diff options
| author | Greg Roach <fisharebest@gmail.com> | 2013-08-29 22:35:00 +0100 |
|---|---|---|
| committer | Greg Roach <fisharebest@gmail.com> | 2013-08-29 22:35:00 +0100 |
| commit | def8f50065a593a06a051ceb58b7686884a8ce58 (patch) | |
| tree | df7cb13b850c7f6332d9c40bc9daf560d0b19586 /modules_v3 | |
| parent | cd3cb363db375e0e9b7d5214b33e382f77aa9400 (diff) | |
| download | webtrees-def8f50065a593a06a051ceb58b7686884a8ce58.tar.gz webtrees-def8f50065a593a06a051ceb58b7686884a8ce58.tar.bz2 webtrees-def8f50065a593a06a051ceb58b7686884a8ce58.zip | |
New filter/validation functions for GET/POST variables
Diffstat (limited to 'modules_v3')
41 files changed, 489 insertions, 491 deletions
diff --git a/modules_v3/GEDFact_assistant/CENS_ctrl.php b/modules_v3/GEDFact_assistant/CENS_ctrl.php index 3987c3a2f1..2a799b8299 100644 --- a/modules_v3/GEDFact_assistant/CENS_ctrl.php +++ b/modules_v3/GEDFact_assistant/CENS_ctrl.php @@ -23,7 +23,7 @@ // along with this program; if not, write to the Free Software // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -$xref = safe_GET('xref', WT_REGEX_XREF); +$xref = WT_Filter::get('xref', WT_REGEX_XREF); $person = WT_Individual::getInstance($xref); check_record_access($person); diff --git a/modules_v3/GEDFact_assistant/_CENS/census_3_find.php b/modules_v3/GEDFact_assistant/_CENS/census_3_find.php index cb9385e17c..e4d4be9d98 100644 --- a/modules_v3/GEDFact_assistant/_CENS/census_3_find.php +++ b/modules_v3/GEDFact_assistant/_CENS/census_3_find.php @@ -23,10 +23,10 @@ $controller=new WT_Controller_Simple(); -$filter =safe_GET('filter'); -$action =safe_GET('action'); -$callback =safe_GET('callback', WT_REGEX_NOSCRIPT, 'paste_id'); -$multiple =safe_GET_bool('multiple'); +$filter = WT_Filter::get('filter'); +$action = WT_Filter::get('action'); +$callback = WT_Filter::get('callback'); +$multiple = WT_Filter::getBool('multiple'); $controller ->setPageTitle(WT_I18N::translate('Find an individual')) @@ -188,4 +188,4 @@ if ($action=="filter") { echo "</table>"; } echo '<button onclick="window.close();">', WT_I18N::translate('close'), '</button>'; -echo "</div>"; // Close div that centers table +echo "</div>"; // Close div that centers table
\ No newline at end of file diff --git a/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php b/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php index 609c068684..8a7b0de135 100644 --- a/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php +++ b/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php @@ -26,10 +26,10 @@ // GEDFact Media assistant replacement code for inverselink.php: =========================== //-- extra page parameters and checking -$more_links = safe_REQUEST($_REQUEST, 'more_links', WT_REGEX_UNSAFE); -$exist_links = safe_REQUEST($_REQUEST, 'exist_links', WT_REGEX_UNSAFE); -$gid = safe_GET_xref('gid'); -$update_CHAN = safe_REQUEST($_REQUEST, 'preserve_last_changed', WT_REGEX_UNSAFE); +$more_links = WT_Filter::get('more_links'); +$exist_links = WT_Filter::get('exist_links'); +$gid = WT_Filter::get('gid', WT_REGEX_XREF); +$update_CHAN = WT_Filter::get('preserve_last_changed'); $controller->addExternalJavascript(WT_STATIC_URL.'js/autocomplete.js'); diff --git a/modules_v3/GEDFact_assistant/module.php b/modules_v3/GEDFact_assistant/module.php index 2b5b12ea25..191c822552 100644 --- a/modules_v3/GEDFact_assistant/module.php +++ b/modules_v3/GEDFact_assistant/module.php @@ -62,17 +62,17 @@ class GEDFact_assistant_WT_Module extends WT_Module { $controller=new WT_Controller_Simple(); $type ='indi'; - $filter =safe_GET('filter'); - $action =safe_GET('action'); + $filter =WT_Filter::get('filter'); + $action =WT_Filter::get('action'); $callback ='paste_id'; - $media =safe_GET('media'); - $external_links =safe_GET('external_links'); - $directory =safe_GET('directory', WT_REGEX_NOSCRIPT, $MEDIA_DIRECTORY); - $multiple =safe_GET_bool('multiple'); - $showthumb =safe_GET_bool('showthumb'); - $all =safe_GET_bool('all'); - $subclick =safe_GET('subclick'); - $choose =safe_GET('choose', WT_REGEX_NOSCRIPT, '0all'); + $media =WT_Filter::get('media'); + $external_links =WT_Filter::get('external_links'); + $directory =WT_Filter::get('directory'); + $multiple =WT_Filter::getBool('multiple'); + $showthumb =WT_Filter::getBool('showthumb'); + $all =WT_Filter::getBool('all'); + $subclick =WT_Filter::get('subclick'); + $choose =WT_Filter::get('choose'); $controller ->setPageTitle(WT_I18N::translate('Find an individual')) @@ -168,7 +168,7 @@ class GEDFact_assistant_WT_Module extends WT_Module { } private static function media_query_3a() { - $iid2 = safe_GET('iid'); + $iid2 = WT_Filter::get('iid', WT_REGEX_XREF); $controller=new WT_Controller_Simple(); $controller diff --git a/modules_v3/batch_update/admin_batch_update.php b/modules_v3/batch_update/admin_batch_update.php index 5330031567..ebeb48f8ee 100644 --- a/modules_v3/batch_update/admin_batch_update.php +++ b/modules_v3/batch_update/admin_batch_update.php @@ -111,14 +111,14 @@ class batch_update { // Constructor - initialise variables and validate user-input function __construct() { - $this->plugins=self::getPluginList(); // List of available plugins - $this->plugin =safe_GET('plugin', array_keys($this->plugins)); // User parameters - $this->xref =safe_GET('xref', WT_REGEX_XREF); - $this->action =safe_GET('action'); - $this->data =safe_GET('data'); + $this->plugins=self::getPluginList(); // List of available plugins + $this->plugin =WT_Filter::get('plugin'); // User parameters + $this->xref =WT_Filter::get('xref', WT_REGEX_XREF); + $this->action =WT_Filter::get('action'); + $this->data =WT_Filter::get('data'); // Don't do any processing until a plugin is chosen. - if ($this->plugin) { + if ($this->plugin && array_key_exists($this->plugin, $this->plugins)) { $this->PLUGIN=new $this->plugin; $this->PLUGIN->getOptions(); $this->getAllXrefs(); @@ -333,7 +333,7 @@ class base_plugin { // Default option is just the "don't update CHAN record" function getOptions() { - $this->chan=safe_GET_bool('chan'); + $this->chan=WT_Filter::getBool('chan'); } // Default option is just the "don't update CHAN record" diff --git a/modules_v3/batch_update/plugins/married_names.php b/modules_v3/batch_update/plugins/married_names.php index 64f9a34381..13d7a1356f 100644 --- a/modules_v3/batch_update/plugins/married_names.php +++ b/modules_v3/batch_update/plugins/married_names.php @@ -94,7 +94,7 @@ class married_names_bu_plugin extends base_plugin { // Add an option for different surname styles function getOptions() { parent::getOptions(); - $this->surname=safe_GET('surname', array('add', 'replace'), 'replace'); + $this->surname = WT_Filter::get('surname', 'add|replace', 'replace'); } function getOptionsForm() { @@ -107,4 +107,4 @@ class married_names_bu_plugin extends base_plugin { ($this->surname=='add' ? ' selected="selected"' : ''). '">'.WT_I18N::translate('Wife’s maiden surname becomes new given name').'</option></select></td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/batch_update/plugins/search_replace.php b/modules_v3/batch_update/plugins/search_replace.php index 61b27b3b59..c4ac0ebad7 100644 --- a/modules_v3/batch_update/plugins/search_replace.php +++ b/modules_v3/batch_update/plugins/search_replace.php @@ -56,10 +56,10 @@ class search_replace_bu_plugin extends base_plugin { function getOptions() { parent::getOptions(); - $this->search =safe_GET('search', WT_REGEX_UNSAFE); - $this->replace=safe_GET('replace', WT_REGEX_UNSAFE); - $this->method =safe_GET('method', array('exact', 'words', 'wildcards', 'regex'), 'exact'); - $this->case =safe_GET('case', 'i'); + $this->search = WT_Filter::get('search'); + $this->replace = WT_Filter::get('replace'); + $this->method = WT_Filter::get('method', 'exact|words|wildcards|regex', 'exact'); + $this->case = WT_Filter::get('case', 'i'); $this->error=''; switch ($this->method) { diff --git a/modules_v3/charts/module.php b/modules_v3/charts/module.php index 3ae04a4916..19cdf14c69 100644 --- a/modules_v3/charts/module.php +++ b/modules_v3/charts/module.php @@ -184,10 +184,10 @@ class charts_WT_Module extends WT_Module implements WT_Module_Block { $PEDIGREE_ROOT_ID=get_gedcom_setting(WT_GED_ID, 'PEDIGREE_ROOT_ID'); - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'details', safe_POST_bool('details')); - set_block_setting($block_id, 'type', safe_POST('type', array('pedigree', 'descendants', 'hourglass', 'treenav'), 'pedigree')); - set_block_setting($block_id, 'pid', safe_POST('pid', WT_REGEX_XREF)); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'details', WT_Filter::postBool('details')); + set_block_setting($block_id, 'type', WT_Filter::post('type', 'pedigree|descendants|hourglass|treenav', 'pedigree')); + set_block_setting($block_id, 'pid', WT_Filter::post('pid', WT_REGEX_XREF)); exit; } diff --git a/modules_v3/clippings/clippings_ctrl.php b/modules_v3/clippings/clippings_ctrl.php index 41e536df3d..9e52fb1fbf 100644 --- a/modules_v3/clippings/clippings_ctrl.php +++ b/modules_v3/clippings/clippings_ctrl.php @@ -61,18 +61,18 @@ class WT_Controller_Clippings { $WT_SESSION->cart[WT_GED_ID]=array(); } - $this->action = safe_GET("action"); - $this->id = safe_GET('id'); - $convert = safe_GET('convert',"yes","no"); - $this->Zip = safe_GET('Zip'); - $this->IncludeMedia = safe_GET('IncludeMedia'); - $this->conv_path = safe_GET('conv_path', WT_REGEX_NOSCRIPT); - $this->privatize_export = safe_GET('privatize_export', array('none', 'visitor', 'user', 'gedadmin'), 'visitor'); - $this->level1 = safe_GET('level1', WT_REGEX_INTEGER, PHP_INT_MAX); - $this->level2 = safe_GET('level2', WT_REGEX_INTEGER, PHP_INT_MAX); - $this->level3 = safe_GET('level3', WT_REGEX_INTEGER, PHP_INT_MAX); - $others = safe_GET('others'); - $this->type = safe_GET('type'); + $this->action = WT_Filter::get('action'); + $this->id = WT_Filter::get('id'); + $convert = WT_Filter::get('convert', 'yes|no', 'no'); + $this->Zip = WT_Filter::get('Zip'); + $this->IncludeMedia = WT_Filter::get('IncludeMedia'); + $this->conv_path = WT_Filter::get('conv_path'); + $this->privatize_export = WT_Filter::get('privatize_export', 'none|visitor|user|gedadmin', 'visitor'); + $this->level1 = WT_Filter::getInteger('level1'); + $this->level2 = WT_Filter::getInteger('level2'); + $this->level3 = WT_Filter::getInteger('level3'); + $others = WT_Filter::get('others'); + $this->type = WT_Filter::get('type'); if (($this->privatize_export=='none' || $this->privatize_export=='none') && !WT_USER_GEDCOM_ADMIN) { $this->privatize_export='visitor'; @@ -413,4 +413,4 @@ class WT_Controller_Clippings { return 0; } } -} +}
\ No newline at end of file diff --git a/modules_v3/clippings/module.php b/modules_v3/clippings/module.php index 0a73e4419f..0561799db7 100644 --- a/modules_v3/clippings/module.php +++ b/modules_v3/clippings/module.php @@ -178,7 +178,7 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module } else { // Keep track of the INDI from the parent page, otherwise it will // get lost after ajax updates - $pid=safe_GET_xref('pid'); + $pid=WT_Filter::get('pid', WT_REGEX_XREF); if ($clip_ctrl->action != 'download' && $clip_ctrl->action != 'add') { ?> <table><tr><td class="width33" valign="top" rowspan="3"> @@ -373,13 +373,13 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module $clip_ctrl = new WT_Controller_Clippings(); - $add = safe_GET_xref('add',''); - $add1 = safe_GET_xref('add1',''); - $remove = safe_GET('remove', WT_REGEX_XREF); - $others = safe_GET('others', WT_REGEX_ALPHANUM, ''); - $clip_ctrl->level1 = safe_GET('level1'); - $clip_ctrl->level2 = safe_GET('level2'); - $clip_ctrl->level3 = safe_GET('level3'); + $add = WT_Filter::get('add', WT_REGEX_XREF); + $add1 = WT_Filter::get('add1', WT_REGEX_XREF); + $remove = WT_Filter::get('remove', WT_REGEX_XREF); + $others = WT_Filter::get('others'); + $clip_ctrl->level1 = WT_Filter::get('level1'); + $clip_ctrl->level2 = WT_Filter::get('level2'); + $clip_ctrl->level3 = WT_Filter::get('level3'); if (!empty($add)) { $record = WT_GedcomRecord::getInstance($add); if ($record) { @@ -430,7 +430,7 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module // Keep track of the INDI from the parent page, otherwise it will // get lost after ajax updates - $pid=safe_GET_xref('pid'); + $pid=WT_Filter::get('pid', WT_REGEX_XREF); if (!$WT_SESSION->cart[WT_GED_ID]) { $out=WT_I18N::translate('Your clippings cart is empty.'); @@ -550,7 +550,7 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module public function downloadForm($clip_ctrl) { global $GEDCOM_MEDIA_PATH; - $pid=safe_GET_xref('pid'); + $pid=WT_Filter::get('pid', WT_REGEX_XREF); $out = '<script>'; $out .= 'function cancelDownload() { diff --git a/modules_v3/descendancy/module.php b/modules_v3/descendancy/module.php index 8f5f3f59ab..41207c5917 100644 --- a/modules_v3/descendancy/module.php +++ b/modules_v3/descendancy/module.php @@ -64,9 +64,9 @@ class descendancy_WT_Module extends WT_Module implements WT_Module_Sidebar { // Implement WT_Module_Sidebar public function getSidebarAjaxContent() { - $search=safe_GET('search'); - $pid =safe_GET('pid', WT_REGEX_XREF); - $famid =safe_GET('famid', WT_REGEX_XREF); + $search = WT_Filter::get('search'); + $pid = WT_Filter::get('pid', WT_REGEX_XREF); + $famid = WT_Filter::get('famid', WT_REGEX_XREF); $individual = WT_Individual::getInstance($pid); $family = WT_Family::getInstance($famid); diff --git a/modules_v3/extra_info/module.php b/modules_v3/extra_info/module.php index e58a66a3e6..296e8caaab 100644 --- a/modules_v3/extra_info/module.php +++ b/modules_v3/extra_info/module.php @@ -1,98 +1,98 @@ -<?php
-// A sidebar to show extra/non-genealogical information about an individual
-//
-// webtrees: Web based Family History software
-// Copyright (C) 2013 webtrees development team.
-//
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; either version 2 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-if (!defined('WT_WEBTREES')) {
- header('HTTP/1.0 403 Forbidden');
- exit;
-}
-
-class extra_info_WT_Module extends WT_Module implements WT_Module_Sidebar {
- // Extend WT_Module
- public function getTitle() {
- return /* I18N: Name of a module/sidebar */ WT_I18N::translate('Extra information');
- }
-
- // Extend WT_Module
- public function getDescription() {
- return /* I18N: Description of the “Extra information” module */ WT_I18N::translate('A sidebar showing non-genealogical information about an indivdual.');
- }
-
- // Implement WT_Module_Sidebar
- public function defaultSidebarOrder() {
- return 10;
- }
-
- // Implement WT_Module_Sidebar
- public function hasSidebarContent() {
- return true;
- }
-
- // Implement WT_Module_Sidebar
- public function getSidebarContent() {
- global $SHOW_COUNTER, $controller;
-
- $indifacts = array();
- // The individual's own facts
- foreach ($controller->record->getFacts() as $fact) {
- if (self::showFact($fact)) {
- $indifacts[] = $fact;
- }
- }
-
- ob_start();
- if (!$indifacts) {
- echo WT_I18N::translate('There are no Facts for this individual.');
- } else {
- foreach ($indifacts as $fact) {
- print_fact($fact, $controller->record);
- }
- }
- echo '<div id="hitcounter">';
- if ($SHOW_COUNTER && (empty($SEARCH_SPIDER))) {
- //print indi counter only if displaying a non-private person
- require WT_ROOT.'includes/hitcount.php';
- echo WT_I18N::translate('Hit Count:'). ' '. $hitCount;
- }
- echo '</div>';// close #hitcounter
- return strip_tags(ob_get_clean(), '<a><div><span>');
- }
-
- // Implement WT_Module_Sidebar
- public function getSidebarAjaxContent() {
- return '';
- }
-
- // Does this module display a particular fact
- public static function showFact(WT_Fact $fact) {
- switch ($fact->getTag()) {
- case 'AFN':
- case 'CHAN':
- case 'IDNO':
- case 'REFN':
- case 'RFN':
- case 'RIN':
- case 'SSN':
- case '_UID':
- return true;
- default:
- return false;
- }
- }
-}
+<?php +// A sidebar to show extra/non-genealogical information about an individual +// +// webtrees: Web based Family History software +// Copyright (C) 2013 webtrees development team. +// +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; either version 2 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program; if not, write to the Free Software +// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +if (!defined('WT_WEBTREES')) { + header('HTTP/1.0 403 Forbidden'); + exit; +} + +class extra_info_WT_Module extends WT_Module implements WT_Module_Sidebar { + // Extend WT_Module + public function getTitle() { + return /* I18N: Name of a module/sidebar */ WT_I18N::translate('Extra information'); + } + + // Extend WT_Module + public function getDescription() { + return /* I18N: Description of the “Extra information” module */ WT_I18N::translate('A sidebar showing non-genealogical information about an indivdual.'); + } + + // Implement WT_Module_Sidebar + public function defaultSidebarOrder() { + return 10; + } + + // Implement WT_Module_Sidebar + public function hasSidebarContent() { + return true; + } + + // Implement WT_Module_Sidebar + public function getSidebarContent() { + global $SHOW_COUNTER, $controller; + + $indifacts = array(); + // The individual's own facts + foreach ($controller->record->getFacts() as $fact) { + if (self::showFact($fact)) { + $indifacts[] = $fact; + } + } + + ob_start(); + if (!$indifacts) { + echo WT_I18N::translate('There are no Facts for this individual.'); + } else { + foreach ($indifacts as $fact) { + print_fact($fact, $controller->record); + } + } + echo '<div id="hitcounter">'; + if ($SHOW_COUNTER && (empty($SEARCH_SPIDER))) { + //print indi counter only if displaying a non-private person + require WT_ROOT.'includes/hitcount.php'; + echo WT_I18N::translate('Hit Count:'). ' '. $hitCount; + } + echo '</div>';// close #hitcounter + return strip_tags(ob_get_clean(), '<a><div><span>'); + } + + // Implement WT_Module_Sidebar + public function getSidebarAjaxContent() { + return ''; + } + + // Does this module display a particular fact + public static function showFact(WT_Fact $fact) { + switch ($fact->getTag()) { + case 'AFN': + case 'CHAN': + case 'IDNO': + case 'REFN': + case 'RFN': + case 'RIN': + case 'SSN': + case '_UID': + return true; + default: + return false; + } + } +} diff --git a/modules_v3/families/module.php b/modules_v3/families/module.php index c88e0db853..d06dea1379 100644 --- a/modules_v3/families/module.php +++ b/modules_v3/families/module.php @@ -64,9 +64,9 @@ class families_WT_Module extends WT_Module implements WT_Module_Sidebar { // Implement WT_Module_Sidebar public function getSidebarAjaxContent() { - $alpha =safe_GET('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none - $surname =safe_GET('surname', '[^<>&%{};]*'); // All indis with this surname. NB - allow ' and " - $search =safe_GET('search'); + $alpha = WT_Filter::get('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none + $surname = WT_Filter::get('surname'); // All indis with this surname. + $search = WT_Filter::get('search'); if ($search) { return $this->search($search); @@ -254,4 +254,4 @@ class families_WT_Module extends WT_Module implements WT_Module_Sidebar { $out .= '</ul>'; return $out; } -} +}
\ No newline at end of file diff --git a/modules_v3/faq/module.php b/modules_v3/faq/module.php index 7a68f5210f..2d2c8a6f28 100644 --- a/modules_v3/faq/module.php +++ b/modules_v3/faq/module.php @@ -98,39 +98,39 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block private function edit() { require_once WT_ROOT.'includes/functions/functions_edit.php'; - if (safe_POST_bool('save')) { - $block_id=safe_POST('block_id'); + if (WT_Filter::postBool('save')) { + $block_id = WT_Filter::postInteger('block_id'); if ($block_id) { WT_DB::prepare( "UPDATE `##block` SET gedcom_id=NULLIF(?, ''), block_order=? WHERE block_id=?" )->execute(array( - safe_POST('gedcom_id'), - (int)safe_POST('block_order'), + WT_Filter::postInteger('gedcom_id'), + WT_Filter::postInteger('block_order'), $block_id )); } else { WT_DB::prepare( "INSERT INTO `##block` (gedcom_id, module_name, block_order) VALUES (NULLIF(?, ''), ?, ?)" )->execute(array( - safe_POST('gedcom_id'), + WT_Filter::postInteger('gedcom_id'), $this->getName(), - (int)safe_POST('block_order') + WT_Filter::postInteger('block_order') )); $block_id=WT_DB::getInstance()->lastInsertId(); } - set_block_setting($block_id, 'header', safe_POST('header', WT_REGEX_UNSAFE)); - set_block_setting($block_id, 'faqbody', safe_POST('faqbody', WT_REGEX_UNSAFE)); // allow html - $languages=array(); + set_block_setting($block_id, 'header', WT_Filter::post('header')); + set_block_setting($block_id, 'faqbody', WT_Filter::post('faqbody')); + $languages = array(); foreach (WT_I18N::installed_languages() as $code=>$name) { - if (safe_POST_bool('lang_'.$code)) { - $languages[]=$code; + if (WT_Filter::postBool('lang_'.$code)) { + $languages[] = $code; } } set_block_setting($block_id, 'languages', implode(',', $languages)); $this->config(); } else { - $block_id=safe_GET('block_id'); - $controller=new WT_Controller_Page(); + $block_id = WT_Filter::getInteger('block_id'); + $controller = new WT_Controller_Page(); if ($block_id) { $controller->setPageTitle(WT_I18N::translate('Edit FAQ item')); $header=get_block_setting($block_id, 'header'); @@ -192,7 +192,7 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block } private function delete() { - $block_id=safe_GET('block_id'); + $block_id = WT_Filter::getInteger('block_id'); WT_DB::prepare( "DELETE FROM `##block_setting` WHERE block_id=?" @@ -204,7 +204,7 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block } private function moveup() { - $block_id=safe_GET('block_id'); + $block_id = WT_Filter::getInteger('block_id'); $block_order=WT_DB::prepare( "SELECT block_order FROM `##block` WHERE block_id=?" @@ -229,7 +229,7 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block } private function movedown() { - $block_id=safe_GET('block_id'); + $block_id=WT_Filter::get('block_id'); $block_order=WT_DB::prepare( "SELECT block_order FROM `##block` WHERE block_id=?" @@ -431,4 +431,4 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block $menu = new WT_Menu(WT_I18N::translate('FAQ'), 'module.php?mod=faq&mod_action=show', 'menu-help'); return $menu; } -} +}
\ No newline at end of file diff --git a/modules_v3/gedcom_favorites/module.php b/modules_v3/gedcom_favorites/module.php index 274e7b71d0..6e564d21bb 100644 --- a/modules_v3/gedcom_favorites/module.php +++ b/modules_v3/gedcom_favorites/module.php @@ -45,43 +45,43 @@ class gedcom_favorites_WT_Module extends WT_Module implements WT_Module_Block { self::updateSchema(); // make sure the favorites table has been created - $action=safe_GET('action'); + $action = WT_Filter::get('action'); switch ($action) { case 'deletefav': - $favorite_id=safe_GET('favorite_id'); + $favorite_id = WT_Filter::getInteger('favorite_id'); if ($favorite_id) { self::deleteFavorite($favorite_id); } unset($_GET['action']); break; case 'addfav': - $gid =safe_GET('gid'); - $favnote =safe_GET('favnote'); - $url =safe_GET('url', WT_REGEX_URL); - $favtitle=safe_GET('favtitle'); + $gid = WT_Filter::get('gid', WT_REGEX_XREF); + $favnote = WT_Filter::get('favnote'); + $url = WT_Filter::getUrl('url'); + $favtitle = WT_Filter::get('favtitle'); if ($gid) { - $record=WT_GedcomRecord::getInstance($gid); + $record = WT_GedcomRecord::getInstance($gid); if ($record && $record->canShow()) { self::addFavorite(array( - 'user_id' =>$ctype=='user' ? WT_USER_ID : null, - 'gedcom_id'=>WT_GED_ID, - 'gid' =>$record->getXref(), - 'type' =>$record::RECORD_TYPE, - 'url' =>null, - 'note' =>$favnote, - 'title' =>$favtitle, + 'user_id' => $ctype=='user' ? WT_USER_ID : null, + 'gedcom_id' => WT_GED_ID, + 'gid' => $record->getXref(), + 'type' => $record::RECORD_TYPE, + 'url' => null, + 'note' => $favnote, + 'title' => $favtitle, )); } } elseif ($url) { self::addFavorite(array( - 'user_id' =>$ctype=='user' ? WT_USER_ID : null, - 'gedcom_id'=>WT_GED_ID, - 'gid' =>null, - 'type' =>'URL', - 'url' =>$url, - 'note' =>$favnote, - 'title' =>$favtitle ? $favtitle : $url, + 'user_id' => $ctype=='user' ? WT_USER_ID : null, + 'gedcom_id' => WT_GED_ID, + 'gid' => null, + 'type' => 'URL', + 'url' => $url, + 'note' => $favnote, + 'title' => $favtitle ? $favtitle : $url, )); } unset($_GET['action']); @@ -227,8 +227,8 @@ class gedcom_favorites_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } diff --git a/modules_v3/gedcom_news/module.php b/modules_v3/gedcom_news/module.php index 6c71383241..6449ec759e 100644 --- a/modules_v3/gedcom_news/module.php +++ b/modules_v3/gedcom_news/module.php @@ -49,9 +49,9 @@ class gedcom_news_WT_Module extends WT_Module implements WT_Module_Block { public function getBlock($block_id, $template=true, $cfg=null) { global $ctype; - switch (safe_GET('action')) { + switch (WT_Filter::get('action')) { case 'deletenews': - $news_id=safe_GET('news_id'); + $news_id=WT_Filter::get('news_id'); if ($news_id) { deleteNews($news_id); } @@ -157,9 +157,9 @@ class gedcom_news_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'limit', safe_POST('limit')); - set_block_setting($block_id, 'flag', safe_POST('flag')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'limit', WT_Filter::post('limit')); + set_block_setting($block_id, 'flag', WT_Filter::post('flag')); exit; } diff --git a/modules_v3/gedcom_stats/module.php b/modules_v3/gedcom_stats/module.php index 5dc97367d7..d571ee9f5a 100644 --- a/modules_v3/gedcom_stats/module.php +++ b/modules_v3/gedcom_stats/module.php @@ -229,27 +229,27 @@ class gedcom_stats_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'show_last_update', safe_POST_bool('show_last_update')); - set_block_setting($block_id, 'show_common_surnames', safe_POST_bool('show_common_surnames')); - set_block_setting($block_id, 'stat_indi', safe_POST_bool('stat_indi')); - set_block_setting($block_id, 'stat_fam', safe_POST_bool('stat_fam')); - set_block_setting($block_id, 'stat_sour', safe_POST_bool('stat_sour')); - set_block_setting($block_id, 'stat_other', safe_POST_bool('stat_other')); - set_block_setting($block_id, 'stat_media', safe_POST_bool('stat_media')); - set_block_setting($block_id, 'stat_repo', safe_POST_bool('stat_repo')); - set_block_setting($block_id, 'stat_surname', safe_POST_bool('stat_surname')); - set_block_setting($block_id, 'stat_events', safe_POST_bool('stat_events')); - set_block_setting($block_id, 'stat_users', safe_POST_bool('stat_users')); - set_block_setting($block_id, 'stat_first_birth', safe_POST_bool('stat_first_birth')); - set_block_setting($block_id, 'stat_last_birth', safe_POST_bool('stat_last_birth')); - set_block_setting($block_id, 'stat_first_death', safe_POST_bool('stat_first_death')); - set_block_setting($block_id, 'stat_last_death', safe_POST_bool('stat_last_death')); - set_block_setting($block_id, 'stat_long_life', safe_POST_bool('stat_long_life')); - set_block_setting($block_id, 'stat_avg_life', safe_POST_bool('stat_avg_life')); - set_block_setting($block_id, 'stat_most_chil', safe_POST_bool('stat_most_chil')); - set_block_setting($block_id, 'stat_avg_chil', safe_POST_bool('stat_avg_chil')); - set_block_setting($block_id, 'stat_link', safe_POST_bool('stat_link')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'show_last_update', WT_Filter::postBool('show_last_update')); + set_block_setting($block_id, 'show_common_surnames', WT_Filter::postBool('show_common_surnames')); + set_block_setting($block_id, 'stat_indi', WT_Filter::postBool('stat_indi')); + set_block_setting($block_id, 'stat_fam', WT_Filter::postBool('stat_fam')); + set_block_setting($block_id, 'stat_sour', WT_Filter::postBool('stat_sour')); + set_block_setting($block_id, 'stat_other', WT_Filter::postBool('stat_other')); + set_block_setting($block_id, 'stat_media', WT_Filter::postBool('stat_media')); + set_block_setting($block_id, 'stat_repo', WT_Filter::postBool('stat_repo')); + set_block_setting($block_id, 'stat_surname', WT_Filter::postBool('stat_surname')); + set_block_setting($block_id, 'stat_events', WT_Filter::postBool('stat_events')); + set_block_setting($block_id, 'stat_users', WT_Filter::postBool('stat_users')); + set_block_setting($block_id, 'stat_first_birth', WT_Filter::postBool('stat_first_birth')); + set_block_setting($block_id, 'stat_last_birth', WT_Filter::postBool('stat_last_birth')); + set_block_setting($block_id, 'stat_first_death', WT_Filter::postBool('stat_first_death')); + set_block_setting($block_id, 'stat_last_death', WT_Filter::postBool('stat_last_death')); + set_block_setting($block_id, 'stat_long_life', WT_Filter::postBool('stat_long_life')); + set_block_setting($block_id, 'stat_avg_life', WT_Filter::postBool('stat_avg_life')); + set_block_setting($block_id, 'stat_most_chil', WT_Filter::postBool('stat_most_chil')); + set_block_setting($block_id, 'stat_avg_chil', WT_Filter::postBool('stat_avg_chil')); + set_block_setting($block_id, 'stat_link', WT_Filter::postBool('stat_link')); exit; } @@ -373,4 +373,4 @@ class gedcom_stats_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('stat_link', $stat_link); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/googlemap/admin_places.php b/modules_v3/googlemap/admin_places.php index 9157fceb44..5af60cbecc 100644 --- a/modules_v3/googlemap/admin_places.php +++ b/modules_v3/googlemap/admin_places.php @@ -29,11 +29,11 @@ if (!defined('WT_WEBTREES')) { require WT_ROOT.WT_MODULES_DIR.'googlemap/defaultconfig.php'; require WT_ROOT.'includes/functions/functions_edit.php'; -$action=safe_REQUEST($_REQUEST, 'action'); -if (isset($_REQUEST['parent'])) $parent=safe_REQUEST($_REQUEST, 'parent'); -if (isset($_REQUEST['inactive'])) $inactive=safe_GET_bool('inactive'); -if (isset($_REQUEST['mode'])) $mode=safe_REQUEST($_REQUEST, 'mode'); -if (isset($_REQUEST['deleteRecord'])) $deleteRecord=safe_REQUEST($_REQUEST, 'deleteRecord'); +$action = WT_Filter::get('action'); +$parent = WT_Filter::get('parent'); +$inactive = WT_Filter::getBool('inactive'); +$mode = WT_Filter::get('mode'); +$deleteRecord = WT_Filter::get('deleteRecord'); if (!isset($parent)) $parent=0; if (!isset($inactive)) $inactive=false; diff --git a/modules_v3/googlemap/module.php b/modules_v3/googlemap/module.php index 549ef20b5c..a1c2df71b6 100644 --- a/modules_v3/googlemap/module.php +++ b/modules_v3/googlemap/module.php @@ -192,7 +192,7 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu require WT_ROOT.WT_MODULES_DIR.'googlemap/defaultconfig.php'; require WT_ROOT.'includes/functions/functions_edit.php'; - $action=safe_REQUEST($_REQUEST, 'action'); + $action = WT_Filter::post('action'); $controller=new WT_Controller_Page(); $controller @@ -203,25 +203,25 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu if ($action=='update') { - set_module_setting('googlemap', 'GM_MAP_TYPE', $_POST['NEW_GM_MAP_TYPE']); - set_module_setting('googlemap', 'GM_USE_STREETVIEW', $_POST['NEW_GM_USE_STREETVIEW']); - set_module_setting('googlemap', 'GM_MIN_ZOOM', $_POST['NEW_GM_MIN_ZOOM']); - set_module_setting('googlemap', 'GM_MAX_ZOOM', $_POST['NEW_GM_MAX_ZOOM']); - set_module_setting('googlemap', 'GM_XSIZE', $_POST['NEW_GM_XSIZE']); - set_module_setting('googlemap', 'GM_YSIZE', $_POST['NEW_GM_YSIZE']); - set_module_setting('googlemap', 'GM_PRECISION_0', $_POST['NEW_GM_PRECISION_0']); - set_module_setting('googlemap', 'GM_PRECISION_1', $_POST['NEW_GM_PRECISION_1']); - set_module_setting('googlemap', 'GM_PRECISION_2', $_POST['NEW_GM_PRECISION_2']); - set_module_setting('googlemap', 'GM_PRECISION_3', $_POST['NEW_GM_PRECISION_3']); - set_module_setting('googlemap', 'GM_PRECISION_4', $_POST['NEW_GM_PRECISION_4']); - set_module_setting('googlemap', 'GM_PRECISION_5', $_POST['NEW_GM_PRECISION_5']); - set_module_setting('googlemap', 'GM_DEFAULT_TOP_VALUE', $_POST['NEW_GM_DEFAULT_TOP_LEVEL']); - set_module_setting('googlemap', 'GM_COORD', $_POST['NEW_GM_COORD']); - set_module_setting('googlemap', 'GM_PLACE_HIERARCHY', $_POST['NEW_GM_PLACE_HIERARCHY']); - set_module_setting('googlemap', 'GM_PH_XSIZE', $_POST['NEW_GM_PH_XSIZE']); - set_module_setting('googlemap', 'GM_PH_YSIZE', $_POST['NEW_GM_PH_YSIZE']); - set_module_setting('googlemap', 'GM_PH_MARKER', $_POST['NEW_GM_PH_MARKER']); - set_module_setting('googlemap', 'GM_DISP_SHORT_PLACE', $_POST['NEW_GM_DISP_SHORT_PLACE']); + set_module_setting('googlemap', 'GM_MAP_TYPE', WT_Filter::post('NEW_GM_MAP_TYPE')); + set_module_setting('googlemap', 'GM_USE_STREETVIEW', WT_Filter::post('NEW_GM_USE_STREETVIEW')); + set_module_setting('googlemap', 'GM_MIN_ZOOM', WT_Filter::post('NEW_GM_MIN_ZOOM')); + set_module_setting('googlemap', 'GM_MAX_ZOOM', WT_Filter::post('NEW_GM_MAX_ZOOM')); + set_module_setting('googlemap', 'GM_XSIZE', WT_Filter::post('NEW_GM_XSIZE')); + set_module_setting('googlemap', 'GM_YSIZE', WT_Filter::post('NEW_GM_YSIZE')); + set_module_setting('googlemap', 'GM_PRECISION_0', WT_Filter::post('NEW_GM_PRECISION_0')); + set_module_setting('googlemap', 'GM_PRECISION_1', WT_Filter::post('NEW_GM_PRECISION_1')); + set_module_setting('googlemap', 'GM_PRECISION_2', WT_Filter::post('NEW_GM_PRECISION_2')); + set_module_setting('googlemap', 'GM_PRECISION_3', WT_Filter::post('NEW_GM_PRECISION_3')); + set_module_setting('googlemap', 'GM_PRECISION_4', WT_Filter::post('NEW_GM_PRECISION_4')); + set_module_setting('googlemap', 'GM_PRECISION_5', WT_Filter::post('NEW_GM_PRECISION_5')); + set_module_setting('googlemap', 'GM_DEFAULT_TOP_VALUE', WT_Filter::post('NEW_GM_DEFAULT_TOP_LEVEL')); + set_module_setting('googlemap', 'GM_COORD', WT_Filter::post('NEW_GM_COORD')); + set_module_setting('googlemap', 'GM_PLACE_HIERARCHY', WT_Filter::post('NEW_GM_PLACE_HIERARCHY')); + set_module_setting('googlemap', 'GM_PH_XSIZE', WT_Filter::post('NEW_GM_PH_XSIZE')); + set_module_setting('googlemap', 'GM_PH_YSIZE', WT_Filter::post('NEW_GM_PH_YSIZE')); + set_module_setting('googlemap', 'GM_PH_MARKER', WT_Filter::post('NEW_GM_PH_MARKER')); + set_module_setting('googlemap', 'GM_DISP_SHORT_PLACE', WT_Filter::post('NEW_GM_DISP_SHORT_PLACE')); for ($i=1; $i<=9; $i++) { set_module_setting('googlemap', 'GM_PREFIX_'.$i, $_POST['NEW_GM_PREFIX_'.$i]); @@ -447,13 +447,11 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu ->setPageTitle(WT_I18N::translate('Select flag')) ->pageHeader(); - $countries=WT_Stats::get_all_countries(); - $action=safe_REQUEST($_REQUEST, 'action'); + $countries = WT_Stats::get_all_countries(); + $action = WT_Filter::post('action'); - if (isset($_REQUEST['countrySelected'])) $countrySelected = $_REQUEST['countrySelected']; - if (!isset($countrySelected)) $countrySelected='Countries'; - if (isset($_REQUEST['stateSelected'])) $stateSelected = $_REQUEST['stateSelected']; - if (!isset($stateSelected)) $stateSelected='States'; + $countrySelected = WT_Filter::post('countrySelected', null, 'Countries'); + $stateSelected = WT_Filter::post('stateSelected', null, 'States'); $country = array(); $rep = opendir(WT_ROOT.WT_MODULES_DIR.'googlemap/places/flags/'); @@ -649,8 +647,8 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu require_once WT_ROOT.WT_MODULES_DIR.'googlemap/googlemap.php'; // Default is show for both of these. - $hideflags = safe_GET('hideflags'); - $hidelines = safe_GET('hidelines'); + $hideflags = WT_Filter::get('hideflags'); + $hidelines = WT_Filter::get('hidelines'); $controller=new WT_Controller_Pedigree(); @@ -1431,11 +1429,11 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu require_once WT_ROOT.WT_MODULES_DIR.'googlemap/googlemap.php'; require_once WT_ROOT.'includes/functions/functions_edit.php'; - $action = safe_GET('action', '','go'); - $gedcom_id = safe_GET('gedcom_id', array_keys(WT_Tree::getAll()), WT_GED_ID); - $country = safe_GET('country', WT_REGEX_UNSAFE, 'XYZ'); - $state = safe_GET('state', WT_REGEX_UNSAFE, 'XYZ'); - $matching = safe_GET_bool('matching'); + $action = WT_Filter::get('action', '','go'); + $gedcom_id = WT_Filter::getInteger('gedcom_id'); + $country = WT_Filter::get('country', '.+', 'XYZ'); + $state = WT_Filter::get('state', '.+', 'XYZ'); + $matching = WT_Filter::getBool('matching'); if (!empty($WT_SESSION['placecheck_gedcom_id'])) { $gedcom_id = $WT_SESSION['placecheck_gedcom_id']; diff --git a/modules_v3/googlemap/placehierarchy.php b/modules_v3/googlemap/placehierarchy.php index 83337cf665..d94c2e93f8 100644 --- a/modules_v3/googlemap/placehierarchy.php +++ b/modules_v3/googlemap/placehierarchy.php @@ -128,7 +128,7 @@ function create_map($placelevels) { // *** ENABLE STREETVIEW *** (boolean) ========================================================= $STREETVIEW = get_module_setting('googlemap', 'GM_USE_STREETVIEW'); // ============================================================================================= - $parent = safe_GET('parent', WT_REGEX_UNSAFE); + $parent = WT_Filter::get('parent'); // create the map echo '<table style="margin:20px auto 0 auto;"><tr valign="top"><td>'; @@ -197,7 +197,7 @@ function create_map($placelevels) { } '); - $parent = safe_GET('parent'); + $parent = WT_Filter::get('parent'); global $TBLPREFIX, $pl_lati, $pl_long; if ($level>=1) { $pl_lati = str_replace(array('N', 'S', ','), array('', '-', '.'), $latlng['pl_lati']); // WT_placelocation lati @@ -657,4 +657,4 @@ function map_scripts($numfound, $level, $parent, $linklevels, $placelevels, $pla } } $controller->addInlineJavascript(ob_get_clean()); -} +}
\ No newline at end of file diff --git a/modules_v3/googlemap/places_edit.php b/modules_v3/googlemap/places_edit.php index 6ce75d4e4c..6ff8a0f14c 100644 --- a/modules_v3/googlemap/places_edit.php +++ b/modules_v3/googlemap/places_edit.php @@ -29,9 +29,9 @@ if (!defined('WT_WEBTREES')) { require WT_ROOT.WT_MODULES_DIR.'googlemap/defaultconfig.php'; require WT_ROOT.'includes/functions/functions_edit.php'; -$action=safe_REQUEST($_REQUEST, 'action'); -if (isset($_REQUEST['placeid'])) $placeid = $_REQUEST['placeid']; -if (isset($_REQUEST['place_name'])) $place_name = $_REQUEST['place_name']; +$action = WT_Filter::get('action'); +$placeid = WT_Filter::get('placeid'); +$place_name = WT_Filter::get('place_name'); $controller=new WT_Controller_Simple(); $controller diff --git a/modules_v3/html/module.php b/modules_v3/html/module.php index 3221f8f5dc..0f20a36114 100644 --- a/modules_v3/html/module.php +++ b/modules_v3/html/module.php @@ -133,15 +133,15 @@ class html_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'gedcom', safe_POST('gedcom')); - set_block_setting($block_id, 'title', $_POST['title']); - set_block_setting($block_id, 'html', $_POST['html']); - set_block_setting($block_id, 'show_timestamp', safe_POST_bool('show_timestamp')); - set_block_setting($block_id, 'timestamp', safe_POST('timestamp')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'gedcom', WT_Filter::post('gedcom')); + set_block_setting($block_id, 'title', WT_Filter::post('title')); + set_block_setting($block_id, 'html', WT_Filter::post('html')); + set_block_setting($block_id, 'show_timestamp', WT_Filter::postBool('show_timestamp')); + set_block_setting($block_id, 'timestamp', WT_Filter::post('timestamp')); $languages=array(); foreach (WT_I18N::installed_languages() as $code=>$name) { - if (safe_POST_bool('lang_'.$code)) { + if (WT_Filter::postBool('lang_'.$code)) { $languages[]=$code; } } @@ -327,4 +327,4 @@ class html_WT_Module extends WT_Module implements WT_Module_Block { echo edit_language_checkboxes('lang_', $languages); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/individuals/module.php b/modules_v3/individuals/module.php index c6f2950916..09caef3268 100644 --- a/modules_v3/individuals/module.php +++ b/modules_v3/individuals/module.php @@ -64,9 +64,9 @@ class individuals_WT_Module extends WT_Module implements WT_Module_Sidebar { // Implement WT_Module_Sidebar public function getSidebarAjaxContent() { - $alpha =safe_GET('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none - $surname =safe_GET('surname', '[^<>&%{};]*'); // All indis with this surname. NB - allow ' and " - $search =safe_GET('search'); + $alpha = WT_Filter::get('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none + $surname = WT_Filter::get('surname'); // All indis with this surname. + $search = WT_Filter::get('search'); if ($search) { return $this->search($search); @@ -230,4 +230,4 @@ class individuals_WT_Module extends WT_Module implements WT_Module_Sidebar { $out .= '</ul>'; return $out; } -} +}
\ No newline at end of file diff --git a/modules_v3/random_media/module.php b/modules_v3/random_media/module.php index b64c6b6c0f..ee73211253 100644 --- a/modules_v3/random_media/module.php +++ b/modules_v3/random_media/module.php @@ -43,7 +43,7 @@ class random_media_WT_Module extends WT_Module implements WT_Module_Block { $filter =get_block_setting($block_id, 'filter', 'all'); $controls=get_block_setting($block_id, 'controls', true); - $start =get_block_setting($block_id, 'start', false) || safe_GET_bool('start'); + $start =get_block_setting($block_id, 'start', false) || WT_Filter::getBool('start'); $block =get_block_setting($block_id, 'block', true); // We can apply the filters using SQL @@ -217,39 +217,39 @@ class random_media_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'filter', safe_POST('filter', array('indi', 'event', 'all'), 'all')); - set_block_setting($block_id, 'controls', safe_POST_bool('controls')); - set_block_setting($block_id, 'start', safe_POST_bool('start')); - set_block_setting($block_id, 'filter_avi', safe_POST_bool('filter_avi')); - set_block_setting($block_id, 'filter_bmp', safe_POST_bool('filter_bmp')); - set_block_setting($block_id, 'filter_gif', safe_POST_bool('filter_gif')); - set_block_setting($block_id, 'filter_jpeg', safe_POST_bool('filter_jpeg')); - set_block_setting($block_id, 'filter_mp3', safe_POST_bool('filter_mp3')); - set_block_setting($block_id, 'filter_ole', safe_POST_bool('filter_ole')); - set_block_setting($block_id, 'filter_pcx', safe_POST_bool('filter_pcx')); - set_block_setting($block_id, 'filter_pdf', safe_POST_bool('filter_pdf')); - set_block_setting($block_id, 'filter_png', safe_POST_bool('filter_png')); - set_block_setting($block_id, 'filter_tiff', safe_POST_bool('filter_tiff')); - set_block_setting($block_id, 'filter_wav', safe_POST_bool('filter_wav')); - set_block_setting($block_id, 'filter_audio', safe_POST_bool('filter_audio')); - set_block_setting($block_id, 'filter_book', safe_POST_bool('filter_book')); - set_block_setting($block_id, 'filter_card', safe_POST_bool('filter_card')); - set_block_setting($block_id, 'filter_certificate', safe_POST_bool('filter_certificate')); - set_block_setting($block_id, 'filter_coat', safe_POST_bool('filter_coat')); - set_block_setting($block_id, 'filter_document', safe_POST_bool('filter_document')); - set_block_setting($block_id, 'filter_electronic', safe_POST_bool('filter_electronic')); - set_block_setting($block_id, 'filter_fiche', safe_POST_bool('filter_fiche')); - set_block_setting($block_id, 'filter_film', safe_POST_bool('filter_film')); - set_block_setting($block_id, 'filter_magazine', safe_POST_bool('filter_magazine')); - set_block_setting($block_id, 'filter_manuscript', safe_POST_bool('filter_manuscript')); - set_block_setting($block_id, 'filter_map', safe_POST_bool('filter_map')); - set_block_setting($block_id, 'filter_newspaper', safe_POST_bool('filter_newspaper')); - set_block_setting($block_id, 'filter_other', safe_POST_bool('filter_other')); - set_block_setting($block_id, 'filter_painting', safe_POST_bool('filter_painting')); - set_block_setting($block_id, 'filter_photo', safe_POST_bool('filter_photo')); - set_block_setting($block_id, 'filter_tombstone', safe_POST_bool('filter_tombstone')); - set_block_setting($block_id, 'filter_video', safe_POST_bool('filter_video')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'filter', WT_Filter::post('filter', 'indi|event|all', 'all')); + set_block_setting($block_id, 'controls', WT_Filter::postBool('controls')); + set_block_setting($block_id, 'start', WT_Filter::postBool('start')); + set_block_setting($block_id, 'filter_avi', WT_Filter::postBool('filter_avi')); + set_block_setting($block_id, 'filter_bmp', WT_Filter::postBool('filter_bmp')); + set_block_setting($block_id, 'filter_gif', WT_Filter::postBool('filter_gif')); + set_block_setting($block_id, 'filter_jpeg', WT_Filter::postBool('filter_jpeg')); + set_block_setting($block_id, 'filter_mp3', WT_Filter::postBool('filter_mp3')); + set_block_setting($block_id, 'filter_ole', WT_Filter::postBool('filter_ole')); + set_block_setting($block_id, 'filter_pcx', WT_Filter::postBool('filter_pcx')); + set_block_setting($block_id, 'filter_pdf', WT_Filter::postBool('filter_pdf')); + set_block_setting($block_id, 'filter_png', WT_Filter::postBool('filter_png')); + set_block_setting($block_id, 'filter_tiff', WT_Filter::postBool('filter_tiff')); + set_block_setting($block_id, 'filter_wav', WT_Filter::postBool('filter_wav')); + set_block_setting($block_id, 'filter_audio', WT_Filter::postBool('filter_audio')); + set_block_setting($block_id, 'filter_book', WT_Filter::postBool('filter_book')); + set_block_setting($block_id, 'filter_card', WT_Filter::postBool('filter_card')); + set_block_setting($block_id, 'filter_certificate', WT_Filter::postBool('filter_certificate')); + set_block_setting($block_id, 'filter_coat', WT_Filter::postBool('filter_coat')); + set_block_setting($block_id, 'filter_document', WT_Filter::postBool('filter_document')); + set_block_setting($block_id, 'filter_electronic', WT_Filter::postBool('filter_electronic')); + set_block_setting($block_id, 'filter_fiche', WT_Filter::postBool('filter_fiche')); + set_block_setting($block_id, 'filter_film', WT_Filter::postBool('filter_film')); + set_block_setting($block_id, 'filter_magazine', WT_Filter::postBool('filter_magazine')); + set_block_setting($block_id, 'filter_manuscript', WT_Filter::postBool('filter_manuscript')); + set_block_setting($block_id, 'filter_map', WT_Filter::postBool('filter_map')); + set_block_setting($block_id, 'filter_newspaper', WT_Filter::postBool('filter_newspaper')); + set_block_setting($block_id, 'filter_other', WT_Filter::postBool('filter_other')); + set_block_setting($block_id, 'filter_painting', WT_Filter::postBool('filter_painting')); + set_block_setting($block_id, 'filter_photo', WT_Filter::postBool('filter_photo')); + set_block_setting($block_id, 'filter_tombstone', WT_Filter::postBool('filter_tombstone')); + set_block_setting($block_id, 'filter_video', WT_Filter::postBool('filter_video')); exit; } @@ -384,4 +384,4 @@ class random_media_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('start', $start); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/recent_changes/module.php b/modules_v3/recent_changes/module.php index 128c62cd2f..15506cc60a 100644 --- a/modules_v3/recent_changes/module.php +++ b/modules_v3/recent_changes/module.php @@ -118,12 +118,12 @@ class recent_changes_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'days', safe_POST_integer('days', 1, 30, 7)); - set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table')); - set_block_setting($block_id, 'sortStyle', safe_POST('sortStyle', array('name', 'date_asc', 'date_desc'), 'date_desc')); - set_block_setting($block_id, 'hide_empty', safe_POST_bool('hide_empty')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'days', WT_Filter::postInteger('days', 1, 30, 7)); + set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table')); + set_block_setting($block_id, 'sortStyle', WT_Filter::post('sortStyle', 'name|date_asc|date_desc', 'date_desc')); + set_block_setting($block_id, 'hide_empty', WT_Filter::postBool('hide_empty')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -173,4 +173,4 @@ class recent_changes_WT_Module extends WT_Module implements WT_Module_Block { echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/review_changes/module.php b/modules_v3/review_changes/module.php index 1975ed9b98..88a00724fc 100644 --- a/modules_v3/review_changes/module.php +++ b/modules_v3/review_changes/module.php @@ -155,10 +155,10 @@ class review_changes_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'days', safe_POST_integer('num', 1, 180, 7)); - set_block_setting($block_id, 'sendmail', safe_POST_bool('sendmail')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'days', WT_Filter::postInteger('num', 1, 180, 7)); + set_block_setting($block_id, 'sendmail', WT_Filter::postBool('sendmail')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -181,4 +181,4 @@ class review_changes_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('block', $block); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/sitemap/module.php b/modules_v3/sitemap/module.php index 2be8b119dd..2f19f180af 100644 --- a/modules_v3/sitemap/module.php +++ b/modules_v3/sitemap/module.php @@ -45,7 +45,7 @@ class sitemap_WT_Module extends WT_Module implements WT_Module_Config { break; case 'generate': Zend_Session::writeClose(); - $this->generate(safe_GET('file')); + $this->generate(WT_Filter::get('file')); break; default: header('HTTP/1.0 404 Not Found'); @@ -216,9 +216,9 @@ class sitemap_WT_Module extends WT_Module implements WT_Module_Config { ->pageHeader(); // Save the updated preferences - if (safe_POST('action', 'save')=='save') { + if (WT_Filter::post('action')=='save') { foreach (WT_Tree::getAll() as $tree) { - set_gedcom_setting($tree->tree_id, 'include_in_sitemap', safe_POST_bool('include'.$tree->tree_id)); + set_gedcom_setting($tree->tree_id, 'include_in_sitemap', WT_Filter::postBool('include'.$tree->tree_id)); } // Clear cache and force files to be regenerated WT_DB::prepare( @@ -270,4 +270,4 @@ class sitemap_WT_Module extends WT_Module implements WT_Module_Config { public function getConfigLink() { return 'module.php?mod='.$this->getName().'&mod_action=admin'; } -} +}
