Deprecate auto sanitize of API parameters & Common::getRequestVar and introduce Request class (#19624)

* Introduce new API property to disable autosanitizing

* Adds new getRequestParam method to replace getRequestVar somewhen

* use new method in some places

* Introduce new request class instead of Common::getRequestParam

* Improve Request class and add tests

* Adds changelog

* clean up api proxy

* code improvements

* Added doc blocks

* filter null byte values

* update tests

* update changelog

1 files changed, 3 insertions, 3 deletions

diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php
index 7f0b183902..0c2084a98a 100644
--- a/plugins/Login/Controller.php
+++ b/plugins/Login/Controller.php
@@ -27,6 +27,7 @@ use Piwik\Plugins\PrivacyManager\SystemSettings;
 use Piwik\Plugins\UsersManager\Model as UsersModel;
 use Piwik\Plugins\UsersManager\UsersManager;
 use Piwik\QuickForm2;
+use Piwik\Request;
 use Piwik\Session;
 use Piwik\Session\SessionInitializer;
 use Piwik\Url;
@@ -341,9 +342,8 @@ class Controller extends \Piwik\Plugin\ControllerAdmin
         }
 
         if (empty($urlToRedirect)) {
-            $redirect = Common::unsanitizeInputValue(Common::getRequestVar('form_redirect', false));
-            $redirectParams = UrlHelper::getArrayFromQueryString(UrlHelper::getQueryFromUrl($redirect));
-            $module = Common::getRequestVar('module', '', 'string', $redirectParams);
+            $redirect = Request::fromRequest()->getStringParameter('form_redirect', '');
+            $module = Request::fromQueryString(UrlHelper::getQueryFromUrl($redirect))->getStringParameter('module', '');
             // when module is login, we redirect to home...
             if (!empty($module) && $module !== 'Login' && $module !== Piwik::getLoginPluginName() && $redirect) {
                 $host = Url::getHostFromUrl($redirect);