Changeset 901 for trunk

Timestamp:

Oct 2, 2024, 10:31:47 PM (7 weeks ago)

Author:

chronos

Message:

• Fixed: More integer URL parameters checking.
• Modified: More explicit function types.

Location:

trunk

Files:

• Modules/ClientVersion/ClientVersion.php (modified) (1 diff)
• Modules/News/News.php (modified) (3 diffs)
• Modules/Translation/Form.php (modified) (1 diff)
• includes/Global.php (modified) (29 diffs)

trunk/Modules/ClientVersion/ClientVersion.php

@@ -39 +39 @@
   }
 
-  function ShowItem()
+  function ShowItem(): string
   {
-    if (array_key_exists('id', $_GET))
+    $Id = 0;
+    if (TryGetUrlParameterInt('id', $Id))
     {
       $YesNo = array('Ne', 'Ano');
-      $DbResult = $this->System->Database->query('SELECT * FROM `ClientVersion` WHERE `Id`='.($_GET['id']*1));
+      $DbResult = $this->System->Database->query('SELECT * FROM `ClientVersion` WHERE `Id`='.$Id);
       if ($DbResult->num_rows > 0)
       {
         $Version = $DbResult->fetch_assoc();
 
-      $Output = '<h3>'.T('Client version').'</h3>';
-      $Output .= '<table class="BaseTable">'.
-        '<tr><td>'.T('Version').'</td><td>'.$Version['Version'].'</td></tr>'.
-        '<tr><td>'.T('More information').'</td><td><a href="http://www.wowwiki.com/Patch_'.$Version['Version'].'">wowwiki.com'.
-        '</a></td></tr>'.
-        '<tr><td>'.T('Build number').'</td><td>'.$Version['BuildNumber'].'</td></tr>'.
-        '<tr><td>'.T('Release date').'</td><td>'.HumanDate($Version['ReleaseDate']).'</td></tr>'.
-        '<tr><td>'.T('Title').'</td><td>'.$Version['Title'].'</td></tr>'.
-        '<tr><td>'.T('Imported').'</td><td>'.$YesNo[$Version['Imported']].'</td></tr>'.
-        '</table>';
+        $Output = '<h3>'.T('Client version').'</h3>';
+        $Output .= '<table class="BaseTable">'.
+          '<tr><td>'.T('Version').'</td><td>'.$Version['Version'].'</td></tr>'.
+          '<tr><td>'.T('More information').'</td><td><a href="http://www.wowwiki.com/Patch_'.$Version['Version'].'">wowwiki.com'.
+          '</a></td></tr>'.
+          '<tr><td>'.T('Build number').'</td><td>'.$Version['BuildNumber'].'</td></tr>'.
+          '<tr><td>'.T('Release date').'</td><td>'.HumanDate($Version['ReleaseDate']).'</td></tr>'.
+          '<tr><td>'.T('Title').'</td><td>'.$Version['Title'].'</td></tr>'.
+          '<tr><td>'.T('Imported').'</td><td>'.$YesNo[$Version['Imported']].'</td></tr>'.
+          '</table>';
         $Output .= '<div><a href="?">'.T('All versions list').'</a></div>';
         if ($Version['Imported'])
+        {
           $Output .= '<div><a href="'.$this->System->Link('/progress/?Version='.
             $Version['Version']).'">'.T('Progress').'</a></div>';
+        }
       } else $Output = ShowMessage(T('Item not found'), MESSAGE_CRITICAL);
-    } else $Output = ShowMessage(T('Item not found'), MESSAGE_CRITICAL);
+    } else $Output = ShowMessage(T('Id not valid'), MESSAGE_CRITICAL);
     return $Output;
   }
 
-  function ShowList()
+  function ShowList(): string
   {
     $this->Title = T('Game version');

trunk/Modules/News/News.php

@@ -97 +97 @@
     $Output .= '<div class="shoutbox">';
     $DbResult = $this->System->Database->query('SELECT `News`.`Time`, `News`.`Text`, `News`.`Title`, `News`.`Id`, '.
-        '`User`.`Name` AS `User` FROM `News` JOIN `User` ON `User`.`Id`=`News`.`User` ORDER BY `News`.`Time` DESC '.$PageList['SQLLimit']);
+      '`User`.`Name` AS `User` FROM `News` JOIN `User` ON `User`.`Id`=`News`.`User` ORDER BY `News`.`Time` DESC '.$PageList['SQLLimit']);
     while ($Line = $DbResult->fetch_assoc())
     {
@@ -108 +108 @@
   function ShowItem()
   {
-    if (array_key_exists('i', $_GET))
+    $Id = 0;
+    if (TryGetUrlParameterInt('i', $Id))
     {
       $Output = '<h3>'.T('News').'</h3>';
       $DbResult = $this->System->Database->query('SELECT `News`.`Time`, `News`.`Text`, `News`.`Title`, `News`.`Id`, '.
-        '`User`.`Name` AS `User` FROM `News` JOIN `User` ON `User`.`Id`=`News`.`User` WHERE `News`.`Id` = '.($_GET['i'] * 1));
+        '`User`.`Name` AS `User` FROM `News` JOIN `User` ON `User`.`Id`=`News`.`User` WHERE `News`.`Id` = '.$Id);
       if ($DbResult->num_rows == 1)
       {
@@ -118 +119 @@
         $Output .= '<h4>'.$Line['Title'].' ('.HumanDate($Line['Time']).')</h4><div>'.$Line['Text'].' ('.$Line['User'].')</div>';
       } else $Output = ShowMessage(T('Item not found'), MESSAGE_CRITICAL);
-    } else $Output = ShowMessage(T('Item not found'), MESSAGE_CRITICAL);
+    } else $Output = ShowMessage(T('Id not valid'), MESSAGE_CRITICAL);
     $Output .= '<br/><a href="'.$this->System->Link('/news/').'">'.T('All news').'</a>';
     return $Output;

trunk/Modules/Translation/Form.php

@@ -30 +30 @@
       else $Action = '';
 
-    if (array_key_exists('ID', $_GET))
+    $TextID = 0;
+    if (TryGetUrlParameterInt('ID', $TextID))
     {
-      $TextID = $_GET['ID'] * 1;
       $this->ID = $TextID;
 

trunk/includes/Global.php

@@ -30 +30 @@
 function ShowPageClass($Page)
 {
-  global $TempPageContent, $System;
+  global $System;
 
   $System->Pages['temporary-page'] = get_class($Page);
@@ -38 +38 @@
 }
 
-function ShowPage($Content)
+function ShowPage(string $Content): void
 {
   global $TempPageContent, $System;
@@ -50 +50 @@
 }
 
-function GetMicrotime()
+function GetMicrotime(): float
 {
   list($Usec, $Sec) = explode(' ', microtime());
@@ -58 +58 @@
 $UnitNames = array('B', 'kB', 'MB', 'GB', 'TB', 'PB', 'EB');
 
-function HumanSize($Value)
+function HumanSize(float $Value): string
 {
   global $UnitNames;
@@ -71 +71 @@
 }
 
-function GetQueryStringArray($QueryString)
+function GetQueryStringArray(string $QueryString): array
 {
   $Result = array();
@@ -87 +87 @@
 }
 
-function SetQueryStringArray($QueryStringArray)
+function SetQueryStringArray(array $QueryStringArray): string
 {
   $Parts = array();
@@ -97 +97 @@
 }
 
-function utf2ascii($text)
+function utf2ascii(string $text): string
 {
   $return = Str_Replace(
@@ -109 +109 @@
 }
 
-function getmonthyears($Days)
-{
-  $month = floor($Days / 30);
-  $year = floor($month / 12);
-  $Days = floor($Days - $month * 30);
-  $month = $month - $year * 12;
-  return $year.'r '.$month.'m '.$Days.'d';
-}
-
-function GetTranslateGoogle($System, $text, $withouttitle = false)
+function GetMonthYears(int $Days): string
+{
+  $Month = floor($Days / 30);
+  $Year = floor($Month / 12);
+  $Days = floor($Days - $Month * 30);
+  $Month = $Month - $Year * 12;
+  return $Year.'r '.$Month.'m '.$Days.'d';
+}
+
+function GetTranslateGoogle($System, string $text, bool $withouttitle = false)
 {
 //  $text = 'Balthule\'s letter is dire. This Cult of the Dark Strand is a thorn in my side that must be removed. I have been dealing with some of the Dark Strand scum northeast of here at Ordil\'Aran. One of their number possesses a soul gem that I believe holds the secret to the cult\'s power.$b$bBring it to me, and I will be able to decipher the secrets held within.';
@@ -165 +165 @@
 }
 
-function GetPageList($TotalCount)
+function GetPageList(int $TotalCount): array
 {
   global $System;
@@ -182 +182 @@
   $CurrentPage = $_SESSION['Page'];
 
-
   $Result .= 'Počet položek: <strong>'.$TotalCount.'</strong> &nbsp; Stránky: ';
 
@@ -230 +229 @@
 $OrderArrowImage = array('sort_asc.png', 'sort_desc.png');
 
-function GetOrderTableHeader($Columns, $DefaultColumn, $DefaultOrder = 0)
-{
-  global $OrderDirSQL, $OrderArrowImage, $Config, $System;
+function GetOrderTableHeader(array $Columns, string $DefaultColumn, int $DefaultOrder = 0): array
+{
+  global $OrderDirSQL, $OrderArrowImage, $System;
 
   if (array_key_exists('OrderCol', $_GET)) $_SESSION['OrderCol'] = $_GET['OrderCol'];
@@ -278 +277 @@
 }
 
-function ClientVersionSelection($Selected)
+function ClientVersionSelection(string $Selected): string
 {
   global $System;
@@ -299 +298 @@
 }
 
-function GetLanguageList()
+function GetLanguageList(): array
 {
   global $System;
@@ -312 +311 @@
 $Moderators = array('Překladatel', 'Moderátor', 'Administrátor');
 
-function HumanDate($SQLDateTime)
+function HumanDate(string $SQLDateTime): string
 {
   if ($SQLDateTime == '') return '&nbsp;';
@@ -323 +322 @@
 }
 
-function HumanDateTime($SQLDateTime)
+function HumanDateTime(string $SQLDateTime): string
 {
   if ($SQLDateTime == '') return '&nbsp;';
@@ -365 +364 @@
 }
 
-function GetBuildNumber($Version)
+function GetBuildNumber(string $Version): int
 {
   global $System, $BuildNumbers;
 
-  if (isset($BuildNumbers[$Version]) == false)
-  {
-    $sql = 'SELECT `BuildNumber` FROM `ClientVersion` WHERE `Version` = "'.$Version.'"';
-    $DbResult = $System->Database->query($sql);
-    $DbRow = $DbResult->fetch_assoc();
-    $BuildNumbers[$Version] = $DbRow['BuildNumber'];
+  if (!isset($BuildNumbers)) $BuildNumbers = array();
+  if (!array_key_exists($Version, $BuildNumbers))
+  {
+    $DbResult = $System->Database->select('ClientVersion', 'BuildNumber', '`Version` = "'.$Version.'"');
+    if ($DbResult->num_rows == 1)
+    {
+      $DbRow = $DbResult->fetch_assoc();
+      $BuildNumbers[$Version] = $DbRow['BuildNumber'];
+    } else return 0;
   }
   return $BuildNumbers[$Version];
@@ -380 +382 @@
 
 // TODO: Client version build number should not be used in internal references
-function GetVersionWOW($BuildNumber)
+function GetVersionWOW(int $BuildNumber): string
 {
   global $System, $VersionsWOW;
 
-  if (isset($VersionsWOW[$BuildNumber]) == false)
-  {
-    $sql = 'SELECT `Version` FROM `ClientVersion` WHERE `BuildNumber` = "'.$BuildNumber.'"';
-    $DbResult = $System->Database->query($sql);
-    $Version = $DbResult->fetch_assoc();
-    $VersionsWOW[$BuildNumber] = $Version['Version'];
+  if (!isset($VersionsWOW)) $VersionsWOW = array();
+  if (!array_key_exists($BuildNumber, $VersionsWOW))
+  {
+    $DbResult = $System->Database->select('ClientVersion', 'Version', '`BuildNumber` = "'.$BuildNumber.'"');
+    if ($DbResult->num_rows == 1)
+    {
+      $Version = $DbResult->fetch_assoc();
+      $VersionsWOW[$BuildNumber] = $Version['Version'];
+    } else return '';
   }
   return $VersionsWOW[$BuildNumber];
@@ -414 +419 @@
   $TranslationTree = ModuleTranslation::Cast($System->ModuleManager->GetModule('Translation'))->GetTranslationTree();
 
-  if (array_key_exists('group', $_GET)) $GroupId = $_GET['group'] * 1;
-    else $GroupId = 1;
-
-  if (isset($TranslationTree[$GroupId]) == false) ErrorMessage('Překladová skupina dle zadaného Id neexistuje.');
-  return $GroupId;
-}
-
-function LoadCommandLineParameters()
+  $GroupId = 0;
+  if (TryGetUrlParameterInt('group', $GroupId))
+  {  
+    if (isset($TranslationTree[$GroupId]) == false) ErrorMessage('Překladová skupina dle zadaného Id neexistuje.');
+    return $GroupId;
+  }
+  ErrorMessage('Group not valid.');
+}
+
+function LoadCommandLineParameters(): void
 {
   if (!array_key_exists('REMOTE_ADDR', $_SERVER))
@@ -438 +445 @@
 }
 
-function ShowTabs($Tabs)
+function ShowTabs(array $Tabs): string
 {
   $QueryItems = GetQueryStringArray($_SERVER['QUERY_STRING']);
@@ -481 +488 @@
 }
 
-function DeleteDirectory($dirname)
+function DeleteDirectory(string $dirname): bool
 {
   if (is_dir($dirname))
@@ -501 +508 @@
 }
 
-function ErrorMessage($Text)
+function ErrorMessage(string $Text): void
 {
   ShowPage($Text);
@@ -507 +514 @@
 }
 
-function GetIDbyName($Table)
+function GetIDbyName(string $Table)
 {
   global $System;
@@ -519 +526 @@
 }
 
-function GetTranslatNamesArray()
+function GetTranslatNamesArray(): array
 {
   $TablesColumn = array
@@ -659 +666 @@
 }
 
-function GetLevelMinMax($XP)
+function GetLevelMinMax(int $XP): array
 {
   $IndexLevel = 100;
@@ -672 +679 @@
 }
 
-function GetParameter($Name, $Default = '', $Numeric = false, $Session = false)
+function GetParameter(string $Name, string $Default = '', bool $Numeric = false, bool $Session = false): string
 {
   $Result = $Default;
@@ -683 +690 @@
 }
 
-function MakeActiveLinks($Content)
+function MakeActiveLinks(string $Content): string
 {
   $Content = htmlspecialchars($Content);
@@ -712 +719 @@
 define('MESSAGE_INFORMATION', 2);
 
-function ShowMessage($Text, $Type = MESSAGE_INFORMATION)
+function ShowMessage(string $Text, int $Type = MESSAGE_INFORMATION)
 {
   global $System;
@@ -733 +740 @@
 }
 
-function ProcessURL()
+function ProcessURL(): array
 {
   if (array_key_exists('REDIRECT_QUERY_STRING', $_SERVER))
@@ -840 +847 @@
   return implode('/', $Result);
 }
+
+function TryGetUrlParameterInt(string $Name, int &$Value): bool
+{
+  if (array_key_exists($Name, $_GET))
+  {
+    if (is_numeric($_GET[$Name]))
+    {
+      $Value = $_GET[$Name] * 1;
+      return true;
+    }
+    return false;
+  }
+  return false;
+}