From f2485ecd9aab8da544b5e12891d82ae6fcff5fc7 Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Fri, 30 Dec 2022 21:43:27 +0100 Subject: [PATCH] adjust Request-class methods to be more flexible Signed-off-by: Michael Kaufmann --- admin_admins.php | 2 +- admin_configfiles.php | 4 ++-- admin_cronjobs.php | 2 +- admin_customers.php | 2 +- admin_domains.php | 2 +- admin_index.php | 2 +- admin_ipsandports.php | 2 +- admin_message.php | 2 +- admin_mysqlserver.php | 2 +- admin_phpsettings.php | 2 +- admin_plans.php | 4 ++-- admin_settings.php | 2 +- admin_templates.php | 6 +++--- admin_traffic.php | 2 +- api_keys.php | 2 +- customer_domains.php | 4 ++-- customer_email.php | 2 +- customer_extras.php | 2 +- customer_ftp.php | 2 +- customer_mysql.php | 2 +- customer_traffic.php | 2 +- dns_editor.php | 2 +- error_report.php | 2 +- lib/Froxlor/Ajax/Ajax.php | 33 +++++++++++++++++---------------- lib/Froxlor/Install/Install.php | 8 ++++---- lib/Froxlor/UI/Request.php | 32 ++++++++++++++++++++++++++++++-- lib/ajax.php | 1 + lib/functions.php | 2 +- lib/init.php | 6 +++--- logfiles_viewer.php | 4 ++-- ssl_certificates.php | 2 +- 31 files changed, 87 insertions(+), 57 deletions(-) diff --git a/admin_admins.php b/admin_admins.php index 50be2147..13b38bab 100644 --- a/admin_admins.php +++ b/admin_admins.php @@ -39,7 +39,7 @@ use Froxlor\UI\Panel\UI; use Froxlor\UI\Request; use Froxlor\UI\Response; -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); if (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettings'] == '1') { if ($action == '') { diff --git a/admin_configfiles.php b/admin_configfiles.php index 4f0c5432..c3e3f0dd 100644 --- a/admin_configfiles.php +++ b/admin_configfiles.php @@ -41,8 +41,8 @@ if ($userinfo['change_serversettings'] == '1') { } // get distro from URL param - $distribution = Request::get('distribution'); - $reselect = Request::get('reselect', 0); + $distribution = Request::any('distribution'); + $reselect = Request::any('reselect', 0); // check for possible setting if (empty($distribution)) { diff --git a/admin_cronjobs.php b/admin_cronjobs.php index 9ad6e27d..e23ce0c0 100644 --- a/admin_cronjobs.php +++ b/admin_cronjobs.php @@ -34,7 +34,7 @@ use Froxlor\UI\Panel\UI; use Froxlor\UI\Request; use Froxlor\UI\Response; -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); if ($page == 'cronjobs' || $page == 'overview') { if ($action == '') { diff --git a/admin_customers.php b/admin_customers.php index 0dfabb04..4a403a79 100644 --- a/admin_customers.php +++ b/admin_customers.php @@ -42,7 +42,7 @@ use Froxlor\UI\Panel\UI; use Froxlor\UI\Request; use Froxlor\UI\Response; -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '0') { if ($action == '') { diff --git a/admin_domains.php b/admin_domains.php index bec95378..77dd9c65 100644 --- a/admin_domains.php +++ b/admin_domains.php @@ -47,7 +47,7 @@ use Froxlor\User; use Froxlor\Validate\Validate; use Froxlor\CurrentUser; -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); if ($page == 'domains' || $page == 'overview') { if ($action == '') { diff --git a/admin_index.php b/admin_index.php index 8038c7fb..f5479e4e 100644 --- a/admin_index.php +++ b/admin_index.php @@ -40,7 +40,7 @@ use Froxlor\UI\Response; use Froxlor\Validate\Validate; use Froxlor\Language; -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); if ($action == 'logout') { $log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "logged out"); diff --git a/admin_ipsandports.php b/admin_ipsandports.php index c469171d..6a60288b 100644 --- a/admin_ipsandports.php +++ b/admin_ipsandports.php @@ -36,7 +36,7 @@ use Froxlor\UI\Panel\UI; use Froxlor\UI\Request; use Froxlor\UI\Response; -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); if ($page == 'ipsandports' || $page == 'overview') { if ($action == '') { diff --git a/admin_message.php b/admin_message.php index 4c473df8..34343acc 100644 --- a/admin_message.php +++ b/admin_message.php @@ -33,7 +33,7 @@ use Froxlor\UI\Request; use Froxlor\UI\Response; use Froxlor\User; -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); $note_type = null; $note_msg = null; diff --git a/admin_mysqlserver.php b/admin_mysqlserver.php index dac500ae..c2332d0b 100644 --- a/admin_mysqlserver.php +++ b/admin_mysqlserver.php @@ -36,7 +36,7 @@ use Froxlor\UI\Panel\UI; use Froxlor\UI\Request; use Froxlor\UI\Response; -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); if ($page == 'mysqlserver' || $page == 'overview') { if ($action == '') { diff --git a/admin_phpsettings.php b/admin_phpsettings.php index 77cb6912..208692e2 100644 --- a/admin_phpsettings.php +++ b/admin_phpsettings.php @@ -37,7 +37,7 @@ use Froxlor\UI\Panel\UI; use Froxlor\UI\Request; use Froxlor\UI\Response; -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); if ($page == 'overview') { if ($action == '') { diff --git a/admin_plans.php b/admin_plans.php index 734f5799..f25ccd6f 100644 --- a/admin_plans.php +++ b/admin_plans.php @@ -39,7 +39,7 @@ use Froxlor\UI\Panel\UI; use Froxlor\UI\Request; use Froxlor\UI\Response; -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); if ($page == '' || $page == 'overview') { if ($action == '') { @@ -263,7 +263,7 @@ if ($page == '' || $page == 'overview') { } } } elseif ($action == 'jqGetPlanValues') { - $planid = (int)Request::get('planid', 0); + $planid = (int)Request::any('planid', 0); try { $json_result = HostingPlans::getLocal($userinfo, [ 'id' => $planid diff --git a/admin_settings.php b/admin_settings.php index 4a8f384e..d5b086a4 100644 --- a/admin_settings.php +++ b/admin_settings.php @@ -112,7 +112,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') { if ($_part == '' || $_part == 'all') { UI::view('settings/index.html.twig', ['fields' => $fields]); } else { - $em = Request::get('em', ''); + $em = Request::any('em', ''); UI::view('settings/detailpart.html.twig', ['fields' => $fields, 'em' => $em]); } } diff --git a/admin_templates.php b/admin_templates.php index 3aacc009..1f6e7a6c 100644 --- a/admin_templates.php +++ b/admin_templates.php @@ -39,9 +39,9 @@ use Froxlor\UI\Response; use Froxlor\Validate\Validate; use Froxlor\CurrentUser; -$id = (int)Request::get('id'); -$subjectid = intval(Request::get('subjectid')); -$mailbodyid = intval(Request::get('mailbodyid')); +$id = (int)Request::any('id'); +$subjectid = intval(Request::any('subjectid')); +$mailbodyid = intval(Request::any('mailbodyid')); $available_templates = [ 'createcustomer', diff --git a/admin_traffic.php b/admin_traffic.php index 352bdc74..cdd46dcf 100644 --- a/admin_traffic.php +++ b/admin_traffic.php @@ -31,7 +31,7 @@ use Froxlor\UI\Panel\UI; use Froxlor\UI\Request; use Froxlor\UI\Response; -$range = Request::get('range', 'currentmonth'); +$range = Request::any('range', 'currentmonth'); if ($page == 'overview' || $page == 'customers') { try { diff --git a/api_keys.php b/api_keys.php index 8e34658c..1a566090 100644 --- a/api_keys.php +++ b/api_keys.php @@ -49,7 +49,7 @@ if ($userinfo['adminsession'] == 1 && $userinfo['api_allowed'] == 0) { // and therefore does not need to require lib/init.php $del_stmt = Database::prepare("DELETE FROM `" . TABLE_API_KEYS . "` WHERE id = :id"); -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); // do the delete and then just show a success-message and the apikeys list again if ($action == 'delete' && $id > 0) { diff --git a/customer_domains.php b/customer_domains.php index 26cebcb8..f99f4d7a 100644 --- a/customer_domains.php +++ b/customer_domains.php @@ -47,13 +47,13 @@ if (Settings::IsInList('panel.customer_hide_options', 'domains')) { Response::redirectTo('customer_index.php'); } -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); if ($page == 'overview' || $page == 'domains') { if ($action == '') { $log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed customer_domains::domains"); - $parentdomain_id = (int)Request::get('pid', '0'); + $parentdomain_id = (int)Request::any('pid', '0'); try { $domain_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/customer/tablelisting.domains.php'; diff --git a/customer_email.php b/customer_email.php index 8a42b5ea..0ea4daa8 100644 --- a/customer_email.php +++ b/customer_email.php @@ -47,7 +47,7 @@ if (Settings::IsInList('panel.customer_hide_options', 'email') || $userinfo['ema Response::redirectTo('customer_index.php'); } -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); if ($page == 'overview' || $page == 'emails') { if ($action == '') { diff --git a/customer_extras.php b/customer_extras.php index f08b379d..05ee93d7 100644 --- a/customer_extras.php +++ b/customer_extras.php @@ -46,7 +46,7 @@ if (Settings::IsInList('panel.customer_hide_options', 'extras')) { Response::redirectTo('customer_index.php'); } -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); if ($page == 'overview' || $page == 'htpasswds') { // redirect if this customer sub-page is hidden via settings diff --git a/customer_ftp.php b/customer_ftp.php index bdf33e97..77da795d 100644 --- a/customer_ftp.php +++ b/customer_ftp.php @@ -44,7 +44,7 @@ if (Settings::IsInList('panel.customer_hide_options', 'ftp') || $userinfo['ftps' Response::redirectTo('customer_index.php'); } -$id = (int)Request::get('id', 0); +$id = (int)Request::any('id', 0); if ($page == 'overview' || $page == 'accounts') { if ($action == '') { diff --git a/customer_mysql.php b/customer_mysql.php index f806d147..ceb6ff23 100644 --- a/customer_mysql.php +++ b/customer_mysql.php @@ -50,7 +50,7 @@ Database::needSqlData(); $sql_root = Database::getSqlData(); Database::needRoot(false); -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); if ($page == 'overview' || $page == 'mysqls') { if ($action == '') { diff --git a/customer_traffic.php b/customer_traffic.php index b5484b6c..74da5213 100644 --- a/customer_traffic.php +++ b/customer_traffic.php @@ -37,7 +37,7 @@ if (Settings::IsInList('panel.customer_hide_options', 'traffic')) { Response::redirectTo('customer_index.php'); } -$range = Request::get('range', 'currentyear'); +$range = Request::any('range', 'currentyear'); if ($page == 'current') { $range = 'currentmonth'; diff --git a/dns_editor.php b/dns_editor.php index 56a86b4e..f6665d51 100644 --- a/dns_editor.php +++ b/dns_editor.php @@ -40,7 +40,7 @@ use Froxlor\UI\Response; // This file is being included in admin_domains and customer_domains // and therefore does not need to require lib/init.php -$domain_id = (int)Request::get('domain_id'); +$domain_id = (int)Request::any('domain_id'); $record = isset($_POST['dns_record']) ? trim($_POST['dns_record']) : null; $type = isset($_POST['dns_type']) ? $_POST['dns_type'] : 'A'; diff --git a/error_report.php b/error_report.php index 01ff2eb0..c4a8c755 100644 --- a/error_report.php +++ b/error_report.php @@ -37,7 +37,7 @@ use Froxlor\UI\Response; // This file is being included in admin_domains and customer_domains // and therefore does not need to require lib/init.php -$errid = Request::get('errorid'); +$errid = Request::any('errorid'); if (!empty($errid)) { // read error file diff --git a/lib/Froxlor/Ajax/Ajax.php b/lib/Froxlor/Ajax/Ajax.php index d5aa8835..7aaa9d69 100644 --- a/lib/Froxlor/Ajax/Ajax.php +++ b/lib/Froxlor/Ajax/Ajax.php @@ -53,8 +53,8 @@ class Ajax */ public function __construct() { - $this->action = $_GET['action'] ?? $_POST['action'] ?? null; - $this->theme = $_GET['theme'] ?? 'Froxlor'; + $this->action = Request::any('action'); + $this->theme = Request::any('theme', 'Froxlor'); UI::sendHeaders(); UI::sendSslHeaders(); @@ -112,7 +112,8 @@ class Ajax $feed = "https://inside.froxlor.org/news/"; // Set custom feed if provided - if (isset($_GET['role']) && $_GET['role'] == "customer") { + $role = Request::get('role'); + if ($role == "customer") { $custom_feed = Settings::Get("customer.news_feed_url"); if (!empty(trim($custom_feed))) { $feed = $custom_feed; @@ -140,7 +141,7 @@ class Ajax if ($news === false) { $err = []; - foreach(libxml_get_errors() as $error) { + foreach (libxml_get_errors() as $error) { $err[] = $error->message; } return $this->errorResponse( @@ -205,7 +206,7 @@ class Ajax } catch (Exception $e) { // don't display anything if just not allowed due to permissions if ($e->getCode() != 403) { - Response::dynamicError($e->getMessage()); + return $this->errorResponse($e->getMessage(), $e->getCode()); } } } @@ -215,7 +216,7 @@ class Ajax */ private function searchGlobal() { - $searchtext = Request::get('searchtext'); + $searchtext = Request::any('searchtext'); $result = []; @@ -236,11 +237,11 @@ class Ajax private function updateTablelisting() { $columns = []; - foreach ((Request::get('columns') ?? []) as $value) { + foreach ((Request::any('columns') ?? []) as $value) { $columns[] = $value; } if (!empty($columns)) { - Listing::storeColumnListingForUser([Request::get('listing') => $columns]); + Listing::storeColumnListingForUser([Request::any('listing') => $columns]); return $this->jsonResponse($columns); } return $this->errorResponse('At least one column must be selected', 406); @@ -248,15 +249,15 @@ class Ajax private function resetTablelisting() { - Listing::deleteColumnListingForUser([Request::get('listing') => []]); + Listing::deleteColumnListingForUser([Request::any('listing') => []]); return $this->jsonResponse([]); } private function editApiKey() { - $keyid = isset($_POST['id']) ? (int)$_POST['id'] : 0; - $allowed_from = isset($_POST['allowed_from']) ? $_POST['allowed_from'] : ""; - $valid_until = isset($_POST['valid_until']) ? $_POST['valid_until'] : ""; + $keyid = Request::post('id', 0); + $allowed_from = Request::post('allowed_from', ""); + $valid_until = Request::post('valid_until', ""); if (empty($keyid)) { return $this->errorResponse('Invalid call', 406); @@ -318,9 +319,9 @@ class Ajax private function getConfigDetails() { if (isset($this->userinfo['adminsession']) && $this->userinfo['adminsession'] == 1 && $this->userinfo['change_serversettings'] == 1) { - $distribution = isset($_POST['distro']) ? $_POST['distro'] : ""; - $section = isset($_POST['section']) ? $_POST['section'] : ""; - $daemon = isset($_POST['daemon']) ? $_POST['daemon'] : ""; + $distribution = Request::post('distro', ""); + $section = Request::post('section', ""); + $daemon = Request::post('daemon', ""); // validate distribution config-xml exists $config_dir = FileDir::makeCorrectDir(Froxlor::getInstallDir() . '/lib/configfiles/'); @@ -375,7 +376,7 @@ class Ajax */ private function loadLanguageString() { - $langid = isset($_POST['langid']) ? $_POST['langid'] : ""; + $langid = Request::post('langid', ""); if (preg_match('/^([a-zA-Z\.]+)$/', $langid)) { return $this->jsonResponse(lng($langid)); } diff --git a/lib/Froxlor/Install/Install.php b/lib/Froxlor/Install/Install.php index 7f96507b..401124a7 100644 --- a/lib/Froxlor/Install/Install.php +++ b/lib/Froxlor/Install/Install.php @@ -80,8 +80,8 @@ class Install $this->formfield = require dirname(__DIR__, 3) . '/lib/formfields/install/formfield.install.php'; // set actual step - $this->currentStep = $cliData['step'] ?? Request::get('step', 0); - $this->extendedView = $cliData['extended'] ?? Request::get('extended', 0); + $this->currentStep = $cliData['step'] ?? Request::any('step', 0); + $this->extendedView = $cliData['extended'] ?? Request::any('extended', 0); $this->maxSteps = count($this->formfield['install']['sections']); // set actual php version and extensions @@ -114,7 +114,7 @@ class Install public function handle(): void { // handle form data - if (!is_null(Request::get('submit')) && $this->currentStep) { + if (!is_null(Request::any('submit')) && $this->currentStep) { try { $this->handleFormData($this->formfield['install']); } catch (Exception $e) { @@ -266,7 +266,7 @@ class Install { $attributes = []; foreach ($fields as $name => $field) { - $attributes[$name] = $this->validateAttribute(Request::get($name), $field); + $attributes[$name] = $this->validateAttribute(Request::any($name), $field); if (isset($field['next_to'])) { $attributes = array_merge($attributes, $this->validateRequest($field['next_to'])); } diff --git a/lib/Froxlor/UI/Request.php b/lib/Froxlor/UI/Request.php index 6faa72eb..e053e8b1 100644 --- a/lib/Froxlor/UI/Request.php +++ b/lib/Froxlor/UI/Request.php @@ -31,7 +31,21 @@ use voku\helper\AntiXSS; class Request { /** - * Get key from current request. + * Get key from current $_GET or $_POST request. + * + * @param $key + * @param string|null $default + * @return mixed|string|null + */ + public static function any($key, string $default = null) + { + self::cleanAll(); + + return $_GET[$key] ?? $_POST[$key] ?? $default; + } + + /** + * Get key from current $_GET request. * * @param $key * @param string|null $default @@ -41,7 +55,21 @@ class Request { self::cleanAll(); - return $_GET[$key] ?? $_POST[$key] ?? $default; + return $_GET[$key] ?? $default; + } + + /** + * Get key from current $_POST request. + * + * @param $key + * @param string|null $default + * @return mixed|string|null + */ + public static function post($key, string $default = null) + { + self::cleanAll(); + + return $_POST[$key] ?? $default; } /** diff --git a/lib/ajax.php b/lib/ajax.php index 5c7c73a2..eaf34efc 100644 --- a/lib/ajax.php +++ b/lib/ajax.php @@ -42,5 +42,6 @@ require_once dirname(__DIR__) . '/lib/tables.inc.php'; try { echo (new Ajax)->handle(); } catch (Exception $e) { + header("Content-Type: application/json"); echo \Froxlor\Api\Response::jsonErrorResponse($e->getMessage(), 500); } diff --git a/lib/functions.php b/lib/functions.php index c9fac4f8..bca5eb0e 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -43,5 +43,5 @@ function old(string $identifier, string $default = null, string $session = null) if ($session && isset($_SESSION[$session])) { return $_SESSION[$session][$identifier] ?? $default; } - return Request::get($identifier, $default); + return Request::any($identifier, $default); } diff --git a/lib/init.php b/lib/init.php index 33785834..c5d65163 100644 --- a/lib/init.php +++ b/lib/init.php @@ -295,9 +295,9 @@ UI::twig()->addGlobal('theme_css', $css); unset($js); unset($css); -$action = Request::get('action'); -$page = Request::get('page', 'overview'); -$gSearchText = Request::get('searchtext'); +$action = Request::any('action'); +$page = Request::any('page', 'overview'); +$gSearchText = Request::any('searchtext'); // clear request data if (!$action && isset($_SESSION)) { diff --git a/logfiles_viewer.php b/logfiles_viewer.php index c4b1dede..20d00d7c 100644 --- a/logfiles_viewer.php +++ b/logfiles_viewer.php @@ -39,8 +39,8 @@ use Froxlor\UI\Response; // This file is being included in admin_domains and customer_domains // and therefore does not need to require lib/init.php -$domain_id = (int)Request::get('domain_id'); -$last_n = (int)Request::get('number_of_lines', 100); +$domain_id = (int)Request::any('domain_id'); +$last_n = (int)Request::any('number_of_lines', 100); // user's with logviewenabled = false if (AREA != 'admin' && $userinfo['logviewenabled'] != '1') { diff --git a/ssl_certificates.php b/ssl_certificates.php index 72b1bcf7..bd917e68 100644 --- a/ssl_certificates.php +++ b/ssl_certificates.php @@ -43,7 +43,7 @@ use Froxlor\UI\Response; // and therefore does not need to require lib/init.php $success_message = ""; -$id = (int)Request::get('id'); +$id = (int)Request::any('id'); // do the delete and then just show a success-message and the certificates list again if ($action == 'delete') {