yolinlin/aowow
1
0
Fork 0
mirror of https://github.com/Sarjuuk/aowow.git synced 2025-11-29 15:58:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

POST/GET

Browse Source 
* unify accessing &_GET and &_POST data
This commit is contained in:
Sarjuuk
2022-03-17 10:14:58 +01:00
parent e092a69175
commit 4972cc0faf
48 changed files with 391 additions and 262 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
includes/ajaxHandler.class.php
View File

@@ -6,26 +6,21 @@ if (!defined('AOWOW_REVISION'))
class AjaxHandler class AjaxHandler
{ {
use TrRequestData;
protected $validParams = []; protected $validParams = [];
protected $params = []; protected $params = [];
protected $handler; protected $handler;
protected $contentType = MIME_TYPE_JSON; protected $contentType = MIME_TYPE_JSON;
protected $_post = [];
protected $_get = [];
public $doRedirect = false; public $doRedirect = false;
public function __construct(array $params) public function __construct(array $params)
{ {
$this->params = $params; $this->params = $params;
foreach ($this->_post as $k => &$v) $this->initRequestData();
$v = isset($_POST[$k]) ? filter_input(INPUT_POST, $k, $v[0], $v[1]) : null;
foreach ($this->_get as $k => &$v)
$v = isset($_GET[$k]) ? filter_input(INPUT_GET, $k, $v[0], $v[1]) : null;
} }
public function handle(string &$out) : bool public function handle(string &$out) : bool
@@ -72,48 +67,5 @@ class AjaxHandler
return true; return true;
} }
protected static function checkEmptySet(string $val) : bool
{
return $val === ''; // parameter is expected to be empty
}
protected static function checkLocale(string $val) : int
{
if (preg_match('/^'.implode('|', array_keys(array_filter(Util::$localeStrings))).'$/', $val))
return intVal($val);
return -1;
}
protected static function checkInt(string $val) : int
{
if (preg_match('/^-?\d+$/', $val))
return intVal($val);
return 0;
}
protected static function checkIdList(string $val) : array
{
if (preg_match('/^-?\d+(,-?\d+)*$/', $val))
return array_map('intVal', explode(',', $val));
return [];
}
protected static function checkIdListUnsigned(string $val) : array
{
if (preg_match('/\d+(,\d+)*/', $val))
return array_map('intVal', explode(',', $val));
return [];
}
protected static function checkFulltext(string $val) : string
{
// trim non-printable chars
return preg_replace('/[\p{Cf}\p{Co}\p{Cs}\p{Cn}]/ui', '', $val);
}
} }
?> ?>

28
includes/ajaxHandler/account.class.php
View File

@@ -7,21 +7,21 @@ class AjaxAccount extends AjaxHandler
{ {
protected $validParams = ['exclude', 'weightscales', 'favorites']; protected $validParams = ['exclude', 'weightscales', 'favorites'];
protected $_post = array( protected $_post = array(
'groups' => [FILTER_SANITIZE_NUMBER_INT, null ], 'groups' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'save' => [FILTER_SANITIZE_NUMBER_INT, null ], 'save' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'delete' => [FILTER_SANITIZE_NUMBER_INT, null ], 'delete' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdList']], 'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkIdList'],
'name' => [FILTER_CALLBACK, ['options' => 'AjaxAccount::checkName'] ], 'name' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxAccount::checkName' ],
'scale' => [FILTER_CALLBACK, ['options' => 'AjaxAccount::checkScale'] ], 'scale' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxAccount::checkScale' ],
'reset' => [FILTER_SANITIZE_NUMBER_INT, null ], 'reset' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'mode' => [FILTER_SANITIZE_NUMBER_INT, null ], 'mode' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'type' => [FILTER_SANITIZE_NUMBER_INT, null ], 'type' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'add' => [FILTER_SANITIZE_NUMBER_INT, null ], 'add' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'remove' => [FILTER_SANITIZE_NUMBER_INT, null ], 'remove' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
// 'sessionKey' => [FILTER_SANITIZE_NUMBER_INT, null ] // 'sessionKey' => ['filter' => FILTER_SANITIZE_NUMBER_INT]
); );
protected $_get = array( protected $_get = array(
'locale' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkLocale']] 'locale' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkLocale']
); );
public function __construct(array $params) public function __construct(array $params)
@@ -177,7 +177,7 @@ class AjaxAccount extends AjaxHandler
{ {
$var = trim(urldecode($val)); $var = trim(urldecode($val));
return filter_var($var, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); return filter_var($var, FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_AOWOW);
} }
} }

30
includes/ajaxHandler/admin.class.php
View File

@@ -7,23 +7,23 @@ class AjaxAdmin extends AjaxHandler
{ {
protected $validParams = ['screenshots', 'siteconfig', 'weight-presets', 'spawn-override']; protected $validParams = ['screenshots', 'siteconfig', 'weight-presets', 'spawn-override'];
protected $_get = array( protected $_get = array(
'action' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ], 'action' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW ],
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdListUnsigned']], 'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkIdListUnsigned'],
'key' => [FILTER_CALLBACK, ['options' => 'AjaxAdmin::checkKey'] ], 'key' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxAdmin::checkKey' ],
'all' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkFulltext'] ], 'all' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkFulltext' ],
'type' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt'] ], 'type' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt' ],
'typeid' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt'] ], 'typeid' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt' ],
'user' => [FILTER_CALLBACK, ['options' => 'AjaxAdmin::checkUser'] ], 'user' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxAdmin::checkUser' ],
'val' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkFulltext'] ], 'val' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkFulltext' ],
'guid' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt'] ], 'guid' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt' ],
'area' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt'] ], 'area' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt' ],
'floor' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt'] ] 'floor' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt' ]
); );
protected $_post = array( protected $_post = array(
'alt' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW ], 'alt' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW ],
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt']], 'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt'],
'scale' => [FILTER_CALLBACK, ['options' => 'AjaxAdmin::checkScale']], 'scale' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxAdmin::checkScale'],
'__icon' => [FILTER_CALLBACK, ['options' => 'AjaxAdmin::checkKey'] ] '__icon' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxAdmin::checkKey' ]
); );
public function __construct(array $params) public function __construct(array $params)

4
includes/ajaxHandler/arenateam.class.php
View File

@@ -7,8 +7,8 @@ class AjaxArenaTeam extends AjaxHandler
{ {
protected $validParams = ['resync', 'status']; protected $validParams = ['resync', 'status'];
protected $_get = array( protected $_get = array(
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdList'] ], 'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkIdList' ],
'profile' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkEmptySet']], 'profile' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkEmptySet'],
); );
public function __construct(array $params) public function __construct(array $params)

28
includes/ajaxHandler/comment.class.php
View File

@@ -11,23 +11,23 @@ class AjaxComment extends AjaxHandler
const REPLY_LENGTH_MAX = 600; const REPLY_LENGTH_MAX = 600;
protected $_post = array( protected $_post = array(
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdListUnsigned']], 'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkIdListUnsigned'],
'body' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkFulltext'] ], 'body' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkFulltext' ],
'commentbody' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkFulltext'] ], 'commentbody' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkFulltext' ],
'response' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW ], 'response' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW ],
'reason' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW ], 'reason' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW ],
'remove' => [FILTER_SANITIZE_NUMBER_INT, null ], 'remove' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'commentId' => [FILTER_SANITIZE_NUMBER_INT, null ], 'commentId' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'replyId' => [FILTER_SANITIZE_NUMBER_INT, null ], 'replyId' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'sticky' => [FILTER_SANITIZE_NUMBER_INT, null ], 'sticky' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
// 'username' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ] // 'username' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW ]
); );
protected $_get = array( protected $_get = array(
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt']], 'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt'],
'type' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt']], 'type' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt'],
'typeid' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt']], 'typeid' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt'],
'rating' => [FILTER_SANITIZE_NUMBER_INT, null] 'rating' => ['filter' => FILTER_SANITIZE_NUMBER_INT]
); );
public function __construct(array $params) public function __construct(array $params)

18
includes/ajaxHandler/contactus.class.php
View File

@@ -6,15 +6,15 @@ if (!defined('AOWOW_REVISION'))
class AjaxContactus extends AjaxHandler class AjaxContactus extends AjaxHandler
{ {
protected $_post = array( protected $_post = array(
'mode' => [FILTER_SANITIZE_NUMBER_INT, null ], 'mode' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'reason' => [FILTER_SANITIZE_NUMBER_INT, null ], 'reason' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'ua' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW], 'ua' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'appname' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW], 'appname' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'page' => [FILTER_SANITIZE_URL, null ], 'page' => ['filter' => FILTER_SANITIZE_URL],
'desc' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW], 'desc' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'id' => [FILTER_SANITIZE_NUMBER_INT, null ], 'id' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'relatedurl' => [FILTER_SANITIZE_URL, null ], 'relatedurl' => ['filter' => FILTER_SANITIZE_URL],
'email' => [FILTER_SANITIZE_EMAIL, null ] 'email' => ['filter' => FILTER_SANITIZE_EMAIL]
); );
public function __construct(array $params) public function __construct(array $params)

2
includes/ajaxHandler/cookie.class.php
View File

@@ -12,7 +12,7 @@ class AjaxCookie extends AjaxHandler
return; return;
$this->_get = array( $this->_get = array(
$params[0] => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH], $params[0] => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
); );
// NOW we know, what to expect and sanitize // NOW we know, what to expect and sanitize

12
includes/ajaxHandler/data.class.php
View File

@@ -6,12 +6,12 @@ if (!defined('AOWOW_REVISION'))
class AjaxData extends AjaxHandler class AjaxData extends AjaxHandler
{ {
protected $_get = array( protected $_get = array(
'locale' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkLocale'] ], 'locale' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkLocale'],
't' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH], 't' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW ],
'catg' => [FILTER_SANITIZE_NUMBER_INT, null ], 'catg' => ['filter' => FILTER_SANITIZE_NUMBER_INT ],
'skill' => [FILTER_CALLBACK, ['options' => 'AjaxData::checkSkill'] ], 'skill' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxData::checkSkill' ],
'class' => [FILTER_SANITIZE_NUMBER_INT, null ], 'class' => ['filter' => FILTER_SANITIZE_NUMBER_INT ],
'callback' => [FILTER_CALLBACK, ['options' => 'AjaxData::checkCallback'] ] 'callback' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxData::checkCallback' ]
); );
public function __construct(array $params) public function __construct(array $params)

2
includes/ajaxHandler/gotocomment.class.php
View File

@@ -6,7 +6,7 @@ if (!defined('AOWOW_REVISION'))
class AjaxGotocomment extends AjaxHandler class AjaxGotocomment extends AjaxHandler
{ {
protected $_get = array( protected $_get = array(
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkInt']] 'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkInt']
); );
public function __construct(array $params) public function __construct(array $params)

4
includes/ajaxHandler/guild.class.php
View File

@@ -7,8 +7,8 @@ class AjaxGuild extends AjaxHandler
{ {
protected $validParams = ['resync', 'status']; protected $validParams = ['resync', 'status'];
protected $_get = array( protected $_get = array(
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdList'] ], 'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkIdList' ],
'profile' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkEmptySet']], 'profile' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkEmptySet'],
); );
public function __construct(array $params) public function __construct(array $params)

2
includes/ajaxHandler/locale.class.php
View File

@@ -6,7 +6,7 @@ if (!defined('AOWOW_REVISION'))
class AjaxLocale extends AjaxHandler class AjaxLocale extends AjaxHandler
{ {
protected $_get = array( protected $_get = array(
'locale' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkLocale']] 'locale' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkLocale']
); );
public function __construct(array $params) public function __construct(array $params)

54
includes/ajaxHandler/profile.class.php
View File

@@ -9,36 +9,36 @@ class AjaxProfile extends AjaxHandler
protected $validParams = ['link', 'unlink', 'pin', 'unpin', 'public', 'private', 'avatar', 'resync', 'status', 'save', 'delete', 'purge', 'summary', 'load']; protected $validParams = ['link', 'unlink', 'pin', 'unpin', 'public', 'private', 'avatar', 'resync', 'status', 'save', 'delete', 'purge', 'summary', 'load'];
protected $_get = array( protected $_get = array(
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdList'] ], 'id' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkIdList' ],
'items' => [FILTER_CALLBACK, ['options' => 'AjaxProfile::checkItemList'] ], 'items' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxProfile::checkItemList'],
'size' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH], 'size' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW ],
'guild' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkEmptySet'] ], 'guild' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkEmptySet'],
'arena-team' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkEmptySet'] ], 'arena-team' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkEmptySet'],
'user' => [FILTER_CALLBACK, ['options' => 'AjaxProfile::checkUser'] ] 'user' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxProfile::checkUser' ]
); );
protected $_post = array( protected $_post = array(
'name' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkFulltext'] ], 'name' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkFulltext'],
'level' => [FILTER_SANITIZE_NUMBER_INT, null ], 'level' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'class' => [FILTER_SANITIZE_NUMBER_INT, null ], 'class' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'race' => [FILTER_SANITIZE_NUMBER_INT, null ], 'race' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'gender' => [FILTER_SANITIZE_NUMBER_INT, null ], 'gender' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'nomodel' => [FILTER_SANITIZE_NUMBER_INT, null ], 'nomodel' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'talenttree1' => [FILTER_SANITIZE_NUMBER_INT, null ], 'talenttree1' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'talenttree2' => [FILTER_SANITIZE_NUMBER_INT, null ], 'talenttree2' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'talenttree3' => [FILTER_SANITIZE_NUMBER_INT, null ], 'talenttree3' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'activespec' => [FILTER_SANITIZE_NUMBER_INT, null ], 'activespec' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'talentbuild1' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ], 'talentbuild1' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'glyphs1' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ], 'glyphs1' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'talentbuild2' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ], 'talentbuild2' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'glyphs2' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ], 'glyphs2' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'icon' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ], 'icon' => ['filter' => FILTER_UNSAFE_RAW, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'description' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkFulltext'] ], 'description' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkFulltext'],
'source' => [FILTER_SANITIZE_NUMBER_INT, null ], 'source' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'copy' => [FILTER_SANITIZE_NUMBER_INT, null ], 'copy' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'public' => [FILTER_SANITIZE_NUMBER_INT, null ], 'public' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'gearscore' => [FILTER_SANITIZE_NUMBER_INT, null ], 'gearscore' => ['filter' => FILTER_SANITIZE_NUMBER_INT],
'inv' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdListUnsigned', 'flags' => FILTER_REQUIRE_ARRAY]], 'inv' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkIdListUnsigned', 'flags' => FILTER_REQUIRE_ARRAY],
); );
public function __construct(array $params) public function __construct(array $params)

2
includes/community.class.php
View File

@@ -511,7 +511,7 @@ class CommunityContent
{ {
$result = array( $result = array(
'vi' => self::getVideos($type, $typeId), 'vi' => self::getVideos($type, $typeId),
'sc' => self::getScreenshots($type, $typeId), 'ss' => self::getScreenshots($type, $typeId),
'co' => self::getComments($type, $typeId) 'co' => self::getComments($type, $typeId)
); );

1
includes/defines.php
View File

@@ -9,6 +9,7 @@ if (!defined('AOWOW_REVISION'))
define('E_AOWOW', E_ALL & ~(E_DEPRECATED | E_USER_DEPRECATED | E_STRICT)); define('E_AOWOW', E_ALL & ~(E_DEPRECATED | E_USER_DEPRECATED | E_STRICT));
define('JSON_AOWOW_POWER', JSON_PRETTY_PRINT | JSON_NUMERIC_CHECK | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES); define('JSON_AOWOW_POWER', JSON_PRETTY_PRINT | JSON_NUMERIC_CHECK | JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
define('FILTER_FLAG_STRIP_AOWOW', FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH | FILTER_STRIP_BACKTICK);
define('MIME_TYPE_TEXT', 'Content-Type: text/plain; charset=utf-8'); define('MIME_TYPE_TEXT', 'Content-Type: text/plain; charset=utf-8');
define('MIME_TYPE_XML', 'Content-Type: text/xml; charset=utf-8'); define('MIME_TYPE_XML', 'Content-Type: text/xml; charset=utf-8');

80
includes/utilities.php
View File

@@ -16,6 +16,86 @@ class SimpleXML extends SimpleXMLElement
} }
} }
trait TrRequestData
{
private $filtered = false;
private function initRequestData() : void
{
if ($this->filtered)
return;
if (isset($this->_post) && gettype($this->_post) == 'array')
$this->_post = filter_input_array(INPUT_POST, $this->_post);
if (isset($this->_get) && gettype($this->_get) == 'array')
$this->_get = filter_input_array(INPUT_GET, $this->_get);
if (isset($this->_cookie) && gettype($this->_cookie) == 'array')
$this->_cookie = filter_input_array(INPUT_COOKIE, $this->_cookie);
$this->filtered = true;
}
protected static function checkEmptySet(string $val) : bool
{
return $val === ''; // parameter is expected to be empty
}
protected static function checkInt(string $val) : int
{
if (preg_match('/^-?\d+$/', $val))
return intVal($val);
return 0;
}
protected static function checkLocale(string $val) : int
{
if (preg_match('/^'.implode('|', array_keys(array_filter(Util::$localeStrings))).'$/', $val))
return intVal($val);
return -1;
}
protected static function checkDomain(string $val) : string
{
if (preg_match('/^'.implode('|', array_filter(Util::$subDomains)).'$/i', $val))
return strtolower($val);
return '';
}
protected static function checkIdList(string $val) : array
{
if (preg_match('/^-?\d+(,-?\d+)*$/', $val))
return array_map('intVal', explode(',', $val));
return [];
}
protected static function checkIntArray(string $val) : array
{
if (preg_match('/^-?\d+(:-?\d+)*$/', $val))
return array_map('intVal', explode(':', $val));
return [];
}
protected static function checkIdListUnsigned(string $val) : array
{
if (preg_match('/\d+(,\d+)*/', $val))
return array_map('intVal', explode(',', $val));
return [];
}
protected static function checkFulltext(string $val) : string
{
// trim non-printable chars
return preg_replace('/[\p{Cf}\p{Co}\p{Cs}\p{Cn}]/ui', '', $val);
}
}
class CLI class CLI
{ {

48
pages/account.php
View File

@@ -27,13 +27,18 @@ class AccountPage extends GenericPage
protected $lvTabs = []; protected $lvTabs = [];
protected $banned = []; protected $banned = [];
private $_post = array( protected $_get = array(
'username' => [FILTER_SANITIZE_SPECIAL_CHARS, 0xC], // FILTER_FLAG_STRIP_LOW | *_HIGH 'token' => ['filter' => FILTER_SANITIZE_SPECIAL_CHARS, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'password' => [FILTER_UNSAFE_RAW, null], 'next' => ['filter' => FILTER_SANITIZE_SPECIAL_CHARS, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'c_password' => [FILTER_UNSAFE_RAW, null], );
'token' => [FILTER_UNSAFE_RAW, null],
'remember_me' => [FILTER_CALLBACK, ['options' => 'AccountPage::rememberCallback']], protected $_post = array(
'email' => [FILTER_SANITIZE_EMAIL, null] 'username' => ['filter' => FILTER_SANITIZE_SPECIAL_CHARS, 'flags' => FILTER_FLAG_STRIP_AOWOW],
'password' => ['filter' => FILTER_UNSAFE_RAW],
'c_password' => ['filter' => FILTER_UNSAFE_RAW],
'token' => ['filter' => FILTER_UNSAFE_RAW],
'remember_me' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::rememberCallback'],
'email' => ['filter' => FILTER_SANITIZE_EMAIL]
); );
public function __construct($pageCall, $pageParam) public function __construct($pageCall, $pageParam)
@@ -43,9 +48,6 @@ class AccountPage extends GenericPage
parent::__construct($pageCall, $pageParam); parent::__construct($pageCall, $pageParam);
foreach ($this->_post as $k => &$v)
$v = !empty($_POST[$k]) ? filter_input(INPUT_POST, $k, $v[0], $v[1]) : null;
if ($pageParam) if ($pageParam)
{ {
// requires auth && not authed // requires auth && not authed
@@ -57,7 +59,7 @@ class AccountPage extends GenericPage
} }
} }
private function rememberCallback($val) protected function rememberCallback($val)
{ {
return $val == 'yes' ? $val : null; return $val == 'yes' ? $val : null;
} }
@@ -128,7 +130,7 @@ class AccountPage extends GenericPage
header('Location: '.$this->getNext(true), true, 302); header('Location: '.$this->getNext(true), true, 302);
} }
} }
else if (!empty($_GET['token']) && ($_ = DB::Aowow()->selectCell('SELECT user FROM ?_account WHERE status IN (?a) AND token = ? AND statusTimer > UNIX_TIMESTAMP()', [ACC_STATUS_RECOVER_USER, ACC_STATUS_OK], $_GET['token']))) else if ($this->_get['token'] && ($_ = DB::Aowow()->selectCell('SELECT user FROM ?_account WHERE status IN (?a) AND token = ? AND statusTimer > UNIX_TIMESTAMP()', [ACC_STATUS_RECOVER_USER, ACC_STATUS_OK], $this->_get['token'])))
$this->user = $_; $this->user = $_;
break; break;
@@ -156,13 +158,13 @@ class AccountPage extends GenericPage
$this->text = sprintf(Lang::account('createAccSent'), $this->_post['email']); $this->text = sprintf(Lang::account('createAccSent'), $this->_post['email']);
} }
} }
else if (!empty($_GET['token']) && ($newId = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE status = ?d AND token = ?', ACC_STATUS_NEW, $_GET['token']))) else if ($this->_get['token'] && ($newId = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE status = ?d AND token = ?', ACC_STATUS_NEW, $this->_get['token'])))
{ {
$nStep = 2; $nStep = 2;
DB::Aowow()->query('UPDATE ?_account SET status = ?d, statusTimer = 0, token = 0, userGroups = ?d WHERE token = ?', ACC_STATUS_OK, U_GROUP_NONE, $_GET['token']); DB::Aowow()->query('UPDATE ?_account SET status = ?d, statusTimer = 0, token = 0, userGroups = ?d WHERE token = ?', ACC_STATUS_OK, U_GROUP_NONE, $this->_get['token']);
DB::Aowow()->query('REPLACE INTO ?_account_bannedips (ip, type, count, unbanDate) VALUES (?, 1, ?d + 1, UNIX_TIMESTAMP() + ?d)', User::$ip, CFG_ACC_FAILED_AUTH_COUNT, CFG_ACC_FAILED_AUTH_BLOCK); DB::Aowow()->query('REPLACE INTO ?_account_bannedips (ip, type, count, unbanDate) VALUES (?, 1, ?d + 1, UNIX_TIMESTAMP() + ?d)', User::$ip, CFG_ACC_FAILED_AUTH_COUNT, CFG_ACC_FAILED_AUTH_BLOCK);
$this->text = sprintf(Lang::account('accActivated'), $_GET['token']); $this->text = sprintf(Lang::account('accActivated'), $this->_get['token']);
} }
else else
$this->next = $this->getNext(); $this->next = $this->getNext();
@@ -313,17 +315,17 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup
$this->text = sprintf(Lang::account('recovPassSent'), $this->_post['email']); $this->text = sprintf(Lang::account('recovPassSent'), $this->_post['email']);
} }
} }
else if (isset($_GET['token'])) // step 2 else if ($this->_get['token']) // step 2
{ {
$step = 2; $step = 2;
$this->resetPass = true; $this->resetPass = true;
$this->token = $_GET['token']; $this->token = $this->_get['token'];
} }
else if ($this->_post['token'] && $this->_post['email'] && $this->_post['password'] && $this->_post['c_password']) else if ($this->_post['token'] && $this->_post['email'] && $this->_post['password'] && $this->_post['c_password'])
{ {
$step = 2; $step = 2;
$this->resetPass = true; $this->resetPass = true;
$this->token = $_GET['token']; // insecure source .. that sucks; but whats the worst that could happen .. this account cannot be recovered for some minutes $this->token = $this->_post['token']; // insecure source .. that sucks; but whats the worst that could happen .. this account cannot be recovered for some minutes
if ($err = $this->doResetPass()) if ($err = $this->doResetPass())
$this->error = $err; $this->error = $err;
@@ -413,7 +415,7 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup
} }
// username taken // username taken
if ($_ = DB::Aowow()->SelectCell('SELECT user FROM ?_account WHERE (user = ? OR email = ?) AND (status <> ?d OR (status = ?d AND statusTimer > UNIX_TIMESTAMP()))', $this->_post['username'], $email, ACC_STATUS_NEW, ACC_STATUS_NEW)) if ($_ = DB::Aowow()->SelectCell('SELECT user FROM ?_account WHERE (user = ? OR email = ?) AND (status <> ?d OR (status = ?d AND statusTimer > UNIX_TIMESTAMP()))', $this->_post['username'], $this->_post['email'], ACC_STATUS_NEW, ACC_STATUS_NEW))
return $_ == $this->_post['username'] ? Lang::account('nameInUse') : Lang::account('mailInUse'); return $_ == $this->_post['username'] ? Lang::account('nameInUse') : Lang::account('mailInUse');
// create.. // create..
@@ -473,10 +475,10 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup
if (!$uId) if (!$uId)
return Lang::account('emailNotFound'); // assume they didn't meddle with the token return Lang::account('emailNotFound'); // assume they didn't meddle with the token
if (!User::verifyCrypt($newPass)) if (!User::verifyCrypt($this->_post['c_password']))
return Lang::account('newPassDiff'); return Lang::account('newPassDiff');
if (!DB::Aowow()->query('UPDATE ?_account SET passHash = ?, status = ?d WHERE id = ?d', User::hashcrypt($newPass), ACC_STATUS_OK, $uId)) if (!DB::Aowow()->query('UPDATE ?_account SET passHash = ?, status = ?d WHERE id = ?d', User::hashCrypt($this->_post['c_password']), ACC_STATUS_OK, $uId))
return Lang::main('intError'); return Lang::main('intError');
} }
@@ -520,8 +522,8 @@ Markup.printHtml("description text here", "description-generic", { allow: Markup
private function getNext($forHeader = false) private function getNext($forHeader = false)
{ {
$next = $forHeader ? '.' : ''; $next = $forHeader ? '.' : '';
if (isset($_GET['next'])) if ($this->_get['next'])
$next = $_GET['next']; $next = $this->_get['next'];
else if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], '?')) else if (isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], '?'))
$next = explode('?', $_SERVER['HTTP_REFERER'])[1]; $next = explode('?', $_SERVER['HTTP_REFERER'])[1];

6
pages/achievement.php
View File

@@ -32,6 +32,8 @@ class AchievementPage extends GenericPage
protected $tabId = 0; protected $tabId = 0;
protected $mode = CACHE_TYPE_PAGE; protected $mode = CACHE_TYPE_PAGE;
protected $_get = ['domain' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkDomain']];
private $powerTpl = '$WowheadPower.registerAchievement(%d, %d, %s);'; private $powerTpl = '$WowheadPower.registerAchievement(%d, %d, %s);';
public function __construct($pageCall, $id) public function __construct($pageCall, $id)
@@ -39,8 +41,8 @@ class AchievementPage extends GenericPage
parent::__construct($pageCall, $id); parent::__construct($pageCall, $id);
// temp locale // temp locale
if ($this->mode == CACHE_TYPE_TOOLTIP && isset($_GET['domain'])) if ($this->mode == CACHE_TYPE_TOOLTIP && $this->_get['domain'])
Util::powerUseLocale($_GET['domain']); Util::powerUseLocale($this->_get['domain']);
$this->typeId = intVal($id); $this->typeId = intVal($id);

5
pages/achievements.php
View File

@@ -16,6 +16,9 @@ class AchievementsPage extends GenericPage
protected $tabId = 0; protected $tabId = 0;
protected $mode = CACHE_TYPE_PAGE; protected $mode = CACHE_TYPE_PAGE;
protected $js = ['filters.js']; protected $js = ['filters.js'];
protected $_get = ['filter' => ['filter' => FILTER_UNSAFE_RAW]];
protected $validCats = array( protected $validCats = array(
92 => true, 92 => true,
96 => [14861, 14862, 14863], 96 => [14861, 14862, 14863],
@@ -64,7 +67,7 @@ class AchievementsPage extends GenericPage
// recreate form selection // recreate form selection
$this->filter = $this->filterObj->getForm(); $this->filter = $this->filterObj->getForm();
$this->filter['query'] = isset($_GET['filter']) ? $_GET['filter'] : null; $this->filter['query'] = $this->_get['filter'];
$this->filter['initData'] = ['init' => 'achievements']; $this->filter['initData'] = ['init' => 'achievements'];
if ($x = $this->filterObj->getSetCriteria()) if ($x = $this->filterObj->getSetCriteria())

21
pages/admin.php
View File

@@ -6,13 +6,19 @@ if (!defined('AOWOW_REVISION'))
class AdminPage extends GenericPage class AdminPage extends GenericPage
{ {
protected $tpl = null; // depends on the subject protected $tpl = null; // depends on the subject
protected $reqUGroup = U_GROUP_NONE; // actual group dependant on the subPage protected $reqUGroup = U_GROUP_NONE; // actual group dependant on the subPage
protected $reqAuth = true; protected $reqAuth = true;
protected $path = [4]; protected $path = [4];
protected $tabId = 4; protected $tabId = 4;
protected $_get = array(
'all' => ['filter' => FILTER_UNSAFE_RAW],
'type' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkInt'],
'typeid' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkInt'],
'user' => ['filter' => FILTER_CALLBACK, 'options' => 'urldecode'],
);
private $generator = ''; private $generator = '';
public function __construct($pageCall, $pageParam) public function __construct($pageCall, $pageParam)
@@ -187,22 +193,21 @@ class AdminPage extends GenericPage
['string' => '#highlightedRow { background-color: #322C1C; }'] ['string' => '#highlightedRow { background-color: #322C1C; }']
)); ));
$ssGetAll = isset($_GET['all']) && empty($_GET['all']); $ssGetAll = $this->_get['all'];
$ssPages = []; $ssPages = [];
$ssData = []; $ssData = [];
$nMatches = 0; $nMatches = 0;
if (!empty($_GET['type']) && !empty($_GET['typeid'])) if ($this->_get['type'] && $this->_get['typeId'])
{ {
$ssData = CommunityContent::getScreenshotsForManager(intVal($_GET['type']), intVal($_GET['typeid'])); $ssData = CommunityContent::getScreenshotsForManager($this->_get['type'], $this->_get['typeid']);
$nMatches = count($ssData); $nMatches = count($ssData);
} }
else if (!empty($_GET['user'])) else if ($this->_get['user'])
{ {
$name = urldecode($_GET['user']); if (mb_strlen($this->_get['user']) >= 3)
if (mb_strlen($name) >= 3)
{ {
if ($uId = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE displayName = ?', ucFirst($name))) if ($uId = DB::Aowow()->selectCell('SELECT id FROM ?_account WHERE displayName = ?', ucFirst($this->_get['user'])))
{ {
$ssData = CommunityContent::getScreenshotsForManager(0, 0, $uId); $ssData = CommunityContent::getScreenshotsForManager(0, 0, $uId);
$nMatches = count($ssData); $nMatches = count($ssData);

4
pages/areatriggers.php
View File

@@ -19,6 +19,8 @@ class AreaTriggersPage extends GenericPage
protected $js = ['filters.js']; protected $js = ['filters.js'];
protected $reqUGroup = U_GROUP_STAFF; protected $reqUGroup = U_GROUP_STAFF;
protected $_get = ['filter' => ['filter' => FILTER_UNSAFE_RAW]];
public function __construct($pageCall, $pageParam) public function __construct($pageCall, $pageParam)
{ {
$this->getCategoryFromUrl($pageParam);; $this->getCategoryFromUrl($pageParam);;
@@ -36,7 +38,7 @@ class AreaTriggersPage extends GenericPage
{ {
// recreate form selection // recreate form selection
$this->filter = $this->filterObj->getForm(); $this->filter = $this->filterObj->getForm();
$this->filter['query'] = isset($_GET['filter']) ? $_GET['filter'] : null; $this->filter['query'] = $this->_get['filter'];
$this->filter['initData'] = ['init' => 'areatrigger']; $this->filter['initData'] = ['init' => 'areatrigger'];
if ($x = $this->filterObj->getSetCriteria()) if ($x = $this->filterObj->getSetCriteria())

4
pages/arenateams.php
View File

@@ -17,6 +17,8 @@ class ArenaTeamsPage extends GenericPage
protected $tpl = 'arena-teams'; protected $tpl = 'arena-teams';
protected $js = ['filters.js', 'profile_all.js', 'profile.js']; protected $js = ['filters.js', 'profile_all.js', 'profile.js'];
protected $_get = ['filter' => ['filter' => FILTER_UNSAFE_RAW]];
public function __construct($pageCall, $pageParam) public function __construct($pageCall, $pageParam)
{ {
if (!CFG_PROFILER_ENABLE) if (!CFG_PROFILER_ENABLE)
@@ -66,7 +68,7 @@ class ArenaTeamsPage extends GenericPage
// recreate form selection // recreate form selection
$this->filter = $this->filterObj->getForm(); $this->filter = $this->filterObj->getForm();
$this->filter['query'] = isset($_GET['filter']) ? $_GET['filter'] : null; $this->filter['query'] = $this->_get['filter'];
$this->filter['initData'] = ['type' => 'arenateams']; $this->filter['initData'] = ['type' => 'arenateams'];
$tabData = array( $tabData = array(

30
pages/compare.php
View File

@@ -23,17 +23,20 @@ class ComparePage extends GenericPage
protected $summary = []; protected $summary = [];
protected $cmpItems = []; protected $cmpItems = [];
protected $_get = ['compare' => ['filter' => FILTER_CALLBACK, 'options' => 'ComparePage::checkCompareString']];
protected $_cookie = ['compare_groups' => ['filter' => FILTER_CALLBACK, 'options' => 'ComparePage::checkCompareString']];
private $compareString = ''; private $compareString = '';
public function __construct($pageCall, $__) public function __construct($pageCall, $__)
{ {
parent::__construct($pageCall, $__); parent::__construct($pageCall, $__);
// prefer $_GET over $_COOKIE // prefer GET over COOKIE
if (!empty($_GET['compare'])) if ($this->_get['compare'])
$this->compareString = $_GET['compare']; $this->compareString = $this->_get['compare'];
else if (!empty($_COOKIE['compare_groups'])) else if ($this->_cookie['compare_groups'])
$this->compareString = urldecode($_COOKIE['compare_groups']); $this->compareString = $this->_cookie['compare_groups'];
$this->name = Lang::main('compareTool'); $this->name = Lang::main('compareTool');
} }
@@ -56,14 +59,12 @@ class ComparePage extends GenericPage
$items = $outSet = []; $items = $outSet = [];
foreach ($sets as $set) foreach ($sets as $set)
{ {
$itemSting = explode(':', $set); $itemString = explode(':', $set);
$outString = []; $outString = [];
foreach ($itemSting as $substring) foreach ($itemString as $is)
{ {
$params = explode('.', $substring); $params = array_pad(explode('.', $is), 7, 0);
$items[] = (int)$params[0]; $items[] = (int)$params[0];
while (sizeof($params) < 7)
$params[] = 0;
$outString[] = $params; $outString[] = $params;
} }
@@ -100,6 +101,15 @@ class ComparePage extends GenericPage
} }
protected function generatePath() {} protected function generatePath() {}
private function checkCompareString(string $val) : string
{
$val = urldecode($val);
if (preg_match('/[^\d\.:;]/', $val))
return '';
return $val;
}
} }
?> ?>

6
pages/currency.php
View File

@@ -17,6 +17,8 @@ class CurrencyPage extends GenericPage
protected $tabId = 0; protected $tabId = 0;
protected $mode = CACHE_TYPE_PAGE; protected $mode = CACHE_TYPE_PAGE;
protected $_get = ['domain' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkDomain']];
private $powerTpl = '$WowheadPower.registerCurrency(%d, %d, %s);'; private $powerTpl = '$WowheadPower.registerCurrency(%d, %d, %s);';
public function __construct($pageCall, $id) public function __construct($pageCall, $id)
@@ -24,8 +26,8 @@ class CurrencyPage extends GenericPage
parent::__construct($pageCall, $id); parent::__construct($pageCall, $id);
// temp locale // temp locale
if ($this->mode == CACHE_TYPE_TOOLTIP && isset($_GET['domain'])) if ($this->mode == CACHE_TYPE_TOOLTIP && $this->_get['domain'])
Util::powerUseLocale($_GET['domain']); Util::powerUseLocale($this->_get['domain']);
$this->typeId = intVal($id); $this->typeId = intVal($id);

4
pages/enchantments.php
View File

@@ -17,6 +17,8 @@ class EnchantmentsPage extends GenericPage
protected $mode = CACHE_TYPE_PAGE; protected $mode = CACHE_TYPE_PAGE;
protected $js = ['filters.js']; protected $js = ['filters.js'];
protected $_get = ['filter' => ['filter' => FILTER_UNSAFE_RAW]];
public function __construct($pageCall, $pageParam) public function __construct($pageCall, $pageParam)
{ {
$this->getCategoryFromUrl($pageParam);; $this->getCategoryFromUrl($pageParam);;
@@ -50,7 +52,7 @@ class EnchantmentsPage extends GenericPage
// recreate form selection // recreate form selection
$this->filter = $this->filterObj->getForm(); $this->filter = $this->filterObj->getForm();
$this->filter['query'] = isset($_GET['filter']) ? $_GET['filter'] : NULL; $this->filter['query'] = $this->_get['filter'];
$this->filter['initData'] = ['init' => 'enchantments']; $this->filter['initData'] = ['init' => 'enchantments'];
if ($x = $this->filterObj->getSetCriteria()) if ($x = $this->filterObj->getSetCriteria())

6
pages/event.php
View File

@@ -17,6 +17,8 @@ class EventPage extends GenericPage
protected $tabId = 0; protected $tabId = 0;
protected $mode = CACHE_TYPE_PAGE; protected $mode = CACHE_TYPE_PAGE;
protected $_get = ['domain' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkDomain']];
private $powerTpl = '$WowheadPower.registerHoliday(%d, %d, %s);'; private $powerTpl = '$WowheadPower.registerHoliday(%d, %d, %s);';
private $hId = 0; private $hId = 0;
private $eId = 0; private $eId = 0;
@@ -26,8 +28,8 @@ class EventPage extends GenericPage
parent::__construct($pageCall, $id); parent::__construct($pageCall, $id);
// temp locale // temp locale
if ($this->mode == CACHE_TYPE_TOOLTIP && isset($_GET['domain'])) if ($this->mode == CACHE_TYPE_TOOLTIP && $this->_get['domain'])
Util::powerUseLocale($_GET['domain']); Util::powerUseLocale($this->_get['domain']);
$this->typeId = intVal($id); $this->typeId = intVal($id);

4
pages/genericPage.class.php
View File

@@ -167,6 +167,8 @@ trait TrProfiler
class GenericPage class GenericPage
{ {
use TrRequestData;
protected $tpl = ''; protected $tpl = '';
protected $reqUGroup = U_GROUP_NONE; protected $reqUGroup = U_GROUP_NONE;
protected $reqAuth = false; protected $reqAuth = false;
@@ -238,6 +240,8 @@ class GenericPage
{ {
$this->time = microtime(true); $this->time = microtime(true);
$this->initRequestData();
if (!isset($this->contribute)) if (!isset($this->contribute))
$this->contribute = CONTRIBUTE_NONE; $this->contribute = CONTRIBUTE_NONE;

4
pages/guilds.php
View File

@@ -17,6 +17,8 @@ class GuildsPage extends GenericPage
protected $tpl = 'guilds'; protected $tpl = 'guilds';
protected $js = ['filters.js', 'profile_all.js', 'profile.js']; protected $js = ['filters.js', 'profile_all.js', 'profile.js'];
protected $_get = ['filter' => ['filter' => FILTER_UNSAFE_RAW]];
public function __construct($pageCall, $pageParam) public function __construct($pageCall, $pageParam)
{ {
if (!CFG_PROFILER_ENABLE) if (!CFG_PROFILER_ENABLE)
@@ -67,7 +69,7 @@ class GuildsPage extends GenericPage
// recreate form selection // recreate form selection
$this->filter = $this->filterObj->getForm(); $this->filter = $this->filterObj->getForm();
$this->filter['query'] = isset($_GET['filter']) ? $_GET['filter'] : null; $this->filter['query'] = $this->_get['filter'];
$this->filter['initData'] = ['type' => 'guilds']; $this->filter['initData'] = ['type' => 'guilds'];
$tabData = array( $tabData = array(

4
pages/icons.php
View File

@@ -17,6 +17,8 @@ class IconsPage extends GenericPage
protected $mode = CACHE_TYPE_PAGE; protected $mode = CACHE_TYPE_PAGE;
protected $js = ['filters.js']; protected $js = ['filters.js'];
protected $_get = ['filter' => ['filter' => FILTER_UNSAFE_RAW]];
public function __construct($pageCall) public function __construct($pageCall)
{ {
$this->filterObj = new IconListFilter(); $this->filterObj = new IconListFilter();
@@ -49,7 +51,7 @@ class IconsPage extends GenericPage
// recreate form selection // recreate form selection
$this->filter = $this->filterObj->getForm(); $this->filter = $this->filterObj->getForm();
$this->filter['query'] = isset($_GET['filter']) ? $_GET['filter'] : null; $this->filter['query'] = $this->_get['filter'];
$this->filter['initData'] = ['init' => 'icons']; $this->filter['initData'] = ['init' => 'icons'];
if ($x = $this->filterObj->getSetCriteria()) if ($x = $this->filterObj->getSetCriteria())

30
pages/item.php
View File

@@ -23,6 +23,14 @@ class ItemPage extends genericPage
'filters.js' // lolwut? 'filters.js' // lolwut?
); );
protected $_get = array(
'domain' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkDomain'],
'rand' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkInt'],
'ench' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkInt'],
'gems' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkIntArray'],
'sock' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkEmptySet']
);
private $powerTpl = '$WowheadPower.registerItem(%s, %d, %s);'; private $powerTpl = '$WowheadPower.registerItem(%s, %d, %s);';
public function __construct($pageCall, $param) public function __construct($pageCall, $param)
@@ -36,23 +44,23 @@ class ItemPage extends genericPage
if ($this->mode == CACHE_TYPE_TOOLTIP) if ($this->mode == CACHE_TYPE_TOOLTIP)
{ {
// temp locale // temp locale
if (isset($_GET['domain'])) if ($this->_get['domain'])
Util::powerUseLocale($_GET['domain']); Util::powerUseLocale($this->_get['domain']);
if (isset($_GET['rand'])) if ($this->_get['rand'])
$this->enhancedTT['r'] = $_GET['rand']; $this->enhancedTT['r'] = $this->_get['rand'];
if (isset($_GET['ench'])) if ($this->_get['ench'])
$this->enhancedTT['e'] = $_GET['ench']; $this->enhancedTT['e'] = $this->_get['ench'];
if (isset($_GET['gems'])) if ($this->_get['gems'])
$this->enhancedTT['g'] = explode(':', $_GET['gems']); $this->enhancedTT['g'] = $this->_get['gems'];
if (isset($_GET['sock'])) if ($this->_get['sock'])
$this->enhancedTT['s'] = ''; $this->enhancedTT['s'] = '';
} }
else if ($this->mode == CACHE_TYPE_XML) else if ($this->mode == CACHE_TYPE_XML)
{ {
// temp locale // temp locale
if (isset($_GET['domain'])) if ($this->_get['domain'])
Util::powerUseLocale($_GET['domain']); Util::powerUseLocale($this->_get['domain']);
// allow lookup by name for xml // allow lookup by name for xml
if (!is_numeric($param)) if (!is_numeric($param))

5
pages/items.php
View File

@@ -16,6 +16,9 @@ class ItemsPage extends GenericPage
protected $tabId = 0; protected $tabId = 0;
protected $mode = CACHE_TYPE_PAGE; protected $mode = CACHE_TYPE_PAGE;
protected $js = ['filters.js', 'swfobject.js']; protected $js = ['filters.js', 'swfobject.js'];
protected $_get = ['filter' => ['filter' => FILTER_UNSAFE_RAW]];
protected $validCats = array( // if > 0 class => subclass protected $validCats = array( // if > 0 class => subclass
2 => [15, 13, 0, 4, 7, 6, 10, 1, 5, 8, 2, 18, 3, 16, 19, 20, 14], 2 => [15, 13, 0, 4, 7, 6, 10, 1, 5, 8, 2, 18, 3, 16, 19, 20, 14],
4 => array( 4 => array(
@@ -109,7 +112,7 @@ class ItemsPage extends GenericPage
$conditions[] = $_; $conditions[] = $_;
$this->filter = $this->filterObj->getForm(); $this->filter = $this->filterObj->getForm();
$this->filter['query'] = isset($_GET['filter']) ? $_GET['filter'] : null; $this->filter['query'] = $this->_get['filter'];
$this->filter['initData'] = ['init' => 'items']; $this->filter['initData'] = ['init' => 'items'];
if ($x = $this->filterObj->getSetCriteria()) if ($x = $this->filterObj->getSetCriteria())

6
pages/itemset.php
View File

@@ -21,6 +21,8 @@ class ItemsetPage extends GenericPage
'Summary.js' 'Summary.js'
); );
protected $_get = ['domain' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkDomain']];
private $powerTpl = '$WowheadPower.registerItemSet(%d, %d, %s);'; private $powerTpl = '$WowheadPower.registerItemSet(%d, %d, %s);';
public function __construct($pageCall, $id) public function __construct($pageCall, $id)
@@ -28,8 +30,8 @@ class ItemsetPage extends GenericPage
parent::__construct($pageCall, $id); parent::__construct($pageCall, $id);
// temp locale // temp locale
if ($this->mode == CACHE_TYPE_TOOLTIP && isset($_GET['domain'])) if ($this->mode == CACHE_TYPE_TOOLTIP && $this->_get['domain'])
Util::powerUseLocale($_GET['domain']); Util::powerUseLocale($this->_get['domain']);
$this->typeId = intVal($id); $this->typeId = intVal($id);

4
pages/itemsets.php
View File

@@ -17,6 +17,8 @@ class ItemsetsPage extends GenericPage
protected $mode = CACHE_TYPE_PAGE; protected $mode = CACHE_TYPE_PAGE;
protected $js = ['filters.js']; protected $js = ['filters.js'];
protected $_get = ['filter' => ['filter' => FILTER_UNSAFE_RAW]];
public function __construct($pageCall, $pageParam) public function __construct($pageCall, $pageParam)
{ {
$this->getCategoryFromUrl($pageParam); $this->getCategoryFromUrl($pageParam);
@@ -44,7 +46,7 @@ class ItemsetsPage extends GenericPage
// recreate form selection // recreate form selection
$this->filter = $this->filterObj->getForm(); $this->filter = $this->filterObj->getForm();
$this->filter['query'] = isset($_GET['filter']) ? $_GET['filter'] : NULL; $this->filter['query'] = $this->_get['filter'];
$this->filter['initData'] = ['init' => 'itemsets']; $this->filter['initData'] = ['init' => 'itemsets'];
if ($x = $this->filterObj->getSetCriteria()) if ($x = $this->filterObj->getSetCriteria())

6
pages/npc.php
View File

@@ -19,6 +19,8 @@ class NpcPage extends GenericPage
protected $js = ['swfobject.js']; protected $js = ['swfobject.js'];
protected $css = [['path' => 'Profiler.css']]; protected $css = [['path' => 'Profiler.css']];
protected $_get = ['domain' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkDomain']];
private $soundIds = []; private $soundIds = [];
private $powerTpl = '$WowheadPower.registerNpc(%d, %d, %s);'; private $powerTpl = '$WowheadPower.registerNpc(%d, %d, %s);';
@@ -27,8 +29,8 @@ class NpcPage extends GenericPage
parent::__construct($pageCall, $id); parent::__construct($pageCall, $id);
// temp locale // temp locale
if ($this->mode == CACHE_TYPE_TOOLTIP && isset($_GET['domain'])) if ($this->mode == CACHE_TYPE_TOOLTIP && $this->_get['domain'])
Util::powerUseLocale($_GET['domain']); Util::powerUseLocale($this->_get['domain']);
$this->typeId = intVal($id); $this->typeId = intVal($id);

4
pages/npcs.php
View File

@@ -18,6 +18,8 @@ class NpcsPage extends GenericPage
protected $validCats = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]; protected $validCats = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13];
protected $js = ['filters.js']; protected $js = ['filters.js'];
protected $_get = ['filter' => ['filter' => FILTER_UNSAFE_RAW]];
public function __construct($pageCall, $pageParam) public function __construct($pageCall, $pageParam)
{ {
$this->getCategoryFromUrl($pageParam);; $this->getCategoryFromUrl($pageParam);;
@@ -54,7 +56,7 @@ class NpcsPage extends GenericPage
// recreate form selection // recreate form selection
$this->filter = $this->filterObj->getForm(); $this->filter = $this->filterObj->getForm();
$this->filter['query'] = isset($_GET['filter']) ? $_GET['filter'] : null; $this->filter['query'] = $this->_get['filter'];
$this->filter['initData'] = ['init' => 'npcs']; $this->filter['initData'] = ['init' => 'npcs'];
$rCols = $this->filterObj->getReputationCols(); $rCols = $this->filterObj->getReputationCols();

6
pages/object.php
View File

@@ -18,6 +18,8 @@ class ObjectPage extends GenericPage
protected $mode = CACHE_TYPE_PAGE; protected $mode = CACHE_TYPE_PAGE;
protected $js = ['swfobject.js']; protected $js = ['swfobject.js'];
protected $_get = ['domain' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkDomain']];
private $powerTpl = '$WowheadPower.registerObject(%d, %d, %s);'; private $powerTpl = '$WowheadPower.registerObject(%d, %d, %s);';
public function __construct($pageCall, $id) public function __construct($pageCall, $id)
@@ -25,8 +27,8 @@ class ObjectPage extends GenericPage
parent::__construct($pageCall, $id); parent::__construct($pageCall, $id);
// temp locale // temp locale
if ($this->mode == CACHE_TYPE_TOOLTIP && isset($_GET['domain'])) if ($this->mode == CACHE_TYPE_TOOLTIP && $this->_get['domain'])
Util::powerUseLocale($_GET['domain']); Util::powerUseLocale($this->_get['domain']);
$this->typeId = intVal($id); $this->typeId = intVal($id);

4
pages/objects.php
View File

@@ -18,6 +18,8 @@ class ObjectsPage extends GenericPage
protected $validCats = [-2, -3, -4, -5, -6, 0, 3, 9, 25]; protected $validCats = [-2, -3, -4, -5, -6, 0, 3, 9, 25];
protected $js = ['filters.js']; protected $js = ['filters.js'];
protected $_get = ['filter' => ['filter' => FILTER_UNSAFE_RAW]];
public function __construct($pageCall, $pageParam) public function __construct($pageCall, $pageParam)
{ {
$this->getCategoryFromUrl($pageParam);; $this->getCategoryFromUrl($pageParam);;
@@ -43,7 +45,7 @@ class ObjectsPage extends GenericPage
// recreate form selection // recreate form selection
$this->filter = $this->filterObj->getForm(); $this->filter = $this->filterObj->getForm();
$this->filter['query'] = isset($_GET['filter']) ? $_GET['filter'] : null; $this->filter['query'] = $this->_get['filter'];
$this->filter['initData'] = ['init' => 'objects']; $this->filter['initData'] = ['init' => 'objects'];
if ($x = $this->filterObj->getSetCriteria()) if ($x = $this->filterObj->getSetCriteria())

13
pages/profile.php
View File

@@ -24,6 +24,11 @@ class ProfilePage extends GenericPage
['path' => 'Profiler.css'] ['path' => 'Profiler.css']
); );
protected $_get = array(
'domain' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkDomain'],
'new' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkEmptySet']
);
private $isCustom = false; private $isCustom = false;
private $profile = null; private $profile = null;
private $rnItr = 0; private $rnItr = 0;
@@ -43,8 +48,8 @@ class ProfilePage extends GenericPage
parent::__construct($pageCall, $pageParam); parent::__construct($pageCall, $pageParam);
// temp locale // temp locale
if ($this->mode == CACHE_TYPE_TOOLTIP && isset($_GET['domain'])) if ($this->mode == CACHE_TYPE_TOOLTIP && $this->_get['domain'])
Util::powerUseLocale($_GET['domain']); Util::powerUseLocale($this->_get['domain']);
if (count($params) == 1 && intval($params[0])) if (count($params) == 1 && intval($params[0]))
{ {
@@ -125,9 +130,9 @@ class ProfilePage extends GenericPage
else else
$this->notFound(); $this->notFound();
} }
else if (($params && $params[0]) || !isset($_GET['new'])) else if (($params && $params[0]) || !$this->_get['new'])
$this->notFound(); $this->notFound();
else if (isset($_GET['new'])) else if ($this->_get['new'])
$this->mode = CACHE_TYPE_NONE; $this->mode = CACHE_TYPE_NONE;
} }

4
pages/profiles.php
View File

@@ -20,6 +20,8 @@ class ProfilesPage extends GenericPage
protected $js = ['filters.js', 'profile_all.js', 'profile.js']; protected $js = ['filters.js', 'profile_all.js', 'profile.js'];
protected $css = [['path' => 'Profiler.css']]; protected $css = [['path' => 'Profiler.css']];
protected $_get = ['filter' => ['filter' => FILTER_UNSAFE_RAW]];
public function __construct($pageCall, $pageParam) public function __construct($pageCall, $pageParam)
{ {
if (!CFG_PROFILER_ENABLE) if (!CFG_PROFILER_ENABLE)
@@ -76,7 +78,7 @@ class ProfilesPage extends GenericPage
// recreate form selection // recreate form selection
$this->filter = $this->filterObj->getForm(); $this->filter = $this->filterObj->getForm();
$this->filter['query'] = isset($_GET['filter']) ? $_GET['filter'] : null; $this->filter['query'] = $this->_get['filter'];
$this->filter['initData'] = ['init' => 'profiles']; $this->filter['initData'] = ['init' => 'profiles'];
if ($x = $this->filterObj->getSetCriteria()) if ($x = $this->filterObj->getSetCriteria())

6
pages/quest.php
View File

@@ -19,6 +19,8 @@ class QuestPage extends GenericPage
protected $css = [['path' => 'Book.css']]; protected $css = [['path' => 'Book.css']];
protected $js = ['ShowOnMap.js']; protected $js = ['ShowOnMap.js'];
protected $_get = ['domain' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkDomain']];
private $catExtra = array( private $catExtra = array(
3526 => 3524, 3526 => 3524,
363 => 14, 363 => 14,
@@ -39,8 +41,8 @@ class QuestPage extends GenericPage
parent::__construct($pageCall, $id); parent::__construct($pageCall, $id);
// temp locale // temp locale
if ($this->mode == CACHE_TYPE_TOOLTIP && isset($_GET['domain'])) if ($this->mode == CACHE_TYPE_TOOLTIP && $this->_get['domain'])
Util::powerUseLocale($_GET['domain']); Util::powerUseLocale($this->_get['domain']);
$this->typeId = intVal($id); $this->typeId = intVal($id);

4
pages/quests.php
View File

@@ -17,6 +17,8 @@ class QuestsPage extends GenericPage
protected $validCats = []; protected $validCats = [];
protected $js = ['filters.js']; protected $js = ['filters.js'];
protected $_get = ['filter' => ['filter' => FILTER_UNSAFE_RAW]];
public function __construct($pageCall, $pageParam) public function __construct($pageCall, $pageParam)
{ {
$this->validCats = Game::$questClasses; // not allowed to set this as default $this->validCats = Game::$questClasses; // not allowed to set this as default
@@ -51,7 +53,7 @@ class QuestsPage extends GenericPage
// recreate form selection // recreate form selection
$this->filter = $this->filterObj->getForm(); $this->filter = $this->filterObj->getForm();
$this->filter['query'] = isset($_GET['filter']) ? $_GET['filter'] : null; $this->filter['query'] = $this->_get['filter'];
$this->filter['initData'] = ['init' => 'quests']; $this->filter['initData'] = ['init' => 'quests'];
$rCols = $this->filterObj->getReputationCols(); $rCols = $this->filterObj->getReputationCols();

11
pages/screenshot.php
View File

@@ -27,6 +27,11 @@ class ScreenshotPage extends GenericPage
protected $destTypeId = 0; protected $destTypeId = 0;
protected $imgHash = ''; protected $imgHash = '';
protected $_post = array(
'coords' => ['filter' => FILTER_CALLBACK, 'options' => 'AjaxHandler::checkIdListUnsigned'],
'screenshotalt' => ['filter' => FILTER_UNSAFE_RAW]
);
public function __construct($pageCall, $pageParam) public function __construct($pageCall, $pageParam)
{ {
parent::__construct($pageCall, $pageParam); parent::__construct($pageCall, $pageParam);
@@ -191,10 +196,10 @@ class ScreenshotPage extends GenericPage
return 1; return 1;
// check post data // check post data
if (empty($_POST) || empty($_POST['coords'])) if (!$this->_post['coords'])
return 2; return 2;
$dims = explode(',', $_POST['coords']); $dims = $this->_post['coords'];
if (count($dims) != 4) if (count($dims) != 4)
return 3; return 3;
@@ -220,7 +225,7 @@ class ScreenshotPage extends GenericPage
$this->destType, $this->destTypeId, $this->destType, $this->destTypeId,
User::$id, User::$id,
$w, $h, $w, $h,
$_POST['screenshotalt'] ?? '' $this->_post['screenshotalt'] ?? ''
); );
// write to file // write to file

42
pages/search.php
View File

@@ -36,6 +36,15 @@ class SearchPage extends GenericPage
protected $search = ''; // output protected $search = ''; // output
protected $invalid = []; protected $invalid = [];
protected $_get = array(
'wt' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkIntArray'],
'wtv' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkIntArray'],
'slots' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkIntArray'],
'type' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkInt'],
'json' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkEmptySet'],
'opensearch' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkEmptySet']
);
private $maxResults = CFG_SQL_LIMIT_SEARCH; private $maxResults = CFG_SQL_LIMIT_SEARCH;
private $searchMask = 0x0; private $searchMask = 0x0;
private $query = ''; // lookup private $query = ''; // lookup
@@ -53,18 +62,20 @@ class SearchPage extends GenericPage
public function __construct($pageCall, $pageParam) public function __construct($pageCall, $pageParam)
{ {
$this->search =
$this->query = trim(urlDecode($pageParam));
// restricted access // restricted access
if ($this->reqUGroup && !User::isInGroup($this->reqUGroup)) if ($this->reqUGroup && !User::isInGroup($this->reqUGroup))
$this->error(); $this->error();
parent::__construct($pageCall, $pageParam); // just to set g_user and g_locale
$this->search =
$this->query = trim(urlDecode($pageParam));
// sanitize stat weights // sanitize stat weights
if (!empty($_GET['wt']) && !empty($_GET['wtv'])) if ($this->_get['wt'] && $this->_get['wtv'])
{ {
$wt = explode(':', $_GET['wt']); $wt = $this->_get['wt'];
$wtv = explode(':', $_GET['wtv']); $wtv = $this->_get['wtv'];
$nwt = count($wt); $nwt = count($wt);
$nwtv = count($wtv); $nwtv = count($wtv);
@@ -74,25 +85,23 @@ class SearchPage extends GenericPage
array_splice($wtv, $nwt); array_splice($wtv, $nwt);
if ($wt && $wtv) if ($wt && $wtv)
$this->statWeights = [array_map('intVal', $wt), array_map('intVal', $wtv)]; $this->statWeights = [$wt, $wtv];
} }
// select search mode // select search mode
if (isset($_GET['json'])) if ($this->_get['json'])
{ {
if ($_ = intVal($this->search)) // allow for search by Id if ($_ = intVal($this->search)) // allow for search by Id
$this->query = $_; $this->query = $_;
$type = isset($_GET['type']) ? intVal($_GET['type']) : 0; if ($this->_get['slots'])
if (!empty($_GET['slots']))
$this->searchMask |= SEARCH_TYPE_JSON | 0x40; $this->searchMask |= SEARCH_TYPE_JSON | 0x40;
else if ($type == TYPE_ITEMSET) else if ($this->_get['type'] == TYPE_ITEMSET)
$this->searchMask |= SEARCH_TYPE_JSON | 0x60; $this->searchMask |= SEARCH_TYPE_JSON | 0x60;
else if ($type == TYPE_ITEM) else if ($this->_get['type'] == TYPE_ITEM)
$this->searchMask |= SEARCH_TYPE_JSON | 0x40; $this->searchMask |= SEARCH_TYPE_JSON | 0x40;
} }
else if (isset($_GET['opensearch'])) else if ($this->_get['opensearch'])
{ {
$this->maxResults = CFG_SQL_LIMIT_QUICKSEARCH; $this->maxResults = CFG_SQL_LIMIT_QUICKSEARCH;
$this->searchMask |= SEARCH_TYPE_OPEN | SEARCH_MASK_OPEN; $this->searchMask |= SEARCH_TYPE_OPEN | SEARCH_MASK_OPEN;
@@ -104,8 +113,6 @@ class SearchPage extends GenericPage
if (CFG_MAINTENANCE && !User::isInGroup(U_GROUP_EMPLOYEE) && !($this->searchMask & SEARCH_TYPE_REGULAR)) if (CFG_MAINTENANCE && !User::isInGroup(U_GROUP_EMPLOYEE) && !($this->searchMask & SEARCH_TYPE_REGULAR))
$this->notFound(); $this->notFound();
parent::__construct($pageCall, $pageParam); // just to set g_user and g_locale
// fill include, exclude and ignore // fill include, exclude and ignore
$this->tokenizeQuery(); $this->tokenizeQuery();
@@ -555,8 +562,7 @@ class SearchPage extends GenericPage
$cnd[] = ['i.class', [ITEM_CLASS_WEAPON, ITEM_CLASS_GEM, ITEM_CLASS_ARMOR]]; $cnd[] = ['i.class', [ITEM_CLASS_WEAPON, ITEM_CLASS_GEM, ITEM_CLASS_ARMOR]];
$cnd[] = $cndAdd; $cnd[] = $cndAdd;
$slots = isset($_GET['slots']) ? explode(':', $_GET['slots']) : []; if ($_ = array_filter($this->_get['slots']))
if ($_ = array_filter(array_map('intVal', $slots)))
$cnd[] = ['slot', $_]; $cnd[] = ['slot', $_];
// trick ItemListFilter into evaluating weights // trick ItemListFilter into evaluating weights

6
pages/sound.php
View File

@@ -16,15 +16,17 @@ class SoundPage extends GenericPage
protected $tabId = 0; protected $tabId = 0;
protected $mode = CACHE_TYPE_PAGE; protected $mode = CACHE_TYPE_PAGE;
private $cat = 0;
protected $special = false; protected $special = false;
protected $_get = ['playlist' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkEmptySet']];
private $cat = 0;
public function __construct($pageCall, $id) public function __construct($pageCall, $id)
{ {
parent::__construct($pageCall, $id); parent::__construct($pageCall, $id);
// special case // special case
if (!$id && isset($_GET['playlist'])) if (!$id && $this->_get['playlist'])
{ {
$this->special = true; $this->special = true;
$this->name = Lang::sound('cat', 1000); $this->name = Lang::sound('cat', 1000);

4
pages/sounds.php
View File

@@ -18,6 +18,8 @@ class SoundsPage extends GenericPage
protected $validCats = [1, 2, 3, 4, 6, 9, 10, 12, 13, 14, 16, 17, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 50, 52, 53]; protected $validCats = [1, 2, 3, 4, 6, 9, 10, 12, 13, 14, 16, 17, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 50, 52, 53];
protected $js = ['filters.js']; protected $js = ['filters.js'];
protected $_get = ['filter' => ['filter' => FILTER_UNSAFE_RAW]];
public function __construct($pageCall, $pageParam) public function __construct($pageCall, $pageParam)
{ {
$this->getCategoryFromUrl($pageParam);; $this->getCategoryFromUrl($pageParam);;
@@ -43,7 +45,7 @@ class SoundsPage extends GenericPage
$conditions[] = $_; $conditions[] = $_;
$this->filter = $this->filterObj->getForm(); $this->filter = $this->filterObj->getForm();
$this->filter['query'] = isset($_GET['filter']) ? $_GET['filter'] : null; $this->filter['query'] = $this->_get['filter'];
$tabData = []; $tabData = [];
$sounds = new SoundList($conditions); $sounds = new SoundList($conditions);

6
pages/spell.php
View File

@@ -18,6 +18,8 @@ class SpellPage extends GenericPage
protected $mode = CACHE_TYPE_PAGE; protected $mode = CACHE_TYPE_PAGE;
protected $js = ['swfobject.js']; protected $js = ['swfobject.js'];
protected $_get = ['domain' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkDomain']];
private $difficulties = []; private $difficulties = [];
private $firstRank = 0; private $firstRank = 0;
private $powerTpl = '$WowheadPower.registerSpell(%d, %d, %s);'; private $powerTpl = '$WowheadPower.registerSpell(%d, %d, %s);';
@@ -27,8 +29,8 @@ class SpellPage extends GenericPage
parent::__construct($pageCall, $id); parent::__construct($pageCall, $id);
// temp locale // temp locale
if ($this->mode == CACHE_TYPE_TOOLTIP && isset($_GET['domain'])) if ($this->mode == CACHE_TYPE_TOOLTIP && $this->_get['domain'])
Util::powerUseLocale($_GET['domain']); Util::powerUseLocale($this->_get['domain']);
$this->typeId = intVal($id); $this->typeId = intVal($id);

5
pages/spells.php
View File

@@ -16,6 +16,9 @@ class SpellsPage extends GenericPage
protected $tabId = 0; protected $tabId = 0;
protected $mode = CACHE_TYPE_PAGE; protected $mode = CACHE_TYPE_PAGE;
protected $js = ['filters.js']; protected $js = ['filters.js'];
protected $_get = ['filter' => ['filter' => FILTER_UNSAFE_RAW]];
protected $validCats = array( protected $validCats = array(
-2 => array( // Talents: Class => Skill -2 => array( // Talents: Class => Skill
1 => [ 26, 256, 257], 1 => [ 26, 256, 257],
@@ -412,7 +415,7 @@ class SpellsPage extends GenericPage
// recreate form selection // recreate form selection
$this->filter = $this->filterObj->getForm(); $this->filter = $this->filterObj->getForm();
$this->filter['query'] = isset($_GET['filter']) ? $_GET['filter'] : NULL; $this->filter['query'] = $this->_get['filter'];
$this->filter['initData'] = ['init' => 'spells']; $this->filter['initData'] = ['init' => 'spells'];
if ($ec = $this->filterObj->getExtraCols()) if ($ec = $this->filterObj->getExtraCols())

4
pages/utility.php
View File

@@ -17,6 +17,8 @@ class UtilityPage extends GenericPage
'unrated-comments', 11 => 'latest-videos', 12 => 'most-comments', 13 => 'missing-screenshots' 'unrated-comments', 11 => 'latest-videos', 12 => 'most-comments', 13 => 'missing-screenshots'
); );
protected $_get = ['rss' => ['filter' => FILTER_CALLBACK, 'options' => 'GenericPage::checkEmptySet']];
private $page = ''; private $page = '';
private $rss = false; private $rss = false;
private $feedData = []; private $feedData = [];
@@ -28,7 +30,7 @@ class UtilityPage extends GenericPage
parent::__construct($pageCall, $pageParam); parent::__construct($pageCall, $pageParam);
$this->page = $pageCall; $this->page = $pageCall;
$this->rss = isset($_GET['rss']); $this->rss = $this->_get['rss'];
if ($this->page != 'random') if ($this->page != 'random')
$this->name = Lang::main('utilities', array_search($pageCall, $this->validPages)); $this->name = Lang::main('utilities', array_search($pageCall, $this->validPages));

2
template/bricks/pageTemplate.tpl.php
View File

@@ -5,7 +5,7 @@ if ($this->contribute & CONTRIBUTE_CO):
endif; endif;
if ($this->contribute & CONTRIBUTE_SS): if ($this->contribute & CONTRIBUTE_SS):
echo " var lv_screenshots = ".Util::toJSON($this->community['sc']).";\n"; echo " var lv_screenshots = ".Util::toJSON($this->community['ss']).";\n";
endif; endif;
if ($this->contribute & CONTRIBUTE_VI): if ($this->contribute & CONTRIBUTE_VI):
echo " var lv_videos = ".Util::toJSON($this->community['vi']).";\n"; echo " var lv_videos = ".Util::toJSON($this->community['vi']).";\n";