Fix usage of INPUT_SERVER variables

fixes #342

Author: trasher

ajax/dropdownCredentials.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "dropdownCredentials.php")) {
+if (strpos($_SERVER['PHP_SELF'], "dropdownCredentials.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/dropdown_taskjob.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "dropdown_taskjob.php")) {
+if (strpos($_SERVER['PHP_SELF'], "dropdown_taskjob.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/dropdownactionlist.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "dropdownactionlist.php")) {
+if (strpos($_SERVER['PHP_SELF'], "dropdownactionlist.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/dropdownactionselection.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "dropdownactionselection.php")) {
+if (strpos($_SERVER['PHP_SELF'], "dropdownactionselection.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/dropdownactiontype.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "dropdownactiontype.php")) {
+if (strpos($_SERVER['PHP_SELF'], "dropdownactiontype.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/dropdowndefinitionlist.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "dropdowndefinitionlist.php")) {
+if (strpos($_SERVER['PHP_SELF'], "dropdowndefinitionlist.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/dropdowndefinitionselection.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "dropdowndefinitionselection.php")) {
+if (strpos($_SERVER['PHP_SELF'], "dropdowndefinitionselection.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/dropdowndefinitiontype.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "dropdowndefinitiontype.php")) {
+if (strpos($_SERVER['PHP_SELF'], "dropdowndefinitiontype.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/dropdowndefinitiontypelist.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "dropdowndefinitiontypelist.php")) {
+if (strpos($_SERVER['PHP_SELF'], "dropdowndefinitiontypelist.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/dropdownlist.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "dropdownlist.php")) {
+if (strpos($_SERVER['PHP_SELF'], "dropdownlist.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/dropdownlocation.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "dropdownlocation.php")) {
+if (strpos($_SERVER['PHP_SELF'], "dropdownlocation.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/dropdowntype.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "dropdowntype.php")) {
+if (strpos($_SERVER['PHP_SELF'], "dropdowntype.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/dropdowntypelist.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "dropdowntypelist.php")) {
+if (strpos($_SERVER['PHP_SELF'], "dropdowntypelist.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/jobstates_logs.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "jobstates_logs.php")) {
+if (strpos($_SERVER['PHP_SELF'], "jobstates_logs.php")) {
     include("../../../inc/includes.php");
     Session::checkCentralAccess();
 }

ajax/showtaskjoblogdetail.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "showtaskjoblogdetail.php")) {
+if (strpos($_SERVER['PHP_SELF'], "showtaskjoblogdetail.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/taskjob_form.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "taskjob_form.php")) {
+if (strpos($_SERVER['PHP_SELF'], "taskjob_form.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/taskjob_itemtypes.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "taskjob_itemtypes.php")) {
+if (strpos($_SERVER['PHP_SELF'], "taskjob_itemtypes.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/taskjob_logs.php

@@ -31,10 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (
-    !isset($_SERVER['PHP_SELF'])
-    || strpos(filter_input(INPUT_SERVER, 'PHP_SELF'), "taskjob_logs.php")
-) {
+if (strpos($_SERVER['PHP_SELF'], "taskjob_logs.php")) {
     include("../../../inc/includes.php");
     Session::checkCentralAccess();
 }

ajax/taskjob_moduleitems.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "taskjob_moduleitems.php")) {
+if (strpos($_SERVER['PHP_SELF'], "taskjob_moduleitems.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/taskjob_moduletypes.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "taskjob_moduletypes.php")) {
+if (strpos($_SERVER['PHP_SELF'], "taskjob_moduletypes.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/taskjobaddtype.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "taskjobaddtype.php")) {
+if (strpos($_SERVER['PHP_SELF'], "taskjobaddtype.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/taskjobdeletetype.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "taskjobdeletetype.php")) {
+if (strpos($_SERVER['PHP_SELF'], "taskjobdeletetype.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

ajax/taskmethodupdate.php

@@ -31,7 +31,7 @@
  * ---------------------------------------------------------------------
  */
 
-if (strpos(filter_input(INPUT_SERVER, "PHP_SELF"), "taskmethodupdate.php")) {
+if (strpos($_SERVER['PHP_SELF'], "taskmethodupdate.php")) {
     include("../../../inc/includes.php");
     header("Content-Type: text/html; charset=UTF-8");
     Html::header_nocache();

hook.php

@@ -381,9 +381,9 @@ function plugin_glpiinventory_install()
 {
     ini_set("max_execution_time", "0");
 
-    if (basename(filter_input(INPUT_SERVER, "SCRIPT_NAME")) != "cli_install.php") {
+    if (basename($_SERVER['SCRIPT_NAME']) != "cli_install.php") {
         if (!isCommandLine()) {
-            Html::header(__('Setup', 'glpiinventory'), filter_input(INPUT_SERVER, "PHP_SELF"), "config", "plugins");
+            Html::header(__('Setup', 'glpiinventory'), $_SERVER['PHP_SELF'], "config", "plugins");
         }
         $migrationname = 'Migration';
     } else {

index.php

@@ -46,7 +46,7 @@
 } else {
     Html::header(
         __('GLPI Inventory', 'glpiinventory'),
-        filter_input(INPUT_SERVER, "PHP_SELF"),
+        $_SERVER['PHP_SELF'],
         "plugins",
         "glpiinventory"
     );

install/install.php

@@ -304,7 +304,7 @@ function pluginGlpiinventoryInstall($version, $migrationname = 'Migration')
     $agent_base_url = Entity::getUsedConfig('agent_base_url', 0, 'agent_base_url', '');
 
     if (empty($agent_base_url)) {
-        $full_url = filter_input(INPUT_SERVER, "PHP_SELF");
+        $full_url = $_SERVER['PHP_SELF'] ?? null;
         $https = filter_input(INPUT_SERVER, "HTTPS");
         $http_host = filter_input(INPUT_SERVER, "HTTP_HOST");
 

report/computer_last_inventory.php

@@ -37,7 +37,7 @@
 
 include("../../../inc/includes.php");
 
-Html::header(__('FusionInventory', 'glpiinventory'), $_SERVER['PHP_SELF'], "utils", "report");
+Html::header(__('GLPI Inventory', 'glpiinventory'), $_SERVER['PHP_SELF'], "utils", "report");
 
 Session::checkRight('computer', READ);
 
@@ -51,7 +51,7 @@
     $state = 0;
 }
 
-echo "<form action='" . filter_input(INPUT_SERVER, "PHP_SELF") . "' method='get'>";
+echo "<form action='" . $_SERVER['PHP_SELF'] . "' method='get'>";
 echo "<table class='tab_cadre' cellpadding='5'>";
 
 echo "<tr>";

report/not_queried_recently.php

@@ -39,7 +39,7 @@
 
 include("../../../inc/includes.php");
 
-Html::header(__('FusionInventory', 'glpiinventory'), filter_input(INPUT_SERVER, "PHP_SELF"), "utils", "report");
+Html::header(__('GLPI Inventory', 'glpiinventory'), $_SERVER['PHP_SELF'], "utils", "report");
 
 Session::checkRight('plugin_glpiinventory_reportnetworkequipment', READ);
 
@@ -49,7 +49,7 @@
 }
 $state = filter_input(INPUT_GET, "state");
 
-echo "<form action='" . filter_input(INPUT_SERVER, "PHP_SELF") . "' method='get'>";
+echo "<form action='" . $_SERVER['PHP_SELF'] . "' method='get'>";
 echo "<table class='tab_cadre' cellpadding='5'>";
 
 echo "<tr class='tab_bg_1' align='center'>";

report/ports_date_connections.php

@@ -37,7 +37,7 @@
 
 include("../../../inc/includes.php");
 
-Html::header(__('FusionInventory', 'glpiinventory'), filter_input(INPUT_SERVER, "PHP_SELF"), "utils", "report");
+Html::header(__('GLPI Inventory', 'glpiinventory'), $_SERVER['PHP_SELF'], "utils", "report");
 
 Session::checkRight('plugin_glpiinventory_reportnetworkequipment', READ);
 

report/switch_ports.history.php

@@ -38,13 +38,13 @@
 define('GLPI_ROOT', '../../..');
 include(GLPI_ROOT . "/inc/includes.php");
 
-Html::header(__('FusionInventory', 'glpiinventory'), filter_input(INPUT_SERVER, "PHP_SELF"), "utils", "report");
+Html::header(__('GLPI Inventory', 'glpiinventory'), $_SERVER['PHP_SELF'], "utils", "report");
 
 Session::checkRight('plugin_glpiinventory_reportnetworkequipment', READ);
 
 $FK_port = filter_input(INPUT_GET, "networkports_id");
 
-echo "<form action='" . filter_input(INPUT_SERVER, "PHP_SELF") . "' method='get'>";
+echo "<form action='" . $_SERVER['PHP_SELF'] . "' method='get'>";
 echo "<table class='tab_cadre' cellpadding='5'>";
 echo "<tr class='tab_bg_1' align='center'>";
 

setup.php

@@ -69,7 +69,8 @@ function plugin_glpiinventory_script_endswith($scriptname)
 {
     //append plugin directory to avoid dumb errors...
     $scriptname = 'glpiinventory/front/' . $scriptname;
-    $script_name = filter_input(INPUT_SERVER, "SCRIPT_NAME");
+    $script_name = $_SERVER['SCRIPT_NAME'];
+
     return substr($script_name, -strlen($scriptname)) === $scriptname;
 }
 
@@ -234,9 +235,9 @@ function plugin_init_glpiinventory()
         $PLUGIN_HOOKS['add_javascript']['glpiinventory'] = [];
         $PLUGIN_HOOKS['add_css']['glpiinventory'] = [];
         if (
-            strpos(filter_input(INPUT_SERVER, "SCRIPT_NAME"), Plugin::getWebDir('glpiinventory', false)) != false
-            || strpos(filter_input(INPUT_SERVER, "SCRIPT_NAME"), "front/printer.form.php") != false
-            || strpos(filter_input(INPUT_SERVER, "SCRIPT_NAME"), "front/computer.form.php") != false
+            strpos($_SERVER['SCRIPT_NAME'], Plugin::getWebDir('glpiinventory', false)) != false
+            || strpos($_SERVER['SCRIPT_NAME'], "front/printer.form.php") != false
+            || strpos($_SERVER['SCRIPT_NAME'], "front/computer.form.php") != false
         ) {
             $PLUGIN_HOOKS['add_css']['glpiinventory'][] = "css/views.css";
             $PLUGIN_HOOKS['add_css']['glpiinventory'][] = "css/deploy.css";
@@ -324,7 +325,7 @@ function plugin_init_glpiinventory()
         }
 
        // load task view css for computer self deploy (tech)
-        if (strpos(filter_input(INPUT_SERVER, "SCRIPT_NAME"), "front/computer.form.php") != false) {
+        if (strpos($_SERVER['SCRIPT_NAME'], "front/computer.form.php") != false) {
             $PLUGIN_HOOKS['add_css']['glpiinventory'][] = "css/views.css";
         }
 
@@ -359,8 +360,8 @@ function plugin_init_glpiinventory()
 
            // Load nvd3 for printerpage counter graph
             if (
-                strstr(filter_input(INPUT_SERVER, "PHP_SELF"), '/front/printer.form.php')
-                 || strstr(filter_input(INPUT_SERVER, "PHP_SELF"), 'glpiinventory/front/menu.php')
+                strstr($_SERVER['SCRIPT_NAME'], '/front/printer.form.php')
+                 || strstr($_SERVER['SCRIPT_NAME'], 'glpiinventory/front/menu.php')
             ) {
                // Add graph javascript
                 $PLUGIN_HOOKS['add_javascript']['glpiinventory'] = array_merge(