summaryrefslogtreecommitdiff
path: root/modules_v3
diff options
context:
space:
mode:
authorGreg Roach <fisharebest@gmail.com>2013-08-29 22:35:00 +0100
committerGreg Roach <fisharebest@gmail.com>2013-08-29 22:35:00 +0100
commitdef8f50065a593a06a051ceb58b7686884a8ce58 (patch)
treedf7cb13b850c7f6332d9c40bc9daf560d0b19586 /modules_v3
parentcd3cb363db375e0e9b7d5214b33e382f77aa9400 (diff)
downloadwebtrees-def8f50065a593a06a051ceb58b7686884a8ce58.tar.gz
webtrees-def8f50065a593a06a051ceb58b7686884a8ce58.tar.bz2
webtrees-def8f50065a593a06a051ceb58b7686884a8ce58.zip
New filter/validation functions for GET/POST variables
Diffstat (limited to 'modules_v3')
-rw-r--r--modules_v3/GEDFact_assistant/CENS_ctrl.php2
-rw-r--r--modules_v3/GEDFact_assistant/_CENS/census_3_find.php10
-rw-r--r--modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php8
-rw-r--r--modules_v3/GEDFact_assistant/module.php22
-rw-r--r--modules_v3/batch_update/admin_batch_update.php14
-rw-r--r--modules_v3/batch_update/plugins/married_names.php4
-rw-r--r--modules_v3/batch_update/plugins/search_replace.php8
-rw-r--r--modules_v3/charts/module.php8
-rw-r--r--modules_v3/clippings/clippings_ctrl.php26
-rw-r--r--modules_v3/clippings/module.php20
-rw-r--r--modules_v3/descendancy/module.php6
-rw-r--r--modules_v3/extra_info/module.php196
-rw-r--r--modules_v3/families/module.php8
-rw-r--r--modules_v3/faq/module.php34
-rw-r--r--modules_v3/gedcom_favorites/module.php46
-rw-r--r--modules_v3/gedcom_news/module.php10
-rw-r--r--modules_v3/gedcom_stats/module.php44
-rw-r--r--modules_v3/googlemap/admin_places.php10
-rw-r--r--modules_v3/googlemap/module.php64
-rw-r--r--modules_v3/googlemap/placehierarchy.php6
-rw-r--r--modules_v3/googlemap/places_edit.php6
-rw-r--r--modules_v3/html/module.php16
-rw-r--r--modules_v3/individuals/module.php8
-rw-r--r--modules_v3/random_media/module.php70
-rw-r--r--modules_v3/recent_changes/module.php14
-rw-r--r--modules_v3/review_changes/module.php10
-rw-r--r--modules_v3/sitemap/module.php8
-rw-r--r--modules_v3/stories/module.php22
-rw-r--r--modules_v3/theme_select/module.php154
-rw-r--r--modules_v3/todays_events/module.php14
-rw-r--r--modules_v3/todo/module.php12
-rw-r--r--modules_v3/top10_givnnames/module.php10
-rw-r--r--modules_v3/top10_pageviews/module.php10
-rw-r--r--modules_v3/top10_surnames/module.php10
-rw-r--r--modules_v3/tree/class_treeview.php4
-rw-r--r--modules_v3/tree/module.php8
-rw-r--r--modules_v3/upcoming_events/module.php16
-rw-r--r--modules_v3/user_blog/module.php6
-rw-r--r--modules_v3/user_favorites/module.php16
-rw-r--r--modules_v3/user_messages/module.php10
-rw-r--r--modules_v3/yahrzeit/module.php10
41 files changed, 489 insertions, 491 deletions
diff --git a/modules_v3/GEDFact_assistant/CENS_ctrl.php b/modules_v3/GEDFact_assistant/CENS_ctrl.php
index 3987c3a2f1..2a799b8299 100644
--- a/modules_v3/GEDFact_assistant/CENS_ctrl.php
+++ b/modules_v3/GEDFact_assistant/CENS_ctrl.php
@@ -23,7 +23,7 @@
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-$xref = safe_GET('xref', WT_REGEX_XREF);
+$xref = WT_Filter::get('xref', WT_REGEX_XREF);
$person = WT_Individual::getInstance($xref);
check_record_access($person);
diff --git a/modules_v3/GEDFact_assistant/_CENS/census_3_find.php b/modules_v3/GEDFact_assistant/_CENS/census_3_find.php
index cb9385e17c..e4d4be9d98 100644
--- a/modules_v3/GEDFact_assistant/_CENS/census_3_find.php
+++ b/modules_v3/GEDFact_assistant/_CENS/census_3_find.php
@@ -23,10 +23,10 @@
$controller=new WT_Controller_Simple();
-$filter =safe_GET('filter');
-$action =safe_GET('action');
-$callback =safe_GET('callback', WT_REGEX_NOSCRIPT, 'paste_id');
-$multiple =safe_GET_bool('multiple');
+$filter = WT_Filter::get('filter');
+$action = WT_Filter::get('action');
+$callback = WT_Filter::get('callback');
+$multiple = WT_Filter::getBool('multiple');
$controller
->setPageTitle(WT_I18N::translate('Find an individual'))
@@ -188,4 +188,4 @@ if ($action=="filter") {
echo "</table>";
}
echo '<button onclick="window.close();">', WT_I18N::translate('close'), '</button>';
-echo "</div>"; // Close div that centers table
+echo "</div>"; // Close div that centers table \ No newline at end of file
diff --git a/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php b/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php
index 609c068684..8a7b0de135 100644
--- a/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php
+++ b/modules_v3/GEDFact_assistant/_MEDIA/media_0_inverselink.php
@@ -26,10 +26,10 @@
// GEDFact Media assistant replacement code for inverselink.php: ===========================
//-- extra page parameters and checking
-$more_links = safe_REQUEST($_REQUEST, 'more_links', WT_REGEX_UNSAFE);
-$exist_links = safe_REQUEST($_REQUEST, 'exist_links', WT_REGEX_UNSAFE);
-$gid = safe_GET_xref('gid');
-$update_CHAN = safe_REQUEST($_REQUEST, 'preserve_last_changed', WT_REGEX_UNSAFE);
+$more_links = WT_Filter::get('more_links');
+$exist_links = WT_Filter::get('exist_links');
+$gid = WT_Filter::get('gid', WT_REGEX_XREF);
+$update_CHAN = WT_Filter::get('preserve_last_changed');
$controller->addExternalJavascript(WT_STATIC_URL.'js/autocomplete.js');
diff --git a/modules_v3/GEDFact_assistant/module.php b/modules_v3/GEDFact_assistant/module.php
index 2b5b12ea25..191c822552 100644
--- a/modules_v3/GEDFact_assistant/module.php
+++ b/modules_v3/GEDFact_assistant/module.php
@@ -62,17 +62,17 @@ class GEDFact_assistant_WT_Module extends WT_Module {
$controller=new WT_Controller_Simple();
$type ='indi';
- $filter =safe_GET('filter');
- $action =safe_GET('action');
+ $filter =WT_Filter::get('filter');
+ $action =WT_Filter::get('action');
$callback ='paste_id';
- $media =safe_GET('media');
- $external_links =safe_GET('external_links');
- $directory =safe_GET('directory', WT_REGEX_NOSCRIPT, $MEDIA_DIRECTORY);
- $multiple =safe_GET_bool('multiple');
- $showthumb =safe_GET_bool('showthumb');
- $all =safe_GET_bool('all');
- $subclick =safe_GET('subclick');
- $choose =safe_GET('choose', WT_REGEX_NOSCRIPT, '0all');
+ $media =WT_Filter::get('media');
+ $external_links =WT_Filter::get('external_links');
+ $directory =WT_Filter::get('directory');
+ $multiple =WT_Filter::getBool('multiple');
+ $showthumb =WT_Filter::getBool('showthumb');
+ $all =WT_Filter::getBool('all');
+ $subclick =WT_Filter::get('subclick');
+ $choose =WT_Filter::get('choose');
$controller
->setPageTitle(WT_I18N::translate('Find an individual'))
@@ -168,7 +168,7 @@ class GEDFact_assistant_WT_Module extends WT_Module {
}
private static function media_query_3a() {
- $iid2 = safe_GET('iid');
+ $iid2 = WT_Filter::get('iid', WT_REGEX_XREF);
$controller=new WT_Controller_Simple();
$controller
diff --git a/modules_v3/batch_update/admin_batch_update.php b/modules_v3/batch_update/admin_batch_update.php
index 5330031567..ebeb48f8ee 100644
--- a/modules_v3/batch_update/admin_batch_update.php
+++ b/modules_v3/batch_update/admin_batch_update.php
@@ -111,14 +111,14 @@ class batch_update {
// Constructor - initialise variables and validate user-input
function __construct() {
- $this->plugins=self::getPluginList(); // List of available plugins
- $this->plugin =safe_GET('plugin', array_keys($this->plugins)); // User parameters
- $this->xref =safe_GET('xref', WT_REGEX_XREF);
- $this->action =safe_GET('action');
- $this->data =safe_GET('data');
+ $this->plugins=self::getPluginList(); // List of available plugins
+ $this->plugin =WT_Filter::get('plugin'); // User parameters
+ $this->xref =WT_Filter::get('xref', WT_REGEX_XREF);
+ $this->action =WT_Filter::get('action');
+ $this->data =WT_Filter::get('data');
// Don't do any processing until a plugin is chosen.
- if ($this->plugin) {
+ if ($this->plugin && array_key_exists($this->plugin, $this->plugins)) {
$this->PLUGIN=new $this->plugin;
$this->PLUGIN->getOptions();
$this->getAllXrefs();
@@ -333,7 +333,7 @@ class base_plugin {
// Default option is just the "don't update CHAN record"
function getOptions() {
- $this->chan=safe_GET_bool('chan');
+ $this->chan=WT_Filter::getBool('chan');
}
// Default option is just the "don't update CHAN record"
diff --git a/modules_v3/batch_update/plugins/married_names.php b/modules_v3/batch_update/plugins/married_names.php
index 64f9a34381..13d7a1356f 100644
--- a/modules_v3/batch_update/plugins/married_names.php
+++ b/modules_v3/batch_update/plugins/married_names.php
@@ -94,7 +94,7 @@ class married_names_bu_plugin extends base_plugin {
// Add an option for different surname styles
function getOptions() {
parent::getOptions();
- $this->surname=safe_GET('surname', array('add', 'replace'), 'replace');
+ $this->surname = WT_Filter::get('surname', 'add|replace', 'replace');
}
function getOptionsForm() {
@@ -107,4 +107,4 @@ class married_names_bu_plugin extends base_plugin {
($this->surname=='add' ? ' selected="selected"' : '').
'">'.WT_I18N::translate('Wife’s maiden surname becomes new given name').'</option></select></td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/batch_update/plugins/search_replace.php b/modules_v3/batch_update/plugins/search_replace.php
index 61b27b3b59..c4ac0ebad7 100644
--- a/modules_v3/batch_update/plugins/search_replace.php
+++ b/modules_v3/batch_update/plugins/search_replace.php
@@ -56,10 +56,10 @@ class search_replace_bu_plugin extends base_plugin {
function getOptions() {
parent::getOptions();
- $this->search =safe_GET('search', WT_REGEX_UNSAFE);
- $this->replace=safe_GET('replace', WT_REGEX_UNSAFE);
- $this->method =safe_GET('method', array('exact', 'words', 'wildcards', 'regex'), 'exact');
- $this->case =safe_GET('case', 'i');
+ $this->search = WT_Filter::get('search');
+ $this->replace = WT_Filter::get('replace');
+ $this->method = WT_Filter::get('method', 'exact|words|wildcards|regex', 'exact');
+ $this->case = WT_Filter::get('case', 'i');
$this->error='';
switch ($this->method) {
diff --git a/modules_v3/charts/module.php b/modules_v3/charts/module.php
index 3ae04a4916..19cdf14c69 100644
--- a/modules_v3/charts/module.php
+++ b/modules_v3/charts/module.php
@@ -184,10 +184,10 @@ class charts_WT_Module extends WT_Module implements WT_Module_Block {
$PEDIGREE_ROOT_ID=get_gedcom_setting(WT_GED_ID, 'PEDIGREE_ROOT_ID');
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'details', safe_POST_bool('details'));
- set_block_setting($block_id, 'type', safe_POST('type', array('pedigree', 'descendants', 'hourglass', 'treenav'), 'pedigree'));
- set_block_setting($block_id, 'pid', safe_POST('pid', WT_REGEX_XREF));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'details', WT_Filter::postBool('details'));
+ set_block_setting($block_id, 'type', WT_Filter::post('type', 'pedigree|descendants|hourglass|treenav', 'pedigree'));
+ set_block_setting($block_id, 'pid', WT_Filter::post('pid', WT_REGEX_XREF));
exit;
}
diff --git a/modules_v3/clippings/clippings_ctrl.php b/modules_v3/clippings/clippings_ctrl.php
index 41e536df3d..9e52fb1fbf 100644
--- a/modules_v3/clippings/clippings_ctrl.php
+++ b/modules_v3/clippings/clippings_ctrl.php
@@ -61,18 +61,18 @@ class WT_Controller_Clippings {
$WT_SESSION->cart[WT_GED_ID]=array();
}
- $this->action = safe_GET("action");
- $this->id = safe_GET('id');
- $convert = safe_GET('convert',"yes","no");
- $this->Zip = safe_GET('Zip');
- $this->IncludeMedia = safe_GET('IncludeMedia');
- $this->conv_path = safe_GET('conv_path', WT_REGEX_NOSCRIPT);
- $this->privatize_export = safe_GET('privatize_export', array('none', 'visitor', 'user', 'gedadmin'), 'visitor');
- $this->level1 = safe_GET('level1', WT_REGEX_INTEGER, PHP_INT_MAX);
- $this->level2 = safe_GET('level2', WT_REGEX_INTEGER, PHP_INT_MAX);
- $this->level3 = safe_GET('level3', WT_REGEX_INTEGER, PHP_INT_MAX);
- $others = safe_GET('others');
- $this->type = safe_GET('type');
+ $this->action = WT_Filter::get('action');
+ $this->id = WT_Filter::get('id');
+ $convert = WT_Filter::get('convert', 'yes|no', 'no');
+ $this->Zip = WT_Filter::get('Zip');
+ $this->IncludeMedia = WT_Filter::get('IncludeMedia');
+ $this->conv_path = WT_Filter::get('conv_path');
+ $this->privatize_export = WT_Filter::get('privatize_export', 'none|visitor|user|gedadmin', 'visitor');
+ $this->level1 = WT_Filter::getInteger('level1');
+ $this->level2 = WT_Filter::getInteger('level2');
+ $this->level3 = WT_Filter::getInteger('level3');
+ $others = WT_Filter::get('others');
+ $this->type = WT_Filter::get('type');
if (($this->privatize_export=='none' || $this->privatize_export=='none') && !WT_USER_GEDCOM_ADMIN) {
$this->privatize_export='visitor';
@@ -413,4 +413,4 @@ class WT_Controller_Clippings {
return 0;
}
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/clippings/module.php b/modules_v3/clippings/module.php
index 0a73e4419f..0561799db7 100644
--- a/modules_v3/clippings/module.php
+++ b/modules_v3/clippings/module.php
@@ -178,7 +178,7 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module
} else {
// Keep track of the INDI from the parent page, otherwise it will
// get lost after ajax updates
- $pid=safe_GET_xref('pid');
+ $pid=WT_Filter::get('pid', WT_REGEX_XREF);
if ($clip_ctrl->action != 'download' && $clip_ctrl->action != 'add') { ?>
<table><tr><td class="width33" valign="top" rowspan="3">
@@ -373,13 +373,13 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module
$clip_ctrl = new WT_Controller_Clippings();
- $add = safe_GET_xref('add','');
- $add1 = safe_GET_xref('add1','');
- $remove = safe_GET('remove', WT_REGEX_XREF);
- $others = safe_GET('others', WT_REGEX_ALPHANUM, '');
- $clip_ctrl->level1 = safe_GET('level1');
- $clip_ctrl->level2 = safe_GET('level2');
- $clip_ctrl->level3 = safe_GET('level3');
+ $add = WT_Filter::get('add', WT_REGEX_XREF);
+ $add1 = WT_Filter::get('add1', WT_REGEX_XREF);
+ $remove = WT_Filter::get('remove', WT_REGEX_XREF);
+ $others = WT_Filter::get('others');
+ $clip_ctrl->level1 = WT_Filter::get('level1');
+ $clip_ctrl->level2 = WT_Filter::get('level2');
+ $clip_ctrl->level3 = WT_Filter::get('level3');
if (!empty($add)) {
$record = WT_GedcomRecord::getInstance($add);
if ($record) {
@@ -430,7 +430,7 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module
// Keep track of the INDI from the parent page, otherwise it will
// get lost after ajax updates
- $pid=safe_GET_xref('pid');
+ $pid=WT_Filter::get('pid', WT_REGEX_XREF);
if (!$WT_SESSION->cart[WT_GED_ID]) {
$out=WT_I18N::translate('Your clippings cart is empty.');
@@ -550,7 +550,7 @@ class clippings_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module
public function downloadForm($clip_ctrl) {
global $GEDCOM_MEDIA_PATH;
- $pid=safe_GET_xref('pid');
+ $pid=WT_Filter::get('pid', WT_REGEX_XREF);
$out = '<script>';
$out .= 'function cancelDownload() {
diff --git a/modules_v3/descendancy/module.php b/modules_v3/descendancy/module.php
index 8f5f3f59ab..41207c5917 100644
--- a/modules_v3/descendancy/module.php
+++ b/modules_v3/descendancy/module.php
@@ -64,9 +64,9 @@ class descendancy_WT_Module extends WT_Module implements WT_Module_Sidebar {
// Implement WT_Module_Sidebar
public function getSidebarAjaxContent() {
- $search=safe_GET('search');
- $pid =safe_GET('pid', WT_REGEX_XREF);
- $famid =safe_GET('famid', WT_REGEX_XREF);
+ $search = WT_Filter::get('search');
+ $pid = WT_Filter::get('pid', WT_REGEX_XREF);
+ $famid = WT_Filter::get('famid', WT_REGEX_XREF);
$individual = WT_Individual::getInstance($pid);
$family = WT_Family::getInstance($famid);
diff --git a/modules_v3/extra_info/module.php b/modules_v3/extra_info/module.php
index e58a66a3e6..296e8caaab 100644
--- a/modules_v3/extra_info/module.php
+++ b/modules_v3/extra_info/module.php
@@ -1,98 +1,98 @@
-<?php
-// A sidebar to show extra/non-genealogical information about an individual
-//
-// webtrees: Web based Family History software
-// Copyright (C) 2013 webtrees development team.
-//
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; either version 2 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-if (!defined('WT_WEBTREES')) {
- header('HTTP/1.0 403 Forbidden');
- exit;
-}
-
-class extra_info_WT_Module extends WT_Module implements WT_Module_Sidebar {
- // Extend WT_Module
- public function getTitle() {
- return /* I18N: Name of a module/sidebar */ WT_I18N::translate('Extra information');
- }
-
- // Extend WT_Module
- public function getDescription() {
- return /* I18N: Description of the “Extra information” module */ WT_I18N::translate('A sidebar showing non-genealogical information about an indivdual.');
- }
-
- // Implement WT_Module_Sidebar
- public function defaultSidebarOrder() {
- return 10;
- }
-
- // Implement WT_Module_Sidebar
- public function hasSidebarContent() {
- return true;
- }
-
- // Implement WT_Module_Sidebar
- public function getSidebarContent() {
- global $SHOW_COUNTER, $controller;
-
- $indifacts = array();
- // The individual's own facts
- foreach ($controller->record->getFacts() as $fact) {
- if (self::showFact($fact)) {
- $indifacts[] = $fact;
- }
- }
-
- ob_start();
- if (!$indifacts) {
- echo WT_I18N::translate('There are no Facts for this individual.');
- } else {
- foreach ($indifacts as $fact) {
- print_fact($fact, $controller->record);
- }
- }
- echo '<div id="hitcounter">';
- if ($SHOW_COUNTER && (empty($SEARCH_SPIDER))) {
- //print indi counter only if displaying a non-private person
- require WT_ROOT.'includes/hitcount.php';
- echo WT_I18N::translate('Hit Count:'). ' '. $hitCount;
- }
- echo '</div>';// close #hitcounter
- return strip_tags(ob_get_clean(), '<a><div><span>');
- }
-
- // Implement WT_Module_Sidebar
- public function getSidebarAjaxContent() {
- return '';
- }
-
- // Does this module display a particular fact
- public static function showFact(WT_Fact $fact) {
- switch ($fact->getTag()) {
- case 'AFN':
- case 'CHAN':
- case 'IDNO':
- case 'REFN':
- case 'RFN':
- case 'RIN':
- case 'SSN':
- case '_UID':
- return true;
- default:
- return false;
- }
- }
-}
+<?php
+// A sidebar to show extra/non-genealogical information about an individual
+//
+// webtrees: Web based Family History software
+// Copyright (C) 2013 webtrees development team.
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 2 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+if (!defined('WT_WEBTREES')) {
+ header('HTTP/1.0 403 Forbidden');
+ exit;
+}
+
+class extra_info_WT_Module extends WT_Module implements WT_Module_Sidebar {
+ // Extend WT_Module
+ public function getTitle() {
+ return /* I18N: Name of a module/sidebar */ WT_I18N::translate('Extra information');
+ }
+
+ // Extend WT_Module
+ public function getDescription() {
+ return /* I18N: Description of the “Extra information” module */ WT_I18N::translate('A sidebar showing non-genealogical information about an indivdual.');
+ }
+
+ // Implement WT_Module_Sidebar
+ public function defaultSidebarOrder() {
+ return 10;
+ }
+
+ // Implement WT_Module_Sidebar
+ public function hasSidebarContent() {
+ return true;
+ }
+
+ // Implement WT_Module_Sidebar
+ public function getSidebarContent() {
+ global $SHOW_COUNTER, $controller;
+
+ $indifacts = array();
+ // The individual's own facts
+ foreach ($controller->record->getFacts() as $fact) {
+ if (self::showFact($fact)) {
+ $indifacts[] = $fact;
+ }
+ }
+
+ ob_start();
+ if (!$indifacts) {
+ echo WT_I18N::translate('There are no Facts for this individual.');
+ } else {
+ foreach ($indifacts as $fact) {
+ print_fact($fact, $controller->record);
+ }
+ }
+ echo '<div id="hitcounter">';
+ if ($SHOW_COUNTER && (empty($SEARCH_SPIDER))) {
+ //print indi counter only if displaying a non-private person
+ require WT_ROOT.'includes/hitcount.php';
+ echo WT_I18N::translate('Hit Count:'). ' '. $hitCount;
+ }
+ echo '</div>';// close #hitcounter
+ return strip_tags(ob_get_clean(), '<a><div><span>');
+ }
+
+ // Implement WT_Module_Sidebar
+ public function getSidebarAjaxContent() {
+ return '';
+ }
+
+ // Does this module display a particular fact
+ public static function showFact(WT_Fact $fact) {
+ switch ($fact->getTag()) {
+ case 'AFN':
+ case 'CHAN':
+ case 'IDNO':
+ case 'REFN':
+ case 'RFN':
+ case 'RIN':
+ case 'SSN':
+ case '_UID':
+ return true;
+ default:
+ return false;
+ }
+ }
+}
diff --git a/modules_v3/families/module.php b/modules_v3/families/module.php
index c88e0db853..d06dea1379 100644
--- a/modules_v3/families/module.php
+++ b/modules_v3/families/module.php
@@ -64,9 +64,9 @@ class families_WT_Module extends WT_Module implements WT_Module_Sidebar {
// Implement WT_Module_Sidebar
public function getSidebarAjaxContent() {
- $alpha =safe_GET('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none
- $surname =safe_GET('surname', '[^<>&%{};]*'); // All indis with this surname. NB - allow ' and "
- $search =safe_GET('search');
+ $alpha = WT_Filter::get('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none
+ $surname = WT_Filter::get('surname'); // All indis with this surname.
+ $search = WT_Filter::get('search');
if ($search) {
return $this->search($search);
@@ -254,4 +254,4 @@ class families_WT_Module extends WT_Module implements WT_Module_Sidebar {
$out .= '</ul>';
return $out;
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/faq/module.php b/modules_v3/faq/module.php
index 7a68f5210f..2d2c8a6f28 100644
--- a/modules_v3/faq/module.php
+++ b/modules_v3/faq/module.php
@@ -98,39 +98,39 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block
private function edit() {
require_once WT_ROOT.'includes/functions/functions_edit.php';
- if (safe_POST_bool('save')) {
- $block_id=safe_POST('block_id');
+ if (WT_Filter::postBool('save')) {
+ $block_id = WT_Filter::postInteger('block_id');
if ($block_id) {
WT_DB::prepare(
"UPDATE `##block` SET gedcom_id=NULLIF(?, ''), block_order=? WHERE block_id=?"
)->execute(array(
- safe_POST('gedcom_id'),
- (int)safe_POST('block_order'),
+ WT_Filter::postInteger('gedcom_id'),
+ WT_Filter::postInteger('block_order'),
$block_id
));
} else {
WT_DB::prepare(
"INSERT INTO `##block` (gedcom_id, module_name, block_order) VALUES (NULLIF(?, ''), ?, ?)"
)->execute(array(
- safe_POST('gedcom_id'),
+ WT_Filter::postInteger('gedcom_id'),
$this->getName(),
- (int)safe_POST('block_order')
+ WT_Filter::postInteger('block_order')
));
$block_id=WT_DB::getInstance()->lastInsertId();
}
- set_block_setting($block_id, 'header', safe_POST('header', WT_REGEX_UNSAFE));
- set_block_setting($block_id, 'faqbody', safe_POST('faqbody', WT_REGEX_UNSAFE)); // allow html
- $languages=array();
+ set_block_setting($block_id, 'header', WT_Filter::post('header'));
+ set_block_setting($block_id, 'faqbody', WT_Filter::post('faqbody'));
+ $languages = array();
foreach (WT_I18N::installed_languages() as $code=>$name) {
- if (safe_POST_bool('lang_'.$code)) {
- $languages[]=$code;
+ if (WT_Filter::postBool('lang_'.$code)) {
+ $languages[] = $code;
}
}
set_block_setting($block_id, 'languages', implode(',', $languages));
$this->config();
} else {
- $block_id=safe_GET('block_id');
- $controller=new WT_Controller_Page();
+ $block_id = WT_Filter::getInteger('block_id');
+ $controller = new WT_Controller_Page();
if ($block_id) {
$controller->setPageTitle(WT_I18N::translate('Edit FAQ item'));
$header=get_block_setting($block_id, 'header');
@@ -192,7 +192,7 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block
}
private function delete() {
- $block_id=safe_GET('block_id');
+ $block_id = WT_Filter::getInteger('block_id');
WT_DB::prepare(
"DELETE FROM `##block_setting` WHERE block_id=?"
@@ -204,7 +204,7 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block
}
private function moveup() {
- $block_id=safe_GET('block_id');
+ $block_id = WT_Filter::getInteger('block_id');
$block_order=WT_DB::prepare(
"SELECT block_order FROM `##block` WHERE block_id=?"
@@ -229,7 +229,7 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block
}
private function movedown() {
- $block_id=safe_GET('block_id');
+ $block_id=WT_Filter::get('block_id');
$block_order=WT_DB::prepare(
"SELECT block_order FROM `##block` WHERE block_id=?"
@@ -431,4 +431,4 @@ class faq_WT_Module extends WT_Module implements WT_Module_Menu, WT_Module_Block
$menu = new WT_Menu(WT_I18N::translate('FAQ'), 'module.php?mod=faq&amp;mod_action=show', 'menu-help');
return $menu;
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/gedcom_favorites/module.php b/modules_v3/gedcom_favorites/module.php
index 274e7b71d0..6e564d21bb 100644
--- a/modules_v3/gedcom_favorites/module.php
+++ b/modules_v3/gedcom_favorites/module.php
@@ -45,43 +45,43 @@ class gedcom_favorites_WT_Module extends WT_Module implements WT_Module_Block {
self::updateSchema(); // make sure the favorites table has been created
- $action=safe_GET('action');
+ $action = WT_Filter::get('action');
switch ($action) {
case 'deletefav':
- $favorite_id=safe_GET('favorite_id');
+ $favorite_id = WT_Filter::getInteger('favorite_id');
if ($favorite_id) {
self::deleteFavorite($favorite_id);
}
unset($_GET['action']);
break;
case 'addfav':
- $gid =safe_GET('gid');
- $favnote =safe_GET('favnote');
- $url =safe_GET('url', WT_REGEX_URL);
- $favtitle=safe_GET('favtitle');
+ $gid = WT_Filter::get('gid', WT_REGEX_XREF);
+ $favnote = WT_Filter::get('favnote');
+ $url = WT_Filter::getUrl('url');
+ $favtitle = WT_Filter::get('favtitle');
if ($gid) {
- $record=WT_GedcomRecord::getInstance($gid);
+ $record = WT_GedcomRecord::getInstance($gid);
if ($record && $record->canShow()) {
self::addFavorite(array(
- 'user_id' =>$ctype=='user' ? WT_USER_ID : null,
- 'gedcom_id'=>WT_GED_ID,
- 'gid' =>$record->getXref(),
- 'type' =>$record::RECORD_TYPE,
- 'url' =>null,
- 'note' =>$favnote,
- 'title' =>$favtitle,
+ 'user_id' => $ctype=='user' ? WT_USER_ID : null,
+ 'gedcom_id' => WT_GED_ID,
+ 'gid' => $record->getXref(),
+ 'type' => $record::RECORD_TYPE,
+ 'url' => null,
+ 'note' => $favnote,
+ 'title' => $favtitle,
));
}
} elseif ($url) {
self::addFavorite(array(
- 'user_id' =>$ctype=='user' ? WT_USER_ID : null,
- 'gedcom_id'=>WT_GED_ID,
- 'gid' =>null,
- 'type' =>'URL',
- 'url' =>$url,
- 'note' =>$favnote,
- 'title' =>$favtitle ? $favtitle : $url,
+ 'user_id' => $ctype=='user' ? WT_USER_ID : null,
+ 'gedcom_id' => WT_GED_ID,
+ 'gid' => null,
+ 'type' => 'URL',
+ 'url' => $url,
+ 'note' => $favnote,
+ 'title' => $favtitle ? $favtitle : $url,
));
}
unset($_GET['action']);
@@ -227,8 +227,8 @@ class gedcom_favorites_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
diff --git a/modules_v3/gedcom_news/module.php b/modules_v3/gedcom_news/module.php
index 6c71383241..6449ec759e 100644
--- a/modules_v3/gedcom_news/module.php
+++ b/modules_v3/gedcom_news/module.php
@@ -49,9 +49,9 @@ class gedcom_news_WT_Module extends WT_Module implements WT_Module_Block {
public function getBlock($block_id, $template=true, $cfg=null) {
global $ctype;
- switch (safe_GET('action')) {
+ switch (WT_Filter::get('action')) {
case 'deletenews':
- $news_id=safe_GET('news_id');
+ $news_id=WT_Filter::get('news_id');
if ($news_id) {
deleteNews($news_id);
}
@@ -157,9 +157,9 @@ class gedcom_news_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'limit', safe_POST('limit'));
- set_block_setting($block_id, 'flag', safe_POST('flag'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'limit', WT_Filter::post('limit'));
+ set_block_setting($block_id, 'flag', WT_Filter::post('flag'));
exit;
}
diff --git a/modules_v3/gedcom_stats/module.php b/modules_v3/gedcom_stats/module.php
index 5dc97367d7..d571ee9f5a 100644
--- a/modules_v3/gedcom_stats/module.php
+++ b/modules_v3/gedcom_stats/module.php
@@ -229,27 +229,27 @@ class gedcom_stats_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'show_last_update', safe_POST_bool('show_last_update'));
- set_block_setting($block_id, 'show_common_surnames', safe_POST_bool('show_common_surnames'));
- set_block_setting($block_id, 'stat_indi', safe_POST_bool('stat_indi'));
- set_block_setting($block_id, 'stat_fam', safe_POST_bool('stat_fam'));
- set_block_setting($block_id, 'stat_sour', safe_POST_bool('stat_sour'));
- set_block_setting($block_id, 'stat_other', safe_POST_bool('stat_other'));
- set_block_setting($block_id, 'stat_media', safe_POST_bool('stat_media'));
- set_block_setting($block_id, 'stat_repo', safe_POST_bool('stat_repo'));
- set_block_setting($block_id, 'stat_surname', safe_POST_bool('stat_surname'));
- set_block_setting($block_id, 'stat_events', safe_POST_bool('stat_events'));
- set_block_setting($block_id, 'stat_users', safe_POST_bool('stat_users'));
- set_block_setting($block_id, 'stat_first_birth', safe_POST_bool('stat_first_birth'));
- set_block_setting($block_id, 'stat_last_birth', safe_POST_bool('stat_last_birth'));
- set_block_setting($block_id, 'stat_first_death', safe_POST_bool('stat_first_death'));
- set_block_setting($block_id, 'stat_last_death', safe_POST_bool('stat_last_death'));
- set_block_setting($block_id, 'stat_long_life', safe_POST_bool('stat_long_life'));
- set_block_setting($block_id, 'stat_avg_life', safe_POST_bool('stat_avg_life'));
- set_block_setting($block_id, 'stat_most_chil', safe_POST_bool('stat_most_chil'));
- set_block_setting($block_id, 'stat_avg_chil', safe_POST_bool('stat_avg_chil'));
- set_block_setting($block_id, 'stat_link', safe_POST_bool('stat_link'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'show_last_update', WT_Filter::postBool('show_last_update'));
+ set_block_setting($block_id, 'show_common_surnames', WT_Filter::postBool('show_common_surnames'));
+ set_block_setting($block_id, 'stat_indi', WT_Filter::postBool('stat_indi'));
+ set_block_setting($block_id, 'stat_fam', WT_Filter::postBool('stat_fam'));
+ set_block_setting($block_id, 'stat_sour', WT_Filter::postBool('stat_sour'));
+ set_block_setting($block_id, 'stat_other', WT_Filter::postBool('stat_other'));
+ set_block_setting($block_id, 'stat_media', WT_Filter::postBool('stat_media'));
+ set_block_setting($block_id, 'stat_repo', WT_Filter::postBool('stat_repo'));
+ set_block_setting($block_id, 'stat_surname', WT_Filter::postBool('stat_surname'));
+ set_block_setting($block_id, 'stat_events', WT_Filter::postBool('stat_events'));
+ set_block_setting($block_id, 'stat_users', WT_Filter::postBool('stat_users'));
+ set_block_setting($block_id, 'stat_first_birth', WT_Filter::postBool('stat_first_birth'));
+ set_block_setting($block_id, 'stat_last_birth', WT_Filter::postBool('stat_last_birth'));
+ set_block_setting($block_id, 'stat_first_death', WT_Filter::postBool('stat_first_death'));
+ set_block_setting($block_id, 'stat_last_death', WT_Filter::postBool('stat_last_death'));
+ set_block_setting($block_id, 'stat_long_life', WT_Filter::postBool('stat_long_life'));
+ set_block_setting($block_id, 'stat_avg_life', WT_Filter::postBool('stat_avg_life'));
+ set_block_setting($block_id, 'stat_most_chil', WT_Filter::postBool('stat_most_chil'));
+ set_block_setting($block_id, 'stat_avg_chil', WT_Filter::postBool('stat_avg_chil'));
+ set_block_setting($block_id, 'stat_link', WT_Filter::postBool('stat_link'));
exit;
}
@@ -373,4 +373,4 @@ class gedcom_stats_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('stat_link', $stat_link);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/googlemap/admin_places.php b/modules_v3/googlemap/admin_places.php
index 9157fceb44..5af60cbecc 100644
--- a/modules_v3/googlemap/admin_places.php
+++ b/modules_v3/googlemap/admin_places.php
@@ -29,11 +29,11 @@ if (!defined('WT_WEBTREES')) {
require WT_ROOT.WT_MODULES_DIR.'googlemap/defaultconfig.php';
require WT_ROOT.'includes/functions/functions_edit.php';
-$action=safe_REQUEST($_REQUEST, 'action');
-if (isset($_REQUEST['parent'])) $parent=safe_REQUEST($_REQUEST, 'parent');
-if (isset($_REQUEST['inactive'])) $inactive=safe_GET_bool('inactive');
-if (isset($_REQUEST['mode'])) $mode=safe_REQUEST($_REQUEST, 'mode');
-if (isset($_REQUEST['deleteRecord'])) $deleteRecord=safe_REQUEST($_REQUEST, 'deleteRecord');
+$action = WT_Filter::get('action');
+$parent = WT_Filter::get('parent');
+$inactive = WT_Filter::getBool('inactive');
+$mode = WT_Filter::get('mode');
+$deleteRecord = WT_Filter::get('deleteRecord');
if (!isset($parent)) $parent=0;
if (!isset($inactive)) $inactive=false;
diff --git a/modules_v3/googlemap/module.php b/modules_v3/googlemap/module.php
index 549ef20b5c..a1c2df71b6 100644
--- a/modules_v3/googlemap/module.php
+++ b/modules_v3/googlemap/module.php
@@ -192,7 +192,7 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu
require WT_ROOT.WT_MODULES_DIR.'googlemap/defaultconfig.php';
require WT_ROOT.'includes/functions/functions_edit.php';
- $action=safe_REQUEST($_REQUEST, 'action');
+ $action = WT_Filter::post('action');
$controller=new WT_Controller_Page();
$controller
@@ -203,25 +203,25 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu
if ($action=='update') {
- set_module_setting('googlemap', 'GM_MAP_TYPE', $_POST['NEW_GM_MAP_TYPE']);
- set_module_setting('googlemap', 'GM_USE_STREETVIEW', $_POST['NEW_GM_USE_STREETVIEW']);
- set_module_setting('googlemap', 'GM_MIN_ZOOM', $_POST['NEW_GM_MIN_ZOOM']);
- set_module_setting('googlemap', 'GM_MAX_ZOOM', $_POST['NEW_GM_MAX_ZOOM']);
- set_module_setting('googlemap', 'GM_XSIZE', $_POST['NEW_GM_XSIZE']);
- set_module_setting('googlemap', 'GM_YSIZE', $_POST['NEW_GM_YSIZE']);
- set_module_setting('googlemap', 'GM_PRECISION_0', $_POST['NEW_GM_PRECISION_0']);
- set_module_setting('googlemap', 'GM_PRECISION_1', $_POST['NEW_GM_PRECISION_1']);
- set_module_setting('googlemap', 'GM_PRECISION_2', $_POST['NEW_GM_PRECISION_2']);
- set_module_setting('googlemap', 'GM_PRECISION_3', $_POST['NEW_GM_PRECISION_3']);
- set_module_setting('googlemap', 'GM_PRECISION_4', $_POST['NEW_GM_PRECISION_4']);
- set_module_setting('googlemap', 'GM_PRECISION_5', $_POST['NEW_GM_PRECISION_5']);
- set_module_setting('googlemap', 'GM_DEFAULT_TOP_VALUE', $_POST['NEW_GM_DEFAULT_TOP_LEVEL']);
- set_module_setting('googlemap', 'GM_COORD', $_POST['NEW_GM_COORD']);
- set_module_setting('googlemap', 'GM_PLACE_HIERARCHY', $_POST['NEW_GM_PLACE_HIERARCHY']);
- set_module_setting('googlemap', 'GM_PH_XSIZE', $_POST['NEW_GM_PH_XSIZE']);
- set_module_setting('googlemap', 'GM_PH_YSIZE', $_POST['NEW_GM_PH_YSIZE']);
- set_module_setting('googlemap', 'GM_PH_MARKER', $_POST['NEW_GM_PH_MARKER']);
- set_module_setting('googlemap', 'GM_DISP_SHORT_PLACE', $_POST['NEW_GM_DISP_SHORT_PLACE']);
+ set_module_setting('googlemap', 'GM_MAP_TYPE', WT_Filter::post('NEW_GM_MAP_TYPE'));
+ set_module_setting('googlemap', 'GM_USE_STREETVIEW', WT_Filter::post('NEW_GM_USE_STREETVIEW'));
+ set_module_setting('googlemap', 'GM_MIN_ZOOM', WT_Filter::post('NEW_GM_MIN_ZOOM'));
+ set_module_setting('googlemap', 'GM_MAX_ZOOM', WT_Filter::post('NEW_GM_MAX_ZOOM'));
+ set_module_setting('googlemap', 'GM_XSIZE', WT_Filter::post('NEW_GM_XSIZE'));
+ set_module_setting('googlemap', 'GM_YSIZE', WT_Filter::post('NEW_GM_YSIZE'));
+ set_module_setting('googlemap', 'GM_PRECISION_0', WT_Filter::post('NEW_GM_PRECISION_0'));
+ set_module_setting('googlemap', 'GM_PRECISION_1', WT_Filter::post('NEW_GM_PRECISION_1'));
+ set_module_setting('googlemap', 'GM_PRECISION_2', WT_Filter::post('NEW_GM_PRECISION_2'));
+ set_module_setting('googlemap', 'GM_PRECISION_3', WT_Filter::post('NEW_GM_PRECISION_3'));
+ set_module_setting('googlemap', 'GM_PRECISION_4', WT_Filter::post('NEW_GM_PRECISION_4'));
+ set_module_setting('googlemap', 'GM_PRECISION_5', WT_Filter::post('NEW_GM_PRECISION_5'));
+ set_module_setting('googlemap', 'GM_DEFAULT_TOP_VALUE', WT_Filter::post('NEW_GM_DEFAULT_TOP_LEVEL'));
+ set_module_setting('googlemap', 'GM_COORD', WT_Filter::post('NEW_GM_COORD'));
+ set_module_setting('googlemap', 'GM_PLACE_HIERARCHY', WT_Filter::post('NEW_GM_PLACE_HIERARCHY'));
+ set_module_setting('googlemap', 'GM_PH_XSIZE', WT_Filter::post('NEW_GM_PH_XSIZE'));
+ set_module_setting('googlemap', 'GM_PH_YSIZE', WT_Filter::post('NEW_GM_PH_YSIZE'));
+ set_module_setting('googlemap', 'GM_PH_MARKER', WT_Filter::post('NEW_GM_PH_MARKER'));
+ set_module_setting('googlemap', 'GM_DISP_SHORT_PLACE', WT_Filter::post('NEW_GM_DISP_SHORT_PLACE'));
for ($i=1; $i<=9; $i++) {
set_module_setting('googlemap', 'GM_PREFIX_'.$i, $_POST['NEW_GM_PREFIX_'.$i]);
@@ -447,13 +447,11 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu
->setPageTitle(WT_I18N::translate('Select flag'))
->pageHeader();
- $countries=WT_Stats::get_all_countries();
- $action=safe_REQUEST($_REQUEST, 'action');
+ $countries = WT_Stats::get_all_countries();
+ $action = WT_Filter::post('action');
- if (isset($_REQUEST['countrySelected'])) $countrySelected = $_REQUEST['countrySelected'];
- if (!isset($countrySelected)) $countrySelected='Countries';
- if (isset($_REQUEST['stateSelected'])) $stateSelected = $_REQUEST['stateSelected'];
- if (!isset($stateSelected)) $stateSelected='States';
+ $countrySelected = WT_Filter::post('countrySelected', null, 'Countries');
+ $stateSelected = WT_Filter::post('stateSelected', null, 'States');
$country = array();
$rep = opendir(WT_ROOT.WT_MODULES_DIR.'googlemap/places/flags/');
@@ -649,8 +647,8 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu
require_once WT_ROOT.WT_MODULES_DIR.'googlemap/googlemap.php';
// Default is show for both of these.
- $hideflags = safe_GET('hideflags');
- $hidelines = safe_GET('hidelines');
+ $hideflags = WT_Filter::get('hideflags');
+ $hidelines = WT_Filter::get('hidelines');
$controller=new WT_Controller_Pedigree();
@@ -1431,11 +1429,11 @@ class googlemap_WT_Module extends WT_Module implements WT_Module_Config, WT_Modu
require_once WT_ROOT.WT_MODULES_DIR.'googlemap/googlemap.php';
require_once WT_ROOT.'includes/functions/functions_edit.php';
- $action = safe_GET('action', '','go');
- $gedcom_id = safe_GET('gedcom_id', array_keys(WT_Tree::getAll()), WT_GED_ID);
- $country = safe_GET('country', WT_REGEX_UNSAFE, 'XYZ');
- $state = safe_GET('state', WT_REGEX_UNSAFE, 'XYZ');
- $matching = safe_GET_bool('matching');
+ $action = WT_Filter::get('action', '','go');
+ $gedcom_id = WT_Filter::getInteger('gedcom_id');
+ $country = WT_Filter::get('country', '.+', 'XYZ');
+ $state = WT_Filter::get('state', '.+', 'XYZ');
+ $matching = WT_Filter::getBool('matching');
if (!empty($WT_SESSION['placecheck_gedcom_id'])) {
$gedcom_id = $WT_SESSION['placecheck_gedcom_id'];
diff --git a/modules_v3/googlemap/placehierarchy.php b/modules_v3/googlemap/placehierarchy.php
index 83337cf665..d94c2e93f8 100644
--- a/modules_v3/googlemap/placehierarchy.php
+++ b/modules_v3/googlemap/placehierarchy.php
@@ -128,7 +128,7 @@ function create_map($placelevels) {
// *** ENABLE STREETVIEW *** (boolean) =========================================================
$STREETVIEW = get_module_setting('googlemap', 'GM_USE_STREETVIEW');
// =============================================================================================
- $parent = safe_GET('parent', WT_REGEX_UNSAFE);
+ $parent = WT_Filter::get('parent');
// create the map
echo '<table style="margin:20px auto 0 auto;"><tr valign="top"><td>';
@@ -197,7 +197,7 @@ function create_map($placelevels) {
}
');
- $parent = safe_GET('parent');
+ $parent = WT_Filter::get('parent');
global $TBLPREFIX, $pl_lati, $pl_long;
if ($level>=1) {
$pl_lati = str_replace(array('N', 'S', ','), array('', '-', '.'), $latlng['pl_lati']); // WT_placelocation lati
@@ -657,4 +657,4 @@ function map_scripts($numfound, $level, $parent, $linklevels, $placelevels, $pla
}
}
$controller->addInlineJavascript(ob_get_clean());
-}
+} \ No newline at end of file
diff --git a/modules_v3/googlemap/places_edit.php b/modules_v3/googlemap/places_edit.php
index 6ce75d4e4c..6ff8a0f14c 100644
--- a/modules_v3/googlemap/places_edit.php
+++ b/modules_v3/googlemap/places_edit.php
@@ -29,9 +29,9 @@ if (!defined('WT_WEBTREES')) {
require WT_ROOT.WT_MODULES_DIR.'googlemap/defaultconfig.php';
require WT_ROOT.'includes/functions/functions_edit.php';
-$action=safe_REQUEST($_REQUEST, 'action');
-if (isset($_REQUEST['placeid'])) $placeid = $_REQUEST['placeid'];
-if (isset($_REQUEST['place_name'])) $place_name = $_REQUEST['place_name'];
+$action = WT_Filter::get('action');
+$placeid = WT_Filter::get('placeid');
+$place_name = WT_Filter::get('place_name');
$controller=new WT_Controller_Simple();
$controller
diff --git a/modules_v3/html/module.php b/modules_v3/html/module.php
index 3221f8f5dc..0f20a36114 100644
--- a/modules_v3/html/module.php
+++ b/modules_v3/html/module.php
@@ -133,15 +133,15 @@ class html_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'gedcom', safe_POST('gedcom'));
- set_block_setting($block_id, 'title', $_POST['title']);
- set_block_setting($block_id, 'html', $_POST['html']);
- set_block_setting($block_id, 'show_timestamp', safe_POST_bool('show_timestamp'));
- set_block_setting($block_id, 'timestamp', safe_POST('timestamp'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'gedcom', WT_Filter::post('gedcom'));
+ set_block_setting($block_id, 'title', WT_Filter::post('title'));
+ set_block_setting($block_id, 'html', WT_Filter::post('html'));
+ set_block_setting($block_id, 'show_timestamp', WT_Filter::postBool('show_timestamp'));
+ set_block_setting($block_id, 'timestamp', WT_Filter::post('timestamp'));
$languages=array();
foreach (WT_I18N::installed_languages() as $code=>$name) {
- if (safe_POST_bool('lang_'.$code)) {
+ if (WT_Filter::postBool('lang_'.$code)) {
$languages[]=$code;
}
}
@@ -327,4 +327,4 @@ class html_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_language_checkboxes('lang_', $languages);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/individuals/module.php b/modules_v3/individuals/module.php
index c6f2950916..09caef3268 100644
--- a/modules_v3/individuals/module.php
+++ b/modules_v3/individuals/module.php
@@ -64,9 +64,9 @@ class individuals_WT_Module extends WT_Module implements WT_Module_Sidebar {
// Implement WT_Module_Sidebar
public function getSidebarAjaxContent() {
- $alpha =safe_GET('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none
- $surname =safe_GET('surname', '[^<>&%{};]*'); // All indis with this surname. NB - allow ' and "
- $search =safe_GET('search');
+ $alpha = WT_Filter::get('alpha'); // All surnames beginning with this letter where "@"=unknown and ","=none
+ $surname = WT_Filter::get('surname'); // All indis with this surname.
+ $search = WT_Filter::get('search');
if ($search) {
return $this->search($search);
@@ -230,4 +230,4 @@ class individuals_WT_Module extends WT_Module implements WT_Module_Sidebar {
$out .= '</ul>';
return $out;
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/random_media/module.php b/modules_v3/random_media/module.php
index b64c6b6c0f..ee73211253 100644
--- a/modules_v3/random_media/module.php
+++ b/modules_v3/random_media/module.php
@@ -43,7 +43,7 @@ class random_media_WT_Module extends WT_Module implements WT_Module_Block {
$filter =get_block_setting($block_id, 'filter', 'all');
$controls=get_block_setting($block_id, 'controls', true);
- $start =get_block_setting($block_id, 'start', false) || safe_GET_bool('start');
+ $start =get_block_setting($block_id, 'start', false) || WT_Filter::getBool('start');
$block =get_block_setting($block_id, 'block', true);
// We can apply the filters using SQL
@@ -217,39 +217,39 @@ class random_media_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'filter', safe_POST('filter', array('indi', 'event', 'all'), 'all'));
- set_block_setting($block_id, 'controls', safe_POST_bool('controls'));
- set_block_setting($block_id, 'start', safe_POST_bool('start'));
- set_block_setting($block_id, 'filter_avi', safe_POST_bool('filter_avi'));
- set_block_setting($block_id, 'filter_bmp', safe_POST_bool('filter_bmp'));
- set_block_setting($block_id, 'filter_gif', safe_POST_bool('filter_gif'));
- set_block_setting($block_id, 'filter_jpeg', safe_POST_bool('filter_jpeg'));
- set_block_setting($block_id, 'filter_mp3', safe_POST_bool('filter_mp3'));
- set_block_setting($block_id, 'filter_ole', safe_POST_bool('filter_ole'));
- set_block_setting($block_id, 'filter_pcx', safe_POST_bool('filter_pcx'));
- set_block_setting($block_id, 'filter_pdf', safe_POST_bool('filter_pdf'));
- set_block_setting($block_id, 'filter_png', safe_POST_bool('filter_png'));
- set_block_setting($block_id, 'filter_tiff', safe_POST_bool('filter_tiff'));
- set_block_setting($block_id, 'filter_wav', safe_POST_bool('filter_wav'));
- set_block_setting($block_id, 'filter_audio', safe_POST_bool('filter_audio'));
- set_block_setting($block_id, 'filter_book', safe_POST_bool('filter_book'));
- set_block_setting($block_id, 'filter_card', safe_POST_bool('filter_card'));
- set_block_setting($block_id, 'filter_certificate', safe_POST_bool('filter_certificate'));
- set_block_setting($block_id, 'filter_coat', safe_POST_bool('filter_coat'));
- set_block_setting($block_id, 'filter_document', safe_POST_bool('filter_document'));
- set_block_setting($block_id, 'filter_electronic', safe_POST_bool('filter_electronic'));
- set_block_setting($block_id, 'filter_fiche', safe_POST_bool('filter_fiche'));
- set_block_setting($block_id, 'filter_film', safe_POST_bool('filter_film'));
- set_block_setting($block_id, 'filter_magazine', safe_POST_bool('filter_magazine'));
- set_block_setting($block_id, 'filter_manuscript', safe_POST_bool('filter_manuscript'));
- set_block_setting($block_id, 'filter_map', safe_POST_bool('filter_map'));
- set_block_setting($block_id, 'filter_newspaper', safe_POST_bool('filter_newspaper'));
- set_block_setting($block_id, 'filter_other', safe_POST_bool('filter_other'));
- set_block_setting($block_id, 'filter_painting', safe_POST_bool('filter_painting'));
- set_block_setting($block_id, 'filter_photo', safe_POST_bool('filter_photo'));
- set_block_setting($block_id, 'filter_tombstone', safe_POST_bool('filter_tombstone'));
- set_block_setting($block_id, 'filter_video', safe_POST_bool('filter_video'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'filter', WT_Filter::post('filter', 'indi|event|all', 'all'));
+ set_block_setting($block_id, 'controls', WT_Filter::postBool('controls'));
+ set_block_setting($block_id, 'start', WT_Filter::postBool('start'));
+ set_block_setting($block_id, 'filter_avi', WT_Filter::postBool('filter_avi'));
+ set_block_setting($block_id, 'filter_bmp', WT_Filter::postBool('filter_bmp'));
+ set_block_setting($block_id, 'filter_gif', WT_Filter::postBool('filter_gif'));
+ set_block_setting($block_id, 'filter_jpeg', WT_Filter::postBool('filter_jpeg'));
+ set_block_setting($block_id, 'filter_mp3', WT_Filter::postBool('filter_mp3'));
+ set_block_setting($block_id, 'filter_ole', WT_Filter::postBool('filter_ole'));
+ set_block_setting($block_id, 'filter_pcx', WT_Filter::postBool('filter_pcx'));
+ set_block_setting($block_id, 'filter_pdf', WT_Filter::postBool('filter_pdf'));
+ set_block_setting($block_id, 'filter_png', WT_Filter::postBool('filter_png'));
+ set_block_setting($block_id, 'filter_tiff', WT_Filter::postBool('filter_tiff'));
+ set_block_setting($block_id, 'filter_wav', WT_Filter::postBool('filter_wav'));
+ set_block_setting($block_id, 'filter_audio', WT_Filter::postBool('filter_audio'));
+ set_block_setting($block_id, 'filter_book', WT_Filter::postBool('filter_book'));
+ set_block_setting($block_id, 'filter_card', WT_Filter::postBool('filter_card'));
+ set_block_setting($block_id, 'filter_certificate', WT_Filter::postBool('filter_certificate'));
+ set_block_setting($block_id, 'filter_coat', WT_Filter::postBool('filter_coat'));
+ set_block_setting($block_id, 'filter_document', WT_Filter::postBool('filter_document'));
+ set_block_setting($block_id, 'filter_electronic', WT_Filter::postBool('filter_electronic'));
+ set_block_setting($block_id, 'filter_fiche', WT_Filter::postBool('filter_fiche'));
+ set_block_setting($block_id, 'filter_film', WT_Filter::postBool('filter_film'));
+ set_block_setting($block_id, 'filter_magazine', WT_Filter::postBool('filter_magazine'));
+ set_block_setting($block_id, 'filter_manuscript', WT_Filter::postBool('filter_manuscript'));
+ set_block_setting($block_id, 'filter_map', WT_Filter::postBool('filter_map'));
+ set_block_setting($block_id, 'filter_newspaper', WT_Filter::postBool('filter_newspaper'));
+ set_block_setting($block_id, 'filter_other', WT_Filter::postBool('filter_other'));
+ set_block_setting($block_id, 'filter_painting', WT_Filter::postBool('filter_painting'));
+ set_block_setting($block_id, 'filter_photo', WT_Filter::postBool('filter_photo'));
+ set_block_setting($block_id, 'filter_tombstone', WT_Filter::postBool('filter_tombstone'));
+ set_block_setting($block_id, 'filter_video', WT_Filter::postBool('filter_video'));
exit;
}
@@ -384,4 +384,4 @@ class random_media_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('start', $start);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/recent_changes/module.php b/modules_v3/recent_changes/module.php
index 128c62cd2f..15506cc60a 100644
--- a/modules_v3/recent_changes/module.php
+++ b/modules_v3/recent_changes/module.php
@@ -118,12 +118,12 @@ class recent_changes_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'days', safe_POST_integer('days', 1, 30, 7));
- set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table'));
- set_block_setting($block_id, 'sortStyle', safe_POST('sortStyle', array('name', 'date_asc', 'date_desc'), 'date_desc'));
- set_block_setting($block_id, 'hide_empty', safe_POST_bool('hide_empty'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'days', WT_Filter::postInteger('days', 1, 30, 7));
+ set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table'));
+ set_block_setting($block_id, 'sortStyle', WT_Filter::post('sortStyle', 'name|date_asc|date_desc', 'date_desc'));
+ set_block_setting($block_id, 'hide_empty', WT_Filter::postBool('hide_empty'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -173,4 +173,4 @@ class recent_changes_WT_Module extends WT_Module implements WT_Module_Block {
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/review_changes/module.php b/modules_v3/review_changes/module.php
index 1975ed9b98..88a00724fc 100644
--- a/modules_v3/review_changes/module.php
+++ b/modules_v3/review_changes/module.php
@@ -155,10 +155,10 @@ class review_changes_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'days', safe_POST_integer('num', 1, 180, 7));
- set_block_setting($block_id, 'sendmail', safe_POST_bool('sendmail'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'days', WT_Filter::postInteger('num', 1, 180, 7));
+ set_block_setting($block_id, 'sendmail', WT_Filter::postBool('sendmail'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -181,4 +181,4 @@ class review_changes_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('block', $block);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/sitemap/module.php b/modules_v3/sitemap/module.php
index 2be8b119dd..2f19f180af 100644
--- a/modules_v3/sitemap/module.php
+++ b/modules_v3/sitemap/module.php
@@ -45,7 +45,7 @@ class sitemap_WT_Module extends WT_Module implements WT_Module_Config {
break;
case 'generate':
Zend_Session::writeClose();
- $this->generate(safe_GET('file'));
+ $this->generate(WT_Filter::get('file'));
break;
default:
header('HTTP/1.0 404 Not Found');
@@ -216,9 +216,9 @@ class sitemap_WT_Module extends WT_Module implements WT_Module_Config {
->pageHeader();
// Save the updated preferences
- if (safe_POST('action', 'save')=='save') {
+ if (WT_Filter::post('action')=='save') {
foreach (WT_Tree::getAll() as $tree) {
- set_gedcom_setting($tree->tree_id, 'include_in_sitemap', safe_POST_bool('include'.$tree->tree_id));
+ set_gedcom_setting($tree->tree_id, 'include_in_sitemap', WT_Filter::postBool('include'.$tree->tree_id));
}
// Clear cache and force files to be regenerated
WT_DB::prepare(
@@ -270,4 +270,4 @@ class sitemap_WT_Module extends WT_Module implements WT_Module_Config {
public function getConfigLink() {
return 'module.php?mod='.$this->getName().'&amp;mod_action=admin';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/stories/module.php b/modules_v3/stories/module.php
index c65619de0c..cff1d265e8 100644
--- a/modules_v3/stories/module.php
+++ b/modules_v3/stories/module.php
@@ -169,35 +169,35 @@ class stories_WT_Module extends WT_Module implements WT_Module_Block, WT_Module_
require_once WT_ROOT.'includes/functions/functions_edit.php';
if (WT_USER_CAN_EDIT) {
- if (safe_POST_bool('save')) {
- $block_id=safe_POST('block_id');
+ if (WT_Filter::postBool('save')) {
+ $block_id=WT_Filter::postInteger('block_id');
if ($block_id) {
WT_DB::prepare(
"UPDATE `##block` SET gedcom_id=?, xref=? WHERE block_id=?"
- )->execute(array(safe_POST('gedcom_id'), safe_POST('xref'), $block_id));
+ )->execute(array(WT_Filter::postInteger('gedcom_id'), WT_Filter::post('xref', WT_REGEX_XREF), $block_id));
} else {
WT_DB::prepare(
"INSERT INTO `##block` (gedcom_id, xref, module_name, block_order) VALUES (?, ?, ?, ?)"
)->execute(array(
- safe_POST('gedcom_id'),
- safe_POST('xref'),
+ WT_Filter::postInteger('gedcom_id'),
+ WT_Filter::post('xref', WT_REGEX_XREF),
$this->getName(),
0
));
$block_id=WT_DB::getInstance()->lastInsertId();
}
- set_block_setting($block_id, 'title', safe_POST('title', WT_REGEX_UNSAFE)); // allow html
- set_block_setting($block_id, 'story_body', safe_POST('story_body', WT_REGEX_UNSAFE)); // allow html
+ set_block_setting($block_id, 'title', WT_Filter::post('title'));
+ set_block_setting($block_id, 'story_body', WT_Filter::post('story_body'));
$languages=array();
foreach (WT_I18N::installed_languages() as $code=>$name) {
- if (safe_POST_bool('lang_'.$code)) {
+ if (WT_Filter::postBool('lang_'.$code)) {
$languages[]=$code;
}
}
set_block_setting($block_id, 'languages', implode(',', $languages));
$this->config();
} else {
- $block_id=safe_GET('block_id');
+ $block_id=WT_Filter::getInteger('block_id');
$controller=new WT_Controller_Page();
if ($block_id) {
@@ -215,7 +215,7 @@ class stories_WT_Module extends WT_Module implements WT_Module_Block, WT_Module_
$title='';
$story_body='';
$gedcom_id=WT_GED_ID;
- $xref=safe_GET('xref', WT_REGEX_XREF);
+ $xref=WT_Filter::get('xref', WT_REGEX_XREF);
}
$controller
->pageHeader()
@@ -274,7 +274,7 @@ class stories_WT_Module extends WT_Module implements WT_Module_Block, WT_Module_
private function delete() {
if (WT_USER_CAN_EDIT) {
- $block_id=safe_GET('block_id');
+ $block_id=WT_Filter::getInteger('block_id');
$block_order=WT_DB::prepare(
"SELECT block_order FROM `##block` WHERE block_id=?"
diff --git a/modules_v3/theme_select/module.php b/modules_v3/theme_select/module.php
index f0ac4823cd..7ff0e91016 100644
--- a/modules_v3/theme_select/module.php
+++ b/modules_v3/theme_select/module.php
@@ -1,77 +1,77 @@
-<?php
-// Classes and libraries for module system
-//
-// webtrees: Web based Family History software
-// Copyright (C) 2013 webtrees development team.
-//
-// Derived from PhpGedView
-// Copyright (C) 2010 John Finlay
-//
-// This program is free software; you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation; either version 2 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program; if not, write to the Free Software
-// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-if (!defined('WT_WEBTREES')) {
- header('HTTP/1.0 403 Forbidden');
- exit;
-}
-
-class theme_select_WT_Module extends WT_Module implements WT_Module_Block {
- // Extend class WT_Module
- public function getTitle() {
- return /* I18N: Name of a module */ WT_I18N::translate('Theme change');
- }
-
- // Extend class WT_Module
- public function getDescription() {
- return /* I18N: Description of the “Theme change” module */ WT_I18N::translate('An alternative way to select a new theme.');
- }
-
- // Implement class WT_Module_Block
- public function getBlock($block_id, $template=true, $cfg=null) {
- $id=$this->getName().$block_id;
- $class=$this->getName().'_block';
- $title=$this->getTitle();
- $menu=WT_MenuBar::getThemeMenu();
- if ($menu) {
- $content='<div class="center theme_form">'.WT_MenuBar::getThemeMenu().'</div><br>';
-
- if ($template) {
- require WT_THEME_DIR.'templates/block_main_temp.php';
- } else {
- return $content;
- }
- } else {
- return '';
- }
- }
-
- // Implement class WT_Module_Block
- public function loadAjax() {
- return false;
- }
-
- // Implement class WT_Module_Block
- public function isUserBlock() {
- return true;
- }
-
- // Implement class WT_Module_Block
- public function isGedcomBlock() {
- return true;
- }
-
- // Implement class WT_Module_Block
- public function configureBlock($block_id) {
- }
-}
+<?php
+// Classes and libraries for module system
+//
+// webtrees: Web based Family History software
+// Copyright (C) 2013 webtrees development team.
+//
+// Derived from PhpGedView
+// Copyright (C) 2010 John Finlay
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 2 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+if (!defined('WT_WEBTREES')) {
+ header('HTTP/1.0 403 Forbidden');
+ exit;
+}
+
+class theme_select_WT_Module extends WT_Module implements WT_Module_Block {
+ // Extend class WT_Module
+ public function getTitle() {
+ return /* I18N: Name of a module */ WT_I18N::translate('Theme change');
+ }
+
+ // Extend class WT_Module
+ public function getDescription() {
+ return /* I18N: Description of the “Theme change” module */ WT_I18N::translate('An alternative way to select a new theme.');
+ }
+
+ // Implement class WT_Module_Block
+ public function getBlock($block_id, $template=true, $cfg=null) {
+ $id=$this->getName().$block_id;
+ $class=$this->getName().'_block';
+ $title=$this->getTitle();
+ $menu=WT_MenuBar::getThemeMenu();
+ if ($menu) {
+ $content='<div class="center theme_form">'.WT_MenuBar::getThemeMenu().'</div><br>';
+
+ if ($template) {
+ require WT_THEME_DIR.'templates/block_main_temp.php';
+ } else {
+ return $content;
+ }
+ } else {
+ return '';
+ }
+ }
+
+ // Implement class WT_Module_Block
+ public function loadAjax() {
+ return false;
+ }
+
+ // Implement class WT_Module_Block
+ public function isUserBlock() {
+ return true;
+ }
+
+ // Implement class WT_Module_Block
+ public function isGedcomBlock() {
+ return true;
+ }
+
+ // Implement class WT_Module_Block
+ public function configureBlock($block_id) {
+ }
+}
diff --git a/modules_v3/todays_events/module.php b/modules_v3/todays_events/module.php
index 630577abbd..44824dc46d 100644
--- a/modules_v3/todays_events/module.php
+++ b/modules_v3/todays_events/module.php
@@ -109,12 +109,12 @@ class todays_events_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'filter', safe_POST_bool('filter'));
- set_block_setting($block_id, 'onlyBDM', safe_POST_bool('onlyBDM'));
- set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table'));
- set_block_setting($block_id, 'sortStyle', safe_POST('sortStyle', array('alpha', 'anniv'), 'alpha'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'filter', WT_Filter::postBool('filter'));
+ set_block_setting($block_id, 'onlyBDM', WT_Filter::postBool('onlyBDM'));
+ set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table'));
+ set_block_setting($block_id, 'sortStyle', WT_Filter::post('sortStyle', 'alpha|anniv', 'alpha'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -158,4 +158,4 @@ class todays_events_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('block', $block);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/todo/module.php b/modules_v3/todo/module.php
index 02d46539de..1526f8d07d 100644
--- a/modules_v3/todo/module.php
+++ b/modules_v3/todo/module.php
@@ -155,11 +155,11 @@ class todo_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'show_other', safe_POST_bool('show_other'));
- set_block_setting($block_id, 'show_unassigned', safe_POST_bool('show_unassigned'));
- set_block_setting($block_id, 'show_future', safe_POST_bool('show_future'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'show_other', WT_Filter::postBool('show_other'));
+ set_block_setting($block_id, 'show_unassigned', WT_Filter::postBool('show_unassigned'));
+ set_block_setting($block_id, 'show_future', WT_Filter::postBool('show_future'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -193,4 +193,4 @@ class todo_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('block', $block);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/top10_givnnames/module.php b/modules_v3/top10_givnnames/module.php
index 8515cd7593..bb4c9d4d8b 100644
--- a/modules_v3/top10_givnnames/module.php
+++ b/modules_v3/top10_givnnames/module.php
@@ -126,10 +126,10 @@ class top10_givnnames_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'num', safe_POST_integer('num', 1, 10000, 10));
- set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'num', WT_Filter::postInteger('num', 1, 10000, 10));
+ set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -156,4 +156,4 @@ class top10_givnnames_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('block', $block);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/top10_pageviews/module.php b/modules_v3/top10_pageviews/module.php
index 2a1525d902..6fa08522b7 100644
--- a/modules_v3/top10_pageviews/module.php
+++ b/modules_v3/top10_pageviews/module.php
@@ -120,10 +120,10 @@ class top10_pageviews_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'num', safe_POST_integer('num', 1, 10000, 10));
- set_block_setting($block_id, 'count_placement', safe_POST('count_placement', array('before', 'after'), 'before'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'num', WT_Filter::postInteger('num', 1, 10000, 10));
