Switch direct $_GET use to get_http_var.

classes/Renderer/Header.php

@@ -261,8 +261,7 @@ private function get_menu_highlights() {
 
         // if we're searching within a parliament, put this in the top bar
         if ($this_page == "search") {
-            if (isset($_GET['section'])) {
-                $section = $_GET['section'];
+            if ($section = get_http_var('section')) {
                 if ($section == 'scotland') {
                     $selected_top_link['text'] = 'Scotland';
                 } elseif ($section == 'ni') {
@@ -279,9 +278,8 @@ private function get_menu_highlights() {
 
         // for the alerts page, put the most recent membership's house
         // in the top bar
-        if ($this_page == "alert"){
-            if (isset($_GET['pid'])) {
-                $pid = $_GET['pid'];
+        if ($this_page == "alert") {
+            if ($pid = get_http_var('pid')) {
                 $person = new \MySociety\TheyWorkForYou\Member(array('person_id' => $pid));
                 $membership = $person->getMostRecentMembership();
                 $parliament = $membership['house'];
@@ -295,7 +293,6 @@ private function get_menu_highlights() {
                     $selected_top_link['text'] = 'London Assembly';
                 }
             }
-
         }
 
         $this->nav_highlights = array(

www/includes/easyparliament/helper-donate.php

@@ -194,7 +194,7 @@ function check_for_stripe_submission(
     // If a get request with a stripe parameter
     // Run the script session and return either
     // the success json or an error
-    if (isset($_GET["stripe"]) && $_GET["stripe"]) {
+    if (get_http_var("stripe")) {
         $error = verify_recaptcha();
         if ($error) {
             $result = ["error" => $error];
@@ -221,4 +221,4 @@ function get_checked($value, $checked_value, $echo = true)
 function wp_esc_attr($text)
 {
     return htmlspecialchars($text, ENT_QUOTES, "UTF-8");
-}
+}

www/includes/easyparliament/templates/html/donate/_stripe_donate.php

@@ -30,15 +30,15 @@
 $default_type = 'one-off';
 
 # use the how-often parameter if set, if not default to option at end of line (options are 'monthly', 'annually', or 'one-off')
-$initial_payment_type = $_GET['how-often'] ?? $default_type;
+$initial_payment_type = get_http_var('how-often', $default_type);
 
 # use the how-much parameter if set, if not default to default amount for initial payment type
-$how_much = $_GET['how-much'] ?? $default_amounts[$initial_payment_type];
+$how_much = get_http_var('how-much', $default_amounts[$initial_payment_type]);
 
 # if how-much is not in the allowed values for the current payment type, set to 'other', and set $other_how_much to the value of how-much
 if (!array_key_exists($how_much, $payment_amounts[$initial_payment_type])) {
   $how_much = 'other';
-  $other_how_much = $_GET['how-much'];
+  $other_how_much = get_http_var('how-much');
 } else {
   $other_how_much = '';
 }
@@ -139,10 +139,10 @@ class="donate-<?=$payment_type?>-amount inline-radio-label"
       <p><small>Payment methods available: Card, PayPal, Apple Pay, Google Pay, Direct Debit</small></p>
     </div>
 
-    <input type="hidden" name="utm_source" value="<?=htmlspecialchars($_GET['utm_source'] ?? 'theyworkforyou.com') ?>">
-    <input type="hidden" name="utm_content" value="<?=htmlspecialchars($_GET['utm_content'] ?? '') ?>">
-    <input type="hidden" name="utm_medium" value="<?=htmlspecialchars($_GET['utm_medium'] ?? '') ?>">
-    <input type="hidden" name="utm_campaign" value="<?=htmlspecialchars($_GET['utm_campaign'] ?? 'twfy_donate_page') ?>">
+    <input type="hidden" name="utm_source" value="<?=htmlspecialchars(get_http_var('utm_source', 'theyworkforyou.com')) ?>">
+    <input type="hidden" name="utm_content" value="<?=htmlspecialchars(get_http_var('utm_content')) ?>">
+    <input type="hidden" name="utm_medium" value="<?=htmlspecialchars(get_http_var('utm_medium')) ?>">
+    <input type="hidden" name="utm_campaign" value="<?=htmlspecialchars(get_http_var('utm_campaign', 'twfy_donate_page')) ?>">
 
 </form>