Replaced all / reads with filter_input in public/index.php.

public/index.php

@@ -32,9 +32,9 @@ $request = \Index\Http\HttpRequest::fromRequest();
 
 ob_start();
 
-if(file_exists(MSZ_ROOT . '/.migrating')) {
+if(is_file(MSZ_ROOT . '/.migrating')) {
     http_response_code(503);
-    if(!isset($_GET['_check'])) {
+    if(!filter_has_var(INPUT_GET, '_check')) {
         header('Content-Type: text/html; charset=utf-8');
         echo file_get_contents(MSZ_TEMPLATES . '/503.html');
     }
@@ -57,6 +57,7 @@ elseif(filter_has_var(INPUT_COOKIE, 'msz_uid') && filter_has_var(INPUT_COOKIE, '
 $userInfo = null;
 $sessionInfo = null;
 $userInfoReal = null;
+$remoteAddr = (string)filter_input(INPUT_GET, 'REMOTE_ADDR');
 
 if($tokenInfo->hasUserId && $tokenInfo->hasSessionToken) {
     $tokenBuilder = new AuthTokenBuilder($tokenInfo);
@@ -74,8 +75,8 @@ if($tokenInfo->hasUserId && $tokenInfo->hasSessionToken) {
                 $tokenBuilder->removeUserId();
                 $tokenBuilder->removeSessionToken();
             } else {
-                $msz->usersCtx->users->recordUserActivity($userInfo, remoteAddr: $_SERVER['REMOTE_ADDR']);
-                $msz->authCtx->sessions->recordSessionActivity(sessionInfo: $sessionInfo, remoteAddr: $_SERVER['REMOTE_ADDR']);
+                $msz->usersCtx->users->recordUserActivity($userInfo, remoteAddr: $remoteAddr);
+                $msz->authCtx->sessions->recordSessionActivity(sessionInfo: $sessionInfo, remoteAddr: $remoteAddr);
                 if($sessionInfo->shouldBumpExpires)
                     $tokenBuilder->setEdited();
 
@@ -121,7 +122,7 @@ $msz->authInfo->setInfo($tokenInfo, $userInfo, $sessionInfo, $userInfoReal);
 
 CSRF::init(
     $msz->config->getString('csrf.secret', 'soup'),
-    ($msz->authInfo->isLoggedIn ? $sessionInfo->token : $_SERVER['REMOTE_ADDR'])
+    ($msz->authInfo->isLoggedIn ? $sessionInfo->token : $remoteAddr)
 );
 
 // order for these two currently matters i think: it shouldn't.