Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-22 01:50:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #10956 from annando/escapetags

Browse source 
Some removed escapeTags calls
This commit is contained in:
Hypolite Petovan 2021-11-06 00:04:17 -04:00 committed by GitHub
commit edcfeaf66d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 39 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Module/Admin/Item/Delete.php
View file

@ -40,7 +40,7 @@ class Delete extends BaseAdmin
self::checkFormSecurityTokenRedirectOnError('/admin/item/delete', 'admin_deleteitem');
if (!empty($_POST['page_deleteitem_submit'])) {
$guid = trim(Strings::escapeTags($_POST['deleteitemguid']));
$guid = trim($_POST['deleteitemguid']);
// The GUID should not include a "/", so if there is one, we got an URL
// and the last part of it is most likely the GUID.
if (strpos($guid, '/')) {

2
src/Module/Admin/Logs/Settings.php
View file

@ -39,7 +39,7 @@ class Settings extends BaseAdmin
self::checkFormSecurityTokenRedirectOnError('/admin/logs', 'admin_logs');
$logfile = (!empty($_POST['logfile']) ? Strings::escapeTags(trim($_POST['logfile'])) : '');
$logfile = (!empty($_POST['logfile']) ? trim($_POST['logfile']) : '');
$debugging = !empty($_POST['debugging']);
$loglevel = ($_POST['loglevel'] ?? '') ?: LogLevel::ERROR;

2
src/Module/Admin/Storage.php
View file

@ -37,7 +37,7 @@ class Storage extends BaseAdmin
self::checkFormSecurityTokenRedirectOnError('/admin/storage', 'admin_storage');
$storagebackend = Strings::escapeTags(trim($parameters['name'] ?? ''));
$storagebackend = trim($parameters['name'] ?? '');
try {
/** @var ICanConfigureStorage|false $newStorageConfig */

2
src/Module/Register.php
View file

@ -302,7 +302,7 @@ class Register extends BaseModule
$using_invites = DI::config()->get('system', 'invitation_only');
$num_invites = DI::config()->get('system', 'number_invites');
$invite_id = (!empty($_POST['invite_id']) ? Strings::escapeTags(trim($_POST['invite_id'])) : '');
$invite_id = (!empty($_POST['invite_id']) ? trim($_POST['invite_id']) : '');
if (intval(DI::config()->get('config', 'register_policy')) === self::OPEN) {
if ($using_invites && $invite_id) {

5
src/Module/Xrd.php
View file

@ -30,7 +30,6 @@ use Friendica\Model\Photo;
use Friendica\Model\User;
use Friendica\Protocol\ActivityNamespace;
use Friendica\Protocol\Salmon;
use Friendica\Util\Strings;
/**
* Prints responses to /.well-known/webfinger or /xrd requests
@ -45,7 +44,7 @@ class Xrd extends BaseModule
return;
}
$uri = urldecode(Strings::escapeTags(trim($_GET['uri'])));
$uri = urldecode(trim($_GET['uri']));
if (strpos($_SERVER['HTTP_ACCEPT'] ?? '', 'application/jrd+json') !== false) {
$mode = 'json';
} else {
@ -56,7 +55,7 @@ class Xrd extends BaseModule
return;
}
$uri = urldecode(Strings::escapeTags(trim($_GET['resource'])));
$uri = urldecode(trim($_GET['resource']));
if (strpos($_SERVER['HTTP_ACCEPT'] ?? '', 'application/xrd+xml') !== false) {
$mode = 'xml';
} else {