diff options
| author | MaurĂcio Meneghini Fauth <mauricio@fauth.dev> | 2021-09-02 23:03:14 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-02 23:03:14 +0300 |
| commit | 2bb06d73a536e59fed1c3a944c0908c315b87012 (patch) | |
| tree | d0d34d003e56b7da7195f308c5abc7121335ec4f | |
| parent | da523626c5556719a025749cf2d37c681f7ee497 (diff) | |
| parent | 8f2f3eff405c1d724ad502ed3bdcb0a5cef72671 (diff) | |
Merge pull request #17096 from mauriciofauth/core-is-valid
Remove the `Core::isValid` method
32 files changed, 240 insertions, 831 deletions
diff --git a/libraries/classes/Common.php b/libraries/classes/Common.php index 2f90355d3c..078c4af9a5 100644 --- a/libraries/classes/Common.php +++ b/libraries/classes/Common.php @@ -24,6 +24,7 @@ use function htmlspecialchars; use function implode; use function ini_get; use function ini_set; +use function is_scalar; use function mb_internal_encoding; use function mb_strlen; use function mb_strpos; @@ -461,9 +462,9 @@ final class Common return; } - if (Core::isValid($_POST['token'])) { + if (isset($_POST['token']) && is_scalar($_POST['token']) && strlen((string) $_POST['token']) > 0) { $token_provided = true; - $token_mismatch = ! @hash_equals($_SESSION[' PMA_token '], $_POST['token']); + $token_mismatch = ! @hash_equals($_SESSION[' PMA_token '], (string) $_POST['token']); } if (! $token_mismatch) { @@ -493,11 +494,18 @@ final class Common { global $db, $table, $urlParams; - $databaseFromRequest = $_POST['db'] ?? $_GET['db'] ?? $_REQUEST['db'] ?? null; - $tableFromRequest = $_POST['table'] ?? $_GET['table'] ?? $_REQUEST['table'] ?? null; + $databaseFromRequest = $_POST['db'] ?? $_GET['db'] ?? $_REQUEST['db'] ?? ''; + $tableFromRequest = $_POST['table'] ?? $_GET['table'] ?? $_REQUEST['table'] ?? ''; - $db = Core::isValid($databaseFromRequest) ? $databaseFromRequest : ''; - $table = Core::isValid($tableFromRequest) ? $tableFromRequest : ''; + $db = ''; + if (is_scalar($databaseFromRequest) && strlen((string) $databaseFromRequest) > 0) { + $db = (string) $databaseFromRequest; + } + + $table = ''; + if (is_scalar($tableFromRequest) && strlen((string) $tableFromRequest) > 0) { + $table = (string) $tableFromRequest; + } $urlParams['db'] = $db; $urlParams['table'] = $table; diff --git a/libraries/classes/Controllers/Database/CentralColumnsController.php b/libraries/classes/Controllers/Database/CentralColumnsController.php index 2dec572c13..e3074ffdef 100644 --- a/libraries/classes/Controllers/Database/CentralColumnsController.php +++ b/libraries/classes/Controllers/Database/CentralColumnsController.php @@ -7,7 +7,6 @@ declare(strict_types=1); namespace PhpMyAdmin\Controllers\Database; -use PhpMyAdmin\Core; use PhpMyAdmin\Database\CentralColumns; use PhpMyAdmin\Message; use PhpMyAdmin\ResponseRenderer; @@ -15,6 +14,7 @@ use PhpMyAdmin\Template; use function __; use function is_bool; +use function is_numeric; use function parse_str; use function sprintf; @@ -132,7 +132,7 @@ class CentralColumnsController extends AbstractController ]); $pos = 0; - if (Core::isValid($_POST['pos'], 'integer')) { + if (isset($_POST['pos']) && is_numeric($_POST['pos'])) { $pos = (int) $_POST['pos']; } @@ -158,17 +158,14 @@ class CentralColumnsController extends AbstractController { global $text_dir; - if ( - ! empty($params['total_rows']) - && Core::isValid($params['total_rows'], 'integer') - ) { + if (! empty($params['total_rows']) && is_numeric($params['total_rows'])) { $totalRows = (int) $params['total_rows']; } else { $totalRows = $this->centralColumns->getCount($this->db); } $pos = 0; - if (Core::isValid($params['pos'], 'integer')) { + if (isset($params['pos']) && is_numeric($params['pos'])) { $pos = (int) $params['pos']; } diff --git a/libraries/classes/Controllers/Database/ImportController.php b/libraries/classes/Controllers/Database/ImportController.php index 8bedcebcd5..90b976b36e 100644 --- a/libraries/classes/Controllers/Database/ImportController.php +++ b/libraries/classes/Controllers/Database/ImportController.php @@ -7,7 +7,6 @@ namespace PhpMyAdmin\Controllers\Database; use PhpMyAdmin\Charsets; use PhpMyAdmin\Charsets\Charset; use PhpMyAdmin\Config\PageSettings; -use PhpMyAdmin\Core; use PhpMyAdmin\DatabaseInterface; use PhpMyAdmin\Encoding; use PhpMyAdmin\Import; @@ -22,6 +21,7 @@ use PhpMyAdmin\Utils\ForeignKey; use function __; use function intval; +use function is_numeric; final class ImportController extends AbstractController { @@ -82,7 +82,7 @@ final class ImportController extends AbstractController } $offset = null; - if (Core::isValid($_REQUEST['offset'], 'numeric')) { + if (isset($_REQUEST['offset']) && is_numeric($_REQUEST['offset'])) { $offset = intval($_REQUEST['offset']); } diff --git a/libraries/classes/Controllers/Database/RoutinesController.php b/libraries/classes/Controllers/Database/RoutinesController.php index 2c8a0e1138..63c73a4a17 100644 --- a/libraries/classes/Controllers/Database/RoutinesController.php +++ b/libraries/classes/Controllers/Database/RoutinesController.php @@ -5,7 +5,6 @@ declare(strict_types=1); namespace PhpMyAdmin\Controllers\Database; use PhpMyAdmin\CheckUserPrivileges; -use PhpMyAdmin\Core; use PhpMyAdmin\Database\Routines; use PhpMyAdmin\DatabaseInterface; use PhpMyAdmin\DbTableExists; @@ -102,7 +101,7 @@ class RoutinesController extends AbstractController $routines->handleExecute(); $routines->export(); - if (! Core::isValid($type, ['FUNCTION', 'PROCEDURE'])) { + if (! isset($type) || ! in_array($type, ['FUNCTION', 'PROCEDURE'])) { $type = null; } diff --git a/libraries/classes/Controllers/NormalizationController.php b/libraries/classes/Controllers/NormalizationController.php index 911319351b..8a7187f8bd 100644 --- a/libraries/classes/Controllers/NormalizationController.php +++ b/libraries/classes/Controllers/NormalizationController.php @@ -12,6 +12,7 @@ use PhpMyAdmin\Url; use function __; use function _pgettext; +use function in_array; use function intval; use function json_decode; use function json_encode; @@ -108,7 +109,7 @@ class NormalizationController extends AbstractController $this->addScriptFiles(['normalization.js', 'vendor/jquery/jquery.uitablefilter.js']); $normalForm = '1nf'; - if (Core::isValid($_POST['normalizeTo'], ['1nf', '2nf', '3nf'])) { + if (isset($_POST['normalizeTo']) && in_array($_POST['normalizeTo'], ['1nf', '2nf', '3nf'])) { $normalForm = $_POST['normalizeTo']; } diff --git a/libraries/classes/Controllers/Server/ImportController.php b/libraries/classes/Controllers/Server/ImportController.php index fa26449f06..aeb1146fa9 100644 --- a/libraries/classes/Controllers/Server/ImportController.php +++ b/libraries/classes/Controllers/Server/ImportController.php @@ -8,7 +8,6 @@ use PhpMyAdmin\Charsets; use PhpMyAdmin\Charsets\Charset; use PhpMyAdmin\Config\PageSettings; use PhpMyAdmin\Controllers\AbstractController; -use PhpMyAdmin\Core; use PhpMyAdmin\DatabaseInterface; use PhpMyAdmin\Encoding; use PhpMyAdmin\Import; @@ -23,6 +22,7 @@ use PhpMyAdmin\Utils\ForeignKey; use function __; use function intval; +use function is_numeric; final class ImportController extends AbstractController { @@ -67,7 +67,7 @@ final class ImportController extends AbstractController } $offset = null; - if (Core::isValid($_REQUEST['offset'], 'numeric')) { + if (isset($_REQUEST['offset']) && is_numeric($_REQUEST['offset'])) { $offset = intval($_REQUEST['offset']); } diff --git a/libraries/classes/Controllers/Setup/ConfigController.php b/libraries/classes/Controllers/Setup/ConfigController.php index 2e6db1627f..e732880aa0 100644 --- a/libraries/classes/Controllers/Setup/ConfigController.php +++ b/libraries/classes/Controllers/Setup/ConfigController.php @@ -4,9 +4,10 @@ declare(strict_types=1); namespace PhpMyAdmin\Controllers\Setup; -use PhpMyAdmin\Core; use PhpMyAdmin\Setup\ConfigGenerator; +use function is_scalar; + class ConfigController extends AbstractController { /** @@ -28,7 +29,7 @@ class ConfigController extends AbstractController return $this->template->render('setup/config/index', [ 'formset' => $params['formset'] ?? '', 'pages' => $pages, - 'eol' => Core::ifSetOr($params['eol'], 'unix'), + 'eol' => isset($params['eol']) && is_scalar($params['eol']) ? $params['eol'] : 'unix', 'config' => $config, 