\ No newline at end of file diff --git a/modules_v3/stories/module.php b/modules_v3/stories/module.php index c65619de0c..cff1d265e8 100644 --- a/modules_v3/stories/module.php +++ b/modules_v3/stories/module.php @@ -169,35 +169,35 @@ class stories_WT_Module extends WT_Module implements WT_Module_Block, WT_Module_ require_once WT_ROOT.'includes/functions/functions_edit.php'; if (WT_USER_CAN_EDIT) { - if (safe_POST_bool('save')) { - $block_id=safe_POST('block_id'); + if (WT_Filter::postBool('save')) { + $block_id=WT_Filter::postInteger('block_id'); if ($block_id) { WT_DB::prepare( "UPDATE `##block` SET gedcom_id=?, xref=? WHERE block_id=?" - )->execute(array(safe_POST('gedcom_id'), safe_POST('xref'), $block_id)); + )->execute(array(WT_Filter::postInteger('gedcom_id'), WT_Filter::post('xref', WT_REGEX_XREF), $block_id)); } else { WT_DB::prepare( "INSERT INTO `##block` (gedcom_id, xref, module_name, block_order) VALUES (?, ?, ?, ?)" )->execute(array( - safe_POST('gedcom_id'), - safe_POST('xref'), + WT_Filter::postInteger('gedcom_id'), + WT_Filter::post('xref', WT_REGEX_XREF), $this->getName(), 0 )); $block_id=WT_DB::getInstance()->lastInsertId(); } - set_block_setting($block_id, 'title', safe_POST('title', WT_REGEX_UNSAFE)); // allow html - set_block_setting($block_id, 'story_body', safe_POST('story_body', WT_REGEX_UNSAFE)); // allow html + set_block_setting($block_id, 'title', WT_Filter::post('title')); + set_block_setting($block_id, 'story_body', WT_Filter::post('story_body')); $languages=array(); foreach (WT_I18N::installed_languages() as $code=>$name) { - if (safe_POST_bool('lang_'.$code)) { + if (WT_Filter::postBool('lang_'.$code)) { $languages[]=$code; } } set_block_setting($block_id, 'languages', implode(',', $languages)); $this->config(); } else { - $block_id=safe_GET('block_id'); + $block_id=WT_Filter::getInteger('block_id'); $controller=new WT_Controller_Page(); if ($block_id) { @@ -215,7 +215,7 @@ class stories_WT_Module extends WT_Module implements WT_Module_Block, WT_Module_ $title=''; $story_body=''; $gedcom_id=WT_GED_ID; - $xref=safe_GET('xref', WT_REGEX_XREF); + $xref=WT_Filter::get('xref', WT_REGEX_XREF); } $controller ->pageHeader() @@ -274,7 +274,7 @@ class stories_WT_Module extends WT_Module implements WT_Module_Block, WT_Module_ private function delete() { if (WT_USER_CAN_EDIT) { - $block_id=safe_GET('block_id'); + $block_id=WT_Filter::getInteger('block_id'); $block_order=WT_DB::prepare( "SELECT block_order FROM `##block` WHERE block_id=?" diff --git a/modules_v3/theme_select/module.php b/modules_v3/theme_select/module.php index f0ac4823cd..7ff0e91016 100644 --- a/modules_v3/theme_select/module.php +++ b/modules_v3/theme_select/module.php @@ -1,77 +1,77 @@ -<?php
-// Classes and libraries for module system
-//
-// webtrees: Web based Family History software
-// Copyright (C) 2013 webtrees development team.
-//
-// Derived from PhpGedView
-// Copyright (C) 2010 John Finlay
-//
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; either version 2 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-if (!defined('WT_WEBTREES')) {
- header('HTTP/1.0 403 Forbidden');
- exit;
-}
-
-class theme_select_WT_Module extends WT_Module implements WT_Module_Block {
- // Extend class WT_Module
- public function getTitle() {
- return /* I18N: Name of a module */ WT_I18N::translate('Theme change');
- }
-
- // Extend class WT_Module
- public function getDescription() {
- return /* I18N: Description of the “Theme change” module */ WT_I18N::translate('An alternative way to select a new theme.');
- }
-
- // Implement class WT_Module_Block
- public function getBlock($block_id, $template=true, $cfg=null) {
- $id=$this->getName().$block_id;
- $class=$this->getName().'_block';
- $title=$this->getTitle();
- $menu=WT_MenuBar::getThemeMenu();
- if ($menu) {
- $content='<div class="center theme_form">'.WT_MenuBar::getThemeMenu().'</div><br>';
-
- if ($template) {
- require WT_THEME_DIR.'templates/block_main_temp.php';
- } else {
- return $content;
- }
- } else {
- return '';
- }
- }
-
- // Implement class WT_Module_Block
- public function loadAjax() {
- return false;
- }
-
- // Implement class WT_Module_Block
- public function isUserBlock() {
- return true;
- }
-
- // Implement class WT_Module_Block
- public function isGedcomBlock() {
- return true;
- }
-
- // Implement class WT_Module_Block
- public function configureBlock($block_id) {
- }
-}
+<?php +// Classes and libraries for module system +// +// webtrees: Web based Family History software +// Copyright (C) 2013 webtrees development team. +// +// Derived from PhpGedView +// Copyright (C) 2010 John Finlay +// +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; either version 2 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program; if not, write to the Free Software +// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +if (!defined('WT_WEBTREES')) { + header('HTTP/1.0 403 Forbidden'); + exit; +} + +class theme_select_WT_Module extends WT_Module implements WT_Module_Block { + // Extend class WT_Module + public function getTitle() { + return /* I18N: Name of a module */ WT_I18N::translate('Theme change'); + } + + // Extend class WT_Module + public function getDescription() { + return /* I18N: Description of the “Theme change” module */ WT_I18N::translate('An alternative way to select a new theme.'); + } + + // Implement class WT_Module_Block + public function getBlock($block_id, $template=true, $cfg=null) { + $id=$this->getName().$block_id; + $class=$this->getName().'_block'; + $title=$this->getTitle(); + $menu=WT_MenuBar::getThemeMenu(); + if ($menu) { + $content='<div class="center theme_form">'.WT_MenuBar::getThemeMenu().'</div><br>'; + + if ($template) { + require WT_THEME_DIR.'templates/block_main_temp.php'; + } else { + return $content; + } + } else { + return ''; + } + } + + // Implement class WT_Module_Block + public function loadAjax() { + return false; + } + + // Implement class WT_Module_Block + public function isUserBlock() { + return true; + } + + // Implement class WT_Module_Block + public function isGedcomBlock() { + return true; + } + + // Implement class WT_Module_Block + public function configureBlock($block_id) { + } +} diff --git a/modules_v3/todays_events/module.php b/modules_v3/todays_events/module.php index 630577abbd..44824dc46d 100644 --- a/modules_v3/todays_events/module.php +++ b/modules_v3/todays_events/module.php @@ -109,12 +109,12 @@ class todays_events_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'filter', safe_POST_bool('filter')); - set_block_setting($block_id, 'onlyBDM', safe_POST_bool('onlyBDM')); - set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table')); - set_block_setting($block_id, 'sortStyle', safe_POST('sortStyle', array('alpha', 'anniv'), 'alpha')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'filter', WT_Filter::postBool('filter')); + set_block_setting($block_id, 'onlyBDM', WT_Filter::postBool('onlyBDM')); + set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table')); + set_block_setting($block_id, 'sortStyle', WT_Filter::post('sortStyle', 'alpha|anniv', 'alpha')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -158,4 +158,4 @@ class todays_events_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('block', $block); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/todo/module.php b/modules_v3/todo/module.php index 02d46539de..1526f8d07d 100644 --- a/modules_v3/todo/module.php +++ b/modules_v3/todo/module.php @@ -155,11 +155,11 @@ class todo_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'show_other', safe_POST_bool('show_other')); - set_block_setting($block_id, 'show_unassigned', safe_POST_bool('show_unassigned')); - set_block_setting($block_id, 'show_future', safe_POST_bool('show_future')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'show_other', WT_Filter::postBool('show_other')); + set_block_setting($block_id, 'show_unassigned', WT_Filter::postBool('show_unassigned')); + set_block_setting($block_id, 'show_future', WT_Filter::postBool('show_future')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -193,4 +193,4 @@ class todo_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('block', $block); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/top10_givnnames/module.php b/modules_v3/top10_givnnames/module.php index 8515cd7593..bb4c9d4d8b 100644 --- a/modules_v3/top10_givnnames/module.php +++ b/modules_v3/top10_givnnames/module.php @@ -126,10 +126,10 @@ class top10_givnnames_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'num', safe_POST_integer('num', 1, 10000, 10)); - set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'num', WT_Filter::postInteger('num', 1, 10000, 10)); + set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -156,4 +156,4 @@ class top10_givnnames_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('block', $block); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/top10_pageviews/module.php b/modules_v3/top10_pageviews/module.php index 2a1525d902..6fa08522b7 100644 --- a/modules_v3/top10_pageviews/module.php +++ b/modules_v3/top10_pageviews/module.php @@ -120,10 +120,10 @@ class top10_pageviews_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'num', safe_POST_integer('num', 1, 10000, 10)); - set_block_setting($block_id, 'count_placement', safe_POST('count_placement', array('before', 'after'), 'before')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'num', WT_Filter::postInteger('num', 1, 10000, 10)); + set_block_setting($block_id, 'count_placement', WT_Filter::post('count_placement', 'before|after', 'before')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } require_once WT_ROOT.'includes/functions/functions_edit.php'; @@ -149,4 +149,4 @@ class top10_pageviews_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('block', $block); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/top10_surnames/module.php b/modules_v3/top10_surnames/module.php index 0670cc8534..a2c44f790e 100644 --- a/modules_v3/top10_surnames/module.php +++ b/modules_v3/top10_surnames/module.php @@ -139,10 +139,10 @@ class top10_surnames_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'num', safe_POST_integer('num', 1, 10000, 10)); - set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'array', 'table', 'tagcloud'), 'table')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'num', WT_Filter::postInteger('num', 1, 10000, 10)); + set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|array|table|tagcloud', 'table')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -181,4 +181,4 @@ class top10_surnames_WT_Module extends WT_Module implements WT_Module_Block { } return $countb - $counta; } -} +}
\ No newline at end of file diff --git a/modules_v3/tree/class_treeview.php b/modules_v3/tree/class_treeview.php index 62cd94b12a..bdd742e741 100644 --- a/modules_v3/tree/class_treeview.php +++ b/modules_v3/tree/class_treeview.php @@ -35,7 +35,7 @@ class TreeView { $this->name = $name; // Read if all partners must be shown or not - $allPartners = safe_GET('allPartners'); + $allPartners = WT_Filter::get('allPartners'); // if allPartners not specified in url, we try to read the cookie if ($allPartners == '') { if (isset($_COOKIE['allPartners'])) @@ -121,7 +121,7 @@ class TreeView { foreach ($person->getSpouseFamilies() as $family) { $spouse = $family->getSpouse($person); if ($spouse) { - $r .= $this->getPersonDetails($person, $family->getSpouse($person), $family); + $r .= $this->getPersonDetails($person, $spouse, $family); } } return $r; diff --git a/modules_v3/tree/module.php b/modules_v3/tree/module.php index e38bcd78fd..155073d1ea 100644 --- a/modules_v3/tree/module.php +++ b/modules_v3/tree/module.php @@ -130,8 +130,8 @@ class tree_WT_Module extends WT_Module implements WT_Module_Tab { //$controller->pageHeader(); Zend_Session::writeClose(); header('Content-Type: text/html; charset=UTF-8'); - $pid = safe_GET('pid'); - $i = safe_GET('instance'); + $pid = WT_Filter::get('pid', WT_REGEX_XREF); + $i = WT_Filter::get('instance'); $tv = new TreeView($i); echo $tv->getDetails($pid); break; @@ -141,8 +141,8 @@ class tree_WT_Module extends WT_Module implements WT_Module_Tab { //$controller->pageHeader(); Zend_Session::writeClose(); header('Content-Type: text/html; charset=UTF-8'); - $q = $_REQUEST['q']; - $i = safe_GET('instance'); + $q = WT_Filter::get('q'); + $i = WT_Filter::get('instance'); $tv = new TreeView($i); echo $tv->getPersons($q); break; diff --git a/modules_v3/upcoming_events/module.php b/modules_v3/upcoming_events/module.php index 2986247386..06f2a1e2eb 100644 --- a/modules_v3/upcoming_events/module.php +++ b/modules_v3/upcoming_events/module.php @@ -112,13 +112,13 @@ class upcoming_events_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'days', safe_POST_integer('days', 1, 30, 7)); - set_block_setting($block_id, 'filter', safe_POST_bool('filter')); - set_block_setting($block_id, 'onlyBDM', safe_POST_bool('onlyBDM')); - set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table')); - set_block_setting($block_id, 'sortStyle', safe_POST('sortStyle', array('alpha', 'anniv'), 'alpha')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'days', WT_Filter::postInteger('days', 1, 30, 7)); + set_block_setting($block_id, 'filter', WT_Filter::postBool('filter')); + set_block_setting($block_id, 'onlyBDM', WT_Filter::postBool('onlyBDM')); + set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table')); + set_block_setting($block_id, 'sortStyle', WT_Filter::post('sortStyle', 'alpha|anniv', 'alpha')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -170,4 +170,4 @@ class upcoming_events_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('block', $block); echo '</td></tr>'; } -} +}
\ No newline at end of file diff --git a/modules_v3/user_blog/module.php b/modules_v3/user_blog/module.php index f975ddeb1d..81e519438d 100644 --- a/modules_v3/user_blog/module.php +++ b/modules_v3/user_blog/module.php @@ -49,9 +49,9 @@ class user_blog_WT_Module extends WT_Module implements WT_Module_Block { public function getBlock($block_id, $template=true, $cfg=null) { global $ctype; - switch (safe_GET('action')) { + switch (WT_Filter::get('action')) { case 'deletenews': - $news_id=safe_GET('news_id'); + $news_id=WT_Filter::getInteger('news_id'); if ($news_id) { deleteNews($news_id); } @@ -124,4 +124,4 @@ class user_blog_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { } -} +}
\ No newline at end of file diff --git a/modules_v3/user_favorites/module.php b/modules_v3/user_favorites/module.php index 66ddc86f7d..b74eb676a5 100644 --- a/modules_v3/user_favorites/module.php +++ b/modules_v3/user_favorites/module.php @@ -64,16 +64,16 @@ class user_favorites_WT_Module extends gedcom_favorites_WT_Module { switch($modAction) { case 'menu-add-favorite': // Process the "add to user favorites" menu item on indi/fam/etc. pages - $record=WT_GedcomRecord::getInstance(safe_POST_xref('xref')); + $record = WT_GedcomRecord::getInstance(WT_Filter::post('xref', WT_REGEX_XREF)); if (WT_USER_ID && $record->canShowName()) { self::addFavorite(array( - 'user_id' =>WT_USER_ID, - 'gedcom_id'=>$record->getGedcomId(), - 'gid' =>$record->getXref(), - 'type' =>$record::RECORD_TYPE, - 'url' =>null, - 'note' =>null, - 'title' =>null, + 'user_id' => WT_USER_ID, + 'gedcom_id' => $record->getGedcomId(), + 'gid' => $record->getXref(), + 'type' => $record::RECORD_TYPE, + 'url' => null, + 'note' => null, + 'title' => null, )); WT_FlashMessages::addMessage(/* I18N: %s is the name of an individual, source or other record */ WT_I18N::translate('“%s” has been added to your favorites.', $record->getFullName())); } diff --git a/modules_v3/user_messages/module.php b/modules_v3/user_messages/module.php index 6a89860edd..5d8048acac 100644 --- a/modules_v3/user_messages/module.php +++ b/modules_v3/user_messages/module.php @@ -44,8 +44,8 @@ class user_messages_WT_Module extends WT_Module implements WT_Module_Block { require_once WT_ROOT.'includes/functions/functions_print_facts.php'; // Block actions - $action=safe_GET('action'); - $message_id=safe_GET('message_id'); + $action = WT_Filter::get('action'); + $message_id = WT_Filter::getInteger('message_id'); if ($action=='deletemessage') { if (is_array($message_id)) { foreach ($message_id as $msg_id) { @@ -79,7 +79,7 @@ class user_messages_WT_Module extends WT_Module implements WT_Module_Block { $content.='</option>'; } } - $content.='</select> <input type="button" value="'.WT_I18N::translate('Send').'" onclick="message(document.messageform.touser.options[document.messageform.touser.selectedIndex].value, \'messaging2\', \'\', \'\'); return false;"><br><br>'; + $content.='</select> <input type="button" value="'.WT_I18N::translate('Send').'" onclick="message(document.messageform.touser.options[document.messageform.touser.selectedIndex].value, \'messaging2\', \'\'); return false;"><br><br>'; } if (count($messages)==0) { $content.=WT_I18N::translate('You have no pending messages.')."<br>"; @@ -149,8 +149,8 @@ class user_messages_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } diff --git a/modules_v3/yahrzeit/module.php b/modules_v3/yahrzeit/module.php index 3d1291d133..8582aeb849 100644 --- a/modules_v3/yahrzeit/module.php +++ b/modules_v3/yahrzeit/module.php @@ -223,10 +223,10 @@ class yahrzeit_WT_Module extends WT_Module implements WT_Module_Block { // Implement class WT_Module_Block public function configureBlock($block_id) { - if (safe_POST_bool('save')) { - set_block_setting($block_id, 'days', safe_POST_integer('days', 1, 30, 7)); - set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table')); - set_block_setting($block_id, 'block', safe_POST_bool('block')); + if (WT_Filter::postBool('save')) { + set_block_setting($block_id, 'days', WT_Filter::postInteger('days', 1, 30, 7)); + set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table')); + set_block_setting($block_id, 'block', WT_Filter::postBool('block')); exit; } @@ -254,4 +254,4 @@ class yahrzeit_WT_Module extends WT_Module implements WT_Module_Block { echo edit_field_yes_no('block', $block); echo '</td></tr>'; } -} +}
\ No newline at end of file |
