From 93e96334a6fbe2c41a80664e662f94149c974b46 Mon Sep 17 00:00:00 2001
From: flashwave <me@flash.moe>
Date: Fri, 4 Nov 2016 17:45:53 +0100
Subject: [PATCH] fix perms + twig strict mode

---
 app/Forum/ForumPerms.php                      | 34 +++++++++++++++----
 app/Template.php                              |  1 +
 app/UserPerms.php                             | 32 ++++++++++++++---
 resources/views/aitemu/master.twig            |  2 +-
 resources/views/aitemu/user/profile.twig      |  4 +--
 .../views/yuuno/forum/elements/forumBase.twig |  1 -
 .../views/yuuno/forum/elements/forumBtns.twig | 10 +++---
 .../yuuno/forum/elements/forumEntry.twig      |  2 +-
 .../views/yuuno/forum/elements/forumMod.twig  |  2 +-
 .../views/yuuno/forum/elements/replyForm.twig |  2 +-
 resources/views/yuuno/forum/topic.twig        |  2 +-
 resources/views/yuuno/global/information.twig |  4 +--
 resources/views/yuuno/master.twig             |  8 ++---
 resources/views/yuuno/profile/friends.twig    | 20 ++++++-----
 resources/views/yuuno/settings/master.twig    |  2 +-
 resources/views/yuuno/user/members.twig       |  6 ++--
 resources/views/yuuno/user/profile.twig       |  6 ++--
 17 files changed, 93 insertions(+), 45 deletions(-)

diff --git a/app/Forum/ForumPerms.php b/app/Forum/ForumPerms.php
index 45ce8d9..8ddda6f 100644
--- a/app/Forum/ForumPerms.php
+++ b/app/Forum/ForumPerms.php
@@ -16,24 +16,46 @@ use Sakura\User;
  */
 class ForumPerms
 {
+    private static $table = 'forum_perms';
     private $forums = [];
     private $user = 0;
     private $ranks = [];
-    private $cache = [];
+    private $permCache = [];
+    private $validCache = [];
 
     public function __construct(Forum $forum, User $user)
     {
-        $this->forums = [0, $forum->id, $forum->category];
+        $this->forums = [0, $forum->id, $forum->category]; // make this inherit everything before release
         $this->user = $user->id;
         $this->ranks = array_keys($user->ranks);
     }
 
     public function __get($name)
     {
-        if (!array_key_exists($name, $this->cache)) {
+        return $this->check($name);
+    }
+
+    public function __isset($name)
+    {
+        return $this->valid($name);
+    }
+
+    public function valid($name)
+    {
+        if (!array_key_exists($name, $this->validCache)) {
+            $column = 'perm_' . camel_to_snake($name);
+            $this->validCache[$name] =  DB::getSchemaBuilder()->hasColumn(static::$table, $column);
+        }
+
+        return $this->validCache[$name];
+    }
+
+    public function check($name)
+    {
+        if (!array_key_exists($name, $this->permCache)) {
             $column = 'perm_' . camel_to_snake($name);
 
-            $result = array_column(DB::table('forum_perms')
+            $result = array_column(DB::table(static::$table)
                 ->whereIn('forum_id', $this->forums)
                 ->where(function ($query) {
                     $query->whereIn('rank_id', $this->ranks)
@@ -41,9 +63,9 @@ class ForumPerms
                 })
                 ->get([$column]), $column);
 
-            $this->cache[$name] = !in_array('0', $result, true) && in_array('1', $result, true);
+            $this->permCache[$name] = !in_array('0', $result, true) && in_array('1', $result, true);
         }
 
-        return $this->cache[$name];
+        return $this->permCache[$name];
     }
 }
diff --git a/app/Template.php b/app/Template.php
index ef74dc5..38f25e9 100644
--- a/app/Template.php
+++ b/app/Template.php
@@ -106,6 +106,7 @@ class Template
             : false,
             'auto_reload' => true,
             'debug' => config("dev.twig_debug"),
+            'strict_variables' => true,
         ];
 
         // And now actually initialise the templating engine
diff --git a/app/UserPerms.php b/app/UserPerms.php
index 7b7a8d7..3c1f871 100644
--- a/app/UserPerms.php
+++ b/app/UserPerms.php
@@ -13,9 +13,11 @@ namespace Sakura;
  */
 class UserPerms
 {
+    private static $table = 'perms';
     private $user = 0;
     private $ranks = [];
-    private $cache = [];
+    private $permCache = [];
+    private $validCache = [];
 
     public function __construct(User $user)
     {
@@ -25,19 +27,39 @@ class UserPerms
 
     public function __get($name)
     {
-        if (!array_key_exists($name, $this->cache)) {
+        return $this->check($name);
+    }
+
+    public function __isset($name)
+    {
+        return $this->valid($name);
+    }
+
+    public function valid($name)
+    {
+        if (!array_key_exists($name, $this->validCache)) {
+            $column = 'perm_' . camel_to_snake($name);
+            $this->validCache[$name] =  DB::getSchemaBuilder()->hasColumn(static::$table, $column);
+        }
+
+        return $this->validCache[$name];
+    }
+
+    public function check($name)
+    {
+        if (!array_key_exists($name, $this->permCache)) {
             $column = 'perm_' . camel_to_snake($name);
 
-            $result = array_column(DB::table('perms')
+            $result = array_column(DB::table(static::$table)
                 ->where(function ($query) {
                     $query->whereIn('rank_id', $this->ranks)
                         ->orWhere('user_id', $this->user);
                 })
                 ->get([$column]), $column);
 
-            $this->cache[$name] = !in_array('0', $result, true) && in_array('1', $result, true);
+            $this->permCache[$name] = !in_array('0', $result, true) && in_array('1', $result, true);
         }
 
-        return $this->cache[$name];
+        return $this->permCache[$name];
     }
 }
diff --git a/resources/views/aitemu/master.twig b/resources/views/aitemu/master.twig
index 9ca705e..f839023 100644
--- a/resources/views/aitemu/master.twig
+++ b/resources/views/aitemu/master.twig
@@ -25,7 +25,7 @@
     </head>
     <body>
         <div class="container">
-            <div class="container__wrapper {{ wrapper_classes or '' }}">
+            <div class="container__wrapper {{ wrapper_classes|default('') }}">
                 <nav class="header">
                     <div class="header__navigation">
                         <a class="header__entry fa-home" href="{{ route('main.index') }}">home</a>
diff --git a/resources/views/aitemu/user/profile.twig b/resources/views/aitemu/user/profile.twig
index 81f624d..a5f9222 100644
--- a/resources/views/aitemu/user/profile.twig
+++ b/resources/views/aitemu/user/profile.twig
@@ -129,9 +129,9 @@
             <div class="platform profile__platform profile__accounts">{#
                 #}{% for id, data in fields %}{#
                     #}{% if data.value != null %}
-                        <a class="profile__account profile__account--{{ id }}"{% if data.link %} href="{{ data.link|format(data.value) }}"{% endif %}>
+                        <a class="profile__account profile__account--{{ id }}"{% if data.link is defined %} href="{{ data.link|format(data.value) }}"{% endif %}>
                             <div class="profile__account-icon fa-fw {{ data.icon }}"></div>
-                            <div class="profile__account-text">{{ (data.disp ? data.disp : '%s')|format(data.value) }}</div>
+                            <div class="profile__account-text">{{ (data.disp is defined ? data.disp : '%s')|format(data.value) }}</div>
                         </a>
                     {% endif %}{#
                 #}{% endfor %}{#
diff --git a/resources/views/yuuno/forum/elements/forumBase.twig b/resources/views/yuuno/forum/elements/forumBase.twig
index b6244a6..3edd1d8 100644
--- a/resources/views/yuuno/forum/elements/forumBase.twig
+++ b/resources/views/yuuno/forum/elements/forumBase.twig
@@ -1,7 +1,6 @@
 <div class="head">{{ title }}</div>
 <div class="forumList">
     {% for forum in forum.forums %}
-    {{ forum.perms.view ? 'yay' : 'no'}}
         {% if forum.type == 1 %}
             {% if forum.forums|length and forum.perms.view %}
                 <div class="forumCategory">
diff --git a/resources/views/yuuno/forum/elements/forumBtns.twig b/resources/views/yuuno/forum/elements/forumBtns.twig
index 53ab837..ff168e0 100644
--- a/resources/views/yuuno/forum/elements/forumBtns.twig
+++ b/resources/views/yuuno/forum/elements/forumBtns.twig
@@ -2,19 +2,19 @@
 
 <div class="buttonRow pagination">
     <div class="leftSide">
-        {% if forumBackLink %}
+        {% if forumBackLink is defined %}
             <a href="{{ forumBackLink }}" class="forumbtn"><span class="fa fa-backward"></span> Back</a>
         {% endif %}
-        {% if forumReplyLink %}
+        {% if forumReplyLink is defined %}
             <a href="{{ forumReplyLink }}" class="forumbtn"><span class="fa fa-reply-all"></span> Reply</a>
         {% endif %}
-        {% if forumNewLink %}
+        {% if forumNewLink is defined %}
             <a href="{{ forumNewLink }}" class="forumbtn"><span class="fa fa-pencil-square-o"></span> New Topic</a>
         {% endif %}
-        {% if forumMarkRead %}
+        {% if forumMarkRead is defined %}
             <a href="{{ forumMarkRead }}" class="forumbtn"><span class="fa fa-check-square-o"></span> Mark as Read</a>
         {% endif %}
-        {% if topic.id and showMod %}
+        {% if topic.id is defined and showMod is defined %}
             {% include 'forum/elements/forumMod.twig' %}
         {% endif %}
     </div>
diff --git a/resources/views/yuuno/forum/elements/forumEntry.twig b/resources/views/yuuno/forum/elements/forumEntry.twig
index b9b6796..564c841 100644
--- a/resources/views/yuuno/forum/elements/forumEntry.twig
+++ b/resources/views/yuuno/forum/elements/forumEntry.twig
@@ -24,7 +24,7 @@
             <div>
                 {% if forum.lastPost.id %}
                     <a href="{{ route('forums.topic', forum.lastPost.topic) }}" class="default">{{ forum.lastPost.subject|slice(0, 30) }}{% if forum.lastPost.subject|length > 30 %}...{% endif %}</a><br>
-                    <time class="time-ago" datetime="{{ forum.lastPost.time|date('r') }}">{{ forum.lastPost.time|date(config('general.date_format')) }}</time> by {% if forum.lastPost.poster.id %}<a href="{{ route('user.profile', forum.lastPost.poster.id) }}" class="default" style="color: {{ forum.lastPost.poster.colour }}; text-shadow: 0 0 5px {% if forumlastPost.poster.colour != 'inherit' %}{{ forum.lastPost.poster.colour }}{% else %}#222{% endif %};">{{ forum.lastPost.poster.username }}</a>{% else %}[deleted user]{% endif %} <a href="{{ route('forums.post', forum.lastPost.id) }}" class="default fa fa-tag"></a>
+                    <time class="time-ago" datetime="{{ forum.lastPost.time|date('r') }}">{{ forum.lastPost.time|date(config('general.date_format')) }}</time> by {% if forum.lastPost.poster.id %}<a href="{{ route('user.profile', forum.lastPost.poster.id) }}" class="default" style="color: {{ forum.lastPost.poster.colour }}; text-shadow: 0 0 5px {% if forum.lastPost.poster.colour != 'inherit' %}{{ forum.lastPost.poster.colour }}{% else %}#222{% endif %};">{{ forum.lastPost.poster.username }}</a>{% else %}[deleted user]{% endif %} <a href="{{ route('forums.post', forum.lastPost.id) }}" class="default fa fa-tag"></a>
                 {% else %}
                     There are no posts in this forum.<br>&nbsp;
                 {% endif %}
diff --git a/resources/views/yuuno/forum/elements/forumMod.twig b/resources/views/yuuno/forum/elements/forumMod.twig
index 45269ff..23580b2 100644
--- a/resources/views/yuuno/forum/elements/forumMod.twig
+++ b/resources/views/yuuno/forum/elements/forumMod.twig
@@ -11,5 +11,5 @@
     <a class="forumbtn" title="Restore" href="{{ route('forums.topic.restore', topic.id) }}?session={{ session_id() }}"><span class="fa fa-history"></span></a>
 {% endif %}
 {% if forumTrash is defined or forumPrune is defined %}
-    <a class="forumbtn" title="{{ forumPrune ? 'Prune' : 'Trash' }}" href="{{ route('forums.topic.delete', topic.id) }}?session={{ session_id() }}"><span class="fa fa-{{ forumPrune ? 'bomb' : 'trash' }}"></span></a>
+    <a class="forumbtn" title="{{ forumPrune is defined ? 'Prune' : 'Trash' }}" href="{{ route('forums.topic.delete', topic.id) }}?session={{ session_id() }}"><span class="fa fa-{{ forumPrune is defined ? 'bomb' : 'trash' }}"></span></a>
 {% endif %}
diff --git a/resources/views/yuuno/forum/elements/replyForm.twig b/resources/views/yuuno/forum/elements/replyForm.twig
index 2f8d8e2..b5ece13 100644
--- a/resources/views/yuuno/forum/elements/replyForm.twig
+++ b/resources/views/yuuno/forum/elements/replyForm.twig
@@ -24,7 +24,7 @@
         <div class="posting-buttons">
             <div style="float: left;">
                 {% for code,meta in bbcode %}
-                    <button onclick="Sakura.Editor.InsertBBCode(Sakura.DOM.ID('postingText'), '{{ code }}'{% if meta[2] %}, true{% endif %});" type="button"{% if meta[0] %} title="{{ meta[0] }}"{% endif %} class="forumbtn{% if meta[1] %} fa fa-{{ meta[1] }}{% endif %}">{% if not meta[1] %}{{ code }}{% endif %}</button>
+                    <button onclick="Sakura.Editor.InsertBBCode(Sakura.DOM.ID('postingText'), '{{ code }}'{% if meta[2] is defined %}, true{% endif %});" type="button"{% if meta[0] %} title="{{ meta[0] }}"{% endif %} class="forumbtn{% if meta[1] %} fa fa-{{ meta[1] }}{% endif %}">{% if not meta[1] %}{{ code }}{% endif %}</button>
                 {% endfor %}
             </div>
             <div style="float: right;">
diff --git a/resources/views/yuuno/forum/topic.twig b/resources/views/yuuno/forum/topic.twig
index e51a801..033707d 100644
--- a/resources/views/yuuno/forum/topic.twig
+++ b/resources/views/yuuno/forum/topic.twig
@@ -96,7 +96,7 @@
             {% include 'forum/elements/forumBtns.twig' %}
             <table class="posts">
                 {% if topic is defined %}
-                    {% set textCache = session.replyText['t' ~ topic.id] %}
+                    {% set textCache = session.replyText['t' ~ topic.id]|default(null) %}
                     {% set postingAction = route('forums.topic.reply', topic.id) %}
 
                     {% for post in posts[get.page|default(1) - 1] %}
diff --git a/resources/views/yuuno/global/information.twig b/resources/views/yuuno/global/information.twig
index 8f4b1d3..494db45 100644
--- a/resources/views/yuuno/global/information.twig
+++ b/resources/views/yuuno/global/information.twig
@@ -7,8 +7,8 @@
         <div>
             <h1>Information</h1>
             <hr class="default">
-            {{ message }}
-            {% if redirect %}<br><a href="{{ redirect }}" class="default">Click here if you aren't being redirected.</a>{% endif %}
+            {{ message|default('') }}
+            {% if redirect is defined %}<br><a href="{{ redirect }}" class="default">Click here if you aren't being redirected.</a>{% endif %}
         </div>
     </div>
 {% endblock %}
diff --git a/resources/views/yuuno/master.twig b/resources/views/yuuno/master.twig
index d3a02aa..d7e97c8 100644
--- a/resources/views/yuuno/master.twig
+++ b/resources/views/yuuno/master.twig
@@ -5,8 +5,8 @@
         <title>{{ title|default(config('general.name')) }}</title>
         <meta name="description" content="{{ description|default(config('general.description')) }}">
         <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
-{% if redirect %}
-        <meta http-equiv="refresh" content="{{ redirectTimeout ? redirectTimeout : '3' }}; URL={{ redirect }}">
+{% if redirect is defined %}
+        <meta http-equiv="refresh" content="{{ redirectTimeout is defined ? redirectTimeout : '3' }}; URL={{ redirect }}">
 {% endif %}
 {{ block('meta') }}
         <link href="https://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet" type="text/css">
@@ -62,7 +62,7 @@
             <div id="contentwrapper">
                 <div id="notifications" class="alerts"></div>
                 <div id="dialogues" class="dialogues"></div>
-                {% if profile is defined ? profile.background : (user.perms.changeBackground and (user.backgroundSitewide or showBG) and user.background) %}
+                {% if profile is defined ? profile.background : (user.perms.changeBackground and (user.backgroundSitewide or showBG|default(false)) and user.background) %}
                     <div id="userBackground" style="background-image: url('{{ route('user.background', (profile is defined ? profile : user).id) }}');"></div>
                 {% endif %}
                 {% if not user.isActive and server['REQUEST_URI'] != route('auth.login') %}
@@ -148,7 +148,7 @@
 
         Yuuno.Main.Startup();
 
-        {% if config('dev.show_changelog') and stats %}
+        {% if config('dev.show_changelog') and stats is defined %}
             Sakura.Changelog.Build(Sakura.DOM.ID('indexPanel'));
         {% endif %}
 
diff --git a/resources/views/yuuno/profile/friends.twig b/resources/views/yuuno/profile/friends.twig
index 5f263d9..b8a045c 100644
--- a/resources/views/yuuno/profile/friends.twig
+++ b/resources/views/yuuno/profile/friends.twig
@@ -7,15 +7,19 @@
     <h1 class="stylised">Friends</h1>
 </div>
 <div class="profile-friends">
-    {% for friend in friends[get.page|default(1) - 1] %}
-    <div class="friend-container" id="friendslist-friend-{{ friend.id }}">
-        <a class="friends-list-data clean" href="{{ route('user.profile', friend.id) }}">
-            <img src="{{ route('user.avatar', friend.id) }}" alt="{{ friend.username }}" class="friends-list-avatar default-avatar-setting" style="width: 150px; height: 150px;">
-            <div class="friends-list-name" style="color: {{ friend.colour }};">{{ friend.username }}</div>
-        </a>
-    </div>
-    {% endfor %}
+    {% if friends|length > 0 %}
+        {% for friend in friends[get.page|default(1) - 1] %}
+        <div class="friend-container" id="friendslist-friend-{{ friend.id }}">
+            <a class="friends-list-data clean" href="{{ route('user.profile', friend.id) }}">
+                <img src="{{ route('user.avatar', friend.id) }}" alt="{{ friend.username }}" class="friends-list-avatar default-avatar-setting" style="width: 150px; height: 150px;">
+                <div class="friends-list-name" style="color: {{ friend.colour }};">{{ friend.username }}</div>
+            </a>
+        </div>
+        {% endfor %}
     <div class="clear"></div>
+    {% else %}
+        <h1 class="stylised" style="text-align: center; margin: 2em auto;">This user has no friends :(</h1>
+    {% endif %}
 </div>
 {% if friends|length > 1 %}
 <div style="text-align: right;">
diff --git a/resources/views/yuuno/settings/master.twig b/resources/views/yuuno/settings/master.twig
index f45b544..9ddbb65 100644
--- a/resources/views/yuuno/settings/master.twig
+++ b/resources/views/yuuno/settings/master.twig
@@ -47,7 +47,7 @@
 {% endblock %}
 
 {% block content %}
-    <div class="content settings messages {% if showBG %}background-transparent{% endif %}">
+    <div class="content settings messages">
         <div class="content-right content-column">
             <div class="head">
                 Navigation
diff --git a/resources/views/yuuno/user/members.twig b/resources/views/yuuno/user/members.twig
index 9b5e265..425a4ed 100644
--- a/resources/views/yuuno/user/members.twig
+++ b/resources/views/yuuno/user/members.twig
@@ -1,7 +1,7 @@
 {% extends 'master.twig' %}
 
 {% set sorts = ['boxes', 'rectangles', 'list'] %}
-{% set sort = get.sort in sorts ? get.sort : sorts[0] %}
+{% set sort = get is defined and get.sort is defined and get.sort in sorts ? get.sort : sorts[0] %}
 
 {% set notfound = rank == 0 %}
 
@@ -33,14 +33,14 @@
                 <a class="dropDownDesc">Rank:</a>
                 {% for r in ranks %}
                     {% if not r.hidden or (r.hidden and rank == r.id) %}
-                        <a href="{{ route('members.rank', r.id) }}{{ server['QUERY_STRING'] ? '?' : '' }}{{ server['QUERY_STRING'] }}" style="color: {{ r.colour }};"{% if rank == r.id %} class="dropDownSelected"{% endif %}>{{ r.id == 0 ? 'Not found' : r.name(true) }}</a>
+                        <a href="{{ route('members.rank', r.id) }}{{ server['QUERY_STRING'] is defined ? '?' : '' }}{{ server['QUERY_STRING']|default('') }}" style="color: {{ r.colour }};"{% if rank == r.id %} class="dropDownSelected"{% endif %}>{{ r.id == 0 ? 'Not found' : r.name(true) }}</a>
                     {% endif %}
                 {% endfor %}
             </div>
             <div class="dropDownInner" style="float: left;">
                 <a class="dropDownDesc">View:</a>
                 {% for s in sorts %}
-                <a href="?{{ server['QUERY_STRING'] }}{{ server['QUERY_STRING'] ? '&' : '' }}sort={{ s }}"{% if s == sort %} class="dropDownSelected"{% endif %}>{{ s|capitalize }}</a>
+                <a href="?{{ server['QUERY_STRING']|default('') }}{{ server['QUERY_STRING']|default('') ? '&' : '' }}sort={{ s }}"{% if s == sort %} class="dropDownSelected"{% endif %}>{{ s|capitalize }}</a>
                 {% endfor %}
             </div>
         </div>
diff --git a/resources/views/yuuno/user/profile.twig b/resources/views/yuuno/user/profile.twig
index 259206c..968bae3 100644
--- a/resources/views/yuuno/user/profile.twig
+++ b/resources/views/yuuno/user/profile.twig
@@ -272,10 +272,10 @@
                                             {{ data.title }}
                                         </td>
                                         <td style="text-align: right;">
-                                            {% if data.link %}
-                                                <a href="{{ data.link|format(data.value) }}" class="default">{{ (data.disp ? data.disp : '%s')|format(data.value) }}</a>
+                                            {% if data.link is defined %}
+                                                <a href="{{ data.link|format(data.value) }}" class="default">{{ (data.disp is defined ? data.disp : '%s')|format(data.value) }}</a>
                                             {% else %}
-                                                {{ (data.disp ? data.disp : '%s')|format(data.value) }}
+                                                {{ (data.disp is defined ? data.disp : '%s')|format(data.value) }}
                                             {% endif %}
                                         </td>
                                     </tr>