flashii/misuzu-interim
flashii/misuzu-interim
Archived
2
1
Fork 0
Code Issues Pull requests Releases 163 Wiki Activity Actions

Fixed PHPstan detections.

Browse source
This commit is contained in:
flash 2024-12-02 02:28:08 +00:00
parent b76e7ab264
commit 5cf2529209
63 changed files with 289 additions and 107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
VERSION
View file

@ -1 +1 @@
20241201 20241202

2
composer.json
View file

@ -33,6 +33,6 @@
} }
}, },
"require-dev": { "require-dev": {
"phpstan/phpstan": "^1.11" "phpstan/phpstan": "^2.0"
} }
} }

24
composer.lock generated
View file

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "1bf2d030b7813e94e87ca04c39b83eff", "content-hash": "82b94e9d26ac6e86616be50e2bf37660",
"packages": [ "packages": [
{ {
"name": "carbonphp/carbon-doctrine-types", "name": "carbonphp/carbon-doctrine-types",
@ -453,11 +453,11 @@
}, },
{ {
"name": "flashwave/index", "name": "flashwave/index",
"version": "v0.2410.211811", "version": "v0.2410.630140",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://patchii.net/flash/index.git", "url": "https://patchii.net/flash/index.git",
"reference": "40cbd35ba3855056987d2f7647f669e66f938979" "reference": "469391f9b601bf30553252470f175588744d4c18"
}, },
"require": { "require": {
"ext-mbstring": "*", "ext-mbstring": "*",
@ -466,8 +466,8 @@
"twig/twig": "^3.14" "twig/twig": "^3.14"
}, },
"require-dev": { "require-dev": {
"phpstan/phpstan": "^1.11", "phpstan/phpstan": "^2.0",
"phpunit/phpunit": "^11.2" "phpunit/phpunit": "^11.4"
}, },
"suggest": { "suggest": {
"ext-memcache": "Support for the Index\\Cache\\Memcached namespace (only if you can't use ext-memcached for some reason).", "ext-memcache": "Support for the Index\\Cache\\Memcached namespace (only if you can't use ext-memcached for some reason).",
@ -504,7 +504,7 @@
], ],
"description": "Composer package for the common library for my projects.", "description": "Composer package for the common library for my projects.",
"homepage": "https://railgun.sh/index", "homepage": "https://railgun.sh/index",
"time": "2024-10-21T18:15:09+00:00" "time": "2024-12-02T01:41:44+00:00"
}, },
{ {
"name": "guzzlehttp/psr7", "name": "guzzlehttp/psr7",
@ -2818,20 +2818,20 @@
"packages-dev": [ "packages-dev": [
{ {
"name": "phpstan/phpstan", "name": "phpstan/phpstan",
"version": "1.12.12", "version": "2.0.3",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/phpstan/phpstan.git", "url": "https://github.com/phpstan/phpstan.git",
"reference": "b5ae1b88f471d3fd4ba1aa0046234b5ca3776dd0" "reference": "46b4d3529b12178112d9008337beda0cc2a1a6b4"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/b5ae1b88f471d3fd4ba1aa0046234b5ca3776dd0", "url": "https://api.github.com/repos/phpstan/phpstan/zipball/46b4d3529b12178112d9008337beda0cc2a1a6b4",
"reference": "b5ae1b88f471d3fd4ba1aa0046234b5ca3776dd0", "reference": "46b4d3529b12178112d9008337beda0cc2a1a6b4",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"php": "^7.2|^8.0" "php": "^7.4|^8.0"
}, },
"conflict": { "conflict": {
"phpstan/phpstan-shim": "*" "phpstan/phpstan-shim": "*"
@ -2872,7 +2872,7 @@
"type": "github" "type": "github"
} }
], ],
"time": "2024-11-28T22:13:23+00:00" "time": "2024-11-28T22:19:37+00:00"
} }
], ],
"aliases": [], "aliases": [],

28
phpstan.neon
View file

@ -1,9 +1,37 @@
parameters: parameters:
level: 5 level: 5
paths: paths:
- database
- src - src
- public
- public-legacy
bootstrapFiles: bootstrapFiles:
- misuzu.php - misuzu.php
dynamicConstantNames: dynamicConstantNames:
- MSZ_CLI - MSZ_CLI
- MSZ_DEBUG - MSZ_DEBUG
ignoreErrors:
-
identifier: variable.undefined
path: public-legacy/forum/posting.php
-
identifier: variable.undefined
path: public-legacy/forum/topic.php
-
identifier: variable.undefined
path: public-legacy/manage/changelog/tag.php
-
identifier: variable.undefined
path: public-legacy/manage/news/category.php
-
identifier: variable.undefined
path: public-legacy/manage/news/post.php
-
identifier: variable.undefined
path: public-legacy/manage/users/note.php
-
identifier: empty.offset
path: public-legacy/search.php
-
identifier: offsetAccess.notFound
path: public-legacy/search.php

6
public-legacy/_github-callback.php
View file

@ -1,6 +1,9 @@
<?php <?php
namespace Misuzu; namespace Misuzu;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
function ghcb_strip_prefix(string $line): string { function ghcb_strip_prefix(string $line): string {
$findColon = mb_strpos($line, ':'); $findColon = mb_strpos($line, ':');
return trim($findColon === false || $findColon >= 10 ? $line : mb_substr($line, $findColon + 1)); return trim($findColon === false || $findColon >= 10 ? $line : mb_substr($line, $findColon + 1));
@ -69,6 +72,9 @@ foreach($config['tokens']['token'] as $repoName => $repoToken) {
} }
} }
if(!isset($repoName) || !is_string($repoName))
die('no repo name');
if(!$repoAuthenticated) if(!$repoAuthenticated)
die('signature check failed'); die('signature check failed');

9
public-legacy/auth/login.php
View file

@ -4,6 +4,9 @@ namespace Misuzu;
use Exception; use Exception;
use Misuzu\Auth\AuthTokenCookie; use Misuzu\Auth\AuthTokenCookie;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if($msz->authInfo->isLoggedIn) { if($msz->authInfo->isLoggedIn) {
Tools::redirect($msz->urls->format('index')); Tools::redirect($msz->urls->format('index'));
return; return;
@ -39,14 +42,14 @@ $userAgent = $_SERVER['HTTP_USER_AGENT'] ?? '';
$remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress); $remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress);
$siteIsPrivate = $cfg->getBoolean('private.enable'); $siteIsPrivate = $msz->config->getBoolean('private.enable');
if($siteIsPrivate) { if($siteIsPrivate) {
[ [
'private.perm.cat' => $loginPermCat, 'private.perm.cat' => $loginPermCat,
'private.perm.val' => $loginPermVal, 'private.perm.val' => $loginPermVal,
'private.msg' => $sitePrivateMessage, 'private.msg' => $sitePrivateMessage,
'private.allow_password_reset' => $canResetPassword, 'private.allow_password_reset' => $canResetPassword,
] = $cfg->getValues([ ] = $msz->config->getValues([
'private.perm.cat:s', 'private.perm.cat:s',
'private.perm.val:i', 'private.perm.val:i',
'private.msg:s', 'private.msg:s',
@ -136,7 +139,7 @@ while(!empty($_POST['login']) && is_array($_POST['login'])) {
$tokenBuilder->removeImpersonatedUserId(); $tokenBuilder->removeImpersonatedUserId();
$tokenInfo = $tokenBuilder->toInfo(); $tokenInfo = $tokenBuilder->toInfo();
AuthTokenCookie::apply($tokenPacker->pack($tokenInfo)); AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
if(!Tools::isLocalURL($loginRedirect)) if(!Tools::isLocalURL($loginRedirect))
$loginRedirect = $msz->urls->format('index'); $loginRedirect = $msz->urls->format('index');

5
public-legacy/auth/logout.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use Misuzu\Auth\AuthTokenCookie; use Misuzu\Auth\AuthTokenCookie;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if($msz->authInfo->isLoggedIn) { if($msz->authInfo->isLoggedIn) {
if(!CSRF::validateRequest()) { if(!CSRF::validateRequest()) {
Template::render('auth.logout'); Template::render('auth.logout');
@ -18,7 +21,7 @@ if($msz->authInfo->isLoggedIn) {
$tokenBuilder->removeImpersonatedUserId(); $tokenBuilder->removeImpersonatedUserId();
$tokenInfo = $tokenBuilder->toInfo(); $tokenInfo = $tokenBuilder->toInfo();
AuthTokenCookie::apply($tokenPacker->pack($tokenInfo)); AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
} }
Tools::redirect($msz->urls->format('index'));; Tools::redirect($msz->urls->format('index'));;

7
public-legacy/auth/password.php
View file

@ -4,6 +4,9 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
use Misuzu\Users\User; use Misuzu\Users\User;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if($msz->authInfo->isLoggedIn) { if($msz->authInfo->isLoggedIn) {
Tools::redirect($msz->urls->format('settings-account')); Tools::redirect($msz->urls->format('settings-account'));
return; return;
@ -25,8 +28,8 @@ if($userId > 0)
$notices = []; $notices = [];
$ipAddress = $_SERVER['REMOTE_ADDR']; $ipAddress = $_SERVER['REMOTE_ADDR'];
$siteIsPrivate = $cfg->getBoolean('private.enable'); $siteIsPrivate = $msz->config->getBoolean('private.enable');
$canResetPassword = $siteIsPrivate ? $cfg->getBoolean('private.allow_password_reset', true) : true; $canResetPassword = $siteIsPrivate ? $msz->config->getBoolean('private.allow_password_reset', true) : true;
$remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress); $remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress);

18
public-legacy/auth/register.php
View file

@ -4,6 +4,9 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
use Misuzu\Users\User; use Misuzu\Users\User;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if($msz->authInfo->isLoggedIn) { if($msz->authInfo->isLoggedIn) {
Tools::redirect($msz->urls->format('index')); Tools::redirect($msz->urls->format('index'));
return; return;
@ -14,20 +17,9 @@ $notices = [];
$ipAddress = $_SERVER['REMOTE_ADDR']; $ipAddress = $_SERVER['REMOTE_ADDR'];
$countryCode = $_SERVER['COUNTRY_CODE'] ?? 'XX'; $countryCode = $_SERVER['COUNTRY_CODE'] ?? 'XX';
// there is currently no ip banning system.
// because people can have a wide variety of ip address
// it doesn't make sense to include a single row for it
// in the user bans table
// add better ip tracking and reintroduce the blacklist
// was thinking of having both a storage table and an expanded table
// with the storage table contains range syntaxes and whatnot
// and the expanded table just having seas of raw ips in it with a primary key
// for fast matching
$restricted = '';
$remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress); $remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress);
while(!$restricted && !empty($register)) { while(!empty($register)) {
if(!CSRF::validateRequest()) { if(!CSRF::validateRequest()) {
$notices[] = 'Was unable to verify the request, please try again!'; $notices[] = 'Was unable to verify the request, please try again!';
break; break;
@ -109,5 +101,5 @@ Template::render('auth.register', [
'register_notices' => $notices, 'register_notices' => $notices,
'register_username' => !empty($register['username']) && is_string($register['username']) ? $register['username'] : '', 'register_username' => !empty($register['username']) && is_string($register['username']) ? $register['username'] : '',
'register_email' => !empty($register['email']) && is_string($register['email']) ? $register['email'] : '', 'register_email' => !empty($register['email']) && is_string($register['email']) ? $register['email'] : '',
'register_restricted' => $restricted, 'register_restricted' => '',
]); ]);

5
public-legacy/auth/revert.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use Misuzu\Auth\AuthTokenCookie; use Misuzu\Auth\AuthTokenCookie;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(CSRF::validateRequest()) { if(CSRF::validateRequest()) {
$tokenInfo = $msz->authInfo->tokenInfo; $tokenInfo = $msz->authInfo->tokenInfo;
@ -13,7 +16,7 @@ if(CSRF::validateRequest()) {
$tokenBuilder->removeImpersonatedUserId(); $tokenBuilder->removeImpersonatedUserId();
$tokenInfo = $tokenBuilder->toInfo(); $tokenInfo = $tokenBuilder->toInfo();
AuthTokenCookie::apply($tokenPacker->pack($tokenInfo)); AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
Tools::redirect($msz->urls->format('manage-user', ['user' => $impUserId])); Tools::redirect($msz->urls->format('manage-user', ['user' => $impUserId]));
return; return;
} }

5
public-legacy/auth/twofactor.php
View file

@ -5,6 +5,9 @@ use RuntimeException;
use Misuzu\TOTPGenerator; use Misuzu\TOTPGenerator;
use Misuzu\Auth\AuthTokenCookie; use Misuzu\Auth\AuthTokenCookie;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if($msz->authInfo->isLoggedIn) { if($msz->authInfo->isLoggedIn) {
Tools::redirect($msz->urls->format('index')); Tools::redirect($msz->urls->format('index'));
return; return;
@ -85,7 +88,7 @@ while(!empty($twofactor)) {
$tokenBuilder->removeImpersonatedUserId(); $tokenBuilder->removeImpersonatedUserId();
$tokenInfo = $tokenBuilder->toInfo(); $tokenInfo = $tokenBuilder->toInfo();
AuthTokenCookie::apply($tokenPacker->pack($tokenInfo)); AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
if(!Tools::isLocalURL($redirect)) if(!Tools::isLocalURL($redirect))
$redirect = $msz->urls->format('index'); $redirect = $msz->urls->format('index');

35
public-legacy/comments.php
View file

@ -2,6 +2,10 @@
namespace Misuzu; namespace Misuzu;
use RuntimeException; use RuntimeException;
use Misuzu\Comments\{CommentsCategoryInfo,CommentsPostInfo};
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
$redirect = filter_input(INPUT_GET, 'return') ?? $_SERVER['HTTP_REFERER'] ?? $msz->urls->format('index'); $redirect = filter_input(INPUT_GET, 'return') ?? $_SERVER['HTTP_REFERER'] ?? $msz->urls->format('index');
@ -39,12 +43,12 @@ if($commentMode !== 'create' && empty($commentInfo))
switch($commentMode) { switch($commentMode) {
case 'pin': case 'pin':
case 'unpin': case 'unpin':
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
Template::displayInfo('Comment category not found.', 404);
if(!$perms->check(Perm::G_COMMENTS_PIN) && !$categoryInfo->isOwner($msz->authInfo->userInfo)) if(!$perms->check(Perm::G_COMMENTS_PIN) && !$categoryInfo->isOwner($msz->authInfo->userInfo))
Template::displayInfo("You're not allowed to pin comments.", 403); Template::displayInfo("You're not allowed to pin comments.", 403);
if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo) || $commentInfo->deleted)
if($commentInfo->deleted)
Template::displayInfo("This comment doesn't exist!", 400); Template::displayInfo("This comment doesn't exist!", 400);
if($commentInfo->isReply) if($commentInfo->isReply)
Template::displayInfo("You can't pin replies!", 400); Template::displayInfo("You can't pin replies!", 400);
@ -66,10 +70,11 @@ switch($commentMode) {
break; break;
case 'vote': case 'vote':
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
Template::displayInfo('Comment category not found.', 404);
if(!$perms->check(Perm::G_COMMENTS_VOTE) && !$categoryInfo->isOwner($msz->authInfo->userInfo)) if(!$perms->check(Perm::G_COMMENTS_VOTE) && !$categoryInfo->isOwner($msz->authInfo->userInfo))
Template::displayInfo("You're not allowed to vote on comments.", 403); Template::displayInfo("You're not allowed to vote on comments.", 403);
if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo) || $commentInfo->deleted)
if($commentInfo->deleted)
Template::displayInfo("This comment doesn't exist!", 400); Template::displayInfo("This comment doesn't exist!", 400);
if($commentVote > 0) if($commentVote > 0)
@ -83,12 +88,15 @@ switch($commentMode) {
break; break;
case 'delete': case 'delete':
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
Template::displayInfo('Comment category not found.', 404);
$canDelete = $perms->check(Perm::G_COMMENTS_DELETE_OWN | Perm::G_COMMENTS_DELETE_ANY); $canDelete = $perms->check(Perm::G_COMMENTS_DELETE_OWN | Perm::G_COMMENTS_DELETE_ANY);
if(!$canDelete && !$categoryInfo->isOwner($msz->authInfo->userInfo)) if(!$canDelete && !$categoryInfo->isOwner($msz->authInfo->userInfo))
Template::displayInfo("You're not allowed to delete comments.", 403); Template::displayInfo("You're not allowed to delete comments.", 403);
$canDeleteAny = $perms->check(Perm::G_COMMENTS_DELETE_ANY); $canDeleteAny = $perms->check(Perm::G_COMMENTS_DELETE_ANY);
if($commentInfo->deleted) if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo) || $commentInfo->deleted)
Template::displayInfo( Template::displayInfo(
$canDeleteAny ? 'This comment is already marked for deletion.' : "This comment doesn't exist.", $canDeleteAny ? 'This comment is already marked for deletion.' : "This comment doesn't exist.",
400 400
@ -119,6 +127,8 @@ switch($commentMode) {
if(!$perms->check(Perm::G_COMMENTS_DELETE_ANY)) if(!$perms->check(Perm::G_COMMENTS_DELETE_ANY))
Template::displayInfo("You're not allowed to restore deleted comments.", 403); Template::displayInfo("You're not allowed to restore deleted comments.", 403);
if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo))
Template::displayInfo("This comment is probably nuked already.", 404);
if(!$commentInfo->deleted) if(!$commentInfo->deleted)
Template::displayInfo("This comment isn't in a deleted state.", 400); Template::displayInfo("This comment isn't in a deleted state.", 400);
@ -134,9 +144,10 @@ switch($commentMode) {
break; break;
case 'create': case 'create':
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
Template::displayInfo('Comment category not found.', 404);
if(!$perms->check(Perm::G_COMMENTS_CREATE) && !$categoryInfo->isOwner($msz->authInfo->userInfo)) if(!$perms->check(Perm::G_COMMENTS_CREATE) && !$categoryInfo->isOwner($msz->authInfo->userInfo))
Template::displayInfo("You're not allowed to post comments.", 403); Template::displayInfo("You're not allowed to post comments.", 403);
if(empty($_POST['comment']) || !is_array($_POST['comment'])) if(empty($_POST['comment']) || !is_array($_POST['comment']))
Template::displayInfo('Missing data.', 400); Template::displayInfo('Missing data.', 400);
@ -144,7 +155,7 @@ switch($commentMode) {
$categoryId = isset($_POST['comment']['category']) && is_string($_POST['comment']['category']) $categoryId = isset($_POST['comment']['category']) && is_string($_POST['comment']['category'])
? (int)$_POST['comment']['category'] ? (int)$_POST['comment']['category']
: 0; : 0;
$categoryInfo = $msz->comments->getCategory(categoryId: $categoryId); $categoryInfo = $msz->comments->getCategory(categoryId: (string)$categoryId);
} catch(RuntimeException $ex) { } catch(RuntimeException $ex) {
Template::displayInfo('This comment category doesn\'t exist.', 404); Template::displayInfo('This comment category doesn\'t exist.', 404);
} }
@ -168,12 +179,10 @@ switch($commentMode) {
if(strlen($commentText) > 0) { if(strlen($commentText) > 0) {
$commentText = preg_replace("/[\r\n]{2,}/", "\n", $commentText); $commentText = preg_replace("/[\r\n]{2,}/", "\n", $commentText);
} else { } else {
if($canLock) { if($canLock)
Template::displayInfo('The action has been processed.', 400); Template::displayInfo('The action has been processed.', 400);
} else { else
Template::displayInfo('Your comment is too short.', 400); Template::displayInfo('Your comment is too short.', 400);
}
break;
} }
if(mb_strlen($commentText) > 5000) if(mb_strlen($commentText) > 5000)
@ -184,7 +193,7 @@ switch($commentMode) {
$parentInfo = $msz->comments->getPost($commentReply); $parentInfo = $msz->comments->getPost($commentReply);
} catch(RuntimeException $ex) {} } catch(RuntimeException $ex) {}
if(!isset($parentInfo) || $parentInfo->deleted) if(!isset($parentInfo) || !($parentInfo instanceof CommentsPostInfo) || $parentInfo->deleted)
Template::displayInfo('The comment you tried to reply to does not exist.', 404); Template::displayInfo('The comment you tried to reply to does not exist.', 404);
} }

5
public-legacy/forum/forum.php
View file

@ -4,7 +4,10 @@ namespace Misuzu;
use stdClass; use stdClass;
use RuntimeException; use RuntimeException;
$categoryId = (int)filter_input(INPUT_GET, 'f', FILTER_SANITIZE_NUMBER_INT); if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
$categoryId = (string)filter_input(INPUT_GET, 'f', FILTER_SANITIZE_NUMBER_INT);
try { try {
$categoryInfo = $msz->forumCtx->categories->getCategory(categoryId: $categoryId); $categoryInfo = $msz->forumCtx->categories->getCategory(categoryId: $categoryId);

5
public-legacy/forum/index.php
View file

@ -4,6 +4,9 @@ namespace Misuzu;
use stdClass; use stdClass;
use RuntimeException; use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
$mode = (string)filter_input(INPUT_GET, 'm'); $mode = (string)filter_input(INPUT_GET, 'm');
$currentUser = $msz->authInfo->userInfo; $currentUser = $msz->authInfo->userInfo;
@ -23,7 +26,7 @@ if($mode === 'mark') {
foreach($categoryInfos as $categoryInfo) { foreach($categoryInfos as $categoryInfo) {
$perms = $msz->authInfo->getPerms('forum', $categoryInfo); $perms = $msz->authInfo->getPerms('forum', $categoryInfo);
if($perms->check(Perm::F_CATEGORY_LIST)) if($perms->check(Perm::F_CATEGORY_LIST))
$msz->forumCtx->categories->updateUserReadCategory($userInfo, $categoryInfo); $msz->forumCtx->categories->updateUserReadCategory($currentUser, $categoryInfo);
} }
Tools::redirect($msz->urls->format($categoryId ? 'forum-category' : 'forum-index', ['forum' => $categoryId])); Tools::redirect($msz->urls->format($categoryId ? 'forum-category' : 'forum-index', ['forum' => $categoryId]));

7
public-legacy/forum/leaderboard.php
View file

@ -3,10 +3,13 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_FORUM_LEADERBOARD_VIEW)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_FORUM_LEADERBOARD_VIEW))
Template::throwError(403); Template::throwError(403);
$config = $cfg->getValues([ $config = $msz->config->getValues([
['forum_leader.first_year:i', 2018], ['forum_leader.first_year:i', 2018],
['forum_leader.first_month:i', 12], ['forum_leader.first_month:i', 12],
'forum_leader.unranked.forum:a', 'forum_leader.unranked.forum:a',
@ -90,7 +93,7 @@ MD;
foreach($rankings as $ranking) { foreach($rankings as $ranking) {
$totalPostsCount += $ranking->postsCount; $totalPostsCount += $ranking->postsCount;
$markdown .= sprintf("| %s | [%s](%s%s) | %s |\r\n", $ranking->position, $markdown .= sprintf("| %s | [%s](%s%s) | %s |\r\n", $ranking->position,
$ranking->user?->name ?? 'Deleted User', $ranking->user?->name ?? 'Deleted User', // @phpstan-ignore-line: no, it can be null
$msz->siteInfo->url, $msz->siteInfo->url,
$msz->urls->format('user-profile', ['user' => $ranking->userId]), $msz->urls->format('user-profile', ['user' => $ranking->userId]),
number_format($ranking->postsCount)); number_format($ranking->postsCount));

5
public-legacy/forum/post.php
View file

@ -3,7 +3,10 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0; if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (string)$_GET['p'] : '0';
$postMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : ''; $postMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
$submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) && $_GET['confirm'] === '1'; $submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) && $_GET['confirm'] === '1';

30
public-legacy/forum/posting.php
View file

@ -3,11 +3,14 @@ namespace Misuzu;
use stdClass; use stdClass;
use RuntimeException; use RuntimeException;
use Misuzu\Forum\ForumTopicInfo; use Misuzu\Forum\{ForumCategoryInfo,ForumPostInfo,ForumTopicInfo};
use Misuzu\Parsers\Parser; use Misuzu\Parsers\Parser;
use Index\XDateTime; use Index\XDateTime;
use Carbon\CarbonImmutable; use Carbon\CarbonImmutable;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->isLoggedIn) if(!$msz->authInfo->isLoggedIn)
Template::throwError(401); Template::throwError(401);
@ -58,7 +61,7 @@ if(empty($postId)) {
$hasPostInfo = false; $hasPostInfo = false;
} else { } else {
try { try {
$postInfo = $msz->forumCtx->posts->getPost(postId: $postId); $postInfo = $msz->forumCtx->posts->getPost(postId: (string)$postId);
} catch(RuntimeException $ex) { } catch(RuntimeException $ex) {
Template::throwError(404); Template::throwError(404);
} }
@ -100,6 +103,9 @@ if(empty($forumId)) {
$hasCategoryInfo = true; $hasCategoryInfo = true;
} }
if(!isset($categoryInfo) || !($categoryInfo instanceof ForumCategoryInfo))
Template::throwError(404);
$perms = $msz->authInfo->getPerms('forum', $categoryInfo); $perms = $msz->authInfo->getPerms('forum', $categoryInfo);
if($categoryInfo->archived if($categoryInfo->archived
@ -126,8 +132,12 @@ if($mode === 'create' || $mode === 'edit') {
} }
// edit mode stuff // edit mode stuff
if($mode === 'edit' && !$perms->check($postInfo->userId === $currentUserId ? Perm::F_POST_EDIT_OWN : Perm::F_POST_EDIT_ANY)) if($mode === 'edit') {
Template::throwError(403); if(!isset($postInfo) || !($postInfo instanceof ForumPostInfo))
Template::throwError(404);
if(!$perms->check($postInfo->userId === $currentUserId ? Perm::F_POST_EDIT_OWN : Perm::F_POST_EDIT_ANY))
Template::throwError(403);
}
$notices = []; $notices = [];
@ -159,9 +169,9 @@ if(!empty($_POST)) {
} }
if($isEditingTopic) { if($isEditingTopic) {
$originalTopicTitle = $topicInfo?->title ?? null; $originalTopicTitle = $topicInfo?->title ?? null; // @phpstan-ignore-line: nope it can be null
$topicTitleChanged = $topicTitle !== $originalTopicTitle; $topicTitleChanged = $topicTitle !== $originalTopicTitle;
$originalTopicType = $topicInfo?->typeString ?? 'discussion'; $originalTopicType = $topicInfo?->typeString ?? 'discussion'; // @phpstan-ignore-line: this also
$topicTypeChanged = $topicType !== null && $topicType !== $originalTopicType; $topicTypeChanged = $topicType !== null && $topicType !== $originalTopicType;
$topicTitleLengths = $cfg->getValues([ $topicTitleLengths = $cfg->getValues([
@ -232,7 +242,7 @@ if(!empty($_POST)) {
&& $postText !== $postInfo->body; && $postText !== $postInfo->body;
$msz->forumCtx->posts->updatePost( $msz->forumCtx->posts->updatePost(
$postId, (string)$postId,
remoteAddr: $_SERVER['REMOTE_ADDR'], remoteAddr: $_SERVER['REMOTE_ADDR'],
body: $postText, body: $postText,
bodyParser: $postParser, bodyParser: $postParser,
@ -249,11 +259,11 @@ if(!empty($_POST)) {
break; break;
} }
if(empty($notices)) { if(empty($notices)) { // @phpstan-ignore-line: i'm guessing it gets the type confused at this point
// does this ternary ever return forum-topic? // does this ternary ever return forum-topic?
$redirect = $msz->urls->format(empty($topicInfo) ? 'forum-topic' : 'forum-post', [ $redirect = $msz->urls->format(empty($topicInfo) ? 'forum-topic' : 'forum-post', [
'topic' => $topicId ?? 0, 'topic' => $topicId,
'post' => $postId ?? 0, 'post' => $postId,
]); ]);
Tools::redirect($redirect); Tools::redirect($redirect);
return; return;

7
public-legacy/forum/topic.php
View file

@ -4,6 +4,9 @@ namespace Misuzu;
use stdClass; use stdClass;
use RuntimeException; use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0; $postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0;
$topicId = !empty($_GET['t']) && is_string($_GET['t']) ? (int)$_GET['t'] : 0; $topicId = !empty($_GET['t']) && is_string($_GET['t']) ? (int)$_GET['t'] : 0;
$categoryId = null; $categoryId = null;
@ -15,7 +18,7 @@ $currentUserId = $currentUser === null ? '0' : $currentUser->id;
if($topicId < 1 && $postId > 0) { if($topicId < 1 && $postId > 0) {
try { try {
$postInfo = $msz->forumCtx->posts->getPost(postId: $postId); $postInfo = $msz->forumCtx->posts->getPost(postId: (string)$postId);
} catch(RuntimeException $ex) { } catch(RuntimeException $ex) {
Template::throwError(404); Template::throwError(404);
} }
@ -267,7 +270,7 @@ if($canDeleteAny)
$topicPagination = new Pagination($topicPosts, 10, 'page'); $topicPagination = new Pagination($topicPosts, 10, 'page');
if(isset($preceedingPostCount)) if(isset($preceedingPostCount))
$topicPagination->setPage(floor($preceedingPostCount / $topicPagination->getRange()), true); $topicPagination->setPage((int)floor($preceedingPostCount / $topicPagination->getRange()), true);
if(!$topicPagination->hasValidOffset()) if(!$topicPagination->hasValidOffset())
Template::throwError(404); Template::throwError(404);

5
public-legacy/manage/changelog/change.php
View file

@ -7,6 +7,9 @@ use Misuzu\Changelog\Changelog;
use Carbon\CarbonImmutable; use Carbon\CarbonImmutable;
use Index\{XArray,XDateTime}; use Index\{XArray,XDateTime};
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE))
Template::throwError(403); Template::throwError(403);
@ -41,7 +44,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
} }
// make errors not echos lol // make errors not echos lol
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
$action = trim((string)filter_input(INPUT_POST, 'cl_action')); $action = trim((string)filter_input(INPUT_POST, 'cl_action'));
$summary = trim((string)filter_input(INPUT_POST, 'cl_summary')); $summary = trim((string)filter_input(INPUT_POST, 'cl_summary'));
$body = trim((string)filter_input(INPUT_POST, 'cl_body')); $body = trim((string)filter_input(INPUT_POST, 'cl_body'));

3
public-legacy/manage/changelog/index.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE))
Template::throwError(403); Template::throwError(403);

5
public-legacy/manage/changelog/tag.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE))
Template::throwError(403); Template::throwError(403);
@ -29,7 +32,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
return; return;
} }
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
$name = trim((string)filter_input(INPUT_POST, 'ct_name')); $name = trim((string)filter_input(INPUT_POST, 'ct_name'));
$description = trim((string)filter_input(INPUT_POST, 'ct_desc')); $description = trim((string)filter_input(INPUT_POST, 'ct_desc'));
$archive = !empty($_POST['ct_archive']); $archive = !empty($_POST['ct_archive']);

3
public-legacy/manage/changelog/tags.php
View file

@ -1,6 +1,9 @@
<?php <?php
namespace Misuzu; namespace Misuzu;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE))
Template::throwError(403); Template::throwError(403);

3
public-legacy/manage/forum/index.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use Misuzu\Perm; use Misuzu\Perm;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_FORUM_CATEGORIES_MANAGE)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_FORUM_CATEGORIES_MANAGE))
Template::throwError(403); Template::throwError(403);

3
public-legacy/manage/forum/redirs.php
View file

@ -1,6 +1,9 @@
<?php <?php
namespace Misuzu; namespace Misuzu;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_FORUM_TOPIC_REDIRS_MANAGE)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_FORUM_TOPIC_REDIRS_MANAGE))
Template::throwError(403); Template::throwError(403);

3
public-legacy/manage/general/emoticon.php
View file

@ -4,6 +4,9 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
use Index\XArray; use Index\XArray;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_EMOTES_MANAGE)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_EMOTES_MANAGE))
Template::throwError(403); Template::throwError(403);

3
public-legacy/manage/general/emoticons.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_EMOTES_MANAGE)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_EMOTES_MANAGE))
Template::throwError(403); Template::throwError(403);

3
public-legacy/manage/general/index.php
View file

@ -1,6 +1,9 @@
<?php <?php
namespace Misuzu; namespace Misuzu;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
$counterInfos = $msz->counters->getCounters(orderBy: 'name'); $counterInfos = $msz->counters->getCounters(orderBy: 'name');
$counterNamesRaw = $msz->config->getArray('counters.names'); $counterNamesRaw = $msz->config->getArray('counters.names');
$counterNamesCount = count($counterNamesRaw); $counterNamesCount = count($counterNamesRaw);

3
public-legacy/manage/general/logs.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use Misuzu\Pagination; use Misuzu\Pagination;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_LOGS_VIEW)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_LOGS_VIEW))
Template::throwError(403); Template::throwError(403);

7
public-legacy/manage/general/setting-delete.php
View file

@ -1,18 +1,21 @@
<?php <?php
namespace Misuzu; namespace Misuzu;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE))
Template::throwError(403); Template::throwError(403);
$valueName = (string)filter_input(INPUT_GET, 'name'); $valueName = (string)filter_input(INPUT_GET, 'name');
$valueInfo = $cfg->getValueInfo($valueName); $valueInfo = $msz->config->getValueInfo($valueName);
if($valueInfo === null) if($valueInfo === null)
Template::throwError(404); Template::throwError(404);
if($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { if($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
$valueName = $valueInfo->getName(); $valueName = $valueInfo->getName();
$msz->createAuditLog('CONFIG_DELETE', [$valueName]); $msz->createAuditLog('CONFIG_DELETE', [$valueName]);
$cfg->removeValues($valueName); $msz->config->removeValues($valueName);
Tools::redirect($msz->urls->format('manage-general-settings')); Tools::redirect($msz->urls->format('manage-general-settings'));
return; return;
} }

15
public-legacy/manage/general/setting.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use Index\Config\Db\DbConfig; use Index\Config\Db\DbConfig;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE))
Template::throwError(403); Template::throwError(403);
@ -10,7 +13,7 @@ $isNew = true;
$sName = (string)filter_input(INPUT_GET, 'name'); $sName = (string)filter_input(INPUT_GET, 'name');
$sType = (string)filter_input(INPUT_GET, 'type'); $sType = (string)filter_input(INPUT_GET, 'type');
$sValue = null; $sValue = null;
$loadValueInfo = fn() => $cfg->getValueInfo($sName); $loadValueInfo = fn() => $msz->config->getValueInfo($sName);
if(!empty($sName)) { if(!empty($sName)) {
$sInfo = $loadValueInfo(); $sInfo = $loadValueInfo();
@ -38,7 +41,7 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
} }
if($sType === 'array') { if($sType === 'array') {
$applyFunc = $cfg->setArray(...); $applyFunc = $msz->config->setArray(...);
$sValue = []; $sValue = [];
$sRaw = filter_input(INPUT_POST, 'conf_value', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY); $sRaw = filter_input(INPUT_POST, 'conf_value', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY);
foreach($sRaw as $rValue) { foreach($sRaw as $rValue) {
@ -58,17 +61,17 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
} }
} elseif($sType === 'bool') { } elseif($sType === 'bool') {
$sValue = !empty($_POST['conf_value']); $sValue = !empty($_POST['conf_value']);
$applyFunc = $cfg->setBoolean(...); $applyFunc = $msz->config->setBoolean(...);
} else { } else {
$sValue = filter_input(INPUT_POST, 'conf_value'); $sValue = filter_input(INPUT_POST, 'conf_value');
if($sType === 'int') { if($sType === 'int') {
$applyFunc = $cfg->setInteger(...); $applyFunc = $msz->config->setInteger(...);
$sValue = (int)$sValue; $sValue = (int)$sValue;
} elseif($sType === 'float') { } elseif($sType === 'float') {
$applyFunc = $cfg->setFloat(...); $applyFunc = $msz->config->setFloat(...);
$sValue = (float)$sValue; $sValue = (float)$sValue;
} else } else
$applyFunc = $cfg->setString(...); $applyFunc = $msz->config->setString(...);
} }
$msz->createAuditLog($isNew ? 'CONFIG_CREATE' : 'CONFIG_UPDATE', [$sName]); $msz->createAuditLog($isNew ? 'CONFIG_CREATE' : 'CONFIG_UPDATE', [$sName]);

7
public-legacy/manage/general/settings.php
View file

@ -1,11 +1,14 @@
<?php <?php
namespace Misuzu; namespace Misuzu;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE))
Template::throwError(403); Template::throwError(403);
$hidden = $cfg->getArray('settings.hidden'); $hidden = $msz->config->getArray('settings.hidden');
$vars = $cfg->getAllValueInfos(); $vars = $msz->config->getAllValueInfos();
Template::render('manage.general.settings', [ Template::render('manage.general.settings', [
'config_vars' => $vars, 'config_vars' => $vars,

3
public-legacy/manage/news/categories.php
View file

@ -1,6 +1,9 @@
<?php <?php
namespace Misuzu; namespace Misuzu;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE))
Template::throwError(403); Template::throwError(403);

5
public-legacy/manage/news/category.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE))
Template::throwError(403); Template::throwError(403);
@ -29,7 +32,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
return; return;
} }
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
$name = trim((string)filter_input(INPUT_POST, 'nc_name')); $name = trim((string)filter_input(INPUT_POST, 'nc_name'));
$description = trim((string)filter_input(INPUT_POST, 'nc_desc')); $description = trim((string)filter_input(INPUT_POST, 'nc_desc'));
$hidden = !empty($_POST['nc_hidden']); $hidden = !empty($_POST['nc_hidden']);

5
public-legacy/manage/news/post.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE))
Template::throwError(403); Template::throwError(403);
@ -29,7 +32,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
return; return;
} }
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
$title = trim((string)filter_input(INPUT_POST, 'np_title')); $title = trim((string)filter_input(INPUT_POST, 'np_title'));
$category = (string)filter_input(INPUT_POST, 'np_category', FILTER_SANITIZE_NUMBER_INT); $category = (string)filter_input(INPUT_POST, 'np_category', FILTER_SANITIZE_NUMBER_INT);
$featured = !empty($_POST['np_featured']); $featured = !empty($_POST['np_featured']);

3
public-legacy/manage/news/posts.php
View file

@ -1,6 +1,9 @@
<?php <?php
namespace Misuzu; namespace Misuzu;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE)) if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE))
Template::throwError(403); Template::throwError(403);

5
public-legacy/manage/users/ban.php
View file

@ -5,6 +5,9 @@ use DateTimeInterface;
use RuntimeException; use RuntimeException;
use Carbon\CarbonImmutable; use Carbon\CarbonImmutable;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('user')->check(Perm::U_BANS_MANAGE)) if(!$msz->authInfo->getPerms('user')->check(Perm::U_BANS_MANAGE))
Template::throwError(403); Template::throwError(403);
@ -32,7 +35,7 @@ try {
$modInfo = $msz->authInfo->userInfo; $modInfo = $msz->authInfo->userInfo;
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
$expires = (int)filter_input(INPUT_POST, 'ub_expires', FILTER_SANITIZE_NUMBER_INT); $expires = (int)filter_input(INPUT_POST, 'ub_expires', FILTER_SANITIZE_NUMBER_INT);
$expiresCustom = (string)filter_input(INPUT_POST, 'ub_expires_custom'); $expiresCustom = (string)filter_input(INPUT_POST, 'ub_expires_custom');
$publicReason = trim((string)filter_input(INPUT_POST, 'ub_reason_pub')); $publicReason = trim((string)filter_input(INPUT_POST, 'ub_reason_pub'));

3
public-legacy/manage/users/bans.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('user')->check(Perm::U_BANS_MANAGE)) if(!$msz->authInfo->getPerms('user')->check(Perm::U_BANS_MANAGE))
Template::throwError(403); Template::throwError(403);

3
public-legacy/manage/users/index.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use Misuzu\Users\Roles; use Misuzu\Users\Roles;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('user')->check(Perm::U_USERS_MANAGE)) if(!$msz->authInfo->getPerms('user')->check(Perm::U_USERS_MANAGE))
Template::throwError(403); Template::throwError(403);

3
public-legacy/manage/users/note.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('user')->check(Perm::U_NOTES_MANAGE)) if(!$msz->authInfo->getPerms('user')->check(Perm::U_NOTES_MANAGE))
Template::throwError(403); Template::throwError(403);

3
public-legacy/manage/users/notes.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('user')->check(Perm::U_NOTES_MANAGE)) if(!$msz->authInfo->getPerms('user')->check(Perm::U_NOTES_MANAGE))
Template::throwError(403); Template::throwError(403);

3
public-legacy/manage/users/role.php
View file

@ -6,6 +6,9 @@ use Index\Colour\Colour;
use Index\Colour\ColourRgb; use Index\Colour\ColourRgb;
use Misuzu\Perm; use Misuzu\Perm;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
$viewerPerms = $msz->authInfo->getPerms('user'); $viewerPerms = $msz->authInfo->getPerms('user');
if(!$viewerPerms->check(Perm::U_ROLES_MANAGE)) if(!$viewerPerms->check(Perm::U_ROLES_MANAGE))
Template::throwError(403); Template::throwError(403);

3
public-legacy/manage/users/roles.php
View file

@ -1,6 +1,9 @@
<?php <?php
namespace Misuzu; namespace Misuzu;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('user')->check(Perm::U_ROLES_MANAGE)) if(!$msz->authInfo->getPerms('user')->check(Perm::U_ROLES_MANAGE))
Template::throwError(403); Template::throwError(403);

7
public-legacy/manage/users/user.php
View file

@ -7,6 +7,9 @@ use Misuzu\Perm;
use Misuzu\Auth\AuthTokenCookie; use Misuzu\Auth\AuthTokenCookie;
use Misuzu\Users\User; use Misuzu\Users\User;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
$viewerPerms = $msz->authInfo->getPerms('user'); $viewerPerms = $msz->authInfo->getPerms('user');
if(!$msz->authInfo->isLoggedIn) if(!$msz->authInfo->isLoggedIn)
Template::throwError(403); Template::throwError(403);
@ -26,7 +29,7 @@ if(!$hasAccess)
Template::throwError(403); Template::throwError(403);
$notices = []; $notices = [];
$userId = (int)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT); $userId = (string)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT);
try { try {
$userInfo = $msz->usersCtx->users->getUser($userId, 'id'); $userInfo = $msz->usersCtx->users->getUser($userId, 'id');
@ -65,7 +68,7 @@ if(CSRF::validateRequest() && $canEdit) {
$tokenBuilder->setImpersonatedUserId($userInfo->id); $tokenBuilder->setImpersonatedUserId($userInfo->id);
$tokenInfo = $tokenBuilder->toInfo(); $tokenInfo = $tokenBuilder->toInfo();
AuthTokenCookie::apply($tokenPacker->pack($tokenInfo)); AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
Tools::redirect($msz->urls->format('index')); Tools::redirect($msz->urls->format('index'));
return; return;
} else $notices[] = 'You aren\'t allowed to impersonate this user.'; } else $notices[] = 'You aren\'t allowed to impersonate this user.';

5
public-legacy/manage/users/warning.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('user')->check(Perm::U_WARNINGS_MANAGE)) if(!$msz->authInfo->getPerms('user')->check(Perm::U_WARNINGS_MANAGE))
Template::throwError(403); Template::throwError(403);
@ -30,7 +33,7 @@ try {
$modInfo = $msz->authInfo->userInfo; $modInfo = $msz->authInfo->userInfo;
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
$body = trim((string)filter_input(INPUT_POST, 'uw_body')); $body = trim((string)filter_input(INPUT_POST, 'uw_body'));
Template::set('warn_value_body', $body); Template::set('warn_value_body', $body);

3
public-legacy/manage/users/warnings.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->getPerms('user')->check(Perm::U_WARNINGS_MANAGE)) if(!$msz->authInfo->getPerms('user')->check(Perm::U_WARNINGS_MANAGE))
Template::throwError(403); Template::throwError(403);

3
public-legacy/members.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->isLoggedIn) if(!$msz->authInfo->isLoggedIn)
Template::throwError(403); Template::throwError(403);

18
public-legacy/profile.php
View file

@ -10,9 +10,12 @@ use Misuzu\Users\User;
use Misuzu\Users\Assets\UserAvatarAsset; use Misuzu\Users\Assets\UserAvatarAsset;
use Misuzu\Users\Assets\UserBackgroundAsset; use Misuzu\Users\Assets\UserBackgroundAsset;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
$userId = !empty($_GET['u']) && is_string($_GET['u']) ? trim($_GET['u']) : 0; $userId = !empty($_GET['u']) && is_string($_GET['u']) ? trim($_GET['u']) : 0;
$profileMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : ''; $profileMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
$isEditing = !empty($_GET['edit']) && is_string($_GET['edit']) ? (bool)$_GET['edit'] : !empty($_POST) && is_array($_POST); $isEditing = !empty($_GET['edit']) && is_string($_GET['edit']) ? (bool)$_GET['edit'] : !empty($_POST);
$viewerInfo = $msz->authInfo->userInfo; $viewerInfo = $msz->authInfo->userInfo;
$viewingAsGuest = $viewerInfo === null; $viewingAsGuest = $viewerInfo === null;
@ -81,7 +84,7 @@ if($isEditing) {
$perms = $viewerPermsUser->checkMany([ $perms = $viewerPermsUser->checkMany([
'edit_profile' => Perm::U_PROFILE_EDIT, 'edit_profile' => Perm::U_PROFILE_EDIT,
'edit_avatar' => Perm::U_AVATAR_CHANGE, 'edit_avatar' => Perm::U_AVATAR_CHANGE,
'edit_background' => PERM::U_PROFILE_BACKGROUND_CHANGE, 'edit_background' => Perm::U_PROFILE_BACKGROUND_CHANGE,
'edit_about' => Perm::U_PROFILE_ABOUT_EDIT, 'edit_about' => Perm::U_PROFILE_ABOUT_EDIT,
'edit_birthdate' => Perm::U_PROFILE_BIRTHDATE_EDIT, 'edit_birthdate' => Perm::U_PROFILE_BIRTHDATE_EDIT,
'edit_signature' => Perm::U_FORUM_SIGNATURE_EDIT, 'edit_signature' => Perm::U_FORUM_SIGNATURE_EDIT,
@ -92,7 +95,7 @@ if($isEditing) {
'background_attachments' => UserBackgroundAsset::getAttachmentStringOptions(), 'background_attachments' => UserBackgroundAsset::getAttachmentStringOptions(),
]); ]);
if(!empty($_POST) && is_array($_POST)) { if(!empty($_POST)) {
if(!CSRF::validateRequest()) { if(!CSRF::validateRequest()) {
$notices[] = 'Couldn\'t verify you, please refresh the page and retry.'; $notices[] = 'Couldn\'t verify you, please refresh the page and retry.';
} else { } else {
@ -241,7 +244,7 @@ if($isEditing) {
break; break;
case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE: case UPLOAD_ERR_FORM_SIZE:
$notices[] = sprintf('Your background is not allowed to be larger in file size than %s!', ByteFormat::format($backgroundProps['max_size'])); $notices[] = sprintf('Your background is not allowed to be larger in file size than %s!', ByteFormat::format(isset($backgroundProps) && is_array($backgroundProps) ? $backgroundProps['max_size'] : 0));
break; break;
default: default:
$notices[] = 'Unable to save your background, contact an administator!'; $notices[] = 'Unable to save your background, contact an administator!';
@ -256,7 +259,7 @@ if($isEditing) {
'$path is not a valid image.' => 'The file you uploaded was not an image!', '$path is not a valid image.' => 'The file you uploaded was not an image!',
'$path is not an allowed image file.' => 'This type of image is not supported, keep to PNG, JPG or GIF!', '$path is not an allowed image file.' => 'This type of image is not supported, keep to PNG, JPG or GIF!',
'Dimensions of $path are too large.' => sprintf('Your background can\'t be larger than %dx%d!', $backgroundInfo->getMaxWidth(), $backgroundInfo->getMaxHeight()), 'Dimensions of $path are too large.' => sprintf('Your background can\'t be larger than %dx%d!', $backgroundInfo->getMaxWidth(), $backgroundInfo->getMaxHeight()),
'File size of $path is too large.' => sprintf('Your background is not allowed to be larger in file size than %2$s!', ByteFormat::format($backgroundInfo->getMaxBytes())), 'File size of $path is too large.' => sprintf('Your background is not allowed to be larger in file size than %s!', ByteFormat::format($backgroundInfo->getMaxBytes())),
default => $exMessage, default => $exMessage,
}; };
} catch(RuntimeException $ex) { } catch(RuntimeException $ex) {
@ -291,7 +294,7 @@ if(!$viewingAsGuest) {
Template::set('profile_warnings', iterator_to_array($msz->usersCtx->warnings->getWarningsWithDefaultBacklog($userInfo))); Template::set('profile_warnings', iterator_to_array($msz->usersCtx->warnings->getWarningsWithDefaultBacklog($userInfo)));
if((!$isBanned || $canEdit)) { if((!$isBanned || $canEdit)) {
$unranked = $cfg->getValues([ $unranked = $msz->config->getValues([
'forum_leader.unranked.forum:a', 'forum_leader.unranked.forum:a',
'forum_leader.unranked.topic:a', 'forum_leader.unranked.topic:a',
]); ]);
@ -339,6 +342,9 @@ if(!$viewingAsGuest) {
break; break;
} }
if(!isset($fieldFormat))
continue;
$profileFieldRawValues[$fieldName] = $fieldValue->value; $profileFieldRawValues[$fieldName] = $fieldValue->value;
$profileFieldDisplayValues[$fieldName] = $fieldFormat->formatDisplay($fieldValue->value); $profileFieldDisplayValues[$fieldName] = $fieldFormat->formatDisplay($fieldValue->value);
if($fieldFormat->linkFormat !== null) if($fieldFormat->linkFormat !== null)

3
public-legacy/search.php
View file

@ -6,6 +6,9 @@ use RuntimeException;
use Index\XArray; use Index\XArray;
use Misuzu\Comments\CommentsCategory; use Misuzu\Comments\CommentsCategory;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->isLoggedIn) if(!$msz->authInfo->isLoggedIn)
Template::throwError(403); Template::throwError(403);

3
public-legacy/settings/account.php
View file

@ -6,6 +6,9 @@ use Misuzu\Users\User;
use chillerlan\QRCode\QRCode; use chillerlan\QRCode\QRCode;
use chillerlan\QRCode\QROptions; use chillerlan\QRCode\QROptions;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->isLoggedIn) if(!$msz->authInfo->isLoggedIn)
Template::throwError(401); Template::throwError(401);

3
public-legacy/settings/data.php
View file

@ -5,6 +5,9 @@ use ZipArchive;
use Index\XString; use Index\XString;
use Misuzu\Users\UserInfo; use Misuzu\Users\UserInfo;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->isLoggedIn) if(!$msz->authInfo->isLoggedIn)
Template::throwError(401); Template::throwError(401);

3
public-legacy/settings/logs.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use Misuzu\Pagination; use Misuzu\Pagination;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
$currentUser = $msz->authInfo->userInfo; $currentUser = $msz->authInfo->userInfo;
if($currentUser === null) if($currentUser === null)
Template::throwError(401); Template::throwError(401);

3
public-legacy/settings/sessions.php
View file

@ -3,6 +3,9 @@ namespace Misuzu;
use RuntimeException; use RuntimeException;
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Script must be called through the Misuzu route dispatcher.');
if(!$msz->authInfo->isLoggedIn) if(!$msz->authInfo->isLoggedIn)
Template::throwError(401); Template::throwError(401);

9
public/index.php
View file

@ -6,6 +6,9 @@ use Misuzu\Auth\{AuthTokenBuilder,AuthTokenCookie,AuthTokenInfo};
require_once __DIR__ . '/../misuzu.php'; require_once __DIR__ . '/../misuzu.php';
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
die('Misuzu is not initialised.');
set_exception_handler(function(\Throwable $ex) { set_exception_handler(function(\Throwable $ex) {
\Sentry\captureException($ex); \Sentry\captureException($ex);
@ -81,7 +84,7 @@ if($tokenInfo->hasUserId && $tokenInfo->hasSessionToken) {
$impersonatedUserId = $tokenInfo->impersonatedUserId; $impersonatedUserId = $tokenInfo->impersonatedUserId;
if(!$allowToImpersonate) { if(!$allowToImpersonate) {
$allowImpersonateUsers = $cfg->getArray(sprintf('impersonate.allow.u%s', $userInfo->id)); $allowImpersonateUsers = $msz->config->getArray(sprintf('impersonate.allow.u%s', $userInfo->id));
$allowToImpersonate = in_array((string)$impersonatedUserId, $allowImpersonateUsers, true); $allowToImpersonate = in_array((string)$impersonatedUserId, $allowImpersonateUsers, true);
} }
@ -117,7 +120,7 @@ if($tokenInfo->hasUserId && $tokenInfo->hasSessionToken) {
$msz->authInfo->setInfo($tokenInfo, $userInfo, $sessionInfo, $userInfoReal); $msz->authInfo->setInfo($tokenInfo, $userInfo, $sessionInfo, $userInfoReal);
CSRF::init( CSRF::init(
$cfg->getString('csrf.secret', 'soup'), $msz->config->getString('csrf.secret', 'soup'),
($msz->authInfo->isLoggedIn ? $sessionInfo->token : $_SERVER['REMOTE_ADDR']) ($msz->authInfo->isLoggedIn ? $sessionInfo->token : $_SERVER['REMOTE_ADDR'])
); );
@ -129,7 +132,7 @@ $mszRequestPath = substr($request->getPath(), 1);
$mszLegacyPathPrefix = MSZ_PUBLIC . '-legacy/'; $mszLegacyPathPrefix = MSZ_PUBLIC . '-legacy/';
$mszLegacyPath = $mszLegacyPathPrefix . $mszRequestPath; $mszLegacyPath = $mszLegacyPathPrefix . $mszRequestPath;
if(!empty($mszLegacyPath) && str_starts_with($mszLegacyPath, $mszLegacyPathPrefix)) { if(str_starts_with($mszLegacyPath, $mszLegacyPathPrefix)) {
$mszLegacyPathReal = realpath($mszLegacyPath); $mszLegacyPathReal = realpath($mszLegacyPath);
if($mszLegacyPath === $mszLegacyPathReal || $mszLegacyPath === $mszLegacyPathReal . '/') { if($mszLegacyPath === $mszLegacyPathReal || $mszLegacyPath === $mszLegacyPathReal . '/') {
if(str_starts_with($mszRequestPath, '/manage') && !$msz->hasManageAccess()) if(str_starts_with($mszRequestPath, '/manage') && !$msz->hasManageAccess())

2
src/Auth/AuthTokenPacker.php
View file

@ -37,7 +37,7 @@ class AuthTokenPacker {
return AuthTokenInfo::empty(); return AuthTokenInfo::empty();
$data = UriBase64::decode($token); $data = UriBase64::decode($token);
if($data === false || $data === '') if(empty($data))
return AuthTokenInfo::empty(); return AuthTokenInfo::empty();
$builder = new AuthTokenBuilder; $builder = new AuthTokenBuilder;

4
src/Forum/ForumPostInfo.php
View file

@ -53,7 +53,7 @@ class ForumPostInfo {
get => CarbonImmutable::createFromTimestampUTC($this->createdTime); get => CarbonImmutable::createFromTimestampUTC($this->createdTime);
} }
private static ?CarbonImmutable $markAsEditedThreshold = null; private static ?CarbonImmutable $markAsEditedThreshold = null; // @phpstan-ignore-line: property hook issue nope, it's written to!
public bool $shouldMarkAsEdited { public bool $shouldMarkAsEdited {
get { get {
@ -71,7 +71,7 @@ class ForumPostInfo {
get => $this->editedTime === null ? null : CarbonImmutable::createFromTimestampUTC($this->editedTime); get => $this->editedTime === null ? null : CarbonImmutable::createFromTimestampUTC($this->editedTime);
} }
private static ?CarbonImmutable $canBeDeletedThreshold = null; private static ?CarbonImmutable $canBeDeletedThreshold = null; // @phpstan-ignore-line: property hook issue nope, it's written to!
public bool $canBeDeleted { public bool $canBeDeleted {
get { get {

2
src/Forum/ForumTopicInfo.php
View file

@ -101,7 +101,7 @@ class ForumTopicInfo {
get => CarbonImmutable::createFromTimestampUTC($this->createdTime); get => CarbonImmutable::createFromTimestampUTC($this->createdTime);
} }
private static ?CarbonImmutable $lastActiveAt = null; private static ?CarbonImmutable $lastActiveAt = null; // @phpstan-ignore-line: property hook issue nope, it's written to!
public bool $active { public bool $active {
get { get {

2
src/MisuzuContext.php
View file

@ -109,7 +109,7 @@ class MisuzuContext {
return $this->hasManageAccess; return $this->hasManageAccess;
} }
public function getWebAssetInfo(): ?object { public function getWebAssetInfo(): object {
return json_decode(file_get_contents(MSZ_ASSETS . '/current.json')); return json_decode(file_get_contents(MSZ_ASSETS . '/current.json'));
} }

2
src/News/News.php
View file

@ -211,7 +211,7 @@ class News {
public function getPosts( public function getPosts(
NewsCategoryInfo|string|null $categoryInfo = null, NewsCategoryInfo|string|null $categoryInfo = null,
string $searchQuery = null, ?string $searchQuery = null,
bool $onlyFeatured = false, bool $onlyFeatured = false,
bool $includeScheduled = false, bool $includeScheduled = false,
bool $includeDeleted = false, bool $includeDeleted = false,

7
src/Perm.php
View file

@ -406,12 +406,11 @@ final class Perm {
} }
$categoryName = $currentCategoryName; $categoryName = $currentCategoryName;
$perm = 0; //$perm = 0;
// if(is_array($permInfo)) // if(is_array($permInfo))
// [$categoryName, $perm] = $permInfo; // [$categoryName, $perm] = $permInfo;
// else // elseif(is_int($permInfo))
if(is_int($permInfo)) $perm = $permInfo;
$perm = $permInfo;
$item->perms[] = $permItem = new stdClass; $item->perms[] = $permItem = new stdClass;
$permItem->category = $categoryName; $permItem->category = $categoryName;

2
src/SiteInfo.php
View file

@ -4,7 +4,7 @@ namespace Misuzu;
use Index\Config\Config; use Index\Config\Config;
class SiteInfo { class SiteInfo {
private array $props; private array $props; // @phpstan-ignore-line: Seems PHPStan doesn't support property hooks yet :)
public function __construct(Config $config) { public function __construct(Config $config) {
$this->props = $config->getValues([ $this->props = $config->getValues([

4
src/TemplatingExtension.php
View file

@ -12,7 +12,7 @@ use Twig\TwigFunction;
final class TemplatingExtension extends AbstractExtension { final class TemplatingExtension extends AbstractExtension {
private MisuzuContext $ctx; private MisuzuContext $ctx;
private ?object $assets; private object $assets;
public function __construct(MisuzuContext $ctx) { public function __construct(MisuzuContext $ctx) {
$this->ctx = $ctx; $this->ctx = $ctx;
@ -44,7 +44,7 @@ final class TemplatingExtension extends AbstractExtension {
} }
public function getAssetPath(string $name): string { public function getAssetPath(string $name): string {
return $this->assets?->{$name} ?? ''; return $this->assets->{$name} ?? '';
} }
public function timeFormat(DateTimeInterface|string|int|null $dateTime): string { public function timeFormat(DateTimeInterface|string|int|null $dateTime): string {

2
src/Users/BanInfo.php
View file

@ -59,7 +59,7 @@ class BanInfo {
1 => 'second', 1 => 'second',
]; ];
private static function getTimeString(?int $left, int $right): string { private static function getTimeString(?int $left, int $right): string { // @phpstan-ignore-line: property hook issue
if($left === null) if($left === null)
return 'permanent'; return 'permanent';

2
src/Users/Roles.php
View file

@ -74,7 +74,7 @@ class Roles {
} }
if($hasHidden) if($hasHidden)
$query .= sprintf(' %s role_hidden %s 0', ++$args > 1 ? 'AND' : 'WHERE', $hidden ? '<>' : '='); $query .= sprintf(' %s role_hidden %s 0', ++$args > 1 ? 'AND' : 'WHERE', $hidden ? '<>' : '=');
if($hasString) if($hasString !== null)
$query .= sprintf(' %s role_string %s NULL', ++$args > 1 ? 'AND' : 'WHERE', $hasString ? 'IS NOT' : 'IS'); $query .= sprintf(' %s role_string %s NULL', ++$args > 1 ? 'AND' : 'WHERE', $hasString ? 'IS NOT' : 'IS');
if($orderByRank) if($orderByRank)
$query .= ' ORDER BY role_hierarchy DESC'; $query .= ' ORDER BY role_hierarchy DESC';