maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

use Request-wrapper-class for every access to $_POST superglobal

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2024-05-09 15:48:23 +02:00
parent 914204b483
commit fce310049a
42 changed files with 303 additions and 254 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
admin_configfiles.php
View File

@@ -93,14 +93,14 @@ if ($userinfo['change_serversettings'] == '1') {
asort($distributions_select);
}
if ($distribution != "" && isset($_POST['finish'])) {
if ($distribution != "" && !empty(Request::post('finish'))) {
$valid_keys = ['http', 'dns', 'smtp', 'mail', 'antispam', 'ftp', 'system', 'distro'];
unset($_POST['finish']);
unset($_POST['csrf_token']);
$params = $_POST;
$params = Request::postAll();
$params['distro'] = $distribution;
$params['system'] = [];
foreach ($_POST['system'] as $sysdaemon) {
foreach (Request::post('system', []) as $sysdaemon) {
$params['system'][] = $sysdaemon;
}
// validate params