'has_check_page_refresh' => $hasCheckPageRefresh, ]); diff --git a/libraries/classes/Controllers/Setup/FormController.php b/libraries/classes/Controllers/Setup/FormController.php index d68a1eabe2..a2ba78ff43 100644 --- a/libraries/classes/Controllers/Setup/FormController.php +++ b/libraries/classes/Controllers/Setup/FormController.php @@ -10,6 +10,7 @@ use PhpMyAdmin\Core; use PhpMyAdmin\Setup\FormProcessing; use function __; +use function is_scalar; use function ob_get_clean; use function ob_start; @@ -24,7 +25,7 @@ class FormController extends AbstractController { $pages = $this->getPages(); - $formset = Core::isValid($params['formset'], 'scalar') ? $params['formset'] : null; + $formset = isset($params['formset']) && is_scalar($params['formset']) ? (string) $params['formset'] : ''; $formClass = SetupFormList::get($formset); if ($formClass === null) { diff --git a/libraries/classes/Controllers/Setup/HomeController.php b/libraries/classes/Controllers/Setup/HomeController.php index 5a96ccdeff..3bb43d6bce 100644 --- a/libraries/classes/Controllers/Setup/HomeController.php +++ b/libraries/classes/Controllers/Setup/HomeController.php @@ -5,12 +5,12 @@ declare(strict_types=1); namespace PhpMyAdmin\Controllers\Setup; use PhpMyAdmin\Config\ServerConfigChecks; -use PhpMyAdmin\Core; use PhpMyAdmin\LanguageManager; use PhpMyAdmin\Sanitize; use PhpMyAdmin\Setup\Index; use function __; +use function is_scalar; use function preg_replace; use function uniqid; @@ -26,7 +26,9 @@ class HomeController extends AbstractController $pages = $this->getPages(); // Handle done action info - $actionDone = Core::isValid($params['action_done'], 'scalar') ? $params['action_done'] : ''; + $actionDone = isset($params['action_done']) && is_scalar($params['action_done']) + ? (string) $params['action_done'] + : ''; $actionDone = preg_replace('/[^a-z_]/', '', $actionDone); // message handling @@ -140,7 +142,9 @@ class HomeController extends AbstractController 'servers' => $servers, 'pages' => $pages, 'has_check_page_refresh' => $hasCheckPageRefresh, - 'eol' => Core::ifSetOr($_SESSION['eol'], ($GLOBALS['config']->get('PMA_IS_WINDOWS') ? 'win' : 'unix')), + 'eol' => isset($_SESSION['eol']) && is_scalar($_SESSION['eol']) + ? $_SESSION['eol'] + : ($GLOBALS['config']->get('PMA_IS_WINDOWS') ? 'win' : 'unix'), ]); } } diff --git a/libraries/classes/Controllers/Setup/ServersController.php b/libraries/classes/Controllers/Setup/ServersController.php index 569f1c953b..c100364a11 100644 --- a/libraries/classes/Controllers/Setup/ServersController.php +++ b/libraries/classes/Controllers/Setup/ServersController.php @@ -5,9 +5,9 @@ declare(strict_types=1); namespace PhpMyAdmin\Controllers\Setup; use PhpMyAdmin\Config\Forms\Setup\ServersForm; -use PhpMyAdmin\Core; use PhpMyAdmin\Setup\FormProcessing; +use function is_numeric; use function ob_get_clean; use function ob_start; @@ -22,7 +22,7 @@ class ServersController extends AbstractController { $pages = $this->getPages(); - $id = Core::isValid($params['id'], 'numeric') ? (int) $params['id'] : null; + $id = isset($params['id']) && is_numeric($params['id']) ? (int) $params['id'] : null; $hasServer = ! empty($id) && $this->config->get('Servers/' . $id) !== null; if (! $hasServer && ($params['mode'] !== 'revert' && $params['mode'] !== 'edit')) { @@ -49,7 +49,7 @@ class ServersController extends AbstractController */ public function destroy(array $params): void { - $id = Core::isValid($params['id'], 'numeric') ? (int) $params['id'] : null; + $id = isset($params['id']) && is_numeric($params['id']) ? (int) $params['id'] : null; $hasServer = ! empty($id) && $this->config->get('Servers/' . $id) !== null; diff --git a/libraries/classes/Controllers/Table/GisVisualizationController.php b/libraries/classes/Controllers/Table/GisVisualizationController.php index 529c2da069..e0595ca795 100644 --- a/libraries/classes/Controllers/Table/GisVisualizationController.php +++ b/libraries/classes/Controllers/Table/GisVisualizationController.php @@ -16,6 +16,7 @@ use PhpMyAdmin\Util; use function __; use function array_merge; +use function is_array; /** * Handles creation of the GIS visualizations. @@ -92,9 +93,9 @@ final class GisVisualizationController extends AbstractController // Get settings if any posted $visualizationSettings = []; // Download as PNG/SVG/PDF use _GET and the normal form uses _POST - if (Core::isValid($_POST['visualizationSettings'], 'array')) { + if (isset($_POST['visualizationSettings']) && is_array($_POST['visualizationSettings'])) { $visualizationSettings = $_POST['visualizationSettings']; - } elseif (Core::isValid($_GET['visualizationSettings'], 'array')) { + } elseif (isset($_GET['visualizationSettings']) && is_array($_GET['visualizationSettings'])) { $visualizationSettings = $_GET['visualizationSettings']; } diff --git a/libraries/classes/Controllers/Table/ImportController.php b/libraries/classes/Controllers/Table/ImportController.php index f05a21e1af..ffa98db165 100644 --- a/libraries/classes/Controllers/Table/ImportController.php +++ b/libraries/classes/Controllers/Table/ImportController.php @@ -7,7 +7,6 @@ namespace PhpMyAdmin\Controllers\Table; use PhpMyAdmin\Charsets; use PhpMyAdmin\Charsets\Charset; use PhpMyAdmin\Config\PageSettings; -use PhpMyAdmin\Core; use PhpMyAdmin\DatabaseInterface; use PhpMyAdmin\DbTableExists; use PhpMyAdmin\Encoding; @@ -23,6 +22,7 @@ use PhpMyAdmin\Utils\ForeignKey; use function __; use function intval; +use function is_numeric; final class ImportController extends AbstractController { @@ -75,7 +75,7 @@ final class ImportController extends AbstractController } $offset = null; - if (Core::isValid($_REQUEST['offset'], 'numeric')) { + if (isset($_REQUEST['offset']) && is_numeric($_REQUEST['offset'])) { $offset = intval($_REQUEST['offset']); } diff --git a/libraries/classes/Controllers/ViewCreateController.php b/libraries/classes/Controllers/ViewCreateController.php index e7c814c4b3..a6b365b6fc 100644 --- a/libraries/classes/Controllers/ViewCreateController.php +++ b/libraries/classes/Controllers/ViewCreateController.php @@ -5,7 +5,6 @@ declare(strict_types=1); namespace PhpMyAdmin\Controllers; use PhpMyAdmin\Controllers\Table\StructureController; -use PhpMyAdmin\Core; use PhpMyAdmin\DatabaseInterface; use PhpMyAdmin\Html\Generator; use PhpMyAdmin\Message; @@ -22,6 +21,7 @@ use function array_merge; use function explode; use function htmlspecialchars; use function in_array; +use function is_array; use function is_string; use function sprintf; use function str_contains; @@ -109,7 +109,7 @@ class ViewCreateController extends AbstractController $sql_query = 'ALTER'; } - if (Core::isValid($_POST['view']['algorithm'], $view_algorithm_options)) { + if (isset($_POST['view']['algorithm']) && in_array($_POST['view']['algorithm'], $view_algorithm_options)) { $sql_query .= $sep . ' ALGORITHM = ' . $_POST['view']['algorithm']; } @@ -273,7 +273,7 @@ class ViewCreateController extends AbstractController } } - if (Core::isValid($_POST['view'], 'array')) { + if (isset($_POST['view']) && is_array($_POST['view'])) { $view = array_merge($view, $_POST['view']); } diff --git a/libraries/classes/Core.php b/libraries/classes/Core.php index cd6979cae3..4f729c6cf8 100644 --- a/libraries/classes/Core.php +++ b/libraries/classes/Core.php @@ -19,7 +19,6 @@ use function explode; use function filter_var; use function function_exists; use function getenv; -use function gettype; use function gmdate; use function hash_equals; use function hash_hmac; @@ -29,8 +28,6 @@ use function http_build_query; use function in_array; use function intval; use function is_array; -use function is_numeric; -use function is_scalar; use function is_string; use function json_encode; use function mb_strlen; @@ -65,165 +62,6 @@ use const FILTER_VALIDATE_IP; class Core { /** - * checks given $var and returns it if valid, or $default of not valid - * given $var is also checked for type being 'similar' as $default - * or against any other type if $type is provided - * - * <code> - * // $_REQUEST['db'] not set - * echo Core::ifSetOr($_REQUEST['db'], ''); // '' - * // $_POST['sql_query'] not set - * echo Core::ifSetOr($_POST['sql_query']); // null - * // $cfg['EnableFoo'] not set - * echo Core::ifSetOr($cfg['EnableFoo'], false, 