diff options
Diffstat (limited to 'includes')
-rw-r--r-- | includes/controller/angeltypes_controller.php | 2 | ||||
-rw-r--r-- | includes/controller/shift_entries_controller.php | 2 | ||||
-rw-r--r-- | includes/controller/shifts_controller.php | 25 | ||||
-rw-r--r-- | includes/controller/users_controller.php | 12 | ||||
-rw-r--r-- | includes/engelsystem_provider.php | 5 | ||||
-rw-r--r-- | includes/helper/internationalization_helper.php | 14 | ||||
-rw-r--r-- | includes/pages/admin_groups.php | 5 | ||||
-rw-r--r-- | includes/pages/admin_news.php | 7 | ||||
-rw-r--r-- | includes/pages/admin_rooms.php | 13 | ||||
-rw-r--r-- | includes/pages/admin_shifts.php | 10 | ||||
-rw-r--r-- | includes/pages/admin_user.php | 40 | ||||
-rw-r--r-- | includes/pages/guest_login.php | 8 | ||||
-rw-r--r-- | includes/pages/user_atom.php | 17 | ||||
-rw-r--r-- | includes/pages/user_news.php | 10 | ||||
-rw-r--r-- | includes/pages/user_settings.php | 8 | ||||
-rw-r--r-- | includes/pages/user_shifts.php | 4 | ||||
-rw-r--r-- | includes/sys_form.php | 9 | ||||
-rw-r--r-- | includes/sys_menu.php | 18 | ||||
-rw-r--r-- | includes/sys_page.php | 14 |
19 files changed, 117 insertions, 106 deletions
diff --git a/includes/controller/angeltypes_controller.php b/includes/controller/angeltypes_controller.php index d60b6fc7..8c1cbe5d 100644 --- a/includes/controller/angeltypes_controller.php +++ b/includes/controller/angeltypes_controller.php @@ -127,7 +127,7 @@ function angeltype_edit_controller() if (!$supporter_mode) { if ($request->has('name')) { - $result = AngelType_validate_name($request->get('name'), $angeltype); + $result = AngelType_validate_name($request->postData('name'), $angeltype); $angeltype['name'] = $result->getValue(); if (!$result->isValid()) { $valid = false; diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php index 38aad5bb..3890241d 100644 --- a/includes/controller/shift_entries_controller.php +++ b/includes/controller/shift_entries_controller.php @@ -27,10 +27,10 @@ function shift_entry_add_controller() } $shift = Shift($shift_id); - $shift['Name'] = $room_array[$shift['RID']]; if ($shift == null) { redirect(page_link_to('user_shifts')); } + $shift['Name'] = $room_array[$shift['RID']]; $type_id = 0; if ($request->has('type_id') && preg_match('/^\d*$/', $request->input('type_id'))) { diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php index f4f3f119..f68f64fe 100644 --- a/includes/controller/shifts_controller.php +++ b/includes/controller/shifts_controller.php @@ -62,7 +62,7 @@ function shift_edit_controller() $angeltypes = select_array(AngelTypes(), 'id', 'name'); $shifttypes = select_array(ShiftTypes(), 'id', 'name'); - $needed_angel_types = select_array(NeededAngelTypes_by_shift($shift_id), 'id', 'count'); + $needed_angel_types = select_array(NeededAngelTypes_by_shift($shift_id), 'angel_type_id', 'count'); foreach (array_keys($angeltypes) as $angeltype_id) { if (!isset($needed_angel_types[$angeltype_id])) { $needed_angel_types[$angeltype_id] = 0; @@ -117,15 +117,20 @@ function shift_edit_controller() $msg .= error(_('The ending time has to be after the starting time.'), true); } - foreach ($needed_angel_types as $needed_angeltype_id => $needed_angeltype_name) { - if ($request->has('type_' . $needed_angeltype_id) && test_request_int('type_' . $needed_angeltype_id)) { - $needed_angel_types[$needed_angeltype_id] = trim($request->input('type_' . $needed_angeltype_id)); - } else { - $valid = false; - $msg .= error(sprintf( - _('Please check your input for needed angels of type %s.'), - $needed_angeltype_name - ), true); + foreach ($needed_angel_types as $needed_angeltype_id => $count) { + $needed_angel_types[$needed_angeltype_id] = 0; + + $queryKey = 'type_' . $needed_angeltype_id; + if ($request->has($queryKey)) { + if (test_request_int($queryKey)) { + $needed_angel_types[$needed_angeltype_id] = trim($request->input($queryKey)); + } else { + $valid = false; + $msg .= error(sprintf( + _('Please check your input for needed angels of type %s.'), + $angeltypes[$needed_angeltype_id] + ), true); + } } } diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 6dc74d68..b8a1fdbd 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -47,7 +47,7 @@ function user_delete_controller() $request = request(); if ($request->has('user_id')) { - $user_source = User($request->get('user_id')); + $user_source = User($request->query->get('user_id')); } else { $user_source = $user; } @@ -68,7 +68,7 @@ function user_delete_controller() if ( !