From cddf6e9d5f53f0f1b7fe6327f908a89558eaf3db Mon Sep 17 00:00:00 2001 From: Shish Date: Sun, 26 Jan 2020 19:44:36 +0000 Subject: [PATCH] more types --- core/block.php | 2 +- core/util.php | 3 ++- ext/comment/main.php | 2 +- ext/featured/theme.php | 2 +- ext/image/main.php | 2 +- ext/pm/main.php | 2 +- ext/report_image/main.php | 4 ++-- ext/statsd/main.php | 2 +- ext/upload/main.php | 4 ++-- 9 files changed, 12 insertions(+), 11 deletions(-) diff --git a/core/block.php b/core/block.php index 93e2e1de..815dbfd0 100644 --- a/core/block.php +++ b/core/block.php @@ -61,7 +61,7 @@ class Block $this->position = $position; if (is_null($id)) { - $id = (empty($header) ? md5($body) : $header) . $section; + $id = (empty($header) ? md5($body ?? '') : $header) . $section; } $this->id = preg_replace('/[^\w-]/', '', str_replace(' ', '_', $id)); } diff --git a/core/util.php b/core/util.php index 074d61e6..cf30650b 100644 --- a/core/util.php +++ b/core/util.php @@ -1,5 +1,6 @@ "hidden", "name"=>"q", "value"=>$target]), - $method != "GET" ? "" : $user->get_auth_html() + $method == "GET" ? "" : rawHTML($user->get_auth_html()) ); } diff --git a/ext/comment/main.php b/ext/comment/main.php index b4e5d3fc..51a8f819 100644 --- a/ext/comment/main.php +++ b/ext/comment/main.php @@ -207,7 +207,7 @@ class CommentList extends Extension if (isset($_POST['image_id']) && isset($_POST['comment'])) { try { $i_iid = int_escape($_POST['image_id']); - $cpe = new CommentPostingEvent($_POST['image_id'], $user, $_POST['comment']); + $cpe = new CommentPostingEvent(int_escape($_POST['image_id']), $user, $_POST['comment']); send_event($cpe); $page->set_mode(PageMode::REDIRECT); $page->set_redirect(make_link("post/view/$i_iid#comment_on_$i_iid")); diff --git a/ext/featured/theme.php b/ext/featured/theme.php index 8c09a3b6..0f2b45ca 100644 --- a/ext/featured/theme.php +++ b/ext/featured/theme.php @@ -21,7 +21,7 @@ class FeaturedTheme extends Themelet public function build_featured_html(Image $image, ?string $query=null): string { - $i_id = int_escape($image->id); + $i_id = $image->id; $h_view_link = make_link("post/view/$i_id", $query); $h_thumb_link = $image->get_thumb_link(); $h_tip = html_escape($image->get_tooltip()); diff --git a/ext/image/main.php b/ext/image/main.php index 4bba3bdc..d1034d5d 100644 --- a/ext/image/main.php +++ b/ext/image/main.php @@ -46,7 +46,7 @@ class ImageIO extends Extension if ($event->page_matches("image/delete")) { global $page, $user; if ($user->can(Permissions::DELETE_IMAGE) && isset($_POST['image_id']) && $user->check_auth_token()) { - $image = Image::by_id($_POST['image_id']); + $image = Image::by_id(int_escape($_POST['image_id'])); if ($image) { send_event(new ImageDeletionEvent($image)); $page->set_mode(PageMode::REDIRECT); diff --git a/ext/pm/main.php b/ext/pm/main.php index d83b1037..28b9bf6c 100644 --- a/ext/pm/main.php +++ b/ext/pm/main.php @@ -144,7 +144,7 @@ class PrivMsg extends Extension if (is_null($pm)) { $this->theme->display_error(404, "No such PM", "There is no PM #$pm_id"); } elseif (($pm["to_id"] == $user->id) || $user->can(Permissions::VIEW_OTHER_PMS)) { - $from_user = User::by_id(int_escape($pm["from_id"])); + $from_user = User::by_id((int)$pm["from_id"]); if ($pm["to_id"] == $user->id) { $database->execute("UPDATE private_message SET is_read='Y' WHERE id = :id", ["id" => $pm_id]); $cache->delete("pm-count-{$user->id}"); diff --git a/ext/report_image/main.php b/ext/report_image/main.php index 8be0f972..367a0417 100644 --- a/ext/report_image/main.php +++ b/ext/report_image/main.php @@ -225,10 +225,10 @@ class ReportImage extends Extension $reports = []; foreach ($all_reports as $report) { - $image_id = int_escape($report['image_id']); + $image_id = (int)$report['image_id']; $image = Image::by_id($image_id); if (is_null($image)) { - send_event(new RemoveReportedImageEvent($report['id'])); + send_event(new RemoveReportedImageEvent((int)$report['id'])); continue; } $report['image'] = $image; diff --git a/ext/statsd/main.php b/ext/statsd/main.php index 56107e2f..770bbee8 100644 --- a/ext/statsd/main.php +++ b/ext/statsd/main.php @@ -105,7 +105,7 @@ class StatsDInterface extends Extension try { $parts = explode(":", STATSD_HOST); $host = $parts[0]; - $port = $parts[1]; + $port = (int)$parts[1]; $fp = fsockopen("udp://$host", $port, $errno, $errstr); if (! $fp) { return; diff --git a/ext/upload/main.php b/ext/upload/main.php index 7e695058..e2f9460d 100644 --- a/ext/upload/main.php +++ b/ext/upload/main.php @@ -252,13 +252,13 @@ class Upload extends Extension foreach ($_FILES as $name => $file) { $tags = $this->tags_for_upload_slot(int_escape(substr($name, 4))); $source = isset($_POST['source']) ? $_POST['source'] : null; - $ok = $ok & $this->try_upload($file, $tags, $source); + $ok = $this->try_upload($file, $tags, $source) && $ok; } foreach ($_POST as $name => $value) { if (substr($name, 0, 3) == "url" && strlen($value) > 0) { $tags = $this->tags_for_upload_slot(int_escape(substr($name, 3))); $source = isset($_POST['source']) ? $_POST['source'] : $value; - $ok = $ok & $this->try_transload($value, $tags, $source); + $ok = $this->try_transload($value, $tags, $source) && $ok; } }