+ * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/
class ApiOAuthAction extends ApiAction
{
@@ -49,7 +44,7 @@ class ApiOAuthAction extends ApiAction
*
* @return boolean false
*/
- function isReadOnly($args)
+ public function isReadOnly($args)
{
return false;
}
@@ -66,14 +61,8 @@ class ApiOAuthAction extends ApiAction
* I'm looking at you, p parameter.
*/
- static function cleanRequest()
+ public static function cleanRequest()
{
- // kill evil effects of magical slashing
- if (get_magic_quotes_gpc() == 1) {
- $_POST = array_map('stripslashes', $_POST);
- $_GET = array_map('stripslashes', $_GET);
- }
-
// strip out the p param added in index.php
unset($_GET['p']);
unset($_POST['p']);
@@ -89,5 +78,4 @@ class ApiOAuthAction extends ApiAction
$_SERVER['QUERY_STRING'] = implode('&', $queryArray);
}
-
}
diff --git a/lib/util/common.php b/lib/util/common.php
index 0b8ed3f222..8b2e4a196a 100644
--- a/lib/util/common.php
+++ b/lib/util/common.php
@@ -36,7 +36,7 @@ try {
// TRANS: Error message displayed when no configuration file was found for a StatusNet installation.
// TRANS: Is followed by a list of directories (separated by HTML breaks).
echo ''. _('I looked for configuration files in the following places:') .'
';
- echo implode($e->configFiles, '
');
+ echo implode('
', $e->configFiles);
// TRANS: Error message displayed when no configuration file was found for a StatusNet installation.
echo '
'. _('You may wish to run the installer to fix this.') .'
';
// @todo FIXME Link should be in a para?
diff --git a/lib/util/util.php b/lib/util/util.php
index bf90395778..4dadc027c3 100644
--- a/lib/util/util.php
+++ b/lib/util/util.php
@@ -1498,7 +1498,7 @@ function common_fake_local_nonfancy_url($url)
// remove the first element, which is the full matching string
array_shift($matches);
- return implode($matches);
+ return implode('', $matches);
}
function common_inject_session($url, $serverpart = null)
@@ -2178,42 +2178,19 @@ function common_config_append($main, $sub, $value)
}
/**
- * Pull arguments from a GET/POST/REQUEST array with first-level input checks:
- * strips "magic quotes" slashes if necessary,
- * and replaces invalid in UTF-8 sequences with question marks.
+ * Pull arguments from a GET/POST/REQUEST array and replace invalid in UTF-8
+ * sequences with question marks.
*
* @param array $from
* @return array
*/
function common_copy_args(array $from): array
{
- $strip = get_magic_quotes_gpc();
- return array_map(function ($v) use ($strip) {
- if (is_array($v)) {
- return common_copy_args($v);
- } else {
- if ($strip) {
- $v = stripslashes($v);
- }
- return mb_scrub($v);
- }
+ return array_map(function ($v) {
+ return is_array($v) ? common_copy_args($v) : mb_scrub($v);
}, $from);
}
-/**
- * Neutralise the evil effects of magic_quotes_gpc in the current request.
- * This is used before handing a request off to OAuthRequest::from_request.
- * @fixme Doesn't consider vars other than _POST and _GET?
- * @fixme Can't be undone and could corrupt data if run twice.
- */
-function common_remove_magic_from_request()
-{
- if (get_magic_quotes_gpc()) {
- $_POST=array_map('stripslashes', $_POST);
- $_GET=array_map('stripslashes', $_GET);
- }
-}
-
function common_user_uri(&$user)
{
return common_local_url(
diff --git a/plugins/DomainWhitelist/DomainWhitelistPlugin.php b/plugins/DomainWhitelist/DomainWhitelistPlugin.php
index b6382afc17..5c3ae97f98 100644
--- a/plugins/DomainWhitelist/DomainWhitelistPlugin.php
+++ b/plugins/DomainWhitelist/DomainWhitelistPlugin.php
@@ -1,50 +1,41 @@
.
