From 2c07070b2c873cbb026c374b3e7abafb695833d5 Mon Sep 17 00:00:00 2001 From: Yassine Doghri Date: Tue, 29 Aug 2023 15:42:52 +0000 Subject: [PATCH] refactor: use Validation::getValidated() when using $this->validate() in controllers --- app/Controllers/PostController.php | 14 +++++--- .../Admin/Controllers/EpisodeController.php | 20 +++++++---- .../Controllers/EpisodePersonController.php | 4 ++- .../Admin/Controllers/PodcastController.php | 12 ++++--- .../Controllers/PodcastPersonController.php | 4 ++- .../Admin/Controllers/SoundbiteController.php | 8 +++-- .../Controllers/VideoClipsController.php | 12 ++++--- .../Auth/Controllers/InteractController.php | 4 ++- .../Auth/Controllers/MagicLinkController.php | 4 ++- .../Auth/Controllers/MyAccountController.php | 6 ++-- .../Fediverse/Controllers/ActorController.php | 4 ++- .../Fediverse/Controllers/BlockController.php | 16 ++++++--- .../Fediverse/Controllers/PostController.php | 24 +++++++++---- .../Install/Controllers/InstallController.php | 34 ++++++++++++------- .../Controllers/PodcastImportController.php | 13 ++++--- .../Controllers/LockController.php | 7 ++-- .../Controllers/SubscriptionController.php | 4 ++- public/media/site/index.html | 9 ----- 18 files changed, 129 insertions(+), 70 deletions(-) diff --git a/app/Controllers/PostController.php b/app/Controllers/PostController.php index 9a6fccb2..6148e27c 100644 --- a/app/Controllers/PostController.php +++ b/app/Controllers/PostController.php @@ -125,7 +125,9 @@ class PostController extends FediversePostController ->with('errors', $this->validator->getErrors()); } - $message = $this->request->getPost('message'); + $validData = $this->validator->getValidated(); + + $message = $validData['message']; $newPost = new CastopodPost([ 'actor_id' => interact_as_actor_id(), @@ -134,7 +136,7 @@ class PostController extends FediversePostController ]); // get episode if episodeUrl has been set - $episodeUri = $this->request->getPost('episode_url'); + $episodeUri = $validData['episode_url']; if ( $episodeUri && ($params = extract_params_from_episode_uri(new URI($episodeUri))) && @@ -173,10 +175,12 @@ class PostController extends FediversePostController ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + $newPost = new CastopodPost([ 'actor_id' => interact_as_actor_id(), 'in_reply_to_id' => $this->post->id, - 'message' => $this->request->getPost('message'), + 'message' => $validData['message'], 'published_at' => Time::now(), 'created_by' => user_id(), ]); @@ -224,7 +228,9 @@ class PostController extends FediversePostController ->with('errors', $this->validator->getErrors()); } - $action = $this->request->getPost('action'); + $validData = $this->validator->getValidated(); + + $action = $validData['action']; return match ($action) { 'favourite' => $this->attemptFavourite(), 'reblog' => $this->attemptReblog(), diff --git a/modules/Admin/Controllers/EpisodeController.php b/modules/Admin/Controllers/EpisodeController.php index 86d084ee..58933535 100644 --- a/modules/Admin/Controllers/EpisodeController.php +++ b/modules/Admin/Controllers/EpisodeController.php @@ -175,9 +175,11 @@ class EpisodeController extends BaseController ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + if ((new EpisodeModel()) ->where([ - 'slug' => $this->request->getPost('slug'), + 'slug' => $validData['slug'], 'podcast_id' => $this->podcast->id, ]) ->first()) { @@ -310,8 +312,10 @@ class EpisodeController extends BaseController ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + $this->episode->title = $this->request->getPost('title'); - $this->episode->slug = $this->request->getPost('slug'); + $this->episode->slug = $validData['slug']; $this->episode->description_markdown = $this->request->getPost('description'); $this->episode->location = $this->request->getPost('location_name') === '' ? null : new Location( $this->request->getPost('location_name') @@ -745,7 +749,9 @@ class EpisodeController extends BaseController ->with('errors', $this->validator->getErrors()); } - $newPublicationDate = $this->request->getPost('new_publication_date'); + $validData = $this->validator->getValidated(); + + $newPublicationDate = $validData['new_publication_date']; $newPublicationDate = Time::createFromFormat( 'Y-m-d H:i', @@ -994,12 +1000,12 @@ class EpisodeController extends BaseController ->with('errors', $this->validator->getErrors()); } - $message = $this->request->getPost('message'); + $validData = $this->validator->getValidated(); $newComment = new EpisodeComment([ 'actor_id' => interact_as_actor_id(), 'episode_id' => $this->episode->id, - 'message' => $message, + 'message' => $validData['message'], 'created_at' => new Time('now'), 'created_by' => user_id(), ]); @@ -1031,12 +1037,12 @@ class EpisodeController extends BaseController ->with('errors', $this->validator->getErrors()); } - $message = $this->request->getPost('message'); + $validData = $this->validator->getValidated(); $newReply = new EpisodeComment([ 'actor_id' => interact_as_actor_id(), 'episode_id' => $this->episode->id, - 'message' => $message, + 'message' => $validData['message'], 'in_reply_to_id' => $commentId, 'created_at' => new Time('now'), 'created_by' => user_id(), diff --git a/modules/Admin/Controllers/EpisodePersonController.php b/modules/Admin/Controllers/EpisodePersonController.php index b89febe7..8b10ea60 100644 --- a/modules/Admin/Controllers/EpisodePersonController.php +++ b/modules/Admin/Controllers/EpisodePersonController.php @@ -78,10 +78,12 @@ class EpisodePersonController extends BaseController ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + (new PersonModel())->addEpisodePersons( $this->podcast->id, $this->episode->id, - $this->request->getPost('persons'), + $validData['persons'], $this->request->getPost('roles') ?? [], ); diff --git a/modules/Admin/Controllers/PodcastController.php b/modules/Admin/Controllers/PodcastController.php index bca38a66..7cf5618e 100644 --- a/modules/Admin/Controllers/PodcastController.php +++ b/modules/Admin/Controllers/PodcastController.php @@ -650,12 +650,14 @@ class PodcastController extends BaseController ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + $db = db_connect(); $db->transStart(); - $publishMethod = $this->request->getPost('publication_method'); + $publishMethod = $validData['publication_method']; if ($publishMethod === 'schedule') { - $scheduledPublicationDate = $this->request->getPost('scheduled_publication_date'); + $scheduledPublicationDate = $validData['scheduled_publication_date']; if ($scheduledPublicationDate) { $this->podcast->published_at = Time::createFromFormat( 'Y-m-d H:i', @@ -783,12 +785,14 @@ class PodcastController extends BaseController ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + $db = db_connect(); $db->transStart(); - $publishMethod = $this->request->getPost('publication_method'); + $publishMethod = $validData['publication_method']; if ($publishMethod === 'schedule') { - $scheduledPublicationDate = $this->request->getPost('scheduled_publication_date'); + $scheduledPublicationDate = $validData['scheduled_publication_date']; if ($scheduledPublicationDate) { $this->podcast->published_at = Time::createFromFormat( 'Y-m-d H:i', diff --git a/modules/Admin/Controllers/PodcastPersonController.php b/modules/Admin/Controllers/PodcastPersonController.php index b849fd97..911653c1 100644 --- a/modules/Admin/Controllers/PodcastPersonController.php +++ b/modules/Admin/Controllers/PodcastPersonController.php @@ -65,9 +65,11 @@ class PodcastPersonController extends BaseController ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + (new PersonModel())->addPodcastPersons( $this->podcast->id, - $this->request->getPost('persons'), + $validData['persons'], $this->request->getPost('roles') ?? [], ); diff --git a/modules/Admin/Controllers/SoundbiteController.php b/modules/Admin/Controllers/SoundbiteController.php index 61eea65d..e040404a 100644 --- a/modules/Admin/Controllers/SoundbiteController.php +++ b/modules/Admin/Controllers/SoundbiteController.php @@ -114,10 +114,12 @@ class SoundbiteController extends BaseController ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + $newSoundbite = new Soundbite([ - 'title' => $this->request->getPost('title'), - 'start_time' => (float) $this->request->getPost('start_time'), - 'duration' => (float) $this->request->getPost('duration'), + 'title' => $validData['title'], + 'start_time' => (float) $validData['start_time'], + 'duration' => (float) $validData['duration'], 'type' => 'audio', 'status' => '', 'podcast_id' => $this->podcast->id, diff --git a/modules/Admin/Controllers/VideoClipsController.php b/modules/Admin/Controllers/VideoClipsController.php index a7205003..0d5ff0dc 100644 --- a/modules/Admin/Controllers/VideoClipsController.php +++ b/modules/Admin/Controllers/VideoClipsController.php @@ -157,7 +157,9 @@ class VideoClipsController extends BaseController ->with('errors', $this->validator->getErrors()); } - $themeName = $this->request->getPost('theme'); + $validData = $this->validator->getValidated(); + + $themeName = $validData['theme']; $themeColors = config(MediaClipper::class) ->themes[$themeName]; $theme = [ @@ -166,11 +168,11 @@ class VideoClipsController extends BaseController ]; $videoClip = new VideoClip([ - 'title' => $this->request->getPost('title'), - 'start_time' => (float) $this->request->getPost('start_time'), - 'duration' => (float) $this->request->getPost('duration'), + 'title' => $validData['title'], + 'start_time' => (float) $validData['start_time'], + 'duration' => (float) $validData['duration'], 'theme' => $theme, - 'format' => $this->request->getPost('format'), + 'format' => $validData['format'], 'type' => 'video', 'status' => 'queued', 'podcast_id' => $this->podcast->id, diff --git a/modules/Auth/Controllers/InteractController.php b/modules/Auth/Controllers/InteractController.php index b917149b..58dae0cf 100644 --- a/modules/Auth/Controllers/InteractController.php +++ b/modules/Auth/Controllers/InteractController.php @@ -27,9 +27,11 @@ class InteractController extends Controller ->with('errors', service('validation')->getErrors()); } + $validData = $this->validator->getValidated(); + helper('auth'); - set_interact_as_actor((int) $this->request->getPost('actor_id')); + set_interact_as_actor((int) $validData['actor_id']); return redirect()->back(); } diff --git a/modules/Auth/Controllers/MagicLinkController.php b/modules/Auth/Controllers/MagicLinkController.php index 92223de5..305cfe7b 100644 --- a/modules/Auth/Controllers/MagicLinkController.php +++ b/modules/Auth/Controllers/MagicLinkController.php @@ -53,10 +53,12 @@ class MagicLinkController extends ShieldMagicLinkController ->with('errors', $userModel->errors()); } + $validData = $this->validator->getValidated(); + // set new password to user auth() ->user() - ->password = $this->request->getPost('new_password'); + ->password = $validData['new_password']; if (! $userModel->update(auth()->user()->id, auth()->user())) { return redirect() diff --git a/modules/Auth/Controllers/MyAccountController.php b/modules/Auth/Controllers/MyAccountController.php index d4902575..7fad8a37 100644 --- a/modules/Auth/Controllers/MyAccountController.php +++ b/modules/Auth/Controllers/MyAccountController.php @@ -43,12 +43,14 @@ class MyAccountController extends BaseController ->with('errors', $userModel->errors()); } + $validData = $this->validator->getValidated(); + // check credentials with the old password if logged in without magic link $credentials = [ 'email' => auth() ->user() ->email, - 'password' => $this->request->getPost('password'), + 'password' => $validData['password'], ]; $validCreds = auth() @@ -62,7 +64,7 @@ class MyAccountController extends BaseController // set new password to user auth() ->user() - ->password = $this->request->getPost('new_password'); + ->password = $validData['new_password']; if (! $userModel->update(auth()->user()->id, auth()->user())) { return redirect() diff --git a/modules/Fediverse/Controllers/ActorController.php b/modules/Fediverse/Controllers/ActorController.php index 589a3ff8..813b8f52 100644 --- a/modules/Fediverse/Controllers/ActorController.php +++ b/modules/Fediverse/Controllers/ActorController.php @@ -334,13 +334,15 @@ class ActorController extends Controller ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + helper('text'); // get webfinger data from actor // parse actor id to get actor and domain // check if actor and domain exist - $handle = $this->request->getPost('handle'); + $handle = $validData['handle']; $parts = split_handle($handle); try { diff --git a/modules/Fediverse/Controllers/BlockController.php b/modules/Fediverse/Controllers/BlockController.php index abf6a7c4..6ab44e17 100644 --- a/modules/Fediverse/Controllers/BlockController.php +++ b/modules/Fediverse/Controllers/BlockController.php @@ -34,7 +34,9 @@ class BlockController extends Controller ->with('errors', $this->validator->getErrors()); } - $handle = $this->request->getPost('handle'); + $validData = $this->validator->getValidated(); + + $handle = $validData['handle']; if ($parts = split_handle($handle)) { try { @@ -69,8 +71,10 @@ class BlockController extends Controller ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + model('ActorModel', false) - ->unblockActor((int) $this->request->getPost('actor_id')); + ->unblockActor((int) $validData['actor_id']); return redirect()->back() ->with('message', lang('Fediverse.messages.unblockActorSuccess')); @@ -89,7 +93,9 @@ class BlockController extends Controller ->with('errors', $this->validator->getErrors()); } - $domain = $this->request->getPost('domain'); + $validData = $this->validator->getValidated(); + + $domain = $validData['domain']; model('BlockedDomainModel', false) ->blockDomain($domain); @@ -112,7 +118,9 @@ class BlockController extends Controller ->with('errors', $this->validator->getErrors()); } - $domain = $this->request->getPost('domain'); + $validData = $this->validator->getValidated(); + + $domain = $validData['domain']; model('BlockedDomainModel', false) ->unblockDomain($domain); diff --git a/modules/Fediverse/Controllers/PostController.php b/modules/Fediverse/Controllers/PostController.php index 8837521c..a1348642 100644 --- a/modules/Fediverse/Controllers/PostController.php +++ b/modules/Fediverse/Controllers/PostController.php @@ -123,9 +123,11 @@ class PostController extends Controller ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + $newPost = new Post([ - 'actor_id' => $this->request->getPost('actor_id'), - 'message' => $this->request->getPost('message'), + 'actor_id' => $validData['actor_id'], + 'message' => $validData['message'], 'published_at' => Time::now(), ]); @@ -155,8 +157,10 @@ class PostController extends Controller ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + $actor = model('ActorModel', false) - ->getActorById($this->request->getPost('actor_id')); + ->getActorById($validData['actor_id']); model('FavouriteModel', false) ->toggleFavourite($actor, $this->post->id); @@ -177,8 +181,10 @@ class PostController extends Controller ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + $actor = model('ActorModel', false) - ->getActorById($this->request->getPost('actor_id')); + ->getActorById($validData['actor_id']); model('PostModel', false) ->toggleReblog($actor, $this->post); @@ -200,10 +206,12 @@ class PostController extends Controller ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + $newReplyPost = new Post([ - 'actor_id' => $this->request->getPost('actor_id'), + 'actor_id' => $validData['actor_id'], 'in_reply_to_id' => $this->post->id, - 'message' => $this->request->getPost('message'), + 'message' => $validData['message'], 'published_at' => Time::now(), ]); @@ -232,13 +240,15 @@ class PostController extends Controller ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + helper('text'); // get webfinger data from actor // parse actor id to get actor and domain // check if actor and domain exist if ( - ! ($parts = split_handle($this->request->getPost('handle'))) || + ! ($parts = split_handle($validData['handle'])) || ! ($data = get_webfinger_data($parts['username'], $parts['domain'])) ) { return redirect() diff --git a/modules/Install/Controllers/InstallController.php b/modules/Install/Controllers/InstallController.php index e131ec73..cb71c817 100644 --- a/modules/Install/Controllers/InstallController.php +++ b/modules/Install/Controllers/InstallController.php @@ -167,14 +167,16 @@ class InstallController extends Controller ->with('errors', $this->validator->getErrors()); } - $baseUrl = $this->request->getPost('hostname'); - $mediaBaseUrl = $this->request->getPost('media_base_url'); + $validData = $this->validator->getValidated(); + + $baseUrl = $validData['hostname']; + $mediaBaseUrl = $validData['media_base_url']; self::writeEnv([ 'app.baseURL' => $baseUrl, 'media.baseURL' => $mediaBaseUrl === '' ? $baseUrl : $mediaBaseUrl, 'analytics.salt' => generate_random_salt(64), - 'admin.gateway' => $this->request->getPost('admin_gateway'), - 'auth.gateway' => $this->request->getPost('auth_gateway'), + 'admin.gateway' => $validData['admin_gateway'], + 'auth.gateway' => $validData['auth_gateway'], ]); helper('text'); @@ -204,11 +206,13 @@ class InstallController extends Controller ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + self::writeEnv([ - 'database.default.hostname' => $this->request->getPost('db_hostname'), - 'database.default.database' => $this->request->getPost('db_name'), - 'database.default.username' => $this->request->getPost('db_username'), - 'database.default.password' => $this->request->getPost('db_password'), + 'database.default.hostname' => $validData['db_hostname'], + 'database.default.database' => $validData['db_name'], + 'database.default.username' => $validData['db_username'], + 'database.default.password' => $validData['db_password'], 'database.default.DBPrefix' => $this->request->getPost('db_prefix'), ]); @@ -233,8 +237,10 @@ class InstallController extends Controller ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + self::writeEnv([ - 'cache.handler' => $this->request->getPost('cache_handler'), + 'cache.handler' => $validData['cache_handler'], ]); return redirect()->back(); @@ -279,6 +285,8 @@ class InstallController extends Controller { // validate user password $rules = [ + 'username' => 'required', + 'email' => 'required', 'password' => 'required|strong_password', ]; @@ -290,11 +298,13 @@ class InstallController extends Controller ->with('errors', $userModel->errors()); } + $validData = $this->validator->getValidated(); + // Save the user $user = new User([ - 'username' => $this->request->getPost('username'), - 'email' => $this->request->getPost('email'), - 'password' => $this->request->getPost('password'), + 'username' => $validData['username'], + 'email' => $validData['email'], + 'password' => $validData['password'], 'is_owner' => true, ]); diff --git a/modules/PodcastImport/Controllers/PodcastImportController.php b/modules/PodcastImport/Controllers/PodcastImportController.php index 3a055040..fc63b143 100644 --- a/modules/PodcastImport/Controllers/PodcastImportController.php +++ b/modules/PodcastImport/Controllers/PodcastImportController.php @@ -71,7 +71,8 @@ class PodcastImportController extends BaseController $rules = [ 'handle' => 'required|regex_match[/^[a-zA-Z0-9\_]{1,32}$/]', 'imported_feed_url' => 'required|valid_url_strict', - 'max_episodes' => 'is_natural_no_zero|permit_empty', + 'language' => 'required', + 'category' => 'required', ]; if (! $this->validate($rules)) { @@ -81,13 +82,15 @@ class PodcastImportController extends BaseController ->with('errors', $this->validator->getErrors()); } + $validData = $this->validator->getValidated(); + // TODO: check that handle is not already in use $importTask = new PodcastImportTask([ - 'handle' => $this->request->getPost('handle'), - 'feed_url' => $this->request->getPost('imported_feed_url'), - 'language' => $this->request->getPost('language'), - 'category' => $this->request->getPost('category'), + 'handle' => $validData['handle'], + 'feed_url' => $validData['imported_feed_url'], + 'language' => $validData['language'], + 'category' => $validData['category'], 'status' => TaskStatus::Queued, 'created_by' => user_id(), 'updated_by' => user_id(), diff --git a/modules/PremiumPodcasts/Controllers/LockController.php b/modules/PremiumPodcasts/Controllers/LockController.php index 82c29940..bcd53e22 100644 --- a/modules/PremiumPodcasts/Controllers/LockController.php +++ b/modules/PremiumPodcasts/Controllers/LockController.php @@ -70,7 +70,9 @@ class LockController extends BaseController ->with('errors', $this->validator->getErrors()); } - $token = (string) $this->request->getPost('token'); + $validData = $this->validator->getValidated(); + + $token = $validData['token']; // attempt unlocking the podcast with the token if (! $this->premiumPodcasts->unlock($this->podcast->handle, $token)) { @@ -83,7 +85,8 @@ class LockController extends BaseController $redirectURL = session('redirect_url') ?? site_url('/'); unset($_SESSION['redirect_url']); - return redirect()->to($redirectURL) + return redirect() + ->to($redirectURL) ->withCookies() ->with('message', lang('PremiumPodcasts.messages.unlockSuccess')); } diff --git a/modules/PremiumPodcasts/Controllers/SubscriptionController.php b/modules/PremiumPodcasts/Controllers/SubscriptionController.php index 32164321..df6726ca 100644 --- a/modules/PremiumPodcasts/Controllers/SubscriptionController.php +++ b/modules/PremiumPodcasts/Controllers/SubscriptionController.php @@ -77,7 +77,9 @@ class SubscriptionController extends BaseController ->with('errors', $this->validator->getErrors()); } - if (($subscriptionLink = $this->request->getPost('subscription_link')) === '') { + $validData = $this->validator->getValidated(); + + if (($subscriptionLink = $validData['subscription_link']) === '') { service('settings') ->forget('Subscription.link', 'podcast:' . $this->podcast->id); diff --git a/public/media/site/index.html b/public/media/site/index.html index eebf8ecb..e69de29b 100644 --- a/public/media/site/index.html +++ b/public/media/site/index.html @@ -1,9 +0,0 @@ - - - - 403 Forbidden - - -

Directory access is forbidden.

- -