pioder/uf2
1
0
Fork 0
Code Releases Activity

improved data filtering in controllers

Browse Source
This commit is contained in:
Piotr Dergun
2015-02-16 19:59:00 +01:00
parent 8354bd53a3
commit 2a335e9c6c
3 changed files with 109 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
inc/controllers/MainController.class.php
View File

@@ -49,7 +49,7 @@ class MainController extends Controller
$this->loadModel('ForumsModel');
$_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
get_clean('id', $this->db);
$f = $this->getModel('ForumsModel')->getForum($_GET['id']);
@@ -87,10 +87,10 @@ class MainController extends Controller
else
$_GET['rank'] = '';
$_POST['sort_type'] = (isset($_POST['sort_type'])) ? $this->db->real_escape_string($_POST['sort_type']) : 'regdate';
post_default('sort_type', 'regdate');
$allowed_sorting = array('regdate', 'lastvisit', 'nick', 'post_count');
if (!in_array($_POST['sort_type'], $allowed_sorting))
$_POST['sort_type'] = '';
$_POST['sort_type'] = 'regdate';
$_POST['sort_desc'] = (isset($_POST['sort_desc'])) ? 'DESC' : 'ASC';
$this->getView('MainView')->userlist();
@@ -99,11 +99,9 @@ class MainController extends Controller
public function viewtopic()
{
$this->loadDependencies();
$this->loadModel('PostsModel');
$_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
get_clean('id', $this->db);
$t = $this->getModel('PostsModel')->getTopic($_GET['id']);
if ($t == null)
@@ -141,8 +139,8 @@ class MainController extends Controller
$this->loadModel('PostsModel');
$this->loadModel('ForumsModel');
$_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
$_GET['submode'] = (isset($_GET['submode'])) ? trim(strip_tags($this->db->real_escape_string($_GET['submode']))) : 0;
get_clean('id', $this->db);
get_clean('submode', $this->db, false);
if (!$this->getModel('SessionModel')->isLogged())
{
@@ -210,13 +208,11 @@ class MainController extends Controller
case 'deletepost':
$this->getModel('PostsModel')->deletePost($_GET['id']);
$this->getView('MainView')->forum_message('Post deleted. Redirecting...', buildURL('index.php?mode=viewtopic&id='.$p['topic_id']));
$lockv = true;
break;
case 'deletetopic':
$this->getModel('PostsModel')->deleteTopic($_GET['id']);
$this->getView('MainView')->forum_message('Topic deleted. Redirecting...', buildURL('index.php?mode=viewforum&id='.$t['forum_id']));
$lockv = true;
break;
case 'locktopic':
@@ -230,8 +226,8 @@ class MainController extends Controller
$this->getModel('PostsModel')->lockTopic($_GET['id'], false);
$this->getView('MainView')->forum_message('Topic unlocked. Redirecting...', buildURL('index.php?mode=viewtopic&id='.$_GET['id']));
}
$lockv = true;
break;
case 'sticktopic':
if ($t['topic_sticky'] == false)
{
@@ -243,8 +239,8 @@ class MainController extends Controller
$this->getModel('PostsModel')->stickTopic($_GET['id'], false);
$this->getView('MainView')->forum_message('Topic unsticked. Redirecting...', buildURL('index.php?mode=viewtopic&id='.$_GET['id']));
}
$lockv = true;
break;
case 'movetopic':
if ($this->getModel('ForumsModel')->getForum($_POST['forum_id']) == null)
$this->getView('MainView')->forum_message('Forum does not exist!', buildURL('index.php?mode=viewtopic&id='.$_GET['id']));
@@ -253,10 +249,10 @@ class MainController extends Controller
$this->getModel('PostsModel')->moveTopic($_GET['id'], $_POST['forum_id']);
$this->getView('MainView')->forum_message('Topic moved. Redirecting...', buildURL('index.php?mode=viewtopic&id='.$_GET['id']));
}
$lockv = true;
break;
break;
}
$lockv = true;
}
else
{
@@ -307,12 +303,11 @@ class MainController extends Controller
public function posting($type)
{
$this->loadDependencies();
$msg = '';
$this->loadModel('PostsModel');
$this->loadModel('ForumsModel');
$_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
$msg = '';
get_clean('id', $this->db);
if (!$this->getModel('SessionModel')->isLogged())
{
@@ -365,7 +360,7 @@ class MainController extends Controller
if ($type == POSTING_QUOTE)
{
$_GET['q'] = (isset($_GET['q'])) ? trim(strip_tags($this->db->real_escape_string($_GET['q']))) : 0;
get_clean('q', $this->db);
$qp = $this->getModel('PostsModel')->getPost($_GET['q']);
if ($qp == null)
@@ -425,11 +420,11 @@ class MainController extends Controller
//posting a HTML form --------------------------------------------------------------------------------
if (isset($_POST['post']) && !isset($_POST['preview']) && !isset($lockv))
{
$_POST['post'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['post'])));
post_clean('post', $this->db, array('spchars'));
if ($type == POSTING_NEWTOPIC || $type == POSTING_EDITTOPIC) //walidacja tytułu tematu (add, edit)
{
$_POST['topic'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['topic'])));
post_clean('topic', $this->db, array('spchars'));
if (strlen($_POST['topic']) < 3)
$msg .= 'Topic title is too short (min 3 characters)<br>';
@@ -481,23 +476,23 @@ class MainController extends Controller
{
case POSTING_NEWTOPIC:
case POSTING_REPLY:
$_POST['post'] = (isset($_POST['post'])) ? stripslashes($_POST['post']) : '';
post_default('post', '');
break;
case POSTING_EDITTOPIC:
$_POST['post'] = (isset($_POST['post'])) ? stripslashes($_POST['post']) : $p['content'];
$_POST['topic'] = (isset($_POST['topic'])) ? stripslashes($_POST['topic']) : $t['topic_title'];
post_default('post', $p['content']);
post_default('topic', $t['topic_title']);
break;
case POSTING_EDIT:
$_POST['post'] = (isset($_POST['post'])) ? stripslashes($_POST['post']) : $p['content'];
post_default('post', $p['content']);
break;
case POSTING_QUOTE:
$quote = ($qp['nick'] != null) ? '='.$qp['nick'] : '';
$_POST['post'] = (isset($_POST['post'])) ? stripslashes($_POST['post']) : '[quote'.$quote.']'.$qp['content'].'[/quote]';
post_default('post', '[quote'.$quote.']'.$qp['content'].'[/quote]');
break;
}
if ($type == POSTING_NEWTOPIC)
$_POST['topic'] = (isset($_POST['topic'])) ? stripslashes($_POST['topic']) : '';
post_default('topic', '');
$this->getView('MainView')->putExistingModel('PostsModel', $this->getModel('PostsModel'));
$this->getView('MainView')->putExistingModel('ForumsModel', $this->getModel('ForumsModel'));
@@ -522,7 +517,7 @@ class MainController extends Controller
$this->loadModel('UsersModel');
$this->getView('MainView')->putExistingModel('UsersModel', $this->getModel('UsersModel'));
$_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
get_clean('id', $this->db);
if ($this->getModel('UsersModel')->getUserInformation($_GET['id']) == null)
$this->getView('MainView')->forum_message('User does not exist!', buildURL('index.php'));
@@ -548,13 +543,13 @@ class MainController extends Controller
if (isset($_POST['nick'], $_POST['passwd'], $_POST['passwd_confirm'], $_POST['email']))
{
//secure pools
$_POST['nick'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['nick'])));
$_POST['passwd_old'] = trim($_POST['passwd_old']);
$_POST['passwd'] = trim($_POST['passwd']);
$_POST['passwd_confirm'] = trim($_POST['passwd_confirm']);
$_POST['email'] = trim(strip_tags($this->db->real_escape_string($_POST['email'])));
$_POST['location'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['location'])));
$_POST['signature'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['signature'])));
post_clean('nick', $this->db, array('spchars'));
post_clean('passwd_old', $this->db, array());
post_clean('passwd', $this->db, array());
post_clean('passwd_confirm', $this->db, array());
post_clean('email', $this->db);
post_clean('location', $this->db, array('spchars'));
post_clean('signature', $this->db, array('spchars'));
if ($_POST['email'] != $user_info['email'] || $_POST['passwd'] != '')
{
@@ -619,10 +614,10 @@ class MainController extends Controller
}
}
$_POST['nick'] = (isset($_POST['nick'])) ? stripslashes($_POST['nick']) : $user_info['nick'];
$_POST['email'] = (isset($_POST['email'])) ? stripslashes($_POST['email']) : $user_info['email'];
$_POST['location'] = (isset($_POST['location'])) ? stripslashes($_POST['location']) : $user_info['location'];
$_POST['signature'] = (isset($_POST['signature'])) ? stripslashes($_POST['signature']) : $user_info['signature'];
post_default('nick', $user_info['nick']);
post_default('email', $user_info['email']);
post_default('location', $user_info['location']);
post_default('signature', $user_info['signature']);
$this->getView('MainView')->putExistingModel('UsersModel', $this->getModel('UsersModel'));
@@ -656,7 +651,7 @@ class MainController extends Controller
if (isset($_POST['nick'], $_POST['passwd']))
{
//secure pools
$_POST['nick'] = trim(strip_tags($this->db->real_escape_string($_POST['nick'])));
post_clean('nick', $this->db);
$_POST['passwd'] = $this->getModel('UsersModel')->generatePasswordHash($_POST['nick'], trim($this->db->real_escape_string($_POST['passwd'])));
$userinfo = $this->getModel('SessionModel')->tryGetUser($_POST['nick'], $_POST['passwd']);
@@ -682,7 +677,7 @@ class MainController extends Controller
}
}
$_POST['nick'] = (isset($_POST['nick'])) ? stripslashes($_POST['nick']) : '';
post_default('nick', '');
if (!isset($lockv))
$this->getView('MainView')->login_form($msg);
}
@@ -699,10 +694,10 @@ class MainController extends Controller
if (isset($_POST['nick'], $_POST['passwd'], $_POST['passwd_confirm'], $_POST['email']))
{
//secure pools
$_POST['nick'] = trim(strip_tags($this->db->real_escape_string($_POST['nick'])));
$_POST['passwd'] = trim($_POST['passwd']);
$_POST['passwd_confirm'] = trim($_POST['passwd_confirm']);
$_POST['email'] = trim(strip_tags($this->db->real_escape_string($_POST['email'])));
post_clean('nick', $this->db);
post_clean('passwd', $this->db, array());
post_clean('passwd_confirm', $this->db, array());
post_clean('email', $this->db);
if (strlen($_POST['nick']) < 3)
$msg .= 'Nick is too short (min 3 characters)<br>';
@@ -727,9 +722,8 @@ class MainController extends Controller
}
}
$_POST['nick'] = (isset($_POST['nick'])) ? stripslashes($_POST['nick']) : '';
$_POST['email'] = (isset($_POST['email'])) ? stripslashes($_POST['email']) : '';
post_default('nick', '');
post_default('email', '');
if (!isset($lockv))
$this->getView('MainView')->register_form($msg);
}