( $request->has('password') - && verify_password($request->post('password'), $user['Passwort'], $user['UID']) + && verify_password($request->postData('password'), $user['Passwort'], $user['UID']) ) ) { $valid = false; @@ -307,9 +307,9 @@ function user_password_recovery_set_new_controller() if ( $request->has('password') - && strlen($request->post('password')) >= config('min_password_length') + && strlen($request->postData('password')) >= config('min_password_length') ) { - if ($request->post('password') != $request->post('password2')) { + if ($request->postData('password') != $request->postData('password2')) { $valid = false; error(_('Your passwords don\'t match.')); } @@ -319,7 +319,7 @@ function user_password_recovery_set_new_controller() } if ($valid) { - set_password($user_source['UID'], $request->post('password')); + set_password($user_source['UID'], $request->postData('password')); success(_('Password saved.')); redirect(page_link_to('login')); } @@ -363,7 +363,7 @@ function user_password_recovery_start_controller() _('Password recovery'), sprintf( _('Please visit %s to recover your password.'), - page_link_to_absolute('user_password_recovery', ['token' => $token]) + page_link_to('user_password_recovery', ['token' => $token]) ) ); success(_('We sent an email containing your password recovery link.')); diff --git a/includes/engelsystem_provider.php b/includes/engelsystem_provider.php index c065d332..e6b457d9 100644 --- a/includes/engelsystem_provider.php +++ b/includes/engelsystem_provider.php @@ -32,9 +32,10 @@ date_default_timezone_set($config->get('timezone')); /** * Initialize Request + * + * @var Request $request */ -$request = new Request(); -$request->create($_GET, $_POST, $_SERVER, config('url')); +$request = Request::createFromGlobals(); $request::setInstance($request); /** diff --git a/includes/helper/internationalization_helper.php b/includes/helper/internationalization_helper.php index d2dbcdbd..83faabb0 100644 --- a/includes/helper/internationalization_helper.php +++ b/includes/helper/internationalization_helper.php @@ -1,5 +1,7 @@ <?php +use Engelsystem\Http\Request; + /** * Return currently active locale * @@ -62,14 +64,20 @@ function gettext_locale($locale = null) */ function make_langselect() { - $url = $_SERVER['REQUEST_URI'] . (strpos($_SERVER['REQUEST_URI'], '?') > 0 ? '&' : '?') . 'set_locale='; + $request = Request::getInstance(); $items = []; foreach (config('locales') as $locale => $name) { + $url = url($request->getPathInfo(), ['set_locale' => $locale]); + $items[] = toolbar_item_link( - htmlspecialchars($url) . $locale, + htmlspecialchars($url), '', - '<img src="pic/flag/' . $locale . '.png" alt="' . $name . '" title="' . $name . '"> ' . $name + sprintf( + '<img src="%s" alt="%s" title="%2$s"> %2$s', + url('pic/flag/' . $locale . '.png'), + $name + ) ); } return $items; diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index d64afe76..1de8bfb7 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -81,7 +81,8 @@ function admin_groups() 'privileges[]', $privilege['desc'] . ' (' . $privilege['name'] . ')', $privilege['group_id'] != '', - $privilege['id'] + $privilege['id'], + 'privilege-' . $privilege['name'] ); $privileges_html .= sprintf( '<tr><td><input type="checkbox" name="privileges[]" value="%s" %s /></td> <td>%s</td> <td>%s</td></tr>', @@ -112,7 +113,7 @@ function admin_groups() } $group = DB::select('SELECT * FROM `Groups` WHERE `UID`=? LIMIT 1', [$group_id]); - $privileges = $request->get('privileges'); + $privileges = $request->postData('privileges'); if (!is_array($privileges)) { $privileges = []; } diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index a5354da7..64a54f4b 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -62,14 +62,15 @@ function admin_news() ', [ time(), - $request->post('eBetreff'), - $request->post('eText'), + $request->postData('eBetreff'), + $request->postData('eText'), $user['UID'], $request->has('eTreffen') ? 1 : 0, $news_id ] ); - engelsystem_log('News updated: ' . $request->post('eBetreff')); + + engelsystem_log('News updated: ' . $request->postData('eBetreff')); success(_('News entry updated.')); redirect(page_link_to('news')); break; diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php index 8a7720d8..457114a0 100644 --- a/includes/pages/admin_rooms.php +++ b/includes/pages/admin_rooms.php @@ -110,11 +110,14 @@ function admin_rooms() } foreach ($angeltypes as $angeltype_id => $angeltype) { - if ( - $request->has('angeltype_count_' . $angeltype_id) - && preg_match('/^\d{1,4}$/', $request->input('angeltype_count_' . $angeltype_id)) - ) { - $angeltypes_count[$angeltype_id] = $request->input('angeltype_count_' . $angeltype_id); + $angeltypes_count[$angeltype_id] = 0; + $queryKey = 'angeltype_count_' . $angeltype_id; + if (!