[UTIL] Sanitise instead of validate in common_copy_args()
And remove common_validate_utf8() which is now unused.
This commit is contained in:
Alexei Sorokin
Diogo Peralta Cordeiro
parent
9e94b7f145
commit
22f6d3ce14
|
|
@ -1234,27 +1234,6 @@ function common_shorten_links($text, $always = false, User $user=null)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Very basic stripping of invalid UTF-8 input text.
|
|
||||||
*
|
|
||||||
* @param string $str
|
|
||||||
* @return mixed string or null if invalid input
|
|
||||||
*
|
|
||||||
* @todo ideally we should drop bad chars, and maybe do some of the checks
|
|
||||||
* from common_xml_safe_str. But we can't strip newlines, etc.
|
|
||||||
* @todo Unicode normalization might also be useful, but not needed now.
|
|
||||||
*/
|
|
||||||
function common_validate_utf8($str)
|
|
||||||
{
|
|
||||||
// preg_replace will return NULL on invalid UTF-8 input.
|
|
||||||
//
|
|
||||||
// Note: empty regex //u also caused NULL return on some
|
|
||||||
// production machines, but none of our test machines.
|
|
||||||
//
|
|
||||||
// This should be replaced with a more reliable check.
|
|
||||||
return preg_replace('/\x00/u', '', $str);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Make sure an arbitrary string is safe for output in XML as a single line.
|
* Make sure an arbitrary string is safe for output in XML as a single line.
|
||||||
*
|
*
|
||||||
|
|
@ -2200,26 +2179,25 @@ function common_config_append($main, $sub, $value)
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pull arguments from a GET/POST/REQUEST array with first-level input checks:
|
* Pull arguments from a GET/POST/REQUEST array with first-level input checks:
|
||||||
* strips "magic quotes" slashes if necessary, and kills invalid UTF-8 strings.
|
* strips "magic quotes" slashes if necessary,
|
||||||
|
* and replaces invalid in UTF-8 sequences with question marks.
|
||||||
*
|
*
|
||||||
* @param array $from
|
* @param array $from
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
function common_copy_args($from)
|
function common_copy_args(array $from): array
|
||||||
{
|
{
|
||||||
$to = [];
|
|
||||||
$strip = get_magic_quotes_gpc();
|
$strip = get_magic_quotes_gpc();
|
||||||
foreach ($from as $k => $v) {
|
return array_map(function ($v) use ($strip) {
|
||||||
if (is_array($v)) {
|
if (is_array($v)) {
|
||||||
$to[$k] = common_copy_args($v);
|
return common_copy_args($v);
|
||||||
} else {
|
} else {
|
||||||
if ($strip) {
|
if ($strip) {
|
||||||
$v = stripslashes($v);
|
$v = stripslashes($v);
|
||||||
}
|
}
|
||||||
$to[$k] = strval(common_validate_utf8($v));
|
return mb_scrub($v);
|
||||||
}
|
}
|
||||||
}
|
}, $from);
|
||||||
return $to;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -305,14 +305,16 @@ function main()
|
||||||
// If the site is private, and they're not on one of the "public"
|
// If the site is private, and they're not on one of the "public"
|
||||||
// parts of the site, redirect to login
|
// parts of the site, redirect to login
|
||||||
|
|
||||||
if (!$user && common_config('site', 'private')
|
if (
|
||||||
|
is_null($user)
|
||||||
|
&& common_config('site', 'private')
|
||||||
&& !isLoginAction($action)
|
&& !isLoginAction($action)
|
||||||
&& !preg_match('/rss$/', $action)
|
&& !preg_match('/rss$/', $action)
|
||||||
&& $action != 'robotstxt'
|
&& $action !== 'robotstxt'
|
||||||
&& !preg_match('/^Api/', $action)) {
|
&& !preg_match('/^Api/', $action)
|
||||||
|
) {
|
||||||
// set returnto
|
// set returnto
|
||||||
$rargs =& common_copy_args($args);
|
$rargs = common_copy_args($args);
|
||||||
unset($rargs['action']);
|
unset($rargs['action']);
|
||||||
if (common_config('site', 'fancy')) {
|
if (common_config('site', 'fancy')) {
|
||||||
unset($rargs['p']);
|
unset($rargs['p']);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user