From d9066bbe5753dab604d925fe3a9f394d16c26dbf Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Mon, 4 Nov 2024 10:07:42 +0000
Subject: [PATCH] remove Request::quoted() and Request::quotedArray(), fixes
#4799
Closes #4799
Merge request studip/studip!3589
---
app/controllers/admin/ilias_interface.php | 2 +-
app/controllers/course/ilias_interface.php | 2 +-
app/controllers/course/members.php | 6 +-
app/controllers/shared/log_event.php | 2 +-
lib/classes/Request.php | 59 -------------------
public/activate_email.php | 10 ++--
.../lib/classes/RequestParametersTest.php | 12 ----
7 files changed, 13 insertions(+), 80 deletions(-)
diff --git a/app/controllers/admin/ilias_interface.php b/app/controllers/admin/ilias_interface.php
index 3bfebae660f..d0e59ea7775 100644
--- a/app/controllers/admin/ilias_interface.php
+++ b/app/controllers/admin/ilias_interface.php
@@ -104,7 +104,7 @@ class Admin_IliasInterfaceController extends AuthenticatedController
//store config entry
Config::get()->store('ILIAS_INTERFACE_BASIC_SETTINGS', $this->ilias_interface_config);
- Config::get()->store('ILIAS_INTERFACE_MODULETITLE', Request::quoted('ilias_interface_moduletitle'));
+ Config::get()->store('ILIAS_INTERFACE_MODULETITLE', Request::get('ilias_interface_moduletitle'));
PageLayout::postSuccess(_('Einstellungen wurden gespeichert.'));
}
$this->redirect($this->url_for('admin/ilias_interface'));
diff --git a/app/controllers/course/ilias_interface.php b/app/controllers/course/ilias_interface.php
index 767cce1a3be..0786944f208 100644
--- a/app/controllers/course/ilias_interface.php
+++ b/app/controllers/course/ilias_interface.php
@@ -292,7 +292,7 @@ class Course_IliasInterfaceController extends AuthenticatedController
if ($mode === 'search') {
$this->keep_dialog = true;
// perform search
- $this->ilias_search = Request::quoted('ilias_search');
+ $this->ilias_search = Request::get('ilias_search');
if (mb_strlen($this->ilias_search) > 2) {
$this->ilias_modules = $this->ilias->searchModules($this->ilias_search);
foreach ($this->ilias_modules as $search_module_id => $search_module_object) {
diff --git a/app/controllers/course/members.php b/app/controllers/course/members.php
index d0d44050acc..77142dd8995 100644
--- a/app/controllers/course/members.php
+++ b/app/controllers/course/members.php
@@ -655,7 +655,11 @@ class Course_MembersController extends AuthenticatedController
if (Request::get('csv_import_format') && !in_array(Request::get('csv_import_format'), words('realname username email'))) {
foreach (DataField::getDataFields('user', 1 | 2 | 4 | 8, true) as $df) {
- if ($df->accessAllowed() && in_array($df->getId(), $GLOBALS['TEILNEHMER_IMPORT_DATAFIELDS']) && $df->getId() == Request::quoted('csv_import_format')) {
+ if (
+ $df->accessAllowed()
+ && in_array($df->getId(), $GLOBALS['TEILNEHMER_IMPORT_DATAFIELDS'])
+ && $df->getId() == Request::get('csv_import_format')
+ ) {
$datafield_id = $df->getId();
break;
}
diff --git a/app/controllers/shared/log_event.php b/app/controllers/shared/log_event.php
index 3d8af7ee4cd..923a462f09b 100644
--- a/app/controllers/shared/log_event.php
+++ b/app/controllers/shared/log_event.php
@@ -26,7 +26,7 @@ class Shared_LogEventController extends MVVController
$event_log = new EventLog();
$this->start = (int) Request::int('start');
- $this->format = Request::quoted('format');
+ $this->format = Request::option('format');
$this->num_entries = 0;
$this->log_events = [];
diff --git a/lib/classes/Request.php b/lib/classes/Request.php
index a49f607f4cb..4c8697e06fe 100644
--- a/lib/classes/Request.php
+++ b/lib/classes/Request.php
@@ -215,28 +215,6 @@ class Request implements ArrayAccess, IteratorAggregate
return $value;
}
- /**
- * Return the value of the selected query parameter as a string.
- * The contents of the string is quoted with addslashes().
- *
- * @param string $param parameter name
- * @param string $default default value if parameter is not set
- *
- * @return string parameter value as string (if set), else NULL
- *
- * @deprecated since Stud.IP 6.0
- */
- public static function quoted($param, $default = NULL)
- {
- $value = self::get($param, $default);
-
- if (isset($value)) {
- $value = addslashes($value);
- }
-
- return $value;
- }
-
/**
* Return the value of the selected query parameter as an alphanumeric
* string (consisting of only digits, letters and underscores).
@@ -475,22 +453,6 @@ class Request implements ArrayAccess, IteratorAggregate
: [];
}
- /**
- * Return the value of the selected query parameter as a string array.
- * The contents of each element is quoted with addslashes().
- *
- * @param string $param parameter name
- *
- * @return array parameter value as array (if set), else an empty array
- * @deprecated since Stud.IP 6.0
- */
- public static function quotedArray($param)
- {
- $array = self::getArray($param);
-
- return self::addslashes($array);
- }
-
/**
* Return the value of the selected query parameter as an array of
* alphanumeric strings (consisting of only digits, letters and
@@ -645,27 +607,6 @@ class Request implements ArrayAccess, IteratorAggregate
return FALSE;
}
- /**
- * Quote a given string or array using addslashes(). If the parameter
- * is an array, the quoting is applied recursively.
- *
- * @param mixed $value string or array value to be quoted
- *
- * @return mixed quoted string or array
- */
- public static function addslashes($value)
- {
- if (is_array($value)) {
- foreach ($value as $key => $val) {
- $value[$key] = self::addslashes($val);
- }
- } else {
- $value = addslashes($value);
- }
-
- return $value;
- }
-
/**
* Returns the (uppercase) request method.
*
diff --git a/public/activate_email.php b/public/activate_email.php
index 6f39a72d23e..25e70f31b4a 100644
--- a/public/activate_email.php
+++ b/public/activate_email.php
@@ -41,7 +41,7 @@ function reenter_mail() {
function mail_explain() {
echo '<form action="' . URLHelper::getLink() . '" method="post" class="default">';
echo '<fieldset>';
- echo '<legend>' . _('Sie haben Ihre E-Mail-Adresse geändert.
+ echo '<legend>' . _('Sie haben Ihre E-Mail-Adresse geändert.
Um diese frei zu schalten müssen Sie den Ihnen an Ihre neue Adresse zugeschickten Aktivierungs Schlüssel im unten stehenden Eingabefeld eintragen.') . '</legend>';
echo CSRFProtection::tokenTag();
echo '<label>' . _('Aktivierungs Schlüssel')
@@ -71,8 +71,8 @@ if(Request::get('key') !== null) {
$sth->execute([$uid]);
$result = $sth->fetch();
$key = $result['validation_key'];
-
- if(Request::quoted('key') == $key) {
+
+ if(Request::get('key') == $key) {
$sth = $db->prepare("UPDATE auth_user_md5 SET validation_key='' WHERE user_id=?");
$sth->execute([$uid]);
unset($_SESSION['semi_logged_in']);
@@ -102,10 +102,10 @@ if(Request::get('key') !== null) {
if(Request::get('email1') == Request::get('email2')) {
// change mail
$tmp_user = User::find(Request::option('uid'));
- if($tmp_user && $tmp_user->changeEmail(Request::quoted('email1'), true)) {
+ if($tmp_user && $tmp_user->changeEmail(Request::get('email1'), true)) {
$_SESSION['semi_logged_in'] = False;
}
-
+
} else {
PageLayout::postError(_('Die eingegebenen E-Mail-Adressen stimmen nicht überein. Bitte überprüfen Sie Ihre Eingabe.'));
}
diff --git a/tests/unit/lib/classes/RequestParametersTest.php b/tests/unit/lib/classes/RequestParametersTest.php
index 49f8098e8cb..3da20b22e0b 100644
--- a/tests/unit/lib/classes/RequestParametersTest.php
+++ b/tests/unit/lib/classes/RequestParametersTest.php
@@ -74,7 +74,6 @@ class RequestParametersTest extends Codeception\Test\Unit
/**
* @covers Request::get
- * @covers Request::quoted
*/
public function testStringParam ()
{
@@ -85,11 +84,6 @@ class RequestParametersTest extends Codeception\Test\Unit
$this->assertSame(Request::get('c'), '-23');
$this->assertSame(Request::get('d'), '12.7');
$this->assertNull(Request::get('v2'));
-
- $this->assertNull(Request::quoted('null'));
- $this->assertSame(Request::quoted('null', 'foo'), 'foo');
- $this->assertSame(Request::quoted('b'), '\\\\h1\\"');
- $this->assertNull(Request::quoted('v2'));
}
/**
@@ -159,7 +153,6 @@ class RequestParametersTest extends Codeception\Test\Unit
/**
* @covers Request::getArray
- * @covers Request::quotedArray
*/
public function testStringArrayParam ()
{
@@ -167,11 +160,6 @@ class RequestParametersTest extends Codeception\Test\Unit
$this->assertSame(Request::getArray('b'), []);
$this->assertSame(Request::getArray('v1'), ['1', '2.4', '3,7']);
$this->assertSame(Request::getArray('v2'), ['on\'e', 'two', 'thr33']);
-
- $this->assertSame(Request::quotedArray('null'), []);
- $this->assertSame(Request::quotedArray('b'), []);
- $this->assertSame(Request::quotedArray('v1'), ['1', '2.4', '3,7']);
- $this->assertSame(Request::quotedArray('v2'), ['on\\\'e', 'two', 'thr33']);
}
/**
--
GitLab