Remove "magic quotes" code and avoid wrong order implode

"Magic quotes" were removed in PHP 5.4, no need to mitigate it anymore. Avoid implode() with the join()-like order of arguments which was deprecated since PHP 7.4 and implicitly since PHP 5.3. Also avoid implode() with an implicit separator for stylistic reasons. mktime() with no arguments has been deprecated since PHP 5.1.
2020-09-15 14:59:27 +03:00
parent 2ef944d5c4
commit 8079a476b6
6 changed files with 95 additions and 156 deletions
--- a/public/install.php
+++ b/public/install.php
@@ -70,7 +70,6 @@ class Posted

    /**
     * The given POST parameter value, in its original form.
-     * Magic quotes are stripped, if provided.
     * Missing value will give null.
     *
     * @param string $name
@@ -78,29 +77,7 @@ class Posted
     */
    public function raw(string $name)
    {
-        if (isset($_POST[$name])) {
-            return $this->dequote($_POST[$name]);
-        } else {
-            return null;
-        }
-    }
-
-    /**
-     * If necessary, strip magic quotes from the given value.
-     *
-     * @param mixed $val
-     * @return mixed
-     */
-    public function dequote($val)
-    {
-        if (get_magic_quotes_gpc()) {
-            if (is_string($val)) {
-                return stripslashes($val);
-            } elseif (is_array($val)) {
-                return array_map([$this, 'dequote'], $val);
-            }
-        }
-        return $val;
+        return filter_input(INPUT_POST, $name);
    }
 }