yolinlin/aowow
1
0
Fork 0
mirror of https://github.com/Sarjuuk/aowow.git synced 2025-11-29 15:58:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

POST/GET

Browse Source 
* unify accessing &_GET and &_POST data
This commit is contained in:
Sarjuuk
2022-03-17 10:14:58 +01:00
parent e092a69175
commit 4972cc0faf
48 changed files with 391 additions and 262 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
includes/ajaxHandler/account.class.php
View File

@@ -7,21 +7,21 @@ class AjaxAccount extends AjaxHandler
{
protected $validParams = ['exclude', 'weightscales', 'favorites'];
protected $_post = array(
'groups' => [FILTER_SANITIZE_NUMBER_INT, null ],
'save' => [FILTER_SANITIZE_NUMBER_INT, null ],
'delete' => [FILTER_SANITIZE_NUMBER_INT, null ],
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdList']],
'name' => [FILTER_CALLBACK, ['options' => 'AjaxAccount::checkName'] ],
'scale' => [FILTER_CALLBACK, ['options' => 'AjaxAccount::checkScale'] ],
'reset' => [FILTER_SANITIZE_NUMBER_INT, null ],
'mode' => [FILTER_SANITIZE_NUMBER_INT, null ],
'type' => [FILTER_SANITIZE_NUMBER_INT, null ],
'add' => [FILTER_SANITIZE_NUMBER_INT, null ],
'remove' => [FILTER_SANITIZE_NUMBER_INT, null ],
// 'sessionKey' => [FILTER_SANITIZE_NUMBER_INT, null ]
'groups' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'save' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'delete' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkIdList'],
'name' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxAccount::checkName' ],
'scale' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxAccount::checkScale' ],
'reset' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'mode' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'type' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'add' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'remove' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
// 'sessionKey' => ['filter' => FILTER_SANITIZE_NUMBER_INT]
);
protected $_get = array(
'locale' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkLocale']]
'locale' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkLocale']
);
public function __construct(array $params)
@@ -177,7 +177,7 @@ class AjaxAccount extends AjaxHandler
{
$var = trim(urldecode($val));
return filter_var($var, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
return filter_var($var, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_AOWOW);
}
}

30
includes/ajaxHandler/admin.class.php
View File

@@ -7,23 +7,23 @@ class AjaxAdmin extends AjaxHandler
{
protected $validParams = ['screenshots', 'siteconfig', 'weight-presets', 'spawn-override'];
protected $_get = array(
'action' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ],
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdListUnsigned']],
'key' => [FILTER_CALLBACK, ['options' => 'AjaxAdmin::checkKey'] ],
'all' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkFulltext'] ],
'type' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt'] ],
'typeid' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt'] ],
'user' => [FILTER_CALLBACK, ['options' => 'AjaxAdmin::checkUser'] ],
'val' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkFulltext'] ],
'guid' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt'] ],
'area' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt'] ],
'floor' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt'] ]
'action' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW ],
'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkIdListUnsigned'],
'key' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxAdmin::checkKey' ],
'all' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkFulltext' ],
'type' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt' ],
'typeid' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt' ],
'user' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxAdmin::checkUser' ],
'val' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkFulltext' ],
'guid' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt' ],
'area' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt' ],
'floor' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt' ]
);
protected $_post = array(
'alt' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW ],
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt']],
'scale' => [FILTER_CALLBACK, ['options' => 'AjaxAdmin::checkScale']],
'__icon' => [FILTER_CALLBACK, ['options' => 'AjaxAdmin::checkKey'] ]
'alt' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW ],
'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt'],
'scale' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxAdmin::checkScale'],
'__icon' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxAdmin::checkKey' ]
);
public function __construct(array $params)

4
includes/ajaxHandler/arenateam.class.php
View File

@@ -7,8 +7,8 @@ class AjaxArenaTeam extends AjaxHandler
{
protected $validParams = ['resync', 'status'];
protected $_get = array(
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdList'] ],
'profile' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkEmptySet']],
'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkIdList' ],
'profile' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkEmptySet'],
);
public function __construct(array $params)

28
includes/ajaxHandler/comment.class.php
View File

@@ -11,23 +11,23 @@ class AjaxComment extends AjaxHandler
const REPLY_LENGTH_MAX = 600;
protected $_post = array(
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdListUnsigned']],
'body' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkFulltext'] ],
'commentbody' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkFulltext'] ],
'response' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW ],
'reason' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW ],
'remove' => [FILTER_SANITIZE_NUMBER_INT, null ],
'commentId' => [FILTER_SANITIZE_NUMBER_INT, null ],
'replyId' => [FILTER_SANITIZE_NUMBER_INT, null ],
'sticky' => [FILTER_SANITIZE_NUMBER_INT, null ],
// 'username' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ]
'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkIdListUnsigned'],
'body' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkFulltext' ],
'commentbody' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkFulltext' ],
'response' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW ],
'reason' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW ],
'remove' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'commentId' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'replyId' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'sticky' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
// 'username' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW ]
);
protected $_get = array(
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt']],
'type' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt']],
'typeid' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt']],
'rating' => [FILTER_SANITIZE_NUMBER_INT, null]
'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt'],
'type' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt'],
'typeid' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt'],
'rating' => ['filter' => FILTER_SANITIZE_NUMBER_INT]
);
public function __construct(array $params)

18
includes/ajaxHandler/contactus.class.php
View File

@@ -6,15 +6,15 @@ if (!defined('AOWOW_REVISION'))
class AjaxContactus extends AjaxHandler
{
protected $_post = array(
'mode' => [FILTER_SANITIZE_NUMBER_INT, null ],
'reason' => [FILTER_SANITIZE_NUMBER_INT, null ],
'ua' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW],
'appname' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW],
'page' => [FILTER_SANITIZE_URL, null ],
'desc' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW],
'id' => [FILTER_SANITIZE_NUMBER_INT, null ],
'relatedurl' => [FILTER_SANITIZE_URL, null ],
'email' => [FILTER_SANITIZE_EMAIL, null ]
'mode' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'reason' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'ua' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'appname' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'page' => ['filter' => FILTER_SANITIZE_URL],
'desc' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'id' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'relatedurl' => ['filter' => FILTER_SANITIZE_URL],
'email' => ['filter' => FILTER_SANITIZE_EMAIL]
);
public function __construct(array $params)

2
includes/ajaxHandler/cookie.class.php
View File

@@ -12,7 +12,7 @@ class AjaxCookie extends AjaxHandler
return;
$this->_get = array(
$params[0] => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH],
$params[0] => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
);
// NOW we know, what to expect and sanitize

12
includes/ajaxHandler/data.class.php
View File

@@ -6,12 +6,12 @@ if (!defined('AOWOW_REVISION'))
class AjaxData extends AjaxHandler
{
protected $_get = array(
'locale' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkLocale'] ],
't' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH],
'catg' => [FILTER_SANITIZE_NUMBER_INT, null ],
'skill' => [FILTER_CALLBACK, ['options' => 'AjaxData::checkSkill'] ],
'class' => [FILTER_SANITIZE_NUMBER_INT, null ],
'callback' => [FILTER_CALLBACK, ['options' => 'AjaxData::checkCallback'] ]
'locale' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkLocale'],
't' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW ],
'catg' => ['filter' => FILTER_SANITIZE_NUMBER_INT ],
'skill' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxData::checkSkill' ],
'class' => ['filter' => FILTER_SANITIZE_NUMBER_INT ],
'callback' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxData::checkCallback' ]
);
public function __construct(array $params)

2
includes/ajaxHandler/gotocomment.class.php
View File

@@ -6,7 +6,7 @@ if (!defined('AOWOW_REVISION'))
class AjaxGotocomment extends AjaxHandler
{
protected $_get = array(
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt']]
'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt']
);
public function __construct(array $params)

4
includes/ajaxHandler/guild.class.php
View File

@@ -7,8 +7,8 @@ class AjaxGuild extends AjaxHandler
{
protected $validParams = ['resync', 'status'];
protected $_get = array(
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdList'] ],
'profile' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkEmptySet']],
'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkIdList' ],
'profile' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkEmptySet'],
);
public function __construct(array $params)

2
includes/ajaxHandler/locale.class.php
View File

@@ -6,7 +6,7 @@ if (!defined('AOWOW_REVISION'))
class AjaxLocale extends AjaxHandler
{
protected $_get = array(
'locale' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkLocale']]
'locale' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkLocale']
);
public function __construct(array $params)

54
includes/ajaxHandler/profile.class.php
View File

@@ -9,36 +9,36 @@ class AjaxProfile extends AjaxHandler
protected $validParams = ['link', 'unlink', 'pin', 'unpin', 'public', 'private', 'avatar', 'resync', 'status', 'save', 'delete', 'purge', 'summary', 'load'];
protected $_get = array(
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdList'] ],
'items' => [FILTER_CALLBACK, ['options' => 'AjaxProfile::checkItemList'] ],
'size' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH],
'guild' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkEmptySet'] ],
'arena-team' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkEmptySet'] ],
'user' => [FILTER_CALLBACK, ['options' => 'AjaxProfile::checkUser'] ]
'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkIdList' ],
'items' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxProfile::checkItemList'],
'size' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW ],
'guild' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkEmptySet'],
'arena-team' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkEmptySet'],
'user' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxProfile::checkUser' ]
);
protected $_post = array(
'name' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkFulltext'] ],
'level' => [FILTER_SANITIZE_NUMBER_INT, null ],
'class' => [FILTER_SANITIZE_NUMBER_INT, null ],
'race' => [FILTER_SANITIZE_NUMBER_INT, null ],
'gender' => [FILTER_SANITIZE_NUMBER_INT, null ],
'nomodel' => [FILTER_SANITIZE_NUMBER_INT, null ],
'talenttree1' => [FILTER_SANITIZE_NUMBER_INT, null ],
'talenttree2' => [FILTER_SANITIZE_NUMBER_INT, null ],
'talenttree3' => [FILTER_SANITIZE_NUMBER_INT, null ],
'activespec' => [FILTER_SANITIZE_NUMBER_INT, null ],
'talentbuild1' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ],
'glyphs1' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ],
'talentbuild2' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ],
'glyphs2' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ],
'icon' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ],
'description' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkFulltext'] ],
'source' => [FILTER_SANITIZE_NUMBER_INT, null ],
'copy' => [FILTER_SANITIZE_NUMBER_INT, null ],
'public' => [FILTER_SANITIZE_NUMBER_INT, null ],
'gearscore' => [FILTER_SANITIZE_NUMBER_INT, null ],
'inv' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdListUnsigned', 'flags' => FILTER_REQUIRE_ARRAY]],
'name' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkFulltext'],
'level' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'class' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'race' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'gender' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'nomodel' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'talenttree1' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'talenttree2' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'talenttree3' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'activespec' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'talentbuild1' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'glyphs1' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'talentbuild2' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'glyphs2' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'icon' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'description' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkFulltext'],
'source' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'copy' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'public' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'gearscore' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'inv' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkIdListUnsigned', 'flags' => FILTER_REQUIRE_ARRAY],
);
public function __construct(array $params)