diff --git a/extlib/DB/DataObject/Cast.php b/extlib/DB/DataObject/Cast.php index e3395af6c8..13e366cd45 100644 --- a/extlib/DB/DataObject/Cast.php +++ b/extlib/DB/DataObject/Cast.php @@ -175,9 +175,9 @@ class DB_DataObject_Cast $args = func_get_args(); switch (count($args)) { case 0: // no args = now! - $datetime = date('Y-m-d G:i:s', mktime()); + $datetime = date('Y-m-d G:i:s', time()); + // no break - // no break case 1: // continue on from 0 args. if (!isset($datetime)) { @@ -300,9 +300,9 @@ class DB_DataObject_Cast $args = func_get_args(); switch (count($args)) { case 0: // no args = now! - $time = date('G:i:s', mktime()); + $time = date('G:i:s', time()); + // no break - // no break case 1: // continue on from 0 args. if (!isset($time)) { @@ -440,10 +440,10 @@ class DB_DataObject_Cast case 'mssql': // copied from the old DB mssql code...?? not sure how safe this is. return "'" . str_replace( - array("'", "\\\r\n", "\\\n"), - array("''", "\\\\\r\n\r\n", "\\\\\n\n"), - $this->value - ) . "'"; + array("'", "\\\r\n", "\\\n"), + array("''", "\\\\\r\n\r\n", "\\\\\n\n"), + $this->value + ) . "'"; default: diff --git a/lib/api/apioauthaction.php b/lib/api/apioauthaction.php index b5dbdbca6d..08aa4f2443 100644 --- a/lib/api/apioauthaction.php +++ b/lib/api/apioauthaction.php @@ -1,46 +1,41 @@ . + /** - * StatusNet, the distributed open-source microblogging tool - * * Base action for OAuth API endpoints * - * PHP version 5 - * - * LICENCE: This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * * @category API - * @package StatusNet + * @package GNUsocial * @author Zach Copley * @copyright 2010 StatusNet, Inc. - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ + * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later */ -if (!defined('STATUSNET')) { - exit(1); -} +defined('GNUSOCIAL') || die(); + require_once INSTALLDIR . '/lib/api/apiaction.php'; /** * Base action for API OAuth enpoints. Clean up the * request. Some other common functions. * - * @category API - * @package StatusNet - * @author Zach Copley - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ + * @category API + * @package GNUsocial + * @author Zach Copley + * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later */ class ApiOAuthAction extends ApiAction { @@ -49,7 +44,7 @@ class ApiOAuthAction extends ApiAction * * @return boolean false */ - function isReadOnly($args) + public function isReadOnly($args) { return false; } @@ -66,14 +61,8 @@ class ApiOAuthAction extends ApiAction * I'm looking at you, p parameter. */ - static function cleanRequest() + public static function cleanRequest() { - // kill evil effects of magical slashing - if (get_magic_quotes_gpc() == 1) { - $_POST = array_map('stripslashes', $_POST); - $_GET = array_map('stripslashes', $_GET); - } - // strip out the p param added in index.php unset($_GET['p']); unset($_POST['p']); @@ -89,5 +78,4 @@ class ApiOAuthAction extends ApiAction $_SERVER['QUERY_STRING'] = implode('&', $queryArray); } - } diff --git a/lib/util/common.php b/lib/util/common.php index 0b8ed3f222..8b2e4a196a 100644 --- a/lib/util/common.php +++ b/lib/util/common.php @@ -36,7 +36,7 @@ try { // TRANS: Error message displayed when no configuration file was found for a StatusNet installation. // TRANS: Is followed by a list of directories (separated by HTML breaks). echo '

'. _('I looked for configuration files in the following places:') .'
'; - echo implode($e->configFiles, '
'); + echo implode('
', $e->configFiles); // TRANS: Error message displayed when no configuration file was found for a StatusNet installation. echo '

'. _('You may wish to run the installer to fix this.') .'

'; // @todo FIXME Link should be in a para? diff --git a/lib/util/util.php b/lib/util/util.php index bf90395778..4dadc027c3 100644 --- a/lib/util/util.php +++ b/lib/util/util.php @@ -1498,7 +1498,7 @@ function common_fake_local_nonfancy_url($url) // remove the first element, which is the full matching string array_shift($matches); - return implode($matches); + return implode('', $matches); } function common_inject_session($url, $serverpart = null) @@ -2178,42 +2178,19 @@ function common_config_append($main, $sub, $value) } /** - * Pull arguments from a GET/POST/REQUEST array with first-level input checks: - * strips "magic quotes" slashes if necessary, - * and replaces invalid in UTF-8 sequences with question marks. + * Pull arguments from a GET/POST/REQUEST array and replace invalid in UTF-8 + * sequences with question marks. * * @param array $from * @return array */ function common_copy_args(array $from): array { - $strip = get_magic_quotes_gpc(); - return array_map(function ($v) use ($strip) { - if (is_array($v)) { - return common_copy_args($v); - } else { - if ($strip) { - $v = stripslashes($v); - } - return mb_scrub($v); - } + return array_map(function ($v) { + return is_array($v) ? common_copy_args($v) : mb_scrub($v); }, $from); } -/** - * Neutralise the evil effects of magic_quotes_gpc in the current request. - * This is used before handing a request off to OAuthRequest::from_request. - * @fixme Doesn't consider vars other than _POST and _GET? - * @fixme Can't be undone and could corrupt data if run twice. - */ -function common_remove_magic_from_request() -{ - if (get_magic_quotes_gpc()) { - $_POST=array_map('stripslashes', $_POST); - $_GET=array_map('stripslashes', $_GET); - } -} - function common_user_uri(&$user) { return common_local_url( diff --git a/plugins/DomainWhitelist/DomainWhitelistPlugin.php b/plugins/DomainWhitelist/DomainWhitelistPlugin.php index b6382afc17..5c3ae97f98 100644 --- a/plugins/DomainWhitelist/DomainWhitelistPlugin.php +++ b/plugins/DomainWhitelist/DomainWhitelistPlugin.php @@ -1,50 +1,41 @@ . + /** - * StatusNet - the distributed open-source microblogging tool - * Copyright (C) 2011, StatusNet, Inc. - * * Restrict the email addresses in a domain to a select whitelist * - * PHP version 5 - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * * @category Cache - * @package StatusNet + * @package GNUsocial * @author Evan Prodromou * @author Zach Copley * @copyright 2011 StatusNet, Inc. - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0 - * @link http://status.net/ + * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later */ -if (!defined('STATUSNET')) { - // This check helps protect against security problems; - // your code file can't be executed directly from the web. - exit(1); -} +defined('GNUSOCIAL') || die(); /** * Restrict the email addresses to a domain whitelist * * @category General - * @package StatusNet + * @package GNUsocial * @author Evan Prodromou * @author Zach Copley * @copyright 2011 StatusNet, Inc. - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0 - * @link http://status.net/ + * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later */ class DomainWhitelistPlugin extends Plugin { @@ -56,7 +47,8 @@ class DomainWhitelistPlugin extends Plugin * * @return String the absolute path */ - protected function getPath() { + protected function getPath() + { return preg_replace('/^' . preg_quote(INSTALLDIR, '/') . '\//', '', dirname(__FILE__)); } @@ -67,7 +59,8 @@ class DomainWhitelistPlugin extends Plugin * * @return boolean hook flag */ - function onEndShowStatusNetScripts($action) { + public function onEndShowStatusNetScripts($action) + { $name = $action->arg('action'); if ($name == 'invite') { $action->script($this->getPath() . '/js/whitelistinvite.js'); @@ -75,13 +68,13 @@ class DomainWhitelistPlugin extends Plugin return true; } - function onRequireValidatedEmailPlugin_Override($user, &$knownGood) + public function onRequireValidatedEmailPlugin_Override($user, &$knownGood) { $knownGood = (!empty($user->email) && $this->matchesWhitelist($user->email)); return true; } - function onEndValidateUserEmail($user, $email, &$valid) + public function onEndValidateUserEmail($user, $email, &$valid) { if ($valid) { // it's otherwise valid if (!$this->matchesWhitelist($email)) { @@ -89,14 +82,18 @@ class DomainWhitelistPlugin extends Plugin if (count($whitelist) == 1) { // TRANS: Client exception thrown when a given e-mailaddress is not in the domain whitelist. // TRANS: %s is a whitelisted e-mail domain. - $message = sprintf(_m('Email address must be in this domain: %s.'), - $whitelist[0]); + $message = sprintf( + _m('Email address must be in this domain: %s.'), + $whitelist[0] + ); } else { // TRANS: Client exception thrown when a given e-mailaddress is not in the domain whitelist. // TRANS: %s are whitelisted e-mail domains separated by comma's (localisable). - $message = sprintf(_m('Email address must be in one of these domains: %s.'), - // TRANS: Separator for whitelisted domains. - implode(_m('SEPARATOR',', '), $whitelist)); + $message = sprintf( + _m('Email address must be in one of these domains: %s.'), + // TRANS: Separator for whitelisted domains. + implode(_m('SEPARATOR', ', '), $whitelist) + ); } throw new ClientException($message); } @@ -104,7 +101,7 @@ class DomainWhitelistPlugin extends Plugin return true; } - function onStartAddEmailAddress($user, $email) + public function onStartAddEmailAddress($user, $email) { if (!$this->matchesWhitelist($email)) { // TRANS: Exception thrown when an e-mail address does not match the site's domain whitelist. @@ -114,7 +111,7 @@ class DomainWhitelistPlugin extends Plugin return true; } - function onEndValidateEmailInvite($user, $email, &$valid) + public function onEndValidateEmailInvite($user, $email, &$valid) { if ($valid) { $valid = $this->matchesWhitelist($email); @@ -123,7 +120,7 @@ class DomainWhitelistPlugin extends Plugin return true; } - function matchesWhitelist($email) + public function matchesWhitelist($email) { $whitelist = $this->getWhitelist(); @@ -143,13 +140,13 @@ class DomainWhitelistPlugin extends Plugin * @param string $email and email address * @return string the domain */ - function domainFromEmail($email) + public function domainFromEmail($email) { $parts = explode('@', $email); return strtolower(trim($parts[1])); } - function getWhitelist() + public function getWhitelist() { $whitelist = common_config('email', 'whitelist'); @@ -169,7 +166,7 @@ class DomainWhitelistPlugin extends Plugin * @param string $domain domain to check * @return boolean whether to include the domain */ - function userDomainFilter($domain) + public function userDomainFilter($domain) { $user = common_current_user(); $userDomain = $this->domainFromEmail($user->email); @@ -190,7 +187,7 @@ class DomainWhitelistPlugin extends Plugin * @param array $whitelist whitelist of allowed email domains * @return array an ordered or sorted version of the whitelist */ - function sortWhitelist($whitelist) + public function sortWhitelist($whitelist) { $whitelist = array_unique($whitelist); natcasesort($whitelist); @@ -223,7 +220,7 @@ class DomainWhitelistPlugin extends Plugin * @param action $action the invite action * @return boolean hook value */ - function onStartShowInviteForm($action) + public function onStartShowInviteForm($action) { $this->showConfirmDialog($action); $form = new WhitelistInviteForm($action, $this->getWhitelist()); @@ -231,7 +228,7 @@ class DomainWhitelistPlugin extends Plugin return false; } - function showConfirmDialog($action) + public function showConfirmDialog($action) { // For JQuery UI modal dialog $action->elementStart( @@ -252,21 +249,21 @@ class DomainWhitelistPlugin extends Plugin * @param action &$action the invite action * @return boolean hook value */ - function onStartSendInvitations(&$action) + public function onStartSendInvitations(&$action) { - $emails = array(); - $usernames = $action->arg('username'); - $domains = $action->arg('domain'); + $emails = []; + $usernames = $action->arg('username'); + $domains = $action->arg('domain'); - for($i = 0; $i < count($usernames); $i++) { - if (!empty($usernames[$i])) { - $emails[] = $usernames[$i] . '@' . $domains[$i] . "\n"; - } - } + foreach ($usernames as $key => $username) { + if (!empty($username)) { + $emails[] = $username . '@' . $domains[$key] . "\n"; + } + } - $action->args['addresses'] = implode($emails); + $action->args['addresses'] = implode('', $emails); - return true; + return true; } public function onPluginVersion(array &$versions): bool diff --git a/public/install.php b/public/install.php index dd764420cd..e9cff8ff19 100644 --- a/public/install.php +++ b/public/install.php @@ -70,7 +70,6 @@ class Posted /** * The given POST parameter value, in its original form. - * Magic quotes are stripped, if provided. * Missing value will give null. * * @param string $name @@ -78,29 +77,7 @@ class Posted */ public function raw(string $name) { - if (isset($_POST[$name])) { - return $this->dequote($_POST[$name]); - } else { - return null; - } - } - - /** - * If necessary, strip magic quotes from the given value. - * - * @param mixed $val - * @return mixed - */ - public function dequote($val) - { - if (get_magic_quotes_gpc()) { - if (is_string($val)) { - return stripslashes($val); - } elseif (is_array($val)) { - return array_map([$this, 'dequote'], $val); - } - } - return $val; + return filter_input(INPUT_POST, $name); } }