Implicitly return null and start using the Security class for torrent group edits

classes/forums.class.php

@@ -46,7 +46,7 @@ class Forums
 
             if (!G::$DB->has_results()) {
                 G::$DB->set_query_id($QueryID);
-                return null;
+                return;
             }
 
             $ThreadInfo = G::$DB->next_record(MYSQLI_ASSOC, false);

classes/script_start.php

@@ -8,7 +8,7 @@ require_once 'security.class.php';
 # Initialize
 $ENV = ENV::go();
 $Security = new Security();
-$Security->setupPitfalls();
+$Security->SetupPitfalls();
 
 
 /*-- Script Start Class --------------------------------*/

classes/security.class.php

@@ -11,21 +11,20 @@ declare(strict_types = 1);
 class Security
 {
     /**
-     * ID check
+     * Check ID
      *
      * Makes sure a number ID is valid,
      * e.g., a page ID requested by GET.
-     * Optionally call authorize().
      */
-    public function idCheck($id, $auth)
+    public function CheckID($ID)
     {
-        if (!$id || !is_int($id)) {
+        $ID = (int) $ID;
+
+        if (!is_int($ID) || $ID < 1) {
             error(400);
         }
-        
-        if ($auth) {
-            authorize();
-        }
+
+        return;
     }
 
     /**
@@ -34,7 +33,7 @@ class Security
      * A series of quick sanity checks during app init.
      * Previously in classes/script_start.php.
      */
-    public function setupPitfalls()
+    public function SetupPitfalls()
     {
         # short_open_tag
         if (!ini_get('short_open_tag')) {

classes/torrentsdl.class.php

@@ -116,7 +116,7 @@ class TorrentsDL
         $this->Zip->add_file(self::get_file($TorrentData, $this->AnnounceURL, $this->AnnounceList), ($FolderName ? "$FolderName/" : "") . $FileName);
 
         usleep(25000); // We don't want to send much faster than the client can receive
-        return null;
+        return;
     }
 
     /**

classes/validate.class.php

@@ -96,10 +96,10 @@ class Validate
                 return $Err = "One or more files has the forbidden characters $BadChars:\n" . display_str($Suspect);
             
             default:
-                return null;
+                return;
         }
 
-        return null;
+        return;
     }
 
     /**
@@ -159,7 +159,7 @@ class Validate
         return true;
     }
       
-    /*
+    /**
      * These characters are invalid on Windows NTFS:
      *   : ? / < > \ * | "
      *
@@ -293,7 +293,7 @@ class Validate
         'week'
         */
                 
-        return null;
+        return;
     }
     
 

sections/index/private.php

@@ -3,7 +3,7 @@
 
 $ENV = ENV::go();
 Text::$TOC = true;
-$NewsCount = 1;
+$NewsCount = 2;
 
 if (!$News = $Cache->get_value('news')) {
     $DB->query("

sections/torrents/editgroup.php

@@ -1,24 +1,14 @@
 <?php
-#declare(strict_types = 1);
+declare(strict_types = 1);
 
-/************************************************************************
-||------------|| Edit torrent group wiki page ||-----------------------||
+/**
+ * Edit torrent group wiki page
+ *
+ * The page inserts a new revision into the wiki_torrents table,
+ * and clears the cache for the torrent group page.
+ */
 
-This page is the page that is displayed when someone feels like editing
-a torrent group's wiki page.
-
-It is called when $_GET['action'] === 'edit'. $_GET['groupid'] is the
-ID of the torrent group and must be set.
-
-The page inserts a new revision into the wiki_torrents table, and clears
-the cache for the torrent group page.
-
-************************************************************************/
-
-$GroupID = $_GET['groupid'];
-if (!is_number($GroupID) || !$GroupID) {
-    error(0);
-}
+Security::CheckID($_GET['groupid']);
 
 // Get the torrent group name and the body of the last revision
 $DB->query("

sections/torrents/functions.php

@@ -141,7 +141,7 @@ function get_group_info($GroupID, $Return = true, $RevisionID = 0, $PersonalProp
             header('Location: log.php?search='.(empty($_GET['torrentid']) ? "Group+$GroupID" : "Torrent+$_GET[torrentid]"));
             error();
         } elseif (count($TorrentList) === 0 && $ApiCall == true) {
-            return null;
+            return;
         }
 
         if (in_array(0, $DB->collect('Seeders'))) {
@@ -190,7 +190,7 @@ function get_torrent_info($TorrentID, $Return = true, $RevisionID = 0, $Personal
         }
     } else {
         if ($Return) {
-            return null;
+            return;
         }
     }
 }
@@ -219,7 +219,7 @@ function torrenthash_to_torrentid($Str)
     if ($TorrentID) {
         return $TorrentID;
     }
-    return null;
+    return;
 }
 
 function torrenthash_to_groupid($Str)
@@ -234,7 +234,7 @@ function torrenthash_to_groupid($Str)
     if ($GroupID) {
         return $GroupID;
     }
-    return null;
+    return;
 }
 
 function torrentid_to_groupid($TorrentID)
@@ -249,7 +249,7 @@ function torrentid_to_groupid($TorrentID)
     if ($GroupID) {
         return $GroupID;
     }
-    return null;
+    return;
 }
 
 // After adjusting / deleting logs, recalculate the score for the torrent

sections/torrents/nonwikiedit.php

@@ -1,8 +1,8 @@
 <?php
 declare(strict_types=1);
 
-$GroupID = (int) $_POST['groupid'];
-Security::idCheck($GroupID, true);
+Security::CheckID($_POST['groupid']);
+authorize();
 
 // Usual perm checks
 if (!check_perms('torrents_edit')) {