+
/**
- * StatusNet - the distributed open-source microblogging tool
- * Copyright (C) 2011, StatusNet, Inc.
- *
* Restrict the email addresses in a domain to a select whitelist
*
- * PHP version 5
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see .
- *
* @category Cache
- * @package StatusNet
+ * @package GNUsocial
* @author Evan Prodromou
* @author Zach Copley
* @copyright 2011 StatusNet, Inc.
- * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
- * @link http://status.net/
+ * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/
-if (!defined('STATUSNET')) {
- // This check helps protect against security problems;
- // your code file can't be executed directly from the web.
- exit(1);
-}
+defined('GNUSOCIAL') || die();
/**
* Restrict the email addresses to a domain whitelist
*
* @category General
- * @package StatusNet
+ * @package GNUsocial
* @author Evan Prodromou
* @author Zach Copley
* @copyright 2011 StatusNet, Inc.
- * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
- * @link http://status.net/
+ * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/
class DomainWhitelistPlugin extends Plugin
{
@@ -56,7 +47,8 @@ class DomainWhitelistPlugin extends Plugin
*
* @return String the absolute path
*/
- protected function getPath() {
+ protected function getPath()
+ {
return preg_replace('/^' . preg_quote(INSTALLDIR, '/') . '\//', '', dirname(__FILE__));
}
@@ -67,7 +59,8 @@ class DomainWhitelistPlugin extends Plugin
*
* @return boolean hook flag
*/
- function onEndShowStatusNetScripts($action) {
+ public function onEndShowStatusNetScripts($action)
+ {
$name = $action->arg('action');
if ($name == 'invite') {
$action->script($this->getPath() . '/js/whitelistinvite.js');
@@ -75,13 +68,13 @@ class DomainWhitelistPlugin extends Plugin
return true;
}
- function onRequireValidatedEmailPlugin_Override($user, &$knownGood)
+ public function onRequireValidatedEmailPlugin_Override($user, &$knownGood)
{
$knownGood = (!empty($user->email) && $this->matchesWhitelist($user->email));
return true;
}
- function onEndValidateUserEmail($user, $email, &$valid)
+ public function onEndValidateUserEmail($user, $email, &$valid)
{
if ($valid) { // it's otherwise valid
if (!$this->matchesWhitelist($email)) {
@@ -89,14 +82,18 @@ class DomainWhitelistPlugin extends Plugin
if (count($whitelist) == 1) {
// TRANS: Client exception thrown when a given e-mailaddress is not in the domain whitelist.
// TRANS: %s is a whitelisted e-mail domain.
- $message = sprintf(_m('Email address must be in this domain: %s.'),
- $whitelist[0]);
+ $message = sprintf(
+ _m('Email address must be in this domain: %s.'),
+ $whitelist[0]
+ );
} else {
// TRANS: Client exception thrown when a given e-mailaddress is not in the domain whitelist.
// TRANS: %s are whitelisted e-mail domains separated by comma's (localisable).
- $message = sprintf(_m('Email address must be in one of these domains: %s.'),
- // TRANS: Separator for whitelisted domains.
- implode(_m('SEPARATOR',', '), $whitelist));
+ $message = sprintf(
+ _m('Email address must be in one of these domains: %s.'),
+ // TRANS: Separator for whitelisted domains.
+ implode(_m('SEPARATOR', ', '), $whitelist)
+ );
}
throw new ClientException($message);
}
@@ -104,7 +101,7 @@ class DomainWhitelistPlugin extends Plugin
return true;
}
- function onStartAddEmailAddress($user, $email)
+ public function onStartAddEmailAddress($user, $email)
{
if (!$this->matchesWhitelist($email)) {
// TRANS: Exception thrown when an e-mail address does not match the site's domain whitelist.