'boolean'); // false - * echo Core::ifSetOr($cfg['EnableFoo']); // null - * // $cfg['EnableFoo'] set to 1 - * echo Core::ifSetOr($cfg['EnableFoo'], false, 'boolean'); // false - * echo Core::ifSetOr($cfg['EnableFoo'], false, 'similar'); // 1 - * echo Core::ifSetOr($cfg['EnableFoo'], false); // 1 - * // $cfg['EnableFoo'] set to true - * echo Core::ifSetOr($cfg['EnableFoo'], false, 'boolean'); // true - * </code> - * - * @see self::isValid() - * - * @param mixed $var param to check - * @param mixed $default default value - * @param mixed $type var type or array of values to check against $var - * - * @return mixed $var or $default - */ - public static function ifSetOr(&$var, $default = null, $type = 'similar') - { - if (! self::isValid($var, $type, $default)) { - return $default; - } - - return $var; - } - - /** - * checks given $var against $type or $compare - * - * $type can be: - * - false : no type checking - * - 'scalar' : whether type of $var is integer, float, string or boolean - * - 'numeric' : whether type of $var is any number representation - * - 'length' : whether type of $var is scalar with a string length > 0 - * - 'similar' : whether type of $var is similar to type of $compare - * - 'equal' : whether type of $var is identical to type of $compare - * - 'identical' : whether $var is identical to $compare, not only the type! - * - or any other valid PHP variable type - * - * <code> - * // $_REQUEST['doit'] = true; - * Core::isValid($_REQUEST['doit'], 'identical', 'true'); // false - * // $_REQUEST['doit'] = 'true'; - * Core::isValid($_REQUEST['doit'], 'identical', 'true'); // true - * </code> - * - * NOTE: call-by-reference is used to not get NOTICE on undefined vars, - * but the var is not altered inside this function, also after checking a var - * this var exists nut is not set, example: - * <code> - * // $var is not set - * isset($var); // false - * functionCallByReference($var); // false - * isset($var); // true - * functionCallByReference($var); // true - * </code> - * - * to avoid this we set this var to null if not isset - * - * @see https://www.php.net/gettype - * - * @param mixed $var variable to check - * @param mixed $type var type or array of valid values to check against $var - * @param mixed $compare var to compare with $var - * - * @return bool whether valid or not - * - * @todo add some more var types like hex, bin, ...? - */ - public static function isValid(&$var, $type = 'length', $compare = null): bool - { - if (! isset($var)) { - // var is not even set - return false; - } - - if ($type === false) { - // no vartype requested - return true; - } - - if (is_array($type)) { - return in_array($var, $type); - } - - // allow some aliases of var types - $type = strtolower($type); - switch ($type) { - case 'identic': - $type = 'identical'; - break; - case 'len': - $type = 'length'; - break; - case 'bool': - $type = 'boolean'; - break; - case 'float': - $type = 'double'; - break; - case 'int': - $type = 'integer'; - break; - case 'null': - $type = 'NULL'; - break; - } - - if ($type === 'identical') { - return $var === $compare; - } - - // whether we should check against given $compare - if ($type === 'similar') { - switch (gettype($compare)) { - case 'string': - case 'boolean': - $type = 'scalar'; - break; - case 'integer': - case 'double': - $type = 'numeric'; - break; - default: - $type = gettype($compare); - } - } elseif ($type === 'equal') { - $type = gettype($compare); - } - - // do the check - if ($type === 'length' || $type === 'scalar') { - $is_scalar = is_scalar($var); - if ($is_scalar && $type === 'length') { - return strlen((string) $var) > 0; - } - - return $is_scalar; - } - - if ($type === 'numeric') { - return is_numeric($var); - } - - return gettype($var) === $type; - } - - /** * Removes insecure parts in a path; used before include() or * require() when a part of the path comes from an insecure source * like a cookie or form. diff --git a/libraries/classes/Database/Qbe.php b/libraries/classes/Database/Qbe.php index 79bab23708..920bac39c7 100644 --- a/libraries/classes/Database/Qbe.php +++ b/libraries/classes/Database/Qbe.php @@ -7,7 +7,6 @@ declare(strict_types=1); namespace PhpMyAdmin\Database; -use PhpMyAdmin\Core; use PhpMyAdmin\DatabaseInterface; use PhpMyAdmin\Html\Generator; use PhpMyAdmin\Message; @@ -28,6 +27,8 @@ use function explode; use function htmlspecialchars; use function implode; use function in_array; +use function is_array; +use function is_numeric; use function key; use function max; use function mb_strlen; @@ -83,14 +84,14 @@ class Qbe * Whether to insert a new column * * @access private - * @var array + * @var array|null */ private $criteriaColumnInsert; /** * Whether to delete a column * * @access private - * @var array + * @var array|null */ private $criteriaColumnDelete; /** @@ -311,16 +312,12 @@ class Qbe { $criteriaColumnCount = $this->initializeCriteriasCount(); - $this->criteriaColumnInsert = Core::ifSetOr( - $_POST['criteriaColumnInsert'], - null, - 'array' - ); - $this->criteriaColumnDelete = Core::ifSetOr( - $_POST['criteriaColumnDelete'], - null, - 'array' - ); + $this->criteriaColumnInsert = isset($_POST['criteriaColumnInsert']) && is_array($_POST['criteriaColumnInsert']) + ? $_POST['criteriaColumnInsert'] + : null; + $this->criteriaColumnDelete = isset($_POST['criteriaColumnDelete']) && is_array($_POST['criteriaColumnDelete']) + ? $_POST['criteriaColumnDelete'] + : null; $this->prevCriteria = $_POST['prev_criteria'] ?? []; $this->criteria = $_POST['criteria'] ?? array_fill(0, $criteriaColumnCount, ''); @@ -347,7 +344,7 @@ class Qbe private function setCriteriaTablesAndColumns() { // The tables list sent by a previously submitted form - if (Core::isValid($_POST['TableList'], 'array')) { + if (isset($_POST['TableList']) && is_array($_POST['TableList'])) { foreach ($_POST['TableList'] as $eachTable) { $this->criteriaTables[$eachTable] = ' selected="selected"'; } @@ -1846,30 +1843,28 @@ class Qbe private function initializeCriteriasCount(): int { // sets column count - $criteriaColumnCount = Core::ifSetOr( - $_POST['criteriaColumnCount'], - 3, - 'numeric' - ); - $criteriaColumnAdd = Core::ifSetOr( - $_POST['criteriaColumnAdd'], - 0, - 'numeric' - ); + $criteriaColumnCount = isset($_POST['criteriaColumnCount']) && is_numeric($_POST['criteriaColumnCount']) + ? (int) $_POST['criteriaColumnCount'] + : 3; + $criteriaColumnAdd = isset($_POST['criteriaColumnAdd']) && is_numeric($_POST['criteriaColumnAdd']) + ? (int) $_POST['criteriaColumnAdd'] + : 0; $this->criteriaColumnCount = max( $criteriaColumnCount + $criteriaColumnAdd, 0 ); // sets row count - $rows = Core::ifSetOr($_POST['rows'], 0, 'numeric'); - $criteriaRowAdd = Core::ifSetOr($_POST['criteriaRowAdd'], 0, 'numeric'); + $rows = isset($_POST['rows']) && is_numeric($_POST['rows']) ? (int) $_POST['rows'] : 0; + $criteriaRowAdd = isset($_POST['criteriaRowAdd']) && is_numeric($_POST['criteriaRowAdd']) + ? (int) $_POST['criteriaRowAdd'] + : 0; $this->criteriaRowCount = min( 100, max($rows + $criteriaRowAdd, 0) ); - return (int) $criteriaColumnCount; + return $criteriaColumnCount; } /** diff --git a/libraries/classes/DatabaseInterface.php b/libraries/classes/DatabaseInterface.php index 059d1fb139..7ab8bf3602 100644 --- a/libraries/classes/DatabaseInterface.php +++ b/libraries/classes/DatabaseInterface.php @@ -36,6 +36,7 @@ use function count; use function defined; use function explode; use function implode; +use function in_array; use function is_array; use function is_int; use function is_string; @@ -1591,7 +1592,7 @@ class DatabaseInterface implements DbalInterface if (! $GLOBALS['cfg']['Server']['DisableIS']) { $query = QueryGenerator::getInformationSchemaRoutinesRequest( $this->escapeString($db), - Core::isValid($which, ['FUNCTION', 'PROCEDURE']) ? $which : null, + isset($which) && in_array($which, ['FUNCTION', 'PROCEDURE']) ? $which : null, empty($name) ? null : $this->escapeString($name) ); $result = $this->fetchResult($query); diff --git a/libraries/classes/Display/Results.php b/libraries/classes/Display/Results.php index d5a7856cfa..6002a81789 100644 --- a/libraries/classes/Display/Results.php +++ b/libraries/classes/Display/Results.php @@ -46,8 +46,10 @@ use