diff --git a/resources/lib/UnityHTTPD.php b/resources/lib/UnityHTTPD.php index 7a43f87ed..832d584e5 100644 --- a/resources/lib/UnityHTTPD.php +++ b/resources/lib/UnityHTTPD.php @@ -226,6 +226,7 @@ public static function errorHandler(int $severity, string $message, string $file return false; } + /* if key is not found, dies */ public static function getPostData(string $key): string { if (!array_key_exists($key, $_POST)) { @@ -234,19 +235,25 @@ public static function getPostData(string $key): string return $_POST[$key]; } - /* returns null if not found and not $die_if_not_found */ - public static function getQueryParameter(string $key, bool $die_if_not_found = true): ?string + public static function getOptionalPostData(string $key): ?string + { + return @$_POST[$key]; + } + + /* if key is not found, dies */ + public static function getQueryParameter(string $key): string { if (!array_key_exists($key, $_GET)) { - if ($die_if_not_found) { - self::badRequest("\$_GET has no array key '$key'"); - } else { - return null; - } + self::badRequest("\$_GET has no array key '$key'"); } return $_GET[$key]; } + public static function getOptionalQueryParameter(string $key): ?string + { + return @$_GET[$key]; + } + public static function getUploadedFileContents( string $filename, bool $do_delete_tmpfile_after_read = true, diff --git a/resources/templates/header.php b/resources/templates/header.php index c91c0ff06..a7f69a860 100644 --- a/resources/templates/header.php +++ b/resources/templates/header.php @@ -7,7 +7,7 @@ // UnityHTTPD::validatePostCSRFToken(); if ( ($_SESSION["is_admin"] ?? false) == true - && ($_POST["form_type"] ?? null) == "clearView" + && UnityHTTPD::getOptionalPostData("form_type") == "clearView" ) { unset($_SESSION["viewUser"]); UnityHTTPD::redirect(getURL("admin/user-mgmt.php")); diff --git a/webroot/admin/content.php b/webroot/admin/content.php index 3f6b6e308..7b595a903 100644 --- a/webroot/admin/content.php +++ b/webroot/admin/content.php @@ -11,8 +11,11 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { UnityHTTPD::validatePostCSRFToken(); - if (!empty($_POST["pageSel"])) { - $SQL->editPage($_POST["pageSel"], $_POST["content"]); + if (array_key_exists("pageSel", $_POST)) { + $SQL->editPage( + UnityHTTPD::getPostData("pageSel"), + UnityHTTPD::getPostData("content"), + ); } } diff --git a/webroot/admin/notices.php b/webroot/admin/notices.php index 74a5a7a73..e0412453e 100644 --- a/webroot/admin/notices.php +++ b/webroot/admin/notices.php @@ -11,18 +11,24 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { UnityHTTPD::validatePostCSRFToken(); - switch ($_POST["form_type"]) { + switch (UnityHTTPD::getPostData("form_type")) { case "newNotice": - $SQL->addNotice($_POST["title"], $_POST["date"], $_POST["content"]); - + $SQL->addNotice( + UnityHTTPD::getPostData("title"), + UnityHTTPD::getPostData("date"), + UnityHTTPD::getPostData("content"), + ); break; case "editNotice": - $SQL->editNotice($_POST["id"], $_POST["title"], $_POST["date"], $_POST["content"]); - + $SQL->editNotice( + UnityHTTPD::getPostData("id"), + UnityHTTPD::getPostData("title"), + UnityHTTPD::getPostData("date"), + UnityHTTPD::getPostData("content") + ); break; case "delNotice": - $SQL->deleteNotice($_POST["id"]); - + $SQL->deleteNotice(UnityHTTPD::getPostData("id")); break; } } diff --git a/webroot/admin/pi-mgmt.php b/webroot/admin/pi-mgmt.php index 9fee7ebd9..3ae35a695 100644 --- a/webroot/admin/pi-mgmt.php +++ b/webroot/admin/pi-mgmt.php @@ -17,31 +17,36 @@ return new UnityUser(UnityHTTPD::getPostData("uid"), $LDAP, $SQL, $MAILER, $WEBHOOK); }; +$getPIGroupFromPost = function () { + global $LDAP, $SQL, $MAILER, $WEBHOOK; + return new UnityGroup(UnityHTTPD::getPostData("pi"), $LDAP, $SQL, $MAILER, $WEBHOOK); +}; + if ($_SERVER["REQUEST_METHOD"] == "POST") { UnityHTTPD::validatePostCSRFToken(); - switch ($_POST["form_type"]) { + switch (UnityHTTPD::getPostData("form_type")) { case "req": $form_user = $getUserFromPost(); - if ($_POST["action"] == "Approve") { + if (UnityHTTPD::getPostData("action") == "Approve") { $group = $form_user->getPIGroup(); $group->approveGroup(); - } elseif ($_POST["action"] == "Deny") { + } elseif (UnityHTTPD::getPostData("action") == "Deny") { $group = $form_user->getPIGroup(); $group->denyGroup(); } break; case "reqChild": $form_user = $getUserFromPost(); - $parent_group = new UnityGroup($_POST["pi"], $LDAP, $SQL, $MAILER, $WEBHOOK); - if ($_POST["action"] == "Approve") { + $parent_group = $getPIGroupFromPost(); + if (UnityHTTPD::getPostData("action") == "Approve") { $parent_group->approveUser($form_user); - } elseif ($_POST["action"] == "Deny") { + } elseif (UnityHTTPD::getPostData("action") == "Deny") { $parent_group->denyUser($form_user); } break; case "remUserChild": $form_user = $getUserFromPost(); - $parent = new UnityGroup($_POST["pi"], $LDAP, $SQL, $MAILER, $WEBHOOK); + $parent = $getPIGroupFromPost(); $parent->removeUser($form_user); break; } diff --git a/webroot/admin/user-mgmt.php b/webroot/admin/user-mgmt.php index fb7b35cf9..8d0068d54 100644 --- a/webroot/admin/user-mgmt.php +++ b/webroot/admin/user-mgmt.php @@ -11,9 +11,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { UnityHTTPD::validatePostCSRFToken(); - switch ($_POST["form_type"]) { + switch (UnityHTTPD::getPostData("form_type")) { case "viewAsUser": - $_SESSION["viewUser"] = $_POST["uid"]; + $_SESSION["viewUser"] = UnityHTTPD::getPostData("uid"); UnityHTTPD::redirect(getURL("panel/account.php")); break; /** @phpstan-ignore deadCode.unreachable */ } diff --git a/webroot/api/content/index.php b/webroot/api/content/index.php index 7f5715544..801427d97 100644 --- a/webroot/api/content/index.php +++ b/webroot/api/content/index.php @@ -6,6 +6,6 @@ require_once __DIR__ . "/../../../resources/autoload.php"; -$CHAR_WRAP = digits2int(UnityHTTPD::getQueryParameter("line_wrap", false) ?? "80"); +$CHAR_WRAP = digits2int(UnityHTTPD::getOptionalQueryParameter("line_wrap") ?? "80"); $content_name = UnityHTTPD::getQueryParameter("content_name"); echo $SQL->getPage($content_name)["content"]; diff --git a/webroot/js/ajax/ssh_generate.php b/webroot/js/ajax/ssh_generate.php index be99c0a2a..44561d5c3 100644 --- a/webroot/js/ajax/ssh_generate.php +++ b/webroot/js/ajax/ssh_generate.php @@ -8,7 +8,7 @@ $private = EC::createKey('Ed25519'); $public = $private->getPublicKey(); $public_str = $public->toString('OpenSSH'); -if (UnityHTTPD::getQueryParameter("type", false) == "ppk") { +if (UnityHTTPD::getOptionalQueryParameter("type") == "ppk") { $private_str = $private->toString('PuTTY'); } else { $private_str = $private->toString('OpenSSH'); diff --git a/webroot/panel/account.php b/webroot/panel/account.php index 8889621e6..6c5922ec1 100644 --- a/webroot/panel/account.php +++ b/webroot/panel/account.php @@ -63,7 +63,7 @@ $USER->setSSHKeys($keys); break; case "loginshell": - $USER->setLoginShell($_POST["shellSelect"]); + $USER->setLoginShell(UnityHTTPD::getPostData("shellSelect")); break; case "pi_request": if ($USER->isPI()) { @@ -72,7 +72,7 @@ if ($SQL->requestExists($USER->uid, UnitySQL::REQUEST_BECOME_PI)) { UnityHTTPD::badRequest("already requested to be PI"); } - if ($_POST["tos"] != "agree") { + if (UnityHTTPD::getPostData("tos") != "agree") { UnityHTTPD::badRequest("user did not agree to terms of service"); } $USER->getPIGroup()->requestGroup($SEND_PIMESG_TO_ADMINS); diff --git a/webroot/panel/groups.php b/webroot/panel/groups.php index 73cf95e2e..016802d26 100644 --- a/webroot/panel/groups.php +++ b/webroot/panel/groups.php @@ -27,10 +27,10 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { UnityHTTPD::validatePostCSRFToken(); if (isset($_POST["form_type"])) { - switch ($_POST["form_type"]) { + switch (UnityHTTPD::getPostData("form_type")) { case "addPIform": $pi_account = $getPIGroupFromPost(); - if ($_POST["tos"] != "agree") { + if (UnityHTTPD::getPostData("tos") != "agree") { UnityHTTPD::badRequest("user did not agree to terms of service"); } if ($pi_account->exists()) { diff --git a/webroot/panel/pi.php b/webroot/panel/pi.php index 6ac080cb8..c8d75e908 100644 --- a/webroot/panel/pi.php +++ b/webroot/panel/pi.php @@ -18,12 +18,12 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { UnityHTTPD::validatePostCSRFToken(); - switch ($_POST["form_type"]) { + switch (UnityHTTPD::getPostData("form_type")) { case "userReq": $form_user = $getUserFromPost(); - if ($_POST["action"] == "Approve") { + if (UnityHTTPD::getPostData("action") == "Approve") { $group->approveUser($form_user); - } elseif ($_POST["action"] == "Deny") { + } elseif (UnityHTTPD::getPostData("action") == "Deny") { $group->denyUser($form_user); } break;