Merge pull request #488 from nlubisch/feature/221-trim-input

Added trim to relevant input fields
OpencachingDeutschland · May 14, 2017 · 98bd13a · 98bd13a
2 parents 171f186 + 9c1c25a
commit 98bd13a
Show file tree

Hide file tree

Showing 9 changed files with 41 additions and 41 deletions.
diff --git a/htdocs/editcache.php b/htdocs/editcache.php
@@ -134,7 +134,7 @@ function getWaypoints($cacheId)
                 }
 
                 //here we read all used information from the form if submitted, otherwise from DB
-                $cache_name = trim(isset($_POST['name']) ? $_POST['name'] : $cache_record['name']);  // Ocprop
+                $cache_name = trim(isset($_POST['name']) ? trim($_POST['name']) : $cache_record['name']);  // Ocprop
                 $cache_type = isset($_POST['type']) ? $_POST['type'] : $cache_record['type'];
                 if (!isset($_POST['size'])) {
                     if ($cache_type == 4 || $cache_type == 5) {
@@ -189,8 +189,8 @@ function getWaypoints($cacheId)
                 $listing_modified = isset($_POST['listing_modified']) ? $_POST['listing_modified'] + 0 : 0;
                 $status = isset($_POST['status']) ? $_POST['status'] : $cache_record['status'];  // Ocprop
                 $status_old = $cache_record['status'];
-                $search_time = isset($_POST['search_time']) ? $_POST['search_time'] : $cache_record['search_time'];
-                $way_length = isset($_POST['way_length']) ? $_POST['way_length'] : $cache_record['way_length'];
+                $search_time = isset($_POST['search_time']) ? trim($_POST['search_time']) : $cache_record['search_time'];
+                $way_length = isset($_POST['way_length']) ? trim($_POST['way_length']) : $cache_record['way_length'];
 
                 if ($status_old == 5 && $status == 5) {
                     if (isset($_POST['publish'])) {  // Ocprop
@@ -262,10 +262,10 @@ function getWaypoints($cacheId)
                     //get coords from post-form
                     $coords_latNS = $_POST['latNS'];  // Ocprop
                     $coords_lonEW = $_POST['lonEW'];  // Ocprop
-                    $coords_lat_h = $_POST['lat_h'];  // Ocprop
-                    $coords_lon_h = $_POST['lon_h'];  // Ocprop
-                    $coords_lat_min = $_POST['lat_min'];  // Ocprop
-                    $coords_lon_min = $_POST['lon_min'];  // Ocprop
+                    $coords_lat_h = trim($_POST['lat_h']);  // Ocprop
+                    $coords_lon_h = trim($_POST['lon_h']);  // Ocprop
+                    $coords_lat_min = trim($_POST['lat_min']);  // Ocprop
+                    $coords_lon_min = trim($_POST['lon_min']);  // Ocprop
                 } else {
                     //get coords from DB
                     $coords_lon = $cache_record['longitude'];

diff --git a/htdocs/editdesc.php b/htdocs/editdesc.php
@@ -122,8 +122,8 @@
                         $oldDescMode = $descMode;
                     }
 
-                    $short_desc = $_POST['short_desc'];  // Ocprop
-                    $hint = htmlspecialchars($_POST['hints'], ENT_COMPAT, 'UTF-8');
+                    $short_desc = trim($_POST['short_desc']);  // Ocprop
+                    $hint = htmlspecialchars(trim($_POST['hints']), ENT_COMPAT, 'UTF-8');
                     $desclang = $_POST['desclang'];
                     $show_all_langs = isset($_POST['show_all_langs_value']) ? $_POST['show_all_langs_value'] : 0;
                     if (!is_numeric($show_all_langs)) {
@@ -137,7 +137,7 @@
                     }
 
                     // Text from textarea
-                    $desc = $_POST['desc'];  // Ocprop
+                    $desc = trim($_POST['desc']);  // Ocprop
 
                     // fuer alte Versionen von OCProp
                     if (isset($_POST['submit']) && !isset($_POST['version2'])) {

diff --git a/htdocs/editlog.php b/htdocs/editlog.php
@@ -212,7 +212,7 @@
 
                 // Text from textarea; Ocprop
                 if (isset($_POST['logtext'])) {
-                    $log_text = $_POST['logtext'];
+                    $log_text = trim($_POST['logtext']);
                 } else {
                     $log_text = $log_record['text'];
                     if ($descMode == 1) {

diff --git a/htdocs/log.php b/htdocs/log.php
@@ -108,22 +108,22 @@
     // Ocprop:
     //   logtext, logtype, logday, logmonth, logyear
 
-    $logText = (isset($_POST['logtext'])) ? ($_POST['logtext']) : '';
-    $logType = (isset($_REQUEST['logtype'])) ? ($_REQUEST['logtype'] + 0) : null;
-    $logDateDay = (isset($_POST['logday'])) ? trim($_POST['logday']) : ($datesaved ? $defaultLogDay : date('d'));
-    $logDateMonth = (isset($_POST['logmonth'])) ? trim($_POST['logmonth']) : ($datesaved ? $defaultLogMonth : date(
+    $logText = isset($_POST['logtext']) ? trim($_POST['logtext']) : '';
+    $logType = isset($_REQUEST['logtype']) ? ($_REQUEST['logtype'] + 0) : null;
+    $logDateDay = isset($_POST['logday']) ? trim($_POST['logday']) : ($datesaved ? $defaultLogDay : date('d'));
+    $logDateMonth = isset($_POST['logmonth']) ? trim($_POST['logmonth']) : ($datesaved ? $defaultLogMonth : date(
         'm'
     ));
-    $logDateYear = (isset($_POST['logyear'])) ? trim($_POST['logyear']) : ($datesaved ? $defaultLogYear : date('Y'));
-    $logTimeHour = (isset($_POST['loghour'])) ? trim($_POST['loghour']) : '';
-    $logTimeMinute = (isset($_POST['logminute'])) ? trim($_POST['logminute']) : '';
-    $needsMaintenance = (isset($_POST['needs_maintenance2'])) ? ($_POST['needs_maintenance2']) + 0 : (isset($_POST['needs_maintenance']) ? ($_POST['needs_maintenance']) + 0 : 0);
-    $listingOutdated = (isset($_POST['listing_outdated2'])) ? ($_POST['listing_outdated2']) + 0 : (isset($_POST['listing_outdated']) ? ($_POST['listing_outdated']) + 0 : 0);
-    $confirmListingOk = (isset($_POST['confirm_listing_ok'])) ? $_POST['confirm_listing_ok'] + 0 : 0;
-    $rateOption = (isset($_POST['ratingoption'])) ? $_POST['ratingoption'] + 0 : 0;
-    $rateCache = (isset($_POST['rating'])) ? $_POST['rating'] + 0 : 0;
-    $ocTeamComment = (isset($_REQUEST['teamcomment'])) ? $_REQUEST['teamcomment'] != 0 : 0;
-    $suppressMasslogWarning = (isset($_REQUEST['suppressMasslogWarning'])) ? $_REQUEST['suppressMasslogWarning'] : ($masslogCookieSet ? $masslogCookieContent : 0);
+    $logDateYear = isset($_POST['logyear']) ? trim($_POST['logyear']) : ($datesaved ? $defaultLogYear : date('Y'));
+    $logTimeHour = isset($_POST['loghour']) ? trim($_POST['loghour']) : '';
+    $logTimeMinute = isset($_POST['logminute']) ? trim($_POST['logminute']) : '';
+    $needsMaintenance = isset($_POST['needs_maintenance2']) ? $_POST['needs_maintenance2'] + 0 : (isset($_POST['needs_maintenance']) ? $_POST['needs_maintenance'] + 0 : 0);
+    $listingOutdated = isset($_POST['listing_outdated2']) ? $_POST['listing_outdated2'] + 0 : (isset($_POST['listing_outdated']) ? $_POST['listing_outdated'] + 0 : 0);
+    $confirmListingOk = isset($_POST['confirm_listing_ok']) ? $_POST['confirm_listing_ok'] + 0 : 0;
+    $rateOption = isset($_POST['ratingoption']) ? $_POST['ratingoption'] + 0 : 0;
+    $rateCache = isset($_POST['rating']) ? $_POST['rating'] + 0 : 0;
+    $ocTeamComment = isset($_REQUEST['teamcomment']) ? $_REQUEST['teamcomment'] != 0 : 0;
+    $suppressMasslogWarning = isset($_REQUEST['suppressMasslogWarning']) ? $_REQUEST['suppressMasslogWarning'] : ($masslogCookieSet ? $masslogCookieContent : 0);
 
     if (isset($_GET['fieldnoteid']) && !isset($_POST['submitform']) && !empty($fieldNote)) {
         $_POST['descMode'] = 3;

diff --git a/htdocs/login.php b/htdocs/login.php
@@ -56,7 +56,7 @@
         $tpl->error(ERROR_ALREADY_LOGGEDIN);
     }
 
-    $username = isset($_POST['email']) ? $_POST['email'] : ''; // Ocprop
+    $username = isset($_POST['email']) ? trim($_POST['email']) : ''; // Ocprop
     $password = isset($_POST['password']) ? $_POST['password'] : ''; // Ocprop
 
     $retval = $login->try_login($username, $password, null);

diff --git a/htdocs/newcache.php b/htdocs/newcache.php
@@ -75,10 +75,10 @@
             tpl_set_var('lonEsel', '');
             tpl_set_var('lonWsel', ' selected="selected"');
         }
-        $lon_h = isset($_POST['lon_h']) ? $_POST['lon_h'] : '0'; // Ocprop
+        $lon_h = isset($_POST['lon_h']) ? trim($_POST['lon_h']) : '0'; // Ocprop
         tpl_set_var('lon_h', htmlspecialchars($lon_h, ENT_COMPAT, 'UTF-8'));
 
-        $lon_min = isset($_POST['lon_min']) ? $_POST['lon_min'] : '00.000'; // Ocprop
+        $lon_min = isset($_POST['lon_min']) ? trim($_POST['lon_min']) : '00.000'; // Ocprop
         tpl_set_var('lon_min', htmlspecialchars($lon_min, ENT_COMPAT, 'UTF-8'));
 
         $latNS = isset($_POST['latNS']) ? $_POST['latNS'] : $default_NS; // Ocprop
@@ -89,18 +89,18 @@
             tpl_set_var('latNsel', '');
             tpl_set_var('latSsel', ' selected="selected"');
         }
-        $lat_h = isset($_POST['lat_h']) ? $_POST['lat_h'] : '0'; // Ocprop
+        $lat_h = isset($_POST['lat_h']) ? trim($_POST['lat_h']) : '0'; // Ocprop
         tpl_set_var('lat_h', htmlspecialchars($lat_h, ENT_COMPAT, 'UTF-8'));
 
-        $lat_min = isset($_POST['lat_min']) ? $_POST['lat_min'] : '00.000'; // Ocprop
+        $lat_min = isset($_POST['lat_min']) ? trim($_POST['lat_min']) : '00.000'; // Ocprop
         tpl_set_var('lat_min', htmlspecialchars($lat_min, ENT_COMPAT, 'UTF-8'));
 
         //name
         $name = isset($_POST['name']) ? trim($_POST['name']) : ''; // Ocprop
         tpl_set_var('name', htmlspecialchars($name, ENT_COMPAT, 'UTF-8'));
 
         //shortdesc
-        $short_desc = isset($_POST['short_desc']) ? $_POST['short_desc'] : '';
+        $short_desc = isset($_POST['short_desc']) ? trim($_POST['short_desc']) : '';
         tpl_set_var('short_desc', htmlspecialchars($short_desc, ENT_COMPAT, 'UTF-8'));
 
         // descMode auslesen, falls nicht gesetzt aus dem Profil laden
@@ -147,7 +147,7 @@
 
         //desc
         if (isset($_POST['desc'])) {
-            $desc = processEditorInput($oldDescMode, $descMode, $_POST['desc']);
+            $desc = trim(processEditorInput($oldDescMode, $descMode, $_POST['desc']));
         } else {
             $desc = '';
         }
@@ -192,7 +192,7 @@
 
 
         //hints
-        $hints = isset($_POST['hints']) ? $_POST['hints'] : '';
+        $hints = isset($_POST['hints']) ? trim($_POST['hints']) : '';
         tpl_set_var('hints', htmlspecialchars($hints, ENT_COMPAT, 'UTF-8'));
 
         // fuer alte Versionen von OCProp
@@ -252,7 +252,7 @@
         tpl_set_var('activation_hours', $activation_hours);
 
         //log-password
-        $log_pw = isset($_POST['log_pw']) ? mb_substr($_POST['log_pw'], 0, 20) : '';
+        $log_pw = isset($_POST['log_pw']) ? mb_substr(trim($_POST['log_pw']), 0, 20) : '';
         tpl_set_var('log_pw', htmlspecialchars($log_pw, ENT_COMPAT, 'UTF-8'));
 
         // gc- and nc-waypoints

diff --git a/htdocs/newdesc.php b/htdocs/newdesc.php
@@ -45,9 +45,9 @@
                 $show_all_langs = isset($_POST['show_all_langs']) ? $_POST['show_all_langs'] : 0;
                 $short_desc = isset($_POST['short_desc']) ? $_POST['short_desc'] : '';  // Ocprop
 
-                $hints = isset($_POST['hints']) ? $_POST['hints'] : '';  // Ocprop
-                $sel_lang = isset($_POST['desc_lang']) ? $_POST['desc_lang'] : $default_lang;  // Ocprop
-                $desc = isset($_POST['desc']) ? $_POST['desc'] : '';  // Ocprop
+                $hints = isset($_POST['hints']) ? trim($_POST['hints']) : '';  // Ocprop
+                $sel_lang = isset($_POST['desc_lang']) ? trim($_POST['desc_lang']) : $default_lang;  // Ocprop
+                $desc = isset($_POST['desc']) ? trim($_POST['desc']) : '';  // Ocprop
 
                 // read descMode; if not set, initialize from user profile
                 if (isset($_POST['descMode'])) {  // Ocprop

diff --git a/htdocs/register.php b/htdocs/register.php
@@ -12,9 +12,9 @@
 
 // Read register information
 $show_all_countries = isset($_POST['show_all_countries']) ? $_POST['show_all_countries'] + 0 : 0;
-$username = isset($_POST['username']) ? $_POST['username'] : '';
-$last_name = isset($_POST['last_name']) ? $_POST['last_name'] : '';
-$first_name = isset($_POST['first_name']) ? $_POST['first_name'] : '';
+$username = isset($_POST['username']) ? trim($_POST['username']) : '';
+$last_name = isset($_POST['last_name']) ? trim($_POST['last_name']) : '';
+$first_name = isset($_POST['first_name']) ? trim($_POST['first_name']) : '';
 $password = isset($_POST['password1']) ? $_POST['password1'] : '';
 $password2 = isset($_POST['password2']) ? $_POST['password2'] : '';
 $email = isset($_POST['email']) ? mb_trim($_POST['email']) : '';

diff --git a/htdocs/removelog.php b/htdocs/removelog.php
@@ -105,7 +105,7 @@
                             $log_record['log_user_domain']
                         );
 
-                        $message = isset($_POST['logowner_message']) ? $_POST['logowner_message'] : '';
+                        $message = isset($_POST['logowner_message']) ? trim($_POST['logowner_message']) : '';
                         if ($message != '') {
                             //message to logger
                             $message = $removed_message_title . "\n" . $message . "\n" . $removed_message_end;