Move include/security to /src/Core/Authentication.php and /src/Util/Security.php

diff --git a/advancedcontentfilter/advancedcontentfilter.php b/advancedcontentfilter/advancedcontentfilter.php
index 74728c0..05d55e5 100644 (file)
--- a/advancedcontentfilter/advancedcontentfilter.php
+++ b/advancedcontentfilter/advancedcontentfilter.php
@@ -46,6 +46,7 @@ use Friendica\Model\Term;
 use Friendica\Module\Login;
 use Friendica\Network\HTTPException;
 use Friendica\Util\DateTimeFormat;
+use Friendica\Util\Security;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Symfony\Component\ExpressionLanguage;
@@ -53,7 +54,6 @@ use Symfony\Component\ExpressionLanguage;
 require_once 'boot.php';
 require_once 'include/conversation.php';
 require_once 'include/dba.php';
-require_once 'include/security.php';
 
 require_once __DIR__ . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php';
 
@@ -234,7 +234,7 @@ function advancedcontentfilter_content(App $a)
                        ],
                        '$current_theme' => $a->getCurrentTheme(),
                        '$rules' => advancedcontentfilter_get_rules(),
-                       '$form_security_token' => get_form_security_token()
+                       '$form_security_token' => Security::get_form_security_token()
                ]);
        }
 }
@@ -322,7 +322,7 @@ function advancedcontentfilter_post_rules(ServerRequestInterface $request)
                throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method'));
        }
 
-       if (!check_form_security_token()) {
+       if (!Security::check_form_security_token()) {
                throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.'));
        }
 
@@ -356,7 +356,7 @@ function advancedcontentfilter_put_rules_id(ServerRequestInterface $request, Res
                throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method'));
        }
 
-       if (!check_form_security_token()) {
+       if (!Security::check_form_security_token()) {
                throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.'));
        }
 
@@ -385,7 +385,7 @@ function advancedcontentfilter_delete_rules_id(ServerRequestInterface $request,
                throw new HTTPException\UnauthorizedException(L10n::t('You must be logged in to use this method'));
        }
 
-       if (!check_form_security_token()) {
+       if (!Security::check_form_security_token()) {
                throw new HTTPException\BadRequestException(L10n::t('Invalid form security token, please refresh the page.'));
        }
 

diff --git a/gravatar/gravatar.php b/gravatar/gravatar.php
index 00d8e5b..bb8c9f2 100644 (file)
--- a/gravatar/gravatar.php
+++ b/gravatar/gravatar.php
@@ -11,6 +11,7 @@ use Friendica\Core\Addon;
 use Friendica\Core\Config;
 use Friendica\Core\L10n;
 use Friendica\Database\DBA;
+use Friendica\Util\Security;
 
 /**
  * Installs the addon hook
@@ -103,7 +104,7 @@ function gravatar_addon_admin (&$a, &$o) {
        }
 
        // output Gravatar settings
-       $o .= '<input type="hidden" name="form_security_token" value="' .get_form_security_token("gravatarsave") .'">';
+       $o .= '<input type="hidden" name="form_security_token" value="' .Security::get_form_security_token("gravatarsave") .'">';
        $o .= replace_macros( $t, [
                '$submit' => L10n::t('Save Settings'),
                '$default_avatar' => ['avatar', L10n::t('Default avatar image'), $default_avatar, L10n::t('Select default avatar image if none was found at Gravatar. See README'), $default_avatars],
@@ -115,7 +116,7 @@ function gravatar_addon_admin (&$a, &$o) {
  * Save admin settings
  */
 function gravatar_addon_admin_post (&$a) {
-       check_form_security_token('gravatarsave');
+       Security::check_form_security_token('gravatarsave');
 
        $default_avatar = ((x($_POST, 'avatar')) ? notags(trim($_POST['avatar'])) : 'identicon');
        $rating = ((x($_POST, 'rating')) ? notags(trim($_POST['rating'])) : 'g');

diff --git a/libravatar/libravatar.php b/libravatar/libravatar.php
index ee283f0..787231b 100644 (file)
--- a/libravatar/libravatar.php
+++ b/libravatar/libravatar.php
@@ -11,6 +11,7 @@ use Friendica\Core\Addon;
 use Friendica\Core\Config;
 use Friendica\Core\L10n;
 use Friendica\Database\DBA;
+use Friendica\Util\Security;
 
 /**
  * Installs the addon hook
@@ -106,7 +107,7 @@ function libravatar_addon_admin(&$a, &$o)
        }
 
        // output Libravatar settings
-       $o .= '<input type="hidden" name="form_security_token" value="' .get_form_security_token("libravatarsave") .'">';
+       $o .= '<input type="hidden" name="form_security_token" value="' .Security::get_form_security_token("libravatarsave") .'">';
        $o .= replace_macros( $t, [
                '$submit' => L10n::t('Save Settings'),
                '$default_avatar' => ['avatar', L10n::t('Default avatar image'), $default_avatar, L10n::t('Select default avatar image if none was found. See README'), $default_avatars],
@@ -118,7 +119,7 @@ function libravatar_addon_admin(&$a, &$o)
  */
 function libravatar_addon_admin_post(&$a)
 {
-       check_form_security_token('libravatarrsave');
+       Security::check_form_security_token('libravatarrsave');
 
        $default_avatar = ((x($_POST, 'avatar')) ? notags(trim($_POST['avatar'])) : 'identicon');
        Config::set('libravatar', 'default_avatar', $default_avatar);

diff --git a/public_server/public_server.php b/public_server/public_server.php
index 64f9d5d..2e020b8 100644 (file)
--- a/public_server/public_server.php
+++ b/public_server/public_server.php
@@ -11,6 +11,7 @@ use Friendica\Core\Config;
 use Friendica\Core\L10n;
 use Friendica\Database\DBA;
 use Friendica\Util\DateTimeFormat;
+use Friendica\Util\Security;
 
 function public_server_install()
 {
@@ -142,7 +143,7 @@ function public_server_login($a, $b)
 
 function public_server_addon_admin_post(&$a)
 {
-       check_form_security_token_redirectOnErr('/admin/addons/publicserver', 'publicserver');
+       Security::check_form_security_token_redirectOnErr('/admin/addons/publicserver', 'publicserver');
        $expiredays = (x($_POST, 'expiredays') ? notags(trim($_POST['expiredays'])) : '');
        $expireposts = (x($_POST, 'expireposts') ? notags(trim($_POST['expireposts'])) : '');
        $nologin = (x($_POST, 'nologin') ? notags(trim($_POST['nologin'])) : '');
@@ -160,7 +161,7 @@ function public_server_addon_admin_post(&$a)
 
 function public_server_addon_admin(&$a, &$o)
 {
-       $token = get_form_security_token("publicserver");
+       $token = Security::get_form_security_token("publicserver");
        $t = get_markup_template("admin.tpl", "addon/public_server");
        $o = replace_macros($t, [
                '$submit' => L10n::t('Save Settings'),

diff --git a/windowsphonepush/windowsphonepush.php b/windowsphonepush/windowsphonepush.php
index 589d222..ff9c446 100644 (file)
--- a/windowsphonepush/windowsphonepush.php
+++ b/windowsphonepush/windowsphonepush.php
@@ -30,6 +30,7 @@ use Friendica\App;
 use Friendica\Content\Text\BBCode;
 use Friendica\Content\Text\HTML;
 use Friendica\Core\Addon;
+use Friendica\Core\Authentication;
 use Friendica\Core\L10n;
 use Friendica\Core\PConfig;
 use Friendica\Database\DBA;
@@ -471,8 +472,7 @@ function windowsphonepush_login(App $a)
                die('This api requires login');
        }
 
-       require_once 'include/security.php';
-       authenticate_success($record);
+       Authentication::success($record);
        $_SESSION["allow_api"] = true;
        Addon::callHooks('logged_in', $a->user);
 }