diff --git a/public/update.php b/public/update.php index c78b36cdf8..5488f194f6 100644 --- a/public/update.php +++ b/public/update.php @@ -29,7 +29,7 @@ use Nyholm\Psr7Server\ServerRequestCreatorInterface; use Psr\Container\ContainerInterface; -if (!isset($_REQUEST['type']) || (string) filter_input(INPUT_GET, 'type', FILTER_SANITIZE_SPECIAL_CHARS) !== 'sources') { +if (!array_key_exists('type', $_REQUEST) || (string) filter_input(INPUT_GET, 'type', FILTER_SANITIZE_SPECIAL_CHARS) !== 'sources') { // We need this stuff define('NO_SESSION', 1); define('OUTDATED_DATABASE_OK', 1); diff --git a/src/Application/Api/Ajax/Handler/DefaultAjaxHandler.php b/src/Application/Api/Ajax/Handler/DefaultAjaxHandler.php index b89e1dc6bd..3313a2be0d 100644 --- a/src/Application/Api/Ajax/Handler/DefaultAjaxHandler.php +++ b/src/Application/Api/Ajax/Handler/DefaultAjaxHandler.php @@ -28,6 +28,7 @@ use Ampache\Module\Util\InterfaceImplementationChecker; use Ampache\Module\Util\ObjectTypeToClassNameMapper; use Ampache\Config\AmpConfig; +use Ampache\Module\Util\RequestParserInterface; use Ampache\Repository\Model\Browse; use Ampache\Module\System\Core; use Ampache\Repository\Model\Playlist; @@ -40,21 +41,27 @@ final class DefaultAjaxHandler implements AjaxHandlerInterface { + private RequestParserInterface $requestParser; + private AlbumRepositoryInterface $albumRepository; private SongRepositoryInterface $songRepository; public function __construct( + RequestParserInterface $requestParser, AlbumRepositoryInterface $albumRepository, SongRepositoryInterface $songRepository ) { + $this->requestParser = $requestParser; $this->albumRepository = $albumRepository; $this->songRepository = $songRepository; } public function handle(): void { - $results = array(); + $results = array(); + $request_id = $this->requestParser->getFromRequest('id'); + $request_type = $this->requestParser->getFromRequest('type'); // Switch on the actions switch ($_REQUEST['action']) { @@ -62,9 +69,9 @@ public function handle(): void $results['rightbar'] = Ui::ajax_include('rightbar.inc.php'); break; case 'current_playlist': - switch ($_REQUEST['type']) { + switch ($request_type) { case 'delete': - Core::get_global('user')->playlist->delete_track($_REQUEST['id']); + Core::get_global('user')->playlist->delete_track($request_id); break; } // end switch @@ -72,9 +79,9 @@ public function handle(): void break; // Handle the users basketcases... case 'basket': - $object_type = $_REQUEST['type'] ?? $_REQUEST['object_type']; + $object_type = $request_type ?? $this->requestParser->getFromRequest('object_type'); if (InterfaceImplementationChecker::is_playable_item($object_type)) { - $object_id = $_REQUEST['id'] ?? $_REQUEST['object_id']; + $object_id = $request_id ?? $this->requestParser->getFromRequest('object_id'); if (!is_array($object_id)) { $object_id = array($object_id); } @@ -85,11 +92,11 @@ public function handle(): void Core::get_global('user')->playlist->add_medias($medias); } } else { - switch ($_REQUEST['type']) { + switch ($request_type) { case 'browse_set': case 'browse_set_random': $songs = array(); - $browse = new Browse($_REQUEST['browse_id']); + $browse = new Browse($this->requestParser->getFromRequest('browse_id')); $objects = $browse->get_saved(); switch ($browse->get_type()) { case 'album': @@ -106,7 +113,7 @@ public function handle(): void $songs = $objects; break; } // end switch type - if ($_REQUEST['type'] == 'browse_set_random') { + if ($request_type == 'browse_set_random') { shuffle($songs); } foreach ($songs as $object_id) { @@ -114,30 +121,30 @@ public function handle(): void } break; case 'album_full': - $songs = $this->albumRepository->getSongsGrouped(explode(',', $_REQUEST['id'])); + $songs = $this->albumRepository->getSongsGrouped(explode(',', $request_id)); foreach ($songs as $song_id) { Core::get_global('user')->playlist->add_object($song_id, 'song'); } break; case 'album_random': - $songs = $this->albumRepository->getRandomSongsGrouped(explode(',', $_REQUEST['id'])); + $songs = $this->albumRepository->getRandomSongsGrouped(explode(',', $request_id)); foreach ($songs as $song_id) { Core::get_global('user')->playlist->add_object($song_id, 'song'); } break; case 'artist_random': case 'tag_random': - $data = explode('_', $_REQUEST['type']); + $data = explode('_', $request_type); $type = $data['0']; $class_name = ObjectTypeToClassNameMapper::map($type); - $object = new $class_name($_REQUEST['id']); + $object = new $class_name($request_id); $songs = $this->songRepository->getRandomByArtist($object); foreach ($songs as $song_id) { Core::get_global('user')->playlist->add_object($song_id, 'song'); } break; case 'playlist_random': - $playlist = new Playlist($_REQUEST['id']); + $playlist = new Playlist($request_id); $items = $playlist->get_random_items(); foreach ($items as $item) { Core::get_global('user')->playlist->add_object($item['object_id'], $item['object_type']); diff --git a/src/Module/Application/Browse/TagAction.php b/src/Module/Application/Browse/TagAction.php index 9fac71840d..52ff1e9e96 100644 --- a/src/Module/Application/Browse/TagAction.php +++ b/src/Module/Application/Browse/TagAction.php @@ -24,6 +24,7 @@ namespace Ampache\Module\Application\Browse; +use Ampache\Module\Util\RequestParserInterface; use Ampache\Repository\Model\ModelFactoryInterface; use Ampache\Repository\Model\Tag; use Ampache\Module\Application\ApplicationActionInterface; @@ -37,16 +38,20 @@ final class TagAction implements ApplicationActionInterface { public const REQUEST_KEY = 'tag'; + private RequestParserInterface $requestParser; + private ModelFactoryInterface $modelFactory; private UiInterface $ui; public function __construct( + RequestParserInterface $requestParser, ModelFactoryInterface $modelFactory, UiInterface $ui ) { - $this->modelFactory = $modelFactory; - $this->ui = $ui; + $this->requestParser = $requestParser; + $this->modelFactory = $modelFactory; + $this->ui = $ui; } public function run(ServerRequestInterface $request, GuiGatekeeperInterface $gatekeeper): ?ResponseInterface @@ -65,7 +70,7 @@ public function run(ServerRequestInterface $request, GuiGatekeeperInterface $gat // FIXME: This whole thing is ugly, even though it works. $browse->set_sort('count', 'ASC'); // This one's a doozy - $browse_type = isset($_REQUEST['type']) ? $_REQUEST['type'] : 'artist'; + $browse_type = array_key_exists('type', $_REQUEST) ? $this->requestParser->getFromRequest('type') : 'artist'; $browse->set_simple_browse(false); $browse->save_objects(Tag::get_tags($browse_type, 0, 'name')); // Should add a pager? $object_ids = $browse->get_saved(); diff --git a/src/Module/Application/StatisticGraph/ShowAction.php b/src/Module/Application/StatisticGraph/ShowAction.php index 61281caf14..7c72692b71 100644 --- a/src/Module/Application/StatisticGraph/ShowAction.php +++ b/src/Module/Application/StatisticGraph/ShowAction.php @@ -32,6 +32,7 @@ use Ampache\Module\System\Session; use Ampache\Module\Util\Graph; use Ampache\Module\Util\InterfaceImplementationChecker; +use Ampache\Module\Util\RequestParserInterface; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Log\LoggerInterface; @@ -40,14 +41,18 @@ final class ShowAction implements ApplicationActionInterface { public const REQUEST_KEY = 'show'; + private RequestParserInterface $requestParser; + private ConfigContainerInterface $configContainer; private LoggerInterface $logger; public function __construct( + RequestParserInterface $requestParser, ConfigContainerInterface $configContainer, LoggerInterface $logger ) { + $this->requestParser = $requestParser; $this->configContainer = $configContainer; $this->logger = $logger; } @@ -82,10 +87,9 @@ public function run(ServerRequestInterface $request, GuiGatekeeperInterface $gat return null; } - $type = $_REQUEST['type']; - - $user_id = (int) ($_REQUEST['user_id']); - $object_type = (string) scrub_in($_REQUEST['object_type']); + $action_type = $this->requestParser->getFromRequest('type'); + $object_type = $this->requestParser->getFromRequest('object_type'); + $user_id = (int)$this->requestParser->getFromRequest('user_id'); if (!InterfaceImplementationChecker::is_library_item($object_type)) { $object_type = null; } @@ -96,10 +100,9 @@ public function run(ServerRequestInterface $request, GuiGatekeeperInterface $gat $width = (int) ($_REQUEST['width']); $height = (int) ($_REQUEST['height']); + $graph = new Graph(); - $graph = new Graph(); - - switch ($type) { + switch ($action_type) { case 'user_hits': $graph->render_user_hits($user_id, $object_type, $object_id, $start_date, $end_date, $zoom, $width, $height); break;