Updated to latest Index as well as some minor bug fixes.
This commit is contained in:
parent
ad89d45cf0
commit
5ba8b30047
77 changed files with 900 additions and 937 deletions
public-legacy
|
|
@ -15,10 +15,15 @@ if($msz->authInfo->loggedIn) {
|
|||
if(!empty($_GET['resolve'])) {
|
||||
header('Content-Type: application/json; charset=utf-8');
|
||||
|
||||
try {
|
||||
// Only works for usernames, this is by design
|
||||
$userInfo = $msz->usersCtx->users->getUser((string)filter_input(INPUT_GET, 'name'), 'name');
|
||||
} catch(Exception $ex) {
|
||||
if(!empty($_GET['name']) && is_scalar($_GET['name']))
|
||||
try {
|
||||
// Only works for usernames, this is by design
|
||||
$userInfo = $msz->usersCtx->users->getUser((string)$_GET['name'], 'name');
|
||||
} catch(Exception $ex) {
|
||||
unset($userInfo);
|
||||
}
|
||||
|
||||
if(empty($userInfo)) {
|
||||
echo json_encode([
|
||||
'id' => 0,
|
||||
'name' => '',
|
||||
|
|
@ -62,16 +67,16 @@ if($siteIsPrivate) {
|
|||
$canResetPassword = true;
|
||||
}
|
||||
|
||||
while(!empty($_POST['login']) && is_array($_POST['login'])) {
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
if(!CSRF::validateRequest()) {
|
||||
$notices[] = 'Was unable to verify the request, please try again!';
|
||||
break;
|
||||
}
|
||||
|
||||
$loginRedirect = empty($_POST['login']['redirect']) || !is_string($_POST['login']['redirect']) ? '' : $_POST['login']['redirect'];
|
||||
$loginRedirect = empty($_POST['redirect']) || !is_string($_POST['redirect']) ? '' : $_POST['redirect'];
|
||||
|
||||
if(empty($_POST['login']['username']) || empty($_POST['login']['password'])
|
||||
|| !is_string($_POST['login']['username']) || !is_string($_POST['login']['password'])) {
|
||||
if(empty($_POST['username']) || empty($_POST['password'])
|
||||
|| !is_string($_POST['username']) || !is_string($_POST['password'])) {
|
||||
$notices[] = "You didn't fill in a username and/or password.";
|
||||
break;
|
||||
}
|
||||
|
|
@ -91,7 +96,7 @@ while(!empty($_POST['login']) && is_array($_POST['login'])) {
|
|||
$loginFailedError = "Invalid username or password, {$attemptsRemainingError}.";
|
||||
|
||||
try {
|
||||
$userInfo = $msz->usersCtx->users->getUser($_POST['login']['username'], 'login');
|
||||
$userInfo = $msz->usersCtx->users->getUser($_POST['username'], 'login');
|
||||
} catch(Exception $ex) {
|
||||
$msz->authCtx->loginAttempts->recordAttempt(false, $ipAddress, $countryCode, $userAgent, $clientInfo);
|
||||
$notices[] = $loginFailedError;
|
||||
|
|
@ -110,14 +115,14 @@ while(!empty($_POST['login']) && is_array($_POST['login'])) {
|
|||
break;
|
||||
}
|
||||
|
||||
if(!$pwInfo->verifyPassword($_POST['login']['password'])) {
|
||||
if(!$pwInfo->verifyPassword($_POST['password'])) {
|
||||
$msz->authCtx->loginAttempts->recordAttempt(false, $ipAddress, $countryCode, $userAgent, $clientInfo, $userInfo);
|
||||
$notices[] = $loginFailedError;
|
||||
break;
|
||||
}
|
||||
|
||||
if($pwInfo->needsRehash)
|
||||
$msz->usersCtx->passwords->updateUserPassword($userInfo, $_POST['login']['password']);
|
||||
$msz->usersCtx->passwords->updateUserPassword($userInfo, $_POST['password']);
|
||||
|
||||
if(!empty($loginPermCat) && $loginPermVal > 0 && !$msz->perms->checkPermissions($loginPermCat, $loginPermVal, $userInfo)) {
|
||||
$notices[] = "Login succeeded, but you're not allowed to browse the site right now.";
|
||||
|
|
@ -157,7 +162,7 @@ while(!empty($_POST['login']) && is_array($_POST['login'])) {
|
|||
|
||||
$welcomeMode = !empty($_GET['welcome']);
|
||||
$oauth2Mode = !empty($_GET['oauth2']);
|
||||
$loginUsername = !empty($_POST['login']['username']) && is_string($_POST['login']['username']) ? $_POST['login']['username'] : (
|
||||
$loginUsername = !empty($_POST['username']) && is_string($_POST['username']) ? $_POST['username'] : (
|
||||
!empty($_GET['username']) && is_string($_GET['username']) ? $_GET['username'] : ''
|
||||
);
|
||||
$loginRedirect = $welcomeMode ? $msz->urls->format('index') : (!empty($_GET['redirect']) && is_string($_GET['redirect']) ? $_GET['redirect'] : null) ?? $_SERVER['HTTP_REFERER'] ?? $msz->urls->format('index');
|
||||
|
|
|
|||
|
|
@ -12,11 +12,10 @@ if($msz->authInfo->loggedIn) {
|
|||
return;
|
||||
}
|
||||
|
||||
$reset = !empty($_POST['reset']) && is_array($_POST['reset']) ? $_POST['reset'] : [];
|
||||
$forgot = !empty($_POST['forgot']) && is_array($_POST['forgot']) ? $_POST['forgot'] : [];
|
||||
$userId = !empty($reset['user']) ? (int)$reset['user'] : (
|
||||
!empty($_GET['user']) ? (int)$_GET['user'] : 0
|
||||
);
|
||||
$userId = !empty($_POST['user']) && is_scalar($_POST['user'])
|
||||
? (int)$_POST['user'] : (
|
||||
!empty($_GET['user']) && is_scalar($_GET['user']) ? (int)$_GET['user'] : 0
|
||||
);
|
||||
|
||||
if($userId > 0)
|
||||
try {
|
||||
|
|
@ -30,17 +29,16 @@ $notices = [];
|
|||
$ipAddress = $_SERVER['REMOTE_ADDR'];
|
||||
$siteIsPrivate = $msz->config->getBoolean('private.enable');
|
||||
$canResetPassword = $siteIsPrivate ? $msz->config->getBoolean('private.allow_password_reset', true) : true;
|
||||
|
||||
$remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress);
|
||||
|
||||
while($canResetPassword) {
|
||||
if(!empty($reset) && $userId > 0) {
|
||||
if(!empty($_POST['verification']) && is_scalar($_POST['verification']) && !empty($userInfo)) {
|
||||
if(!CSRF::validateRequest()) {
|
||||
$notices[] = 'Was unable to verify the request, please try again!';
|
||||
break;
|
||||
}
|
||||
|
||||
$verifyCode = !empty($reset['verification']) && is_string($reset['verification']) ? $reset['verification'] : '';
|
||||
$verifyCode = (string)$_POST['verification'];
|
||||
|
||||
try {
|
||||
$tokenInfo = $msz->authCtx->recoveryTokens->getToken(verifyCode: $verifyCode);
|
||||
|
|
@ -53,9 +51,8 @@ while($canResetPassword) {
|
|||
break;
|
||||
}
|
||||
|
||||
$password = !empty($reset['password']) && is_array($reset['password']) ? $reset['password'] : [];
|
||||
$passwordNew = !empty($password['new']) && is_string($password['new']) ? $password['new'] : '';
|
||||
$passwordConfirm = !empty($password['confirm']) && is_string($password['confirm']) ? $password['confirm'] : '';
|
||||
$passwordNew = !empty($_POST['password_new']) && is_scalar($_POST['password_new']) ? $_POST['password_new'] : '';
|
||||
$passwordConfirm = !empty($_POST['password_confirm']) && is_scalar($_POST['password_confirm']) ? $_POST['password_confirm'] : '';
|
||||
|
||||
if(empty($passwordNew) || empty($passwordConfirm)
|
||||
|| $passwordNew !== $passwordConfirm) {
|
||||
|
|
@ -82,24 +79,19 @@ while($canResetPassword) {
|
|||
return;
|
||||
}
|
||||
|
||||
if(!empty($forgot)) {
|
||||
if(!empty($_POST['email']) && is_scalar($_POST['email'])) {
|
||||
if(!CSRF::validateRequest()) {
|
||||
$notices[] = 'Was unable to verify the request, please try again!';
|
||||
break;
|
||||
}
|
||||
|
||||
if(empty($forgot['email']) || !is_string($forgot['email'])) {
|
||||
$notices[] = "You didn't supply an e-mail address.";
|
||||
break;
|
||||
}
|
||||
|
||||
if($remainingAttempts < 1) {
|
||||
$notices[] = "There are too many failed login attempts from your IP address, please try again later.";
|
||||
break;
|
||||
}
|
||||
|
||||
try {
|
||||
$forgotUser = $msz->usersCtx->users->getUser($forgot['email'], 'email');
|
||||
$forgotUser = $msz->usersCtx->users->getUser((string)$_POST['email'], 'email');
|
||||
} catch(RuntimeException $ex) {
|
||||
unset($forgotUser);
|
||||
}
|
||||
|
|
@ -142,7 +134,7 @@ while($canResetPassword) {
|
|||
|
||||
Template::render(isset($userInfo) ? 'auth.password_reset' : 'auth.password_forgot', [
|
||||
'password_notices' => $notices,
|
||||
'password_email' => !empty($forget['email']) && is_string($forget['email']) ? $forget['email'] : '',
|
||||
'password_email' => !empty($_POST['email']) && is_scalar($_POST['email']) ? (string)$_POST['email'] : '',
|
||||
'password_attempts_remaining' => $remainingAttempts,
|
||||
'password_user' => $userInfo ?? null,
|
||||
'password_verification' => $verifyCode ?? '',
|
||||
|
|
|
|||
|
|
@ -12,14 +12,13 @@ if($msz->authInfo->loggedIn) {
|
|||
return;
|
||||
}
|
||||
|
||||
$register = !empty($_POST['register']) && is_array($_POST['register']) ? $_POST['register'] : [];
|
||||
$notices = [];
|
||||
$ipAddress = $_SERVER['REMOTE_ADDR'];
|
||||
$countryCode = $_SERVER['COUNTRY_CODE'] ?? 'XX';
|
||||
|
||||
$remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress);
|
||||
|
||||
while(!empty($register)) {
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
if(!CSRF::validateRequest()) {
|
||||
$notices[] = 'Was unable to verify the request, please try again!';
|
||||
break;
|
||||
|
|
@ -30,13 +29,13 @@ while(!empty($register)) {
|
|||
break;
|
||||
}
|
||||
|
||||
if(empty($register['username']) || empty($register['password']) || empty($register['email']) || empty($register['question'])
|
||||
|| !is_string($register['username']) || !is_string($register['password']) || !is_string($register['email']) || !is_string($register['question'])) {
|
||||
if(empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email']) || empty($_POST['question'])
|
||||
|| !is_scalar($_POST['username']) || !is_scalar($_POST['password']) || !is_scalar($_POST['email']) || !is_scalar($_POST['question'])) {
|
||||
$notices[] = "You haven't filled in all fields.";
|
||||
break;
|
||||
}
|
||||
|
||||
$checkSpamBot = mb_strtolower($register['question']);
|
||||
$checkSpamBot = mb_strtolower($_POST['question']);
|
||||
$spamBotValid = [
|
||||
'21', 'twentyone', 'twenty-one', 'twenty one',
|
||||
];
|
||||
|
|
@ -52,18 +51,18 @@ while(!empty($register)) {
|
|||
break;
|
||||
}
|
||||
|
||||
$usernameValidation = $msz->usersCtx->users->validateName($register['username']);
|
||||
$usernameValidation = $msz->usersCtx->users->validateName($_POST['username']);
|
||||
if($usernameValidation !== '')
|
||||
$notices[] = $msz->usersCtx->users->validateNameText($usernameValidation);
|
||||
|
||||
$emailValidation = $msz->usersCtx->users->validateEMailAddress($register['email']);
|
||||
$emailValidation = $msz->usersCtx->users->validateEMailAddress($_POST['email']);
|
||||
if($emailValidation !== '')
|
||||
$notices[] = $msz->usersCtx->users->validateEMailAddressText($emailValidation);
|
||||
|
||||
if($register['password_confirm'] !== $register['password'])
|
||||
if($_POST['password_confirm'] !== $_POST['password'])
|
||||
$notices[] = "The given passwords don't match.";
|
||||
|
||||
$passwordValidation = UserPasswordsData::validateUserPassword($register['password']);
|
||||
$passwordValidation = UserPasswordsData::validateUserPassword($_POST['password']);
|
||||
if($passwordValidation !== '')
|
||||
$notices[] = UserPasswordsData::validateUserPasswordText($passwordValidation);
|
||||
|
||||
|
|
@ -74,13 +73,13 @@ while(!empty($register)) {
|
|||
|
||||
try {
|
||||
$userInfo = $msz->usersCtx->users->createUser(
|
||||
$register['username'],
|
||||
$register['email'],
|
||||
$_POST['username'],
|
||||
$_POST['email'],
|
||||
$ipAddress,
|
||||
$countryCode,
|
||||
$defaultRoleInfo
|
||||
);
|
||||
$msz->usersCtx->passwords->updateUserPassword($userInfo, $register['password']);
|
||||
$msz->usersCtx->passwords->updateUserPassword($userInfo, $_POST['password']);
|
||||
} catch(RuntimeException $ex) {
|
||||
$notices[] = 'Something went wrong while creating your account, please alert an administrator or a developer about this!';
|
||||
break;
|
||||
|
|
@ -99,7 +98,7 @@ while(!empty($register)) {
|
|||
|
||||
Template::render('auth.register', [
|
||||
'register_notices' => $notices,
|
||||
'register_username' => !empty($register['username']) && is_string($register['username']) ? $register['username'] : '',
|
||||
'register_email' => !empty($register['email']) && is_string($register['email']) ? $register['email'] : '',
|
||||
'register_username' => !empty($_POST['username']) && is_scalar($_POST['username']) ? (string)$_POST['username'] : '',
|
||||
'register_email' => !empty($_POST['email']) && is_scalar($_POST['email']) ? (string)$_POST['email'] : '',
|
||||
'register_restricted' => '',
|
||||
]);
|
||||
|
|
|
|||
|
|
@ -16,13 +16,12 @@ if($msz->authInfo->loggedIn) {
|
|||
$ipAddress = $_SERVER['REMOTE_ADDR'];
|
||||
$countryCode = $_SERVER['COUNTRY_CODE'] ?? 'XX';
|
||||
$userAgent = $_SERVER['HTTP_USER_AGENT'] ?? '';
|
||||
$twofactor = !empty($_POST['twofactor']) && is_array($_POST['twofactor']) ? $_POST['twofactor'] : [];
|
||||
$notices = [];
|
||||
|
||||
$remainingAttempts = $msz->authCtx->loginAttempts->countRemainingAttempts($ipAddress);
|
||||
|
||||
$tokenString = !empty($_GET['token']) && is_string($_GET['token']) ? $_GET['token'] : (
|
||||
!empty($twofactor['token']) && is_string($twofactor['token']) ? $twofactor['token'] : ''
|
||||
$tokenString = !empty($_GET['token']) && is_scalar($_GET['token']) ? (string)$_GET['token'] : (
|
||||
!empty($_POST['token']) && is_scalar($_POST['token']) ? (string)$_POST['token'] : ''
|
||||
);
|
||||
|
||||
$tokenUserId = $msz->authCtx->tfaSessions->getTokenUserId($tokenString);
|
||||
|
|
@ -37,16 +36,16 @@ if($totpInfo === null) {
|
|||
return;
|
||||
}
|
||||
|
||||
while(!empty($twofactor)) {
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
if(!CSRF::validateRequest()) {
|
||||
$notices[] = 'Was unable to verify the request, please try again!';
|
||||
break;
|
||||
}
|
||||
|
||||
$userAgent = $_SERVER['HTTP_USER_AGENT'] ?? '';
|
||||
$redirect = !empty($twofactor['redirect']) && is_string($twofactor['redirect']) ? $twofactor['redirect'] : '';
|
||||
$redirect = !empty($_POST['redirect']) && is_scalar($_POST['redirect']) ? (string)$_POST['redirect'] : '';
|
||||
|
||||
if(empty($twofactor['code']) || !is_string($twofactor['code'])) {
|
||||
if(empty($_POST['code']) || !is_string($_POST['code'])) {
|
||||
$notices[] = 'Code field was empty.';
|
||||
break;
|
||||
}
|
||||
|
|
@ -59,7 +58,7 @@ while(!empty($twofactor)) {
|
|||
$clientInfo = ClientInfo::fromRequest();
|
||||
$generator = $totpInfo->createGenerator();
|
||||
|
||||
if(!in_array($twofactor['code'], $generator->generateRange())) {
|
||||
if(!in_array($_POST['code'], $generator->generateRange())) {
|
||||
$notices[] = sprintf(
|
||||
"Invalid two factor code, %d attempt%s remaining",
|
||||
$remainingAttempts - 1,
|
||||
|
|
|
|||
|
|
@ -16,8 +16,8 @@ $config = $msz->config->getValues([
|
|||
'forum_leader.unranked.topic:a',
|
||||
]);
|
||||
|
||||
$mode = (string)filter_input(INPUT_GET, 'mode');
|
||||
$yearMonth = (string)filter_input(INPUT_GET, 'id');
|
||||
$mode = isset($_GET['mode']) && is_scalar($_GET['mode']) ? (string)$_GET['mode'] : '';
|
||||
$yearMonth = isset($_GET['id']) && is_scalar($_GET['id']) ? (string)$_GET['id'] : '';
|
||||
$year = $month = 0;
|
||||
|
||||
$currentYear = (int)date('Y');
|
||||
|
|
@ -39,7 +39,7 @@ if(!empty($yearMonth)) {
|
|||
}
|
||||
}
|
||||
|
||||
if(filter_has_var(INPUT_GET, 'allow_unranked')) {
|
||||
if(isset($_GET['allow_unranked'])) {
|
||||
$unrankedForums = $unrankedTopics = [];
|
||||
} else {
|
||||
$unrankedForums = $config['forum_leader.unranked.forum'];
|
||||
|
|
|
|||
|
|
@ -19,11 +19,11 @@ $currentUserId = $currentUser->id;
|
|||
if($msz->usersCtx->hasActiveBan($currentUser))
|
||||
Template::throwError(403);
|
||||
|
||||
if(filter_has_var(INPUT_POST, 'preview')) {
|
||||
if(!empty($_POST['preview'])) {
|
||||
header('Content-Type: text/plain; charset=utf-8');
|
||||
|
||||
$text = (string)filter_input(INPUT_POST, 'text');
|
||||
$format = TextFormat::tryFrom((string)filter_input(INPUT_POST, 'format'));
|
||||
$text = isset($_POST['text']) && is_scalar($_POST['text']) ? (string)$_POST['text'] : '';
|
||||
$format = TextFormat::tryFrom(isset($_POST['format']) && is_scalar($_POST['format']) ? (string)$_POST['format'] : '');
|
||||
if($format === null) {
|
||||
http_response_code(400);
|
||||
return;
|
||||
|
|
@ -39,10 +39,10 @@ $forumPostingModes = [
|
|||
];
|
||||
|
||||
if(!empty($_POST)) {
|
||||
$mode = !empty($_POST['post']['mode']) && is_string($_POST['post']['mode']) ? $_POST['post']['mode'] : 'create';
|
||||
$postId = !empty($_POST['post']['id']) && is_string($_POST['post']['id']) ? (int)$_POST['post']['id'] : 0;
|
||||
$topicId = !empty($_POST['post']['topic']) && is_string($_POST['post']['topic']) ? (int)$_POST['post']['topic'] : 0;
|
||||
$forumId = !empty($_POST['post']['forum']) && is_string($_POST['post']['forum']) ? (int)$_POST['post']['forum'] : 0;
|
||||
$mode = !empty($_POST['mode']) && is_string($_POST['mode']) ? $_POST['mode'] : 'create';
|
||||
$postId = !empty($_POST['id']) && is_string($_POST['id']) ? (int)$_POST['id'] : 0;
|
||||
$topicId = !empty($_POST['topic']) && is_string($_POST['topic']) ? (int)$_POST['topic'] : 0;
|
||||
$forumId = !empty($_POST['forum']) && is_string($_POST['forum']) ? (int)$_POST['forum'] : 0;
|
||||
} else {
|
||||
$mode = !empty($_GET['m']) && is_string($_GET['m']) ? $_GET['m'] : 'create';
|
||||
$postId = !empty($_GET['p']) && is_string($_GET['p']) ? (int)$_GET['p'] : 0;
|
||||
|
|
@ -141,11 +141,11 @@ if($mode === 'edit') {
|
|||
$notices = [];
|
||||
|
||||
if(!empty($_POST)) {
|
||||
$topicTitle = $_POST['post']['title'] ?? '';
|
||||
$postText = $_POST['post']['text'] ?? '';
|
||||
$postParser = TextFormat::tryFrom((string)($_POST['post']['parser'] ?? '')) ?? TextFormat::BBCode;
|
||||
$topicType = isset($_POST['post']['type']) ? $_POST['post']['type'] : null;
|
||||
$postSignature = isset($_POST['post']['signature']);
|
||||
$topicTitle = $_POST['title'] ?? '';
|
||||
$postText = $_POST['text'] ?? '';
|
||||
$postParser = TextFormat::tryFrom((string)($_POST['parser'] ?? '')) ?? TextFormat::BBCode;
|
||||
$topicType = isset($_POST['type']) ? $_POST['type'] : null;
|
||||
$postSignature = isset($_POST['signature']);
|
||||
|
||||
if(!CSRF::validateRequest()) {
|
||||
$notices[] = 'Could not verify request.';
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ $changeActions = [];
|
|||
foreach(ChangelogData::ACTIONS as $action)
|
||||
$changeActions[$action] = ChangelogData::actionText($action);
|
||||
|
||||
$changeId = (string)filter_input(INPUT_GET, 'c', FILTER_SANITIZE_NUMBER_INT);
|
||||
$changeId = !empty($_GET['c']) && is_scalar($_GET['c']) ? (string)$_GET['c'] : '';
|
||||
$changeInfo = null;
|
||||
$changeTagIds = [];
|
||||
$tagInfos = $msz->changelog->getTags();
|
||||
|
|
@ -45,12 +45,12 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
|||
|
||||
// make errors not echos lol
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
$action = trim((string)filter_input(INPUT_POST, 'cl_action'));
|
||||
$summary = trim((string)filter_input(INPUT_POST, 'cl_summary'));
|
||||
$body = trim((string)filter_input(INPUT_POST, 'cl_body'));
|
||||
$userId = (int)filter_input(INPUT_POST, 'cl_user', FILTER_SANITIZE_NUMBER_INT);
|
||||
$createdAt = trim((string)filter_input(INPUT_POST, 'cl_created'));
|
||||
$tags = filter_input(INPUT_POST, 'cl_tags', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY);
|
||||
$action = !empty($_POST['cl_action']) && is_scalar($_POST['cl_action']) ? trim((string)$_POST['cl_action']) : '';
|
||||
$summary = !empty($_POST['cl_summary']) && is_scalar($_POST['cl_summary']) ? trim((string)$_POST['cl_summary']) : '';
|
||||
$body = !empty($_POST['cl_body']) && is_scalar($_POST['cl_body']) ? trim((string)$_POST['cl_body']) : '';
|
||||
$userId = !empty($_POST['cl_user']) && is_scalar($_POST['cl_user']) ? (int)$_POST['cl_user'] : 0;
|
||||
$createdAt = !empty($_POST['cl_created']) && is_scalar($_POST['cl_created']) ? trim((string)$_POST['cl_created']) : '';
|
||||
$tags = !empty($_POST['cl_tags']) && is_array($_POST['cl_tags']) ? $_POST['cl_tags'] : [];
|
||||
|
||||
if($userId < 1) $userId = null;
|
||||
else $userId = (string)$userId;
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
|||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CL_TAGS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$tagId = (string)filter_input(INPUT_GET, 't', FILTER_SANITIZE_NUMBER_INT);
|
||||
$tagId = !empty($_GET['t']) && is_scalar($_GET['t']) ? (string)$_GET['t'] : '';
|
||||
$loadTagInfo = fn() => $msz->changelog->getTag($tagId);
|
||||
|
||||
if(empty($tagId))
|
||||
|
|
@ -33,8 +33,8 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
|||
}
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
$name = trim((string)filter_input(INPUT_POST, 'ct_name'));
|
||||
$description = trim((string)filter_input(INPUT_POST, 'ct_desc'));
|
||||
$name = !empty($_POST['ct_name']) && is_scalar($_POST['ct_name']) ? trim((string)$_POST['ct_name']) : '';
|
||||
$description = !empty($_POST['ct_desc']) && is_scalar($_POST['ct_desc']) ? trim((string)$_POST['ct_desc']) : '';
|
||||
$archive = !empty($_POST['ct_archive']);
|
||||
|
||||
if($isNew) {
|
||||
|
|
|
|||
|
|
@ -12,11 +12,8 @@ if(!$msz->authInfo->getPerms('global')->check(Perm::G_FORUM_CATEGORIES_MANAGE))
|
|||
$permsInfos = $msz->perms->getPermissionInfo(categoryNames: Perm::INFO_FOR_FORUM_CATEGORY);
|
||||
$permsLists = Perm::createList(Perm::LISTS_FOR_FORUM_CATEGORY);
|
||||
|
||||
if(filter_has_var(INPUT_POST, 'perms'))
|
||||
Template::set('calculated_perms', Perm::convertSubmission(
|
||||
filter_input(INPUT_POST, 'perms', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY),
|
||||
Perm::INFO_FOR_FORUM_CATEGORY
|
||||
));
|
||||
if(!empty($_POST))
|
||||
Template::set('calculated_perms', Perm::convertSubmission($_POST, Perm::INFO_FOR_FORUM_CATEGORY));
|
||||
|
||||
Template::render('manage.forum.listing', [
|
||||
'perms_lists' => $permsLists,
|
||||
|
|
|
|||
|
|
@ -11,8 +11,8 @@ if($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||
if(!CSRF::validateRequest())
|
||||
throw new \Exception("Request verification failed.");
|
||||
|
||||
$rTopicId = (string)filter_input(INPUT_POST, 'topic_redir_id');
|
||||
$rTopicURL = trim((string)filter_input(INPUT_POST, 'topic_redir_url'));
|
||||
$rTopicId = !empty($_POST['topic_redir_id']) && is_scalar($_POST['topic_redir_id']) ? trim((string)$_POST['topic_redir_id']) : '';
|
||||
$rTopicURL = !empty($_POST['topic_redir_url']) && is_scalar($_POST['topic_redir_url']) ? trim((string)$_POST['topic_redir_url']) : '';
|
||||
|
||||
$msz->createAuditLog('FORUM_TOPIC_REDIR_CREATE', [$rTopicId]);
|
||||
$msz->forumCtx->topicRedirects->createTopicRedirect($rTopicId, $msz->authInfo->userInfo, $rTopicURL);
|
||||
|
|
@ -20,11 +20,11 @@ if($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||
return;
|
||||
}
|
||||
|
||||
if(filter_input(INPUT_GET, 'm') === 'explode') {
|
||||
if(!empty($_GET['m']) && $_GET['m'] === 'explode') {
|
||||
if(!CSRF::validateRequest())
|
||||
throw new \Exception("Request verification failed.");
|
||||
|
||||
$rTopicId = (string)filter_input(INPUT_GET, 't');
|
||||
$rTopicId = !empty($_GET['t']) && is_scalar($_GET['t']) ? (string)$_GET['t'] : '';
|
||||
$msz->createAuditLog('FORUM_TOPIC_REDIR_REMOVE', [$rTopicId]);
|
||||
$msz->forumCtx->topicRedirects->deleteTopicRedirect($rTopicId);
|
||||
Tools::redirect($msz->urls->format('manage-forum-topic-redirs'));
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
|||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_EMOTES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$emoteId = (string)filter_input(INPUT_GET, 'e', FILTER_SANITIZE_NUMBER_INT);
|
||||
$emoteId = !empty($_GET['e']) && is_scalar($_GET['e']) ? (string)$_GET['e'] : '';
|
||||
$emoteInfo = [];
|
||||
$emoteStrings = [];
|
||||
|
||||
|
|
@ -27,10 +27,10 @@ else
|
|||
|
||||
// make errors not echos lol
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
$order = (int)filter_input(INPUT_POST, 'em_order', FILTER_SANITIZE_NUMBER_INT);
|
||||
$minRank = (int)filter_input(INPUT_POST, 'em_minrank', FILTER_SANITIZE_NUMBER_INT);
|
||||
$url = trim((string)filter_input(INPUT_POST, 'em_url'));
|
||||
$strings = explode(' ', trim((string)filter_input(INPUT_POST, 'em_strings')));
|
||||
$order = !empty($_POST['em_order']) && is_scalar($_POST['em_order']) ? (int)$_POST['em_order'] : '';
|
||||
$minRank = !empty($_POST['em_minrank']) && is_scalar($_POST['em_minrank']) ? (int)$_POST['em_minrank'] : '';
|
||||
$url = !empty($_POST['em_url']) && is_scalar($_POST['em_url']) ? trim((string)$_POST['em_url']) : '';
|
||||
$strings = explode(' ', !empty($_POST['em_strings']) && is_scalar($_POST['em_strings']) ? trim((string)$_POST['em_strings']) : '');
|
||||
|
||||
if($isNew || $url !== $emoteInfo->url) {
|
||||
$checkUrl = $msz->emotes->checkEmoteUrl($url);
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ if(!$msz->authInfo->getPerms('global')->check(Perm::G_EMOTES_MANAGE))
|
|||
Template::throwError(403);
|
||||
|
||||
if(CSRF::validateRequest() && !empty($_GET['emote'])) {
|
||||
$emoteId = (string)filter_input(INPUT_GET, 'emote', FILTER_SANITIZE_NUMBER_INT);
|
||||
$emoteId = !empty($_GET['emote']) && is_scalar($_GET['emote']) ? (string)$_GET['emote'] : '';
|
||||
|
||||
try {
|
||||
$emoteInfo = $msz->emotes->getEmote($emoteId);
|
||||
|
|
@ -23,14 +23,14 @@ if(CSRF::validateRequest() && !empty($_GET['emote'])) {
|
|||
$msz->createAuditLog('EMOTICON_DELETE', [$emoteInfo->id]);
|
||||
} else {
|
||||
if(isset($_GET['order'])) {
|
||||
$order = filter_input(INPUT_GET, 'order');
|
||||
$order = !empty($_GET['order']) && is_scalar($_GET['order']) ? (string)$_GET['order'] : '';
|
||||
$offset = $order === 'i' ? 10 : ($order === 'd' ? -10 : 0);
|
||||
$msz->emotes->updateEmoteOrderOffset($emoteInfo, $offset);
|
||||
$msz->createAuditLog('EMOTICON_ORDER', [$emoteInfo->id]);
|
||||
}
|
||||
|
||||
if(isset($_GET['alias'])) {
|
||||
$alias = (string)filter_input(INPUT_GET, 'alias');
|
||||
$alias = !empty($_GET['alias']) && is_scalar($_GET['alias']) ? (string)$_GET['alias'] : '';
|
||||
if($msz->emotes->checkEmoteString($alias) === '') {
|
||||
$msz->emotes->addEmoteString($emoteInfo, $alias);
|
||||
$msz->createAuditLog('EMOTICON_ALIAS', [$emoteInfo->id, $alias]);
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
|||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$valueInfo = $msz->config->getValueInfo((string)filter_input(INPUT_GET, 'name'));
|
||||
$valueInfo = $msz->config->getValueInfo(!empty($_GET['name']) && is_scalar($_GET['name']) ? (string)$_GET['name'] : '');
|
||||
if($valueInfo === null)
|
||||
Template::throwError(404);
|
||||
|
||||
|
|
|
|||
|
|
@ -10,8 +10,8 @@ if(!$msz->authInfo->getPerms('global')->check(Perm::G_CONFIG_MANAGE))
|
|||
Template::throwError(403);
|
||||
|
||||
$isNew = true;
|
||||
$sName = (string)filter_input(INPUT_GET, 'name');
|
||||
$sType = (string)filter_input(INPUT_GET, 'type');
|
||||
$sName = !empty($_GET['name']) && is_scalar($_GET['name']) ? (string)$_GET['name'] : '';
|
||||
$sType = !empty($_GET['type']) && is_scalar($_GET['type']) ? (string)$_GET['type'] : '';
|
||||
$sValue = null;
|
||||
$loadValueInfo = fn() => $msz->config->getValueInfo($sName);
|
||||
|
||||
|
|
@ -27,13 +27,13 @@ if(!empty($sName)) {
|
|||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
if($isNew) {
|
||||
$sName = trim((string)filter_input(INPUT_POST, 'conf_name'));
|
||||
$sName = !empty($_POST['conf_name']) && is_scalar($_POST['conf_name']) ? trim((string)$_POST['conf_name']) : '';
|
||||
if(!DbConfig::validateName($sName)) {
|
||||
echo 'Name contains invalid characters.';
|
||||
break;
|
||||
}
|
||||
|
||||
$sType = trim((string)filter_input(INPUT_POST, 'conf_type'));
|
||||
$sType = !empty($_POST['conf_type']) && is_scalar($_POST['conf_type']) ? trim((string)$_POST['conf_type']) : '';
|
||||
if(!in_array($sType, ['string', 'int', 'float', 'bool', 'array'])) {
|
||||
echo 'Invalid type specified.';
|
||||
break;
|
||||
|
|
@ -43,7 +43,7 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
|||
if($sType === 'array') {
|
||||
$applyFunc = $msz->config->setArray(...);
|
||||
$sValue = [];
|
||||
$sRaw = filter_input(INPUT_POST, 'conf_value', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY);
|
||||
$sRaw = !empty($_POST['conf_value']) && is_array($_POST['conf_value']) ? $_POST['conf_value'] : [];
|
||||
foreach($sRaw as $rValue) {
|
||||
if(strpos($rValue, ':') === 1) {
|
||||
$rType = $rValue[0];
|
||||
|
|
@ -63,7 +63,7 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
|||
$sValue = !empty($_POST['conf_value']);
|
||||
$applyFunc = $msz->config->setBoolean(...);
|
||||
} else {
|
||||
$sValue = filter_input(INPUT_POST, 'conf_value');
|
||||
$sValue = !empty($_POST['conf_value']) && is_scalar($_POST['conf_value']) ? trim((string)$_POST['conf_value']) : '';
|
||||
if($sType === 'int') {
|
||||
$applyFunc = $msz->config->setInteger(...);
|
||||
$sValue = (int)$sValue;
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
|||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_CATEGORIES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$categoryId = (string)filter_input(INPUT_GET, 'c', FILTER_SANITIZE_NUMBER_INT);
|
||||
$categoryId = !empty($_GET['c']) && is_scalar($_GET['c']) ? (string)$_GET['c'] : '';
|
||||
$loadCategoryInfo = fn() => $msz->news->getCategory(categoryId: $categoryId);
|
||||
|
||||
if(empty($categoryId))
|
||||
|
|
@ -33,8 +33,8 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
|||
}
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
$name = trim((string)filter_input(INPUT_POST, 'nc_name'));
|
||||
$description = trim((string)filter_input(INPUT_POST, 'nc_desc'));
|
||||
$name = !empty($_POST['nc_name']) && is_scalar($_POST['nc_name']) ? trim((string)$_POST['nc_name']) : '';
|
||||
$description = !empty($_POST['nc_desc']) && is_scalar($_POST['nc_desc']) ? trim((string)$_POST['nc_desc']) : '';
|
||||
$hidden = !empty($_POST['nc_hidden']);
|
||||
|
||||
if($isNew) {
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
|||
if(!$msz->authInfo->getPerms('global')->check(Perm::G_NEWS_POSTS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$postId = (string)filter_input(INPUT_GET, 'p', FILTER_SANITIZE_NUMBER_INT);
|
||||
$postId = !empty($_GET['p']) && is_scalar($_GET['p']) ? (string)$_GET['p'] : '';
|
||||
$loadPostInfo = fn() => $msz->news->getPost($postId);
|
||||
|
||||
if(empty($postId))
|
||||
|
|
@ -34,10 +34,10 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
|||
}
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
$title = trim((string)filter_input(INPUT_POST, 'np_title'));
|
||||
$category = (string)filter_input(INPUT_POST, 'np_category', FILTER_SANITIZE_NUMBER_INT);
|
||||
$title = !empty($_POST['np_title']) && is_scalar($_POST['np_title']) ? trim((string)$_POST['np_title']) : '';
|
||||
$category = !empty($_POST['np_category']) && is_scalar($_POST['np_category']) ? trim((string)$_POST['np_category']) : '';
|
||||
$featured = !empty($_POST['np_featured']);
|
||||
$body = trim((string)filter_input(INPUT_POST, 'np_body'));
|
||||
$body = !empty($_POST['np_body']) && is_scalar($_POST['np_body']) ? trim((string)$_POST['np_body']) : '';
|
||||
|
||||
if($isNew) {
|
||||
$postInfo = $msz->news->createPost($category, $title, $body, $featured, $msz->authInfo->userInfo);
|
||||
|
|
|
|||
|
|
@ -11,12 +11,12 @@ if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
|||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_BANS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] === 'GET' && filter_has_var(INPUT_GET, 'delete')) {
|
||||
if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
||||
if(!CSRF::validateRequest())
|
||||
Template::throwError(403);
|
||||
|
||||
try {
|
||||
$banInfo = $msz->usersCtx->bans->getBan((string)filter_input(INPUT_GET, 'b'));
|
||||
$banInfo = $msz->usersCtx->bans->getBan(!empty($_GET['b']) && is_scalar($_GET['b']) ? (string)$_GET['b'] : '');
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
|
@ -28,7 +28,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && filter_has_var(INPUT_GET, 'delete'))
|
|||
}
|
||||
|
||||
try {
|
||||
$userInfo = $msz->usersCtx->getUserInfo(filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT), 'id');
|
||||
$userInfo = $msz->usersCtx->getUserInfo(!empty($_GET['u']) && is_scalar($_GET['u']) ? (string)$_GET['u'] : '', 'id');
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
|
@ -36,11 +36,11 @@ try {
|
|||
$modInfo = $msz->authInfo->userInfo;
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
$expires = (int)filter_input(INPUT_POST, 'ub_expires', FILTER_SANITIZE_NUMBER_INT);
|
||||
$expiresCustom = (string)filter_input(INPUT_POST, 'ub_expires_custom');
|
||||
$publicReason = trim((string)filter_input(INPUT_POST, 'ub_reason_pub'));
|
||||
$privateReason = trim((string)filter_input(INPUT_POST, 'ub_reason_priv'));
|
||||
$severity = (int)filter_input(INPUT_POST, 'ub_severity', FILTER_SANITIZE_NUMBER_INT);
|
||||
$expires = !empty($_POST['ub_expires']) && is_scalar($_POST['ub_expires']) ? (int)$_POST['ub_expires'] : 0;
|
||||
$expiresCustom = !empty($_POST['ub_expires_custom']) && is_scalar($_POST['ub_expires_custom']) ? trim((string)$_POST['ub_expires_custom']) : '';
|
||||
$publicReason = !empty($_POST['ub_reason_pub']) && is_scalar($_POST['ub_reason_pub']) ? trim((string)$_POST['ub_reason_pub']) : '';
|
||||
$privateReason = !empty($_POST['ub_reason_priv']) && is_scalar($_POST['ub_reason_priv']) ? trim((string)$_POST['ub_reason_priv']) : '';
|
||||
$severity = !empty($_POST['ub_severity']) && is_scalar($_POST['ub_severity']) ? (int)$_POST['ub_severity'] : 0;
|
||||
|
||||
Template::set([
|
||||
'ban_value_expires' => $expires,
|
||||
|
|
|
|||
|
|
@ -10,8 +10,8 @@ if(!$msz->authInfo->getPerms('user')->check(Perm::U_BANS_MANAGE))
|
|||
Template::throwError(403);
|
||||
|
||||
$filterUser = null;
|
||||
if(filter_has_var(INPUT_GET, 'u')) {
|
||||
$filterUserId = filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT);
|
||||
if(!empty($_GET['u'])) {
|
||||
$filterUserId = !empty($_GET['u']) && is_scalar($_GET['u']) ? (string)$_GET['u'] : '';
|
||||
try {
|
||||
$filterUser = $msz->usersCtx->getUserInfo($filterUserId);
|
||||
} catch(RuntimeException $ex) {
|
||||
|
|
@ -20,7 +20,7 @@ if(filter_has_var(INPUT_GET, 'u')) {
|
|||
}
|
||||
|
||||
$pagination = Pagination::fromInput($msz->usersCtx->bans->countBans(userInfo: $filterUser), 10);
|
||||
if(!$pagination->validOffset)
|
||||
if(!$pagination->validOffset && $pagination->count > 0)
|
||||
Template::throwError(404);
|
||||
|
||||
$banList = [];
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
|||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_NOTES_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
$hasNoteId = filter_has_var(INPUT_GET, 'n');
|
||||
$hasUserId = filter_has_var(INPUT_GET, 'u');
|
||||
$hasNoteId = !empty($_GET['n']);
|
||||
$hasUserId = !empty($_GET['u']);
|
||||
|
||||
if((!$hasNoteId && !$hasUserId) || ($hasNoteId && $hasUserId))
|
||||
Template::throwError(400);
|
||||
|
|
@ -19,7 +19,7 @@ if($hasUserId) {
|
|||
$isNew = true;
|
||||
|
||||
try {
|
||||
$userInfo = $msz->usersCtx->getUserInfo(filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT));
|
||||
$userInfo = $msz->usersCtx->getUserInfo(!empty($_GET['u']) && is_scalar($_GET['u']) ? (string)$_GET['u'] : '');
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
|
@ -29,12 +29,12 @@ if($hasUserId) {
|
|||
$isNew = false;
|
||||
|
||||
try {
|
||||
$noteInfo = $msz->usersCtx->modNotes->getNote((string)filter_input(INPUT_GET, 'n', FILTER_SANITIZE_NUMBER_INT));
|
||||
$noteInfo = $msz->usersCtx->modNotes->getNote(!empty($_GET['n']) && is_scalar($_GET['n']) ? (string)$_GET['n'] : '');
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] === 'GET' && filter_has_var(INPUT_GET, 'delete')) {
|
||||
if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
||||
if(!CSRF::validateRequest())
|
||||
Template::throwError(403);
|
||||
|
||||
|
|
@ -49,8 +49,8 @@ if($hasUserId) {
|
|||
}
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
$title = trim((string)filter_input(INPUT_POST, 'mn_title'));
|
||||
$body = trim((string)filter_input(INPUT_POST, 'mn_body'));
|
||||
$title = trim((string)($_POST['mn_title'] ?? ''));
|
||||
$body = trim((string)($_POST['mn_body'] ?? ''));
|
||||
|
||||
if($isNew) {
|
||||
$noteInfo = $msz->usersCtx->modNotes->createNote($userInfo, $title, $body, $authorInfo);
|
||||
|
|
|
|||
|
|
@ -10,8 +10,8 @@ if(!$msz->authInfo->getPerms('user')->check(Perm::U_NOTES_MANAGE))
|
|||
Template::throwError(403);
|
||||
|
||||
$filterUser = null;
|
||||
if(filter_has_var(INPUT_GET, 'u')) {
|
||||
$filterUserId = filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT);
|
||||
if(!empty($_GET['u'])) {
|
||||
$filterUserId = !empty($_GET['u']) && is_scalar($_GET['u']) ? (string)$_GET['u'] : '';
|
||||
try {
|
||||
$filterUser = $msz->usersCtx->getUserInfo($filterUserId);
|
||||
} catch(RuntimeException $ex) {
|
||||
|
|
@ -20,7 +20,7 @@ if(filter_has_var(INPUT_GET, 'u')) {
|
|||
}
|
||||
|
||||
$pagination = Pagination::fromInput($msz->usersCtx->modNotes->countNotes(userInfo: $filterUser), 10);
|
||||
if(!$pagination->validOffset)
|
||||
if(!$pagination->validOffset && $pagination->count > 0)
|
||||
Template::throwError(404);
|
||||
|
||||
$notes = [];
|
||||
|
|
|
|||
|
|
@ -15,8 +15,8 @@ if(!$viewerPerms->check(Perm::U_ROLES_MANAGE))
|
|||
|
||||
$roleInfo = null;
|
||||
|
||||
if(filter_has_var(INPUT_GET, 'r')) {
|
||||
$roleId = (string)filter_input(INPUT_GET, 'r', FILTER_SANITIZE_NUMBER_INT);
|
||||
if(!empty($_GET['r'])) {
|
||||
$roleId = !empty($_GET['r']) && is_scalar($_GET['r']) ? (string)$_GET['r'] : '';
|
||||
|
||||
try {
|
||||
$isNew = false;
|
||||
|
|
@ -40,17 +40,17 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
|||
break;
|
||||
}
|
||||
|
||||
$roleString = (string)filter_input(INPUT_POST, 'ur_string');
|
||||
$roleName = (string)filter_input(INPUT_POST, 'ur_name');
|
||||
$roleString = !empty($_POST['ur_string']) && is_scalar($_POST['ur_string']) ? trim((string)$_POST['ur_string']) : '';
|
||||
$roleName = !empty($_POST['ur_name']) && is_scalar($_POST['ur_name']) ? trim((string)$_POST['ur_name']) : '';
|
||||
$roleHide = !empty($_POST['ur_hidden']);
|
||||
$roleLeavable = !empty($_POST['ur_leavable']);
|
||||
$roleRank = (int)filter_input(INPUT_POST, 'ur_rank', FILTER_SANITIZE_NUMBER_INT);
|
||||
$roleTitle = (string)filter_input(INPUT_POST, 'ur_title');
|
||||
$roleDesc = (string)filter_input(INPUT_POST, 'ur_desc');
|
||||
$roleRank = !empty($_POST['ur_rank']) && is_scalar($_POST['ur_rank']) ? (int)$_POST['ur_rank'] : 0;
|
||||
$roleTitle = !empty($_POST['ur_title']) && is_scalar($_POST['ur_title']) ? trim((string)$_POST['ur_title']) : '';
|
||||
$roleDesc = !empty($_POST['ur_desc']) && is_scalar($_POST['ur_desc']) ? trim((string)$_POST['ur_desc']) : '';
|
||||
$colourInherit = !empty($_POST['ur_col_inherit']);
|
||||
$colourRed = (int)filter_input(INPUT_POST, 'ur_col_red', FILTER_SANITIZE_NUMBER_INT);
|
||||
$colourGreen = (int)filter_input(INPUT_POST, 'ur_col_green', FILTER_SANITIZE_NUMBER_INT);
|
||||
$colourBlue = (int)filter_input(INPUT_POST, 'ur_col_blue', FILTER_SANITIZE_NUMBER_INT);
|
||||
$colourRed = !empty($_POST['ur_col_red']) && is_scalar($_POST['ur_col_red']) ? (int)$_POST['ur_col_red'] : 0;
|
||||
$colourGreen = !empty($_POST['ur_col_green']) && is_scalar($_POST['ur_col_green']) ? (int)$_POST['ur_col_green'] : 0;
|
||||
$colourBlue = !empty($_POST['ur_col_blue']) && is_scalar($_POST['ur_col_blue']) ? (int)$_POST['ur_col_blue'] : 0;
|
||||
|
||||
Template::set([
|
||||
'role_ur_string' => $roleString,
|
||||
|
|
@ -153,12 +153,8 @@ while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
|||
[$roleInfo->id]
|
||||
);
|
||||
|
||||
if($canEditPerms && filter_has_var(INPUT_POST, 'perms')) {
|
||||
$permsApply = Perm::convertSubmission(
|
||||
filter_input(INPUT_POST, 'perms', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY),
|
||||
Perm::INFO_FOR_ROLE
|
||||
);
|
||||
|
||||
if($canEditPerms) {
|
||||
$permsApply = Perm::convertSubmission($_POST, Perm::INFO_FOR_ROLE);
|
||||
foreach($permsApply as $categoryName => $values)
|
||||
$msz->perms->setPermissions($categoryName, $values['allow'], $values['deny'], roleInfo: $roleInfo);
|
||||
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ if(!$hasAccess)
|
|||
Template::throwError(403);
|
||||
|
||||
$notices = [];
|
||||
$userId = (string)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT);
|
||||
$userId = !empty($_GET['u']) && is_scalar($_GET['u']) ? (string)$_GET['u'] : '';
|
||||
|
||||
try {
|
||||
$userInfo = $msz->usersCtx->users->getUser($userId, 'id');
|
||||
|
|
@ -201,12 +201,8 @@ if(CSRF::validateRequest() && $canEdit) {
|
|||
}
|
||||
}
|
||||
|
||||
if($canEditPerms && filter_has_var(INPUT_POST, 'perms')) {
|
||||
$permsApply = Perm::convertSubmission(
|
||||
filter_input(INPUT_POST, 'perms', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY),
|
||||
Perm::INFO_FOR_USER
|
||||
);
|
||||
|
||||
if($canEditPerms) {
|
||||
$permsApply = Perm::convertSubmission($_POST, Perm::INFO_FOR_USER);
|
||||
foreach($permsApply as $categoryName => $values)
|
||||
$msz->perms->setPermissions($categoryName, $values['allow'], $values['deny'], userInfo: $userInfo);
|
||||
|
||||
|
|
|
|||
|
|
@ -9,12 +9,12 @@ if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
|||
if(!$msz->authInfo->getPerms('user')->check(Perm::U_WARNINGS_MANAGE))
|
||||
Template::throwError(403);
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] === 'GET' && filter_has_var(INPUT_GET, 'delete')) {
|
||||
if($_SERVER['REQUEST_METHOD'] === 'GET' && !empty($_GET['delete'])) {
|
||||
if(!CSRF::validateRequest())
|
||||
Template::throwError(403);
|
||||
|
||||
try {
|
||||
$warnInfo = $msz->usersCtx->warnings->getWarning((string)filter_input(INPUT_GET, 'w'));
|
||||
$warnInfo = $msz->usersCtx->warnings->getWarning(!empty($_GET['w']) && is_scalar($_GET['w']) ? (string)$_GET['w'] : '');
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
|
@ -26,7 +26,7 @@ if($_SERVER['REQUEST_METHOD'] === 'GET' && filter_has_var(INPUT_GET, 'delete'))
|
|||
}
|
||||
|
||||
try {
|
||||
$userInfo = $msz->usersCtx->users->getUser(filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT), 'id');
|
||||
$userInfo = $msz->usersCtx->users->getUser(!empty($_GET['u']) && is_scalar($_GET['u']) ? (string)$_GET['u'] : '', 'id');
|
||||
} catch(RuntimeException $ex) {
|
||||
Template::throwError(404);
|
||||
}
|
||||
|
|
@ -34,7 +34,7 @@ try {
|
|||
$modInfo = $msz->authInfo->userInfo;
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
$body = trim((string)filter_input(INPUT_POST, 'uw_body'));
|
||||
$body = trim((string)($_POST['uw_body'] ?? ''));
|
||||
Template::set('warn_value_body', $body);
|
||||
|
||||
$warnInfo = $msz->usersCtx->warnings->createWarning(
|
||||
|
|
|
|||
|
|
@ -10,8 +10,8 @@ if(!$msz->authInfo->getPerms('user')->check(Perm::U_WARNINGS_MANAGE))
|
|||
Template::throwError(403);
|
||||
|
||||
$filterUser = null;
|
||||
if(filter_has_var(INPUT_GET, 'u')) {
|
||||
$filterUserId = filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT);
|
||||
if(!empty($_GET['u'])) {
|
||||
$filterUserId = !empty($_GET['u']) && is_scalar($_GET['u']) ? (string)$_GET['u'] : '';
|
||||
try {
|
||||
$filterUser = $msz->usersCtx->getUserInfo($filterUserId);
|
||||
} catch(RuntimeException $ex) {
|
||||
|
|
@ -20,7 +20,7 @@ if(filter_has_var(INPUT_GET, 'u')) {
|
|||
}
|
||||
|
||||
$pagination = Pagination::fromInput($msz->usersCtx->warnings->countWarnings(userInfo: $filterUser), 10);
|
||||
if(!$pagination->validOffset)
|
||||
if(!$pagination->validOffset && $pagination->count > 0)
|
||||
Template::throwError(404);
|
||||
|
||||
$warnList = [];
|
||||
|
|
|
|||
|
|
@ -11,9 +11,9 @@ if(!$msz->authInfo->loggedIn)
|
|||
|
||||
// TODO: restore forum-topics and forum-posts orderings
|
||||
|
||||
$roleId = filter_has_var(INPUT_GET, 'r') ? (string)filter_input(INPUT_GET, 'r') : null;
|
||||
$orderBy = strtolower((string)filter_input(INPUT_GET, 'ss'));
|
||||
$orderDir = strtolower((string)filter_input(INPUT_GET, 'sd'));
|
||||
$roleId = !empty($_GET['r']) && is_string($_GET['r']) ? $_GET['r'] : null;
|
||||
$orderBy = strtolower(!empty($_GET['ss']) && is_string($_GET['ss']) ? $_GET['ss'] : '');
|
||||
$orderDir = strtolower(!empty($_GET['sd']) && is_string($_GET['sd']) ? $_GET['sd'] : '');
|
||||
|
||||
$orderDirs = [
|
||||
'asc' => 'In Order',
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ use stdClass;
|
|||
use InvalidArgumentException;
|
||||
use RuntimeException;
|
||||
use Index\ByteFormat;
|
||||
use Index\Http\Content\MultipartFormContent;
|
||||
use Index\Http\Content\Multipart\FileMultipartFormData;
|
||||
use Misuzu\Forum\ForumSignaturesData;
|
||||
use Misuzu\Parsers\TextFormat;
|
||||
use Misuzu\Profile\{ProfileAboutData,ProfileBackgroundAttach};
|
||||
|
|
@ -111,52 +113,49 @@ if($isEditing) {
|
|||
if(!CSRF::validateRequest()) {
|
||||
$notices[] = "Couldn't verify you, please refresh the page and retry.";
|
||||
} else {
|
||||
$profileFieldsSubmit = filter_input(INPUT_POST, 'profile', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY);
|
||||
if(!$perms->edit_profile) {
|
||||
$notices[] = "You're not allowed to edit your profile.";
|
||||
} else {
|
||||
$profileFieldInfos = iterator_to_array($msz->profileCtx->fields->getFields());
|
||||
$profileFieldsSetInfos = [];
|
||||
$profileFieldsSetValues = [];
|
||||
$profileFieldsRemove = [];
|
||||
|
||||
if(!empty($profileFieldsSubmit)) {
|
||||
if(!$perms->edit_profile) {
|
||||
$notices[] = "You're not allowed to edit your profile.";
|
||||
} else {
|
||||
$profileFieldInfos = iterator_to_array($msz->profileCtx->fields->getFields());
|
||||
$profileFieldsSetInfos = [];
|
||||
$profileFieldsSetValues = [];
|
||||
$profileFieldsRemove = [];
|
||||
foreach($profileFieldInfos as $fieldInfo) {
|
||||
$fieldName = sprintf('profile_%s', $fieldInfo->name);
|
||||
$fieldValue = empty($_POST[$fieldName]) || !is_scalar($_POST[$fieldName])
|
||||
? '' : (string)filter_var($_POST[$fieldName]);
|
||||
|
||||
foreach($profileFieldInfos as $fieldInfo) {
|
||||
$fieldName = $fieldInfo->name;
|
||||
$fieldValue = empty($profileFieldsSubmit[$fieldName]) ? '' : (string)filter_var($profileFieldsSubmit[$fieldName]);
|
||||
|
||||
if(empty($profileFieldsSubmit[$fieldName])) {
|
||||
$profileFieldsRemove[] = $fieldInfo;
|
||||
continue;
|
||||
}
|
||||
|
||||
if($fieldInfo->checkValue($fieldValue)) {
|
||||
$profileFieldsSetInfos[] = $fieldInfo;
|
||||
$profileFieldsSetValues[] = $fieldValue;
|
||||
} else
|
||||
$notices[] = sprintf("%s isn't properly formatted.", $fieldInfo->title);
|
||||
|
||||
unset($fieldName, $fieldValue, $fieldInfo);
|
||||
if(empty($_POST[$fieldName])) {
|
||||
$profileFieldsRemove[] = $fieldInfo;
|
||||
continue;
|
||||
}
|
||||
|
||||
if(!empty($profileFieldsRemove))
|
||||
$msz->profileCtx->fields->removeFieldValues($userInfo, $profileFieldsRemove);
|
||||
if(!empty($profileFieldsSetInfos))
|
||||
$msz->profileCtx->fields->setFieldValues($userInfo, $profileFieldsSetInfos, $profileFieldsSetValues);
|
||||
if($fieldInfo->checkValue($fieldValue)) {
|
||||
$profileFieldsSetInfos[] = $fieldInfo;
|
||||
$profileFieldsSetValues[] = $fieldValue;
|
||||
} else
|
||||
$notices[] = sprintf("%s isn't properly formatted.", $fieldInfo->title);
|
||||
|
||||
unset($fieldName, $fieldValue, $fieldInfo);
|
||||
}
|
||||
|
||||
if(!empty($profileFieldsRemove))
|
||||
$msz->profileCtx->fields->removeFieldValues($userInfo, $profileFieldsRemove);
|
||||
if(!empty($profileFieldsSetInfos))
|
||||
$msz->profileCtx->fields->setFieldValues($userInfo, $profileFieldsSetInfos, $profileFieldsSetValues);
|
||||
}
|
||||
|
||||
if(filter_has_var(INPUT_POST, 'about_body')) {
|
||||
if(isset($_POST['about_body']) && is_scalar($_POST['about_body'])) {
|
||||
if(!$perms->edit_about) {
|
||||
$notices[] = "You're not allowed to edit your about page.";
|
||||
} else {
|
||||
$aboutBody = (string)filter_input(INPUT_POST, 'about_body');
|
||||
$aboutBody = (string)$_POST['about_body'];
|
||||
if(trim($aboutBody) === '') {
|
||||
$msz->profileCtx->about->deleteProfileAbout($userInfo);
|
||||
$aboutInfo = null;
|
||||
} else {
|
||||
$aboutFormat = TextFormat::tryFrom(filter_input(INPUT_POST, 'about_format'));
|
||||
$aboutFormat = TextFormat::tryFrom(isset($_POST['about_format']) && is_scalar($_POST['about_format']) ? (string)$_POST['about_format'] : '');
|
||||
$aboutValid = ProfileAboutData::validateProfileAbout($aboutFormat, $aboutBody);
|
||||
if($aboutValid === '')
|
||||
$aboutInfo = $msz->profileCtx->about->updateProfileAbout($userInfo, $aboutBody, $aboutFormat);
|
||||
|
|
@ -166,16 +165,16 @@ if($isEditing) {
|
|||
}
|
||||
}
|
||||
|
||||
if(filter_has_var(INPUT_POST, 'sig_body')) {
|
||||
if(isset($_POST['sig_body']) && is_scalar($_POST['sig_body'])) {
|
||||
if(!$perms->edit_signature) {
|
||||
$notices[] = "You're not allowed to edit your forum signature.";
|
||||
} else {
|
||||
$sigBody = (string)filter_input(INPUT_POST, 'sig_body');
|
||||
$sigBody = (string)$_POST['sig_body'];
|
||||
if(trim($sigBody) === '') {
|
||||
$msz->forumCtx->signatures->deleteSignature($userInfo);
|
||||
$sigInfo = null;
|
||||
} else {
|
||||
$sigFormat = TextFormat::tryFrom(filter_input(INPUT_POST, 'sig_format'));
|
||||
$sigFormat = TextFormat::tryFrom(isset($_POST['sig_format']) && is_scalar($_POST['sig_format']) ? (string)$_POST['sig_format'] : '');
|
||||
$sigValid = ForumSignaturesData::validateSignature($sigFormat, $sigBody);
|
||||
if($sigValid === '')
|
||||
$sigInfo = $msz->forumCtx->signatures->updateSignature($userInfo, $sigBody, $sigFormat);
|
||||
|
|
@ -185,13 +184,13 @@ if($isEditing) {
|
|||
}
|
||||
}
|
||||
|
||||
if(!empty($_POST['birthdate']) && is_array($_POST['birthdate'])) {
|
||||
if(!empty($_POST['birth_day']) && !empty($_POST['birth_month'])) {
|
||||
if(!$perms->edit_birthdate) {
|
||||
$notices[] = "You aren't allow to change your birthdate.";
|
||||
} else {
|
||||
$birthYear = (int)($_POST['birthdate']['year'] ?? 0);
|
||||
$birthMonth = (int)($_POST['birthdate']['month'] ?? 0);
|
||||
$birthDay = (int)($_POST['birthdate']['day'] ?? 0);
|
||||
$birthYear = (int)($_POST['birth_year'] ?? 0);
|
||||
$birthMonth = (int)$_POST['birth_month'];
|
||||
$birthDay = (int)$_POST['birth_day'];
|
||||
$birthValid = UserBirthdatesData::validateBirthdate($birthYear, $birthMonth, $birthDay);
|
||||
|
||||
if($birthValid === '') {
|
||||
|
|
@ -204,53 +203,39 @@ if($isEditing) {
|
|||
}
|
||||
}
|
||||
|
||||
if(!empty($_FILES['avatar'])) {
|
||||
if(!empty($_POST['avatar']['delete'])) {
|
||||
$avatarAsset->delete();
|
||||
} else {
|
||||
if(!empty($_POST['avatar_delete'])) {
|
||||
$avatarAsset->delete();
|
||||
} elseif(isset($mszRequestContent) && $mszRequestContent instanceof MultipartFormContent) {
|
||||
$avatarInfo = $mszRequestContent->getParamData('avatar_file');
|
||||
if($avatarInfo instanceof FileMultipartFormData) {
|
||||
if(!$perms->edit_avatar) {
|
||||
$notices[] = "You aren't allow to change your avatar.";
|
||||
} elseif(!empty($_FILES['avatar'])
|
||||
&& is_array($_FILES['avatar'])
|
||||
&& !empty($_FILES['avatar']['name']['file'])) {
|
||||
if($_FILES['avatar']['error']['file'] !== UPLOAD_ERR_OK) {
|
||||
switch($_FILES['avatar']['error']['file']) {
|
||||
case UPLOAD_ERR_NO_FILE:
|
||||
$notices[] = 'Select a file before hitting upload!';
|
||||
break;
|
||||
case UPLOAD_ERR_PARTIAL:
|
||||
$notices[] = 'The upload was interrupted, please try again!';
|
||||
break;
|
||||
case UPLOAD_ERR_INI_SIZE:
|
||||
case UPLOAD_ERR_FORM_SIZE:
|
||||
$notices[] = sprintf('Your avatar is not allowed to be larger in file size than %s!', ByteFormat::format($avatarAsset->getMaxBytes()));
|
||||
break;
|
||||
default:
|
||||
$notices[] = 'Unable to save your avatar, contact an administator!';
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
try {
|
||||
$avatarAsset->setFromPath($_FILES['avatar']['tmp_name']['file']);
|
||||
} catch(InvalidArgumentException $ex) {
|
||||
$exMessage = $ex->getMessage();
|
||||
$notices[] = match($exMessage) {
|
||||
'$path is not a valid image.' => 'The file you uploaded was not an image!',
|
||||
'$path is not an allowed image file.' => 'This type of image is not supported, keep to PNG, JPG or GIF!',
|
||||
'Dimensions of $path are too large.' => sprintf("Your avatar can't be larger than %dx%d!", $avatarAsset->getMaxWidth(), $avatarAsset->getMaxHeight()),
|
||||
'File size of $path is too large.' => sprintf('Your avatar is not allowed to be larger in file size than %s!', ByteFormat::format($avatarAsset->getMaxBytes())),
|
||||
default => $exMessage,
|
||||
};
|
||||
} catch(RuntimeException $ex) {
|
||||
$notices[] = 'Unable to save your avatar, contact an administator!';
|
||||
}
|
||||
} elseif($avatarInfo->getSize() > 0) {
|
||||
$avatarTemp = tempnam(sys_get_temp_dir(), 'msz-legacy-avatar-');
|
||||
try {
|
||||
$avatarInfo->moveTo($avatarTemp);
|
||||
$avatarAsset->setFromPath($avatarTemp);
|
||||
} catch(InvalidArgumentException $ex) {
|
||||
$exMessage = $ex->getMessage();
|
||||
$notices[] = match($exMessage) {
|
||||
'$path is not a valid image.' => 'The file you uploaded was not an image!',
|
||||
'$path is not an allowed image file.' => 'This type of image is not supported, keep to PNG, JPG or GIF!',
|
||||
'Dimensions of $path are too large.' => sprintf("Your avatar can't be larger than %dx%d!", $avatarAsset->getMaxWidth(), $avatarAsset->getMaxHeight()),
|
||||
'File size of $path is too large.' => sprintf('Your avatar is not allowed to be larger in file size than %s!', ByteFormat::format($avatarAsset->getMaxBytes())),
|
||||
default => $exMessage,
|
||||
};
|
||||
} catch(RuntimeException $ex) {
|
||||
$notices[] = 'Unable to save your avatar, contact an administator!';
|
||||
} finally {
|
||||
if(is_file($avatarTemp))
|
||||
unlink($avatarTemp);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(filter_has_var(INPUT_POST, 'bg_attach')) {
|
||||
$bgFormat = ProfileBackgroundAttach::tryFrom((string)filter_input(INPUT_POST, 'bg_attach'));
|
||||
if(isset($_POST['bg_attach']) && is_scalar($_POST['bg_attach'])) {
|
||||
$bgFormat = ProfileBackgroundAttach::tryFrom((string)$_POST['bg_attach']);
|
||||
|
||||
if($bgFormat === null) {
|
||||
$backgroundAsset->delete();
|
||||
|
|
@ -259,47 +244,35 @@ if($isEditing) {
|
|||
} else {
|
||||
if(!$perms->edit_background) {
|
||||
$notices[] = "You aren't allow to change your background.";
|
||||
} elseif(!empty($_FILES['bg_file']) && is_array($_FILES['bg_file'])) {
|
||||
if(!empty($_FILES['bg_file']['name'])) {
|
||||
if($_FILES['bg_file']['error'] !== UPLOAD_ERR_OK) {
|
||||
switch($_FILES['bg_file']['error']) {
|
||||
case UPLOAD_ERR_NO_FILE:
|
||||
$notices[] = 'Select a file before hitting upload!';
|
||||
break;
|
||||
case UPLOAD_ERR_PARTIAL:
|
||||
$notices[] = 'The upload was interrupted, please try again!';
|
||||
break;
|
||||
case UPLOAD_ERR_INI_SIZE:
|
||||
case UPLOAD_ERR_FORM_SIZE:
|
||||
$notices[] = sprintf('Your background is not allowed to be larger in file size than %s!', ByteFormat::format(isset($backgroundProps) && is_array($backgroundProps) ? $backgroundProps['max_size'] : 0));
|
||||
break;
|
||||
default:
|
||||
$notices[] = 'Unable to save your background, contact an administator!';
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
try {
|
||||
$backgroundAsset->setFromPath($_FILES['bg_file']['tmp_name']);
|
||||
} catch(InvalidArgumentException $ex) {
|
||||
$exMessage = $ex->getMessage();
|
||||
$notices[] = match($exMessage) {
|
||||
'$path is not a valid image.' => 'The file you uploaded was not an image!',
|
||||
'$path is not an allowed image file.' => 'This type of image is not supported, keep to PNG, JPG or GIF!',
|
||||
'Dimensions of $path are too large.' => sprintf("Your background can't be larger than %dx%d!", $backgroundAsset->getMaxWidth(), $backgroundAsset->getMaxHeight()),
|
||||
'File size of $path is too large.' => sprintf('Your background is not allowed to be larger in file size than %s!', ByteFormat::format($backgroundAsset->getMaxBytes())),
|
||||
default => $exMessage,
|
||||
};
|
||||
} catch(RuntimeException $ex) {
|
||||
$notices[] = 'Unable to save your background, contact an administator!';
|
||||
}
|
||||
} elseif(isset($mszRequestContent) && $mszRequestContent instanceof MultipartFormContent) {
|
||||
$bgInfo = $mszRequestContent->getParamData('bg_file');
|
||||
if($bgInfo instanceof FileMultipartFormData && $bgInfo->getSize() > 0) {
|
||||
$bgTemp = tempnam(sys_get_temp_dir(), 'msz-legacy-profile-background-');
|
||||
try {
|
||||
$bgInfo->moveTo($bgTemp);
|
||||
$backgroundAsset->setFromPath($bgTemp);
|
||||
} catch(InvalidArgumentException $ex) {
|
||||
$exMessage = $ex->getMessage();
|
||||
$notices[] = match($exMessage) {
|
||||
'$path is not a valid image.' => 'The file you uploaded was not an image!',
|
||||
'$path is not an allowed image file.' => 'This type of image is not supported, keep to PNG, JPG or GIF!',
|
||||
'Dimensions of $path are too large.' => sprintf("Your background can't be larger than %dx%d!", $backgroundAsset->getMaxWidth(), $backgroundAsset->getMaxHeight()),
|
||||
'File size of $path is too large.' => sprintf('Your background is not allowed to be larger in file size than %s!', ByteFormat::format($backgroundAsset->getMaxBytes())),
|
||||
default => $exMessage,
|
||||
};
|
||||
} catch(RuntimeException $ex) {
|
||||
$notices[] = 'Unable to save your background, contact an administator!';
|
||||
} finally {
|
||||
if(is_file($bgTemp))
|
||||
unlink($bgTemp);
|
||||
}
|
||||
}
|
||||
|
||||
$backgroundInfo = $msz->profileCtx->backgrounds->updateProfileBackground(
|
||||
$userInfo,
|
||||
$bgFormat,
|
||||
filter_has_var(INPUT_POST, 'bg_blend'),
|
||||
filter_has_var(INPUT_POST, 'bg_slide')
|
||||
!empty($_POST['bg_blend']),
|
||||
!empty($_POST['bg_slide'])
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ $currentUser = $msz->authInfo->userInfo;
|
|||
$activeSessionId = $msz->authInfo->sessionId;
|
||||
|
||||
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
||||
$sessionId = (string)filter_input(INPUT_POST, 'session');
|
||||
$sessionId = !empty($_POST['session']) && is_scalar($_POST['session']) ? trim((string)$_POST['session']) : '';
|
||||
$activeSessionKilled = false;
|
||||
|
||||
if($sessionId === 'all') {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue