flashii/misuzu
flashii/misuzu
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated more stuff to use RequestVar.

Browse source
This commit is contained in:
flash 2019-03-18 20:53:05 +01:00
parent 68db9ce243
commit 7bf60765be
20 changed files with 175 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
misuzu.php
View file

@ -371,6 +371,12 @@ MIG;
// we're running this again because ob_clean breaks gzip otherwise // we're running this again because ob_clean breaks gzip otherwise
ob_start(); ob_start();
if (!mb_check_encoding()) {
http_response_code(415);
echo 'Invalid request encoding.';
exit;
}
if (!is_readable(MSZ_STORAGE) || !is_writable(MSZ_STORAGE)) { if (!is_readable(MSZ_STORAGE) || !is_writable(MSZ_STORAGE)) {
echo 'Cannot access storage directory.'; echo 'Cannot access storage directory.';
exit; exit;

3
public/auth.php
View file

@ -1,9 +1,10 @@
<?php <?php
// Delete this file in April 2019 // Delete this file in April 2019
use Misuzu\Request\RequestVar;
require_once '../misuzu.php'; require_once '../misuzu.php';
switch ($_GET['m'] ?? '') { switch (RequestVar::get()->select('m')->value()) {
case 'logout': case 'logout':
echo tpl_render('auth.logout'); echo tpl_render('auth.logout');
break; break;

10
public/changelog.php
View file

@ -1,10 +1,12 @@
<?php <?php
use Misuzu\Request\RequestVar;
require_once '../misuzu.php'; require_once '../misuzu.php';
$changelogChange = (int)($_GET['c'] ?? 0); $changelogChange = RequestVar::get()->select('c')->value('int', 0);
$changelogDate = $_GET['d'] ?? ''; $changelogDate = RequestVar::get()->select('d')->value('string', '');
$changelogUser = (int)($_GET['u'] ?? 0); $changelogUser = RequestVar::get()->select('u')->value('int', 0);
$changelogTags = $_GET['t'] ?? ''; $changelogTags = RequestVar::get()->select('t')->value('string', '');
tpl_var('comments_perms', $commentPerms = comments_get_perms(user_session_current('user_id', 0))); tpl_var('comments_perms', $commentPerms = comments_get_perms(user_session_current('user_id', 0)));

43
public/comments.php
View file

@ -1,4 +1,6 @@
<?php <?php
use Misuzu\Request\RequestVar;
require_once '../misuzu.php'; require_once '../misuzu.php';
// basing whether or not this is an xhr request on whether a referrer header is present // basing whether or not this is an xhr request on whether a referrer header is present
@ -37,7 +39,10 @@ if (user_warning_check_expiration($currentUserId, MSZ_WARN_SILENCE) > 0) {
header(csrf_http_header('comments')); header(csrf_http_header('comments'));
$commentPerms = comments_get_perms($currentUserId); $commentPerms = comments_get_perms($currentUserId);
switch ($_GET['m'] ?? null) { $commentId = RequestVar::get()->select('c')->value('int', 0);
$commentMode = RequestVar::get()->select('m')->value();
switch ($commentMode) {
case 'pin': case 'pin':
case 'unpin': case 'unpin':
if (!$commentPerms['can_pin']) { if (!$commentPerms['can_pin']) {
@ -45,8 +50,7 @@ switch ($_GET['m'] ?? null) {
break; break;
} }
$comment = (int)($_GET['c'] ?? 0); $commentInfo = comments_post_get($commentId, false);
$commentInfo = comments_post_get($comment, false);
if (!$commentInfo || $commentInfo['comment_deleted'] !== null) { if (!$commentInfo || $commentInfo['comment_deleted'] !== null) {
echo render_info_or_json($isXHR, "This comment doesn't exist!", 400); echo render_info_or_json($isXHR, "This comment doesn't exist!", 400);
@ -58,7 +62,7 @@ switch ($_GET['m'] ?? null) {
break; break;
} }
$isPinning = $_GET['m'] === 'pin'; $isPinning = $commentMode === 'pin';
if ($isPinning && !empty($commentInfo['comment_pinned'])) { if ($isPinning && !empty($commentInfo['comment_pinned'])) {
echo render_info_or_json($isXHR, 'This comment is already pinned.', 400); echo render_info_or_json($isXHR, 'This comment is already pinned.', 400);
@ -87,15 +91,14 @@ switch ($_GET['m'] ?? null) {
break; break;
} }
$vote = (int)($_GET['v'] ?? MSZ_COMMENTS_VOTE_INDIFFERENT); $vote = RequestVar::get()->select('v')->value('int', MSZ_COMMENTS_VOTE_INDIFFERENT);
if (!comments_vote_type_valid($vote)) { if (!comments_vote_type_valid($vote)) {
echo render_info_or_json($isXHR, 'Invalid vote action.', 400); echo render_info_or_json($isXHR, 'Invalid vote action.', 400);
break; break;
} }
$comment = (int)($_GET['c'] ?? 0); $commentInfo = comments_post_get($commentId, false);
$commentInfo = comments_post_get($comment, false);
if (!$commentInfo || $commentInfo['comment_deleted'] !== null) { if (!$commentInfo || $commentInfo['comment_deleted'] !== null) {
echo render_info_or_json($isXHR, "This comment doesn't exist!", 400); echo render_info_or_json($isXHR, "This comment doesn't exist!", 400);
@ -103,17 +106,17 @@ switch ($_GET['m'] ?? null) {
} }
$voteResult = comments_vote_add( $voteResult = comments_vote_add(
$comment, $commentInfo['comment_id'],
user_session_current('user_id', 0), user_session_current('user_id', 0),
$vote $vote
); );
if (!$isXHR) { if (!$isXHR) {
header('Location: ' . $redirect . '#comment-' . $comment); header('Location: ' . $redirect . '#comment-' . $commentInfo['comment_id']);
break; break;
} }
echo json_encode(comments_votes_get($comment)); echo json_encode(comments_votes_get($commentInfo['comment_id']));
break; break;
case 'delete': case 'delete':
@ -122,8 +125,7 @@ switch ($_GET['m'] ?? null) {
break; break;
} }
$comment = (int)($_GET['c'] ?? 0); $commentInfo = comments_post_get($commentId, false);
$commentInfo = comments_post_get($comment, false);
if (!$commentInfo) { if (!$commentInfo) {
echo render_info_or_json($isXHR, "This comment doesn't exist.", 400); echo render_info_or_json($isXHR, "This comment doesn't exist.", 400);
@ -147,19 +149,19 @@ switch ($_GET['m'] ?? null) {
break; break;
} }
if (!comments_post_delete($comment)) { if (!comments_post_delete($commentInfo['comment_id'])) {
echo render_info_or_json($isXHR, 'Failed to delete comment.', 500); echo render_info_or_json($isXHR, 'Failed to delete comment.', 500);
break; break;
} }
if ($isModAction) { if ($isModAction) {
audit_log(MSZ_AUDIT_COMMENT_ENTRY_DELETE_MOD, $currentUserId, [ audit_log(MSZ_AUDIT_COMMENT_ENTRY_DELETE_MOD, $currentUserId, [
$comment, $commentInfo['comment_id'],
(int)($commentInfo['user_id'] ?? 0), (int)($commentInfo['user_id'] ?? 0),
$commentInfo['username'] ?? '(Deleted User)', $commentInfo['username'] ?? '(Deleted User)',
]); ]);
} else { } else {
audit_log(MSZ_AUDIT_COMMENT_ENTRY_DELETE, $currentUserId, [$comment]); audit_log(MSZ_AUDIT_COMMENT_ENTRY_DELETE, $currentUserId, [$commentInfo['comment_id']]);
} }
if ($redirect) { if ($redirect) {
@ -168,7 +170,7 @@ switch ($_GET['m'] ?? null) {
} }
echo json_encode([ echo json_encode([
'id' => $comment, 'id' => $commentInfo['comment_id'],
]); ]);
break; break;
@ -178,8 +180,7 @@ switch ($_GET['m'] ?? null) {
break; break;
} }
$comment = (int)($_GET['c'] ?? 0); $commentInfo = comments_post_get($commentId, false);
$commentInfo = comments_post_get($comment, false);
if (!$commentInfo) { if (!$commentInfo) {
echo render_info_or_json($isXHR, "This comment doesn't exist.", 400); echo render_info_or_json($isXHR, "This comment doesn't exist.", 400);
@ -197,18 +198,18 @@ switch ($_GET['m'] ?? null) {
} }
audit_log(MSZ_AUDIT_COMMENT_ENTRY_RESTORE, $currentUserId, [ audit_log(MSZ_AUDIT_COMMENT_ENTRY_RESTORE, $currentUserId, [
$comment, $commentInfo['comment_id'],
(int)($commentInfo['user_id'] ?? 0), (int)($commentInfo['user_id'] ?? 0),
$commentInfo['username'] ?? '(Deleted User)', $commentInfo['username'] ?? '(Deleted User)',
]); ]);
if ($redirect) { if ($redirect) {
header('Location: ' . $redirect . '#comment-' . $comment); header('Location: ' . $redirect . '#comment-' . $commentInfo['comment_id']);
break; break;
} }
echo json_encode([ echo json_encode([
'id' => $comment, 'id' => $commentInfo['comment_id'],
]); ]);
break; break;

6
public/forum/index.php
View file

@ -1,9 +1,11 @@
<?php <?php
use Misuzu\Request\RequestVar;
require_once '../../misuzu.php'; require_once '../../misuzu.php';
switch ($_GET['m'] ?? '') { switch (RequestVar::get()->select('m')->string()) {
case 'mark': case 'mark':
$forumId = (int)($_GET['f'] ?? null); $forumId = RequestVar::get()->select('f')->int();
$markEntireForum = $forumId === 0; $markEntireForum = $forumId === 0;
if (user_session_active() && csrf_verify('forum_mark', $_GET['c'] ?? '')) { if (user_session_active() && csrf_verify('forum_mark', $_GET['c'] ?? '')) {

6
public/forum/post.php
View file

@ -1,8 +1,10 @@
<?php <?php
use Misuzu\Request\RequestVar;
require_once '../../misuzu.php'; require_once '../../misuzu.php';
$postId = (int)($_GET['p'] ?? 0); $postId = RequestVar::get()->select('p')->int();
$postMode = (string)($_GET['m'] ?? ''); $postMode = RequestVar::get()->select('m')->string();
// basing whether or not this is an xhr request on whether a referrer header is present // basing whether or not this is an xhr request on whether a referrer header is present
// this page is never directy accessed, under normal circumstances // this page is never directy accessed, under normal circumstances

18
public/forum/posting.php
View file

@ -1,4 +1,6 @@
<?php <?php
use Misuzu\Request\RequestVar;
require_once '../../misuzu.php'; require_once '../../misuzu.php';
if (!user_session_active()) { if (!user_session_active()) {
@ -16,15 +18,15 @@ $forumPostingModes = [
]; ];
if (!empty($_POST)) { if (!empty($_POST)) {
$mode = $_POST['post']['mode'] ?? 'create'; $mode = RequestVar::post()->post->mode->string('create');
$postId = max(0, (int)($_POST['post']['id'] ?? 0)); $postId = max(0, RequestVar::post()->post->id->int());
$topicId = max(0, (int)($_POST['post']['topic'] ?? 0)); $topicId = max(0, RequestVar::post()->post->topic->int());
$forumId = max(0, (int)($_POST['post']['forum'] ?? 0)); $forumId = max(0, RequestVar::post()->post->forum->int());
} else { } else {
$mode = $_GET['m'] ?? 'create'; $mode = RequestVar::get()->select('m')->string('create');
$postId = max(0, (int)($_GET['p'] ?? 0)); $postId = max(0, RequestVar::get()->select('p')->int());
$topicId = max(0, (int)($_GET['t'] ?? 0)); $topicId = max(0, RequestVar::get()->select('t')->int());
$forumId = max(0, (int)($_GET['f'] ?? 0)); $forumId = max(0, RequestVar::get()->select('f')->int());
} }
if (!in_array($mode, $forumPostingModes, true)) { if (!in_array($mode, $forumPostingModes, true)) {

10
public/forum/topic.php
View file

@ -1,8 +1,10 @@
<?php <?php
use Misuzu\Request\RequestVar;
require_once '../../misuzu.php'; require_once '../../misuzu.php';
$postId = (int)($_GET['p'] ?? 0); $postId = RequestVar::get()->select('p')->int();
$topicId = (int)($_GET['t'] ?? 0); $topicId = RequestVar::get()->select('t')->int();
$topicUserId = user_session_current('user_id', 0); $topicUserId = user_session_current('user_id', 0);
@ -53,7 +55,7 @@ $canDelete = !$topicIsDeleted && (
) )
); );
$moderationMode = (string)($_GET['m'] ?? ''); $moderationMode = RequestVar::get()->select('m')->string();
$validModerationModes = [ $validModerationModes = [
'delete', 'restore', 'nuke', 'delete', 'restore', 'nuke',
'bump', 'lock', 'unlock', 'bump', 'lock', 'unlock',
@ -91,7 +93,7 @@ if (in_array($moderationMode, $validModerationModes, true)) {
return; return;
} }
switch ($_GET['m'] ?? '') { switch ($moderationMode) {
case 'delete': case 'delete':
$canDeleteCode = forum_topic_can_delete($topic, $topicUserId); $canDeleteCode = forum_topic_can_delete($topic, $topicUserId);
$canDeleteMsg = ''; $canDeleteMsg = '';

10
public/manage/changelog.php
View file

@ -1,9 +1,11 @@
<?php <?php
use Misuzu\Request\RequestVar;
require_once '../../misuzu.php'; require_once '../../misuzu.php';
$changelogPerms = perms_get_user(MSZ_PERMS_CHANGELOG, user_session_current('user_id', 0)); $changelogPerms = perms_get_user(MSZ_PERMS_CHANGELOG, user_session_current('user_id', 0));
switch ($_GET['v'] ?? null) { switch (RequestVar::get()->select('v')->string()) {
default: default:
case 'changes': case 'changes':
if (!perms_check($changelogPerms, MSZ_PERM_CHANGELOG_MANAGE_CHANGES)) { if (!perms_check($changelogPerms, MSZ_PERM_CHANGELOG_MANAGE_CHANGES)) {
@ -74,7 +76,7 @@ switch ($_GET['v'] ?? null) {
break; break;
} }
$changeId = (int)($_GET['c'] ?? 0); $changeId = RequestVar::get()->select('c')->int();
if ($_SERVER['REQUEST_METHOD'] === 'POST' && csrf_verify('changelog_add', $_POST['csrf'] ?? '')) { if ($_SERVER['REQUEST_METHOD'] === 'POST' && csrf_verify('changelog_add', $_POST['csrf'] ?? '')) {
if (!empty($_POST['change']) && is_array($_POST['change'])) { if (!empty($_POST['change']) && is_array($_POST['change'])) {
@ -261,7 +263,7 @@ switch ($_GET['v'] ?? null) {
break; break;
} }
$tagId = (int)($_GET['t'] ?? 0); $tagId = RequestVar::get()->select('t')->int();
if ($_SERVER['REQUEST_METHOD'] === 'POST' && csrf_verify('changelog_tag', $_POST['csrf'] ?? '')) { if ($_SERVER['REQUEST_METHOD'] === 'POST' && csrf_verify('changelog_tag', $_POST['csrf'] ?? '')) {
if (!empty($_POST['tag']) && is_array($_POST['tag'])) { if (!empty($_POST['tag']) && is_array($_POST['tag'])) {
@ -326,7 +328,7 @@ switch ($_GET['v'] ?? null) {
break; break;
} }
$actionId = (int)($_GET['a'] ?? 0); $actionId = RequestVar::get()->select('a')->int();
if ($_SERVER['REQUEST_METHOD'] === 'POST' && csrf_verify('changelog_action', $_POST['csrf'] ?? '')) { if ($_SERVER['REQUEST_METHOD'] === 'POST' && csrf_verify('changelog_action', $_POST['csrf'] ?? '')) {
if (!empty($_POST['action']) && is_array($_POST['action'])) { if (!empty($_POST['action']) && is_array($_POST['action'])) {

6
public/manage/forum.php
View file

@ -1,7 +1,9 @@
<?php <?php
use Misuzu\Request\RequestVar;
require_once '../../misuzu.php'; require_once '../../misuzu.php';
switch ($_GET['v'] ?? null) { switch (RequestVar::get()->select('v')->string()) {
case 'listing': case 'listing':
$forums = db_query('SELECT * FROM `msz_forum_categories`'); $forums = db_query('SELECT * FROM `msz_forum_categories`');
$rawPerms = forum_perms_create(); $rawPerms = forum_perms_create();
@ -22,7 +24,7 @@ switch ($_GET['v'] ?? null) {
FROM `msz_forum_categories` FROM `msz_forum_categories`
WHERE `forum_id` = :forum_id WHERE `forum_id` = :forum_id
'); ');
$getForum->bindValue('forum_id', (int)($_GET['f'] ?? 0)); $getForum->bindValue('forum_id', RequestVar::get()->select('f')->int());
$forum = db_fetch($getForum); $forum = db_fetch($getForum);
if (!$forum) { if (!$forum) {

4
public/manage/index.php
View file

@ -1,9 +1,11 @@
<?php <?php
use Misuzu\Request\RequestVar;
require_once '../../misuzu.php'; require_once '../../misuzu.php';
$generalPerms = perms_get_user(MSZ_PERMS_GENERAL, user_session_current('user_id', 0)); $generalPerms = perms_get_user(MSZ_PERMS_GENERAL, user_session_current('user_id', 0));
switch ($_GET['v'] ?? null) { switch (RequestVar::get()->select('v')->string()) {
default: default:
case 'overview': case 'overview':
echo tpl_render('manage.general.overview'); echo tpl_render('manage.general.overview');

8
public/manage/news.php
View file

@ -1,9 +1,11 @@
<?php <?php
use Misuzu\Request\RequestVar;
require_once '../../misuzu.php'; require_once '../../misuzu.php';
$newsPerms = perms_get_user(MSZ_PERMS_NEWS, user_session_current('user_id', 0)); $newsPerms = perms_get_user(MSZ_PERMS_NEWS, user_session_current('user_id', 0));
switch ($_GET['v'] ?? null) { switch (RequestVar::get()->select('v')->string()) {
default: default:
case 'posts': case 'posts':
if (!perms_check($newsPerms, MSZ_PERM_NEWS_MANAGE_POSTS)) { if (!perms_check($newsPerms, MSZ_PERM_NEWS_MANAGE_POSTS)) {
@ -51,7 +53,7 @@ switch ($_GET['v'] ?? null) {
case 'category': case 'category':
$category = []; $category = [];
$categoryId = (int)($_GET['c'] ?? null); $categoryId = RequestVar::get()->select('c')->int();
if (!empty($_POST['category']) && csrf_verify('news_category', $_POST['csrf'] ?? '')) { if (!empty($_POST['category']) && csrf_verify('news_category', $_POST['csrf'] ?? '')) {
$originalCategoryId = (int)($_POST['category']['id'] ?? null); $originalCategoryId = (int)($_POST['category']['id'] ?? null);
@ -80,7 +82,7 @@ switch ($_GET['v'] ?? null) {
case 'post': case 'post':
$post = []; $post = [];
$postId = (int)($_GET['p'] ?? null); $postId = RequestVar::get()->select('p')->int();
$categories = news_categories_get(0, 0, false, false, true); $categories = news_categories_get(0, 0, false, false, true);
if (!empty($_POST['post']) && csrf_verify('news_post', $_POST['csrf'] ?? '')) { if (!empty($_POST['post']) && csrf_verify('news_post', $_POST['csrf'] ?? '')) {

14
public/manage/users.php
View file

@ -1,4 +1,6 @@
<?php <?php
use Misuzu\Request\RequestVar;
require_once '../../misuzu.php'; require_once '../../misuzu.php';
$currentUserId = user_session_current('user_id', 0); $currentUserId = user_session_current('user_id', 0);
@ -12,7 +14,7 @@ tpl_vars([
'can_manage_warns' => $canManageWarnings = perms_check($userPerms, MSZ_PERM_USER_MANAGE_WARNINGS), 'can_manage_warns' => $canManageWarnings = perms_check($userPerms, MSZ_PERM_USER_MANAGE_WARNINGS),
]); ]);
switch ($_GET['v'] ?? null) { switch (RequestVar::get()->select('v')->string()) {
default: default:
case 'listing': case 'listing':
if (!$canManageUsers && !$canManagePerms) { if (!$canManageUsers && !$canManagePerms) {
@ -63,7 +65,7 @@ switch ($_GET['v'] ?? null) {
break; break;
} }
$userId = (int)($_GET['u'] ?? 0); $userId = RequestVar::get()->select('u')->int();
if ($userId < 1) { if ($userId < 1) {
echo render_error(404); echo render_error(404);
@ -302,7 +304,7 @@ switch ($_GET['v'] ?? null) {
break; break;
} }
$roleId = $_GET['r'] ?? null; $roleId = RequestVar::get()->select('r')->int();
if ($canManagePerms) { if ($canManagePerms) {
tpl_var('permissions', $permissions = manage_perms_list(perms_get_role_raw($roleId ?? 0))); tpl_var('permissions', $permissions = manage_perms_list(perms_get_role_raw($roleId ?? 0)));
@ -587,13 +589,15 @@ switch ($_GET['v'] ?? null) {
user_warning_remove($warningId); user_warning_remove($warningId);
break; break;
} }
header('Location: ' . ($_SERVER['HTTP_REFERER'] ?? '?m=warnings' . (empty($_GET['u']) ? '' : '&u=' . (int)($_GET['u'])))); header('Location: ' . ($_SERVER['HTTP_REFERER'] ?? url('manage-user-warnings', [
'user' => RequestVar::get()->select('u')->int(),
])));
return; return;
} }
} }
if (empty($warningsUser)) { if (empty($warningsUser)) {
$warningsUser = max(0, (int)($_GET['u'] ?? 0)); $warningsUser = max(0, RequestVar::get()->select('u')->int());
} }
$warningsPagination = pagination_create(user_warning_global_count($warningsUser), 50); $warningsPagination = pagination_create(user_warning_global_count($warningsUser), 50);

8
public/members.php
View file

@ -1,9 +1,11 @@
<?php <?php
use Misuzu\Request\RequestVar;
require_once '../misuzu.php'; require_once '../misuzu.php';
$roleId = (int)($_GET['r'] ?? MSZ_ROLE_MAIN); $roleId = RequestVar::get()->select('r')->value('int', MSZ_ROLE_MAIN);
$orderBy = mb_strtolower($_GET['ss'] ?? ''); $orderBy = RequestVar::get()->select('ss')->value();
$orderDir = mb_strtolower($_GET['sd'] ?? ''); $orderDir = RequestVar::get()->select('sd')->value();
$orderDirs = [ $orderDirs = [
'asc' => 'Ascending', 'asc' => 'Ascending',

18
public/news.php
View file

@ -1,10 +1,20 @@
<?php <?php
use Misuzu\Request\RequestVar;
require_once '../misuzu.php'; require_once '../misuzu.php';
$categoryId = isset($_GET['c']) ? (int)$_GET['c'] : null; if (RequestVar::get()->isset('n')) {
$postId = isset($_GET['p']) ? (int)$_GET['p'] : (isset($_GET['n']) ? (int)$_GET['n'] : null); header(sprintf('Location: %s', url('news-post', [
'post' => RequestVar::get()->select('n')->value('int'),
])));
http_response_code(301);
return;
}
if ($postId !== null) { $categoryId = RequestVar::get()->select('c')->value('int');
$postId = RequestVar::get()->select('p')->value('int');
if ($postId > 0) {
$post = news_post_get($postId); $post = news_post_get($postId);
if (!$post) { if (!$post) {
@ -35,7 +45,7 @@ if ($postId !== null) {
return; return;
} }
if ($categoryId !== null) { if ($categoryId > 0) {
$category = news_category_get($categoryId, true); $category = news_category_get($categoryId, true);
if (empty($category)) { if (empty($category)) {

8
public/profile.php
View file

@ -1,7 +1,9 @@
<?php <?php
use Misuzu\Request\RequestVar;
require_once '../misuzu.php'; require_once '../misuzu.php';
$userId = user_find_for_profile($_GET['u'] ?? 0); $userId = user_find_for_profile(RequestVar::get()->select('u')->value());
if ($userId < 1) { if ($userId < 1) {
http_response_code(404); http_response_code(404);
@ -9,8 +11,8 @@ if ($userId < 1) {
return; return;
} }
$mode = (string)($_GET['m'] ?? null); $mode = RequestVar::get()->select('m')->string();
$isEditing = !empty($_GET['edit']) || !empty($_POST); $isEditing = RequestVar::get()->edit->bool() || !empty($_POST);
$notices = []; $notices = [];
$currentUserId = user_session_current('user_id', 0); $currentUserId = user_session_current('user_id', 0);

6
public/relations.php
View file

@ -1,4 +1,6 @@
<?php <?php
use Misuzu\Request\RequestVar;
require_once '../misuzu.php'; require_once '../misuzu.php';
// basing whether or not this is an xhr request on whether a referrer header is present // basing whether or not this is an xhr request on whether a referrer header is present
@ -32,8 +34,8 @@ if (user_warning_check_expiration($userId, MSZ_WARN_BAN) > 0) {
return; return;
} }
$subjectId = (int)($_GET['u'] ?? 0); $subjectId = RequestVar::get()->select('u')->int();
$relationType = (int)($_GET['m'] ?? -1); $relationType = RequestVar::get()->select('m')->int(-1);
if (!user_relation_is_valid_type($relationType)) { if (!user_relation_is_valid_type($relationType)) {
echo render_info_or_json($isXHR, 'Invalid relation type.', 400); echo render_info_or_json($isXHR, 'Invalid relation type.', 400);

5
public/user-assets.php
View file

@ -1,10 +1,13 @@
<?php <?php
use Misuzu\Request\RequestVar;
// We need this before Misuzu is loaded, so no RequestVar here
$userAssetsMode = (string)($_GET['m'] ?? null); $userAssetsMode = (string)($_GET['m'] ?? null);
$misuzuBypassLockdown = $userAssetsMode === 'avatar'; $misuzuBypassLockdown = $userAssetsMode === 'avatar';
require_once '../misuzu.php'; require_once '../misuzu.php';
$userId = (int)($_GET['u'] ?? 0); $userId = RequestVar::get()->select('u')->int();
$userExists = user_exists($userId); $userExists = user_exists($userId);
$canViewImages = !$userExists $canViewImages = !$userExists

71
src/Request/RequestVar.php
View file

@ -1,5 +1,5 @@
<?php <?php
namespace Misuzu\Request; namespace Misuzu\Request;
class RequestVar class RequestVar
{ {
@ -15,17 +15,24 @@ class RequestVar
public static function get(): RequestVar public static function get(): RequestVar
{ {
return new static($_GET ?? []); static $instance = null;
if (is_null($instance)) {
$instance = new static($_GET ?? []);
}
return $instance;
} }
public static function post(): RequestVar public static function post(): RequestVar
{ {
return new static($_POST ?? []); static $instance = null;
}
public static function request(): RequestVar if (is_null($instance)) {
{ $instance = new static($_POST ?? []);
return new static($_REQUEST); }
return $instance;
} }
public function __get(string $name) public function __get(string $name)
@ -57,44 +64,76 @@ class RequestVar
return empty($this->value); return empty($this->value);
} }
public function raw()
{
return $this->value;
}
public function select(string $name): RequestVar public function select(string $name): RequestVar
{ {
switch ($this->type) { switch ($this->type) {
case 'array': case 'array':
return new static($this->value[$name] ?? []); return new static($this->value[$name] ?? null);
case 'object': case 'object':
return new static($this->value->{$name} ?? new \stdClass); return new static($this->value->{$name} ?? null);
default: default:
return new static(null); return new static(null);
} }
} }
public function string(?string $default = null): ?string
{
return mb_scrub(preg_replace('/[\x00-\x09\x0B-\x0C\x0D-\x1F\x7F]/u', '', (string)$this->value));
}
public function int(?int $default = null): ?int
{
return (int)$this->value == $this->value ? (int)$this->value : $default;
}
public function bool(?bool $default = null): bool
{
return (bool)$this->value == $this->value ? (bool)$this->value : $default;
}
public function float(?float $default = null): float
{
return (float)$this->value == $this->value ? (float)$this->value : $default;
}
// avoid using when possible
public function value(string $type = 'string', $default = null) public function value(string $type = 'string', $default = null)
{ {
if (!is_null($this->valueCasted)) { if (!is_null($this->valueCasted)) {
$this->valueCasted; return $this->valueCasted;
} }
if ($this->type === 'NULL' || (($type === 'object' || $type === 'array') && $this->type !== $type)) { if ($this->type === 'NULL' || (($type === 'object' || $type === 'array') && $this->type !== $type)) {
return $default; return $this->valueCasted = $default;
} }
if ($type !== 'string' && $this->type === 'string') { if ($type === 'string') {
// Remove undesired control characters, can be circumvented by using ->raw()
$value = $this->string($default);
} elseif ($type !== 'string' && $this->type === 'string') {
switch ($type) { switch ($type) {
case 'boolean': case 'boolean':
case 'bool': case 'bool':
return (bool)$this->value; $value = $this->bool($default);
break;
case 'integer': case 'integer':
case 'int': case 'int':
return (int)$this->value; $value = $this->int($default);
break;
case 'double': case 'double':
case 'float': case 'float':
return (float)$this->value; $value = $this->float($default);
break;
} }
} elseif ($type !== $this->type) { } elseif ($type !== $this->type) {
return $default; $value = $default;
} }
return $this->valueCasted = $this->value; return $this->valueCasted = $this->value;

1
src/url.php
View file

@ -96,6 +96,7 @@ define('MSZ_URLS', [
'manage-user-index' => ['/manage/users.php', ['v' => 'listing']], 'manage-user-index' => ['/manage/users.php', ['v' => 'listing']],
'manage-user-edit' => ['/manage/users.php', ['v' => 'view', 'u' => '<user>']], 'manage-user-edit' => ['/manage/users.php', ['v' => 'view', 'u' => '<user>']],
'manage-user-warnings' => ['/manage/users.php', ['v' => 'warnings', 'u' => '<user>']],
'manage-role-index' => ['/manage/users.php', ['v' => 'roles']], 'manage-role-index' => ['/manage/users.php', ['v' => 'roles']],
'manage-role-create' => ['/manage/users.php', ['v' => 'role']], 'manage-role-create' => ['/manage/users.php', ['v' => 'role']],