Fixed PHPstan detections.
This commit is contained in:
parent
96cc58f820
commit
3c10fb0de0
63 changed files with 289 additions and 107 deletions
public-legacy
_github-callback.phpmembers.phpprofile.phpsearch.php
auth
comments.phpforum
manage
changelog
forum
general
news
users
settings
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
function ghcb_strip_prefix(string $line): string {
|
||||
$findColon = mb_strpos($line, ':');
|
||||
return trim($findColon === false || $findColon >= 10 ? $line : mb_substr($line, $findColon + 1));
|
||||
|
|
@ -69,6 +72,9 @@ foreach($config['tokens']['token'] as $repoName => $repoToken) {
|
|||
}
|
||||
}
|
||||
|
||||
if(!isset($repoName) || !is_string($repoName))
|
||||
die('no repo name');
|
||||
|
||||
if(!$repoAuthenticated)
|
||||
die('signature check failed');
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@ namespace Misuzu;
|
|||
use Exception;
|
||||
use Misuzu\Auth\AuthTokenCookie;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if($msz->authInfo->isLoggedIn) {
|
||||
Tools::redirect($msz->urls->format('index'));
|
||||
return;
|
||||
|
|
@ -39,14 +42,14 @@ $userAgent = $_SERVER['HTTP_USER_AGENT'] ?? '';
|
|||
|
||||
$remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress);
|
||||
|
||||
$siteIsPrivate = $cfg->getBoolean('private.enable');
|
||||
$siteIsPrivate = $msz->config->getBoolean('private.enable');
|
||||
if($siteIsPrivate) {
|
||||
[
|
||||
'private.perm.cat' => $loginPermCat,
|
||||
'private.perm.val' => $loginPermVal,
|
||||
'private.msg' => $sitePrivateMessage,
|
||||
'private.allow_password_reset' => $canResetPassword,
|
||||
] = $cfg->getValues([
|
||||
] = $msz->config->getValues([
|
||||
'private.perm.cat:s',
|
||||
'private.perm.val:i',
|
||||
'private.msg:s',
|
||||
|
|
@ -136,7 +139,7 @@ while(!empty($_POST['login']) && is_array($_POST['login'])) {
|
|||
$tokenBuilder->removeImpersonatedUserId();
|
||||
$tokenInfo = $tokenBuilder->toInfo();
|
||||
|
||||
AuthTokenCookie::apply($tokenPacker->pack($tokenInfo));
|
||||
AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
|
||||
|
||||
if(!Tools::isLocalURL($loginRedirect))
|
||||
$loginRedirect = $msz->urls->format('index');
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Auth\AuthTokenCookie;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if($msz->authInfo->isLoggedIn) {
|
||||
if(!CSRF::validateRequest()) {
|
||||
Template::render('auth.logout');
|
||||
|
|
@ -18,7 +21,7 @@ if($msz->authInfo->isLoggedIn) {
|
|||
$tokenBuilder->removeImpersonatedUserId();
|
||||
|
||||
$tokenInfo = $tokenBuilder->toInfo();
|
||||
AuthTokenCookie::apply($tokenPacker->pack($tokenInfo));
|
||||
AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
|
||||
}
|
||||
|
||||
Tools::redirect($msz->urls->format('index'));;
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@ namespace Misuzu;
|
|||
use RuntimeException;
|
||||
use Misuzu\Users\User;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if($msz->authInfo->isLoggedIn) {
|
||||
Tools::redirect($msz->urls->format('settings-account'));
|
||||
return;
|
||||
|
|
@ -25,8 +28,8 @@ if($userId > 0)
|
|||
|
||||
$notices = [];
|
||||
$ipAddress = $_SERVER['REMOTE_ADDR'];
|
||||
$siteIsPrivate = $cfg->getBoolean('private.enable');
|
||||
$canResetPassword = $siteIsPrivate ? $cfg->getBoolean('private.allow_password_reset', true) : true;
|
||||
$siteIsPrivate = $msz->config->getBoolean('private.enable');
|
||||
$canResetPassword = $siteIsPrivate ? $msz->config->getBoolean('private.allow_password_reset', true) : true;
|
||||
|
||||
$remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress);
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@ namespace Misuzu;
|
|||
use RuntimeException;
|
||||
use Misuzu\Users\User;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if($msz->authInfo->isLoggedIn) {
|
||||
Tools::redirect($msz->urls->format('index'));
|
||||
return;
|
||||
|
|
@ -14,20 +17,9 @@ $notices = [];
|
|||
$ipAddress = $_SERVER['REMOTE_ADDR'];
|
||||
$countryCode = $_SERVER['COUNTRY_CODE'] ?? 'XX';
|
||||
|
||||
// there is currently no ip banning system.
|
||||
// because people can have a wide variety of ip address
|
||||
// it doesn't make sense to include a single row for it
|
||||
// in the user bans table
|
||||
// add better ip tracking and reintroduce the blacklist
|
||||
// was thinking of having both a storage table and an expanded table
|
||||
// with the storage table contains range syntaxes and whatnot
|
||||
// and the expanded table just having seas of raw ips in it with a primary key
|
||||
// for fast matching
|
||||
$restricted = '';
|
||||
|
||||
$remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress);
|
||||
|
||||
while(!$restricted && !empty($register)) {
|
||||
while(!empty($register)) {
|
||||
if(!CSRF::validateRequest()) {
|
||||
$notices[] = 'Was unable to verify the request, please try again!';
|
||||
break;
|
||||
|
|
@ -109,5 +101,5 @@ Template::render('auth.register', [
|
|||
'register_notices' => $notices,
|
||||
'register_username' => !empty($register['username']) && is_string($register['username']) ? $register['username'] : '',
|
||||
'register_email' => !empty($register['email']) && is_string($register['email']) ? $register['email'] : '',
|
||||
'register_restricted' => $restricted,
|
||||
'register_restricted' => '',
|
||||
]);
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Auth\AuthTokenCookie;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(CSRF::validateRequest()) {
|
||||
$tokenInfo = $msz->authInfo->tokenInfo;
|
||||
|
||||
|
|
@ -13,7 +16,7 @@ if(CSRF::validateRequest()) {
|
|||
$tokenBuilder->removeImpersonatedUserId();
|
||||
|
||||
$tokenInfo = $tokenBuilder->toInfo();
|
||||
AuthTokenCookie::apply($tokenPacker->pack($tokenInfo));
|
||||
AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
|
||||
Tools::redirect($msz->urls->format('manage-user', ['user' => $impUserId]));
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,9 @@ use RuntimeException;
|
|||
use Misuzu\TOTPGenerator;
|
||||
use Misuzu\Auth\AuthTokenCookie;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if($msz->authInfo->isLoggedIn) {
|
||||
Tools::redirect($msz->urls->format('index'));
|
||||
return;
|
||||
|
|
@ -85,7 +88,7 @@ while(!empty($twofactor)) {
|
|||
$tokenBuilder->removeImpersonatedUserId();
|
||||
$tokenInfo = $tokenBuilder->toInfo();
|
||||
|
||||
AuthTokenCookie::apply($tokenPacker->pack($tokenInfo));
|
||||
AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
|
||||
|
||||
if(!Tools::isLocalURL($redirect))
|
||||
$redirect = $msz->urls->format('index');
|
||||
|
|
|
|||
|
|
@ -2,6 +2,10 @@
|
|||
namespace Misuzu;
|
||||
|
||||
use RuntimeException;
|
||||
use Misuzu\Comments\{CommentsCategoryInfo,CommentsPostInfo};
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$redirect = filter_input(INPUT_GET, 'return') ?? $_SERVER['HTTP_REFERER'] ?? $msz->urls->format('index');
|
||||
|
||||
|
|
@ -39,12 +43,12 @@ if($commentMode !== 'create' && empty($commentInfo))
|
|||
switch($commentMode) {
|
||||
case 'pin':
|
||||
case 'unpin':
|
||||
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
|
||||
Template::displayInfo('Comment category not found.', 404);
|
||||
if(!$perms->check(Perm::G_COMMENTS_PIN) && !$categoryInfo->isOwner($msz->authInfo->userInfo))
|
||||
Template::displayInfo("You're not allowed to pin comments.", 403);
|
||||
|
||||
if($commentInfo->deleted)
|
||||
if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo) || $commentInfo->deleted)
|
||||
Template::displayInfo("This comment doesn't exist!", 400);
|
||||
|
||||
if($commentInfo->isReply)
|
||||
Template::displayInfo("You can't pin replies!", 400);
|
||||
|
||||
|
|
@ -66,10 +70,11 @@ switch($commentMode) {
|
|||
break;
|
||||
|
||||
case 'vote':
|
||||
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
|
||||
Template::displayInfo('Comment category not found.', 404);
|
||||
if(!$perms->check(Perm::G_COMMENTS_VOTE) && !$categoryInfo->isOwner($msz->authInfo->userInfo))
|
||||
