diff options
51 files changed, 905 insertions, 566 deletions
diff --git a/composer.json b/composer.json index d2e0108b..e6d20108 100644 --- a/composer.json +++ b/composer.json @@ -16,10 +16,11 @@ "require": { "php": ">=5.6.4", "erusev/parsedown": "1.6.*", - "twbs/bootstrap": "^3.3" + "twbs/bootstrap": "^3.3", + "symfony/http-foundation": "^3.3" }, "require-dev": { - "phpunit/phpunit": "^6.2" + "phpunit/phpunit": "^6.3" }, "autoload": { "psr-4": { diff --git a/config/config.default.php b/config/config.default.php index ffa030db..a0303b15 100644 --- a/config/config.default.php +++ b/config/config.default.php @@ -55,7 +55,7 @@ return [ // Blowfish '$2y$13' // SHA-256 '$5$rounds=5000' // SHA-512 '$6$rounds=5000' - 'crypt_alg' => '$6$rounds=5000', // SHA-512 + 'crypt_alg' => '$6$rounds=5000', 'min_password_length' => 8, diff --git a/db/update.sql b/db/update.sql index dd203a86..5d93e230 100644 --- a/db/update.sql +++ b/db/update.sql @@ -8,19 +8,23 @@ ALTER TABLE `User` ADD COLUMN `email_by_human_allowed` BOOLEAN NOT NULL; -- No Self Sign Up for some Angel Types ALTER TABLE AngelTypes ADD no_self_signup TINYINT(1) NOT NULL; -ALTER TABLE `AngelTypes` - ADD `contact_user_id` INT NULL, - ADD `contact_name` VARCHAR(250) NULL, - ADD `contact_dect` VARCHAR(5) NULL, - ADD `contact_email` VARCHAR(250) NULL, +ALTER TABLE `AngelTypes` + ADD `contact_user_id` INT NULL, + ADD `contact_name` VARCHAR(250) NULL, + ADD `contact_dect` VARCHAR(5) NULL, + ADD `contact_email` VARCHAR(250) NULL, ADD INDEX (`contact_user_id`); -ALTER TABLE `AngelTypes` +ALTER TABLE `AngelTypes` ADD FOREIGN KEY (`contact_user_id`) REFERENCES `User`(`UID`) ON DELETE SET NULL ON UPDATE CASCADE; - INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES (NULL, 'shiftentry_edit_angeltype_supporter', 'If user with this privilege is angeltype supporter, he can put users in shifts for their angeltype'); - -- DB Performance ALTER TABLE `Shifts` ADD INDEX(`start`); -ALTER TABLE `NeededAngelTypes` ADD INDEX(`count`);
\ No newline at end of file +ALTER TABLE `NeededAngelTypes` ADD INDEX(`count`); + +-- Security +UPDATE `Groups` SET UID = UID * 10; +INSERT INTO `Groups` (Name, UID) VALUES ('News Admin', -65); +INSERT INTO `Privileges` (id, name, `desc`) VALUES (42, 'admin_news_html', 'Use HTML in news'); +INSERT INTO `GroupPrivileges` (group_id, privilege_id) VALUES (-65, 14), (-65, 42); diff --git a/includes/autoload.php b/includes/autoload.php new file mode 100644 index 00000000..f51f89e4 --- /dev/null +++ b/includes/autoload.php @@ -0,0 +1,9 @@ +<?php + +// Check for autoloader +if (!is_readable(__DIR__ . '/../vendor/autoload.php')) { + die('Please run composer.phar install'); +} + +// Include composer autoloader +require_once __DIR__ . '/../vendor/autoload.php'; diff --git a/includes/controller/angeltypes_controller.php b/includes/controller/angeltypes_controller.php index 58fadd5c..8c1cbe5d 100644 --- a/includes/controller/angeltypes_controller.php +++ b/includes/controller/angeltypes_controller.php @@ -42,7 +42,7 @@ function angeltypes_controller() */ function angeltype_link($angeltype_id) { - return page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype_id; + return page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype_id]); } /** @@ -127,7 +127,7 @@ function angeltype_edit_controller() if (!$supporter_mode) { if ($request->has('name')) { - $result = AngelType_validate_name($request->input('name'), $angeltype); + $result = AngelType_validate_name($request->postData('name'), $angeltype); $angeltype['name'] = $result->getValue(); if (!$result->isValid()) { $valid = false; @@ -211,17 +211,21 @@ function angeltypes_list_controller() foreach ($angeltypes as &$angeltype) { $actions = [ - button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('view'), 'btn-xs') + button( + page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]), + _('view'), + 'btn-xs' + ) ]; if (in_array('admin_angel_types', $privileges)) { $actions[] = button( - page_link_to('angeltypes') . '&action=edit&angeltype_id=' . $angeltype['id'], + page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]), _('edit'), 'btn-xs' ); $actions[] = button( - page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'], + page_link_to('angeltypes', ['action' => 'delete', 'angeltype_id' => $angeltype['id']]), _('delete'), 'btn-xs' ); @@ -230,13 +234,15 @@ function angeltypes_list_controller() $angeltype['membership'] = AngelType_render_membership($angeltype); if ($angeltype['user_angeltype_id'] != null) { $actions[] = button( - page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $angeltype['user_angeltype_id'], + page_link_to('user_angeltypes', + ['action' => 'delete', 'user_angeltype_id' => $angeltype['user_angeltype_id']] + ), _('leave'), 'btn-xs' ); } else { $actions[] = button( - page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], + page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]), _('join'), 'btn-xs' ); @@ -245,7 +251,11 @@ function angeltypes_list_controller() $angeltype['restricted'] = $angeltype['restricted'] ? glyph('lock') : ''; $angeltype['no_self_signup'] = $angeltype['no_self_signup'] ? '' : glyph('share'); - $angeltype['name'] = '<a href="' . page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'] . '">' . $angeltype['name'] . '</a>'; + $angeltype['name'] = '<a href="' + . page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]) + . '">' + . $angeltype['name'] + . '</a>'; $angeltype['actions'] = table_buttons($actions); } diff --git a/includes/controller/rooms_controller.php b/includes/controller/rooms_controller.php index 6d0864ae..d6da9709 100644 --- a/includes/controller/rooms_controller.php +++ b/includes/controller/rooms_controller.php @@ -1,4 +1,5 @@ <?php + use Engelsystem\ShiftsFilter; use Engelsystem\ShiftsFilterRenderer; @@ -88,7 +89,7 @@ function rooms_controller() */ function room_link($room) { - return page_link_to('rooms') . '&action=view&room_id=' . $room['RID']; + return page_link_to('rooms', ['action' => 'view', 'room_id' => $room['RID']]); } /** @@ -97,7 +98,7 @@ function room_link($room) */ function room_edit_link($room) { - return page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID']; + return page_link_to('admin_rooms', ['show' => 'edit', 'id' => $room['RID']]); } /** diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php index 72189869..148b19fb 100644 --- a/includes/controller/shift_entries_controller.php +++ b/includes/controller/shift_entries_controller.php @@ -27,10 +27,10 @@ function shift_entry_add_controller() } $shift = Shift($shift_id); - $shift['Name'] = $room_array[$shift['RID']]; if ($shift == null) { redirect(page_link_to('user_shifts')); } + $shift['Name'] = $room_array[$shift['RID']]; $type_id = 0; if ($request->has('type_id') && preg_match('/^\d*$/', $request->input('type_id'))) { diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php index 96f12baa..c359850f 100644 --- a/includes/controller/shifts_controller.php +++ b/includes/controller/shifts_controller.php @@ -1,4 +1,5 @@ <?php + use Engelsystem\ShiftSignupState; /** @@ -7,7 +8,7 @@ use Engelsystem\ShiftSignupState; */ function shift_link($shift) { - $link = page_link_to('shifts') . '&action=view'; + $link = page_link_to('shifts', ['action' => 'view']); if (isset($shift['SID'])) { $link .= '&shift_id=' . $shift['SID']; } @@ -20,7 +21,7 @@ function shift_link($shift) */ function shift_delete_link($shift) { - return page_link_to('user_shifts') . '&delete_shift=' . $shift['SID']; + return page_link_to('user_shifts', ['delete_shift' => $shift['SID']]); } /** @@ -29,7 +30,7 @@ function shift_delete_link($shift) */ function shift_edit_link($shift) { - return page_link_to('user_shifts') . '&edit_shift=' . $shift['SID']; + return page_link_to('user_shifts', ['edit_shift' => $shift['SID']]); } /** @@ -61,7 +62,7 @@ function shift_edit_controller() $angeltypes = select_array(AngelTypes(), 'id', 'name'); $shifttypes = select_array(ShiftTypes(), 'id', 'name'); - $needed_angel_types = select_array(NeededAngelTypes_by_shift($shift_id), 'id', 'count'); + $needed_angel_types = select_array(NeededAngelTypes_by_shift($shift_id), 'angel_type_id', 'count'); foreach (array_keys($angeltypes) as $angeltype_id) { if (!isset($needed_angel_types[$angeltype_id])) { $needed_angel_types[$angeltype_id] = 0; @@ -116,15 +117,20 @@ function shift_edit_controller() $msg .= error(_('The ending time has to be after the starting time.'), true); } - foreach ($needed_angel_types as $needed_angeltype_id => $needed_angeltype_name) { - if ($request->has('type_' . $needed_angeltype_id) && test_request_int('type_' . $needed_angeltype_id)) { - $needed_angel_types[$needed_angeltype_id] = trim($request->input('type_' . $needed_angeltype_id)); - } else { - $valid = false; - $msg .= error(sprintf( - _('Please check your input for needed angels of type %s.'), - $needed_angeltype_name - ), true); + foreach ($needed_angel_types as $needed_angeltype_id => $count) { + $needed_angel_types[$needed_angeltype_id] = 0; + + $queryKey = 'type_' . $needed_angeltype_id; + if ($request->has($queryKey)) { + if (test_request_int($queryKey)) { + $needed_angel_types[$needed_angeltype_id] = trim($request->input($queryKey)); + } else { + $valid = false; + $msg .= error(sprintf( + _('Please check your input for needed angels of type %s.'), + $angeltypes[$needed_angeltype_id] + ), true); + } } } @@ -225,7 +231,9 @@ function shift_delete_controller() date('Y-m-d H:i', $shift['start']), date('H:i', $shift['end']) ), true), - '<a class="button" href="?p=user_shifts&delete_shift=' . $shift_id . '&delete">' . _('delete') . '</a>' + '<a class="button" href="' + . page_link_to('user_shifts', ['delete_shift' => $shift_id, 'delete' => 1]) . + '">' . _('delete') . '</a>' ]); } diff --git a/includes/controller/shifttypes_controller.php b/includes/controller/shifttypes_controller.php index 9cf292ee..4e7cd92c 100644 --- a/includes/controller/shifttypes_controller.php +++ b/includes/controller/shifttypes_controller.php @@ -6,7 +6,7 @@ */ function shifttype_link($shifttype) { - return page_link_to('shifttypes') . '&action=view&shifttype_id=' . $shifttype['id']; + return page_link_to('shifttypes', ['action' => 'view', 'shifttype_id' => $shifttype['id']]); } /** @@ -100,7 +100,7 @@ function shifttype_edit_controller() engelsystem_log('Created shifttype ' . $name); success(_('Created shifttype.')); } - redirect(page_link_to('shifttypes') . '&action=view&shifttype_id=' . $shifttype_id); + redirect(page_link_to('shifttypes', ['action' => 'view', 'shifttype_id' => $shifttype_id])); } } diff --git a/includes/controller/user_angeltypes_controller.php b/includes/controller/user_angeltypes_controller.php index f212716d..fa4f5777 100644 --- a/includes/controller/user_angeltypes_controller.php +++ b/includes/controller/user_angeltypes_controller.php @@ -17,8 +17,7 @@ function user_angeltypes_unconfirmed_hint() $unconfirmed_links = []; foreach ($unconfirmed_user_angeltypes as $user_angeltype) { $unconfirmed_links[] = '<a href="' - . page_link_to('angeltypes') - . '&action=view&angeltype_id=' . $user_angeltype['angeltype_id'] + . page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $user_angeltype['angeltype_id']]) . '">' . $user_angeltype['name'] . ' (+' . $user_angeltype['count'] . ')' . '</a>'; @@ -61,7 +60,7 @@ function user_angeltypes_delete_all_controller() engelsystem_log(sprintf('Denied all users for angeltype %s', AngelType_name_render($angeltype))); success(sprintf(_('Denied all users for angeltype %s.'), AngelType_name_render($angeltype))); - redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); + redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']])); } return [ @@ -107,7 +106,7 @@ function user_angeltypes_confirm_all_controller() engelsystem_log(sprintf('Confirmed all users for angeltype %s', AngelType_name_render($angeltype))); success(sprintf(_('Confirmed all users for angeltype %s.'), AngelType_name_render($angeltype))); - redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); + redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']])); } return [ @@ -167,7 +166,7 @@ function user_angeltype_confirm_controller() User_Nick_render($user_source), AngelType_name_render($angeltype) )); - redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); + redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']])); } return [ @@ -221,7 +220,7 @@ function user_angeltype_delete_controller() engelsystem_log($success_message); success($success_message); - redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); + redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']])); } return [ @@ -287,7 +286,7 @@ function user_angeltype_update_controller() engelsystem_log($success_message); success($success_message); - redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); + redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']])); } return [ @@ -341,7 +340,7 @@ function user_angeltype_add_controller() AngelType_name_render($angeltype) )); - redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); + redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']])); } } @@ -383,7 +382,7 @@ function user_angeltype_join_controller($angeltype) )); } - redirect(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id']); + redirect(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']])); } return [ diff --git a/includes/controller/user_driver_licenses_controller.php b/includes/controller/user_driver_licenses_controller.php index fef278dd..3db31eff 100644 --- a/includes/controller/user_driver_licenses_controller.php +++ b/includes/controller/user_driver_licenses_controller.php @@ -63,7 +63,7 @@ function user_driver_license_edit_link($user = null) if ($user == null) { return page_link_to('user_driver_licenses'); } - return page_link_to('user_driver_licenses') . '&user_id=' . $user['UID']; + return page_link_to('user_driver_licenses', ['user_id' => $user['UID']]); } /** diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 832d93f0..e8cb1b27 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -47,7 +47,7 @@ function user_delete_controller() $request = request(); if ($request->has('user_id')) { - $user_source = User($request->get('user_id')); + $user_source = User($request->query->get('user_id')); } else { $user_source = $user; } @@ -68,7 +68,7 @@ function user_delete_controller() if ( !( $request->has('password') - && verify_password($request->post('password'), $user['Passwort'], $user['UID']) + && verify_password($request->postData('password'), $user['Passwort'], $user['UID']) ) ) { $valid = false; @@ -106,7 +106,7 @@ function users_link() */ function user_edit_link($user) { - return page_link_to('admin_user') . '&user_id=' . $user['UID']; + return page_link_to('admin_user', ['user_id' => $user['UID']]); } /** @@ -115,7 +115,7 @@ function user_edit_link($user) */ function user_delete_link($user) { - return page_link_to('users') . '&action=delete&user_id=' . $user['UID']; + return page_link_to('users', ['action' => 'delete', 'user_id' => $user['UID']]); } /** @@ -124,7 +124,7 @@ function user_delete_link($user) */ function user_link($user) { - return page_link_to('users') . '&action=view&user_id=' . $user['UID']; + return page_link_to('users', ['action' => 'view', 'user_id' => $user['UID']]); } /** @@ -297,9 +297,9 @@ function user_password_recovery_set_new_controller() if ( $request->has('password') - && strlen($request->post('password')) >= config('min_password_length') + && strlen($request->postData('password')) >= config('min_password_length') ) { - if ($request->post('password') != $request->post('password2')) { + if ($request->postData('password') != $request->postData('password2')) { $valid = false; error(_('Your passwords don\'t match.')); } @@ -309,7 +309,7 @@ function user_password_recovery_set_new_controller() } if ($valid) { - set_password($user_source['UID'], $request->post('password')); + set_password($user_source['UID'], $request->postData('password')); success(_('Password saved.')); redirect(page_link_to('login')); } @@ -353,7 +353,7 @@ function user_password_recovery_start_controller() _('Password recovery'), sprintf( _('Please visit %s to recover your password.'), - page_link_to_absolute('user_password_recovery') . '&token=' . $token + page_link_to('user_password_recovery', ['token' => $token]) ) ); success(_('We sent an email containing your password recovery link.')); diff --git a/includes/engelsystem_provider.php b/includes/engelsystem_provider.php index ff682871..65a319e9 100644 --- a/includes/engelsystem_provider.php +++ b/includes/engelsystem_provider.php @@ -11,11 +11,7 @@ use Engelsystem\Renderer\Renderer; * This file includes all needed functions, connects to the db etc. */ -if (!is_readable(__DIR__ . '/../vendor/autoload.php')) { - die('Please run composer.phar install'); -} -require __DIR__ . '/../vendor/autoload.php'; - +require_once __DIR__ . '/autoload.php'; /** * Load configuration @@ -36,9 +32,10 @@ date_default_timezone_set($config->get('timezone')); /** * Initialize Request + * + * @var Request $request */ -$request = new Request(); -$request->create(); +$request = Request::createFromGlobals(); $request::setInstance($request); /** @@ -86,82 +83,87 @@ Db::getPdo()->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); /** * Include legacy code */ -require_once realpath(__DIR__ . '/../includes/sys_auth.php'); -require_once realpath(__DIR__ . '/../includes/sys_form.php'); -require_once realpath(__DIR__ . '/../includes/sys_log.php'); -require_once realpath(__DIR__ . '/../includes/sys_menu.php'); -require_once realpath(__DIR__ . '/../includes/sys_page.php'); -require_once realpath(__DIR__ . '/../includes/sys_template.php'); - -require_once realpath(__DIR__ . '/../includes/model/AngelType_model.php'); -require_once realpath(__DIR__ . '/../includes/model/EventConfig_model.php'); -require_once realpath(__DIR__ . '/../includes/model/LogEntries_model.php'); -require_once realpath(__DIR__ . '/../includes/model/Message_model.php'); -require_once realpath(__DIR__ . '/../includes/model/NeededAngelTypes_model.php'); -require_once realpath(__DIR__ . '/../includes/model/Room_model.php'); -require_once realpath(__DIR__ . '/../includes/model/ShiftEntry_model.php'); -require_once realpath(__DIR__ . '/../includes/model/Shifts_model.php'); -require_once realpath(__DIR__ . '/../includes/model/ShiftsFilter.php'); -require_once realpath(__DIR__ . '/../includes/model/ShiftSignupState.php'); -require_once realpath(__DIR__ . '/../includes/model/ShiftTypes_model.php'); -require_once realpath(__DIR__ . '/../includes/model/UserAngelTypes_model.php'); -require_once realpath(__DIR__ . '/../includes/model/UserDriverLicenses_model.php'); -require_once realpath(__DIR__ . '/../includes/model/UserGroups_model.php'); -require_once realpath(__DIR__ . '/../includes/model/User_model.php'); -require_once realpath(__DIR__ . '/../includes/model/ValidationResult.php'); - -require_once realpath(__DIR__ . '/../includes/view/AngelTypes_view.php'); -require_once realpath(__DIR__ . '/../includes/view/EventConfig_view.php'); -require_once realpath(__DIR__ . '/../includes/view/Questions_view.php'); -require_once realpath(__DIR__ . '/../includes/view/Rooms_view.php'); -require_once realpath(__DIR__ . '/../includes/view/ShiftCalendarLane.php'); -require_once realpath(__DIR__ . '/../includes/view/ShiftCalendarRenderer.php'); -require_once realpath(__DIR__ . '/../includes/view/ShiftCalendarShiftRenderer.php'); -require_once realpath(__DIR__ . '/../includes/view/ShiftsFilterRenderer.php'); -require_once realpath(__DIR__ . '/../includes/view/Shifts_view.php'); -require_once realpath(__DIR__ . '/../includes/view/ShiftEntry_view.php'); -require_once realpath(__DIR__ . '/../includes/view/ShiftTypes_view.php'); -require_once realpath(__DIR__ . '/../includes/view/UserAngelTypes_view.php'); -require_once realpath(__DIR__ . '/../includes/view/UserDriverLicenses_view.php'); -require_once realpath(__DIR__ . '/../includes/view/UserHintsRenderer.php'); -require_once realpath(__DIR__ . '/../includes/view/User_view.php'); - -require_once realpath(__DIR__ . '/../includes/controller/angeltypes_controller.php'); -require_once realpath(__DIR__ . '/../includes/controller/event_config_controller.php'); -require_once realpath(__DIR__ . '/../includes/controller/rooms_controller.php'); -require_once realpath(__DIR__ . '/../includes/controller/shift_entries_controller.php'); -require_once realpath(__DIR__ . '/../includes/controller/shifts_controller.php'); -require_once realpath(__DIR__ . '/../includes/controller/shifttypes_controller.php'); -require_once realpath(__DIR__ . '/../includes/controller/users_controller.php'); -require_once realpath(__DIR__ . '/../includes/controller/user_angeltypes_controller.php'); -require_once realpath(__DIR__ . '/../includes/controller/user_driver_licenses_controller.php'); - -require_once realpath(__DIR__ . '/../includes/helper/graph_helper.php'); -require_once realpath(__DIR__ . '/../includes/helper/internationalization_helper.php'); -require_once realpath(__DIR__ . '/../includes/helper/message_helper.php'); -require_once realpath(__DIR__ . '/../includes/helper/error_helper.php'); -require_once realpath(__DIR__ . '/../includes/helper/email_helper.php'); - -require_once realpath(__DIR__ . '/../includes/mailer/shifts_mailer.php'); -require_once realpath(__DIR__ . '/../includes/mailer/users_mailer.php'); - -require_once realpath(__DIR__ . '/../includes/pages/admin_active.php'); -require_once realpath(__DIR__ . '/../includes/pages/admin_arrive.php'); -require_once realpath(__DIR__ . '/../includes/pages/admin_free.php'); -require_once realpath(__DIR__ . '/../includes/pages/admin_groups.php'); -require_once realpath(__DIR__ . '/../includes/pages/admin_import.php'); -require_once realpath(__DIR__ . '/../includes/pages/admin_log.php'); -require_once realpath(__DIR__ . '/../includes/pages/admin_questions.php'); -require_once realpath(__DIR__ . '/../includes/pages/admin_rooms.php'); -require_once realpath(__DIR__ . '/../includes/pages/admin_shifts.php'); -require_once realpath(__DIR__ . '/../includes/pages/admin_user.php'); -require_once realpath(__DIR__ . '/../includes/pages/guest_login.php'); -require_once realpath(__DIR__ . '/../includes/pages/user_messages.php'); -require_once realpath(__DIR__ . '/../includes/pages/user_myshifts.php'); -require_once realpath(__DIR__ . '/../includes/pages/user_news.php'); -require_once realpath(__DIR__ . '/../includes/pages/user_questions.php'); -require_once realpath(__DIR__ . '/../includes/pages/user_settings.php'); -require_once realpath(__DIR__ . '/../includes/pages/user_shifts.php'); +$includeFiles = [ + __DIR__ . '/../includes/sys_auth.php', + __DIR__ . '/../includes/sys_form.php', + __DIR__ . '/../includes/sys_log.php', + __DIR__ . '/../includes/sys_menu.php', + __DIR__ . '/../includes/sys_page.php', + __DIR__ . '/../includes/sys_template.php', + + __DIR__ . '/../includes/model/AngelType_model.php', + __DIR__ . '/../includes/model/EventConfig_model.php', + __DIR__ . '/../includes/model/LogEntries_model.php', + __DIR__ . '/../includes/model/Message_model.php', + __DIR__ . '/../includes/model/NeededAngelTypes_model.php', + __DIR__ . '/../includes/model/Room_model.php', + __DIR__ . '/../includes/model/ShiftEntry_model.php', + __DIR__ . '/../includes/model/Shifts_model.php', + __DIR__ . '/../includes/model/ShiftsFilter.php', + __DIR__ . '/../includes/model/ShiftSignupState.php', + __DIR__ . '/../includes/model/ShiftTypes_model.php', + __DIR__ . '/../includes/model/UserAngelTypes_model.php', + __DIR__ . '/../includes/model/UserDriverLicenses_model.php', + __DIR__ . '/../includes/model/UserGroups_model.php', + __DIR__ . '/../includes/model/User_model.php', + __DIR__ . '/../includes/model/ValidationResult.php', + + __DIR__ . '/../includes/view/AngelTypes_view.php', + __DIR__ . '/../includes/view/EventConfig_view.php', + __DIR__ . '/../includes/view/Questions_view.php', + __DIR__ . '/../includes/view/Rooms_view.php', + __DIR__ . '/../includes/view/ShiftCalendarLane.php', + __DIR__ . '/../includes/view/ShiftCalendarRenderer.php', + __DIR__ . '/../includes/view/ShiftCalendarShiftRenderer.php', + __DIR__ . '/../includes/view/ShiftsFilterRenderer.php', + __DIR__ . '/../includes/view/Shifts_view.php', + __DIR__ . '/../includes/view/ShiftEntry_view.php', + __DIR__ . '/../includes/view/ShiftTypes_view.php', + __DIR__ . '/../includes/view/UserAngelTypes_view.php', + __DIR__ . '/../includes/view/UserDriverLicenses_view.php', + __DIR__ . '/../includes/view/UserHintsRenderer.php', + __DIR__ . '/../includes/view/User_view.php', + + __DIR__ . '/../includes/controller/angeltypes_controller.php', + __DIR__ . '/../includes/controller/event_config_controller.php', + __DIR__ . '/../includes/controller/rooms_controller.php', + __DIR__ . '/../includes/controller/shift_entries_controller.php', + __DIR__ . '/../includes/controller/shifts_controller.php', + __DIR__ . '/../includes/controller/shifttypes_controller.php', + __DIR__ . '/../includes/controller/users_controller.php', + __DIR__ . '/../includes/controller/user_angeltypes_controller.php', + __DIR__ . '/../includes/controller/user_driver_licenses_controller.php', + + __DIR__ . '/../includes/helper/graph_helper.php', + __DIR__ . '/../includes/helper/internationalization_helper.php', + __DIR__ . '/../includes/helper/message_helper.php', + __DIR__ . '/../includes/helper/error_helper.php', + __DIR__ . '/../includes/helper/email_helper.php', + + __DIR__ . '/../includes/mailer/shifts_mailer.php', + __DIR__ . '/../includes/mailer/users_mailer.php', + + __DIR__ . '/../includes/pages/admin_active.php', + __DIR__ . '/../includes/pages/admin_arrive.php', + __DIR__ . '/../includes/pages/admin_free.php', + __DIR__ . '/../includes/pages/admin_groups.php', + __DIR__ . '/../includes/pages/admin_import.php', + __DIR__ . '/../includes/pages/admin_log.php', + __DIR__ . '/../includes/pages/admin_questions.php', + __DIR__ . '/../includes/pages/admin_rooms.php', + __DIR__ . '/../includes/pages/admin_shifts.php', + __DIR__ . '/../includes/pages/admin_user.php', + __DIR__ . '/../includes/pages/guest_login.php', + __DIR__ . '/../includes/pages/user_messages.php', + __DIR__ . '/../includes/pages/user_myshifts.php', + __DIR__ . '/../includes/pages/user_news.php', + __DIR__ . '/../includes/pages/user_questions.php', + __DIR__ . '/../includes/pages/user_settings.php', + __DIR__ . '/../includes/pages/user_shifts.php', +]; +foreach ($includeFiles as $file) { + require_once realpath($file); +} /** diff --git a/includes/helper/internationalization_helper.php b/includes/helper/internationalization_helper.php index d2dbcdbd..83faabb0 100644 --- a/includes/helper/internationalization_helper.php +++ b/includes/helper/internationalization_helper.php @@ -1,5 +1,7 @@ <?php +use Engelsystem\Http\Request; + /** * Return currently active locale * @@ -62,14 +64,20 @@ function gettext_locale($locale = null) */ function make_langselect() { - $url = $_SERVER['REQUEST_URI'] . (strpos($_SERVER['REQUEST_URI'], '?') > 0 ? '&' : '?') . 'set_locale='; + $request = Request::getInstance(); $items = []; foreach (config('locales') as $locale => $name) { + $url = url($request->getPathInfo(), ['set_locale' => $locale]); + $items[] = toolbar_item_link( - htmlspecialchars($url) . $locale, + htmlspecialchars($url), '', - '<img src="pic/flag/' . $locale . '.png" alt="' . $name . '" title="' . $name . '"> ' . $name + sprintf( + '<img src="%s" alt="%s" title="%2$s"> %2$s', + url('pic/flag/' . $locale . '.png'), + $name + ) ); } return $items; diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php index be1217ff..d67af681 100644 --- a/includes/pages/admin_active.php +++ b/includes/pages/admin_active.php @@ -82,9 +82,13 @@ function admin_active() $limit = ''; $msg = success(_('Marked angels.'), true); } else { - $set_active = '<a href="' . page_link_to('admin_active') . '&serach=' . $search . '">« ' - . _('back') . '</a> | <a href="' - . page_link_to('admin_active') . '&search=' . $search . '&count=' . $count . '&set_active&ack">' + $set_active = '<a href="' . page_link_to('admin_active', ['search' => $search]) . '">« ' + . _('back') + . '</a> | <a href="' + . page_link_to( + 'admin_active', + ['search' => $search, 'count' => $count, 'set_active' => 1, 'ack' => 1] + ) . '">' . _('apply') . '</a>'; } @@ -176,28 +180,46 @@ function admin_active() $actions = []; if ($usr['Aktiv'] == 0) { - $actions[] = '<a href="' - . page_link_to('admin_active') . '&active=' . $usr['UID'] - . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' + $parameters = [ + 'active' => $usr['UID'], + 'search' => $search, + ]; + if ($show_all_shifts) { + $parameters['show_all_shifts'] = 1; + } + $actions[] = '<a href="' . page_link_to('admin_active', $parameters) . '">' . _('set active') . '</a>'; } if ($usr['Aktiv'] == 1 && $usr['Tshirt'] == 0) { - $actions[] = '<a href="' - . page_link_to('admin_active') . '&not_active=' . $usr['UID'] - . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' + $parametersRemove = [ + 'not_active' => $usr['UID'], + 'search' => $search, + ]; + $parametersShirt = [ + 'tshirt' => $usr['UID'], + 'search' => $search, + ]; + if ($show_all_shifts) { + $parametersRemove['show_all_shifts'] = 1; + $parametersShirt['show_all_shifts'] = 1; + } + $actions[] = '<a href="' . page_link_to('admin_active', $parametersRemove) . '">' . _('remove active') . '</a>'; - $actions[] = '<a href="' - . page_link_to('admin_active') . '&tshirt=' . $usr['UID'] - . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' + $actions[] = '<a href="' . page_link_to('admin_active', $parametersShirt) . '">' . _('got t-shirt') . '</a>'; } if ($usr['Tshirt'] == 1) { - $actions[] = '<a href="' - . page_link_to('admin_active') . '&not_tshirt=' . $usr['UID'] - . ($show_all_shifts ? '&show_all_shifts=' : '') . '&search=' . $search . '">' + $parameters = [ + 'not_tshirt' => $usr['UID'], + 'search' => $search, + ]; + if ($show_all_shifts) { + $parameters['show_all_shifts'] = 1; + } + $actions[] = '<a href="' . page_link_to('admin_active', $parameters) . '">' . _('remove t-shirt') . '</a>'; } diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php index ebeccb8c..2f312b1f 100644 --- a/includes/pages/admin_arrive.php +++ b/includes/pages/admin_arrive.php @@ -92,8 +92,14 @@ function admin_arrive() $usr['rendered_arrival_date'] = $usr['arrival_date'] > 0 ? date('Y-m-d', $usr['arrival_date']) : '-'; $usr['arrived'] = $usr['Gekommen'] == 1 ? _('yes') : ''; $usr['actions'] = $usr['Gekommen'] == 1 - ? '<a href="' . page_link_to('admin_arrive') . '&reset=' . $usr['UID'] . '&search=' . $search . '">' . _('reset') . '</a>' - : '<a href="' . page_link_to('admin_arrive') . '&arrived=' . $usr['UID'] . '&search=' . $search . '">' . _('arrived') . '</a>'; + ? '<a href="' . page_link_to( + 'admin_arrive', + ['reset' => $usr['UID'], 'search' => $search] + ) . '">' . _('reset') . '</a>' + : '<a href="' . page_link_to( + 'admin_arrive', + ['arrived' => $usr['UID'], 'search' => $search] + ) . '">' . _('arrived') . '</a>'; if ($usr['arrival_date'] > 0) { $day = date('Y-m-d', $usr['arrival_date']); diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php index ebf227a4..a3c0d17f 100644 --- a/includes/pages/admin_free.php +++ b/includes/pages/admin_free.php @@ -94,7 +94,7 @@ function admin_free() 'email' => $usr['email_by_human_allowed'] ? $usr['email'] : glyph('eye-close'), 'actions' => in_array('admin_user', $privileges) - ? button(page_link_to('admin_user') . '&id=' . $usr['UID'], _('edit'), 'btn-xs') + ? button(page_link_to('admin_user', ['id' => $usr['UID']]), _('edit'), 'btn-xs') : '' ]; } diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index ea0d4dbc..e0260320 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -38,7 +38,8 @@ function admin_groups() 'name' => $group['Name'], 'privileges' => join(', ', $privileges_html), 'actions' => button( - page_link_to('admin_groups') . '&action=edit&id=' . $group['UID'], + page_link_to('admin_groups', + ['action' => 'edit', 'id' => $group['UID']]), _('edit'), 'btn-xs' ) @@ -80,7 +81,8 @@ function admin_groups() 'privileges[]', $privilege['desc'] . ' (' . $privilege['name'] . ')', $privilege['group_id'] != '', - $privilege['id'] + $privilege['id'], + 'privilege-' . $privilege['name'] ); $privileges_html .= sprintf( '<tr><td><input type="checkbox" name="privileges[]" value="%s" %s /></td> <td>%s</td> <td>%s</td></tr>', @@ -93,7 +95,10 @@ function admin_groups() $privileges_form[] = form_submit('submit', _('Save')); $html .= page_with_title(_('Edit group'), [ - form($privileges_form, page_link_to('admin_groups') . '&action=save&id=' . $group_id) + form( + $privileges_form, + page_link_to('admin_groups', ['action' => 'save', 'id' => $group_id]) + ) ]); } else { return error('No Group found.', true); @@ -108,7 +113,7 @@ function admin_groups() } $group = DB::selectOne('SELECT * FROM `Groups` WHERE `UID`=? LIMIT 1', [$group_id]); - $privileges = $request->get('privileges'); + $privileges = $request->postData('privileges'); if (!is_array($privileges)) { $privileges = []; } diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index 4eafd3e2..eb3a250e 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -7,7 +7,7 @@ use Engelsystem\Database\DB; */ function admin_news() { - global $user; + global $user, $privileges; $request = request(); if (!$request->has('action')) { @@ -30,21 +30,31 @@ function admin_news() case 'edit': $user_source = User($news['UID']); - $html .= form([ - form_info(_('Date'), date('Y-m-d H:i', $news['Datum'])), - form_info(_('Author'), User_Nick_render($user_source)), - form_text('eBetreff', _('Subject'), $news['Betreff']), - form_textarea('eText', _('Message'), $news['Text']), - form_checkbox('eTreffen', _('Meeting'), $news['Treffen'] == 1, 1), - form_submit('submit', _('Save')) - ], page_link_to('admin_news&action=save&id=' . $news_id)); + $html .= form( + [ + form_info(_('Date'), date('Y-m-d H:i', $news['Datum'])), + form_info(_('Author'), User_Nick_render($user_source)), + form_text('eBetreff', _('Subject'), $news['Betreff']), + form_textarea('eText', _('Message'), $news['Text']), + form_checkbox('eTreffen', _('Meeting'), $news['Treffen'] == 1, 1), + form_submit('submit', _('Save')) + ], + page_link_to('admin_news', ['action' => 'save', 'id' => $news_id]) + ); - $html .= '<a class="btn btn-danger" href="' . page_link_to('admin_news&action=delete&id=' . $news_id) . '">' + $html .= '<a class="btn btn-danger" href="' + . page_link_to('admin_news', ['action' => 'delete', 'id' => $news_id]) + . '">' . '<span class="glyphicon glyphicon-trash"></span> ' . _('Delete') . '</a>'; break; case 'save': + $text = $request->postData('eText'); + if (!in_array('admin_news_html', $privileges)) { + $text = strip_tags($text); + } + DB::update(' UPDATE `News` SET `Datum`=?, @@ -56,14 +66,15 @@ function admin_news() ', [ time(), - $request->post('eBetreff'), - $request->post('eText'), + strip_tags($request->postData('eBetreff')), + $text, $user['UID'], $request->has('eTreffen') ? 1 : 0, $news_id ] ); - engelsystem_log('News updated: ' . $request->post('eBetreff')); + + engelsystem_log('News updated: ' . $request->postData('eBetreff')); success(_('News entry updated.')); redirect(page_link_to('news')); break; diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index 2b61b055..5f2e3a2b 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -52,9 +52,9 @@ function admin_questions() 'answer' => form([ form_textarea('answer', '', ''), form_submit('submit', _('Save')) - ], page_link_to('admin_questions') . '&action=answer&id=' . $question['QID']), + ], page_link_to('admin_questions', ['action' => 'answer', 'id' => $question['QID']])), 'actions' => button( - page_link_to('admin_questions') . '&action=delete&id=' . $question['QID'], + page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']]), _('delete'), 'btn-xs' ) @@ -72,7 +72,7 @@ function admin_questions() 'answered_by' => User_Nick_render($answer_user_source), 'answer' => str_replace("\n", '<br />', $question['Answer']), 'actions' => button( - page_link_to('admin_questions') . '&action=delete&id=' . $question['QID'], + page_link_to('admin_questions', ['action' => 'delete', 'id' => $question['QID']]), _('delete'), 'btn-xs' ) diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php index 6f3584d5..9e153bf1 100644 --- a/includes/pages/admin_rooms.php +++ b/includes/pages/admin_rooms.php @@ -25,8 +25,8 @@ function admin_rooms() 'from_pentabarf' => glyph_bool($room['FromPentabarf'] == 'Y'), 'public' => glyph_bool($room['show'] == 'Y'), 'actions' => table_buttons([ - button(page_link_to('admin_rooms') . '&show=edit&id=' . $room['RID'], _('edit'), 'btn-xs'), - button(page_link_to('admin_rooms') . '&show=delete&id=' . $room['RID'], _('delete'), 'btn-xs') + button(page_link_to('admin_rooms', ['show' => 'edit', 'id' => $room['RID']]), _('edit'), 'btn-xs'), + button(page_link_to('admin_rooms', ['show' => 'delete', 'id' => $room['RID']]), _('delete'), 'btn-xs') ]) ]; } @@ -107,11 +107,14 @@ function admin_rooms() } foreach ($angeltypes as $angeltype_id => $angeltype) { - if ( - $request->has('angeltype_count_' . $angeltype_id) - && preg_match('/^\d{1,4}$/', $request->input('angeltype_count_' . $angeltype_id)) - ) { - $angeltypes_count[$angeltype_id] = $request->input('angeltype_count_' . $angeltype_id); + $angeltypes_count[$angeltype_id] = 0; + $queryKey = 'angeltype_count_' . $angeltype_id; + if (!$request->has($queryKey)) { + continue; + } + + if (preg_match('/^\d{1,4}$/', $request->input($queryKey))) { + $angeltypes_count[$angeltype_id] = $request->input($queryKey); } else { $valid = false; $msg .= error(sprintf(_('Please enter needed angels for type %s.'), $angeltype), true); @@ -220,7 +223,7 @@ function admin_rooms() sprintf(_('Do you want to delete room %s?'), $name), buttons([ button( - page_link_to('admin_rooms') . '&show=delete&id=' . $room_id . '&ack', + page_link_to('admin_rooms', ['show' => 'delete', 'id' => $room_id, 'ack' => 1]), _('Delete'), 'delete btn-danger' ) @@ -231,7 +234,7 @@ function admin_rooms() return page_with_title(admin_rooms_title(), [ buttons([ - button(page_link_to('admin_rooms') . '&show=edit', _('add')) + button(page_link_to('admin_rooms', ['show' => 'edit']), _('add')) ]), msg(), table([ diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index b5079ed1..04d88a4f 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -132,16 +132,14 @@ function admin_shifts() } elseif ($request->input('angelmode') == 'manually') { $angelmode = 'manually'; foreach ($types as $type) { - if ( - $request->has('type_' . $type['id']) - && preg_match('/^\d+$/', trim($request->input('type_' . $type['id']))) - ) { - $needed_angel_types[$type['id']] = trim($request->input('type_' . $type['id'])); + if (preg_match('/^\d+$/', trim($request->input('type_' . $type['id'], 0)))) { + $needed_angel_types[$type['id']] = trim($request->input('type_' . $type['id'], 0)); } else { $valid = false; error(sprintf(_('Please check the needed angels for team %s.'), $type['name'])); } } + if (array_sum($needed_angel_types) == 0) { $valid = false; error(_('There are 0 angels needed. Please enter the amounts of needed angels.')); @@ -303,7 +301,7 @@ function admin_shifts() } } elseif ($request->has('submit')) { if ( - !$request->has('admin_shifts_shifts') + !isset($_SESSION['admin_shifts_shifts']) || !isset($_SESSION['admin_shifts_types']) || !is_array($_SESSION['admin_shifts_shifts']) || !is_array($_SESSION['admin_shifts_types']) diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 6bdc8d71..9b3b0f44 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -46,25 +46,27 @@ function admin_user() . 'Wenn T-Shirt ein \'Ja\' enthält, bedeutet dies, dass der Engel ' . 'bereits sein T-Shirt erhalten hat.<br /><br />' . "\n"; - $html .= '<form action="' . page_link_to('admin_user') . '&action=save&id=' . $user_id . '" method="post">' . "\n"; + $html .= '<form action="' + . page_link_to('admin_user', ['action' => 'save', 'id' => $user_id]) + . '" method="post">' . "\n"; $html .= '<table border="0">' . "\n"; $html .= '<input type="hidden" name="Type" value="Normal">' . "\n"; $html .= '<tr><td>' . "\n"; $html .= '<table>' . "\n"; - $html .= ' <tr><td>Nick</td><td>' . '<input type="text" size="40" name="eNick" value="' . $user_source['Nick'] . '" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>Nick</td><td>' . '<input size="40" name="eNick" value="' . $user_source['Nick'] . '" class="form-control"></td></tr>' . "\n"; $html .= ' <tr><td>Last login</td><td><p class="help-block">' . date('Y-m-d H:i', $user_source['lastLogIn']) . '</p></td></tr>' . "\n"; - $html .= ' <tr><td>Name</td><td>' . '<input type="text" size="40" name="eName" value="' . $user_source['Name'] . '" class="form-control"></td></tr>' . "\n"; - $html .= ' <tr><td>Vorname</td><td>' . '<input type="text" size="40" name="eVorname" value="' . $user_source['Vorname'] . '" class="form-control"></td></tr>' . "\n"; - $html .= ' <tr><td>Alter</td><td>' . '<input type="text" size="5" name="eAlter" value="' . $user_source['Alter'] . '" class="form-control"></td></tr>' . "\n"; - $html .= ' <tr><td>Telefon</td><td>' . '<input type="text" size="40" name="eTelefon" value="' . $user_source['Telefon'] . '" class="form-control"></td></tr>' . "\n"; - $html .= ' <tr><td>Handy</td><td>' . '<input type="text" size="40" name="eHandy" value="' . $user_source['Handy'] . '" class="form-control"></td></tr>' . "\n"; - $html .= ' <tr><td>DECT</td><td>' . '<input type="text" size="4" name="eDECT" value="' . $user_source['DECT'] . '" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>Name</td><td>' . '<input size="40" name="eName" value="' . $user_source['Name'] . '" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>Vorname</td><td>' . '<input size="40" name="eVorname" value="' . $user_source['Vorname'] . '" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>Alter</td><td>' . '<input size="5" name="eAlter" value="' . $user_source['Alter'] . '" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>Telefon</td><td>' . '<input size="40" name="eTelefon" value="' . $user_source['Telefon'] . '" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>Handy</td><td>' . '<input size="40" name="eHandy" value="' . $user_source['Handy'] . '" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>DECT</td><td>' . '<input size="4" name="eDECT" value="' . $user_source['DECT'] . '" class="form-control"></td></tr>' . "\n"; if ($user_source['email_by_human_allowed']) { - $html .= " <tr><td>email</td><td>" . '<input type="text" size="40" name="eemail" value="' . $user_source['email'] . '" class="form-control"></td></tr>' . "\n"; + $html .= " <tr><td>email</td><td>" . '<input size="40" name="eemail" value="' . $user_source['email'] . '" class="form-control"></td></tr>' . "\n"; } - $html .= " <tr><td>jabber</td><td>" . '<input type="text" size="40" name="ejabber" value="' . $user_source['jabber'] . '" class="form-control"></td></tr>' . "\n"; + $html .= " <tr><td>jabber</td><td>" . '<input size="40" name="ejabber" value="' . $user_source['jabber'] . '" class="form-control"></td></tr>' . "\n"; $html .= ' <tr><td>Size</td><td>' . html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . '</td></tr>' . "\n"; @@ -91,7 +93,7 @@ function admin_user() $html .= ' <tr><td>T-Shirt</td><td>' . "\n"; $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . '</td></tr>' . "\n"; - $html .= ' <tr><td>Hometown</td><td>' . '<input type="text" size="40" name="Hometown" value="' . $user_source['Hometown'] . '" class="form-control"></td></tr>' . "\n"; + $html .= ' <tr><td>Hometown</td><td>' . '<input size="40" name="Hometown" value="' . $user_source['Hometown'] . '" class="form-control"></td></tr>' . "\n"; $html .= '</table>' . "\n" . '</td><td valign="top"></td></tr>'; @@ -105,7 +107,8 @@ function admin_user() $html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.')); $html .= 'Hier kannst Du das Passwort dieses Engels neu setzen:<form action="' - . page_link_to('admin_user') . '&action=change_pw&id=' . $user_id . '" method="post">' . "\n"; + . page_link_to('admin_user', ['action' => 'change_pw', 'id' => $user_id]) + . '" method="post">' . "\n"; $html .= '<table>' . "\n"; $html .= ' <tr><td>Passwort</td><td>' . '<input type="password" size="40" name="new_pw" value="" class="form-control"></td></tr>' . "\n"; $html .= ' <tr><td>Wiederholung</td><td>' . '<input type="password" size="40" name="new_pw2" value="" class="form-control"></td></tr>' . "\n"; @@ -134,7 +137,8 @@ function admin_user() if ($user_id != $user['UID'] && $my_highest_group <= $his_highest_group) { $html .= 'Hier kannst Du die Benutzergruppen des Engels festlegen:<form action="' - . page_link_to('admin_user') . '&action=save_groups&id=' . $user_id . '" method="post">' . "\n"; + . page_link_to('admin_user', ['action' => 'save_groups', 'id' => $user_id]) + . '" method="post">' . "\n"; $html .= '<table>'; $groups = DB::select(' @@ -257,7 +261,7 @@ function admin_user() `Handy` = ?, `Alter` =?, `DECT` = ?, - ' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($request->post('eemail')) . ',' : '') . ' + ' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($request->postData('eemail')) . ',' : '') . ' `jabber` = ?, `Size` = ?, `Gekommen`= ?, @@ -268,34 +272,34 @@ function admin_user() WHERE `UID` = ? LIMIT 1'; DB::update($sql, [ - $request->post('eNick'), - $request->post('eName'), - $request->post('eVorname'), - $request->post('eTelefon'), - $request->post('eHandy'), - $request->post('eAlter'), - $request->post('eDECT'), - $request->post('ejabber'), - $request->post('eSize'), - $request->post('eGekommen'), - $request->post('eAktiv'), + User_validate_Nick($request->postData('eNick')), + $request->postData('eName'), + $request->postData('eVorname'), + $request->postData('eTelefon'), + $request->postData('eHandy'), + $request->postData('eAlter'), + $request->postData('eDECT'), + $request->postData('ejabber'), + $request->postData('eSize'), + $request->postData('eGekommen'), + $request->postData('eAktiv'), $force_active, - $request->post('eTshirt'), - $request->post('Hometown'), + $request->postData('eTshirt'), + $request->postData('Hometown'), $user_id, ]); engelsystem_log( - 'Updated user: ' . $request->post('eNick') . ', ' . $request->post('eSize') - . ', arrived: ' . $request->post('eVorname') - . ', active: ' . $request->post('eAktiv') - . ', tshirt: ' . $request->post('eTshirt') + 'Updated user: ' . $request->postData('eNick') . ', ' . $request->postData('eSize') + . ', arrived: ' . $request->postData('eVorname') + . ', active: ' . $request->postData('eAktiv') + . ', tshirt: ' . $request->postData('eTshirt') ); $html .= success('Änderung wurde gespeichert...' . "\n", true); break; case 'change_pw': - if ($request->post('new_pw') != '' && $request->post('new_pw') == $request->post('new_pw2')) { - set_password($user_id, $request->post('new_pw')); + if ($request->postData('new_pw') != '' && $request->postData('new_pw') == $request->postData('new_pw2')) { + set_password($user_id, $request->postData('new_pw')); $user_source = User($user_id); engelsystem_log('Set new password for ' . User_Nick_render($user_source)); $html .= success('Passwort neu gesetzt.', true); diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index f8c52767..4a77b40c 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -127,8 +127,8 @@ function guest_register() } } - if ($request->has('password') && strlen($request->post('password')) >= $min_password_length) { - if ($request->post('password') != $request->post('password2')) { + if ($request->has('password') && strlen($request->postData('password')) >= $min_password_length) { + if ($request->postData('password') != $request->postData('password2')) { $valid = false; $msg .= error(_('Your passwords don\'t match.'), true); } @@ -233,8 +233,8 @@ function guest_register() // Assign user-group and set password $user_id = DB::getPdo()->lastInsertId(); - DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -2)', [$user_id]); - set_password($user_id, $request->post('password')); + DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -20)', [$user_id]); + set_password($user_id, $request->postData('password')); // Assign angel-types $user_angel_types_info = []; @@ -328,7 +328,7 @@ function guest_register() 'angel_types', _('What do you want to do?') . sprintf( ' (<a href="%s">%s</a>)', - page_link_to('angeltypes') . '&action=about', + page_link_to('angeltypes', ['action' => 'about']), _('Description of job types') ), $angel_types, @@ -402,7 +402,7 @@ function guest_login() $login_user = DB::selectOne('SELECT * FROM `User` WHERE `Nick`=?', [$nick]); if (!empty($login_user)) { if ($request->has('password')) { - if (!verify_password($request->post('password'), $login_user['Passwort'], $login_user['UID'])) { + if (!verify_password($request->postData('password'), $login_user['Passwort'], $login_user['UID'])) { $valid = false; error(_('Your password is incorrect. Please try it again.')); } @@ -466,7 +466,10 @@ function guest_login() heading(_('What can I do?'), 2), '<p>' . _('Please read about the jobs you can do to help us.') . '</p>', buttons([ - button(page_link_to('angeltypes') . '&action=about', _('Teams/Job description') . ' »') + button( + page_link_to('angeltypes', ['action' => 'about']), + _('Teams/Job description') . ' »' + ) ]) ]) ]) diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php index a1e2580a..2991bdbf 100644 --- a/includes/pages/user_atom.php +++ b/includes/pages/user_atom.php @@ -1,6 +1,7 @@ <?php use Engelsystem\Database\DB; +use Engelsystem\Http\Request; /** * Publically available page to feed the news to feed readers @@ -44,14 +45,15 @@ function user_atom() */ function make_atom_entries_from_news($news_entries) { + $request = Request::getInstance(); $html = '<?xml version="1.0" encoding="utf-8"?> <feed xmlns="http://www.w3.org/2005/Atom"> <title>Engelsystem</title> - <id>' . $_SERVER['HTTP_HOST'] + <id>' . $request->getHttpHost() . htmlspecialchars(preg_replace( '#[&?]key=[a-f\d]{32}#', '', - $_SERVER['REQUEST_URI'] + $request->getRequestUri() )) . '</id> <updated>' . date('Y-m-d\TH:i:sP', $news_entries[0]['Datum']) . '</updated>' . "\n"; @@ -64,11 +66,12 @@ function make_atom_entries_from_news($news_entries) function make_atom_entry_from_news($news_entry) { - return ' <entry> + return ' + <entry> <title>' . htmlspecialchars($news_entry['Betreff']) . '</title> - <link href="' . page_link_to_absolute('news_comments&nid=') . $news_entry['ID'] . '"/> - <id>' . preg_replace('#^https?://#', '', page_link_to_absolute('news')) . '-' . $news_entry['ID'] . '</id> - <updated>' . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . '</updated> - <summary type="html">' . htmlspecialchars($news_entry['Text']) . '</summary> - </entry>' . "\n"; + <link href="' . page_link_to('news_comments', ['nid' => $news_entry['ID']]) . '"/> + <id>' . preg_replace('#^https?://#', '', page_link_to('news_comments', ['nid' => $news_entry['ID']])) . '</id> + <updated>' . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . '</updated> + <summary>' . htmlspecialchars($news_entry['Text']) . '</summary> + </entry>' . "\n"; } diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php index 2dea6207..06ae7e75 100644 --- a/includes/pages/user_messages.php +++ b/includes/pages/user_messages.php @@ -92,14 +92,14 @@ function user_messages() if ($message['RUID'] == $user['UID']) { if ($message['isRead'] == 'N') { $messages_table_entry['actions'] = button( - page_link_to('user_messages') . '&action=read&id=' . $message['id'], + page_link_to('user_messages', ['action' => 'read', 'id' => $message['id']]), _('mark as read'), 'btn-xs' ); } } else { $messages_table_entry['actions'] = button( - page_link_to('user_messages') . '&action=delete&id=' . $message['id'], + page_link_to('user_messages', ['action' => 'delete', 'id' => $message['id']]), _('delete message'), 'btn-xs' ); @@ -119,7 +119,7 @@ function user_messages() 'text' => _('Message'), 'actions' => '' ], $messages_table) - ], page_link_to('user_messages') . '&action=send') + ], page_link_to('user_messages', ['action' => 'send'])) ]); } else { switch ($request->input('action')) { diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index 81f8f505..60a26922 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -37,14 +37,14 @@ function user_myshifts() if ($request->input('reset') == 'ack') { User_reset_api_key($user); success(_('Key changed.')); - redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); + redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user['UID']])); } return page_with_title(_('Reset API key'), [ error( _('If you reset the key, the url to your iCal- and JSON-export and your atom feed changes! You have to update it in every application using one of these exports.'), true ), - button(page_link_to('user_myshifts') . '&reset=ack', _('Continue'), 'btn-danger') + button(page_link_to('user_myshifts', ['reset' => 'ack']), _('Continue'), 'btn-danger') ]); } elseif ($request->has('edit') && preg_match('/^\d*$/', $request->input('edit'))) { $user_id = $request->input('edit'); @@ -106,7 +106,7 @@ function user_myshifts() . '. Freeloaded: ' . ($freeloaded ? 'YES Comment: ' . $freeload_comment : 'NO') ); success(_('Shift saved.')); - redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); + redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user['UID']])); } } @@ -164,6 +164,6 @@ function user_myshifts() } } - redirect(page_link_to('users') . '&action=view&user_id=' . $shifts_user['UID']); + redirect(page_link_to('users', ['action' => 'view', 'user_id' => $shifts_user['UID']])); return ''; } diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index 3cf11a6b..b51b0a4c 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -35,8 +35,8 @@ function user_meetings() $html = '<div class="col-md-12"><h1>' . meetings_title() . '</h1>' . msg(); $request = request(); - if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) { - $page = $request->input('page'); + if (preg_match('/^\d{1,}$/', $request->input('page', 0))) { + $page = $request->input('page', 0); } else { $page = 0; } @@ -57,14 +57,14 @@ function user_meetings() $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news); $html .= '<div class="text-center">' . '<ul class="pagination">'; for ($i = 0; $i < $dis_rows; $i++) { - if ($request->has('page') && $i == $request->input('page')) { + if ($request->has('page') && $i == $request->input('page', 0)) { $html .= '<li class="active">'; } elseif (!$request->has('page') && $i == 0) { $html .= '<li class="active">'; } else { $html .= '<li>'; } - $html .= '<a href="' . page_link_to('user_meetings') . '&page=' . $i . '">' . ($i + 1) . '</a></li>'; + $html .= '<a href="' . page_link_to('user_meetings', ['page' => $i]) . '">' . ($i + 1) . '</a></li>'; } $html .= '</ul></div></div>'; @@ -89,7 +89,7 @@ function display_news($news) $html .= '<div class="panel-footer text-muted">'; if (in_array('admin_news', $privileges)) { $html .= '<div class="pull-right">' - . button_glyph(page_link_to('admin_news') . '&action=edit&id=' . $news['ID'], 'edit', 'btn-xs') + . button_glyph(page_link_to('admin_news', ['action' => 'edit', 'id' => $news['ID']]), 'edit', 'btn-xs') . '</div>'; } $html .= '<span class="glyphicon glyphicon-time"></span> ' . date('Y-m-d H:i', $news['Datum']) . ' '; @@ -98,7 +98,7 @@ function display_news($news) $html .= User_Nick_render($user_source); if ($page != 'news_comments') { - $html .= ' <a href="' . page_link_to('news_comments') . '&nid=' . $news['ID'] . '">' + $html .= ' <a href="' . page_link_to('news_comments', ['nid' => $news['ID']]) . '">' . '<span class="glyphicon glyphicon-comment"></span> ' . _('Comments') . ' »</a> ' . '<span class="badge">' @@ -154,7 +154,7 @@ function user_news_comments() $user_source = User($comment['UID']); $html .= '<div class="panel panel-default">'; - $html .= '<div class="panel-body">' . nl2br($comment['Text']) . '</div>'; + $html .= '<div class="panel-body">' . nl2br(htmlspecialchars($comment['Text'])) . '</div>'; $html .= '<div class="panel-footer text-muted">'; $html .= '<span class="glyphicon glyphicon-time"></span> ' . $comment['Datum'] . ' '; $html .= User_Nick_render($user_source); @@ -166,7 +166,7 @@ function user_news_comments() $html .= form([ form_textarea('text', _('Message'), ''), form_submit('submit', _('Save')) - ], page_link_to('news_comments') . '&nid=' . $news['ID']); + ], page_link_to('news_comments', ['nid' => $news['ID']])); } else { $html .= _('Invalid request.'); } @@ -185,30 +185,36 @@ function user_news() $html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg(); - $isMeeting = $request->post('treffen'); + $isMeeting = $request->postData('treffen'); if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) { - if (!$request->has('treffen') || !in_array('admin_news', $privileges)) { + if (!$request->has('treffen')) { $isMeeting = 0; } + + $text = $request->postData('text'); + if (!in_array('admin_news_html', $privileges)) { + $text = strip_tags($text); + } + DB::insert(' INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) VALUES (?, ?, ?, ?, ?) ', [ time(), - $request->post('betreff'), - $request->post('text'), + strip_tags($request->postData('betreff')), + $text, $user['UID'], $isMeeting, ] ); - engelsystem_log('Created news: ' . $_POST['betreff'] . ', treffen: ' . $isMeeting); + engelsystem_log('Created news: ' . $request->postData('betreff') . ', treffen: ' . $isMeeting); success(_('Entry saved.')); redirect(page_link_to('news')); } - if ($request->has('page') && preg_match('/^\d{1,}$/', $request->input('page'))) { - $page = $request->input('page'); + if (preg_match('/^\d{1,}$/', $request->input('page', 0))) { + $page = $request->input('page', 0); } else { $page = 0; } @@ -229,14 +235,14 @@ function user_news() $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news); $html .= '<div class="text-center">' . '<ul class="pagination">'; for ($i = 0; $i < $dis_rows; $i++) { - if ($request->has('page') && $i == $request->input('page')) { + if ($request->has('page') && $i == $request->input('page', 0)) { $html .= '<li class="active">'; } elseif (!$request->has('page') && $i == 0) { $html .= '<li class="active">'; } else { $html .= '<li>'; } - $html .= '<a href="' . page_link_to('news') . '&page=' . $i . '">' . ($i + 1) . '</a></li>'; + $html .= '<a href="' . page_link_to('news', ['page' => $i]) . '">' . ($i + 1) . '</a></li>'; } $html .= '</ul></div>'; diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php index e4f35577..41fbe64d 100644 --- a/includes/pages/user_questions.php +++ b/includes/pages/user_questions.php @@ -33,7 +33,11 @@ function user_questions() $question['answer_user'] = User_Nick_render($answer_user_source); } - return Questions_view($open_questions, $answered_questions, page_link_to('user_questions') . '&action=ask'); + return Questions_view( + $open_questions, + $answered_questions, + page_link_to('user_questions', ['action' => 'ask']) + ); } else { switch ($request->input('action')) { case 'ask': diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index 7edee7b5..03621a45 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -84,7 +84,7 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) if ($valid) { User_update($user_source); - + success(_('Settings saved.')); redirect(page_link_to('user_settings')); } @@ -102,15 +102,15 @@ function user_settings_password($user_source) $request = request(); if ( !$request->has('password') - || !verify_password($request->post('password'), $user_source['Passwort'], $user_source['UID']) + || !verify_password($request->postData('password'), $user_source['Passwort'], $user_source['UID']) ) { error(_('-> not OK. Please try again.')); - } elseif (strlen($request->post('new_password')) < config('min_password_length')) { + } elseif (strlen($request->postData('new_password')) < config('min_password_length')) { error(_('Your password is to short (please use at least 6 characters).')); - } elseif ($request->post('new_password') != $request->post('new_password2')) { + } elseif ($request->postData('new_password') != $request->postData('new_password2')) { error(_('Your passwords don\'t match.')); } else { - set_password($user_source['UID'], $request->post('new_password')); + set_password($user_source['UID'], $request->postData('new_password')); success(_('Password saved.')); } redirect(page_link_to('user_settings')); diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index 813cb9b3..db0bb193 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -223,15 +223,15 @@ function view_user_shifts() 'task_notice' => '<sup>1</sup>' . _('The tasks shown here are influenced by the angeltypes you joined already!') - . ' <a href="' . page_link_to('angeltypes') . '&action=about' . '">' + . ' <a href="' . page_link_to('angeltypes', ['action' => 'about']) . '">' . _('Description of the jobs.') . '</a>', 'shifts_table' => msg() . $shiftCalendarRenderer->render(), 'ical_text' => '<h2>' . _('iCal export') . '</h2><p>' . sprintf( _('Export of shown shifts. <a href="%s">iCal format</a> or <a href="%s">JSON format</a> available (please keep secret, otherwise <a href="%s">reset the api key</a>).'), - page_link_to_absolute('ical') . '&key=' . $user['api_key'], - page_link_to_absolute('shifts_json_export') . '&key=' . $user['api_key'], - page_link_to('user_myshifts') . '&reset' + page_link_to('ical', ['key' => $user['api_key']]), + page_link_to('shifts_json_export', ['key' => $user['api_key']]), + page_link_to('user_myshifts', ['reset' => 1]) ) . '</p>', 'filter' => _('Filter') ]) diff --git a/includes/sys_auth.php b/includes/sys_auth.php index e0ed67e5..36f0f935 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -30,7 +30,7 @@ function load_auth() } // guest privileges - $privileges = privileges_for_group(-1); + $privileges = privileges_for_group(-10); } /** diff --git a/includes/sys_form.php b/includes/sys_form.php index f890b7a7..7fa0682d 100644 --- a/includes/sys_form.php +++ b/includes/sys_form.php @@ -10,7 +10,7 @@ */ function form_hidden($name, $value) { - return '<input type="hidden" name="' . $name . '" value="' . $value . '" />'; + return '<input type="hidden" name="' . $name . '" value="' . htmlspecialchars($value) . '" />'; } /** @@ -25,7 +25,7 @@ function form_spinner($name, $label, $value) { return form_element($label, ' <div class="input-group"> - <input id="spinner-' . $name . '" class="form-control" type="text" name="' . $name . '" value="' . $value . '" /> + <input id="spinner-' . $name . '" class="form-control" name="' . $name . '" value="' . htmlspecialchars($value) . '" /> <div class="input-group-btn"> <button id="spinner-' . $name . '-down" class="btn btn-default" type="button"> <span class="glyphicon glyphicon-minus"></span> @@ -66,7 +66,8 @@ function form_date($name, $label, $value, $start_date = '', $end_date = '') $end_date = is_numeric($end_date) ? date('Y-m-d', $end_date) : ''; return form_element($label, ' <div class="input-group date" id="' . $dom_id . '"> - <input type="text" name="' . $name . '" class="form-control" value="' . $value . '"><span class="input-group-addon">' . glyph('th') . '</span> + <input name="' . $name . '" class="form-control" value="' . htmlspecialchars($value) . '">' + . '<span class="input-group-addon">' . glyph('th') . '</span> </div> <script type="text/javascript"> $(function(){ @@ -144,12 +145,17 @@ function form_multi_checkboxes($names, $label, $items, $selected, $disabled = [] * @param string $label * @param string $selected * @param string $value + * @param string $id * @return string */ -function form_checkbox($name, $label, $selected, $value = 'checked') +function form_checkbox($name, $label, $selected, $value = 'checked', $id = null) { + if (is_null($id)) { + $id = $name; + } + return '<div class="checkbox"><label>' - . '<input type="checkbox" id="' . $name . '" name="' . $name . '" value="' . $value . '" ' + . '<input type="checkbox" id="' . $id . '" name="' . $name . '" value="' . htmlspecialchars($value) . '" ' . ($selected ? ' checked="checked"' : '') . ' /> ' . $label . '</label></div>'; @@ -167,7 +173,7 @@ function form_checkbox($name, $label, $selected, $value = 'checked') function form_radio($name, $label, $selected, $value) { return '<div class="radio">' - . '<label><input type="radio" id="' . $name . '" name="' . $name . '" value="' . $value . '" ' + . '<label><input type="radio" id="' . $name . '" name="' . $name . '" value="' . htmlspecialchars($value) . '" ' . ($selected ? ' checked="checked"' : '') . ' /> ' . $label . '</label></div>'; @@ -328,8 +334,8 @@ function form_textarea($name, $label, $value, $disabled = false) $disabled = $disabled ? ' disabled="disabled"' : ''; return form_element( $label, - '<textarea rows="5" class="form-control" id="form_' . $name . '" type="text" name="' - . $name . '" ' . $disabled . '>' . $value . '</textarea>', + '<textarea rows="5" class="form-control" id="form_' . $name . '" name="' + . $name . '" ' . $disabled . '>' . htmlspecialchars($value) . '</textarea>', 'form_' . $name ); } @@ -374,7 +380,7 @@ function form_element($label, $input, $for = '') */ function form($elements, $action = '') { - return '<form role="form" action="' . $action . '" enctype="multipart/form-data" method="post">' . join($elements) . '</form>'; + return '<form action="' . $action . '" enctype="multipart/form-data" method="post">' . join($elements) . '</form>'; } /** diff --git a/includes/sys_menu.php b/includes/sys_menu.php index f160441c..2eaa1234 100644 --- a/includes/sys_menu.php +++ b/includes/sys_menu.php @@ -1,28 +1,16 @@ <?php -use Engelsystem\UserHintsRenderer; -/** - * @param string $page - * @return string - */ -function page_link_to($page = '') -{ - if ($page == '') { - return '?'; - } - return '?p=' . $page; -} +use Engelsystem\UserHintsRenderer; /** * @param string $page + * @param array $parameters get parameters * @return string */ -function page_link_to_absolute($page) +function page_link_to($page = '', $parameters = []) { - return (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' - . $_SERVER['HTTP_HOST'] - . preg_replace("/\?.*$/", '', $_SERVER['REQUEST_URI']) - . page_link_to($page); + $page = str_replace('_', '-', $page); + return url($page, $parameters); } /** @@ -65,7 +53,7 @@ function header_toolbar() if (isset($user)) { $toolbar_items[] = toolbar_item_link( - page_link_to('shifts') . '&action=next', + page_link_to('shifts', ['action' => 'next']), 'time', User_shift_state_render($user) ); @@ -86,7 +74,7 @@ function header_toolbar() $toolbar_items[] = header_render_hints(); if (in_array('user_myshifts', $privileges)) { $toolbar_items[] = toolbar_item_link( - page_link_to('users') . '&action=view', + page_link_to('users', ['action' => 'view']), ' icon-icon_angel', $user['Nick'], $page == 'users' diff --git a/includes/sys_page.php b/includes/sys_page.php index 1b33d1f4..df57d08a 100644 --- a/includes/sys_page.php +++ b/includes/sys_page.php @@ -1,4 +1,5 @@ <?php + use Engelsystem\ValidationResult; /** @@ -168,11 +169,8 @@ function strip_request_item($name, $default_value = null) */ function test_request_int($name) { - $request = request(); - if ($request->has($name)) { - return preg_match('/^\d*$/', $request->input($name)); - } - return false; + $input = request()->input($name); + return preg_match('/^\d*$/', $input); } /** @@ -186,7 +184,11 @@ function strip_request_item_nl($name, $default_value = null) { $request = request(); if ($request->has($name)) { - return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($request->input($name))); + return preg_replace( + "/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", + '', + strip_tags($request->input($name)) + ); } return $default_value; } diff --git a/includes/view/AngelTypes_view.php b/includes/view/AngelTypes_view.php index 37b4fb2c..f75cc616 100644 --- a/includes/view/AngelTypes_view.php +++ b/includes/view/AngelTypes_view.php @@ -50,7 +50,10 @@ function AngelType_delete_view($angeltype) buttons([ button(page_link_to('angeltypes'), _('cancel'), 'cancel'), button( - page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'] . '&confirmed', + page_link_to( + 'angeltypes', + ['action' => 'delete', 'angeltype_id' => $angeltype['id'], 'confirmed' => 1] + ), _('delete'), 'ok' ) @@ -67,7 +70,6 @@ function AngelType_delete_view($angeltype) */ function AngelType_edit_view($angeltype, $supporter_mode) { - $contact_info = AngelType_contact_info($angeltype); return page_with_title(sprintf(_('Edit %s'), $angeltype['name']), [ buttons([ button(page_link_to('angeltypes'), _('Angeltypes'), 'back') @@ -127,7 +129,7 @@ function AngelType_view_buttons($angeltype, $user_angeltype, $admin_angeltypes, if ($user_angeltype == null) { $buttons[] = button( - page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], + page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]), _('join'), 'add' ); @@ -142,20 +144,22 @@ function AngelType_view_buttons($angeltype, $user_angeltype, $admin_angeltypes, $angeltype['name'] )); } - $buttons[] = button(page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $user_angeltype['id'], - _('leave'), 'cancel'); + $buttons[] = button( + page_link_to('user_angeltypes', ['action' => 'delete', 'user_angeltype_id' => $user_angeltype['id']]), + _('leave'), 'cancel' + ); } if ($admin_angeltypes || $supporter) { $buttons[] = button( - page_link_to('angeltypes') . '&action=edit&angeltype_id=' . $angeltype['id'], + page_link_to('angeltypes', ['action' => 'edit', 'angeltype_id' => $angeltype['id']]), _('edit'), 'edit' ); } if ($admin_angeltypes) { $buttons[] = button( - page_link_to('angeltypes') . '&action=delete&angeltype_id=' . $angeltype['id'], + page_link_to('angeltypes', ['action' => 'delete', 'angeltype_id' => $angeltype['id']]), _('delete'), 'delete' ); @@ -193,12 +197,18 @@ function AngelType_view_members($angeltype, $members, $admin_user_angeltypes, $a if ($angeltype['restricted'] && $member['confirm_user_id'] == null) { $member['actions'] = table_buttons([ button( - page_link_to('user_angeltypes') . '&action=confirm&user_angeltype_id=' . $member['user_angeltype_id'], + page_link_to( + 'user_angeltypes', + ['action' => 'confirm', 'user_angeltype_id' => $member['user_angeltype_id']] + ), _('confirm'), 'btn-xs' ), button( - page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'], + page_link_to( + 'user_angeltypes', + ['action' => 'delete', 'user_angeltype_id' => $member['user_angeltype_id']] + ), _('deny'), 'btn-xs' ) @@ -208,7 +218,11 @@ function AngelType_view_members($angeltype, $members, $admin_user_angeltypes, $a if ($admin_angeltypes) { $member['actions'] = table_buttons([ button( - page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&supporter=0', + page_link_to('user_angeltypes', [ + 'action' => 'update', + 'user_angeltype_id' => $member['user_angeltype_id'], + 'supporter' => 0 + ]), _('Remove supporter rights'), 'btn-xs' ) @@ -221,11 +235,18 @@ function AngelType_view_members($angeltype, $members, $admin_user_angeltypes, $a if ($admin_user_angeltypes) { $member['actions'] = table_buttons([ $admin_angeltypes - ? button(page_link_to('user_angeltypes') . '&action=update&user_angeltype_id=' . $member['user_angeltype_id'] . '&supporter=1', + ? button(page_link_to('user_angeltypes', [ + 'action' => 'update', + 'user_angeltype_id' => $member['user_angeltype_id'], + 'supporter' => 1 + ]), _('Add supporter rights'), 'btn-xs') : '', button( - page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $member['user_angeltype_id'], + page_link_to('user_angeltypes', [ + 'action' => 'delete', + 'user_angeltype_id' => $member['user_angeltype_id'] + ]), _('remove'), 'btn-xs' ) @@ -339,7 +360,14 @@ function AngelType_view( $page[] = '<h3>' . _('Members') . '</h3>'; if ($admin_user_angeltypes) { $page[] = buttons([ - button(page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], _('Add'), 'add') + button( + page_link_to( + 'user_angeltypes', + ['action' => 'add', 'angeltype_id' => $angeltype['id']] + ), + _('Add'), + 'add' + ) ]); } $page[] = table($table_headers, $members_confirmed); @@ -348,12 +376,12 @@ function AngelType_view( $page[] = '<h3>' . _('Unconfirmed') . '</h3>'; $page[] = buttons([ button( - page_link_to('user_angeltypes') . '&action=confirm_all&angeltype_id=' . $angeltype['id'], + page_link_to('user_angeltypes', ['action' => 'confirm_all', 'angeltype_id' => $angeltype['id']]), _('confirm all'), 'ok' ), button( - page_link_to('user_angeltypes') . '&action=delete_all&angeltype_id=' . $angeltype['id'], + page_link_to('user_angeltypes', ['action' => 'delete_all', 'angeltype_id' => $angeltype['id']]), _('deny all'), 'cancel' ) @@ -376,8 +404,10 @@ function AngelTypes_list_view($angeltypes, $admin_angeltypes) return page_with_title(angeltypes_title(), [ msg(), buttons([ - $admin_angeltypes ? button(page_link_to('angeltypes') . '&action=edit', _('New angeltype'), 'add') : '', - button(page_link_to('angeltypes') . '&action=about', _('Teams/Job description')) + $admin_angeltypes + ? button(page_link_to('angeltypes', ['action' => 'edit']), _('New angeltype'), 'add') + : '', + button(page_link_to('angeltypes', ['action' => 'about']), _('Teams/Job description')) ]), table([ 'name' => _('Name'), @@ -405,13 +435,16 @@ function AngelTypes_about_view_angeltype($angeltype) $buttons = []; if ($angeltype['user_angeltype_id'] != null) { $buttons[] = button( - page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $angeltype['user_angeltype_id'], + page_link_to( + 'user_angeltypes', + ['action' => 'delete', 'user_angeltype_id' => $angeltype['user_angeltype_id']] + ), _('leave'), 'cancel' ); } else { $buttons[] = button( - page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], + page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]), _('join'), 'add' ); diff --git a/includes/view/Questions_view.php b/includes/view/Questions_view.php index dee7585c..a44a099d 100644 --- a/includes/view/Questions_view.php +++ b/includes/view/Questions_view.php @@ -9,14 +9,22 @@ function Questions_view($open_questions, $answered_questions, $ask_action) { foreach ($open_questions as &$question) { - $question['actions'] = '<a href="' . page_link_to('user_questions') . '&action=delete&id=' . $question['QID'] . '">' . _('delete') . '</a>'; + $question['actions'] = '<a href="' + . page_link_to('user_questions', ['action' => 'delete', 'id' => $question['QID']]) + . '">' + . _('delete') + . '</a>'; $question['Question'] = str_replace("\n", '<br />', $question['Question']); } foreach ($answered_questions as &$question) { $question['Question'] = str_replace("\n", '<br />', $question['Question']); $question['Answer'] = str_replace("\n", '<br />', $question['Answer']); - $question['actions'] = '<a href="' . page_link_to('user_questions') . '&action=delete&id=' . $question['QID'] . '">' . _('delete') . '</a>'; + $question['actions'] = '<a href="' + . page_link_to('user_questions', ['action' => 'delete', 'id' => $question['QID']]) + . '">' + . _('delete') + . '</a>'; } return page_with_title(questions_title(), [ diff --git a/includes/view/ShiftCalendarShiftRenderer.php b/includes/view/ShiftCalendarShiftRenderer.php index 8560d47d..f0488e83 100644 --- a/includes/view/ShiftCalendarShiftRenderer.php +++ b/includes/view/ShiftCalendarShiftRenderer.php @@ -125,7 +125,7 @@ class ShiftCalendarShiftRenderer if (in_array('user_shifts_admin', $privileges)) { $html .= '<li class="list-group-item">' . button( - page_link_to('user_shifts') . '&shift_id=' . $shift['SID'], + page_link_to('user_shifts', ['shift_id' => $shift['SID']]), _('Add more angels'), 'btn-xs' ) . '</li>'; @@ -169,11 +169,13 @@ class ShiftCalendarShiftRenderer case ShiftSignupState::ADMIN: case ShiftSignupState::FREE: // When admin or free display a link + button for sign up - $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' + $entry_list[] = '<a href="' + . page_link_to('user_shifts', ['shift_id' => $shift['SID'], 'type_id' => $angeltype['id']]) + . '">' . $inner_text . '</a> ' . button( - page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], + page_link_to('user_shifts', ['shift_id' => $shift['SID'], 'type_id' => $angeltype['id']]), _('Sign up'), 'btn-xs btn-primary' ); break; @@ -191,7 +193,7 @@ class ShiftCalendarShiftRenderer // Add link to join the angeltype first $entry_list[] = $inner_text . '<br />' . button( - page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'], + page_link_to('user_angeltypes', ['action' => 'add', 'angeltype_id' => $angeltype['id']]), sprintf(_('Become %s'), $angeltype['name']), 'btn-xs' ); @@ -232,8 +234,8 @@ class ShiftCalendarShiftRenderer $header_buttons = ''; if (in_array('admin_shifts', $privileges)) { $header_buttons = '<div class="pull-right">' . table_buttons([ - button(page_link_to('user_shifts') . '&edit_shift=' . $shift['SID'], glyph('edit'), 'btn-xs'), - button(page_link_to('user_shifts') . '&delete_shift=' . $shift['SID'], glyph('trash'), 'btn-xs') + button(page_link_to('user_shifts', ['edit_shift' => $shift['SID']]), glyph('edit'), 'btn-xs'), + button(page_link_to('user_shifts', ['delete_shift' => $shift['SID']]), glyph('trash'), 'btn-xs') ]) . '</div>'; } $shift_heading = date('H:i', $shift['start']) . ' ‐ ' diff --git a/includes/view/ShiftTypes_view.php b/includes/view/ShiftTypes_view.php index e0750617..74e0d7c0 100644 --- a/includes/view/ShiftTypes_view.php +++ b/includes/view/ShiftTypes_view.php @@ -24,7 +24,10 @@ function ShiftType_delete_view($shifttype) buttons([ button(page_link_to('shifttypes'), _('cancel'), 'cancel'), button( - page_link_to('shifttypes') . '&action=delete&shifttype_id=' . $shifttype['id'] . '&confirmed', + page_link_to( + 'shifttypes', + ['action' => 'delete', 'shifttype_id' => $shifttype['id'], 'confirmed' => 1] + ), _('delete'), 'ok btn-danger' ) @@ -81,12 +84,16 @@ function ShiftType_view($shifttype, $angeltype) buttons([ button(page_link_to('shifttypes'), shifttypes_title(), 'back'), $angeltype ? button( - page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], + page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]), $angeltype['name'] ) : '', - button(page_link_to('shifttypes') . '&action=edit&shifttype_id=' . $shifttype['id'], _('edit'), 'edit'), button( - page_link_to('shifttypes') . '&action=delete&shifttype_id=' . $shifttype['id'], + page_link_to('shifttypes', ['action' => 'edit', 'shifttype_id' => $shifttype['id']]), + _('edit'), + 'edit' + ), + button( + page_link_to('shifttypes', ['action' => 'delete', 'shifttype_id' => $shifttype['id']]), _('delete'), 'delete' ) @@ -103,11 +110,22 @@ function ShiftType_view($shifttype, $angeltype) function ShiftTypes_list_view($shifttypes) { foreach ($shifttypes as &$shifttype) { - $shifttype['name'] = '<a href="' . page_link_to('shifttypes') . '&action=view&shifttype_id=' . $shifttype['id'] . '">' . $shifttype['name'] . '</a>'; + $shifttype['name'] = '<a href="' + . page_link_to('shifttypes', ['action' => 'view', 'shifttype_id' => $shifttype['id']]) + . '">' + . $shifttype['name'] + . '</a>'; $shifttype['actions'] = table_buttons([ - button(page_link_to('shifttypes') . '&action=edit&shifttype_id=' . $shifttype['id'], _('edit'), 'btn-xs'), button( - page_link_to('shifttypes') . '&action=delete&shifttype_id=' . $shifttype['id'], + page_link_to( + 'shifttypes', + ['action' => 'edit', 'shifttype_id' => $shifttype['id']] + ), + _('edit'), + 'btn-xs' + ), + button( + page_link_to('shifttypes', ['action' => 'delete', 'shifttype_id' => $shifttype['id']]), _('delete'), 'btn-xs' ) @@ -117,7 +135,7 @@ function ShiftTypes_list_view($shifttypes) return page_with_title(shifttypes_title(), [ msg(), buttons([ - button(page_link_to('shifttypes') . '&action=edit', _('New shifttype'), 'add') + button(page_link_to('shifttypes', ['action' => 'edit']), _('New shifttype'), 'add') ]), table([ 'name' => _('Name'), diff --git a/includes/view/Shifts_view.php b/includes/view/Shifts_view.php index 094af7ad..bc905f39 100644 --- a/includes/view/Shifts_view.php +++ b/includes/view/Shifts_view.php @@ -1,4 +1,5 @@ <?php + use Engelsystem\ShiftSignupState; /** @@ -41,12 +42,12 @@ function Shift_signup_button_render($shift, $angeltype, $user_angeltype = null) if ($angeltype['shift_signup_state']->isSignupAllowed()) { return button( - page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'], + page_link_to('user_shifts', ['shift_id' => $shift['SID'], 'type_id' => $angeltype['id']]), _('Sign up') ); } elseif ($user_angeltype == null) { return button( - page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], + page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]), sprintf(_('Become %s'), $angeltype['name']) ); @@ -207,12 +208,12 @@ function Shift_view_render_shift_entry($shift_entry, $user_shift_admin, $angelty $entry .= ' <div class="btn-group">'; if ($user_shift_admin) { $entry .= button_glyph( - page_link_to('user_myshifts') . '&edit=' . $shift_entry['id'] . '&id=' . $shift_entry['UID'], + page_link_to('user_myshifts', ['edit' => $shift_entry['id'], 'id' => $shift_entry['UID']]), 'pencil', 'btn-xs' ); } - $entry .= button_glyph(page_link_to('user_shifts') . '&entry_id=' . $shift_entry['id'], 'trash', 'btn-xs'); + $entry .= button_glyph(page_link_to('user_shifts', ['entry_id' => $shift_entry['id']]), 'trash', 'btn-xs'); $entry .= '</div>'; } return $entry; diff --git a/includes/view/UserAngelTypes_view.php b/includes/view/UserAngelTypes_view.php index 15d99961..98f6c3e9 100644 --- a/includes/view/UserAngelTypes_view.php +++ b/includes/view/UserAngelTypes_view.php @@ -19,12 +19,18 @@ function UserAngelType_update_view($user_angeltype, $user, $angeltype, $supporte User_Nick_render($user) ), true), buttons([ - button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'), button( - page_link_to('user_angeltypes') - . '&action=update&user_angeltype_id=' . $user_angeltype['id'] - . '&supporter=' . ($supporter ? '1' : '0') - . '&confirmed', + page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]), + _('cancel'), + 'cancel' + ), + button( + page_link_to('user_angeltypes', [ + 'action' => 'update', + 'user_angeltype_id' => $user_angeltype['id'], + 'supporter' => ($supporter ? '1' : '0'), + 'confirmed' => 1, + ]), _('yes'), 'ok' ) @@ -42,9 +48,19 @@ function UserAngelTypes_delete_all_view($angeltype) msg(), info(sprintf(_('Do you really want to deny all users for %s?'), $angeltype['name']), true), buttons([ - button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'), button( - page_link_to('user_angeltypes') . '&action=delete_all&angeltype_id=' . $angeltype['id'] . '&confirmed', + page_link_to( + 'angeltypes', + ['action' => 'view', 'angeltype_id' => $angeltype['id']] + ), + _('cancel'), + 'cancel' + ), + button( + page_link_to( + 'user_angeltypes', + ['action' => 'delete_all', 'angeltype_id' => $angeltype['id'], 'confirmed' => 1] + ), _('yes'), 'ok' ) @@ -62,9 +78,11 @@ function UserAngelTypes_confirm_all_view($angeltype) msg(), info(sprintf(_('Do you really want to confirm all users for %s?'), $angeltype['name']), true), buttons([ - button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'), + button(page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]), _('cancel'), + 'cancel'), button( - page_link_to('user_angeltypes') . '&action=confirm_all&angeltype_id=' . $angeltype['id'] . '&confirmed', + page_link_to('user_angeltypes', + ['action' => 'confirm_all', 'angeltype_id' => $angeltype['id'], 'confirmed' => 1]), _('yes'), 'ok' ) @@ -84,9 +102,16 @@ function UserAngelType_confirm_view($user_angeltype, $user, $angeltype) msg(), info(sprintf(_('Do you really want to confirm %s for %s?'), User_Nick_render($user), $angeltype['name']), true), buttons([ - button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'), button( - page_link_to('user_angeltypes') . '&action=confirm&user_angeltype_id=' . $user_angeltype['id'] . '&confirmed', + page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]), + _('cancel'), + 'cancel' + ), + button( + page_link_to( + 'user_angeltypes', + ['action' => 'confirm', 'user_angeltype_id' => $user_angeltype['id'], 'confirmed' => 1] + ), _('yes'), 'ok' ) @@ -106,9 +131,14 @@ function UserAngelType_delete_view($user_angeltype, $user, $angeltype) msg(), info(sprintf(_('Do you really want to delete %s from %s?'), User_Nick_render($user), $angeltype['name']), true), buttons([ - button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'), button( - page_link_to('user_angeltypes') . '&action=delete&user_angeltype_id=' . $user_angeltype['id'] . '&confirmed', + page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]), + _('cancel'), + 'cancel' + ), + button( + page_link_to('user_angeltypes', + ['action' => 'delete', 'user_angeltype_id' => $user_angeltype['id'], 'confirmed' => 1]), _('yes'), 'ok' ) @@ -132,7 +162,11 @@ function UserAngelType_add_view($angeltype, $users_source, $user_id) return page_with_title(_('Add user to angeltype'), [ msg(), buttons([ - button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('back'), 'back') + button( + page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]), + _('back'), + 'back' + ) ]), form([ form_info(_('Angeltype'), $angeltype['name']), @@ -153,9 +187,16 @@ function UserAngelType_join_view($user, $angeltype) msg(), info(sprintf(_('Do you really want to add %s to %s?'), User_Nick_render($user), $angeltype['name']), true), buttons([ - button(page_link_to('angeltypes') . '&action=view&angeltype_id=' . $angeltype['id'], _('cancel'), 'cancel'), button( - page_link_to('user_angeltypes') . '&action=add&angeltype_id=' . $angeltype['id'] . '&user_id=' . $user['UID'] . '&confirmed', + page_link_to('angeltypes', ['action' => 'view', 'angeltype_id' => $angeltype['id']]), + _('cancel'), + 'cancel' + ), + button( + page_link_to( + 'user_angeltypes', + ['action' => 'add', 'angeltype_id' => $angeltype['id'], 'user_id' => $user['UID'], 'confirmed' => 1] + ), _('save'), 'ok' ) diff --git a/includes/view/User_view.php b/includes/view/User_view.php index 932614a7..c1e6f49e 100644 --- a/includes/view/User_view.php +++ b/includes/view/User_view.php @@ -127,7 +127,7 @@ function User_registration_success_view($event_welcome_message) '<h2>' . _('What can I do?') . '</h2>', '<p>' . _('Please read about the jobs you can do to help us.') . '</p>', buttons([ - button(page_link_to('angeltypes') . '&action=about', _('Teams/Job description') . ' »') + button(page_link_to('angeltypes', ['action' => 'about']), _('Teams/Job description') . ' »') ]) ]) ]) @@ -172,10 +172,13 @@ function User_edit_vouchers_view($user) button(user_link($user), glyph('chevron-left') . _('back')) ]), info(sprintf(_('Angel should receive at least %d vouchers.'), User_get_eligable_voucher_count($user)), true), - form([ - form_spinner('vouchers', _('Number of vouchers given out'), $user['got_voucher']), - form_submit('submit', _('Save')) - ], page_link_to('users') . '&action=edit_vouchers&user_id=' . $user['UID']) + form( + [ + form_spinner('vouchers', _('Number of vouchers given out'), $user['got_voucher']), + form_submit('submit', _('Save')) + ], + page_link_to('users', ['action' => 'edit_vouchers', 'user_id' => $user['UID']]) + ) ]); } @@ -208,7 +211,7 @@ function Users_view( $user['Tshirt'] = glyph_bool($user['Tshirt']); $user['lastLogIn'] = date(_('m/d/Y h:i a'), $user['lastLogIn']); $user['actions'] = table_buttons([ - button_glyph(page_link_to('admin_user') . '&id=' . $user['UID'], 'edit', 'btn-xs') + button_glyph(page_link_to('admin_user', ['id' => $user['UID']]), 'edit', 'btn-xs') ]); } $users[] = [ @@ -253,7 +256,11 @@ function Users_view( */ function Users_table_header_link($column, $label, $order_by) { - return '<a href="' . page_link_to('users') . '&OrderBy=' . $column . '">' . $label . ($order_by == $column ? ' <span class="caret"></span>' : '') . '</a>'; + return '<a href="' + . page_link_to('users', ['OrderBy' => $column]) + . '">' + . $label . ($order_by == $column ? ' <span class="caret"></span>' : '') + . '</a>'; } /** @@ -347,7 +354,7 @@ function User_view_myshift($shift, $user_source, $its_me) ]; if ($its_me || in_array('user_shifts_admin', $privileges)) { $myshift['actions'][] = button( - page_link_to('user_myshifts') . '&edit=' . $shift['id'] . '&id=' . $user_source['UID'], + page_link_to('user_myshifts', ['edit' => $shift['id'], 'id' => $user_source['UID']]), glyph('edit') . _('edit'), 'btn-xs' ); @@ -356,8 +363,15 @@ function User_view_myshift($shift, $user_source, $its_me) ($shift['start'] > time() + config('last_unsubscribe') * 3600) || in_array('user_shifts_admin', $privileges) ) { + $parameters = [ + 'cancel' => $shift['id'], + 'id' => $user_source['UID'], + ]; + if ($its_me) { + $parameters['id'] = ''; + } $myshift['actions'][] = button( - page_link_to('user_myshifts') . ((!$its_me) ? '&id=' . $user_source['UID'] : '') . '&cancel=' . $shift['id'], + page_link_to('user_myshifts', $parameters), glyph('trash') . _('sign off'), 'btn-xs' ); @@ -427,7 +441,7 @@ function User_view($user_source, $admin_user_privilege, $freeloader, $user_angel div('col-md-12', [ buttons([ $admin_user_privilege ? button( - page_link_to('admin_user') . '&id=' . $user_source['UID'], + page_link_to('admin_user', ['id' => $user_source['UID']]), glyph('edit') . _('edit') ) : '', $admin_user_privilege ? button( @@ -435,24 +449,24 @@ function User_view($user_source, $admin_user_privilege, $freeloader, $user_angel glyph('road') . _('driving license') ) : '', ($admin_user_privilege && !$user_source['Gekommen']) ? button( - page_link_to('admin_arrive') . '&arrived=' . $user_source['UID'], + page_link_to('admin_arrive', ['arrived' => $user_source['UID']]), _('arrived') ) : '', $admin_user_privilege ? button( - page_link_to('users') . '&action=edit_vouchers&user_id=' . $user_source['UID'], + page_link_to('users', ['action' => 'edit_vouchers', 'user_id' => $user_source['UID']]), glyph('cutlery') . _('Edit vouchers') ) : '', $its_me ? button(page_link_to('user_settings'), glyph('list-alt') . _('Settings')) : '', $its_me ? button( - page_link_to('ical') . '&key=' . $user_source['api_key'], + page_link_to('ical', ['key' => $user_source['api_key']]), glyph('calendar') . _('iCal Export') ) : '', $its_me ? button( - page_link_to('shifts_json_export') . '&key=' . $user_source['api_key'], + page_link_to('shifts_json_export', ['key' => $user_source['api_key']]), glyph('export') . _('JSON Export') ) : '', $its_me ? button( - page_link_to('user_myshifts') . '&reset', + page_link_to('user_myshifts', ['reset' => 1]), glyph('repeat') . _('Reset API key') ) : '' ]) @@ -607,7 +621,7 @@ function User_groups_render($user_groups) function User_Nick_render($user_source) { return '<a class="' . ($user_source['Gekommen'] ? '' : 'text-muted') . '" href="' - . page_link_to('users') . '&action=view&user_id=' . $user_source['UID'] + . page_link_to('users', ['action' => 'view', 'user_id' => $user_source['UID']]) . '"><span class="icon-icon_angel"></span> ' . htmlspecialchars($user_source['Nick']) . '</a>'; } diff --git a/phpunit.xml b/phpunit.xml index b868096c..ff6eb120 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -1,12 +1,8 @@ <phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.5/phpunit.xsd" - backupGlobals="false" bootstrap="./includes/engelsystem_provider.php" + xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/6.3/phpunit.xsd" colors="true" - convertErrorsToExceptions="true" - convertNoticesToExceptions="true" - convertWarningsToExceptions="true" - processIsolation="false"> +> <testsuites> <testsuite name="Models"> <directory>./test/model/</directory> @@ -16,10 +12,7 @@ <whitelist> <directory>./include/</directory> <directory>./public/</directory> - <directory>./src/</directory> - </whitelist> + <directory>./src/</directory> + </whitelist> </filter> - <php> - <const name="PHPUNIT_TESTSUITE" value="true"/> - </php> </phpunit> diff --git a/public/.htaccess b/public/.htaccess new file mode 100644 index 00000000..60c6685d --- /dev/null +++ b/public/.htaccess @@ -0,0 +1,8 @@ +<IfModule mod_rewrite.c> + RewriteEngine on + RewriteBase / + + RewriteCond %{REQUEST_FILENAME} !-d + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^ index.php [L] +</IfModule> diff --git a/public/index.php b/public/index.php index f22721c8..a83ab5e8 100644 --- a/public/index.php +++ b/public/index.php @@ -1,4 +1,7 @@ <?php + +use Engelsystem\Http\Request; + require_once realpath(__DIR__ . '/../includes/engelsystem_provider.php'); $free_pages = [ @@ -24,8 +27,13 @@ $page = ''; $title = ''; $content = ''; -$page = $request->input('p'); +/** @var Request $request */ +$page = $request->query->get('p'); if (empty($page)) { + $page = $request->path(); + $page = str_replace('-', '_', $page); +} +if ($page == '/') { $page = isset($user) ? 'news' : 'login'; } @@ -38,120 +46,158 @@ if ( ) { $title = $page; - if ($page == 'api') { - error('Api disabled temporarily.'); - redirect(page_link_to()); - require_once realpath(__DIR__ . '/../includes/controller/api.php'); - api_controller(); - } elseif ($page == 'ical') { - require_once realpath(__DIR__ . '/../includes/pages/user_ical.php'); - user_ical(); - } elseif ($page == 'atom') { - require_once realpath(__DIR__ . '/../includes/pages/user_atom.php'); - user_atom(); - } elseif ($page == 'shifts_json_export') { - require_once realpath(__DIR__ . '/../includes/controller/shifts_controller.php'); - shifts_json_export_controller(); - } elseif ($page == 'shifts_json_export_all') { - require_once realpath(__DIR__ . '/../includes/controller/shifts_controller.php'); - shifts_json_export_all_controller(); - } elseif ($page == 'stats') { - require_once realpath(__DIR__ . '/../includes/pages/guest_stats.php'); - guest_stats(); - } elseif ($page == 'user_password_recovery') { - require_once realpath(__DIR__ . '/../includes/controller/users_controller.php'); - $title = user_password_recovery_title(); - $content = user_password_recovery_controller(); - } elseif ($page == 'angeltypes') { - list($title, $content) = angeltypes_controller(); - } elseif ($page == 'shifts') { - list($title, $content) = shifts_controller(); - } elseif ($page == 'users') { - list($title, $content) = users_controller(); - } elseif ($page == 'user_angeltypes') { - list($title, $content) = user_angeltypes_controller(); - } elseif ($page == 'user_driver_licenses') { - list($title, $content) = user_driver_licenses_controller(); - } elseif ($page == 'shifttypes') { - list($title, $content) = shifttypes_controller(); - } elseif ($page == 'admin_event_config') { - list($title, $content) = event_config_edit_controller(); - } elseif ($page == 'rooms') { - list($title, $content) = rooms_controller(); - } elseif ($page == 'news') { - $title = news_title(); - $content = user_news(); - } elseif ($page == 'news_comments') { - require_once realpath(__DIR__ . '/../includes/pages/user_news.php'); - $title = user_news_comments_title(); - $content = user_news_comments(); - } elseif ($page == 'user_meetings') { - $title = meetings_title(); - $content = user_meetings(); - } elseif ($page == 'user_myshifts') { - $title = myshifts_title(); - $content = user_myshifts(); - } elseif ($page == 'user_shifts') { - $title = shifts_title(); - $content = user_shifts(); - } elseif ($page == 'user_messages') { - $title = messages_title(); - $content = user_messages(); - } elseif ($page == 'user_questions') { - $title = questions_title(); - $content = user_questions(); - } elseif ($page == 'user_settings') { - $title = settings_title(); - $content = user_settings(); - } elseif ($page == 'login') { - $title = login_title(); - $content = guest_login(); - } elseif ($page == 'register') { - $title = register_title(); - $content = guest_register(); - } elseif ($page == 'logout') { - $title = logout_title(); - $content = guest_logout(); - } elseif ($page == 'admin_questions') { - $title = admin_questions_title(); - $content = admin_questions(); - } elseif ($page == 'admin_user') { - $title = admin_user_title(); - $content = admin_user(); - } elseif ($page == 'admin_arrive') { - $title = admin_arrive_title(); - $content = admin_arrive(); - } elseif ($page == 'admin_active') { - $title = admin_active_title(); - $content = admin_active(); - } elseif ($page == 'admin_free') { - $title = admin_free_title(); - $content = admin_free(); - } elseif ($page == 'admin_news') { - require_once realpath(__DIR__ . '/../includes/pages/admin_news.php'); - $content = admin_news(); - } elseif ($page == 'admin_rooms') { - $title = admin_rooms_title(); - $content = admin_rooms(); - } elseif ($page == 'admin_groups') { - $title = admin_groups_title(); - $content = admin_groups(); - } elseif ($page == 'admin_import') { - $title = admin_import_title(); - $content = admin_import(); - } elseif ($page == 'admin_shifts') { - $title = admin_shifts_title(); - $content = admin_shifts(); - } elseif ($page == 'admin_log') { - $title = admin_log_title(); - $content = admin_log(); - } elseif ($page == 'credits') { - require_once realpath(__DIR__ . '/../includes/pages/guest_credits.php'); - $title = credits_title(); - $content = guest_credits(); - } else { - require_once realpath(__DIR__ . '/../includes/pages/guest_start.php'); - $content = guest_start(); + switch ($page) { + case 'api': + error('Api disabled temporarily.'); + redirect(page_link_to()); + break; + case 'ical': + require_once realpath(__DIR__ . '/../includes/pages/user_ical.php'); + user_ical(); + break; + case 'atom': + require_once realpath(__DIR__ . '/../includes/pages/user_atom.php'); + user_atom(); + break; + case 'shifts_json_export': + require_once realpath(__DIR__ . '/../includes/controller/shifts_controller.php'); + shifts_json_export_controller(); + break; + case 'shifts_json_export_all': + require_once realpath(__DIR__ . '/../includes/controller/shifts_controller.php'); + shifts_json_export_all_controller(); + break; + case 'stats': + require_once realpath(__DIR__ . '/../includes/pages/guest_stats.php'); + guest_stats(); + break; + case 'user_password_recovery': + require_once realpath(__DIR__ . '/../includes/controller/users_controller.php'); + $title = user_password_recovery_title(); + $content = user_password_recovery_controller(); + break; + case 'angeltypes': + list($title, $content) = angeltypes_controller(); + break; + case 'shifts': + list($title, $content) = shifts_controller(); + break; + case 'users': + list($title, $content) = users_controller(); + break; + case 'user_angeltypes': + list($title, $content) = user_angeltypes_controller(); + break; + case 'user_driver_licenses': + list($title, $content) = user_driver_licenses_controller(); + break; + case 'shifttypes': + list($title, $content) = shifttypes_controller(); + break; + case 'admin_event_config': + list($title, $content) = event_config_edit_controller(); + break; + case 'rooms': + list($title, $content) = rooms_controller(); + break; + case 'news': + $title = news_title(); + $content = user_news(); + break; + case 'news_comments': + require_once realpath(__DIR__ . '/../includes/pages/user_news.php'); + $title = user_news_comments_title(); + $content = user_news_comments(); + break; + case 'user_meetings': + $title = meetings_title(); + $content = user_meetings(); + break; + case 'user_myshifts': + $title = myshifts_title(); + $content = user_myshifts(); + break; + case 'user_shifts': + $title = shifts_title(); + $content = user_shifts(); + break; + case 'user_messages': + $title = messages_title(); + $content = user_messages(); + break; + case 'user_questions': + $title = questions_title(); + $content = user_questions(); + break; + case 'user_settings': + $title = settings_title(); + $content = user_settings(); + break; + case 'login': + $title = login_title(); + $content = guest_login(); + break; + case 'register': + $title = register_title(); + $content = guest_register(); + break; + case 'logout': + $title = logout_title(); + $content = guest_logout(); + break; + case 'admin_questions': + $title = admin_questions_title(); + $content = admin_questions(); + break; + case 'admin_user': + $title = admin_user_title(); + $content = admin_user(); + break; + case 'admin_arrive': + $title = admin_arrive_title(); + $content = admin_arrive(); + break; + case 'admin_active': + $title = admin_active_title(); + $content = admin_active(); + break; + case 'admin_free': + $title = admin_free_title(); + $content = admin_free(); + break; + case 'admin_news': + require_once realpath(__DIR__ . '/../includes/pages/admin_news.php'); + $content = admin_news(); + break; + case 'admin_rooms': + $title = admin_rooms_title(); + $content = admin_rooms(); + break; + case 'admin_groups': + $title = admin_groups_title(); + $content = admin_groups(); + break; + case 'admin_import': + $title = admin_import_title(); + $content = admin_import(); + break; + case 'admin_shifts': + $title = admin_shifts_title(); + $content = admin_shifts(); + break; + case 'admin_log': + $title = admin_log_title(); + $content = admin_log(); + break; + case 'credits': + require_once realpath(__DIR__ . '/../includes/pages/guest_credits.php'); + $title = credits_title(); + $content = guest_credits(); + break; + default: + require_once realpath(__DIR__ . '/../includes/pages/guest_start.php'); + $content = guest_start(); + break; } } else { // Wenn schon eingeloggt, keine-Berechtigung-Seite anzeigen @@ -166,14 +212,22 @@ if ( $event_config = EventConfig(); +$parameters = [ + 'key' => (isset($user) ? $user['api_key'] : ''), +]; +if ($page == 'user_meetings') { + $parameters['meetings'] = 1; +} echo view(__DIR__ . '/../templates/layout.html', [ 'theme' => isset($user) ? $user['color'] : config('theme'), 'title' => $title, 'atom_link' => ($page == 'news' || $page == 'user_meetings') - ? ' <link href="' . page_link_to('atom') . (($page == 'user_meetings') ? '&meetings=1' : '') - . '&key=' . (isset($user) ? $user['api_key'] : '') + ? ' <link href="' + . page_link_to('atom', $parameters) . '" type = "application/atom+xml" rel = "alternate" title = "Atom Feed">' : '', + 'start_page_url' => page_link_to('/'), + 'credits_url' => page_link_to('credits'), 'menu' => make_menu(), 'content' => msg() . $content, 'header_toolbar' => header_toolbar(), diff --git a/src/Exceptions/Handler.php b/src/Exceptions/Handler.php index e52549e7..c4fb639c 100644 --- a/src/Exceptions/Handler.php +++ b/src/Exceptions/Handler.php @@ -34,7 +34,9 @@ class Handler */ public function errorHandler($number, $string, $file, $line, $context) { - $this->handle('error', $number, $string, $file, $line, $context); + $trace = array_reverse(debug_backtrace()); + + $this->handle('error', $number, $string, $file, $line, $context, $trace); } /** @@ -59,8 +61,9 @@ class Handler * @param string $file * @param int $line * @param array $context + * @param array $trace */ - protected function handle($type, $number, $string, $file, $line, $context = []) + protected function handle($type, $number, $string, $file, $line, $context = [], $trace = []) { error_log(sprintf('%s: Number: %s, String: %s, File: %s:%u, Context: %s', $type, @@ -71,13 +74,16 @@ class Handler json_encode($context) )); + $file = $this->stripBasePath($file); + if ($this->environment == self::ENV_DEVELOPMENT) { - echo '<pre style="background-color:#333;color:#ccc;z-index:1000;position:absolute;top:1em;padding:1em;width:97%;overflow-y:auto;">'; + echo '<pre style="background-color:#333;color:#ccc;z-index:1000;position:fixed;bottom:1em;padding:1em;width:97%;max-height: 90%;overflow-y:auto;">'; echo sprintf('%s: (%s)' . PHP_EOL, ucfirst($type), $number); var_export([ - 'string' => $string, - 'file' => $file . ':' . $line, - 'context' => ($this->environment == self::ENV_DEVELOPMENT ? $context : null), + 'string' => $string, + 'file' => $file . ':' . $line, + 'context' => $context, + 'stacktrace' => $this->formatStackTrace($trace), ]); echo '</pre>'; die(); @@ -88,6 +94,44 @@ class Handler } /** + * @param array $stackTrace + * @return array + */ + protected function formatStackTrace($stackTrace) + { + $return = []; + + foreach ($stackTrace as $trace) { + $path = ''; + $line = ''; + + if (isset($trace['file']) && isset($trace['line'])) { + $path = $this->stripBasePath($trace['file']); + $line = $trace['line']; + } + + $functionName = $trace['function']; + + $return[] = [ + 'file' => $path . ':' . $line, + $functionName => $trace['args'], + ]; + } + + return $return; + } + + /** + * @param string $path + * @return string + */ + protected function stripBasePath($path) + { + $basePath = realpath(__DIR__ . '/../..') . '/'; + return str_replace($basePath, '', $path); + } + + /** * @param string $environment */ public function setEnvironment($environment) diff --git a/src/Http/Request.php b/src/Http/Request.php index fcfc2600..f0235d45 100644 --- a/src/Http/Request.php +++ b/src/Http/Request.php @@ -3,88 +3,70 @@ namespace Engelsystem\Http; use ErrorException; +use Symfony\Component\HttpFoundation\Request as SymfonyRequest; -class Request +class Request extends SymfonyRequest { /** @var self */ protected static $instance; - /** @var array of POST data */ - protected $request; - - /** @var array of GET data */ - protected $query; - /** - * Initialize request + * Get POST input + * + * @param string $key + * @param mixed $default + * @return mixed */ - public function create() + public function postData($key, $default = null) { - $this->request = $_POST; - $this->query = $_GET; + return $this->request->get($key, $default); } /** - * Get GET input + * Get input data * * @param string $key * @param mixed $default * @return mixed */ - public function get($key, $default = null) + public function input($key, $default = null) { - if (!empty($this->query[$key])) { - return $this->query[$key]; - } - - return $default; + return $this->get($key, $default); } /** - * Get POST input + * Checks if the input exists * * @param string $key - * @param mixed $default - * @return mixed + * @return bool */ - public function post($key, $default = null) + public function has($key) { - if (!empty($this->request[$key])) { - return $this->request[$key]; - } + $value = $this->input($key); - return $default; + return !empty($value); } /** - * Get input data + * Get the requested path * - * @param string $key - * @param mixed $default - * @return mixed + * @return string */ - public function input($key, $default = null) + public function path() { - $data = $this->request + $this->query; + $pattern = trim($this->getPathInfo(), '/'); - if (isset($data[$key])) { - return $data[$key]; - } - - return $default; + return $pattern == '' ? '/' : $pattern; } /** - * Checks if the input exists + * Return the current URL * - * @param string $key - * @return bool + * @return string */ - public function has($key) + public function url() { - $data = $this->request + $this->query; - - return isset($data[$key]); + return rtrim(preg_replace('/\?.*/', '', $this->getUri()), '/'); } /** diff --git a/src/Routing/UrlGenerator.php b/src/Routing/UrlGenerator.php new file mode 100644 index 00000000..8dc464c6 --- /dev/null +++ b/src/Routing/UrlGenerator.php @@ -0,0 +1,27 @@ +<?php + +namespace Engelsystem\Routing; + +use Engelsystem\Http\Request; + +class UrlGenerator +{ + /** + * @param string $path + * @param array $parameters + * @return string + */ + public static function to($path, $parameters = []) + { + $path = '/' . ltrim($path, '/'); + $request = Request::getInstance(); + $uri = $request->getUriForPath($path); + + if (!empty($parameters) && is_array($parameters)) { + $parameters = http_build_query($parameters); + $uri .= '?' . $parameters; + } + + return $uri; + } +} diff --git a/src/helpers.php b/src/helpers.php index d44d1d21..af0e802b 100644 --- a/src/helpers.php +++ b/src/helpers.php @@ -4,6 +4,7 @@ use Engelsystem\Config\Config; use Engelsystem\Http\Request; use Engelsystem\Renderer\Renderer; +use Engelsystem\Routing\UrlGenerator; /** * Get or set config values @@ -56,3 +57,13 @@ function view($template = null, $data = null) return $renderer->render($template, $data); } + +/** + * @param string $path + * @param array $parameters + * @return string + */ +function url($path, $parameters = []) +{ + return UrlGenerator::to($path, $parameters); +} diff --git a/templates/layout.html b/templates/layout.html index 787b4f22..1923124c 100644 --- a/templates/layout.html +++ b/templates/layout.html @@ -22,7 +22,7 @@ <span class="icon-bar"></span> <span class="icon-bar"></span> </button> - <a class="navbar-brand" href="?"><span class="icon-icon_angel"></span> <strong class="visible-lg-inline">ENGELSYSTEM</strong></a> + <a class="navbar-brand" href="%start_page_url%"><span class="icon-icon_angel"></span> <strong class="visible-lg-inline">ENGELSYSTEM</strong></a> </div> <div class="collapse navbar-collapse" id="navbar-collapse-1">%menu% %header_toolbar%</div> </div> @@ -38,7 +38,7 @@ · <a href="%contact_email%"><span class="glyphicon glyphicon-envelope"></span> Contact</a> · <a href="https://github.com/engelsystem/engelsystem/issues">Bugs / Features</a> · <a href="https://github.com/engelsystem/engelsystem/">Development Platform</a> - · <a href="?p=credits">Credits</a> + · <a href="%credits_url%">Credits</a> </div> </div> </div> diff --git a/templates/maintenance.html b/templates/maintenance.html index 3f7dae8a..bd73bd74 100644 --- a/templates/maintenance.html +++ b/templates/maintenance.html @@ -21,7 +21,7 @@ <span class="icon-bar"></span> <span class="icon-bar"></span> </button> - <a class="navbar-brand" href="?"> + <a class="navbar-brand" href="#"> <span class="icon-icon_angel"></span> <strong class="visible-lg-inline">ENGELSYSTEM</strong> </a> </div> |