diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2023-04-07 00:13:49 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2023-04-07 00:13:49 +0200 |
| commit | 6c01e4e7d6c177ac345c826059e585bffdd1d517 (patch) | |
| tree | 45bd8ee233a306881ed81447a3f56ca224fed538 /app/Controllers/authController.php | |
| parent | 2118448133e327294ad2b69ed8736bc29879103d (diff) | |
Use typed access to request parameters (#5267)
* Use typed access to request parameters
This was a big source of mixed datatypes in many places
* Fix notifications
* Fix bookmarkAction
Diffstat (limited to 'app/Controllers/authController.php')
| -rw-r--r-- | app/Controllers/authController.php | 36 |
1 files changed, 17 insertions, 19 deletions
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index 81043bcf7..e499f0b8a 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -27,18 +27,16 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { if (Minz_Request::isPost()) { $ok = true; - $anon = Minz_Request::param('anon_access', false); - $anon = ((bool)$anon) && ($anon !== 'no'); - $anon_refresh = Minz_Request::param('anon_refresh', false); - $anon_refresh = ((bool)$anon_refresh) && ($anon_refresh !== 'no'); - $auth_type = Minz_Request::param('auth_type', 'none'); - $unsafe_autologin = Minz_Request::param('unsafe_autologin', false); - $api_enabled = Minz_Request::param('api_enabled', false); - if ($anon != FreshRSS_Context::$system_conf->allow_anonymous || - $auth_type != FreshRSS_Context::$system_conf->auth_type || - $anon_refresh != FreshRSS_Context::$system_conf->allow_anonymous_refresh || - $unsafe_autologin != FreshRSS_Context::$system_conf->unsafe_autologin_enabled || - $api_enabled != FreshRSS_Context::$system_conf->api_enabled) { + $anon = Minz_Request::paramBoolean('anon_access'); + $anon_refresh = Minz_Request::paramBoolean('anon_refresh'); + $auth_type = Minz_Request::paramString('auth_type') ?: 'none'; + $unsafe_autologin = Minz_Request::paramBoolean('unsafe_autologin'); + $api_enabled = Minz_Request::paramBoolean('api_enabled'); + if ($anon !== FreshRSS_Context::$system_conf->allow_anonymous || + $auth_type !== FreshRSS_Context::$system_conf->auth_type || + $anon_refresh !== FreshRSS_Context::$system_conf->allow_anonymous_refresh || + $unsafe_autologin !== FreshRSS_Context::$system_conf->unsafe_autologin_enabled || + $api_enabled !== FreshRSS_Context::$system_conf->api_enabled) { // TODO: test values from form FreshRSS_Context::$system_conf->auth_type = $auth_type; @@ -67,7 +65,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { * the user is already connected. */ public function loginAction(): void { - if (FreshRSS_Auth::hasAccess() && Minz_Request::param('u', '') == '') { + if (FreshRSS_Auth::hasAccess() && Minz_Request::paramString('u') === '') { Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true); } @@ -120,8 +118,8 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { if ($isPOST) { $nonce = Minz_Session::param('nonce', ''); - $username = Minz_Request::param('username', ''); - $challenge = Minz_Request::param('challenge', ''); + $username = Minz_Request::paramString('username'); + $challenge = Minz_Request::paramString('challenge'); usleep(random_int(100, 10000)); //Primitive mitigation of timing attacks, in μs @@ -152,7 +150,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { FreshRSS_Auth::giveAccess(); // Set cookie parameter if needed. - if (Minz_Request::param('keep_logged_in')) { + if (Minz_Request::paramBoolean('keep_logged_in')) { FreshRSS_FormAuth::makeCookie($username, FreshRSS_Context::$user_conf->passwordHash); } else { FreshRSS_FormAuth::deleteCookie(); @@ -161,7 +159,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { Minz_Translate::init(FreshRSS_Context::$user_conf->language); // All is good, go back to the original request or the index. - $url = Minz_Url::unserialize(Minz_Request::param('original_request')); + $url = Minz_Url::unserialize(Minz_Request::paramString('original_request')); if (empty($url)) { $url = [ 'c' => 'index', 'a' => 'index' ]; } @@ -175,8 +173,8 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController { Minz_Request::forward(['c' => 'auth', 'a' => 'login'], false); } } elseif (FreshRSS_Context::$system_conf->unsafe_autologin_enabled) { - $username = Minz_Request::param('u', ''); - $password = Minz_Request::param('p', ''); + $username = Minz_Request::paramString('u'); + $password = Minz_Request::paramString('p'); Minz_Request::_param('p'); if (!$username) { |