+ set_block_setting($block_id, 'count_placement', WT_Filter::post('count_placement', 'before|after', 'before'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
require_once WT_ROOT.'includes/functions/functions_edit.php';
@@ -149,4 +149,4 @@ class top10_pageviews_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('block', $block);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/top10_surnames/module.php b/modules_v3/top10_surnames/module.php
index 0670cc8534..a2c44f790e 100644
--- a/modules_v3/top10_surnames/module.php
+++ b/modules_v3/top10_surnames/module.php
@@ -139,10 +139,10 @@ class top10_surnames_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'num', safe_POST_integer('num', 1, 10000, 10));
- set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'array', 'table', 'tagcloud'), 'table'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'num', WT_Filter::postInteger('num', 1, 10000, 10));
+ set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|array|table|tagcloud', 'table'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -181,4 +181,4 @@ class top10_surnames_WT_Module extends WT_Module implements WT_Module_Block {
}
return $countb - $counta;
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/tree/class_treeview.php b/modules_v3/tree/class_treeview.php
index 62cd94b12a..bdd742e741 100644
--- a/modules_v3/tree/class_treeview.php
+++ b/modules_v3/tree/class_treeview.php
@@ -35,7 +35,7 @@ class TreeView {
$this->name = $name;
// Read if all partners must be shown or not
- $allPartners = safe_GET('allPartners');
+ $allPartners = WT_Filter::get('allPartners');
// if allPartners not specified in url, we try to read the cookie
if ($allPartners == '') {
if (isset($_COOKIE['allPartners']))
@@ -121,7 +121,7 @@ class TreeView {
foreach ($person->getSpouseFamilies() as $family) {
$spouse = $family->getSpouse($person);
if ($spouse) {
- $r .= $this->getPersonDetails($person, $family->getSpouse($person), $family);
+ $r .= $this->getPersonDetails($person, $spouse, $family);
}
}
return $r;
diff --git a/modules_v3/tree/module.php b/modules_v3/tree/module.php
index e38bcd78fd..155073d1ea 100644
--- a/modules_v3/tree/module.php
+++ b/modules_v3/tree/module.php
@@ -130,8 +130,8 @@ class tree_WT_Module extends WT_Module implements WT_Module_Tab {
//$controller->pageHeader();
Zend_Session::writeClose();
header('Content-Type: text/html; charset=UTF-8');
- $pid = safe_GET('pid');
- $i = safe_GET('instance');
+ $pid = WT_Filter::get('pid', WT_REGEX_XREF);
+ $i = WT_Filter::get('instance');
$tv = new TreeView($i);
echo $tv->getDetails($pid);
break;
@@ -141,8 +141,8 @@ class tree_WT_Module extends WT_Module implements WT_Module_Tab {
//$controller->pageHeader();
Zend_Session::writeClose();
header('Content-Type: text/html; charset=UTF-8');
- $q = $_REQUEST['q'];
- $i = safe_GET('instance');
+ $q = WT_Filter::get('q');
+ $i = WT_Filter::get('instance');
$tv = new TreeView($i);
echo $tv->getPersons($q);
break;
diff --git a/modules_v3/upcoming_events/module.php b/modules_v3/upcoming_events/module.php
index 2986247386..06f2a1e2eb 100644
--- a/modules_v3/upcoming_events/module.php
+++ b/modules_v3/upcoming_events/module.php
@@ -112,13 +112,13 @@ class upcoming_events_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'days', safe_POST_integer('days', 1, 30, 7));
- set_block_setting($block_id, 'filter', safe_POST_bool('filter'));
- set_block_setting($block_id, 'onlyBDM', safe_POST_bool('onlyBDM'));
- set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table'));
- set_block_setting($block_id, 'sortStyle', safe_POST('sortStyle', array('alpha', 'anniv'), 'alpha'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'days', WT_Filter::postInteger('days', 1, 30, 7));
+ set_block_setting($block_id, 'filter', WT_Filter::postBool('filter'));
+ set_block_setting($block_id, 'onlyBDM', WT_Filter::postBool('onlyBDM'));
+ set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table'));
+ set_block_setting($block_id, 'sortStyle', WT_Filter::post('sortStyle', 'alpha|anniv', 'alpha'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -170,4 +170,4 @@ class upcoming_events_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('block', $block);
echo '</td></tr>';
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/user_blog/module.php b/modules_v3/user_blog/module.php
index f975ddeb1d..81e519438d 100644
--- a/modules_v3/user_blog/module.php
+++ b/modules_v3/user_blog/module.php
@@ -49,9 +49,9 @@ class user_blog_WT_Module extends WT_Module implements WT_Module_Block {
public function getBlock($block_id, $template=true, $cfg=null) {
global $ctype;
- switch (safe_GET('action')) {
+ switch (WT_Filter::get('action')) {
case 'deletenews':
- $news_id=safe_GET('news_id');
+ $news_id=WT_Filter::getInteger('news_id');
if ($news_id) {
deleteNews($news_id);
}
@@ -124,4 +124,4 @@ class user_blog_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
}
-}
+} \ No newline at end of file
diff --git a/modules_v3/user_favorites/module.php b/modules_v3/user_favorites/module.php
index 66ddc86f7d..b74eb676a5 100644
--- a/modules_v3/user_favorites/module.php
+++ b/modules_v3/user_favorites/module.php
@@ -64,16 +64,16 @@ class user_favorites_WT_Module extends gedcom_favorites_WT_Module {
switch($modAction) {
case 'menu-add-favorite':
// Process the "add to user favorites" menu item on indi/fam/etc. pages
- $record=WT_GedcomRecord::getInstance(safe_POST_xref('xref'));
+ $record = WT_GedcomRecord::getInstance(WT_Filter::post('xref', WT_REGEX_XREF));
if (WT_USER_ID && $record->canShowName()) {
self::addFavorite(array(
- 'user_id' =>WT_USER_ID,
- 'gedcom_id'=>$record->getGedcomId(),
- 'gid' =>$record->getXref(),
- 'type' =>$record::RECORD_TYPE,
- 'url' =>null,
- 'note' =>null,
- 'title' =>null,
+ 'user_id' => WT_USER_ID,
+ 'gedcom_id' => $record->getGedcomId(),
+ 'gid' => $record->getXref(),
+ 'type' => $record::RECORD_TYPE,
+ 'url' => null,
+ 'note' => null,
+ 'title' => null,
));
WT_FlashMessages::addMessage(/* I18N: %s is the name of an individual, source or other record */ WT_I18N::translate('“%s” has been added to your favorites.', $record->getFullName()));
}
diff --git a/modules_v3/user_messages/module.php b/modules_v3/user_messages/module.php
index 6a89860edd..5d8048acac 100644
--- a/modules_v3/user_messages/module.php
+++ b/modules_v3/user_messages/module.php
@@ -44,8 +44,8 @@ class user_messages_WT_Module extends WT_Module implements WT_Module_Block {
require_once WT_ROOT.'includes/functions/functions_print_facts.php';
// Block actions
- $action=safe_GET('action');
- $message_id=safe_GET('message_id');
+ $action = WT_Filter::get('action');
+ $message_id = WT_Filter::getInteger('message_id');
if ($action=='deletemessage') {
if (is_array($message_id)) {
foreach ($message_id as $msg_id) {
@@ -79,7 +79,7 @@ class user_messages_WT_Module extends WT_Module implements WT_Module_Block {
$content.='</option>';
}
}
- $content.='</select> <input type="button" value="'.WT_I18N::translate('Send').'" onclick="message(document.messageform.touser.options[document.messageform.touser.selectedIndex].value, \'messaging2\', \'\', \'\'); return false;"><br><br>';
+ $content.='</select> <input type="button" value="'.WT_I18N::translate('Send').'" onclick="message(document.messageform.touser.options[document.messageform.touser.selectedIndex].value, \'messaging2\', \'\'); return false;"><br><br>';
}
if (count($messages)==0) {
$content.=WT_I18N::translate('You have no pending messages.')."<br>";
@@ -149,8 +149,8 @@ class user_messages_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
diff --git a/modules_v3/yahrzeit/module.php b/modules_v3/yahrzeit/module.php
index 3d1291d133..8582aeb849 100644
--- a/modules_v3/yahrzeit/module.php
+++ b/modules_v3/yahrzeit/module.php
@@ -223,10 +223,10 @@ class yahrzeit_WT_Module extends WT_Module implements WT_Module_Block {
// Implement class WT_Module_Block
public function configureBlock($block_id) {
- if (safe_POST_bool('save')) {
- set_block_setting($block_id, 'days', safe_POST_integer('days', 1, 30, 7));
- set_block_setting($block_id, 'infoStyle', safe_POST('infoStyle', array('list', 'table'), 'table'));
- set_block_setting($block_id, 'block', safe_POST_bool('block'));
+ if (WT_Filter::postBool('save')) {
+ set_block_setting($block_id, 'days', WT_Filter::postInteger('days', 1, 30, 7));
+ set_block_setting($block_id, 'infoStyle', WT_Filter::post('infoStyle', 'list|table', 'table'));
+ set_block_setting($block_id, 'block', WT_Filter::postBool('block'));
exit;
}
@@ -254,4 +254,4 @@ class yahrzeit_WT_Module extends WT_Module implements WT_Module_Block {
echo edit_field_yes_no('block', $block);
echo '</td></tr>';
}
-}
+} \ No newline at end of file