Template::displayInfo("You're not allowed to vote on comments.", 403);
|
||||
|
||||
if($commentInfo->deleted)
|
||||
if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo) || $commentInfo->deleted)
|
||||
Template::displayInfo("This comment doesn't exist!", 400);
|
||||
|
||||
if($commentVote > 0)
|
||||
|
|
@ -83,12 +88,15 @@ switch($commentMode) {
|
|||
break;
|
||||
|
||||
case 'delete':
|
||||
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
|
||||
Template::displayInfo('Comment category not found.', 404);
|
||||
|
||||
$canDelete = $perms->check(Perm::G_COMMENTS_DELETE_OWN | Perm::G_COMMENTS_DELETE_ANY);
|
||||
if(!$canDelete && !$categoryInfo->isOwner($msz->authInfo->userInfo))
|
||||
Template::displayInfo("You're not allowed to delete comments.", 403);
|
||||
|
||||
$canDeleteAny = $perms->check(Perm::G_COMMENTS_DELETE_ANY);
|
||||
if($commentInfo->deleted)
|
||||
if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo) || $commentInfo->deleted)
|
||||
Template::displayInfo(
|
||||
$canDeleteAny ? 'This comment is already marked for deletion.' : "This comment doesn't exist.",
|
||||
400
|
||||
|
|
@ -119,6 +127,8 @@ switch($commentMode) {
|
|||
if(!$perms->check(Perm::G_COMMENTS_DELETE_ANY))
|
||||
Template::displayInfo("You're not allowed to restore deleted comments.", 403);
|
||||
|
||||
if(!isset($commentInfo) || !($commentInfo instanceof CommentsPostInfo))
|
||||
Template::displayInfo("This comment is probably nuked already.", 404);
|
||||
if(!$commentInfo->deleted)
|
||||
Template::displayInfo("This comment isn't in a deleted state.", 400);
|
||||
|
||||
|
|
@ -134,9 +144,10 @@ switch($commentMode) {
|
|||
break;
|
||||
|
||||
case 'create':
|
||||
if(!isset($categoryInfo) || !($categoryInfo instanceof CommentsCategoryInfo))
|
||||
Template::displayInfo('Comment category not found.', 404);
|
||||
if(!$perms->check(Perm::G_COMMENTS_CREATE) && !$categoryInfo->isOwner($msz->authInfo->userInfo))
|
||||
Template::displayInfo("You're not allowed to post comments.", 403);
|
||||
|
||||
if(empty($_POST['comment']) || !is_array($_POST['comment']))
|
||||
Template::displayInfo('Missing data.', 400);
|
||||
|
||||
|
|
@ -144,7 +155,7 @@ switch($commentMode) {
|
|||
$categoryId = isset($_POST['comment']['category']) && is_string($_POST['comment']['category'])
|
||||
? (int)$_POST['comment']['category']
|
||||
: 0;
|
||||
$categoryInfo = $msz->comments->getCategory(categoryId: $categoryId);
|
||||
$categoryInfo = $msz->comments->getCategory(categoryId: (string)$categoryId);
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::displayInfo('This comment category doesn\'t exist.', 404);
|
||||
}
|
||||
|
|
@ -168,12 +179,10 @@ switch($commentMode) {
|
|||
if(strlen($commentText) > 0) {
|
||||
$commentText = preg_replace("/[\r\n]{2,}/", "\n", $commentText);
|
||||
} else {
|
||||
if($canLock) {
|
||||
if($canLock)
|
||||
Template::displayInfo('The action has been processed.', 400);
|
||||
} else {
|
||||
else
|
||||
Template::displayInfo('Your comment is too short.', 400);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
if(mb_strlen($commentText) > 5000)
|
||||
|
|
@ -184,7 +193,7 @@ switch($commentMode) {
|
|||
$parentInfo = $msz->comments->getPost($commentReply);
|
||||
} catch(RuntimeException $ex) {}
|
||||
|
||||
if(!isset($parentInfo) || $parentInfo->deleted)
|
||||
if(!isset($parentInfo) || !($parentInfo instanceof CommentsPostInfo) || $parentInfo->deleted)
|
||||
Template::displayInfo('The comment you tried to reply to does not exist.', 404);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,10 @@ namespace Misuzu;
|
|||
use stdClass;
|
||||
use RuntimeException;
|
||||
|
||||
$categoryId = (int)filter_input(INPUT_GET, 'f', FILTER_SANITIZE_NUMBER_INT);
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$categoryId = (string)filter_input(INPUT_GET, 'f', FILTER_SANITIZE_NUMBER_INT);
|
||||
|
||||
try {
|
||||
