mirror of
https://github.com/e107inc/e107.git
synced 2025-01-16 20:28:28 +01:00
Fix all PHP 8.1 test failures
* `strftime()` has been replaced with a polyfill based on `DateTime`. * Explicit type casts/assertions added where required by PHP 8.1 * `filter_var(…, FILTER_SANITIZE_STRING)` replaced with `strip_tags()` or HTML entity encoding of quotation marks, depending on a guess of what the intended "sanitization" was * `http_build_query()` usage type mismatches fixed * Removed usages of the `FILE_TEXT` constant * To avoid breaking PHP 5.6 compatibility (function return types), `e_session_db` no longer implements `SessionHandlerInterface`. Instead, the alternative non-OOP invocation of `session_set_save_handler()` is used instead to apply the session handler. * The shim for `strptime()` still calls the native function if available but now suppresses the deprecation warning. * `e_db_pdo` explicitly asks for `PDO::ATTR_STRINGIFY_FETCHES` to maintain consistent behavior with past versions of PHP. * `e_db_mysql` explicitly sets `mysqli_report(MYSQLI_REPORT_OFF)` to maintain consistent behavior with past versions of PHP. * Removed pointless random number generator seed from `banner` plugin * Workaround for `COUNT(*)` SQL query in `validatorClass::dbValidateArray()` without a proper API for avoiding SQL injection
This commit is contained in:
parent
64cd796605
commit
20882920a0
@ -1233,7 +1233,7 @@ function check_class($var, $userclass = null, $uid = 0)
|
||||
|
||||
$class_array = !is_array($userclass) ? explode(',', $userclass) : $userclass;
|
||||
|
||||
$varList = !is_array($var) ? explode(',', $var) : $var;
|
||||
$varList = !is_array($var) ? explode(',', (string) $var) : $var;
|
||||
$latchedAccess = false;
|
||||
|
||||
foreach ($varList as $v)
|
||||
|
@ -107,7 +107,7 @@ if(e_AJAX_REQUEST) // TODO improve security
|
||||
{
|
||||
$pid = intval(varset($_POST['pid'], 0)); // ID of the specific comment being edited (nested comments - replies)
|
||||
$row = array();
|
||||
$authName = filter_var($_POST['author_name'],FILTER_SANITIZE_STRING);
|
||||
$authName = e107::getParser()->filter($_POST['author_name'], 'str');
|
||||
$clean_authorname = vartrue($authName,USERNAME);
|
||||
$clean_comment = e107::getParser()->toText($_POST['comment']);
|
||||
$clean_subject = e107::getParser()->filter($_POST['subject'],'str');
|
||||
|
@ -371,7 +371,7 @@ class admin_log_ui extends e_admin_ui
|
||||
if(($action == "backdel") && isset($_POST['backdeltype']))
|
||||
{
|
||||
// $old_date = intval($qs[1]);
|
||||
$old_string = strftime("%d %B %Y", $old_date);
|
||||
$old_string = e_date::strftime("%d %B %Y", $old_date);
|
||||
$qry = "dblog_datestamp < ".$old_date; // Same field for both logs
|
||||
|
||||
switch($_POST['backdeltype'])
|
||||
|
@ -65,7 +65,7 @@ if (!empty($_POST['ban_types']))
|
||||
}
|
||||
}
|
||||
|
||||
$filename = 'banlist_'.strftime("%Y%m%d_%H%M%S").'.csv';
|
||||
$filename = 'banlist_'.e_date::strftime("%Y%m%d_%H%M%S").'.csv';
|
||||
|
||||
if ($error_string = do_export($filename, $type_list, $format_array, $use_separator, $use_quote))
|
||||
{
|
||||
@ -98,7 +98,7 @@ function do_export($filename, $type_list='',$format_array=array(), $sep = ',', $
|
||||
break;
|
||||
case 'banlist_datestamp' :
|
||||
case 'banlist_banexpires' :
|
||||
if ($row[$f]) $line .= $spacer.$quot.strftime($v,$row[$f]).$quot; else $line .= $spacer.$quot.'0'.$quot;
|
||||
if ($row[$f]) $line .= $spacer.$quot.e_date::strftime($v,$row[$f]).$quot; else $line .= $spacer.$quot.'0'.$quot;
|
||||
break;
|
||||
}
|
||||
$spacer = $sep;
|
||||
|
@ -141,7 +141,7 @@ class page_admin_form_ui extends e_admin_form_ui
|
||||
parse_str(str_replace('&', '&', e_QUERY), $query); //FIXME - FIX THIS
|
||||
$query['action'] = 'edit';
|
||||
$query['id'] = $id;
|
||||
$query = http_build_query($query,null, '&');
|
||||
$query = http_build_query($query, '', '&');
|
||||
|
||||
$text = "<a href='".e_SELF."?{$query}' class='btn btn-default' title='".LAN_EDIT."' data-toggle='tooltip' data-bs-toggle='tooltip' data-placement='left'>
|
||||
".ADMIN_EDIT_ICON."</a>";
|
||||
|
@ -542,9 +542,9 @@ class cron_admin_form_ui extends e_admin_form_ui
|
||||
$text .= "<br />";
|
||||
$text .= ($day != '*') ? LAN_CRON_52 ." ". $day : LAN_CRON_40; // Day(s)
|
||||
$text .= "<br />";
|
||||
$text .= ($month != '*') ? LAN_CRON_53 ." ". strftime("%B", mktime(00, 00, 00, $month, 1, 2000)) : LAN_CRON_41; // Month(s)
|
||||
$text .= ($month != '*') ? LAN_CRON_53 ." ". e_date::strftime("%B", mktime(00, 00, 00, (int) $month, 1, 2000)) : LAN_CRON_41; // Month(s)
|
||||
$text .= "<br />";
|
||||
$text .= ($weekday != '*') ? LAN_CRON_54 ." ". strftime("%A", mktime(00, 00, 00, 5, $weekday, 2000)) : LAN_CRON_42; // Weekday(s)
|
||||
$text .= ($weekday != '*') ? LAN_CRON_54 ." ". e_date::strftime("%A", mktime(00, 00, 00, 5, (int) $weekday, 2000)) : LAN_CRON_42; // Weekday(s)
|
||||
|
||||
|
||||
return "<a class='e-tip' href=''>".ADMIN_INFO_ICON."</a>
|
||||
@ -711,7 +711,7 @@ class cron_admin_form_ui extends e_admin_form_ui
|
||||
{
|
||||
$sel = (in_array($i, $month)) ? "selected='selected'" : "";
|
||||
$diz = mktime(00, 00, 00, $i, 1, 2000);
|
||||
$text .= "<option value='$i' $sel>".strftime("%B", $diz)."</option>\n";
|
||||
$text .= "<option value='$i' $sel>".e_date::strftime("%B", $diz)."</option>\n";
|
||||
}
|
||||
$text .= "</select>
|
||||
|
||||
@ -724,7 +724,7 @@ class cron_admin_form_ui extends e_admin_form_ui
|
||||
for ($i = 0; $i <= 6; $i++)
|
||||
{
|
||||
$sel = (in_array(strval($i), $weekday)) ? "selected='selected'" : "";
|
||||
$text .= "<option value='$i' $sel>".strftime("%A", mktime(00, 00, 00, 5, $i, 2000))."</option>\n";
|
||||
$text .= "<option value='$i' $sel>".e_date::strftime("%A", mktime(00, 00, 00, 5, $i, 2000))."</option>\n";
|
||||
}
|
||||
$text .= "</select>
|
||||
";
|
||||
|
@ -672,7 +672,7 @@ class media_form_ui extends e_admin_form_ui
|
||||
// $save = ($_GET['bbcode']!='file') ? "e-dialog-save" : "";
|
||||
// e-dialog-close
|
||||
|
||||
$for = $this->getController()->getQuery('for');
|
||||
$for = (string) $this->getController()->getQuery('for');
|
||||
|
||||
|
||||
|
||||
|
@ -787,26 +787,26 @@ $text .= "
|
||||
$def = strtotime('December 21, 2012 3:45pm');
|
||||
|
||||
$inputdate = array( // TODO add more formats
|
||||
"%A, %d %B, %Y" => strftime("%A, %d %B, %Y",$def),
|
||||
"%A, %d %b, %Y" => strftime("%A, %d %b, %Y",$def),
|
||||
"%a, %d %B, %Y" => strftime("%a, %d %B, %Y",$def),
|
||||
