This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, master has been updated
via 97481b0d5fcfe43aa5169277cf80b0454a33ebd4 (commit)
from 089c7e1ef25d1a6e3856fdfbd64dda0b09f9d3bc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=97481b0d5fcfe43aa5169277cf80b0454a33ebd4
commit 97481b0d5fcfe43aa5169277cf80b0454a33ebd4
Author: Franck Villaume <franck.villa...@trivialdev.com>
Date: Fri Apr 23 15:20:13 2021 +0200
clean-up: use escapingUtils vs. request object
diff --git a/src/common/include/escapingUtils.php
b/src/common/include/escapingUtils.php
index 723f26b..b4efd42 100644
--- a/src/common/include/escapingUtils.php
+++ b/src/common/include/escapingUtils.php
@@ -359,6 +359,23 @@ function getFilteredStringFromRequest($string, $pattern,
$defaultValue = '') {
}
/**
+ * getFilteredIntFromRequest - get an int from REQUEST
+ *
+ * @param string $key of the wanted value
+ * @param string $pattern Regular expression of allowed values.
+ * @param integer $defaultValue if we can't find the wanted value, it returns
the default value
+ * @return integer the value or false if not valid.
+ */
+function getFilteredIntFromRequest($key, $pattern, $defaultValue = 0) {
+ $value = getIntFromRequest($key, $defaultValue);
+ if (preg_match($pattern, $value)) {
+ return $value;
+ } else {
+ return $defaultValue;
+ }
+}
+
+/**
* existInRequest - check if a var exists in REQUEST
*
* @param any $var key to check
diff --git a/src/plugins/blocks/common/blocks_Widget_HomeSummary.class.php
b/src/plugins/blocks/common/blocks_Widget_HomeSummary.class.php
index b091102..b17dd29 100644
--- a/src/plugins/blocks/common/blocks_Widget_HomeSummary.class.php
+++ b/src/plugins/blocks/common/blocks_Widget_HomeSummary.class.php
@@ -1,7 +1,7 @@
<?php
/**
* Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights
reserved
- * Copyright 2016, Franck Villaume - TrivialDev
+ * Copyright 2016,2021, Franck Villaume - TrivialDev
*
* This file is a part of Codendi.
*
@@ -26,7 +26,6 @@ class blocks_Widget_HomeSummary extends Widget {
var $content = '';
function __construct($owner_type, $owner_id) {
- $request =& HTTPRequest::instance();
if ($owner_type == WidgetLayoutManager::OWNER_TYPE_HOME) {
$this->widget_id = 'plugin_blocks_home_summary';
$this->group_id = $owner_id;
@@ -75,22 +74,13 @@ class blocks_Widget_HomeSummary extends Widget {
function getInstallPreferences() {
return $this->getPartialPreferencesForm(_('Enter title of
block'), '');
}
- function updatePreferences(&$request) {
+ function updatePreferences() {
$done = false;
- $vContentId = new Valid_UInt('content_id');
- $vContentId->required();
- if ($request->valid($vContentId)) {
- $vTitle = new Valid_String('title');
- if($request->valid($vTitle)) {
- $title =
htmlspecialchars($request->get('title'));
- } else {
- $title = '';
- }
+ if (existInRequest('content_id')) {
+ $title = htmlspecialchars(getStringFromRequest('title',
''));
- $vContent = new Valid_Text('body');
- $vContent->required();
- if($request->valid($vContent)) {
- $content = $request->get('body');
+ if(existInRequest('body')) {
+ $content = getStringFromRequest('body');
if (getStringFromRequest('_body_content_type')
== 'html') {
$content =
TextSanitizer::purify($content);
} else {
@@ -102,7 +92,7 @@ class blocks_Widget_HomeSummary extends Widget {
if ($content) {
$sql = "UPDATE plugin_blocks SET title=$1,
content=$2 WHERE group_id =$3 AND id = $4";
- $res =
db_query_params($sql,array($title,$content,$this->group_id,(int)$request->get('content_id')));
+ $res = db_query_params($sql, array($title,
$content, $this->group_id, getIntFromRequest('content_id')));
$done = true;
}
}
@@ -115,7 +105,7 @@ class blocks_Widget_HomeSummary extends Widget {
$this->content_id = $id;
}
- function create(&$request) {
+ function create() {
$title = getStringFromRequest('title');
$content = getStringFromRequest('body');
$res = db_query_params('INSERT INTO plugin_blocks (group_id,
name, status, title, content)
diff --git a/src/plugins/blocks/common/blocks_Widget_ProjectSummary.class.php
b/src/plugins/blocks/common/blocks_Widget_ProjectSummary.class.php
index 90d6e9e..ea9c716 100644
--- a/src/plugins/blocks/common/blocks_Widget_ProjectSummary.class.php
+++ b/src/plugins/blocks/common/blocks_Widget_ProjectSummary.class.php
@@ -27,7 +27,7 @@ class blocks_Widget_ProjectSummary extends Widget {
function __construct($owner_type, $owner_id) {
$request =& HTTPRequest::instance();
if ($owner_type == WidgetLayoutManager::OWNER_TYPE_USER) {
- $this->widget_id = 'plugin_hudson_my_jobbuildhistory';
+ $this->widget_id = 'plugin_blocks_user_summary';
$this->group_id = $owner_id;
} else {
$this->widget_id = 'plugin_blocks_project_summary';
@@ -77,22 +77,13 @@ class blocks_Widget_ProjectSummary extends Widget {
return $this->getPartialPreferencesForm(_("Enter title of
block"), '');
}
- function updatePreferences(&$request) {
+ function updatePreferences() {
$done = false;
- $vContentId = new Valid_UInt('content_id');
- $vContentId->required();
- if ($request->valid($vContentId)) {
- $vTitle = new Valid_String('title');
- if($request->valid($vTitle)) {
- $title =
htmlspecialchars($request->get('title'));
- } else {
- $title = '';
- }
+ if (existInRequest('content_id')) {
+ $title = htmlspecialchars(getStringFromRequest('title',
''));
- $vContent = new Valid_Text('body');
- $vContent->required();
- if($request->valid($vContent)) {
- $content = $request->get('body');
+ if(existInRequest('body')) {
+ $content = getStringFromRequest('body');
if (getStringFromRequest('_body_content_type')
== 'html') {
$content =
TextSanitizer::purify($content);
} else {
@@ -104,7 +95,7 @@ class blocks_Widget_ProjectSummary extends Widget {
if ($content) {
$sql = "UPDATE plugin_blocks SET title=$1,
content=$2 WHERE group_id =$3 AND id = $4";
- $res =
db_query_params($sql,array($title,$content,$this->group_id,(int)$request->get('content_id')));
+ $res =
db_query_params($sql,array($title,$content,$this->group_id,
getIntFromRequest('content_id')));
$done = true;
}
}
@@ -120,7 +111,7 @@ class blocks_Widget_ProjectSummary extends Widget {
}
}
- function create(&$request) {
+ function create() {
$title = getStringFromRequest('title');
$content = getStringFromRequest('body');
$res = db_query_params('INSERT INTO plugin_blocks (group_id,
name, status, title, content)
diff --git a/src/plugins/hudson/include/HudsonJobWidget.class.php
b/src/plugins/hudson/include/HudsonJobWidget.class.php
index d2b84ae..21a47f3 100644
--- a/src/plugins/hudson/include/HudsonJobWidget.class.php
+++ b/src/plugins/hudson/include/HudsonJobWidget.class.php
@@ -34,13 +34,10 @@ abstract class HudsonJobWidget extends HudsonWidget {
return false;
}
- function create(&$request) {
+ function create() {
$content_id = false;
- $vId = new Valid_Uint('job_id');
- $vId->setErrorMessage(_("Cannot add empty job id"));
- $vId->required();
- if ($request->valid($vId)) {
- $job_id = $request->get('job_id');
+ $job_id = getIntFromRequest('job_id');
+ if ($job_id) {
$sql = 'INSERT INTO plugin_hudson_widget (widget_name,
owner_id, owner_type, job_id) VALUES ($1,$2,$3,$4)';
$res =
db_query_params($sql,array($this->id,$this->owner_id,$this->owner_type,$job_id));
$content_id =
db_insertid($res,'plugin_hudson_widget','id');
@@ -100,12 +97,11 @@ abstract class HudsonJobWidget extends HudsonWidget {
return $prefs;
}
- function updatePreferences(&$request) {
- $request->valid(new Valid_String('cancel'));
- if (!$request->exist('cancel')) {
- $job_id = $request->get($this->id);
+ function updatePreferences() {
+ if (!existInRequest('cancel')) {
+ $job_id = getIntFromRequest($this->id);
$sql = "UPDATE plugin_hudson_widget SET job_id=$1 WHERE
owner_id = $2 AND owner_type = $3 AND id = $4";
- $res =
db_query_params($sql,array($job_id,$this->owner_id,$this->owner_type,(int)$request->get('content_id')));
+ $res = db_query_params($sql, array($job_id,
$this->owner_id, $this->owner_type, getIntFromRequest('content_id')));
}
return true;
}
diff --git a/src/plugins/hudson/include/hudson.class.php
b/src/plugins/hudson/include/hudson.class.php
index 56b6b5c..d1e7e67 100644
--- a/src/plugins/hudson/include/hudson.class.php
+++ b/src/plugins/hudson/include/hudson.class.php
@@ -1,7 +1,7 @@
<?php
/**
* Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights
reserved
- * Copyright 2013-2014, Franck Villaume - TrivialDev
+ * Copyright 2013-2014,2021, Franck Villaume - TrivialDev
*
* This file is a part of Fusionforge.
*
@@ -43,19 +43,16 @@ class hudson extends Controler {
function request() {
global $feedback, $error_msg;
- $request =& HTTPRequest::instance();
- $vgi = new Valid_GroupId();
- $vgi->required();
- if ($request->valid($vgi)) {
- $group_id = $request->get('group_id');
- $project = group_get_object($group_id);
- if ($project->usesService('hudson')) {
- $user =
UserManager::instance()->getCurrentUser();
- if (forge_check_perm('plugin_hudson_read',
$group_id, 'read')) {
- switch($request->get('action')) {
+ $group_id = getFilteredIntFromRequest('group_id', '\d');
+ $project = group_get_object($group_id);
+ if ($project->usesService('hudson')) {
+ $user = session_get_user();
+ if (forge_check_perm('plugin_hudson_read', $group_id,
'read')) {
+ $action = getStringFromRequest('action');
+ switch($action) {
case 'add_job':
if
($user->isMember($group_id, 'A')) {
- if (
$request->exist('hudson_job_url') && trim($request->get('hudson_job_url') !=
'') ) {
+ if
(existInRequest('hudson_job_url') && (getStringFromRequest('hudson_job_url') !=
'')) {
$this->action = 'addJob';
} else {
$error_msg .= _('Missing Hudson job url (eg:
http://myCIserver:8080/hudson/job/MyJob)');
@@ -68,7 +65,7 @@ class hudson extends Controler {
break;
case 'edit_job':
if
($user->isMember($group_id,'A')) {
- if
($request->exist('job_id')) {
+ if
(existInRequest('job_id')) {
$this->view = 'editJob';
} else {
$error_msg .= _('Missing Hudson job ID');
@@ -80,8 +77,8 @@ class hudson extends Controler {
break;
case 'update_job':
if
($user->isMember($group_id, 'A')) {
- if
($request->exist('job_id')) {
- if
($request->exist('new_hudson_job_url') && $request->get('new_hudson_job_url')
!= '') {
+ if
(existInRequest('job_id')) {
+ if
(existInRequest('new_hudson_job_url') &&
(getStringFromRequest('new_hudson_job_url') != '')) {
$this->action = 'updateJob';
} else {
$error_msg .= _('Missing Hudson job url (eg:
http://myCIserver:8080/hudson/job/MyJob)');
@@ -97,7 +94,7 @@ class hudson extends Controler {
break;
case 'delete_job':
if
($user->isMember($group_id, 'A')) {
- if
($request->exist('job_id')) {
+ if
(existInRequest('job_id')) {
$this->action = 'deleteJob';
} else {
$error_msg .= _('Missing Hudson job ID');
diff --git a/src/plugins/hudson/include/hudson_Widget_MyMonitoredJobs.class.php
b/src/plugins/hudson/include/hudson_Widget_MyMonitoredJobs.class.php
index 8d5194d..e67775f 100644
--- a/src/plugins/hudson/include/hudson_Widget_MyMonitoredJobs.class.php
+++ b/src/plugins/hudson/include/hudson_Widget_MyMonitoredJobs.class.php
@@ -38,7 +38,7 @@ class hudson_Widget_MyMonitoredJobs extends
HudsonOverviewWidget {
function __construct($plugin) {
parent::__construct('plugin_hudson_my_jobs');
$this->plugin = $plugin;
- $user=UserManager::instance()->getCurrentUser();
+ $user = session_get_user();
$this->_not_monitored_jobs =
$user->getPreference('plugin_hudson_my_not_monitored_jobs');
if ($this->_not_monitored_jobs === false) {
$this->_not_monitored_jobs = array();
@@ -105,10 +105,9 @@ class hudson_Widget_MyMonitoredJobs extends
HudsonOverviewWidget {
}
function updatePreferences(&$request) {
- $request->valid(new Valid_String('cancel'));
- if (!$request->exist('cancel')) {
+ if (existInRequest('cancel')) {
$monitored_jobs = $request->get('myhudsonjobs');
- $user = UserManager::instance()->getCurrentUser();
+ $user = session_get_user();
$job_dao = new
PluginHudsonJobDao(CodendiDataAccess::instance());
$dar = $job_dao->searchByUserID($user->getId());
$not_monitored_jobs = array();
@@ -137,7 +136,7 @@ class hudson_Widget_MyMonitoredJobs extends
HudsonOverviewWidget {
$prefs = '';
// Monitored jobs
$prefs .= '<strong>'._("Monitored jobs:").'</strong><br />';
- $user = UserManager::instance()->getCurrentUser();
+ $user = session_get_user();
$job_dao = new
PluginHudsonJobDao(CodendiDataAccess::instance());
$dar = $job_dao->searchByUserID($user->getId());
while ($dar->valid()) {
@@ -201,7 +200,7 @@ class hudson_Widget_MyMonitoredJobs extends
HudsonOverviewWidget {
}
function _getMonitoredJobsByUser() {
- $user = UserManager::instance()->getCurrentUser();
+ $user = session_get_user();
$job_dao = new
PluginHudsonJobDao(CodendiDataAccess::instance());
$dar = $job_dao->searchByUserID($user->getId());
$monitored_jobs = array();
diff --git
a/src/plugins/hudson/include/hudson_Widget_ProjectJobsOverview.class.php
b/src/plugins/hudson/include/hudson_Widget_ProjectJobsOverview.class.php
index c2c799d..8c9c052 100644
--- a/src/plugins/hudson/include/hudson_Widget_ProjectJobsOverview.class.php
+++ b/src/plugins/hudson/include/hudson_Widget_ProjectJobsOverview.class.php
@@ -1,7 +1,7 @@
<?php
/**
* Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights
reserved
- * Copyright 2014,2016,2019, Franck Villaume - TrivialDev
+ * Copyright 2014,2016,2019,2021, Franck Villaume - TrivialDev
*
* This file is a part of Fusionforge.
*
@@ -39,8 +39,7 @@ class hudson_Widget_ProjectJobsOverview extends
HudsonOverviewWidget {
parent::__construct('plugin_hudson_project_jobsoverview');
$this->plugin = $plugin;
- $request =& HTTPRequest::instance();
- $this->group_id = $request->get('group_id');
+ $this->group_id = getIntFromRequest('group_id');
if ($this->_use_global_status === true) {
$this->_all_status = array(
-----------------------------------------------------------------------
Summary of changes:
src/common/include/escapingUtils.php | 17 +++++++++++++
.../common/blocks_Widget_HomeSummary.class.php | 26 ++++++-------------
.../common/blocks_Widget_ProjectSummary.class.php | 25 ++++++-------------
.../hudson/include/HudsonJobWidget.class.php | 18 ++++++--------
src/plugins/hudson/include/hudson.class.php | 29 ++++++++++------------
.../hudson_Widget_MyMonitoredJobs.class.php | 11 ++++----
.../hudson_Widget_ProjectJobsOverview.class.php | 5 ++--
7 files changed, 60 insertions(+), 71 deletions(-)
hooks/post-receive
--
FusionForge
_______________________________________________
Fusionforge-commits mailing list
Fusionforge-commits@lists.fusionforge.org
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits
