System: implement URL sanitization in process pages

modules/Admissions/admissions_manage_editProcess.php

@@ -20,10 +20,13 @@
 */
 
 use Gibbon\Http\Url;
+use Gibbon\Data\Validator;
 use Gibbon\Domain\Admissions\AdmissionsAccountGateway;
 
 require_once '../../gibbon.php';
 
+$_POST = $container->get(Validator::class)->sanitize($_POST);
+
 $gibbonAdmissionsAccountID = $_POST['gibbonAdmissionsAccountID'] ?? '';
 $search = $_POST['search'] ?? '';
 

modules/Admissions/applicationFormSelectProcess.php

@@ -20,13 +20,16 @@
 */
 
 use Gibbon\Http\Url;
+use Gibbon\Data\Validator;
 use Gibbon\Services\Format;
 use Gibbon\Comms\EmailTemplate;
 use Gibbon\Contracts\Comms\Mailer;
 use Gibbon\Domain\Admissions\AdmissionsAccountGateway;
 
 require_once '../../gibbon.php';
 
+$_POST = $container->get(Validator::class)->sanitize($_POST);
+
 $gibbonFormID = $_POST['gibbonFormID'] ?? '';
 $email = $_POST['admissionsLoginEmail'] ?? '';
 

modules/Admissions/applicationFormViewProcess.php

@@ -20,12 +20,14 @@
 */
 
 use Gibbon\Http\Url;
+use Gibbon\Data\Validator;
 use Gibbon\Domain\User\UserGateway;
 use Gibbon\Domain\Admissions\AdmissionsAccountGateway;
-use Gibbon\Domain\User\FamilyGateway;
 
 require_once '../../gibbon.php';
 
+$_POST = $container->get(Validator::class)->sanitize($_POST);
+
 $gibbonPersonID = $session->get('gibbonPersonID');
 
 $URL = Url::fromModuleRoute('Admissions', 'applicationFormView');

modules/Departments/department_editProcess.php

@@ -22,7 +22,7 @@
 
 require_once '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST, ['blurb' => 'HTML']);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['blurb' => 'HTML', 'url*' => 'URL']);
 
 //Module includes
 include './moduleFunctions.php';

modules/Library/library_manage_catalog_addProcess.php

@@ -24,7 +24,7 @@
 
 include '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['imageLink' => 'URL', 'fieldLink' => 'URL']);
 
 include './moduleFunctions.php';
 

modules/Library/library_manage_catalog_editProcess.php

@@ -26,7 +26,7 @@
 
 require_once '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['imageLink' => 'URL', 'fieldLink' => 'URL']);
 
 include './moduleFunctions.php';
 

modules/Planner/planner_view_full_submitProcess.php

@@ -23,7 +23,7 @@
 
 require_once '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['link' => 'URL']);
 
 //Module includes
 include './moduleFunctions.php';

modules/Planner/planner_view_full_submit_editProcess.php

@@ -23,7 +23,7 @@
 
 require_once '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['link' => 'URL']);
 
 //Module includes
 include './moduleFunctions.php';

modules/Planner/resources_add_ajaxProcess.php

@@ -22,7 +22,7 @@
 
 require_once '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['*link' => 'URL']);
 
 $time = time();
 

modules/Planner/resources_manage_addProcess.php

@@ -22,7 +22,7 @@
 
 include '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST, ['html' => 'HTML']);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['html' => 'HTML', 'link' => 'URL']);
 
 $URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address']).'/resources_manage_add.php&search='.$_GET['search'];
 $time = time();

modules/Planner/resources_manage_editProcess.php

@@ -22,7 +22,7 @@
 
 require_once '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST, ['html' => 'HTML']);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['html' => 'HTML', 'link' => 'URL']);
 
 $gibbonResourceID = $_GET['gibbonResourceID'] ?? '';
 $URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address'])."/resources_manage_edit.php&gibbonResourceID=$gibbonResourceID&search=".$_GET['search'];

modules/School Admin/behaviourSettingsProcess.php

@@ -22,7 +22,7 @@
 
 require_once '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['policyLink' => 'URL']);
 
 $URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address']).'/behaviourSettings.php';
 

modules/School Admin/formGroup_manage_addProcess.php

@@ -22,7 +22,7 @@
 
 include '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['website' => 'URL']);
 
 $gibbonSchoolYearID = $_POST['gibbonSchoolYearID'] ?? '';
 $URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address'])."/formGroup_manage_add.php&gibbonSchoolYearID=$gibbonSchoolYearID";

modules/School Admin/formGroup_manage_editProcess.php

@@ -22,7 +22,7 @@
 
 require_once '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['website' => 'URL']);
 
 $gibbonSchoolYearID = $_POST['gibbonSchoolYearID'] ?? '';
 $gibbonFormGroupID = $_GET['gibbonFormGroupID'] ?? '';

modules/Staff/coverage_view_editProcess.php

@@ -25,7 +25,7 @@
 
 require_once '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST, ['text' => 'HTML']);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['text' => 'HTML', 'link' => 'URL']);
 
 $gibbonStaffCoverageID = $_POST['gibbonStaffCoverageID'] ?? '';
 

modules/System Admin/formBuilder_addProcess.php

@@ -19,10 +19,13 @@
 along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
 
+use Gibbon\Data\Validator;
 use Gibbon\Domain\Forms\FormGateway;
 
 require_once '../../gibbon.php';
 
+$_POST = $container->get(Validator::class)->sanitize($_POST);
+
 $search = $_GET['search'] ?? '';
 
 $URL = $session->get('absoluteURL').'/index.php?q=/modules/System Admin/formBuilder_add.php&search='.$search;

modules/System Admin/formBuilder_editConfigProcess.php

@@ -19,10 +19,13 @@
 along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
 
+use Gibbon\Data\Validator;
 use Gibbon\Domain\Forms\FormGateway;
 
 require_once '../../gibbon.php';
 
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['studentDefaultWebsite' => 'URL', 'applicationRefereeLink' => 'URL']);
+
 $gibbonFormID = $_POST['gibbonFormID'] ?? '';
 
 $URL = $session->get('absoluteURL').'/index.php?q=/modules/System Admin/formBuilder_edit.php&gibbonFormID='.$gibbonFormID;

modules/System Admin/formBuilder_editProcess.php

@@ -19,10 +19,13 @@
 along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
 
+use Gibbon\Data\Validator;
 use Gibbon\Domain\Forms\FormGateway;
 
 require_once '../../gibbon.php';
 
+$_POST = $container->get(Validator::class)->sanitize($_POST);
+
 $gibbonFormID = $_POST['gibbonFormID'] ?? '';
 
 $URL = $session->get('absoluteURL').'/index.php?q=/modules/System Admin/formBuilder_edit.php&gibbonFormID='.$gibbonFormID;

modules/System Admin/formBuilder_page_addProcess.php

@@ -20,9 +20,12 @@
 */
 
 use Gibbon\Domain\Forms\FormPageGateway;
+use Gibbon\Data\Validator;
 
 require_once '../../gibbon.php';
 
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['introduction' => 'HTML', 'postscript' => 'HTML']);
+
 $gibbonFormID = $_POST['gibbonFormID'] ?? '';
 $redirect = $_POST['redirect'] ?? '';
 

modules/System Admin/formBuilder_page_editProcess.php

@@ -20,9 +20,12 @@
 */
 
 use Gibbon\Domain\Forms\FormPageGateway;
+use Gibbon\Data\Validator;
 
 require_once '../../gibbon.php';
 
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['introduction' => 'HTML', 'postscript' => 'HTML']);
+
 $gibbonFormID = $_POST['gibbonFormID'] ?? '';
 $gibbonFormPageID = $_POST['gibbonFormPageID'] ?? '';
 

modules/System Admin/formBuilder_page_edit_field_addProcess.php

@@ -21,9 +21,12 @@
 
 use Gibbon\Domain\Forms\FormFieldGateway;
 use Gibbon\Forms\Builder\FormBuilder;
+use Gibbon\Data\Validator;
 
 require_once '../../gibbon.php';
 
+$_POST = $container->get(Validator::class)->sanitize($_POST);
+
 $urlParams = [
     'gibbonFormID'     => $_POST['gibbonFormID'] ?? '',
     'gibbonFormPageID' => $_POST['gibbonFormPageID'] ?? '',

modules/System Admin/formBuilder_page_edit_field_editProcess.php

@@ -20,9 +20,12 @@
 */
 
 use Gibbon\Domain\Forms\FormFieldGateway;
+use Gibbon\Data\Validator;
 
 require_once '../../gibbon.php';
 
+$_POST = $container->get(Validator::class)->sanitize($_POST);
+
 $urlParams = [
     'gibbonFormID'      => $_REQUEST['gibbonFormID'] ?? '',
     'gibbonFormPageID'  => $_REQUEST['gibbonFormPageID'] ?? '',

modules/System Admin/systemSettingsProcess.php

@@ -25,7 +25,7 @@
 
 require_once '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST, ['indexText' => 'HTML', 'analytics' => 'RAW']);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['indexText' => 'HTML', 'analytics' => 'RAW', 'emailLink' => 'URL', 'webLink' => 'URL']);
 include '../../config.php';
 
 // Module includes

modules/System Admin/thirdPartySettings_ssoEditProcess.php

@@ -24,7 +24,7 @@
 
 require_once '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['authorizeEndpoint' => 'URL', 'tokenEndpoint' => 'URL', 'userEndpoint' => 'URL']);
 
 $sso = $_POST['sso'] ?? '';
 

modules/User Admin/applicationFormSettingsProcess.php

@@ -24,7 +24,7 @@
 
 require_once '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST, ['introduction' => 'HTML', 'postscript' => 'HTML']);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['introduction' => 'HTML', 'postscript' => 'HTML', 'applicationFormRefereeLink' => 'URL', 'studentDefaultWebsite' => 'URL']);
 
 $URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address']).'/applicationFormSettings.php';
 

modules/User Admin/staffApplicationFormSettingsProcess.php

@@ -22,7 +22,7 @@
 
 require_once '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST, ['staffApplicationFormIntroduction' => 'HTML', 'staffApplicationFormQuestions' => 'HTML', 'staffApplicationFormPostscript' => 'HTML', 'staffApplicationFormAgreement' => 'HTML', 'staffApplicationFormRequiredDocumentsText' => 'HTML', 'staffApplicationFormNotificationMessage' => 'HTML']);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['staffApplicationFormIntroduction' => 'HTML', 'staffApplicationFormQuestions' => 'HTML', 'staffApplicationFormPostscript' => 'HTML', 'staffApplicationFormAgreement' => 'HTML', 'staffApplicationFormRequiredDocumentsText' => 'HTML', 'staffApplicationFormNotificationMessage' => 'HTML', 'refereeLinks' => 'URL']);
 
 $URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address']).'/staffApplicationFormSettings.php';
 

modules/User Admin/user_manage_addProcess.php

@@ -30,7 +30,7 @@
 
 include '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['website' => 'URL']);
 
 $URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address']).'/user_manage_add.php&search='.$_GET['search'];
 

modules/User Admin/user_manage_editProcess.php

@@ -30,7 +30,7 @@
 
 require_once '../../gibbon.php';
 
-$_POST = $container->get(Validator::class)->sanitize($_POST);
+$_POST = $container->get(Validator::class)->sanitize($_POST, ['website' => 'URL']);
 
 //Module includes
 include './moduleFunctions.php';

preferencesProcess.php

@@ -26,7 +26,7 @@
 
 // Sanitize the whole $_POST array
 $validator = $container->get(Validator::class);
-$_POST = $validator->sanitize($_POST);
+$_POST = $validator->sanitize($_POST, ['personalBackground' => 'URL']);
 
 $calendarFeedPersonal = $_POST['calendarFeedPersonal'] ?? '';
 $personalBackground = $_POST['personalBackground'] ?? '';