"%a, %d %b, %Y" => strftime("%a, %d %b, %Y",$def),
|
||||
"%A, %d %B, %Y" => e_date::strftime("%A, %d %B, %Y",$def),
|
||||
"%A, %d %b, %Y" => e_date::strftime("%A, %d %b, %Y",$def),
|
||||
"%a, %d %B, %Y" => e_date::strftime("%a, %d %B, %Y",$def),
|
||||
"%a, %d %b, %Y" => e_date::strftime("%a, %d %b, %Y",$def),
|
||||
|
||||
"%A, %B %d, %Y" => strftime("%A, %B %d, %Y",$def),
|
||||
"%A, %b %d, %Y" => strftime("%A, %b %d, %Y",$def),
|
||||
"%A, %b %d, %y" => strftime("%A, %b %d, %y",$def),
|
||||
"%A, %B %d, %Y" => e_date::strftime("%A, %B %d, %Y",$def),
|
||||
"%A, %b %d, %Y" => e_date::strftime("%A, %b %d, %Y",$def),
|
||||
"%A, %b %d, %y" => e_date::strftime("%A, %b %d, %y",$def),
|
||||
|
||||
"%B %d, %Y" => strftime("%B %d, %Y",$def),
|
||||
"%b %d, %Y" => strftime("%b %d, %Y",$def),
|
||||
"%b %d, %y" => strftime("%b %d, %y",$def),
|
||||
"%B %d, %Y" => e_date::strftime("%B %d, %Y",$def),
|
||||
"%b %d, %Y" => e_date::strftime("%b %d, %Y",$def),
|
||||
"%b %d, %y" => e_date::strftime("%b %d, %y",$def),
|
||||
|
||||
"%d %B, %Y" => strftime("%d %B, %Y",$def),
|
||||
"%d %b, %Y" => strftime("%d %b, %Y",$def),
|
||||
"%d %b, %y" => strftime("%d %b, %y",$def),
|
||||
"%d %B, %Y" => e_date::strftime("%d %B, %Y",$def),
|
||||
"%d %b, %Y" => e_date::strftime("%d %b, %Y",$def),
|
||||
"%d %b, %y" => e_date::strftime("%d %b, %y",$def),
|
||||
|
||||
"%Y-%m-%d" => strftime("%Y-%m-%d",$def),
|
||||
"%d-%m-%Y" => strftime("%d-%m-%Y",$def),
|
||||
"%m/%d/%Y" => strftime("%m/%d/%Y",$def)
|
||||
"%Y-%m-%d" => e_date::strftime("%Y-%m-%d",$def),
|
||||
"%d-%m-%Y" => e_date::strftime("%d-%m-%Y",$def),
|
||||
"%m/%d/%Y" => e_date::strftime("%m/%d/%Y",$def)
|
||||
);
|
||||
|
||||
|
||||
@ -815,19 +815,19 @@ $text .= "
|
||||
|
||||
|
||||
|
||||
$inputtime["%I:%M %p"] = strftime("%I:%M %p",$def);
|
||||
$inputtime["%I:%M %p"] = e_date::strftime("%I:%M %p",$def);
|
||||
if(e107::getDate()->supported('P'))
|
||||
{
|
||||
$inputtime["%I:%M %P"] = strftime("%I:%M %P",$def);
|
||||
$inputtime["%I:%M %P"] = e_date::strftime("%I:%M %P",$def);
|
||||
}
|
||||
if(e107::getDate()->supported('l'))
|
||||
{
|
||||
$inputtime["%l:%M %p"] = strftime("%l:%M %p",$def);
|
||||
$inputtime["%l:%M %P"] = strftime("%l:%M %P",$def);
|
||||
$inputtime["%l:%M %p"] = e_date::strftime("%l:%M %p",$def);
|
||||
$inputtime["%l:%M %P"] = e_date::strftime("%l:%M %P",$def);
|
||||
}
|
||||
|
||||
$inputtime["%H:%M"] = strftime("%H:%M",$def);
|
||||
$inputtime["%H:%M:%S"] = strftime("%H:%M:%S",$def);
|
||||
$inputtime["%H:%M"] = e_date::strftime("%H:%M",$def);
|
||||
$inputtime["%H:%M:%S"] = e_date::strftime("%H:%M:%S",$def);
|
||||
|
||||
|
||||
|
||||
|
@ -2400,7 +2400,7 @@ class users_admin_form_ui extends e_admin_form_ui
|
||||
$att['type'] = 'boolean';
|
||||
|
||||
// $uid = $this->getController()->getModel()->get('user_id');
|
||||
$perms = $this->getController()->getModel()->get('user_perms');
|
||||
$perms = (string) $this->getController()->getModel()->get('user_perms');
|
||||
|
||||
if($mode == 'filter' && getperms('3'))
|
||||
{
|
||||
|
@ -62,6 +62,7 @@ global $pref, $parm;
|
||||
$extras = "rel=external";
|
||||
}
|
||||
|
||||
$extras = (string) $extras;
|
||||
if($extras == "external" || strpos($extras,"rel=external")!==FALSE)
|
||||
{
|
||||
$insert = "rel='external' ";
|
||||
|
@ -136,7 +136,7 @@ class admin_shortcodes extends e_shortcode
|
||||
if (!ADMIN) { return ''; }
|
||||
return "
|
||||
<div style='text-align: center'>
|
||||
<input class='btn btn-default btn-secondary button' type='button' onclick=\"javascript: window.open('".e_ADMIN_ABS."credits.php', 'myWindow', 'status = 1, height = 400, width = 300, resizable = 0')\" value='".LAN_CREDITS."' />
|
||||
<input class='btn btn-default btn-secondary button' type='button' onclick=\"javascript: window.open('".e_ADMIN_ABS."credits.php', 'myWindow', 'status = 1, height = 400, width = 300, resizable = 0')\" value='".defset('LAN_CREDITS')."' />
|
||||
</div>";
|
||||
}
|
||||
|
||||
@ -495,6 +495,7 @@ class admin_shortcodes extends e_shortcode
|
||||
}
|
||||
|
||||
if (ADMIN) {
|
||||
e107::coreLan('', true);
|
||||
if (!function_exists('admin_latest')) //XXX Is this still necessary?
|
||||
{
|
||||
function admin_latest($parm='')
|
||||
@ -515,14 +516,14 @@ class admin_shortcodes extends e_shortcode
|
||||
// $text .= "<div style='padding-bottom: 2px;'>".E_16_UPLOADS." <a href='".e_ADMIN."upload.php'>".ADLAN_LAT_7.": $active_uploads</a></div>";
|
||||
|
||||
$oldconfigs = array();
|
||||
$oldconfigs['e-news'][0] = array('icon' =>E_16_NEWS, 'title' =>ADLAN_LAT_2, 'url' => e_ADMIN. 'newspost.php?mode=sub&action=list', 'total' =>$submitted_news);
|
||||
$oldconfigs['e-news'][0] = array('icon' =>defset('E_16_NEWS'), 'title' =>defset('ADLAN_LAT_2'), 'url' => e_ADMIN. 'newspost.php?mode=sub&action=list', 'total' =>$submitted_news);
|
||||
|
||||
if(empty($pref['comments_disabled']) && varset($pref['comments_engine'],'e107') === 'e107')
|
||||
{
|
||||
$oldconfigs['e-comment'][0] = array('icon' =>E_16_COMMENT, 'title' =>ADLAN_LAT_9, 'url' => e_ADMIN_ABS. 'comment.php?searchquery=&filter_options=comment_blocked__2', 'total' =>$comments_pending);
|
||||
$oldconfigs['e-comment'][0] = array('icon' =>defset('E_16_COMMENT'), 'title' =>defset('ADLAN_LAT_9'), 'url' => e_ADMIN_ABS. 'comment.php?searchquery=&filter_options=comment_blocked__2', 'total' =>$comments_pending);
|
||||
}
|
||||
|
||||
$oldconfigs['e-upload'][0] = array('icon' =>E_16_UPLOADS, 'title' =>ADLAN_LAT_7, 'url' => e_ADMIN. 'upload.php', 'total' =>$active_uploads);
|
||||
$oldconfigs['e-upload'][0] = array('icon' =>defset('E_16_UPLOADS'), 'title' =>defset('ADLAN_LAT_7'), 'url' => e_ADMIN. 'upload.php', 'total' =>$active_uploads);
|
||||
|
||||
$messageTypes = array(/*'Broken Download',*/ 'Dev Team Message');
|
||||
$queryString = '';
|
||||
@ -536,7 +537,7 @@ class admin_shortcodes extends e_shortcode
|
||||
{
|
||||
// $text .= "<br /><b><a href='".e_ADMIN_ABS."message.php'>".ADLAN_LAT_8." [".$amount."]</a></b>";
|
||||
|
||||
$oldconfigs['e-generic'][0] = array('icon' =>E_16_NOTIFY, 'title' =>ADLAN_LAT_8, 'url' => e_ADMIN_ABS. 'message.php', 'total' =>$amount);
|
||||
$oldconfigs['e-generic'][0] = array('icon' =>defset('E_16_NOTIFY'), 'title' =>defset('ADLAN_LAT_8'), 'url' => e_ADMIN_ABS. 'message.php', 'total' =>$amount);
|
||||
}
|
||||
|
||||
|
||||
@ -1304,7 +1305,7 @@ class admin_shortcodes extends e_shortcode
|
||||
<br /><br />
|
||||
<b>' .FOOTLAN_19. '</b>
|
||||
<br />
|
||||
' .strftime('%A %d %B %Y - %H:%M').
|
||||
' .e_date::strftime('%A %d %B %Y - %H:%M').
|
||||
'<br />';
|
||||
|
||||
return e107::getRender()->tablerender(FOOTLAN_13, $text, '', TRUE);
|
||||
@ -2146,7 +2147,7 @@ Inverse 10 <span class="badge badge-inverse">10</span>
|
||||
continue;
|
||||
}
|
||||
|
||||
$catid = $admin_cat['id'][$subitem[4]];
|
||||
$catid = isset($admin_cat['id'][$subitem[4]]) ? $admin_cat['id'][$subitem[4]] : null;
|
||||
$tmp = array();
|
||||
$tmp['text'] = $subitem[1];
|
||||
$tmp['description'] = $subitem[2];
|
||||
@ -2415,7 +2416,7 @@ Inverse 10 <span class="badge badge-inverse">10</span>
|
||||
$languages = $slng->installed();//array('English','French');
|
||||
$multiDoms = array();
|
||||
|
||||
if($langSubs = explode("\n", e107::getPref('multilanguage_subdomain')))
|
||||
if($langSubs = explode("\n", (string) e107::getPref('multilanguage_subdomain')))
|
||||
{
|
||||
|
||||
foreach($langSubs as $v)
|
||||
|
@ -1209,7 +1209,7 @@ class news_shortcodes extends e_shortcode
|
||||
/** New in v2.3 {NEWS_PAGINATION} */
|
||||
function sc_news_pagination($parm=null)
|
||||
{
|
||||
$params = e107::getRegistry('core/news/pagination');
|
||||
$params = (string) e107::getRegistry('core/news/pagination');
|
||||
|
||||
parse_str($params,$opts);
|
||||
|
||||
|
@ -199,7 +199,7 @@ class signup_shortcodes extends e_shortcode
|
||||
if (check_class($pref['displayname_class']))
|
||||
{
|
||||
$dis_name_len = varset($pref['displayname_maxlength'],15);
|
||||
$val = !empty($_POST['username']) ? filter_var($_POST['username'], FILTER_SANITIZE_STRING) : '';
|
||||
$val = !empty($_POST['username']) ? e107::getParser()->filter($_POST['username'], 'str') : '';
|
||||
return e107::getForm()->text('username', $val, $dis_name_len);
|
||||
|
||||
}
|
||||
@ -230,7 +230,7 @@ class signup_shortcodes extends e_shortcode
|
||||
$options['class'] = vartrue($parm['class'],'');
|
||||
$options['placeholder'] = vartrue($parm['placeholder']) ? $parm['placeholder'] : '';
|
||||
|
||||
$val = !empty($_POST['loginname']) ? filter_var($_POST['loginname'], FILTER_SANITIZE_STRING) : '';
|
||||
$val = !empty($_POST['loginname']) ? e107::getParser()->filter($_POST['loginname'], 'str') : '';
|
||||
|
||||
return e107::getForm()->text('loginname', $val, $log_name_length, $options);
|
||||
}
|
||||
@ -252,7 +252,7 @@ class signup_shortcodes extends e_shortcode
|
||||
$options['class'] = vartrue($parm['class'],'');
|
||||
$options['placeholder'] = vartrue($parm['placeholder'],'');
|
||||
|
||||
$val = ($_POST['realname']) ? filter_var($_POST['realname'], FILTER_SANITIZE_STRING) : '';
|
||||
$val = ($_POST['realname']) ? e107::getParser()->filter($_POST['realname'], 'str') : '';
|
||||
|
||||
return e107::getForm()->text('realname', $val, 100, $options);
|
||||
|
||||
|
@ -642,7 +642,7 @@ class usersettings_shortcodes extends e_shortcode
|
||||
}
|
||||
|
||||
$uVal = str_replace(chr(1), "", varset($this->var['user_' . $parm]));
|
||||
$fval = $ue->user_extended_edit($fInfo, $uVal);
|
||||
$fval = (string) $ue->user_extended_edit($fInfo, $uVal);
|
||||
|
||||
|
||||
$rVal = !empty($fInfo['user_extended_struct_required']);
|
||||
|
@ -12,6 +12,9 @@
|
||||
|
||||
namespace e107\Shims\Internal;
|
||||
|
||||
use DateTimeZone;
|
||||
use e_date;
|
||||
|
||||
trait StrptimeTrait
|
||||
{
|
||||
/**
|
||||
@ -38,7 +41,8 @@ trait StrptimeTrait
|
||||
{
|
||||
$result = false;
|
||||
if (function_exists('strptime') && (new \ReflectionFunction('strptime'))->isInternal())
|
||||
$result = strptime($date, $format);
|
||||
// @ to suppress PHP 8.1 deprecation warning
|
||||
$result = @strptime($date, $format);
|
||||
if (!is_array($result))
|
||||
$result = self::strptime_alt($date, $format);
|
||||
return $result;
|
||||
@ -76,10 +80,10 @@ trait StrptimeTrait
|
||||
|
||||
for ($i = 1; $i <= 12; $i++)
|
||||
{
|
||||
$k = strftime('%B', mktime(0, 0, 0, $i));
|
||||
$k = e_date::strftime('%B', mktime(0, 0, 0, $i));
|
||||
$fullmonth[$k] = $i;
|
||||
|
||||
$j = strftime('%b', mktime(0, 0, 0, $i));
|
||||
$j = e_date::strftime('%b', mktime(0, 0, 0, $i));
|
||||
$abrevmonth[$j] = $i;
|
||||
}
|
||||
|
||||
@ -153,8 +157,10 @@ trait StrptimeTrait
|
||||
|
||||
$unxTimestamp = mktime($vals['tm_hour'], $vals['tm_min'], $vals['tm_sec'], ($vals['tm_mon'] + 1), $vals['tm_mday'], ($vals['tm_year'] + 1900));
|
||||
|
||||
$vals['tm_wday'] = (int)strftime('%w', $unxTimestamp); // Days since Sunday (0-6)
|
||||
$vals['tm_yday'] = (strftime('%j', $unxTimestamp) - 1); // Days since January 1 (0-365)
|
||||
$datetime = date_create("@$unxTimestamp");
|
||||
$datetime->setTimezone(new DateTimeZone(date_default_timezone_get()));
|
||||
$vals['tm_wday'] = date_format($datetime, 'w'); // Days since Sunday (0-6)
|
||||
$vals['tm_yday'] = date_format($datetime, 'z'); // Days since January 1 (0-365)
|
||||
}
|
||||
|
||||
return !empty($vals) ? $vals : false;
|
||||
|
@ -966,7 +966,7 @@ class e_admin_log
|
||||
}
|
||||
else
|
||||
{
|
||||
$app = null;
|
||||
$app = 0;
|
||||
$text = $head . $text;
|
||||
}
|
||||
|
||||
|
@ -6686,9 +6686,10 @@ class e_admin_ui extends e_admin_controller_ui
|
||||
protected function parseAliases()
|
||||
{
|
||||
// parse table
|
||||
if(strpos($this->table, '.') !== false)
|
||||
$tableName = $this->getTableName();
|
||||
if(strpos($tableName, '.') !== false)
|
||||
{
|
||||
$tmp = explode('.', $this->table, 2);
|
||||
$tmp = explode('.', $tableName, 2);
|
||||
$this->table = $tmp[1];
|
||||
$this->tableAlias = $tmp[0];
|
||||
unset($tmp);
|
||||
@ -7443,7 +7444,7 @@ class e_admin_form_ui extends e_form
|
||||
$vars = $this->getController()->getQuery();
|
||||
$vars['from'] = '[FROM]';
|
||||
|
||||
$paginate = http_build_query($vars, null, '&');
|
||||
$paginate = http_build_query($vars, '', '&');
|
||||
|
||||
e107::js('footer-inline', "
|
||||
\$('#admin-ui-list-filter a.nextprev-item').on('click', function() {
|
||||
@ -7517,7 +7518,7 @@ class e_admin_form_ui extends e_form
|
||||
$gridAction = $this->getController()->getAction() === 'grid' ? 'list' : 'grid';
|
||||
$gridQuery = (array) $_GET;
|
||||
$gridQuery['action'] = $gridAction;
|
||||
$toggleUrl = e_REQUEST_SELF. '?' .http_build_query($gridQuery, null, '&');
|
||||
$toggleUrl = e_REQUEST_SELF. '?' .http_build_query($gridQuery, '', '&');
|
||||
$gridIcon = ($gridAction === 'grid') ? ADMIN_GRID_ICON : ADMIN_LIST_ICON;
|
||||
$gridTitle = ($gridAction === 'grid') ? LAN_UI_VIEW_GRID_LABEL : LAN_UI_VIEW_LIST_LABEL;
|
||||
$gridToggle = "<a class='btn btn-default' href='".$toggleUrl."' title=\"".$gridTitle. '">' .$gridIcon. '</a>';
|
||||
@ -8082,10 +8083,10 @@ class e_admin_form_ui extends e_form
|
||||
$parms['__options'] = $fopts;
|
||||
}
|
||||
|
||||
|
||||
if(!is_array(varset($parms['__options'])))
|
||||
if (!isset($parms['__options'])) $parms['__options'] = null;
|
||||
if(!is_array($parms['__options']))
|
||||
{
|
||||
parse_str($parms['__options'], $parms['__options']);
|
||||
parse_str((string) $parms['__options'], $parms['__options']);
|
||||
}
|
||||
$opts = $parms['__options'];
|
||||
if(!empty($opts['multiple']) && $type === 'batch')
|
||||
|
@ -389,6 +389,7 @@ class e_bbcode
|
||||
ob_start();
|
||||
try
|
||||
{
|
||||
$bbcode = isset($bbcode) && is_string($bbcode) ? $bbcode : '';
|
||||
$bbcode_return = eval($bbcode); //FIXME notice removal
|
||||
}
|
||||
catch (ParseError $e)
|
||||
@ -403,6 +404,7 @@ class e_bbcode
|
||||
trigger_error($error, E_USER_NOTICE);
|
||||
}
|
||||
|
||||
$bbcode_return = isset($bbcode_return) ? $bbcode_return : '';
|
||||
/* added to remove possibility of nested bbcode exploits ... */
|
||||
if(strpos($bbcode_return, "[") !== FALSE)
|
||||
{
|
||||
@ -548,7 +550,7 @@ class e_bbcode
|
||||
*/
|
||||
function renderButtons($template='', $id='', $options=array())
|
||||
{
|
||||
|
||||
$template = (string) $template;
|
||||
$tp = e107::getParser();
|
||||
|
||||
// Notice Removal
|
||||
@ -804,7 +806,7 @@ class e_bbcode
|
||||
$code_text = (strpos($img['src'],'http') === 0) ? $img['src'] : str_replace($tp->getUrlConstants('raw'), $tp->getUrlConstants('sc'), $qr['src']);
|
||||
|
||||
unset($img['src'],$img['srcset'],$img['@value'], $img['caption'], $img['alt']);
|
||||
$parms = !empty($img) ? ' '.str_replace('+', ' ', http_build_query($img,null, '&')) : "";
|
||||
$parms = !empty($img) ? ' '.str_replace('+', ' ', http_build_query($img)) : "";
|
||||
|
||||
$replacement = '[img'.$parms.']'.$code_text.'[/img]';
|
||||
|
||||
|
@ -320,7 +320,6 @@ class ecache {
|
||||
* @scope private
|
||||
*/
|
||||
function delete($dir, $pattern = "*.*", $syscache = false) {
|
||||
$deleted = false;
|
||||
$pattern = ($syscache ? "S_" : "C_").$pattern;
|
||||
$pattern = str_replace(array("\*", "\?"), array(".*", "."), preg_quote($pattern));
|
||||
if (substr($dir, -1) != "/") {
|
||||
@ -331,9 +330,7 @@ class ecache {
|
||||
$d = opendir($dir);
|
||||
while ($file = readdir($d)) {
|
||||
if (is_file($dir.$file) && preg_match("/^{$pattern}$/", $file)) {
|
||||
if (unlink($dir.$file)) {
|
||||
$deleted[] = $file;
|
||||
}
|
||||
unlink($dir.$file);
|
||||
}
|
||||
}
|
||||
closedir($d);
|
||||
|
@ -391,7 +391,7 @@ class CronParser
|
||||
|
||||
function getLastRan()
|
||||
{
|
||||
return explode(",", strftime("%M,%H,%d,%m,%w,%Y", $this->lastRan)); //Get the values for now in a format we can use
|
||||
return explode(",", e_date::strftime("%M,%H,%d,%m,%w,%Y", $this->lastRan)); //Get the values for now in a format we can use
|
||||
}
|
||||
|
||||
function getLastRanUnix()
|
||||
@ -505,7 +505,7 @@ class CronParser
|
||||
}
|
||||
|
||||
//put the current time into an array
|
||||
$t = strftime("%M,%H,%d,%m,%w,%Y", time());
|
||||
$t = e_date::strftime("%M,%H,%d,%m,%w,%Y", time());
|
||||
$this->now = explode(",", $t);
|
||||
|
||||
$this->year = $this->now[5];
|
||||
|
@ -37,17 +37,17 @@ class e_date
|
||||
|
||||
for ($i=1; $i < 8; $i++)
|
||||
{
|
||||
$day = strftime('%A', mktime(1,1,1, 1, $i, 2012));
|
||||
$dates['days'][] = $day;
|
||||
$dates['daysShort'][] = strftime('%a', mktime(1,1,1, 1, $i, 2012));
|
||||
$dates['daysMin'][] = substr($day,0,2);
|
||||
$day = e_date::strftime('%A', mktime(1, 1, 1, 1, $i, 2012));
|
||||
$dates['days'][] = $day;
|
||||
$dates['daysShort'][] = e_date::strftime('%a', mktime(1, 1, 1, 1, $i, 2012));
|
||||
$dates['daysMin'][] = substr($day, 0, 2);
|
||||
}
|
||||
|
||||
|
||||
for ($i=1; $i < 13; $i++)
|
||||
{
|
||||
$dates['months'][] = strftime('%B', mktime(1,1,1, $i, 2, 2013));
|
||||
$dates['monthsShort'][] = strftime('%h', mktime(1,1,1, $i, 2, 2013));
|
||||
$dates['months'][] = e_date::strftime('%B', mktime(1, 1, 1, $i, 2, 2013));
|
||||
$dates['monthsShort'][] = e_date::strftime('%h', mktime(1, 1, 1, $i, 2, 2013));
|
||||
}
|
||||
|
||||
|
||||
@ -86,11 +86,11 @@ class e_date
|
||||
{
|
||||
$val = ($type == 'month-short') ? '%b' : '%B'; //eg. 'Aug' / 'August'
|
||||
$marray = array();
|
||||
for ($i=1; $i < 13; $i++)
|
||||
{
|
||||
$marray[$i] = strftime($val,mktime(1,1,1,$i,1,2000));
|
||||
for ($i = 1; $i < 13; $i++)
|
||||
{
|
||||
$marray[$i] = e_date::strftime($val, mktime(1, 1, 1, $i, 1, 2000));
|
||||
}
|
||||
|
||||
|
||||
return $marray;
|
||||
}
|
||||
|
||||
@ -102,15 +102,15 @@ class e_date
|
||||
switch ($type)
|
||||
{
|
||||
case 'day-shortest': // eg. 'Tu'
|
||||
$days[] = substr(strftime('%a',mktime(1,1,1,6,$i,2014)),0,2);
|
||||
$days[] = substr(e_date::strftime('%a', mktime(1, 1, 1, 6, $i, 2014)), 0, 2);
|
||||
break;
|
||||
|
||||
case 'day-short': // eg. 'Tue'
|
||||
$days[] = strftime('%a',mktime(1,1,1,6,$i,2014));
|
||||
$days[] = e_date::strftime('%a', mktime(1, 1, 1, 6, $i, 2014));
|
||||
break;
|
||||
|
||||
default: // eg. 'Tuesday'
|
||||
$days[] = strftime('%A',mktime(1,1,1,6,$i,2014));
|
||||
$days[] = e_date::strftime('%A', mktime(1, 1, 1, 6, $i, 2014));
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -196,7 +196,7 @@ class e_date
|
||||
break;
|
||||
}
|
||||
|
||||
$dateString = strftime($mask, $datestamp);
|
||||
$dateString = e_date::strftime($mask, $datestamp);
|
||||
|
||||
if (!e107::getParser()->isUTF8($dateString))
|
||||
{
|
||||
@ -206,8 +206,95 @@ class e_date
|
||||
return $dateString;
|
||||
}
|
||||
|
||||
/**
|
||||
* Polyfill for {@see strftime()}, which was deprecated in PHP 8.1
|
||||
*
|
||||
* The implementation is an approximation that may be wrong for some obscure formatting characters.
|
||||
*
|
||||
* @param string $format The old {@see strftime()} format string
|
||||
* @param int|null $timestamp A Unix epoch timestamp. If null, defaults to the value of {@see time()}.
|
||||
* @return string Datetime formatted according to the provided arguments
|
||||
*/
|
||||
public static function strftime($format, $timestamp = null)
|
||||
{
|
||||
if ($timestamp === null) $timestamp = time();
|
||||
$datetime = date_create("@$timestamp");
|
||||
$datetime->setTimezone(new DateTimeZone(date_default_timezone_get()));
|
||||
|
||||
$formatMap = [
|
||||
'%a' => 'D',
|
||||
'%A' => 'l',
|
||||
'%d' => 'd',
|
||||
'%e' => function($datetime)
|
||||
{
|
||||
return str_pad(date_format($datetime, 'n'), 2, " ", STR_PAD_LEFT);
|
||||
},
|
||||
'%j' => function($datetime)
|
||||
{
|
||||
return str_pad(date_format($datetime, 'z'), 3, "0", STR_PAD_LEFT);
|
||||
},
|
||||
'%u' => 'N',
|
||||
'%w' => 'w',
|
||||
'%U' => 'W',
|
||||
'%V' => 'W',
|
||||
'%W' => 'W',
|
||||
'%b' => 'M',
|
||||
'%B' => 'F',
|
||||
'%h' => 'M',
|
||||
'%m' => 'm',
|
||||
'%C' => function($datetime)
|
||||
{
|
||||
return (string) ((int) date_format($datetime, 'Y') / 100);
|
||||
},
|
||||
'%g' => 'y',
|
||||
'%G' => 'Y',
|
||||
'%y' => 'y',
|
||||
'%Y' => 'Y',
|
||||
'%H' => 'H',
|
||||
'%k' => function($datetime)
|
||||
{
|
||||
return str_pad(date_format($datetime, 'G'), 2, " ", STR_PAD_LEFT);
|
||||
},
|
||||
'%I' => 'h',
|
||||
'%l' => function($datetime)
|
||||
{
|
||||
return str_pad(date_format($datetime, 'g'), 2, " ", STR_PAD_LEFT);
|
||||
},
|
||||
'%M' => 'i',
|
||||
'%p' => 'A',
|
||||
'%P' => 'a',
|
||||
'%r' => 'h:i:s A',
|
||||
'%R' => 'H:i',
|
||||
'%S' => 's',
|
||||
'%T' => 'H:i:s',
|
||||
'%X' => 'H:i:s',
|
||||
'%z' => 'O',
|
||||
'%Z' => 'T',
|
||||
'%c' => 'r',
|
||||
'%D' => 'm/d/y',
|
||||
'%F' => 'Y-m-d',
|
||||
'%s' => 'U',
|
||||
'%x' => 'Y-m-d',
|
||||
'%n' => "\n",
|
||||
'%t' => "\t",
|
||||
'%%' => '\%',
|
||||
];
|
||||
|
||||
foreach ($formatMap as $strftime_key => $date_format_key)
|
||||
{
|
||||
if (is_callable($date_format_key))
|
||||
{
|
||||
$replacement = chunk_split($date_format_key($datetime), 1, "\\");
|
||||
}
|
||||
else
|
||||
{
|
||||
$replacement = $date_format_key;
|
||||
}
|
||||
$format = str_replace($strftime_key, $replacement, $format);
|
||||
}
|
||||
|
||||
return date_format($datetime, $format);
|
||||
}
|
||||
|
||||
/**
|
||||
* @deprecated - for internal use only.
|
||||
@ -787,11 +874,12 @@ class e_date
|
||||
*/
|
||||
public function strptime($str, $format)
|
||||
{
|
||||
trigger_error('<b>'.__METHOD__.' is deprecated.</b> Use eShims::strptime() instead', E_USER_DEPRECATED); // NO LAN
|
||||
trigger_error('<b>' . __METHOD__ . ' is deprecated.</b> Use eShims::strptime() instead', E_USER_DEPRECATED); // NO LAN
|
||||
|
||||
$vals = eShims::strptime($str, $format); // PHP5 is more accurate than below.
|
||||
$vals['tm_amon'] = strftime('%b', mktime(0, 0, 0, $vals['tm_mon'] + 1));
|
||||
$vals['tm_fmon'] = strftime('%B', mktime(0, 0, 0, $vals['tm_mon'] + 1));
|
||||
$vals['tm_amon'] = e_date::strftime('%b', mktime(0, 0, 0, $vals['tm_mon'] + 1));
|
||||
$vals['tm_fmon'] = e_date::strftime('%B', mktime(0, 0, 0, $vals['tm_mon'] + 1));
|
||||
|
||||
return $vals;
|
||||
}
|
||||
|
||||
@ -870,12 +958,7 @@ class e_date
|
||||
// Evaluate the formats whilst suppressing any errors.
|
||||
foreach($strftimeFormats as $format => $description)
|
||||
{
|
||||
//if (False !== ($value = @strftime("%{$format}")))
|
||||
$value = @strftime("%{$format}");
|
||||
if (False !== $value)
|
||||
{
|
||||
$strftimeValues[$format] = $value;
|
||||
}
|
||||
$strftimeValues[$format] = e_date::strftime("%{$format}");
|
||||
}
|
||||
|
||||
// Find the longest value.
|
||||
|
@ -128,6 +128,7 @@ class db_table_admin
|
||||
// Returns an array where each entry is the definitions of a field or index
|
||||
function parse_field_defs($text)
|
||||
{
|
||||
$text = (string) $text;
|
||||
$ans = array(
|
||||
);
|
||||
$text = str_replace("\r", "\n", $text);
|
||||
|
@ -426,7 +426,7 @@ class e_db_pdo implements e_db
|
||||
if ($this->debugMode === true)
|
||||
{
|
||||
$aTrace = debug_backtrace();
|
||||
$pTable = $this->mySQLcurTable;
|
||||
$pTable = (string) $this->mySQLcurTable;
|
||||
|
||||
if(!strlen($pTable))
|
||||
{
|
||||
@ -2558,6 +2558,11 @@ class e_db_pdo implements e_db
|
||||
private function setSQLMode()
|
||||
{
|
||||
$this->db_Query("SET SESSION sql_mode='NO_ENGINE_SUBSTITUTION';");
|
||||
/**
|
||||
* Disable PHP 8.1 PDO result set typing casting for consistency with PHP 5.6 through 8.0
|
||||
* @link https://github.com/php/php-src/blob/4025cf2875f895e9f7193cebb1c8efa4290d052e/UPGRADING#L130-L134
|
||||
*/
|
||||
$this->mySQLaccess->setAttribute(PDO::ATTR_STRINGIFY_FETCHES, true);
|
||||
}
|
||||
|
||||
|
||||
@ -2623,7 +2628,7 @@ class e_db_pdo implements e_db
|
||||
{
|
||||
if (is_readable(e_CACHE_DB.$tableName.'.php'))
|
||||
{
|
||||
$temp = file_get_contents(e_CACHE_DB.$tableName.'.php', FILE_TEXT);
|
||||
$temp = file_get_contents(e_CACHE_DB.$tableName.'.php');
|
||||
if ($temp !== false)
|
||||
{
|
||||
$typeDefs = e107::unserialize($temp);
|
||||
|
@ -508,7 +508,7 @@ class e_parse
|
||||
foreach($data as $key => $var)
|
||||
{
|
||||
//Fix - sanitize keys as well
|
||||
$key = filter_var($key, FILTER_SANITIZE_STRING);
|
||||
$key = str_replace(['"', "'"], ['"', '''], $key);
|
||||
$ret[$key] = $this->toDB($var, $nostrip, $no_encode, $mod, $parm);
|
||||
}
|
||||
|
||||
@ -787,6 +787,8 @@ class e_parse
|
||||
return $arr;
|
||||
}
|
||||
|
||||
$text = (string) $text;
|
||||
|
||||
if(MAGIC_QUOTES_GPC == true)
|
||||
{
|
||||
$text = stripslashes($text);
|
||||
@ -2003,6 +2005,7 @@ class e_parse
|
||||
*/
|
||||
public function toText($text)
|
||||
{
|
||||
$text = (string) $text;
|
||||
|
||||
if($this->isBBcode($text) === true) // convert any bbcodes to html
|
||||
{
|
||||
@ -2338,6 +2341,7 @@ class e_parse
|
||||
*/
|
||||
public function thumbUrl($url = null, $options = array(), $raw = false, $full = false)
|
||||
{
|
||||
$url = (string) $url;
|
||||
|
||||
$this->staticCount++; // increment counter.
|
||||
|
||||
@ -3717,7 +3721,7 @@ class e_parse
|
||||
$parm = $options;
|
||||
$options = varset($parm['space'], '');
|
||||
}
|
||||
elseif(strpos($options, '='))
|
||||
elseif (is_string($options) && strpos($options, '='))
|
||||
{
|
||||
parse_str($options, $parm);
|
||||
$options = varset($parm['space'], '');
|
||||
@ -4618,7 +4622,7 @@ class e_parse
|
||||
$ytpref['cc_lang_pref'] = e_LAN; // switch captions with chosen user language.
|
||||
}
|
||||
|
||||
$ytqry = http_build_query($ytpref, null, '&');
|
||||
$ytqry = http_build_query($ytpref, '', '&');
|
||||
|
||||
$defClass = !empty($this->bootstrap) ? 'embed-responsive embed-responsive-16by9 ratio ratio-16x9' : 'video-responsive'; // levacy backup.
|
||||
|
||||
@ -4848,7 +4852,7 @@ class e_parse
|
||||
{
|
||||
$filterTypes = array(
|
||||
'int' => FILTER_SANITIZE_NUMBER_INT,
|
||||
'str' => FILTER_SANITIZE_STRING, // no html.
|
||||
'str' => function($input) { return strip_tags($input); },
|
||||
'email' => FILTER_SANITIZE_EMAIL,
|
||||
'url' => FILTER_SANITIZE_URL,
|
||||
'enc' => FILTER_SANITIZE_ENCODED
|
||||
@ -4870,13 +4874,19 @@ class e_parse
|
||||
trigger_error("Unsupported type '".$type."' used in e107::getParser()->filter().", E_USER_WARNING);
|
||||
}
|
||||
|
||||
if(is_array($text))
|
||||
$filter = $filterTypes[$type];
|
||||
$filter = function($element) use ($filter)
|
||||
{
|
||||
$ret = filter_var_array($text, $filterTypes[$type]);
|
||||
$element = (string) $element;
|
||||
return is_callable($filter) ? $filter($element) : filter_var($element, $filter);
|
||||
};
|
||||
if (is_array($text))
|
||||
{
|
||||
$ret = filter_var($text, FILTER_CALLBACK, ['options' => $filter]);
|
||||
}
|
||||
else
|
||||
{
|
||||
$ret = filter_var($text, $filterTypes[$type]);
|
||||
$ret = $filter($text);
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -370,6 +370,7 @@
|
||||
*/
|
||||
private function tablestyle($caption, $text, $mode)
|
||||
{
|
||||
$text = (string) $text;
|
||||
|
||||
// Automatic list detection .
|
||||
$isList = (strncmp(ltrim($text), '<ul', 3) === 0);
|
||||
|
@ -485,7 +485,7 @@ class e_thumbnail
|
||||
$ret['h'] = isset($this->_request['h']) ? intval($this->_request['h']) : $ret['w'];
|
||||
$ret['aw'] = isset($this->_request['aw']) ? intval($this->_request['aw']) : false;
|
||||
$ret['ah'] = isset($this->_request['ah']) ? intval($this->_request['ah']) : $ret['aw'];
|
||||
$ret['c'] = isset($this->_request['c']) ? strtoupper(substr(filter_var($this->_request['c'],FILTER_SANITIZE_STRING),0,1)) : false;
|
||||
$ret['c'] = isset($this->_request['c']) ? strtoupper(substr(e107::getParser()->filter($this->_request['c'], 'str'),0,1)) : false;
|
||||
// $ret['wm'] = isset($this->_request['wm']) ? intval($this->_request['wm']) : $ret['wm'];
|
||||
|
||||
if($ret['c'] == 'A') // auto
|
||||
|
@ -2745,7 +2745,7 @@ class e_form
|
||||
|
||||
if(!is_array($options))
|
||||
{
|
||||
parse_str($options, $options);
|
||||
parse_str((string) $options, $options);
|
||||
}
|
||||
|
||||
if(is_array($value))
|
||||
@ -2979,7 +2979,7 @@ class e_form
|
||||
}
|
||||
if(!is_array($options))
|
||||
{
|
||||
parse_str($options, $options);
|
||||
parse_str((string) $options, $options);
|
||||
}
|
||||
|
||||
if(!empty($options['help']))
|
||||
@ -3052,7 +3052,7 @@ class e_form
|
||||
|
||||
if(!is_array($options))
|
||||
{
|
||||
parse_str($options, $options);
|
||||
parse_str((string) $options, $options);
|
||||
}
|
||||
|
||||
|
||||
@ -3109,7 +3109,7 @@ class e_form
|
||||
{
|
||||
if(!is_array($options))
|
||||
{
|
||||
parse_str($options, $options);
|
||||
parse_str((string) $options, $options);
|
||||
}
|
||||
|
||||
if($option_array === 'yesno')
|
||||
@ -3712,6 +3712,7 @@ var_dump($select_options);*/
|
||||
*/
|
||||
public function admin_button($name, $value, $action = 'submit', $label = '', $options = array())
|
||||
{
|
||||
$action = (string) $action;
|
||||
$btype = 'submit';
|
||||
if(strpos($action, 'action') === 0 || $action === 'button')
|
||||
{
|
||||
@ -3909,7 +3910,8 @@ var_dump($select_options);*/
|
||||
//
|
||||
foreach ($options as $option => $optval)
|
||||
{
|
||||
$optval = trim($optval);
|
||||
$optval = trim((string) $optval);
|
||||
$optval = htmlspecialchars($optval, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
|
||||
switch ($option)
|
||||
{
|
||||
|
||||
@ -4384,14 +4386,15 @@ var_dump($select_options);*/
|
||||
|
||||
public function thead($fieldarray, $columnPref = array(), $querypattern = '', $requeststr = '')
|
||||
{
|
||||
$tp = e107::getParser();
|
||||
$text = '';
|
||||
|
||||
$querypattern = filter_var($querypattern, FILTER_SANITIZE_STRING);
|
||||
$querypattern = $tp->filter($querypattern, 'str');
|
||||
if(!$requeststr)
|
||||
{
|
||||
$requeststr = rawurldecode(e_QUERY);
|
||||
}
|
||||
$requeststr = filter_var($requeststr, FILTER_SANITIZE_STRING);
|
||||
$requeststr = $tp->filter($requeststr, 'str');
|
||||
|
||||
// Recommended pattern: mode=list&field=[FIELD]&asc=[ASC]&from=[FROM]
|
||||
if(strpos($querypattern,'&')!==FALSE)
|
||||
@ -4787,7 +4790,7 @@ var_dump($select_options);*/
|
||||
{
|
||||
foreach($array as $k=>$v)
|
||||
{
|
||||
$jsonArray[$k] = str_replace("'", '`', $v);
|
||||
$jsonArray[$k] = str_replace("'", '`', (string) $v);
|
||||
}
|
||||
}
|
||||
|
||||
@ -4978,7 +4981,7 @@ var_dump($select_options);*/
|
||||
$eModalCap .= " data-modal-submit='true'";
|
||||
}
|
||||
|
||||
$query = http_build_query($query, null, '&');
|
||||
$query = http_build_query($query, '', '&');
|
||||
$text .= "<a href='".e_SELF."?{$query}' class='btn btn-default btn-secondary".$eModal."' ".$eModalCap." title='".LAN_EDIT."' data-toggle='tooltip' data-bs-toggle='tooltip' data-placement='left'>
|
||||
".$editIconDefault. '</a>';
|
||||
}
|
||||
@ -5226,10 +5229,11 @@ var_dump($select_options);*/
|
||||
parse_str($attributes['writeParms'], $attributes['writeParms']);
|
||||
}
|
||||
$wparms = $attributes['writeParms'];
|
||||
|
||||
if(!is_array(varset($wparms['__options'])))
|
||||
|
||||
if (!isset($wparms['__options'])) $wparms['__options'] = null;
|
||||
if(!is_array($wparms['__options']))
|
||||
{
|
||||
parse_str($wparms['__options'], $wparms['__options']);
|
||||
parse_str((string) $wparms['__options'], $wparms['__options']);
|
||||
}
|
||||
|
||||
if(!empty($wparms['optArray']))
|
||||
|
@ -157,7 +157,7 @@ class eIPHandler
|
||||
*/
|
||||
public function __construct($configDir = '')
|
||||
{
|
||||
$configDir = trim($configDir);
|
||||
$configDir = trim((string) $configDir);
|
||||
|
||||
if ($configDir)
|
||||
{
|
||||
@ -1452,7 +1452,7 @@ class banlistManager
|
||||
private function dateFormat($date)
|
||||
{
|
||||
if ($date == 0) return '0';
|
||||
return strftime('%Y%m%d_%H%M%S',$date);
|
||||
return e_date::strftime('%Y%m%d_%H%M%S',$date);
|
||||
}
|
||||
|
||||
|
||||
|
@ -1177,6 +1177,7 @@ class e_media
|
||||
*/
|
||||
public function detectType($mediaURL)
|
||||
{
|
||||
$mediaURL = (string) $mediaURL;
|
||||
$type = pathinfo($mediaURL,PATHINFO_EXTENSION);
|
||||
|
||||
if($type == 'glyph')
|
||||
@ -1456,7 +1457,7 @@ class e_media
|
||||
return $path;
|
||||
}
|
||||
|
||||
$ext = e107::getFile()->getFileExtension($mime);
|
||||
$ext = (string) e107::getFile()->getFileExtension($mime);
|
||||
|
||||
$len = strlen($ext);
|
||||
|
||||
|
@ -601,7 +601,7 @@ class e_menuManager
|
||||
|
||||
function menuPresetPerms($val)
|
||||
{
|
||||
$link_class = strtolower(trim($val));
|
||||
$link_class = strtolower(trim((string) $val));
|
||||
$menu_perm['everyone'] = e_UC_PUBLIC;
|
||||
$menu_perm['guest'] = e_UC_GUEST;
|
||||
$menu_perm['member'] = e_UC_MEMBER;
|
||||
|
@ -133,6 +133,11 @@ class e_db_mysql implements e_db
|
||||
|
||||
$this->dbg = e107::getDebug();
|
||||
|
||||
/**
|
||||
* Revert PHP 8.1 mysqli default error mode
|
||||
* @link https://github.com/php/php-src/blob/4025cf2875f895e9f7193cebb1c8efa4290d052e/UPGRADING#L101-L105
|
||||
*/
|
||||
mysqli_report(MYSQLI_REPORT_OFF);
|
||||
}
|
||||
|
||||
function getPDO()
|
||||
@ -430,7 +435,7 @@ class e_db_mysql implements e_db
|
||||
/** @var $db_debug e107_db_debug */
|
||||
global $db_debug;
|
||||
$aTrace = debug_backtrace();
|
||||
$pTable = $this->mySQLcurTable;
|
||||
$pTable = (string) $this->mySQLcurTable;
|
||||
if (!strlen($pTable)) {
|
||||
$pTable = '(complex query)';
|
||||
} else {
|
||||
@ -2464,7 +2469,7 @@ class e_db_mysql implements e_db
|
||||
{
|
||||
if (is_readable(e_CACHE_DB.$tableName.'.php'))
|
||||
{
|
||||
$temp = file_get_contents(e_CACHE_DB.$tableName.'.php', FILE_TEXT);
|
||||
$temp = file_get_contents(e_CACHE_DB.$tableName.'.php');
|
||||
if ($temp !== FALSE)
|
||||
{
|
||||
$typeDefs = e107::unserialize($temp);
|
||||
|
@ -632,7 +632,7 @@ class e_news_item extends e_front_model
|
||||
$params = array($val); //value is always the first callback argument
|
||||
$params = array_merge($params, explode(',', $parm['arg']));
|
||||
//should be done with date handler (awaiting for modifications)
|
||||
return strftime(varset($parm['arg'], e107::getPref('shortdate')), $val);
|
||||
return e_date::strftime(varset($parm['arg'], e107::getPref('shortdate')), $val);
|
||||
break;
|
||||
|
||||
default:
|
||||
|
@ -1046,7 +1046,7 @@ class e_plugin
|
||||
|
||||
if(empty($ver))
|
||||
{
|
||||
return null;
|
||||
return '';
|
||||
}
|
||||
|
||||
$ver = str_replace('e107','',$ver);
|
||||
@ -1079,7 +1079,7 @@ class e_plugin
|
||||
|
||||
);
|
||||
|
||||
return str_replace($pathFilter,'', $path);
|
||||
return str_replace($pathFilter,'', (string) $path);
|
||||
}
|
||||
|
||||
|
||||
|
@ -32,7 +32,7 @@ class e_search
|
||||
function __construct($query = '')
|
||||
{
|
||||
$tp = e107::getParser();
|
||||
$this->query = $query;
|
||||
$this->query = (string) $query;
|
||||
$this->bullet = '';
|
||||
|
||||
if(defined('GLYPH'))
|
||||
|
@ -397,6 +397,7 @@ class e_session
|
||||
if($key == null) // clear all under this namespace.
|
||||
{
|
||||
$this->_data = array(); // must be set to array() not unset.
|
||||
return $this;
|
||||
}
|
||||
|
||||
if(strpos($key,'/') !== false) // multi-dimensional
|
||||
@ -538,7 +539,14 @@ class e_session
|
||||
// ini_set('session.save_handler', 'user');
|
||||
|
||||
$session = new e_session_db;
|
||||
session_set_save_handler($session, true);
|
||||
session_set_save_handler(
|
||||
[$session, 'open'],
|
||||
[$session, 'close'],
|
||||
[$session, 'read'],
|
||||
[$session, 'write'],
|
||||
[$session, 'destroy'],
|
||||
[$session, 'gc']
|
||||
);
|
||||
$session->setSaveHandler();
|
||||
break;
|
||||
|
||||
@ -1112,7 +1120,12 @@ class e_core_session extends e_session
|
||||
}
|
||||
|
||||
|
||||
class e_session_db implements SessionHandlerInterface
|
||||
/**
|
||||
* Database session handler
|
||||
*
|
||||
* @todo PHP 8.1 support with {@see SessionHandlerInterface}
|
||||
*/
|
||||
class e_session_db #implements SessionHandlerInterface
|
||||
{
|
||||
/**
|
||||
* @var e_db
|
||||
|
@ -992,8 +992,7 @@ class e_parse_shortcode
|
||||
// print_a($this);
|
||||
}
|
||||
|
||||
|
||||
$ret = preg_replace_callback('#\{([A-Z][^\x02]*?\S)\}#', array(&$this, 'doCode'), $text); // must always start with uppercase letter
|
||||
$ret = preg_replace_callback('#\{([A-Z][^\x02]*?\S)\}#', array(&$this, 'doCode'), (string) $text); // must always start with uppercase letter
|
||||
// $ret = preg_replace_callback('#\{(\S[^\x02]*?\S)\}#', array(&$this, 'doCode'), $text);
|
||||
$this->parseSCFiles = $saveParseSCFiles; // Restore previous value
|
||||
$this->addedCodes = $saveCodes;
|
||||
@ -1270,7 +1269,7 @@ class e_parse_shortcode
|
||||
include_once($_path);
|
||||
|
||||
|
||||
if (class_exists($_class, false)) // prevent __autoload - performance
|
||||
if (is_string($_class) && class_exists($_class, false)) // prevent __autoload - performance
|
||||
{
|
||||
// SecretR - fix array(parm, sc_mode) causing parm to become an array, see issue 424
|
||||
if(!method_exists($_class, $_function))
|
||||
|
@ -1457,7 +1457,8 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
|
||||
$srch = array('{ICON}', '{CAPTION}');
|
||||
$repl = array(varset($extraParms['icon']), $title);
|
||||
|
||||
$title = str_replace($srch,$repl, varset($tmpl['caption']));
|
||||
$caption = isset($tmpl['caption']) ? (string) $tmpl['caption'] : '';
|
||||
$title = str_replace($srch,$repl, $caption);
|
||||
|
||||
$ret = $ns->tablerender($title, $text, 'default', true);
|
||||
$ns->setUniqueId(null);
|
||||
|
@ -51,8 +51,8 @@ class e107_traffic
|
||||
*/
|
||||
function TimeDelta($tStart, $tFinish)
|
||||
{
|
||||
$tFrom = explode(' ', $tStart);
|
||||
$tTo = explode(' ', $tFinish);
|
||||
$tFrom = explode(' ', (string) $tStart);
|
||||
$tTo = explode(' ', (string) $tFinish);
|
||||
|
||||
if(!isset($tFrom[1]))
|
||||
{
|
||||
|
@ -195,7 +195,7 @@ function process_uploaded_files($uploaddir, $fileinfo = FALSE, $options = NULL)
|
||||
|
||||
foreach ($files['name'] as $key=>$name)
|
||||
{
|
||||
$name = filter_var($name, FILTER_SANITIZE_STRING);
|
||||
$name = $tp->filter($name, 'str');
|
||||
|
||||
$first_error = FALSE; // Clear error flag
|
||||
if (($name != '') || $files['size'][$key]) // Need this check for things like file manager which allow multiple possible uploads
|
||||
|
@ -451,6 +451,7 @@ class user_class
|
||||
*/
|
||||
public function uc_dropdown($fieldname, $curval = 0, $optlist = '', $extra_js = '')
|
||||
{
|
||||
$optlist = (string) $optlist;
|
||||
$show_classes = self::uc_required_class_list($optlist); // Get list of classes which meet criteria
|
||||
|
||||
$text = '';
|
||||
|
@ -1386,7 +1386,20 @@ class validatorClass
|
||||
break;
|
||||
}
|
||||
$field = varset($options['dbFieldName'], $f);
|
||||
if ($temp = $u_sql->count($targetTable, "(*)", "WHERE `{$f}`='" . filter_var($v, FILTER_SANITIZE_STRING) . "' AND `user_id` != " . $userID))
|
||||
// XXX: Different implementations due to missing API for preventing SQL injections
|
||||
$count = 0;
|
||||
if ($u_sql instanceof e_db_mysql)
|
||||
{
|
||||
$v = $u_sql->escape($v);
|
||||
$count = $u_sql->count($targetTable, "(*)", "WHERE `{$f}`='$v' AND `user_id` != " . $userID);
|
||||
}
|
||||
else
|
||||
{
|
||||
$u_sql->select($targetTable, "COUNT(*)", "`{$f}`=:value", ['value' => $v]);
|
||||
$row = $u_sql->fetch('num');
|
||||
$count = $row[0];
|
||||
}
|
||||
if ($count)
|
||||
{
|
||||
$errMsg = ERR_DUPLICATE;
|
||||
}
|
||||
|
@ -96,8 +96,8 @@ if (isset($_POST['clientsubmit']))
|
||||
{
|
||||
while ($row = $sql->fetch())
|
||||
{
|
||||
$start_date = ($row['banner_startdate'] ? strftime("%d %B %Y", $row['banner_startdate']) : BANNERLAN_31);
|
||||
$end_date = ($row['banner_enddate'] ? strftime("%d %B %Y", $row['banner_enddate']) : BANNERLAN_31);
|
||||
$start_date = ($row['banner_startdate'] ? e_date::strftime("%d %B %Y", $row['banner_startdate']) : BANNERLAN_31);
|
||||
$end_date = ($row['banner_enddate'] ? e_date::strftime("%d %B %Y", $row['banner_enddate']) : BANNERLAN_31);
|
||||
|
||||
$scArray = array();
|
||||
$scArray['BANNER_TABLE_CLICKPERCENTAGE'] = ($row['banner_clicks'] && $row['banner_impressions'] ? round(($row['banner_clicks'] / $row['banner_impressions']) * 100)."%" : "-");
|
||||
|
@ -26,8 +26,6 @@ class banner_shortcodes extends e_shortcode
|
||||
|
||||
$sql = e107::getDb();
|
||||
$tp = e107::getParser();
|
||||
mt_srand((double) microtime() * 1000000);
|
||||
$seed = mt_rand(1, 2000000000);
|
||||
$time = time();
|
||||
$campaign = (isset($parm['campaign']) ? $parm['campaign'] : $parm);
|
||||
|
||||
@ -40,7 +38,7 @@ class banner_shortcodes extends e_shortcode
|
||||
$query .= " AND banner_keywords REGEXP " . $tags_regexp;
|
||||
}
|
||||
|
||||
$query .= " ORDER BY RAND($seed) LIMIT 1";
|
||||
$query .= " ORDER BY RAND() LIMIT 1";
|
||||
|
||||
if($sql->select('banner', 'banner_id, banner_image, banner_clickurl, banner_description', $query))
|
||||
{
|
||||
|
@ -19,7 +19,7 @@
|
||||
*/
|
||||
if (!defined('e107_INIT')) { exit; }
|
||||
|
||||
|
||||
$parm = isset($parm) && is_string($parm) ? $parm : '';
|
||||
$cString = 'nq_news_blogacalendar_menu_'.preg_replace('#[^\w]#', '', $parm);
|
||||
$cached = e107::getCache()->retrieve($cString);
|
||||
|
||||
|
@ -357,7 +357,7 @@ class download_shortcodes extends e_shortcode
|
||||
}
|
||||
|
||||
|
||||
return "<a href='".e_REQUEST_SELF."?".http_build_query($qry, null, '&')."'>".$text."</a>" ;
|
||||
return "<a href='".e_REQUEST_SELF."?".http_build_query($qry, '', '&')."'>".$text."</a>" ;
|
||||
}
|
||||
|
||||
|
||||
|
@ -140,7 +140,7 @@ class downloadCategory
|
||||
{
|
||||
$text = "<tr><td>".$cat['download_category_id']."</td><td>".$cat['download_category_parent']."</td><td>";
|
||||
$text .= $prefix.htmlspecialchars($cat['download_category_name']).$postfix."</td><td>".$cat['d_size']."</td>";
|
||||
$text .= "<td>".$cat['d_count']."</td><td>".$cat['d_requests']."</td><td>".strftime('%H:%M %d-%m-%Y',$cat['d_last'])."</td>";
|
||||
$text .= "<td>".$cat['d_count']."</td><td>".$cat['d_requests']."</td><td>".e_date::strftime('%H:%M %d-%m-%Y',$cat['d_last'])."</td>";
|
||||
$text .= "</tr>";
|
||||
return $text;
|
||||
}
|
||||
|
@ -81,7 +81,7 @@ if (isset($_POST['faq_submit']))
|
||||
$data = $tp->toDB($_POST['data']);
|
||||
$count = ($sql->count("faqs", "(*)", "WHERE faq_parent='".intval($_POST['faq_parent'])."' ") + 1);
|
||||
|
||||
$sql->insert("faqs", " 0, '".$_POST['faq_parent']."', '$faq_question', '$data', '".filter_var($_POST['faq_comment'], FILTER_SANITIZE_STRING)."', '".time()."', '".USERID."', '".$count."' ");
|
||||
$sql->insert("faqs", " 0, '".$_POST['faq_parent']."', '$faq_question', '$data', '".e107::getParser()->filter($_POST['faq_comment'], 'str')."', '".time()."', '".USERID."', '".$count."' ");
|
||||
|
||||
$message = FAQ_ADLAN_32;
|
||||
|
||||
|
@ -151,7 +151,7 @@ class featurebox_shortcodes// must match the plugin's folder name. ie. [PLUGIN_F
|
||||
{
|
||||
$ctemplate = $mod;
|
||||
}
|
||||
parse_str($parm, $parm);
|
||||
parse_str((string) $parm, $parm);
|
||||
|
||||
$category = $this->getCategoryModel($ctemplate);
|
||||
|
||||
|
@ -65,6 +65,7 @@ class forumStats
|
||||
|
||||
$firstpost = $sql->select('forum_post', 'post_datestamp', 'post_datestamp > 0 ORDER BY post_datestamp ASC LIMIT 0,1', 'default');
|
||||
$fp = $sql->fetch();
|
||||
$fp = is_array($fp) ? $fp : array();
|
||||
|
||||
$open_ds = (int) varset($fp['post_datestamp']);
|
||||
$open_date = $gen->convert_date($open_ds, 'long');
|
||||
|
@ -727,14 +727,14 @@ class listclass
|
||||
if($thisday == $current_day)
|
||||
{
|
||||
$datepreftoday = $this->list_pref[$this->mode."_datestyletoday"];
|
||||
return strftime($datepreftoday, $datestamp);
|
||||
return e_date::strftime($datepreftoday, $datestamp);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//else use default date style
|
||||
$datepref = $this->list_pref[$this->mode."_datestyle"];
|
||||
return strftime($datepref, $datestamp);
|
||||
return e_date::strftime($datepref, $datestamp);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1864,10 +1864,10 @@ class news_front
|
||||
|
||||
|
||||
// render new date header if pref selected ...
|
||||
$thispostday = strftime("%j", $news['news_datestamp']);
|
||||
$thispostday = e_date::strftime("%j", $news['news_datestamp']);
|
||||
if ($newpostday != $thispostday && (isset($this->pref['news_newdateheader']) && $this->pref['news_newdateheader']))
|
||||
{
|
||||
echo "<div class='".DATEHEADERCLASS."'>".strftime("%A %d %B %Y", $news['news_datestamp'])."</div>";
|
||||
echo "<div class='".DATEHEADERCLASS."'>".e_date::strftime("%A %d %B %Y", $news['news_datestamp'])."</div>";
|
||||
}
|
||||
$newpostday = $thispostday;
|
||||
$news['category_id'] = $news['news_category'];
|
||||
|
@ -85,7 +85,7 @@ class page_shortcodes extends e_shortcode
|
||||
|
||||
if($parm)
|
||||
{
|
||||
$parm = http_build_query($parm, null, '&');
|
||||
$parm = http_build_query($parm);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -118,6 +118,9 @@ class pmbox_manager
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!isset($pm_info['inbox']) || !is_array($pm_info['inbox'])) $pm_info['inbox'] = [];
|
||||
if (!isset($pm_info['outbox']) || !is_array($pm_info['outbox'])) $pm_info['outbox'] = [];
|
||||
|
||||
$pm_info['inbox']['limit'] = '';
|
||||
$pm_info['outbox']['limit'] = '';
|
||||
$pm_info['inbox']['filled'] = '';
|
||||
|
@ -261,15 +261,6 @@ $override = array();
|
||||
if(isset($_POST['previous_steps']))
|
||||
{
|
||||
$tmp = unserialize(base64_decode($_POST['previous_steps']));
|
||||
|
||||
// Save unfiltered admin password (#4004) - " are transformed into "
|
||||
$tmpadminpass1 = (isset($tmp['admin']) && !empty($tmp['admin']['password'])) ? $tmp['admin']['password'] : '';
|
||||
|
||||
$tmp = filter_var_array($tmp, FILTER_SANITIZE_STRING);
|
||||
|
||||
// Restore unfiltered admin password
|
||||
$tmp['admin']['password'] = $tmpadminpass1;
|
||||
|
||||
$override = (isset($tmp['paths']) && isset($tmp['paths']['hash'])) ? array('site_path'=>$tmp['paths']['hash']) : array();
|
||||
unset($tmp);
|
||||
unset($tmpadminpass1);
|
||||
|
Loading…
x
Reference in New Issue
Block a user