Fixed PHPstan detections.
This commit is contained in:
parent
b76e7ab264
commit
5cf2529209
63 changed files with 289 additions and 107 deletions
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
|||
20241201
|
||||
20241202
|
||||
|
|
|
|||
|
|
@ -33,6 +33,6 @@
|
|||
}
|
||||
},
|
||||
"require-dev": {
|
||||
"phpstan/phpstan": "^1.11"
|
||||
"phpstan/phpstan": "^2.0"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
24
composer.lock
generated
24
composer.lock
generated
|
|
@ -4,7 +4,7 @@
|
|||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||
"This file is @generated automatically"
|
||||
],
|
||||
"content-hash": "1bf2d030b7813e94e87ca04c39b83eff",
|
||||
"content-hash": "82b94e9d26ac6e86616be50e2bf37660",
|
||||
"packages": [
|
||||
{
|
||||
"name": "carbonphp/carbon-doctrine-types",
|
||||
|
|
@ -453,11 +453,11 @@
|
|||
},
|
||||
{
|
||||
"name": "flashwave/index",
|
||||
"version": "v0.2410.211811",
|
||||
"version": "v0.2410.630140",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://patchii.net/flash/index.git",
|
||||
"reference": "40cbd35ba3855056987d2f7647f669e66f938979"
|
||||
"reference": "469391f9b601bf30553252470f175588744d4c18"
|
||||
},
|
||||
"require": {
|
||||
"ext-mbstring": "*",
|
||||
|
|
@ -466,8 +466,8 @@
|
|||
"twig/twig": "^3.14"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpstan/phpstan": "^1.11",
|
||||
"phpunit/phpunit": "^11.2"
|
||||
"phpstan/phpstan": "^2.0",
|
||||
"phpunit/phpunit": "^11.4"
|
||||
},
|
||||
"suggest": {
|
||||
"ext-memcache": "Support for the Index\\Cache\\Memcached namespace (only if you can't use ext-memcached for some reason).",
|
||||
|
|
@ -504,7 +504,7 @@
|
|||
],
|
||||
"description": "Composer package for the common library for my projects.",
|
||||
"homepage": "https://railgun.sh/index",
|
||||
"time": "2024-10-21T18:15:09+00:00"
|
||||
"time": "2024-12-02T01:41:44+00:00"
|
||||
},
|
||||
{
|
||||
"name": "guzzlehttp/psr7",
|
||||
|
|
@ -2818,20 +2818,20 @@
|
|||
"packages-dev": [
|
||||
{
|
||||
"name": "phpstan/phpstan",
|
||||
"version": "1.12.12",
|
||||
"version": "2.0.3",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/phpstan/phpstan.git",
|
||||
"reference": "b5ae1b88f471d3fd4ba1aa0046234b5ca3776dd0"
|
||||
"reference": "46b4d3529b12178112d9008337beda0cc2a1a6b4"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/b5ae1b88f471d3fd4ba1aa0046234b5ca3776dd0",
|
||||
"reference": "b5ae1b88f471d3fd4ba1aa0046234b5ca3776dd0",
|
||||
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/46b4d3529b12178112d9008337beda0cc2a1a6b4",
|
||||
"reference": "46b4d3529b12178112d9008337beda0cc2a1a6b4",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": "^7.2|^8.0"
|
||||
"php": "^7.4|^8.0"
|
||||
},
|
||||
"conflict": {
|
||||
"phpstan/phpstan-shim": "*"
|
||||
|
|
@ -2872,7 +2872,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
],
|
||||
"time": "2024-11-28T22:13:23+00:00"
|
||||
"time": "2024-11-28T22:19:37+00:00"
|
||||
}
|
||||
],
|
||||
"aliases": [],
|
||||
|
|
|
|||
28
phpstan.neon
28
phpstan.neon
|
|
@ -1,9 +1,37 @@
|
|||
parameters:
|
||||
level: 5
|
||||
paths:
|
||||
- database
|
||||
- src
|
||||
- public
|
||||
- public-legacy
|
||||
bootstrapFiles:
|
||||
- misuzu.php
|
||||
dynamicConstantNames:
|
||||
- MSZ_CLI
|
||||
- MSZ_DEBUG
|
||||
ignoreErrors:
|
||||
-
|
||||
identifier: variable.undefined
|
||||
path: public-legacy/forum/posting.php
|
||||
-
|
||||
identifier: variable.undefined
|
||||
path: public-legacy/forum/topic.php
|
||||
-
|
||||
identifier: variable.undefined
|
||||
path: public-legacy/manage/changelog/tag.php
|
||||
-
|
||||
identifier: variable.undefined
|
||||
path: public-legacy/manage/news/category.php
|
||||
-
|
||||
identifier: variable.undefined
|
||||
path: public-legacy/manage/news/post.php
|
||||
-
|
||||
identifier: variable.undefined
|
||||
path: public-legacy/manage/users/note.php
|
||||
-
|
||||
identifier: empty.offset
|
||||
path: public-legacy/search.php
|
||||
-
|
||||
identifier: offsetAccess.notFound
|
||||
path: public-legacy/search.php
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
function ghcb_strip_prefix(string $line): string {
|
||||
$findColon = mb_strpos($line, ':');
|
||||
return trim($findColon === false || $findColon >= 10 ? $line : mb_substr($line, $findColon + 1));
|
||||
|
|
@ -69,6 +72,9 @@ foreach($config['tokens']['token'] as $repoName => $repoToken) {
|
|||
}
|
||||
}
|
||||
|
||||
if(!isset($repoName) || !is_string($repoName))
|
||||
die('no repo name');
|
||||
|
||||
if(!$repoAuthenticated)
|
||||
die('signature check failed');
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@ namespace Misuzu;
|
|||
use Exception;
|
||||
use Misuzu\Auth\AuthTokenCookie;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if($msz->authInfo->isLoggedIn) {
|
||||
Tools::redirect($msz->urls->format('index'));
|
||||
return;
|
||||
|
|
@ -39,14 +42,14 @@ $userAgent = $_SERVER['HTTP_USER_AGENT'] ?? '';
|
|||
|
||||
$remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress);
|
||||
|
||||
$siteIsPrivate = $cfg->getBoolean('private.enable');
|
||||
$siteIsPrivate = $msz->config->getBoolean('private.enable');
|
||||
if($siteIsPrivate) {
|
||||
[
|
||||
'private.perm.cat' => $loginPermCat,
|
||||
'private.perm.val' => $loginPermVal,
|
||||
'private.msg' => $sitePrivateMessage,
|
||||
'private.allow_password_reset' => $canResetPassword,
|
||||
] = $cfg->getValues([
|
||||
] = $msz->config->getValues([
|
||||
'private.perm.cat:s',
|
||||
'private.perm.val:i',
|
||||
'private.msg:s',
|
||||
|
|
@ -136,7 +139,7 @@ while(!empty($_POST['login']) && is_array($_POST['login'])) {
|
|||
$tokenBuilder->removeImpersonatedUserId();
|
||||
$tokenInfo = $tokenBuilder->toInfo();
|
||||
|
||||
AuthTokenCookie::apply($tokenPacker->pack($tokenInfo));
|
||||
AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
|
||||
|
||||
if(!Tools::isLocalURL($loginRedirect))
|
||||
$loginRedirect = $msz->urls->format('index');
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Auth\AuthTokenCookie;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if($msz->authInfo->isLoggedIn) {
|
||||
if(!CSRF::validateRequest()) {
|
||||
Template::render('auth.logout');
|
||||
|
|
@ -18,7 +21,7 @@ if($msz->authInfo->isLoggedIn) {
|
|||
$tokenBuilder->removeImpersonatedUserId();
|
||||
|
||||
$tokenInfo = $tokenBuilder->toInfo();
|
||||
AuthTokenCookie::apply($tokenPacker->pack($tokenInfo));
|
||||
AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
|
||||
}
|
||||
|
||||
Tools::redirect($msz->urls->format('index'));;
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@ namespace Misuzu;
|
|||
use RuntimeException;
|
||||
use Misuzu\Users\User;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if($msz->authInfo->isLoggedIn) {
|
||||
Tools::redirect($msz->urls->format('settings-account'));
|
||||
return;
|
||||
|
|
@ -25,8 +28,8 @@ if($userId > 0)
|
|||
|
||||
$notices = [];
|
||||
$ipAddress = $_SERVER['REMOTE_ADDR'];
|
||||
$siteIsPrivate = $cfg->getBoolean('private.enable');
|
||||
$canResetPassword = $siteIsPrivate ? $cfg->getBoolean('private.allow_password_reset', true) : true;
|
||||
$siteIsPrivate = $msz->config->getBoolean('private.enable');
|
||||
$canResetPassword = $siteIsPrivate ? $msz->config->getBoolean('private.allow_password_reset', true) : true;
|
||||
|
||||
$remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress);
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@ namespace Misuzu;
|
|||
use RuntimeException;
|
||||
use Misuzu\Users\User;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if($msz->authInfo->isLoggedIn) {
|
||||
Tools::redirect($msz->urls->format('index'));
|
||||
return;
|
||||
|
|
@ -14,20 +17,9 @@ $notices = [];
|
|||
$ipAddress = $_SERVER['REMOTE_ADDR'];
|
||||
$countryCode = $_SERVER['COUNTRY_CODE'] ?? 'XX';
|
||||
|
||||
// there is currently no ip banning system.
|
||||
// because people can have a wide variety of ip address
|
||||
// it doesn't make sense to include a single row for it
|
||||
// in the user bans table
|
||||
// add better ip tracking and reintroduce the blacklist
|
||||
// was thinking of having both a storage table and an expanded table
|
||||
// with the storage table contains range syntaxes and whatnot
|
||||
// and the expanded table just having seas of raw ips in it with a primary key
|
||||
// for fast matching
|
||||
$restricted = '';
|
||||
|
||||
$remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress);
|
||||
|
||||
while(!$restricted && !empty($register)) {
|
||||
while(!empty($register)) {
|
||||
if(!CSRF::validateRequest()) {
|
||||
$notices[] = 'Was unable to verify the request, please try again!';
|
||||
break;
|
||||
|
|
@ -109,5 +101,5 @@ Template::render('auth.register', [
|
|||
'register_notices' => $notices,
|
||||
'register_username' => !empty($register['username']) && is_string($register['username']) ? $register['username'] : '',
|
||||
'register_email' => !empty($register['email']) && is_string($register['email']) ? $register['email'] : '',
|
||||
'register_restricted' => $restricted,
|
||||
'register_restricted' => '',
|
||||
]);
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Auth\AuthTokenCookie;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(CSRF::validateRequest()) {
|
||||
$tokenInfo = $msz->authInfo->tokenInfo;
|
||||
|
||||
|
|
@ -13,7 +16,7 @@ if(CSRF::validateRequest()) {
|
|||
$tokenBuilder->removeImpersonatedUserId();
|
||||
|
||||
$tokenInfo = $tokenBuilder->toInfo();
|
||||
AuthTokenCookie::apply($tokenPacker->pack($tokenInfo));
|
||||
AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
|
||||
Tools::redirect($msz->urls->format('manage-user', ['user' => $impUserId]));
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,9 @@ use RuntimeException;
|
|||
use Misuzu\TOTPGenerator;
|
||||
use Misuzu\Auth\AuthTokenCookie;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if($msz->authInfo->isLoggedIn) {
|
||||
Tools::redirect($msz->urls->format('index'));
|
||||
return;
|
||||
|
|
@ -85,7 +88,7 @@ while(!empty($twofactor)) {
|
|||
$tokenBuilder->removeImpersonatedUserId();
|
||||
$tokenInfo = $tokenBuilder->toInfo();
|
||||
|
||||
AuthTokenCookie::apply($tokenPacker->pack($tokenInfo));
|
||||
AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
