diff options
| author | Greg Roach <fisharebest@webtrees.net> | 2018-08-25 09:36:32 +0100 |
|---|---|---|
| committer | Greg Roach <fisharebest@webtrees.net> | 2018-08-26 11:52:16 +0100 |
| commit | a45f98897789fc9ff88705eb09ae5f037bf49c10 (patch) | |
| tree | b7c6a32b461875e564af796eebcad60729440ebe /app/Filter.php | |
| parent | 20ac4041ff6d2c96733f4df91b821d1c039e0259 (diff) | |
| download | webtrees-a45f98897789fc9ff88705eb09ae5f037bf49c10.tar.gz webtrees-a45f98897789fc9ff88705eb09ae5f037bf49c10.tar.bz2 webtrees-a45f98897789fc9ff88705eb09ae5f037bf49c10.zip | |
Replace Filter::get() and Filter::post() with $request
Diffstat (limited to 'app/Filter.php')
| -rw-r--r-- | app/Filter.php | 298 |
1 files changed, 0 insertions, 298 deletions
diff --git a/app/Filter.php b/app/Filter.php index 833a4aa080..c43a7450d8 100644 --- a/app/Filter.php +++ b/app/Filter.php @@ -129,302 +129,4 @@ class Filter return $text; } } - - /** - * Validate INPUT parameters - * - * @param string $source - * @param string $variable - * @param string|null $regexp - * @param string $default - * - * @return string - */ - private static function input($source, $variable, $regexp = null, $default = '') - { - if ($regexp) { - return filter_input($source, $variable, FILTER_VALIDATE_REGEXP, [ - 'options' => [ - 'regexp' => '/^(' . $regexp . ')$/u', - 'default' => $default, - ], - ]); - } else { - $tmp = filter_input($source, $variable, FILTER_CALLBACK, [ - 'options' => function ($x) { - return mb_check_encoding($x, 'UTF-8') ? $x : false; - }, - ]); - - return ($tmp === null || $tmp === false) ? $default : $tmp; - } - } - - /** - * Validate array INPUT parameters - * - * @param string $source - * @param string $variable - * @param string|null $regexp - * @param string $default - * - * @return string[] - */ - private static function inputArray($source, $variable, $regexp = null, $default = '') - { - if ($regexp) { - return filter_input_array($source, [ - $variable => [ - 'flags' => FILTER_REQUIRE_ARRAY, - 'filter' => FILTER_VALIDATE_REGEXP, - 'options' => [ - 'regexp' => '/^(' . $regexp . ')$/u', - 'default' => $default, - ], - ], - ])[$variable] ?: []; - } else { - return filter_input_array($source, [ - $variable => [ - 'flags' => FILTER_REQUIRE_ARRAY, - 'filter' => FILTER_CALLBACK, - 'options' => function ($x) { - return mb_check_encoding($x, 'UTF-8') ? $x : false; - }, - ], - ])[$variable] ?: []; - } - } - - /** - * Validate GET parameters - * - * @param string $variable - * @param string|null $regexp - * @param string $default - * - * @return string - */ - public static function get($variable, $regexp = null, $default = '') - { - return self::input(INPUT_GET, $variable, $regexp, $default); - } - - /** - * Validate array GET parameters - * - * @param string $variable - * @param string|null $regexp - * @param string $default - * - * @return string[] - */ - public static function getArray($variable, $regexp = null, $default = '') - { - return self::inputArray(INPUT_GET, $variable, $regexp, $default); - } - - /** - * Validate boolean GET parameters - * - * @param string $variable - * - * @return bool - */ - public static function getBool($variable) - { - return (bool) filter_input(INPUT_GET, $variable, FILTER_VALIDATE_BOOLEAN); - } - - /** - * Validate integer GET parameters - * - * @param string $variable - * @param int $min - * @param int $max - * @param int $default - * - * @return int - */ - public static function getInteger($variable, $min = 0, $max = PHP_INT_MAX, $default = 0) - { - return filter_input(INPUT_GET, $variable, FILTER_VALIDATE_INT, [ - 'options' => [ - 'min_range' => $min, - 'max_range' => $max, - 'default' => $default, - ], - ]); - } - - /** - * Validate URL GET parameters - * - * @param string $variable - * @param string $default - * - * @return string - */ - public static function getUrl($variable, $default = '') - { - return filter_input(INPUT_GET, $variable, FILTER_VALIDATE_URL) ?: $default; - } - - /** - * Validate POST parameters - * - * @param string $variable - * @param string|null $regexp - * @param string $default - * - * @return string - */ - public static function post($variable, $regexp = null, $default = '') - { - return self::input(INPUT_POST, $variable, $regexp, $default); - } - - /** - * Validate array POST parameters - * - * @param string $variable - * @param string|null $regexp - * @param string $default - * - * @return string[]|string[][] - */ - public static function postArray($variable, $regexp = null, $default = '') - { - return self::inputArray(INPUT_POST, $variable, $regexp, $default); - } - - /** - * Validate boolean POST parameters - * - * @param string $variable - * - * @return bool - */ - public static function postBool($variable) - { - return (bool) filter_input(INPUT_POST, $variable, FILTER_VALIDATE_BOOLEAN); - } - - /** - * Validate integer POST parameters - * - * @param string $variable - * @param int $min - * @param int $max - * @param int $default - * - * @return int - */ - public static function postInteger($variable, $min = 0, $max = PHP_INT_MAX, $default = 0) - { - return filter_input(INPUT_POST, $variable, FILTER_VALIDATE_INT, [ - 'options' => [ - 'min_range' => $min, - 'max_range' => $max, - 'default' => $default, - ], - ]); - } - - /** - * Validate URL GET parameters - * - * @param string $variable - * @param string $default - * - * @return string - */ - public static function postUrl($variable, $default = '') - { - return filter_input(INPUT_POST, $variable, FILTER_VALIDATE_URL) ?: $default; - } - - /** - * Validate COOKIE parameters - * - * @param string $variable - * @param string|null $regexp - * @param string $default - * - * @return string - */ - public static function cookie($variable, $regexp = null, $default = '') - { - return self::input(INPUT_COOKIE, $variable, $regexp, $default); - } - - /** - * Validate SERVER parameters - * - * @param string $variable - * @param string|null $regexp - * @param string $default - * - * @return string - */ - public static function server($variable, $regexp = null, $default = '') - { - // On some servers, variables that are present in $_SERVER cannot be - // found via filter_input(INPUT_SERVER). Instead, they are found via - // filter_input(INPUT_ENV). Since we cannot rely on filter_input(), - // we must use the superglobal directly. - if (array_key_exists($variable, $_SERVER) && ($regexp === null || preg_match('/^(' . $regexp . ')$/', $_SERVER[$variable]))) { - return $_SERVER[$variable]; - } else { - return $default; - } - } - - /** - * Cross-Site Request Forgery tokens - ensure that the user is submitting - * a form that was generated by the current session. - * - * @return string - */ - public static function getCsrfToken() - { - if (!Session::has('CSRF_TOKEN')) { - $charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcedfghijklmnopqrstuvwxyz0123456789'; - $csrf_token = ''; - for ($n = 0; $n < 32; ++$n) { - $csrf_token .= substr($charset, random_int(0, 61), 1); - } - Session::put('CSRF_TOKEN', $csrf_token); - } - - return Session::get('CSRF_TOKEN'); - } - - /** - * Generate an <input> element - to protect the current form from CSRF attacks. - * - * @return string - */ - public static function getCsrf() - { - return '<input type="hidden" name="csrf" value="' . self::getCsrfToken() . '">'; - } - - /** - * Check that the POST request contains the CSRF token generated above. - * - * @return bool - */ - public static function checkCsrf() - { - if (isset($_SERVER['HTTP_X_CSRF_TOKEN']) && $_SERVER['HTTP_X_CSRF_TOKEN'] !== self::getCsrfToken()) { - // Oops. Something is not quite right - Log::addAuthenticationLog('CSRF mismatch - session expired or malicious attack'); - FlashMessages::addMessage(I18N::translate('This form has expired. Try again.'), 'error'); - - return false; - } - - return true; - } } |
