Params/Fixup

* FILTER_SANITIZE_URL is absurdly strict and will not tolerate umlauts or spaces replaced with printable chars regex
2025-11-29 15:58:16 +08:00 · 2025-11-19 17:32:26 +01:00
parent 9b905883df
commit be3701df91
5 changed files with 14 additions and 14 deletions
--- a/endpoints/account/reset-password.php
+++ b/endpoints/account/reset-password.php
@@ -25,7 +25,7 @@ class AccountresetpasswordResponse extends TemplateResponse
    protected array  $expectedGET  = array(
        'key'  => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[a-zA-Z0-9]{40}$/']],
-        'next' => ['filter' => FILTER_SANITIZE_URL,    'flags'   => FILTER_FLAG_STRIP_AOWOW            ]
+        'next' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[[:print:]]+$/'   ]]
    );
    protected array  $expectedPOST = array(
        'key'        => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[a-zA-Z0-9]{40}$/']],
--- a/endpoints/account/signin.php
+++ b/endpoints/account/signin.php
@@ -28,7 +28,7 @@ class AccountSigninResponse extends TemplateResponse
    );
    protected array  $expectedGET  = array(
        'key'  => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[a-zA-Z0-9]{40}$/']],
-        'next' => ['filter' => FILTER_SANITIZE_URL,    'flags'   => FILTER_FLAG_STRIP_AOWOW            ]
+        'next' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[[:print:]]+$/']   ]
    );
    private bool $success = false;
--- a/endpoints/account/signout.php
+++ b/endpoints/account/signout.php
@@ -11,7 +11,7 @@ class AccountSignoutResponse extends TextResponse
    use TrGetNext;
    protected array $expectedGET = array(
-        'next'   => ['filter' => FILTER_SANITIZE_URL, 'flags' => FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH],
+        'next'   => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[[:print:]]+$/']],
        'global' => ['filter' => FILTER_CALLBACK,        'options' => [self::class, 'checkEmptySet']  ]
    );
--- a/endpoints/account/signup.php
+++ b/endpoints/account/signup.php
@@ -26,7 +26,7 @@ class AccountSignupResponse extends TemplateResponse
    );
    protected array  $expectedGET  = array(
-        'next' => ['filter' => FILTER_SANITIZE_URL, 'flags' => FILTER_FLAG_STRIP_AOWOW]
+        'next' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[[:print:]]+$/']]
    );
    private bool $success = false;
--- a/endpoints/contactus/contactus.php
+++ b/endpoints/contactus/contactus.php
@@ -13,10 +13,10 @@ class ContactusBaseResponse extends TextResponse
        'reason'     => ['filter' => FILTER_VALIDATE_INT                                                  ],
        'ua'         => ['filter' => FILTER_CALLBACK,        'options' => [self::class, 'checkTextLine']  ],
        'appname'    => ['filter' => FILTER_CALLBACK,        'options' => [self::class, 'checkTextLine']  ],
-        'page'       => ['filter' => FILTER_SANITIZE_URL                                         ],
+        'page'       => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[[:print:]]+$/']],
        'desc'       => ['filter' => FILTER_CALLBACK,        'options' => [self::class, 'checkTextBlob']  ],
        'id'         => ['filter' => FILTER_VALIDATE_INT                                                  ],
-        'relatedurl' => ['filter' => FILTER_SANITIZE_URL                                         ],
+        'relatedurl' => ['filter' => FILTER_VALIDATE_REGEXP, 'options' => ['regexp' => '/^[[:print:]]+$/']],
        'email'      => ['filter' => FILTER_SANITIZE_EMAIL                                                ]
    );