Merge pull request #168 from Mdwiki-TD/update_new

Update users.php

Author: MrIbrahem

actions/load_request.php

@@ -25,17 +25,17 @@
 function load_request()
 {
     //---
-    $code = $_GET['code'] ?? '';
+    $code = htmlspecialchars($_GET['code'] ?? '', ENT_QUOTES, 'UTF-8');
     //---
     if ($code == 'undefined') $code = "";
     //---
     $code = LangsTables::$L_lang_to_code[$code] ?? $code;
     $code_lang_name = LangsTables::$L_code_to_lang[$code] ?? '';
     //---
-    $cat  = $_GET['cat'] ?? '';
+    $cat  = htmlspecialchars($_GET['cat'] ?? '', ENT_QUOTES, 'UTF-8');
     if ($cat == 'undefined') $cat = "";
     //---
-    $camp = $_GET['camp'] ?? '';
+    $camp = htmlspecialchars($_GET['camp'] ?? '', ENT_QUOTES, 'UTF-8');
     //---
     if (empty($cat) && !empty($camp)) {
         $cat = TablesSql::$s_camp_to_cat[$camp] ?? $cat;

index.php

@@ -37,7 +37,7 @@
 //---
 $code_lang_name  = $req['code_lang_name'];
 //---
-$tra_type  = $_GET['type'] ?? '';
+$tra_type  = htmlspecialchars($_GET['type'] ?? '', ENT_QUOTES, 'UTF-8');
 if ($allow_whole_translate == '0') $tra_type = 'lead';
 //---
 $cat_ch = htmlspecialchars($cat, ENT_QUOTES);

leaderboard/index.php

@@ -11,25 +11,31 @@
 use function Leaderboard\Users\users_html;
 
 echo <<<HTML
-    <style>
-    .border_debugx {
-        border: 1px solid;
-        border-radius: 5px;
-    }
-    </style>
+<style>
+.border_debugx {
+    border: 1px solid;
+    border-radius: 5px;
+}
+</style>
 HTML;
+// ---
+$get = filter_input(INPUT_GET, 'get', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '';
+
+$langcode = filter_input(INPUT_GET, 'langcode', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '';
+$mainlang = filter_input(INPUT_GET, 'lang', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? 'All';
 
-$get   = $_GET['get'] ?? '';
-$users = $_GET['user'] ?? '';
-$langs = $_GET['langcode'] ?? '';
+$mainuser = filter_input(INPUT_GET, 'user', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '';
+$year_y   = filter_input(INPUT_GET, 'year', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? 'All';
+$camp     = filter_input(INPUT_GET, 'camp', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? 'All';
 
-if ($get == 'users' || !empty($users)) {
+//---
+if ($get == 'users' || !empty($mainuser)) {
     // ---
-    echo users_html();
+    echo users_html($mainlang, $mainuser, $year_y, $camp);
     // ---
-} elseif ($get == 'langs' || !empty($langs)) {
+} elseif ($get == 'langs' || !empty($langcode)) {
     // ---
-    echo langs_html();
+    echo langs_html($langcode, $year_y, $camp);
     // ---
 } elseif (!empty($_GET['camps'] ?? '')) {
     // http://localhost:9001/Translation_Dashboard/leaderboard.php?camps=1&test=1
@@ -47,5 +53,10 @@
     echo print_graph_tab_2_new();
     // ---
 } else {
-    echo main_leaderboard();
+    //---
+    $user_group = filter_input(INPUT_GET, 'project', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
+        ?? filter_input(INPUT_GET, 'user_group', FILTER_SANITIZE_FULL_SPECIAL_CHARS)
+        ?? 'all';
+    //---
+    echo main_leaderboard($year_y, $camp, $user_group);
 }

leaderboard/langs.php

@@ -15,16 +15,12 @@
 use function Leaderboard\SubGraph\graph_data_new;
 use function Leaderboard\Subs\FilterForm\lead_row;
 
