mirror of
https://github.com/f-droid/fdroidserver.git
synced 2025-11-05 06:50:29 +03:00
Centralise and improve query input validation
This commit is contained in:
Ciaran Gultnieks
parent
63a0e859ff
commit
85de75e345
1 changed files with 134 additions and 120 deletions
|
|
@ -10,7 +10,7 @@ Author URI: http://ciarang.com
|
|||
Revision history
|
||||
0.01 - 2010-12-04: Initial development version
|
||||
|
||||
*/
|
||||
*/
|
||||
|
||||
include('android-permissions.php');
|
||||
|
||||
|
|
@ -79,26 +79,40 @@ class FDroid
|
|||
}
|
||||
}
|
||||
|
||||
// Santiy check query vars
|
||||
// Sanity check and standardise all query variables...
|
||||
if(!isset($query_vars['fdpage']) || !is_numeric($query_vars['fdpage']) || $query_vars['fdpage'] <= 0) {
|
||||
$query_vars['fdpage'] = 1;
|
||||
} else {
|
||||
$query_vars['fdpage'] = strval(intval($query_vars['fdpage']));
|
||||
}
|
||||
if(isset($query_vars['fdstyle']) && ($query_vars['fdstyle'] != 'list' && $query_vars['fdstyle'] != 'grid')) {
|
||||
$query_vars['fdstyle'] = 'list';
|
||||
}
|
||||
if(isset($query_vars['fdcategory'])) {
|
||||
if($query_vars['fdcategory'] == 'All categories') {
|
||||
unset($query_vars['fdcategory']);
|
||||
} else {
|
||||
$query_vars['fdcategory'] = sanitize_text_field($query_vars['fdcategory']);
|
||||
}
|
||||
}
|
||||
if(isset($query_vars['fdfilter'])) {
|
||||
$query_vars['fdfilter'] = sanitize_text_field($query_vars['fdfilter']);
|
||||
} else {
|
||||
if(isset($attribs['search'])) {
|
||||
$query_vars['fdfilter'] = '';
|
||||
}
|
||||
}
|
||||
if(isset($query_vars['fdid'])) {
|
||||
$query_vars['fdid'] = sanitize_text_field($query_vars['fdid']);
|
||||
}
|
||||
|
||||
$out = '';
|
||||
|
||||
if(isset($attribs['search']) && $query_vars['fdfilter']===null) {
|
||||
$query_vars['fdfilter'] = '';
|
||||
}
|
||||
|
||||
if($query_vars['fdcategory'] == 'All categories') {
|
||||
unset($query_vars['fdcategory']);
|
||||
}
|
||||
|
||||
if($query_vars['fdid']!==null) {
|
||||
$out.=$this->get_app($query_vars);
|
||||
} else {
|
||||
$out.='<form name="searchform" action="" method="get">';
|
||||
$out.='<p><input name="fdfilter" type="text" value="'.sanitize_text_field($query_vars['fdfilter']).'" size="30"> ';
|
||||
$out.='<p><input name="fdfilter" type="text" value="'.$query_vars['fdfilter'].'" size="30"> ';
|
||||
$out.='<input type="hidden" name="fdpage" value="1">';
|
||||
$out.='<input type="submit" value="Search"></p>';
|
||||
$out.=$this->makeformdata($query_vars);
|
||||
|
|
@ -184,10 +198,10 @@ class FDroid
|
|||
case "web":
|
||||
$web=$el;
|
||||
break;
|
||||
case "antifeatures";
|
||||
case "antifeatures":
|
||||
$antifeatures=$el;
|
||||
break;
|
||||
case "requirements";
|
||||
case "requirements":
|
||||
$requirements=$el;
|
||||
break;
|
||||
case "package":
|
||||
|
|
@ -551,7 +565,7 @@ class FDroid
|
|||
$out.='</form>'."\n";
|
||||
}
|
||||
else {
|
||||
$out.='Applications matching "'.sanitize_text_field($query_vars['fdfilter']).'"';
|
||||
$out.='Applications matching "'.$query_vars['fdfilter'].'"';
|
||||
}
|
||||
$out.="</div>";
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue