diff --git a/VERSION b/VERSION index 8b81eb3..7942c68 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -20241201 +20241202 diff --git a/composer.json b/composer.json index 2cd4752..84c3640 100644 --- a/composer.json +++ b/composer.json @@ -33,6 +33,6 @@ } }, "require-dev": { - "phpstan/phpstan": "^1.11" + "phpstan/phpstan": "^2.0" } } diff --git a/composer.lock b/composer.lock index 2dcfd8c..7dc585a 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "1bf2d030b7813e94e87ca04c39b83eff", + "content-hash": "82b94e9d26ac6e86616be50e2bf37660", "packages": [ { "name": "carbonphp/carbon-doctrine-types", @@ -453,11 +453,11 @@ }, { "name": "flashwave/index", - "version": "v0.2410.211811", + "version": "v0.2410.630140", "source": { "type": "git", "url": "https://patchii.net/flash/index.git", - "reference": "40cbd35ba3855056987d2f7647f669e66f938979" + "reference": "469391f9b601bf30553252470f175588744d4c18" }, "require": { "ext-mbstring": "*", @@ -466,8 +466,8 @@ "twig/twig": "^3.14" }, "require-dev": { - "phpstan/phpstan": "^1.11", - "phpunit/phpunit": "^11.2" + "phpstan/phpstan": "^2.0", + "phpunit/phpunit": "^11.4" }, "suggest": { "ext-memcache": "Support for the Index\\Cache\\Memcached namespace (only if you can't use ext-memcached for some reason).", @@ -504,7 +504,7 @@ ], "description": "Composer package for the common library for my projects.", "homepage": "https://railgun.sh/index", - "time": "2024-10-21T18:15:09+00:00" + "time": "2024-12-02T01:41:44+00:00" }, { "name": "guzzlehttp/psr7", @@ -2818,20 +2818,20 @@ "packages-dev": [ { "name": "phpstan/phpstan", - "version": "1.12.12", + "version": "2.0.3", "source": { "type": "git", "url": "https://github.com/phpstan/phpstan.git", - "reference": "b5ae1b88f471d3fd4ba1aa0046234b5ca3776dd0" + "reference": "46b4d3529b12178112d9008337beda0cc2a1a6b4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpstan/zipball/b5ae1b88f471d3fd4ba1aa0046234b5ca3776dd0", - "reference": "b5ae1b88f471d3fd4ba1aa0046234b5ca3776dd0", + "url": "https://api.github.com/repos/phpstan/phpstan/zipball/46b4d3529b12178112d9008337beda0cc2a1a6b4", + "reference": "46b4d3529b12178112d9008337beda0cc2a1a6b4", "shasum": "" }, "require": { - "php": "^7.2|^8.0" + "php": "^7.4|^8.0" }, "conflict": { "phpstan/phpstan-shim": "*" @@ -2872,7 +2872,7 @@ "type": "github" } ], - "time": "2024-11-28T22:13:23+00:00" + "time": "2024-11-28T22:19:37+00:00" } ], "aliases": [], diff --git a/phpstan.neon b/phpstan.neon index e8d840e..f3296db 100644 --- a/phpstan.neon +++ b/phpstan.neon @@ -1,9 +1,37 @@ parameters: level: 5 paths: + - database - src + - public + - public-legacy bootstrapFiles: - misuzu.php dynamicConstantNames: - MSZ_CLI - MSZ_DEBUG + ignoreErrors: + - + identifier: variable.undefined + path: public-legacy/forum/posting.php + - + identifier: variable.undefined + path: public-legacy/forum/topic.php + - + identifier: variable.undefined + path: public-legacy/manage/changelog/tag.php + - + identifier: variable.undefined + path: public-legacy/manage/news/category.php + - + identifier: variable.undefined + path: public-legacy/manage/news/post.php + - + identifier: variable.undefined + path: public-legacy/manage/users/note.php + - + identifier: empty.offset + path: public-legacy/search.php + - + identifier: offsetAccess.notFound + path: public-legacy/search.php diff --git a/public-legacy/_github-callback.php b/public-legacy/_github-callback.php index aaa7d0a..2e93ee9 100644 --- a/public-legacy/_github-callback.php +++ b/public-legacy/_github-callback.php @@ -1,6 +1,9 @@ = 10 ? $line : mb_substr($line, $findColon + 1)); @@ -69,6 +72,9 @@ foreach($config['tokens']['token'] as $repoName => $repoToken) { } } +if(!isset($repoName) || !is_string($repoName)) + die('no repo name'); + if(!$repoAuthenticated) die('signature check failed'); diff --git a/public-legacy/auth/login.php b/public-legacy/auth/login.php index 8754111..c692887 100644 --- a/public-legacy/auth/login.php +++ b/public-legacy/auth/login.php @@ -4,6 +4,9 @@ namespace Misuzu; use Exception; use Misuzu\Auth\AuthTokenCookie; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if($msz->authInfo->isLoggedIn) { Tools::redirect($msz->urls->format('index')); return; @@ -39,14 +42,14 @@ $userAgent = $_SERVER['HTTP_USER_AGENT'] ?? ''; $remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress); -$siteIsPrivate = $cfg->getBoolean('private.enable'); +$siteIsPrivate = $msz->config->getBoolean('private.enable'); if($siteIsPrivate) { [ 'private.perm.cat' => $loginPermCat, 'private.perm.val' => $loginPermVal, 'private.msg' => $sitePrivateMessage, 'private.allow_password_reset' => $canResetPassword, - ] = $cfg->getValues([ + ] = $msz->config->getValues([ 'private.perm.cat:s', 'private.perm.val:i', 'private.msg:s', @@ -136,7 +139,7 @@ while(!empty($_POST['login']) && is_array($_POST['login'])) { $tokenBuilder->removeImpersonatedUserId(); $tokenInfo = $tokenBuilder->toInfo(); - AuthTokenCookie::apply($tokenPacker->pack($tokenInfo)); + AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo)); if(!Tools::isLocalURL($loginRedirect)) $loginRedirect = $msz->urls->format('index'); diff --git a/public-legacy/auth/logout.php b/public-legacy/auth/logout.php index 57905f8..fcb7f31 100644 --- a/public-legacy/auth/logout.php +++ b/public-legacy/auth/logout.php @@ -3,6 +3,9 @@ namespace Misuzu; use Misuzu\Auth\AuthTokenCookie; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if($msz->authInfo->isLoggedIn) { if(!CSRF::validateRequest()) { Template::render('auth.logout'); @@ -18,7 +21,7 @@ if($msz->authInfo->isLoggedIn) { $tokenBuilder->removeImpersonatedUserId(); $tokenInfo = $tokenBuilder->toInfo(); - AuthTokenCookie::apply($tokenPacker->pack($tokenInfo)); + AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo)); } Tools::redirect($msz->urls->format('index'));; diff --git a/public-legacy/auth/password.php b/public-legacy/auth/password.php index 6d294b2..6f32afe 100644 --- a/public-legacy/auth/password.php +++ b/public-legacy/auth/password.php @@ -4,6 +4,9 @@ namespace Misuzu; use RuntimeException; use Misuzu\Users\User; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if($msz->authInfo->isLoggedIn) { Tools::redirect($msz->urls->format('settings-account')); return; @@ -25,8 +28,8 @@ if($userId > 0) $notices = []; $ipAddress = $_SERVER['REMOTE_ADDR']; -$siteIsPrivate = $cfg->getBoolean('private.enable'); -$canResetPassword = $siteIsPrivate ? $cfg->getBoolean('private.allow_password_reset', true) : true; +$siteIsPrivate = $msz->config->getBoolean('private.enable'); +$canResetPassword = $siteIsPrivate ? $msz->config->getBoolean('private.allow_password_reset', true) : true; $remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress); diff --git a/public-legacy/auth/register.php b/public-legacy/auth/register.php index 5a459b5..618479b 100644 --- a/public-legacy/auth/register.php +++ b/public-legacy/auth/register.php @@ -4,6 +4,9 @@ namespace Misuzu; use RuntimeException; use Misuzu\Users\User; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if($msz->authInfo->isLoggedIn) { Tools::redirect($msz->urls->format('index')); return; @@ -14,20 +17,9 @@ $notices = []; $ipAddress = $_SERVER['REMOTE_ADDR']; $countryCode = $_SERVER['COUNTRY_CODE'] ?? 'XX'; -// there is currently no ip banning system. -// because people can have a wide variety of ip address -// it doesn't make sense to include a single row for it -// in the user bans table -// add better ip tracking and reintroduce the blacklist -// was thinking of having both a storage table and an expanded table -// with the storage table contains range syntaxes and whatnot -// and the expanded table just having seas of raw ips in it with a primary key -// for fast matching -$restricted = ''; - $remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress); -while(!$restricted && !empty($register)) { +while(!empty($register)) { if(!CSRF::validateRequest()) { $notices[] = 'Was unable to verify the request, please try again!'; break; @@ -109,5 +101,5 @@ Template::render('auth.register', [ 'register_notices' => $notices, 'register_username' => !empty($register['username']) && is_string($register['username']) ? $register['username'] : '', 'register_email' => !empty($register['email']) && is_string($register['email']) ? $register['email'] : '', - 'register_restricted' => $restricted, + 'register_restricted' => '', ]); diff --git a/public-legacy/auth/revert.php b/public-legacy/auth/revert.php index 1608624..6a4f01e 100644 --- a/public-legacy/auth/revert.php +++ b/public-legacy/auth/revert.php @@ -3,6 +3,9 @@ namespace Misuzu; use Misuzu\Auth\AuthTokenCookie; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(CSRF::validateRequest()) { $tokenInfo = $msz->authInfo->tokenInfo; @@ -13,7 +16,7 @@ if(CSRF::validateRequest()) { $tokenBuilder->removeImpersonatedUserId(); $tokenInfo = $tokenBuilder->toInfo(); - AuthTokenCookie::apply($tokenPacker->pack($tokenInfo)); + AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo)); Tools::redirect($msz->urls->format('manage-user', ['user' => $impUserId])); return; } diff --git a/public-legacy/auth/twofactor.php b/public-legacy/auth/twofactor.php index 55f6636..c27298b 100644 --- a/public-legacy/auth/twofactor.php +++ b/public-legacy/auth/twofactor.php @@ -5,6 +5,9 @@ use RuntimeException; use Misuzu\TOTPGenerator; use Misuzu\Auth\AuthTokenCookie; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if($msz->authInfo->isLoggedIn) { Tools::redirect($msz->urls->format('index')); return; @@ -85,7 +88,7 @@ while(!empty($twofactor)) { $tokenBuilder->removeImpersonatedUserId(); $tokenInfo = $tokenBuilder->toInfo(); - AuthTokenCookie::apply($tokenPacker->pack($tokenInfo)); + AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo)); if(!Tools::isLocalURL($redirect)) $redirect = $msz->urls->format('index'); diff --git a/public-legacy/comments.php b/public-legacy/comments.php index edf55af..7d0dbfe 100644 --- a/public-legacy/comments.php +++ b/public-legacy/comments.php @@ -2,6 +2,10 @@ namespace Misuzu; use RuntimeException; +use Misuzu\Comments\{CommentsCategoryInfo,CommentsPostInfo}; + +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); $redirect = filter_input(INPUT_GET, 'return') ?? $_SERVER['HTTP_REFERER'] ?? $msz->urls->format('index'); @@ -39,12 +43,12 @@ if($commentMode !== 'create' && empty($commentInfo)) switch($commentMode) { case 'pin': case 'unpin': + if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo)) + Template::displayInfo('Comment category not found.', 404); if(!$perms->check(Perm::G_COMMENTS_PIN) && !$categoryInfo->isOwner($msz->authInfo->userInfo)) Template::displayInfo("You're not allowed to pin comments.", 403); - - if($commentInfo->deleted) + if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo) || $commentInfo->deleted) Template::displayInfo("This comment doesn't exist!", 400); - if($commentInfo->isReply) Template::displayInfo("You can't pin replies!", 400); @@ -66,10 +70,11 @@ switch($commentMode) { break; case 'vote': + if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo)) + Template::displayInfo('Comment category not found.', 404); if(!$perms->check(Perm::G_COMMENTS_VOTE) && !$categoryInfo->isOwner($msz->authInfo->userInfo)) Template::displayInfo("You're not allowed to vote on comments.", 403); - - if($commentInfo->deleted) + if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo) || $commentInfo->deleted) Template::displayInfo("This comment doesn't exist!", 400); if($commentVote > 0) @@ -83,12 +88,15 @@ switch($commentMode) { break; case 'delete': + if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo)) + Template::displayInfo('Comment category not found.', 404); + $canDelete = $perms->check(Perm::G_COMMENTS_DELETE_OWN | Perm::G_COMMENTS_DELETE_ANY); if(!$canDelete && !$categoryInfo->isOwner($msz->authInfo->userInfo)) Template::displayInfo("You're not allowed to delete comments.", 403); $canDeleteAny = $perms->check(Perm::G_COMMENTS_DELETE_ANY); - if($commentInfo->deleted) + if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo) || $commentInfo->deleted) Template::displayInfo( $canDeleteAny ? 'This comment is already marked for deletion.' : "This comment doesn't exist.", 400 @@ -119,6 +127,8 @@ switch($commentMode) { if(!$perms->check(Perm::G_COMMENTS_DELETE_ANY)) Template::displayInfo("You're not allowed to restore deleted comments.", 403); + if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo)) + Template::displayInfo("This comment is probably nuked already.", 404); if(!$commentInfo->deleted) Template::displayInfo("This comment isn't in a deleted state.", 400); @@ -134,9 +144,10 @@ switch($commentMode) { break; case 'create': + if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo)) + Template::displayInfo('Comment category not found.', 404); if(!$perms->check(Perm::G_COMMENTS_CREATE) && !$categoryInfo->isOwner($msz->authInfo->userInfo)) Template::displayInfo("You're not allowed to post comments.", 403); - if(empty($_POST['comment']) || !is_array($_POST['comment'])) Template::displayInfo('Missing data.', 400); @@ -144,7 +155,7 @@ switch($commentMode) { $categoryId = isset($_POST['comment']['category']) && is_string($_POST['comment']['category']) ? (int)$_POST['comment']['category'] : 0; - $categoryInfo = $msz->comments->getCategory(categoryId: $categoryId); + $categoryInfo = $msz->comments->getCategory(categoryId: (string)$categoryId); } catch(RuntimeException $ex) { Template::displayInfo('This comment category doesn\'t exist.', 404); } @@ -168,12 +179,10 @@ switch($commentMode) { if(strlen($commentText) > 0) { $commentText = preg_replace("/[\r\n]{2,}/", "\n", $commentText); } else { - if($canLock) { + if($canLock) Template::displayInfo('The action has been processed.', 400); - } else { + else Template::displayInfo('Your comment is too short.', 400); - } - break; } if(mb_strlen($commentText) > 5000) @@ -184,7 +193,7 @@ switch($commentMode) { $parentInfo = $msz->comments->getPost($commentReply); } catch(RuntimeException $ex) {} - if(!isset($parentInfo) || $parentInfo->deleted) + if(!isset($parentInfo) || !($parentInfo instanceof CommentsPostInfo) || $parentInfo->deleted) Template::displayInfo('The comment you tried to reply to does not exist.', 404); } diff --git a/public-legacy/forum/forum.php b/public-legacy/forum/forum.php index 76e888d..7b4e33e 100644 --- a/public-legacy/forum/forum.php +++ b/public-legacy/forum/forum.php @@ -4,7 +4,10 @@ namespace Misuzu; use stdClass; use RuntimeException; -$categoryId = (int)filter_input(INPUT_GET, 'f', FILTER_SANITIZE_NUMBER_INT); +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + +$categoryId = (string)filter_input(INPUT_GET, 'f', FILTER_SANITIZE_NUMBER_INT); try { $categoryInfo = $msz->forumCtx->categories->getCategory(categoryId: $categoryId); diff --git a/public-legacy/forum/index.php b/public-legacy/forum/index.php index 2ce2f5e..03d2779 100644 --- a/public-legacy/forum/index.php +++ b/public-legacy/forum/index.php @@ -4,6 +4,9 @@ namespace Misuzu; use stdClass; use RuntimeException; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + $mode = (string)filter_input(INPUT_GET, 'm'); $currentUser = $msz->authInfo->userInfo; @@ -23,7 +26,7 @@ if($mode === 'mark') { foreach($categoryInfos as $categoryInfo) { $perms = $msz->authInfo->getPerms('forum', $categoryInfo); if($perms->check(Perm::F_CATEGORY_LIST)) - $msz->forumCtx->categories->updateUserReadCategory($userInfo, $categoryInfo); + $msz->forumCtx->categories->updateUserReadCategory($currentUser, $categoryInfo); } Tools::redirect($msz->urls->format($categoryId ? 'forum-category' : 'forum-index', ['forum' => $categoryId])); diff --git a/public-legacy/forum/leaderboard.php b/public-legacy/forum/leaderboard.php index e8876f5..c6818e3 100644 --- a/public-legacy/forum/leaderboard.php +++ b/public-legacy/forum/leaderboard.php @@ -3,10 +3,13 @@ namespace Misuzu; use RuntimeException; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('global')->check(Perm::G_FORUM_LEADERBOARD_VIEW)) Template::throwError(403); -$config = $cfg->getValues([ +$config = $msz->config->getValues([ ['forum_leader.first_year:i', 2018], ['forum_leader.first_month:i', 12], 'forum_leader.unranked.forum:a', @@ -90,7 +93,7 @@ MD; foreach($rankings as $ranking) { $totalPostsCount += $ranking->postsCount; $markdown .= sprintf("| %s | [%s](%s%s) | %s |\r\n", $ranking->position, - $ranking->user?->name ?? 'Deleted User', + $ranking->user?->name ?? 'Deleted User', // @phpstan-ignore-line: no, it can be null $msz->siteInfo->url, $msz->urls->format('user-profile', ['user' => $ranking->userId]), number_format($ranking->postsCount)); diff --git a/public-legacy/forum/post.php b/public-legacy/forum/post.php index bdee917..368a177 100644 --- a/public-legacy/forum/post.php +++ b/public-legacy/forum/post.php @@ -3,7 +3,10 @@ namespace Misuzu; use RuntimeException; -$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + +$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (string)$_GET['p'] : '0'; $postMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : ''; $submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) && $_GET['confirm'] === '1'; diff --git a/public-legacy/forum/posting.php b/public-legacy/forum/posting.php index 5abd411..55528df 100644 --- a/public-legacy/forum/posting.php +++ b/public-legacy/forum/posting.php @@ -3,11 +3,14 @@ namespace Misuzu; use stdClass; use RuntimeException; -use Misuzu\Forum\ForumTopicInfo; +use Misuzu\Forum\{ForumCategoryInfo,ForumPostInfo,ForumTopicInfo}; use Misuzu\Parsers\Parser; use Index\XDateTime; use Carbon\CarbonImmutable; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->isLoggedIn) Template::throwError(401); @@ -58,7 +61,7 @@ if(empty($postId)) { $hasPostInfo = false; } else { try { - $postInfo = $msz->forumCtx->posts->getPost(postId: $postId); + $postInfo = $msz->forumCtx->posts->getPost(postId: (string)$postId); } catch(RuntimeException $ex) { Template::throwError(404); } @@ -100,6 +103,9 @@ if(empty($forumId)) { $hasCategoryInfo = true; } +if(!isset($categoryInfo) || !($categoryInfo instanceof ForumCategoryInfo)) + Template::throwError(404); + $perms = $msz->authInfo->getPerms('forum', $categoryInfo); if($categoryInfo->archived @@ -126,8 +132,12 @@ if($mode === 'create' || $mode === 'edit') { } // edit mode stuff -if($mode === 'edit' && !$perms->check($postInfo->userId === $currentUserId ? Perm::F_POST_EDIT_OWN : Perm::F_POST_EDIT_ANY)) - Template::throwError(403); +if($mode === 'edit') { + if(!isset($postInfo) || !($postInfo instanceof ForumPostInfo)) + Template::throwError(404); + if(!$perms->check($postInfo->userId === $currentUserId ? Perm::F_POST_EDIT_OWN : Perm::F_POST_EDIT_ANY)) + Template::throwError(403); +} $notices = []; @@ -159,9 +169,9 @@ if(!empty($_POST)) { } if($isEditingTopic) { - $originalTopicTitle = $topicInfo?->title ?? null; + $originalTopicTitle = $topicInfo?->title ?? null; // @phpstan-ignore-line: nope it can be null $topicTitleChanged = $topicTitle !== $originalTopicTitle; - $originalTopicType = $topicInfo?->typeString ?? 'discussion'; + $originalTopicType = $topicInfo?->typeString ?? 'discussion'; // @phpstan-ignore-line: this also $topicTypeChanged = $topicType !== null && $topicType !== $originalTopicType; $topicTitleLengths = $cfg->getValues([ @@ -232,7 +242,7 @@ if(!empty($_POST)) { && $postText !== $postInfo->body; $msz->forumCtx->posts->updatePost( - $postId, + (string)$postId, remoteAddr: $_SERVER['REMOTE_ADDR'], body: $postText, bodyParser: $postParser, @@ -249,11 +259,11 @@ if(!empty($_POST)) { break; } - if(empty($notices)) { + if(empty($notices)) { // @phpstan-ignore-line: i'm guessing it gets the type confused at this point // does this ternary ever return forum-topic? $redirect = $msz->urls->format(empty($topicInfo) ? 'forum-topic' : 'forum-post', [ - 'topic' => $topicId ?? 0, - 'post' => $postId ?? 0, + 'topic' => $topicId, + 'post' => $postId, ]); Tools::redirect($redirect); return; diff --git a/public-legacy/forum/topic.php b/public-legacy/forum/topic.php index 6e70823..0bdfd71 100644 --- a/public-legacy/forum/topic.php +++ b/public-legacy/forum/topic.php @@ -4,6 +4,9 @@ namespace Misuzu; use stdClass; use RuntimeException; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + $postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0; $topicId = !empty($_GET['t']) && is_string($_GET['t']) ? (int)$_GET['t'] : 0; $categoryId = null; @@ -15,7 +18,7 @@ $currentUserId = $currentUser === null ? '0' : $currentUser->id; if($topicId < 1 && $postId > 0) { try { - $postInfo = $msz->forumCtx->posts->getPost(postId: $postId); + $postInfo = $msz->forumCtx->posts->getPost(postId: (string)$postId); } catch(RuntimeException $ex) { Template::throwError(404); } @@ -267,7 +270,7 @@ if($canDeleteAny) $topicPagination = new Pagination($topicPosts, 10, 'page'); if(isset($preceedingPostCount)) - $topicPagination->setPage(floor($preceedingPostCount / $topicPagination->getRange()), true); + $topicPagination->setPage((int)floor($preceedingPostCount / $topicPagination->getRange()), true); if(!$topicPagination->hasValidOffset()) Template::throwError(404); diff --git a/public-legacy/manage/changelog/change.php b/public-legacy/manage/changelog/change.php index 4cb9ee4..c38883d 100644 --- a/public-legacy/manage/changelog/change.php +++ b/public-legacy/manage/changelog/change.php @@ -7,6 +7,9 @@ use Misuzu\Changelog\Changelog; use Carbon\CarbonImmutable; use Index\{XArray,XDateTime}; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE)) Template::throwError(403); @@ -41,7 +44,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) { } // make errors not echos lol -while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { +while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it $action = trim((string)filter_input(INPUT_POST, 'cl_action')); $summary = trim((string)filter_input(INPUT_POST, 'cl_summary')); $body = trim((string)filter_input(INPUT_POST, 'cl_body')); diff --git a/public-legacy/manage/changelog/index.php b/public-legacy/manage/changelog/index.php index ae50751..13bc9c3 100644 --- a/public-legacy/manage/changelog/index.php +++ b/public-legacy/manage/changelog/index.php @@ -3,6 +3,9 @@ namespace Misuzu; use RuntimeException; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE)) Template::throwError(403); diff --git a/public-legacy/manage/changelog/tag.php b/public-legacy/manage/changelog/tag.php index 7fe747c..5b209c0 100644 --- a/public-legacy/manage/changelog/tag.php +++ b/public-legacy/manage/changelog/tag.php @@ -3,6 +3,9 @@ namespace Misuzu; use RuntimeException; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE)) Template::throwError(403); @@ -29,7 +32,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) { return; } -while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { +while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it $name = trim((string)filter_input(INPUT_POST, 'ct_name')); $description = trim((string)filter_input(INPUT_POST, 'ct_desc')); $archive = !empty($_POST['ct_archive']); diff --git a/public-legacy/manage/changelog/tags.php b/public-legacy/manage/changelog/tags.php index f194249..d32c86e 100644 --- a/public-legacy/manage/changelog/tags.php +++ b/public-legacy/manage/changelog/tags.php @@ -1,6 +1,9 @@ authInfo->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE)) Template::throwError(403); diff --git a/public-legacy/manage/forum/index.php b/public-legacy/manage/forum/index.php index 6272886..5d3e53e 100644 --- a/public-legacy/manage/forum/index.php +++ b/public-legacy/manage/forum/index.php @@ -3,6 +3,9 @@ namespace Misuzu; use Misuzu\Perm; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('global')->check(Perm::G_FORUM_CATEGORIES_MANAGE)) Template::throwError(403); diff --git a/public-legacy/manage/forum/redirs.php b/public-legacy/manage/forum/redirs.php index b9decf4..d364199 100644 --- a/public-legacy/manage/forum/redirs.php +++ b/public-legacy/manage/forum/redirs.php @@ -1,6 +1,9 @@ authInfo->getPerms('global')->check(Perm::G_FORUM_TOPIC_REDIRS_MANAGE)) Template::throwError(403); diff --git a/public-legacy/manage/general/emoticon.php b/public-legacy/manage/general/emoticon.php index 2ec66ff..6ecb10c 100644 --- a/public-legacy/manage/general/emoticon.php +++ b/public-legacy/manage/general/emoticon.php @@ -4,6 +4,9 @@ namespace Misuzu; use RuntimeException; use Index\XArray; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('global')->check(Perm::G_EMOTES_MANAGE)) Template::throwError(403); diff --git a/public-legacy/manage/general/emoticons.php b/public-legacy/manage/general/emoticons.php index c60615c..90987fd 100644 --- a/public-legacy/manage/general/emoticons.php +++ b/public-legacy/manage/general/emoticons.php @@ -3,6 +3,9 @@ namespace Misuzu; use RuntimeException; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('global')->check(Perm::G_EMOTES_MANAGE)) Template::throwError(403); diff --git a/public-legacy/manage/general/index.php b/public-legacy/manage/general/index.php index c9f1969..25e55d9 100644 --- a/public-legacy/manage/general/index.php +++ b/public-legacy/manage/general/index.php @@ -1,6 +1,9 @@ counters->getCounters(orderBy: 'name'); $counterNamesRaw = $msz->config->getArray('counters.names'); $counterNamesCount = count($counterNamesRaw); diff --git a/public-legacy/manage/general/logs.php b/public-legacy/manage/general/logs.php index b5d1029..c738d91 100644 --- a/public-legacy/manage/general/logs.php +++ b/public-legacy/manage/general/logs.php @@ -3,6 +3,9 @@ namespace Misuzu; use Misuzu\Pagination; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('global')->check(Perm::G_LOGS_VIEW)) Template::throwError(403); diff --git a/public-legacy/manage/general/setting-delete.php b/public-legacy/manage/general/setting-delete.php index 1e8ad7a..cd892c5 100644 --- a/public-legacy/manage/general/setting-delete.php +++ b/public-legacy/manage/general/setting-delete.php @@ -1,18 +1,21 @@ authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) Template::throwError(403); $valueName = (string)filter_input(INPUT_GET, 'name'); -$valueInfo = $cfg->getValueInfo($valueName); +$valueInfo = $msz->config->getValueInfo($valueName); if($valueInfo === null) Template::throwError(404); if($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { $valueName = $valueInfo->getName(); $msz->createAuditLog('CONFIG_DELETE', [$valueName]); - $cfg->removeValues($valueName); + $msz->config->removeValues($valueName); Tools::redirect($msz->urls->format('manage-general-settings')); return; } diff --git a/public-legacy/manage/general/setting.php b/public-legacy/manage/general/setting.php index 1ed83fd..328c8d1 100644 --- a/public-legacy/manage/general/setting.php +++ b/public-legacy/manage/general/setting.php @@ -3,6 +3,9 @@ namespace Misuzu; use Index\Config\Db\DbConfig; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) Template::throwError(403); @@ -10,7 +13,7 @@ $isNew = true; $sName = (string)filter_input(INPUT_GET, 'name'); $sType = (string)filter_input(INPUT_GET, 'type'); $sValue = null; -$loadValueInfo = fn() => $cfg->getValueInfo($sName); +$loadValueInfo = fn() => $msz->config->getValueInfo($sName); if(!empty($sName)) { $sInfo = $loadValueInfo(); @@ -38,7 +41,7 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { } if($sType === 'array') { - $applyFunc = $cfg->setArray(...); + $applyFunc = $msz->config->setArray(...); $sValue = []; $sRaw = filter_input(INPUT_POST, 'conf_value', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY); foreach($sRaw as $rValue) { @@ -58,17 +61,17 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { } } elseif($sType === 'bool') { $sValue = !empty($_POST['conf_value']); - $applyFunc = $cfg->setBoolean(...); + $applyFunc = $msz->config->setBoolean(...); } else { $sValue = filter_input(INPUT_POST, 'conf_value'); if($sType === 'int') { - $applyFunc = $cfg->setInteger(...); + $applyFunc = $msz->config->setInteger(...); $sValue = (int)$sValue; } elseif($sType === 'float') { - $applyFunc = $cfg->setFloat(...); + $applyFunc = $msz->config->setFloat(...); $sValue = (float)$sValue; } else - $applyFunc = $cfg->setString(...); + $applyFunc = $msz->config->setString(...); } $msz->createAuditLog($isNew ? 'CONFIG_CREATE' : 'CONFIG_UPDATE', [$sName]); diff --git a/public-legacy/manage/general/settings.php b/public-legacy/manage/general/settings.php index a93baeb..a9e3141 100644 --- a/public-legacy/manage/general/settings.php +++ b/public-legacy/manage/general/settings.php @@ -1,11 +1,14 @@ authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) Template::throwError(403); -$hidden = $cfg->getArray('settings.hidden'); -$vars = $cfg->getAllValueInfos(); +$hidden = $msz->config->getArray('settings.hidden'); +$vars = $msz->config->getAllValueInfos(); Template::render('manage.general.settings', [ 'config_vars' => $vars, diff --git a/public-legacy/manage/news/categories.php b/public-legacy/manage/news/categories.php index 64e42ed..43b2810 100644 --- a/public-legacy/manage/news/categories.php +++ b/public-legacy/manage/news/categories.php @@ -1,6 +1,9 @@ authInfo->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE)) Template::throwError(403); diff --git a/public-legacy/manage/news/category.php b/public-legacy/manage/news/category.php index b4623ea..dd023b1 100644 --- a/public-legacy/manage/news/category.php +++ b/public-legacy/manage/news/category.php @@ -3,6 +3,9 @@ namespace Misuzu; use RuntimeException; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE)) Template::throwError(403); @@ -29,7 +32,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) { return; } -while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { +while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it $name = trim((string)filter_input(INPUT_POST, 'nc_name')); $description = trim((string)filter_input(INPUT_POST, 'nc_desc')); $hidden = !empty($_POST['nc_hidden']); diff --git a/public-legacy/manage/news/post.php b/public-legacy/manage/news/post.php index 13479f7..2aa7f59 100644 --- a/public-legacy/manage/news/post.php +++ b/public-legacy/manage/news/post.php @@ -3,6 +3,9 @@ namespace Misuzu; use RuntimeException; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE)) Template::throwError(403); @@ -29,7 +32,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) { return; } -while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { +while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it $title = trim((string)filter_input(INPUT_POST, 'np_title')); $category = (string)filter_input(INPUT_POST, 'np_category', FILTER_SANITIZE_NUMBER_INT); $featured = !empty($_POST['np_featured']); diff --git a/public-legacy/manage/news/posts.php b/public-legacy/manage/news/posts.php index 46dd1c4..6cd06a5 100644 --- a/public-legacy/manage/news/posts.php +++ b/public-legacy/manage/news/posts.php @@ -1,6 +1,9 @@ authInfo->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE)) Template::throwError(403); diff --git a/public-legacy/manage/users/ban.php b/public-legacy/manage/users/ban.php index 1e97df0..b2296ee 100644 --- a/public-legacy/manage/users/ban.php +++ b/public-legacy/manage/users/ban.php @@ -5,6 +5,9 @@ use DateTimeInterface; use RuntimeException; use Carbon\CarbonImmutable; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('user')->check(Perm::U_BANS_MANAGE)) Template::throwError(403); @@ -32,7 +35,7 @@ try { $modInfo = $msz->authInfo->userInfo; -while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { +while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it $expires = (int)filter_input(INPUT_POST, 'ub_expires', FILTER_SANITIZE_NUMBER_INT); $expiresCustom = (string)filter_input(INPUT_POST, 'ub_expires_custom'); $publicReason = trim((string)filter_input(INPUT_POST, 'ub_reason_pub')); diff --git a/public-legacy/manage/users/bans.php b/public-legacy/manage/users/bans.php index f4afadd..f4af383 100644 --- a/public-legacy/manage/users/bans.php +++ b/public-legacy/manage/users/bans.php @@ -3,6 +3,9 @@ namespace Misuzu; use RuntimeException; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('user')->check(Perm::U_BANS_MANAGE)) Template::throwError(403); diff --git a/public-legacy/manage/users/index.php b/public-legacy/manage/users/index.php index 1962b03..8bde1a3 100644 --- a/public-legacy/manage/users/index.php +++ b/public-legacy/manage/users/index.php @@ -3,6 +3,9 @@ namespace Misuzu; use Misuzu\Users\Roles; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('user')->check(Perm::U_USERS_MANAGE)) Template::throwError(403); diff --git a/public-legacy/manage/users/note.php b/public-legacy/manage/users/note.php index ace2735..dc122da 100644 --- a/public-legacy/manage/users/note.php +++ b/public-legacy/manage/users/note.php @@ -3,6 +3,9 @@ namespace Misuzu; use RuntimeException; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('user')->check(Perm::U_NOTES_MANAGE)) Template::throwError(403); diff --git a/public-legacy/manage/users/notes.php b/public-legacy/manage/users/notes.php index ef833d8..16aba96 100644 --- a/public-legacy/manage/users/notes.php +++ b/public-legacy/manage/users/notes.php @@ -3,6 +3,9 @@ namespace Misuzu; use RuntimeException; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('user')->check(Perm::U_NOTES_MANAGE)) Template::throwError(403); diff --git a/public-legacy/manage/users/role.php b/public-legacy/manage/users/role.php index e9917f3..bfc13fa 100644 --- a/public-legacy/manage/users/role.php +++ b/public-legacy/manage/users/role.php @@ -6,6 +6,9 @@ use Index\Colour\Colour; use Index\Colour\ColourRgb; use Misuzu\Perm; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + $viewerPerms = $msz->authInfo->getPerms('user'); if(!$viewerPerms->check(Perm::U_ROLES_MANAGE)) Template::throwError(403); diff --git a/public-legacy/manage/users/roles.php b/public-legacy/manage/users/roles.php index 6d7f94c..2ba7b61 100644 --- a/public-legacy/manage/users/roles.php +++ b/public-legacy/manage/users/roles.php @@ -1,6 +1,9 @@ authInfo->getPerms('user')->check(Perm::U_ROLES_MANAGE)) Template::throwError(403); diff --git a/public-legacy/manage/users/user.php b/public-legacy/manage/users/user.php index bc5905e..676ef88 100644 --- a/public-legacy/manage/users/user.php +++ b/public-legacy/manage/users/user.php @@ -7,6 +7,9 @@ use Misuzu\Perm; use Misuzu\Auth\AuthTokenCookie; use Misuzu\Users\User; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + $viewerPerms = $msz->authInfo->getPerms('user'); if(!$msz->authInfo->isLoggedIn) Template::throwError(403); @@ -26,7 +29,7 @@ if(!$hasAccess) Template::throwError(403); $notices = []; -$userId = (int)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT); +$userId = (string)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT); try { $userInfo = $msz->usersCtx->users->getUser($userId, 'id'); @@ -65,7 +68,7 @@ if(CSRF::validateRequest() && $canEdit) { $tokenBuilder->setImpersonatedUserId($userInfo->id); $tokenInfo = $tokenBuilder->toInfo(); - AuthTokenCookie::apply($tokenPacker->pack($tokenInfo)); + AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo)); Tools::redirect($msz->urls->format('index')); return; } else $notices[] = 'You aren\'t allowed to impersonate this user.'; diff --git a/public-legacy/manage/users/warning.php b/public-legacy/manage/users/warning.php index d35c2e2..cbb24df 100644 --- a/public-legacy/manage/users/warning.php +++ b/public-legacy/manage/users/warning.php @@ -3,6 +3,9 @@ namespace Misuzu; use RuntimeException; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('user')->check(Perm::U_WARNINGS_MANAGE)) Template::throwError(403); @@ -30,7 +33,7 @@ try { $modInfo = $msz->authInfo->userInfo; -while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { +while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it $body = trim((string)filter_input(INPUT_POST, 'uw_body')); Template::set('warn_value_body', $body); diff --git a/public-legacy/manage/users/warnings.php b/public-legacy/manage/users/warnings.php index b43c351..e227925 100644 --- a/public-legacy/manage/users/warnings.php +++ b/public-legacy/manage/users/warnings.php @@ -3,6 +3,9 @@ namespace Misuzu; use RuntimeException; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->getPerms('user')->check(Perm::U_WARNINGS_MANAGE)) Template::throwError(403); diff --git a/public-legacy/members.php b/public-legacy/members.php index 72dd72b..87e396c 100644 --- a/public-legacy/members.php +++ b/public-legacy/members.php @@ -3,6 +3,9 @@ namespace Misuzu; use RuntimeException; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->isLoggedIn) Template::throwError(403); diff --git a/public-legacy/profile.php b/public-legacy/profile.php index 4cb7dd6..071ce85 100644 --- a/public-legacy/profile.php +++ b/public-legacy/profile.php @@ -10,9 +10,12 @@ use Misuzu\Users\User; use Misuzu\Users\Assets\UserAvatarAsset; use Misuzu\Users\Assets\UserBackgroundAsset; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + $userId = !empty($_GET['u']) && is_string($_GET['u']) ? trim($_GET['u']) : 0; $profileMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : ''; -$isEditing = !empty($_GET['edit']) && is_string($_GET['edit']) ? (bool)$_GET['edit'] : !empty($_POST) && is_array($_POST); +$isEditing = !empty($_GET['edit']) && is_string($_GET['edit']) ? (bool)$_GET['edit'] : !empty($_POST); $viewerInfo = $msz->authInfo->userInfo; $viewingAsGuest = $viewerInfo === null; @@ -81,7 +84,7 @@ if($isEditing) { $perms = $viewerPermsUser->checkMany([ 'edit_profile' => Perm::U_PROFILE_EDIT, 'edit_avatar' => Perm::U_AVATAR_CHANGE, - 'edit_background' => PERM::U_PROFILE_BACKGROUND_CHANGE, + 'edit_background' => Perm::U_PROFILE_BACKGROUND_CHANGE, 'edit_about' => Perm::U_PROFILE_ABOUT_EDIT, 'edit_birthdate' => Perm::U_PROFILE_BIRTHDATE_EDIT, 'edit_signature' => Perm::U_FORUM_SIGNATURE_EDIT, @@ -92,7 +95,7 @@ if($isEditing) { 'background_attachments' => UserBackgroundAsset::getAttachmentStringOptions(), ]); - if(!empty($_POST) && is_array($_POST)) { + if(!empty($_POST)) { if(!CSRF::validateRequest()) { $notices[] = 'Couldn\'t verify you, please refresh the page and retry.'; } else { @@ -241,7 +244,7 @@ if($isEditing) { break; case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: - $notices[] = sprintf('Your background is not allowed to be larger in file size than %s!', ByteFormat::format($backgroundProps['max_size'])); + $notices[] = sprintf('Your background is not allowed to be larger in file size than %s!', ByteFormat::format(isset($backgroundProps) && is_array($backgroundProps) ? $backgroundProps['max_size'] : 0)); break; default: $notices[] = 'Unable to save your background, contact an administator!'; @@ -256,7 +259,7 @@ if($isEditing) { '$path is not a valid image.' => 'The file you uploaded was not an image!', '$path is not an allowed image file.' => 'This type of image is not supported, keep to PNG, JPG or GIF!', 'Dimensions of $path are too large.' => sprintf('Your background can\'t be larger than %dx%d!', $backgroundInfo->getMaxWidth(), $backgroundInfo->getMaxHeight()), - 'File size of $path is too large.' => sprintf('Your background is not allowed to be larger in file size than %2$s!', ByteFormat::format($backgroundInfo->getMaxBytes())), + 'File size of $path is too large.' => sprintf('Your background is not allowed to be larger in file size than %s!', ByteFormat::format($backgroundInfo->getMaxBytes())), default => $exMessage, }; } catch(RuntimeException $ex) { @@ -291,7 +294,7 @@ if(!$viewingAsGuest) { Template::set('profile_warnings', iterator_to_array($msz->usersCtx->warnings->getWarningsWithDefaultBacklog($userInfo))); if((!$isBanned || $canEdit)) { - $unranked = $cfg->getValues([ + $unranked = $msz->config->getValues([ 'forum_leader.unranked.forum:a', 'forum_leader.unranked.topic:a', ]); @@ -339,6 +342,9 @@ if(!$viewingAsGuest) { break; } + if(!isset($fieldFormat)) + continue; + $profileFieldRawValues[$fieldName] = $fieldValue->value; $profileFieldDisplayValues[$fieldName] = $fieldFormat->formatDisplay($fieldValue->value); if($fieldFormat->linkFormat !== null) diff --git a/public-legacy/search.php b/public-legacy/search.php index 2e1ef86..79fface 100644 --- a/public-legacy/search.php +++ b/public-legacy/search.php @@ -6,6 +6,9 @@ use RuntimeException; use Index\XArray; use Misuzu\Comments\CommentsCategory; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->isLoggedIn) Template::throwError(403); diff --git a/public-legacy/settings/account.php b/public-legacy/settings/account.php index d36af89..6588669 100644 --- a/public-legacy/settings/account.php +++ b/public-legacy/settings/account.php @@ -6,6 +6,9 @@ use Misuzu\Users\User; use chillerlan\QRCode\QRCode; use chillerlan\QRCode\QROptions; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->isLoggedIn) Template::throwError(401); diff --git a/public-legacy/settings/data.php b/public-legacy/settings/data.php index cd14b82..ca38409 100644 --- a/public-legacy/settings/data.php +++ b/public-legacy/settings/data.php @@ -5,6 +5,9 @@ use ZipArchive; use Index\XString; use Misuzu\Users\UserInfo; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->isLoggedIn) Template::throwError(401); diff --git a/public-legacy/settings/logs.php b/public-legacy/settings/logs.php index b8e970e..ce5e4c1 100644 --- a/public-legacy/settings/logs.php +++ b/public-legacy/settings/logs.php @@ -3,6 +3,9 @@ namespace Misuzu; use Misuzu\Pagination; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + $currentUser = $msz->authInfo->userInfo; if($currentUser === null) Template::throwError(401); diff --git a/public-legacy/settings/sessions.php b/public-legacy/settings/sessions.php index ec757a8..a325ea1 100644 --- a/public-legacy/settings/sessions.php +++ b/public-legacy/settings/sessions.php @@ -3,6 +3,9 @@ namespace Misuzu; use RuntimeException; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Script must be called through the Misuzu route dispatcher.'); + if(!$msz->authInfo->isLoggedIn) Template::throwError(401); diff --git a/public/index.php b/public/index.php index 2a87e01..173e8ef 100644 --- a/public/index.php +++ b/public/index.php @@ -6,6 +6,9 @@ use Misuzu\Auth\{AuthTokenBuilder,AuthTokenCookie,AuthTokenInfo}; require_once __DIR__ . '/../misuzu.php'; +if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext)) + die('Misuzu is not initialised.'); + set_exception_handler(function(\Throwable $ex) { \Sentry\captureException($ex); @@ -81,7 +84,7 @@ if($tokenInfo->hasUserId && $tokenInfo->hasSessionToken) { $impersonatedUserId = $tokenInfo->impersonatedUserId; if(!$allowToImpersonate) { - $allowImpersonateUsers = $cfg->getArray(sprintf('impersonate.allow.u%s', $userInfo->id)); + $allowImpersonateUsers = $msz->config->getArray(sprintf('impersonate.allow.u%s', $userInfo->id)); $allowToImpersonate = in_array((string)$impersonatedUserId, $allowImpersonateUsers, true); } @@ -117,7 +120,7 @@ if($tokenInfo->hasUserId && $tokenInfo->hasSessionToken) { $msz->authInfo->setInfo($tokenInfo, $userInfo, $sessionInfo, $userInfoReal); CSRF::init( - $cfg->getString('csrf.secret', 'soup'), + $msz->config->getString('csrf.secret', 'soup'), ($msz->authInfo->isLoggedIn ? $sessionInfo->token : $_SERVER['REMOTE_ADDR']) ); @@ -129,7 +132,7 @@ $mszRequestPath = substr($request->getPath(), 1); $mszLegacyPathPrefix = MSZ_PUBLIC . '-legacy/'; $mszLegacyPath = $mszLegacyPathPrefix . $mszRequestPath; -if(!empty($mszLegacyPath) && str_starts_with($mszLegacyPath, $mszLegacyPathPrefix)) { +if(str_starts_with($mszLegacyPath, $mszLegacyPathPrefix)) { $mszLegacyPathReal = realpath($mszLegacyPath); if($mszLegacyPath === $mszLegacyPathReal || $mszLegacyPath === $mszLegacyPathReal . '/') { if(str_starts_with($mszRequestPath, '/manage') && !$msz->hasManageAccess()) diff --git a/src/Auth/AuthTokenPacker.php b/src/Auth/AuthTokenPacker.php index 079fc84..2815814 100644 --- a/src/Auth/AuthTokenPacker.php +++ b/src/Auth/AuthTokenPacker.php @@ -37,7 +37,7 @@ class AuthTokenPacker { return AuthTokenInfo::empty(); $data = UriBase64::decode($token); - if($data === false || $data === '') + if(empty($data)) return AuthTokenInfo::empty(); $builder = new AuthTokenBuilder; diff --git a/src/Forum/ForumPostInfo.php b/src/Forum/ForumPostInfo.php index 33e72b8..644d2d9 100644 --- a/src/Forum/ForumPostInfo.php +++ b/src/Forum/ForumPostInfo.php @@ -53,7 +53,7 @@ class ForumPostInfo { get => CarbonImmutable::createFromTimestampUTC($this->createdTime); } - private static ?CarbonImmutable $markAsEditedThreshold = null; + private static ?CarbonImmutable $markAsEditedThreshold = null; // @phpstan-ignore-line: property hook issue nope, it's written to! public bool $shouldMarkAsEdited { get { @@ -71,7 +71,7 @@ class ForumPostInfo { get => $this->editedTime === null ? null : CarbonImmutable::createFromTimestampUTC($this->editedTime); } - private static ?CarbonImmutable $canBeDeletedThreshold = null; + private static ?CarbonImmutable $canBeDeletedThreshold = null; // @phpstan-ignore-line: property hook issue nope, it's written to! public bool $canBeDeleted { get { diff --git a/src/Forum/ForumTopicInfo.php b/src/Forum/ForumTopicInfo.php index 37c0b4a..b9e716e 100644 --- a/src/Forum/ForumTopicInfo.php +++ b/src/Forum/ForumTopicInfo.php @@ -101,7 +101,7 @@ class ForumTopicInfo { get => CarbonImmutable::createFromTimestampUTC($this->createdTime); } - private static ?CarbonImmutable $lastActiveAt = null; + private static ?CarbonImmutable $lastActiveAt = null; // @phpstan-ignore-line: property hook issue nope, it's written to! public bool $active { get { diff --git a/src/MisuzuContext.php b/src/MisuzuContext.php index c91bab4..bb8e496 100644 --- a/src/MisuzuContext.php +++ b/src/MisuzuContext.php @@ -109,7 +109,7 @@ class MisuzuContext { return $this->hasManageAccess; } - public function getWebAssetInfo(): ?object { + public function getWebAssetInfo(): object { return json_decode(file_get_contents(MSZ_ASSETS . '/current.json')); } diff --git a/src/News/News.php b/src/News/News.php index d838b34..c5dfd8d 100644 --- a/src/News/News.php +++ b/src/News/News.php @@ -211,7 +211,7 @@ class News { public function getPosts( NewsCategoryInfo|string|null $categoryInfo = null, - string $searchQuery = null, + ?string $searchQuery = null, bool $onlyFeatured = false, bool $includeScheduled = false, bool $includeDeleted = false, diff --git a/src/Perm.php b/src/Perm.php index f8c497c..955a6ee 100644 --- a/src/Perm.php +++ b/src/Perm.php @@ -406,12 +406,11 @@ final class Perm { } $categoryName = $currentCategoryName; - $perm = 0; + //$perm = 0; // if(is_array($permInfo)) // [$categoryName, $perm] = $permInfo; - // else - if(is_int($permInfo)) - $perm = $permInfo; + // elseif(is_int($permInfo)) + $perm = $permInfo; $item->perms[] = $permItem = new stdClass; $permItem->category = $categoryName; diff --git a/src/SiteInfo.php b/src/SiteInfo.php index 17afd76..660aaea 100644 --- a/src/SiteInfo.php +++ b/src/SiteInfo.php @@ -4,7 +4,7 @@ namespace Misuzu; use Index\Config\Config; class SiteInfo { - private array $props; + private array $props; // @phpstan-ignore-line: Seems PHPStan doesn't support property hooks yet :) public function __construct(Config $config) { $this->props = $config->getValues([ diff --git a/src/TemplatingExtension.php b/src/TemplatingExtension.php index 36e4970..d15fd8f 100644 --- a/src/TemplatingExtension.php +++ b/src/TemplatingExtension.php @@ -12,7 +12,7 @@ use Twig\TwigFunction; final class TemplatingExtension extends AbstractExtension { private MisuzuContext $ctx; - private ?object $assets; + private object $assets; public function __construct(MisuzuContext $ctx) { $this->ctx = $ctx; @@ -44,7 +44,7 @@ final class TemplatingExtension extends AbstractExtension { } public function getAssetPath(string $name): string { - return $this->assets?->{$name} ?? ''; + return $this->assets->{$name} ?? ''; } public function timeFormat(DateTimeInterface|string|int|null $dateTime): string { diff --git a/src/Users/BanInfo.php b/src/Users/BanInfo.php index 165e6b0..4497663 100644 --- a/src/Users/BanInfo.php +++ b/src/Users/BanInfo.php @@ -59,7 +59,7 @@ class BanInfo { 1 => 'second', ]; - private static function getTimeString(?int $left, int $right): string { + private static function getTimeString(?int $left, int $right): string { // @phpstan-ignore-line: property hook issue if($left === null) return 'permanent'; diff --git a/src/Users/Roles.php b/src/Users/Roles.php index 2b10586..f6109a6 100644 --- a/src/Users/Roles.php +++ b/src/Users/Roles.php @@ -74,7 +74,7 @@ class Roles { } if($hasHidden) $query .= sprintf(' %s role_hidden %s 0', ++$args > 1 ? 'AND' : 'WHERE', $hidden ? '<>' : '='); - if($hasString) + if($hasString !== null) $query .= sprintf(' %s role_string %s NULL', ++$args > 1 ? 'AND' : 'WHERE', $hasString ? 'IS NOT' : 'IS'); if($orderByRank) $query .= ' ORDER BY role_hierarchy DESC';