Merge pull request #9699 from ddevsr/deprecated-filter-default

refactor: deprecated PHP 8.5 constant `FILTER_DEFAULT` for `filter_*()`

Author: samsonasik

rector.php

@@ -38,6 +38,7 @@
 use Rector\PHPUnit\CodeQuality\Rector\Class_\RemoveDataProviderParamKeysRector;
 use Rector\PHPUnit\CodeQuality\Rector\Class_\YieldDataProviderRector;
 use Rector\Privatization\Rector\Property\PrivatizeFinalClassPropertyRector;
+use Rector\Renaming\Rector\ConstFetch\RenameConstantRector;
 use Rector\Strict\Rector\Empty_\DisallowedEmptyRuleFixerRector;
 use Rector\Strict\Rector\If_\BooleanInIfConditionRuleFixerRector;
 use Rector\TypeDeclaration\Rector\ArrowFunction\AddArrowFunctionReturnTypeRector;
@@ -205,4 +206,7 @@
         // keep '\\' prefix string on string '\Foo\Bar'
         StringClassNameToClassConstantRector::SHOULD_KEEP_PRE_SLASH => true,
     ])
+    ->withConfiguredRule(RenameConstantRector::class, [
+        'FILTER_DEFAULT' => 'FILTER_UNSAFE_RAW',
+    ])
     ->withCodeQualityLevel(34);

system/HTTP/IncomingRequest.php

@@ -572,10 +572,10 @@ public function getJsonVar($index = null, bool $assoc = false, ?int $filter = nu
             return null;
         }
 
-        $filter ??= FILTER_DEFAULT;
+        $filter ??= FILTER_UNSAFE_RAW;
         $flags = is_array($flags) ? $flags : (is_numeric($flags) ? (int) $flags : 0);
 
-        if ($filter !== FILTER_DEFAULT
+        if ($filter !== FILTER_UNSAFE_RAW
             || (
                 (is_numeric($flags) && $flags !== 0)
                 || is_array($flags) && $flags !== []
@@ -656,12 +656,12 @@ public function getRawInputVar($index = null, ?int $filter = null, $flags = null
             [$output, $data] = [$data, null];
         }
 
-        $filter ??= FILTER_DEFAULT;
+        $filter ??= FILTER_UNSAFE_RAW;
         $flags = is_array($flags) ? $flags : (is_numeric($flags) ? (int) $flags : 0);
 
         if (is_array($output)
             && (
-                $filter !== FILTER_DEFAULT
+                $filter !== FILTER_UNSAFE_RAW
                 || (
                     (is_numeric($flags) && $flags !== 0)
                     || is_array($flags) && $flags !== []

system/HTTP/RequestTrait.php

@@ -260,7 +260,7 @@ public function fetchGlobal(string $name, $index = null, ?int $filter = null, $f
         }
 
         // Null filters cause null values to return.
-        $filter ??= FILTER_DEFAULT;
+        $filter ??= FILTER_UNSAFE_RAW;
         $flags = is_array($flags) ? $flags : (is_numeric($flags) ? (int) $flags : 0);
 
         // Return all values when $index is null
@@ -312,7 +312,7 @@ public function fetchGlobal(string $name, $index = null, ?int $filter = null, $f
 
         if (is_array($value)
             && (
-                $filter !== FILTER_DEFAULT
+                $filter !== FILTER_UNSAFE_RAW
                 || (
                     (is_numeric($flags) && $flags !== 0)
                     || is_array($flags) && $flags !== []

system/Helpers/cookie_helper.php

@@ -88,7 +88,7 @@ function get_cookie($index, bool $xssClean = false, ?string $prefix = '')
         }
 
         $request = service('request');
-        $filter  = $xssClean ? FILTER_SANITIZE_FULL_SPECIAL_CHARS : FILTER_DEFAULT;
+        $filter  = $xssClean ? FILTER_SANITIZE_FULL_SPECIAL_CHARS : FILTER_UNSAFE_RAW;
 
         return $request->getCookie($prefix . $index, $filter);
     }

tests/system/HTTP/IncomingRequestTest.php

@@ -607,6 +607,13 @@ public static function provideCanGrabGetRawInputVar(): iterable
                 null,
                 null,
             ],
+            [
+                'username=admin001&role=administrator&usepass=0',
+                'username',
+                'admin001',
+                null,
+                FILTER_UNSAFE_RAW,
+            ],
             [
                 'username=admin001&role=administrator&usepass=0',
                 ['role', 'usepass'],