maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

use Request-wrapper-class for every access to $_GET superglobal

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2024-05-09 16:03:46 +02:00
parent fce310049a
commit 7934684982
9 changed files with 31 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/Froxlor/UI/HTML.php
View File

@@ -33,10 +33,9 @@ class HTML
/**
* Build Navigation Sidebar
*
* @param
* array navigation data
* @param
* array userinfo the userinfo of the user
* @param array $navigation data
* @param array $userinfo the userinfo of the user
*
* @return array the content of the navigation bar according to user-permissions
*/
public static function buildNavigation(array $navigation, array $userinfo)
@@ -44,12 +43,19 @@ class HTML
$returnvalue = [];
// sanitize user-given input (url-manipulation)
if (isset($_GET['page']) && is_array($_GET['page'])) {
$_GET['page'] = (string)$_GET['page'][0];
$req_page = Request::get('page');
if (!empty($req_page) && is_array($req_page)) {
$req_page = (string)array_shift($req_page);
}
if (isset($_GET['action']) && is_array($_GET['action'])) {
$_GET['action'] = (string)$_GET['action'][0];
// need to preserve this
$_GET['page'] = $req_page;
$req_action = Request::get('action');
if (!empty($req_action) && is_array($req_action)) {
$req_action = (string)array_shift($req_action);
}
// need to preserve this
$_GET['action'] = $req_action;
foreach ($navigation as $box) {
if ((!isset($box['show_element']) || $box['show_element'] === true) && (!isset($box['required_resources']) || $box['required_resources'] == '' || (isset($userinfo[$box['required_resources']]) && ((int)$userinfo[$box['required_resources']] > 0 || $userinfo[$box['required_resources']] == '-1')))) {
@@ -69,7 +75,7 @@ class HTML
}
if (
((empty($_GET['page']) && substr_count($element['url'], "page=") == 0) || (isset($_GET['page']) && substr_count($element['url'], "page=" . $_GET['page']) > 0))
((empty($req_page) && substr_count($element['url'], "page=") == 0) || (!empty($req_page) && substr_count($element['url'], "page=" . $req_page) > 0))
&& substr_count($element['url'], basename($_SERVER["SCRIPT_FILENAME"])) > 0
) {
$active = true;