remove Request::quoted() and Request::quotedArray(), fixes #4799

Closes #4799

Merge request studip/studip!3589

app/controllers/admin/ilias_interface.php

@@ -104,7 +104,7 @@ class Admin_IliasInterfaceController extends AuthenticatedController
 
             //store config entry
             Config::get()->store('ILIAS_INTERFACE_BASIC_SETTINGS', $this->ilias_interface_config);
-            Config::get()->store('ILIAS_INTERFACE_MODULETITLE', Request::quoted('ilias_interface_moduletitle'));
+            Config::get()->store('ILIAS_INTERFACE_MODULETITLE', Request::get('ilias_interface_moduletitle'));
             PageLayout::postSuccess(_('Einstellungen wurden gespeichert.'));
         }
         $this->redirect($this->url_for('admin/ilias_interface'));

app/controllers/course/ilias_interface.php

@@ -292,7 +292,7 @@ class Course_IliasInterfaceController extends AuthenticatedController
             if ($mode === 'search') {
                 $this->keep_dialog = true;
                 // perform search
-                $this->ilias_search = Request::quoted('ilias_search');
+                $this->ilias_search = Request::get('ilias_search');
                 if (mb_strlen($this->ilias_search) > 2) {
                     $this->ilias_modules = $this->ilias->searchModules($this->ilias_search);
                     foreach ($this->ilias_modules as $search_module_id => $search_module_object) {

app/controllers/course/members.php

@@ -655,7 +655,11 @@ class Course_MembersController extends AuthenticatedController
 
         if (Request::get('csv_import_format') && !in_array(Request::get('csv_import_format'), words('realname username email'))) {
             foreach (DataField::getDataFields('user', 1 | 2 | 4 | 8, true) as $df) {
-                if ($df->accessAllowed() && in_array($df->getId(), $GLOBALS['TEILNEHMER_IMPORT_DATAFIELDS']) && $df->getId() == Request::quoted('csv_import_format')) {
+                if (
+                    $df->accessAllowed()
+                    && in_array($df->getId(), $GLOBALS['TEILNEHMER_IMPORT_DATAFIELDS'])
+                    && $df->getId() == Request::get('csv_import_format')
+                ) {
                     $datafield_id = $df->getId();
                     break;
                 }

app/controllers/shared/log_event.php

@@ -26,7 +26,7 @@ class Shared_LogEventController extends MVVController
         $event_log = new EventLog();
 
         $this->start = (int) Request::int('start');
-        $this->format = Request::quoted('format');
+        $this->format = Request::option('format');
         $this->num_entries = 0;
         $this->log_events = [];
 

lib/classes/Request.php

@@ -215,28 +215,6 @@ class Request implements ArrayAccess, IteratorAggregate
         return $value;
     }
 
-    /**
-     * Return the value of the selected query parameter as a string.
-     * The contents of the string is quoted with addslashes().
-     *
-     * @param string $param    parameter name
-     * @param string $default  default value if parameter is not set
-     *
-     * @return string  parameter value as string (if set), else NULL
-     *
-     * @deprecated since Stud.IP 6.0
-     */
-    public static function quoted($param, $default = NULL)
-    {
-        $value = self::get($param, $default);
-
-        if (isset($value)) {
-            $value = addslashes($value);
-        }
-
-        return $value;
-    }
-
     /**
      * Return the value of the selected query parameter as an alphanumeric
      * string (consisting of only digits, letters and underscores).
@@ -475,22 +453,6 @@ class Request implements ArrayAccess, IteratorAggregate
             : [];
     }
 
-    /**
-     * Return the value of the selected query parameter as a string array.
-     * The contents of each element is quoted with addslashes().
-     *
-     * @param string $param    parameter name
-     *
-     * @return array  parameter value as array (if set), else an empty array
-     * @deprecated since Stud.IP 6.0
-     */
-    public static function quotedArray($param)
-    {
-        $array = self::getArray($param);
-
-        return self::addslashes($array);
-    }
-
     /**
      * Return the value of the selected query parameter as an array of
      * alphanumeric strings (consisting of only digits, letters and
@@ -645,27 +607,6 @@ class Request implements ArrayAccess, IteratorAggregate
         return FALSE;
     }
 
-    /**
-     * Quote a given string or array using addslashes(). If the parameter
-     * is an array, the quoting is applied recursively.
-     *
-     * @param mixed $value    string or array value to be quoted
-     *
-     * @return mixed  quoted string or array
-     */
-    public static function addslashes($value)
-    {
-        if (is_array($value)) {
-            foreach ($value as $key => $val) {
-                $value[$key] = self::addslashes($val);
-            }
-        } else {
-            $value = addslashes($value);
-        }
-
-        return $value;
-    }
-
     /**
      * Returns the (uppercase) request method.
      *

public/activate_email.php

@@ -41,7 +41,7 @@ function reenter_mail() {
 function mail_explain() {
     echo '<form action="' . URLHelper::getLink() . '" method="post" class="default">';
     echo '<fieldset>';
-    echo '<legend>' .  _('Sie haben Ihre E-Mail-Adresse geändert. 
+    echo '<legend>' .  _('Sie haben Ihre E-Mail-Adresse geändert.
     Um diese frei zu schalten müssen Sie den Ihnen an Ihre neue Adresse zugeschickten Aktivierungs Schlüssel im unten stehenden Eingabefeld eintragen.') . '</legend>';
     echo CSRFProtection::tokenTag();
     echo '<label>' . _('Aktivierungs Schlüssel')
@@ -71,8 +71,8 @@ if(Request::get('key') !== null) {
     $sth->execute([$uid]);
     $result = $sth->fetch();
     $key = $result['validation_key'];
-    
-    if(Request::quoted('key') == $key) {
+
+    if(Request::get('key') == $key) {
         $sth = $db->prepare("UPDATE auth_user_md5 SET validation_key='' WHERE user_id=?");
         $sth->execute([$uid]);
         unset($_SESSION['semi_logged_in']);
@@ -102,10 +102,10 @@ if(Request::get('key') !== null) {
     if(Request::get('email1') == Request::get('email2')) {
         // change mail
         $tmp_user = User::find(Request::option('uid'));
-        if($tmp_user && $tmp_user->changeEmail(Request::quoted('email1'), true)) {
+        if($tmp_user && $tmp_user->changeEmail(Request::get('email1'), true)) {
             $_SESSION['semi_logged_in'] = False;
         }
-        
+
     } else {
         PageLayout::postError(_('Die eingegebenen E-Mail-Adressen stimmen nicht überein. Bitte überprüfen Sie Ihre Eingabe.'));
     }

tests/unit/lib/classes/RequestParametersTest.php

@@ -74,7 +74,6 @@ class RequestParametersTest extends Codeception\Test\Unit
 
     /**
      * @covers Request::get
-     * @covers Request::quoted
      */
     public function testStringParam ()
     {
@@ -85,11 +84,6 @@ class RequestParametersTest extends Codeception\Test\Unit
         $this->assertSame(Request::get('c'), '-23');
         $this->assertSame(Request::get('d'), '12.7');
         $this->assertNull(Request::get('v2'));
-
-        $this->assertNull(Request::quoted('null'));
-        $this->assertSame(Request::quoted('null', 'foo'), 'foo');
-        $this->assertSame(Request::quoted('b'), '\\\\h1\\"');
-        $this->assertNull(Request::quoted('v2'));
     }
 
     /**
@@ -159,7 +153,6 @@ class RequestParametersTest extends Codeception\Test\Unit
 
     /**
      * @covers Request::getArray
-     * @covers Request::quotedArray
      */
     public function testStringArrayParam ()
     {
@@ -167,11 +160,6 @@ class RequestParametersTest extends Codeception\Test\Unit
         $this->assertSame(Request::getArray('b'), []);
         $this->assertSame(Request::getArray('v1'), ['1', '2.4', '3,7']);
         $this->assertSame(Request::getArray('v2'), ['on\'e', 'two', 'thr33']);
-
-        $this->assertSame(Request::quotedArray('null'), []);
-        $this->assertSame(Request::quotedArray('b'), []);
-        $this->assertSame(Request::quotedArray('v1'), ['1', '2.4', '3,7']);
-        $this->assertSame(Request::quotedArray('v2'), ['on\\\'e', 'two', 'thr33']);
     }
 
     /**