diff --git a/modules/comment/models/comment.php b/modules/comment/models/comment.php index 5507f8af..b308f992 100644 --- a/modules/comment/models/comment.php +++ b/modules/comment/models/comment.php @@ -72,6 +72,12 @@ class Comment_Model_Core extends ORM { parent::validate($array); } + private function get_server_var($input, $key) { + $value = $input->server($key); + if (is_null($value)) $value = ''; + return $value; + } + /** * @see ORM::save() */ @@ -89,18 +95,18 @@ class Comment_Model_Core extends ORM { // as a semaphore for now (we use that in g2_import.php) if (empty($this->server_http_host)) { $input = Input::instance(); - $this->server_http_accept = substr($input->server("HTTP_ACCEPT"), 0, 128); - $this->server_http_accept_charset = substr($input->server("HTTP_ACCEPT_CHARSET"), 0, 64); - $this->server_http_accept_encoding = substr($input->server("HTTP_ACCEPT_ENCODING"), 0, 64); - $this->server_http_accept_language = substr($input->server("HTTP_ACCEPT_LANGUAGE"), 0, 64); - $this->server_http_connection = substr($input->server("HTTP_CONNECTION"), 0, 64); - $this->server_http_host = substr($input->server("HTTP_HOST"), 0, 64); - $this->server_http_referer = substr($input->server("HTTP_REFERER"), 0, 255); - $this->server_http_user_agent = substr($input->server("HTTP_USER_AGENT"), 0, 128); - $this->server_query_string = substr($input->server("QUERY_STRING"), 0, 64); - $this->server_remote_addr = substr($input->server("REMOTE_ADDR"), 0, 40); - $this->server_remote_host = substr($input->server("REMOTE_HOST"), 0, 255); - $this->server_remote_port = substr($input->server("REMOTE_PORT"), 0, 16); + $this->server_http_accept = substr($this->get_server_var($input, "HTTP_ACCEPT"), 0, 128); + $this->server_http_accept_charset = substr($this->get_server_var($input, "HTTP_ACCEPT_CHARSET"), 0, 64); + $this->server_http_accept_encoding = substr($this->get_server_var($input, "HTTP_ACCEPT_ENCODING"), 0, 64); + $this->server_http_accept_language = substr($this->get_server_var($input, "HTTP_ACCEPT_LANGUAGE"), 0, 64); + $this->server_http_connection = substr($this->get_server_var($input, "HTTP_CONNECTION"), 0, 64); + $this->server_http_host = substr($this->get_server_var($input, "HTTP_HOST"), 0, 64); + $this->server_http_referer = substr($this->get_server_var($input, "HTTP_REFERER"), 0, 255); + $this->server_http_user_agent = substr($this->get_server_var($input, "HTTP_USER_AGENT"), 0, 128); + $this->server_query_string = substr($this->get_server_var($input, "QUERY_STRING"), 0, 64); + $this->server_remote_addr = substr($this->get_server_var($input, "REMOTE_ADDR"), 0, 40); + $this->server_remote_host = substr($this->get_server_var($input, "REMOTE_HOST"), 0, 255); + $this->server_remote_port = substr($this->get_server_var($input, "REMOTE_PORT"), 0, 16); } $visible_change = $this->state == "published"; diff --git a/modules/gallery/helpers/legal_file.php b/modules/gallery/helpers/legal_file.php index 74617ab6..e9235cdf 100644 --- a/modules/gallery/helpers/legal_file.php +++ b/modules/gallery/helpers/legal_file.php @@ -229,7 +229,7 @@ class legal_file_Core { * extension, add the new one to the end. */ static function change_extension($filename, $new_ext) { - $filename_no_ext = preg_replace("/\.[^\.\/]*?$/", "", $filename); + $filename_no_ext = !empty($filename) ? preg_replace("/\.[^\.\/]*?$/", "", $filename) : ''; return "{$filename_no_ext}.{$new_ext}"; } @@ -271,7 +271,7 @@ class legal_file_Core { static function sanitize_filename($filename, $extension, $type) { // Check if the type is valid - if so, get the mime types of the // original and target extensions; if not, throw an exception. - $original_extension = pathinfo($filename, PATHINFO_EXTENSION); + $original_extension = !empty($filename) ? pathinfo($filename, PATHINFO_EXTENSION) : ''; switch ($type) { case "photo": $mime_type = legal_file::get_photo_types_by_extension($extension); @@ -318,6 +318,8 @@ class legal_file_Core { * @return string sanitized dirname */ static function sanitize_dirname($dirname) { + if (is_null($dirname)) return 'album'; + // It should be a dirname without a parent directory - remove all slashes (and backslashes). $dirname = str_replace("/", "_", $dirname); $dirname = str_replace("\\", "_", $dirname); diff --git a/modules/gallery/helpers/message.php b/modules/gallery/helpers/message.php index d1099953..d7a91928 100644 --- a/modules/gallery/helpers/message.php +++ b/modules/gallery/helpers/message.php @@ -62,7 +62,8 @@ class message_Core { */ private static function _add($msg, $severity) { $session = Session::instance(); - $status = $session->get("messages"); + $status = array(); + $status[] = $session->get("messages"); $status[] = array($msg, $severity); $session->set("messages", $status); } diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index e7842676..a2473488 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -268,8 +268,8 @@ class movie_Core { * features (the last argument of mkdate above, which disables DST, is deprecated as of PHP 5.3). */ static function seconds_to_hhmmssdd($seconds) { - return sprintf("%02d:%02d:%05.2F", floor($seconds / 3600), floor(($seconds % 3600) / 60), - floor(100 * $seconds % 6000) / 100); + return sprintf("%02d:%02d:%05.2F", floor($seconds / 3600), floor((floor($seconds) % 3600) / 60), + floor(floor(100 * $seconds) % 6000) / 100); } /** diff --git a/modules/gallery/libraries/MY_Database.php b/modules/gallery/libraries/MY_Database.php index 33759b67..531e244a 100644 --- a/modules/gallery/libraries/MY_Database.php +++ b/modules/gallery/libraries/MY_Database.php @@ -95,7 +95,8 @@ abstract class Database extends Database_Core { * and \ (the escape character itself). */ static function escape_for_like($value) { + if (is_null($value)) return ''; // backslash must go first to avoid double-escaping return addcslashes($value, '\_%'); } -} \ No newline at end of file +} diff --git a/modules/gallery/libraries/MY_Kohana_Exception.php b/modules/gallery/libraries/MY_Kohana_Exception.php index 21c1583c..f179cd7d 100644 --- a/modules/gallery/libraries/MY_Kohana_Exception.php +++ b/modules/gallery/libraries/MY_Kohana_Exception.php @@ -62,7 +62,7 @@ class Kohana_Exception extends Kohana_Exception_Core { $sensitive_info_pattern = '/(password|pass|email|hash|private_key|session_id|session|g3sid|csrf|secret)/i'; - if (preg_match($sensitive_info_pattern, $key) || + if ((!empty($key) && preg_match($sensitive_info_pattern, $key)) || (is_string($value) && preg_match('/[a-f0-9]{20,}/i', $value))) { return 'removed for display'; } else if (is_object($value)) { diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index ef5f74a1..70e69faf 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -381,7 +381,8 @@ class Item_Model_Core extends ORM_MPTT { // Make an url friendly slug from the name, if necessary if (empty($this->slug)) { - $this->slug = item::convert_filename_to_slug(pathinfo($this->name, PATHINFO_FILENAME)); + $path_info = $this->name ? pathinfo($this->name, PATHINFO_FILENAME) : ''; + $this->slug = $path_info ? item::convert_filename_to_slug(pathinfo($this->name, PATHINFO_FILENAME)) : ''; // If the filename is all invalid characters, then the slug may be empty here. We set a // generic name ("photo", "movie", or "album") based on its type, then rely on @@ -577,7 +578,7 @@ class Item_Model_Core extends ORM_MPTT { } else { // Split the filename into its base and extension. This uses a regexp similar to // legal_file::change_extension (which isn't always the same as pathinfo). - if (preg_match("/^(.*)(\.[^\.\/]*?)$/", $this->name, $matches)) { + if ($this->name && preg_match("/^(.*)(\.[^\.\/]*?)$/", $this->name, $matches)) { $base_name = $matches[1]; $extension = $matches[2]; // includes a leading dot } else { diff --git a/modules/gallery/tests/Gallery_Filters.php b/modules/gallery/tests/Gallery_Filters.php index 6c2a6aa3..64817ce8 100644 --- a/modules/gallery/tests/Gallery_Filters.php +++ b/modules/gallery/tests/Gallery_Filters.php @@ -18,14 +18,14 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class PhpCodeFilterIterator extends FilterIterator { - public function accept() { + public function accept(): bool { $path_name = $this->getInnerIterator()->getPathName(); return substr($path_name, -4) == ".php"; } } class GalleryCodeFilterIterator extends FilterIterator { - public function accept() { + public function accept(): bool { // Skip anything that we didn't write $path_name = $this->getInnerIterator()->getPathName(); $file_name = $this->getInnerIterator()->getFileName(); diff --git a/modules/gallery/tests/Graphics_Helper_Test.php b/modules/gallery/tests/Graphics_Helper_Test.php index 2cf5caa7..28e26340 100644 --- a/modules/gallery/tests/Graphics_Helper_Test.php +++ b/modules/gallery/tests/Graphics_Helper_Test.php @@ -155,4 +155,4 @@ class Graphics_Helper_Test extends Gallery_Unit_Test_Case { // Check that the images are marked as dirty $this->assert_equal(1, $album->thumb_dirty); } -} \ No newline at end of file +} diff --git a/modules/gallery/tests/Legal_File_Helper_Test.php b/modules/gallery/tests/Legal_File_Helper_Test.php index aab41c41..b83cf9c6 100644 --- a/modules/gallery/tests/Legal_File_Helper_Test.php +++ b/modules/gallery/tests/Legal_File_Helper_Test.php @@ -212,4 +212,4 @@ class Legal_File_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal("album", legal_file::sanitize_dirname("_")); $this->assert_equal("album", legal_file::sanitize_dirname(null)); } -} \ No newline at end of file +} diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index f466c0a7..18c105ab 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -78,7 +78,7 @@ modules/gallery/views/admin_languages.html.php 61 DIRTY_ATTR ($de modules/gallery/views/admin_languages.html.php 62 DIRTY form::checkbox("installed_locales[]",$code,isset($installed_locales[$code])) modules/gallery/views/admin_languages.html.php 63 DIRTY $display_name modules/gallery/views/admin_languages.html.php 65 DIRTY form::radio("default_locale",$code,($default_locale==$code),((isset($installed_locales[$code]))?'':'disabled="disabled"')) -modules/gallery/views/admin_languages.html.php 113 DIRTY $share_translations_form +modules/gallery/views/admin_languages.html.php 114 DIRTY $share_translations_form modules/gallery/views/admin_maintenance.html.php 42 DIRTY_ATTR text::alternate("g-odd","g-even") modules/gallery/views/admin_maintenance.html.php 42 DIRTY_ATTR log::severity_class($task->severity) modules/gallery/views/admin_maintenance.html.php 43 DIRTY_ATTR log::severity_class($task->severity) diff --git a/modules/tag/helpers/tag_event.php b/modules/tag/helpers/tag_event.php index 927153aa..e0868283 100644 --- a/modules/tag/helpers/tag_event.php +++ b/modules/tag/helpers/tag_event.php @@ -81,9 +81,11 @@ class tag_event_Core { static function item_edit_form_completed($item, $form) { tag::clear_all($item); - foreach (explode(",", $form->edit_item->tags->value) as $tag_name) { - if ($tag_name) { - tag::add($item, trim($tag_name)); + if (!is_null($form->edit_item->tags->value)) { + foreach (explode(",", $form->edit_item->tags->value) as $tag_name) { + if ($tag_name) { + tag::add($item, trim($tag_name)); + } } } module::event("item_related_update", $item); diff --git a/modules/user/tests/No_Direct_ORM_Access_Test.php b/modules/user/tests/No_Direct_ORM_Access_Test.php index 30ea9cca..cad07630 100644 --- a/modules/user/tests/No_Direct_ORM_Access_Test.php +++ b/modules/user/tests/No_Direct_ORM_Access_Test.php @@ -70,7 +70,7 @@ class No_Direct_ORM_Access_Test extends Gallery_Unit_Test_Case { } class UserModuleFilterIterator extends FilterIterator { - public function accept() { + public function accept(): bool { $path_name = $this->getInnerIterator()->getPathName(); return strpos($path_name, "/modules/user") === false; } diff --git a/system/core/Kohana_Config.php b/system/core/Kohana_Config.php index 9abc5b6c..871271a2 100644 --- a/system/core/Kohana_Config.php +++ b/system/core/Kohana_Config.php @@ -230,13 +230,13 @@ class Kohana_Config_Core implements ArrayAccess { * @return mixed * @access public */ - public function offsetGet($key) + public function offsetGet($offset): mixed { foreach ($this->drivers as $driver) { try { - return $driver->get($key); + return $driver->get($offset); } catch (Kohana_Config_Exception $e) { @@ -256,13 +256,13 @@ class Kohana_Config_Core implements ArrayAccess { * @return bool * @access public */ - public function offsetSet($key, $value) + public function offsetSet($offset, $value): void { foreach ($this->drivers as $driver) { try { - $driver->set($key, $value); + $driver->set($offset, $value); } catch (Kohana_Config_Exception $e) { @@ -271,7 +271,6 @@ class Kohana_Config_Core implements ArrayAccess { throw $e; } } - return TRUE; } /** @@ -282,7 +281,7 @@ class Kohana_Config_Core implements ArrayAccess { * @return bool * @access public */ - public function offsetExists($key) + public function offsetExists($key): bool { foreach ($this->drivers as $driver) { @@ -307,13 +306,14 @@ class Kohana_Config_Core implements ArrayAccess { * @return bool * @access public */ - public function offsetUnset($key) + #[\ReturnTypeWillChange] + public function offsetUnset($offset) { foreach ($this->drivers as $driver) { try { - return $driver->set($key, NULL); + $driver->set($offset, NULL); } catch (Kohana_Config_Exception $e) { @@ -322,7 +322,6 @@ class Kohana_Config_Core implements ArrayAccess { throw $e; } } - return TRUE; } } // End KohanaConfig diff --git a/system/libraries/Database_Mysqli.php b/system/libraries/Database_Mysqli.php index 41b635d1..542c3222 100644 --- a/system/libraries/Database_Mysqli.php +++ b/system/libraries/Database_Mysqli.php @@ -29,7 +29,7 @@ class Database_Mysqli_Core extends Database_Mysql { $mysqli = mysqli_init(); - if ( ! $mysqli->real_connect($host, $user, $pass, $database, $port, $socket, $params)) + if ( ! $mysqli->real_connect($host, $user, $pass, $database, $port, $socket)) throw new Database_Exception('#:errno: :error', array(':error' => $mysqli->connect_error, ':errno' => $mysqli->connect_errno)); diff --git a/system/libraries/Database_Result.php b/system/libraries/Database_Result.php index cf2056f3..9ba2dd7a 100644 --- a/system/libraries/Database_Result.php +++ b/system/libraries/Database_Result.php @@ -119,6 +119,7 @@ abstract class Database_Result_Core implements Countable, Iterator, SeekableIter * * @throws Kohana_Database_Exception */ + #[\ReturnTypeWillChange] final public function offsetUnset($offset) { throw new Kohana_Exception('Database results are read-only'); @@ -167,4 +168,4 @@ abstract class Database_Result_Core implements Countable, Iterator, SeekableIter return $this->offsetExists($this->current_row); } -} // End Database_Result \ No newline at end of file +} // End Database_Result diff --git a/system/libraries/ORM_Iterator.php b/system/libraries/ORM_Iterator.php index 0bf2b477..436f052a 100644 --- a/system/libraries/ORM_Iterator.php +++ b/system/libraries/ORM_Iterator.php @@ -258,9 +258,10 @@ class ORM_Iterator_Core implements Iterator, ArrayAccess, Countable { * * @throws Kohana_Database_Exception */ + #[\ReturnTypeWillChange] public function offsetUnset($offset) { throw new Kohana_Database_Exception('database.result_read_only'); } -} // End ORM Iterator \ No newline at end of file +} // End ORM Iterator