From 3b04167d1897465d435c39117ff7b8bf7fa8a8b4 Mon Sep 17 00:00:00 2001 From: Oliver Date: Sat, 24 Feb 2024 11:50:57 +0100 Subject: [PATCH 1/6] Fixes docker ENV var for PHP_VERSION --- Docker/.env.docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Docker/.env.docker b/Docker/.env.docker index 0c3da6e..60c71ec 100644 --- a/Docker/.env.docker +++ b/Docker/.env.docker @@ -7,7 +7,7 @@ DOMAINNAME="zorg.local" APACHE_USER="www-data" APACHE_GROUP="www-data" APACHE_WEBROOT="/var/www" -PHP_Version=7.4 +PHP_VERSION=7.4 PHP_INI_DIR="/usr/local/etc/php" XDEBUG_PORT=9003 XDEBUG_MODES="develop,debug,profile" From ba941b3d52b40728415e2d9847b9a4821f588688 Mon Sep 17 00:00:00 2001 From: Oliver Date: Sat, 24 Feb 2024 11:55:54 +0100 Subject: [PATCH 2/6] Adjusts order to required function parameter --- www/includes/usersystem.inc.php | 6 +++--- www/profil.php | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/www/includes/usersystem.inc.php b/www/includes/usersystem.inc.php index fb7d052..ea4876e 100644 --- a/www/includes/usersystem.inc.php +++ b/www/includes/usersystem.inc.php @@ -187,7 +187,7 @@ function __construct() /** Grundsätzlich mal jeden zuerst als "Gast" anschauen */ $this->typ = USER_ALLE; - session_name(ZORG_SESSION_ID); + session_name(ZORG_SESSION_ID); // FIXME Cannot change session name when session is active /** DEACTIVATED: Generelle Session Settings & Session (re-)Starten (wenn noch nicht aktiv) */ // if (session_status() === PHP_SESSION_NONE) @@ -1831,10 +1831,10 @@ function get_and_create_user_files_dir($user_id) * @since 1.0 `04.01.2024` `IneX` Method added * * @param integer $user_id - * @param string $game_name Name of Game: «addle» or chess. Default: addle + * @param string $game_name Name of Game: «addle» or «chess». Default: addle * @return boolean */ - function userPlays($game_name='addle', $user_id) + function userPlays($user_id, $game_name='addle') { global $db; diff --git a/www/profil.php b/www/profil.php index 0df61a3..8bfaeb0 100644 --- a/www/profil.php +++ b/www/profil.php @@ -177,7 +177,7 @@ $htmlOutput .= '';//style="width: 100%;max-width: 100%;" /** User Addle (nur wenn Viewer selber eingeloggt ist) */ - if ($user->is_loggedin() && $user_id !== $user->id && $user->userPlays('addle', $user_id)) + if ($user->is_loggedin() && $user_id !== $user->id && $user->userPlays($user_id, 'addle')) { $sidebarHtml .= '

Addle

From 4c372277dba0427e47fd9c31f94000c17ff5600f Mon Sep 17 00:00:00 2001 From: Oliver Date: Sat, 24 Feb 2024 11:56:28 +0100 Subject: [PATCH 3/6] Fixes SQL query error on sort by last_update --- www/scripts/tploverview.php | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/www/scripts/tploverview.php b/www/scripts/tploverview.php index b9152b9..02fb111 100644 --- a/www/scripts/tploverview.php +++ b/www/scripts/tploverview.php @@ -2,30 +2,28 @@ global $db, $smarty; $sort_by = filter_input(INPUT_GET, 'sort', FILTER_DEFAULT, FILTER_REQUIRE_SCALAR) ?? null; +$order_by = filter_input(INPUT_GET, 'order', FILTER_DEFAULT, FILTER_REQUIRE_SCALAR) ?? 