@@ -114,7 +111,7 @@ class DomainWhitelistPlugin extends Plugin
return true;
}
- function onEndValidateEmailInvite($user, $email, &$valid)
+ public function onEndValidateEmailInvite($user, $email, &$valid)
{
if ($valid) {
$valid = $this->matchesWhitelist($email);
@@ -123,7 +120,7 @@ class DomainWhitelistPlugin extends Plugin
return true;
}
- function matchesWhitelist($email)
+ public function matchesWhitelist($email)
{
$whitelist = $this->getWhitelist();
@@ -143,13 +140,13 @@ class DomainWhitelistPlugin extends Plugin
* @param string $email and email address
* @return string the domain
*/
- function domainFromEmail($email)
+ public function domainFromEmail($email)
{
$parts = explode('@', $email);
return strtolower(trim($parts[1]));
}
- function getWhitelist()
+ public function getWhitelist()
{
$whitelist = common_config('email', 'whitelist');
@@ -169,7 +166,7 @@ class DomainWhitelistPlugin extends Plugin
* @param string $domain domain to check
* @return boolean whether to include the domain
*/
- function userDomainFilter($domain)
+ public function userDomainFilter($domain)
{
$user = common_current_user();
$userDomain = $this->domainFromEmail($user->email);
@@ -190,7 +187,7 @@ class DomainWhitelistPlugin extends Plugin
* @param array $whitelist whitelist of allowed email domains
* @return array an ordered or sorted version of the whitelist
*/
- function sortWhitelist($whitelist)
+ public function sortWhitelist($whitelist)
{
$whitelist = array_unique($whitelist);
natcasesort($whitelist);
@@ -223,7 +220,7 @@ class DomainWhitelistPlugin extends Plugin
* @param action $action the invite action
* @return boolean hook value
*/
- function onStartShowInviteForm($action)
+ public function onStartShowInviteForm($action)
{
$this->showConfirmDialog($action);
$form = new WhitelistInviteForm($action, $this->getWhitelist());
@@ -231,7 +228,7 @@ class DomainWhitelistPlugin extends Plugin
return false;
}
- function showConfirmDialog($action)
+ public function showConfirmDialog($action)
{
// For JQuery UI modal dialog
$action->elementStart(
@@ -252,21 +249,21 @@ class DomainWhitelistPlugin extends Plugin
* @param action &$action the invite action
* @return boolean hook value
*/
- function onStartSendInvitations(&$action)
+ public function onStartSendInvitations(&$action)
{
- $emails = array();
- $usernames = $action->arg('username');
- $domains = $action->arg('domain');
+ $emails = [];
+ $usernames = $action->arg('username');
+ $domains = $action->arg('domain');
- for($i = 0; $i < count($usernames); $i++) {
- if (!empty($usernames[$i])) {
- $emails[] = $usernames[$i] . '@' . $domains[$i] . "\n";
- }
- }
+ foreach ($usernames as $key => $username) {
+ if (!empty($username)) {
+ $emails[] = $username . '@' . $domains[$key] . "\n";
+ }
+ }
- $action->args['addresses'] = implode($emails);
+ $action->args['addresses'] = implode('', $emails);
- return true;
+ return true;
}
public function onPluginVersion(array &$versions): bool
diff --git a/public/install.php b/public/install.php
index dd764420cd..e9cff8ff19 100644
--- a/public/install.php
+++ b/public/install.php
@@ -70,7 +70,6 @@ class Posted
/**
* The given POST parameter value, in its original form.
- * Magic quotes are stripped, if provided.
* Missing value will give null.
*
* @param string $name
@@ -78,29 +77,7 @@ class Posted
*/
public function raw(string $name)
{
- if (isset($_POST[$name])) {
- return $this->dequote($_POST[$name]);
- } else {
- return null;
- }
- }
-
- /**
- * If necessary, strip magic quotes from the given value.
- *
- * @param mixed $val
- * @return mixed
- */
- public function dequote($val)
- {
- if (get_magic_quotes_gpc()) {
- if (is_string($val)) {
- return stripslashes($val);
- } elseif (is_array($val)) {
- return array_map([$this, 'dequote'], $val);
- }
- }
- return $val;
+ return filter_input(INPUT_POST, $name);
}
}