From 3a1e4602492cec1c8f3d2aabab2c866022f43bf1 Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Tue, 18 Jul 2017 21:38:53 +0200 Subject: [PATCH 1/3] Changed $_GET, $_POST and $_REQUEST to use the Request object --- includes/controller/angeltypes_controller.php | 22 ++-- .../controller/event_config_controller.php | 7 +- includes/controller/rooms_controller.php | 15 ++- .../controller/shift_entries_controller.php | 30 ++--- includes/controller/shifts_controller.php | 54 +++++---- includes/controller/shifttypes_controller.php | 35 +++--- .../controller/user_angeltypes_controller.php | 49 ++++---- .../user_driver_licenses_controller.php | 24 ++-- includes/controller/users_controller.php | 72 +++++++----- includes/engelsystem_provider.php | 8 ++ .../helper/internationalization_helper.php | 8 +- includes/pages/admin_active.php | 27 ++--- includes/pages/admin_arrive.php | 12 +- includes/pages/admin_free.php | 16 +-- includes/pages/admin_groups.php | 21 ++-- includes/pages/admin_import.php | 48 ++++---- includes/pages/admin_log.php | 2 +- includes/pages/admin_news.php | 17 +-- includes/pages/admin_questions.php | 15 +-- includes/pages/admin_rooms.php | 36 +++--- includes/pages/admin_shifts.php | 69 +++++------ includes/pages/admin_user.php | 58 ++++----- includes/pages/guest_login.php | 63 +++++----- includes/pages/guest_stats.php | 5 +- includes/pages/user_atom.php | 9 +- includes/pages/user_ical.php | 5 +- includes/pages/user_messages.php | 16 +-- includes/pages/user_myshifts.php | 25 ++-- includes/pages/user_news.php | 47 ++++---- includes/pages/user_questions.php | 9 +- includes/pages/user_settings.php | 55 +++++---- includes/pages/user_shifts.php | 9 +- includes/sys_page.php | 35 +++--- includes/sys_template.php | 6 +- public/index.php | 16 ++- src/Http/Request.php | 110 ++++++++++++++++++ src/helpers.php | 17 +++ 37 files changed, 643 insertions(+), 429 deletions(-) create mode 100644 src/Http/Request.php diff --git a/includes/controller/angeltypes_controller.php b/includes/controller/angeltypes_controller.php index daa754eb..346a4d73 100644 --- a/includes/controller/angeltypes_controller.php +++ b/includes/controller/angeltypes_controller.php @@ -81,7 +81,7 @@ function angeltype_delete_controller() $angeltype = load_angeltype(); - if (isset($_REQUEST['confirmed'])) { + if (request()->has('confirmed')) { AngelType_delete($angeltype); success(sprintf(_('Angeltype %s deleted.'), AngelType_name_render($angeltype))); redirect(page_link_to('angeltypes')); @@ -104,8 +104,9 @@ function angeltype_edit_controller() // In supporter mode only allow to modify description $supporter_mode = !in_array('admin_angel_types', $privileges); + $request = request(); - if (isset($_REQUEST['angeltype_id'])) { + if ($request->has('angeltype_id')) { // Edit existing angeltype $angeltype = load_angeltype(); @@ -121,12 +122,12 @@ function angeltype_edit_controller() $angeltype = AngelType_new(); } - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { $valid = true; if (!$supporter_mode) { - if (isset($_REQUEST['name'])) { - $result = AngelType_validate_name($_REQUEST['name'], $angeltype); + if ($request->has('name')) { + $result = AngelType_validate_name($request->get('name'), $angeltype); $angeltype['name'] = $result->getValue(); if (!$result->isValid()) { $valid = false; @@ -134,10 +135,10 @@ function angeltype_edit_controller() } } - $angeltype['restricted'] = isset($_REQUEST['restricted']); - $angeltype['no_self_signup'] = isset($_REQUEST['no_self_signup']); + $angeltype['restricted'] = $request->has('restricted'); + $angeltype['no_self_signup'] = $request->has('no_self_signup'); - $angeltype['requires_driver_license'] = isset($_REQUEST['requires_driver_license']); + $angeltype['requires_driver_license'] = $request->has('requires_driver_license'); } $angeltype['description'] = strip_request_item_nl('description', $angeltype['description']); @@ -262,11 +263,12 @@ function angeltypes_list_controller() */ function load_angeltype() { - if (!isset($_REQUEST['angeltype_id'])) { + $request = request(); + if (!$request->has('angeltype_id')) { redirect(page_link_to('angeltypes')); } - $angeltype = AngelType($_REQUEST['angeltype_id']); + $angeltype = AngelType($request->input('angeltype_id')); if ($angeltype == null) { error(_('Angeltype doesn\'t exist . ')); redirect(page_link_to('angeltypes')); diff --git a/includes/controller/event_config_controller.php b/includes/controller/event_config_controller.php index 06245c47..dcdcf54a 100644 --- a/includes/controller/event_config_controller.php +++ b/includes/controller/event_config_controller.php @@ -19,6 +19,7 @@ function event_config_edit_controller() redirect('?'); } + $request = request(); $event_name = null; $event_welcome_msg = null; $buildup_start_date = null; @@ -36,17 +37,17 @@ function event_config_edit_controller() $event_welcome_msg = $event_config['event_welcome_msg']; } - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { $valid = true; - if (isset($_REQUEST['event_name'])) { + if ($request->has('event_name')) { $event_name = strip_request_item('event_name'); } if ($event_name == '') { $event_name = null; } - if (isset($_REQUEST['event_welcome_msg'])) { + if ($request->has('event_welcome_msg')) { $event_welcome_msg = strip_request_item_nl('event_welcome_msg'); } if ($event_welcome_msg == '') { diff --git a/includes/controller/rooms_controller.php b/includes/controller/rooms_controller.php index 3082a28d..2d6f1a77 100644 --- a/includes/controller/rooms_controller.php +++ b/includes/controller/rooms_controller.php @@ -19,6 +19,7 @@ function room_controller() redirect(page_link_to()); } + $request = request(); $room = load_room(false); if ($room['show'] != 'Y' && !in_array('admin_rooms', $privileges)) { redirect(page_link_to()); @@ -42,8 +43,8 @@ function room_controller() if (!empty($days)) { $selected_day = $days[0]; } - if (isset($_REQUEST['shifts_filter_day'])) { - $selected_day = $_REQUEST['shifts_filter_day']; + if ($request->has('shifts_filter_day')) { + $selected_day = $request->input('shifts_filter_day'); } $shiftsFilter->setStartTime(parse_date('Y-m-d H:i', $selected_day . ' 00:00')); $shiftsFilter->setEndTime(parse_date('Y-m-d H:i', $selected_day . ' 23:59')); @@ -66,11 +67,13 @@ function room_controller() */ function rooms_controller() { - if (!isset($_REQUEST['action'])) { - $_REQUEST['action'] = 'list'; + $request = request(); + $action = $request->input('action'); + if (!$request->has('action')) { + $action = 'list'; } - switch ($_REQUEST['action']) { + switch ($action) { case 'view': return room_controller(); case 'list': @@ -112,7 +115,7 @@ function load_room($onlyVisible = true) redirect(page_link_to()); } - $room = Room($_REQUEST['room_id'], $onlyVisible); + $room = Room(request()->input('room_id'), $onlyVisible); if ($room == null) { redirect(page_link_to()); } diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php index cb2d9bee..38aad5bb 100644 --- a/includes/controller/shift_entries_controller.php +++ b/includes/controller/shift_entries_controller.php @@ -11,9 +11,10 @@ function shift_entry_add_controller() { global $privileges, $user; + $request = request(); $shift_id = 0; - if (isset($_REQUEST['shift_id']) && preg_match('/^\d*$/', $_REQUEST['shift_id'])) { - $shift_id = $_REQUEST['shift_id']; + if ($request->has('shift_id') && preg_match('/^\d*$/', $request->input('shift_id'))) { + $shift_id = $request->input('shift_id'); } else { redirect(page_link_to('user_shifts')); } @@ -32,8 +33,8 @@ function shift_entry_add_controller() } $type_id = 0; - if (isset($_REQUEST['type_id']) && preg_match('/^\d*$/', $_REQUEST['type_id'])) { - $type_id = $_REQUEST['type_id']; + if ($request->has('type_id') && preg_match('/^\d*$/', $request->input('type_id'))) { + $type_id = $request->input('type_id'); } else { redirect(page_link_to('user_shifts')); } @@ -63,14 +64,14 @@ function shift_entry_add_controller() } if ( - isset($_REQUEST['user_id']) - && preg_match('/^\d*$/', $_REQUEST['user_id']) + $request->has('user_id') + && preg_match('/^\d*$/', $request->input('user_id')) && ( in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges) ) ) { - $user_id = $_REQUEST['user_id']; + $user_id = $request->input('user_id'); } else { $user_id = $user['UID']; } @@ -92,7 +93,7 @@ function shift_entry_add_controller() redirect(shift_link($shift)); } - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { $selected_type_id = $type_id; if (in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges) @@ -103,14 +104,14 @@ function shift_entry_add_controller() } if ( - isset($_REQUEST['angeltype_id']) + $request->has('angeltype_id') && test_request_int('angeltype_id') && count(DB::select( 'SELECT `id` FROM `AngelTypes` WHERE `id`=? LIMIT 1', - [$_REQUEST['angeltype_id']] + [$request->input('angeltype_id')] )) > 0 ) { - $selected_type_id = $_REQUEST['angeltype_id']; + $selected_type_id = $request->input('angeltype_id'); } } @@ -124,7 +125,7 @@ function shift_entry_add_controller() $freeloaded = isset($shift['freeloaded']) ? $shift['freeloaded'] : false; $freeload_comment = isset($shift['freeload_comment']) ? $shift['freeload_comment'] : ''; if (in_array('user_shifts_admin', $privileges)) { - $freeloaded = isset($_REQUEST['freeloaded']); + $freeloaded = $request->has('freeloaded'); $freeload_comment = strip_request_item_nl('freeload_comment'); } @@ -236,11 +237,12 @@ function shift_entry_add_controller() function shift_entry_delete_controller() { global $privileges, $user; + $request = request(); - if (!isset($_REQUEST['entry_id']) || !test_request_int('entry_id')) { + if (!$request->has('entry_id') || !test_request_int('entry_id')) { redirect(page_link_to('user_shifts')); } - $entry_id = $_REQUEST['entry_id']; + $entry_id = $request->input('entry_id'); $shift_entry_source = DB::select(' SELECT diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php index c8b6932a..21c6e160 100644 --- a/includes/controller/shifts_controller.php +++ b/includes/controller/shifts_controller.php @@ -44,15 +44,16 @@ function shift_edit_controller() // Schicht bearbeiten $msg = ''; $valid = true; + $request = request(); if (!in_array('admin_shifts', $privileges)) { redirect(page_link_to('user_shifts')); } - if (!isset($_REQUEST['edit_shift']) || !test_request_int('edit_shift')) { + if (!$request->has('edit_shift') || !test_request_int('edit_shift')) { redirect(page_link_to('user_shifts')); } - $shift_id = $_REQUEST['edit_shift']; + $shift_id = $request->input('edit_shift'); $shift = Shift($shift_id); @@ -73,33 +74,37 @@ function shift_edit_controller() $start = $shift['start']; $end = $shift['end']; - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { // Name/Bezeichnung der Schicht, darf leer sein $title = strip_request_item('title'); // Auswahl der sichtbaren Locations für die Schichten - if (isset($_REQUEST['rid']) && preg_match('/^\d+$/', $_REQUEST['rid']) && isset($room[$_REQUEST['rid']])) { - $rid = $_REQUEST['rid']; + if ( + $request->has('rid') + && preg_match('/^\d+$/', $request->input('rid')) + && isset($room[$request->input('rid')]) + ) { + $rid = $request->input('rid'); } else { $valid = false; $msg .= error(_('Please select a room.'), true); } - if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) { - $shifttype_id = $_REQUEST['shifttype_id']; + if ($request->has('shifttype_id') && isset($shifttypes[$request->input('shifttype_id')])) { + $shifttype_id = $request->input('shifttype_id'); } else { $valid = false; $msg .= error(_('Please select a shifttype.'), true); } - if (isset($_REQUEST['start']) && $tmp = parse_date('Y-m-d H:i', $_REQUEST['start'])) { + if ($request->has('start') && $tmp = parse_date('Y-m-d H:i', $request->input('start'))) { $start = $tmp; } else { $valid = false; $msg .= error(_('Please enter a valid starting time for the shifts.'), true); } - if (isset($_REQUEST['end']) && $tmp = parse_date('Y-m-d H:i', $_REQUEST['end'])) { + if ($request->has('end') && $tmp = parse_date('Y-m-d H:i', $request->input('end'))) { $end = $tmp; } else { $valid = false; @@ -112,8 +117,8 @@ function shift_edit_controller() } foreach ($needed_angel_types as $needed_angeltype_id => $needed_angeltype_name) { - if (isset($_REQUEST['type_' . $needed_angeltype_id]) && test_request_int('type_' . $needed_angeltype_id)) { - $needed_angel_types[$needed_angeltype_id] = trim($_REQUEST['type_' . $needed_angeltype_id]); + if ($request->has('type_' . $needed_angeltype_id) && test_request_int('type_' . $needed_angeltype_id)) { + $needed_angel_types[$needed_angeltype_id] = trim($request->input('type_' . $needed_angeltype_id)); } else { $valid = false; $msg .= error(sprintf( @@ -186,16 +191,17 @@ function shift_edit_controller() function shift_delete_controller() { global $privileges; + $request = request(); if (!in_array('user_shifts_admin', $privileges)) { redirect(page_link_to('user_shifts')); } // Schicht komplett löschen (nur für admins/user mit user_shifts_admin privileg) - if (!isset($_REQUEST['delete_shift']) || !preg_match('/^\d*$/', $_REQUEST['delete_shift'])) { + if (!$request->has('delete_shift') || !preg_match('/^\d*$/', $request->input('delete_shift'))) { redirect(page_link_to('user_shifts')); } - $shift_id = $_REQUEST['delete_shift']; + $shift_id = $request->input('delete_shift'); $shift = Shift($shift_id); if ($shift == null) { @@ -203,7 +209,7 @@ function shift_delete_controller() } // Schicht löschen bestätigt - if (isset($_REQUEST['delete'])) { + if ($request->has('delete')) { Shift_delete($shift_id); engelsystem_log( @@ -232,16 +238,17 @@ function shift_delete_controller() function shift_controller() { global $user, $privileges; + $request = request(); if (!in_array('user_shifts', $privileges)) { redirect(page_link_to('?')); } - if (!isset($_REQUEST['shift_id'])) { + if (!$request->has('shift_id')) { redirect(page_link_to('user_shifts')); } - $shift = Shift($_REQUEST['shift_id']); + $shift = Shift($request->input('shift_id')); if ($shift == null) { error(_('Shift could not be found.')); redirect(page_link_to('user_shifts')); @@ -285,11 +292,12 @@ function shift_controller() */ function shifts_controller() { - if (!isset($_REQUEST['action'])) { + $request = request(); + if (!$request->has('action')) { redirect(page_link_to('user_shifts')); } - switch ($_REQUEST['action']) { + switch ($request->input('action')) { case 'view': return shift_controller(); case 'next': @@ -330,16 +338,17 @@ function shift_next_controller() function shifts_json_export_all_controller() { $api_key = config('api_key'); + $request = request(); if (empty($api_key)) { engelsystem_error('Config contains empty apikey.'); } - if (!isset($_REQUEST['api_key'])) { + if (!$request->has('api_key')) { engelsystem_error('Missing parameter api_key.'); } - if ($_REQUEST['api_key'] != $api_key) { + if ($request->input('api_key') != $api_key) { engelsystem_error('Invalid api_key.'); } @@ -359,12 +368,13 @@ function shifts_json_export_all_controller() function shifts_json_export_controller() { global $user; + $request = request(); - if (!isset($_REQUEST['key']) || !preg_match('/^[\da-f]{32}$/', $_REQUEST['key'])) { + if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { engelsystem_error('Missing key.'); } - $key = $_REQUEST['key']; + $key = $request->input('key'); $user = User_by_api_key($key); if ($user == null) { diff --git a/includes/controller/shifttypes_controller.php b/includes/controller/shifttypes_controller.php index 9a470e29..acdeb982 100644 --- a/includes/controller/shifttypes_controller.php +++ b/includes/controller/shifttypes_controller.php @@ -16,17 +16,18 @@ function shifttype_link($shifttype) */ function shifttype_delete_controller() { - if (!isset($_REQUEST['shifttype_id'])) { + $request = request(); + if (!$request->has('shifttype_id')) { redirect(page_link_to('shifttypes')); } - $shifttype = ShiftType($_REQUEST['shifttype_id']); + $shifttype = ShiftType($request->input('shifttype_id')); if ($shifttype == null) { redirect(page_link_to('shifttypes')); } - if (isset($_REQUEST['confirmed'])) { + if ($request->has('confirmed')) { $result = ShiftType_delete($shifttype['id']); if (empty($result)) { engelsystem_error('Unable to delete shifttype.'); @@ -56,9 +57,10 @@ function shifttype_edit_controller() $description = ''; $angeltypes = AngelTypes(); + $request = request(); - if (isset($_REQUEST['shifttype_id'])) { - $shifttype = ShiftType($_REQUEST['shifttype_id']); + if ($request->has('shifttype_id')) { + $shifttype = ShiftType($request->input('shifttype_id')); if ($shifttype == null) { error(_('Shifttype not found.')); redirect(page_link_to('shifttypes')); @@ -69,23 +71,23 @@ function shifttype_edit_controller() $description = $shifttype['description']; } - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { $valid = true; - if (isset($_REQUEST['name']) && $_REQUEST['name'] != '') { + if ($request->has('name') && $request->input('name') != '') { $name = strip_request_item('name'); } else { $valid = false; error(_('Please enter a name.')); } - if (isset($_REQUEST['angeltype_id']) && preg_match('/^\d+$/', $_REQUEST['angeltype_id'])) { - $angeltype_id = $_REQUEST['angeltype_id']; + if ($request->has('angeltype_id') && preg_match('/^\d+$/', $request->input('angeltype_id'))) { + $angeltype_id = $request->input('angeltype_id'); } else { $angeltype_id = null; } - if (isset($_REQUEST['description'])) { + if ($request->has('description')) { $description = strip_request_item_nl('description'); } @@ -120,10 +122,11 @@ function shifttype_edit_controller() */ function shifttype_controller() { - if (!isset($_REQUEST['shifttype_id'])) { + $request = request(); + if (!$request->has('shifttype_id')) { redirect(page_link_to('shifttypes')); } - $shifttype = ShiftType($_REQUEST['shifttype_id']); + $shifttype = ShiftType($request->input('shifttype_id')); if ($shifttype == null) { redirect(page_link_to('shifttypes')); } @@ -174,11 +177,13 @@ function shifttypes_title() */ function shifttypes_controller() { - if (!isset($_REQUEST['action'])) { - $_REQUEST['action'] = 'list'; + $request = request(); + $action = 'list'; + if ($request->has('action')) { + $action = $request->input('action'); } - switch ($_REQUEST['action']) { + switch ($action) { case 'view': return shifttype_controller(); case 'edit': diff --git a/includes/controller/user_angeltypes_controller.php b/includes/controller/user_angeltypes_controller.php index f31aeecd..41185552 100644 --- a/includes/controller/user_angeltypes_controller.php +++ b/includes/controller/user_angeltypes_controller.php @@ -38,13 +38,14 @@ function user_angeltypes_unconfirmed_hint() function user_angeltypes_delete_all_controller() { global $user; + $request = request(); - if (!isset($_REQUEST['angeltype_id'])) { + if (!$request->has('angeltype_id')) { error(_('Angeltype doesn\'t exist.')); redirect(page_link_to('angeltypes')); } - $angeltype = AngelType($_REQUEST['angeltype_id']); + $angeltype = AngelType($request->input('angeltype_id')); if ($angeltype == null) { error(_('Angeltype doesn\'t exist.')); redirect(page_link_to('angeltypes')); @@ -55,7 +56,7 @@ function user_angeltypes_delete_all_controller() redirect(page_link_to('angeltypes')); } - if (isset($_REQUEST['confirmed'])) { + if ($request->has('confirmed')) { UserAngelTypes_delete_all($angeltype['id']); engelsystem_log(sprintf('Denied all users for angeltype %s', AngelType_name_render($angeltype))); @@ -77,13 +78,14 @@ function user_angeltypes_delete_all_controller() function user_angeltypes_confirm_all_controller() { global $user, $privileges; + $request = request(); - if (!isset($_REQUEST['angeltype_id'])) { + if (!$request->has('angeltype_id')) { error(_('Angeltype doesn\'t exist.')); redirect(page_link_to('angeltypes')); } - $angeltype = AngelType($_REQUEST['angeltype_id']); + $angeltype = AngelType($request->input('angeltype_id')); if ($angeltype == null) { error(_('Angeltype doesn\'t exist.')); redirect(page_link_to('angeltypes')); @@ -100,7 +102,7 @@ function user_angeltypes_confirm_all_controller() redirect(page_link_to('angeltypes')); } - if (isset($_REQUEST['confirmed'])) { + if ($request->has('confirmed')) { UserAngelTypes_confirm_all($angeltype['id'], $user); engelsystem_log(sprintf('Confirmed all users for angeltype %s', AngelType_name_render($angeltype))); @@ -122,13 +124,14 @@ function user_angeltypes_confirm_all_controller() function user_angeltype_confirm_controller() { global $user; + $request = request(); - if (!isset($_REQUEST['user_angeltype_id'])) { + if (!$request->has('user_angeltype_id')) { error(_('User angeltype doesn\'t exist.')); redirect(page_link_to('angeltypes')); } - $user_angeltype = UserAngelType($_REQUEST['user_angeltype_id']); + $user_angeltype = UserAngelType($request->input('user_angeltype_id')); if ($user_angeltype == null) { error(_('User angeltype doesn\'t exist.')); redirect(page_link_to('angeltypes')); @@ -151,7 +154,7 @@ function user_angeltype_confirm_controller() redirect(page_link_to('angeltypes')); } - if (isset($_REQUEST['confirmed'])) { + if ($request->has('confirmed')) { UserAngelType_confirm($user_angeltype['id'], $user); engelsystem_log(sprintf( @@ -181,13 +184,14 @@ function user_angeltype_confirm_controller() function user_angeltype_delete_controller() { global $user; + $request = request(); - if (!isset($_REQUEST['user_angeltype_id'])) { + if (!$request->has('user_angeltype_id')) { error(_('User angeltype doesn\'t exist.')); redirect(page_link_to('angeltypes')); } - $user_angeltype = UserAngelType($_REQUEST['user_angeltype_id']); + $user_angeltype = UserAngelType($request->input('user_angeltype_id')); if ($user_angeltype == null) { error(_('User angeltype doesn\'t exist.')); redirect(page_link_to('angeltypes')); @@ -210,7 +214,7 @@ function user_angeltype_delete_controller() redirect(page_link_to('angeltypes')); } - if (isset($_REQUEST['confirmed'])) { + if ($request->has('confirmed')) { $result = UserAngelType_delete($user_angeltype); if ($result === false) { engelsystem_error('Unable to delete user angeltype.'); @@ -238,25 +242,26 @@ function user_angeltype_update_controller() { global $privileges; $supporter = false; + $request = request(); if (!in_array('admin_angel_types', $privileges)) { error(_('You are not allowed to set supporter rights.')); redirect(page_link_to('angeltypes')); } - if (!isset($_REQUEST['user_angeltype_id'])) { + if (!$request->has('user_angeltype_id')) { error(_('User angeltype doesn\'t exist.')); redirect(page_link_to('angeltypes')); } - if (isset($_REQUEST['supporter']) && preg_match('/^[01]$/', $_REQUEST['supporter'])) { - $supporter = $_REQUEST['supporter'] == '1'; + if ($request->has('supporter') && preg_match('/^[01]$/', $request->input('supporter'))) { + $supporter = $request->input('supporter') == '1'; } else { error(_('No supporter update given.')); redirect(page_link_to('angeltypes')); } - $user_angeltype = UserAngelType($_REQUEST['user_angeltype_id']); + $user_angeltype = UserAngelType($request->input('user_angeltype_id')); if ($user_angeltype == null) { error(_('User angeltype doesn\'t exist.')); redirect(page_link_to('angeltypes')); @@ -274,7 +279,7 @@ function user_angeltype_update_controller() redirect(page_link_to('angeltypes')); } - if (isset($_REQUEST['confirmed'])) { + if ($request->has('confirmed')) { UserAngelType_update($user_angeltype['id'], $supporter); $success_message = sprintf( @@ -300,7 +305,6 @@ function user_angeltype_update_controller() function user_angeltype_add_controller() { global $user; - $angeltype = load_angeltype(); // User is joining by itself @@ -316,7 +320,7 @@ function user_angeltype_add_controller() // Load possible users, that are not in the angeltype already $users_source = Users_by_angeltype_inverted($angeltype); - if (isset($_REQUEST['submit'])) { + if (request()->has('submit')) { $user_source = load_user(); if (!UserAngelType_exists($user_source, $angeltype)) { @@ -366,7 +370,7 @@ function user_angeltype_join_controller($angeltype) redirect(page_link_to('angeltypes')); } - if (isset($_REQUEST['confirmed'])) { + if (request()->has('confirmed')) { $user_angeltype_id = UserAngelType_create($user, $angeltype); $success_message = sprintf(_('You joined %s.'), $angeltype['name']); @@ -398,11 +402,12 @@ function user_angeltype_join_controller($angeltype) */ function user_angeltypes_controller() { - if (!isset($_REQUEST['action'])) { + $request = request(); + if (!$request->has('action')) { redirect(page_link_to('angeltypes')); } - switch ($_REQUEST['action']) { + switch ($request->input('action')) { case 'delete_all': return user_angeltypes_delete_all_controller(); case 'confirm_all': diff --git a/includes/controller/user_driver_licenses_controller.php b/includes/controller/user_driver_licenses_controller.php index 3098c8ce..fef278dd 100644 --- a/includes/controller/user_driver_licenses_controller.php +++ b/includes/controller/user_driver_licenses_controller.php @@ -74,11 +74,11 @@ function user_driver_license_edit_link($user = null) function user_driver_license_load_user() { global $user; - + $request = request(); $user_source = $user; - if (isset($_REQUEST['user_id'])) { - $user_source = User($_REQUEST['user_id']); + if ($request->has('user_id')) { + $user_source = User($request->input('user_id')); if ($user_source == null) { redirect(user_driver_license_edit_link()); } @@ -95,7 +95,7 @@ function user_driver_license_load_user() function user_driver_license_edit_controller() { global $privileges, $user; - + $request = request(); $user_source = user_driver_license_load_user(); // only privilege admin_user can edit other users driver license information @@ -111,15 +111,15 @@ function user_driver_license_edit_controller() $wants_to_drive = true; } - if (isset($_REQUEST['submit'])) { - $wants_to_drive = isset($_REQUEST['wants_to_drive']); + if ($request->has('submit')) { + $wants_to_drive = $request->has('wants_to_drive'); if ($wants_to_drive) { - $user_driver_license['has_car'] = isset($_REQUEST['has_car']); - $user_driver_license['has_license_car'] = isset($_REQUEST['has_license_car']); - $user_driver_license['has_license_3_5t_transporter'] = isset($_REQUEST['has_license_3_5t_transporter']); - $user_driver_license['has_license_7_5t_truck'] = isset($_REQUEST['has_license_7_5t_truck']); - $user_driver_license['has_license_12_5t_truck'] = isset($_REQUEST['has_license_12_5t_truck']); - $user_driver_license['has_license_forklift'] = isset($_REQUEST['has_license_forklift']); + $user_driver_license['has_car'] = $request->has('has_car'); + $user_driver_license['has_license_car'] = $request->has('has_license_car'); + $user_driver_license['has_license_3_5t_transporter'] = $request->has('has_license_3_5t_transporter'); + $user_driver_license['has_license_7_5t_truck'] = $request->has('has_license_7_5t_truck'); + $user_driver_license['has_license_12_5t_truck'] = $request->has('has_license_12_5t_truck'); + $user_driver_license['has_license_forklift'] = $request->has('has_license_forklift'); if (UserDriverLicense_valid($user_driver_license)) { if ($user_driver_license['user_id'] == null) { diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 84b6bbda..96e2c81b 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -12,16 +12,18 @@ use Engelsystem\ShiftsFilter; function users_controller() { global $user; + $request = request(); if (!isset($user)) { redirect(page_link_to('')); } - if (!isset($_REQUEST['action'])) { - $_REQUEST['action'] = 'list'; + $action = 'list'; + if ($request->has('action')) { + $action = $request->input('action'); } - switch ($_REQUEST['action']) { + switch ($action) { case 'view': return user_controller(); case 'delete': @@ -42,9 +44,10 @@ function users_controller() function user_delete_controller() { global $privileges, $user; + $request = request(); - if (isset($_REQUEST['user_id'])) { - $user_source = User($_REQUEST['user_id']); + if ($request->has('user_id')) { + $user_source = User($request->get('user_id')); } else { $user_source = $user; } @@ -59,11 +62,14 @@ function user_delete_controller() redirect(user_link($user)); } - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { $valid = true; - if (!(isset($_REQUEST['password']) && verify_password($_REQUEST['password'], $user['Passwort'], - $user['UID'])) + if ( + !( + $request->has('password') + && verify_password($request->input('password'), $user['Passwort'], $user['UID']) + ) ) { $valid = false; error(_('Your password is incorrect. Please try it again.')); @@ -130,9 +136,10 @@ function user_link($user) function user_edit_vouchers_controller() { global $privileges, $user; + $request = request(); - if (isset($_REQUEST['user_id'])) { - $user_source = User($_REQUEST['user_id']); + if ($request->has('user_id')) { + $user_source = User($request->input('user_id')); } else { $user_source = $user; } @@ -141,12 +148,16 @@ function user_edit_vouchers_controller() redirect(page_link_to('')); } - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { $valid = true; $vouchers = ''; - if (isset($_REQUEST['vouchers']) && test_request_int('vouchers') && trim($_REQUEST['vouchers']) >= 0) { - $vouchers = trim($_REQUEST['vouchers']); + if ( + $request->has('vouchers') + && test_request_int('vouchers') + && trim($request->input('vouchers')) >= 0 + ) { + $vouchers = trim($request->input('vouchers')); } else { $valid = false; error(_('Please enter a valid number of vouchers.')); @@ -180,10 +191,11 @@ function user_edit_vouchers_controller() function user_controller() { global $privileges, $user; + $request = request(); $user_source = $user; - if (isset($_REQUEST['user_id'])) { - $user_source = User($_REQUEST['user_id']); + if ($request->has('user_id')) { + $user_source = User($request->input('user_id')); if ($user_source == null) { error(_('User not found.')); redirect('?'); @@ -241,14 +253,15 @@ function user_controller() function users_list_controller() { global $privileges; + $request = request(); if (!in_array('admin_user', $privileges)) { redirect(page_link_to('')); } $order_by = 'Nick'; - if (isset($_REQUEST['OrderBy']) && in_array($_REQUEST['OrderBy'], User_sortable_columns())) { - $order_by = $_REQUEST['OrderBy']; + if ($request->has('OrderBy') && in_array($request->input('OrderBy'), User_sortable_columns())) { + $order_by = $request->input('OrderBy'); } $users = Users($order_by); @@ -282,20 +295,21 @@ function users_list_controller() */ function user_password_recovery_set_new_controller() { - $user_source = User_by_password_recovery_token($_REQUEST['token']); + $request = request(); + $user_source = User_by_password_recovery_token($request->input('token')); if ($user_source == null) { error(_('Token is not correct.')); redirect(page_link_to('login')); } - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { $valid = true; if ( - isset($_REQUEST['password']) - && strlen($_REQUEST['password']) >= config('min_password_length') + $request->has('password') + && strlen($request->post('password')) >= config('min_password_length') ) { - if ($_REQUEST['password'] != $_REQUEST['password2']) { + if ($request->post('password') != $request->post('password2')) { $valid = false; error(_('Your passwords don\'t match.')); } @@ -305,7 +319,7 @@ function user_password_recovery_set_new_controller() } if ($valid) { - set_password($user_source['UID'], $_REQUEST['password']); + set_password($user_source['UID'], $request->post('password')); success(_('Password saved.')); redirect(page_link_to('login')); } @@ -321,10 +335,11 @@ function user_password_recovery_set_new_controller() */ function user_password_recovery_start_controller() { - if (isset($_REQUEST['submit'])) { + $request = request(); + if ($request->has('submit')) { $valid = true; - if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) { + if ($request->has('email') && strlen(strip_request_item('email')) > 0) { $email = strip_request_item('email'); if (check_email($email)) { $user_source = User_by_email($email); @@ -367,7 +382,7 @@ function user_password_recovery_start_controller() */ function user_password_recovery_controller() { - if (isset($_REQUEST['token'])) { + if (request()->has('token')) { return user_password_recovery_set_new_controller(); } @@ -391,11 +406,12 @@ function user_password_recovery_title() */ function load_user() { - if (!isset($_REQUEST['user_id'])) { + $request = request(); + if (!$request->has('user_id')) { redirect(page_link_to()); } - $user = User($_REQUEST['user_id']); + $user = User($request->input('user_id')); if ($user == null) { error(_('User doesn\'t exist.')); diff --git a/includes/engelsystem_provider.php b/includes/engelsystem_provider.php index a818e4cd..edfae705 100644 --- a/includes/engelsystem_provider.php +++ b/includes/engelsystem_provider.php @@ -3,6 +3,7 @@ use Engelsystem\Config\Config; use Engelsystem\Database\Db; use Engelsystem\Exceptions\Handler as ExceptionHandler; +use Engelsystem\Http\Request; /** * This file includes all needed functions, connects to the db etc. @@ -31,6 +32,13 @@ if (file_exists(__DIR__ . '/../config/config.php')) { date_default_timezone_set($config->get('timezone')); +/** + * Initialize Request + */ +$request = new Request(); +$request->create(); +$request::setInstance($request); + /** * Check for maintenance */ diff --git a/includes/helper/internationalization_helper.php b/includes/helper/internationalization_helper.php index ed16de15..d2dbcdbd 100644 --- a/includes/helper/internationalization_helper.php +++ b/includes/helper/internationalization_helper.php @@ -26,12 +26,12 @@ function locale_short() function gettext_init() { $locales = config('locales'); - $default_locale = config('default_locale'); + $request = request(); - if (isset($_REQUEST['set_locale']) && isset($locales[$_REQUEST['set_locale']])) { - $_SESSION['locale'] = $_REQUEST['set_locale']; + if ($request->has('set_locale') && isset($locales[$request->input('set_locale')])) { + $_SESSION['locale'] = $request->input('set_locale'); } elseif (!isset($_SESSION['locale'])) { - $_SESSION['locale'] = $default_locale; + $_SESSION['locale'] = config('default_locale'); } gettext_locale(); diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php index d21afabe..2e06f90d 100644 --- a/includes/pages/admin_active.php +++ b/includes/pages/admin_active.php @@ -17,6 +17,7 @@ function admin_active() { $tshirt_sizes = config('tshirt_sizes'); $shift_sum_formula = config('shift_sum_formula'); + $request = request(); $msg = ''; $search = ''; @@ -25,16 +26,16 @@ function admin_active() $limit = ''; $set_active = ''; - if (isset($_REQUEST['search'])) { + if ($request->has('search')) { $search = strip_request_item('search'); } - $show_all_shifts = isset($_REQUEST['show_all_shifts']); + $show_all_shifts = $request->has('show_all_shifts'); - if (isset($_REQUEST['set_active'])) { + if ($request->has('set_active')) { $valid = true; - if (isset($_REQUEST['count']) && preg_match('/^\d+$/', $_REQUEST['count'])) { + if ($request->has('count') && preg_match('/^\d+$/', $request->input('count'))) { $count = strip_request_item('count'); if ($count < $forced_count) { error(sprintf( @@ -51,7 +52,7 @@ function admin_active() if ($valid) { $limit = ' LIMIT ' . $count; } - if (isset($_REQUEST['ack'])) { + if ($request->has('ack')) { DB::update('UPDATE `User` SET `Aktiv` = 0 WHERE `Tshirt` = 0'); $users = DB::select(sprintf(' SELECT @@ -89,8 +90,8 @@ function admin_active() } } - if (isset($_REQUEST['active']) && preg_match('/^\d+$/', $_REQUEST['active'])) { - $user_id = $_REQUEST['active']; + if ($request->has('active') && preg_match('/^\d+$/', $request->input('active'))) { + $user_id = $request->input('active'); $user_source = User($user_id); if ($user_source != null) { DB::update('UPDATE `User` SET `Aktiv`=1 WHERE `UID`=? LIMIT 1', [$user_id]); @@ -99,8 +100,8 @@ function admin_active() } else { $msg = error(_('Angel not found.'), true); } - } elseif (isset($_REQUEST['not_active']) && preg_match('/^\d+$/', $_REQUEST['not_active'])) { - $user_id = $_REQUEST['not_active']; + } elseif ($request->has('not_active') && preg_match('/^\d+$/', $request->input('not_active'))) { + $user_id = $request->input('not_active'); $user_source = User($user_id); if ($user_source != null) { DB::update('UPDATE `User` SET `Aktiv`=0 WHERE `UID`=? LIMIT 1', [$user_id]); @@ -109,8 +110,8 @@ function admin_active() } else { $msg = error(_('Angel not found.'), true); } - } elseif (isset($_REQUEST['tshirt']) && preg_match('/^\d+$/', $_REQUEST['tshirt'])) { - $user_id = $_REQUEST['tshirt']; + } elseif ($request->has('tshirt') && preg_match('/^\d+$/', $request->input('tshirt'))) { + $user_id = $request->input('tshirt'); $user_source = User($user_id); if ($user_source != null) { DB::update('UPDATE `User` SET `Tshirt`=1 WHERE `UID`=? LIMIT 1', [$user_id]); @@ -119,8 +120,8 @@ function admin_active() } else { $msg = error('Angel not found.', true); } - } elseif (isset($_REQUEST['not_tshirt']) && preg_match('/^\d+$/', $_REQUEST['not_tshirt'])) { - $user_id = $_REQUEST['not_tshirt']; + } elseif ($request->has('not_tshirt') && preg_match('/^\d+$/', $request->input('not_tshirt'))) { + $user_id = $request->input('not_tshirt'); $user_source = User($user_id); if ($user_source != null) { DB::update('UPDATE `User` SET `Tshirt`=0 WHERE `UID`=? LIMIT 1', [$user_id]); diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php index 77155dae..ebeccb8c 100644 --- a/includes/pages/admin_arrive.php +++ b/includes/pages/admin_arrive.php @@ -17,12 +17,14 @@ function admin_arrive() { $msg = ''; $search = ''; - if (isset($_REQUEST['search'])) { + $request = request(); + + if ($request->has('search')) { $search = strip_request_item('search'); } - if (isset($_REQUEST['reset']) && preg_match('/^\d*$/', $_REQUEST['reset'])) { - $user_id = $_REQUEST['reset']; + if ($request->has('reset') && preg_match('/^\d*$/', $request->input('reset'))) { + $user_id = $request->input('reset'); $user_source = User($user_id); if ($user_source != null) { DB::update(' @@ -37,8 +39,8 @@ function admin_arrive() } else { $msg = error(_('Angel not found.'), true); } - } elseif (isset($_REQUEST['arrived']) && preg_match('/^\d*$/', $_REQUEST['arrived'])) { - $user_id = $_REQUEST['arrived']; + } elseif ($request->has('arrived') && preg_match('/^\d*$/', $request->input('arrived'))) { + $user_id = $request->input('arrived'); $user_source = User($user_id); if ($user_source != null) { DB::update(' diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php index daaead22..ebf227a4 100644 --- a/includes/pages/admin_free.php +++ b/includes/pages/admin_free.php @@ -16,20 +16,20 @@ function admin_free_title() function admin_free() { global $privileges; + $request = request(); $search = ''; - if (isset($_REQUEST['search'])) { + if ($request->has('search')) { $search = strip_request_item('search'); } $angelTypeSearch = ''; - if (empty($_REQUEST['angeltype'])) { - $_REQUEST['angeltype'] = ''; - } else { + $angelType = $request->input('angeltype', ''); + if (!empty($angelType)) { $angelTypeSearch = ' INNER JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id` = ' - . DB::getPdo()->quote($_REQUEST['angeltype']) + . DB::getPdo()->quote($angelType) . ' AND `UserAngelTypes`.`user_id` = `User`.`UID`'; - if (isset($_REQUEST['confirmed_only'])) { + if ($request->has('confirmed_only')) { $angelTypeSearch .= ' AND `UserAngelTypes`.`confirm_user_id`'; } $angelTypeSearch .= ') '; @@ -105,10 +105,10 @@ function admin_free() form_text('search', _('Search'), $search) ]), div('col-md-4', [ - form_select('angeltype', _('Angeltype'), $angel_types, $_REQUEST['angeltype']) + form_select('angeltype', _('Angeltype'), $angel_types, $angelType) ]), div('col-md-2', [ - form_checkbox('confirmed_only', _('Only confirmed'), isset($_REQUEST['confirmed_only'])) + form_checkbox('confirmed_only', _('Only confirmed'), $request->has('confirmed_only')) ]), div('col-md-2', [ form_submit('submit', _('Search')) diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index 4011ccf1..c483a79d 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -16,8 +16,10 @@ function admin_groups_title() function admin_groups() { $html = ''; + $request = request(); $groups = DB::select('SELECT * FROM `Groups` ORDER BY `Name`'); - if (!isset($_REQUEST['action'])) { + + if (!$request->has('action')) { $groups_table = []; foreach ($groups as $group) { $privileges = DB::select(' @@ -51,10 +53,10 @@ function admin_groups() ], $groups_table) ]); } else { - switch ($_REQUEST['action']) { + switch ($request->input('action')) { case 'edit': - if (isset($_REQUEST['id']) && preg_match('/^-\d{1,11}$/', $_REQUEST['id'])) { - $group_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^-\d{1,11}$/', $request->input('id'))) { + $group_id = $request->input('id'); } else { return error('Incomplete call, missing Groups ID.', true); } @@ -99,21 +101,22 @@ function admin_groups() break; case 'save': - if (isset($_REQUEST['id']) && preg_match('/^-\d{1,11}$/', $_REQUEST['id'])) { - $group_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^-\d{1,11}$/', $request->input('id'))) { + $group_id = $request->input('id'); } else { return error('Incomplete call, missing Groups ID.', true); } $group = DB::select('SELECT * FROM `Groups` WHERE `UID`=? LIMIT 1', [$group_id]); - if (!is_array($_REQUEST['privileges'])) { - $_REQUEST['privileges'] = []; + $privileges = $request->get('privileges'); + if (!is_array($privileges)) { + $privileges = []; } if (!empty($group)) { $group = array_shift($group); DB::delete('DELETE FROM `GroupPrivileges` WHERE `group_id`=?', [$group_id]); $privilege_names = []; - foreach ($_REQUEST['privileges'] as $privilege) { + foreach ($privileges as $privilege) { if (preg_match('/^\d{1,}$/', $privilege)) { $group_privileges_source = DB::select( 'SELECT `name` FROM `Privileges` WHERE `id`=? LIMIT 1', diff --git a/includes/pages/admin_import.php b/includes/pages/admin_import.php index 7a246b4b..3cbed9f9 100644 --- a/includes/pages/admin_import.php +++ b/includes/pages/admin_import.php @@ -15,21 +15,21 @@ function admin_import_title() */ function admin_import() { - global $rooms_import; - global $user; + global $rooms_import, $user; $html = ''; $import_dir = __DIR__ . '/../../import'; + $request = request(); $step = 'input'; if ( - isset($_REQUEST['step']) - && in_array($step, [ + $request->has('step') + && in_array($request->input('step'), [ 'input', 'check', 'import' ]) ) { - $step = $_REQUEST['step']; + $step = $request->input('step'); } if ($test_handle = @fopen($import_dir . '/tmp', 'w')) { @@ -57,25 +57,25 @@ function admin_import() case 'input': $valid = false; - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { $valid = true; - if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) { - $shifttype_id = $_REQUEST['shifttype_id']; + if ($request->has('shifttype_id') && isset($shifttypes[$request->input('shifttype_id')])) { + $shifttype_id = $request->input('shifttype_id'); } else { $valid = false; error(_('Please select a shift type.')); } - if (isset($_REQUEST['add_minutes_start']) && is_numeric(trim($_REQUEST['add_minutes_start']))) { - $add_minutes_start = trim($_REQUEST['add_minutes_start']); + if ($request->has('add_minutes_start') && is_numeric(trim($request->input('add_minutes_start')))) { + $add_minutes_start = trim($request->input('add_minutes_start')); } else { $valid = false; error(_('Please enter an amount of minutes to add to a talk\'s begin.')); } - if (isset($_REQUEST['add_minutes_end']) && is_numeric(trim($_REQUEST['add_minutes_end']))) { - $add_minutes_end = trim($_REQUEST['add_minutes_end']); + if ($request->has('add_minutes_end') && is_numeric(trim($request->input('add_minutes_end')))) { + $add_minutes_end = trim($request->input('add_minutes_end')); } else { $valid = false; error(_('Please enter an amount of minutes to add to a talk\'s end.')); @@ -133,22 +133,22 @@ function admin_import() redirect(page_link_to('admin_import')); } - if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) { - $shifttype_id = $_REQUEST['shifttype_id']; + if ($request->has('shifttype_id') && isset($shifttypes[$request->input('shifttype_id')])) { + $shifttype_id = $request->input('shifttype_id'); } else { error(_('Please select a shift type.')); redirect(page_link_to('admin_import')); } - if (isset($_REQUEST['add_minutes_start']) && is_numeric(trim($_REQUEST['add_minutes_start']))) { - $add_minutes_start = trim($_REQUEST['add_minutes_start']); + if ($request->has('add_minutes_start') && is_numeric(trim($request->input('add_minutes_start')))) { + $add_minutes_start = trim($request->input('add_minutes_start')); } else { error(_('Please enter an amount of minutes to add to a talk\'s begin.')); redirect(page_link_to('admin_import')); } - if (isset($_REQUEST['add_minutes_end']) && is_numeric(trim($_REQUEST['add_minutes_end']))) { - $add_minutes_end = trim($_REQUEST['add_minutes_end']); + if ($request->has('add_minutes_end') && is_numeric(trim($request->input(('add_minutes_end'))))) { + $add_minutes_end = trim($request->input('add_minutes_end')); } else { error(_('Please enter an amount of minutes to add to a talk\'s end.')); redirect(page_link_to('admin_import')); @@ -227,22 +227,22 @@ function admin_import() redirect(page_link_to('admin_import')); } - if (isset($_REQUEST['shifttype_id']) && isset($shifttypes[$_REQUEST['shifttype_id']])) { - $shifttype_id = $_REQUEST['shifttype_id']; + if ($request->has('shifttype_id') && isset($shifttypes[$request->input('shifttype_id')])) { + $shifttype_id = $request->input('shifttype_id'); } else { error(_('Please select a shift type.')); redirect(page_link_to('admin_import')); } - if (isset($_REQUEST['add_minutes_start']) && is_numeric(trim($_REQUEST['add_minutes_start']))) { - $add_minutes_start = trim($_REQUEST['add_minutes_start']); + if ($request->has('add_minutes_start') && is_numeric(trim($request->input('add_minutes_start')))) { + $add_minutes_start = trim($request->input('add_minutes_start')); } else { error(_('Please enter an amount of minutes to add to a talk\'s begin.')); redirect(page_link_to('admin_import')); } - if (isset($_REQUEST['add_minutes_end']) && is_numeric(trim($_REQUEST['add_minutes_end']))) { - $add_minutes_end = trim($_REQUEST['add_minutes_end']); + if ($request->has('add_minutes_end') && is_numeric(trim($request->input('add_minutes_end')))) { + $add_minutes_end = trim($request->input('add_minutes_end')); } else { error(_('Please enter an amount of minutes to add to a talk\'s end.')); redirect(page_link_to('admin_import')); diff --git a/includes/pages/admin_log.php b/includes/pages/admin_log.php index 9e5e5827..03c9abb0 100644 --- a/includes/pages/admin_log.php +++ b/includes/pages/admin_log.php @@ -14,7 +14,7 @@ function admin_log_title() function admin_log() { $filter = ''; - if (isset($_REQUEST['keyword'])) { + if (request()->has('keyword')) { $filter = strip_request_item('keyword'); } $log_entries_source = LogEntries_filter($filter); diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index bc242831..7f8ca1ba 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -8,14 +8,15 @@ use Engelsystem\Database\DB; function admin_news() { global $user; + $request = request(); - if (!isset($_GET['action'])) { + if (!$request->has('action')) { redirect(page_link_to('news')); } $html = '

' . _('Edit news entry') . '

' . msg(); - if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { - $news_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $news_id = $request->input('id'); } else { return error('Incomplete call, missing News ID.', true); } @@ -25,7 +26,7 @@ function admin_news() return error('No News found.', true); } - switch ($_REQUEST['action']) { + switch ($request->input('action')) { case 'edit': $news = array_shift($news); $user_source = User($news['UID']); @@ -56,14 +57,14 @@ function admin_news() ', [ time(), - $_POST["eBetreff"], - $_POST["eText"], + $request->post('eBetreff'), + $request->post('eText'), $user['UID'], - isset($_POST["eTreffen"]) ? 1 : 0, + $request->has('eTreffen') ? 1 : 0, $news_id ] ); - engelsystem_log('News updated: ' . $_POST['eBetreff']); + engelsystem_log('News updated: ' . $request->post('eBetreff')); success(_('News entry updated.')); redirect(page_link_to('news')); break; diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index 098701e3..d05bace6 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -38,8 +38,9 @@ function admin_new_questions() function admin_questions() { global $user; + $request = request(); - if (!isset($_REQUEST['action'])) { + if (!$request->has('action')) { $unanswered_questions_table = []; $questions = DB::select('SELECT * FROM `Questions` WHERE `AID` IS NULL'); foreach ($questions as $question) { @@ -96,10 +97,10 @@ function admin_questions() ], $answered_questions_table) ]); } else { - switch ($_REQUEST['action']) { + switch ($request->input('action')) { case 'answer': - if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { - $question_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $question_id = $request->input('id'); } else { return error('Incomplete call, missing Question ID.', true); } @@ -112,7 +113,7 @@ function admin_questions() $answer = trim( preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', - strip_tags($_REQUEST['answer']) + strip_tags($request->input('answer')) )); if ($answer != '') { @@ -138,8 +139,8 @@ function admin_questions() } break; case 'delete': - if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { - $question_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $question_id = $request->input('id'); } else { return error('Incomplete call, missing Question ID.', true); } diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php index d483f99e..3045242b 100644 --- a/includes/pages/admin_rooms.php +++ b/includes/pages/admin_rooms.php @@ -17,6 +17,8 @@ function admin_rooms() { $rooms_source = DB::select('SELECT * FROM `Room` ORDER BY `Name`'); $rooms = []; + $request = request(); + foreach ($rooms_source as $room) { $rooms[] = [ 'name' => Room_name_render($room), @@ -30,7 +32,7 @@ function admin_rooms() } $room = null; - if (isset($_REQUEST['show'])) { + if ($request->has('show')) { $msg = ''; $name = ''; $from_pentabarf = ''; @@ -47,7 +49,7 @@ function admin_rooms() } if (test_request_int('id')) { - $room = Room($_REQUEST['id'], false); + $room = Room($request->input('id'), false); if ($room === false) { engelsystem_error('Unable to load room.'); } @@ -55,7 +57,7 @@ function admin_rooms() redirect(page_link_to('admin_rooms')); } - $room_id = $_REQUEST['id']; + $room_id = $request->input('id'); $name = $room['Name']; $from_pentabarf = $room['FromPentabarf']; $public = $room['show']; @@ -70,11 +72,11 @@ function admin_rooms() } } - if ($_REQUEST['show'] == 'edit') { - if (isset($_REQUEST['submit'])) { + if ($request->input('show') == 'edit') { + if ($request->has('submit')) { $valid = true; - if (isset($_REQUEST['name']) && strlen(strip_request_item('name')) > 0) { + if ($request->has('name') && strlen(strip_request_item('name')) > 0) { $name = strip_request_item('name'); if ( isset($room) @@ -91,19 +93,17 @@ function admin_rooms() $msg .= error(_('Please enter a name.'), true); } - if (isset($_REQUEST['from_pentabarf'])) { + $from_pentabarf = ''; + if ($request->has('from_pentabarf')) { $from_pentabarf = 'Y'; - } else { - $from_pentabarf = ''; } - if (isset($_REQUEST['public'])) { + $public = ''; + if ($request->has('public')) { $public = 'Y'; - } else { - $public = ''; } - if (isset($_REQUEST['number'])) { + if ($request->has('number')) { $number = strip_request_item('number'); } else { $valid = false; @@ -111,10 +111,10 @@ function admin_rooms() foreach ($angeltypes as $angeltype_id => $angeltype) { if ( - isset($_REQUEST['angeltype_count_' . $angeltype_id]) - && preg_match('/^\d{1,4}$/', $_REQUEST['angeltype_count_' . $angeltype_id]) + $request->has('angeltype_count_' . $angeltype_id) + && preg_match('/^\d{1,4}$/', $request->input('angeltype_count_' . $angeltype_id)) ) { - $angeltypes_count[$angeltype_id] = $_REQUEST['angeltype_count_' . $angeltype_id]; + $angeltypes_count[$angeltype_id] = $request->input('angeltype_count_' . $angeltype_id); } else { $valid = false; $msg .= error(sprintf(_('Please enter needed angels for type %s.'), $angeltype), true); @@ -209,8 +209,8 @@ function admin_rooms() form_submit('submit', _('Save')) ]) ]); - } elseif ($_REQUEST['show'] == 'delete') { - if (isset($_REQUEST['ack'])) { + } elseif ($request->input('show') == 'delete') { + if ($request->has('ack')) { if (!Room_delete($room_id)) { engelsystem_error('Unable to delete room.'); } diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index 06071233..5b53f9cd 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -18,7 +18,7 @@ function admin_shifts_title() function admin_shifts() { $valid = true; - + $request = request(); $start = parse_date('Y-m-d H:i', date('Y-m-d') . ' 00:00'); $end = $start; $mode = 'single'; @@ -52,14 +52,14 @@ function admin_shifts() $shifttypes[$shifttype['id']] = $shifttype['name']; } - if (isset($_REQUEST['preview']) || isset($_REQUEST['back'])) { - if (isset($_REQUEST['shifttype_id'])) { - $shifttype = ShiftType($_REQUEST['shifttype_id']); + if ($request->has('preview') || $request->has('back')) { + if ($request->has('shifttype_id')) { + $shifttype = ShiftType($request->input('shifttype_id')); if ($shifttype == null) { $valid = false; error(_('Please select a shift type.')); } else { - $shifttype_id = $_REQUEST['shifttype_id']; + $shifttype_id = $request->input('shifttype_id'); } } else { $valid = false; @@ -71,25 +71,25 @@ function admin_shifts() // Auswahl der sichtbaren Locations für die Schichten if ( - isset($_REQUEST['rid']) - && preg_match('/^\d+$/', $_REQUEST['rid']) - && isset($room_array[$_REQUEST['rid']]) + $request->has('rid') + && preg_match('/^\d+$/', $request->input('rid')) + && isset($room_array[$request->input('rid')]) ) { - $rid = $_REQUEST['rid']; + $rid = $request->input('rid'); } else { $valid = false; $rid = $rooms[0]['RID']; error(_('Please select a location.')); } - if (isset($_REQUEST['start']) && $tmp = parse_date('Y-m-d H:i', $_REQUEST['start'])) { + if ($request->has('start') && $tmp = parse_date('Y-m-d H:i', $request->input('start'))) { $start = $tmp; } else { $valid = false; error(_('Please select a start time.')); } - if (isset($_REQUEST['end']) && $tmp = parse_date('Y-m-d H:i', $_REQUEST['end'])) { + if ($request->has('end') && $tmp = parse_date('Y-m-d H:i', $request->input('end'))) { $end = $tmp; } else { $valid = false; @@ -101,24 +101,24 @@ function admin_shifts() error(_('The shifts end has to be after its start.')); } - if (isset($_REQUEST['mode'])) { - if ($_REQUEST['mode'] == 'single') { + if ($request->has('mode')) { + if ($request->input('mode') == 'single') { $mode = 'single'; - } elseif ($_REQUEST['mode'] == 'multi') { - if (isset($_REQUEST['length']) && preg_match('/^\d+$/', trim($_REQUEST['length']))) { + } elseif ($request->input('mode') == 'multi') { + if ($request->has('length') && preg_match('/^\d+$/', trim($request->input('length')))) { $mode = 'multi'; - $length = trim($_REQUEST['length']); + $length = trim($request->input('length')); } else { $valid = false; error(_('Please enter a shift duration in minutes.')); } - } elseif ($_REQUEST['mode'] == 'variable') { + } elseif ($request->input('mode') == 'variable') { if ( - isset($_REQUEST['change_hours']) - && preg_match('/^(\d{2}(,|$))/', trim(str_replace(' ', '', $_REQUEST['change_hours']))) + $request->has('change_hours') + && preg_match('/^(\d{2}(,|$))/', trim(str_replace(' ', '', $request->input('change_hours')))) ) { $mode = 'variable'; - $change_hours = array_map('trim', explode(',', $_REQUEST['change_hours'])); + $change_hours = array_map('trim', explode(',', $request->input('change_hours'))); } else { $valid = false; error(_('Please split the shift-change hours by colons.')); @@ -129,17 +129,17 @@ function admin_shifts() error(_('Please select a mode.')); } - if (isset($_REQUEST['angelmode'])) { - if ($_REQUEST['angelmode'] == 'location') { + if ($request->has('angelmode')) { + if ($request->input('angelmode') == 'location') { $angelmode = 'location'; - } elseif ($_REQUEST['angelmode'] == 'manually') { + } elseif ($request->input('angelmode') == 'manually') { $angelmode = 'manually'; foreach ($types as $type) { if ( - isset($_REQUEST['type_' . $type['id']]) - && preg_match('/^\d+$/', trim($_REQUEST['type_' . $type['id']])) + $request->has('type_' . $type['id']) + && preg_match('/^\d+$/', trim($request->input('type_' . $type['id']))) ) { - $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]); + $needed_angel_types[$type['id']] = trim($request->input('type_' . $type['id'])); } else { $valid = false; error(sprintf(_('Please check the needed angels for team %s.'), $type['name'])); @@ -159,7 +159,7 @@ function admin_shifts() } // Beim Zurück-Knopf das Formular zeigen - if (isset($_REQUEST['back'])) { + if ($request->has('back')) { $valid = false; } @@ -304,9 +304,9 @@ function admin_shifts() ]) ]); } - } elseif (isset($_REQUEST['submit'])) { + } elseif ($request->has('submit')) { if ( - !isset($_SESSION['admin_shifts_shifts']) + !$request->has('admin_shifts_shifts') || !isset($_SESSION['admin_shifts_types']) || !is_array($_SESSION['admin_shifts_shifts']) || !is_array($_SESSION['admin_shifts_types']) @@ -360,8 +360,9 @@ function admin_shifts() unset($_SESSION['admin_shifts_types']); } - if (!isset($_REQUEST['rid'])) { - $_REQUEST['rid'] = null; + $rid = null; + if ($request->has('rid')) { + $rid = $request->input('rid'); } $angel_types = ''; foreach ($types as $type) { @@ -378,7 +379,7 @@ function admin_shifts() form([ form_select('shifttype_id', _('Shifttype'), $shifttypes, $shifttype_id), form_text('title', _('Title'), $title), - form_select('rid', _('Room'), $room_array, $_REQUEST['rid']), + form_select('rid', _('Room'), $room_array, $rid), div('row', [ div('col-md-6', [ form_text('start', _('Start'), date('Y-m-d H:i', $start)), @@ -386,7 +387,7 @@ function admin_shifts() form_info(_('Mode'), ''), form_radio('mode', _('Create one shift'), $mode == 'single', 'single'), form_radio('mode', _('Create multiple shifts'), $mode == 'multi', 'multi'), - form_text('length', _('Length'), !empty($_REQUEST['length']) ? $_REQUEST['length'] : '120'), + form_text('length', _('Length'), $request->has('length') ? $request->input('length') : '120'), form_radio( 'mode', _('Create multiple shifts with variable length'), @@ -396,7 +397,7 @@ function admin_shifts() form_text( 'change_hours', _('Shift change hours'), - !empty($_REQUEST['change_hours']) ? $_REQUEST['change_hours'] : '00, 04, 08, 10, 12, 14, 16, 18, 20, 22' + $request->has('change_hours') ? $request->input('input') : '00, 04, 08, 10, 12, 14, 16, 18, 20, 22' ) ]), div('col-md-6', [ diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 8f833087..510e2292 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -17,6 +17,7 @@ function admin_user() { global $user, $privileges; $tshirt_sizes = config('tshirt_sizes'); + $request = request(); foreach ($tshirt_sizes as $key => $size) { if (empty($size)) { @@ -26,12 +27,12 @@ function admin_user() $html = ''; - if (!isset($_REQUEST['id'])) { + if (!$request->has('id')) { redirect(users_link()); } - $user_id = $_REQUEST['id']; - if (!isset($_REQUEST['action'])) { + $user_id = $request->input('id'); + if (!$request->has('action')) { $user_source = User($user_id); if ($user_source == null) { error(_('This user does not exist.')); @@ -171,7 +172,7 @@ function admin_user() $html .= "
"; } else { - switch ($_REQUEST['action']) { + switch ($request->input('action')) { case 'save_groups': if ($user_id != $user['UID']) { $my_highest_group = DB::select( @@ -212,13 +213,14 @@ function admin_user() $grouplist[] = $group['UID']; } - if (!is_array($_REQUEST['groups'])) { - $_REQUEST['groups'] = []; + $groupsRequest = $request->input('groups'); + if (!is_array($groupsRequest)) { + $groupsRequest = []; } DB::delete('DELETE FROM `UserGroups` WHERE `uid`=?', [$user_id]); $user_groups_info = []; - foreach ($_REQUEST['groups'] as $group) { + foreach ($groupsRequest as $group) { if (in_array($group, $grouplist)) { DB::insert( 'INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, ?)', @@ -244,7 +246,7 @@ function admin_user() $force_active = $user['force_active']; $user_source = User($user_id); if (in_array('admin_active', $privileges)) { - $force_active = $_REQUEST['force_active']; + $force_active = $request->input('force_active'); } $sql = ' UPDATE `User` SET @@ -255,7 +257,7 @@ function admin_user() `Handy` = ?, `Alter` =?, `DECT` = ?, - ' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($_POST["eemail"]) . ',' : '') . ' + ' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($request->post('eemail')) . ',' : '') . ' `jabber` = ?, `Size` = ?, `Gekommen`= ?, @@ -266,34 +268,34 @@ function admin_user() WHERE `UID` = ? LIMIT 1'; DB::update($sql, [ - $_POST['eNick'], - $_POST['eName'], - $_POST['eVorname'], - $_POST['eTelefon'], - $_POST['eHandy'], - $_POST['eAlter'], - $_POST['eDECT'], - $_POST['ejabber'], - $_POST['eSize'], - $_POST['eGekommen'], - $_POST['eAktiv'], + $request->post('eNick'), + $request->post('eName'), + $request->post('eVorname'), + $request->post('eTelefon'), + $request->post('eHandy'), + $request->post('eAlter'), + $request->post('eDECT'), + $request->post('ejabber'), + $request->post('eSize'), + $request->post('eGekommen'), + $request->post('eAktiv'), $force_active, - $_POST['eTshirt'], - $_POST['Hometown'], + $request->post('eTshirt'), + $request->post('Hometown'), $user_id, ]); engelsystem_log( - 'Updated user: ' . $_POST['eNick'] . ', ' . $_POST['eSize'] - . ', arrived: ' . $_POST['eGekommen'] - . ', active: ' . $_POST['eAktiv'] - . ', tshirt: ' . $_POST['eTshirt'] + 'Updated user: ' . $request->post('eNick') . ', ' . $request->post('eSize') + . ', arrived: ' . $request->post('eVorname') + . ', active: ' . $request->post('eAktiv') + . ', tshirt: ' . $request->post('eTshirt') ); $html .= success('Änderung wurde gespeichert...' . "\n", true); break; case 'change_pw': - if ($_REQUEST['new_pw'] != '' && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { - set_password($user_id, $_REQUEST['new_pw']); + if ($request->post('new_pw') != '' && $request->post('new_pw') == $request->post('new_pw2')) { + set_password($user_id, $request->post('new_pw')); $user_source = User($user_id); engelsystem_log('Set new password for ' . User_Nick_render($user_source)); $html .= success('Passwort neu gesetzt.', true); diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index 99970a01..858ced80 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -38,6 +38,7 @@ function guest_register() $enable_tshirt_size = config('enable_tshirt_size'); $min_password_length = config('min_password_length'); $event_config = EventConfig(); + $request = request(); $msg = ''; $nick = ''; @@ -73,11 +74,11 @@ function guest_register() } } - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { $valid = true; - if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) { - $nick = User_validate_Nick($_REQUEST['nick']); + if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 1) { + $nick = User_validate_Nick($request->input('nick')); if (count(DB::select('SELECT `UID` FROM `User` WHERE `Nick`=? LIMIT 1', [$nick])) > 0) { $valid = false; $msg .= error(sprintf(_('Your nick "%s" already exists.'), $nick), true); @@ -86,11 +87,11 @@ function guest_register() $valid = false; $msg .= error(sprintf( _('Your nick "%s" is too short (min. 2 characters).'), - User_validate_Nick($_REQUEST['nick']) + User_validate_Nick($request->input('nick')) ), true); } - if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { + if ($request->has('mail') && strlen(strip_request_item('mail')) > 0) { $mail = strip_request_item('mail'); if (!check_email($mail)) { $valid = false; @@ -101,15 +102,15 @@ function guest_register() $msg .= error(_('Please enter your e-mail.'), true); } - if (isset($_REQUEST['email_shiftinfo'])) { + if ($request->has('email_shiftinfo')) { $email_shiftinfo = true; } - if (isset($_REQUEST['email_by_human_allowed'])) { + if ($request->has('email_by_human_allowed')) { $email_by_human_allowed = true; } - if (isset($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { + if ($request->has('jabber') && strlen(strip_request_item('jabber')) > 0) { $jabber = strip_request_item('jabber'); if (!check_email($jabber)) { $valid = false; @@ -118,16 +119,16 @@ function guest_register() } if ($enable_tshirt_size) { - if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']]) && $_REQUEST['tshirt_size'] != '') { - $tshirt_size = $_REQUEST['tshirt_size']; + if ($request->has('tshirt_size') && isset($tshirt_sizes[$request->input('tshirt_size')])) { + $tshirt_size = $request->input('tshirt_size'); } else { $valid = false; $msg .= error(_('Please select your shirt size.'), true); } } - if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) { - if ($_REQUEST['password'] != $_REQUEST['password2']) { + if ($request->has('password') && strlen($request->post('password')) >= $min_password_length) { + if ($request->post('password') != $request->post('password2')) { $valid = false; $msg .= error(_('Your passwords don\'t match.'), true); } @@ -139,8 +140,8 @@ function guest_register() ), true); } - if (isset($_REQUEST['planned_arrival_date'])) { - $tmp = parse_date('Y-m-d H:i', $_REQUEST['planned_arrival_date'] . ' 00:00'); + if ($request->has('planned_arrival_date')) { + $tmp = parse_date('Y-m-d H:i', $request->input('planned_arrival_date') . ' 00:00'); $result = User_validate_planned_arrival_date($tmp); $planned_arrival_date = $result->getValue(); if (!$result->isValid()) { @@ -151,34 +152,34 @@ function guest_register() $selected_angel_types = []; foreach (array_keys($angel_types) as $angel_type_id) { - if (isset($_REQUEST['angel_types_' . $angel_type_id])) { + if ($request->has('angel_types_' . $angel_type_id)) { $selected_angel_types[] = $angel_type_id; } } // Trivia - if (isset($_REQUEST['lastname'])) { + if ($request->has('lastname')) { $lastName = strip_request_item('lastname'); } - if (isset($_REQUEST['prename'])) { + if ($request->has('prename')) { $preName = strip_request_item('prename'); } - if (isset($_REQUEST['age']) && preg_match('/^\d{0,4}$/', $_REQUEST['age'])) { + if ($request->has('age') && preg_match('/^\d{0,4}$/', $request->input('age'))) { $age = strip_request_item('age'); } - if (isset($_REQUEST['tel'])) { + if ($request->has('tel')) { $tel = strip_request_item('tel'); } - if (isset($_REQUEST['dect'])) { + if ($request->has('dect')) { $dect = strip_request_item('dect'); } - if (isset($_REQUEST['mobile'])) { + if ($request->has('mobile')) { $mobile = strip_request_item('mobile'); } - if (isset($_REQUEST['hometown'])) { + if ($request->has('hometown')) { $hometown = strip_request_item('hometown'); } - if (isset($_REQUEST['comment'])) { + if ($request->has('comment')) { $comment = strip_request_item_nl('comment'); } @@ -233,7 +234,7 @@ function guest_register() // Assign user-group and set password $user_id = DB::getPdo()->lastInsertId(); DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -2)', [$user_id]); - set_password($user_id, $_REQUEST['password']); + set_password($user_id, $request->post('password')); // Assign angel-types $user_angel_types_info = []; @@ -391,18 +392,18 @@ function guest_logout() function guest_login() { $nick = ''; - + $request = request(); unset($_SESSION['uid']); $valid = true; - if (isset($_REQUEST['submit'])) { - if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 0) { - $nick = User_validate_Nick($_REQUEST['nick']); + if ($request->has('submit')) { + if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 0) { + $nick = User_validate_Nick($request->input('nick')); $login_user = DB::select('SELECT * FROM `User` WHERE `Nick`=?', [$nick]); if (count($login_user) > 0) { $login_user = $login_user[0]; - if (isset($_REQUEST['password'])) { - if (!verify_password($_REQUEST['password'], $login_user['Passwort'], $login_user['UID'])) { + if ($request->has('password')) { + if (!verify_password($request->post('password'), $login_user['Passwort'], $login_user['UID'])) { $valid = false; error(_('Your password is incorrect. Please try it again.')); } @@ -487,6 +488,6 @@ function get_register_hint() ]); } - //FIXME: return error(_('Registration is disabled.'), true); + //@TODO: FIXME: return error(_('Registration is disabled.'), true); return error('Registration is disabled.', true); } diff --git a/includes/pages/guest_stats.php b/includes/pages/guest_stats.php index 6b6f0572..8aa6f740 100644 --- a/includes/pages/guest_stats.php +++ b/includes/pages/guest_stats.php @@ -5,9 +5,10 @@ use Engelsystem\Database\DB; function guest_stats() { $apiKey = config('api_key'); + $request = request(); - if (isset($_REQUEST['api_key'])) { - if ($_REQUEST['api_key'] == $apiKey && !empty($apiKey)) { + if ($request->has('api_key')) { + if (!empty($apiKey) && $request->input('api_key') == $apiKey) { $stats = []; list($user_count) = DB::select('SELECT count(*) AS `user_count` FROM `User`'); diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php index d7c77d52..a1e2580a 100644 --- a/includes/pages/user_atom.php +++ b/includes/pages/user_atom.php @@ -3,16 +3,17 @@ use Engelsystem\Database\DB; /** - * Publically available page to feed the news to feedreaders + * Publically available page to feed the news to feed readers */ function user_atom() { global $user; + $request = request(); - if (!isset($_REQUEST['key']) || !preg_match('/^[\da-f]{32}$/', $_REQUEST['key'])) { + if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { engelsystem_error('Missing key.'); } - $key = $_REQUEST['key']; + $key = $request->input('key'); $user = User_by_api_key($key); if ($user == null) { @@ -25,7 +26,7 @@ function user_atom() $news = DB::select(' SELECT * FROM `News` - ' . (empty($_REQUEST['meetings']) ? '' : 'WHERE `Treffen` = 1 ') . ' + ' . (!$request->has('meetings') ? '' : 'WHERE `Treffen` = 1 ') . ' ORDER BY `ID` DESC LIMIT ' . (int)config('display_news') ); diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php index ce474a9e..8d22c4eb 100644 --- a/includes/pages/user_ical.php +++ b/includes/pages/user_ical.php @@ -6,11 +6,12 @@ function user_ical() { global $user; + $request = request(); - if (!isset($_REQUEST['key']) || !preg_match('/^[\da-f]{32}$/', $_REQUEST['key'])) { + if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) { engelsystem_error('Missing key.'); } - $key = $_REQUEST['key']; + $key = $request->input('key'); $user = User_by_api_key($key); if ($user == null) { diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php index dd22cd66..a811970d 100644 --- a/includes/pages/user_messages.php +++ b/includes/pages/user_messages.php @@ -35,8 +35,9 @@ function user_unread_messages() function user_messages() { global $user; + $request = request(); - if (!isset($_REQUEST['action'])) { + if (!$request->has('action')) { $users = DB::select( 'SELECT `UID`, `Nick` FROM `User` WHERE NOT `UID`=? ORDER BY `Nick`', [$user['UID']] @@ -121,10 +122,10 @@ function user_messages() ], page_link_to('user_messages') . '&action=send') ]); } else { - switch ($_REQUEST['action']) { + switch ($request->input('action')) { case 'read': - if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { - $message_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $message_id = $request->input('id'); } else { return error(_('Incomplete call, missing Message ID.'), true); } @@ -145,8 +146,8 @@ function user_messages() break; case 'delete': - if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { - $message_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $message_id = $request->input('id'); } else { return error(_('Incomplete call, missing Message ID.'), true); } @@ -164,7 +165,8 @@ function user_messages() break; case 'send': - if (Message_send($_REQUEST['to'], $_REQUEST['text'])) { + // @TODO: Validation? + if (Message_send($request->input('to'), $request->input('text'))) { redirect(page_link_to('user_messages')); } else { return error(_('Transmitting was terminated with an Error.'), true); diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index 6048093a..14b5b8ee 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -18,14 +18,15 @@ function myshifts_title() function user_myshifts() { global $user, $privileges; + $request = request(); if ( - isset($_REQUEST['id']) + $request->has('id') && in_array('user_shifts_admin', $privileges) - && preg_match('/^\d{1,}$/', $_REQUEST['id']) - && count(DB::select('SELECT `UID` FROM `User` WHERE `UID`=?', [$_REQUEST['id']])) > 0 + && preg_match('/^\d{1,}$/', $request->input('id')) + && count(DB::select('SELECT `UID` FROM `User` WHERE `UID`=?', [$request->input('id')])) > 0 ) { - $user_id = $_REQUEST['id']; + $user_id = $request->input('id'); } else { $user_id = $user['UID']; } @@ -33,8 +34,8 @@ function user_myshifts() $shifts_user = DB::select('SELECT * FROM `User` WHERE `UID`=? LIMIT 1', [$user_id]); $shifts_user = array_shift($shifts_user); - if (isset($_REQUEST['reset'])) { - if ($_REQUEST['reset'] == 'ack') { + if ($request->has('reset')) { + if ($request->input('reset') == 'ack') { User_reset_api_key($user); success(_('Key changed.')); redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); @@ -46,8 +47,8 @@ function user_myshifts() ), button(page_link_to('user_myshifts') . '&reset=ack', _('Continue'), 'btn-danger') ]); - } elseif (isset($_REQUEST['edit']) && preg_match('/^\d*$/', $_REQUEST['edit'])) { - $user_id = $_REQUEST['edit']; + } elseif ($request->has('edit') && preg_match('/^\d*$/', $request->input('edit'))) { + $user_id = $request->input('edit'); $shift = DB::select(' SELECT `ShiftEntry`.`freeloaded`, @@ -77,10 +78,10 @@ function user_myshifts() $freeloaded = $shift['freeloaded']; $freeload_comment = $shift['freeload_comment']; - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { $valid = true; if (in_array('user_shifts_admin', $privileges)) { - $freeloaded = isset($_REQUEST['freeloaded']); + $freeloaded = $request->has('freeloaded'); $freeload_comment = strip_request_item_nl('freeload_comment'); if ($freeloaded && $freeload_comment == '') { $valid = false; @@ -128,8 +129,8 @@ function user_myshifts() } else { redirect(page_link_to('user_myshifts')); } - } elseif (isset($_REQUEST['cancel']) && preg_match('/^\d*$/', $_REQUEST['cancel'])) { - $user_id = $_REQUEST['cancel']; + } elseif ($request->has('cancel') && preg_match('/^\d*$/', $request->input('cancel'))) { + $user_id = $request->input('cancel'); $shift = DB::select(' SELECT * FROM `Shifts` diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index b1e337b6..9bdcb6fb 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -33,9 +33,10 @@ function user_meetings() { $display_news = config('display_news'); $html = '

' . meetings_title() . '

' . msg(); + $request = request(); - if (isset($_REQUEST['page']) && preg_match('/^\d{1,}$/', $_REQUEST['page'])) { - $page = $_REQUEST['page']; + if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) { + $page = $request->input('page'); } else { $page = 0; } @@ -56,9 +57,9 @@ function user_meetings() $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news); $html .= '
' . '
    '; for ($i = 0; $i < $dis_rows; $i++) { - if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) { + if ($request->has('page') && $i == $request->input('page')) { $html .= '
  • '; - } elseif (!isset($_REQUEST['page']) && $i == 0) { + } elseif (!$request->has('page') && $i == 0) { $html .= '
  • '; } else { $html .= '
  • '; @@ -116,17 +117,19 @@ function user_news_comments() { global $user; + $request = request(); + $html = '

    ' . user_news_comments_title() . '

    '; if ( - isset($_REQUEST['nid']) - && preg_match('/^\d{1,}$/', $_REQUEST['nid']) - && count(DB::select('SELECT `ID` FROM `News` WHERE `ID`=? LIMIT 1', [$_REQUEST['nid']])) > 0 + $request->has('nid') + && preg_match('/^\d{1,}$/', $request->input('nid')) + && count(DB::select('SELECT `ID` FROM `News` WHERE `ID`=? LIMIT 1', [$request->input('nid')])) > 0 ) { - $nid = $_REQUEST['nid']; + $nid = $request->input('nid'); $news = DB::select('SELECT * FROM `News` WHERE `ID`=? LIMIT 1', [$nid]); $news = array_shift($news); - if (isset($_REQUEST['text'])) { - $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); + if ($request->has('text')) { + $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($request->input('text'))); DB::insert(' INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`) VALUES (?, ?, ?, ?) @@ -179,12 +182,14 @@ function user_news() { global $privileges, $user; $display_news = config('display_news'); + $request = request(); $html = '

    ' . news_title() . '

    ' . msg(); - if (isset($_POST['text']) && isset($_POST['betreff']) && in_array('admin_news', $privileges)) { - if (!isset($_POST['treffen']) || !in_array('admin_news', $privileges)) { - $_POST['treffen'] = 0; + $isMeeting = $request->post('treffen'); + if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) { + if (!$request->has('treffen') || !in_array('admin_news', $privileges)) { + $isMeeting = 0; } DB::insert(' INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) @@ -192,19 +197,19 @@ function user_news() ', [ time(), - $_POST['betreff'], - $_POST['text'], + $request->post('betreff'), + $request->post('text'), $user['UID'], - $_POST['treffen'], + $isMeeting, ] ); - engelsystem_log('Created news: ' . $_POST['betreff'] . ', treffen: ' . $_POST['treffen']); + engelsystem_log('Created news: ' . $_POST['betreff'] . ', treffen: ' . $isMeeting); success(_('Entry saved.')); redirect(page_link_to('news')); } - if (isset($_REQUEST['page']) && preg_match('/^\d{1,}$/', $_REQUEST['page'])) { - $page = $_REQUEST['page']; + if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) { + $page = $request->input('page'); } else { $page = 0; } @@ -225,9 +230,9 @@ function user_news() $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news); $html .= '
    ' . '
      '; for ($i = 0; $i < $dis_rows; $i++) { - if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) { + if ($request->has('page') && $i == $request->input('page')) { $html .= '
    • '; - } elseif (!isset($_REQUEST['page']) && $i == 0) { + } elseif (!$request->has('page') && $i == 0) { $html .= '
    • '; } else { $html .= '
    • '; diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php index 5cb60db3..fdf76aee 100644 --- a/includes/pages/user_questions.php +++ b/includes/pages/user_questions.php @@ -16,8 +16,9 @@ function questions_title() function user_questions() { global $user; + $request = request(); - if (!isset($_REQUEST['action'])) { + if (!$request->has('action')) { $open_questions = DB::select( 'SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`=?', [$user['UID']] @@ -34,7 +35,7 @@ function user_questions() return Questions_view($open_questions, $answered_questions, page_link_to('user_questions') . '&action=ask'); } else { - switch ($_REQUEST['action']) { + switch ($request->input('action')) { case 'ask': $question = strip_request_item_nl('question'); if ($question != '') { @@ -56,8 +57,8 @@ function user_questions() } break; case 'delete': - if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { - $question_id = $_REQUEST['id']; + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $question_id = $request->input('id'); } else { return error(_('Incomplete call, missing Question ID.'), true); } diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index a2a486f4..69e5a7fb 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -21,9 +21,10 @@ function settings_title() function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) { $valid = true; + $request = request(); - if (isset($_REQUEST['mail'])) { - $result = User_validate_mail($_REQUEST['mail']); + if ($request->has('mail')) { + $result = User_validate_mail($request->input('mail')); $user_source['email'] = $result->getValue(); if (!$result->isValid()) { $valid = false; @@ -34,11 +35,11 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) error(_('Please enter your e-mail.')); } - $user_source['email_shiftinfo'] = isset($_REQUEST['email_shiftinfo']); - $user_source['email_by_human_allowed'] = isset($_REQUEST['email_by_human_allowed']); + $user_source['email_shiftinfo'] = $request->has('email_shiftinfo'); + $user_source['email_by_human_allowed'] = $request->has('email_by_human_allowed'); - if (isset($_REQUEST['jabber'])) { - $result = User_validate_jabber($_REQUEST['jabber']); + if ($request->has('jabber')) { + $result = User_validate_jabber($request->input('jabber')); $user_source['jabber'] = $result->getValue(); if (!$result->isValid()) { $valid = false; @@ -46,14 +47,14 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) } } - if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']])) { - $user_source['Size'] = $_REQUEST['tshirt_size']; + if ($request->has('tshirt_size') && isset($tshirt_sizes[$request->input('tshirt_size')])) { + $user_source['Size'] = $request->input('tshirt_size'); } elseif ($enable_tshirt_size) { $valid = false; } - if (isset($_REQUEST['planned_arrival_date'])) { - $tmp = parse_date('Y-m-d H:i', $_REQUEST['planned_arrival_date'] . ' 00:00'); + if ($request->has('planned_arrival_date')) { + $tmp = parse_date('Y-m-d H:i', $request->input('planned_arrival_date') . ' 00:00'); $result = User_validate_planned_arrival_date($tmp); $user_source['planned_arrival_date'] = $result->getValue(); if (!$result->isValid()) { @@ -62,8 +63,8 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) } } - if (isset($_REQUEST['planned_departure_date'])) { - $tmp = parse_date('Y-m-d H:i', $_REQUEST['planned_departure_date'] . ' 00:00'); + if ($request->has('planned_departure_date')) { + $tmp = parse_date('Y-m-d H:i', $request->input('planned_departure_date') . ' 00:00'); $result = User_validate_planned_departure_date($user_source['planned_arrival_date'], $tmp); $user_source['planned_departure_date'] = $result->getValue(); if (!$result->isValid()) { @@ -97,16 +98,17 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) */ function user_settings_password($user_source) { + $request = request(); if ( - !isset($_REQUEST['password']) - || !verify_password($_REQUEST['password'], $user_source['Passwort'], $user_source['UID']) + !$request->has('password') + || !verify_password($request->post('password'), $user_source['Passwort'], $user_source['UID']) ) { error(_('-> not OK. Please try again.')); - } elseif (strlen($_REQUEST['new_password']) < config('min_password_length')) { + } elseif (strlen($request->post('new_password')) < config('min_password_length')) { error(_('Your password is to short (please use at least 6 characters).')); - } elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) { + } elseif ($request->post('new_password') != $request->post('new_password2')) { error(_('Your passwords don\'t match.')); - } elseif (set_password($user_source['UID'], $_REQUEST['new_password'])) { + } elseif (set_password($user_source['UID'], $request->post('new_password'))) { success(_('Password saved.')); } else { error(_('Failed setting password.')); @@ -124,9 +126,10 @@ function user_settings_password($user_source) function user_settings_theme($user_source, $themes) { $valid = true; + $request = request(); - if (isset($_REQUEST['theme']) && isset($themes[$_REQUEST['theme']])) { - $user_source['color'] = $_REQUEST['theme']; + if ($request->has('theme') && isset($themes[$request->input('theme')])) { + $user_source['color'] = $request->input('theme'); } else { $valid = false; } @@ -160,9 +163,10 @@ function user_settings_theme($user_source, $themes) function user_settings_locale($user_source, $locales) { $valid = true; + $request = request(); - if (isset($_REQUEST['language']) && isset($locales[$_REQUEST['language']])) { - $user_source['Sprache'] = $_REQUEST['language']; + if ($request->has('language') && isset($locales[$request->input('language')])) { + $user_source['Sprache'] = $request->input('language'); } else { $valid = false; } @@ -195,6 +199,7 @@ function user_settings_locale($user_source, $locales) function user_settings() { global $themes, $user; + $request = request(); $enable_tshirt_size = config('enable_tshirt_size'); $tshirt_sizes = config('tshirt_sizes'); @@ -220,13 +225,13 @@ function user_settings() $user_source = $user; - if (isset($_REQUEST['submit'])) { + if ($request->has('submit')) { $user_source = user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes); - } elseif (isset($_REQUEST['submit_password'])) { + } elseif ($request->has('submit_password')) { user_settings_password($user_source); - } elseif (isset($_REQUEST['submit_theme'])) { + } elseif ($request->has('submit_theme')) { $user_source = user_settings_theme($user_source, $themes); - } elseif (isset($_REQUEST['submit_language'])) { + } elseif ($request->has('submit_language')) { $user_source = user_settings_locale($user_source, $locales); } diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index 55e49e4f..4dabdfb5 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -23,20 +23,21 @@ function shifts_title() function user_shifts() { global $user; + $request = request(); if (User_is_freeloader($user)) { redirect(page_link_to('user_myshifts')); } // Löschen einzelner Schicht-Einträge (Also Belegung einer Schicht von Engeln) durch Admins - if (isset($_REQUEST['entry_id'])) { + if ($request->has('entry_id')) { shift_entry_delete_controller(); return ''; - } elseif (isset($_REQUEST['edit_shift'])) { + } elseif ($request->has('edit_shift')) { return shift_edit_controller(); - } elseif (isset($_REQUEST['delete_shift'])) { + } elseif ($request->has('delete_shift')) { return shift_delete_controller(); - } elseif (isset($_REQUEST['shift_id'])) { + } elseif ($request->has('shift_id')) { return shift_entry_add_controller(); } return view_user_shifts(); diff --git a/includes/sys_page.php b/includes/sys_page.php index b2199988..501106ff 100644 --- a/includes/sys_page.php +++ b/includes/sys_page.php @@ -18,12 +18,14 @@ function check_request_datetime($date_name, $time_name, $allowed_days, $default_ { $time = date('H:i', $default_value); $day = date('Y-m-d', $default_value); + $request = request(); - if (isset($_REQUEST[$time_name]) && preg_match('#^\d{1,2}:\d\d$#', trim($_REQUEST[$time_name]))) { - $time = trim($_REQUEST[$time_name]); + if ($request->has($time_name) && preg_match('#^\d{1,2}:\d\d$#', trim($request->input($time_name)))) { + $time = trim($request->input($time_name)); } - if (isset($_REQUEST[$date_name]) && in_array($_REQUEST[$date_name], $allowed_days)) { - $day = $_REQUEST[$date_name]; + + if ($request->has($date_name) && in_array($request->input($date_name), $allowed_days)) { + $day = $request->input($date_name); } return parse_date('Y-m-d H:i', $day . ' ' . $time); @@ -94,8 +96,9 @@ function select_array($data, $key_name, $value_name) */ function check_request_int_array($name, $default = []) { - if (isset($_REQUEST[$name]) && is_array($_REQUEST[$name])) { - return array_filter($_REQUEST[$name], 'is_numeric'); + $request = request(); + if ($request->has($name) && is_array($request->input($name))) { + return array_filter($request->input($name), 'is_numeric'); } return $default; } @@ -111,10 +114,11 @@ function check_request_int_array($name, $default = []) */ function check_request_date($name, $error_message = null, $null_allowed = false) { - if (!isset($_REQUEST[$name])) { + $request = request(); + if (!$request->has($name)) { return new ValidationResult($null_allowed, null); } - return check_date($_REQUEST[$name], $error_message, $null_allowed); + return check_date($request->input($name), $error_message, $null_allowed); } /** @@ -148,8 +152,9 @@ function check_date($input, $error_message = null, $null_allowed = false) */ function strip_request_item($name, $default_value = null) { - if (isset($_REQUEST[$name])) { - return strip_item($_REQUEST[$name]); + $request = request(); + if ($request->has($name)) { + return strip_item($request->input($name)); } return $default_value; } @@ -163,8 +168,9 @@ function strip_request_item($name, $default_value = null) */ function test_request_int($name) { - if (isset($_REQUEST[$name])) { - return preg_match('/^\d*$/', $_REQUEST[$name]); + $request = request(); + if ($request->has($name)) { + return preg_match('/^\d*$/', $request->input($name)); } return false; } @@ -178,8 +184,9 @@ function test_request_int($name) */ function strip_request_item_nl($name, $default_value = null) { - if (isset($_REQUEST[$name])) { - return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($_REQUEST[$name])); + $request = request(); + if ($request->has($name)) { + return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($request->get($name))); } return $default_value; } diff --git a/includes/sys_template.php b/includes/sys_template.php index 7aa458b8..1d3943b7 100644 --- a/includes/sys_template.php +++ b/includes/sys_template.php @@ -335,11 +335,11 @@ function table_buttons($buttons = []) /** * Load and render template * - * @param string $file - * @param string $data + * @param string $file + * @param string[] $data * @return string */ -function template_render($file, $data) +function template_render($file, $data = []) { if (file_exists($file)) { $template = file_get_contents($file); diff --git a/public/index.php b/public/index.php index 895b4fe0..52f32438 100644 --- a/public/index.php +++ b/public/index.php @@ -24,24 +24,22 @@ $page = ''; $title = ''; $content = ''; -if (!isset($_REQUEST['p'])) { - $_REQUEST['p'] = isset($user) ? 'news' : 'login'; +$page = $request->input('p'); +if (empty($page)) { + $page = isset($user) ? 'news' : 'login'; } if ( - isset($_REQUEST['p']) - && preg_match('/^\w*$/i', $_REQUEST['p']) + preg_match('/^\w*$/i', $page) && ( - in_array($_REQUEST['p'], $free_pages) - || (isset($privileges) && in_array($_REQUEST['p'], $privileges)) + in_array($page, $free_pages) + || (isset($privileges) && in_array($page, $privileges)) ) ) { - $page = $_REQUEST['p']; - $title = $page; if ($page == 'api') { - error('Api disabled temporily.'); + error('Api disabled temporarily.'); redirect(page_link_to()); require_once realpath(__DIR__ . '/../includes/controller/api.php'); api_controller(); diff --git a/src/Http/Request.php b/src/Http/Request.php new file mode 100644 index 00000000..2efd1e1d --- /dev/null +++ b/src/Http/Request.php @@ -0,0 +1,110 @@ +request = $_POST; + $this->query = $_GET; + } + + /** + * Get GET input + * + * @param string $key + * @param mixed $default + * @return mixed + */ + public function get($key, $default = null) + { + if (!empty($this->query[$key])) { + return $this->query[$key]; + } + + return $default; + } + + /** + * Get POST input + * + * @param string $key + * @param mixed $default + * @return mixed + */ + public function post($key, $default = null) + { + if (!empty($this->request[$key])) { + return $this->request[$key]; + } + + return $default; + } + + /** + * Get input data + * + * @param string $key + * @param mixed $default + * @return mixed + */ + public function input($key, $default = null) + { + $data = $this->request + $this->query; + + if (!empty($data[$key])) { + return $data[$key]; + } + + return $default; + } + + /** + * Checks if the input exists + * + * @param string $key + * @return bool + */ + public function has($key) + { + $value = $this->input($key); + + return !empty($value); + } + + /** + * @return self + * @throws ErrorException + */ + public static function getInstance() + { + if (!self::$instance instanceof self) { + throw new ErrorException('Request not initialized'); + } + + return self::$instance; + } + + /** + * @param self $instance + */ + public static function setInstance($instance) + { + self::$instance = $instance; + } +} diff --git a/src/helpers.php b/src/helpers.php index aeb256e9..a410b27e 100644 --- a/src/helpers.php +++ b/src/helpers.php @@ -2,6 +2,7 @@ // Some useful functions use Engelsystem\Config\Config; +use Engelsystem\Http\Request; /** * Get or set config values @@ -22,3 +23,19 @@ function config($key = null, $default = null) return Config::getInstance()->get($key, $default); } + +/** + * @param string $key + * @param mixed $default + * @return Request|mixed + */ +function request($key = null, $default = null) +{ + $request = Request::getInstance(); + + if (is_null($key)) { + return $request; + } + + return $request->input($key, $default); +} From 6cfd309bef050fbf9b9e2eba0af32962485f840a Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Wed, 19 Jul 2017 11:48:28 +0200 Subject: [PATCH 2/3] Changed recommended PHP Version to >= 7.0 --- README.md | 4 ++-- composer.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index aa418e4f..fdd20df7 100644 --- a/README.md +++ b/README.md @@ -8,8 +8,8 @@ Please visit https://engelsystem.de for a feature list. ## Installation ### Requirements: - * PHP 5.4.x (cgi-fcgi) - * MySQL-Server 5.5.x + * PHP >= 5.6.4, PHP >= 7.0.0 recommended + * MySQL-Server >= 5.5.x * Webserver, i.e. lighttpd, nginx, or Apache ### Directions: diff --git a/composer.json b/composer.json index 0605bcf3..d2e0108b 100644 --- a/composer.json +++ b/composer.json @@ -14,7 +14,7 @@ } ], "require": { - "php": ">=5.4", + "php": ">=5.6.4", "erusev/parsedown": "1.6.*", "twbs/bootstrap": "^3.3" }, From b7ebb05b8e71b391b6b029fceb5a2d00ff27004c Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Thu, 20 Jul 2017 01:03:59 +0200 Subject: [PATCH 3/3] Passwords should be posted --- includes/controller/users_controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 96e2c81b..b747cc83 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -68,7 +68,7 @@ function user_delete_controller() if ( !( $request->has('password') - && verify_password($request->input('password'), $user['Passwort'], $user['UID']) + && verify_password($request->post('password'), $user['Passwort'], $user['UID']) ) ) { $valid = false;