From 5574eabfed9f36562cbd2de85298a0f7adaa34da Mon Sep 17 00:00:00 2001 From: Benjamin Dalsass Date: Wed, 18 May 2022 10:49:23 +0200 Subject: [PATCH 1/2] =?UTF-8?q?N=C2=B04899=20Adjust=20url=20sanitizer=20fo?= =?UTF-8?q?r=203.0=20compliance?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/utils.inc.php | 7 ++++++- pages/ajax.render.php | 12 ++++++------ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/application/utils.inc.php b/application/utils.inc.php index 1cc893884..958f47246 100644 --- a/application/utils.inc.php +++ b/application/utils.inc.php @@ -97,6 +97,11 @@ class utils * @since 3.0.0 */ public const ENUM_SANITIZATION_FILTER_RAW_DATA = 'raw_data'; + /** + * @var string + * @since 3.0.2, 3.1.0 N°4899 + */ + public const ENUM_SANITIZATION_FILTER_URL = 'url'; /** * @var string @@ -455,7 +460,7 @@ class utils break; // For URL - case 'url': + case static::ENUM_SANITIZATION_FILTER_URL: $retValue = filter_var($value, FILTER_SANITIZE_URL); break; diff --git a/pages/ajax.render.php b/pages/ajax.render.php index ed6c53786..4d46502ad 100644 --- a/pages/ajax.render.php +++ b/pages/ajax.render.php @@ -932,7 +932,7 @@ try $aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data'); $sDashboardFile = utils::ReadParam('file', '', false, 'raw_data'); - $sReloadURL = utils::ReadParam('reload_url', '', false, 'url'); + $sReloadURL = utils::ReadParam('reload_url', '', false, utils::ENUM_SANITIZATION_FILTER_URL); $oDashboard = RuntimeDashboard::GetDashboard($sDashboardFile, $sDashboardId); $aResult = array('error' => ''); if (!is_null($oDashboard)) @@ -950,7 +950,7 @@ try $sDashboardId = utils::ReadParam('dashboard_id', '', false, 'raw_data'); $aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data'); $sDashboardFile = utils::ReadParam('file', '', false, 'raw_data'); - $sReloadURL = utils::ReadParam('reload_url', '', false, 'url'); + $sReloadURL = utils::ReadParam('reload_url', '', false, utils::ENUM_SANITIZATION_FILTER_URL); $oDashboard = RuntimeDashboard::GetDashboard($sDashboardFile, $sDashboardId); $aResult = array('error' => ''); if (!is_null($oDashboard)) @@ -967,7 +967,7 @@ try $sDashboardId = utils::ReadParam('dashboard_id', '', false, 'context_param'); $aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data'); - $sReloadURL = utils::ReadParam('reload_url', '', false, 'url'); + $sReloadURL = utils::ReadParam('reload_url', '', false, utils::ENUM_SANITIZATION_FILTER_URL); appUserPreferences::SetPref('display_original_dashboard_'.$sDashboardId, false); $sJSExtraParams = json_encode($aExtraParams); $aParams = array(); @@ -1009,7 +1009,7 @@ JS case 'revert_dashboard': $sDashboardId = utils::ReadParam('dashboard_id', '', false, 'raw_data'); - $sReloadURL = utils::ReadParam('reload_url', '', false, 'url'); + $sReloadURL = utils::ReadParam('reload_url', '', false, utils::ENUM_SANITIZATION_FILTER_URL); appUserPreferences::UnsetPref('display_original_dashboard_'.$sDashboardId); $oDashboard = new RuntimeDashboard($sDashboardId); $oDashboard->Revert(); @@ -1039,7 +1039,7 @@ EOF $aParams['cells'] = utils::ReadParam('cells', array(), false, 'raw_data'); $aParams['auto_reload'] = utils::ReadParam('auto_reload', false); $aParams['auto_reload_sec'] = utils::ReadParam('auto_reload_sec', 300); - $sReloadURL = utils::ReadParam('reload_url', '', false, 'url'); + $sReloadURL = utils::ReadParam('reload_url', '', false, utils::ENUM_SANITIZATION_FILTER_URL); $oDashboard = new RuntimeDashboard($sDashboardId); $oDashboard->FromParams($aParams); $oDashboard->SetReloadURL($sReloadURL); @@ -1051,7 +1051,7 @@ EOF $aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data'); $aExtraParams['dashboard_div_id'] = utils::Sanitize($sId, '', 'element_identifier'); $sDashboardFile = utils::ReadParam('file', '', false, 'string'); - $sReloadURL = utils::ReadParam('reload_url', '', false, 'url'); + $sReloadURL = utils::ReadParam('reload_url', '', false, utils::ENUM_SANITIZATION_FILTER_URL); $oDashboard = RuntimeDashboard::GetDashboardToEdit($sDashboardFile, $sId); if (!is_null($oDashboard)) { if (!empty($sReloadURL)) { From d3fb08ba815acac2480cc3d625d1e25ca502dff0 Mon Sep 17 00:00:00 2001 From: Molkobain Date: Wed, 18 May 2022 18:32:40 +0200 Subject: [PATCH 2/2] PHP 8.1: Replace strlen() usages with utils::StrLen() for compatibility --- core/ormStyle.class.inc.php | 24 +++++++++---------- .../Base/Component/Input/InputWithLabel.php | 3 ++- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/core/ormStyle.class.inc.php b/core/ormStyle.class.inc.php index e7c62a0ea..8f3b02abf 100644 --- a/core/ormStyle.class.inc.php +++ b/core/ormStyle.class.inc.php @@ -50,7 +50,7 @@ class ormStyle */ public function HasMainColor(): bool { - return strlen($this->sMainColor) > 0; + return utils::StrLen($this->sMainColor) > 0; } /** @@ -68,7 +68,7 @@ class ormStyle */ public function SetMainColor(?string $sMainColor) { - $this->sMainColor = (strlen($sMainColor) === 0) ? null : $sMainColor; + $this->sMainColor = (utils::StrLen($sMainColor) === 0) ? null : $sMainColor; return $this; } @@ -78,7 +78,7 @@ class ormStyle */ public function HasComplementaryColor(): bool { - return strlen($this->sComplementaryColor) > 0; + return utils::StrLen($this->sComplementaryColor) > 0; } /** @@ -96,7 +96,7 @@ class ormStyle */ public function SetComplementaryColor(?string $sComplementaryColor) { - $this->sComplementaryColor = (strlen($sComplementaryColor) === 0) ? null : $sComplementaryColor; + $this->sComplementaryColor = (utils::StrLen($sComplementaryColor) === 0) ? null : $sComplementaryColor; return $this; } @@ -116,7 +116,7 @@ class ormStyle */ public function HasStyleClass(): bool { - return strlen($this->sStyleClass) > 0; + return utils::StrLen($this->sStyleClass) > 0; } /** @@ -134,7 +134,7 @@ class ormStyle */ public function SetStyleClass(?string $sStyleClass) { - $this->sStyleClass = (strlen($sStyleClass) === 0) ? null : $sStyleClass; + $this->sStyleClass = (utils::StrLen($sStyleClass) === 0) ? null : $sStyleClass; return $this; } @@ -144,7 +144,7 @@ class ormStyle */ public function HasAltStyleClass(): bool { - return strlen($this->sAltStyleClass) > 0; + return utils::StrLen($this->sAltStyleClass) > 0; } /** @@ -162,7 +162,7 @@ class ormStyle */ public function SetAltStyleClass(?string $sAltStyleClass) { - $this->sAltStyleClass = (strlen($sAltStyleClass) === 0) ? null : $sAltStyleClass; + $this->sAltStyleClass = (utils::StrLen($sAltStyleClass) === 0) ? null : $sAltStyleClass; return $this; } @@ -172,7 +172,7 @@ class ormStyle */ public function HasDecorationClasses(): bool { - return strlen($this->sDecorationClasses) > 0; + return utils::StrLen($this->sDecorationClasses) > 0; } /** @@ -190,7 +190,7 @@ class ormStyle */ public function SetDecorationClasses(?string $sDecorationClasses) { - $this->sDecorationClasses = (strlen($sDecorationClasses) === 0) ? null : $sDecorationClasses; + $this->sDecorationClasses = (utils::StrLen($sDecorationClasses) === 0) ? null : $sDecorationClasses; return $this; } @@ -200,7 +200,7 @@ class ormStyle */ public function HasIcon(): bool { - return strlen($this->sIcon) > 0; + return utils::StrLen($this->sIcon) > 0; } /** @@ -210,7 +210,7 @@ class ormStyle */ public function SetIcon(?string $sIcon) { - $this->sIcon = (strlen($sIcon) === 0) ? null : $sIcon; + $this->sIcon = (utils::StrLen($sIcon) === 0) ? null : $sIcon; return $this; } diff --git a/sources/application/UI/Base/Component/Input/InputWithLabel.php b/sources/application/UI/Base/Component/Input/InputWithLabel.php index 325d15275..b7ce8f4d9 100644 --- a/sources/application/UI/Base/Component/Input/InputWithLabel.php +++ b/sources/application/UI/Base/Component/Input/InputWithLabel.php @@ -9,6 +9,7 @@ namespace Combodo\iTop\Application\UI\Base\Component\Input; use Combodo\iTop\Application\UI\Base\UIBlock; +use utils; /** * You might want to use a {@link \Combodo\iTop\Application\UI\Base\Component\Field\Field} component instead... @@ -134,7 +135,7 @@ class InputWithLabel extends UIBlock */ public function HasDescription(): bool { - return strlen($this->sDescription) > 0; + return utils::StrLen($this->sDescription) > 0; } } \ No newline at end of file