$categoryInfo = $msz->forumCtx->categories->getCategory(categoryId: $categoryId);
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@ namespace Misuzu;
|
|||
use stdClass;
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$mode = (string)filter_input(INPUT_GET, 'm');
|
||||
|
||||
$currentUser = $msz->authInfo->userInfo;
|
||||
|
|
@ -23,7 +26,7 @@ if($mode === 'mark') {
|
|||
foreach($categoryInfos as $categoryInfo) {
|
||||
$perms = $msz->authInfo->getPerms('forum', $categoryInfo);
|
||||
if($perms->check(Perm::F_CATEGORY_LIST))
|
||||
$msz->forumCtx->categories->updateUserReadCategory($userInfo, $categoryInfo);
|
||||
$msz->forumCtx->categories->updateUserReadCategory($currentUser, $categoryInfo);
|
||||
}
|
||||
|
||||
Tools::redirect($msz->urls->format($categoryId ? 'forum-category' : 'forum-index', ['forum' => $categoryId]));
|
||||
|
|
|
|||
|
|
@ -3,10 +3,13 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_FORUM_LEADERBOARD_VIEW))
|
||||
Template::throwError(403);
|
||||
|
||||
$config = $cfg->getValues([
|
||||
$config = $msz->config->getValues([
|
||||
['forum_leader.first_year:i', 2018],
|
||||
['forum_leader.first_month:i', 12],
|
||||
'forum_leader.unranked.forum:a',
|
||||
|
|
@ -90,7 +93,7 @@ MD;
|
|||
foreach($rankings as $ranking) {
|
||||
$totalPostsCount += $ranking->postsCount;
|
||||
$markdown .= sprintf("| %s | [%s](%s%s) | %s |\r\n", $ranking->position,
|
||||
$ranking->user?->name ?? 'Deleted User',
|
||||
$ranking->user?->name ?? 'Deleted User', // @phpstan-ignore-line: no, it can be null
|
||||
$msz->siteInfo->url,
|
||||
$msz->urls->format('user-profile', ['user' => $ranking->userId]),
|
||||
number_format($ranking->postsCount));
|
||||
|
|
|
|||
|
|
@ -3,7 +3,10 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0;
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (string)$_GET['p'] : '0';
|
||||
$postMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
|
||||
$submissionConfirmed = !empty($_GET['confirm']) && is_string($_GET['confirm']) && $_GET['confirm'] === '1';
|
||||
|
||||
|
|
|
|||
|
|
@ -3,11 +3,14 @@ namespace Misuzu;
|
|||
|
||||
use stdClass;
|
||||
use RuntimeException;
|
||||
use Misuzu\Forum\ForumTopicInfo;
|
||||
use Misuzu\Forum\{ForumCategoryInfo,ForumPostInfo,ForumTopicInfo};
|
||||
use Misuzu\Parsers\Parser;
|
||||
use Index\XDateTime;
|
||||
use Carbon\CarbonImmutable;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->isLoggedIn)
|
||||
Template::throwError(401);
|
||||
|
||||
|
|
@ -58,7 +61,7 @@ if(empty($postId)) {
|
|||
$hasPostInfo = false;
|
||||
} else {
|
||||
try {
|
||||
$postInfo = $msz->forumCtx->posts->getPost(postId: $postId);
|
||||
$postInfo = $msz->forumCtx->posts->getPost(postId: (string)$postId);
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
|
@ -100,6 +103,9 @@ if(empty($forumId)) {
|
|||
$hasCategoryInfo = true;
|
||||
}
|
||||
|
||||
if(!isset($categoryInfo) || !($categoryInfo instanceof ForumCategoryInfo))
|
||||
Template::throwError(404);
|
||||
|
||||
$perms = $msz->authInfo->getPerms('forum', $categoryInfo);
|
||||
|
||||
if($categoryInfo->archived
|
||||
|
|
@ -126,8 +132,12 @@ if($mode === 'create' || $mode === 'edit') {
|
|||
}
|
||||
|
||||
// edit mode stuff
|
||||
if($mode === 'edit' && !$perms->check($postInfo->userId === $currentUserId ? Perm::F_POST_EDIT_OWN : Perm::F_POST_EDIT_ANY))
|
||||
Template::throwError(403);
|
||||
if($mode === 'edit') {
|
||||
if(!isset($postInfo) || !($postInfo instanceof ForumPostInfo))
|
||||
Template::throwError(404);
|
||||
if(!$perms->check($postInfo->userId === $currentUserId ? Perm::F_POST_EDIT_OWN : Perm::F_POST_EDIT_ANY))
|
||||
Template::throwError(403);
|
||||
}
|
||||
|
||||
$notices = [];
|
||||
|
||||
|
|
@ -159,9 +169,9 @@ if(!empty($_POST)) {
|
|||
}
|
||||
|
||||
if($isEditingTopic) {
|
||||
$originalTopicTitle = $topicInfo?->title ?? null;
|
||||
$originalTopicTitle = $topicInfo?->title ?? null; // @phpstan-ignore-line: nope it can be null
|
||||
$topicTitleChanged = $topicTitle !== $originalTopicTitle;
|
||||
$originalTopicType = $topicInfo?->typeString ?? 'discussion';
|
||||
$originalTopicType = $topicInfo?->typeString ?? 'discussion'; // @phpstan-ignore-line: this also
|
||||
$topicTypeChanged = $topicType !== null && $topicType !== $originalTopicType;
|
||||
|
||||
$topicTitleLengths = $cfg->getValues([
|
||||
|
|
@ -232,7 +242,7 @@ if(!empty($_POST)) {
|
|||
&& $postText !== $postInfo->body;
|
||||
|
||||
$msz->forumCtx->posts->updatePost(
|
||||
$postId,
|
||||
(string)$postId,
|
||||
remoteAddr: $_SERVER['REMOTE_ADDR'],
|
||||
body: $postText,
|
||||
bodyParser: $postParser,
|
||||
|
|
@ -249,11 +259,11 @@ if(!empty($_POST)) {
|
|||
break;
|
||||
}
|
||||
|
||||
if(empty($notices)) {
|
||||
if(empty($notices)) { // @phpstan-ignore-line: i'm guessing it gets the type confused at this point
|
||||
// does this ternary ever return forum-topic?
|
||||
$redirect = $msz->urls->format(empty($topicInfo) ? 'forum-topic' : 'forum-post', [
|
||||
'topic' => $topicId ?? 0,
|
||||
'post' => $postId ?? 0,
|
||||
'topic' => $topicId,
|
||||
'post' => $postId,
|
||||
]);
|
||||
Tools::redirect($redirect);
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@ namespace Misuzu;
|
|||
use stdClass;
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0;
|
||||
$topicId = !empty($_GET['t']) && is_string($_GET['t']) ? (int)$_GET['t'] : 0;
|
||||
$categoryId = null;
|
||||
|
|
@ -15,7 +18,7 @@ $currentUserId = $currentUser === null ? '0' : $currentUser->id;
|
|||
|
||||
if($topicId < 1 && $postId > 0) {
|
||||
try {
|
||||
$postInfo = $msz->forumCtx->posts->getPost(postId: $postId);
|
||||
$postInfo = $msz->forumCtx->posts->getPost(postId: (string)$postId);
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
|
@ -267,7 +270,7 @@ if($canDeleteAny)
|
|||
$topicPagination = new Pagination($topicPosts, 10, 'page');
|
||||
|
||||
if(isset($preceedingPostCount))
|
||||
$topicPagination->setPage(floor($preceedingPostCount / $topicPagination->getRange()), true);
|
||||
$topicPagination->setPage((int)floor($preceedingPostCount / $topicPagination->getRange()), true);
|
||||
|
||||
if(!$topicPagination->hasValidOffset())
|
||||
Template::throwError(404);
|
||||
|
|
|
|||
|
|
@ -7,6 +7,9 @@ use Misuzu\Changelog\Changelog;
|
|||
use Carbon\CarbonImmutable;
|
||||
use Index\{XArray,XDateTime};
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
@ -41,7 +44,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
|||
}
|
||||
|
||||
// make errors not echos lol
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
|
||||
$action = trim((string)filter_input(INPUT_POST, 'cl_action'));
|
||||
$summary = trim((string)filter_input(INPUT_POST, 'cl_summary'));
|
||||
$body = trim((string)filter_input(INPUT_POST, 'cl_body'));
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_CHANGES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
@ -29,7 +32,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
|||
return;
|
||||
}
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
|
||||
$name = trim((string)filter_input(INPUT_POST, 'ct_name'));
|
||||
$description = trim((string)filter_input(INPUT_POST, 'ct_desc'));
|
||||
$archive = !empty($_POST['ct_archive']);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Perm;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_FORUM_CATEGORIES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_FORUM_TOPIC_REDIRS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@ namespace Misuzu;
|
|||
use RuntimeException;
|
||||
use Index\XArray;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_EMOTES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_EMOTES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$counterInfos = $msz->counters->getCounters(orderBy: 'name');
|
||||
$counterNamesRaw = $msz->config->getArray('counters.names');
|
||||
$counterNamesCount = count($counterNamesRaw);
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Pagination;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_LOGS_VIEW))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,18 +1,21 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$valueName = (string)filter_input(INPUT_GET, 'name');
|
||||
$valueInfo = $cfg->getValueInfo($valueName);
|
||||
$valueInfo = $msz->config->getValueInfo($valueName);
|
||||
if($valueInfo === null)
|
||||
Template::throwError(404);
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
$valueName = $valueInfo->getName();
|
||||
$msz->createAuditLog('CONFIG_DELETE', [$valueName]);
|
||||
$cfg->removeValues($valueName);
|
||||
$msz->config->removeValues($valueName);
|
||||
Tools::redirect($msz->urls->format('manage-general-settings'));
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use Index\Config\Db\DbConfig;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
@ -10,7 +13,7 @@ $isNew = true;
|
|||
$sName = (string)filter_input(INPUT_GET, 'name');
|
||||
$sType = (string)filter_input(INPUT_GET, 'type');
|
||||
$sValue = null;
|
||||
$loadValueInfo = fn() => $cfg->getValueInfo($sName);
|
||||
$loadValueInfo = fn() => $msz->config->getValueInfo($sName);
|
||||
|
||||
if(!empty($sName)) {
|
||||
$sInfo = $loadValueInfo();
|
||||
|
|
@ -38,7 +41,7 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
|||
}
|
||||
|
||||
if($sType === 'array') {
|
||||
$applyFunc = $cfg->setArray(...);
|
||||
$applyFunc = $msz->config->setArray(...);
|
||||
$sValue = [];
|
||||
$sRaw = filter_input(INPUT_POST, 'conf_value', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY);
|
||||
foreach($sRaw as $rValue) {
|
||||
|
|
@ -58,17 +61,17 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
|||
}
|
||||
} elseif($sType === 'bool') {
|
||||
$sValue = !empty($_POST['conf_value']);
|
||||
$applyFunc = $cfg->setBoolean(...);
|
||||
$applyFunc = $msz->config->setBoolean(...);
|
||||
} else {
|
||||
$sValue = filter_input(INPUT_POST, 'conf_value');
|
||||
if($sType === 'int') {
|
||||
$applyFunc = $cfg->setInteger(...);
|
||||
$applyFunc = $msz->config->setInteger(...);
|
||||
$sValue = (int)$sValue;
|
||||
} elseif($sType === 'float') {
|
||||
$applyFunc = $cfg->setFloat(...);
|
||||
$applyFunc = $msz->config->setFloat(...);
|
||||
$sValue = (float)$sValue;
|
||||
} else
|
||||
$applyFunc = $cfg->setString(...);
|
||||
$applyFunc = $msz->config->setString(...);
|
||||
}
|
||||
|
||||
$msz->createAuditLog($isNew ? 'CONFIG_CREATE' : 'CONFIG_UPDATE', [$sName]);
|
||||
|
|
|
|||
|
|
@ -1,11 +1,14 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$hidden = $cfg->getArray('settings.hidden');
|
||||
$vars = $cfg->getAllValueInfos();
|
||||
$hidden = $msz->config->getArray('settings.hidden');
|
||||
$vars = $msz->config->getAllValueInfos();
|
||||
|
||||
Template::render('manage.general.settings', [
|
||||
'config_vars' => $vars,
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
@ -29,7 +32,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
|||
return;
|
||||
}
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
|
||||
$name = trim((string)filter_input(INPUT_POST, 'nc_name'));
|
||||
$description = trim((string)filter_input(INPUT_POST, 'nc_desc'));
|
||||
$hidden = !empty($_POST['nc_hidden']);
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
@ -29,7 +32,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
|||
return;
|
||||
}
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
|
||||
$title = trim((string)filter_input(INPUT_POST, 'np_title'));
|
||||
$category = (string)filter_input(INPUT_POST, 'np_category', FILTER_SANITIZE_NUMBER_INT);
|
||||
$featured = !empty($_POST['np_featured']);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,9 @@ use DateTimeInterface;
|
|||
use RuntimeException;
|
||||
use Carbon\CarbonImmutable;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_BANS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
@ -32,7 +35,7 @@ try {
|
|||
|
||||
$modInfo = $msz->authInfo->userInfo;
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
|
||||
$expires = (int)filter_input(INPUT_POST, 'ub_expires', FILTER_SANITIZE_NUMBER_INT);
|
||||
$expiresCustom = (string)filter_input(INPUT_POST, 'ub_expires_custom');
|
||||
$publicReason = trim((string)filter_input(INPUT_POST, 'ub_reason_pub'));
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_BANS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Users\Roles;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_USERS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_NOTES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_NOTES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,9 @@ use Index\Colour\Colour;
|
|||
use Index\Colour\ColourRgb;
|
||||
use Misuzu\Perm;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$viewerPerms = $msz->authInfo->getPerms('user');
|
||||
if(!$viewerPerms->check(Perm::U_ROLES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
namespace Misuzu;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_ROLES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -7,6 +7,9 @@ use Misuzu\Perm;
|
|||
use Misuzu\Auth\AuthTokenCookie;
|
||||
use Misuzu\Users\User;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$viewerPerms = $msz->authInfo->getPerms('user');
|
||||
if(!$msz->authInfo->isLoggedIn)
|
||||
Template::throwError(403);
|
||||
|
|
@ -26,7 +29,7 @@ if(!$hasAccess)
|
|||
Template::throwError(403);
|
||||
|
||||
$notices = [];
|
||||
$userId = (int)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT);
|
||||
$userId = (string)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT);
|
||||
|
||||
try {
|
||||
$userInfo = $msz->usersCtx->users->getUser($userId, 'id');
|
||||
|
|
@ -65,7 +68,7 @@ if(CSRF::validateRequest() && $canEdit) {
|
|||
$tokenBuilder->setImpersonatedUserId($userInfo->id);
|
||||
$tokenInfo = $tokenBuilder->toInfo();
|
||||
|
||||
AuthTokenCookie::apply($tokenPacker->pack($tokenInfo));
|
||||
AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo));
|
||||
Tools::redirect($msz->urls->format('index'));
|
||||
return;
|
||||
} else $notices[] = 'You aren\'t allowed to impersonate this user.';
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_WARNINGS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
@ -30,7 +33,7 @@ try {
|
|||
|
||||
$modInfo = $msz->authInfo->userInfo;
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) { // @phpstan-ignore-line: this while is just weird, i don't blame it
|
||||
$body = trim((string)filter_input(INPUT_POST, 'uw_body'));
|
||||
Template::set('warn_value_body', $body);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_WARNINGS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->isLoggedIn)
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -10,9 +10,12 @@ use Misuzu\Users\User;
|
|||
use Misuzu\Users\Assets\UserAvatarAsset;
|
||||
use Misuzu\Users\Assets\UserBackgroundAsset;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$userId = !empty($_GET['u']) && is_string($_GET['u']) ? trim($_GET['u']) : 0;
|
||||
$profileMode = !empty($_GET['m']) && is_string($_GET['m']) ? (string)$_GET['m'] : '';
|
||||
$isEditing = !empty($_GET['edit']) && is_string($_GET['edit']) ? (bool)$_GET['edit'] : !empty($_POST) && is_array($_POST);
|
||||
$isEditing = !empty($_GET['edit']) && is_string($_GET['edit']) ? (bool)$_GET['edit'] : !empty($_POST);
|
||||
|
||||
$viewerInfo = $msz->authInfo->userInfo;
|
||||
$viewingAsGuest = $viewerInfo === null;
|
||||
|
|
@ -81,7 +84,7 @@ if($isEditing) {
|
|||
$perms = $viewerPermsUser->checkMany([
|
||||
'edit_profile' => Perm::U_PROFILE_EDIT,
|
||||
'edit_avatar' => Perm::U_AVATAR_CHANGE,
|
||||
'edit_background' => PERM::U_PROFILE_BACKGROUND_CHANGE,
|
||||
'edit_background' => Perm::U_PROFILE_BACKGROUND_CHANGE,
|
||||
'edit_about' => Perm::U_PROFILE_ABOUT_EDIT,
|
||||
'edit_birthdate' => Perm::U_PROFILE_BIRTHDATE_EDIT,
|
||||
'edit_signature' => Perm::U_FORUM_SIGNATURE_EDIT,
|
||||
|
|
@ -92,7 +95,7 @@ if($isEditing) {
|
|||
'background_attachments' => UserBackgroundAsset::getAttachmentStringOptions(),
|
||||
]);
|
||||
|
||||
if(!empty($_POST) && is_array($_POST)) {
|
||||
if(!empty($_POST)) {
|
||||
if(!CSRF::validateRequest()) {
|
||||
$notices[] = 'Couldn\'t verify you, please refresh the page and retry.';
|
||||
} else {
|
||||
|
|
@ -241,7 +244,7 @@ if($isEditing) {
|
|||
break;
|
||||
case UPLOAD_ERR_INI_SIZE:
|
||||
case UPLOAD_ERR_FORM_SIZE:
|
||||
$notices[] = sprintf('Your background is not allowed to be larger in file size than %s!', ByteFormat::format($backgroundProps['max_size']));
|
||||
$notices[] = sprintf('Your background is not allowed to be larger in file size than %s!', ByteFormat::format(isset($backgroundProps) && is_array($backgroundProps) ? $backgroundProps['max_size'] : 0));
|
||||
break;
|
||||
default:
|
||||
$notices[] = 'Unable to save your background, contact an administator!';
|
||||
|
|
@ -256,7 +259,7 @@ if($isEditing) {
|
|||
'$path is not a valid image.' => 'The file you uploaded was not an image!',
|
||||
'$path is not an allowed image file.' => 'This type of image is not supported, keep to PNG, JPG or GIF!',
|
||||
'Dimensions of $path are too large.' => sprintf('Your background can\'t be larger than %dx%d!', $backgroundInfo->getMaxWidth(), $backgroundInfo->getMaxHeight()),
|
||||
'File size of $path is too large.' => sprintf('Your background is not allowed to be larger in file size than %2$s!', ByteFormat::format($backgroundInfo->getMaxBytes())),
|
||||
'File size of $path is too large.' => sprintf('Your background is not allowed to be larger in file size than %s!', ByteFormat::format($backgroundInfo->getMaxBytes())),
|
||||
default => $exMessage,
|
||||
};
|
||||
} catch(RuntimeException $ex) {
|
||||
|
|
@ -291,7 +294,7 @@ if(!$viewingAsGuest) {
|
|||
Template::set('profile_warnings', iterator_to_array($msz->usersCtx->warnings->getWarningsWithDefaultBacklog($userInfo)));
|
||||
|
||||
if((!$isBanned || $canEdit)) {
|
||||
$unranked = $cfg->getValues([
|
||||
$unranked = $msz->config->getValues([
|
||||
'forum_leader.unranked.forum:a',
|
||||
'forum_leader.unranked.topic:a',
|
||||
]);
|
||||
|
|
@ -339,6 +342,9 @@ if(!$viewingAsGuest) {
|
|||
break;
|
||||
}
|
||||
|
||||
if(!isset($fieldFormat))
|
||||
continue;
|
||||
|
||||
$profileFieldRawValues[$fieldName] = $fieldValue->value;
|
||||
$profileFieldDisplayValues[$fieldName] = $fieldFormat->formatDisplay($fieldValue->value);
|
||||
if($fieldFormat->linkFormat !== null)
|
||||
|
|
|
|||
|
|
@ -6,6 +6,9 @@ use RuntimeException;
|
|||
use Index\XArray;
|
||||
use Misuzu\Comments\CommentsCategory;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->isLoggedIn)
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,9 @@ use Misuzu\Users\User;
|
|||
use chillerlan\QRCode\QRCode;
|
||||
use chillerlan\QRCode\QROptions;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->isLoggedIn)
|
||||
Template::throwError(401);
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,9 @@ use ZipArchive;
|
|||
use Index\XString;
|
||||
use Misuzu\Users\UserInfo;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->isLoggedIn)
|
||||
Template::throwError(401);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use Misuzu\Pagination;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
$currentUser = $msz->authInfo->userInfo;
|
||||
if($currentUser === null)
|
||||
Template::throwError(401);
|
||||
|
|
|
|||
|
|
@ -3,6 +3,9 @@ namespace Misuzu;
|
|||
|
||||
use RuntimeException;
|
||||
|
||||
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
||||
die('Script must be called through the Misuzu route dispatcher.');
|
||||
|
||||
if(!$msz->authInfo->isLoggedIn)
|
||||
Template::throwError(401);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue