diff --git a/resources/lib/UnityHTTPD.php b/resources/lib/UnityHTTPD.php index 7a43f87ed..8350b38f2 100644 --- a/resources/lib/UnityHTTPD.php +++ b/resources/lib/UnityHTTPD.php @@ -226,27 +226,6 @@ public static function errorHandler(int $severity, string $message, string $file return false; } - public static function getPostData(string $key): string - { - if (!array_key_exists($key, $_POST)) { - self::badRequest("\$_POST has no array key '$key'"); - } - return $_POST[$key]; - } - - /* returns null if not found and not $die_if_not_found */ - public static function getQueryParameter(string $key, bool $die_if_not_found = true): ?string - { - if (!array_key_exists($key, $_GET)) { - if ($die_if_not_found) { - self::badRequest("\$_GET has no array key '$key'"); - } else { - return null; - } - } - return $_GET[$key]; - } - public static function getUploadedFileContents( string $filename, bool $do_delete_tmpfile_after_read = true, @@ -382,8 +361,7 @@ public static function deleteMessage(UnityHTTPDMessageLevel $level, string $titl public static function validatePostCSRFToken(): void { - $token = self::getPostData("csrf_token"); - if (!CSRFToken::validate($token)) { + if (!CSRFToken::validate($_POST["csrf_token"])) { $errorid = uniqid(); self::errorLog("csrf failed to validate", "", errorid: $errorid); self::messageError( diff --git a/webroot/admin/ajax/get_group_members.php b/webroot/admin/ajax/get_group_members.php index f16cfab4d..7e1ea6f9c 100644 --- a/webroot/admin/ajax/get_group_members.php +++ b/webroot/admin/ajax/get_group_members.php @@ -10,8 +10,7 @@ UnityHTTPD::forbidden("not an admin", "You are not an admin."); } -$gid = UnityHTTPD::getQueryParameter("gid"); -$group = new UnityGroup($gid, $LDAP, $SQL, $MAILER, $WEBHOOK); +$group = new UnityGroup($_GET["gid"], $LDAP, $SQL, $MAILER, $WEBHOOK); $members = $group->getGroupMembersAttributes(["gecos", "mail"]); $requests = $group->getRequests(); diff --git a/webroot/admin/ajax/get_page_contents.php b/webroot/admin/ajax/get_page_contents.php index f87e58bf8..a946a27b2 100644 --- a/webroot/admin/ajax/get_page_contents.php +++ b/webroot/admin/ajax/get_page_contents.php @@ -9,7 +9,6 @@ UnityHTTPD::forbidden("not an admin", "You are not an admin."); } -$pageid = UnityHTTPD::getQueryParameter("pageid"); -$page = $SQL->getPage($pageid); +$page = $SQL->getPage($_GET["pageid"]); header('Content-Type: application/json; charset=utf-8'); echo jsonEncode(["content" => $page["content"]]); diff --git a/webroot/admin/pi-mgmt.php b/webroot/admin/pi-mgmt.php index 9fee7ebd9..ae3a91b9a 100644 --- a/webroot/admin/pi-mgmt.php +++ b/webroot/admin/pi-mgmt.php @@ -12,16 +12,11 @@ UnityHTTPD::forbidden("not an admin", "You are not an admin."); } -$getUserFromPost = function () { - global $LDAP, $SQL, $MAILER, $WEBHOOK; - return new UnityUser(UnityHTTPD::getPostData("uid"), $LDAP, $SQL, $MAILER, $WEBHOOK); -}; - if ($_SERVER["REQUEST_METHOD"] == "POST") { UnityHTTPD::validatePostCSRFToken(); switch ($_POST["form_type"]) { case "req": - $form_user = $getUserFromPost(); + $form_user = new UnityUser($_POST["uid"], $LDAP, $SQL, $MAILER, $WEBHOOK); if ($_POST["action"] == "Approve") { $group = $form_user->getPIGroup(); $group->approveGroup(); @@ -31,7 +26,7 @@ } break; case "reqChild": - $form_user = $getUserFromPost(); + $form_user = new UnityUser($_POST["uid"], $LDAP, $SQL, $MAILER, $WEBHOOK); $parent_group = new UnityGroup($_POST["pi"], $LDAP, $SQL, $MAILER, $WEBHOOK); if ($_POST["action"] == "Approve") { $parent_group->approveUser($form_user); @@ -40,7 +35,7 @@ } break; case "remUserChild": - $form_user = $getUserFromPost(); + $form_user = new UnityUser($_POST["uid"], $LDAP, $SQL, $MAILER, $WEBHOOK); $parent = new UnityGroup($_POST["pi"], $LDAP, $SQL, $MAILER, $WEBHOOK); $parent->removeUser($form_user); break; diff --git a/webroot/api/content/index.php b/webroot/api/content/index.php index 7f5715544..2dad06795 100644 --- a/webroot/api/content/index.php +++ b/webroot/api/content/index.php @@ -6,6 +6,6 @@ require_once __DIR__ . "/../../../resources/autoload.php"; -$CHAR_WRAP = digits2int(UnityHTTPD::getQueryParameter("line_wrap", false) ?? "80"); -$content_name = UnityHTTPD::getQueryParameter("content_name"); +$CHAR_WRAP = digits2int($_GET["line_wrap"] ?? "80"); +$content_name = $_GET["content_name"]; echo $SQL->getPage($content_name)["content"]; diff --git a/webroot/js/ajax/ssh_generate.php b/webroot/js/ajax/ssh_generate.php index be99c0a2a..c0b3a8895 100644 --- a/webroot/js/ajax/ssh_generate.php +++ b/webroot/js/ajax/ssh_generate.php @@ -8,7 +8,7 @@ $private = EC::createKey('Ed25519'); $public = $private->getPublicKey(); $public_str = $public->toString('OpenSSH'); -if (UnityHTTPD::getQueryParameter("type", false) == "ppk") { +if (($_GET["type"] ?? null) == "ppk") { $private_str = $private->toString('PuTTY'); } else { $private_str = $private->toString('OpenSSH'); diff --git a/webroot/js/ajax/ssh_validate.php b/webroot/js/ajax/ssh_validate.php index 232fc9b02..ccf2ebdd0 100644 --- a/webroot/js/ajax/ssh_validate.php +++ b/webroot/js/ajax/ssh_validate.php @@ -7,4 +7,4 @@ use UnityWebPortal\lib\UnityHTTPD; header('Content-Type: application/json; charset=utf-8'); -echo jsonEncode(["is_valid" => testValidSSHKey(UnityHTTPD::getPostData("key"))]); +echo jsonEncode(["is_valid" => testValidSSHKey($_POST["key"])]); diff --git a/webroot/panel/account.php b/webroot/panel/account.php index 8889621e6..ce465d2ce 100644 --- a/webroot/panel/account.php +++ b/webroot/panel/account.php @@ -12,12 +12,12 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { UnityHTTPD::validatePostCSRFToken(); - switch (UnityHTTPD::getPostData("form_type")) { + switch ($_POST["form_type"]) { case "addKey": $keys = array(); - switch (UnityHTTPD::getPostData("add_type")) { + switch ($_POST["add_type"]) { case "paste": - array_push($keys, UnityHTTPD::getPostData("key")); + array_push($keys, $_POST["key"]); break; case "import": try { @@ -28,10 +28,10 @@ array_push($keys, $key); break; case "generate": - array_push($keys, UnityHTTPD::getPostData("gen_key")); + array_push($keys, $_POST["gen_key"]); break; case "github": - $githubUsername = UnityHTTPD::getPostData("gh_user"); + $githubUsername = $_POST["gh_user"]; $githubKeys = $GITHUB->getSshPublicKeys($githubUsername); $keys = array_merge($keys, $githubKeys); break; @@ -53,7 +53,7 @@ break; case "delKey": $keys = $USER->getSSHKeys(); - $index = digits2int(UnityHTTPD::getPostData("delIndex")); + $index = digits2int($_POST["delIndex"]); if ($index >= count($keys)) { break; } diff --git a/webroot/panel/ajax/delete_message.php b/webroot/panel/ajax/delete_message.php index 5a9df2534..6fcdad437 100644 --- a/webroot/panel/ajax/delete_message.php +++ b/webroot/panel/ajax/delete_message.php @@ -5,8 +5,8 @@ use UnityWebPortal\lib\UnityHTTPD; use UnityWebPortal\lib\UnityHTTPDMessageLevel; -$level_str = base64_decode(UnityHTTPD::getPostData("level")); +$level_str = base64_decode($_POST["level"]); $level = UnityHTTPDMessageLevel::from($level_str); -$title = base64_decode(UnityHTTPD::getPostData("title")); -$body = base64_decode(UnityHTTPD::getPostData("body")); +$title = base64_decode($_POST["title"]); +$body = base64_decode($_POST["body"]); UnityHTTPD::deleteMessage($level, $title, $body); diff --git a/webroot/panel/ajax/get_group_members.php b/webroot/panel/ajax/get_group_members.php index f2d24c471..ca3fe31e8 100644 --- a/webroot/panel/ajax/get_group_members.php +++ b/webroot/panel/ajax/get_group_members.php @@ -6,8 +6,7 @@ use UnityWebPortal\lib\UnityHTTPD; -$gid = UnityHTTPD::getQueryParameter("gid"); -$group = new UnityGroup($gid, $LDAP, $SQL, $MAILER, $WEBHOOK); +$group = new UnityGroup($_GET["gid"], $LDAP, $SQL, $MAILER, $WEBHOOK); if (!$group->memberUIDExists($USER->uid)) { UnityHTTPD::forbidden("not a group member", "You are not a member of this group."); } diff --git a/webroot/panel/groups.php b/webroot/panel/groups.php index 73cf95e2e..a4710441d 100644 --- a/webroot/panel/groups.php +++ b/webroot/panel/groups.php @@ -8,7 +8,7 @@ $getPIGroupFromPost = function () { global $LDAP, $SQL, $MAILER, $WEBHOOK; - $gid_or_mail = UnityHTTPD::getPostData("pi"); + $gid_or_mail = $_POST["pi"]; if (substr($gid_or_mail, 0, 3) !== "pi_" && str_contains($gid_or_mail, "@")) { try { $gid_or_mail = UnityGroup::ownerMail2GID($gid_or_mail); diff --git a/webroot/panel/modal/pi_search.php b/webroot/panel/modal/pi_search.php index 9f71698cc..c2f5332ce 100644 --- a/webroot/panel/modal/pi_search.php +++ b/webroot/panel/modal/pi_search.php @@ -4,7 +4,7 @@ use UnityWebPortal\lib\UnityHTTPD; -$search_query = UnityHTTPD::getQueryParameter("search"); +$search_query = $_GET["search"]; if (empty($search_query)) { echo "No Results"; UnityHTTPD::die(); diff --git a/webroot/panel/pi.php b/webroot/panel/pi.php index 6ac080cb8..61540cd72 100644 --- a/webroot/panel/pi.php +++ b/webroot/panel/pi.php @@ -11,16 +11,12 @@ UnityHTTPD::forbidden("not a PI", "You are not a PI."); } -$getUserFromPost = function () { - global $LDAP, $SQL, $MAILER, $WEBHOOK; - return new UnityUser(UnityHTTPD::getPostData("uid"), $LDAP, $SQL, $MAILER, $WEBHOOK); -}; if ($_SERVER["REQUEST_METHOD"] == "POST") { UnityHTTPD::validatePostCSRFToken(); switch ($_POST["form_type"]) { case "userReq": - $form_user = $getUserFromPost(); + $form_user = new UnityUser($_POST["uid"], $LDAP, $SQL, $MAILER, $WEBHOOK); if ($_POST["action"] == "Approve") { $group->approveUser($form_user); } elseif ($_POST["action"] == "Deny") { @@ -28,7 +24,7 @@ } break; case "remUser": - $form_user = $getUserFromPost(); + $form_user = new UnityUser($_POST["uid"], $LDAP, $SQL, $MAILER, $WEBHOOK); // remove user button clicked $group->removeUser($form_user);