Skip to content
Permalink
Browse files

PHP/Core

 * enforced v7.1 compliance, preparations for v7.2
 * removed deprecated usage of each()
 * prefer array deconstruction via [] instead of calling list()
 * try to catch failed session_start()
 * prefer ... - Token instead of calling func_get_args() func_num_args()
 * enforce return types in AjaxHandler
 * revision push
  • Loading branch information
Sarjuuk committed Nov 26, 2018
1 parent f8a34aa commit d9cd24026ceb95d2ff80a8410c24dc44db98350c
Showing with 299 additions and 342 deletions.
  1. +1 −1 README.md
  2. +24 −14 includes/ajaxHandler.class.php
  3. +25 −25 includes/ajaxHandler/account.class.php
  4. +43 −63 includes/ajaxHandler/admin.class.php
  5. +3 −3 includes/ajaxHandler/arenateam.class.php
  6. +29 −43 includes/ajaxHandler/comment.class.php
  7. +9 −7 includes/ajaxHandler/contactus.class.php
  8. +6 −4 includes/ajaxHandler/cookie.class.php
  9. +11 −11 includes/ajaxHandler/data.class.php
  10. +3 −2 includes/ajaxHandler/filter.class.php
  11. +4 −4 includes/ajaxHandler/gotocomment.class.php
  12. +3 −3 includes/ajaxHandler/guild.class.php
  13. +1 −1 includes/ajaxHandler/locale.class.php
  14. +47 −58 includes/ajaxHandler/profile.class.php
  15. +3 −3 includes/basetype.class.php
  16. +6 −1 includes/kernel.php
  17. +1 −2 includes/libs/DbSimple/Connect.php
  18. +7 −15 includes/libs/DbSimple/Database.php
  19. +3 −3 includes/loot.class.php
  20. +1 −1 includes/profiler.class.php
  21. +3 −3 includes/shared.php
  22. +6 −4 includes/smartAI.class.php
  23. +2 −2 includes/types/profile.class.php
  24. +1 −1 includes/types/quest.class.php
  25. +6 −6 includes/types/spell.class.php
  26. +12 −29 includes/utilities.php
  27. +2 −0 index.php
  28. +1 −1 pages/areatrigger.php
  29. +1 −1 pages/currency.php
  30. +1 −1 pages/event.php
  31. +5 −1 pages/genericPage.class.php
  32. +1 −1 pages/item.php
  33. +1 −1 pages/more.php
  34. +4 −4 pages/quest.php
  35. +3 −3 pages/search.php
  36. +1 −1 pages/utility.php
  37. +1 −1 setup/setup.php
  38. +1 −1 setup/tools/clisetup/build.func.php
  39. +1 −1 setup/tools/clisetup/dbconfig.func.php
  40. +2 −2 setup/tools/clisetup/firstrun.func.php
  41. +3 −3 setup/tools/clisetup/update.func.php
  42. +1 −1 setup/tools/dbc.class.php
  43. +3 −3 setup/tools/fileGen.class.php
  44. +2 −2 setup/tools/filegen/complexImg.func.php
  45. +4 −4 setup/tools/filegen/simpleImg.func.php
  46. +1 −1 template/pages/privileges.tpl.php
@@ -18,7 +18,7 @@ Also, this project is not meant to be used for commercial puposes of any kind!

## Requirements

+ Webserver running PHP ≥ 7.0.1 including extensions:
+ Webserver running PHP ≥ 7.1 including extensions:
+ SimpleXML
+ GD
+ Mysqli
@@ -28,7 +28,7 @@ public function __construct(array $params)
$v = isset($_GET[$k]) ? filter_input(INPUT_GET, $k, $v[0], $v[1]) : null;
}
public function handle(&$out)
public function handle(string &$out) : bool
{
if (!$this->handler)
return false;
@@ -43,46 +43,56 @@ public function handle(&$out)
}
$h = $this->handler;
$out = (string)$this->$h();
$out = $this->$h();
if ($out === null)
$out = '';
return true;
}
public function getContentType()
public function getContentType() : string
{
return $this->contentType;
}
protected function checkEmptySet($val)
protected function checkEmptySet(string $val) : bool
{
return $val === ''; // parameter is expected to be empty
}
protected function checkLocale($val)
protected function checkLocale(string $val) : int
{
if (preg_match('/^'.implode('|', array_keys(array_filter(Util::$localeStrings))).'$/', $val))
return intval($val);
return intVal($val);
return null;
return -1;
}
protected function checkInt($val)
protected function checkInt(string $val) : int
{
if (preg_match('/^-?\d+$/', $val))
return intval($val);
return intVal($val);
return null;
return 0;
}
protected function checkIdList($val)
protected function checkIdList(string $val) : array
{
if (preg_match('/^-?\d+(,-?\d+)*$/', $val))
return array_map('intval', explode(',', $val));
return array_map('intVal', explode(',', $val));
return null;
return [];
}
protected function checkFulltext($val)
protected function checkIdListUnsigned(string $val) : array
{
if (preg_match('/\d+(,\d+)*/', $val))
return array_map('intVal', explode(',', $val));
return [];
}
protected function checkFulltext(string $val) : string
{
// trim non-printable chars
return preg_replace('/[\p{C}]/ui', '', $val);
@@ -7,18 +7,18 @@ class AjaxAccount extends AjaxHandler
{
protected $validParams = ['exclude', 'weightscales', 'favorites'];
protected $_post = array(
'groups' => [FILTER_SANITIZE_NUMBER_INT, null],
'save' => [FILTER_SANITIZE_NUMBER_INT, null],
'delete' => [FILTER_SANITIZE_NUMBER_INT, null],
'groups' => [FILTER_SANITIZE_NUMBER_INT, null ],
'save' => [FILTER_SANITIZE_NUMBER_INT, null ],
'delete' => [FILTER_SANITIZE_NUMBER_INT, null ],
'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdList']],
'name' => [FILTER_CALLBACK, ['options' => 'AjaxAccount::checkName']],
'scale' => [FILTER_CALLBACK, ['options' => 'AjaxAccount::checkScale']],
'reset' => [FILTER_SANITIZE_NUMBER_INT, null],
'mode' => [FILTER_SANITIZE_NUMBER_INT, null],
'type' => [FILTER_SANITIZE_NUMBER_INT, null],
'add' => [FILTER_SANITIZE_NUMBER_INT, null],
'remove' => [FILTER_SANITIZE_NUMBER_INT, null],
// 'sessionKey' => [FILTER_SANITIZE_NUMBER_INT, null]
'name' => [FILTER_CALLBACK, ['options' => 'AjaxAccount::checkName'] ],
'scale' => [FILTER_CALLBACK, ['options' => 'AjaxAccount::checkScale'] ],
'reset' => [FILTER_SANITIZE_NUMBER_INT, null ],
'mode' => [FILTER_SANITIZE_NUMBER_INT, null ],
'type' => [FILTER_SANITIZE_NUMBER_INT, null ],
'add' => [FILTER_SANITIZE_NUMBER_INT, null ],
'remove' => [FILTER_SANITIZE_NUMBER_INT, null ],
// 'sessionKey' => [FILTER_SANITIZE_NUMBER_INT, null ]
);
protected $_get = array(
'locale' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkLocale']]
@@ -43,7 +43,7 @@ public function __construct(array $params)
$this->handler = 'handleFavorites';
}
protected function handleExclude()
protected function handleExclude() : void
{
if ($this->_post['mode'] == 1) // directly set exludes
{
@@ -78,18 +78,16 @@ protected function handleExclude()
$mask = $this->_post['groups'] & PR_EXCLUDE_GROUP_ANY;
DB::Aowow()->query('UPDATE ?_account SET excludeGroups = ?d WHERE id = ?d', $mask, User::$id);
return;
}
protected function handleWeightscales()
protected function handleWeightscales() : string
{
if ($this->_post['save'])
{
if (!$this->_post['scale'])
{
trigger_error('AjaxAccount::handleWeightscales - scaleId empty', E_USER_ERROR);
return 0;
return '0';
}
$id = 0;
@@ -99,7 +97,7 @@ protected function handleWeightscales()
if (!DB::Aowow()->selectCell('SELECT 1 FROM ?_account_weightscales WHERE userId = ?d AND id = ?d', User::$id, $id))
{
trigger_error('AjaxAccount::handleWeightscales - scale #'.$id.' not in db or owned by user #'.User::$id, E_USER_ERROR);
return 0;
return '0';
}
DB::Aowow()->query('UPDATE ?_account_weightscales SET `name` = ? WHERE id = ?d', $this->_post['name'], $id);
@@ -108,7 +106,7 @@ protected function handleWeightscales()
{
$nScales = DB::Aowow()->selectCell('SELECT COUNT(id) FROM ?_account_weightscales WHERE userId = ?d', User::$id);
if ($nScales >= 5) // more or less hard-defined in LANG.message_weightscalesaveerror
return 0;
return '0';
$id = DB::Aowow()->query('INSERT INTO ?_account_weightscales (`userId`, `name`) VALUES (?d, ?)', User::$id, $this->_post['name']);
}
@@ -117,25 +115,25 @@ protected function handleWeightscales()
foreach (explode(',', $this->_post['scale']) as $s)
{
list($k, $v) = explode(':', $s);
[$k, $v] = explode(':', $s);
if (!in_array($k, Util::$weightScales) || $v < 1)
continue;
DB::Aowow()->query('INSERT INTO ?_account_weightscale_data VALUES (?d, ?, ?d)', $id, $k, $v);
}
return $id;
return (string)$id;
}
else if ($this->_post['delete'] && $this->_post['id'] && $this->_post['id'][0])
DB::Aowow()->query('DELETE FROM ?_account_weightscales WHERE id = ?d AND userId = ?d', $this->_post['id'][0], User::$id);
else
{
trigger_error('AjaxAccount::handleWeightscales - malformed request received', E_USER_ERROR);
return 0;
return '0';
}
}
protected function handleFavorites()
protected function handleFavorites() : void
{
// omit usage of sessionKey
if (count($this->_post['id']) != 1 || empty($this->_post['id'][0]))
@@ -167,18 +165,20 @@ protected function handleFavorites()
DB::Aowow()->query('DELETE FROM ?_account_favorites WHERE `userId` = ?d AND `type` = ?d AND `typeId` = ?d', User::$id, $type, $typeId);
}
protected function checkScale($val)
protected function checkScale(string $val) : string
{
if (preg_match('/^((\w+:\d+)(,\w+:\d+)*)$/', $val))
return $val;
return null;
return '';
}
protected function checkName($val)
protected function checkName(string $val) : string
{
$var = trim(urldecode($val));
return filter_var($var, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
}
}
?>

0 comments on commit d9cd240

Please sign in to comment.
You can’t perform that action at this time.