eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

Remove "magic quotes" code and avoid wrong order implode

Browse Source 
"Magic quotes" were removed in PHP 5.4, no need to mitigate it anymore.

Avoid implode() with the join()-like order of arguments which was deprecated
since PHP 7.4 and implicitly since PHP 5.3.
Also avoid implode() with an implicit separator for stylistic reasons.

mktime() with no arguments has been deprecated since PHP 5.1.
This commit is contained in:
Alexei Sorokin
2020-09-15 14:59:27 +03:00
parent 2ef944d5c4
commit 8079a476b6
6 changed files with 95 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
lib/api/apioauthaction.php
View File

@@ -1,46 +1,41 @@
<?php
// This file is part of GNU social - https://www.gnu.org/software/social
//
// GNU social is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// GNU social is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with GNU social. If not, see <http://www.gnu.org/licenses/>.
/**
* StatusNet, the distributed open-source microblogging tool
*
* Base action for OAuth API endpoints
*
* PHP version 5
*
* LICENCE: This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @category API
* @package StatusNet
* @package GNUsocial
* @author Zach Copley <zach@status.net>
* @copyright 2010 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
* @link http://status.net/
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/
if (!defined('STATUSNET')) {
exit(1);
}
defined('GNUSOCIAL') || die();
require_once INSTALLDIR . '/lib/api/apiaction.php';
/**
* Base action for API OAuth enpoints. Clean up the
* request. Some other common functions.
*
* @category API
* @package StatusNet
* @author Zach Copley <zach@status.net>
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
* @link http://status.net/
* @category API
* @package GNUsocial
* @author Zach Copley <zach@status.net>
* @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
*/
class ApiOAuthAction extends ApiAction
{
@@ -49,7 +44,7 @@ class ApiOAuthAction extends ApiAction
*
* @return boolean false
*/
function isReadOnly($args)
public function isReadOnly($args)
{
return false;
}
@@ -66,14 +61,8 @@ class ApiOAuthAction extends ApiAction
* I'm looking at you, p parameter.
*/
static function cleanRequest()
public static function cleanRequest()
{
// kill evil effects of magical slashing
if (get_magic_quotes_gpc() == 1) {
$_POST = array_map('stripslashes', $_POST);
$_GET = array_map('stripslashes', $_GET);
}
// strip out the p param added in index.php
unset($_GET['p']);
unset($_POST['p']);
@@ -89,5 +78,4 @@ class ApiOAuthAction extends ApiAction
$_SERVER['QUERY_STRING'] = implode('&', $queryArray);
}
}

2
lib/util/common.php
View File

@@ -36,7 +36,7 @@ try {
// TRANS: Error message displayed when no configuration file was found for a StatusNet installation.
// TRANS: Is followed by a list of directories (separated by HTML breaks).
echo '<p>'. _('I looked for configuration files in the following places:') .'<br /> ';
echo implode($e->configFiles, '<br />');
echo implode('<br />', $e->configFiles);
// TRANS: Error message displayed when no configuration file was found for a StatusNet installation.
echo '<p>'. _('You may wish to run the installer to fix this.') .'</p>';
// @todo FIXME Link should be in a para?

33
lib/util/util.php
View File

@@ -1498,7 +1498,7 @@ function common_fake_local_nonfancy_url($url)
// remove the first element, which is the full matching string
array_shift($matches);
return implode($matches);
return implode('', $matches);
}
function common_inject_session($url, $serverpart = null)
@@ -2178,42 +2178,19 @@ function common_config_append($main, $sub, $value)
}
/**
* Pull arguments from a GET/POST/REQUEST array with first-level input checks:
* strips "magic quotes" slashes if necessary,
* and replaces invalid in UTF-8 sequences with question marks.
* Pull arguments from a GET/POST/REQUEST array and replace invalid in UTF-8
* sequences with question marks.
*
* @param array $from
* @return array
*/
function common_copy_args(array $from): array
{
$strip = get_magic_quotes_gpc();
return array_map(function ($v) use ($strip) {
if (is_array($v)) {
return common_copy_args($v);
} else {
if ($strip) {
$v = stripslashes($v);
}
return mb_scrub($v);
}
return array_map(function ($v) {
return is_array($v) ? common_copy_args($v) : mb_scrub($v);
}, $from);
}
/**
* Neutralise the evil effects of magic_quotes_gpc in the current request.
* This is used before handing a request off to OAuthRequest::from_request.
* @fixme Doesn't consider vars other than _POST and _GET?
* @fixme Can't be undone and could corrupt data if run twice.
*/
function common_remove_magic_from_request()
{
if (get_magic_quotes_gpc()) {
$_POST=array_map('stripslashes', $_POST);
$_GET=array_map('stripslashes', $_GET);
}
}
function common_user_uri(&$user)
{
return common_local_url(