-function langs_html()
+function langs_html($mainlang, $year_y, $camp)
 {
     $output = '';
     //---
-    $mainlang = $_GET['langcode'] ?? "";
     $mainlang = rawurldecode(str_replace('_', ' ', $mainlang));
     //---
-    $year_y = $_GET['year'] ?? 'All';
-    $camp   = $_GET['camp'] ?? 'All';
-    //---
     $langname = LangsTables::$L_code_to_lang_name[$mainlang] ?? $mainlang;
     //---
     $u_tables = get_langs_tables($mainlang, $year_y);

leaderboard/main.php

@@ -87,12 +87,8 @@ function print_cat_table($year, $user_group, $camp, $cat): string
     HTML;
 }
 
-function main_leaderboard()
+function main_leaderboard($year, $camp, $user_group)
 {
-    //---
-    $year       = $_GET['year'] ?? 'all';
-    $camp       = $_GET['camp'] ?? 'all';
-    $user_group    = $_GET['project'] ?? $_GET['user_group'] ?? 'all';
     //---
     $filter_form = leaderboard_filter($year, $user_group, $camp);
     //---

leaderboard/users.php

@@ -15,18 +15,12 @@
 use function Leaderboard\SubGraph\graph_data_new;
 use function Leaderboard\Subs\FilterForm\lead_row;
 
-function users_html()
+function users_html($mainlang, $mainuser, $year_y, $camp)
 {
     $output = '';
     //---
-    $mainlang = $_GET['lang'] ?? 'All';
     $mainlang = rawurldecode(str_replace('_', ' ', $mainlang));
     //---
-    $mainuser = $_GET['user'] ?? "";
-    //---
-    $year_y = $_GET['year'] ?? 'All';
-    $camp   = $_GET['camp'] ?? 'All';
-    //---
     $u_tables = get_users_tables($mainuser, $year_y, $mainlang);
     //---
     $dd = $u_tables['dd'];
@@ -43,7 +37,17 @@ function users_html()
     //---
     $filter_data = ["user" => $mainuser, "lang" => $mainlang, "year" => $year_y, "camp" => $camp];
     //---
-    $output .= lead_row($table1, $graph, "<h4 class='text-center'>User: $man</h4>", $filter_data, "user");
+    $xtools = <<<HTML
+            <div class="d-flex align-items-center justify-content-between">
+                <span class='h4'>User: $man </span>
+                <a href='https://xtools.wmflabs.org/globalcontribs/$mainuser' target='_blank'>
+                <span class='h4'>(XTools)</span>
+                <!-- <img src='https://xtools.wmcloud.org/build/images/logo.svg' title='Xtools' width='80px'/> -->
+            </a>
+            </div>
+    HTML;
+    //---
+    $output .= lead_row($table1, $graph, $xtools, $filter_data, "user");
     //---
     $output .= <<<HTML
         <div class='card mt-1'>

results/results.php

@@ -11,8 +11,7 @@
 use function Actions\LoadRequest\load_request;
 //---
 $doit = isset($_GET['doit']);
-//---
-$tra_type  = $_GET['type'] ?? '';
+$tra_type = filter_input(INPUT_GET, 'type', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '';
 //---
 $req  = load_request();
 $code = $req['code'] ?? "";
@@ -26,9 +25,6 @@
     $translation_button = ($GLOBALS['user_in_coord'] === true) ? '1' : '0';
 };
 //---
-$depth  = $_GET['depth'] ?? 1;
-$depth  = $depth * 1;
-//---
 $depth  = TablesSql::$s_camp_input_depth[$camp] ?? 1;
 //---
 if (empty($code_lang_name)) $doit = false;

sitelinks.php

@@ -5,9 +5,15 @@
 use function Tables\TablesDir\open_td_Tables_file;
 
 // Get request parameters with defaults
-$site = $_GET["site"] ?? "all";
-$heads_limit = $_GET["heads_limit"] ?? 50;
-$title_limit = $_GET["title_limit"] ?? 150;
+$site = htmlspecialchars($_GET['site'] ?? 'all', ENT_QUOTES, 'UTF-8');
+$heads_limit = filter_input(INPUT_GET, 'heads_limit', FILTER_VALIDATE_INT, [
+	'options' => ['default' => 50, 'min_range' => 1, 'max_range' => 1000]
+]);
+
+$title_limit = filter_input(INPUT_GET, 'title_limit', FILTER_VALIDATE_INT, [
+	'options' => ['default' => 150, 'min_range' => 10, 'max_range' => 1000]
+]);
+
 $items_with_no_links = isset($_GET["items_with_no_links"]) ? "checked" : "";
 
 // Generate form inputs
@@ -65,7 +71,7 @@ function generateFormInputs(array $params, string $items_with_no_links): string
 $qids_all = $data2['qids'] ?? [];
 
 // Sort QIDs by sitelinks count
-uasort($qids_all, fn ($a, $b) => count($b['sitelinks']) <=> count($a['sitelinks']));
+uasort($qids_all, fn($a, $b) => count($b['sitelinks']) <=> count($a['sitelinks']));
 
 test_print("$file2: qids_all: " . count($qids_all));
 test_print("$file2: heads_all: " . count($heads_all));
@@ -82,11 +88,11 @@ function generateFormInputs(array $params, string $items_with_no_links): string
 // Filter QIDs based on user selection
 if ($items_with_no_links) {
 	$heads = [];
-	$qids_o = array_filter($qids_all, fn ($tab) => count($tab['sitelinks']) == 0);
+	$qids_o = array_filter($qids_all, fn($tab) => count($tab['sitelinks']) == 0);
 } elseif (!empty($site) && $site != "all") {
 	$notitle = false;
 	$heads = [$site];
-	$len_items_with_site = count(array_filter($qids_all, fn ($tab) => $tab['sitelinks'][$site] ?? false));
+	$len_items_with_site = count(array_filter($qids_all, fn($tab) => $tab['sitelinks'][$site] ?? false));
 	$no_site_link = $len_qids_all - $len_items_with_site;
 	$with_site_note = " (with site: $len_items_with_site, no site link: $no_site_link)";
 }

translate_med/index.php

@@ -15,9 +15,9 @@
 use function TranslateMed\Inserter\insertPage_inprocess;
 use function SQLorAPI\GetDataTab\get_td_or_sql_users_no_inprocess;
 
-$coden = strtolower($_GET['code']);
-$title_o = $_GET['title'] ?? "";
-$useree = ($GLOBALS['global_username'] != '') ? $GLOBALS['global_username'] : '';
+$coden = strtolower(filter_input(INPUT_GET, 'code', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '');
+$title_o = filter_input(INPUT_GET, 'title', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '';
+$useree = !empty($GLOBALS['global_username']) ? $GLOBALS['global_username'] : '';
 
 $users_no_inprocess = get_td_or_sql_users_no_inprocess();
 $users_no_inprocess = array_column($users_no_inprocess, 'user');
@@ -62,10 +62,13 @@ function go_to_translate_url($title_o, $coden, $tr_type, $cat, $camp)
     $coden   = trim($coden);
     $useree  = trim($useree);
     //  title=COVID-19&code=ady&cat=RTTCovid&camp=COVID&type=lead
-    $cat     = $_GET['cat'] ?? '';
-    $camp    = $_GET['camp'] ?? '';
-    $tr_type = $_GET['type'] ?? 'lead';
-    $word    = $_GET['word'] ?? 0;
+    // ---
+    $cat = filter_input(INPUT_GET, 'cat', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '';
+    $camp = filter_input(INPUT_GET, 'camp', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? '';
+    $tr_type = filter_input(INPUT_GET, 'type', FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?? 'lead';
+    $word = filter_input(INPUT_GET, 'word', FILTER_VALIDATE_INT, [
+        'options' => ['default' => 0, 'min_range' => 0]
+    ]);
     // ---
     $user_decoded  = rawurldecode($useree);
     $cat     = rawurldecode($cat);