[UTIL] Sanitise instead of validate in common_copy_args()

And remove common_validate_utf8() which is now unused.
This commit is contained in:
Alexei Sorokin 2020-09-15 14:53:35 +03:00 committed by Diogo Peralta Cordeiro
parent 9e94b7f145
commit 22f6d3ce14
2 changed files with 14 additions and 34 deletions

View File

@ -1234,27 +1234,6 @@ function common_shorten_links($text, $always = false, User $user=null)
}
}
/**
* Very basic stripping of invalid UTF-8 input text.
*
* @param string $str
* @return mixed string or null if invalid input
*
* @todo ideally we should drop bad chars, and maybe do some of the checks
* from common_xml_safe_str. But we can't strip newlines, etc.
* @todo Unicode normalization might also be useful, but not needed now.
*/
function common_validate_utf8($str)
{
// preg_replace will return NULL on invalid UTF-8 input.
//
// Note: empty regex //u also caused NULL return on some
// production machines, but none of our test machines.
//
// This should be replaced with a more reliable check.
return preg_replace('/\x00/u', '', $str);
}
/**
* Make sure an arbitrary string is safe for output in XML as a single line.
*
@ -2200,26 +2179,25 @@ function common_config_append($main, $sub, $value)
/**
* Pull arguments from a GET/POST/REQUEST array with first-level input checks:
* strips "magic quotes" slashes if necessary, and kills invalid UTF-8 strings.
* strips "magic quotes" slashes if necessary,
* and replaces invalid in UTF-8 sequences with question marks.
*
* @param array $from
* @return array
*/
function common_copy_args($from)
function common_copy_args(array $from): array
{
$to = [];
$strip = get_magic_quotes_gpc();
foreach ($from as $k => $v) {
return array_map(function ($v) use ($strip) {
if (is_array($v)) {
$to[$k] = common_copy_args($v);
return common_copy_args($v);
} else {
if ($strip) {
$v = stripslashes($v);
}
$to[$k] = strval(common_validate_utf8($v));
return mb_scrub($v);
}
}
return $to;
}, $from);
}
/**

View File

@ -305,14 +305,16 @@ function main()
// If the site is private, and they're not on one of the "public"
// parts of the site, redirect to login
if (!$user && common_config('site', 'private')
if (
is_null($user)
&& common_config('site', 'private')
&& !isLoginAction($action)
&& !preg_match('/rss$/', $action)
&& $action != 'robotstxt'
&& !preg_match('/^Api/', $action)) {
&& $action !== 'robotstxt'
&& !preg_match('/^Api/', $action)
) {
// set returnto
$rargs =& common_copy_args($args);
$rargs = common_copy_args($args);
unset($rargs['action']);
if (common_config('site', 'fancy')) {
unset($rargs['p']);