'DESC'; switch ($sort_by) { case 'tpl': - $sort = 'ORDER BY id'; + $sort = 'id'; break; case 'titel': - $sort = 'ORDER BY title'; + $sort = 'title'; break; case 'word': - $sort = 'ORDER BY word'; + $sort = 'word'; break; case 'owner': - $sort = 'ORDER BY owner'; - break; - case 'update': + $sort = 'owner'; break; + case 'update'; default: - $sort = 'ORDER BY last_update'; break; + $sort = 'last_update'; } -$order = $_GET['order'] === 'ASC' ? 'ASC' : 'DESC'; -$sort_order = $sort.' '.$order; - +$sort_order = sprintf('ORDER BY %s %s', $sort, $order_by); $e = $db->query('SELECT id, title, word, owner, LENGTH(tpl) size, UNIX_TIMESTAMP(last_update) updated, update_user, read_rights, write_rights FROM templates WHERE del="0" '.$sort_order, __FILE__, __LINE__, 'SELECT All Templates'); $list = []; $totalsize = 0; From c3c3add616bc788409960363b4cad158ddb4262c Mon Sep 17 00:00:00 2001 From: Oliver Date: Sat, 24 Feb 2024 11:59:42 +0100 Subject: [PATCH 4/6] Fixes SQL query to show Hunting z Highscores --- www/scripts/hz_stats.php | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/www/scripts/hz_stats.php b/www/scripts/hz_stats.php index 3f2242b..bb2483e 100644 --- a/www/scripts/hz_stats.php +++ b/www/scripts/hz_stats.php @@ -7,7 +7,8 @@ $usr_e = $db->query( "SELECT d.*, concat(u.clan_tag, u.username) username, count(g.id) games, count(if(p.type='z', '1', NULL)) zgames - FROM hz_players p, hz_games g, user u, hz_dwz d WHERE g.id=p.game AND g.state='finished' AND u.id=p.user AND d.user=p.user + FROM hz_players p, hz_games g, user u, hz_dwz d + WHERE g.id=p.game AND g.state='finished' AND u.id=p.user AND d.user=p.user GROUP BY p.user ORDER BY d.rank", __FILE__, __LINE__, 'SELECT Finished Games Stats' ); $stats = array(); @@ -15,9 +16,9 @@ { /** Wins + Loose by User */ $e = $db->query( - "SELECT if(g.z_score > sum(a.score)-g.z_score && p.type='z' || g.z_score < sum(a.score)-g.z_score && p.type!='z', '1', '0') win - FROM hz_players p, hz_games g, hz_aims a WHERE g.id=p.game AND a.map=g.map AND g.state='finished' AND p.user=? GROUP BY g.id HAVING win='1'", - __FILE__, __LINE__, 'SELECT User Wins+Looses', [$usr['user']] + "SELECT CASE WHEN (g.z_score > sum(a.score)-g.z_score AND p.type='z') OR (g.z_score < sum(a.score)-g.z_score AND p.type!='z') THEN '1' ELSE '0' END win + FROM hz_players p, hz_games g, hz_aims a WHERE g.id=p.game AND a.map=g.map AND g.state='finished' AND p.user=? GROUP BY g.id, p.type HAVING win='1'", + __FILE__, __LINE__, 'SELECT User Wins+Looses', [intval($usr['user'])] ); $usr['win'] = $db->num($e); $usr['loose'] = $usr['games'] - $usr['win']; @@ -25,8 +26,9 @@ if ($usr['zgames'] != 0) { $e = $db->query( - "SELECT if(g.z_score > sum(a.score)-g.z_score && p.type='z', '1', '0') win FROM hz_players p, hz_games g, hz_aims a - WHERE g.id=p.game AND a.map=g.map AND g.state='finished' AND p.user=? GROUP BY g.id HAVING win='1'", + "SELECT CASE WHEN (g.z_score > sum(a.score)-g.z_score AND p.type='z') THEN '1' ELSE '0' END win + FROM hz_players p, hz_games g, hz_aims a + WHERE g.id=p.game AND a.map=g.map AND g.state='finished' AND p.user=? GROUP BY g.id, p.type HAVING win='1'", __FILE__, __LINE__, 'SELECT User Wins as MrZ', [$usr['user']] ); $usr['zwin'] = $db->num($e); @@ -40,8 +42,9 @@ $usr['igames'] = $usr['games'] - $usr['zgames']; if ($usr['igames'] != 0) { $e = $db->query( - "SELECT if(g.z_score < sum(a.score)-g.z_score && p.type!='z', '1', '0') win FROM hz_players p, hz_games g, hz_aims a - WHERE g.id=p.game AND a.map=g.map AND g.state='finished' AND p.user=? GROUP BY g.id HAVING win='1'", + "SELECT CASE WHEN (g.z_score < sum(a.score)-g.z_score AND p.type='z') THEN '1' ELSE '0' END win + FROM hz_players p, hz_games g, hz_aims a + WHERE g.id=p.game AND a.map=g.map AND g.state='finished' AND p.user=? GROUP BY g.id, p.type HAVING win='1'", __FILE__, __LINE__, 'SELECT User Total Wins', [$usr['user']] ); $usr['iwin'] = $db->num($e); From ff8c6894e41f8152894558687dfeec93e30e529b Mon Sep 17 00:00:00 2001 From: Oliver Date: Sat, 24 Feb 2024 12:00:48 +0100 Subject: [PATCH 5/6] Fixes broken APOD video processing --- www/includes/apod.inc.php | 83 ++++++++++++++++++------------------ www/includes/gallery.inc.php | 35 ++++++++------- 2 files changed, 59 insertions(+), 59 deletions(-) diff --git a/www/includes/apod.inc.php b/www/includes/apod.inc.php index a2cbd49..1cae7de 100644 --- a/www/includes/apod.inc.php +++ b/www/includes/apod.inc.php @@ -4,8 +4,9 @@ * * Holt und speichert die Astronomy Pictures of the Day (APOD) * - * @author [z]biko - * @date 01.01.2004 + * @version 1.0 + * @since 1.0 `01.01.2004` `[z]biko` File added + * * @package zorg\APOD */ /** @@ -16,7 +17,7 @@ * @include gallery.inc.php Gallery and Pic functions * @include util.inc.php Various Helper Functions */ -require_once dirname(__FILE__).'/config.inc.php'; +require_once __DIR__.'/config.inc.php'; require_once INCLUDES_DIR.'mysql.inc.php'; require_once INCLUDES_DIR.'forum.inc.php'; require_once INCLUDES_DIR.'gallery.inc.php'; @@ -36,28 +37,26 @@ * hd | bool | False | Retrieve the URL for the high resolution image * api_key | string | DEMO_KEY | api.nasa.gov key for expanded usage * - * @author [z]biko - * @author IneX - * @version 4.1 - * @since 1.0 `01.01.2004` function added - * @since 2.0 `06.08.2018` function refactored to use NASA APOD API - * @since 3.0 `09.08.2018` enhanced function so an APOD date can be passed - * @since 4.0 `14.09.2018` added processing of videos & website links passed from the APOD API - * @since 4.1 `26.06.2023` fixes code quality issue "Unreachable code ('cleanup:')" + * @version 4.2 + * @since 1.0 `01.01.2004` `[z]biko` function added + * @since 2.0 `06.08.2018` `IneX` function refactored to use NASA APOD API + * @since 3.0 `09.08.2018` `IneX` enhanced function so an APOD date can be passed + * @since 4.0 `14.09.2018` `IneX` added processing of videos & website links passed from the APOD API + * @since 4.1 `26.06.2023` `IneX` fixes code quality issue "Unreachable code ('cleanup:')" + * @since 4.2 `24.02.2024` `IneX` replaces deprecated $MAX_PIC_SIZE, fixes SQL INSERT with empty 'extension' * - * @uses APOD_API, APOD_TEMP_IMGPATH, APOD_GALLERY_ID, $MAX_PIC_SIZE + * @uses APOD_API, APOD_TEMP_IMGPATH, APOD_GALLERY_ID, MAX_PIC_SIZE * @uses cURLfetchJSON(), createPic(), getYoutubeVideoThumbnail(), getVimeoVideoThumbnail(), Comment::post() * @param string $apod_date (Optional) A valid date after June 16 1995, formatted as: yyyy-mm-dd (2018-08-06) - * @global object $db Globales Class-Object mit allen MySQL-Methoden - * @global array $MAX_PIC_SIZE Globales Array im Scope von gallery.inc.php mit den Image-Width & -Height Grössen für Pics und Thumbnails + * @global object $db Globales Class-Object mit allen MySQL-Methoden * @return boolean Returns true or false, depening on if the function was processed successfully or not */ function get_apod($apod_date_input=NULL) { - global $db, $MAX_PIC_SIZE; + global $db; /** Validate $apod_date if passed */ - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $apod_date_input: %s', __FUNCTION__, __LINE__, $apod_date_input)); + zorgDebugger::log()->debug('$apod_date_input: %s', [$apod_date_input]); if (empty($apod_date_input) || strtotime($apod_date_input) === false) $apod_date_input = NULL; /** Retrieve the APOD data from the APOD_API */ @@ -82,10 +81,10 @@ function get_apod($apod_date_input=NULL) * [url] => https://apod.nasa.gov/apod/http://nusoft.fnal.gov/nova/public/img/FD-evt-echo.gif * ) */ - if ( DEVELOPMENT && $apod_date_input != NULL ) error_log(sprintf('[DEBUG] <%s:%d> date("ymd",$apod_date_input): %s', __FUNCTION__, __LINE__, date('ymd',strtotime($apod_date_input)))); - if ( DEVELOPMENT && $apod_date_input == NULL ) error_log(sprintf('[DEBUG] <%s:%d> date("ymd",strtotime($apod_data[date])): %s', __FUNCTION__, __LINE__, date('ymd',strtotime($apod_data['date'])))); + zorgDebugger::log()->debug('date("ymd",$apod_date_input): %s', [date('ymd',strtotime($apod_date_input))]); + zorgDebugger::log()->debug('date("ymd",strtotime($apod_data[date])): %s', [date('ymd',strtotime($apod_data['date']))]); $new_apod_date = ( $apod_date_input != NULL ? date('ymd',strtotime($apod_date_input)) : date('ymd',strtotime($apod_data['date'])) ); - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $new_apod_date: %s', __FUNCTION__, __LINE__, $new_apod_date)); + zorgDebugger::log()->debug('$new_apod_date: %s', [$new_apod_date]); $new_apod_title = $apod_data['title']; $new_apod_explanation = $apod_data['explanation']; $new_apod_copyright = $apod_data['copyright']; @@ -94,7 +93,7 @@ function get_apod($apod_date_input=NULL) $new_apod_img_large = str_replace('https://apod.nasa.gov/apod/http', 'http', $apod_data['hdurl']); // with fix for malformed url (APOD API issue) $new_apod_archive_url = APOD_SOURCE . 'ap'.$new_apod_date.'.html'; // E.g.: https://apod.nasa.gov/apod/ap180714.html $new_apod_urlparts = pathinfo($new_apod_img_small); - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> pathinfo(): %s', __FUNCTION__, __LINE__, print_r($new_apod_urlparts,true))); + zorgDebugger::log()->debug('pathinfo(): %s', [print_r($new_apod_urlparts,true)]); $new_apod_fileext = $new_apod_urlparts['extension']; $new_apod_filename = $apod_data['date'] . '.' . $new_apod_fileext; $new_apod_temp_filepath = APOD_TEMP_IMGPATH . $new_apod_filename; @@ -109,13 +108,14 @@ function get_apod($apod_date_input=NULL) if (!empty($new_apod_title)) { if ($new_apod_mediatype === 'image') $new_apod_fileext = '.'.$new_apod_fileext; - $new_apod_picid = $db->insert('gallery_pics', [ - 'album'=>APOD_GALLERY_ID - ,'extension'=>$new_apod_fileext - ,'pic_added'=>$new_apod_date - ,'name'=>$new_apod_title.($new_apod_mediatype == 'video' ? ' [video]' : '') - ], __FILE__, __LINE__, __FUNCTION__); - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $new_apod_picid: %s', __FUNCTION__, __LINE__, $new_apod_picid)); + $new_apod_basedata = [ + 'album'=>APOD_GALLERY_ID + ,'pic_added'=>$new_apod_date + ,'name'=>$new_apod_title.($new_apod_mediatype == 'video' ? ' [video]' : '') + ]; + if (!empty($new_apod_fileext) && is_string($new_apod_fileext)) $new_apod_basedata['extension'] = $new_apod_fileext; + $new_apod_picid = $db->insert('gallery_pics', $new_apod_basedata, __FILE__, __LINE__, __FUNCTION__); + zorgDebugger::log()->debug('$new_apod_picid: %s', [$new_apod_picid]); /** If $new_apod_title is empty, abort */ } else { @@ -142,8 +142,8 @@ function get_apod($apod_date_input=NULL) $new_apod_filepath_pic_tn = tnPath(APOD_GALLERY_ID, $new_apod_picid, $new_apod_fileext); // Fix eventual double-slashes in path /** Create APOD gallery pic */ - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> createPic(): %s', __FUNCTION__, __LINE__, $new_apod_filepath_pic)); - if (!createPic($new_apod_temp_filepath, $new_apod_filepath_pic, $MAX_PIC_SIZE['picWidth'], $MAX_PIC_SIZE['picHeight'])) + zorgDebugger::log()->debug('image createPic(): %s', [$new_apod_filepath_pic]); + if (!createPic($new_apod_temp_filepath, $new_apod_filepath_pic, MAX_PIC_SIZE['width'], MAX_PIC_SIZE['height'])) { error_log(sprintf('[ERROR] <%s:%d> %s createPic() ERROR: %s', __FILE__, __LINE__, __FUNCTION__, $new_apod_filepath_pic)); /** Goto: cleanup */ @@ -152,8 +152,8 @@ function get_apod($apod_date_input=NULL) } /** Create APOD gallery pic-thumbnail */ - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> createPic() thumbnail: %s', __FUNCTION__, __LINE__, $new_apod_filepath_pic_tn)); - if (!createPic($new_apod_temp_filepath, $new_apod_filepath_pic_tn, $MAX_PIC_SIZE['tnWidth'], $MAX_PIC_SIZE['tnHeight'])) + zorgDebugger::log()->debug('image createPic() thumbnail: %s', [$new_apod_filepath_pic_tn]); + if (!createPic($new_apod_temp_filepath, $new_apod_filepath_pic_tn, MAX_THUMBNAIL_SIZE['width'], MAX_THUMBNAIL_SIZE['height'])) { error_log(sprintf('[ERROR] <%s:%d> %s createPic() thumbnail ERROR: %s', __FILE__, __LINE__, __FUNCTION__, $new_apod_filepath_pic_tn)); /** Goto: cleanup */ @@ -171,6 +171,7 @@ function get_apod($apod_date_input=NULL) */ case 'video': /* Find out what 'video'-type exactly we're dealing with... */ + $media_type = null; $video_services = [ [ 'service' => 'youtube' @@ -186,14 +187,14 @@ function get_apod($apod_date_input=NULL) if (strpos($service['identifier'], $new_apod_urlparts['dirname']) !== false) { $media_type = $service['service']; + zorgDebugger::log()->debug('$service[identifier] found: %s', [$media_type]); /** Video type found, let's exit the foreach{}-loop */ - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $service[identifier] found: %s', __FUNCTION__, __LINE__, $media_type)); break; } } /** No matching $media_type found, let's Goto: cleanup */ - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $media_type: %s', __FUNCTION__, __LINE__, print_r($media_type,true))); + zorgDebugger::log()->debug('$media_type: NOT FOUND --> %s', [print_r($media_type,true)]); if (empty($media_type) || is_array($media_type)) { /** Goto: cleanup */ @@ -204,7 +205,7 @@ function get_apod($apod_date_input=NULL) /** Get Video-Thumbnail image */ $new_apod_img_thumbnail = getVideoThumbnail($media_type, $new_apod_urlparts['filename']); $new_apod_temp_filepath = $new_apod_temp_filepath.pathinfo($new_apod_img_thumbnail, PATHINFO_EXTENSION); - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> cURLfetchUrl(): %s', __FUNCTION__, __LINE__, $new_apod_temp_filepath)); + zorgDebugger::log()->debug('video cURLfetchUrl(): %s', [$new_apod_temp_filepath]); if (!cURLfetchUrl($new_apod_img_thumbnail, $new_apod_temp_filepath)) { remove_apod_id_from_db($new_apod_picid); @@ -213,8 +214,8 @@ function get_apod($apod_date_input=NULL) /** Create APOD gallery pic-thumbnail for 'video' */ $new_apod_filepath_pic_tn = tnPath(APOD_GALLERY_ID, $new_apod_picid, '.'.pathinfo($new_apod_img_thumbnail, PATHINFO_EXTENSION)); - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> createPic() thumbnail: %s', __FUNCTION__, __LINE__, $new_apod_filepath_pic_tn)); - if (!createPic($new_apod_temp_filepath, $new_apod_filepath_pic_tn, $MAX_PIC_SIZE['tnWidth'], $MAX_PIC_SIZE['tnHeight'])) + zorgDebugger::log()->debug('video createPic() thumbnail: %s', [$new_apod_filepath_pic_tn]); + if (!createPic($new_apod_temp_filepath, $new_apod_filepath_pic_tn, MAX_PIC_SIZE['width'], MAX_PIC_SIZE['height'])) { error_log(sprintf('[ERROR] <%s:%d> %s createPic() thumbnail ERROR: %s', __FILE__, __LINE__, __FUNCTION__, $new_apod_filepath_pic_tn)); remove_apod_id_from_db($new_apod_picid); @@ -223,7 +224,7 @@ function get_apod($apod_date_input=NULL) /** Update APOD 'video' entry in gallery_pics table */ $result = $db->update('gallery_pics', ['id', $new_apod_picid], ['extension' => $media_type, 'picsize' => $new_apod_img_small], __FILE__, __LINE__, __FUNCTION__); - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $db->update(gallery_pics): (%s) %s', __FUNCTION__, __LINE__, $result, ($result>0 ? 'true' : 'false'))); + zorgDebugger::log()->debug('$db->update(gallery_pics): (%s) %s', [$result, ($result>0 ? 'true' : 'false')]); if ($result === 0) { remove_apod_id_from_db($new_apod_picid); return false; @@ -238,10 +239,10 @@ function get_apod($apod_date_input=NULL) case 'website': /** Create APOD gallery pic-thumbnail for 'video' or 'website' */ $new_apod_temp_filepath = PHP_IMAGES_DIR . 'apod/tn_website.png'; - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $new_apod_temp_filepath: %s', __FUNCTION__, __LINE__, $new_apod_temp_filepath)); + zorgDebugger::log()->debug('$new_apod_temp_filepath: %s', [$new_apod_temp_filepath]); $new_apod_filepath_pic_tn = tnPath(APOD_GALLERY_ID, $new_apod_picid, '.'.pathinfo($new_apod_temp_filepath, PATHINFO_EXTENSION)); - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> createPic() thumbnail: %s', __FUNCTION__, __LINE__, $new_apod_filepath_pic_tn)); - if (!createPic($new_apod_temp_filepath, $new_apod_filepath_pic_tn, $MAX_PIC_SIZE['tnWidth'], $MAX_PIC_SIZE['tnHeight'])) + zorgDebugger::log()->debug('website createPic() thumbnail: %s', [$new_apod_filepath_pic_tn]); + if (!createPic($new_apod_temp_filepath, $new_apod_filepath_pic_tn, MAX_PIC_SIZE['width'], MAX_PIC_SIZE['height'])) { error_log(sprintf('[ERROR] <%s:%d> %s createPic() thumbnail ERROR: %s', __FILE__, __LINE__, __FUNCTION__, $new_apod_filepath_pic_tn)); remove_apod_id_from_db($new_apod_picid); @@ -250,7 +251,7 @@ function get_apod($apod_date_input=NULL) /** Update APOD 'website' entry in gallery_pics table */ $result = $db->update('gallery_pics', ['id', $new_apod_picid], ['extension' => $new_apod_mediatype, 'picsize' => $new_apod_img_small], __FILE__, __LINE__, __FUNCTION__); - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $db->update(gallery_pics): (%s) %s', __FUNCTION__, __LINE__, $result, ($result>0 ? 'true' : 'false'))); + zorgDebugger::log()->debug('$db->update(gallery_pics): (%s) %s', [($result>0 ? 'true' : 'false')]); if ($result === 0) { remove_apod_id_from_db($new_apod_picid); return false; diff --git a/www/includes/gallery.inc.php b/www/includes/gallery.inc.php index d45a743..733956f 100644 --- a/www/includes/gallery.inc.php +++ b/www/includes/gallery.inc.php @@ -1497,14 +1497,14 @@ function createPic($srcFile, $dstFile, $maxWidth, $maxHeight, $bgcolor=0) $ret = array('width'=>$maxWidth, 'height'=>$maxHeight); } else { - $dst = ImageCreateTrueColor ($picWidth, $picHeight); // GD 2.0.1 - //$dst = ImageCreate($picWidth, $picHeight); // GD 1.6 + $dst = ImageCreateTrueColor($picWidth, $picHeight); // GD 2.0.1 + //$dst = ImageCreate($picWidth, $picHeight); // GD 1.6 if (!$dst) return array('error'=>"Bild konnte nicht erzeugt werden"); if (ImageCopyResampled($dst, $src, 0,0,0,0, $picWidth, $picHeight, $width, $height)) { - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> ImageCopyResampled OK', __FUNCTION__, __LINE__)); + zorgDebugger::log()->debug('ImageCopyResampled OK'); } else { - error_log(sprintf('[ERROR] <%s:%d> ImageCopyResampled: %s => %s', __FUNCTION__, __LINE__, $src, $dst)); + error_log(sprintf('[ERROR] <%s:%d> ImageCopyResampled: %s', __FUNCTION__, __LINE__, $src)); return false; } @@ -1513,42 +1513,41 @@ function createPic($srcFile, $dstFile, $maxWidth, $maxHeight, $bgcolor=0) switch ($ext) { case '.jpg': - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> ImageJPEG(%s, %s)', __FUNCTION__, __LINE__, $dst, $dstFile)); + zorgDebugger::log()->debug('ImageJPEG($dst, %s)', [$dstFile]); if (!ImageJPEG($dst, $dstFile)) { - error_log(sprintf('[ERROR] <%s:%d> ImageJPEG: %s => %s', __FUNCTION__, __LINE__, $dst, $dstFile)); + zorgDebugger::log()->debug('ImageJPEG: $dst => %s', [$dstFile]); return false; } - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> ImageJPEG() OK', __FUNCTION__, __LINE__)); + zorgDebugger::log()->debug('ImageJPEG() OK'); break; case '.gif': - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> ImageGIF(%s, %s)', __FUNCTION__, __LINE__, $dst, $dstFile)); + zorgDebugger::log()->debug('ImageGIF($dst, %s)', [$dstFile]); if (!ImageGIF($dst, $dstFile)) { - error_log(sprintf('[ERROR] <%s:%d> ImageGIF: %s => %s', __FUNCTION__, __LINE__, $dst, $dstFile)); + zorgDebugger::log()->debug('ImageGIF: $dst => %s', [$dstFile]); return false; } - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> ImageGIF() OK', __FUNCTION__, __LINE__)); + zorgDebugger::log()->debug('ImageGIF() OK'); break; case '.png': - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> ImagePNG(%s, %s)', __FUNCTION__, __LINE__, $dst, $dstFile)); + zorgDebugger::log()->debug('ImagePNG($dst, %s)', [$dstFile]); if (!ImagePNG($dst, $dstFile)) { - error_log(sprintf('[ERROR] <%s:%d> ImagePNG: %s => %s', __FUNCTION__, __LINE__, $dst, $dstFile)); + zorgDebugger::log()->debug('ImagePNG: $dst => %s', [$dstFile]); return false; } - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> ImagePNG() OK', __FUNCTION__, __LINE__)); + zorgDebugger::log()->debug('ImagePNG() OK'); break; default: - error_log(sprintf('[ERROR] <%s:%d> Wrong File Type', __FUNCTION__, __LINE__)); + error_log(sprintf('[ERROR] <%s:%d> Wrong File Type: %s', __FUNCTION__, __LINE__, strval($ext))); return false; - break; } chmod($dstFile, 0664); ImageDestroy($src); ImageDestroy($dst); - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> ImageDestroy() OK', __FUNCTION__, __LINE__)); + zorgDebugger::log()->debug('ImageDestroy() OK'); return $ret; } @@ -2012,7 +2011,7 @@ function pic2album($id) function getVideoThumbnail($service, $video_id, $image_size='small', $output_to='display') { /** Validate & format passed parameters */ - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> getVideoThumbnail(): %s, %s, %s, %s', __FUNCTION__, __LINE__, $service, $video_id, $image_size, $output_to)); + zorgDebugger::log()->debug('getVideoThumbnail(): %s, %s, %s, %s', [$service, $video_id, $image_size, $output_to]); if (is_array($service) || is_array($video_id) || is_array($image_size) || is_array($output_to)) return false; if (is_numeric($service) || is_numeric($image_size) || is_numeric($output_to)) return false; if (strpos($video_id, '?') > 0) $video_id = strtok($video_id, '?'); @@ -2037,7 +2036,7 @@ function getVideoThumbnail($service, $video_id, $image_size='small', $output_to= ] ]; $thumbnailUrl = sprintf($service_data[$service]['url'], $video_id, $service_data[$service]['size'][$image_size]); - if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $thumbnailUrl: %s', __FUNCTION__, __LINE__, $thumbnailUrl)); + zorgDebugger::log()->debug('$thumbnailUrl: %s', [$thumbnailUrl]); /** Download Video-Thumbnail from URL to path as specified in $output_to */ if ($output_to != 'display') From 4a5af6a268e19837f801dd6b1efe14e3953894b9 Mon Sep 17 00:00:00 2001 From: Oliver Date: Sat, 24 Feb 2024 12:02:22 +0100 Subject: [PATCH 6/6] Improves SQL query parameter validation --- www/includes/mysql.inc.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/www/includes/mysql.inc.php b/www/includes/mysql.inc.php index dbfca4a..48f0bcb 100644 --- a/www/includes/mysql.inc.php +++ b/www/includes/mysql.inc.php @@ -110,9 +110,13 @@ function query($sql, $file='', $line=0, $funktion='', $params=[]) { /** Check if $params is provided, if not, execute the query directly */ if (empty($params)) { $result = mysqli_query($this->conn, $sql); - /* Log SQL-Queries not upgraded to Prepared Statements */ + /** Log SQL-Queries not upgraded to Prepared Statements */ zorgDebugger::log()->debug('<%s:%d> may required update to SQL prepared statement, in %s', [$funktion, $line, $file]); } else { + /** Ensure $params is an Array */ + if (is_object($params)) throw '$params cannot be of type object!'; + if (!is_array($params)) $params = [ $params ]; + $stmt = mysqli_prepare($this->conn, $sql); if ($stmt === false) throw new mysqli_sql_exception(mysqli_error($this->conn));