$request->has($queryKey)) { + continue; + } + + if (preg_match('/^\d{1,4}$/', $request->input($queryKey))) { + $angeltypes_count[$angeltype_id] = $request->input($queryKey); } else { $valid = false; $msg .= error(sprintf(_('Please enter needed angels for type %s.'), $angeltype), true); diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index 5b53f9cd..d36635f7 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -135,16 +135,14 @@ function admin_shifts() } elseif ($request->input('angelmode') == 'manually') { $angelmode = 'manually'; foreach ($types as $type) { - if ( - $request->has('type_' . $type['id']) - && preg_match('/^\d+$/', trim($request->input('type_' . $type['id']))) - ) { - $needed_angel_types[$type['id']] = trim($request->input('type_' . $type['id'])); + if (preg_match('/^\d+$/', trim($request->input('type_' . $type['id'], 0)))) { + $needed_angel_types[$type['id']] = trim($request->input('type_' . $type['id'], 0)); } else { $valid = false; error(sprintf(_('Please check the needed angels for team %s.'), $type['name'])); } } + if (array_sum($needed_angel_types) == 0) { $valid = false; error(_('There are 0 angels needed. Please enter the amounts of needed angels.')); @@ -306,7 +304,7 @@ function admin_shifts() } } elseif ($request->has('submit')) { if ( - !$request->has('admin_shifts_shifts') + !isset($_SESSION['admin_shifts_shifts']) || !isset($_SESSION['admin_shifts_types']) || !is_array($_SESSION['admin_shifts_shifts']) || !is_array($_SESSION['admin_shifts_types']) diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 00113507..aea68f52 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -261,7 +261,7 @@ function admin_user() `Handy` = ?, `Alter` =?, `DECT` = ?, - ' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($request->post('eemail')) . ',' : '') . ' + ' . ($user_source['email_by_human_allowed'] ? '`email` = ' . DB::getPdo()->quote($request->postData('eemail')) . ',' : '') . ' `jabber` = ?, `Size` = ?, `Gekommen`= ?, @@ -272,34 +272,34 @@ function admin_user() WHERE `UID` = ? LIMIT 1'; DB::update($sql, [ - $request->post('eNick'), - $request->post('eName'), - $request->post('eVorname'), - $request->post('eTelefon'), - $request->post('eHandy'), - $request->post('eAlter'), - $request->post('eDECT'), - $request->post('ejabber'), - $request->post('eSize'), - $request->post('eGekommen'), - $request->post('eAktiv'), + $request->postData('eNick'), + $request->postData('eName'), + $request->postData('eVorname'), + $request->postData('eTelefon'), + $request->postData('eHandy'), + $request->postData('eAlter'), + $request->postData('eDECT'), + $request->postData('ejabber'), + $request->postData('eSize'), + $request->postData('eGekommen'), + $request->postData('eAktiv'), $force_active, - $request->post('eTshirt'), - $request->post('Hometown'), + $request->postData('eTshirt'), + $request->postData('Hometown'), $user_id, ]); engelsystem_log( - 'Updated user: ' . $request->post('eNick') . ', ' . $request->post('eSize') - . ', arrived: ' . $request->post('eVorname') - . ', active: ' . $request->post('eAktiv') - . ', tshirt: ' . $request->post('eTshirt') + 'Updated user: ' . $request->postData('eNick') . ', ' . $request->postData('eSize') + . ', arrived: ' . $request->postData('eVorname') + . ', active: ' . $request->postData('eAktiv') + . ', tshirt: ' . $request->postData('eTshirt') ); $html .= success('Ă„nderung wurde gespeichert...' . "\n", true); break; case 'change_pw': - if ($request->post('new_pw') != '' && $request->post('new_pw') == $request->post('new_pw2')) { - set_password($user_id, $request->post('new_pw')); + if ($request->postData('new_pw') != '' && $request->postData('new_pw') == $request->postData('new_pw2')) { + set_password($user_id, $request->postData('new_pw')); $user_source = User($user_id); engelsystem_log('Set new password for ' . User_Nick_render($user_source)); $html .