This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "FusionForge".
The branch, master has been updated via 97481b0d5fcfe43aa5169277cf80b0454a33ebd4 (commit) from 089c7e1ef25d1a6e3856fdfbd64dda0b09f9d3bc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=97481b0d5fcfe43aa5169277cf80b0454a33ebd4 commit 97481b0d5fcfe43aa5169277cf80b0454a33ebd4 Author: Franck Villaume <franck.villa...@trivialdev.com> Date: Fri Apr 23 15:20:13 2021 +0200 clean-up: use escapingUtils vs. request object diff --git a/src/common/include/escapingUtils.php b/src/common/include/escapingUtils.php index 723f26b..b4efd42 100644 --- a/src/common/include/escapingUtils.php +++ b/src/common/include/escapingUtils.php @@ -359,6 +359,23 @@ function getFilteredStringFromRequest($string, $pattern, $defaultValue = '') { } /** + * getFilteredIntFromRequest - get an int from REQUEST + * + * @param string $key of the wanted value + * @param string $pattern Regular expression of allowed values. + * @param integer $defaultValue if we can't find the wanted value, it returns the default value + * @return integer the value or false if not valid. + */ +function getFilteredIntFromRequest($key, $pattern, $defaultValue = 0) { + $value = getIntFromRequest($key, $defaultValue); + if (preg_match($pattern, $value)) { + return $value; + } else { + return $defaultValue; + } +} + +/** * existInRequest - check if a var exists in REQUEST * * @param any $var key to check diff --git a/src/plugins/blocks/common/blocks_Widget_HomeSummary.class.php b/src/plugins/blocks/common/blocks_Widget_HomeSummary.class.php index b091102..b17dd29 100644 --- a/src/plugins/blocks/common/blocks_Widget_HomeSummary.class.php +++ b/src/plugins/blocks/common/blocks_Widget_HomeSummary.class.php @@ -1,7 +1,7 @@ <?php /** * Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights reserved - * Copyright 2016, Franck Villaume - TrivialDev + * Copyright 2016,2021, Franck Villaume - TrivialDev * * This file is a part of Codendi. * @@ -26,7 +26,6 @@ class blocks_Widget_HomeSummary extends Widget { var $content = ''; function __construct($owner_type, $owner_id) { - $request =& HTTPRequest::instance(); if ($owner_type == WidgetLayoutManager::OWNER_TYPE_HOME) { $this->widget_id = 'plugin_blocks_home_summary'; $this->group_id = $owner_id; @@ -75,22 +74,13 @@ class blocks_Widget_HomeSummary extends Widget { function getInstallPreferences() { return $this->getPartialPreferencesForm(_('Enter title of block'), ''); } - function updatePreferences(&$request) { + function updatePreferences() { $done = false; - $vContentId = new Valid_UInt('content_id'); - $vContentId->required(); - if ($request->valid($vContentId)) { - $vTitle = new Valid_String('title'); - if($request->valid($vTitle)) { - $title = htmlspecialchars($request->get('title')); - } else { - $title = ''; - } + if (existInRequest('content_id')) { + $title = htmlspecialchars(getStringFromRequest('title', '')); - $vContent = new Valid_Text('body'); - $vContent->required(); - if($request->valid($vContent)) { - $content = $request->get('body'); + if(existInRequest('body')) { + $content = getStringFromRequest('body'); if (getStringFromRequest('_body_content_type') == 'html') { $content = TextSanitizer::purify($content); } else { @@ -102,7 +92,7 @@ class blocks_Widget_HomeSummary extends Widget { if ($content) { $sql = "UPDATE plugin_blocks SET title=$1, content=$2 WHERE group_id =$3 AND id = $4"; - $res = db_query_params($sql,array($title,$content,$this->group_id,(int)$request->get('content_id'))); + $res = db_query_params($sql, array($title, $content, $this->group_id, getIntFromRequest('content_id'))); $done = true; } } @@ -115,7 +105,7 @@ class blocks_Widget_HomeSummary extends Widget { $this->content_id = $id; } - function create(&$request) { + function create() { $title = getStringFromRequest('title'); $content = getStringFromRequest('body'); $res = db_query_params('INSERT INTO plugin_blocks (group_id, name, status, title, content) diff --git a/src/plugins/blocks/common/blocks_Widget_ProjectSummary.class.php b/src/plugins/blocks/common/blocks_Widget_ProjectSummary.class.php index 90d6e9e..ea9c716 100644 --- a/src/plugins/blocks/common/blocks_Widget_ProjectSummary.class.php +++ b/src/plugins/blocks/common/blocks_Widget_ProjectSummary.class.php @@ -27,7 +27,7 @@ class blocks_Widget_ProjectSummary extends Widget { function __construct($owner_type, $owner_id) { $request =& HTTPRequest::instance(); if ($owner_type == WidgetLayoutManager::OWNER_TYPE_USER) { - $this->widget_id = 'plugin_hudson_my_jobbuildhistory'; + $this->widget_id = 'plugin_blocks_user_summary'; $this->group_id = $owner_id; } else { $this->widget_id = 'plugin_blocks_project_summary'; @@ -77,22 +77,13 @@ class blocks_Widget_ProjectSummary extends Widget { return $this->getPartialPreferencesForm(_("Enter title of block"), ''); } - function updatePreferences(&$request) { + function updatePreferences() { $done = false; - $vContentId = new Valid_UInt('content_id'); - $vContentId->required(); - if ($request->valid($vContentId)) { - $vTitle = new Valid_String('title'); - if($request->valid($vTitle)) { - $title = htmlspecialchars($request->get('title')); - } else { - $title = ''; - } + if (existInRequest('content_id')) { + $title = htmlspecialchars(getStringFromRequest('title', '')); - $vContent = new Valid_Text('body'); - $vContent->required(); - if($request->valid($vContent)) { - $content = $request->get('body'); + if(existInRequest('body')) { + $content = getStringFromRequest('body'); if (getStringFromRequest('_body_content_type') == 'html') { $content = TextSanitizer::purify($content); } else { @@ -104,7 +95,7 @@ class blocks_Widget_ProjectSummary extends Widget { if ($content) { $sql = "UPDATE plugin_blocks SET title=$1, content=$2 WHERE group_id =$3 AND id = $4"; - $res = db_query_params($sql,array($title,$content,$this->group_id,(int)$request->get('content_id'))); + $res = db_query_params($sql,array($title,$content,$this->group_id, getIntFromRequest('content_id'))); $done = true; } } @@ -120,7 +111,7 @@ class blocks_Widget_ProjectSummary extends Widget { } } - function create(&$request) { + function create() { $title = getStringFromRequest('title'); $content = getStringFromRequest('body'); $res = db_query_params('INSERT INTO plugin_blocks (group_id, name, status, title, content) diff --git a/src/plugins/hudson/include/HudsonJobWidget.class.php b/src/plugins/hudson/include/HudsonJobWidget.class.php index d2b84ae..21a47f3 100644 --- a/src/plugins/hudson/include/HudsonJobWidget.class.php +++ b/src/plugins/hudson/include/HudsonJobWidget.class.php @@ -34,13 +34,10 @@ abstract class HudsonJobWidget extends HudsonWidget { return false; } - function create(&$request) { + function create() { $content_id = false; - $vId = new Valid_Uint('job_id'); - $vId->setErrorMessage(_("Cannot add empty job id")); - $vId->required(); - if ($request->valid($vId)) { - $job_id = $request->get('job_id'); + $job_id = getIntFromRequest('job_id'); + if ($job_id) { $sql = 'INSERT INTO plugin_hudson_widget (widget_name, owner_id, owner_type, job_id) VALUES ($1,$2,$3,$4)'; $res = db_query_params($sql,array($this->id,$this->owner_id,$this->owner_type,$job_id)); $content_id = db_insertid($res,'plugin_hudson_widget','id'); @@ -100,12 +97,11 @@ abstract class HudsonJobWidget extends HudsonWidget { return $prefs; } - function updatePreferences(&$request) { - $request->valid(new Valid_String('cancel')); - if (!$request->exist('cancel')) { - $job_id = $request->get($this->id); + function updatePreferences() { + if (!existInRequest('cancel')) { + $job_id = getIntFromRequest($this->id); $sql = "UPDATE plugin_hudson_widget SET job_id=$1 WHERE owner_id = $2 AND owner_type = $3 AND id = $4"; - $res = db_query_params($sql,array($job_id,$this->owner_id,$this->owner_type,(int)$request->get('content_id'))); + $res = db_query_params($sql, array($job_id, $this->owner_id, $this->owner_type, getIntFromRequest('content_id'))); } return true; } diff --git a/src/plugins/hudson/include/hudson.class.php b/src/plugins/hudson/include/hudson.class.php index 56b6b5c..d1e7e67 100644 --- a/src/plugins/hudson/include/hudson.class.php +++ b/src/plugins/hudson/include/hudson.class.php @@ -1,7 +1,7 @@ <?php /** * Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights reserved - * Copyright 2013-2014, Franck Villaume - TrivialDev + * Copyright 2013-2014,2021, Franck Villaume - TrivialDev * * This file is a part of Fusionforge. * @@ -43,19 +43,16 @@ class hudson extends Controler { function request() { global $feedback, $error_msg; - $request =& HTTPRequest::instance(); - $vgi = new Valid_GroupId(); - $vgi->required(); - if ($request->valid($vgi)) { - $group_id = $request->get('group_id'); - $project = group_get_object($group_id); - if ($project->usesService('hudson')) { - $user = UserManager::instance()->getCurrentUser(); - if (forge_check_perm('plugin_hudson_read', $group_id, 'read')) { - switch($request->get('action')) { + $group_id = getFilteredIntFromRequest('group_id', '\d'); + $project = group_get_object($group_id); + if ($project->usesService('hudson')) { + $user = session_get_user(); + if (forge_check_perm('plugin_hudson_read', $group_id, 'read')) { + $action = getStringFromRequest('action'); + switch($action) { case 'add_job': if ($user->isMember($group_id, 'A')) { - if ( $request->exist('hudson_job_url') && trim($request->get('hudson_job_url') != '') ) { + if (existInRequest('hudson_job_url') && (getStringFromRequest('hudson_job_url') != '')) { $this->action = 'addJob'; } else { $error_msg .= _('Missing Hudson job url (eg: http://myCIserver:8080/hudson/job/MyJob)'); @@ -68,7 +65,7 @@ class hudson extends Controler { break; case 'edit_job': if ($user->isMember($group_id,'A')) { - if ($request->exist('job_id')) { + if (existInRequest('job_id')) { $this->view = 'editJob'; } else { $error_msg .= _('Missing Hudson job ID'); @@ -80,8 +77,8 @@ class hudson extends Controler { break; case 'update_job': if ($user->isMember($group_id, 'A')) { - if ($request->exist('job_id')) { - if ($request->exist('new_hudson_job_url') && $request->get('new_hudson_job_url') != '') { + if (existInRequest('job_id')) { + if (existInRequest('new_hudson_job_url') && (getStringFromRequest('new_hudson_job_url') != '')) { $this->action = 'updateJob'; } else { $error_msg .= _('Missing Hudson job url (eg: http://myCIserver:8080/hudson/job/MyJob)'); @@ -97,7 +94,7 @@ class hudson extends Controler { break; case 'delete_job': if ($user->isMember($group_id, 'A')) { - if ($request->exist('job_id')) { + if (existInRequest('job_id')) { $this->action = 'deleteJob'; } else { $error_msg .