AjaxHandler

* separated into appropriate subclasses * unified sanitizing of $_GET and $_POST data using build in filter_input() * index now always tries to resolve page calls with ajaxHandler first and as a page last minor bug-fixes to bugs that wre not reported yet, because they didn't occur yet (e.g.: nobody tried to compose a comment with >7500 characters yet)
2025-11-29 15:58:16 +08:00 · 2015-11-08 18:53:44 +01:00
parent 141bc10901
commit 99fdad29dd
14 changed files with 1570 additions and 1297 deletions
--- a/includes/ajaxHandler/cookie.class.php
+++ b/includes/ajaxHandler/cookie.class.php
@@ -0,0 +1,37 @@
+<?php
+
+if (!defined('AOWOW_REVISION'))
+    die('invalid access');
+
+class AjaxCookie extends AjaxHandler
+{
+    public function __construct(array $params)
+    {
+        // note that parent::__construct has to come after this
+        if (!$params || !User::$id)
+            return;
+
+        $this->_get = array(
+            this->params[0] => [FILTER_SANITIZE_STRING, 0xC], // FILTER_FLAG_STRIP_LOW | *_HIGH
+        );
+
+        // NOW we know, what to expect and sanitize
+        parent::__construct($params);
+
+        // always this one
+        $this->handler = 'handleCookie';
+    }
+
+    /* responses
+        0: success
+        $: silent error
+    */
+    protected function handleCookie()
+    {
+        if (User::$id && $this->params && $this->_get[$this->params[0]])
+            if (DB::Aowow()->query('REPLACE INTO ?_account_cookies VALUES (?d, ?, ?)', User::$id, $this->params[0], $this->_get[$this->params[0]]))
+                return 0;
+
+        return null;
+    }
+}