mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-05 23:10:29 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Centralise and improve query input validation

Browse source
This commit is contained in:
Ciaran Gultnieks 2014-01-29 13:44:48 +00:00
parent 63a0e859ff
commit 85de75e345
1 changed files with 134 additions and 120 deletions
Download patch file Download diff file Expand all files Collapse all files

40
wp-fdroid/wp-fdroid.php
View file

@ -79,26 +79,40 @@ class FDroid
} }
} }
// Santiy check query vars // Sanity check and standardise all query variables...
if(!isset($query_vars['fdpage']) || !is_numeric($query_vars['fdpage']) || $query_vars['fdpage'] <= 0) { if(!isset($query_vars['fdpage']) || !is_numeric($query_vars['fdpage']) || $query_vars['fdpage'] <= 0) {
$query_vars['fdpage'] = 1; $query_vars['fdpage'] = 1;
} else {
$query_vars['fdpage'] = strval(intval($query_vars['fdpage']));
}
if(isset($query_vars['fdstyle']) && ($query_vars['fdstyle'] != 'list' && $query_vars['fdstyle'] != 'grid')) {
$query_vars['fdstyle'] = 'list';
}
if(isset($query_vars['fdcategory'])) {
if($query_vars['fdcategory'] == 'All categories') {
unset($query_vars['fdcategory']);
} else {
$query_vars['fdcategory'] = sanitize_text_field($query_vars['fdcategory']);
}
}
if(isset($query_vars['fdfilter'])) {
$query_vars['fdfilter'] = sanitize_text_field($query_vars['fdfilter']);
} else {
if(isset($attribs['search'])) {
$query_vars['fdfilter'] = '';
}
}
if(isset($query_vars['fdid'])) {
$query_vars['fdid'] = sanitize_text_field($query_vars['fdid']);
} }
$out = ''; $out = '';
if(isset($attribs['search']) && $query_vars['fdfilter']===null) {
$query_vars['fdfilter'] = '';
}
if($query_vars['fdcategory'] == 'All categories') {
unset($query_vars['fdcategory']);
}
if($query_vars['fdid']!==null) { if($query_vars['fdid']!==null) {
$out.=$this->get_app($query_vars); $out.=$this->get_app($query_vars);
} else { } else {
$out.='<form name="searchform" action="" method="get">'; $out.='<form name="searchform" action="" method="get">';
$out.='<p><input name="fdfilter" type="text" value="'.sanitize_text_field($query_vars['fdfilter']).'" size="30"> '; $out.='<p><input name="fdfilter" type="text" value="'.$query_vars['fdfilter'].'" size="30"> ';
$out.='<input type="hidden" name="fdpage" value="1">'; $out.='<input type="hidden" name="fdpage" value="1">';
$out.='<input type="submit" value="Search"></p>'; $out.='<input type="submit" value="Search"></p>';
$out.=$this->makeformdata($query_vars); $out.=$this->makeformdata($query_vars);
@ -184,10 +198,10 @@ class FDroid
case "web": case "web":
$web=$el; $web=$el;
break; break;
case "antifeatures"; case "antifeatures":
$antifeatures=$el; $antifeatures=$el;
break; break;
case "requirements"; case "requirements":
$requirements=$el; $requirements=$el;
break; break;
case "package": case "package":
@ -551,7 +565,7 @@ class FDroid
$out.='</form>'."\n"; $out.='</form>'."\n";
} }
else { else {
$out.='Applications matching "'.sanitize_text_field($query_vars['fdfilter']).'"'; $out.='Applications matching "'.$query_vars['fdfilter'].'"';
} }
$out.="</div>"; $out.="</div>";