diff options
| author | Stefan Giehl <stefan@matomo.org> | 2022-10-06 12:46:04 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-06 12:46:04 +0300 |
| commit | 41ddfc279a85103a6b927177ef520c7c49502b25 (patch) | |
| tree | b1cf319edcb4410d6719c0ea3939c9bad45ebf2e /plugins/CoreAdminHome | |
| parent | b2449c63360084bbb33db5703a2bcab180124c56 (diff) | |
Deprecate auto sanitize of API parameters & Common::getRequestVar and introduce Request class (#19624)
* Introduce new API property to disable autosanitizing
* Adds new getRequestParam method to replace getRequestVar somewhen
* use new method in some places
* Introduce new request class instead of Common::getRequestParam
* Improve Request class and add tests
* Adds changelog
* clean up api proxy
* code improvements
* Added doc blocks
* filter null byte values
* update tests
* update changelog
Diffstat (limited to 'plugins/CoreAdminHome')
| -rw-r--r-- | plugins/CoreAdminHome/Controller.php | 18 | ||||
| -rw-r--r-- | plugins/CoreAdminHome/OptOutManager.php | 9 |
2 files changed, 15 insertions, 12 deletions
diff --git a/plugins/CoreAdminHome/Controller.php b/plugins/CoreAdminHome/Controller.php index 4af369a7ae..cf1ce5fb70 100644 --- a/plugins/CoreAdminHome/Controller.php +++ b/plugins/CoreAdminHome/Controller.php @@ -25,6 +25,7 @@ use Piwik\Plugins\CustomVariables\CustomVariables; use Piwik\Plugins\LanguagesManager\LanguagesManager; use Piwik\Plugins\PrivacyManager\DoNotTrackHeaderChecker; use Piwik\Plugins\SitesManager\API as APISitesManager; +use Piwik\Request; use Piwik\Site; use Piwik\Translation\Translator; use Piwik\Url; @@ -154,20 +155,21 @@ class Controller extends ControllerAdmin $this->checkTokenInUrl(); // Update email settings - $mail = array(); - $mail['transport'] = (Common::getRequestVar('mailUseSmtp') == '1') ? 'smtp' : ''; - $mail['port'] = Common::getRequestVar('mailPort', ''); - $mail['host'] = Common::unsanitizeInputValue(Common::getRequestVar('mailHost', '')); - $mail['type'] = Common::getRequestVar('mailType', ''); - $mail['username'] = Common::unsanitizeInputValue(Common::getRequestVar('mailUsername', '')); - $mail['password'] = Common::unsanitizeInputValue(Common::getRequestVar('mailPassword', '')); + $request = Request::fromRequest(); + $mail = []; + $mail['transport'] = $request->getBoolParameter('mailUseSmtp') ? 'smtp' : ''; + $mail['port'] = $request->getStringParameter('mailPort', ''); + $mail['host'] = $request->getStringParameter('mailHost', ''); + $mail['type'] = $request->getStringParameter('mailType', ''); + $mail['username'] = $request->getStringParameter('mailUsername', ''); + $mail['password'] = $request->getStringParameter('mailPassword', ''); if (!array_key_exists('mailPassword', $_POST) && Config::getInstance()->mail['host'] === $mail['host']) { // use old password if it wasn't set in request (and the host wasn't changed) $mail['password'] = Config::getInstance()->mail['password']; } - $mail['encryption'] = Common::getRequestVar('mailEncryption', ''); + $mail['encryption'] = $request->getStringParameter('mailEncryption', ''); Config::getInstance()->mail = $mail; diff --git a/plugins/CoreAdminHome/OptOutManager.php b/plugins/CoreAdminHome/OptOutManager.php index 927e3ad630..90c0b66943 100644 --- a/plugins/CoreAdminHome/OptOutManager.php +++ b/plugins/CoreAdminHome/OptOutManager.php @@ -14,6 +14,7 @@ use Piwik\Piwik; use Piwik\Plugins\LanguagesManager\API as APILanguagesManager; use Piwik\Plugins\LanguagesManager\LanguagesManager; use Piwik\Plugins\PrivacyManager\DoNotTrackHeaderChecker; +use Piwik\Request; use Piwik\Tracker\IgnoreCookie; use Piwik\Url; use Piwik\View; @@ -609,10 +610,10 @@ JS; private function optOutStyling(?string $fontSize = null, ?string $fontColor = null, ?string $fontFamily = null, ?string $backgroundColor = null, bool $noBody = false): string { - $cssfontsize = ($fontSize ? : Common::unsanitizeInputValue(Common::getRequestVar('fontSize', false, 'string'))); - $cssfontcolour = ($fontColor ? : Common::unsanitizeInputValue(Common::getRequestVar('fontColor', false, 'string'))); - $cssfontfamily = ($fontFamily ? : Common::unsanitizeInputValue(Common::getRequestVar('fontFamily', false, 'string'))); - $cssbackgroundcolor = ($backgroundColor ? : Common::unsanitizeInputValue(Common::getRequestVar('backgroundColor', false, 'string'))); + $cssfontsize = ($fontSize ? : Request::fromRequest()->getStringParameter('fontSize', '')); + $cssfontcolour = ($fontColor ? : Request::fromRequest()->getStringParameter('fontColor', '')); + $cssfontfamily = ($fontFamily ? : Request::fromRequest()->getStringParameter('fontFamily', '')); + $cssbackgroundcolor = ($backgroundColor ? : Request::fromRequest()->getStringParameter('backgroundColor', '')); if (!$noBody) { $cssbody = 'body { '; |