badmanners/shimmie2
badmanners/shimmie2
Archived
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Undoing this commit: Removing unnecessary call to int_escape(). Simply cast to int inline, saving function call overhead.

Browse source
This commit is contained in:
green-ponies (jgen) 2012-04-18 00:54:18 -04:00
parent f8832a5024
commit dd88127c30
46 changed files with 136 additions and 136 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
core/event.class.php
View file

@ -95,10 +95,10 @@ class PageRequestEvent extends Event {
public function get_page_number() { public function get_page_number() {
$page_number = 1; $page_number = 1;
if($this->count_args() === 1) { if($this->count_args() === 1) {
$page_number = (int)($this->get_arg(0)); $page_number = int_escape($this->get_arg(0));
} }
else if($this->count_args() === 2) { else if($this->count_args() === 2) {
$page_number = (int)($this->get_arg(1)); $page_number = int_escape($this->get_arg(1));
} }
if($page_number === 0) $page_number = 1; // invalid -> 0 if($page_number === 0) $page_number = 1; // invalid -> 0
return $page_number; return $page_number;

2
core/extension.class.php
View file

@ -149,7 +149,7 @@ abstract class DataHandlerExtension extends Extension {
/* hax: This seems like such a dirty way to do this.. */ /* hax: This seems like such a dirty way to do this.. */
/* Validate things */ /* Validate things */
$image_id = (int)($event->metadata['replace']); $image_id = int_escape($event->metadata['replace']);
/* Check to make sure the image exists. */ /* Check to make sure the image exists. */
$existing = Image::by_id($image_id); $existing = Image::by_id($image_id);

2
core/user.class.php
View file

@ -33,7 +33,7 @@ class User {
public function User($row) { public function User($row) {
global $_user_classes; global $_user_classes;
$this->id = (int)($row['id']); $this->id = int_escape($row['id']);
$this->name = $row['name']; $this->name = $row['name'];
$this->email = $row['email']; $this->email = $row['email'];
$this->join_date = $row['joindate']; $this->join_date = $row['joindate'];

16
ext/artists/main.php
View file

@ -249,7 +249,7 @@ class Artists extends Extension {
} }
case "edited": case "edited":
{ {
$artistID = (int)($_POST['id']); $artistID = int_escape($_POST['id']);
$this->update_artist(); $this->update_artist();
$page->set_mode("redirect"); $page->set_mode("redirect");
$page->set_redirect(make_link("artist/view/".$artistID)); $page->set_redirect(make_link("artist/view/".$artistID));
@ -312,7 +312,7 @@ class Artists extends Extension {
} }
case "edit": case "edit":
{ {
$aliasID = (int)($event->get_arg(2)); $aliasID = int_escape($event->get_arg(2));
$alias = $this->get_alias_by_id($aliasID); $alias = $this->get_alias_by_id($aliasID);
$this->theme->show_alias_editor($alias); $this->theme->show_alias_editor($alias);
break; break;
@ -320,7 +320,7 @@ class Artists extends Extension {
case "edited": case "edited":
{ {
$this->update_alias(); $this->update_alias();
$aliasID = (int)($_POST['aliasID']); $aliasID = int_escape($_POST['aliasID']);
$artistID = $this->get_artistID_by_aliasID($aliasID); $artistID = $this->get_artistID_by_aliasID($aliasID);
$page->set_mode("redirect"); $page->set_mode("redirect");
$page->set_redirect(make_link("artist/view/".$artistID)); $page->set_redirect(make_link("artist/view/".$artistID));
@ -354,7 +354,7 @@ class Artists extends Extension {
} }
case "edit": case "edit":
{ {
$urlID = (int)($event->get_arg(2)); $urlID = int_escape($event->get_arg(2));
$url = $this->get_url_by_id($urlID); $url = $this->get_url_by_id($urlID);
$this->theme->show_url_editor($url); $this->theme->show_url_editor($url);
break; break;
@ -362,7 +362,7 @@ class Artists extends Extension {
case "edited": case "edited":
{ {
$this->update_url(); $this->update_url();
$urlID = (int)($_POST['urlID']); $urlID = int_escape($_POST['urlID']);
$artistID = $this->get_artistID_by_urlID($urlID); $artistID = $this->get_artistID_by_urlID($urlID);
$page->set_mode("redirect"); $page->set_mode("redirect");
$page->set_redirect(make_link("artist/view/".$artistID)); $page->set_redirect(make_link("artist/view/".$artistID));
@ -386,7 +386,7 @@ class Artists extends Extension {
} }
case "delete": case "delete":
{ {
$memberID = (int)($event->get_arg(2)); $memberID = int_escape($event->get_arg(2));
$artistID = $this->get_artistID_by_memberID($memberID); $artistID = $this->get_artistID_by_memberID($memberID);
$this->delete_member($memberID); $this->delete_member($memberID);
$page->set_mode("redirect"); $page->set_mode("redirect");
@ -395,7 +395,7 @@ class Artists extends Extension {
} }
case "edit": case "edit":
{ {
$memberID = (int)($event->get_arg(2)); $memberID = int_escape($event->get_arg(2));
$member = $this->get_member_by_id($memberID); $member = $this->get_member_by_id($memberID);
$this->theme->show_member_editor($member); $this->theme->show_member_editor($member);
break; break;
@ -403,7 +403,7 @@ class Artists extends Extension {
case "edited": case "edited":
{ {
$this->update_member(); $this->update_member();
$memberID = (int)($_POST['memberID']); $memberID = int_escape($_POST['memberID']);
$artistID = $this->get_artistID_by_memberID($memberID); $artistID = $this->get_artistID_by_memberID($memberID);
$page->set_mode("redirect"); $page->set_mode("redirect");
$page->set_redirect(make_link("artist/view/".$artistID)); $page->set_redirect(make_link("artist/view/".$artistID));

2
ext/blotter/main.php
View file

@ -97,7 +97,7 @@ class Blotter extends Extension {
if(!$user->is_admin() || !$user->check_auth_token()) { if(!$user->is_admin() || !$user->check_auth_token()) {
$this->theme->display_permission_denied(); $this->theme->display_permission_denied();
} else { } else {
$id = (int)($_POST['id']); $id = int_escape($_POST['id']);
if(!isset($id)) { die("No ID!"); } if(!isset($id)) { die("No ID!"); }
$database->Execute("DELETE FROM blotter WHERE id=:id", array("id"=>$id)); $database->Execute("DELETE FROM blotter WHERE id=:id", array("id"=>$id));
log_info("blotter", "Removed Entry #$id"); log_info("blotter", "Removed Entry #$id");

12
ext/comment/main.php
View file

@ -124,7 +124,7 @@ class CommentList extends Extension {
if($event->get_arg(0) === "add") { if($event->get_arg(0) === "add") {
if(isset($_POST['image_id']) && isset($_POST['comment'])) { if(isset($_POST['image_id']) && isset($_POST['comment'])) {
try { try {
$i_iid = (int)($_POST['image_id']); $i_iid = int_escape($_POST['image_id']);
$cpe = new CommentPostingEvent($_POST['image_id'], $user, $_POST['comment']); $cpe = new CommentPostingEvent($_POST['image_id'], $user, $_POST['comment']);
send_event($cpe); send_event($cpe);
$page->set_mode("redirect"); $page->set_mode("redirect");
@ -154,7 +154,7 @@ class CommentList extends Extension {
} }
} }
else if($event->get_arg(0) === "list") { else if($event->get_arg(0) === "list") {
$page_num = (int)($event->get_arg(1)); $page_num = int_escape($event->get_arg(1));
$this->build_page($page_num); $this->build_page($page_num);
} }
} }
@ -242,7 +242,7 @@ class CommentList extends Extension {
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM comments WHERE owner_id = $user_id)")); $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM comments WHERE owner_id = $user_id)"));
} }
else if(preg_match("/commented_by_userid=([0-9]+)/i", $event->term, $matches)) { else if(preg_match("/commented_by_userid=([0-9]+)/i", $event->term, $matches)) {
$user_id = (int)($matches[1]); $user_id = int_escape($matches[1]);
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM comments WHERE owner_id = $user_id)")); $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM comments WHERE owner_id = $user_id)"));
} }
} }
@ -340,7 +340,7 @@ class CommentList extends Extension {
private function get_comments(/*int*/ $image_id) { private function get_comments(/*int*/ $image_id) {
global $config; global $config;
global $database; global $database;
$i_image_id = (int)($image_id); $i_image_id = int_escape($image_id);
$rows = $database->get_all(" $rows = $database->get_all("
SELECT SELECT
users.id as user_id, users.name as user_name, users.email as user_email, users.id as user_id, users.name as user_name, users.email as user_email,
@ -368,8 +368,8 @@ class CommentList extends Extension {
// sqlite fails at intervals // sqlite fails at intervals
if($database->engine->name === "sqlite") return false; if($database->engine->name === "sqlite") return false;
$window = (int)($config->get_int('comment_window')); $window = int_escape($config->get_int('comment_window'));
$max = (int)($config->get_int('comment_limit')); $max = int_escape($config->get_int('comment_limit'));
if($database->engine->name == "mysql") $window_sql = "interval $window minute"; if($database->engine->name == "mysql") $window_sql = "interval $window minute";
else $window_sql = "interval '$window minute'"; else $window_sql = "interval '$window minute'";

8
ext/comment/theme.php
View file

@ -157,13 +157,13 @@ class CommentListTheme extends Themelet {
$tfe = new TextFormattingEvent($comment->comment); $tfe = new TextFormattingEvent($comment->comment);
send_event($tfe); send_event($tfe);
$i_uid = (int)($comment->owner_id); $i_uid = int_escape($comment->owner_id);
$h_name = html_escape($comment->owner_name); $h_name = html_escape($comment->owner_name);
$h_poster_ip = html_escape($comment->poster_ip); $h_poster_ip = html_escape($comment->poster_ip);
$h_timestamp = autodate($comment->posted); $h_timestamp = autodate($comment->posted);
$h_comment = ($trim ? truncate($tfe->stripped, 50) : $tfe->formatted); $h_comment = ($trim ? truncate($tfe->stripped, 50) : $tfe->formatted);
$i_comment_id = (int)($comment->comment_id); $i_comment_id = int_escape($comment->comment_id);
$i_image_id = (int)($comment->image_id); $i_image_id = int_escape($comment->image_id);
if($i_uid == $config->get_int("anon_id")) { if($i_uid == $config->get_int("anon_id")) {
$anoncode = ""; $anoncode = "";
@ -224,7 +224,7 @@ class CommentListTheme extends Themelet {
protected function build_postbox(/*int*/ $image_id) { protected function build_postbox(/*int*/ $image_id) {
global $config; global $config;
$i_image_id = (int)($image_id); $i_image_id = int_escape($image_id);
$hash = CommentList::get_hash(); $hash = CommentList::get_hash();
$h_captcha = $config->get_bool("comment_captcha") ? captcha_get_html() : ""; $h_captcha = $config->get_bool("comment_captcha") ? captcha_get_html() : "";

8
ext/danbooru_api/main.php
View file

@ -287,8 +287,8 @@ class DanbooruApi extends Extension {
} }
} else } else
{ {
$limit = isset($_GET['limit']) ? (int)($_GET['limit']) : 100; $limit = isset($_GET['limit']) ? int_escape($_GET['limit']) : 100;
$start = isset($_GET['offset']) ? (int)($_GET['offset']) : 0; $start = isset($_GET['offset']) ? int_escape($_GET['offset']) : 0;
$tags = isset($_GET['tags']) ? Tag::explode($_GET['tags']) : array(); $tags = isset($_GET['tags']) ? Tag::explode($_GET['tags']) : array();
$results = Image::find_images($start, $limit, $tags); $results = Image::find_images($start, $limit, $tags);
} }
@ -346,14 +346,14 @@ class DanbooruApi extends Extension {
/* Currently disabled to maintain identical functionality to danbooru 1.0's own "broken" find_tags /* Currently disabled to maintain identical functionality to danbooru 1.0's own "broken" find_tags
elseif(isset($_GET['tags'])) elseif(isset($_GET['tags']))
{ {
$start = isset($_GET['after_id']) ? (int)($_GET['offset']) : 0; $start = isset($_GET['after_id']) ? int_escape($_GET['offset']) : 0;
$tags = Tag::explode($_GET['tags']); $tags = Tag::explode($_GET['tags']);
} }
*/ */
else else
{ {
$start = isset($_GET['after_id']) ? (int)($_GET['offset']) : 0; $start = isset($_GET['after_id']) ? int_escape($_GET['offset']) : 0;
$sqlresult = $database->execute("SELECT id,tag,count FROM tags WHERE count > 0 AND id >= ? ORDER BY id DESC",array($start)); $sqlresult = $database->execute("SELECT id,tag,count FROM tags WHERE count > 0 AND id >= ? ORDER BY id DESC",array($start));
while(!$sqlresult->EOF) while(!$sqlresult->EOF)
{ {

4
ext/favorites/main.php
View file

@ -58,7 +58,7 @@ class Favorites extends Extension {
public function onPageRequest(PageRequestEvent $event) { public function onPageRequest(PageRequestEvent $event) {
global $page, $user; global $page, $user;
if($event->page_matches("change_favorite") && !$user->is_anonymous() && $user->check_auth_token()) { if($event->page_matches("change_favorite") && !$user->is_anonymous() && $user->check_auth_token()) {
$image_id = (int)($_POST['image_id']); $image_id = int_escape($_POST['image_id']);
if((($_POST['favorite_action'] == "set") || ($_POST['favorite_action'] == "unset")) && ($image_id > 0)) { if((($_POST['favorite_action'] == "set") || ($_POST['favorite_action'] == "unset")) && ($image_id > 0)) {
send_event(new FavoriteSetEvent($image_id, $user, ($_POST['favorite_action'] == "set"))); send_event(new FavoriteSetEvent($image_id, $user, ($_POST['favorite_action'] == "set")));
} }
@ -128,7 +128,7 @@ class Favorites extends Extension {
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM user_favorites WHERE user_id = $user_id)")); $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM user_favorites WHERE user_id = $user_id)"));
} }
else if(preg_match("/favorited_by_userno=([0-9]+)/i", $event->term, $matches)) { else if(preg_match("/favorited_by_userno=([0-9]+)/i", $event->term, $matches)) {
$user_id = (int)($matches[1]); $user_id = int_escape($matches[1]);
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM user_favorites WHERE user_id = $user_id)")); $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM user_favorites WHERE user_id = $user_id)"));
} }
} }

2
ext/favorites/theme.php
View file

@ -4,7 +4,7 @@ class FavoritesTheme extends Themelet {
public function get_voter_html(Image $image, $is_favorited) { public function get_voter_html(Image $image, $is_favorited) {
global $page, $user; global $page, $user;
$i_image_id = (int)($image->id); $i_image_id = int_escape($image->id);
$name = $is_favorited ? "unset" : "set"; $name = $is_favorited ? "unset" : "set";
$label = $is_favorited ? "Un-Favorite" : "Favorite"; $label = $is_favorited ? "Un-Favorite" : "Favorite";
$html = " $html = "

2
ext/featured/main.php
View file

@ -30,7 +30,7 @@ class Featured extends Extension {
if($event->page_matches("featured_image")) { if($event->page_matches("featured_image")) {
if($event->get_arg(0) == "set" && $user->check_auth_token()) { if($event->get_arg(0) == "set" && $user->check_auth_token()) {
if($user->can("edit_feature") && isset($_POST['image_id'])) { if($user->can("edit_feature") && isset($_POST['image_id'])) {
$id = (int)($_POST['image_id']); $id = int_escape($_POST['image_id']);
if($id > 0) { if($id > 0) {
$config->set_int("featured_id", $id); $config->set_int("featured_id", $id);
$page->set_mode("redirect"); $page->set_mode("redirect");

2
ext/featured/theme.php
View file

@ -21,7 +21,7 @@ class FeaturedTheme extends Themelet {
public function build_featured_html(Image $image, $query=null) { public function build_featured_html(Image $image, $query=null) {
global $config; global $config;
$i_id = (int)($image->id); $i_id = int_escape($image->id);
$h_view_link = make_link("post/view/$i_id", $query); $h_view_link = make_link("post/view/$i_id", $query);
$h_thumb_link = $image->get_thumb_link(); $h_thumb_link = $image->get_thumb_link();
$h_tip = html_escape($image->get_tooltip()); $h_tip = html_escape($image->get_tooltip());

12
ext/forum/main.php
View file

@ -92,8 +92,8 @@ class Forum extends Extension {
} }
case "view": case "view":
{ {
$threadID = (int)($event->get_arg(1)); $threadID = int_escape($event->get_arg(1));
$pageNumber = (int)($event->get_arg(2)); $pageNumber = int_escape($event->get_arg(2));
$this->show_posts($event, $user->is_admin()); $this->show_posts($event, $user->is_admin());
if($user->is_admin()) $this->theme->add_actions_block($page, $threadID); if($user->is_admin()) $this->theme->add_actions_block($page, $threadID);
@ -131,8 +131,8 @@ class Forum extends Extension {
break; break;
} }
case "delete": case "delete":
$threadID = (int)($event->get_arg(1)); $threadID = int_escape($event->get_arg(1));
$postID = (int)($event->get_arg(2)); $postID = int_escape($event->get_arg(2));
if ($user->is_admin()) {$this->delete_post($postID);} if ($user->is_admin()) {$this->delete_post($postID);}
@ -140,7 +140,7 @@ class Forum extends Extension {
$page->set_redirect(make_link("forum/view/".$threadID)); $page->set_redirect(make_link("forum/view/".$threadID));
break; break;
case "nuke": case "nuke":
$threadID = (int)($event->get_arg(1)); $threadID = int_escape($event->get_arg(1));
if ($user->is_admin()) if ($user->is_admin())
$this->delete_thread($threadID); $this->delete_thread($threadID);
@ -160,7 +160,7 @@ class Forum extends Extension {
break; break;
} }
$threadID = (int)($_POST["threadID"]); $threadID = int_escape($_POST["threadID"]);
$this->save_new_post($threadID, $user); $this->save_new_post($threadID, $user);
} }

2
ext/handle_ico/main.php
View file

@ -38,7 +38,7 @@ class IcoFileHandler extends Extension {
public function onPageRequest(PageRequestEvent $event) { public function onPageRequest(PageRequestEvent $event) {
global $config, $database, $page; global $config, $database, $page;
if($event->page_matches("get_ico")) { if($event->page_matches("get_ico")) {
$id = (int)($event->get_arg(0)); $id = int_escape($event->get_arg(0));
$image = Image::by_id($id); $image = Image::by_id($id);
$hash = $image->hash; $hash = $image->hash;
$ha = substr($hash, 0, 2); $ha = substr($hash, 0, 2);

6
ext/handle_svg/main.php
View file

@ -43,7 +43,7 @@ class SVGFileHandler extends Extension {
public function onPageRequest(PageRequestEvent $event) { public function onPageRequest(PageRequestEvent $event) {
global $config, $database, $page; global $config, $database, $page;
if($event->page_matches("get_svg")) { if($event->page_matches("get_svg")) {
$id = (int)($event->get_arg(0)); $id = int_escape($event->get_arg(0));
$image = Image::by_id($id); $image = Image::by_id($id);
$hash = $image->hash; $hash = $image->hash;
@ -97,8 +97,8 @@ class MiniSVGParser {
function startElement($parser, $name, $attrs) { function startElement($parser, $name, $attrs) {
if($name == "SVG") { if($name == "SVG") {
$this->width = (int)($attrs["WIDTH"]); $this->width = int_escape($attrs["WIDTH"]);
$this->height = (int)($attrs["HEIGHT"]); $this->height = int_escape($attrs["HEIGHT"]);
} }
} }

4
ext/image/main.php
View file

@ -180,11 +180,11 @@ class ImageIO extends Extension {
} }
} }
else if($event->page_matches("image")) { else if($event->page_matches("image")) {
$num = (int)($event->get_arg(0)); $num = int_escape($event->get_arg(0));
$this->send_file($num, "image"); $this->send_file($num, "image");
} }
else if($event->page_matches("thumb")) { else if($event->page_matches("thumb")) {
$num = (int)($event->get_arg(0)); $num = int_escape($event->get_arg(0));
$this->send_file($num, "thumb"); $this->send_file($num, "thumb");
} }
} }

10
ext/image_hash_ban/main.php
View file

@ -58,7 +58,7 @@ class ImageBan extends Extension {
if($event->page_matches("image_hash_ban")) { if($event->page_matches("image_hash_ban")) {
if($user->can("ban_image")) { if($user->can("ban_image")) {
if($event->get_arg(0) == "dnp") { if($event->get_arg(0) == "dnp") {
$image = Image::by_id((int)($event->get_arg(1))); $image = Image::by_id(int_escape($event->get_arg(1)));
if($image) { if($image) {
send_event(new AddImageHashBanEvent($image->hash, "DNP")); send_event(new AddImageHashBanEvent($image->hash, "DNP"));
send_event(new ImageDeletionEvent($image)); send_event(new ImageDeletionEvent($image));
@ -74,7 +74,7 @@ class ImageBan extends Extension {
$page->set_redirect(make_link("image_hash_ban/list/1")); $page->set_redirect(make_link("image_hash_ban/list/1"));
} }
if(isset($_POST['image_id'])) { if(isset($_POST['image_id'])) {
$image = Image::by_id((int)($_POST['image_id'])); $image = Image::by_id(int_escape($_POST['image_id']));
if($image) { if($image) {
send_event(new ImageDeletionEvent($image)); send_event(new ImageDeletionEvent($image));
$page->set_mode("redirect"); $page->set_mode("redirect");
@ -93,7 +93,7 @@ class ImageBan extends Extension {
else if($event->get_arg(0) == "list") { else if($event->get_arg(0) == "list") {
$page_num = 0; $page_num = 0;
if($event->count_args() == 2) { if($event->count_args() == 2) {
$page_num = (int)($event->get_arg(1)); $page_num = int_escape($event->get_arg(1));
} }
$page_size = 100; $page_size = 100;
$page_count = ceil($database->get_one("SELECT COUNT(id) FROM image_bans")/$page_size); $page_count = ceil($database->get_one("SELECT COUNT(id) FROM image_bans")/$page_size);
@ -131,8 +131,8 @@ class ImageBan extends Extension {
global $database; global $database;
// FIXME: many // FIXME: many
$size_i = (int)($size); $size_i = int_escape($size);
$offset_i = (int)($page-1)*$size_i; $offset_i = int_escape($page-1)*$size_i;
$where = array("(1=1)"); $where = array("(1=1)");
$args = array(); $args = array();
if(!empty($_GET['hash'])) { if(!empty($_GET['hash'])) {

4
ext/index/main.php
View file

@ -204,7 +204,7 @@ class Index extends Extension {
} }
else if(preg_match("/^ratio(<|>|<=|>=|=)(\d+):(\d+)$/", $event->term, $matches)) { else if(preg_match("/^ratio(<|>|<=|>=|=)(\d+):(\d+)$/", $event->term, $matches)) {
$cmp = $matches[1]; $cmp = $matches[1];
$args = array("width"=>(int)($matches[2]), "height"=>(int)($matches[3])); $args = array("width"=>int_escape($matches[2]), "height"=>int_escape($matches[3]));
$event->add_querylet(new Querylet('width / height '.$cmp.' :width / :height', $args)); $event->add_querylet(new Querylet('width / height '.$cmp.' :width / :height', $args));
} }
else if(preg_match("/^(filesize|id)(<|>|<=|>=|=)(\d+[kmg]?b?)$/i", $event->term, $matches)) { else if(preg_match("/^(filesize|id)(<|>|<=|>=|=)(\d+[kmg]?b?)$/i", $event->term, $matches)) {
@ -233,7 +233,7 @@ class Index extends Extension {
} }
else if(preg_match("/^size(<|>|<=|>=|=)(\d+)x(\d+)$/", $event->term, $matches)) { else if(preg_match("/^size(<|>|<=|>=|=)(\d+)x(\d+)$/", $event->term, $matches)) {
$cmp = $matches[1]; $cmp = $matches[1];
$args = array("width"=>(int)($matches[2]), "height"=>(int)($matches[3])); $args = array("width"=>int_escape($matches[2]), "height"=>int_escape($matches[3]));
$event->add_querylet(new Querylet('width '.$cmp.' :width AND height '.$cmp.' :height', $args)); $event->add_querylet(new Querylet('width '.$cmp.' :width AND height '.$cmp.' :height', $args));
} }
} }

4
ext/log_db/main.php
View file

@ -47,7 +47,7 @@ class LogDatabase extends Extension {
if($user->can("view_eventlog")) { if($user->can("view_eventlog")) {
$wheres = array(); $wheres = array();
$args = array(); $args = array();
$page_num = (int)($event->get_arg(0)); $page_num = int_escape($event->get_arg(0));
if($page_num <= 0) $page_num = 1; if($page_num <= 0) $page_num = 1;
if(!empty($_GET["time"])) { if(!empty($_GET["time"])) {
$wheres[] = "date_sent LIKE :time"; $wheres[] = "date_sent LIKE :time";
@ -77,7 +77,7 @@ class LogDatabase extends Extension {
} }
if(!empty($_GET["priority"])) { if(!empty($_GET["priority"])) {
$wheres[] = "priority >= :priority"; $wheres[] = "priority >= :priority";
$args["priority"] = (int)($_GET["priority"]); $args["priority"] = int_escape($_GET["priority"]);
} }
else { else {
$wheres[] = "priority >= :priority"; $wheres[] = "priority >= :priority";

2
ext/log_db/theme.php
View file

@ -100,7 +100,7 @@ class LogDatabaseTheme extends Themelet {
} }
protected function link_image($id) { protected function link_image($id) {
$iid = (int)($id[1]); $iid = int_escape($id[1]);
return "<a href='".make_link("post/view/$iid")."'>Image #$iid</a>"; return "<a href='".make_link("post/view/$iid")."'>Image #$iid</a>";
} }
} }

36
ext/notes/main.php
View file

@ -211,7 +211,7 @@ class Notes extends Extension {
public function onSearchTermParse(SearchTermParseEvent $event) { public function onSearchTermParse(SearchTermParseEvent $event) {
$matches = array(); $matches = array();
if(preg_match("/note=(.*)/i", $event->term, $matches)) { if(preg_match("/note=(.*)/i", $event->term, $matches)) {
$notes = (int)($matches[1]); $notes = int_escape($matches[1]);
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE note = $notes)")); $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE note = $notes)"));
} }
else if(preg_match("/notes(<|>|<=|>=|=)(\d+)/", $event->term, $matches)) { else if(preg_match("/notes(<|>|<=|>=|=)(\d+)/", $event->term, $matches)) {
@ -232,7 +232,7 @@ class Notes extends Extension {
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE user_id = $user_id)")); $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE user_id = $user_id)"));
} }
else if(preg_match("/notes_by_userno=([0-9]+)/i", $event->term, $matches)) { else if(preg_match("/notes_by_userno=([0-9]+)/i", $event->term, $matches)) {
$user_id = (int)($matches[1]); $user_id = int_escape($matches[1]);
$event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE user_id = $user_id)")); $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE user_id = $user_id)"));
} }
} }
@ -259,12 +259,12 @@ class Notes extends Extension {
private function add_new_note() { private function add_new_note() {
global $database, $user; global $database, $user;
$imageID = (int)($_POST["image_id"]); $imageID = int_escape($_POST["image_id"]);
$user_id = $user->id; $user_id = $user->id;
$noteX1 = (int)($_POST["note_x1"]); $noteX1 = int_escape($_POST["note_x1"]);
$noteY1 = (int)($_POST["note_y1"]); $noteY1 = int_escape($_POST["note_y1"]);
$noteHeight = (int)($_POST["note_height"]); $noteHeight = int_escape($_POST["note_height"]);
$noteWidth = (int)($_POST["note_width"]); $noteWidth = int_escape($_POST["note_width"]);
$noteText = html_escape($_POST["note_text"]); $noteText = html_escape($_POST["note_text"]);
$database->execute(" $database->execute("
@ -292,7 +292,7 @@ class Notes extends Extension {
private function add_note_request() { private function add_note_request() {
global $database, $user; global $database, $user;
$image_id = (int)($_POST["image_id"]); $image_id = int_escape($_POST["image_id"]);
$user_id = $user->id; $user_id = $user->id;
$database->execute(" $database->execute("
@ -314,12 +314,12 @@ class Notes extends Extension {
*/ */
private function update_note() private function update_note()
{ {
$imageID = (int)($_POST["image_id"]); $imageID = int_escape($_POST["image_id"]);
$noteID = (int)($_POST["note_id"]); $noteID = int_escape($_POST["note_id"]);
$noteX1 = (int)($_POST["note_x1"]); $noteX1 = int_escape($_POST["note_x1"]);
$noteY1 = (int)($_POST["note_y1"]); $noteY1 = int_escape($_POST["note_y1"]);
$noteHeight = (int)($_POST["note_height"]); $noteHeight = int_escape($_POST["note_height"]);
$noteWidth = (int)($_POST["note_width"]); $noteWidth = int_escape($_POST["note_width"]);
$noteText = mysql_real_escape_string(html_escape($_POST["note_text"])); $noteText = mysql_real_escape_string(html_escape($_POST["note_text"]));
// validate parameters // validate parameters
@ -363,8 +363,8 @@ class Notes extends Extension {
*/ */
private function delete_note() private function delete_note()
{ {
$imageID = (int)($_POST["image_id"]); $imageID = int_escape($_POST["image_id"]);
$noteID = (int)($_POST["note_id"]); $noteID = int_escape($_POST["note_id"]);
// validate parameters // validate parameters
if(is_null($imageID) || !is_numeric($imageID)) if(is_null($imageID) || !is_numeric($imageID))
@ -389,7 +389,7 @@ class Notes extends Extension {
*/ */
private function nuke_notes() { private function nuke_notes() {
global $database; global $database;
$image_id = (int)($_POST["image_id"]); $image_id = int_escape($_POST["image_id"]);
$database->execute("DELETE FROM notes WHERE image_id = ?", array($image_id)); $database->execute("DELETE FROM notes WHERE image_id = ?", array($image_id));
log_info("notes", "Notes deleted from {$image_id} by {$user->name}"); log_info("notes", "Notes deleted from {$image_id} by {$user->name}");
} }
@ -401,7 +401,7 @@ class Notes extends Extension {
*/ */
private function nuke_requests() { private function nuke_requests() {
global $database; global $database;
$image_id = (int)($_POST["image_id"]); $image_id = int_escape($_POST["image_id"]);
$database->execute("DELETE FROM note_request WHERE image_id = ?", array($image_id)); $database->execute("DELETE FROM note_request WHERE image_id = ?", array($image_id));

16
ext/numeric_score/main.php
View file

@ -48,7 +48,7 @@ class NumericScore extends Extension {
global $config, $database, $user, $page; global $config, $database, $user, $page;
if($event->page_matches("numeric_score_votes")) { if($event->page_matches("numeric_score_votes")) {
$image_id = (int)($event->get_arg(0)); $image_id = int_escape($event->get_arg(0));
$x = $database->get_all( $x = $database->get_all(
"SELECT users.name as username, user_id, score "SELECT users.name as username, user_id, score
FROM numeric_score_votes FROM numeric_score_votes
@ -67,7 +67,7 @@ class NumericScore extends Extension {
} }
if($event->page_matches("numeric_score_vote") && $user->check_auth_token()) { if($event->page_matches("numeric_score_vote") && $user->check_auth_token()) {
if(!$user->is_anonymous()) { if(!$user->is_anonymous()) {
$image_id = (int)($_POST['image_id']); $image_id = int_escape($_POST['image_id']);
$char = $_POST['vote']; $char = $_POST['vote'];
$score = null; $score = null;
if($char == "up") $score = 1; if($char == "up") $score = 1;
@ -80,7 +80,7 @@ class NumericScore extends Extension {
} }
if($event->page_matches("numeric_score/remove_votes_on") && $user->check_auth_token()) { if($event->page_matches("numeric_score/remove_votes_on") && $user->check_auth_token()) {
if($user->can("edit_other_vote")) { if($user->can("edit_other_vote")) {
$image_id = (int)($_POST['image_id']); $image_id = int_escape($_POST['image_id']);
$database->execute( $database->execute(
"DELETE FROM numeric_score_votes WHERE image_id=?", "DELETE FROM numeric_score_votes WHERE image_id=?",
array($image_id)); array($image_id));
@ -93,7 +93,7 @@ class NumericScore extends Extension {
} }
if($event->page_matches("numeric_score/remove_votes_by") && $user->check_auth_token()) { if($event->page_matches("numeric_score/remove_votes_by") && $user->check_auth_token()) {
if($user->can("edit_other_vote")) { if($user->can("edit_other_vote")) {
$this->delete_votes_by((int)($_POST['user_id'])); $this->delete_votes_by(int_escape($_POST['user_id']));
$page->set_mode("redirect"); $page->set_mode("redirect");
$page->set_redirect(make_link()); $page->set_redirect(make_link());
} }
@ -110,13 +110,13 @@ class NumericScore extends Extension {
$year = $_GET['year']; $year = $_GET['year'];
} }
//month //month
if(empty($_GET['month']) || (int)($_GET['month']) > 12){ if(empty($_GET['month']) || int_escape($_GET['month']) > 12){
$month = date("m"); $month = date("m");
}else{ }else{
$month = $_GET['month']; $month = $_GET['month'];
} }
//day //day
if(empty($_GET['day']) || (int)($_GET['day']) > 31){ if(empty($_GET['day']) || int_escape($_GET['day']) > 31){
$day = date("d"); $day = date("d");
}else{ }else{
$day = $_GET['day']; $day = $_GET['day'];
@ -245,13 +245,13 @@ class NumericScore extends Extension {
array("ns_user_id"=>$duser->id))); array("ns_user_id"=>$duser->id)));
} }
if(preg_match("/^upvoted_by_id=(\d+)$/", $event->term, $matches)) { if(preg_match("/^upvoted_by_id=(\d+)$/", $event->term, $matches)) {
$iid = (int)($matches[1]); $iid = int_escape($matches[1]);
$event->add_querylet(new Querylet( $event->add_querylet(new Querylet(
"images.id in (SELECT image_id FROM numeric_score_votes WHERE user_id=:ns_user_id AND score=1)", "images.id in (SELECT image_id FROM numeric_score_votes WHERE user_id=:ns_user_id AND score=1)",
array("ns_user_id"=>$iid))); array("ns_user_id"=>$iid)));
} }
if(preg_match("/^downvoted_by_id=(\d+)$/", $event->term, $matches)) { if(preg_match("/^downvoted_by_id=(\d+)$/", $event->term, $matches)) {
$iid = (int)($matches[1]); $iid = int_escape($matches[1]);
$event->add_querylet(new Querylet( $event->add_querylet(new Querylet(
"images.id in (SELECT image_id FROM numeric_score_votes WHERE user_id=:ns_user_id AND score=-1)", "images.id in (SELECT image_id FROM numeric_score_votes WHERE user_id=:ns_user_id AND score=-1)",
array("ns_user_id"=>$iid))); array("ns_user_id"=>$iid)));

4
ext/numeric_score/theme.php
View file

@ -3,8 +3,8 @@
class NumericScoreTheme extends Themelet { class NumericScoreTheme extends Themelet {
public function get_voter_html(Image $image) { public function get_voter_html(Image $image) {
global $user; global $user;
$i_image_id = (int)($image->id); $i_image_id = int_escape($image->id);
$i_score = (int)($image->numeric_score); $i_score = int_escape($image->numeric_score);
$html = " $html = "
Current Score: $i_score Current Score: $i_score

8
ext/pm/main.php
View file

@ -105,13 +105,13 @@ class PrivMsg extends Extension {
if(!$user->is_anonymous()) { if(!$user->is_anonymous()) {
switch($event->get_arg(0)) { switch($event->get_arg(0)) {
case "read": case "read":
$pm_id = (int)($event->get_arg(1)); $pm_id = int_escape($event->get_arg(1));
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", array("id" => $pm_id)); $pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", array("id" => $pm_id));
if(is_null($pm)) { if(is_null($pm)) {
$this->theme->display_error(404, "No such PM", "There is no PM #$pm_id"); $this->theme->display_error(404, "No such PM", "There is no PM #$pm_id");
} }
else if(($pm["to_id"] == $user->id) || $user->can("view_other_pms")) { else if(($pm["to_id"] == $user->id) || $user->can("view_other_pms")) {
$from_user = User::by_id((int)($pm["from_id"])); $from_user = User::by_id(int_escape($pm["from_id"]));
$database->execute("UPDATE private_message SET is_read='Y' WHERE id = :id", array("id" => $pm_id)); $database->execute("UPDATE private_message SET is_read='Y' WHERE id = :id", array("id" => $pm_id));
$database->cache->delete("pm-count-{$user->id}"); $database->cache->delete("pm-count-{$user->id}");
$this->theme->display_message($page, $from_user, $user, new PM($pm)); $this->theme->display_message($page, $from_user, $user, new PM($pm));
@ -122,7 +122,7 @@ class PrivMsg extends Extension {
break; break;
case "delete": case "delete":
if($user->check_auth_token()) { if($user->check_auth_token()) {
$pm_id = (int)($_POST["pm_id"]); $pm_id = int_escape($_POST["pm_id"]);
$pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", array("id" => $pm_id)); $pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", array("id" => $pm_id));
if(is_null($pm)) { if(is_null($pm)) {
$this->theme->display_error(404, "No such PM", "There is no PM #$pm_id"); $this->theme->display_error(404, "No such PM", "There is no PM #$pm_id");
@ -138,7 +138,7 @@ class PrivMsg extends Extension {
break; break;
case "send": case "send":
if($user->check_auth_token()) { if($user->check_auth_token()) {
$to_id = (int)($_POST["to_id"]); $to_id = int_escape($_POST["to_id"]);
$from_id = $user->id; $from_id = $user->id;
$subject = $_POST["subject"]; $subject = $_POST["subject"];
$message = $_POST["message"]; $message = $_POST["message"];

20
ext/pools/main.php
View file

@ -96,14 +96,14 @@ class Pools extends Extension {
// Check if we have pool id, since this is most often the case. // Check if we have pool id, since this is most often the case.
if (isset($_POST["pool_id"])) { if (isset($_POST["pool_id"])) {
$pool_id = (int)($_POST["pool_id"]); $pool_id = int_escape($_POST["pool_id"]);
$pool = $this->get_single_pool($pool_id); $pool = $this->get_single_pool($pool_id);
} }
// What action are we trying to perform? // What action are we trying to perform?
switch($event->get_arg(0)) { switch($event->get_arg(0)) {
case "list": //index case "list": //index
$this->list_pools($page, (int)($event->get_arg(1))); $this->list_pools($page, int_escape($event->get_arg(1)));
break; break;
case "new": // Show form for new pools case "new": // Show form for new pools
@ -127,17 +127,17 @@ class Pools extends Extension {
break; break;
case "view": case "view":
$poolID = (int)($event->get_arg(1)); $poolID = int_escape($event->get_arg(1));
$this->get_posts($event, $poolID); $this->get_posts($event, $poolID);
break; break;
case "updated": case "updated":
$this->get_history((int)($event->get_arg(1))); $this->get_history(int_escape($event->get_arg(1)));
break; break;
case "revert": case "revert":
if(!$user->is_anonymous()) { if(!$user->is_anonymous()) {
$historyID = (int)($event->get_arg(1)); $historyID = int_escape($event->get_arg(1));
$this->revert_history($historyID); $this->revert_history($historyID);
$page->set_mode("redirect"); $page->set_mode("redirect");
$page->set_redirect(make_link("pool/updated")); $page->set_redirect(make_link("pool/updated"));
@ -404,7 +404,7 @@ class Pools extends Extension {
private function add_posts() { private function add_posts() {
global $database; global $database;
$poolID = (int)($_POST['pool_id']); $poolID = int_escape($_POST['pool_id']);
$images = ""; $images = "";
foreach ($_POST['check'] as $imageID){ foreach ($_POST['check'] as $imageID){
@ -439,7 +439,7 @@ class Pools extends Extension {
private function order_posts() { private function order_posts() {
global $database; global $database;
$poolID = (int)($_POST['pool_id']); $poolID = int_escape($_POST['pool_id']);
foreach($_POST['imgs'] as $data) { foreach($_POST['imgs'] as $data) {
list($imageORDER, $imageID) = $data; list($imageORDER, $imageID) = $data;
@ -463,7 +463,7 @@ class Pools extends Extension {
private function remove_posts() { private function remove_posts() {
global $database; global $database;
$poolID = (int)($_POST['pool_id']); $poolID = int_escape($_POST['pool_id']);
$images = ""; $images = "";
foreach($_POST['check'] as $imageID) { foreach($_POST['check'] as $imageID) {
@ -527,7 +527,7 @@ class Pools extends Extension {
private function get_posts($event, /*int*/ $poolID) { private function get_posts($event, /*int*/ $poolID) {
global $config, $user, $database; global $config, $user, $database;
$pageNumber = (int)($event->get_arg(2)); $pageNumber = int_escape($event->get_arg(2));
if(is_null($pageNumber) || !is_numeric($pageNumber)) if(is_null($pageNumber) || !is_numeric($pageNumber))
$pageNumber = 0; $pageNumber = 0;
else if ($pageNumber <= 0) else if ($pageNumber <= 0)
@ -535,7 +535,7 @@ class Pools extends Extension {
else else
$pageNumber--; $pageNumber--;
$poolID = (int)($poolID); $poolID = int_escape($poolID);
$pool = $this->get_pool($poolID); $pool = $this->get_pool($poolID);
$imagesPerPage = $config->get_int("poolsImagesPerPage"); $imagesPerPage = $config->get_int("poolsImagesPerPage");

2
ext/random_image/theme.php
View file

@ -7,7 +7,7 @@ class RandomImageTheme extends Themelet {
public function build_random_html(Image $image, $query=null) { public function build_random_html(Image $image, $query=null) {
global $config; global $config;
$i_id = (int)($image->id); $i_id = int_escape($image->id);
$h_view_link = make_link("post/view/$i_id", $query); $h_view_link = make_link("post/view/$i_id", $query);
$h_thumb_link = $image->get_thumb_link(); $h_thumb_link = $image->get_thumb_link();
$h_tip = html_escape($image->get_tooltip()); $h_tip = html_escape($image->get_tooltip());

2
ext/rating/theme.php
View file

@ -2,7 +2,7 @@
class RatingsTheme extends Themelet { class RatingsTheme extends Themelet {
public function get_rater_html(/*int*/ $image_id, /*string*/ $rating) { public function get_rater_html(/*int*/ $image_id, /*string*/ $rating) {
$i_image_id = (int)($image_id); $i_image_id = int_escape($image_id);
$s_checked = $rating == 's' ? " checked" : ""; $s_checked = $rating == 's' ? " checked" : "";
$q_checked = $rating == 'q' ? " checked" : ""; $q_checked = $rating == 'q' ? " checked" : "";
$e_checked = $rating == 'e' ? " checked" : ""; $e_checked = $rating == 'e' ? " checked" : "";

2
ext/regen_thumb/main.php
View file

@ -18,7 +18,7 @@ class RegenThumb extends Extension {
global $config, $database, $page, $user; global $config, $database, $page, $user;
if($event->page_matches("regen_thumb") && $user->is_admin() && isset($_POST['image_id'])) { if($event->page_matches("regen_thumb") && $user->is_admin() && isset($_POST['image_id'])) {
$image = Image::by_id((int)($_POST['image_id'])); $image = Image::by_id(int_escape($_POST['image_id']));
send_event(new ThumbnailGenerationEvent($image->hash, $image->ext, true)); send_event(new ThumbnailGenerationEvent($image->hash, $image->ext, true));
$this->theme->display_results($page, $image); $this->theme->display_results($page, $image);
} }

4
ext/report_image/main.php
View file

@ -43,7 +43,7 @@ class ReportImage extends Extension {
if($event->page_matches("image_report")) { if($event->page_matches("image_report")) {
if($event->get_arg(0) == "add") { if($event->get_arg(0) == "add") {
if(isset($_POST['image_id']) && isset($_POST['reason'])) { if(isset($_POST['image_id']) && isset($_POST['reason'])) {
$image_id = (int)($_POST['image_id']); $image_id = int_escape($_POST['image_id']);
send_event(new AddReportedImageEvent($image_id, $user->id, $_POST['reason'])); send_event(new AddReportedImageEvent($image_id, $user->id, $_POST['reason']));
$page->set_mode("redirect"); $page->set_mode("redirect");
$page->set_redirect(make_link("post/view/$image_id")); $page->set_redirect(make_link("post/view/$image_id"));
@ -137,7 +137,7 @@ class ReportImage extends Extension {
$reports = array(); $reports = array();
foreach($all_reports as $report) { foreach($all_reports as $report) {
$image_id = (int)($report['image_id']); $image_id = int_escape($report['image_id']);
$image = Image::by_id($image_id); $image = Image::by_id($image_id);
if(is_null($image)) { if(is_null($image)) {
send_event(new RemoveReportedImageEvent($report['id'])); send_event(new RemoveReportedImageEvent($report['id']));

2
ext/report_image/theme.php
View file

@ -64,7 +64,7 @@ class ReportImageTheme extends Themelet {
public function display_image_banner(Image $image, /*array*/ $reporters) { public function display_image_banner(Image $image, /*array*/ $reporters) {
global $config, $page; global $config, $page;
$i_image = (int)($image->id); $i_image = int_escape($image->id);
$html = ""; $html = "";
if(count($reporters) > 0) { if(count($reporters) > 0) {
$html .= "<b>Image reported by ".html_escape(implode(", ", $reporters))."</b><p>"; $html .= "<b>Image reported by ".html_escape(implode(", ", $reporters))."</b><p>";

6
ext/resize/main.php
View file

@ -105,7 +105,7 @@ class ResizeImage extends Extension {
if ( $event->page_matches("resize") && $user->is_admin() ) { if ( $event->page_matches("resize") && $user->is_admin() ) {
// Try to get the image ID // Try to get the image ID
$image_id = (int)($event->get_arg(0)); $image_id = int_escape($event->get_arg(0));
if (empty($image_id)) { if (empty($image_id)) {
$image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null; $image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null;
} }
@ -126,10 +126,10 @@ class ResizeImage extends Extension {
$width = $height = 0; $width = $height = 0;
if (isset($_POST['resize_width'])) { if (isset($_POST['resize_width'])) {
$width = (int)($_POST['resize_width']); $width = int_escape($_POST['resize_width']);
} }
if (isset($_POST['resize_height'])) { if (isset($_POST['resize_height'])) {
$height = (int)($_POST['resize_height']); $height = int_escape($_POST['resize_height']);
} }
/* Attempt to resize the image */ /* Attempt to resize the image */

2
ext/resize/theme.php
View file

@ -7,7 +7,7 @@ class ResizeImageTheme extends Themelet {
public function get_resize_html(/*int*/ $image_id) { public function get_resize_html(/*int*/ $image_id) {
global $user, $config; global $user, $config;
$i_image_id = (int)($image_id); $i_image_id = int_escape($image_id);
$html = " $html = "
".make_form(make_link("resize"),'POST',false,'resize_image')." ".make_form(make_link("resize"),'POST',false,'resize_image')."

4
ext/shimmie_api/main.php
View file

@ -71,10 +71,10 @@ class ShimmieApi extends Extension {
if($event->page_matches("api/shimmie/get_image")) { if($event->page_matches("api/shimmie/get_image")) {
$arg = $event->get_arg(0); $arg = $event->get_arg(0);
if(!empty($arg)){ if(!empty($arg)){
$image = Image::by_id((int)($event->get_arg(0))); $image = Image::by_id(int_escape($event->get_arg(0)));
} }
elseif(isset($_GET['id'])){ elseif(isset($_GET['id'])){
$image = Image::by_id((int)($_GET['id'])); $image = Image::by_id(int_escape($_GET['id']));
} }
// FIXME: handle null image // FIXME: handle null image
$image->get_tag_array(); // tag data isn't loaded into the object until necessary $image->get_tag_array(); // tag data isn't loaded into the object until necessary

2
ext/simpletest/main.php
View file

@ -173,7 +173,7 @@ class ShimmieWebTestCase extends SCoreWebTestCase {
foreach($headers as $header) { foreach($headers as $header) {
$parts = explode(":", $header); $parts = explode(":", $header);
if(trim($parts[0]) == "X-Shimmie-Image-ID") { if(trim($parts[0]) == "X-Shimmie-Image-ID") {
$image_id = (int)(trim($parts[1])); $image_id = int_escape(trim($parts[1]));
} }
} }

6
ext/tag_history/main.php
View file

@ -40,12 +40,12 @@ class Tag_History extends Extension {
} }
} }
else if($event->page_matches("tag_history/all")) { else if($event->page_matches("tag_history/all")) {
$page_id = (int)($event->get_arg(0)); $page_id = int_escape($event->get_arg(0));
$this->theme->display_global_page($page, $this->get_global_tag_history($page_id), $page_id); $this->theme->display_global_page($page, $this->get_global_tag_history($page_id), $page_id);
} }
else if($event->page_matches("tag_history") && $event->count_args() == 1) { else if($event->page_matches("tag_history") && $event->count_args() == 1) {
// must be an attempt to view a tag history // must be an attempt to view a tag history
$image_id = (int)($event->get_arg(0)); $image_id = int_escape($event->get_arg(0));
$this->theme->display_history_page($page, $image_id, $this->get_tag_history_from_id($image_id)); $this->theme->display_history_page($page, $image_id, $this->get_tag_history_from_id($image_id));
} }
} }
@ -119,7 +119,7 @@ class Tag_History extends Extension {
private function process_revert_request($revert_id) { private function process_revert_request($revert_id) {
global $page; global $page;
$revert_id = (int)($revert_id); $revert_id = int_escape($revert_id);
// check for the nothing case // check for the nothing case
if($revert_id < 1) { if($revert_id < 1) {

2
ext/tag_list/main.php
View file

@ -125,7 +125,7 @@ class TagList extends Extension {
*/ */
private function get_tags_min() { private function get_tags_min() {
if(isset($_GET['mincount'])) { if(isset($_GET['mincount'])) {
return (int)($_GET['mincount']); return int_escape($_GET['mincount']);
} }
else { else {
global $config; global $config;

2
ext/tagger/theme.php
View file

@ -24,7 +24,7 @@ class taggerTheme extends Themelet {
} }
private function html(Image $image) { private function html(Image $image) {
global $config; global $config;
$i_image_id = (int)($image->id); $i_image_id = int_escape($image->id);
$h_source = html_escape($image->source); $h_source = html_escape($image->source);
$h_query = isset($_GET['search'])? $h_query= "search=".url_escape($_GET['search']) : ""; $h_query = isset($_GET['search'])? $h_query= "search=".url_escape($_GET['search']) : "";

4
ext/tips/main.php
View file

@ -51,14 +51,14 @@ class Tips extends Extension {
break; break;
case "status": case "status":
// FIXME: HTTP GET CSRF // FIXME: HTTP GET CSRF
$tipID = (int)($event->get_arg(1)); $tipID = int_escape($event->get_arg(1));
$this->setStatus($tipID); $this->setStatus($tipID);
$page->set_mode("redirect"); $page->set_mode("redirect");
$page->set_redirect(make_link("tips/list")); $page->set_redirect(make_link("tips/list"));
break; break;
case "delete": case "delete":
// FIXME: HTTP GET CSRF // FIXME: HTTP GET CSRF
$tipID = (int)($event->get_arg(1)); $tipID = int_escape($event->get_arg(1));
$this->deleteTip($tipID); $this->deleteTip($tipID);
$page->set_mode("redirect"); $page->set_mode("redirect");
$page->set_redirect(make_link("tips/list")); $page->set_redirect(make_link("tips/list"));

10
ext/upload/main.php
View file

@ -121,7 +121,7 @@ class Upload extends Extension {
throw new UploadException("Can not replace Image: disk nearly full"); throw new UploadException("Can not replace Image: disk nearly full");
} }
// Try to get the image ID // Try to get the image ID
$image_id = (int)($event->get_arg(0)); $image_id = int_escape($event->get_arg(0));
if(empty($image_id)) { if(empty($image_id)) {
$image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null; $image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null;
} }
@ -180,12 +180,12 @@ class Upload extends Extension {
$source = isset($_POST['source']) ? $_POST['source'] : null; $source = isset($_POST['source']) ? $_POST['source'] : null;
$ok = true; $ok = true;
foreach($_FILES as $name => $file) { foreach($_FILES as $name => $file) {
$tags = $this->tags_for_upload_slot((int)(substr($name, 4))); $tags = $this->tags_for_upload_slot(int_escape(substr($name, 4)));
$ok = $ok & $this->try_upload($file, $tags, $source); $ok = $ok & $this->try_upload($file, $tags, $source);
} }
foreach($_POST as $name => $value) { foreach($_POST as $name => $value) {
if(substr($name, 0, 3) == "url" && strlen($value) > 0) { if(substr($name, 0, 3) == "url" && strlen($value) > 0) {
$tags = $this->tags_for_upload_slot((int)(substr($name, 3))); $tags = $this->tags_for_upload_slot(int_escape(substr($name, 3)));
$ok = $ok & $this->try_transload($value, $tags, $source); $ok = $ok & $this->try_transload($value, $tags, $source);
} }
} }
@ -292,8 +292,8 @@ class Upload extends Extension {
if($event->image_id == -1) { if($event->image_id == -1) {
throw new UploadException("File type not recognised"); throw new UploadException("File type not recognised");
} }
//header("X-Shimmie-Image-ID: ".(int)($event->image_id)); //header("X-Shimmie-Image-ID: ".int_escape($event->image_id));
$page->add_http_header("X-Shimmie-Image-ID: ".(int)($event->image_id)); $page->add_http_header("X-Shimmie-Image-ID: ".int_escape($event->image_id));
} }
catch(UploadException $ex) { catch(UploadException $ex) {
$this->theme->display_upload_error($page, "Error with ".html_escape($file['name']), $this->theme->display_upload_error($page, "Error with ".html_escape($file['name']),

2
ext/user/main.php
View file

@ -294,7 +294,7 @@ class UserPage extends Extension {
$event->add_querylet(new Querylet("images.owner_id = $user_id")); $event->add_querylet(new Querylet("images.owner_id = $user_id"));
} }
else if(preg_match("/^(poster|user)_id=([0-9]+)$/i", $event->term, $matches)) { else if(preg_match("/^(poster|user)_id=([0-9]+)$/i", $event->term, $matches)) {
$user_id = (int)($matches[2]); $user_id = int_escape($matches[2]);
$event->add_querylet(new Querylet("images.owner_id = $user_id")); $event->add_querylet(new Querylet("images.owner_id = $user_id"));
} }
else if($user->can("view_ip") && preg_match("/^(poster|user)_ip=([0-9\.]+)$/i", $event->term, $matches)) { else if($user->can("view_ip") && preg_match("/^(poster|user)_ip=([0-9\.]+)$/i", $event->term, $matches)) {

2
ext/user/theme.php
View file

@ -187,7 +187,7 @@ class UserPageTheme extends Themelet {
</form> </form>
"; ";
$i_user_id = (int)($duser->id); $i_user_id = int_escape($duser->id);
if($user->can("edit_user_class")) { if($user->can("edit_user_class")) {
global $_user_classes; global $_user_classes;

6
ext/view/main.php
View file

@ -75,7 +75,7 @@ class ViewImage extends Extension {
$event->page_matches("post/next") $event->page_matches("post/next")
) { ) {
$image_id = (int)($event->get_arg(0)); $image_id = int_escape($event->get_arg(0));
if(isset($_GET['search'])) { if(isset($_GET['search'])) {
$search_terms = explode(' ', $_GET['search']); $search_terms = explode(' ', $_GET['search']);
@ -109,7 +109,7 @@ class ViewImage extends Extension {
} }
if($event->page_matches("post/view")) { if($event->page_matches("post/view")) {
$image_id = (int)($event->get_arg(0)); $image_id = int_escape($event->get_arg(0));
$image = Image::by_id($image_id); $image = Image::by_id($image_id);
@ -128,7 +128,7 @@ class ViewImage extends Extension {
if($event->page_matches("post/set")) { if($event->page_matches("post/set")) {
if(!isset($_POST['image_id'])) return; if(!isset($_POST['image_id'])) return;
$image_id = (int)($_POST['image_id']); $image_id = int_escape($_POST['image_id']);
send_event(new ImageInfoSetEvent(Image::by_id($image_id))); send_event(new ImageInfoSetEvent(Image::by_id($image_id)));

2
ext/wiki/main.php
View file

@ -99,7 +99,7 @@ class Wiki extends Extension {
} }
else if($event->page_matches("wiki_admin/save")) { else if($event->page_matches("wiki_admin/save")) {
$title = $_POST['title']; $title = $_POST['title'];
$rev = (int)($_POST['revision']); $rev = int_escape($_POST['revision']);
$body = $_POST['body']; $body = $_POST['body'];
$lock = $user->is_admin() && isset($_POST['lock']) && ($_POST['lock'] == "on"); $lock = $user->is_admin() && isset($_POST['lock']) && ($_POST['lock'] == "on");

6
ext/wiki/theme.php
View file

@ -40,7 +40,7 @@ class WikiTheme extends Themelet {
protected function create_edit_html(WikiPage $page) { protected function create_edit_html(WikiPage $page) {
$h_title = html_escape($page->title); $h_title = html_escape($page->title);
$u_title = url_escape($page->title); $u_title = url_escape($page->title);
$i_revision = (int)($page->revision) + 1; $i_revision = int_escape($page->revision) + 1;
global $user; global $user;
if($user->is_admin()) { if($user->is_admin()) {
@ -73,7 +73,7 @@ class WikiTheme extends Themelet {
" "
<td>".make_form(make_link("wiki_admin/edit"))." <td>".make_form(make_link("wiki_admin/edit"))."
<input type='hidden' name='title' value='".html_escape($page->title)."'> <input type='hidden' name='title' value='".html_escape($page->title)."'>
<input type='hidden' name='revision' value='".(int)($page->revision)."'> <input type='hidden' name='revision' value='".int_escape($page->revision)."'>
<input type='submit' value='Edit'> <input type='submit' value='Edit'>
</form></td> </form></td>
" : " :
@ -82,7 +82,7 @@ class WikiTheme extends Themelet {
$edit .= " $edit .= "
<td>".make_form(make_link("wiki_admin/delete_revision"))." <td>".make_form(make_link("wiki_admin/delete_revision"))."
<input type='hidden' name='title' value='".html_escape($page->title)."'> <input type='hidden' name='title' value='".html_escape($page->title)."'>
<input type='hidden' name='revision' value='".(int)($page->revision)."'> <input type='hidden' name='revision' value='".int_escape($page->revision)."'>
<input type='submit' value='Delete This Version'> <input type='submit' value='Delete This Version'>
</form></td> </form></td>
<td>".make_form(make_link("wiki_admin/delete_all"))." <td>".make_form(make_link("wiki_admin/delete_all"))."

6
themes/danbooru/comment.theme.php
View file

@ -93,12 +93,12 @@ class CustomCommentListTheme extends CommentListTheme {
$tfe = new TextFormattingEvent($comment->comment); $tfe = new TextFormattingEvent($comment->comment);
send_event($tfe); send_event($tfe);
$i_uid = (int)($comment->owner_id); $i_uid = int_escape($comment->owner_id);
$h_name = html_escape($comment->owner_name); $h_name = html_escape($comment->owner_name);
$h_poster_ip = html_escape($comment->poster_ip); $h_poster_ip = html_escape($comment->poster_ip);
$h_comment = ($trim ? substr($tfe->stripped, 0, 50)."..." : $tfe->formatted); $h_comment = ($trim ? substr($tfe->stripped, 0, 50)."..." : $tfe->formatted);
$i_comment_id = (int)($comment->comment_id); $i_comment_id = int_escape($comment->comment_id);
$i_image_id = (int)($comment->image_id); $i_image_id = int_escape($comment->image_id);
$h_posted = autodate($comment->posted); $h_posted = autodate($comment->posted);
$stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50)); $stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50));

6
themes/futaba/comment.theme.php
View file

@ -59,12 +59,12 @@ class CustomCommentListTheme extends CommentListTheme {
$tfe = new TextFormattingEvent($comment->comment); $tfe = new TextFormattingEvent($comment->comment);
send_event($tfe); send_event($tfe);
$i_uid = (int)($comment->owner_id); $i_uid = int_escape($comment->owner_id);
$h_name = html_escape($comment->owner_name); $h_name = html_escape($comment->owner_name);
$h_poster_ip = html_escape($comment->poster_ip); $h_poster_ip = html_escape($comment->poster_ip);
$h_comment = ($trim ? substr($tfe->stripped, 0, 50)."..." : $tfe->formatted); $h_comment = ($trim ? substr($tfe->stripped, 0, 50)."..." : $tfe->formatted);
$i_comment_id = (int)($comment->comment_id); $i_comment_id = int_escape($comment->comment_id);
$i_image_id = (int)($comment->image_id); $i_image_id = int_escape($comment->image_id);
$stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50)); $stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50));
$stripped_nonl = str_replace("\r", "\\r", $stripped_nonl); $stripped_nonl = str_replace("\r", "\\r", $stripped_nonl);