= _('Missing Hudson job ID'); diff --git a/src/plugins/hudson/include/hudson_Widget_MyMonitoredJobs.class.php b/src/plugins/hudson/include/hudson_Widget_MyMonitoredJobs.class.php index 8d5194d..e67775f 100644 --- a/src/plugins/hudson/include/hudson_Widget_MyMonitoredJobs.class.php +++ b/src/plugins/hudson/include/hudson_Widget_MyMonitoredJobs.class.php @@ -38,7 +38,7 @@ class hudson_Widget_MyMonitoredJobs extends HudsonOverviewWidget { function __construct($plugin) { parent::__construct('plugin_hudson_my_jobs'); $this->plugin = $plugin; - $user=UserManager::instance()->getCurrentUser(); + $user = session_get_user(); $this->_not_monitored_jobs = $user->getPreference('plugin_hudson_my_not_monitored_jobs'); if ($this->_not_monitored_jobs === false) { $this->_not_monitored_jobs = array(); @@ -105,10 +105,9 @@ class hudson_Widget_MyMonitoredJobs extends HudsonOverviewWidget { } function updatePreferences(&$request) { - $request->valid(new Valid_String('cancel')); - if (!$request->exist('cancel')) { + if (existInRequest('cancel')) { $monitored_jobs = $request->get('myhudsonjobs'); - $user = UserManager::instance()->getCurrentUser(); + $user = session_get_user(); $job_dao = new PluginHudsonJobDao(CodendiDataAccess::instance()); $dar = $job_dao->searchByUserID($user->getId()); $not_monitored_jobs = array(); @@ -137,7 +136,7 @@ class hudson_Widget_MyMonitoredJobs extends HudsonOverviewWidget { $prefs = ''; // Monitored jobs $prefs .= '<strong>'._("Monitored jobs:").'</strong><br />'; - $user = UserManager::instance()->getCurrentUser(); + $user = session_get_user(); $job_dao = new PluginHudsonJobDao(CodendiDataAccess::instance()); $dar = $job_dao->searchByUserID($user->getId()); while ($dar->valid()) { @@ -201,7 +200,7 @@ class hudson_Widget_MyMonitoredJobs extends HudsonOverviewWidget { } function _getMonitoredJobsByUser() { - $user = UserManager::instance()->getCurrentUser(); + $user = session_get_user(); $job_dao = new PluginHudsonJobDao(CodendiDataAccess::instance()); $dar = $job_dao->searchByUserID($user->getId()); $monitored_jobs = array(); diff --git a/src/plugins/hudson/include/hudson_Widget_ProjectJobsOverview.class.php b/src/plugins/hudson/include/hudson_Widget_ProjectJobsOverview.class.php index c2c799d..8c9c052 100644 --- a/src/plugins/hudson/include/hudson_Widget_ProjectJobsOverview.class.php +++ b/src/plugins/hudson/include/hudson_Widget_ProjectJobsOverview.class.php @@ -1,7 +1,7 @@ <?php /** * Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights reserved - * Copyright 2014,2016,2019, Franck Villaume - TrivialDev + * Copyright 2014,2016,2019,2021, Franck Villaume - TrivialDev * * This file is a part of Fusionforge. * @@ -39,8 +39,7 @@ class hudson_Widget_ProjectJobsOverview extends HudsonOverviewWidget { parent::__construct('plugin_hudson_project_jobsoverview'); $this->plugin = $plugin; - $request =& HTTPRequest::instance(); - $this->group_id = $request->get('group_id'); + $this->group_id = getIntFromRequest('group_id'); if ($this->_use_global_status === true) { $this->_all_status = array( ----------------------------------------------------------------------- Summary of changes: src/common/include/escapingUtils.php | 17 +++++++++++++ .../common/blocks_Widget_HomeSummary.class.php | 26 ++++++------------- .../common/blocks_Widget_ProjectSummary.class.php | 25 ++++++------------- .../hudson/include/HudsonJobWidget.class.php | 18 ++++++-------- src/plugins/hudson/include/hudson.class.php | 29 ++++++++++------------ .../hudson_Widget_MyMonitoredJobs.class.php | 11 ++++---- .../hudson_Widget_ProjectJobsOverview.class.php | 5 ++-- 7 files changed, 60 insertions(+), 71 deletions(-) hooks/post-receive -- FusionForge _______________________________________________ Fusionforge-commits mailing list Fusionforge-commits@lists.fusionforge.org http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits