From d9066bbe5753dab604d925fe3a9f394d16c26dbf Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Mon, 4 Nov 2024 10:07:42 +0000
Subject: remove Request::quoted() and Request::quotedArray(), fixes #4799

Closes #4799

Merge request studip/studip!3589
---
 app/controllers/admin/ilias_interface.php        |  2 +-
 app/controllers/course/ilias_interface.php       |  2 +-
 app/controllers/course/members.php               |  6 ++-
 app/controllers/shared/log_event.php             |  2 +-
 lib/classes/Request.php                          | 59 ------------------------
 public/activate_email.php                        | 10 ++--
 tests/unit/lib/classes/RequestParametersTest.php | 12 -----
 7 files changed, 13 insertions(+), 80 deletions(-)

diff --git a/app/controllers/admin/ilias_interface.php b/app/controllers/admin/ilias_interface.php
index 3bfebae..d0e59ea 100644
--- a/app/controllers/admin/ilias_interface.php
+++ b/app/controllers/admin/ilias_interface.php
@@ -104,7 +104,7 @@ class Admin_IliasInterfaceController extends AuthenticatedController
 
             //store config entry
             Config::get()->store('ILIAS_INTERFACE_BASIC_SETTINGS', $this->ilias_interface_config);
-            Config::get()->store('ILIAS_INTERFACE_MODULETITLE', Request::quoted('ilias_interface_moduletitle'));
+            Config::get()->store('ILIAS_INTERFACE_MODULETITLE', Request::get('ilias_interface_moduletitle'));
             PageLayout::postSuccess(_('Einstellungen wurden gespeichert.'));
         }
         $this->redirect($this->url_for('admin/ilias_interface'));
diff --git a/app/controllers/course/ilias_interface.php b/app/controllers/course/ilias_interface.php
index 767cce1..0786944 100644
--- a/app/controllers/course/ilias_interface.php
+++ b/app/controllers/course/ilias_interface.php
@@ -292,7 +292,7 @@ class Course_IliasInterfaceController extends AuthenticatedController
             if ($mode === 'search') {
                 $this->keep_dialog = true;
                 // perform search
-                $this->ilias_search = Request::quoted('ilias_search');
+                $this->ilias_search = Request::get('ilias_search');
                 if (mb_strlen($this->ilias_search) > 2) {
                     $this->ilias_modules = $this->ilias->searchModules($this->ilias_search);
                     foreach ($this->ilias_modules as $search_module_id => $search_module_object) {
diff --git a/app/controllers/course/members.php b/app/controllers/course/members.php
index d0d4405..77142dd 100644
--- a/app/controllers/course/members.php
+++ b/app/controllers/course/members.php
@@ -655,7 +655,11 @@ class Course_MembersController extends AuthenticatedController
 
         if (Request::get('csv_import_format') && !in_array(Request::get('csv_import_format'), words('realname username email'))) {
             foreach (DataField::getDataFields('user', 1 | 2 | 4 | 8, true) as $df) {
-                if ($df->accessAllowed() && in_array($df->getId(), $GLOBALS['TEILNEHMER_IMPORT_DATAFIELDS']) && $df->getId() == Request::quoted('csv_import_format')) {
+                if (
+                    $df->accessAllowed()
+                    && in_array($df->getId(), $GLOBALS['TEILNEHMER_IMPORT_DATAFIELDS'])
+                    && $df->getId() == Request::get('csv_import_format')
+                ) {
                     $datafield_id = $df->getId();
                     break;
                 }
diff --git a/app/controllers/shared/log_event.php b/app/controllers/shared/log_event.php
index 3d8af7e..923a462 100644
--- a/app/controllers/shared/log_event.php
+++ b/app/controllers/shared/log_event.php
@@ -26,7 +26,7 @@ class Shared_LogEventController extends MVVController
         $event_log = new EventLog();
 
         $this->start = (int) Request::int('start');
-        $this->format = Request::quoted('format');
+        $this->format = Request::option('format');
         $this->num_entries = 0;
         $this->log_events = [];
 
diff --git a/lib/classes/Request.php b/lib/classes/Request.php
index a49f607..4c8697e 100644
--- a/lib/classes/Request.php
+++ b/lib/classes/Request.php
@@ -216,28 +216,6 @@ class Request implements ArrayAccess, IteratorAggregate
     }
 
     /**
-     * Return the value of the selected query parameter as a string.
-     * The contents of the string is quoted with addslashes().
-     *
-     * @param string $param    parameter name
-     * @param string $default  default value if parameter is not set
-     *
-     * @return string  parameter value as string (if set), else NULL
-     *
-     * @deprecated since Stud.IP 6.0
-     */
-    public static function quoted($param, $default = NULL)
-    {
-        $value = self::get($param, $default);
-
-        if (isset($value)) {
-            $value = addslashes($value);
-        }
-
-        return $value;
-    }
-
-    /**
      * Return the value of the selected query parameter as an alphanumeric
      * string (consisting of only digits, letters and underscores).
      *
@@ -476,22 +454,6 @@ class Request implements ArrayAccess, IteratorAggregate
     }
 
     /**
-     * Return the value of the selected query parameter as a string array.
-     * The contents of each element is quoted with addslashes().
-     *
-     * @param string $param    parameter name
-     *
-     * @return array  parameter value as array (if set), else an empty array
-     * @deprecated since Stud.IP 6.0
-     */
-    public static function quotedArray($param)
-    {
-        $array = self::getArray($param);
-
-        return self::addslashes($array);
-    }
-
-    /**
      * Return the value of the selected query parameter as an array of
      * alphanumeric strings (consisting of only digits, letters and
      * underscores).
@@ -646,27 +608,6 @@ class Request implements ArrayAccess, IteratorAggregate
     }
 
     /**
-     * Quote a given string or array using addslashes(). If the parameter
-     * is an array, the quoting is applied recursively.
-     *
-     * @param mixed $value    string or array value to be quoted
-     *
-     * @return mixed  quoted string or array
-     */
-    public static function addslashes($value)
-    {
-        if (is_array($value)) {
-            foreach ($value as $key => $val) {
-                $value[$key] = self::addslashes($val);
-            }
-        } else {
-            $value = addslashes($value);
-        }
-
-        return $value;
-    }
-
-    /**
      * Returns the (uppercase) request method.
      *
      * @return string  the uppercased method of the request
diff --git a/public/activate_email.php b/public/activate_email.php
index 6f39a72..25e70f3 100644
--- a/public/activate_email.php
+++ b/public/activate_email.php
@@ -41,7 +41,7 @@ function reenter_mail() {
 function mail_explain() {
     echo '<form action="' . URLHelper::getLink() . '" method="post" class="default">';
     echo '<fieldset>';
-    echo '<legend>' .  _('Sie haben Ihre E-Mail-Adresse geändert. 
+    echo '<legend>' .  _('Sie haben Ihre E-Mail-Adresse geändert.
     Um diese frei zu schalten müssen Sie den Ihnen an Ihre neue Adresse zugeschickten Aktivierungs Schlüssel im unten stehenden Eingabefeld eintragen.') . '</legend>';
     echo CSRFProtection::tokenTag();
     echo '<label>' . _('Aktivierungs Schlüssel')
@@ -71,8 +71,8 @@ if(Request::get('key') !== null) {
     $sth->execute([$uid]);
     $result = $sth->fetch();
     $key = $result['validation_key'];
-    
-    if(Request::quoted('key') == $key) {
+
+    if(Request::get('key') == $key) {
         $sth = $db->prepare("UPDATE auth_user_md5 SET validation_key='' WHERE user_id=?");
         $sth->execute([$uid]);
         unset($_SESSION['semi_logged_in']);
@@ -102,10 +102,10 @@ if(Request::get('key') !== null) {
     if(Request::get('email1') == Request::get('email2')) {
         // change mail
         $tmp_user = User::find(Request::option('uid'));
-        if($tmp_user && $tmp_user->changeEmail(Request::quoted('email1'), true)) {
+        if($tmp_user && $tmp_user->changeEmail(Request::get('email1'), true)) {
             $_SESSION['semi_logged_in'] = False;
         }
-        
+
     } else {
         PageLayout::postError(_('Die eingegebenen E-Mail-Adressen stimmen nicht überein. Bitte überprüfen Sie Ihre Eingabe.'));
     }
diff --git a/tests/unit/lib/classes/RequestParametersTest.php b/tests/unit/lib/classes/RequestParametersTest.php
index 49f8098..3da20b2 100644
--- a/tests/unit/lib/classes/RequestParametersTest.php
+++ b/tests/unit/lib/classes/RequestParametersTest.php
@@ -74,7 +74,6 @@ class RequestParametersTest extends Codeception\Test\Unit
 
     /**
      * @covers Request::get
-     * @covers Request::quoted
      */
     public function testStringParam ()
     {
@@ -85,11 +84,6 @@ class RequestParametersTest extends Codeception\Test\Unit
         $this->assertSame(Request::get('c'), '-23');
         $this->assertSame(Request::get('d'), '12.7');
         $this->assertNull(Request::get('v2'));
-
-        $this->assertNull(Request::quoted('null'));
-        $this->assertSame(Request::quoted('null', 'foo'), 'foo');
-        $this->assertSame(Request::quoted('b'), '\\\\h1\\"');
-        $this->assertNull(Request::quoted('v2'));
     }
 
     /**
@@ -159,7 +153,6 @@ class RequestParametersTest extends Codeception\Test\Unit
 
     /**
      * @covers Request::getArray
-     * @covers Request::quotedArray
      */
     public function testStringArrayParam ()
     {
@@ -167,11 +160,6 @@ class RequestParametersTest extends Codeception\Test\Unit
         $this->assertSame(Request::getArray('b'), []);
         $this->assertSame(Request::getArray('v1'), ['1', '2.4', '3,7']);
         $this->assertSame(Request::getArray('v2'), ['on\'e', 'two', 'thr33']);
-
-        $this->assertSame(Request::quotedArray('null'), []);
-        $this->assertSame(Request::quotedArray('b'), []);
-        $this->assertSame(Request::quotedArray('v1'), ['1', '2.4', '3,7']);
-        $this->assertSame(Request::quotedArray('v2'), ['on\\\'e', 'two', 'thr33']);
     }
 
     /**
-- 
cgit v1.0