|
||||
|
||||
if(!Tools::isLocalURL($redirect))
|
||||
$redirect = $msz->urls->format('index');
|
||||
|
|
|
|||
|
|
@ -2,6 +2,10 @@
|
|||
namespace Misuzu;
|
||||
|
||||
use RuntimeException;
|
||||
use Misuzu\Comments\{CommentsCategoryInfo,CommentsPostInfo};
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$redirect = filter_input(INPUT_GET, 'return') ?? $_SERVER['HTTP_REFERER'] ?? $msz->urls->format('index');
|
||||
|
||||
|
|
@ -39,12 +43,12 @@ if($commentMode !== 'create' && empty($commentInfo))
|
|||
switch($commentMode) {
|
||||
case 'pin':
|
||||
case 'unpin':
|
||||
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
|
||||
Template::displayInfo('Comment category not found.', 404);
|
||||
if(!$perms->check(Perm::G_COMMENTS_PIN) && !$categoryInfo->isOwner($msz->authInfo->userInfo))
|
||||
Template::displayInfo("You're not allowed to pin comments.", 403);
|
||||
|
||||
if($commentInfo->deleted)
|
||||
if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo) || $commentInfo->deleted)
|
||||
Template::displayInfo("This comment doesn't exist!", 400);
|
||||
|
||||
if($commentInfo->isReply)
|
||||
Template::displayInfo("You can't pin replies!", 400);
|
||||
|
||||
|
|
@ -66,10 +70,11 @@ switch($commentMode) {
|
|||
break;
|
||||
|
||||
case 'vote':
|
||||
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
|
||||
Template::displayInfo('Comment category not found.', 404);
|
||||
if(!$perms->check(Perm::G_COMMENTS_VOTE) && !$categoryInfo->isOwner($msz->authInfo->userInfo))
|
||||
Template::displayInfo("You're not allowed to vote on comments.", 403);
|
||||
|
||||
if($commentInfo->deleted)
|
||||
if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo) || $commentInfo->deleted)
|
||||
Template::displayInfo("This comment doesn't exist!", 400);
|
||||
|
||||
if($commentVote > 0)
|
||||
|
|
@ -83,12 +88,15 @@ switch($commentMode) {
|
|||
break;
|
||||
|
||||
case 'delete':
|
||||
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
|
||||
Template::displayInfo('Comment category not found.', 404);
|
||||
|
||||
$canDelete = $perms->check(Perm::G_COMMENTS_DELETE_OWN | Perm::G_COMMENTS_DELETE_ANY);
|
||||
if(!$canDelete && !$categoryInfo->isOwner($msz->authInfo->userInfo))
|
||||
Template::displayInfo("You're not allowed to delete comments.", 403);
|
||||
|
||||
$canDeleteAny = $perms->check(Perm::G_COMMENTS_DELETE_ANY);
|
||||
if($commentInfo->deleted)
|
||||
if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo) || $commentInfo->deleted)
|
||||
Template::displayInfo(
|
||||
$canDeleteAny ? 'This comment is already marked for deletion.' : "This comment doesn't exist.",
|
||||
400
|
||||
|
|
@ -119,6 +127,8 @@ switch($commentMode) {
|
|||
if(!$perms->check(Perm::G_COMMENTS_DELETE_ANY))
|
||||
Template::displayInfo("You're not allowed to restore deleted comments.", 403);
|
||||
|
||||
if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo))
|
||||
Template::displayInfo("This comment is probably nuked already.", 404);
|
||||
if(!$commentInfo->deleted)
|
||||
Template::displayInfo("This comment isn't in a deleted state.", 400);
|
||||
|
||||
|
|
@ -134,9 +144,10 @@ switch($commentMode) {
|
|||
break;
|
||||
|
||||
case 'create':
|
||||
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
|
||||
Template::displayInfo('Comment category not found.', 404);
|
||||
if(!$perms->check(Perm::G_COMMENTS_CREATE) && !$categoryInfo->isOwner($msz->authInfo->userInfo))
|
||||
Template::displayInfo("You're not allowed to post comments.", 403);
|
||||
|
||||
if(empty($_POST['comment']) || !is_array($_POST['comment']))
|
||||
Template::displayInfo('Missing data.', 400);
|
||||
|
||||
|
|
@ -144,7 +155,7 @@ switch($commentMode) {
|
|||
$categoryId = isset($_POST['comment']['category']) && is_string($_POST['comment']['category'])
|
||||
? (int)$_POST['comment']['category']
|
||||
: 0;
|
||||
$categoryInfo = $msz->comments->getCategory(categoryId: $categoryId);
|
||||
$categoryInfo = $msz->comments->getCategory(categoryId: (string)$categoryId);
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::displayInfo('This comment category doesn\'t exist.', 404);
|
||||
}
|
||||
|
|
@ -168,12 +179,10 @@ switch($commentMode) {
|
|||
if(strlen($commentText) > 0) {
|
||||
$commentText = preg_replace("/[\r\n]{2,}/", "\n", $commentText);
|
||||
} else {
|
||||
if($canLock) {
|
||||
if($canLock)
|
||||
Template::displayInfo('The action has been processed.', 400);
|
||||
} else {
|
||||
else
|
||||
Template::displayInfo('Your comment is too short.', 400);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
if(mb_strlen($commentText) > 5000)
|
||||
|
|
@ -184,7 +193,7 @@ switch($commentMode) {
|
|||
$parentInfo = $msz->comments->getPost($commentReply);
|
||||
} catch(RuntimeException $ex) {}
|
||||
|
||||
if(!isset($parentInfo) || $parentInfo->deleted)
|
||||
if(!isset($parentInfo) || !($parentInfo instanceof CommentsPostInfo) || $parentInfo->deleted)
|
||||
Template::displayInfo('The comment you tried to reply to does not exist.', 404);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,10 @@ namespace Misuzu;
|
|||
use stdClass;
|
||||
use RuntimeException;
|
||||
|
||||
$categoryId = (int)filter_input(INPUT_GET, 'f', FILTER_SANITIZE_NUMBER_INT);
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$categoryId = (string)filter_input(INPUT_GET, 'f', FILTER_SANITIZE_NUMBER_INT);
|
||||
|
||||
try {
|
||||
$categoryInfo = $msz->forumCtx->categories->getCategory(categoryId: $categoryId);
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@ namespace Misuzu;
|
|||
use stdClass;
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$mode = (string)filter_input(INPUT_GET, 'm');
|
||||
|
||||
$currentUser = $msz->authInfo->userInfo;
|
||||
|
|
@ -23,7 +26,7 @@ if($mode === 'mark') {
|
|||
foreach($categoryInfos as $categoryInfo) {
|
||||
$perms = $msz->authInfo->getPerms('forum', $categoryInfo);
|
||||
if($perms->check(Perm::F_CATEGORY_LIST))
|
||||
$msz->forumCtx->categories->updateUserReadCategory($userInfo, $categoryInfo);
|
||||
$msz->forumCtx->categories->updateUserReadCategory($currentUser, $categoryInfo);
|
||||
}
|
||||
|
||||
Tools::redirect($msz->urls->format($categoryId ? 'forum-category' : 'forum-index', ['forum' => $categoryId]));
|
||||
|
|
|
|||
|
|
@ -3,10 +3,13 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_FORUM_LEADERBOARD_VIEW))
|
||||
Template::throwError(403);
|
||||
|
||||
$config = $cfg->getValues([
|
||||
$config = $msz->config->getValues([
|
||||
['forum_leader.first_year:i', 2018],
|
||||
['forum_leader.first_month:i', 12],
|
||||
'forum_leader.unranked.forum:a',
|
||||
|
|
@ -90,7 +93,7 @@ MD;
|
|||
foreach($rankings as $ranking) {
|
||||
$totalPostsCount += $ranking->postsCount;
|
||||
$markdown .= sprintf("| %s | [%s](%s%s) | %s |\r\n", $ranking->position,
|
||||
$ranking->user?->name ?? 'Deleted User',
|
||||
$ranking->user?->name ?? 'Deleted User', // @phpstan-ignore-line: no, it can be null
|
||||
$msz->siteInfo->url,
|
||||
$msz->urls->format('user-profile', ['user' => $ranking->userId]),
|
||||
number_format($ranking->postsCount));
|
||||
|
|
|
|||
|
|
@ -3,7 +3,10 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0;
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (string)$_GET['p'] : '0';
|
||||
$postMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
|
||||
$submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) && $_GET['confirm'] === '1';
|
||||
|
||||
|
|
|
|||
|
|
@ -3,11 +3,14 @@ namespace Misuzu;
|
|||
|
||||
use stdClass;
|
||||
use RuntimeException;
|
||||
use Misuzu\Forum\ForumTopicInfo;
|
||||
use Misuzu\Forum\{ForumCategoryInfo,ForumPostInfo,ForumTopicInfo};
|
||||
use Misuzu\Parsers\Parser;
|
||||
use Index\XDateTime;
|
||||
use Carbon\CarbonImmutable;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->isLoggedIn)
|
||||
Template::throwError(401);
|
||||
|
||||
|
|
@ -58,7 +61,7 @@ if(empty($postId)) {
|
|||
$hasPostInfo = false;
|
||||
} else {
|
||||
try {
|
||||
$postInfo = $msz->forumCtx->posts->getPost(postId: $postId);
|
||||
$postInfo = $msz->forumCtx->posts->getPost(postId: (string)$postId);
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
|
@ -100,6 +103,9 @@ if(empty($forumId)) {
|
|||
$hasCategoryInfo = true;
|
||||
}
|
||||
|
||||
if(!isset($categoryInfo) || !($categoryInfo instanceof ForumCategoryInfo))
|
||||
Template::throwError(404);
|
||||
|
||||
$perms = $msz->authInfo->getPerms('forum', $categoryInfo);
|
||||
|
||||
if($categoryInfo->archived
|
||||
|
|
@ -126,8 +132,12 @@ if($mode === 'create' || $mode === 'edit') {
|
|||
}
|
||||
|
||||
// edit mode stuff
|
||||
if($mode === 'edit' && !$perms->check($postInfo->userId === $currentUserId ? Perm::F_POST_EDIT_OWN : Perm::F_POST_EDIT_ANY))
|
||||
Template::throwError(403);
|
||||
if($mode === 'edit') {
|
||||
if(!isset($postInfo) || !($postInfo instanceof ForumPostInfo))
|
||||
Template::throwError(404);
|
||||
if(!$perms->check($postInfo->userId === $currentUserId ? Perm::F_POST_EDIT_OWN : Perm::F_POST_EDIT_ANY))
|
||||
Template::throwError(403);
|
||||
}
|
||||
|
||||
$notices = [];
|
||||
|
||||
|
|
@ -159,9 +169,9 @@ if(!empty($_POST)) {
|
|||
}
|
||||
|
||||
if($isEditingTopic) {
|
||||
$originalTopicTitle = $topicInfo?->title ?? null;
|
||||
$originalTopicTitle = $topicInfo?->title ?? null; // @phpstan-ignore-line: nope it can be null
|
||||
$topicTitleChanged = $topicTitle !== $originalTopicTitle;
|
||||
$originalTopicType = $topicInfo?->typeString ?? 'discussion';
|
||||
$originalTopicType = $topicInfo?->typeString ?? 'discussion'; // @phpstan-ignore-line: this also
|
||||
$topicTypeChanged = $topicType !== null && $topicType !== $originalTopicType;
|
||||
|
||||
$topicTitleLengths = $cfg->getValues([
|
||||
|
|
@ -232,7 +242,7 @@ if(!empty($_POST)) {
|
|||
&& $postText !== $postInfo->body;
|
||||
|
||||
$msz->forumCtx->posts->updatePost(
|
||||
$postId,
|
||||
(string)$postId,
|
||||
remoteAddr: $_SERVER['REMOTE_ADDR'],
|
||||
body: $postText,
|
||||
bodyParser: $postParser,
|
||||
|
|
@ -249,11 +259,11 @@ if(!empty($_POST)) {
|
|||
break;
|
||||
}
|
||||
|
||||
if(empty($notices)) {
|
||||
if(empty($notices)) { // @phpstan-ignore-line: i'm guessing it gets the type confused at this point
|
||||
// does this ternary ever return forum-topic?
|
||||
$redirect = $msz->urls->format(empty($topicInfo) ? 'forum-topic' : 'forum-post', [
|
||||
'topic' => $topicId ?? 0,
|
||||
'post' => $postId ?? 0,
|
||||
'topic' => $topicId,
|
||||
'post' => $postId,
|
||||
]);
|
||||
Tools::redirect($redirect);
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@ namespace Misuzu;
|
|||
use stdClass;
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0;
|
||||
$topicId = !empty($_GET['t']) && is_string($_GET['t']) ? (int)$_GET['t'] : 0;
|
||||
$categoryId = null;
|
||||
|
|
@ -15,7 +18,7 @@ $currentUserId = $currentUser === null ? '0' : $currentUser->id;
|
|||
|
||||
if($topicId < 1 && $postId > 0) {
|
||||
try {
|
||||
$postInfo = $msz->forumCtx->posts->getPost(postId: $postId);
|
||||
$postInfo = $msz->forumCtx->posts->getPost(postId: (string)$postId);
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
|
@ -267,7 +270,7 @@ if($canDeleteAny)
|
|||
$topicPagination = new Pagination($topicPosts, 10, 'page');
|
||||
|
||||
if(isset($preceedingPostCount))
|
||||
$topicPagination->setPage(floor($preceedingPostCount / $topicPagination->getRange()), true);
|
||||
$topicPagination->setPage((int)floor($preceedingPostCount / $topicPagination->getRange()), true);
|
||||
|
||||
if(!$topicPagination->hasValidOffset())
|
||||
Template::throwError(404);
|
||||
|
|
|
|||
|
|
@ -7,6 +7,9 @@ use Misuzu\Changelog\Changelog;
|
|||
use Carbon\CarbonImmutable;
|
||||
use Index\{XArray,XDateTime};
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
@ -41,7 +44,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
|||
}
|
||||
|
||||
// make errors not echos lol
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
|
||||
$action = trim((string)filter_input(INPUT_POST, 'cl_action'));
|
||||
$summary = trim((string)filter_input(INPUT_POST, 'cl_summary'));
|
||||
$body = trim((string)filter_input(INPUT_POST, 'cl_body'));
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
@ -29,7 +32,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
|||
return;
|
||||
}
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
|
||||
$name = trim((string)filter_input(INPUT_POST, 'ct_name'));
|
||||
$description = trim((string)filter_input(INPUT_POST, 'ct_desc'));
|
||||
$archive = !empty($_POST['ct_archive']);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Perm;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_FORUM_CATEGORIES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_FORUM_TOPIC_REDIRS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@ namespace Misuzu;
|
|||
use RuntimeException;
|
||||
use Index\XArray;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_EMOTES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_EMOTES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$counterInfos = $msz->counters->getCounters(orderBy: 'name');
|
||||
$counterNamesRaw = $msz->config->getArray('counters.names');
|
||||
$counterNamesCount = count($counterNamesRaw);
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Pagination;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_LOGS_VIEW))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,18 +1,21 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$valueName = (string)filter_input(INPUT_GET, 'name');
|
||||
$valueInfo = $cfg->getValueInfo($valueName);
|
||||
$valueInfo = $msz->config->getValueInfo($valueName);
|
||||
if($valueInfo === null)
|
||||
Template::throwError(404);
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
$valueName = $valueInfo->getName();
|
||||
$msz->createAuditLog('CONFIG_DELETE', [$valueName]);
|
||||
$cfg->removeValues($valueName);
|
||||
$msz->config->removeValues($valueName);
|
||||
Tools::redirect($msz->urls->format('manage-general-settings'));
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use Index\Config\Db\DbConfig;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
@ -10,7 +13,7 @@ $isNew = true;
|
|||
$sName = (string)filter_input(INPUT_GET, 'name');
|
||||
$sType = (string)filter_input(INPUT_GET, 'type');
|
||||
$sValue = null;
|
||||
$loadValueInfo = fn() => $cfg->getValueInfo($sName);
|
||||
$loadValueInfo = fn() => $msz->config->getValueInfo($sName);
|
||||
|
||||
if(!empty($sName)) {
|
||||
$sInfo = $loadValueInfo();
|
||||
|
|
@ -38,7 +41,7 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
|||
}
|
||||
|
||||
if($sType === 'array') {
|
||||
$applyFunc = $cfg->setArray(...);
|
||||
$applyFunc = $msz->config->setArray(...);
|
||||
$sValue = [];
|
||||
$sRaw = filter_input(INPUT_POST, 'conf_value', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY);
|
||||
foreach($sRaw as $rValue) {
|
||||
|
|
@ -58,17 +61,17 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
|||
}
|
||||
} elseif($sType === 'bool') {
|
||||
$sValue = !empty($_POST['conf_value']);
|
||||
$applyFunc = $cfg->setBoolean(...);
|
||||
$applyFunc = $msz->config->setBoolean(...);
|
||||
} else {
|
||||
$sValue = filter_input(INPUT_POST, 'conf_value');
|
||||
if($sType === 'int') {
|
||||
$applyFunc = $cfg->setInteger(...);
|
||||
$applyFunc = $msz->config->setInteger(...);
|
||||
$sValue = (int)$sValue;
|
||||
} elseif($sType === 'float') {
|
||||
$applyFunc = $cfg->setFloat(...);
|
||||
$applyFunc = $msz->config->setFloat(...);
|
||||
$sValue = (float)$sValue;
|
||||
} else
|
||||
$applyFunc = $cfg->setString(...);
|
||||
$applyFunc = $msz->config->setString(...);
|
||||
}
|
||||
|
||||
$msz->createAuditLog($isNew ? 'CONFIG_CREATE' : 'CONFIG_UPDATE', [$sName]);
|
||||
|
|
|
|||
|
|
@ -1,11 +1,14 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$hidden = $cfg->getArray('settings.hidden');
|
||||
$vars = $cfg->getAllValueInfos();
|
||||
$hidden = $msz->config->getArray('settings.hidden');
|
||||
$vars = $msz->config->getAllValueInfos();
|
||||
|
||||
Template::render('manage.general.settings', [
|
||||
'config_vars' => $vars,
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
@ -29,7 +32,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
|||
return;
|
||||
}
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
|
||||
$name = trim((string)filter_input(INPUT_POST, 'nc_name'));
|
||||
$description = trim((string)filter_input(INPUT_POST, 'nc_desc'));
|
||||
$hidden = !empty($_POST['nc_hidden']);
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
@ -29,7 +32,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
|||
return;
|
||||
}
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
|
||||
$title = trim((string)filter_input(INPUT_POST, 'np_title'));
|
||||
$category = (string)filter_input(INPUT_POST, 'np_category', FILTER_SANITIZE_NUMBER_INT);
|
||||
$featured = !empty($_POST['np_featured']);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,9 @@ use DateTimeInterface;
|
|||
use RuntimeException;
|
||||
use Carbon\CarbonImmutable;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_BANS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
@ -32,7 +35,7 @@ try {
|
|||
|
||||
$modInfo = $msz->authInfo->userInfo;
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
|
||||
$expires = (int)filter_input(INPUT_POST, 'ub_expires', FILTER_SANITIZE_NUMBER_INT);
|
||||
$expiresCustom = (string)filter_input(INPUT_POST, 'ub_expires_custom');
|
||||
$publicReason = trim((string)filter_input(INPUT_POST, 'ub_reason_pub'));
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_BANS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Users\Roles;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_USERS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_NOTES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_NOTES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,9 @@ use Index\Colour\Colour;
|
|||
use Index\Colour\ColourRgb;
|
||||
use Misuzu\Perm;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$viewerPerms = $msz->authInfo->getPerms('user');
|
||||
if(!$viewerPerms->check(Perm::U_ROLES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_ROLES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,9 @@ use Misuzu\Perm;
|
|||
use Misuzu\Auth\AuthTokenCookie;
|
||||
use Misuzu\Users\User;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$viewerPerms = $msz->authInfo->getPerms('user');
|
||||
if(!$msz->authInfo->isLoggedIn)
|
||||
Template::throwError(403);
|
||||
|
|
@ -26,7 +29,7 @@ if(!$hasAccess)
|
|||
Template::throwError(403);
|
||||
|
||||
$notices = [];
|
||||
$userId = (int)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT);
|
||||
$userId = (string)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT);
|
||||
|
||||
try {
|
||||
$userInfo = $msz->usersCtx->users->getUser($userId, 'id');
|
||||
|
|
@ -65,7 +68,7 @@ if(CSRF::validateRequest() && $canEdit) {
|
|||
$tokenBuilder->setImpersonatedUserId($userInfo->id);
|
||||
$tokenInfo = $tokenBuilder->toInfo();
|
||||
|
||||
AuthTokenCookie::apply($tokenPacker->pack($tokenInfo));
|
||||
AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
|
||||
Tools::redirect($msz->urls->format('index'));
|
||||
return;
|
||||
} else $notices[] = 'You aren\'t allowed to impersonate this user.';
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_WARNINGS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
@ -30,7 +33,7 @@ try {
|
|||
|
||||
$modInfo = $msz->authInfo->userInfo;
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
|
||||
$body = trim((string)filter_input(INPUT_POST, 'uw_body'));
|
||||
Template::set('warn_value_body', $body);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_WARNINGS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->isLoggedIn)
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -10,9 +10,12 @@ use Misuzu\Users\User;
|
|||
use Misuzu\Users\Assets\UserAvatarAsset;
|
||||
use Misuzu\Users\Assets\UserBackgroundAsset;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$userId = !empty($_GET['u']) && is_string($_GET['u']) ? trim($_GET['u']) : 0;
|
||||
$profileMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
|
||||
$isEditing = !empty($_GET['edit']) && is_string($_GET['edit']) ? (bool)$_GET['edit'] : !empty($_POST) && is_array($_POST);
|
||||
$isEditing = !empty($_GET['edit']) && is_string($_GET['edit']) ? (bool)$_GET['edit'] : !empty($_POST);
|
||||
|
||||
$viewerInfo = $msz->authInfo->userInfo;
|
||||
$viewingAsGuest = $viewerInfo === null;
|
||||
|
|
@ -81,7 +84,7 @@ if($isEditing) {
|
|||
$perms = $viewerPermsUser->checkMany([
|
||||
'edit_profile' => Perm::U_PROFILE_EDIT,
|
||||
'edit_avatar' => Perm::U_AVATAR_CHANGE,
|
||||
'edit_background' => PERM::U_PROFILE_BACKGROUND_CHANGE,
|
||||
'edit_background' => Perm::U_PROFILE_BACKGROUND_CHANGE,
|
||||
'edit_about' => Perm::U_PROFILE_ABOUT_EDIT,
|
||||
'edit_birthdate' => Perm::U_PROFILE_BIRTHDATE_EDIT,
|
||||
'edit_signature' => Perm::U_FORUM_SIGNATURE_EDIT,
|
||||
|
|
@ -92,7 +95,7 @@ if($isEditing) {
|
|||
'background_attachments' => UserBackgroundAsset::getAttachmentStringOptions(),
|
||||
]);
|
||||
|
||||
if(!empty($_POST) && is_array($_POST)) {
|
||||
if(!empty($_POST)) {
|
||||
if(!CSRF::validateRequest()) {
|
||||
$notices[] = 'Couldn\'t verify you, please refresh the page and retry.';
|
||||
} else {
|
||||
|
|
@ -241,7 +244,7 @@ if($isEditing) {
|
|||
break;
|
||||
case UPLOAD_ERR_INI_SIZE:
|
||||
case UPLOAD_ERR_FORM_SIZE:
|
||||
$notices[] = sprintf('Your background is not allowed to be larger in file size than %s!', ByteFormat::format($backgroundProps['max_size']));
|
||||
$notices[] = sprintf('Your background is not allowed to be larger in file size than %s!', ByteFormat::format(isset($backgroundProps) && is_array($backgroundProps) ? $backgroundProps['max_size'] : 0));
|
||||
break;
|
||||
default:
|
||||
$notices[] = 'Unable to save your background, contact an administator!';
|
||||
|
|
@ -256,7 +259,7 @@ if($isEditing) {
|
|||
'$path is not a valid image.' => 'The file you uploaded was not an image!',
|
||||
'$path is not an allowed image file.' => 'This type of image is not supported, keep to PNG, JPG or GIF!',
|
||||
'Dimensions of $path are too large.' => sprintf('Your background can\'t be larger than %dx%d!', $backgroundInfo->getMaxWidth(), $backgroundInfo->getMaxHeight()),
|
||||
'File size of $path is too large.' => sprintf('Your background is not allowed to be larger in file size than %2$s!', ByteFormat::format($backgroundInfo->getMaxBytes())),
|
||||
'File size of $path is too large.' => sprintf('Your background is not allowed to be larger in file size than %s!', ByteFormat::format($backgroundInfo->getMaxBytes())),
|
||||
default => $exMessage,
|
||||
};
|
||||
} catch(RuntimeException $ex) {
|
||||
|
|
@ -291,7 +294,7 @@ if(!$viewingAsGuest) {
|
|||
Template::set('profile_warnings', iterator_to_array($msz->usersCtx->warnings->getWarningsWithDefaultBacklog($userInfo)));
|
||||
|
||||
if((!$isBanned || $canEdit)) {
|
||||
$unranked = $cfg->getValues([
|
||||
$unranked = $msz->config->getValues([
|
||||
'forum_leader.unranked.forum:a',
|
||||
'forum_leader.unranked.topic:a',
|
||||
]);
|
||||
|
|
@ -339,6 +342,9 @@ if(!$viewingAsGuest) {
|
|||
break;
|
||||
}
|
||||
|
||||
if(!isset($fieldFormat))
|
||||
continue;
|
||||
|
||||
$profileFieldRawValues[$fieldName] = $fieldValue->value;
|
||||
$profileFieldDisplayValues[$fieldName] = $fieldFormat->formatDisplay($fieldValue->value);
|
||||
if($fieldFormat->linkFormat !== null)
|
||||
|
|
|
|||
|
|
@ -6,6 +6,9 @@ use RuntimeException;
|
|||
use Index\XArray;
|
||||
use Misuzu\Comments\CommentsCategory;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->isLoggedIn)
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,9 @@ use Misuzu\Users\User;
|
|||
use chillerlan\QRCode\QRCode;
|
||||
use chillerlan\QRCode\QROptions;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->isLoggedIn)
|
||||
Template::throwError(401);
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,9 @@ use ZipArchive;
|
|||
use Index\XString;
|
||||
use Misuzu\Users\UserInfo;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->isLoggedIn)
|
||||
Template::throwError(401);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Pagination;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$currentUser = $msz->authInfo->userInfo;
|
||||
if($currentUser === null)
|
||||
Template::throwError(401);
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->isLoggedIn)
|
||||
Template::throwError(401);
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,9 @@ use Misuzu\Auth\{AuthTokenBuilder,AuthTokenCookie,AuthTokenInfo};
|
|||
|
||||
require_once __DIR__ . '/../misuzu.php';
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Misuzu is not initialised.');
|
||||
|
||||
set_exception_handler(function(\Throwable $ex) {
|
||||
\Sentry\captureException($ex);
|
||||
|
||||
|
|
@ -81,7 +84,7 @@ if($tokenInfo->hasUserId && $tokenInfo->hasSessionToken) {
|
|||
$impersonatedUserId = $tokenInfo->impersonatedUserId;
|
||||
|
||||
if(!$allowToImpersonate) {
|
||||
$allowImpersonateUsers = $cfg->getArray(sprintf('impersonate.allow.u%s', $userInfo->id));
|
||||
$allowImpersonateUsers = $msz->config->getArray(sprintf('impersonate.allow.u%s', $userInfo->id));
|
||||
$allowToImpersonate = in_array((string)$impersonatedUserId, $allowImpersonateUsers, true);
|
||||
}
|
||||
|
||||
|
|
@ -117,7 +120,7 @@ if($tokenInfo->hasUserId && $tokenInfo->hasSessionToken) {
|
|||
$msz->authInfo->setInfo($tokenInfo, $userInfo, $sessionInfo, $userInfoReal);
|
||||
|
||||
CSRF::init(
|
||||
$cfg->getString('csrf.secret', 'soup'),
|
||||
$msz->config->getString('csrf.secret', 'soup'),
|
||||
($msz->authInfo->isLoggedIn ? $sessionInfo->token : $_SERVER['REMOTE_ADDR'])
|
||||
);
|
||||
|
||||
|
|
@ -129,7 +132,7 @@ $mszRequestPath = substr($request->getPath(), 1);
|
|||
$mszLegacyPathPrefix = MSZ_PUBLIC . '-legacy/';
|
||||
$mszLegacyPath = $mszLegacyPathPrefix . $mszRequestPath;
|
||||
|
||||
if(!empty($mszLegacyPath) && str_starts_with($mszLegacyPath, $mszLegacyPathPrefix)) {
|
||||
if(str_starts_with($mszLegacyPath, $mszLegacyPathPrefix)) {
|
||||
$mszLegacyPathReal = realpath($mszLegacyPath);
|
||||
if($mszLegacyPath === $mszLegacyPathReal || $mszLegacyPath === $mszLegacyPathReal . '/') {
|
||||
if(str_starts_with($mszRequestPath, '/manage') && !$msz->hasManageAccess())
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ class AuthTokenPacker {
|
|||
return AuthTokenInfo::empty();
|
||||
|
||||
$data = UriBase64::decode($token);
|
||||
if($data === false || $data === '')
|
||||
if(empty($data))
|
||||
return AuthTokenInfo::empty();
|
||||
|
||||
$builder = new AuthTokenBuilder;
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ class ForumPostInfo {
|
|||
get => CarbonImmutable::createFromTimestampUTC($this->createdTime);
|
||||
}
|
||||
|
||||
private static ?CarbonImmutable $markAsEditedThreshold = null;
|
||||
private static ?CarbonImmutable $markAsEditedThreshold = null; // @phpstan-ignore-line: property hook issue nope, it's written to!
|
||||
|
||||
public bool $shouldMarkAsEdited {
|
||||
get {
|
||||
|
|
@ -71,7 +71,7 @@ class ForumPostInfo {
|
|||
get => $this->editedTime === null ? null : CarbonImmutable::createFromTimestampUTC($this->editedTime);
|
||||
}
|
||||
|
||||
private static ?CarbonImmutable $canBeDeletedThreshold = null;
|
||||
private static ?CarbonImmutable $canBeDeletedThreshold = null; // @phpstan-ignore-line: property hook issue nope, it's written to!
|
||||
|
||||
public bool $canBeDeleted {
|
||||
get {
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ class ForumTopicInfo {
|
|||
get => CarbonImmutable::createFromTimestampUTC($this->createdTime);
|
||||
}
|
||||
|
||||
private static ?CarbonImmutable $lastActiveAt = null;
|
||||
private static ?CarbonImmutable $lastActiveAt = null; // @phpstan-ignore-line: property hook issue nope, it's written to!
|
||||
|
||||
public bool $active {
|
||||
get {
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@ class MisuzuContext {
|
|||
return $this->hasManageAccess;
|
||||
}
|
||||
|
||||
public function getWebAssetInfo(): ?object {
|
||||
public function getWebAssetInfo(): object {
|
||||
return json_decode(file_get_contents(MSZ_ASSETS . '/current.json'));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -211,7 +211,7 @@ class News {
|
|||
|
||||
public function getPosts(
|
||||
NewsCategoryInfo|string|null $categoryInfo = null,
|
||||
string $searchQuery = null,
|
||||
?string $searchQuery = null,
|
||||
bool $onlyFeatured = false,
|
||||
bool $includeScheduled = false,
|
||||
bool $includeDeleted = false,
|
||||
|
|
|
|||
|
|
@ -406,12 +406,11 @@ final class Perm {
|
|||
}
|
||||
|
||||
$categoryName = $currentCategoryName;
|
||||
$perm = 0;
|
||||
//$perm = 0;
|
||||
// if(is_array($permInfo))
|
||||
// [$categoryName, $perm] = $permInfo;
|
||||
// else
|
||||
if(is_int($permInfo))
|
||||
$perm = $permInfo;
|
||||
// elseif(is_int($permInfo))
|
||||
$perm = $permInfo;
|
||||
|
||||
$item->perms[] = $permItem = new stdClass;
|
||||
$permItem->category = $categoryName;
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ namespace Misuzu;
|
|||
use Index\Config\Config;
|
||||
|
||||
class SiteInfo {
|
||||
private array $props;
|
||||
private array $props; // @phpstan-ignore-line: Seems PHPStan doesn't support property hooks yet :)
|
||||
|
||||
public function __construct(Config $config) {
|
||||
$this->props = $config->getValues([
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ use Twig\TwigFunction;
|
|||
|
||||
final class TemplatingExtension extends AbstractExtension {
|
||||
private MisuzuContext $ctx;
|
||||
private ?object $assets;
|
||||
private object $assets;
|
||||
|
||||
public function __construct(MisuzuContext $ctx) {
|
||||
$this->ctx = $ctx;
|
||||
|
|
@ -44,7 +44,7 @@ final class TemplatingExtension extends AbstractExtension {
|
|||
}
|
||||
|
||||
public function getAssetPath(string $name): string {
|
||||
return $this->assets?->{$name} ?? '';
|
||||
return $this->assets->{$name} ?? '';
|
||||
}
|
||||
|
||||
public function timeFormat(DateTimeInterface|string|int|null $dateTime): string {
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ class BanInfo {
|
|||
1 => 'second',
|
||||
];
|
||||
|
||||
private static function getTimeString(?int $left, int $right): string {
|
||||
private static function getTimeString(?int $left, int $right): string { // @phpstan-ignore-line: property hook issue
|
||||
if($left === null)
|
||||
return 'permanent';
|
||||
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ class Roles {
|
|||
}
|
||||
if($hasHidden)
|
||||
$query .= sprintf(' %s role_hidden %s 0', ++$args > 1 ? 'AND' : 'WHERE', $hidden ? '<>' : '=');
|
||||
if($hasString)
|
||||
if($hasString !== null)
|
||||
$query .= sprintf(' %s role_string %s NULL', ++$args > 1 ? 'AND' : 'WHERE', $hasString ? 'IS NOT' : 'IS');
|
||||
if($orderByRank)
|
||||
$query .= ' ORDER BY role_hierarchy DESC';
|
||||
|
|
|
|||
Reference in a new issue