From 16d3ddafba34094bdb8bc6cd33546dc7d0da0f18 Mon Sep 17 00:00:00 2001 From: Fernando Ontiveros Date: Wed, 9 Apr 2025 03:26:11 +0000 Subject: [PATCH] fix Filter sanitize string deprecated CORE #81 --- gulliver/system/class.inputfilter.php | 4 ++-- workflow/engine/controllers/InstallerModule.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/gulliver/system/class.inputfilter.php b/gulliver/system/class.inputfilter.php index 1dbd4d243..5da79226c 100644 --- a/gulliver/system/class.inputfilter.php +++ b/gulliver/system/class.inputfilter.php @@ -602,13 +602,13 @@ class InputFilter } break; case 'nosql': - $value = (string)filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH); + $value = htmlspecialchars(trim($value), ENT_QUOTES, 'UTF-8'); if (preg_match('/\b(or|and|xor|drop|insert|update|delete|select)\b/i', $value, $matches, PREG_OFFSET_CAPTURE)) { $value = substr($value, 0, $matches[0][1]); } break; default: - $value = (string)filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); + $value = htmlspecialchars(trim($value), ENT_QUOTES, 'UTF-8'); } return $value; diff --git a/workflow/engine/controllers/InstallerModule.php b/workflow/engine/controllers/InstallerModule.php index ca0dc64da..0e3a4a040 100644 --- a/workflow/engine/controllers/InstallerModule.php +++ b/workflow/engine/controllers/InstallerModule.php @@ -726,8 +726,8 @@ class InstallerModule extends Controller $dbText .= sprintf(" define ('DB_REPORT_USER', '%s' );\n", $wfGrantUser); $dbText .= sprintf(" define ('DB_REPORT_PASS', '%s' );\n", $wfPass); - $requestFlag = $_REQUEST['PARTNER_FLAG']; - if (defined('PARTNER_FLAG') || isset($requestFlag)) { + $requestFlag = $_REQUEST['PARTNER_FLAG'] ?? null; + if (defined('PARTNER_FLAG') || $requestFlag !== null) { $dbText .= "\n"; $dbText .= " define ('PARTNER_FLAG', " . (defined('PARTNER_FLAG') ? PARTNER_FLAG : (isset($requestFlag) ? $requestFlag : 'false') ) . ");\n"; if (!empty($this->systemName)) {