From b1ca30c2175bccc065fd10270d27b0cedc71fe17 Mon Sep 17 00:00:00 2001 From: Sandra Kuipers Date: Sun, 19 May 2024 16:00:16 +0800 Subject: [PATCH] Revert "Forms: apply input and output filtering to FileUpload fields" This reverts commit 0147918441a85263b770340567fcdea94bbee7e5. --- modules/Data Updater/data_medicalProcess.php | 2 +- .../externalAssessment_manage_details_editProcess.php | 2 +- .../internalAssessment_manage_editProcess.php | 2 +- .../internalAssessment_write_dataProcess.php | 2 +- modules/Markbook/markbook_edit_dataProcess.php | 2 +- modules/Markbook/markbook_edit_editProcess.php | 2 +- modules/Planner/resources_manage_editProcess.php | 2 +- modules/Planner/units_editProcess.php | 2 +- modules/Reports/reporting_writeProcess.php | 3 +-- modules/Reports/reporting_write_byStudentProcess.php | 3 +-- .../School Admin/department_manage_editProcess.php | 2 +- modules/School Admin/house_manage.php | 2 +- modules/School Admin/house_manage_editProcess.php | 3 +-- modules/Staff/coverage_view_editProcess.php | 2 +- .../Staff/staff_manage_edit_contract_editProcess.php | 2 +- .../medicalForm_manage_condition_editProcess.php | 2 +- modules/System Admin/alarmProcess.php | 2 +- modules/System Admin/displaySettingsProcess.php | 2 +- modules/System Admin/systemSettingsProcess.php | 2 +- modules/User Admin/user_manage_editProcess.php | 2 +- src/Forms/CustomFieldHandler.php | 11 +---------- src/Forms/PersonalDocumentHandler.php | 7 ++----- 22 files changed, 23 insertions(+), 38 deletions(-) diff --git a/modules/Data Updater/data_medicalProcess.php b/modules/Data Updater/data_medicalProcess.php index 5a2f8d2655..88ba75b142 100644 --- a/modules/Data Updater/data_medicalProcess.php +++ b/modules/Data Updater/data_medicalProcess.php @@ -29,7 +29,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['attachment*' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST); $gibbonPersonID = $_GET['gibbonPersonID'] ?? ''; $address = $_POST['address'] ?? ''; diff --git a/modules/Formal Assessment/externalAssessment_manage_details_editProcess.php b/modules/Formal Assessment/externalAssessment_manage_details_editProcess.php index 760601c9e9..fd7b92e178 100644 --- a/modules/Formal Assessment/externalAssessment_manage_details_editProcess.php +++ b/modules/Formal Assessment/externalAssessment_manage_details_editProcess.php @@ -24,7 +24,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['attachment' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST); $gibbonPersonID = $_POST['gibbonPersonID'] ?? ''; $gibbonExternalAssessmentStudentID = $_POST['gibbonExternalAssessmentStudentID'] ?? ''; diff --git a/modules/Formal Assessment/internalAssessment_manage_editProcess.php b/modules/Formal Assessment/internalAssessment_manage_editProcess.php index 5d822cb67e..f16a296618 100644 --- a/modules/Formal Assessment/internalAssessment_manage_editProcess.php +++ b/modules/Formal Assessment/internalAssessment_manage_editProcess.php @@ -24,7 +24,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['attachment' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST); $gibbonCourseClassID = $_GET['gibbonCourseClassID'] ?? ''; $gibbonInternalAssessmentColumnID = $_GET['gibbonInternalAssessmentColumnID'] ?? ''; diff --git a/modules/Formal Assessment/internalAssessment_write_dataProcess.php b/modules/Formal Assessment/internalAssessment_write_dataProcess.php index f3fdde1694..9424fe6a25 100644 --- a/modules/Formal Assessment/internalAssessment_write_dataProcess.php +++ b/modules/Formal Assessment/internalAssessment_write_dataProcess.php @@ -24,7 +24,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['attachment' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST); $gibbonCourseClassID = $_GET['gibbonCourseClassID'] ?? ''; $gibbonInternalAssessmentColumnID = $_GET['gibbonInternalAssessmentColumnID'] ?? ''; diff --git a/modules/Markbook/markbook_edit_dataProcess.php b/modules/Markbook/markbook_edit_dataProcess.php index 2d84f69931..9b09c9fdc9 100644 --- a/modules/Markbook/markbook_edit_dataProcess.php +++ b/modules/Markbook/markbook_edit_dataProcess.php @@ -26,7 +26,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['attachment*' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST); $logGateway = $container->get(LogGateway::class); $settingGateway = $container->get(SettingGateway::class); diff --git a/modules/Markbook/markbook_edit_editProcess.php b/modules/Markbook/markbook_edit_editProcess.php index 59fb08b8c7..cf14a5206d 100644 --- a/modules/Markbook/markbook_edit_editProcess.php +++ b/modules/Markbook/markbook_edit_editProcess.php @@ -25,7 +25,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['attachment' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST); $settingGateway = $container->get(SettingGateway::class); $enableEffort = $settingGateway->getSettingByScope('Markbook', 'enableEffort'); diff --git a/modules/Planner/resources_manage_editProcess.php b/modules/Planner/resources_manage_editProcess.php index 04e308b9b6..80d520d062 100644 --- a/modules/Planner/resources_manage_editProcess.php +++ b/modules/Planner/resources_manage_editProcess.php @@ -22,7 +22,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['html' => 'HTML', 'link' => 'URL', 'content' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST, ['html' => 'HTML', 'link' => 'URL']); $gibbonResourceID = $_GET['gibbonResourceID'] ?? ''; $URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address'])."/resources_manage_edit.php&gibbonResourceID=$gibbonResourceID&search=".$_GET['search']; diff --git a/modules/Planner/units_editProcess.php b/modules/Planner/units_editProcess.php index 66c0810d49..cc687bb900 100644 --- a/modules/Planner/units_editProcess.php +++ b/modules/Planner/units_editProcess.php @@ -24,7 +24,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['details' => 'HTML', 'contents*' => 'HTML', 'teachersNotes*' => 'HTML', 'attachment' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST, ['details' => 'HTML', 'contents*' => 'HTML', 'teachersNotes*' => 'HTML']); $gibbonSchoolYearID = $_GET['gibbonSchoolYearID'] ?? ''; $gibbonCourseID = $_GET['gibbonCourseID'] ?? ''; diff --git a/modules/Reports/reporting_writeProcess.php b/modules/Reports/reporting_writeProcess.php index 0556795ddf..7ecb4995a0 100644 --- a/modules/Reports/reporting_writeProcess.php +++ b/modules/Reports/reporting_writeProcess.php @@ -55,7 +55,6 @@ $reportingCriteriaGateway = $container->get(ReportingCriteriaGateway::class); $reportingAccessGateway = $container->get(ReportingAccessGateway::class); $fileUploader = $container->get(FileUploader::class); - $validator = $container->get(Validator::class); $values = $_POST['value'] ?? []; @@ -120,7 +119,7 @@ if (!empty($_FILES['file'.$gibbonReportingCriteriaID]['tmp_name'])) { $data['value'] = $fileUploader->uploadAndResizeImage($_FILES['file'.$gibbonReportingCriteriaID], 'reportFile', $criteriaOptions['imageSize'] ?? 1024, $criteriaOptions['imageQuality'] ?? 80); } else { - $data['value'] = $validator->sanitizeUrl($value, false); + $data['value'] = $value; } } else { $data['value'] = $value; diff --git a/modules/Reports/reporting_write_byStudentProcess.php b/modules/Reports/reporting_write_byStudentProcess.php index 048d259329..86abeb3ee9 100644 --- a/modules/Reports/reporting_write_byStudentProcess.php +++ b/modules/Reports/reporting_write_byStudentProcess.php @@ -58,7 +58,6 @@ $reportingCriteriaGateway = $container->get(ReportingCriteriaGateway::class); $reportingAccessGateway = $container->get(ReportingAccessGateway::class); $fileUploader = $container->get(FileUploader::class); - $validator = $container->get(Validator::class); $values = $_POST['value'] ?? []; @@ -123,7 +122,7 @@ if (!empty($_FILES['file'.$gibbonReportingCriteriaID]['tmp_name'])) { $data['value'] = $fileUploader->uploadAndResizeImage($_FILES['file'.$gibbonReportingCriteriaID], 'reportFile', $criteriaOptions['imageSize'] ?? 1024, $criteriaOptions['imageQuality'] ?? 80); } else { - $data['value'] = $validator->sanitizeUrl($value, false); + $data['value'] = $value; } } else { $data['value'] = $value; diff --git a/modules/School Admin/department_manage_editProcess.php b/modules/School Admin/department_manage_editProcess.php index 4282175de9..3bb97a4319 100644 --- a/modules/School Admin/department_manage_editProcess.php +++ b/modules/School Admin/department_manage_editProcess.php @@ -23,7 +23,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['blurb' => 'HTML', 'logo' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST, ['blurb' => 'HTML']); $gibbonDepartmentID = $_GET['gibbonDepartmentID'] ?? ''; $URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_GET['address'])."/department_manage_edit.php&gibbonDepartmentID=$gibbonDepartmentID"; diff --git a/modules/School Admin/house_manage.php b/modules/School Admin/house_manage.php index d36c3e9fbb..ef73b3d4ff 100644 --- a/modules/School Admin/house_manage.php +++ b/modules/School Admin/house_manage.php @@ -56,7 +56,7 @@ ->notSortable() ->format(function($values) use ($session) { $return = null; - $return .= ($values['logo'] != '') ? "":"get('gibbonThemeName')."/img/anonymous_240_square.jpg'/>"; + $return .= ($values['logo'] != '') ? "":"get('gibbonThemeName')."/img/anonymous_240_square.jpg'/>"; return $return; }); $table->addColumn('name', __('Name')); diff --git a/modules/School Admin/house_manage_editProcess.php b/modules/School Admin/house_manage_editProcess.php index 9149f37eda..97434460b0 100644 --- a/modules/School Admin/house_manage_editProcess.php +++ b/modules/School Admin/house_manage_editProcess.php @@ -22,8 +22,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['logo' => 'Path']); -// $_POST = $container->get(Validator::class)->sanitize($_POST); +$_POST = $container->get(Validator::class)->sanitize($_POST); $gibbonHouseID = $_GET['gibbonHouseID'] ?? ''; $URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address']).'/house_manage_edit.php&gibbonHouseID='.$gibbonHouseID; diff --git a/modules/Staff/coverage_view_editProcess.php b/modules/Staff/coverage_view_editProcess.php index a81179b122..0fa2ec3aba 100644 --- a/modules/Staff/coverage_view_editProcess.php +++ b/modules/Staff/coverage_view_editProcess.php @@ -25,7 +25,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['text' => 'HTML', 'link' => 'URL', 'attachment' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST, ['text' => 'HTML', 'link' => 'URL']); $gibbonStaffCoverageID = $_POST['gibbonStaffCoverageID'] ?? ''; diff --git a/modules/Staff/staff_manage_edit_contract_editProcess.php b/modules/Staff/staff_manage_edit_contract_editProcess.php index bf5f671197..aff30b1c1f 100644 --- a/modules/Staff/staff_manage_edit_contract_editProcess.php +++ b/modules/Staff/staff_manage_edit_contract_editProcess.php @@ -24,7 +24,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['contractUpload' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST); $gibbonStaffID = $_GET['gibbonStaffID'] ?? ''; $gibbonStaffContractID = $_GET['gibbonStaffContractID'] ?? ''; diff --git a/modules/Students/medicalForm_manage_condition_editProcess.php b/modules/Students/medicalForm_manage_condition_editProcess.php index 319eb91f25..ea7a2ea69d 100644 --- a/modules/Students/medicalForm_manage_condition_editProcess.php +++ b/modules/Students/medicalForm_manage_condition_editProcess.php @@ -29,7 +29,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['attachment' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST); $gibbonPersonMedicalID = $_GET['gibbonPersonMedicalID'] ?? ''; $gibbonPersonMedicalConditionID = $_GET['gibbonPersonMedicalConditionID'] ?? ''; diff --git a/modules/System Admin/alarmProcess.php b/modules/System Admin/alarmProcess.php index ba3629b94e..61be04c41d 100644 --- a/modules/System Admin/alarmProcess.php +++ b/modules/System Admin/alarmProcess.php @@ -25,7 +25,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['attachmentCurrent' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST); $URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address']).'/alarm.php'; diff --git a/modules/System Admin/displaySettingsProcess.php b/modules/System Admin/displaySettingsProcess.php index 550397a9ea..517f901ab7 100644 --- a/modules/System Admin/displaySettingsProcess.php +++ b/modules/System Admin/displaySettingsProcess.php @@ -25,7 +25,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['organisationLogo' => 'Path', 'organisationBackground' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST); $URL = $session->get('absoluteURL').'/index.php?q=/modules/'.getModuleName($_POST['address']).'/displaySettings.php'; diff --git a/modules/System Admin/systemSettingsProcess.php b/modules/System Admin/systemSettingsProcess.php index d3266f20bf..48408a0d9d 100644 --- a/modules/System Admin/systemSettingsProcess.php +++ b/modules/System Admin/systemSettingsProcess.php @@ -25,7 +25,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['indexText' => 'HTML', 'analytics' => 'RAW', 'emailLink' => 'URL', 'webLink' => 'URL', 'organisationLogo' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST, ['indexText' => 'HTML', 'analytics' => 'RAW', 'emailLink' => 'URL', 'webLink' => 'URL']); include '../../config.php'; // Module includes diff --git a/modules/User Admin/user_manage_editProcess.php b/modules/User Admin/user_manage_editProcess.php index 8f1dc552be..8f4603c29a 100644 --- a/modules/User Admin/user_manage_editProcess.php +++ b/modules/User Admin/user_manage_editProcess.php @@ -30,7 +30,7 @@ require_once '../../gibbon.php'; -$_POST = $container->get(Validator::class)->sanitize($_POST, ['website' => 'URL', 'attachment1' => 'Path']); +$_POST = $container->get(Validator::class)->sanitize($_POST, ['website' => 'URL']); //Module includes include './moduleFunctions.php'; diff --git a/src/Forms/CustomFieldHandler.php b/src/Forms/CustomFieldHandler.php index 2d89b6984a..4f45e561ae 100644 --- a/src/Forms/CustomFieldHandler.php +++ b/src/Forms/CustomFieldHandler.php @@ -22,7 +22,6 @@ namespace Gibbon\Forms; use Gibbon\FileUploader; -use Gibbon\Data\Validator; use Gibbon\Services\Format; use Gibbon\Tables\DataTable; use Gibbon\Domain\System\CustomFieldGateway; @@ -39,11 +38,6 @@ class CustomFieldHandler */ protected $fileUploader; - /** - * @var \Gibbon\Validator - */ - protected $validator; - /** * @var string[][] */ @@ -59,11 +53,10 @@ class CustomFieldHandler */ protected $headings; - public function __construct(CustomFieldGateway $customFieldGateway, FileUploader $fileUploader, Validator $validator) + public function __construct(CustomFieldGateway $customFieldGateway, FileUploader $fileUploader) { $this->customFieldGateway = $customFieldGateway; $this->fileUploader = $fileUploader; - $this->validator = $validator; $this->contexts = [ __('User Admin') => [ @@ -235,8 +228,6 @@ public function getFieldValueFromPOST($fieldName, $fieldType) // Upload the file, return the /uploads relative path $fieldValue = $this->fileUploader->uploadFromPost($file, $fieldName); - } else { - $fieldValue = $this->validator->sanitizeUrl($fieldValue, false); } } diff --git a/src/Forms/PersonalDocumentHandler.php b/src/Forms/PersonalDocumentHandler.php index f51cb1bb0b..098aa34662 100644 --- a/src/Forms/PersonalDocumentHandler.php +++ b/src/Forms/PersonalDocumentHandler.php @@ -23,7 +23,6 @@ use Gibbon\View\View; use Gibbon\FileUploader; -use Gibbon\Data\Validator; use Gibbon\Services\Format; use Gibbon\Domain\System\SettingGateway; use Gibbon\Domain\User\PersonalDocumentGateway; @@ -32,18 +31,16 @@ class PersonalDocumentHandler { protected $personalDocumentGateway; protected $fileUploader; - protected $validator; protected $settingGateway; protected $view; protected $documents; protected $fields; - public function __construct(PersonalDocumentGateway $personalDocumentGateway, FileUploader $fileUploader, Validator $validator, View $view, SettingGateway $settingGateway) + public function __construct(PersonalDocumentGateway $personalDocumentGateway, FileUploader $fileUploader, View $view, SettingGateway $settingGateway) { $this->personalDocumentGateway = $personalDocumentGateway; $this->fileUploader = $fileUploader; - $this->validator = $validator; $this->settingGateway = $settingGateway; $this->view = $view; @@ -103,7 +100,7 @@ public function updateDocumentsFromPOST($foreignTable = null, $foreignTableID = $personalDocumentFail = true; } } else { - $data[$field] = $this->validator->sanitizeUrl($attachment, false); + $data[$field] = $attachment; } } else { // Handle all other data