1
0
mirror of https://github.com/e107inc/e107.git synced 2025-01-16 20:28:28 +01:00

Fix all PHP 8.1 test failures

* `strftime()` has been replaced with a polyfill based on `DateTime`.
* Explicit type casts/assertions added where required by PHP 8.1
* `filter_var(…, FILTER_SANITIZE_STRING)` replaced with `strip_tags()`
  or HTML entity encoding of quotation marks, depending on a guess of
  what the intended "sanitization" was
* `http_build_query()` usage type mismatches fixed
* Removed usages of the `FILE_TEXT` constant
* To avoid breaking PHP 5.6 compatibility (function return types),
  `e_session_db` no longer implements `SessionHandlerInterface`.
  Instead, the alternative non-OOP invocation of
  `session_set_save_handler()` is used instead to apply the session
  handler.
* The shim for `strptime()` still calls the native function if available
  but now suppresses the deprecation warning.

* `e_db_pdo` explicitly asks for `PDO::ATTR_STRINGIFY_FETCHES` to
  maintain consistent behavior with past versions of PHP.
* `e_db_mysql` explicitly sets `mysqli_report(MYSQLI_REPORT_OFF)` to
  maintain consistent behavior with past versions of PHP.

* Removed pointless random number generator seed from `banner` plugin
* Workaround for `COUNT(*)` SQL query in
  `validatorClass::dbValidateArray()` without a proper API for avoiding
  SQL injection
This commit is contained in:
Nick Liu 2021-09-04 15:06:19 +02:00
parent 64cd796605
commit 20882920a0
No known key found for this signature in database
GPG Key ID: 1167C5F9C9897637
54 changed files with 295 additions and 157 deletions

View File

@ -1233,7 +1233,7 @@ function check_class($var, $userclass = null, $uid = 0)
$class_array = !is_array($userclass) ? explode(',', $userclass) : $userclass;
$varList = !is_array($var) ? explode(',', $var) : $var;
$varList = !is_array($var) ? explode(',', (string) $var) : $var;
$latchedAccess = false;
foreach ($varList as $v)

View File

@ -107,7 +107,7 @@ if(e_AJAX_REQUEST) // TODO improve security
{
$pid = intval(varset($_POST['pid'], 0)); // ID of the specific comment being edited (nested comments - replies)
$row = array();
$authName = filter_var($_POST['author_name'],FILTER_SANITIZE_STRING);
$authName = e107::getParser()->filter($_POST['author_name'], 'str');
$clean_authorname = vartrue($authName,USERNAME);
$clean_comment = e107::getParser()->toText($_POST['comment']);
$clean_subject = e107::getParser()->filter($_POST['subject'],'str');

View File

@ -371,7 +371,7 @@ class admin_log_ui extends e_admin_ui
if(($action == "backdel") && isset($_POST['backdeltype']))
{
// $old_date = intval($qs[1]);
$old_string = strftime("%d %B %Y", $old_date);
$old_string = e_date::strftime("%d %B %Y", $old_date);
$qry = "dblog_datestamp < ".$old_date; // Same field for both logs
switch($_POST['backdeltype'])

View File

@ -65,7 +65,7 @@ if (!empty($_POST['ban_types']))
}
}
$filename = 'banlist_'.strftime("%Y%m%d_%H%M%S").'.csv';
$filename = 'banlist_'.e_date::strftime("%Y%m%d_%H%M%S").'.csv';
if ($error_string = do_export($filename, $type_list, $format_array, $use_separator, $use_quote))
{
@ -98,7 +98,7 @@ function do_export($filename, $type_list='',$format_array=array(), $sep = ',', $
break;
case 'banlist_datestamp' :
case 'banlist_banexpires' :
if ($row[$f]) $line .= $spacer.$quot.strftime($v,$row[$f]).$quot; else $line .= $spacer.$quot.'0'.$quot;
if ($row[$f]) $line .= $spacer.$quot.e_date::strftime($v,$row[$f]).$quot; else $line .= $spacer.$quot.'0'.$quot;
break;
}
$spacer = $sep;

View File

@ -141,7 +141,7 @@ class page_admin_form_ui extends e_admin_form_ui
parse_str(str_replace('&amp;', '&', e_QUERY), $query); //FIXME - FIX THIS
$query['action'] = 'edit';
$query['id'] = $id;
$query = http_build_query($query,null, '&amp;');
$query = http_build_query($query, '', '&amp;');
$text = "<a href='".e_SELF."?{$query}' class='btn btn-default' title='".LAN_EDIT."' data-toggle='tooltip' data-bs-toggle='tooltip' data-placement='left'>
".ADMIN_EDIT_ICON."</a>";

View File

@ -542,9 +542,9 @@ class cron_admin_form_ui extends e_admin_form_ui
$text .= "<br />";
$text .= ($day != '*') ? LAN_CRON_52 ." ". $day : LAN_CRON_40; // Day(s)
$text .= "<br />";
$text .= ($month != '*') ? LAN_CRON_53 ." ". strftime("%B", mktime(00, 00, 00, $month, 1, 2000)) : LAN_CRON_41; // Month(s)
$text .= ($month != '*') ? LAN_CRON_53 ." ". e_date::strftime("%B", mktime(00, 00, 00, (int) $month, 1, 2000)) : LAN_CRON_41; // Month(s)
$text .= "<br />";
$text .= ($weekday != '*') ? LAN_CRON_54 ." ". strftime("%A", mktime(00, 00, 00, 5, $weekday, 2000)) : LAN_CRON_42; // Weekday(s)
$text .= ($weekday != '*') ? LAN_CRON_54 ." ". e_date::strftime("%A", mktime(00, 00, 00, 5, (int) $weekday, 2000)) : LAN_CRON_42; // Weekday(s)
return "<a class='e-tip' href=''>".ADMIN_INFO_ICON."</a>
@ -711,7 +711,7 @@ class cron_admin_form_ui extends e_admin_form_ui
{
$sel = (in_array($i, $month)) ? "selected='selected'" : "";
$diz = mktime(00, 00, 00, $i, 1, 2000);
$text .= "<option value='$i' $sel>".strftime("%B", $diz)."</option>\n";
$text .= "<option value='$i' $sel>".e_date::strftime("%B", $diz)."</option>\n";
}
$text .= "</select>
@ -724,7 +724,7 @@ class cron_admin_form_ui extends e_admin_form_ui
for ($i = 0; $i <= 6; $i++)
{
$sel = (in_array(strval($i), $weekday)) ? "selected='selected'" : "";
$text .= "<option value='$i' $sel>".strftime("%A", mktime(00, 00, 00, 5, $i, 2000))."</option>\n";
$text .= "<option value='$i' $sel>".e_date::strftime("%A", mktime(00, 00, 00, 5, $i, 2000))."</option>\n";
}
$text .= "</select>
";

View File

@ -672,7 +672,7 @@ class media_form_ui extends e_admin_form_ui
// $save = ($_GET['bbcode']!='file') ? "e-dialog-save" : "";
// e-dialog-close
$for = $this->getController()->getQuery('for');
$for = (string) $this->getController()->getQuery('for');

View File

@ -787,26 +787,26 @@ $text .= "
$def = strtotime('December 21, 2012 3:45pm');
$inputdate = array( // TODO add more formats
"%A, %d %B, %Y" => strftime("%A, %d %B, %Y",$def),
"%A, %d %b, %Y" => strftime("%A, %d %b, %Y",$def),
"%a, %d %B, %Y" => strftime("%a, %d %B, %Y",$def),
"%a, %d %b, %Y" => strftime("%a, %d %b, %Y",$def),
"%A, %d %B, %Y" => e_date::strftime("%A, %d %B, %Y",$def),
"%A, %d %b, %Y" => e_date::strftime("%A, %d %b, %Y",$def),
"%a, %d %B, %Y" => e_date::strftime("%a, %d %B, %Y",$def),
"%a, %d %b, %Y" => e_date::strftime("%a, %d %b, %Y",$def),
"%A, %B %d, %Y" => strftime("%A, %B %d, %Y",$def),
"%A, %b %d, %Y" => strftime("%A, %b %d, %Y",$def),
"%A, %b %d, %y" => strftime("%A, %b %d, %y",$def),
"%A, %B %d, %Y" => e_date::strftime("%A, %B %d, %Y",$def),
"%A, %b %d, %Y" => e_date::strftime("%A, %b %d, %Y",$def),
"%A, %b %d, %y" => e_date::strftime("%A, %b %d, %y",$def),
"%B %d, %Y" => strftime("%B %d, %Y",$def),
"%b %d, %Y" => strftime("%b %d, %Y",$def),
"%b %d, %y" => strftime("%b %d, %y",$def),
"%B %d, %Y" => e_date::strftime("%B %d, %Y",$def),
"%b %d, %Y" => e_date::strftime("%b %d, %Y",$def),
"%b %d, %y" => e_date::strftime("%b %d, %y",$def),
"%d %B, %Y" => strftime("%d %B, %Y",$def),
"%d %b, %Y" => strftime("%d %b, %Y",$def),
"%d %b, %y" => strftime("%d %b, %y",$def),
"%d %B, %Y" => e_date::strftime("%d %B, %Y",$def),
"%d %b, %Y" => e_date::strftime("%d %b, %Y",$def),
"%d %b, %y" => e_date::strftime("%d %b, %y",$def),
"%Y-%m-%d" => strftime("%Y-%m-%d",$def),
"%d-%m-%Y" => strftime("%d-%m-%Y",$def),
"%m/%d/%Y" => strftime("%m/%d/%Y",$def)
"%Y-%m-%d" => e_date::strftime("%Y-%m-%d",$def),
"%d-%m-%Y" => e_date::strftime("%d-%m-%Y",$def),
"%m/%d/%Y" => e_date::strftime("%m/%d/%Y",$def)
);
@ -815,19 +815,19 @@ $text .= "
$inputtime["%I:%M %p"] = strftime("%I:%M %p",$def);
$inputtime["%I:%M %p"] = e_date::strftime("%I:%M %p",$def);
if(e107::getDate()->supported('P'))
{
$inputtime["%I:%M %P"] = strftime("%I:%M %P",$def);
$inputtime["%I:%M %P"] = e_date::strftime("%I:%M %P",$def);
}
if(e107::getDate()->supported('l'))
{
$inputtime["%l:%M %p"] = strftime("%l:%M %p",$def);
$inputtime["%l:%M %P"] = strftime("%l:%M %P",$def);
$inputtime["%l:%M %p"] = e_date::strftime("%l:%M %p",$def);
$inputtime["%l:%M %P"] = e_date::strftime("%l:%M %P",$def);
}
$inputtime["%H:%M"] = strftime("%H:%M",$def);
$inputtime["%H:%M:%S"] = strftime("%H:%M:%S",$def);
$inputtime["%H:%M"] = e_date::strftime("%H:%M",$def);
$inputtime["%H:%M:%S"] = e_date::strftime("%H:%M:%S",$def);

View File

@ -2400,7 +2400,7 @@ class users_admin_form_ui extends e_admin_form_ui
$att['type'] = 'boolean';
// $uid = $this->getController()->getModel()->get('user_id');
$perms = $this->getController()->getModel()->get('user_perms');
$perms = (string) $this->getController()->getModel()->get('user_perms');
if($mode == 'filter' && getperms('3'))
{

View File

@ -62,6 +62,7 @@ global $pref, $parm;
$extras = "rel=external";
}
$extras = (string) $extras;
if($extras == "external" || strpos($extras,"rel=external")!==FALSE)
{
$insert = "rel='external' ";

View File

@ -136,7 +136,7 @@ class admin_shortcodes extends e_shortcode
if (!ADMIN) { return ''; }
return "
<div style='text-align: center'>
<input class='btn btn-default btn-secondary button' type='button' onclick=\"javascript: window.open('".e_ADMIN_ABS."credits.php', 'myWindow', 'status = 1, height = 400, width = 300, resizable = 0')\" value='".LAN_CREDITS."' />
<input class='btn btn-default btn-secondary button' type='button' onclick=\"javascript: window.open('".e_ADMIN_ABS."credits.php', 'myWindow', 'status = 1, height = 400, width = 300, resizable = 0')\" value='".defset('LAN_CREDITS')."' />
</div>";
}
@ -495,6 +495,7 @@ class admin_shortcodes extends e_shortcode
}
if (ADMIN) {
e107::coreLan('', true);
if (!function_exists('admin_latest')) //XXX Is this still necessary?
{
function admin_latest($parm='')
@ -515,14 +516,14 @@ class admin_shortcodes extends e_shortcode
// $text .= "<div style='padding-bottom: 2px;'>".E_16_UPLOADS." <a href='".e_ADMIN."upload.php'>".ADLAN_LAT_7.": $active_uploads</a></div>";
$oldconfigs = array();
$oldconfigs['e-news'][0] = array('icon' =>E_16_NEWS, 'title' =>ADLAN_LAT_2, 'url' => e_ADMIN. 'newspost.php?mode=sub&amp;action=list', 'total' =>$submitted_news);
$oldconfigs['e-news'][0] = array('icon' =>defset('E_16_NEWS'), 'title' =>defset('ADLAN_LAT_2'), 'url' => e_ADMIN. 'newspost.php?mode=sub&amp;action=list', 'total' =>$submitted_news);
if(empty($pref['comments_disabled']) && varset($pref['comments_engine'],'e107') === 'e107')
{
$oldconfigs['e-comment'][0] = array('icon' =>E_16_COMMENT, 'title' =>ADLAN_LAT_9, 'url' => e_ADMIN_ABS. 'comment.php?searchquery=&filter_options=comment_blocked__2', 'total' =>$comments_pending);
$oldconfigs['e-comment'][0] = array('icon' =>defset('E_16_COMMENT'), 'title' =>defset('ADLAN_LAT_9'), 'url' => e_ADMIN_ABS. 'comment.php?searchquery=&filter_options=comment_blocked__2', 'total' =>$comments_pending);
}
$oldconfigs['e-upload'][0] = array('icon' =>E_16_UPLOADS, 'title' =>ADLAN_LAT_7, 'url' => e_ADMIN. 'upload.php', 'total' =>$active_uploads);
$oldconfigs['e-upload'][0] = array('icon' =>defset('E_16_UPLOADS'), 'title' =>defset('ADLAN_LAT_7'), 'url' => e_ADMIN. 'upload.php', 'total' =>$active_uploads);
$messageTypes = array(/*'Broken Download',*/ 'Dev Team Message');
$queryString = '';
@ -536,7 +537,7 @@ class admin_shortcodes extends e_shortcode
{
// $text .= "<br /><b><a href='".e_ADMIN_ABS."message.php'>".ADLAN_LAT_8." [".$amount."]</a></b>";
$oldconfigs['e-generic'][0] = array('icon' =>E_16_NOTIFY, 'title' =>ADLAN_LAT_8, 'url' => e_ADMIN_ABS. 'message.php', 'total' =>$amount);
$oldconfigs['e-generic'][0] = array('icon' =>defset('E_16_NOTIFY'), 'title' =>defset('ADLAN_LAT_8'), 'url' => e_ADMIN_ABS. 'message.php', 'total' =>$amount);
}
@ -1304,7 +1305,7 @@ class admin_shortcodes extends e_shortcode
<br /><br />
<b>' .FOOTLAN_19. '</b>
<br />
' .strftime('%A %d %B %Y - %H:%M').
' .e_date::strftime('%A %d %B %Y - %H:%M').
'<br />';
return e107::getRender()->tablerender(FOOTLAN_13, $text, '', TRUE);
@ -2146,7 +2147,7 @@ Inverse 10 <span class="badge badge-inverse">10</span>
continue;
}
$catid = $admin_cat['id'][$subitem[4]];
$catid = isset($admin_cat['id'][$subitem[4]]) ? $admin_cat['id'][$subitem[4]] : null;
$tmp = array();
$tmp['text'] = $subitem[1];
$tmp['description'] = $subitem[2];
@ -2415,7 +2416,7 @@ Inverse 10 <span class="badge badge-inverse">10</span>
$languages = $slng->installed();//array('English','French');
$multiDoms = array();
if($langSubs = explode("\n", e107::getPref('multilanguage_subdomain')))
if($langSubs = explode("\n", (string) e107::getPref('multilanguage_subdomain')))
{
foreach($langSubs as $v)

View File

@ -1209,7 +1209,7 @@ class news_shortcodes extends e_shortcode
/** New in v2.3 {NEWS_PAGINATION} */
function sc_news_pagination($parm=null)
{
$params = e107::getRegistry('core/news/pagination');
$params = (string) e107::getRegistry('core/news/pagination');
parse_str($params,$opts);

View File

@ -199,7 +199,7 @@ class signup_shortcodes extends e_shortcode
if (check_class($pref['displayname_class']))
{
$dis_name_len = varset($pref['displayname_maxlength'],15);
$val = !empty($_POST['username']) ? filter_var($_POST['username'], FILTER_SANITIZE_STRING) : '';
$val = !empty($_POST['username']) ? e107::getParser()->filter($_POST['username'], 'str') : '';
return e107::getForm()->text('username', $val, $dis_name_len);
}
@ -230,7 +230,7 @@ class signup_shortcodes extends e_shortcode
$options['class'] = vartrue($parm['class'],'');
$options['placeholder'] = vartrue($parm['placeholder']) ? $parm['placeholder'] : '';
$val = !empty($_POST['loginname']) ? filter_var($_POST['loginname'], FILTER_SANITIZE_STRING) : '';
$val = !empty($_POST['loginname']) ? e107::getParser()->filter($_POST['loginname'], 'str') : '';
return e107::getForm()->text('loginname', $val, $log_name_length, $options);
}
@ -252,7 +252,7 @@ class signup_shortcodes extends e_shortcode
$options['class'] = vartrue($parm['class'],'');
$options['placeholder'] = vartrue($parm['placeholder'],'');
$val = ($_POST['realname']) ? filter_var($_POST['realname'], FILTER_SANITIZE_STRING) : '';
$val = ($_POST['realname']) ? e107::getParser()->filter($_POST['realname'], 'str') : '';
return e107::getForm()->text('realname', $val, 100, $options);

View File

@ -642,7 +642,7 @@ class usersettings_shortcodes extends e_shortcode
}
$uVal = str_replace(chr(1), "", varset($this->var['user_' . $parm]));
$fval = $ue->user_extended_edit($fInfo, $uVal);
$fval = (string) $ue->user_extended_edit($fInfo, $uVal);
$rVal = !empty($fInfo['user_extended_struct_required']);

View File

@ -12,6 +12,9 @@
namespace e107\Shims\Internal;
use DateTimeZone;
use e_date;
trait StrptimeTrait
{
/**
@ -38,7 +41,8 @@ trait StrptimeTrait
{
$result = false;
if (function_exists('strptime') && (new \ReflectionFunction('strptime'))->isInternal())
$result = strptime($date, $format);
// @ to suppress PHP 8.1 deprecation warning
$result = @strptime($date, $format);
if (!is_array($result))
$result = self::strptime_alt($date, $format);
return $result;
@ -76,10 +80,10 @@ trait StrptimeTrait
for ($i = 1; $i <= 12; $i++)
{
$k = strftime('%B', mktime(0, 0, 0, $i));
$k = e_date::strftime('%B', mktime(0, 0, 0, $i));
$fullmonth[$k] = $i;
$j = strftime('%b', mktime(0, 0, 0, $i));
$j = e_date::strftime('%b', mktime(0, 0, 0, $i));
$abrevmonth[$j] = $i;
}
@ -153,8 +157,10 @@ trait StrptimeTrait
$unxTimestamp = mktime($vals['tm_hour'], $vals['tm_min'], $vals['tm_sec'], ($vals['tm_mon'] + 1), $vals['tm_mday'], ($vals['tm_year'] + 1900));
$vals['tm_wday'] = (int)strftime('%w', $unxTimestamp); // Days since Sunday (0-6)
$vals['tm_yday'] = (strftime('%j', $unxTimestamp) - 1); // Days since January 1 (0-365)
$datetime = date_create("@$unxTimestamp");
$datetime->setTimezone(new DateTimeZone(date_default_timezone_get()));
$vals['tm_wday'] = date_format($datetime, 'w'); // Days since Sunday (0-6)
$vals['tm_yday'] = date_format($datetime, 'z'); // Days since January 1 (0-365)
}
return !empty($vals) ? $vals : false;

View File

@ -966,7 +966,7 @@ class e_admin_log
}
else
{
$app = null;
$app = 0;
$text = $head . $text;
}

View File

@ -6686,9 +6686,10 @@ class e_admin_ui extends e_admin_controller_ui
protected function parseAliases()
{
// parse table
if(strpos($this->table, '.') !== false)
$tableName = $this->getTableName();
if(strpos($tableName, '.') !== false)
{
$tmp = explode('.', $this->table, 2);
$tmp = explode('.', $tableName, 2);
$this->table = $tmp[1];
$this->tableAlias = $tmp[0];
unset($tmp);
@ -7443,7 +7444,7 @@ class e_admin_form_ui extends e_form
$vars = $this->getController()->getQuery();
$vars['from'] = '[FROM]';
$paginate = http_build_query($vars, null, '&amp;');
$paginate = http_build_query($vars, '', '&amp;');
e107::js('footer-inline', "
\$('#admin-ui-list-filter a.nextprev-item').on('click', function() {
@ -7517,7 +7518,7 @@ class e_admin_form_ui extends e_form
$gridAction = $this->getController()->getAction() === 'grid' ? 'list' : 'grid';
$gridQuery = (array) $_GET;
$gridQuery['action'] = $gridAction;
$toggleUrl = e_REQUEST_SELF. '?' .http_build_query($gridQuery, null, '&amp;');
$toggleUrl = e_REQUEST_SELF. '?' .http_build_query($gridQuery, '', '&amp;');
$gridIcon = ($gridAction === 'grid') ? ADMIN_GRID_ICON : ADMIN_LIST_ICON;
$gridTitle = ($gridAction === 'grid') ? LAN_UI_VIEW_GRID_LABEL : LAN_UI_VIEW_LIST_LABEL;
$gridToggle = "<a class='btn btn-default' href='".$toggleUrl."' title=\"".$gridTitle. '">' .$gridIcon. '</a>';
@ -8082,10 +8083,10 @@ class e_admin_form_ui extends e_form
$parms['__options'] = $fopts;
}
if(!is_array(varset($parms['__options'])))
if (!isset($parms['__options'])) $parms['__options'] = null;
if(!is_array($parms['__options']))
{
parse_str($parms['__options'], $parms['__options']);
parse_str((string) $parms['__options'], $parms['__options']);
}
$opts = $parms['__options'];
if(!empty($opts['multiple']) && $type === 'batch')

View File

@ -389,6 +389,7 @@ class e_bbcode
ob_start();
try
{
$bbcode = isset($bbcode) && is_string($bbcode) ? $bbcode : '';
$bbcode_return = eval($bbcode); //FIXME notice removal
}
catch (ParseError $e)
@ -403,6 +404,7 @@ class e_bbcode
trigger_error($error, E_USER_NOTICE);
}
$bbcode_return = isset($bbcode_return) ? $bbcode_return : '';
/* added to remove possibility of nested bbcode exploits ... */
if(strpos($bbcode_return, "[") !== FALSE)
{
@ -548,7 +550,7 @@ class e_bbcode
*/
function renderButtons($template='', $id='', $options=array())
{
$template = (string) $template;
$tp = e107::getParser();
// Notice Removal
@ -804,7 +806,7 @@ class e_bbcode
$code_text = (strpos($img['src'],'http') === 0) ? $img['src'] : str_replace($tp->getUrlConstants('raw'), $tp->getUrlConstants('sc'), $qr['src']);
unset($img['src'],$img['srcset'],$img['@value'], $img['caption'], $img['alt']);
$parms = !empty($img) ? ' '.str_replace('+', ' ', http_build_query($img,null, '&')) : "";
$parms = !empty($img) ? ' '.str_replace('+', ' ', http_build_query($img)) : "";
$replacement = '[img'.$parms.']'.$code_text.'[/img]';

View File

@ -320,7 +320,6 @@ class ecache {
* @scope private
*/
function delete($dir, $pattern = "*.*", $syscache = false) {
$deleted = false;
$pattern = ($syscache ? "S_" : "C_").$pattern;
$pattern = str_replace(array("\*", "\?"), array(".*", "."), preg_quote($pattern));
if (substr($dir, -1) != "/") {
@ -331,9 +330,7 @@ class ecache {
$d = opendir($dir);
while ($file = readdir($d)) {
if (is_file($dir.$file) && preg_match("/^{$pattern}$/", $file)) {
if (unlink($dir.$file)) {
$deleted[] = $file;
}
unlink($dir.$file);
}
}
closedir($d);

View File

@ -391,7 +391,7 @@ class CronParser
function getLastRan()
{
return explode(",", strftime("%M,%H,%d,%m,%w,%Y", $this->lastRan)); //Get the values for now in a format we can use
return explode(",", e_date::strftime("%M,%H,%d,%m,%w,%Y", $this->lastRan)); //Get the values for now in a format we can use
}
function getLastRanUnix()
@ -505,7 +505,7 @@ class CronParser
}
//put the current time into an array
$t = strftime("%M,%H,%d,%m,%w,%Y", time());
$t = e_date::strftime("%M,%H,%d,%m,%w,%Y", time());
$this->now = explode(",", $t);
$this->year = $this->now[5];

View File

@ -37,17 +37,17 @@ class e_date
for ($i=1; $i < 8; $i++)
{
$day = strftime('%A', mktime(1,1,1, 1, $i, 2012));
$dates['days'][] = $day;
$dates['daysShort'][] = strftime('%a', mktime(1,1,1, 1, $i, 2012));
$dates['daysMin'][] = substr($day,0,2);
$day = e_date::strftime('%A', mktime(1, 1, 1, 1, $i, 2012));
$dates['days'][] = $day;
$dates['daysShort'][] = e_date::strftime('%a', mktime(1, 1, 1, 1, $i, 2012));
$dates['daysMin'][] = substr($day, 0, 2);
}
for ($i=1; $i < 13; $i++)
{
$dates['months'][] = strftime('%B', mktime(1,1,1, $i, 2, 2013));
$dates['monthsShort'][] = strftime('%h', mktime(1,1,1, $i, 2, 2013));
$dates['months'][] = e_date::strftime('%B', mktime(1, 1, 1, $i, 2, 2013));
$dates['monthsShort'][] = e_date::strftime('%h', mktime(1, 1, 1, $i, 2, 2013));
}
@ -86,11 +86,11 @@ class e_date
{
$val = ($type == 'month-short') ? '%b' : '%B'; //eg. 'Aug' / 'August'
$marray = array();
for ($i=1; $i < 13; $i++)
{
$marray[$i] = strftime($val,mktime(1,1,1,$i,1,2000));
for ($i = 1; $i < 13; $i++)
{
$marray[$i] = e_date::strftime($val, mktime(1, 1, 1, $i, 1, 2000));
}
return $marray;
}
@ -102,15 +102,15 @@ class e_date
switch ($type)
{
case 'day-shortest': // eg. 'Tu'
$days[] = substr(strftime('%a',mktime(1,1,1,6,$i,2014)),0,2);
$days[] = substr(e_date::strftime('%a', mktime(1, 1, 1, 6, $i, 2014)), 0, 2);
break;
case 'day-short': // eg. 'Tue'
$days[] = strftime('%a',mktime(1,1,1,6,$i,2014));
$days[] = e_date::strftime('%a', mktime(1, 1, 1, 6, $i, 2014));
break;
default: // eg. 'Tuesday'
$days[] = strftime('%A',mktime(1,1,1,6,$i,2014));
$days[] = e_date::strftime('%A', mktime(1, 1, 1, 6, $i, 2014));
break;
}
}
@ -196,7 +196,7 @@ class e_date
break;
}
$dateString = strftime($mask, $datestamp);
$dateString = e_date::strftime($mask, $datestamp);
if (!e107::getParser()->isUTF8($dateString))
{
@ -206,8 +206,95 @@ class e_date
return $dateString;
}
/**
* Polyfill for {@see strftime()}, which was deprecated in PHP 8.1
*
* The implementation is an approximation that may be wrong for some obscure formatting characters.
*
* @param string $format The old {@see strftime()} format string
* @param int|null $timestamp A Unix epoch timestamp. If null, defaults to the value of {@see time()}.
* @return string Datetime formatted according to the provided arguments
*/
public static function strftime($format, $timestamp = null)
{
if ($timestamp === null) $timestamp = time();
$datetime = date_create("@$timestamp");
$datetime->setTimezone(new DateTimeZone(date_default_timezone_get()));
$formatMap = [
'%a' => 'D',
'%A' => 'l',
'%d' => 'd',
'%e' => function($datetime)
{
return str_pad(date_format($datetime, 'n'), 2, " ", STR_PAD_LEFT);
},
'%j' => function($datetime)
{
return str_pad(date_format($datetime, 'z'), 3, "0", STR_PAD_LEFT);
},
'%u' => 'N',
'%w' => 'w',
'%U' => 'W',
'%V' => 'W',
'%W' => 'W',
'%b' => 'M',
'%B' => 'F',
'%h' => 'M',
'%m' => 'm',
'%C' => function($datetime)
{
return (string) ((int) date_format($datetime, 'Y') / 100);
},
'%g' => 'y',
'%G' => 'Y',
'%y' => 'y',
'%Y' => 'Y',
'%H' => 'H',
'%k' => function($datetime)
{
return str_pad(date_format($datetime, 'G'), 2, " ", STR_PAD_LEFT);
},
'%I' => 'h',
'%l' => function($datetime)
{
return str_pad(date_format($datetime, 'g'), 2, " ", STR_PAD_LEFT);
},
'%M' => 'i',
'%p' => 'A',
'%P' => 'a',
'%r' => 'h:i:s A',
'%R' => 'H:i',
'%S' => 's',
'%T' => 'H:i:s',
'%X' => 'H:i:s',
'%z' => 'O',
'%Z' => 'T',
'%c' => 'r',
'%D' => 'm/d/y',
'%F' => 'Y-m-d',
'%s' => 'U',
'%x' => 'Y-m-d',
'%n' => "\n",
'%t' => "\t",
'%%' => '\%',
];
foreach ($formatMap as $strftime_key => $date_format_key)
{
if (is_callable($date_format_key))
{
$replacement = chunk_split($date_format_key($datetime), 1, "\\");
}
else
{
$replacement = $date_format_key;
}
$format = str_replace($strftime_key, $replacement, $format);
}
return date_format($datetime, $format);
}
/**
* @deprecated - for internal use only.
@ -787,11 +874,12 @@ class e_date
*/
public function strptime($str, $format)
{
trigger_error('<b>'.__METHOD__.' is deprecated.</b> Use eShims::strptime() instead', E_USER_DEPRECATED); // NO LAN
trigger_error('<b>' . __METHOD__ . ' is deprecated.</b> Use eShims::strptime() instead', E_USER_DEPRECATED); // NO LAN
$vals = eShims::strptime($str, $format); // PHP5 is more accurate than below.
$vals['tm_amon'] = strftime('%b', mktime(0, 0, 0, $vals['tm_mon'] + 1));
$vals['tm_fmon'] = strftime('%B', mktime(0, 0, 0, $vals['tm_mon'] + 1));
$vals['tm_amon'] = e_date::strftime('%b', mktime(0, 0, 0, $vals['tm_mon'] + 1));
$vals['tm_fmon'] = e_date::strftime('%B', mktime(0, 0, 0, $vals['tm_mon'] + 1));
return $vals;
}
@ -870,12 +958,7 @@ class e_date
// Evaluate the formats whilst suppressing any errors.
foreach($strftimeFormats as $format => $description)
{
//if (False !== ($value = @strftime("%{$format}")))
$value = @strftime("%{$format}");
if (False !== $value)
{
$strftimeValues[$format] = $value;
}
$strftimeValues[$format] = e_date::strftime("%{$format}");
}
// Find the longest value.

View File

@ -128,6 +128,7 @@ class db_table_admin
// Returns an array where each entry is the definitions of a field or index
function parse_field_defs($text)
{
$text = (string) $text;
$ans = array(
);
$text = str_replace("\r", "\n", $text);

View File

@ -426,7 +426,7 @@ class e_db_pdo implements e_db
if ($this->debugMode === true)
{
$aTrace = debug_backtrace();
$pTable = $this->mySQLcurTable;
$pTable = (string) $this->mySQLcurTable;
if(!strlen($pTable))
{
@ -2558,6 +2558,11 @@ class e_db_pdo implements e_db
private function setSQLMode()
{
$this->db_Query("SET SESSION sql_mode='NO_ENGINE_SUBSTITUTION';");
/**
* Disable PHP 8.1 PDO result set typing casting for consistency with PHP 5.6 through 8.0
* @link https://github.com/php/php-src/blob/4025cf2875f895e9f7193cebb1c8efa4290d052e/UPGRADING#L130-L134
*/
$this->mySQLaccess->setAttribute(PDO::ATTR_STRINGIFY_FETCHES, true);
}
@ -2623,7 +2628,7 @@ class e_db_pdo implements e_db
{
if (is_readable(e_CACHE_DB.$tableName.'.php'))
{
$temp = file_get_contents(e_CACHE_DB.$tableName.'.php', FILE_TEXT);
$temp = file_get_contents(e_CACHE_DB.$tableName.'.php');
if ($temp !== false)
{
$typeDefs = e107::unserialize($temp);

View File

@ -508,7 +508,7 @@ class e_parse
foreach($data as $key => $var)
{
//Fix - sanitize keys as well
$key = filter_var($key, FILTER_SANITIZE_STRING);
$key = str_replace(['"', "'"], ['&quot;', '&#039;'], $key);
$ret[$key] = $this->toDB($var, $nostrip, $no_encode, $mod, $parm);
}
@ -787,6 +787,8 @@ class e_parse
return $arr;
}
$text = (string) $text;
if(MAGIC_QUOTES_GPC == true)
{
$text = stripslashes($text);
@ -2003,6 +2005,7 @@ class e_parse
*/
public function toText($text)
{
$text = (string) $text;
if($this->isBBcode($text) === true) // convert any bbcodes to html
{
@ -2338,6 +2341,7 @@ class e_parse
*/
public function thumbUrl($url = null, $options = array(), $raw = false, $full = false)
{
$url = (string) $url;
$this->staticCount++; // increment counter.
@ -3717,7 +3721,7 @@ class e_parse
$parm = $options;
$options = varset($parm['space'], '');
}
elseif(strpos($options, '='))
elseif (is_string($options) && strpos($options, '='))
{
parse_str($options, $parm);
$options = varset($parm['space'], '');
@ -4618,7 +4622,7 @@ class e_parse
$ytpref['cc_lang_pref'] = e_LAN; // switch captions with chosen user language.
}
$ytqry = http_build_query($ytpref, null, '&amp;');
$ytqry = http_build_query($ytpref, '', '&amp;');
$defClass = !empty($this->bootstrap) ? 'embed-responsive embed-responsive-16by9 ratio ratio-16x9' : 'video-responsive'; // levacy backup.
@ -4848,7 +4852,7 @@ class e_parse
{
$filterTypes = array(
'int' => FILTER_SANITIZE_NUMBER_INT,
'str' => FILTER_SANITIZE_STRING, // no html.
'str' => function($input) { return strip_tags($input); },
'email' => FILTER_SANITIZE_EMAIL,
'url' => FILTER_SANITIZE_URL,
'enc' => FILTER_SANITIZE_ENCODED
@ -4870,13 +4874,19 @@ class e_parse
trigger_error("Unsupported type '".$type."' used in e107::getParser()->filter().", E_USER_WARNING);
}
if(is_array($text))
$filter = $filterTypes[$type];
$filter = function($element) use ($filter)
{
$ret = filter_var_array($text, $filterTypes[$type]);
$element = (string) $element;
return is_callable($filter) ? $filter($element) : filter_var($element, $filter);
};
if (is_array($text))
{
$ret = filter_var($text, FILTER_CALLBACK, ['options' => $filter]);
}
else
{
$ret = filter_var($text, $filterTypes[$type]);
$ret = $filter($text);
}
}

View File

@ -370,6 +370,7 @@
*/
private function tablestyle($caption, $text, $mode)
{
$text = (string) $text;
// Automatic list detection .
$isList = (strncmp(ltrim($text), '<ul', 3) === 0);

View File

@ -485,7 +485,7 @@ class e_thumbnail
$ret['h'] = isset($this->_request['h']) ? intval($this->_request['h']) : $ret['w'];
$ret['aw'] = isset($this->_request['aw']) ? intval($this->_request['aw']) : false;
$ret['ah'] = isset($this->_request['ah']) ? intval($this->_request['ah']) : $ret['aw'];
$ret['c'] = isset($this->_request['c']) ? strtoupper(substr(filter_var($this->_request['c'],FILTER_SANITIZE_STRING),0,1)) : false;
$ret['c'] = isset($this->_request['c']) ? strtoupper(substr(e107::getParser()->filter($this->_request['c'], 'str'),0,1)) : false;
// $ret['wm'] = isset($this->_request['wm']) ? intval($this->_request['wm']) : $ret['wm'];
if($ret['c'] == 'A') // auto

View File

@ -2745,7 +2745,7 @@ class e_form
if(!is_array($options))
{
parse_str($options, $options);
parse_str((string) $options, $options);
}
if(is_array($value))
@ -2979,7 +2979,7 @@ class e_form
}
if(!is_array($options))
{
parse_str($options, $options);
parse_str((string) $options, $options);
}
if(!empty($options['help']))
@ -3052,7 +3052,7 @@ class e_form
if(!is_array($options))
{
parse_str($options, $options);
parse_str((string) $options, $options);
}
@ -3109,7 +3109,7 @@ class e_form
{
if(!is_array($options))
{
parse_str($options, $options);
parse_str((string) $options, $options);
}
if($option_array === 'yesno')
@ -3712,6 +3712,7 @@ var_dump($select_options);*/
*/
public function admin_button($name, $value, $action = 'submit', $label = '', $options = array())
{
$action = (string) $action;
$btype = 'submit';
if(strpos($action, 'action') === 0 || $action === 'button')
{
@ -3909,7 +3910,8 @@ var_dump($select_options);*/
//
foreach ($options as $option => $optval)
{
$optval = trim($optval);
$optval = trim((string) $optval);
$optval = htmlspecialchars($optval, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
switch ($option)
{
@ -4384,14 +4386,15 @@ var_dump($select_options);*/
public function thead($fieldarray, $columnPref = array(), $querypattern = '', $requeststr = '')
{
$tp = e107::getParser();
$text = '';
$querypattern = filter_var($querypattern, FILTER_SANITIZE_STRING);
$querypattern = $tp->filter($querypattern, 'str');
if(!$requeststr)
{
$requeststr = rawurldecode(e_QUERY);
}
$requeststr = filter_var($requeststr, FILTER_SANITIZE_STRING);
$requeststr = $tp->filter($requeststr, 'str');
// Recommended pattern: mode=list&field=[FIELD]&asc=[ASC]&from=[FROM]
if(strpos($querypattern,'&')!==FALSE)
@ -4787,7 +4790,7 @@ var_dump($select_options);*/
{
foreach($array as $k=>$v)
{
$jsonArray[$k] = str_replace("'", '`', $v);
$jsonArray[$k] = str_replace("'", '`', (string) $v);
}
}
@ -4978,7 +4981,7 @@ var_dump($select_options);*/
$eModalCap .= " data-modal-submit='true'";
}
$query = http_build_query($query, null, '&amp;');
$query = http_build_query($query, '', '&amp;');
$text .= "<a href='".e_SELF."?{$query}' class='btn btn-default btn-secondary".$eModal."' ".$eModalCap." title='".LAN_EDIT."' data-toggle='tooltip' data-bs-toggle='tooltip' data-placement='left'>
".$editIconDefault. '</a>';
}
@ -5226,10 +5229,11 @@ var_dump($select_options);*/
parse_str($attributes['writeParms'], $attributes['writeParms']);
}
$wparms = $attributes['writeParms'];
if(!is_array(varset($wparms['__options'])))
if (!isset($wparms['__options'])) $wparms['__options'] = null;
if(!is_array($wparms['__options']))
{
parse_str($wparms['__options'], $wparms['__options']);
parse_str((string) $wparms['__options'], $wparms['__options']);
}
if(!empty($wparms['optArray']))

View File

@ -157,7 +157,7 @@ class eIPHandler
*/
public function __construct($configDir = '')
{
$configDir = trim($configDir);
$configDir = trim((string) $configDir);
if ($configDir)
{
@ -1452,7 +1452,7 @@ class banlistManager
private function dateFormat($date)
{
if ($date == 0) return '0';
return strftime('%Y%m%d_%H%M%S',$date);
return e_date::strftime('%Y%m%d_%H%M%S',$date);
}

View File

@ -1177,6 +1177,7 @@ class e_media
*/
public function detectType($mediaURL)
{
$mediaURL = (string) $mediaURL;
$type = pathinfo($mediaURL,PATHINFO_EXTENSION);
if($type == 'glyph')
@ -1456,7 +1457,7 @@ class e_media
return $path;
}
$ext = e107::getFile()->getFileExtension($mime);
$ext = (string) e107::getFile()->getFileExtension($mime);
$len = strlen($ext);

View File

@ -601,7 +601,7 @@ class e_menuManager
function menuPresetPerms($val)
{
$link_class = strtolower(trim($val));
$link_class = strtolower(trim((string) $val));
$menu_perm['everyone'] = e_UC_PUBLIC;
$menu_perm['guest'] = e_UC_GUEST;
$menu_perm['member'] = e_UC_MEMBER;

View File

@ -133,6 +133,11 @@ class e_db_mysql implements e_db
$this->dbg = e107::getDebug();
/**
* Revert PHP 8.1 mysqli default error mode
* @link https://github.com/php/php-src/blob/4025cf2875f895e9f7193cebb1c8efa4290d052e/UPGRADING#L101-L105
*/
mysqli_report(MYSQLI_REPORT_OFF);
}
function getPDO()
@ -430,7 +435,7 @@ class e_db_mysql implements e_db
/** @var $db_debug e107_db_debug */
global $db_debug;
$aTrace = debug_backtrace();
$pTable = $this->mySQLcurTable;
$pTable = (string) $this->mySQLcurTable;
if (!strlen($pTable)) {
$pTable = '(complex query)';
} else {
@ -2464,7 +2469,7 @@ class e_db_mysql implements e_db
{
if (is_readable(e_CACHE_DB.$tableName.'.php'))
{
$temp = file_get_contents(e_CACHE_DB.$tableName.'.php', FILE_TEXT);
$temp = file_get_contents(e_CACHE_DB.$tableName.'.php');
if ($temp !== FALSE)
{
$typeDefs = e107::unserialize($temp);

View File

@ -632,7 +632,7 @@ class e_news_item extends e_front_model
$params = array($val); //value is always the first callback argument
$params = array_merge($params, explode(',', $parm['arg']));
//should be done with date handler (awaiting for modifications)
return strftime(varset($parm['arg'], e107::getPref('shortdate')), $val);
return e_date::strftime(varset($parm['arg'], e107::getPref('shortdate')), $val);
break;
default:

View File

@ -1046,7 +1046,7 @@ class e_plugin
if(empty($ver))
{
return null;
return '';
}
$ver = str_replace('e107','',$ver);
@ -1079,7 +1079,7 @@ class e_plugin
);
return str_replace($pathFilter,'', $path);
return str_replace($pathFilter,'', (string) $path);
}

View File

@ -32,7 +32,7 @@ class e_search
function __construct($query = '')
{
$tp = e107::getParser();
$this->query = $query;
$this->query = (string) $query;
$this->bullet = '';
if(defined('GLYPH'))

View File

@ -397,6 +397,7 @@ class e_session
if($key == null) // clear all under this namespace.
{
$this->_data = array(); // must be set to array() not unset.
return $this;
}
if(strpos($key,'/') !== false) // multi-dimensional
@ -538,7 +539,14 @@ class e_session
// ini_set('session.save_handler', 'user');
$session = new e_session_db;
session_set_save_handler($session, true);
session_set_save_handler(
[$session, 'open'],
[$session, 'close'],
[$session, 'read'],
[$session, 'write'],
[$session, 'destroy'],
[$session, 'gc']
);
$session->setSaveHandler();
break;
@ -1112,7 +1120,12 @@ class e_core_session extends e_session
}
class e_session_db implements SessionHandlerInterface
/**
* Database session handler
*
* @todo PHP 8.1 support with {@see SessionHandlerInterface}
*/
class e_session_db #implements SessionHandlerInterface
{
/**
* @var e_db

View File

@ -992,8 +992,7 @@ class e_parse_shortcode
// print_a($this);
}
$ret = preg_replace_callback('#\{([A-Z][^\x02]*?\S)\}#', array(&$this, 'doCode'), $text); // must always start with uppercase letter
$ret = preg_replace_callback('#\{([A-Z][^\x02]*?\S)\}#', array(&$this, 'doCode'), (string) $text); // must always start with uppercase letter
// $ret = preg_replace_callback('#\{(\S[^\x02]*?\S)\}#', array(&$this, 'doCode'), $text);
$this->parseSCFiles = $saveParseSCFiles; // Restore previous value
$this->addedCodes = $saveCodes;
@ -1270,7 +1269,7 @@ class e_parse_shortcode
include_once($_path);
if (class_exists($_class, false)) // prevent __autoload - performance
if (is_string($_class) && class_exists($_class, false)) // prevent __autoload - performance
{
// SecretR - fix array(parm, sc_mode) causing parm to become an array, see issue 424
if(!method_exists($_class, $_function))

View File

@ -1457,7 +1457,8 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
$srch = array('{ICON}', '{CAPTION}');
$repl = array(varset($extraParms['icon']), $title);
$title = str_replace($srch,$repl, varset($tmpl['caption']));
$caption = isset($tmpl['caption']) ? (string) $tmpl['caption'] : '';
$title = str_replace($srch,$repl, $caption);
$ret = $ns->tablerender($title, $text, 'default', true);
$ns->setUniqueId(null);

View File

@ -51,8 +51,8 @@ class e107_traffic
*/
function TimeDelta($tStart, $tFinish)
{
$tFrom = explode(' ', $tStart);
$tTo = explode(' ', $tFinish);
$tFrom = explode(' ', (string) $tStart);
$tTo = explode(' ', (string) $tFinish);
if(!isset($tFrom[1]))
{

View File

@ -195,7 +195,7 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
foreach ($files['name'] as $key=>$name)
{
$name = filter_var($name, FILTER_SANITIZE_STRING);
$name = $tp->filter($name, 'str');
$first_error = FALSE; // Clear error flag
if (($name != '') || $files['size'][$key]) // Need this check for things like file manager which allow multiple possible uploads

View File

@ -451,6 +451,7 @@ class user_class
*/
public function uc_dropdown($fieldname, $curval = 0, $optlist = '', $extra_js = '')
{
$optlist = (string) $optlist;
$show_classes = self::uc_required_class_list($optlist); // Get list of classes which meet criteria
$text = '';

View File

@ -1386,7 +1386,20 @@ class validatorClass
break;
}
$field = varset($options['dbFieldName'], $f);
if ($temp = $u_sql->count($targetTable, "(*)", "WHERE `{$f}`='" . filter_var($v, FILTER_SANITIZE_STRING) . "' AND `user_id` != " . $userID))
// XXX: Different implementations due to missing API for preventing SQL injections
$count = 0;
if ($u_sql instanceof e_db_mysql)
{
$v = $u_sql->escape($v);
$count = $u_sql->count($targetTable, "(*)", "WHERE `{$f}`='$v' AND `user_id` != " . $userID);
}
else
{
$u_sql->select($targetTable, "COUNT(*)", "`{$f}`=:value", ['value' => $v]);
$row = $u_sql->fetch('num');
$count = $row[0];
}
if ($count)
{
$errMsg = ERR_DUPLICATE;
}

View File

@ -96,8 +96,8 @@ if (isset($_POST['clientsubmit']))
{
while ($row = $sql->fetch())
{
$start_date = ($row['banner_startdate'] ? strftime("%d %B %Y", $row['banner_startdate']) : BANNERLAN_31);
$end_date = ($row['banner_enddate'] ? strftime("%d %B %Y", $row['banner_enddate']) : BANNERLAN_31);
$start_date = ($row['banner_startdate'] ? e_date::strftime("%d %B %Y", $row['banner_startdate']) : BANNERLAN_31);
$end_date = ($row['banner_enddate'] ? e_date::strftime("%d %B %Y", $row['banner_enddate']) : BANNERLAN_31);
$scArray = array();
$scArray['BANNER_TABLE_CLICKPERCENTAGE'] = ($row['banner_clicks'] && $row['banner_impressions'] ? round(($row['banner_clicks'] / $row['banner_impressions']) * 100)."%" : "-");

View File

@ -26,8 +26,6 @@ class banner_shortcodes extends e_shortcode
$sql = e107::getDb();
$tp = e107::getParser();
mt_srand((double) microtime() * 1000000);
$seed = mt_rand(1, 2000000000);
$time = time();
$campaign = (isset($parm['campaign']) ? $parm['campaign'] : $parm);
@ -40,7 +38,7 @@ class banner_shortcodes extends e_shortcode
$query .= " AND banner_keywords REGEXP " . $tags_regexp;
}
$query .= " ORDER BY RAND($seed) LIMIT 1";
$query .= " ORDER BY RAND() LIMIT 1";
if($sql->select('banner', 'banner_id, banner_image, banner_clickurl, banner_description', $query))
{

View File

@ -19,7 +19,7 @@
*/
if (!defined('e107_INIT')) { exit; }
$parm = isset($parm) && is_string($parm) ? $parm : '';
$cString = 'nq_news_blogacalendar_menu_'.preg_replace('#[^\w]#', '', $parm);
$cached = e107::getCache()->retrieve($cString);

View File

@ -357,7 +357,7 @@ class download_shortcodes extends e_shortcode
}
return "<a href='".e_REQUEST_SELF."?".http_build_query($qry, null, '&amp;')."'>".$text."</a>" ;
return "<a href='".e_REQUEST_SELF."?".http_build_query($qry, '', '&amp;')."'>".$text."</a>" ;
}

View File

@ -140,7 +140,7 @@ class downloadCategory
{
$text = "<tr><td>".$cat['download_category_id']."</td><td>".$cat['download_category_parent']."</td><td>";
$text .= $prefix.htmlspecialchars($cat['download_category_name']).$postfix."</td><td>".$cat['d_size']."</td>";
$text .= "<td>".$cat['d_count']."</td><td>".$cat['d_requests']."</td><td>".strftime('%H:%M %d-%m-%Y',$cat['d_last'])."</td>";
$text .= "<td>".$cat['d_count']."</td><td>".$cat['d_requests']."</td><td>".e_date::strftime('%H:%M %d-%m-%Y',$cat['d_last'])."</td>";
$text .= "</tr>";
return $text;
}

View File

@ -81,7 +81,7 @@ if (isset($_POST['faq_submit']))
$data = $tp->toDB($_POST['data']);
$count = ($sql->count("faqs", "(*)", "WHERE faq_parent='".intval($_POST['faq_parent'])."' ") + 1);
$sql->insert("faqs", " 0, '".$_POST['faq_parent']."', '$faq_question', '$data', '".filter_var($_POST['faq_comment'], FILTER_SANITIZE_STRING)."', '".time()."', '".USERID."', '".$count."' ");
$sql->insert("faqs", " 0, '".$_POST['faq_parent']."', '$faq_question', '$data', '".e107::getParser()->filter($_POST['faq_comment'], 'str')."', '".time()."', '".USERID."', '".$count."' ");
$message = FAQ_ADLAN_32;

View File

@ -151,7 +151,7 @@ class featurebox_shortcodes// must match the plugin's folder name. ie. [PLUGIN_F
{
$ctemplate = $mod;
}
parse_str($parm, $parm);
parse_str((string) $parm, $parm);
$category = $this->getCategoryModel($ctemplate);

View File

@ -65,6 +65,7 @@ class forumStats
$firstpost = $sql->select('forum_post', 'post_datestamp', 'post_datestamp > 0 ORDER BY post_datestamp ASC LIMIT 0,1', 'default');
$fp = $sql->fetch();
$fp = is_array($fp) ? $fp : array();
$open_ds = (int) varset($fp['post_datestamp']);
$open_date = $gen->convert_date($open_ds, 'long');

View File

@ -727,14 +727,14 @@ class listclass
if($thisday == $current_day)
{
$datepreftoday = $this->list_pref[$this->mode."_datestyletoday"];
return strftime($datepreftoday, $datestamp);
return e_date::strftime($datepreftoday, $datestamp);
}
}
}
//else use default date style
$datepref = $this->list_pref[$this->mode."_datestyle"];
return strftime($datepref, $datestamp);
return e_date::strftime($datepref, $datestamp);
}
/**

View File

@ -1864,10 +1864,10 @@ class news_front
// render new date header if pref selected ...
$thispostday = strftime("%j", $news['news_datestamp']);
$thispostday = e_date::strftime("%j", $news['news_datestamp']);
if ($newpostday != $thispostday && (isset($this->pref['news_newdateheader']) && $this->pref['news_newdateheader']))
{
echo "<div class='".DATEHEADERCLASS."'>".strftime("%A %d %B %Y", $news['news_datestamp'])."</div>";
echo "<div class='".DATEHEADERCLASS."'>".e_date::strftime("%A %d %B %Y", $news['news_datestamp'])."</div>";
}
$newpostday = $thispostday;
$news['category_id'] = $news['news_category'];

View File

@ -85,7 +85,7 @@ class page_shortcodes extends e_shortcode
if($parm)
{
$parm = http_build_query($parm, null, '&');
$parm = http_build_query($parm);
}
else
{

View File

@ -118,6 +118,9 @@ class pmbox_manager
}
else
{
if (!isset($pm_info['inbox']) || !is_array($pm_info['inbox'])) $pm_info['inbox'] = [];
if (!isset($pm_info['outbox']) || !is_array($pm_info['outbox'])) $pm_info['outbox'] = [];
$pm_info['inbox']['limit'] = '';
$pm_info['outbox']['limit'] = '';
$pm_info['inbox']['filled'] = '';

View File

@ -261,15 +261,6 @@ $override = array();
if(isset($_POST['previous_steps']))
{
$tmp = unserialize(base64_decode($_POST['previous_steps']));
// Save unfiltered admin password (#4004) - " are transformed into &#34;
$tmpadminpass1 = (isset($tmp['admin']) && !empty($tmp['admin']['password'])) ? $tmp['admin']['password'] : '';
$tmp = filter_var_array($tmp, FILTER_SANITIZE_STRING);
// Restore unfiltered admin password
$tmp['admin']['password'] = $tmpadminpass1;
$override = (isset($tmp['paths']) && isset($tmp['paths']['hash'])) ? array('site_path'=>$tmp['paths']['hash']) : array();
unset($tmp);
unset($tmpadminpass1);