Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
Browse Source

Implicitly return null and start using the Security class for torrent group edits

biotorrents 4 years ago
parent
7076607450
commit
476d0f416f
9 changed files with 31 additions and 42 deletions
Unified View Show Diff Stats
  1. 1
    1
      classes/forums.class.php
  2. 1
    1
      classes/script_start.php
  3. 8
    9
      classes/security.class.php
  4. 1
    1
      classes/torrentsdl.class.php
  5. 4
    4
      classes/validate.class.php
  6. 1
    1
      sections/index/private.php
  7. 8
    18
      sections/torrents/editgroup.php
  8. 5
    5
      sections/torrents/functions.php
  9. 2
    2
      sections/torrents/nonwikiedit.php

+ 1
- 1
classes/forums.class.php View File

46
46
47 
             if (!G::$DB->has_results()) {
 47 
             if (!G::$DB->has_results()) {
48 
                 G::$DB->set_query_id($QueryID);
 48 
                 G::$DB->set_query_id($QueryID);
49 
-                return null;
49 
+                return;
50 
             }
 50 
             }
51
51
52 
             $ThreadInfo = G::$DB->next_record(MYSQLI_ASSOC, false);
 52 
             $ThreadInfo = G::$DB->next_record(MYSQLI_ASSOC, false);

+ 1
- 1
classes/script_start.php View File

8 
 # Initialize
 8 
 # Initialize
9 
 $ENV = ENV::go();
 9 
 $ENV = ENV::go();
10 
 $Security = new Security();
 10 
 $Security = new Security();
11 
-$Security->setupPitfalls();
11 
+$Security->SetupPitfalls();
12
12
13
13
14 
 /*-- Script Start Class --------------------------------*/
 14 
 /*-- Script Start Class --------------------------------*/

+ 8
- 9
classes/security.class.php View File

11 
 class Security
 11 
 class Security
12 
 {
 12 
 {
13 
     /**
 13 
     /**
14 
-     * ID check
14 
+     * Check ID
15 
      *
 15 
      *
16 
      * Makes sure a number ID is valid,
 16 
      * Makes sure a number ID is valid,
17 
      * e.g., a page ID requested by GET.
 17 
      * e.g., a page ID requested by GET.
18 
-     * Optionally call authorize().
19 
      */
 18 
      */
20 
-    public function idCheck($id, $auth)
19 
+    public function CheckID($ID)
21 
     {
 20 
     {
22 
-        if (!$id || !is_int($id)) {
21 
+        $ID = (int) $ID;
22 
+
23 
+        if (!is_int($ID) || $ID < 1) {
23 
             error(400);
 24 
             error(400);
24 
         }
 25 
         }
25 
-
26 
-        if ($auth) {
27 
-            authorize();
28 
-        }
26 
+
27 
+        return;
29 
     }
 28 
     }
30
29
31 
     /**
 30 
     /**
34 
      * A series of quick sanity checks during app init.
 33 
      * A series of quick sanity checks during app init.
35 
      * Previously in classes/script_start.php.
 34 
      * Previously in classes/script_start.php.
36 
      */
 35 
      */
37 
-    public function setupPitfalls()
36 
+    public function SetupPitfalls()
38 
     {
 37 
     {
39 
         # short_open_tag
 38 
         # short_open_tag
40 
         if (!ini_get('short_open_tag')) {
 39 
         if (!ini_get('short_open_tag')) {

+ 1
- 1
classes/torrentsdl.class.php View File

116 
         $this->Zip->add_file(self::get_file($TorrentData, $this->AnnounceURL, $this->AnnounceList), ($FolderName ? "$FolderName/" : "") . $FileName);
 116 
         $this->Zip->add_file(self::get_file($TorrentData, $this->AnnounceURL, $this->AnnounceList), ($FolderName ? "$FolderName/" : "") . $FileName);
117
117
118 
         usleep(25000); // We don't want to send much faster than the client can receive
 118 
         usleep(25000); // We don't want to send much faster than the client can receive
119 
-        return null;
119 
+        return;
120 
     }
 120 
     }
121
121
122 
     /**
 122 
     /**

+ 4
- 4
classes/validate.class.php View File

96 
                 return $Err = "One or more files has the forbidden characters $BadChars:\n" . display_str($Suspect);
 96 
                 return $Err = "One or more files has the forbidden characters $BadChars:\n" . display_str($Suspect);
97
97
98 
             default:
 98 
             default:
99 
-                return null;
99 
+                return;
100 
         }
 100 
         }
101
101
102 
-        return null;
102 
+        return;
103 
     }
 103 
     }
104
104
105 
     /**
 105 
     /**
159 
         return true;
 159 
         return true;
160 
     }
 160 
     }
161
161
162 
-    /*
162 
+    /**
163 
      * These characters are invalid on Windows NTFS:
 163 
      * These characters are invalid on Windows NTFS:
164 
      *   : ? / < > \ * | "
 164 
      *   : ? / < > \ * | "
165 
      *
 165 
      *
293 
         'week'
 293 
         'week'
294 
         */
 294 
         */
295
295
296 
-        return null;
296 
+        return;
297 
     }
 297 
     }
298
298
299
299

+ 1
- 1
sections/index/private.php View File

3
3
4 
 $ENV = ENV::go();
 4 
 $ENV = ENV::go();
5 
 Text::$TOC = true;
 5 
 Text::$TOC = true;
6 
-$NewsCount = 1;
6 
+$NewsCount = 2;
7
7
8 
 if (!$News = $Cache->get_value('news')) {
 8 
 if (!$News = $Cache->get_value('news')) {
9 
     $DB->query("
 9 
     $DB->query("

+ 8
- 18
sections/torrents/editgroup.php View File

1 
 <?php
 1 
 <?php
2 
-#declare(strict_types = 1);
2 
+declare(strict_types = 1);
3
3
4 
-/************************************************************************
5 
-||------------|| Edit torrent group wiki page ||-----------------------||
4 
+/**
5 
+ * Edit torrent group wiki page
6 
+ *
7 
+ * The page inserts a new revision into the wiki_torrents table,
8 
+ * and clears the cache for the torrent group page.
9 
+ */
6
10
7 
-This page is the page that is displayed when someone feels like editing
8 
-a torrent group's wiki page.
9 
-
10 
-It is called when $_GET['action'] === 'edit'. $_GET['groupid'] is the
11 
-ID of the torrent group and must be set.
12 
-
13 
-The page inserts a new revision into the wiki_torrents table, and clears
14 
-the cache for the torrent group page.
15 
-
16 
-************************************************************************/
17 
-
18 
-$GroupID = $_GET['groupid'];
19 
-if (!is_number($GroupID) || !$GroupID) {
20 
-    error(0);
21 
-}
11 
+Security::CheckID($_GET['groupid']);
22
12
23 
 // Get the torrent group name and the body of the last revision
 13 
 // Get the torrent group name and the body of the last revision
24 
 $DB->query("
 14 
 $DB->query("

+ 5
- 5
sections/torrents/functions.php View File

141 
             header('Location: log.php?search='.(empty($_GET['torrentid']) ? "Group+$GroupID" : "Torrent+$_GET[torrentid]"));
 141 
             header('Location: log.php?search='.(empty($_GET['torrentid']) ? "Group+$GroupID" : "Torrent+$_GET[torrentid]"));
142 
             error();
 142 
             error();
143 
         } elseif (count($TorrentList) === 0 && $ApiCall == true) {
 143 
         } elseif (count($TorrentList) === 0 && $ApiCall == true) {
144 
-            return null;
144 
+            return;
145 
         }
 145 
         }
146
146
147 
         if (in_array(0, $DB->collect('Seeders'))) {
 147 
         if (in_array(0, $DB->collect('Seeders'))) {
190 
         }
 190 
         }
191 
     } else {
 191 
     } else {
192 
         if ($Return) {
 192 
         if ($Return) {
193 
-            return null;
193 
+            return;
194 
         }
 194 
         }
195 
     }
 195 
     }
196 
 }
 196 
 }
219 
     if ($TorrentID) {
 219 
     if ($TorrentID) {
220 
         return $TorrentID;
 220 
         return $TorrentID;
221 
     }
 221 
     }
222 
-    return null;
222 
+    return;
223 
 }
 223 
 }
224
224
225 
 function torrenthash_to_groupid($Str)
 225 
 function torrenthash_to_groupid($Str)
234 
     if ($GroupID) {
 234 
     if ($GroupID) {
235 
         return $GroupID;
 235 
         return $GroupID;
236 
     }
 236 
     }
237 
-    return null;
237 
+    return;
238 
 }
 238 
 }
239
239
240 
 function torrentid_to_groupid($TorrentID)
 240 
 function torrentid_to_groupid($TorrentID)
249 
     if ($GroupID) {
 249 
     if ($GroupID) {
250 
         return $GroupID;
 250 
         return $GroupID;
251 
     }
 251 
     }
252 
-    return null;
252 
+    return;
253 
 }
 253 
 }
254
254
255 
 // After adjusting / deleting logs, recalculate the score for the torrent
 255 
 // After adjusting / deleting logs, recalculate the score for the torrent

+ 2
- 2
sections/torrents/nonwikiedit.php View File

1 
 <?php
 1 
 <?php
2 
 declare(strict_types=1);
 2 
 declare(strict_types=1);
3
3
4 
-$GroupID = (int) $_POST['groupid'];
5 
-Security::idCheck($GroupID, true);
4 
+Security::CheckID($_POST['groupid']);
5 
+authorize();
6
6
7 
 // Usual perm checks
 7 
 // Usual perm checks
8 
 if (!check_perms('torrents_edit')) {
 8 
 if (!check_perms('torrents_edit')) {

Write Preview
Loading…
Cancel
Save