= success('Passwort neu gesetzt.', true); diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index b83b8382..3966b55c 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -127,8 +127,8 @@ function guest_register() } } - if ($request->has('password') && strlen($request->post('password')) >= $min_password_length) { - if ($request->post('password') != $request->post('password2')) { + if ($request->has('password') && strlen($request->postData('password')) >= $min_password_length) { + if ($request->postData('password') != $request->postData('password2')) { $valid = false; $msg .= error(_('Your passwords don\'t match.'), true); } @@ -234,7 +234,7 @@ function guest_register() // Assign user-group and set password $user_id = DB::getPdo()->lastInsertId(); DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -2)', [$user_id]); - set_password($user_id, $request->post('password')); + set_password($user_id, $request->postData('password')); // Assign angel-types $user_angel_types_info = []; @@ -403,7 +403,7 @@ function guest_login() if (count($login_user) > 0) { $login_user = $login_user[0]; if ($request->has('password')) { - if (!verify_password($request->post('password'), $login_user['Passwort'], $login_user['UID'])) { + if (!verify_password($request->postData('password'), $login_user['Passwort'], $login_user['UID'])) { $valid = false; error(_('Your password is incorrect. Please try it again.')); } diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php index 98ace9cc..2991bdbf 100644 --- a/includes/pages/user_atom.php +++ b/includes/pages/user_atom.php @@ -1,6 +1,7 @@ <?php use Engelsystem\Database\DB; +use Engelsystem\Http\Request; /** * Publically available page to feed the news to feed readers @@ -44,14 +45,15 @@ function user_atom() */ function make_atom_entries_from_news($news_entries) { + $request = Request::getInstance(); $html = '<?xml version="1.0" encoding="utf-8"?> <feed xmlns="http://www.w3.org/2005/Atom"> <title>Engelsystem</title> - <id>' . $_SERVER['HTTP_HOST'] + <id>' . $request->getHttpHost() . htmlspecialchars(preg_replace( '#[&?]key=[a-f\d]{32}#', '', - $_SERVER['REQUEST_URI'] + $request->getRequestUri() )) . '</id> <updated>' . date('Y-m-d\TH:i:sP', $news_entries[0]['Datum']) . '</updated>' . "\n"; @@ -64,11 +66,12 @@ function make_atom_entries_from_news($news_entries) function make_atom_entry_from_news($news_entry) { - return ' <entry> + return ' + <entry> <title>' . htmlspecialchars($news_entry['Betreff']) . '</title> - <link href="' . page_link_to_absolute('news_comments', ['nid' => $news_entry['ID']]) . '"/> - <id>' . preg_replace('#^https?://#', '', page_link_to_absolute('news')) . '-' . $news_entry['ID'] . '</id> - <updated>' . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . '</updated> + <link href="' . page_link_to('news_comments', ['nid' => $news_entry['ID']]) . '"/> + <id>' . preg_replace('#^https?://#', '', page_link_to('news_comments', ['nid' => $news_entry['ID']])) . '</id> + <updated>' . date('Y-m-d\TH:i:sP', $news_entry['Datum']) . '</updated> <summary>' . htmlspecialchars($news_entry['Text']) . '</summary> - </entry>' . "\n"; + </entry>' . "\n"; } diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index 2dd141ec..bdbb0645 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -186,9 +186,9 @@ function user_news() $html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg(); - $isMeeting = $request->post('treffen'); + $isMeeting = $request->postData('treffen'); if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) { - if (!$request->has('treffen') || !in_array('admin_news', $privileges)) { + if (!$request->has('treffen')) { $isMeeting = 0; } DB::insert(' @@ -197,13 +197,13 @@ function user_news() ', [ time(), - $request->post('betreff'), - $request->post('text'), + $request->postData('betreff'), + $request->postData('text'), $user['UID'], $isMeeting, ] ); - engelsystem_log('Created news: ' . $_POST['betreff'] . ', treffen: ' . $isMeeting); + engelsystem_log('Created news: ' . $request->postData('betreff') . ', treffen: ' . $isMeeting); success(_('Entry saved.')); redirect(page_link_to('news')); } diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index 667e73d9..9a43f5ce 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -101,14 +101,14 @@ function user_settings_password($user_source) $request = request(); if ( !$request->has('password') - || !verify_password($request->post('password'), $user_source['Passwort'], $user_source['UID']) + || !verify_password($request->postData('password'), $user_source['Passwort'], $user_source['UID']) ) { error(_('-> not OK. Please try again.')); - } elseif (strlen($request->post('new_password')) < config('min_password_length')) { + } elseif (strlen($request->postData('new_password')) < config('min_password_length')) { error(_('Your password is to short (please use at least 6 characters).')); - } elseif ($request->post('new_password') != $request->post('new_password2')) { + } elseif ($request->postData('new_password') != $request->postData('new_password2')) { error(_('Your passwords don\'t match.')); - } elseif (set_password($user_source['UID'], $request->post('new_password'))) { + } elseif (set_password($user_source['UID'], $request->postData('new_password'))) { success(_('Password saved.')); } else { error(_('Failed setting password.')); diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index cd18a037..db0bb193 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -229,8 +229,8 @@ function view_user_shifts() 'shifts_table' => msg() . $shiftCalendarRenderer->render(), 'ical_text' => '<h2>' . _('iCal export') . '</h2><p>' . sprintf( _('Export of shown shifts. <a href="%s">iCal format</a> or <a href="%s">JSON format</a> available (please keep secret, otherwise <a href="%s">reset the api key</a>).'), - page_link_to_absolute('ical', ['key' => $user['api_key']]), - page_link_to_absolute('shifts_json_export', ['key' => $user['api_key']]), + page_link_to('ical', ['key' => $user['api_key']]), + page_link_to('shifts_json_export', ['key' => $user['api_key']]), page_link_to('user_myshifts', ['reset' => 1]) ) . '</p>', 'filter' => _('Filter') diff --git a/includes/sys_form.php b/includes/sys_form.php index 936e3203..78e97792 100644 --- a/includes/sys_form.php +++ b/includes/sys_form.php @@ -144,10 +144,15 @@ function form_multi_checkboxes($names, $label, $items, $selected, $disabled = [] * @param string $label * @param string $selected * @param string $value + * @param string $id * @return string */ -function form_checkbox($name, $label, $selected, $value = 'checked') +function form_checkbox($name, $label, $selected, $value = 'checked', $id = null) { + if (is_null($id)) { + $id = $name; + } + return '<div class="checkbox"><label>' . '<input type="checkbox" id="' . $name . '" name="' . $name . '" value="' . $value . '" ' . ($selected ? ' checked="checked"' : '') . ' /> ' @@ -374,7 +379,7 @@ function form_element($label, $input, $for = '') */ function form($elements, $action = '') { - return '<form role="form" action="' . $action . '" enctype="multipart/form-data" method="post">' . join($elements) . '</form>'; + return '<form action="' . $action . '" enctype="multipart/form-data" method="post">' . join($elements) . '</form>'; } /** diff --git a/includes/sys_menu.php b/includes/sys_menu.php index f809be0b..2eaa1234 100644 --- a/includes/sys_menu.php +++ b/includes/sys_menu.php @@ -9,24 +9,8 @@ use Engelsystem\UserHintsRenderer; */ function page_link_to($page = '', $parameters = []) { - $parameters = http_build_query($parameters); - $page = ltrim($page, '/'); $page = str_replace('_', '-', $page); - return '/' . $page . (!empty($parameters) ? '?' . $parameters : ''); -} - -/** - * @TODO: remove? - * @param string $page - * @param array $parameters get parameters - * @return string - */ -function page_link_to_absolute($page, $parameters = []) -{ - return (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' - . $_SERVER['HTTP_HOST'] - . preg_replace("/\?.*$/", '', $_SERVER['REQUEST_URI']) - . page_link_to($page, $parameters); + return url($page, $parameters); } /** diff --git a/includes/sys_page.php b/includes/sys_page.php index 501106ff..df57d08a 100644 --- a/includes/sys_page.php +++ b/includes/sys_page.php @@ -1,4 +1,5 @@ <?php + use Engelsystem\ValidationResult; /** @@ -168,11 +169,8 @@ function strip_request_item($name, $default_value = null) */ function test_request_int($name) { - $request = request(); - if ($request->has($name)) { - return preg_match('/^\d*$/', $request->input($name)); - } - return false; + $input = request()->input($name); + return preg_match('/^\d*$/', $input); } /** @@ -186,7 +184,11 @@ function strip_request_item_nl($name, $default_value = null) { $request = request(); if ($request->has($name)) { - return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", '', strip_tags($request->get($name))); + return preg_replace( + "/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui", + '', + strip_tags($request->input($name)) + ); } return $default_value; } |