Public header and query escape

design/publicheader.php

@@ -3,23 +3,20 @@ declare(strict_types=1);
 
 $ENV = ENV::go();
 global $LoggedUser;
-?>
 
+echo <<<HTML
 <!doctype html>
 <html>
 
 <head>
-  <title>
-    <?= display_str($PageTitle) ?>
-  </title>
+  <title>$PageTitle</title>
+HTML;
 
-  <?= View::commonMeta(); ?>
+echo View::commonMeta();
+echo "<link href='$ENV->STATIC_SERVER/styles/public.css?v="
+     . filemtime(SERVER_ROOT.'/static/styles/public.css')
+     . "' rel='stylesheet' type='text/css'>";
 
-  <link
-    href="<?=STATIC_SERVER ?>styles/public.css?v=<?=filemtime(SERVER_ROOT.'/static/styles/public.css')?>"
-    rel="stylesheet" type="text/css">
-
-  <?php
 # Load JS
 $Scripts = array_filter(
     array_merge(
@@ -57,22 +54,30 @@ echo View::pushAsset(
 # Only Noto Sans available on public pages
 "$ENV->STATIC_SERVER/styles/assets/fonts/noto/woff2/NotoSans-SemiCondensed.woff2",
     'font'
-); ?>
+);
+
+echo <<<HTML
 </head>
 
 <body>
   <header>
     <a href="login.php">Log In</a>
+HTML;
+
+if ($ENV->OPEN_REGISTRATION) {
+    echo '<a href="register.php">Register</a>';
+}
 
-    <?php if ($ENV->OPEN_REGISTRATION) { ?>
-    <a href="register.php">Register</a>
-    <?php } ?>
+$Email = $ENV->HELP->Email;
+$Subject = $ENV->HELP->Subject;
+$Body = $ENV->HELP->Body;
+echo "<a href='mailto:$Email?subject=$Subject&body=$Body'>Support</a>";
 
-    <a
-      href="mailto:help@biotorrents.de?subject=[TxID <?= strtoupper(bin2hex(random_bytes(2))) ?>] Vague subject lines ignored">Support</a>
+echo <<<HTML
   </header>
 
-  <main>
-    <h1 id="logo">
-      <a href="/" aria-label="Front page"></a>
-    </h1>
+<main>
+  <h1 id="logo">
+    <a href="/" aria-label="Front page"></a>
+  </h1>
+HTML;

gazelle.sql

@@ -1754,7 +1754,7 @@ CREATE TABLE `xbt_snatched` (
 -- Now we have the default values to initialize the DB with
 SET FOREIGN_KEY_CHECKS = 1;
 
-INSERT INTO permissions (ID, Level, Name, `Values`, DisplayStaff) VALUES
+INSERT INTO `permissions` (`ID`, `Level`, `Name`, `Values`, `DisplayStaff`) VALUES
   (15, 1000, 'Sysop', 'a:100:{s:10:\"site_leech\";i:1;s:11:\"site_upload\";i:1;s:9:\"site_vote\";i:1;s:20:\"site_submit_requests\";i:1;s:20:\"site_advanced_search\";i:1;s:10:\"site_top10\";i:1;s:19:\"site_advanced_top10\";i:1;s:16:\"site_album_votes\";i:1;s:20:\"site_torrents_notify\";i:1;s:20:\"site_collages_create\";i:1;s:20:\"site_collages_manage\";i:1;s:20:\"site_collages_delete\";i:1;s:23:\"site_collages_subscribe\";i:1;s:22:\"site_collages_personal\";i:1;s:28:\"site_collages_renamepersonal\";i:1;s:19:\"site_make_bookmarks\";i:1;s:14:\"site_edit_wiki\";i:1;s:22:\"site_can_invite_always\";i:1;s:27:\"site_send_unlimited_invites\";i:1;s:22:\"site_moderate_requests\";i:1;s:18:\"site_delete_artist\";i:1;s:20:\"site_moderate_forums\";i:1;s:17:\"site_admin_forums\";i:1;s:23:\"site_forums_double_post\";i:1;s:14:\"site_view_flow\";i:1;s:18:\"site_view_full_log\";i:1;s:28:\"site_view_torrent_snatchlist\";i:1;s:18:\"site_recommend_own\";i:1;s:27:\"site_manage_recommendations\";i:1;s:15:\"site_delete_tag\";i:1;s:23:\"site_disable_ip_history\";i:1;s:14:\"zip_downloader\";i:1;s:10:\"site_debug\";i:1;s:17:\"site_proxy_images\";i:1;s:16:\"site_search_many\";i:1;s:20:\"users_edit_usernames\";i:1;s:16:\"users_edit_ratio\";i:1;s:20:\"users_edit_own_ratio\";i:1;s:17:\"users_edit_titles\";i:1;s:18:\"users_edit_avatars\";i:1;s:18:\"users_edit_invites\";i:1;s:22:\"users_edit_watch_hours\";i:1;s:21:\"users_edit_reset_keys\";i:1;s:19:\"users_edit_profiles\";i:1;s:18:\"users_view_friends\";i:1;s:20:\"users_reset_own_keys\";i:1;s:19:\"users_edit_password\";i:1;s:19:\"users_promote_below\";i:1;s:16:\"users_promote_to\";i:1;s:16:\"users_give_donor\";i:1;s:10:\"users_warn\";i:1;s:19:\"users_disable_users\";i:1;s:19:\"users_disable_posts\";i:1;s:17:\"users_disable_any\";i:1;s:18:\"users_delete_users\";i:1;s:18:\"users_view_invites\";i:1;s:20:\"users_view_seedleech\";i:1;s:19:\"users_view_uploaded\";i:1;s:15:\"users_view_keys\";i:1;s:14:\"users_view_ips\";i:1;s:16:\"users_view_email\";i:1;s:18:\"users_invite_notes\";i:1;s:23:\"users_override_paranoia\";i:1;s:12:\"users_logout\";i:1;s:20:\"users_make_invisible\";i:1;s:9:\"users_mod\";i:1;s:13:\"torrents_edit\";i:1;s:15:\"torrents_delete\";i:1;s:20:\"torrents_delete_fast\";i:1;s:18:\"torrents_freeleech\";i:1;s:20:\"torrents_search_fast\";i:1;i:1;s:19:\"torrents_fix_ghosts\";i:1;s:17:\"admin_manage_news\";i:1;s:17:\"admin_manage_blog\";i:1;s:18:\"admin_manage_polls\";i:1;s:19:\"admin_manage_forums\";i:1;s:16:\"admin_manage_fls\";i:1;s:13:\"admin_reports\";i:1;s:26:\"admin_advanced_user_search\";i:1;s:18:\"admin_create_users\";i:1;s:15:\"admin_donor_log\";i:1;s:19:\"admin_manage_ipbans\";i:1;i:1;s:17:\"admin_clear_cache\";i:1;s:15:\"admin_whitelist\";i:1;s:24:\"admin_manage_permissions\";i:1;s:14:\"admin_schedule\";i:1;s:17:\"admin_login_watch\";i:1;s:17:\"admin_manage_wiki\";i:1;i:1;s:21:\"site_collages_recover\";i:1;s:19:\"torrents_add_artist\";i:1;s:13:\"edit_unknowns\";i:1;s:19:\"forums_polls_create\";i:1;s:21:\"forums_polls_moderate\";i:1;s:12:\"project_team\";i:1;s:25:\"torrents_edit_vanityhouse\";i:1;s:23:\"artist_edit_vanityhouse\";i:1;s:21:\"site_tag_aliases_read\";i:1;}', '1'),
   (11, 800, 'Moderator', 'a:89:{s:26:\"admin_advanced_user_search\";i:1;s:17:\"admin_clear_cache\";i:1;s:18:\"admin_create_users\";i:1;i:1;s:15:\"admin_donor_log\";i:1;s:17:\"admin_login_watch\";i:1;s:17:\"admin_manage_blog\";i:1;s:19:\"admin_manage_ipbans\";i:1;s:17:\"admin_manage_news\";i:1;s:18:\"admin_manage_polls\";i:1;s:17:\"admin_manage_wiki\";i:1;s:13:\"admin_reports\";i:1;s:23:\"artist_edit_vanityhouse\";i:1;s:13:\"edit_unknowns\";i:1;s:19:\"forums_polls_create\";i:1;s:21:\"forums_polls_moderate\";i:1;s:12:\"project_team\";i:1;s:17:\"site_admin_forums\";i:1;s:20:\"site_advanced_search\";i:1;s:19:\"site_advanced_top10\";i:1;s:16:\"site_album_votes\";i:1;s:22:\"site_can_invite_always\";i:1;s:20:\"site_collages_create\";i:1;s:20:\"site_collages_delete\";i:1;s:20:\"site_collages_manage\";i:1;s:22:\"site_collages_personal\";i:1;s:21:\"site_collages_recover\";i:1;s:28:\"site_collages_renamepersonal\";i:1;s:23:\"site_collages_subscribe\";i:1;s:18:\"site_delete_artist\";i:1;s:15:\"site_delete_tag\";i:1;s:23:\"site_disable_ip_history\";i:1;s:14:\"site_edit_wiki\";i:1;s:23:\"site_forums_double_post\";i:1;s:10:\"site_leech\";i:1;s:19:\"site_make_bookmarks\";i:1;s:27:\"site_manage_recommendations\";i:1;s:20:\"site_moderate_forums\";i:1;s:22:\"site_moderate_requests\";i:1;s:17:\"site_proxy_images\";i:1;s:18:\"site_recommend_own\";i:1;s:16:\"site_search_many\";i:1;s:27:\"site_send_unlimited_invites\";i:1;s:20:\"site_submit_requests\";i:1;s:21:\"site_tag_aliases_read\";i:1;s:10:\"site_top10\";i:1;s:20:\"site_torrents_notify\";i:1;s:11:\"site_upload\";i:1;s:14:\"site_view_flow\";i:1;s:18:\"site_view_full_log\";i:1;s:28:\"site_view_torrent_snatchlist\";i:1;s:9:\"site_vote\";i:1;s:19:\"torrents_add_artist\";i:1;s:15:\"torrents_delete\";i:1;s:20:\"torrents_delete_fast\";i:1;s:13:\"torrents_edit\";i:1;s:25:\"torrents_edit_vanityhouse\";i:1;s:19:\"torrents_fix_ghosts\";i:1;s:18:\"torrents_freeleech\";i:1;i:1;s:20:\"torrents_search_fast\";i:1;s:18:\"users_delete_users\";i:1;s:17:\"users_disable_any\";i:1;s:19:\"users_disable_posts\";i:1;s:19:\"users_disable_users\";i:1;s:18:\"users_edit_avatars\";i:1;s:18:\"users_edit_invites\";i:1;s:20:\"users_edit_own_ratio\";i:1;s:19:\"users_edit_password\";i:1;s:19:\"users_edit_profiles\";i:1;s:16:\"users_edit_ratio\";i:1;s:21:\"users_edit_reset_keys\";i:1;s:17:\"users_edit_titles\";i:1;s:16:\"users_give_donor\";i:1;s:12:\"users_logout\";i:1;s:20:\"users_make_invisible\";i:1;s:9:\"users_mod\";i:1;s:23:\"users_override_paranoia\";i:1;s:19:\"users_promote_below\";i:1;s:20:\"users_reset_own_keys\";i:1;s:10:\"users_warn\";i:1;s:16:\"users_view_email\";i:1;s:18:\"users_view_friends\";i:1;s:18:\"users_view_invites\";i:1;s:14:\"users_view_ips\";i:1;s:15:\"users_view_keys\";i:1;s:20:\"users_view_seedleech\";i:1;s:19:\"users_view_uploaded\";i:1;s:14:\"zip_downloader\";i:1;}', '1'),
   (2, 100, 'User', 'a:7:{s:10:\"site_leech\";i:1;s:11:\"site_upload\";i:1;s:9:\"site_vote\";i:1;s:20:\"site_advanced_search\";i:1;s:10:\"site_top10\";i:1;s:14:\"site_edit_wiki\";i:1;s:19:\"torrents_add_artist\";i:1;}', '0'),
@@ -1764,7 +1764,7 @@ INSERT INTO permissions (ID, Level, Name, `Values`, DisplayStaff) VALUES
   (20, 202, 'Donor', 'a:9:{s:9:\"site_vote\";i:1;s:20:\"site_submit_requests\";i:1;s:20:\"site_advanced_search\";i:1;s:10:\"site_top10\";i:1;s:20:\"site_torrents_notify\";i:1;s:20:\"site_collages_create\";i:1;s:20:\"site_collages_manage\";i:1;s:14:\"zip_downloader\";i:1;s:19:\"forums_polls_create\";i:1;}', '0'),
   (19, 201, 'Artist', 'a:9:{s:10:\"site_leech\";s:1:\"1\";s:11:\"site_upload\";s:1:\"1\";s:9:\"site_vote\";s:1:\"1\";s:20:\"site_submit_requests\";s:1:\"1\";s:20:\"site_advanced_search\";s:1:\"1\";s:10:\"site_top10\";s:1:\"1\";s:19:\"site_make_bookmarks\";s:1:\"1\";s:14:\"site_edit_wiki\";s:1:\"1\";s:18:\"site_recommend_own\";s:1:\"1\";}', '0');
 
-INSERT INTO stylesheets (ID, Name, Description, `Default`, Additions, Color) VALUES
+INSERT INTO `stylesheets` (`ID`, `Name`, `Description`, `Default`, `Additions`, `Color`) VALUES
   (1, 'matcha', 'BioTorrents.de Stylesheet', '0', 'radio=noto_sans;radio=noto_serif;radio=opendyslexic;radio=comic_neue', '#000000'),
   (2, 'bookish', 'Template Stylesheet', '1', 'radio=noto_sans;radio=noto_serif;radio=opendyslexic;radio=comic_neue', '#000000'),
   (3, 'oppai', 'Oppaitime Stylesheet', '0', 'radio=noto_sans;radio=noto_serif;radio=opendyslexic;radio=comic_neue', '#fbc2e5'),
@@ -1772,40 +1772,40 @@ INSERT INTO stylesheets (ID, Name, Description, `Default`, Additions, Color) VAL
   (5, 'genaviv', 'Genaviv Stylesheet', '0', 'radio=noto_sans;radio=noto_serif;radio=opendyslexic;radio=comic_neue;checkbox=fixed_header', '#0a0a0a'),
   (6, 'postmod', 'What.cd Stylesheet', '0', 'radio=noto_sans;radio=noto_serif;radio=opendyslexic;radio=comic_neue', '#000000');
 
-INSERT INTO wiki_articles (ID, Revision, Title, Body, MinClassRead, MinClassEdit, Date, Author) VALUES
+INSERT INTO `wiki_articles` (`ID`, `Revision`, `Title`, `Body`, `MinClassRead`, `MinClassEdit`, `Date`, `Author`) VALUES
   (1, 1, 'Wiki', 'Welcome to your new wiki! Hope this works.', 100, 475, NOW(), 1);
 
-INSERT INTO wiki_aliases (Alias, UserID, ArticleID) VALUES ('wiki', 1, 1);
+INSERT INTO `wiki_aliases` (`Alias`, `UserID`, `ArticleID`) VALUES ('wiki', 1, 1);
 
-INSERT INTO wiki_revisions (ID, Revision, Title, Body, Date, Author) VALUES
+INSERT INTO `wiki_revisions` (`ID`, `Revision`, `Title`, `Body`, `Date`, `Author`) VALUES
   (1, 1, 'Wiki', 'Welcome to your new wiki! Hope this works.', NOW(), 1);
 
-INSERT INTO forums (ID, CategoryID, Sort, Name, Description, MinClassRead, MinClassWrite, MinClassCreate, NumTopics, NumPosts, LastPostID, LastPostAuthorID, LastPostTopicID, LastPostTime) VALUES
+INSERT INTO `forums` (`ID`, `CategoryID`, `Sort`, `Name`, `Description`, `MinClassRead`, `MinClassWrite`, `MinClassCreate`, `NumTopics`, `NumPosts`, `LastPostID`, `LastPostAuthorID`, `LastPostTopicID`, `LastPostTime`) VALUES
   (1, 1, 20, 'Your Site', 'Totally rad forum', 100, 100, 100, 0, 0, 0, 0, 0, NULL),
   (2, 5, 30, 'Chat', 'Expect this to fill up with spam', 100, 100, 100, 0, 0, 0, 0, 0, NULL),
   (3, 10, 40, 'Help!', 'I fell down and I cant get up', 100, 100, 100, 0, 0, 0, 0, 0, NULL),
   (4, 20, 100, 'Trash', 'Every thread ends up here eventually', 100, 500, 500, 0, 0, 0, 0, 0, NULL);
 
-INSERT INTO tags (ID, Name, TagType, Uses, UserID) VALUES
+INSERT INTO `tags` (`ID`, `Name`, `TagType`, `Uses`, `UserID`) VALUES
   (1, 'one', 'genre', 0, 1),
   (2, 'two', 'genre', 0, 1),
   (3, 'three', 'genre', 0, 1),
   (4, 'four', 'genre', 0, 1),
   (5, 'five', 'genre', 0, 1);
 
-INSERT INTO schedule (NextHour, NextDay, NextBiWeekly) VALUES (0,0,0);
+INSERT INTO `schedule` (`NextHour`, `NextDay`, `NextBiWeekly`) VALUES (0,0,0);
 
-INSERT INTO forums_categories (ID, Sort, Name) VALUES (1,1,'Site');
+INSERT INTO `forums_categories` (`ID`, `Sort`, `Name`) VALUES (1,1,'Site');
 
-INSERT INTO forums_categories (ID, Sort, Name) VALUES (5,5,'Community');
+INSERT INTO `forums_categories` (`ID`, `Sort`, `Name`) VALUES (5,5,'Community');
 
-INSERT INTO forums_categories (ID, Sort, Name) VALUES (10,10,'Help');
+INSERT INTO `forums_categories` (`ID`, `Sort`, `Name`) VALUES (10,10,'Help');
 
-INSERT INTO forums_categories (ID, Sort, Name) VALUES (8,8,'Music');
+INSERT INTO `forums_categories` (`ID`, `Sort`, `Name`) VALUES (8,8,'Music');
 
-INSERT INTO forums_categories (ID, Sort, Name) VALUES (20,20,'Trash');
+INSERT INTO `forums_categories` (`ID`, `Sort`, `Name`) VALUES (20,20,'Trash');
 
-INSERT INTO misc (ID, Name, First, Second) VALUES (1, 'FreeleechPool', '100', '200');
+INSERT INTO `misc` (`ID`, `Name`, `First`, `Second`) VALUES (1, 'FreeleechPool', '100', '200');
 
 -- One last thing: a trigger to update seeding stats
 DELIMITER ;;
@@ -1813,15 +1813,15 @@ CREATE TRIGGER update_seedtime
   AFTER UPDATE ON `xbt_files_users`
   FOR EACH ROW BEGIN
     IF ( (OLD.timespent < NEW.timespent) AND (OLD.active = 1) AND (NEW.active = 1) ) THEN
-      INSERT INTO users_seedtime
-        (UserID, TorrentID, SeedTime, Uploaded, Downloaded, LastUpdate)
+      INSERT INTO `users_seedtime`
+        (`UserID`, `TorrentID`, `SeedTime`, `Uploaded`, `Downloaded`, `LastUpdate`)
         VALUES
         (NEW.uid, NEW.fid, NEW.timespent, NEW.uploaded, NEW.downloaded, NOW())
         ON DUPLICATE KEY UPDATE
-          SeedTime = SeedTime + (NEW.timespent - OLD.timespent),
-          Uploaded = Uploaded + (NEW.uploaded - OLD.uploaded),
-          Downloaded = Downloaded + (NEW.downloaded - OLD.downloaded),
-          LastUpdate = NOW();
+          `SeedTime` = `SeedTime` + (NEW.timespent - OLD.timespent),
+          `Uploaded` = `Uploaded` + (NEW.uploaded - OLD.uploaded),
+          `Downloaded` = `Downloaded` + (NEW.downloaded - OLD.downloaded),
+          `LastUpdate` = NOW();
     END IF;
   END;;
 DELIMITER ;