[UTIL] Sanitise instead of validate in common_copy_args()
And remove common_validate_utf8() which is now unused.
This commit is contained in:
Alexei Sorokin
parent
fde929b151
commit
2ef944d5c4
|
|
@ -1234,27 +1234,6 @@ function common_shorten_links($text, $always = false, User $user=null)
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Very basic stripping of invalid UTF-8 input text.
|
||||
*
|
||||
* @param string $str
|
||||
* @return mixed string or null if invalid input
|
||||
*
|
||||
* @todo ideally we should drop bad chars, and maybe do some of the checks
|
||||
* from common_xml_safe_str. But we can't strip newlines, etc.
|
||||
* @todo Unicode normalization might also be useful, but not needed now.
|
||||
*/
|
||||
function common_validate_utf8($str)
|
||||
{
|
||||
// preg_replace will return NULL on invalid UTF-8 input.
|
||||
//
|
||||
// Note: empty regex //u also caused NULL return on some
|
||||
// production machines, but none of our test machines.
|
||||
//
|
||||
// This should be replaced with a more reliable check.
|
||||
return preg_replace('/\x00/u', '', $str);
|
||||
}
|
||||
|
||||
/**
|
||||
* Make sure an arbitrary string is safe for output in XML as a single line.
|
||||
*
|
||||
|
|
@ -2200,26 +2179,25 @@ function common_config_append($main, $sub, $value)
|
|||
|
||||
/**
|
||||
* Pull arguments from a GET/POST/REQUEST array with first-level input checks:
|
||||
* strips "magic quotes" slashes if necessary, and kills invalid UTF-8 strings.
|
||||
* strips "magic quotes" slashes if necessary,
|
||||
* and replaces invalid in UTF-8 sequences with question marks.
|
||||
*
|
||||
* @param array $from
|
||||
* @return array
|
||||
*/
|
||||
function common_copy_args($from)
|
||||
function common_copy_args(array $from): array
|
||||
{
|
||||
$to = [];
|
||||
$strip = get_magic_quotes_gpc();
|
||||
foreach ($from as $k => $v) {
|
||||
return array_map(function ($v) use ($strip) {
|
||||
if (is_array($v)) {
|
||||
$to[$k] = common_copy_args($v);
|
||||
return common_copy_args($v);
|
||||
} else {
|
||||
if ($strip) {
|
||||
$v = stripslashes($v);
|
||||
}
|
||||
$to[$k] = strval(common_validate_utf8($v));
|
||||
return mb_scrub($v);
|
||||
}
|
||||
}
|
||||
return $to;
|
||||
}, $from);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -305,14 +305,16 @@ function main()
|
|||
// If the site is private, and they're not on one of the "public"
|
||||
// parts of the site, redirect to login
|
||||
|
||||
if (!$user && common_config('site', 'private')
|
||||
if (
|
||||
is_null($user)
|
||||
&& common_config('site', 'private')
|
||||
&& !isLoginAction($action)
|
||||
&& !preg_match('/rss$/', $action)
|
||||
&& $action != 'robotstxt'
|
||||
&& !preg_match('/^Api/', $action)) {
|
||||
|
||||
&& $action !== 'robotstxt'
|
||||
&& !preg_match('/^Api/', $action)
|
||||
) {
|
||||
// set returnto
|
||||
$rargs =& common_copy_args($args);
|
||||
$rargs = common_copy_args($args);
|
||||
unset($rargs['action']);
|
||||
if (common_config('site', 'fancy')) {
|
||||
unset($rargs['p']);
|
||||
|
|
|
|||
Loading…
Reference in New Issue