Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Querystring.php #431

Merged
merged 14 commits into from Jun 21, 2013
Merged

Querystring.php #431

merged 14 commits into from Jun 21, 2013

Conversation

norv
Copy link
Contributor

@norv norv commented May 20, 2013

Please review this PR, any comment (and in particular grumble!) are welcome.
It makes few, but quite relevant changes:

  • adds Request class for the request (which QueryString should kinda be!) and refactors cleanRequest() to use its methods. Splits general cleanup (cleanRequest()) from cleaning and initialization of widely used variables (Request, parseRequest()) and from set up of server variables needed (constructor of Request)
  • move a number of functions from QueryString.php to Util class, such as urldecode_recursive() in Util class. They were most unused in the code, but they might be good to have as utility functions. Updated them to no longer use $smcFunc.
  • Very relevant: security policy change: Elk no longer accepts PHP configurations where the (in)famous magic_quotes_gpc, or magic_quotes_sybase are on. If they are set, it dies with a message to the user: norv@224361d#L0R41
    They're deprecated in 5.3 and removed in 5.4. If you consider we should continue to handle these configurations, please do say. Ref: http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc.
  • Removed several $_SERVER variables usage through the code. Removed some custom ones, such as $_SERVER['BAN_CHECK_IP'], and also a few native ones. Their values are now cleaned, initialized and stored in a single place: by the Request object.

@joshuaadickerson
Copy link
Contributor

Great job. Querystring.php needed to be redesigned.

norv added 14 commits June 21, 2013 17:33
@norv
Security policy: reject magic_quotes configuration if enabled. Cleanu…
9dd00ae 
…p QueryString.php of magic quotes.

Signed-off-by: Norv <a.w.norv@gmail.com>
@norv
Move utility functions _recursive() to Util class. They aren't curren…
c485bee 
…tly used, but potentially useful...

Signed-off-by: Norv <a.w.norv@gmail.com>
@norv
htmlspecialchars() HTTP_USER_AGENT. (from Util.) This removes db enti…
cf9adf6 
…rely from QueryString.php..

Signed-off-by: Norv <a.w.norv@gmail.com>
@norv
Refactor $smcFunc['db_unescape_string'] -> $db->unescape_string() and…
f77b8bf 
… remove it from $smcFunc.

Signed-off-by: Norv <a.w.norv@gmail.com>
@norv
Move cleanRequest() up in the execution chain. (before loading the db)
7d8f18d 
Signed-off-by: Norv <a.w.norv@gmail.com>
@norv
Remove a custom $_SERVER['is_cli'] var
7320270 
Signed-off-by: Norv <a.w.norv@gmail.com>
@norv
Add Request class, for the request and its environment. It holds curr…
2478d9f 
…ently client/ban ips and user agent, will hold http scheme.

cleanRequest() uses it.

Signed-off-by: Norv <a.w.norv@gmail.com>
@norv
Remove $_SERVER['BAN_CHECK_IP'] -> ban_ip() method of Request
3123494 
Signed-off-by: Norv <a.w.norv@gmail.com>
@norv
Remove the last trace of $_SERVER['BAN_CHECK_IP'] which was for compa…
24a285c 
…tibility

Signed-off-by: Norv <a.w.norv@gmail.com>
@norv
Add parseRequest(), the method is part of request cleaning and makes …
0583ca5 
…sure board, topic, and other necessary vars are ready to use.

Signed-off-by: Norv <a.w.norv@gmail.com>
@norv
Add server_software() to Request, to query for the webserver.
45b5524 
Signed-off-by: Norv <a.w.norv@gmail.com>
@norv
Refactor $_SERVER['HTTP_USER_AGENT'] to user_agent().
437d977 
Signed-off-by: Norv <a.w.norv@gmail.com>
@norv
Add scheme, https or http
0a930ed 
Signed-off-by: Norv <a.w.norv@gmail.com>
@norv
Add Request tests. These are the first *unit* tests, they test a self…
4163f02 
…-contained

unit of behavior.
Well in the measure accepting superglobals directly and filling globals counts as self-contained. :P

Signed-off-by: Norv <a.w.norv@gmail.com>
norv added a commit that referenced this pull request Jun 21, 2013
@norv
Merge pull request #431 from norv/querystring.php
34bd7d6 
Querystring.php
@norv norv merged commit 34bd7d6 into elkarte:master Jun 21, 2013
@Spuds
Copy link
Contributor

Spuds commented Jun 21, 2013

Awesomeness 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.0 Beta
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@norv @joshuaadickerson @Spuds