='</select> <input type="button" value="'.WT_I18N::translate('Send').'" onclick="message(document.messageform.touser.options[document.messageform.touser.selectedIndex].value, \'messaging2\', \'\', \'\'); return false;"><br><br>';
+ $content.='</select> <input type="button" value="'.WT_I18N::translate('Send').'" onclick="message(document.messageform.touser.options[document.messageform.touser.selectedIndex].value, \'messaging2\', \'\'); return false;"><br><br>';
}
if (count($messages)==0) {
$content.=WT_I18N::translate('You have no pending messages.')."<br>";
@@ -149,8 +149,8 @@ class user_messages_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
diff --git a/modules_v3/yahrzeit/module.php b/modules_v3/yahrzeit/module.php
index 3d1291d133..8582aeb849 100644
--- a/modules_v3/yahrzeit/module.php
+++ b/modules_v3/yahrzeit/module.php
@@ -223,10 +223,10 @@ class yahrzeit_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'days', safe_POST_integer('days', 1, 30, 7));
- set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'days', WT_Filter::postInteger('days', 1, 30, 7));
+ set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -254,4 +254,4 @@ class yahrzeit_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('block', $block);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/placelist.php b/placelist.php
index 35eac00414..aebc99946e 100644
--- a/placelist.php
+++ b/placelist.php
@@ -25,14 +25,12 @@ define('WT_SCRIPT_NAME', 'placelist.php');
require './includes/session.php';
require_once WT_ROOT.'includes/functions/functions_print_lists.php';
-$controller=new WT_Controller_Page();
+$controller = new WT_Controller_Page();
+
+$action = WT_Filter::get('action', 'find|show', 'find');
+$display = WT_Filter::get('display', 'hierarchy|list', 'hierarchy');
+$parent = WT_Filter::getArray('parent');
-$action =safe_GET('action', array('find', 'show'), 'find');
-$display=safe_GET('display', array('hierarchy', 'list'), 'hierarchy');
-$parent =safe_GET('parent', WT_REGEX_UNSAFE); // Place names may include HTML chars. "Sunny View Cemetery", Smallville, <unknown>, Texas, USA"
-if (!is_array($parent)) {
- $parent = array();
-}
$level=count($parent);
if ($display=='hierarchy') {
@@ -248,4 +246,4 @@ case 'hierarchy':
break;
}
-echo '</div>'; // <div id="place-hierarchy">
+echo '</div>'; // <div id="place-hierarchy"> \ No newline at end of file
diff --git a/relationship.php b/relationship.php
index 52677df7f1..9298c1187d 100644
--- a/relationship.php
+++ b/relationship.php
@@ -25,14 +25,14 @@ define('WT_SCRIPT_NAME', 'relationship.php');
require './includes/session.php';
require WT_ROOT.'includes/functions/functions_edit.php';
-$controller=new WT_Controller_Page();
+$controller = new WT_Controller_Page();
-$pid1 =safe_GET_xref('pid1');
-$pid2 =safe_GET_xref('pid2');
-$show_full =safe_GET('show_full', array('0', '1'), $PEDIGREE_FULL_DETAILS);
-$path_to_find=safe_GET('path_to_find', '[0-9]+', 0);
-$followspouse=safe_GET_bool('followspouse');
-$asc =safe_GET_bool('asc');
+$pid1 = WT_Filter::get('pid1', WT_REGEX_XREF);
+$pid2 = WT_Filter::get('pid2', WT_REGEX_XREF);
+$show_full = WT_Filter::getInteger('show_full', 0, 1, $PEDIGREE_FULL_DETAILS);
+$path_to_find = WT_Filter::getInteger('path_to_find');
+$followspouse = WT_Filter::getBool('followspouse');
+$asc = WT_Filter::getBool('asc');
$asc = $asc ? -1 : 1;
diff --git a/reportengine.php b/reportengine.php
index 0217b74417..defcb3fa59 100644
--- a/reportengine.php
+++ b/reportengine.php
@@ -28,14 +28,14 @@ require './includes/session.php';
$controller=new WT_Controller_Page();
-$famid =safe_GET('famid');
-$pid =safe_GET('pid');
-$action =safe_GET('action', array('choose', 'setup', 'run'), 'choose');
-$report =safe_GET('report');
-$output =safe_GET('output', array('HTML', 'PDF'), 'PDF');
-$vars =safe_GET('vars');
-$varnames=safe_GET('varnames');
-$type =safe_GET('type');
+$famid =WT_Filter::get('famid');
+$pid =WT_Filter::get('pid');
+$action =WT_Filter::get('action', 'choose|setup|run', 'choose');
+$report =WT_Filter::get('report');
+$output =WT_Filter::get('output', 'HTML|PDF', 'PDF');
+$vars =WT_Filter::get('vars');
+$varnames=WT_Filter::get('varnames');
+$type =WT_Filter::get('type');
if (!is_array($vars)) {
$vars=array();
}
@@ -509,4 +509,4 @@ exit;
// here, so we can add comments
$x=/* I18N: An option in a list-box */ WT_I18N::translate('sort by date of birth');
$x=/* I18N: An option in a list-box */ WT_I18N::translate('sort by date of marriage');
-$x=/* I18N: An option in a list-box */ WT_I18N::translate('sort by date of death');
+$x=/* I18N: An option in a list-box */ WT_I18N::translate('sort by date of death'); \ No newline at end of file
diff --git a/save.php b/save.php
index 4f801d8855..7eb13fd1e2 100644
--- a/save.php
+++ b/save.php
@@ -40,11 +40,11 @@ function fail() {
// The id must be a valid CSS identifier, so it can be used in HTML.
// We use "[A-Za-z0-9_]+" separated by "-".
-$id=safe_POST('id', '[a-zA-Z0-9_-]+');
+$id=WT_Filter::post('id', '[a-zA-Z0-9_-]+');
list($table, $id1, $id2, $id3)=explode('-', $id.'---');
// The replacement value.
-$value=safe_POST('value', WT_REGEX_UNSAFE);
+$value=WT_Filter::post('value');
// Every switch must have a default case, and every case must end in ok() or fail()
@@ -311,4 +311,4 @@ case 'module':
default:
// An unrecognised table
fail();
-}
+} \ No newline at end of file
diff --git a/setup.php b/setup.php
index d48b39436e..a242ab4234 100644
--- a/setup.php
+++ b/setup.php
@@ -64,7 +64,7 @@ require 'includes/functions/functions_utf-8.php';
require 'includes/functions/functions_edit.php';
$WT_REQUEST=new Zend_Controller_Request_Http();
$WT_SESSION=new stdClass; $WT_SESSION->locale=null; // Can't use Zend_Session until we've checked ini_set
-define('WT_LOCALE', WT_I18N::init(safe_POST('lang', '[@a-zA-Z_]+')));
+define('WT_LOCALE', WT_I18N::init(WT_Filter::post('lang', '[@a-zA-Z_]+')));
header('Content-Type: text/html; charset=UTF-8');
@@ -936,4 +936,4 @@ function to_mb($str) {
if (substr($str, -1, 1)=='G') {
return floor(1024*substr($str, 0, strlen($str)-1));
}
-}
+} \ No newline at end of file
diff --git a/statistics.php b/statistics.php
index 69be880696..e241a7b8ad 100644
--- a/statistics.php
+++ b/statistics.php
@@ -28,8 +28,8 @@ define('WT_SCRIPT_NAME', 'statistics.php');
require './includes/session.php';
// check for on demand content loading
-$tab = safe_GET('tab', WT_REGEX_NOSCRIPT, 0);
-$ajax = safe_GET('ajax', WT_REGEX_NOSCRIPT, 0);
+$tab = WT_Filter::getInteger('tab', 0, 3);
+$ajax = WT_Filter::getBool('ajax');
if (!$ajax) {
$controller=new WT_Controller_Page();
diff --git a/statisticsplot.php b/statisticsplot.php
index 669dacb7fb..f5dd76fa88 100644
--- a/statisticsplot.php
+++ b/statisticsplot.php
@@ -822,7 +822,7 @@ function set_params($current, $indfam, $xg, $zg, $titstr, $xt, $yt, $gx, $gz, $m
}
//-- ========= start of main program =========
-$action = safe_REQUEST($_REQUEST, 'action', WT_REGEX_XREF);
+$action = WT_Filter::post('action');
if ($action=='update') {
$x_as = $_POST['x-as'];
diff --git a/themes/_administration/header.php b/themes/_administration/header.php
index 104054b668..662e7702bd 100644
--- a/themes/_administration/header.php
+++ b/themes/_administration/header.php
@@ -84,18 +84,18 @@ echo
// Side menu
'<div id="admin_menu" class="ui-widget-content">',
'<ul>',
- '<li><a ', (WT_SCRIPT_NAME=="admin.php" ? 'class="current" ' : ''), 'href="admin.php">', WT_I18N::translate('Administration'), '</a></li>';
+ '<li><a ', (WT_SCRIPT_NAME=='admin.php' ? 'class="current" ' : ''), 'href="admin.php">', WT_I18N::translate('Administration'), '</a></li>';
if (WT_USER_IS_ADMIN) {
echo
'<li><ul>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_site_config.php" ? 'class="current" ' : ''), 'href="admin_site_config.php">', WT_I18N::translate('Site configuration' ), '</a></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_site_logs.php" ? 'class="current" ' : ''), 'href="admin_site_logs.php">', WT_I18N::translate('Logs' ), '</a></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_site_readme.php" ? 'class="current" ' : ''), 'href="admin_site_readme.php">', WT_I18N::translate('README documentation' ), '</a></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_site_info.php" ? 'class="current" ' : ''), 'href="admin_site_info.php">', WT_I18N::translate('PHP information' ), '</a></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_site_access.php" ? 'class="current" ' : ''), 'href="admin_site_access.php">', WT_I18N::translate('Site access rules' ), '</a></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_site_clean.php" ? 'class="current" ' : ''), 'href="admin_site_clean.php">', WT_I18N::translate('Clean up data folder'), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_site_config.php' ? 'class="current" ' : ''), 'href="admin_site_config.php">', WT_I18N::translate('Site configuration' ), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_site_logs.php' ? 'class="current" ' : ''), 'href="admin_site_logs.php">', WT_I18N::translate('Logs' ), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_site_readme.php' ? 'class="current" ' : ''), 'href="admin_site_readme.php">', WT_I18N::translate('README documentation' ), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_site_info.php' ? 'class="current" ' : ''), 'href="admin_site_info.php">', WT_I18N::translate('PHP information' ), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_site_access.php' ? 'class="current" ' : ''), 'href="admin_site_access.php">', WT_I18N::translate('Site access rules' ), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_site_clean.php' ? 'class="current" ' : ''), 'href="admin_site_clean.php">', WT_I18N::translate('Clean up data folder'), '</a></li>',
'</ul></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_trees_manage.php" ? 'class="current" ' : ''), 'href="admin_trees_manage.php">', WT_I18N::translate('Family trees' ), '</a></li>';
+ '<li><a ', (WT_SCRIPT_NAME=='admin_trees_manage.php' ? 'class="current" ' : ''), 'href="admin_trees_manage.php">', WT_I18N::translate('Family trees' ), '</a></li>';
} else {
echo '<li>', WT_I18N::translate('Family trees'), '</li>';
}
@@ -105,49 +105,49 @@ foreach (WT_Tree::getAll() as $tree) {
if (userGedcomAdmin(WT_USER_ID, $tree->tree_id)) {
// Add a title="" element, since long tree titles are cropped
echo
- '<li><span><a ', (WT_SCRIPT_NAME=="admin_trees_config.php" && WT_GED_ID==$tree->tree_id ? 'class="current" ' : ''), 'href="admin_trees_config.php?ged='.$tree->tree_name_url.'" title="', WT_Filter::escapeHtml($tree->tree_title), '" dir="auto">', $tree->tree_title_html,
+ '<li><span><a ', (WT_SCRIPT_NAME=='admin_trees_config.php' && WT_GED_ID==$tree->tree_id ? 'class="current" ' : ''), 'href="admin_trees_config.php?ged='.$tree->tree_name_url.'" title="', WT_Filter::escapeHtml($tree->tree_title), '" dir="auto">', $tree->tree_title_html,
'</a></span></li>';
}
}
echo
- '<li><a ', (WT_SCRIPT_NAME=="admin_site_merge.php" ? 'class="current" ' : ''), 'href="admin_site_merge.php">', WT_I18N::translate('Merge records'), '</a></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_site_other.php" ? 'class="current" ' : ''), 'href="admin_site_other.php">', WT_I18N::translate('Add unlinked records'), '</a></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_trees_check.php" ? 'class="current" ' : ''), 'href="admin_trees_check.php">', WT_I18N::translate('Check for errors'), '</a></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_site_change.php" ? 'class="current" ' : ''), 'href="admin_site_change.php">', WT_I18N::translate('Changes log'),'</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_site_merge.php' ? 'class="current" ' : ''), 'href="admin_site_merge.php">', WT_I18N::translate('Merge records'), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_site_other.php' ? 'class="current" ' : ''), 'href="admin_site_other.php">', WT_I18N::translate('Add unlinked records'), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_trees_check.php' ? 'class="current" ' : ''), 'href="admin_trees_check.php">', WT_I18N::translate('Check for errors'), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_site_change.php' ? 'class="current" ' : ''), 'href="admin_site_change.php">', WT_I18N::translate('Changes log'),'</a></li>',
'<li><a href="index_edit.php?gedcom_id=-1" onclick="return modalDialog(\'index_edit.php?gedcom_id=-1'.'\', \'', WT_I18N::translate('Set the default blocks for new family trees'), '\');">', WT_I18N::translate('Set the default blocks'), '</a></li>',
'</ul></li>';
if (WT_USER_IS_ADMIN) {
echo
- '<li><a ', (WT_SCRIPT_NAME=="admin_users.php" && safe_GET('action')!="cleanup"&& safe_GET('action')!="createform" ? 'class="current" ' : ''), 'href="admin_users.php">',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_users.php' && WT_Filter::get('action')!="cleanup"&& WT_Filter::get('action')!="createform" ? 'class="current" ' : ''), 'href="admin_users.php">',
WT_I18N::translate('Users'),
'</a></li>',
'<li><ul>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_users.php" && safe_GET('action')=="createform" ? 'class="current" ' : ''), 'href="admin_users.php?action=createform">', WT_I18N::translate('Add a new user'), '</a></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_users_bulk.php" ? 'class="current" ' : ''), 'href="admin_users_bulk.php">', WT_I18N::translate('Send broadcast messages'), '</a>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_masquerade.php" ? 'class="current" ' : ''), 'href="admin_masquerade.php">', WT_I18N::translate('Masquerade'), '</a>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_users.php" && safe_GET('action')=="cleanup" ? 'class="current" ' : ''), 'href="admin_users.php?action=cleanup">', WT_I18N::translate('Delete inactive users'), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_users.php' && WT_Filter::get('action')=='createform' ? 'class="current" ' : ''), 'href="admin_users.php?action=createform">', WT_I18N::translate('Add a new user'), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_users_bulk.php' ? 'class="current" ' : ''), 'href="admin_users_bulk.php">', WT_I18N::translate('Send broadcast messages'), '</a>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_masquerade.php' ? 'class="current" ' : ''), 'href="admin_masquerade.php">', WT_I18N::translate('Masquerade'), '</a>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_users.php' && WT_Filter::get('action')=='cleanup' ? 'class="current" ' : ''), 'href="admin_users.php?action=cleanup">', WT_I18N::translate('Delete inactive users'), '</a></li>',
'<li><a href="index_edit.php?user_id=-1" onclick="return modalDialog(\'index_edit.php?user_id=-1'.'\', \'', WT_I18N::translate('Set the default blocks for new users'), '\');">', WT_I18N::translate('Set the default blocks'), '</a></li>',
'</ul></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_media.php" ? 'class="current" ' : ''), 'href="admin_media.php">', WT_I18N::translate('Media'), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_media.php' ? 'class="current" ' : ''), 'href="admin_media.php">', WT_I18N::translate('Media'), '</a></li>',
'<li><ul>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_media_upload.php" ? 'class="current" ' : ''), 'href="admin_media_upload.php">', WT_I18N::translate('Upload media files'), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_media_upload.php' ? 'class="current" ' : ''), 'href="admin_media_upload.php">', WT_I18N::translate('Upload media files'), '</a></li>',
'</ul></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_modules.php" ? 'class="current" ' : ''), 'href="admin_modules.php">',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_modules.php' ? 'class="current" ' : ''), 'href="admin_modules.php">',
WT_I18N::translate('Modules'),
'</a></li>',
'<li><ul>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_module_menus.php" ? 'class="current" ' : ''), 'href="admin_module_menus.php">', WT_I18N::translate('Menus' ), '</a></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_module_tabs.php" ? 'class="current" ' : ''), 'href="admin_module_tabs.php">', WT_I18N::translate('Tabs' ), '</a></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_module_blocks.php" ? 'class="current" ' : ''), 'href="admin_module_blocks.php">', WT_I18N::translate('Blocks' ), '</a></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_module_sidebar.php" ? 'class="current" ' : ''), 'href="admin_module_sidebar.php">', WT_I18N::translate('Sidebar'), '</a></li>',
- '<li><a ', (WT_SCRIPT_NAME=="admin_module_reports.php" ? 'class="current" ' : ''), 'href="admin_module_reports.php">', WT_I18N::translate('Reports'), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_module_menus.php' ? 'class="current" ' : ''), 'href="admin_module_menus.php">', WT_I18N::translate('Menus' ), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_module_tabs.php' ? 'class="current" ' : ''), 'href="admin_module_tabs.php">', WT_I18N::translate('Tabs' ), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_module_blocks.php' ? 'class="current" ' : ''), 'href="admin_module_blocks.php">', WT_I18N::translate('Blocks' ), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_module_sidebar.php' ? 'class="current" ' : ''), 'href="admin_module_sidebar.php">', WT_I18N::translate('Sidebar'), '</a></li>',
+ '<li><a ', (WT_SCRIPT_NAME=='admin_module_reports.php' ? 'class="current" ' : ''), 'href="admin_module_reports.php">', WT_I18N::translate('Reports'), '</a></li>',
'</ul></li>';
foreach (WT_Module::getActiveModules(true) as $module) {
if ($module instanceof WT_Module_Config) {
- echo '<li><span><a ', (WT_SCRIPT_NAME=="module.php" && safe_GET('mod')==$module->getName() ? 'class="current" ' : ''), 'href="', $module->getConfigLink(), '">', $module->getTitle(), '</a></span></li>';
+ echo '<li><span><a ', (WT_SCRIPT_NAME=='module.php' && WT_Filter::get('mod')==$module->getName() ? 'class="current" ' : ''), 'href="', $module->getConfigLink(), '">', $module->getTitle(), '</a></span></li>';
}
}
}
@@ -155,4 +155,4 @@ echo
'</ul>',
'</div>',
'<div id="admin_content" class="ui-widget-content">',
- WT_FlashMessages::getHtmlMessages(); // Feedback from asynchronous actions;
+ WT_FlashMessages::getHtmlMessages(); // Feedback from asynchronous actions; \ No newline at end of file
diff --git a/themes/_administration/theme.php b/themes/_administration/theme.php
index 802178b07e..81f80a1ffa 100644
--- a/themes/_administration/theme.php
+++ b/themes/_administration/theme.php
@@ -1,42 +1,42 @@
-<?php
-// Administration theme
-//
-// webtrees: Web based Family History software
-// Copyright (C) 2013 webtrees development team.
-//
-// Derived from PhpGedView
-// Copyright (C) 2002 to 2009 PGV Development Team. All rights reserved.
-//
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; either version 2 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-if (!defined('WT_WEBTREES')) {
- header('HTTP/1.0 403 Forbidden');
- exit;
-}
-
-$theme_name = "_administration"; // need double quotes, as file is scanned/parsed by script
-$headerfile = WT_THEME_DIR.'header.php';
-$footerfile = WT_THEME_DIR.'footer.php';
-
-//- main icons
-$WT_IMAGES=array(
- // lightbox module uses this in manage media links, and also admin_media.php for delete folder.
- 'remove' =>WT_THEME_URL.'images/delete.png',
-
- // need different sizes before moving to CSS
- 'default_image_F'=>WT_THEME_URL.'images/silhouette_female.png',
- 'default_image_M'=>WT_THEME_URL.'images/silhouette_male.png',
- 'default_image_U'=>WT_THEME_URL.'images/silhouette_unknown.png',
-);
+<?php
+// Administration theme
+//
+// webtrees: Web based Family History software
+// Copyright (C) 2013 webtrees development team.
+//
+// Derived from PhpGedView
+// Copyright (C) 2002 to 2009 PGV Development Team. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 2 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+if (!defined('WT_WEBTREES')) {
+ header('HTTP/1.0 403 Forbidden');
+ exit;
+}
+
+$theme_name = "_administration"; // need double quotes, as file is scanned/parsed by script
+$headerfile = WT_THEME_DIR.'header.php';
+$footerfile = WT_THEME_DIR.'footer.php';
+
+//- main icons
+$WT_IMAGES=array(
+ // lightbox module uses this in manage media links, and also admin_media.php for delete folder.
+ 'remove' =>WT_THEME_URL.'images/delete.png',
+
+ // need different sizes before moving to CSS
+ 'default_image_F'=>WT_THEME_URL.'images/silhouette_female.png',
+ 'default_image_M'=>WT_THEME_URL.'images/silhouette_male.png',
+ 'default_image_U'=>WT_THEME_URL.'images/silhouette_unknown.png',
+);