From 4724000d06cd47bd5eee97111f2723962007d3dc Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 16 Jan 2022 14:04:20 +0000 Subject: [PATCH] Unify request value handling --- src/BaseModule.php | 58 ++++++++++++++----- src/Module/Api/Friendica/Group/Create.php | 2 +- src/Module/Api/Friendica/Group/Show.php | 2 +- src/Module/Api/Friendica/Group/Update.php | 4 +- src/Module/Api/Friendica/Photo/Create.php | 14 ++--- src/Module/Api/Friendica/Photo/Update.php | 16 ++--- .../Api/GNUSocial/Statusnet/Conversation.php | 8 +-- .../Api/Twitter/DirectMessagesEndpoint.php | 12 ++-- src/Module/Api/Twitter/Favorites.php | 8 +-- src/Module/Api/Twitter/Lists/Create.php | 2 +- src/Module/Api/Twitter/Lists/Destroy.php | 2 +- src/Module/Api/Twitter/Lists/Statuses.php | 14 ++--- src/Module/Api/Twitter/Lists/Update.php | 4 +- .../Api/Twitter/Statuses/HomeTimeline.php | 12 ++-- src/Module/Api/Twitter/Statuses/Mentions.php | 8 +-- .../Api/Twitter/Statuses/PublicTimeline.php | 12 ++-- 16 files changed, 105 insertions(+), 73 deletions(-) diff --git a/src/BaseModule.php b/src/BaseModule.php index 06d9da66a..d85e895a1 100644 --- a/src/BaseModule.php +++ b/src/BaseModule.php @@ -260,19 +260,7 @@ abstract class BaseModule implements ICanHandleRequests $request = []; foreach ($defaults as $parameter => $defaultvalue) { - if (is_string($defaultvalue)) { - $request[$parameter] = (string)($input[$parameter] ?? $defaultvalue); - } elseif (is_int($defaultvalue)) { - $request[$parameter] = filter_var($input[$parameter] ?? $defaultvalue, FILTER_VALIDATE_INT); - } elseif (is_float($defaultvalue)) { - $request[$parameter] = filter_var($input[$parameter] ?? $defaultvalue, FILTER_VALIDATE_FLOAT); - } elseif (is_array($defaultvalue)) { - $request[$parameter] = filter_var($input[$parameter] ?? $defaultvalue, FILTER_DEFAULT, ['flags' => FILTER_FORCE_ARRAY]); - } elseif (is_bool($defaultvalue)) { - $request[$parameter] = filter_var($input[$parameter] ?? $defaultvalue, FILTER_VALIDATE_BOOLEAN); - } else { - $this->logger->notice('Unhandled default value type', ['parameter' => $parameter, 'type' => gettype($defaultvalue)]); - } + $request[$parameter] = $this->getRequestValue($input, $parameter, $defaultvalue); } foreach ($input ?? [] as $parameter => $value) { @@ -288,6 +276,50 @@ abstract class BaseModule implements ICanHandleRequests return $request; } + /** + * Fetch a request value and apply default values and check against minimal and maximal values + * + * @param array $input + * @param string $parameter + * @param mixed $default + * @param mixed $minimal_value + * @param mixed $maximum_value + * @return mixed + */ + public function getRequestValue(array $input, string $parameter, $default = null, $minimal_value = null, $maximum_value = null) + { + if (is_string($default)) { + $value = (string)($input[$parameter] ?? $default); + } elseif (is_int($default)) { + $value = filter_var($input[$parameter] ?? $default, FILTER_VALIDATE_INT); + if (!is_null($minimal_value)) { + $value = max(filter_var($minimal_value, FILTER_VALIDATE_INT), $value); + } + if (!is_null($maximum_value)) { + $value = min(filter_var($minimal_value, FILTER_VALIDATE_INT), $value); + } + } elseif (is_float($default)) { + $value = filter_var($input[$parameter] ?? $default, FILTER_VALIDATE_FLOAT); + if (!is_null($minimal_value)) { + $value = max(filter_var($minimal_value, FILTER_VALIDATE_FLOAT), $value); + } + if (!is_null($maximum_value)) { + $value = min(filter_var($minimal_value, FILTER_VALIDATE_FLOAT), $value); + } + } elseif (is_array($default)) { + $value = filter_var($input[$parameter] ?? $default, FILTER_DEFAULT, ['flags' => FILTER_FORCE_ARRAY]); + } elseif (is_bool($default)) { + $value = filter_var($input[$parameter] ?? $default, FILTER_VALIDATE_BOOLEAN); + } elseif (is_null($default)) { + $value = $input[$parameter] ?? null; + } else { + $this->logger->notice('Unhandled default value type', ['parameter' => $parameter, 'type' => gettype($default)]); + $value = null; + } + + return $value; + } + /* * Functions used to protect against Cross-Site Request Forgery * The security token has to base on at least one value that an attacker can't know - here it's the session ID and the private key. diff --git a/src/Module/Api/Friendica/Group/Create.php b/src/Module/Api/Friendica/Group/Create.php index 2742bae8c..3b0f03013 100644 --- a/src/Module/Api/Friendica/Group/Create.php +++ b/src/Module/Api/Friendica/Group/Create.php @@ -37,7 +37,7 @@ class Create extends BaseApi $uid = BaseApi::getCurrentUserID(); // params - $name = $request['name'] ?? ''; + $name = $this->getRequestValue($request, 'name', ''); $json = json_decode($request['json'], true); $users = $json['user']; diff --git a/src/Module/Api/Friendica/Group/Show.php b/src/Module/Api/Friendica/Group/Show.php index f735e7c11..ec0bdd134 100644 --- a/src/Module/Api/Friendica/Group/Show.php +++ b/src/Module/Api/Friendica/Group/Show.php @@ -39,7 +39,7 @@ class Show extends BaseApi $type = $this->parameters['extension'] ?? ''; // params - $gid = $request['gid'] ?? 0; + $gid = $this->getRequestValue($request, 'gid', 0); // get data of the specified group id or all groups if not specified if ($gid != 0) { diff --git a/src/Module/Api/Friendica/Group/Update.php b/src/Module/Api/Friendica/Group/Update.php index 5b18af236..defbeed1c 100644 --- a/src/Module/Api/Friendica/Group/Update.php +++ b/src/Module/Api/Friendica/Group/Update.php @@ -38,8 +38,8 @@ class Update extends BaseApi $uid = BaseApi::getCurrentUserID(); // params - $gid = $request['gid'] ?? 0; - $name = $request['name'] ?? ''; + $gid = $this->getRequestValue($request, 'gid', 0); + $name = $this->getRequestValue($request, 'name', ''); $json = json_decode($request['json'], true); $users = $json['user']; diff --git a/src/Module/Api/Friendica/Photo/Create.php b/src/Module/Api/Friendica/Photo/Create.php index 460bff40f..0eeb45514 100644 --- a/src/Module/Api/Friendica/Photo/Create.php +++ b/src/Module/Api/Friendica/Photo/Create.php @@ -54,13 +54,13 @@ class Create extends BaseApi $uid = BaseApi::getCurrentUserID(); $type = $this->parameters['extension'] ?? ''; - // input params - $desc = $request['desc'] ?? null; - $album = $request['album'] ?? null; - $allow_cid = $request['allow_cid'] ?? null; - $deny_cid = $request['deny_cid' ] ?? null; - $allow_gid = $request['allow_gid'] ?? null; - $deny_gid = $request['deny_gid' ] ?? null; + // input params + $desc = $this->getRequestValue($request, 'desc'); + $album = $this->getRequestValue($request, 'album'); + $allow_cid = $this->getRequestValue($request, 'allow_cid'); + $deny_cid = $this->getRequestValue($request, 'deny_cid'); + $allow_gid = $this->getRequestValue($request, 'allow_gid'); + $deny_gid = $this->getRequestValue($request, 'deny_gid'); // do several checks on input parameters // we do not allow calls without album string diff --git a/src/Module/Api/Friendica/Photo/Update.php b/src/Module/Api/Friendica/Photo/Update.php index a7ac91460..ccb9f9150 100644 --- a/src/Module/Api/Friendica/Photo/Update.php +++ b/src/Module/Api/Friendica/Photo/Update.php @@ -55,14 +55,14 @@ class Update extends BaseApi $type = $this->parameters['extension'] ?? ''; // input params - $photo_id = $request['photo_id'] ?? null; - $desc = $request['desc'] ?? null; - $album = $request['album'] ?? null; - $album_new = $request['album_new'] ?? null; - $allow_cid = $request['allow_cid'] ?? null; - $deny_cid = $request['deny_cid' ] ?? null; - $allow_gid = $request['allow_gid'] ?? null; - $deny_gid = $request['deny_gid' ] ?? null; + $photo_id = $this->getRequestValue($request, 'photo_id'); + $desc = $this->getRequestValue($request, 'desc'); + $album = $this->getRequestValue($request, 'album'); + $album_new = $this->getRequestValue($request, 'album_new'); + $allow_cid = $this->getRequestValue($request, 'allow_cid'); + $deny_cid = $this->getRequestValue($request, 'deny_cid'); + $allow_gid = $this->getRequestValue($request, 'allow_gid'); + $deny_gid = $this->getRequestValue($request, 'deny_gid'); // do several checks on input parameters // we do not allow calls without album string diff --git a/src/Module/Api/GNUSocial/Statusnet/Conversation.php b/src/Module/Api/GNUSocial/Statusnet/Conversation.php index cd70cb502..77fdc034b 100644 --- a/src/Module/Api/GNUSocial/Statusnet/Conversation.php +++ b/src/Module/Api/GNUSocial/Statusnet/Conversation.php @@ -41,10 +41,10 @@ class Conversation extends BaseApi // params $id = $this->parameters['id'] ?? 0; - $since_id = $request['since_id'] ?? 0; - $max_id = $request['max_id'] ?? 0; - $count = $request['count'] ?? 20; - $page = $request['page'] ?? 1; + $since_id = $this->getRequestValue($request, 'since_id', 0); + $max_id = $this->getRequestValue($request, 'max_id', 0); + $count = $this->getRequestValue($request, 'count', 20); + $page = $this->getRequestValue($request, 'page', 1); $start = max(0, ($page - 1) * $count); diff --git a/src/Module/Api/Twitter/DirectMessagesEndpoint.php b/src/Module/Api/Twitter/DirectMessagesEndpoint.php index c88e43036..a1f519975 100644 --- a/src/Module/Api/Twitter/DirectMessagesEndpoint.php +++ b/src/Module/Api/Twitter/DirectMessagesEndpoint.php @@ -58,12 +58,12 @@ abstract class DirectMessagesEndpoint extends BaseApi protected function getMessages(array $request, int $uid, array $condition) { // params - $count = filter_var($request['count'] ?? 20, FILTER_VALIDATE_INT, ['options' => ['max_range' => 100]]); - $page = filter_var($request['page'] ?? 1, FILTER_VALIDATE_INT, ['options' => ['min_range' => 1]]); - $since_id = filter_var($request['since_id'] ?? 0, FILTER_VALIDATE_INT); - $max_id = filter_var($request['max_id'] ?? 0, FILTER_VALIDATE_INT); - $min_id = filter_var($request['min_id'] ?? 0, FILTER_VALIDATE_INT); - $verbose = filter_var($request['friendica_verbose'] ?? false, FILTER_VALIDATE_BOOLEAN); + $count = $this->getRequestValue($request, 'count', 20, 1, 100); + $page = $this->getRequestValue($request, 'page', 1, 1); + $since_id = $this->getRequestValue($request, 'since_id', 0, 1); + $max_id = $this->getRequestValue($request, 'max_id', 0, 1); + $min_id = $this->getRequestValue($request, 'min_id', 0, 1); + $verbose = $this->getRequestValue($request, 'friendica_verbose', false); // pagination $start = max(0, ($page - 1) * $count); diff --git a/src/Module/Api/Twitter/Favorites.php b/src/Module/Api/Twitter/Favorites.php index 9a7149cab..56aa26cda 100644 --- a/src/Module/Api/Twitter/Favorites.php +++ b/src/Module/Api/Twitter/Favorites.php @@ -45,10 +45,10 @@ class Favorites extends BaseApi Logger::info(BaseApi::LOG_PREFIX . 'for {self}', ['module' => 'api', 'action' => 'favorites']); // params - $since_id = $request['since_id'] ?? 0; - $max_id = $request['max_id'] ?? 0; - $count = $request['count'] ?? 20; - $page = $request['page'] ?? 1; + $count = $this->getRequestValue($request, 'count', 20, 1, 100); + $page = $this->getRequestValue($request, 'page', 1, 1); + $since_id = $this->getRequestValue($request, 'since_id', 0, 1); + $max_id = $this->getRequestValue($request, 'max_id', 0, 1); $start = max(0, ($page - 1) * $count); diff --git a/src/Module/Api/Twitter/Lists/Create.php b/src/Module/Api/Twitter/Lists/Create.php index 799f01a4c..26e94eb1a 100644 --- a/src/Module/Api/Twitter/Lists/Create.php +++ b/src/Module/Api/Twitter/Lists/Create.php @@ -60,7 +60,7 @@ class Create extends BaseApi $uid = BaseApi::getCurrentUserID(); // params - $name = $request['name'] ?? ''; + $name = $this->getRequestValue($request, 'name', ''); if ($name == '') { throw new HTTPException\BadRequestException('group name not specified'); diff --git a/src/Module/Api/Twitter/Lists/Destroy.php b/src/Module/Api/Twitter/Lists/Destroy.php index 2bb9642df..8390bab77 100644 --- a/src/Module/Api/Twitter/Lists/Destroy.php +++ b/src/Module/Api/Twitter/Lists/Destroy.php @@ -60,7 +60,7 @@ class Destroy extends BaseApi $uid = BaseApi::getCurrentUserID(); // params - $gid = $request['list_id'] ?? 0; + $gid = $this->getRequestValue($request, 'list_id', 0); // error if no gid specified if ($gid == 0) { diff --git a/src/Module/Api/Twitter/Lists/Statuses.php b/src/Module/Api/Twitter/Lists/Statuses.php index 301966a6a..268ad8194 100644 --- a/src/Module/Api/Twitter/Lists/Statuses.php +++ b/src/Module/Api/Twitter/Lists/Statuses.php @@ -65,12 +65,12 @@ class Statuses extends BaseApi } // params - $count = $request['count'] ?? 20; - $page = $request['page'] ?? 1; - $since_id = $request['since_id'] ?? 0; - $max_id = $request['max_id'] ?? 0; - $exclude_replies = (!empty($request['exclude_replies']) ? 1 : 0); - $conversation_id = $request['conversation_id'] ?? 0; + $count = $this->getRequestValue($request, 'count', 20); + $page = $this->getRequestValue($request, 'page', 1); + $since_id = $this->getRequestValue($request, 'since_id', 0); + $max_id = $this->getRequestValue($request, 'max_id', 0); + $exclude_replies = $this->getRequestValue($request, 'exclude_replies', false); + $conversation_id = $this->getRequestValue($request, 'conversation_id', 0); $start = max(0, ($page - 1) * $count); @@ -83,7 +83,7 @@ class Statuses extends BaseApi $condition[0] .= " AND `id` <= ?"; $condition[] = $max_id; } - if ($exclude_replies > 0) { + if ($exclude_replies) { $condition[0] .= ' AND `gravity` = ?'; $condition[] = GRAVITY_PARENT; } diff --git a/src/Module/Api/Twitter/Lists/Update.php b/src/Module/Api/Twitter/Lists/Update.php index 34a0b658f..e7929e77d 100644 --- a/src/Module/Api/Twitter/Lists/Update.php +++ b/src/Module/Api/Twitter/Lists/Update.php @@ -60,8 +60,8 @@ class Update extends BaseApi $uid = BaseApi::getCurrentUserID(); // params - $gid = $request['list_id'] ?? 0; - $name = $request['name'] ?? ''; + $gid = $this->getRequestValue($request, 'list_id', 0); + $name = $this->getRequestValue($request, 'name', ''); // error if no gid specified if ($gid == 0) { diff --git a/src/Module/Api/Twitter/Statuses/HomeTimeline.php b/src/Module/Api/Twitter/Statuses/HomeTimeline.php index 8a54aeda6..c45342a52 100644 --- a/src/Module/Api/Twitter/Statuses/HomeTimeline.php +++ b/src/Module/Api/Twitter/Statuses/HomeTimeline.php @@ -43,12 +43,12 @@ class HomeTimeline extends BaseApi // get last network messages // params - $count = $_REQUEST['count'] ?? 20; - $page = $_REQUEST['page'] ?? 0; - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - $exclude_replies = !empty($_REQUEST['exclude_replies']); - $conversation_id = $_REQUEST['conversation_id'] ?? 0; + $count = $this->getRequestValue($request, 'count', 20, 1, 100); + $page = $this->getRequestValue($request, 'page', 1, 1); + $since_id = $this->getRequestValue($request, 'since_id', 0, 1); + $max_id = $this->getRequestValue($request, 'max_id', 0, 1); + $exclude_replies = $this->getRequestValue($request, 'exclude_replies', false); + $conversation_id = $this->getRequestValue($request, 'conversation_id', 0); $start = max(0, ($page - 1) * $count); diff --git a/src/Module/Api/Twitter/Statuses/Mentions.php b/src/Module/Api/Twitter/Statuses/Mentions.php index cb66a49f1..954aca57b 100644 --- a/src/Module/Api/Twitter/Statuses/Mentions.php +++ b/src/Module/Api/Twitter/Statuses/Mentions.php @@ -42,10 +42,10 @@ class Mentions extends BaseApi // get last network messages // params - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - $count = $_REQUEST['count'] ?? 20; - $page = $_REQUEST['page'] ?? 1; + $count = $this->getRequestValue($request, 'count', 20, 1, 100); + $page = $this->getRequestValue($request, 'page', 1, 1); + $since_id = $this->getRequestValue($request, 'since_id', 0, 1); + $max_id = $this->getRequestValue($request, 'max_id', 0, 1); $start = max(0, ($page - 1) * $count); diff --git a/src/Module/Api/Twitter/Statuses/PublicTimeline.php b/src/Module/Api/Twitter/Statuses/PublicTimeline.php index 5508d3b09..53950573b 100644 --- a/src/Module/Api/Twitter/Statuses/PublicTimeline.php +++ b/src/Module/Api/Twitter/Statuses/PublicTimeline.php @@ -41,12 +41,12 @@ class PublicTimeline extends BaseApi // get last network messages // params - $count = $_REQUEST['count'] ?? 20; - $page = $_REQUEST['page'] ?? 1; - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - $exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0); - $conversation_id = $_REQUEST['conversation_id'] ?? 0; + $count = $this->getRequestValue($request, 'count', 20, 1, 100); + $page = $this->getRequestValue($request, 'page', 1, 1); + $since_id = $this->getRequestValue($request, 'since_id', 0, 1); + $max_id = $this->getRequestValue($request, 'max_id', 0, 1); + $exclude_replies = $this->getRequestValue($request, 'exclude_replies', false); + $conversation_id = $this->getRequestValue($request, 'conversation_id', 0); $start = max(0, ($page - 1) * $count);