function file_exists; use function floor; use function htmlspecialchars; use function implode; +use function in_array; use function intval; use function is_array; +use function is_numeric; use function json_encode; use function mb_check_encoding; use function mb_strlen; @@ -3810,9 +3812,7 @@ class Results // The value can also be from _GET as described on issue #16146 when sorting results $sessionMaxRows = $_GET['session_max_rows'] ?? $_POST['session_max_rows'] ?? ''; - // as this is a form value, the type is always string so we cannot - // use Core::isValid($_POST['session_max_rows'], 'integer') - if (Core::isValid($sessionMaxRows, 'numeric')) { + if (isset($sessionMaxRows) && is_numeric($sessionMaxRows)) { $query['max_rows'] = (int) $sessionMaxRows; unset($_GET['session_max_rows'], $_POST['session_max_rows']); } elseif ($sessionMaxRows === self::ALL_ROWS) { @@ -3822,7 +3822,7 @@ class Results $query['max_rows'] = intval($GLOBALS['cfg']['MaxRows']); } - if (Core::isValid($_REQUEST['pos'], 'numeric')) { + if (isset($_REQUEST['pos']) && is_numeric($_REQUEST['pos'])) { $query['pos'] = (int) $_REQUEST['pos']; unset($_REQUEST['pos']); } elseif (empty($query['pos'])) { @@ -3830,12 +3830,9 @@ class Results } if ( - Core::isValid( + isset($_REQUEST['pftext']) && in_array( $_REQUEST['pftext'], - [ - self::DISPLAY_PARTIAL_TEXT, - self::DISPLAY_FULL_TEXT, - ] + [self::DISPLAY_PARTIAL_TEXT, self::DISPLAY_FULL_TEXT] ) ) { $query['pftext'] = $_REQUEST['pftext']; @@ -3845,12 +3842,9 @@ class Results } if ( - Core::isValid( + isset($_REQUEST['relational_display']) && in_array( $_REQUEST['relational_display'], - [ - self::RELATIONAL_KEY, - self::RELATIONAL_DISPLAY_COLUMN, - ] + [self::RELATIONAL_KEY, self::RELATIONAL_DISPLAY_COLUMN] ) ) { $query['relational_display'] = $_REQUEST['relational_display']; @@ -3863,13 +3857,9 @@ class Results } if ( - Core::isValid( + isset($_REQUEST['geoOption']) && in_array( $_REQUEST['geoOption'], - [ - self::GEOMETRY_DISP_WKT, - self::GEOMETRY_DISP_WKB, - self::GEOMETRY_DISP_GEOM, - ] + [self::GEOMETRY_DISP_WKT, self::GEOMETRY_DISP_WKB, self::GEOMETRY_DISP_GEOM] ) ) { $query['geoOption'] = $_REQUEST['geoOption']; diff --git a/libraries/classes/Footer.php b/libraries/classes/Footer.php index 478dd8125f..6481412395 100644 --- a/libraries/classes/Footer.php +++ b/libraries/classes/Footer.php @@ -14,6 +14,7 @@ use function file_exists; use function in_array; use function is_array; use function is_object; +use function is_scalar; use function json_encode; use function json_last_error; use function strlen; @@ -229,7 +230,11 @@ class Footer global $dbi; if ( - Core::isValid($_REQUEST['no_history']) + ( + isset($_REQUEST['no_history']) + && is_scalar($_REQUEST['no_history']) + && strlen((string) $_REQUEST['no_history']) > 0 + ) || ! empty($GLOBALS['error_message']) || empty($GLOBALS['sql_query']) || ! isset($dbi) @@ -239,8 +244,8 @@ class Footer } $this->relation->setHistory( - Core::ifSetOr($GLOBALS['db'], ''), - Core::ifSetOr($GLOBALS['table'], ''), + isset($GLOBALS['db']) && is_scalar($GLOBALS['db']) ? (string) $GLOBALS['db'] : '', + isset($GLOBALS['table']) && is_scalar($GLOBALS['table']) ? (string) $GLOBALS['table'] : '', $GLOBALS['cfg']['Server']['user'], $GLOBALS['sql_query'] ); diff --git a/libraries/classes/Operations.php b/libraries/classes/Operations.php index 56f543b9ac..e3dd753d63 100644 --- a/libraries/classes/Operations.php +++ b/libraries/classes/Operations.php @@ -12,6 +12,7 @@ use function __; use function array_merge; use function count; use function explode; +use function is_scalar; use function mb_strtolower; use function str_replace; use function strlen; @@ -1020,7 +1021,7 @@ class Operations /** * A target table name has been sent to this script -> do the work */ - if (Core::isValid($_POST['new_name'])) { + if (isset($_POST['new_name']) && is_scalar($_POST['new_name']) && strlen((string) $_POST['new_name']) > 0) { if ($db == $_POST['target_db'] && $table == $_POST['new_name']) { if (isset($_POST['submit_move'])) { $message = Message::error(__('Can\'t move table to same one!')); @@ -1032,7 +1033,7 @@ class Operations $db, $table, $_POST['target_db'], - $_POST['new_name'], + (string) $_POST['new_name'], $_POST['what'], isset($_POST['submit_move']), 'one_table' @@ -1047,14 +1048,14 @@ class Operations $db, $table, $_POST['target_db'], - $_POST['new_name'] + (string) $_POST['new_name'] ); } else { $this->adjustPrivilegesCopyTable( $db, $table, $_POST['target_db'], - $_POST['new_name'] + (string) $_POST['new_name'] ); } @@ -1089,7 +1090,7 @@ class Operations . Util::backquote($table); $message->addParam($old); - $new_name = $_POST['new_name']; + $new_name = (string) $_POST['new_name']; if ($this->dbi->getLowerCaseNames() === '1') { $new_name = strtolower($new_name); } diff --git a/libraries/classes/Partitioning/TablePartitionDefinition.php b/libraries/classes/Partitioning/TablePartitionDefinition.php index ab4a0d38ba..aee83e981d 100644 --- a/libraries/classes/Partitioning/TablePartitionDefinition.php +++ b/libraries/classes/Partitioning/TablePartitionDefinition.php @@ -4,11 +4,10 @@ declare(strict_types=1); namespace PhpMyAdmin\Partitioning; -use PhpMyAdmin\Core; - use function array_intersect_key; use function array_merge; use function array_splice; +use function is_numeric; use function min; final class TablePartitionDefinition @@ -83,7 +82,7 @@ final class TablePartitionDefinition */ private static function extractPartitionCount(string $paramLabel): int { - if (Core::isValid($_POST[$paramLabel], 'numeric')) { + if (isset($_POST[$paramLabel]) && is_numeric($_POST[$paramLabel])) { // MySQL's limit is 8192, so do not allow more // @see https://dev.mysql.com/doc/refman/en/partitioning-limitations.html $count = min((int) $_POST[$paramLabel], 8192); diff --git a/libraries/classes/Relation.php b/libraries/classes/Relation.php index 898c1c43c7..7e80c1ee8f 100644 --- a/libraries/classes/Relation.php +++ b/libraries/classes/Relation.php @@ -27,6 +27,7 @@ use function implode; use function in_array; use function is_array; use function is_bool; +use function is_scalar; use function is_string; use function ksort; use function mb_check_encoding; @@ -1432,20 +1433,31 @@ class Relation $top = []; $bottom = []; if ($foreign_display) { - if (Core::isValid($GLOBALS['cfg']['ForeignKeyDropdownOrder'], 'array')) { - if (Core::isValid($GLOBALS['cfg']['ForeignKeyDropdownOrder'][0])) { + if ( + isset($GLOBALS['cfg']['ForeignKeyDropdownOrder']) + && is_array($GLOBALS['cfg']['ForeignKeyDropdownOrder']) + ) { + if ( + isset($GLOBALS['cfg']['ForeignKeyDropdownOrder'][0]) + && is_scalar($GLOBALS['cfg']['ForeignKeyDropdownOrder'][0]) + && strlen((string) $GLOBALS['cfg']['ForeignKeyDropdownOrder'][0]) > 0 + ) { $top = $this->buildForeignDropdown( $foreign, $data, - $GLOBALS['cfg']['ForeignKeyDropdownOrder'][0] + (string) $GLOBALS['cfg']['ForeignKeyDropdownOrder'][0] ); } - if (Core::isValid($GLOBALS['cfg']['ForeignKeyDropdownOrder'][1])) { + if ( + isset($GLOBALS['cfg']['ForeignKeyDropdownOrder'][1]) + && is_scalar($GLOBALS['cfg']['ForeignKeyDropdownOrder'][1]) + && strlen((string) $GLOBALS['cfg']['ForeignKeyDropdownOrder'][1]) > 0 + ) { $bottom = $this->buildForeignDropdown( $foreign, $data, - $GLOBALS['cfg']['ForeignKeyDropdownOrder'][1] + (string) $GLOBALS['cfg']['ForeignKeyDropdownOrder'][1] ); } } else { diff --git a/libraries/classes/ResponseRenderer.php b/libraries/classes/ResponseRenderer.php index 5348874e49..26edf5aceb 100644 --- a/libraries/classes/ResponseRenderer.php +++ b/libraries/classes/ResponseRenderer.php @@ -11,6 +11,7 @@ use function defined; use function headers_sent; use function http_response_code; use function is_array; +use function is_scalar; use function json_encode; use function json_last_error_msg; use function mb_strlen; @@ -376,8 +377,10 @@ class ResponseRenderer $this->addJSON( 'reloadQuerywindow', [ - 'db' => Core::ifSetOr($GLOBALS['db'], ''), - 'table' => Core::ifSetOr($GLOBALS['table'], ''), + 'db' => isset($GLOBALS['db']) && is_scalar($GLOBALS['db']) + ? (string) $GLOBALS['db'] : '', + 'table' => isset($GLOBALS['table']) && is_scalar($GLOBALS['table']) + ? (string) $GLOBALS['table'] : '', 'sql_query' => $query, ] ); diff --git a/libraries/classes/Server/Privileges.php b/libraries/classes/Server/Privileges.php index 148a593bc9..6de0e38bd8 100644 --- a/libraries/classes/Server/Privileges.php +++ b/libraries/classes/Server/Privileges.php @@ -8,7 +8,6 @@ declare(strict_types=1); namespace PhpMyAdmin\Server; use mysqli_stmt; -use PhpMyAdmin\Core; use PhpMyAdmin\DatabaseInterface; use PhpMyAdmin\Html\Generator; use PhpMyAdmin\Html\MySQLDocumentation; @@ -31,6 +30,8 @@ use function htmlspecialchars; use function implode; use function in_array; use function is_array; +use function is_scalar; +use function is_string; use function json_decode; use function ksort; use function max; @@ -2864,18 +2865,34 @@ class Privileges /** * Checks if a dropdown box has been used for selecting a database / table */ - if (Core::isValid($_POST['pred_tablename'])) { - $tablename = $_POST['pred_tablename']; - } elseif (Core::isValid($_REQUEST['tablename'])) { - $tablename = $_REQUEST['tablename']; + if ( + isset($_POST['pred_tablename']) + && is_scalar($_POST['pred_tablename']) + && strlen((string) $_POST['pred_tablename']) > 0 + ) { + $tablename = (string) $_POST['pred_tablename']; + } elseif ( + isset($_REQUEST['tablename']) + && is_scalar($_REQUEST['tablename']) + && strlen((string) $_REQUEST['tablename']) > 0 + ) { + $tablename = (string) $_REQUEST['tablename']; } else { unset($tablename); } - if (Core::isValid($_POST['pred_routinename'])) { - $routinename = $_POST['pred_routinename']; - } elseif (Core::isValid($_REQUEST['routinename'])) { - $routinename = $_REQUEST['routinename']; + if ( + isset($_POST['pred_routinename']) + && is_scalar($_POST['pred_routinename']) + && strlen((string) $_POST['pred_routinename']) > 0 + ) { + $routinename = (string) $_POST['pred_routinename']; + } elseif ( + isset($_REQUEST['routinename']) + && is_scalar($_REQUEST['routinename']) + && strlen((string) $_REQUEST['routinename']) > 0 + ) { + $routinename = (string) $_REQUEST['routinename']; } else { unset($routinename); } @@ -2883,7 +2900,7 @@ class Privileges if (isset($_POST['pred_dbname'])) { $isValidPredDbname = true; foreach ($_POST['pred_dbname'] as $key => $dbName) { - if (! Core::isValid($dbName)) { + if (! isset($dbName) || ! is_scalar($dbName) || strlen((string) $dbName) === 0) { $isValidPredDbname = false; break; } @@ -2894,13 +2911,17 @@ class Privileges $isValidDbname = true; if (is_array($_REQUEST['dbname'])) { foreach ($_REQUEST['dbname'] as $key => $dbName) { - if (! Core::isValid($dbName)) { + if (! isset($dbName) || ! is_scalar($dbName) || strlen((string) $dbName) === 0) { $isValidDbname = false; break; } } } else { - if (! Core::isValid($_REQUEST['dbname'])) { + if ( + ! isset($_REQUEST['dbname']) + || ! is_scalar($_REQUEST['dbname']) + || strlen((string) $_REQUEST['dbname']) === 0 + ) { $isValidDbname = false; } } @@ -2913,7 +2934,7 @@ class Privileges $dbname = $dbname[0]; } } elseif (isset($isValidDbname) && $isValidDbname) { - $dbname = $_REQUEST['dbname']; + $dbname = (string) $_REQUEST['dbname']; } else { unset($dbname, $tablename); } @@ -3274,8 +3295,12 @@ class Privileges $privilegesTable = $this->getHtmlToDisplayPrivilegesTable( // If $dbname is an array, pass any one db as all have same privs. - Core::ifSetOr($dbname, is_array($dbname) ? $dbname[0] : '*', 'length'), - Core::ifSetOr($tablename, '*', 'length') + is_string($dbname) && strlen($dbname) > 0 + ? $dbname + : (is_array($dbname) ? (string) $dbname[0] : '*'), + strlen($tablename) > 0 + ? $tablename + : '*' ); $tableSpecificRights = ''; diff --git a/libraries/classes/Setup/FormProcessing.php b/libraries/classes/Setup/FormProcessing.php index 391fc609e6..141873be23 100644 --- a/libraries/classes/Setup/FormProcessing.php +++ b/libraries/classes/Setup/FormProcessing.php @@ -8,11 +8,12 @@ declare(strict_types=1); namespace PhpMyAdmin\Setup; use PhpMyAdmin\Config\FormDisplay; -use PhpMyAdmin\Core; use PhpMyAdmin\ResponseRenderer; use PhpMyAdmin\Template; use PhpMyAdmin\Url; +use function is_numeric; + /** * PhpMyAdmin\Setup\FormProcessing class */ @@ -54,7 +55,7 @@ class FormProcessing // form has errors, show warning $page = $_GET['page'] ?? ''; $formset = $_GET['formset'] ?? ''; - $formId = Core::isValid($_GET['id'], 'numeric') ? $_GET['id'] : ''; + $formId = isset($_GET['id']) && is_numeric($_GET['id']) ? (int) $_GET['id'] : null; if ($formId === null && $page === 'servers') { // we've just added a new server, get its id $formId = $form_display->getConfigFile()->getServerCount(); diff --git a/libraries/classes/UserPassword.php b/libraries/classes/UserPassword.php index 74241b536c..05cc65973e 100644 --- a/libraries/classes/UserPassword.php +++ b/libraries/classes/UserPassword.php @@ -135,13 +135,7 @@ class UserPassword */ private function changePassHashingFunction() { - if ( - Core::isValid( - $_POST['authentication_plugin'], - 'identical', - 'mysql_old_password' - ) - ) { + if (isset($_POST['authentication_plugin']) && $_POST['authentication_plugin'] === 'mysql_old_password') { $hashing_function = 'OLD_PASSWORD'; } else { $hashing_function = 'PASSWORD'; diff --git a/libraries/classes/Util.php b/libraries/classes/Util.php index b9bd29c311..1cc43fd042 100644 --- a/libraries/classes/Util.php +++ b/libraries/classes/Util.php @@ -46,6 +46,7 @@ use function ini_get; use function is_array; use function is_callable; use function is_object; +use function is_scalar; use function is_string; use function log10; use function mb_detect_encoding; @@ -2474,8 +2475,12 @@ class Util if (count($sotCache) > 0) { $tblGroupSql = ''; $whereAdded = false; - if (Core::isValid($_REQUEST['tbl_group'])) { - $group = self::escapeMysqlWildcards($_REQUEST['tbl_group']); + if ( + isset($_REQUEST['tbl_group']) + && is_scalar($_REQUEST['tbl_group']) + && strlen((string) $_REQUEST['tbl_group']) > 0 + ) { + $group = self::escapeMysqlWildcards((string) $_REQUEST['tbl_group']); $groupWithSeparator = self::escapeMysqlWildcards( $_REQUEST['tbl_group'] . $GLOBALS['cfg']['NavigationTreeTableSeparator'] @@ -2489,7 +2494,7 @@ class Util $whereAdded = true; } - if (Core::isValid($_REQUEST['tbl_type'], ['table', 'view'])) { + if (isset($_REQUEST['tbl_type']) && in_array($_REQUEST['tbl_type'], ['table', 'view'])) { $tblGroupSql .= $whereAdded ? ' AND' : ' WHERE'; if ($_REQUEST['tbl_type'] === 'view') { $tblGroupSql .= " `Table_type` NOT IN ('BASE TABLE', 'SYSTEM VERSIONED')"; @@ -2761,7 +2766,7 @@ class Util 'sort_order' => $futureSortOrder, ]; - if (Core::isValid($_REQUEST['tbl_type'], ['view', 'table'])) { + if (isset($_REQUEST['tbl_type']) && in_array($_REQUEST['tbl_type'], ['view', 'table'])) { $urlParams['tbl_type'] = $_REQUEST['tbl_type']; } diff --git a/psalm-baseline.xml b/psalm-baseline.xml index e88faca215..9f282b54f9 100644 --- a/psalm-baseline.xml +++ b/psalm-baseline.xml @@ -422,18 +422,15 @@ </NonInvariantDocblockPropertyType> </file> <file src="libraries/classes/Common.php"> - <MixedArgument occurrences="13"> - <code>$_POST['token']</code> + <MixedArgument occurrences="10"> <code>$_REQUEST['back']</code> <code>$_REQUEST['goto']</code> <code>$_SESSION[' PMA_token ']</code> <code>$back</code> <code>$cfg['Server']['user']</code> - <code>$db</code> <code>$goto</code> <code>$sqlDelimiter</code> <code>$sql_query</code> - <code>$table</code> <code>$urlParams</code> <code>$urlParams</code> </MixedArgument> @@ -447,19 +444,15 @@ <code>$urlParams['goto']</code> <code>$urlParams['table']</code> </MixedArrayAssignment> - <MixedAssignment occurrences="13"> + <MixedAssignment occurrences="9"> <code>$back</code> <code>$controlLink</code> <code>$databaseFromRequest</code> - <code>$db</code> <code>$goto</code> <code>$sqlDelimiter</code> <code>$sql_query</code> - <code>$table</code> <code>$tableFromRequest</code> - <code>$urlParams['db']</code> <code>$urlParams['goto']</code> - <code>$urlParams['table']</code> <code>$userLink</code> </MixedAssignment> </file> @@ -2795,29 +2788,16 @@ </PossiblyNullArrayAccess> </file> <file src="libraries/classes/Controllers/Setup/FormController.php"> - <MixedArgument occurrences="1"> - <code>$formset</code> - </MixedArgument> - <MixedAssignment occurrences="1"> - <code>$formset</code> - </MixedAssignment> - <PossiblyNullArgument occurrences="1"> - <code>$formset</code> - </PossiblyNullArgument> <UndefinedClass occurrences="1"> <code>new $formClass($this->config)</code> </UndefinedClass> </file> <file src="libraries/classes/Controllers/Setup/HomeController.php"> - <MixedArgument occurrences="1"> - <code>$actionDone</code> - </MixedArgument> <MixedArgumentTypeCoercion occurrences="2"> <code>$id</code> <code>$id</code> </MixedArgumentTypeCoercion> - <MixedAssignment occurrences="2"> - <code>$actionDone</code> + <MixedAssignment occurrences="1"> <code>$server</code> </MixedAssignment> <UnusedForeachValue occurrences="1"> @@ -3262,14 +3242,13 @@ </MixedOperand> </file> <file src="libraries/classes/Controllers/Table/GisVisualizationController.php"> - <MixedArgument occurrences="8"> + <MixedArgument occurrences="7"> <code>$_GET['fileFormat']</code> <code>$_GET['sql_query']</code> <code>$_GET['sql_signature']</code> <code>$result</code> <code>$sqlQuery</code> <code>$urlParams</code> - <code>$visualizationSettings</code> <code>$visualizationSettings['spatialColumn']</code> </MixedArgument> <MixedArgumentTypeCoercion occurrences="1"> @@ -3279,23 +3258,17 @@ <code>$_SESSION['tmpval']['max_rows']</code> <code>$_SESSION['tmpval']['pos']</code> </MixedArrayAccess> - <MixedArrayAssignment occurrences="8"> + <MixedArrayAssignment occurrences="4"> <code>$urlParams['back']</code> <code>$urlParams['goto']</code> <code>$urlParams['sql_query']</code> <code>$urlParams['sql_signature']</code> - <code>$visualizationSettings['isMariaDB']</code> - <code>$visualizationSettings['labelColumn']</code> - <code>$visualizationSettings['mysqlVersion']</code> - <code>$visualizationSettings['spatialColumn']</code> </MixedArrayAssignment> - <MixedAssignment occurrences="7"> + <MixedAssignment occurrences="5"> <code>$result</code> <code>$sqlQuery</code> <code>$sqlQuery</code> <code>$val</code> - <code>$visualizationSettings</code> - <code>$visualizationSettings</code> <code>$visualizationSettings[$setting]</code> </MixedAssignment> <PropertyNotSetInConstructor occurrences="1"> @@ -4302,12 +4275,11 @@ <DocblockTypeContradiction occurrences="1"> <code>$view['as']</code> </DocblockTypeContradiction> - <MixedArgument occurrences="15"> + <MixedArgument occurrences="14"> <code>$_GET['db']</code> <code>$_GET['db']</code> <code>$_GET['table']</code> <code>$_GET['table']</code> - <code>$_POST['view']</code> <code>$_POST['view']['as']</code> <code>$_POST['view']['column_names']</code> <code>$_POST['view']['definer']</code> @@ -4322,9 +4294,7 @@ <MixedArgumentTypeCoercion occurrences="1"> <code>['db' => $db]</code> </MixedArgumentTypeCoercion> - <MixedArrayAccess occurrences="10"> - <code>$_POST['view']['algorithm']</code> - <code>$_POST['view']['algorithm']</code> + <MixedArrayAccess occurrences="8"> <code>$_POST['view']['as']</code> <code>$_POST['view']['as']</code> <code>$_POST['view']['column_names']</code> @@ -4395,7 +4365,7 @@ <code>$i</code> <code>$i</code> </LoopInvalidation> - <MixedArgument occurrences="8"> + <MixedArgument occurrences="7"> <code>$GLOBALS[$post_key]</code> <code>$GLOBALS['cfg']['TrustedProxies'][$direct_ip]</code> <code>$one_post_pattern</code> @@ -4403,7 +4373,6 @@ <code>$query</code> <code>$tables</code> <code>$tables</code> - <code>$type</code> </MixedArgument> <MixedArgumentTypeCoercion occurrences="2"> <code>$post_key</code> @@ -4463,11 +4432,6 @@ <TypeDoesNotContainType occurrences="1"> <code>is_string($data)</code> </TypeDoesNotContainType> - <UnusedVariable occurrences="3"> - <code>$type</code> - <code>$type</code> - <code>$type</code> - </UnusedVariable> </file> <file src="libraries/classes/CreateAddField.php"> <MixedArgument occurrences="39"> @@ -5243,16 +5207,13 @@ <code>$tsize[$table]</code> <code>$tsize[$table]</code> </MixedArrayOffset> - <MixedAssignment occurrences="62"> + <MixedAssignment occurrences="54"> <code>$GLOBALS[${'cur' . $or}][$newColumnCount]</code> <code>$allTables</code> <code>$clause</code> <code>$clause</code> <code>$column</code> <code>$columnReferences</code> - <code>$criteriaColumnAdd</code> - <code>$criteriaColumnCount</code> - <code>$criteriaRowAdd</code> <code>$eachColumn</code> <code>$eachTable</code> <code>$eachTable</code> @@ -5279,7 +5240,6 @@ <code>$oneTable</code> <code>$reference</code> <code>$result</code> - <code>$rows</code> <code>$select</code> <code>$selectClauses[]</code> <code>$selected</code> @@ -5291,10 +5251,6 @@ <code>$this->criteria</code> <code>$this->criteriaAndOrColumn</code> <code>$this->criteriaAndOrRow</code> - <code>$this->criteriaColumnCount</code> - <code>$this->criteriaColumnDelete</code> - <code>$this->criteriaColumnInsert</code> - <code>$this->criteriaRowCount</code> <code>$this->criteriaRowDelete</code> <code>$this->criteriaRowInsert</code> <code>$this->prevCriteria</code> @@ -5311,15 +5267,13 @@ <code>array</code> <code>string</code> </MixedInferredReturnType> - <MixedOperand occurrences="29"> + <MixedOperand occurrences="27"> <code>$_POST['Or' . $rowIndex][$columnIndex]</code> <code>$clause</code> <code>$columns[$columnIndex]</code> - <code>$criteriaColumnCount</code> <code>$eachTable</code> <code>$eachTable</code> <code>$index['Column_name']</code> - <code>$rows</code> <code>$select</code> <code>$selected['and'] ?? ''</code> <code>$selected['or'] ?? ''</code> @@ -5857,7 +5811,7 @@ <code>$a</code> <code>$b</code> </MissingClosureParamType> - <MixedArgument occurrences="77"> + <MixedArgument occurrences="76"> <code>$_SERVER['SCRIPT_NAME']</code> <code>$a</code> <code>$arrayKeys</code> @@ -5934,7 +5888,6 @@ <code>$user</code> <code>$user</code> <code>$warningsCount</code> - <code>Core::isValid($which, ['FUNCTION', 'PROCEDURE']) ? $which : null</code> </MixedArgument> <MixedArgumentTypeCoercion occurrences="5"> <code>$field</code> @@ -7180,11 +7133,9 @@ </TypeDoesNotContainType> </file> <file src="libraries/classes/Footer.php"> - <MixedArgument occurrences="4"> + <MixedArgument occurrences="2"> <code>$db</code> <code>$table</code> - <code>Core::ifSetOr($GLOBALS['db'], '')</code> - <code>Core::ifSetOr($GLOBALS['table'], '')</code> </MixedArgument> <MixedArgumentTypeCoercion occurrences="1"> <code>$params</code> @@ -7206,6 +7157,16 @@ <PropertyNotSetInConstructor occurrences="1"> <code>$isAjax</code> </PropertyNotSetInConstructor> + <RedundantCast occurrences="2"> + <code>(string) $GLOBALS['db']</code> + <code>(string) $GLOBALS['table']</code> + </RedundantCast> + <RedundantCondition occurrences="4"> + <code>is_scalar($GLOBALS['db'])</code> + <code>is_scalar($GLOBALS['table'])</code> + <code>isset($GLOBALS['db']) && is_scalar($GLOBALS['db'])</code> + <code>isset($GLOBALS['table']) && is_scalar($GLOBALS['table'])</code> + </RedundantCondition> <TypeDoesNotContainNull occurrences="2"> <code>! isset($dbi)</code> </TypeDoesNotContainNull> @@ -9809,13 +9770,10 @@ </InvalidReturnType> </file> <file src="libraries/classes/Operations.php"> - <MixedArgument occurrences="53"> + <MixedArgument occurrences="48"> <code>$_POST['comment']</code> <code>$_POST['db_collation'] ?? ''</code> <code>$_POST['new_auto_increment']</code> - <code>$_POST['new_name']</code> - <code>$_POST['new_name']</code> - <code>$_POST['new_name']</code> <code>$_POST['newname']</code> <code>$_POST['newname']</code> <code>$_POST['newname']</code> @@ -9848,8 +9806,6 @@ <code>$function_name</code> <code>$newRowFormat</code> <code>$newRowFormat</code> - <code>$new_name</code> - <code>$new_name</code> <code>$old_priv</code> <code>$one_query</code> <code>$procedure_name</code> @@ -9925,15 +9881,13 @@ <code>$warning['Level']</code> <code>$warning['Message']</code> </MixedArrayAccess> - <MixedAssignment occurrences="23"> - <code>$GLOBALS['table']</code> + <MixedAssignment occurrences="21"> <code>$_POST['drop_if_exists']</code> <code>$arr</code> <code>$event_name</code> <code>$foreignTable</code> <code>$function_name</code> <code>$newRowFormat</code> - <code>$new_name</code> <code>$old_priv</code> <code>$old_priv</code> <code>$old_priv</code> @@ -13805,11 +13759,12 @@ <PossiblyNullPropertyAssignmentValue occurrences="1"> <code>$dbi</code> </PossiblyNullPropertyAssignmentValue> - <PossiblyUndefinedArrayOffset occurrences="1"> - <code>$GLOBALS['cfg']['ForeignKeyDropdownOrder'][1]</code> - </PossiblyUndefinedArrayOffset> - <RedundantCast occurrences="2"> + <RedundantCast occurrences="6"> <code>(int) $GLOBALS['cfg']['LimitChars']</code> + <code>(string) $GLOBALS['cfg']['ForeignKeyDropdownOrder'][0]</code> + <code>(string) $GLOBALS['cfg']['ForeignKeyDropdownOrder'][0]</code> + <code>(string) $GLOBALS['cfg']['ForeignKeyDropdownOrder'][1]</code> + <code>(string) $GLOBALS['cfg']['ForeignKeyDropdownOrder'][1]</code> <code>(string) $table[1]</code> </RedundantCast> <RedundantCastGivenDocblockType occurrences="3"> @@ -13817,8 +13772,11 @@ <code>(string) $db</code> <code>(string) $table</code> </RedundantCastGivenDocblockType> - <RedundantCondition occurrences="1"> + <RedundantCondition occurrences="7"> + <code>is_array($GLOBALS['cfg']['ForeignKeyDropdownOrder'])</code> <code>is_array($table)</code> + <code>is_scalar($GLOBALS['cfg']['ForeignKeyDropdownOrder'][0])</code> + <code>is_scalar($GLOBALS['cfg']['ForeignKeyDropdownOrder'][1])</code> </RedundantCondition> <TypeDoesNotContainType occurrences="1"> <code>$vtitle != ''</code> @@ -14034,7 +13992,15 @@ <MixedAssignment occurrences="1"> <code>$value</code> </MixedAssignment> - <RedundantCondition occurrences="1"> + <RedundantCast occurrences="2"> + <code>(string) $GLOBALS['db']</code> + <code>(string) $GLOBALS['table']</code> + </RedundantCast> + <RedundantCondition occurrences="5"> + <code>is_scalar($GLOBALS['db'])</code> + <code>is_scalar($GLOBALS['table'])</code> + <code>isset($GLOBALS['db']) && is_scalar($GLOBALS['db'])</code> + <code>isset($GLOBALS['table']) && is_scalar($GLOBALS['table'])</code> <code>isset($dbi)</code> </RedundantCondition> </file> @@ -14219,7 +14185,7 @@ <code>$result</code> <code>$result</code> </InvalidArgument> - <MixedArgument occurrences="127"> + <MixedArgument occurrences="121"> <code>$GLOBALS['dbname']</code> <code>$_GET['initial']</code> <code>$_GET['initial']</code> @@ -14262,8 +14228,6 @@ <code>$dbRightsRow['Db']</code> <code>$dbname</code> <code>$dbname</code> - <code>$dbname</code> - <code>$dbname</code> <code>$dbname ?? ''</code> <code>$eachUser</code> <code>$exportUser</code> @@ -14339,14 +14303,10 @@ <code>$sqlQuery</code> <code>$sqlQuery</code> <code>$sqlQuery</code> - <code>$tablename</code> - <code>$tablename</code> <code>$updQuery</code> <code>$user</code> <code>$username</code> <code>$username</code> - <code>Core::ifSetOr($dbname, is_array($dbname) ? $dbname[0] : '*', 'length')</code> - <code>Core::ifSetOr($tablename, '*', 'length')</code> </MixedArgument> <MixedArgumentTypeCoercion occurrences="16"> <code>$queries</code> @@ -14451,7 +14411,7 @@ <code>$specificPrivileges[$grant[0]]</code> <code>$specificPrivileges[$grant[0]]</code> </MixedArrayOffset> - <MixedAssignment occurrences="103"> + <MixedAssignment occurrences="98"> <code>$GLOBALS[$key]</code> <code>$account</code> <code>$authenticationPlugin</code> @@ -14471,7 +14431,6 @@ <code>$dbRightsResult</code> <code>$dbname</code> <code>$dbname</code> - <code>$dbname</code> <code>$eachUser</code> <code>$exportUser</code> <code>$extraData['db_wildcard_privs']</code> @@ -14531,8 +14490,6 @@ <code>$right</code> <code>$routine</code> <code>$routine</code> - <code>$routinename</code> - <code>$routinename</code> <code>$routines[]</code> <code>$row</code> <code>$row['password']</code> @@ -14542,8 +14499,6 @@ <code>$selectedUsr</code> <code>$sqlQuery</code> <code>$sqlQuery</code> - <code>$tablename</code> - <code>$tablename</code> <code>$tables[]</code> <code>$tmpPrivs2['Insert'][]</code> <code>$tmpPrivs2['References'][]</code> @@ -14632,7 +14587,8 @@ <code>$GLOBALS[$currentGrant[0]]</code> <code>$dbname</code> </PossiblyInvalidArgument> - <PossiblyInvalidCast occurrences="1"> + <PossiblyInvalidCast occurrences="2"> + <code>$_REQUEST['dbname']</code> <code>$dbname</code> </PossiblyInvalidCast> <PossiblyNullArgument occurrences="6"> @@ -14657,8 +14613,9 @@ <code>$alterUserQuery</code> <code>$alterUserQuery</code> </PossiblyNullOperand> - <PossiblyUndefinedArrayOffset occurrences="1"> + <PossiblyUndefinedArrayOffset occurrences="2"> <code>$_POST['pred_dbname']</code> + <code>$_REQUEST['dbname']</code> </PossiblyUndefinedArrayOffset> <RedundantCast occurrences="1"> <code>(bool) ! $this->dbi->fetchValue($sql)</code> @@ -15027,8 +14984,7 @@ </PossiblyNullOperand> </file> <file src="libraries/classes/Setup/FormProcessing.php"> - <MixedAssignment occurrences="3"> - <code>$formId</code> + <MixedAssignment occurrences="2"> <code>$formset</code> <code>$page</code> </MixedAssignment> @@ -16569,8 +16525,7 @@ <code>$table['disp_name']</code> <code>$units[$d]</code> </InvalidArrayOffset> - <MixedArgument occurrences="19"> - <code>$_REQUEST['tbl_group']</code> + <MixedArgument occurrences="18"> <code>$data</code> <code>$dbInfoResult</code> <code>$dbInfoResult</code> @@ -16701,8 +16656,7 @@ <code>$escapeMethod</code> <code>new $escape[1]()</code> </MixedMethodCall> - <MixedOperand occurrences="14"> - <code>$_REQUEST['tbl_group']</code> + <MixedOperand occurrences="13"> <code>$group[$groupName]['tab' . $sep . 'count']</code> <code>$row['Column_name']</code> <code>$tableGroup</code> @@ -16724,7 +16678,8 @@ <code>$group[$groupName]['tab' . $sep . 'count']</code> <code>$table['disp_name']</code> </MixedStringOffsetAssignment> - <PossiblyFalseOperand occurrences="2"> + <PossiblyFalseOperand occurrences="3"> + <code>$GLOBALS['cfg']['NavigationTreeTableSeparator']</code> <code>mb_strpos($value, '.')</code> <code>mb_strrpos($columnSpecification, ')')</code> </PossiblyFalseOperand> @@ -16750,7 +16705,8 @@ <code>$sep</code> <code>$sep</code> </PossiblyInvalidCast> - <PossiblyInvalidOperand occurrences="9"> + <PossiblyInvalidOperand occurrences="10"> + <code>$GLOBALS['cfg']['NavigationTreeTableSeparator']</code> <code>$sep</code> <code>$sep</code> <code>$sep</code> @@ -16995,19 +16951,9 @@ </UnusedVariable> </file> <file src="setup/validate.php"> - <MixedArgument occurrences="2"> - <code>$ids</code> - <code>$vals</code> - </MixedArgument> - <MixedAssignment occurrences="3"> - <code>$ids</code> - <code>$vals</code> + <MixedAssignment occurrences="1"> <code>$values</code> </MixedAssignment> - <PossiblyNullArgument occurrences="2"> - <code>$ids</code> - <code>$vals</code> - </PossiblyNullArgument> </file> <file src="test/classes/AbstractNetworkTestCase.php"> <MixedAssignment occurrences="1"> @@ -17495,14 +17441,7 @@ <code>$arr['sarr'][0]</code> <code>$arr['sarr'][0]</code> </MixedArrayAccess> - <MixedAssignment occurrences="3"> - <code>$out</code> - <code>$out</code> - <code>$out</code> - </MixedAssignment> - <MixedInferredReturnType occurrences="8"> - <code>array</code> - <code>array</code> + <MixedInferredReturnType occurrences="6"> <code>array</code> <code>array</code> <code>array</code> diff --git a/setup/config.php b/setup/config.php index 131b30ebac..3eef9a83fe 100644 --- a/setup/config.php +++ b/setup/config.php @@ -33,7 +33,7 @@ if (isset($_POST['eol'])) { $_SESSION['eol'] = $_POST['eol'] === 'unix' ? 'unix' : 'win'; } -if (Core::ifSetOr($_POST['submit_clear'], '')) { +if (isset($_POST['submit_clear']) && is_scalar($_POST['submit_clear']) ? $_POST['submit_clear'] : '') { // Clear current config and return to main page $GLOBALS['ConfigFile']->resetConfigData(); // drop post data @@ -41,7 +41,7 @@ if (Core::ifSetOr($_POST['submit_clear'], '')) { exit; } -if (Core::ifSetOr($_POST['submit_download'], '')) { +if (isset($_POST['submit_download']) && is_scalar($_POST['submit_download']) ? $_POST['submit_download'] : '') { // Output generated config file Core::downloadHeader('config.inc.php', 'text/plain'); $response->disable(); diff --git a/setup/index.php b/setup/index.php index 82cb880c97..d541ac55e7 100644 --- a/setup/index.php +++ b/setup/index.php @@ -32,7 +32,7 @@ if (@file_exists(CONFIG_FILE) && ! $cfg['DBG']['demo']) { Core::fatalError(__('Configuration already exists, setup is disabled!')); } -$page = Core::isValid($_GET['page'], 'scalar') ? (string) $_GET['page'] : ''; +$page = isset($_GET['page']) && is_scalar($_GET['page']) ? (string) $_GET['page'] : ''; $page = preg_replace('/[^a-z]/', '', $page); if ($page === '') { $page = 'index'; diff --git a/setup/validate.php b/setup/validate.php index 0ecc15a9e2..a44a3996a8 100644 --- a/setup/validate.php +++ b/setup/validate.php @@ -23,9 +23,9 @@ require ROOT_PATH . 'setup/lib/common.inc.php'; Core::headerJSON(); -$ids = Core::isValid($_POST['id'], 'scalar') ? $_POST['id'] : null; +$ids = isset($_POST['id']) && is_scalar($_POST['id']) ? (string) $_POST['id'] : ''; $vids = explode(',', $ids); -$vals = Core::isValid($_POST['values'], 'scalar') ? $_POST['values'] : null; +$vals = isset($_POST['values']) && is_scalar($_POST['values']) ? (string) $_POST['values'] : ''; $values = json_decode($vals); if (! ($values instanceof stdClass)) { Core::fatalError(__('Wrong data')); diff --git a/test/classes/CoreTest.php b/test/classes/CoreTest.php index f9a066f037..6b1427c940 100644 --- a/test/classes/CoreTest.php +++ b/test/classes/CoreTest.php @@ -600,49 +600,6 @@ class CoreTest extends AbstractNetworkTestCase } /** - * Test for Core::ifSetOr - */ - public function testVarSet(): void - { - $default = 'foo'; - $in = 'bar'; - $out = Core::ifSetOr($in, $default); - $this->assertEquals($in, $out); - } - - /** - * Test for Core::ifSetOr - */ - public function testVarSetWrongType(): void - { - $default = 'foo'; - $in = 'bar'; - $out = Core::ifSetOr($in, $default, 'boolean'); - $this->assertEquals($out, $default); - } - - /** - * Test for Core::ifSetOr - */ - public function testVarNotSet(): void - { - $default = 'foo'; - // $in is not set! - $out = Core::ifSetOr($in, $default); - $this->assertEquals($out, $default); - } - - /** - * Test for Core::ifSetOr - */ - public function testVarNotSetNoDefault(): void - { - // $in is not set! - $out = Core::ifSetOr($in); - $this->assertNull($out); - } - - /** * Test for unserializing * * @param string $url URL to test @@ -703,374 +660,6 @@ class CoreTest extends AbstractNetworkTestCase } /** - * Test for Core::isValid - * - * @param mixed $var Variable to check - * @param mixed $type Type - * @param mixed $compare Compared value - * - * @dataProvider providerTestNoVarType - */ - public function testNoVarType($var, $type, $compare): void - { - $this->assertTrue(Core::isValid($var, $type, $compare)); - } - - /** - * Data provider for testNoVarType - * - * @return array - */ - public static function providerTestNoVarType(): array - { - return [ - [ - 0, - false, - 0, - ], - [ - 0, - false, - 1, - ], - [ - 1, - false, - null, - ], - [ - 1.1, - false, - null, - ], - [ - '', - false, - null, - ], - [ - ' ', - false, - null, - ], - [ - '0', - false, - null, - ], - [ - 'string', - false, - null, - ], - [ - [], - false, - null, - ], - [ - [ - 1, - 2, - 3, - ], - false, - null, - ], - [ - true, - false, - null, - ], - [ - false, - false, - null, - ], - ]; - } - - /** - * Test for Core::isValid - */ - public function testVarNotSetAfterTest(): void - { - Core::isValid($var); - $this->assertFalse(isset($var)); - } - - /** - * Test for Core::isValid - */ - public function testNotSet(): void - { - $this->assertFalse(Core::isValid($var)); - } - - /** - * Test for Core::isValid - */ - public function testEmptyString(): void - { - $var = ''; - $this->assertFalse(Core::isValid($var)); - } - - /** - * Test for Core::isValid - */ - public function testNotEmptyString(): void - { - $var = '0'; - $this->assertTrue(Core::isValid($var)); - } - - /** - * Test for Core::isValid - */ - public function testZero(): void - { - $var = 0; - $this->assertTrue(Core::isValid($var)); - $this->assertTrue(Core::isValid($var, 'int')); - } - - /** - * Test for Core::isValid - */ - public function testNullFail(): void - { - $var = null; - $this->assertFalse(Core::isValid($var)); - - $var = 'null_text'; - $this->assertFalse(Core::isValid($var, 'null')); - } - - /** - * Test for Core::isValid - */ - public function testNotSetArray(): void - { - $array = ['x' => null]; - $this->assertFalse(Core::isValid($array['x'])); - } - - /** - * Test for Core::isValid - */ - public function testScalarString(): void - { - $var = 'string'; - $this->assertTrue(Core::isValid($var, 'len')); - $this->assertTrue(Core::isValid($var, 'scalar')); - $this->assertTrue(Core::isValid($var)); - } - - /** - * Test for Core::isValid - */ - public function testScalarInt(): void - { - $var = 1; - $this->assertTrue(Core::isValid($var, 'int')); - $this->assertTrue(Core::isValid($var, 'scalar')); - } - - /** - * Test for Core::isValid - */ - public function testScalarFloat(): void - { - $var = 1.1; - $this->assertTrue(Core::isValid($var, 'float')); - $this->assertTrue(Core::isValid($var, 'double')); - $this->assertTrue(Core::isValid($var, 'scalar')); - } - - /** - * Test for Core::isValid - */ - public function testScalarBool(): void - { - $var = true; - $this->assertTrue(Core::isValid($var, 'scalar')); - $this->assertTrue(Core::isValid($var, 'bool')); - $this->assertTrue(Core::isValid($var, 'boolean')); - } - - /** - * Test for Core::isValid - */ - public function testNotScalarArray(): void - { - $var = ['test']; - $this->assertFalse(Core::isValid($var, 'scalar')); - } - - /** - * Test for Core::isValid - */ - public function testNotScalarNull(): void - { - $var = null; - $this->assertFalse(Core::isValid($var, 'scalar')); - } - - /** - * Test for Core::isValid - */ - public function testNumericInt(): void - { - $var = 1; - $this->assertTrue(Core::isValid($var, 'numeric')); - } - - /** - * Test for Core::isValid - */ - public function testNumericFloat(): void - { - $var = 1.1; - $this->assertTrue(Core::isValid($var, 'numeric')); - } - - /** - * Test for Core::isValid - */ - public function testNumericZero(): void - { - $var = 0; - $this->assertTrue(Core::isValid($var, 'numeric')); - } - - /** - * Test for Core::isValid - */ - public function testNumericString(): void - { - $var = '+0.1'; - $this->assertTrue(Core::isValid($var, 'numeric')); - } - - /** - * Test for Core::isValid - */ - public function testValueInArray(): void - { - $var = 'a'; - $this->assertTrue(Core::isValid($var, ['a', 'b'])); - } - - /** - * Test for Core::isValid - */ - public function testValueNotInArray(): void - { - $var = 'c'; - $this->assertFalse(Core::isValid($var, ['a', 'b'])); - } - - /** - * Test for Core::isValid - */ - public function testNumericIdentical(): void - { - $var = 1; - $compare = 1; - $this->assertTrue(Core::isValid($var, 'identic', $compare)); - - $var = 1; - $compare += 2; - $this->assertFalse(Core::isValid($var, 'identic', $compare)); - - $var = 1; - $compare = '1'; - $this->assertFalse(Core::isValid($var, 'identic', $compare)); - } - - /** - * Test for Core::isValid - * - * @param mixed $var Variable - * @param mixed $compare Compare - * - * @dataProvider provideTestSimilarType - */ - public function testSimilarType($var, $compare): void - { - $this->assertTrue(Core::isValid($var, 'similar', $compare)); - $this->assertTrue(Core::isValid($var, 'equal', $compare)); - $this->assertTrue(Core::isValid($compare, 'similar', $var)); - $this->assertTrue(Core::isValid($compare, 'equal', $var)); - } - - /** - * Data provider for testSimilarType - * - * @return array - */ - public function provideTestSimilarType(): array - { - return [ - [ - 1, - 1, - ], - [ - 1.5, - 1.5, - ], - [ - true, - true, - ], - [ - 'string', - 'string', - ], - [ - [ - 1, - 2, - 3.4, - ], - [ - 1, - 2, - 3.4, - ], - ], - [ - [ - 1, - '2', - '3.4', - 5, - 'text', - ], - [ - '1', - '2', - 3.4, - '5', - ], - ], - ]; - } - - /** - * Test for Core::isValid - */ - public function testOtherTypes(): void - { - $var = new class { - }; - $this->assertFalse(Core::isValid($var, 'class')); - } - - /** * Test for unserializing * * @param string $data Serialized data @@ -57,9 +57,9 @@ $response->getHeader()->sendHttpHeaders(); $response->disable(); if ( - ! Core::isValid($_GET['url']) - || ! preg_match('/^https:\/\/[^\n\r]*$/', $_GET['url']) - || ! Core::isAllowedDomain($_GET['url']) + ! isset($_GET['url']) || ! is_scalar($_GET['url']) || strlen((string) $_GET['url']) === 0 + || ! preg_match('/^https:\/\/[^\n\r]*$/', (string) $_GET['url']) + || ! Core::isAllowedDomain((string) $_GET['url']) ) { Core::sendHeaderLocation('./'); } else { @@ -69,7 +69,7 @@ if ( // external site. $template = $containerBuilder->get('template'); echo $template->render('javascript/redirect', [ - 'url' => Sanitize::escapeJsString($_GET['url']), + 'url' => Sanitize::escapeJsString((string) $_GET['url']), ]); // Display redirecting msg on screen. // Do not display the value of $_GET['url'] to avoid showing injected content |