From 5cacf852e2a8d0a8fa8872c41b169bbc71d0f67b Mon Sep 17 00:00:00 2001 From: "green-ponies (jgen)" Date: Mon, 9 Apr 2012 16:43:12 -0400 Subject: [PATCH 01/24] Check if the database has any existing tables before installing. --- install.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/install.php b/install.php index a08ac4d0..104a5776 100644 --- a/install.php +++ b/install.php @@ -300,6 +300,14 @@ function create_tables() { // {{{ try { $db = new Database(); + if ( count($db->get_all("SHOW TABLES")) > 0 ) { + echo " +

Warning: The Database schema is not empty!

+

Please ensure that the database you are installing Shimmie with is empty before continuing.

+

Once you have emptied the database of any tables, please hit 'refresh' to continue.

"; + exit; + } + $db->create_table("aliases", " oldtag VARCHAR(128) NOT NULL PRIMARY KEY, newtag VARCHAR(128) NOT NULL, From a2b94b31ddd39a0060c0aece7027e6e54ccab60e Mon Sep 17 00:00:00 2001 From: "green-ponies (jgen)" Date: Mon, 9 Apr 2012 17:11:03 -0400 Subject: [PATCH 02/24] Collect information on the Thumbnail engine as well. --- ext/et/main.php | 6 ++++++ ext/et/theme.php | 7 +++++++ 2 files changed, 13 insertions(+) diff --git a/ext/et/main.php b/ext/et/main.php index 44245c6a..6b087d57 100644 --- a/ext/et/main.php +++ b/ext/et/main.php @@ -49,6 +49,12 @@ class ET extends Extension { $info['sys_disk'] = to_shorthand_int(disk_total_space("./") - disk_free_space("./")) . " / " . to_shorthand_int(disk_total_space("./")); $info['sys_server'] = $_SERVER["SERVER_SOFTWARE"]; + + $info['thumb_engine'] = $config->get_string("thumb_engine"); + $info['thumb_quality'] = $config->get_int('thumb_quality'); + $info['thumb_width'] = $config->get_int('thumb_width'); + $info['thumb_height'] = $config->get_int('thumb_height'); + $info['thumb_mem'] = $config->get_int("thumb_max_memory"); $info['stat_images'] = $database->get_one("SELECT COUNT(*) FROM images"); $info['stat_comments'] = $database->get_one("SELECT COUNT(*) FROM comments"); diff --git a/ext/et/theme.php b/ext/et/theme.php index 1c5b00ae..265b019a 100644 --- a/ext/et/theme.php +++ b/ext/et/theme.php @@ -32,6 +32,13 @@ Database: {$info['sys_db']} Server: {$info['sys_server']} Disk use: {$info['sys_disk']} +Thumbnail Generation: +Engine: {$info['thumb_engine']} +Memory: {$info['thumb_mem']} +Quality: {$info['thumb_quality']} +Width: {$info['thumb_width']} +Height: {$info['thumb_height']} + Shimmie stats: Images: {$info['stat_images']} Comments: {$info['stat_comments']} From 8aff5c39cee0958161685582efaf1c214e4b3518 Mon Sep 17 00:00:00 2001 From: "green-ponies (jgen)" Date: Sun, 15 Apr 2012 18:24:25 -0400 Subject: [PATCH 03/24] Fix for mass_tagger when Nice URLs are enabled. --- ext/mass_tagger/script.js | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ext/mass_tagger/script.js b/ext/mass_tagger/script.js index 77b7c2e7..91ae12f5 100644 --- a/ext/mass_tagger/script.js +++ b/ext/mass_tagger/script.js @@ -2,10 +2,14 @@ function find_thumb_link_containers () { var post_link = "a[href*='/post/view/']"; var has_thumb_img = ":has(img[src*='/thumb/'])"; - var list = $( post_link + has_thumb_img ).parent(); - return list; + if (list) { return list; } + + has_thumb_img = ":has(img[src*='_thumbs/'])"; + list = $( post_link + has_thumb_img ).parent(); + + return list; } function toggle_tag( button, id ) { From a82f9382d15366a0c08f1b11eb4c77801d362f5e Mon Sep 17 00:00:00 2001 From: "green-ponies (jgen)" Date: Sun, 15 Apr 2012 18:40:06 -0400 Subject: [PATCH 04/24] Removing unnecessary call to int_escape(). Simply cast to int inline, saving function call overhead. --- core/event.class.php | 4 ++-- core/extension.class.php | 2 +- core/user.class.php | 2 +- ext/artists/main.php | 16 +++++++------- ext/blotter/main.php | 2 +- ext/comment/main.php | 12 +++++------ ext/comment/theme.php | 8 +++---- ext/danbooru_api/main.php | 8 +++---- ext/favorites/main.php | 4 ++-- ext/favorites/theme.php | 2 +- ext/featured/main.php | 2 +- ext/featured/theme.php | 2 +- ext/forum/main.php | 12 +++++------ ext/handle_ico/main.php | 2 +- ext/handle_svg/main.php | 6 +++--- ext/image/main.php | 4 ++-- ext/image_hash_ban/main.php | 10 ++++----- ext/index/main.php | 4 ++-- ext/log_db/main.php | 4 ++-- ext/log_db/theme.php | 2 +- ext/notes/main.php | 36 +++++++++++++++---------------- ext/numeric_score/main.php | 16 +++++++------- ext/numeric_score/theme.php | 4 ++-- ext/pm/main.php | 8 +++---- ext/pools/main.php | 20 ++++++++--------- ext/random_image/theme.php | 2 +- ext/rating/theme.php | 2 +- ext/regen_thumb/main.php | 2 +- ext/report_image/main.php | 4 ++-- ext/report_image/theme.php | 2 +- ext/resize/main.php | 6 +++--- ext/resize/theme.php | 2 +- ext/shimmie_api/main.php | 4 ++-- ext/simpletest/main.php | 2 +- ext/tag_history/main.php | 6 +++--- ext/tag_list/main.php | 2 +- ext/tagger/theme.php | 2 +- ext/tips/main.php | 4 ++-- ext/upload/main.php | 10 ++++----- ext/user/main.php | 2 +- ext/user/theme.php | 2 +- ext/view/main.php | 6 +++--- ext/wiki/main.php | 2 +- ext/wiki/theme.php | 6 +++--- themes/danbooru/comment.theme.php | 6 +++--- themes/futaba/comment.theme.php | 6 +++--- 46 files changed, 136 insertions(+), 136 deletions(-) diff --git a/core/event.class.php b/core/event.class.php index e5b38f20..8deef228 100644 --- a/core/event.class.php +++ b/core/event.class.php @@ -95,10 +95,10 @@ class PageRequestEvent extends Event { public function get_page_number() { $page_number = 1; if($this->count_args() === 1) { - $page_number = int_escape($this->get_arg(0)); + $page_number = (int)($this->get_arg(0)); } else if($this->count_args() === 2) { - $page_number = int_escape($this->get_arg(1)); + $page_number = (int)($this->get_arg(1)); } if($page_number === 0) $page_number = 1; // invalid -> 0 return $page_number; diff --git a/core/extension.class.php b/core/extension.class.php index 736f624f..bd57f50c 100644 --- a/core/extension.class.php +++ b/core/extension.class.php @@ -149,7 +149,7 @@ abstract class DataHandlerExtension extends Extension { /* hax: This seems like such a dirty way to do this.. */ /* Validate things */ - $image_id = int_escape($event->metadata['replace']); + $image_id = (int)($event->metadata['replace']); /* Check to make sure the image exists. */ $existing = Image::by_id($image_id); diff --git a/core/user.class.php b/core/user.class.php index b5642d10..3913c436 100644 --- a/core/user.class.php +++ b/core/user.class.php @@ -33,7 +33,7 @@ class User { public function User($row) { global $_user_classes; - $this->id = int_escape($row['id']); + $this->id = (int)($row['id']); $this->name = $row['name']; $this->email = $row['email']; $this->join_date = $row['joindate']; diff --git a/ext/artists/main.php b/ext/artists/main.php index a4b3d6c3..ac838b51 100644 --- a/ext/artists/main.php +++ b/ext/artists/main.php @@ -249,7 +249,7 @@ class Artists extends Extension { } case "edited": { - $artistID = int_escape($_POST['id']); + $artistID = (int)($_POST['id']); $this->update_artist(); $page->set_mode("redirect"); $page->set_redirect(make_link("artist/view/".$artistID)); @@ -312,7 +312,7 @@ class Artists extends Extension { } case "edit": { - $aliasID = int_escape($event->get_arg(2)); + $aliasID = (int)($event->get_arg(2)); $alias = $this->get_alias_by_id($aliasID); $this->theme->show_alias_editor($alias); break; @@ -320,7 +320,7 @@ class Artists extends Extension { case "edited": { $this->update_alias(); - $aliasID = int_escape($_POST['aliasID']); + $aliasID = (int)($_POST['aliasID']); $artistID = $this->get_artistID_by_aliasID($aliasID); $page->set_mode("redirect"); $page->set_redirect(make_link("artist/view/".$artistID)); @@ -354,7 +354,7 @@ class Artists extends Extension { } case "edit": { - $urlID = int_escape($event->get_arg(2)); + $urlID = (int)($event->get_arg(2)); $url = $this->get_url_by_id($urlID); $this->theme->show_url_editor($url); break; @@ -362,7 +362,7 @@ class Artists extends Extension { case "edited": { $this->update_url(); - $urlID = int_escape($_POST['urlID']); + $urlID = (int)($_POST['urlID']); $artistID = $this->get_artistID_by_urlID($urlID); $page->set_mode("redirect"); $page->set_redirect(make_link("artist/view/".$artistID)); @@ -386,7 +386,7 @@ class Artists extends Extension { } case "delete": { - $memberID = int_escape($event->get_arg(2)); + $memberID = (int)($event->get_arg(2)); $artistID = $this->get_artistID_by_memberID($memberID); $this->delete_member($memberID); $page->set_mode("redirect"); @@ -395,7 +395,7 @@ class Artists extends Extension { } case "edit": { - $memberID = int_escape($event->get_arg(2)); + $memberID = (int)($event->get_arg(2)); $member = $this->get_member_by_id($memberID); $this->theme->show_member_editor($member); break; @@ -403,7 +403,7 @@ class Artists extends Extension { case "edited": { $this->update_member(); - $memberID = int_escape($_POST['memberID']); + $memberID = (int)($_POST['memberID']); $artistID = $this->get_artistID_by_memberID($memberID); $page->set_mode("redirect"); $page->set_redirect(make_link("artist/view/".$artistID)); diff --git a/ext/blotter/main.php b/ext/blotter/main.php index 21c87d8c..6bb92a38 100644 --- a/ext/blotter/main.php +++ b/ext/blotter/main.php @@ -97,7 +97,7 @@ class Blotter extends Extension { if(!$user->is_admin() || !$user->check_auth_token()) { $this->theme->display_permission_denied(); } else { - $id = int_escape($_POST['id']); + $id = (int)($_POST['id']); if(!isset($id)) { die("No ID!"); } $database->Execute("DELETE FROM blotter WHERE id=:id", array("id"=>$id)); log_info("blotter", "Removed Entry #$id"); diff --git a/ext/comment/main.php b/ext/comment/main.php index ebf8ebe7..be412f1f 100644 --- a/ext/comment/main.php +++ b/ext/comment/main.php @@ -124,7 +124,7 @@ class CommentList extends Extension { if($event->get_arg(0) === "add") { if(isset($_POST['image_id']) && isset($_POST['comment'])) { try { - $i_iid = int_escape($_POST['image_id']); + $i_iid = (int)($_POST['image_id']); $cpe = new CommentPostingEvent($_POST['image_id'], $user, $_POST['comment']); send_event($cpe); $page->set_mode("redirect"); @@ -154,7 +154,7 @@ class CommentList extends Extension { } } else if($event->get_arg(0) === "list") { - $page_num = int_escape($event->get_arg(1)); + $page_num = (int)($event->get_arg(1)); $this->build_page($page_num); } } @@ -242,7 +242,7 @@ class CommentList extends Extension { $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM comments WHERE owner_id = $user_id)")); } else if(preg_match("/commented_by_userid=([0-9]+)/i", $event->term, $matches)) { - $user_id = int_escape($matches[1]); + $user_id = (int)($matches[1]); $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM comments WHERE owner_id = $user_id)")); } } @@ -340,7 +340,7 @@ class CommentList extends Extension { private function get_comments(/*int*/ $image_id) { global $config; global $database; - $i_image_id = int_escape($image_id); + $i_image_id = (int)($image_id); $rows = $database->get_all(" SELECT users.id as user_id, users.name as user_name, users.email as user_email, @@ -368,8 +368,8 @@ class CommentList extends Extension { // sqlite fails at intervals if($database->engine->name === "sqlite") return false; - $window = int_escape($config->get_int('comment_window')); - $max = int_escape($config->get_int('comment_limit')); + $window = (int)($config->get_int('comment_window')); + $max = (int)($config->get_int('comment_limit')); if($database->engine->name == "mysql") $window_sql = "interval $window minute"; else $window_sql = "interval '$window minute'"; diff --git a/ext/comment/theme.php b/ext/comment/theme.php index 51d7092a..18f5550d 100644 --- a/ext/comment/theme.php +++ b/ext/comment/theme.php @@ -157,13 +157,13 @@ class CommentListTheme extends Themelet { $tfe = new TextFormattingEvent($comment->comment); send_event($tfe); - $i_uid = int_escape($comment->owner_id); + $i_uid = (int)($comment->owner_id); $h_name = html_escape($comment->owner_name); $h_poster_ip = html_escape($comment->poster_ip); $h_timestamp = autodate($comment->posted); $h_comment = ($trim ? truncate($tfe->stripped, 50) : $tfe->formatted); - $i_comment_id = int_escape($comment->comment_id); - $i_image_id = int_escape($comment->image_id); + $i_comment_id = (int)($comment->comment_id); + $i_image_id = (int)($comment->image_id); if($i_uid == $config->get_int("anon_id")) { $anoncode = ""; @@ -224,7 +224,7 @@ class CommentListTheme extends Themelet { protected function build_postbox(/*int*/ $image_id) { global $config; - $i_image_id = int_escape($image_id); + $i_image_id = (int)($image_id); $hash = CommentList::get_hash(); $h_captcha = $config->get_bool("comment_captcha") ? captcha_get_html() : ""; diff --git a/ext/danbooru_api/main.php b/ext/danbooru_api/main.php index 4d98a90d..43daadbe 100644 --- a/ext/danbooru_api/main.php +++ b/ext/danbooru_api/main.php @@ -287,8 +287,8 @@ class DanbooruApi extends Extension { } } else { - $limit = isset($_GET['limit']) ? int_escape($_GET['limit']) : 100; - $start = isset($_GET['offset']) ? int_escape($_GET['offset']) : 0; + $limit = isset($_GET['limit']) ? (int)($_GET['limit']) : 100; + $start = isset($_GET['offset']) ? (int)($_GET['offset']) : 0; $tags = isset($_GET['tags']) ? Tag::explode($_GET['tags']) : array(); $results = Image::find_images($start, $limit, $tags); } @@ -346,14 +346,14 @@ class DanbooruApi extends Extension { /* Currently disabled to maintain identical functionality to danbooru 1.0's own "broken" find_tags elseif(isset($_GET['tags'])) { - $start = isset($_GET['after_id']) ? int_escape($_GET['offset']) : 0; + $start = isset($_GET['after_id']) ? (int)($_GET['offset']) : 0; $tags = Tag::explode($_GET['tags']); } */ else { - $start = isset($_GET['after_id']) ? int_escape($_GET['offset']) : 0; + $start = isset($_GET['after_id']) ? (int)($_GET['offset']) : 0; $sqlresult = $database->execute("SELECT id,tag,count FROM tags WHERE count > 0 AND id >= ? ORDER BY id DESC",array($start)); while(!$sqlresult->EOF) { diff --git a/ext/favorites/main.php b/ext/favorites/main.php index 35d3c7f0..77e16f72 100644 --- a/ext/favorites/main.php +++ b/ext/favorites/main.php @@ -58,7 +58,7 @@ class Favorites extends Extension { public function onPageRequest(PageRequestEvent $event) { global $page, $user; if($event->page_matches("change_favorite") && !$user->is_anonymous() && $user->check_auth_token()) { - $image_id = int_escape($_POST['image_id']); + $image_id = (int)($_POST['image_id']); if((($_POST['favorite_action'] == "set") || ($_POST['favorite_action'] == "unset")) && ($image_id > 0)) { send_event(new FavoriteSetEvent($image_id, $user, ($_POST['favorite_action'] == "set"))); } @@ -128,7 +128,7 @@ class Favorites extends Extension { $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM user_favorites WHERE user_id = $user_id)")); } else if(preg_match("/favorited_by_userno=([0-9]+)/i", $event->term, $matches)) { - $user_id = int_escape($matches[1]); + $user_id = (int)($matches[1]); $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM user_favorites WHERE user_id = $user_id)")); } } diff --git a/ext/favorites/theme.php b/ext/favorites/theme.php index 14a4fd39..111a900e 100644 --- a/ext/favorites/theme.php +++ b/ext/favorites/theme.php @@ -4,7 +4,7 @@ class FavoritesTheme extends Themelet { public function get_voter_html(Image $image, $is_favorited) { global $page, $user; - $i_image_id = int_escape($image->id); + $i_image_id = (int)($image->id); $name = $is_favorited ? "unset" : "set"; $label = $is_favorited ? "Un-Favorite" : "Favorite"; $html = " diff --git a/ext/featured/main.php b/ext/featured/main.php index dda66100..dbf71d49 100644 --- a/ext/featured/main.php +++ b/ext/featured/main.php @@ -30,7 +30,7 @@ class Featured extends Extension { if($event->page_matches("featured_image")) { if($event->get_arg(0) == "set" && $user->check_auth_token()) { if($user->can("edit_feature") && isset($_POST['image_id'])) { - $id = int_escape($_POST['image_id']); + $id = (int)($_POST['image_id']); if($id > 0) { $config->set_int("featured_id", $id); $page->set_mode("redirect"); diff --git a/ext/featured/theme.php b/ext/featured/theme.php index 77afe5ff..d84bf719 100644 --- a/ext/featured/theme.php +++ b/ext/featured/theme.php @@ -21,7 +21,7 @@ class FeaturedTheme extends Themelet { public function build_featured_html(Image $image, $query=null) { global $config; - $i_id = int_escape($image->id); + $i_id = (int)($image->id); $h_view_link = make_link("post/view/$i_id", $query); $h_thumb_link = $image->get_thumb_link(); $h_tip = html_escape($image->get_tooltip()); diff --git a/ext/forum/main.php b/ext/forum/main.php index cee5d5c8..014d98d4 100644 --- a/ext/forum/main.php +++ b/ext/forum/main.php @@ -92,8 +92,8 @@ class Forum extends Extension { } case "view": { - $threadID = int_escape($event->get_arg(1)); - $pageNumber = int_escape($event->get_arg(2)); + $threadID = (int)($event->get_arg(1)); + $pageNumber = (int)($event->get_arg(2)); $this->show_posts($event, $user->is_admin()); if($user->is_admin()) $this->theme->add_actions_block($page, $threadID); @@ -131,8 +131,8 @@ class Forum extends Extension { break; } case "delete": - $threadID = int_escape($event->get_arg(1)); - $postID = int_escape($event->get_arg(2)); + $threadID = (int)($event->get_arg(1)); + $postID = (int)($event->get_arg(2)); if ($user->is_admin()) {$this->delete_post($postID);} @@ -140,7 +140,7 @@ class Forum extends Extension { $page->set_redirect(make_link("forum/view/".$threadID)); break; case "nuke": - $threadID = int_escape($event->get_arg(1)); + $threadID = (int)($event->get_arg(1)); if ($user->is_admin()) $this->delete_thread($threadID); @@ -160,7 +160,7 @@ class Forum extends Extension { break; } - $threadID = int_escape($_POST["threadID"]); + $threadID = (int)($_POST["threadID"]); $this->save_new_post($threadID, $user); } diff --git a/ext/handle_ico/main.php b/ext/handle_ico/main.php index 7582fc53..a6ccc1e3 100644 --- a/ext/handle_ico/main.php +++ b/ext/handle_ico/main.php @@ -38,7 +38,7 @@ class IcoFileHandler extends Extension { public function onPageRequest(PageRequestEvent $event) { global $config, $database, $page; if($event->page_matches("get_ico")) { - $id = int_escape($event->get_arg(0)); + $id = (int)($event->get_arg(0)); $image = Image::by_id($id); $hash = $image->hash; $ha = substr($hash, 0, 2); diff --git a/ext/handle_svg/main.php b/ext/handle_svg/main.php index 6cc3efe8..4ad22f99 100644 --- a/ext/handle_svg/main.php +++ b/ext/handle_svg/main.php @@ -43,7 +43,7 @@ class SVGFileHandler extends Extension { public function onPageRequest(PageRequestEvent $event) { global $config, $database, $page; if($event->page_matches("get_svg")) { - $id = int_escape($event->get_arg(0)); + $id = (int)($event->get_arg(0)); $image = Image::by_id($id); $hash = $image->hash; @@ -97,8 +97,8 @@ class MiniSVGParser { function startElement($parser, $name, $attrs) { if($name == "SVG") { - $this->width = int_escape($attrs["WIDTH"]); - $this->height = int_escape($attrs["HEIGHT"]); + $this->width = (int)($attrs["WIDTH"]); + $this->height = (int)($attrs["HEIGHT"]); } } diff --git a/ext/image/main.php b/ext/image/main.php index 836c65e9..bec26c9d 100644 --- a/ext/image/main.php +++ b/ext/image/main.php @@ -180,11 +180,11 @@ class ImageIO extends Extension { } } else if($event->page_matches("image")) { - $num = int_escape($event->get_arg(0)); + $num = (int)($event->get_arg(0)); $this->send_file($num, "image"); } else if($event->page_matches("thumb")) { - $num = int_escape($event->get_arg(0)); + $num = (int)($event->get_arg(0)); $this->send_file($num, "thumb"); } } diff --git a/ext/image_hash_ban/main.php b/ext/image_hash_ban/main.php index cf20fb37..abc997f1 100644 --- a/ext/image_hash_ban/main.php +++ b/ext/image_hash_ban/main.php @@ -58,7 +58,7 @@ class ImageBan extends Extension { if($event->page_matches("image_hash_ban")) { if($user->can("ban_image")) { if($event->get_arg(0) == "dnp") { - $image = Image::by_id(int_escape($event->get_arg(1))); + $image = Image::by_id((int)($event->get_arg(1))); if($image) { send_event(new AddImageHashBanEvent($image->hash, "DNP")); send_event(new ImageDeletionEvent($image)); @@ -74,7 +74,7 @@ class ImageBan extends Extension { $page->set_redirect(make_link("image_hash_ban/list/1")); } if(isset($_POST['image_id'])) { - $image = Image::by_id(int_escape($_POST['image_id'])); + $image = Image::by_id((int)($_POST['image_id'])); if($image) { send_event(new ImageDeletionEvent($image)); $page->set_mode("redirect"); @@ -93,7 +93,7 @@ class ImageBan extends Extension { else if($event->get_arg(0) == "list") { $page_num = 0; if($event->count_args() == 2) { - $page_num = int_escape($event->get_arg(1)); + $page_num = (int)($event->get_arg(1)); } $page_size = 100; $page_count = ceil($database->get_one("SELECT COUNT(id) FROM image_bans")/$page_size); @@ -131,8 +131,8 @@ class ImageBan extends Extension { global $database; // FIXME: many - $size_i = int_escape($size); - $offset_i = int_escape($page-1)*$size_i; + $size_i = (int)($size); + $offset_i = (int)($page-1)*$size_i; $where = array("(1=1)"); $args = array(); if(!empty($_GET['hash'])) { diff --git a/ext/index/main.php b/ext/index/main.php index f5244d54..2d2522b0 100644 --- a/ext/index/main.php +++ b/ext/index/main.php @@ -204,7 +204,7 @@ class Index extends Extension { } else if(preg_match("/^ratio(<|>|<=|>=|=)(\d+):(\d+)$/", $event->term, $matches)) { $cmp = $matches[1]; - $args = array("width"=>int_escape($matches[2]), "height"=>int_escape($matches[3])); + $args = array("width"=>(int)($matches[2]), "height"=>(int)($matches[3])); $event->add_querylet(new Querylet('width / height '.$cmp.' :width / :height', $args)); } else if(preg_match("/^(filesize|id)(<|>|<=|>=|=)(\d+[kmg]?b?)$/i", $event->term, $matches)) { @@ -233,7 +233,7 @@ class Index extends Extension { } else if(preg_match("/^size(<|>|<=|>=|=)(\d+)x(\d+)$/", $event->term, $matches)) { $cmp = $matches[1]; - $args = array("width"=>int_escape($matches[2]), "height"=>int_escape($matches[3])); + $args = array("width"=>(int)($matches[2]), "height"=>(int)($matches[3])); $event->add_querylet(new Querylet('width '.$cmp.' :width AND height '.$cmp.' :height', $args)); } } diff --git a/ext/log_db/main.php b/ext/log_db/main.php index 39a58f36..c809b2fd 100644 --- a/ext/log_db/main.php +++ b/ext/log_db/main.php @@ -47,7 +47,7 @@ class LogDatabase extends Extension { if($user->can("view_eventlog")) { $wheres = array(); $args = array(); - $page_num = int_escape($event->get_arg(0)); + $page_num = (int)($event->get_arg(0)); if($page_num <= 0) $page_num = 1; if(!empty($_GET["time"])) { $wheres[] = "date_sent LIKE :time"; @@ -77,7 +77,7 @@ class LogDatabase extends Extension { } if(!empty($_GET["priority"])) { $wheres[] = "priority >= :priority"; - $args["priority"] = int_escape($_GET["priority"]); + $args["priority"] = (int)($_GET["priority"]); } else { $wheres[] = "priority >= :priority"; diff --git a/ext/log_db/theme.php b/ext/log_db/theme.php index e5fd8b87..7acf2ccf 100644 --- a/ext/log_db/theme.php +++ b/ext/log_db/theme.php @@ -100,7 +100,7 @@ class LogDatabaseTheme extends Themelet { } protected function link_image($id) { - $iid = int_escape($id[1]); + $iid = (int)($id[1]); return "Image #$iid"; } } diff --git a/ext/notes/main.php b/ext/notes/main.php index 5bc09ef6..24f9ac1d 100644 --- a/ext/notes/main.php +++ b/ext/notes/main.php @@ -211,7 +211,7 @@ class Notes extends Extension { public function onSearchTermParse(SearchTermParseEvent $event) { $matches = array(); if(preg_match("/note=(.*)/i", $event->term, $matches)) { - $notes = int_escape($matches[1]); + $notes = (int)($matches[1]); $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE note = $notes)")); } else if(preg_match("/notes(<|>|<=|>=|=)(\d+)/", $event->term, $matches)) { @@ -232,7 +232,7 @@ class Notes extends Extension { $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE user_id = $user_id)")); } else if(preg_match("/notes_by_userno=([0-9]+)/i", $event->term, $matches)) { - $user_id = int_escape($matches[1]); + $user_id = (int)($matches[1]); $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE user_id = $user_id)")); } } @@ -259,12 +259,12 @@ class Notes extends Extension { private function add_new_note() { global $database, $user; - $imageID = int_escape($_POST["image_id"]); + $imageID = (int)($_POST["image_id"]); $user_id = $user->id; - $noteX1 = int_escape($_POST["note_x1"]); - $noteY1 = int_escape($_POST["note_y1"]); - $noteHeight = int_escape($_POST["note_height"]); - $noteWidth = int_escape($_POST["note_width"]); + $noteX1 = (int)($_POST["note_x1"]); + $noteY1 = (int)($_POST["note_y1"]); + $noteHeight = (int)($_POST["note_height"]); + $noteWidth = (int)($_POST["note_width"]); $noteText = html_escape($_POST["note_text"]); $database->execute(" @@ -292,7 +292,7 @@ class Notes extends Extension { private function add_note_request() { global $database, $user; - $image_id = int_escape($_POST["image_id"]); + $image_id = (int)($_POST["image_id"]); $user_id = $user->id; $database->execute(" @@ -314,12 +314,12 @@ class Notes extends Extension { */ private function update_note() { - $imageID = int_escape($_POST["image_id"]); - $noteID = int_escape($_POST["note_id"]); - $noteX1 = int_escape($_POST["note_x1"]); - $noteY1 = int_escape($_POST["note_y1"]); - $noteHeight = int_escape($_POST["note_height"]); - $noteWidth = int_escape($_POST["note_width"]); + $imageID = (int)($_POST["image_id"]); + $noteID = (int)($_POST["note_id"]); + $noteX1 = (int)($_POST["note_x1"]); + $noteY1 = (int)($_POST["note_y1"]); + $noteHeight = (int)($_POST["note_height"]); + $noteWidth = (int)($_POST["note_width"]); $noteText = mysql_real_escape_string(html_escape($_POST["note_text"])); // validate parameters @@ -363,8 +363,8 @@ class Notes extends Extension { */ private function delete_note() { - $imageID = int_escape($_POST["image_id"]); - $noteID = int_escape($_POST["note_id"]); + $imageID = (int)($_POST["image_id"]); + $noteID = (int)($_POST["note_id"]); // validate parameters if(is_null($imageID) || !is_numeric($imageID)) @@ -389,7 +389,7 @@ class Notes extends Extension { */ private function nuke_notes() { global $database; - $image_id = int_escape($_POST["image_id"]); + $image_id = (int)($_POST["image_id"]); $database->execute("DELETE FROM notes WHERE image_id = ?", array($image_id)); log_info("notes", "Notes deleted from {$image_id} by {$user->name}"); } @@ -401,7 +401,7 @@ class Notes extends Extension { */ private function nuke_requests() { global $database; - $image_id = int_escape($_POST["image_id"]); + $image_id = (int)($_POST["image_id"]); $database->execute("DELETE FROM note_request WHERE image_id = ?", array($image_id)); diff --git a/ext/numeric_score/main.php b/ext/numeric_score/main.php index 5ce8640e..6685dc57 100644 --- a/ext/numeric_score/main.php +++ b/ext/numeric_score/main.php @@ -48,7 +48,7 @@ class NumericScore extends Extension { global $config, $database, $user, $page; if($event->page_matches("numeric_score_votes")) { - $image_id = int_escape($event->get_arg(0)); + $image_id = (int)($event->get_arg(0)); $x = $database->get_all( "SELECT users.name as username, user_id, score FROM numeric_score_votes @@ -67,7 +67,7 @@ class NumericScore extends Extension { } if($event->page_matches("numeric_score_vote") && $user->check_auth_token()) { if(!$user->is_anonymous()) { - $image_id = int_escape($_POST['image_id']); + $image_id = (int)($_POST['image_id']); $char = $_POST['vote']; $score = null; if($char == "up") $score = 1; @@ -80,7 +80,7 @@ class NumericScore extends Extension { } if($event->page_matches("numeric_score/remove_votes_on") && $user->check_auth_token()) { if($user->can("edit_other_vote")) { - $image_id = int_escape($_POST['image_id']); + $image_id = (int)($_POST['image_id']); $database->execute( "DELETE FROM numeric_score_votes WHERE image_id=?", array($image_id)); @@ -93,7 +93,7 @@ class NumericScore extends Extension { } if($event->page_matches("numeric_score/remove_votes_by") && $user->check_auth_token()) { if($user->can("edit_other_vote")) { - $this->delete_votes_by(int_escape($_POST['user_id'])); + $this->delete_votes_by((int)($_POST['user_id'])); $page->set_mode("redirect"); $page->set_redirect(make_link()); } @@ -110,13 +110,13 @@ class NumericScore extends Extension { $year = $_GET['year']; } //month - if(empty($_GET['month']) || int_escape($_GET['month']) > 12){ + if(empty($_GET['month']) || (int)($_GET['month']) > 12){ $month = date("m"); }else{ $month = $_GET['month']; } //day - if(empty($_GET['day']) || int_escape($_GET['day']) > 31){ + if(empty($_GET['day']) || (int)($_GET['day']) > 31){ $day = date("d"); }else{ $day = $_GET['day']; @@ -245,13 +245,13 @@ class NumericScore extends Extension { array("ns_user_id"=>$duser->id))); } if(preg_match("/^upvoted_by_id=(\d+)$/", $event->term, $matches)) { - $iid = int_escape($matches[1]); + $iid = (int)($matches[1]); $event->add_querylet(new Querylet( "images.id in (SELECT image_id FROM numeric_score_votes WHERE user_id=:ns_user_id AND score=1)", array("ns_user_id"=>$iid))); } if(preg_match("/^downvoted_by_id=(\d+)$/", $event->term, $matches)) { - $iid = int_escape($matches[1]); + $iid = (int)($matches[1]); $event->add_querylet(new Querylet( "images.id in (SELECT image_id FROM numeric_score_votes WHERE user_id=:ns_user_id AND score=-1)", array("ns_user_id"=>$iid))); diff --git a/ext/numeric_score/theme.php b/ext/numeric_score/theme.php index fdd2fa90..0d19d63e 100644 --- a/ext/numeric_score/theme.php +++ b/ext/numeric_score/theme.php @@ -3,8 +3,8 @@ class NumericScoreTheme extends Themelet { public function get_voter_html(Image $image) { global $user; - $i_image_id = int_escape($image->id); - $i_score = int_escape($image->numeric_score); + $i_image_id = (int)($image->id); + $i_score = (int)($image->numeric_score); $html = " Current Score: $i_score diff --git a/ext/pm/main.php b/ext/pm/main.php index d33c975d..d77258aa 100644 --- a/ext/pm/main.php +++ b/ext/pm/main.php @@ -105,13 +105,13 @@ class PrivMsg extends Extension { if(!$user->is_anonymous()) { switch($event->get_arg(0)) { case "read": - $pm_id = int_escape($event->get_arg(1)); + $pm_id = (int)($event->get_arg(1)); $pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", array("id" => $pm_id)); if(is_null($pm)) { $this->theme->display_error(404, "No such PM", "There is no PM #$pm_id"); } else if(($pm["to_id"] == $user->id) || $user->can("view_other_pms")) { - $from_user = User::by_id(int_escape($pm["from_id"])); + $from_user = User::by_id((int)($pm["from_id"])); $database->execute("UPDATE private_message SET is_read='Y' WHERE id = :id", array("id" => $pm_id)); $database->cache->delete("pm-count-{$user->id}"); $this->theme->display_message($page, $from_user, $user, new PM($pm)); @@ -122,7 +122,7 @@ class PrivMsg extends Extension { break; case "delete": if($user->check_auth_token()) { - $pm_id = int_escape($_POST["pm_id"]); + $pm_id = (int)($_POST["pm_id"]); $pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", array("id" => $pm_id)); if(is_null($pm)) { $this->theme->display_error(404, "No such PM", "There is no PM #$pm_id"); @@ -138,7 +138,7 @@ class PrivMsg extends Extension { break; case "send": if($user->check_auth_token()) { - $to_id = int_escape($_POST["to_id"]); + $to_id = (int)($_POST["to_id"]); $from_id = $user->id; $subject = $_POST["subject"]; $message = $_POST["message"]; diff --git a/ext/pools/main.php b/ext/pools/main.php index b161e8bb..950b2cab 100644 --- a/ext/pools/main.php +++ b/ext/pools/main.php @@ -96,14 +96,14 @@ class Pools extends Extension { // Check if we have pool id, since this is most often the case. if (isset($_POST["pool_id"])) { - $pool_id = int_escape($_POST["pool_id"]); + $pool_id = (int)($_POST["pool_id"]); $pool = $this->get_single_pool($pool_id); } // What action are we trying to perform? switch($event->get_arg(0)) { case "list": //index - $this->list_pools($page, int_escape($event->get_arg(1))); + $this->list_pools($page, (int)($event->get_arg(1))); break; case "new": // Show form for new pools @@ -127,17 +127,17 @@ class Pools extends Extension { break; case "view": - $poolID = int_escape($event->get_arg(1)); + $poolID = (int)($event->get_arg(1)); $this->get_posts($event, $poolID); break; case "updated": - $this->get_history(int_escape($event->get_arg(1))); + $this->get_history((int)($event->get_arg(1))); break; case "revert": if(!$user->is_anonymous()) { - $historyID = int_escape($event->get_arg(1)); + $historyID = (int)($event->get_arg(1)); $this->revert_history($historyID); $page->set_mode("redirect"); $page->set_redirect(make_link("pool/updated")); @@ -404,7 +404,7 @@ class Pools extends Extension { private function add_posts() { global $database; - $poolID = int_escape($_POST['pool_id']); + $poolID = (int)($_POST['pool_id']); $images = ""; foreach ($_POST['check'] as $imageID){ @@ -439,7 +439,7 @@ class Pools extends Extension { private function order_posts() { global $database; - $poolID = int_escape($_POST['pool_id']); + $poolID = (int)($_POST['pool_id']); foreach($_POST['imgs'] as $data) { list($imageORDER, $imageID) = $data; @@ -463,7 +463,7 @@ class Pools extends Extension { private function remove_posts() { global $database; - $poolID = int_escape($_POST['pool_id']); + $poolID = (int)($_POST['pool_id']); $images = ""; foreach($_POST['check'] as $imageID) { @@ -527,7 +527,7 @@ class Pools extends Extension { private function get_posts($event, /*int*/ $poolID) { global $config, $user, $database; - $pageNumber = int_escape($event->get_arg(2)); + $pageNumber = (int)($event->get_arg(2)); if(is_null($pageNumber) || !is_numeric($pageNumber)) $pageNumber = 0; else if ($pageNumber <= 0) @@ -535,7 +535,7 @@ class Pools extends Extension { else $pageNumber--; - $poolID = int_escape($poolID); + $poolID = (int)($poolID); $pool = $this->get_pool($poolID); $imagesPerPage = $config->get_int("poolsImagesPerPage"); diff --git a/ext/random_image/theme.php b/ext/random_image/theme.php index 87806bec..2725ca07 100644 --- a/ext/random_image/theme.php +++ b/ext/random_image/theme.php @@ -7,7 +7,7 @@ class RandomImageTheme extends Themelet { public function build_random_html(Image $image, $query=null) { global $config; - $i_id = int_escape($image->id); + $i_id = (int)($image->id); $h_view_link = make_link("post/view/$i_id", $query); $h_thumb_link = $image->get_thumb_link(); $h_tip = html_escape($image->get_tooltip()); diff --git a/ext/rating/theme.php b/ext/rating/theme.php index bc95ea70..3877227d 100644 --- a/ext/rating/theme.php +++ b/ext/rating/theme.php @@ -2,7 +2,7 @@ class RatingsTheme extends Themelet { public function get_rater_html(/*int*/ $image_id, /*string*/ $rating) { - $i_image_id = int_escape($image_id); + $i_image_id = (int)($image_id); $s_checked = $rating == 's' ? " checked" : ""; $q_checked = $rating == 'q' ? " checked" : ""; $e_checked = $rating == 'e' ? " checked" : ""; diff --git a/ext/regen_thumb/main.php b/ext/regen_thumb/main.php index 713f6cd5..ece40022 100644 --- a/ext/regen_thumb/main.php +++ b/ext/regen_thumb/main.php @@ -18,7 +18,7 @@ class RegenThumb extends Extension { global $config, $database, $page, $user; if($event->page_matches("regen_thumb") && $user->is_admin() && isset($_POST['image_id'])) { - $image = Image::by_id(int_escape($_POST['image_id'])); + $image = Image::by_id((int)($_POST['image_id'])); send_event(new ThumbnailGenerationEvent($image->hash, $image->ext, true)); $this->theme->display_results($page, $image); } diff --git a/ext/report_image/main.php b/ext/report_image/main.php index bdbfab73..3c900ec4 100644 --- a/ext/report_image/main.php +++ b/ext/report_image/main.php @@ -43,7 +43,7 @@ class ReportImage extends Extension { if($event->page_matches("image_report")) { if($event->get_arg(0) == "add") { if(isset($_POST['image_id']) && isset($_POST['reason'])) { - $image_id = int_escape($_POST['image_id']); + $image_id = (int)($_POST['image_id']); send_event(new AddReportedImageEvent($image_id, $user->id, $_POST['reason'])); $page->set_mode("redirect"); $page->set_redirect(make_link("post/view/$image_id")); @@ -137,7 +137,7 @@ class ReportImage extends Extension { $reports = array(); foreach($all_reports as $report) { - $image_id = int_escape($report['image_id']); + $image_id = (int)($report['image_id']); $image = Image::by_id($image_id); if(is_null($image)) { send_event(new RemoveReportedImageEvent($report['id'])); diff --git a/ext/report_image/theme.php b/ext/report_image/theme.php index 4e3afb9c..14165d2a 100644 --- a/ext/report_image/theme.php +++ b/ext/report_image/theme.php @@ -64,7 +64,7 @@ class ReportImageTheme extends Themelet { public function display_image_banner(Image $image, /*array*/ $reporters) { global $config, $page; - $i_image = int_escape($image->id); + $i_image = (int)($image->id); $html = ""; if(count($reporters) > 0) { $html .= "Image reported by ".html_escape(implode(", ", $reporters))."

"; diff --git a/ext/resize/main.php b/ext/resize/main.php index 139f3ca8..7b434b66 100644 --- a/ext/resize/main.php +++ b/ext/resize/main.php @@ -105,7 +105,7 @@ class ResizeImage extends Extension { if ( $event->page_matches("resize") && $user->is_admin() ) { // Try to get the image ID - $image_id = int_escape($event->get_arg(0)); + $image_id = (int)($event->get_arg(0)); if (empty($image_id)) { $image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null; } @@ -126,10 +126,10 @@ class ResizeImage extends Extension { $width = $height = 0; if (isset($_POST['resize_width'])) { - $width = int_escape($_POST['resize_width']); + $width = (int)($_POST['resize_width']); } if (isset($_POST['resize_height'])) { - $height = int_escape($_POST['resize_height']); + $height = (int)($_POST['resize_height']); } /* Attempt to resize the image */ diff --git a/ext/resize/theme.php b/ext/resize/theme.php index c331dbbb..c037d5e0 100644 --- a/ext/resize/theme.php +++ b/ext/resize/theme.php @@ -7,7 +7,7 @@ class ResizeImageTheme extends Themelet { public function get_resize_html(/*int*/ $image_id) { global $user, $config; - $i_image_id = int_escape($image_id); + $i_image_id = (int)($image_id); $html = " ".make_form(make_link("resize"),'POST',false,'resize_image')." diff --git a/ext/shimmie_api/main.php b/ext/shimmie_api/main.php index da65a2d6..d16a3aca 100644 --- a/ext/shimmie_api/main.php +++ b/ext/shimmie_api/main.php @@ -71,10 +71,10 @@ class ShimmieApi extends Extension { if($event->page_matches("api/shimmie/get_image")) { $arg = $event->get_arg(0); if(!empty($arg)){ - $image = Image::by_id(int_escape($event->get_arg(0))); + $image = Image::by_id((int)($event->get_arg(0))); } elseif(isset($_GET['id'])){ - $image = Image::by_id(int_escape($_GET['id'])); + $image = Image::by_id((int)($_GET['id'])); } // FIXME: handle null image $image->get_tag_array(); // tag data isn't loaded into the object until necessary diff --git a/ext/simpletest/main.php b/ext/simpletest/main.php index cedba90d..896f02d5 100644 --- a/ext/simpletest/main.php +++ b/ext/simpletest/main.php @@ -173,7 +173,7 @@ class ShimmieWebTestCase extends SCoreWebTestCase { foreach($headers as $header) { $parts = explode(":", $header); if(trim($parts[0]) == "X-Shimmie-Image-ID") { - $image_id = int_escape(trim($parts[1])); + $image_id = (int)(trim($parts[1])); } } diff --git a/ext/tag_history/main.php b/ext/tag_history/main.php index b6fe5cea..c085fb3c 100644 --- a/ext/tag_history/main.php +++ b/ext/tag_history/main.php @@ -40,12 +40,12 @@ class Tag_History extends Extension { } } else if($event->page_matches("tag_history/all")) { - $page_id = int_escape($event->get_arg(0)); + $page_id = (int)($event->get_arg(0)); $this->theme->display_global_page($page, $this->get_global_tag_history($page_id), $page_id); } else if($event->page_matches("tag_history") && $event->count_args() == 1) { // must be an attempt to view a tag history - $image_id = int_escape($event->get_arg(0)); + $image_id = (int)($event->get_arg(0)); $this->theme->display_history_page($page, $image_id, $this->get_tag_history_from_id($image_id)); } } @@ -119,7 +119,7 @@ class Tag_History extends Extension { private function process_revert_request($revert_id) { global $page; - $revert_id = int_escape($revert_id); + $revert_id = (int)($revert_id); // check for the nothing case if($revert_id < 1) { diff --git a/ext/tag_list/main.php b/ext/tag_list/main.php index 8f36345f..4b21daa8 100644 --- a/ext/tag_list/main.php +++ b/ext/tag_list/main.php @@ -125,7 +125,7 @@ class TagList extends Extension { */ private function get_tags_min() { if(isset($_GET['mincount'])) { - return int_escape($_GET['mincount']); + return (int)($_GET['mincount']); } else { global $config; diff --git a/ext/tagger/theme.php b/ext/tagger/theme.php index 733db116..59a111d8 100644 --- a/ext/tagger/theme.php +++ b/ext/tagger/theme.php @@ -24,7 +24,7 @@ class taggerTheme extends Themelet { } private function html(Image $image) { global $config; - $i_image_id = int_escape($image->id); + $i_image_id = (int)($image->id); $h_source = html_escape($image->source); $h_query = isset($_GET['search'])? $h_query= "search=".url_escape($_GET['search']) : ""; diff --git a/ext/tips/main.php b/ext/tips/main.php index 41cc7823..99f7fcaf 100644 --- a/ext/tips/main.php +++ b/ext/tips/main.php @@ -51,14 +51,14 @@ class Tips extends Extension { break; case "status": // FIXME: HTTP GET CSRF - $tipID = int_escape($event->get_arg(1)); + $tipID = (int)($event->get_arg(1)); $this->setStatus($tipID); $page->set_mode("redirect"); $page->set_redirect(make_link("tips/list")); break; case "delete": // FIXME: HTTP GET CSRF - $tipID = int_escape($event->get_arg(1)); + $tipID = (int)($event->get_arg(1)); $this->deleteTip($tipID); $page->set_mode("redirect"); $page->set_redirect(make_link("tips/list")); diff --git a/ext/upload/main.php b/ext/upload/main.php index f88db765..c0f958a5 100644 --- a/ext/upload/main.php +++ b/ext/upload/main.php @@ -121,7 +121,7 @@ class Upload extends Extension { throw new UploadException("Can not replace Image: disk nearly full"); } // Try to get the image ID - $image_id = int_escape($event->get_arg(0)); + $image_id = (int)($event->get_arg(0)); if(empty($image_id)) { $image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null; } @@ -180,12 +180,12 @@ class Upload extends Extension { $source = isset($_POST['source']) ? $_POST['source'] : null; $ok = true; foreach($_FILES as $name => $file) { - $tags = $this->tags_for_upload_slot(int_escape(substr($name, 4))); + $tags = $this->tags_for_upload_slot((int)(substr($name, 4))); $ok = $ok & $this->try_upload($file, $tags, $source); } foreach($_POST as $name => $value) { if(substr($name, 0, 3) == "url" && strlen($value) > 0) { - $tags = $this->tags_for_upload_slot(int_escape(substr($name, 3))); + $tags = $this->tags_for_upload_slot((int)(substr($name, 3))); $ok = $ok & $this->try_transload($value, $tags, $source); } } @@ -292,8 +292,8 @@ class Upload extends Extension { if($event->image_id == -1) { throw new UploadException("File type not recognised"); } - //header("X-Shimmie-Image-ID: ".int_escape($event->image_id)); - $page->add_http_header("X-Shimmie-Image-ID: ".int_escape($event->image_id)); + //header("X-Shimmie-Image-ID: ".(int)($event->image_id)); + $page->add_http_header("X-Shimmie-Image-ID: ".(int)($event->image_id)); } catch(UploadException $ex) { $this->theme->display_upload_error($page, "Error with ".html_escape($file['name']), diff --git a/ext/user/main.php b/ext/user/main.php index e92a8f6e..ee818a04 100644 --- a/ext/user/main.php +++ b/ext/user/main.php @@ -294,7 +294,7 @@ class UserPage extends Extension { $event->add_querylet(new Querylet("images.owner_id = $user_id")); } else if(preg_match("/^(poster|user)_id=([0-9]+)$/i", $event->term, $matches)) { - $user_id = int_escape($matches[2]); + $user_id = (int)($matches[2]); $event->add_querylet(new Querylet("images.owner_id = $user_id")); } else if($user->can("view_ip") && preg_match("/^(poster|user)_ip=([0-9\.]+)$/i", $event->term, $matches)) { diff --git a/ext/user/theme.php b/ext/user/theme.php index f129d284..e0560c44 100644 --- a/ext/user/theme.php +++ b/ext/user/theme.php @@ -187,7 +187,7 @@ class UserPageTheme extends Themelet { "; - $i_user_id = int_escape($duser->id); + $i_user_id = (int)($duser->id); if($user->can("edit_user_class")) { global $_user_classes; diff --git a/ext/view/main.php b/ext/view/main.php index 2a1911c9..6941d134 100644 --- a/ext/view/main.php +++ b/ext/view/main.php @@ -75,7 +75,7 @@ class ViewImage extends Extension { $event->page_matches("post/next") ) { - $image_id = int_escape($event->get_arg(0)); + $image_id = (int)($event->get_arg(0)); if(isset($_GET['search'])) { $search_terms = explode(' ', $_GET['search']); @@ -109,7 +109,7 @@ class ViewImage extends Extension { } if($event->page_matches("post/view")) { - $image_id = int_escape($event->get_arg(0)); + $image_id = (int)($event->get_arg(0)); $image = Image::by_id($image_id); @@ -128,7 +128,7 @@ class ViewImage extends Extension { if($event->page_matches("post/set")) { if(!isset($_POST['image_id'])) return; - $image_id = int_escape($_POST['image_id']); + $image_id = (int)($_POST['image_id']); send_event(new ImageInfoSetEvent(Image::by_id($image_id))); diff --git a/ext/wiki/main.php b/ext/wiki/main.php index bb2f4837..256a738f 100644 --- a/ext/wiki/main.php +++ b/ext/wiki/main.php @@ -99,7 +99,7 @@ class Wiki extends Extension { } else if($event->page_matches("wiki_admin/save")) { $title = $_POST['title']; - $rev = int_escape($_POST['revision']); + $rev = (int)($_POST['revision']); $body = $_POST['body']; $lock = $user->is_admin() && isset($_POST['lock']) && ($_POST['lock'] == "on"); diff --git a/ext/wiki/theme.php b/ext/wiki/theme.php index 45b7bee4..659f9183 100644 --- a/ext/wiki/theme.php +++ b/ext/wiki/theme.php @@ -40,7 +40,7 @@ class WikiTheme extends Themelet { protected function create_edit_html(WikiPage $page) { $h_title = html_escape($page->title); $u_title = url_escape($page->title); - $i_revision = int_escape($page->revision) + 1; + $i_revision = (int)($page->revision) + 1; global $user; if($user->is_admin()) { @@ -73,7 +73,7 @@ class WikiTheme extends Themelet { " ".make_form(make_link("wiki_admin/edit"))." - + " : @@ -82,7 +82,7 @@ class WikiTheme extends Themelet { $edit .= " ".make_form(make_link("wiki_admin/delete_revision"))." - + ".make_form(make_link("wiki_admin/delete_all"))." diff --git a/themes/danbooru/comment.theme.php b/themes/danbooru/comment.theme.php index fea07ba4..b671cd89 100644 --- a/themes/danbooru/comment.theme.php +++ b/themes/danbooru/comment.theme.php @@ -93,12 +93,12 @@ class CustomCommentListTheme extends CommentListTheme { $tfe = new TextFormattingEvent($comment->comment); send_event($tfe); - $i_uid = int_escape($comment->owner_id); + $i_uid = (int)($comment->owner_id); $h_name = html_escape($comment->owner_name); $h_poster_ip = html_escape($comment->poster_ip); $h_comment = ($trim ? substr($tfe->stripped, 0, 50)."..." : $tfe->formatted); - $i_comment_id = int_escape($comment->comment_id); - $i_image_id = int_escape($comment->image_id); + $i_comment_id = (int)($comment->comment_id); + $i_image_id = (int)($comment->image_id); $h_posted = autodate($comment->posted); $stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50)); diff --git a/themes/futaba/comment.theme.php b/themes/futaba/comment.theme.php index ee6672c2..17c92646 100644 --- a/themes/futaba/comment.theme.php +++ b/themes/futaba/comment.theme.php @@ -59,12 +59,12 @@ class CustomCommentListTheme extends CommentListTheme { $tfe = new TextFormattingEvent($comment->comment); send_event($tfe); - $i_uid = int_escape($comment->owner_id); + $i_uid = (int)($comment->owner_id); $h_name = html_escape($comment->owner_name); $h_poster_ip = html_escape($comment->poster_ip); $h_comment = ($trim ? substr($tfe->stripped, 0, 50)."..." : $tfe->formatted); - $i_comment_id = int_escape($comment->comment_id); - $i_image_id = int_escape($comment->image_id); + $i_comment_id = (int)($comment->comment_id); + $i_image_id = (int)($comment->image_id); $stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50)); $stripped_nonl = str_replace("\r", "\\r", $stripped_nonl); From 372f4fad7ce3154500f744c82a71026732881b8e Mon Sep 17 00:00:00 2001 From: "green-ponies (jgen)" Date: Sun, 15 Apr 2012 18:59:23 -0400 Subject: [PATCH 05/24] Use filter_var for function url_escape($input). --- core/util.inc.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/core/util.inc.php b/core/util.inc.php index dd815671..4222cc97 100644 --- a/core/util.inc.php +++ b/core/util.inc.php @@ -34,14 +34,18 @@ function int_escape($input) { * @retval string */ function url_escape($input) { - if(is_null($input)) { + /* The function idn_to_ascii is used to support Unicode domains / URLs as well. + See here for more: http://php.net/manual/en/function.filter-var.php */ + return filter_var(idn_to_ascii($input), FILTER_SANITIZE_URL); + + /*if(is_null($input)) { return ""; } $input = str_replace('^', '^^', $input); $input = str_replace('/', '^s', $input); $input = str_replace('\\', '^b', $input); $input = rawurlencode($input); - return $input; + return $input;*/ } /** @@ -210,6 +214,7 @@ function show_ip($ip, $ban_reason) { * will try and standardise them */ function undb_bool($val) { + // Could this be combined with bool_escape() ? if($val === true || $val == 'Y' || $val == 'y' || $val == 'T' || $val == 't' || $val === 1) return true; if($val === false || $val == 'N' || $val == 'n' || $val == 'F' || $val == 'f' || $val === 0) return false; } From a0a0ba5bbc7251cef1778267854fa2ea394dbaf2 Mon Sep 17 00:00:00 2001 From: "green-ponies (jgen)" Date: Sun, 15 Apr 2012 19:28:27 -0400 Subject: [PATCH 06/24] A better version of bool_escape() that uses filter_var if possible. Also removed undb_bool() as it was basically a copy of the old bool_escape function. --- core/config.class.php | 2 +- core/imageboard.pack.php | 4 ++-- core/util.inc.php | 45 ++++++++++++++++++++++------------------ ext/pm/main.php | 2 +- 4 files changed, 29 insertions(+), 24 deletions(-) diff --git a/core/config.class.php b/core/config.class.php index 7e76b66c..8fc7b4d9 100644 --- a/core/config.class.php +++ b/core/config.class.php @@ -103,7 +103,7 @@ abstract class BaseConfig implements Config { return $this->get($name, $default); } public function get_bool(/*string*/ $name, $default=null) { - return undb_bool($this->get($name, $default)); + return bool_escape($this->get($name, $default)); } public function get_array(/*string*/ $name, $default=array()) { return explode(",", $this->get($name, "")); diff --git a/core/imageboard.pack.php b/core/imageboard.pack.php index cd356513..2872d06c 100644 --- a/core/imageboard.pack.php +++ b/core/imageboard.pack.php @@ -56,7 +56,7 @@ class Image { $this->$name = $value; // hax } $this->posted_timestamp = strtotime($this->posted); // pray - $this->locked = undb_bool($this->locked); + $this->locked = bool_escape($this->locked); assert(is_numeric($this->id)); assert(is_numeric($this->height)); @@ -439,7 +439,7 @@ class Image { $sln = $database->engine->scoreql_to_sql('SCORE_BOOL_'.$ln); $sln = str_replace("'", "", $sln); $sln = str_replace('"', "", $sln); - if(undb_bool($sln) !== $this->locked) { + if(bool_escape($sln) !== $this->locked) { $database->execute("UPDATE images SET locked=:yn WHERE id=:id", array("yn"=>$sln, "id"=>$this->id)); log_info("core-image", "Setting Image #{$this->id} lock to: $ln"); } diff --git a/core/util.inc.php b/core/util.inc.php index 4222cc97..6ad2656f 100644 --- a/core/util.inc.php +++ b/core/util.inc.php @@ -65,16 +65,31 @@ function sql_escape($input) { * @retval boolean */ function bool_escape($input) { - $input = strtolower($input); - return ( - $input === "y" || - $input === "yes" || - $input === "t" || - $input === "true" || - $input === "on" || - $input === 1 || - $input === true - ); + /* + Sometimes, I don't like PHP -- this, is one of those times... + "a boolean FALSE is not considered a valid boolean value by this function." + Yay for Got'chas! + http://php.net/manual/en/filter.filters.validate.php + */ + if (is_bool($value)) { + return $value; + } else { + $value = filter_var($input, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE); + if (!is_null($value)) { + return $value; + } else { + $input = strtolower($input); + return ( + $input === "y" || + $input === "yes" || + $input === "t" || + $input === "true" || + $input === "on" || + $input === 1 || + $input === true + ); + } + } } /** @@ -209,16 +224,6 @@ function show_ip($ip, $ban_reason) { return $ip; } -/** - * Different databases have different ways to represent booleans; this - * will try and standardise them - */ -function undb_bool($val) { - // Could this be combined with bool_escape() ? - if($val === true || $val == 'Y' || $val == 'y' || $val == 'T' || $val == 't' || $val === 1) return true; - if($val === false || $val == 'N' || $val == 'n' || $val == 'F' || $val == 'f' || $val === 0) return false; -} - /** * Checks if a given string contains another at the beginning. * diff --git a/ext/pm/main.php b/ext/pm/main.php index d77258aa..729ac808 100644 --- a/ext/pm/main.php +++ b/ext/pm/main.php @@ -28,7 +28,7 @@ class PM { $this->sent_date = $a["sent_date"]; $this->subject = $a["subject"]; $this->message = $a["message"]; - $this->is_read = undb_bool($a["is_read"]); + $this->is_read = bool_escape($a["is_read"]); } else { $this->id = -1; From 0c37be79a0f8ed6775d778773658ee22e8b3503c Mon Sep 17 00:00:00 2001 From: "green-ponies (jgen)" Date: Sun, 15 Apr 2012 19:55:06 -0400 Subject: [PATCH 07/24] Actually get the proper mime type for a given file. (FIXME: now we handle more than just images) --- core/imageboard.pack.php | 60 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 55 insertions(+), 5 deletions(-) diff --git a/core/imageboard.pack.php b/core/imageboard.pack.php index 2872d06c..4e2b8cda 100644 --- a/core/imageboard.pack.php +++ b/core/imageboard.pack.php @@ -385,16 +385,66 @@ class Image { /** * Get the image's mime type * - * FIXME: now we handle more than just images - * * @retval string */ public function get_mime_type() { - $type = strtolower($this->ext); - if($type === "jpg") $type = "jpeg"; - return 'image/'.$type; + return __getMimeType( get_image_filename() ); } + /** + * Get MIME type for file + * + * The contents of this function are taken from the __getMimeType() function + * from the "Amazon S3 PHP class" which is Copyright (c) 2008, Donovan Schönknecht + * and released under the 'Simplified BSD License'. + * + * @internal Used to get mime types + * @param string &$file File path + * @return string + */ + public static function __getMimeType(&$file) + { + $type = false; + // Fileinfo documentation says fileinfo_open() will use the + // MAGIC env var for the magic file + if (extension_loaded('fileinfo') && isset($_ENV['MAGIC']) && + ($finfo = finfo_open(FILEINFO_MIME, $_ENV['MAGIC'])) !== false) + { + if (($type = finfo_file($finfo, $file)) !== false) + { + // Remove the charset and grab the last content-type + $type = explode(' ', str_replace('; charset=', ';charset=', $type)); + $type = array_pop($type); + $type = explode(';', $type); + $type = trim(array_shift($type)); + } + finfo_close($finfo); + + // If anyone is still using mime_content_type() + } elseif (function_exists('mime_content_type')) + $type = trim(mime_content_type($file)); + + if ($type !== false && strlen($type) > 0) return $type; + + // Otherwise do it the old fashioned way + static $exts = array( + 'jpg' => 'image/jpeg', 'gif' => 'image/gif', 'png' => 'image/png', + 'tif' => 'image/tiff', 'tiff' => 'image/tiff', 'ico' => 'image/x-icon', + 'swf' => 'application/x-shockwave-flash', 'pdf' => 'application/pdf', + 'zip' => 'application/zip', 'gz' => 'application/x-gzip', + 'tar' => 'application/x-tar', 'bz' => 'application/x-bzip', + 'bz2' => 'application/x-bzip2', 'txt' => 'text/plain', + 'asc' => 'text/plain', 'htm' => 'text/html', 'html' => 'text/html', + 'css' => 'text/css', 'js' => 'text/javascript', + 'xml' => 'text/xml', 'xsl' => 'application/xsl+xml', + 'ogg' => 'application/ogg', 'mp3' => 'audio/mpeg', 'wav' => 'audio/x-wav', + 'avi' => 'video/x-msvideo', 'mpg' => 'video/mpeg', 'mpeg' => 'video/mpeg', + 'mov' => 'video/quicktime', 'flv' => 'video/x-flv', 'php' => 'text/x-php' + ); + $ext = strtolower(pathInfo($file, PATHINFO_EXTENSION)); + return isset($exts[$ext]) ? $exts[$ext] : 'application/octet-stream'; + } + /** * Get the image's filename extension * From 540e82a27aa3aaf047af0c968c0444d1d8cf13df Mon Sep 17 00:00:00 2001 From: "green-ponies (jgen)" Date: Sun, 15 Apr 2012 20:00:27 -0400 Subject: [PATCH 08/24] Actually use the mime type. --- ext/featured/main.php | 2 +- ext/random_image/main.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/featured/main.php b/ext/featured/main.php index dbf71d49..928802bd 100644 --- a/ext/featured/main.php +++ b/ext/featured/main.php @@ -42,7 +42,7 @@ class Featured extends Extension { $image = Image::by_id($config->get_int("featured_id")); if(!is_null($image)) { $page->set_mode("data"); - $page->set_type("image/jpeg"); + $page->set_type($image->get_mime_type()); $page->set_data(file_get_contents($image->get_image_filename())); } } diff --git a/ext/random_image/main.php b/ext/random_image/main.php index 5a77bb25..ced59d67 100644 --- a/ext/random_image/main.php +++ b/ext/random_image/main.php @@ -41,7 +41,7 @@ class RandomImage extends Extension { if($action === "download") { if(!is_null($image)) { $page->set_mode("data"); - $page->set_type("image/jpeg"); + $page->set_type($image->get_mime_type()); $page->set_data(file_get_contents($image->get_image_filename())); } } From a79875c1eb124c085231429efca75cb435caf8d9 Mon Sep 17 00:00:00 2001 From: "green-ponies (jgen)" Date: Mon, 16 Apr 2012 16:42:32 -0400 Subject: [PATCH 09/24] The idn_to_ascii() function is only supported by PHP version 5.3 and up. --- core/util.inc.php | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/core/util.inc.php b/core/util.inc.php index 6ad2656f..2cad2224 100644 --- a/core/util.inc.php +++ b/core/util.inc.php @@ -35,9 +35,15 @@ function int_escape($input) { */ function url_escape($input) { /* The function idn_to_ascii is used to support Unicode domains / URLs as well. - See here for more: http://php.net/manual/en/function.filter-var.php */ - return filter_var(idn_to_ascii($input), FILTER_SANITIZE_URL); - + See here for more: http://php.net/manual/en/function.filter-var.php + However, it is only supported by PHP version 5.3 and up + */ + if (function_exists('idn_to_ascii')) { + return filter_var(idn_to_ascii($input), FILTER_SANITIZE_URL); + } else { + return filter_var($input, FILTER_SANITIZE_URL); + } + /*if(is_null($input)) { return ""; } @@ -71,8 +77,8 @@ function bool_escape($input) { Yay for Got'chas! http://php.net/manual/en/filter.filters.validate.php */ - if (is_bool($value)) { - return $value; + if (is_bool($input)) { + return $input; } else { $value = filter_var($input, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE); if (!is_null($value)) { From dd88127c30d82d77a2385e38595f4e6f1c282178 Mon Sep 17 00:00:00 2001 From: "green-ponies (jgen)" Date: Wed, 18 Apr 2012 00:54:18 -0400 Subject: [PATCH 10/24] Undoing this commit: Removing unnecessary call to int_escape(). Simply cast to int inline, saving function call overhead. --- core/event.class.php | 4 ++-- core/extension.class.php | 2 +- core/user.class.php | 2 +- ext/artists/main.php | 16 +++++++------- ext/blotter/main.php | 2 +- ext/comment/main.php | 12 +++++------ ext/comment/theme.php | 8 +++---- ext/danbooru_api/main.php | 8 +++---- ext/favorites/main.php | 4 ++-- ext/favorites/theme.php | 2 +- ext/featured/main.php | 2 +- ext/featured/theme.php | 2 +- ext/forum/main.php | 12 +++++------ ext/handle_ico/main.php | 2 +- ext/handle_svg/main.php | 6 +++--- ext/image/main.php | 4 ++-- ext/image_hash_ban/main.php | 10 ++++----- ext/index/main.php | 4 ++-- ext/log_db/main.php | 4 ++-- ext/log_db/theme.php | 2 +- ext/notes/main.php | 36 +++++++++++++++---------------- ext/numeric_score/main.php | 16 +++++++------- ext/numeric_score/theme.php | 4 ++-- ext/pm/main.php | 8 +++---- ext/pools/main.php | 20 ++++++++--------- ext/random_image/theme.php | 2 +- ext/rating/theme.php | 2 +- ext/regen_thumb/main.php | 2 +- ext/report_image/main.php | 4 ++-- ext/report_image/theme.php | 2 +- ext/resize/main.php | 6 +++--- ext/resize/theme.php | 2 +- ext/shimmie_api/main.php | 4 ++-- ext/simpletest/main.php | 2 +- ext/tag_history/main.php | 6 +++--- ext/tag_list/main.php | 2 +- ext/tagger/theme.php | 2 +- ext/tips/main.php | 4 ++-- ext/upload/main.php | 10 ++++----- ext/user/main.php | 2 +- ext/user/theme.php | 2 +- ext/view/main.php | 6 +++--- ext/wiki/main.php | 2 +- ext/wiki/theme.php | 6 +++--- themes/danbooru/comment.theme.php | 6 +++--- themes/futaba/comment.theme.php | 6 +++--- 46 files changed, 136 insertions(+), 136 deletions(-) diff --git a/core/event.class.php b/core/event.class.php index 8deef228..e5b38f20 100644 --- a/core/event.class.php +++ b/core/event.class.php @@ -95,10 +95,10 @@ class PageRequestEvent extends Event { public function get_page_number() { $page_number = 1; if($this->count_args() === 1) { - $page_number = (int)($this->get_arg(0)); + $page_number = int_escape($this->get_arg(0)); } else if($this->count_args() === 2) { - $page_number = (int)($this->get_arg(1)); + $page_number = int_escape($this->get_arg(1)); } if($page_number === 0) $page_number = 1; // invalid -> 0 return $page_number; diff --git a/core/extension.class.php b/core/extension.class.php index bd57f50c..736f624f 100644 --- a/core/extension.class.php +++ b/core/extension.class.php @@ -149,7 +149,7 @@ abstract class DataHandlerExtension extends Extension { /* hax: This seems like such a dirty way to do this.. */ /* Validate things */ - $image_id = (int)($event->metadata['replace']); + $image_id = int_escape($event->metadata['replace']); /* Check to make sure the image exists. */ $existing = Image::by_id($image_id); diff --git a/core/user.class.php b/core/user.class.php index 3913c436..b5642d10 100644 --- a/core/user.class.php +++ b/core/user.class.php @@ -33,7 +33,7 @@ class User { public function User($row) { global $_user_classes; - $this->id = (int)($row['id']); + $this->id = int_escape($row['id']); $this->name = $row['name']; $this->email = $row['email']; $this->join_date = $row['joindate']; diff --git a/ext/artists/main.php b/ext/artists/main.php index ac838b51..a4b3d6c3 100644 --- a/ext/artists/main.php +++ b/ext/artists/main.php @@ -249,7 +249,7 @@ class Artists extends Extension { } case "edited": { - $artistID = (int)($_POST['id']); + $artistID = int_escape($_POST['id']); $this->update_artist(); $page->set_mode("redirect"); $page->set_redirect(make_link("artist/view/".$artistID)); @@ -312,7 +312,7 @@ class Artists extends Extension { } case "edit": { - $aliasID = (int)($event->get_arg(2)); + $aliasID = int_escape($event->get_arg(2)); $alias = $this->get_alias_by_id($aliasID); $this->theme->show_alias_editor($alias); break; @@ -320,7 +320,7 @@ class Artists extends Extension { case "edited": { $this->update_alias(); - $aliasID = (int)($_POST['aliasID']); + $aliasID = int_escape($_POST['aliasID']); $artistID = $this->get_artistID_by_aliasID($aliasID); $page->set_mode("redirect"); $page->set_redirect(make_link("artist/view/".$artistID)); @@ -354,7 +354,7 @@ class Artists extends Extension { } case "edit": { - $urlID = (int)($event->get_arg(2)); + $urlID = int_escape($event->get_arg(2)); $url = $this->get_url_by_id($urlID); $this->theme->show_url_editor($url); break; @@ -362,7 +362,7 @@ class Artists extends Extension { case "edited": { $this->update_url(); - $urlID = (int)($_POST['urlID']); + $urlID = int_escape($_POST['urlID']); $artistID = $this->get_artistID_by_urlID($urlID); $page->set_mode("redirect"); $page->set_redirect(make_link("artist/view/".$artistID)); @@ -386,7 +386,7 @@ class Artists extends Extension { } case "delete": { - $memberID = (int)($event->get_arg(2)); + $memberID = int_escape($event->get_arg(2)); $artistID = $this->get_artistID_by_memberID($memberID); $this->delete_member($memberID); $page->set_mode("redirect"); @@ -395,7 +395,7 @@ class Artists extends Extension { } case "edit": { - $memberID = (int)($event->get_arg(2)); + $memberID = int_escape($event->get_arg(2)); $member = $this->get_member_by_id($memberID); $this->theme->show_member_editor($member); break; @@ -403,7 +403,7 @@ class Artists extends Extension { case "edited": { $this->update_member(); - $memberID = (int)($_POST['memberID']); + $memberID = int_escape($_POST['memberID']); $artistID = $this->get_artistID_by_memberID($memberID); $page->set_mode("redirect"); $page->set_redirect(make_link("artist/view/".$artistID)); diff --git a/ext/blotter/main.php b/ext/blotter/main.php index 6bb92a38..21c87d8c 100644 --- a/ext/blotter/main.php +++ b/ext/blotter/main.php @@ -97,7 +97,7 @@ class Blotter extends Extension { if(!$user->is_admin() || !$user->check_auth_token()) { $this->theme->display_permission_denied(); } else { - $id = (int)($_POST['id']); + $id = int_escape($_POST['id']); if(!isset($id)) { die("No ID!"); } $database->Execute("DELETE FROM blotter WHERE id=:id", array("id"=>$id)); log_info("blotter", "Removed Entry #$id"); diff --git a/ext/comment/main.php b/ext/comment/main.php index be412f1f..ebf8ebe7 100644 --- a/ext/comment/main.php +++ b/ext/comment/main.php @@ -124,7 +124,7 @@ class CommentList extends Extension { if($event->get_arg(0) === "add") { if(isset($_POST['image_id']) && isset($_POST['comment'])) { try { - $i_iid = (int)($_POST['image_id']); + $i_iid = int_escape($_POST['image_id']); $cpe = new CommentPostingEvent($_POST['image_id'], $user, $_POST['comment']); send_event($cpe); $page->set_mode("redirect"); @@ -154,7 +154,7 @@ class CommentList extends Extension { } } else if($event->get_arg(0) === "list") { - $page_num = (int)($event->get_arg(1)); + $page_num = int_escape($event->get_arg(1)); $this->build_page($page_num); } } @@ -242,7 +242,7 @@ class CommentList extends Extension { $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM comments WHERE owner_id = $user_id)")); } else if(preg_match("/commented_by_userid=([0-9]+)/i", $event->term, $matches)) { - $user_id = (int)($matches[1]); + $user_id = int_escape($matches[1]); $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM comments WHERE owner_id = $user_id)")); } } @@ -340,7 +340,7 @@ class CommentList extends Extension { private function get_comments(/*int*/ $image_id) { global $config; global $database; - $i_image_id = (int)($image_id); + $i_image_id = int_escape($image_id); $rows = $database->get_all(" SELECT users.id as user_id, users.name as user_name, users.email as user_email, @@ -368,8 +368,8 @@ class CommentList extends Extension { // sqlite fails at intervals if($database->engine->name === "sqlite") return false; - $window = (int)($config->get_int('comment_window')); - $max = (int)($config->get_int('comment_limit')); + $window = int_escape($config->get_int('comment_window')); + $max = int_escape($config->get_int('comment_limit')); if($database->engine->name == "mysql") $window_sql = "interval $window minute"; else $window_sql = "interval '$window minute'"; diff --git a/ext/comment/theme.php b/ext/comment/theme.php index 18f5550d..51d7092a 100644 --- a/ext/comment/theme.php +++ b/ext/comment/theme.php @@ -157,13 +157,13 @@ class CommentListTheme extends Themelet { $tfe = new TextFormattingEvent($comment->comment); send_event($tfe); - $i_uid = (int)($comment->owner_id); + $i_uid = int_escape($comment->owner_id); $h_name = html_escape($comment->owner_name); $h_poster_ip = html_escape($comment->poster_ip); $h_timestamp = autodate($comment->posted); $h_comment = ($trim ? truncate($tfe->stripped, 50) : $tfe->formatted); - $i_comment_id = (int)($comment->comment_id); - $i_image_id = (int)($comment->image_id); + $i_comment_id = int_escape($comment->comment_id); + $i_image_id = int_escape($comment->image_id); if($i_uid == $config->get_int("anon_id")) { $anoncode = ""; @@ -224,7 +224,7 @@ class CommentListTheme extends Themelet { protected function build_postbox(/*int*/ $image_id) { global $config; - $i_image_id = (int)($image_id); + $i_image_id = int_escape($image_id); $hash = CommentList::get_hash(); $h_captcha = $config->get_bool("comment_captcha") ? captcha_get_html() : ""; diff --git a/ext/danbooru_api/main.php b/ext/danbooru_api/main.php index 43daadbe..4d98a90d 100644 --- a/ext/danbooru_api/main.php +++ b/ext/danbooru_api/main.php @@ -287,8 +287,8 @@ class DanbooruApi extends Extension { } } else { - $limit = isset($_GET['limit']) ? (int)($_GET['limit']) : 100; - $start = isset($_GET['offset']) ? (int)($_GET['offset']) : 0; + $limit = isset($_GET['limit']) ? int_escape($_GET['limit']) : 100; + $start = isset($_GET['offset']) ? int_escape($_GET['offset']) : 0; $tags = isset($_GET['tags']) ? Tag::explode($_GET['tags']) : array(); $results = Image::find_images($start, $limit, $tags); } @@ -346,14 +346,14 @@ class DanbooruApi extends Extension { /* Currently disabled to maintain identical functionality to danbooru 1.0's own "broken" find_tags elseif(isset($_GET['tags'])) { - $start = isset($_GET['after_id']) ? (int)($_GET['offset']) : 0; + $start = isset($_GET['after_id']) ? int_escape($_GET['offset']) : 0; $tags = Tag::explode($_GET['tags']); } */ else { - $start = isset($_GET['after_id']) ? (int)($_GET['offset']) : 0; + $start = isset($_GET['after_id']) ? int_escape($_GET['offset']) : 0; $sqlresult = $database->execute("SELECT id,tag,count FROM tags WHERE count > 0 AND id >= ? ORDER BY id DESC",array($start)); while(!$sqlresult->EOF) { diff --git a/ext/favorites/main.php b/ext/favorites/main.php index 77e16f72..35d3c7f0 100644 --- a/ext/favorites/main.php +++ b/ext/favorites/main.php @@ -58,7 +58,7 @@ class Favorites extends Extension { public function onPageRequest(PageRequestEvent $event) { global $page, $user; if($event->page_matches("change_favorite") && !$user->is_anonymous() && $user->check_auth_token()) { - $image_id = (int)($_POST['image_id']); + $image_id = int_escape($_POST['image_id']); if((($_POST['favorite_action'] == "set") || ($_POST['favorite_action'] == "unset")) && ($image_id > 0)) { send_event(new FavoriteSetEvent($image_id, $user, ($_POST['favorite_action'] == "set"))); } @@ -128,7 +128,7 @@ class Favorites extends Extension { $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM user_favorites WHERE user_id = $user_id)")); } else if(preg_match("/favorited_by_userno=([0-9]+)/i", $event->term, $matches)) { - $user_id = (int)($matches[1]); + $user_id = int_escape($matches[1]); $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM user_favorites WHERE user_id = $user_id)")); } } diff --git a/ext/favorites/theme.php b/ext/favorites/theme.php index 111a900e..14a4fd39 100644 --- a/ext/favorites/theme.php +++ b/ext/favorites/theme.php @@ -4,7 +4,7 @@ class FavoritesTheme extends Themelet { public function get_voter_html(Image $image, $is_favorited) { global $page, $user; - $i_image_id = (int)($image->id); + $i_image_id = int_escape($image->id); $name = $is_favorited ? "unset" : "set"; $label = $is_favorited ? "Un-Favorite" : "Favorite"; $html = " diff --git a/ext/featured/main.php b/ext/featured/main.php index 928802bd..57c9f4f8 100644 --- a/ext/featured/main.php +++ b/ext/featured/main.php @@ -30,7 +30,7 @@ class Featured extends Extension { if($event->page_matches("featured_image")) { if($event->get_arg(0) == "set" && $user->check_auth_token()) { if($user->can("edit_feature") && isset($_POST['image_id'])) { - $id = (int)($_POST['image_id']); + $id = int_escape($_POST['image_id']); if($id > 0) { $config->set_int("featured_id", $id); $page->set_mode("redirect"); diff --git a/ext/featured/theme.php b/ext/featured/theme.php index d84bf719..77afe5ff 100644 --- a/ext/featured/theme.php +++ b/ext/featured/theme.php @@ -21,7 +21,7 @@ class FeaturedTheme extends Themelet { public function build_featured_html(Image $image, $query=null) { global $config; - $i_id = (int)($image->id); + $i_id = int_escape($image->id); $h_view_link = make_link("post/view/$i_id", $query); $h_thumb_link = $image->get_thumb_link(); $h_tip = html_escape($image->get_tooltip()); diff --git a/ext/forum/main.php b/ext/forum/main.php index 014d98d4..cee5d5c8 100644 --- a/ext/forum/main.php +++ b/ext/forum/main.php @@ -92,8 +92,8 @@ class Forum extends Extension { } case "view": { - $threadID = (int)($event->get_arg(1)); - $pageNumber = (int)($event->get_arg(2)); + $threadID = int_escape($event->get_arg(1)); + $pageNumber = int_escape($event->get_arg(2)); $this->show_posts($event, $user->is_admin()); if($user->is_admin()) $this->theme->add_actions_block($page, $threadID); @@ -131,8 +131,8 @@ class Forum extends Extension { break; } case "delete": - $threadID = (int)($event->get_arg(1)); - $postID = (int)($event->get_arg(2)); + $threadID = int_escape($event->get_arg(1)); + $postID = int_escape($event->get_arg(2)); if ($user->is_admin()) {$this->delete_post($postID);} @@ -140,7 +140,7 @@ class Forum extends Extension { $page->set_redirect(make_link("forum/view/".$threadID)); break; case "nuke": - $threadID = (int)($event->get_arg(1)); + $threadID = int_escape($event->get_arg(1)); if ($user->is_admin()) $this->delete_thread($threadID); @@ -160,7 +160,7 @@ class Forum extends Extension { break; } - $threadID = (int)($_POST["threadID"]); + $threadID = int_escape($_POST["threadID"]); $this->save_new_post($threadID, $user); } diff --git a/ext/handle_ico/main.php b/ext/handle_ico/main.php index a6ccc1e3..7582fc53 100644 --- a/ext/handle_ico/main.php +++ b/ext/handle_ico/main.php @@ -38,7 +38,7 @@ class IcoFileHandler extends Extension { public function onPageRequest(PageRequestEvent $event) { global $config, $database, $page; if($event->page_matches("get_ico")) { - $id = (int)($event->get_arg(0)); + $id = int_escape($event->get_arg(0)); $image = Image::by_id($id); $hash = $image->hash; $ha = substr($hash, 0, 2); diff --git a/ext/handle_svg/main.php b/ext/handle_svg/main.php index 4ad22f99..6cc3efe8 100644 --- a/ext/handle_svg/main.php +++ b/ext/handle_svg/main.php @@ -43,7 +43,7 @@ class SVGFileHandler extends Extension { public function onPageRequest(PageRequestEvent $event) { global $config, $database, $page; if($event->page_matches("get_svg")) { - $id = (int)($event->get_arg(0)); + $id = int_escape($event->get_arg(0)); $image = Image::by_id($id); $hash = $image->hash; @@ -97,8 +97,8 @@ class MiniSVGParser { function startElement($parser, $name, $attrs) { if($name == "SVG") { - $this->width = (int)($attrs["WIDTH"]); - $this->height = (int)($attrs["HEIGHT"]); + $this->width = int_escape($attrs["WIDTH"]); + $this->height = int_escape($attrs["HEIGHT"]); } } diff --git a/ext/image/main.php b/ext/image/main.php index bec26c9d..836c65e9 100644 --- a/ext/image/main.php +++ b/ext/image/main.php @@ -180,11 +180,11 @@ class ImageIO extends Extension { } } else if($event->page_matches("image")) { - $num = (int)($event->get_arg(0)); + $num = int_escape($event->get_arg(0)); $this->send_file($num, "image"); } else if($event->page_matches("thumb")) { - $num = (int)($event->get_arg(0)); + $num = int_escape($event->get_arg(0)); $this->send_file($num, "thumb"); } } diff --git a/ext/image_hash_ban/main.php b/ext/image_hash_ban/main.php index abc997f1..cf20fb37 100644 --- a/ext/image_hash_ban/main.php +++ b/ext/image_hash_ban/main.php @@ -58,7 +58,7 @@ class ImageBan extends Extension { if($event->page_matches("image_hash_ban")) { if($user->can("ban_image")) { if($event->get_arg(0) == "dnp") { - $image = Image::by_id((int)($event->get_arg(1))); + $image = Image::by_id(int_escape($event->get_arg(1))); if($image) { send_event(new AddImageHashBanEvent($image->hash, "DNP")); send_event(new ImageDeletionEvent($image)); @@ -74,7 +74,7 @@ class ImageBan extends Extension { $page->set_redirect(make_link("image_hash_ban/list/1")); } if(isset($_POST['image_id'])) { - $image = Image::by_id((int)($_POST['image_id'])); + $image = Image::by_id(int_escape($_POST['image_id'])); if($image) { send_event(new ImageDeletionEvent($image)); $page->set_mode("redirect"); @@ -93,7 +93,7 @@ class ImageBan extends Extension { else if($event->get_arg(0) == "list") { $page_num = 0; if($event->count_args() == 2) { - $page_num = (int)($event->get_arg(1)); + $page_num = int_escape($event->get_arg(1)); } $page_size = 100; $page_count = ceil($database->get_one("SELECT COUNT(id) FROM image_bans")/$page_size); @@ -131,8 +131,8 @@ class ImageBan extends Extension { global $database; // FIXME: many - $size_i = (int)($size); - $offset_i = (int)($page-1)*$size_i; + $size_i = int_escape($size); + $offset_i = int_escape($page-1)*$size_i; $where = array("(1=1)"); $args = array(); if(!empty($_GET['hash'])) { diff --git a/ext/index/main.php b/ext/index/main.php index 2d2522b0..f5244d54 100644 --- a/ext/index/main.php +++ b/ext/index/main.php @@ -204,7 +204,7 @@ class Index extends Extension { } else if(preg_match("/^ratio(<|>|<=|>=|=)(\d+):(\d+)$/", $event->term, $matches)) { $cmp = $matches[1]; - $args = array("width"=>(int)($matches[2]), "height"=>(int)($matches[3])); + $args = array("width"=>int_escape($matches[2]), "height"=>int_escape($matches[3])); $event->add_querylet(new Querylet('width / height '.$cmp.' :width / :height', $args)); } else if(preg_match("/^(filesize|id)(<|>|<=|>=|=)(\d+[kmg]?b?)$/i", $event->term, $matches)) { @@ -233,7 +233,7 @@ class Index extends Extension { } else if(preg_match("/^size(<|>|<=|>=|=)(\d+)x(\d+)$/", $event->term, $matches)) { $cmp = $matches[1]; - $args = array("width"=>(int)($matches[2]), "height"=>(int)($matches[3])); + $args = array("width"=>int_escape($matches[2]), "height"=>int_escape($matches[3])); $event->add_querylet(new Querylet('width '.$cmp.' :width AND height '.$cmp.' :height', $args)); } } diff --git a/ext/log_db/main.php b/ext/log_db/main.php index c809b2fd..39a58f36 100644 --- a/ext/log_db/main.php +++ b/ext/log_db/main.php @@ -47,7 +47,7 @@ class LogDatabase extends Extension { if($user->can("view_eventlog")) { $wheres = array(); $args = array(); - $page_num = (int)($event->get_arg(0)); + $page_num = int_escape($event->get_arg(0)); if($page_num <= 0) $page_num = 1; if(!empty($_GET["time"])) { $wheres[] = "date_sent LIKE :time"; @@ -77,7 +77,7 @@ class LogDatabase extends Extension { } if(!empty($_GET["priority"])) { $wheres[] = "priority >= :priority"; - $args["priority"] = (int)($_GET["priority"]); + $args["priority"] = int_escape($_GET["priority"]); } else { $wheres[] = "priority >= :priority"; diff --git a/ext/log_db/theme.php b/ext/log_db/theme.php index 7acf2ccf..e5fd8b87 100644 --- a/ext/log_db/theme.php +++ b/ext/log_db/theme.php @@ -100,7 +100,7 @@ class LogDatabaseTheme extends Themelet { } protected function link_image($id) { - $iid = (int)($id[1]); + $iid = int_escape($id[1]); return "Image #$iid"; } } diff --git a/ext/notes/main.php b/ext/notes/main.php index 24f9ac1d..5bc09ef6 100644 --- a/ext/notes/main.php +++ b/ext/notes/main.php @@ -211,7 +211,7 @@ class Notes extends Extension { public function onSearchTermParse(SearchTermParseEvent $event) { $matches = array(); if(preg_match("/note=(.*)/i", $event->term, $matches)) { - $notes = (int)($matches[1]); + $notes = int_escape($matches[1]); $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE note = $notes)")); } else if(preg_match("/notes(<|>|<=|>=|=)(\d+)/", $event->term, $matches)) { @@ -232,7 +232,7 @@ class Notes extends Extension { $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE user_id = $user_id)")); } else if(preg_match("/notes_by_userno=([0-9]+)/i", $event->term, $matches)) { - $user_id = (int)($matches[1]); + $user_id = int_escape($matches[1]); $event->add_querylet(new Querylet("images.id IN (SELECT image_id FROM notes WHERE user_id = $user_id)")); } } @@ -259,12 +259,12 @@ class Notes extends Extension { private function add_new_note() { global $database, $user; - $imageID = (int)($_POST["image_id"]); + $imageID = int_escape($_POST["image_id"]); $user_id = $user->id; - $noteX1 = (int)($_POST["note_x1"]); - $noteY1 = (int)($_POST["note_y1"]); - $noteHeight = (int)($_POST["note_height"]); - $noteWidth = (int)($_POST["note_width"]); + $noteX1 = int_escape($_POST["note_x1"]); + $noteY1 = int_escape($_POST["note_y1"]); + $noteHeight = int_escape($_POST["note_height"]); + $noteWidth = int_escape($_POST["note_width"]); $noteText = html_escape($_POST["note_text"]); $database->execute(" @@ -292,7 +292,7 @@ class Notes extends Extension { private function add_note_request() { global $database, $user; - $image_id = (int)($_POST["image_id"]); + $image_id = int_escape($_POST["image_id"]); $user_id = $user->id; $database->execute(" @@ -314,12 +314,12 @@ class Notes extends Extension { */ private function update_note() { - $imageID = (int)($_POST["image_id"]); - $noteID = (int)($_POST["note_id"]); - $noteX1 = (int)($_POST["note_x1"]); - $noteY1 = (int)($_POST["note_y1"]); - $noteHeight = (int)($_POST["note_height"]); - $noteWidth = (int)($_POST["note_width"]); + $imageID = int_escape($_POST["image_id"]); + $noteID = int_escape($_POST["note_id"]); + $noteX1 = int_escape($_POST["note_x1"]); + $noteY1 = int_escape($_POST["note_y1"]); + $noteHeight = int_escape($_POST["note_height"]); + $noteWidth = int_escape($_POST["note_width"]); $noteText = mysql_real_escape_string(html_escape($_POST["note_text"])); // validate parameters @@ -363,8 +363,8 @@ class Notes extends Extension { */ private function delete_note() { - $imageID = (int)($_POST["image_id"]); - $noteID = (int)($_POST["note_id"]); + $imageID = int_escape($_POST["image_id"]); + $noteID = int_escape($_POST["note_id"]); // validate parameters if(is_null($imageID) || !is_numeric($imageID)) @@ -389,7 +389,7 @@ class Notes extends Extension { */ private function nuke_notes() { global $database; - $image_id = (int)($_POST["image_id"]); + $image_id = int_escape($_POST["image_id"]); $database->execute("DELETE FROM notes WHERE image_id = ?", array($image_id)); log_info("notes", "Notes deleted from {$image_id} by {$user->name}"); } @@ -401,7 +401,7 @@ class Notes extends Extension { */ private function nuke_requests() { global $database; - $image_id = (int)($_POST["image_id"]); + $image_id = int_escape($_POST["image_id"]); $database->execute("DELETE FROM note_request WHERE image_id = ?", array($image_id)); diff --git a/ext/numeric_score/main.php b/ext/numeric_score/main.php index 6685dc57..5ce8640e 100644 --- a/ext/numeric_score/main.php +++ b/ext/numeric_score/main.php @@ -48,7 +48,7 @@ class NumericScore extends Extension { global $config, $database, $user, $page; if($event->page_matches("numeric_score_votes")) { - $image_id = (int)($event->get_arg(0)); + $image_id = int_escape($event->get_arg(0)); $x = $database->get_all( "SELECT users.name as username, user_id, score FROM numeric_score_votes @@ -67,7 +67,7 @@ class NumericScore extends Extension { } if($event->page_matches("numeric_score_vote") && $user->check_auth_token()) { if(!$user->is_anonymous()) { - $image_id = (int)($_POST['image_id']); + $image_id = int_escape($_POST['image_id']); $char = $_POST['vote']; $score = null; if($char == "up") $score = 1; @@ -80,7 +80,7 @@ class NumericScore extends Extension { } if($event->page_matches("numeric_score/remove_votes_on") && $user->check_auth_token()) { if($user->can("edit_other_vote")) { - $image_id = (int)($_POST['image_id']); + $image_id = int_escape($_POST['image_id']); $database->execute( "DELETE FROM numeric_score_votes WHERE image_id=?", array($image_id)); @@ -93,7 +93,7 @@ class NumericScore extends Extension { } if($event->page_matches("numeric_score/remove_votes_by") && $user->check_auth_token()) { if($user->can("edit_other_vote")) { - $this->delete_votes_by((int)($_POST['user_id'])); + $this->delete_votes_by(int_escape($_POST['user_id'])); $page->set_mode("redirect"); $page->set_redirect(make_link()); } @@ -110,13 +110,13 @@ class NumericScore extends Extension { $year = $_GET['year']; } //month - if(empty($_GET['month']) || (int)($_GET['month']) > 12){ + if(empty($_GET['month']) || int_escape($_GET['month']) > 12){ $month = date("m"); }else{ $month = $_GET['month']; } //day - if(empty($_GET['day']) || (int)($_GET['day']) > 31){ + if(empty($_GET['day']) || int_escape($_GET['day']) > 31){ $day = date("d"); }else{ $day = $_GET['day']; @@ -245,13 +245,13 @@ class NumericScore extends Extension { array("ns_user_id"=>$duser->id))); } if(preg_match("/^upvoted_by_id=(\d+)$/", $event->term, $matches)) { - $iid = (int)($matches[1]); + $iid = int_escape($matches[1]); $event->add_querylet(new Querylet( "images.id in (SELECT image_id FROM numeric_score_votes WHERE user_id=:ns_user_id AND score=1)", array("ns_user_id"=>$iid))); } if(preg_match("/^downvoted_by_id=(\d+)$/", $event->term, $matches)) { - $iid = (int)($matches[1]); + $iid = int_escape($matches[1]); $event->add_querylet(new Querylet( "images.id in (SELECT image_id FROM numeric_score_votes WHERE user_id=:ns_user_id AND score=-1)", array("ns_user_id"=>$iid))); diff --git a/ext/numeric_score/theme.php b/ext/numeric_score/theme.php index 0d19d63e..fdd2fa90 100644 --- a/ext/numeric_score/theme.php +++ b/ext/numeric_score/theme.php @@ -3,8 +3,8 @@ class NumericScoreTheme extends Themelet { public function get_voter_html(Image $image) { global $user; - $i_image_id = (int)($image->id); - $i_score = (int)($image->numeric_score); + $i_image_id = int_escape($image->id); + $i_score = int_escape($image->numeric_score); $html = " Current Score: $i_score diff --git a/ext/pm/main.php b/ext/pm/main.php index 729ac808..ad37b06a 100644 --- a/ext/pm/main.php +++ b/ext/pm/main.php @@ -105,13 +105,13 @@ class PrivMsg extends Extension { if(!$user->is_anonymous()) { switch($event->get_arg(0)) { case "read": - $pm_id = (int)($event->get_arg(1)); + $pm_id = int_escape($event->get_arg(1)); $pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", array("id" => $pm_id)); if(is_null($pm)) { $this->theme->display_error(404, "No such PM", "There is no PM #$pm_id"); } else if(($pm["to_id"] == $user->id) || $user->can("view_other_pms")) { - $from_user = User::by_id((int)($pm["from_id"])); + $from_user = User::by_id(int_escape($pm["from_id"])); $database->execute("UPDATE private_message SET is_read='Y' WHERE id = :id", array("id" => $pm_id)); $database->cache->delete("pm-count-{$user->id}"); $this->theme->display_message($page, $from_user, $user, new PM($pm)); @@ -122,7 +122,7 @@ class PrivMsg extends Extension { break; case "delete": if($user->check_auth_token()) { - $pm_id = (int)($_POST["pm_id"]); + $pm_id = int_escape($_POST["pm_id"]); $pm = $database->get_row("SELECT * FROM private_message WHERE id = :id", array("id" => $pm_id)); if(is_null($pm)) { $this->theme->display_error(404, "No such PM", "There is no PM #$pm_id"); @@ -138,7 +138,7 @@ class PrivMsg extends Extension { break; case "send": if($user->check_auth_token()) { - $to_id = (int)($_POST["to_id"]); + $to_id = int_escape($_POST["to_id"]); $from_id = $user->id; $subject = $_POST["subject"]; $message = $_POST["message"]; diff --git a/ext/pools/main.php b/ext/pools/main.php index 950b2cab..b161e8bb 100644 --- a/ext/pools/main.php +++ b/ext/pools/main.php @@ -96,14 +96,14 @@ class Pools extends Extension { // Check if we have pool id, since this is most often the case. if (isset($_POST["pool_id"])) { - $pool_id = (int)($_POST["pool_id"]); + $pool_id = int_escape($_POST["pool_id"]); $pool = $this->get_single_pool($pool_id); } // What action are we trying to perform? switch($event->get_arg(0)) { case "list": //index - $this->list_pools($page, (int)($event->get_arg(1))); + $this->list_pools($page, int_escape($event->get_arg(1))); break; case "new": // Show form for new pools @@ -127,17 +127,17 @@ class Pools extends Extension { break; case "view": - $poolID = (int)($event->get_arg(1)); + $poolID = int_escape($event->get_arg(1)); $this->get_posts($event, $poolID); break; case "updated": - $this->get_history((int)($event->get_arg(1))); + $this->get_history(int_escape($event->get_arg(1))); break; case "revert": if(!$user->is_anonymous()) { - $historyID = (int)($event->get_arg(1)); + $historyID = int_escape($event->get_arg(1)); $this->revert_history($historyID); $page->set_mode("redirect"); $page->set_redirect(make_link("pool/updated")); @@ -404,7 +404,7 @@ class Pools extends Extension { private function add_posts() { global $database; - $poolID = (int)($_POST['pool_id']); + $poolID = int_escape($_POST['pool_id']); $images = ""; foreach ($_POST['check'] as $imageID){ @@ -439,7 +439,7 @@ class Pools extends Extension { private function order_posts() { global $database; - $poolID = (int)($_POST['pool_id']); + $poolID = int_escape($_POST['pool_id']); foreach($_POST['imgs'] as $data) { list($imageORDER, $imageID) = $data; @@ -463,7 +463,7 @@ class Pools extends Extension { private function remove_posts() { global $database; - $poolID = (int)($_POST['pool_id']); + $poolID = int_escape($_POST['pool_id']); $images = ""; foreach($_POST['check'] as $imageID) { @@ -527,7 +527,7 @@ class Pools extends Extension { private function get_posts($event, /*int*/ $poolID) { global $config, $user, $database; - $pageNumber = (int)($event->get_arg(2)); + $pageNumber = int_escape($event->get_arg(2)); if(is_null($pageNumber) || !is_numeric($pageNumber)) $pageNumber = 0; else if ($pageNumber <= 0) @@ -535,7 +535,7 @@ class Pools extends Extension { else $pageNumber--; - $poolID = (int)($poolID); + $poolID = int_escape($poolID); $pool = $this->get_pool($poolID); $imagesPerPage = $config->get_int("poolsImagesPerPage"); diff --git a/ext/random_image/theme.php b/ext/random_image/theme.php index 2725ca07..87806bec 100644 --- a/ext/random_image/theme.php +++ b/ext/random_image/theme.php @@ -7,7 +7,7 @@ class RandomImageTheme extends Themelet { public function build_random_html(Image $image, $query=null) { global $config; - $i_id = (int)($image->id); + $i_id = int_escape($image->id); $h_view_link = make_link("post/view/$i_id", $query); $h_thumb_link = $image->get_thumb_link(); $h_tip = html_escape($image->get_tooltip()); diff --git a/ext/rating/theme.php b/ext/rating/theme.php index 3877227d..bc95ea70 100644 --- a/ext/rating/theme.php +++ b/ext/rating/theme.php @@ -2,7 +2,7 @@ class RatingsTheme extends Themelet { public function get_rater_html(/*int*/ $image_id, /*string*/ $rating) { - $i_image_id = (int)($image_id); + $i_image_id = int_escape($image_id); $s_checked = $rating == 's' ? " checked" : ""; $q_checked = $rating == 'q' ? " checked" : ""; $e_checked = $rating == 'e' ? " checked" : ""; diff --git a/ext/regen_thumb/main.php b/ext/regen_thumb/main.php index ece40022..713f6cd5 100644 --- a/ext/regen_thumb/main.php +++ b/ext/regen_thumb/main.php @@ -18,7 +18,7 @@ class RegenThumb extends Extension { global $config, $database, $page, $user; if($event->page_matches("regen_thumb") && $user->is_admin() && isset($_POST['image_id'])) { - $image = Image::by_id((int)($_POST['image_id'])); + $image = Image::by_id(int_escape($_POST['image_id'])); send_event(new ThumbnailGenerationEvent($image->hash, $image->ext, true)); $this->theme->display_results($page, $image); } diff --git a/ext/report_image/main.php b/ext/report_image/main.php index 3c900ec4..bdbfab73 100644 --- a/ext/report_image/main.php +++ b/ext/report_image/main.php @@ -43,7 +43,7 @@ class ReportImage extends Extension { if($event->page_matches("image_report")) { if($event->get_arg(0) == "add") { if(isset($_POST['image_id']) && isset($_POST['reason'])) { - $image_id = (int)($_POST['image_id']); + $image_id = int_escape($_POST['image_id']); send_event(new AddReportedImageEvent($image_id, $user->id, $_POST['reason'])); $page->set_mode("redirect"); $page->set_redirect(make_link("post/view/$image_id")); @@ -137,7 +137,7 @@ class ReportImage extends Extension { $reports = array(); foreach($all_reports as $report) { - $image_id = (int)($report['image_id']); + $image_id = int_escape($report['image_id']); $image = Image::by_id($image_id); if(is_null($image)) { send_event(new RemoveReportedImageEvent($report['id'])); diff --git a/ext/report_image/theme.php b/ext/report_image/theme.php index 14165d2a..4e3afb9c 100644 --- a/ext/report_image/theme.php +++ b/ext/report_image/theme.php @@ -64,7 +64,7 @@ class ReportImageTheme extends Themelet { public function display_image_banner(Image $image, /*array*/ $reporters) { global $config, $page; - $i_image = (int)($image->id); + $i_image = int_escape($image->id); $html = ""; if(count($reporters) > 0) { $html .= "Image reported by ".html_escape(implode(", ", $reporters))."

"; diff --git a/ext/resize/main.php b/ext/resize/main.php index 7b434b66..139f3ca8 100644 --- a/ext/resize/main.php +++ b/ext/resize/main.php @@ -105,7 +105,7 @@ class ResizeImage extends Extension { if ( $event->page_matches("resize") && $user->is_admin() ) { // Try to get the image ID - $image_id = (int)($event->get_arg(0)); + $image_id = int_escape($event->get_arg(0)); if (empty($image_id)) { $image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null; } @@ -126,10 +126,10 @@ class ResizeImage extends Extension { $width = $height = 0; if (isset($_POST['resize_width'])) { - $width = (int)($_POST['resize_width']); + $width = int_escape($_POST['resize_width']); } if (isset($_POST['resize_height'])) { - $height = (int)($_POST['resize_height']); + $height = int_escape($_POST['resize_height']); } /* Attempt to resize the image */ diff --git a/ext/resize/theme.php b/ext/resize/theme.php index c037d5e0..c331dbbb 100644 --- a/ext/resize/theme.php +++ b/ext/resize/theme.php @@ -7,7 +7,7 @@ class ResizeImageTheme extends Themelet { public function get_resize_html(/*int*/ $image_id) { global $user, $config; - $i_image_id = (int)($image_id); + $i_image_id = int_escape($image_id); $html = " ".make_form(make_link("resize"),'POST',false,'resize_image')." diff --git a/ext/shimmie_api/main.php b/ext/shimmie_api/main.php index d16a3aca..da65a2d6 100644 --- a/ext/shimmie_api/main.php +++ b/ext/shimmie_api/main.php @@ -71,10 +71,10 @@ class ShimmieApi extends Extension { if($event->page_matches("api/shimmie/get_image")) { $arg = $event->get_arg(0); if(!empty($arg)){ - $image = Image::by_id((int)($event->get_arg(0))); + $image = Image::by_id(int_escape($event->get_arg(0))); } elseif(isset($_GET['id'])){ - $image = Image::by_id((int)($_GET['id'])); + $image = Image::by_id(int_escape($_GET['id'])); } // FIXME: handle null image $image->get_tag_array(); // tag data isn't loaded into the object until necessary diff --git a/ext/simpletest/main.php b/ext/simpletest/main.php index 896f02d5..cedba90d 100644 --- a/ext/simpletest/main.php +++ b/ext/simpletest/main.php @@ -173,7 +173,7 @@ class ShimmieWebTestCase extends SCoreWebTestCase { foreach($headers as $header) { $parts = explode(":", $header); if(trim($parts[0]) == "X-Shimmie-Image-ID") { - $image_id = (int)(trim($parts[1])); + $image_id = int_escape(trim($parts[1])); } } diff --git a/ext/tag_history/main.php b/ext/tag_history/main.php index c085fb3c..b6fe5cea 100644 --- a/ext/tag_history/main.php +++ b/ext/tag_history/main.php @@ -40,12 +40,12 @@ class Tag_History extends Extension { } } else if($event->page_matches("tag_history/all")) { - $page_id = (int)($event->get_arg(0)); + $page_id = int_escape($event->get_arg(0)); $this->theme->display_global_page($page, $this->get_global_tag_history($page_id), $page_id); } else if($event->page_matches("tag_history") && $event->count_args() == 1) { // must be an attempt to view a tag history - $image_id = (int)($event->get_arg(0)); + $image_id = int_escape($event->get_arg(0)); $this->theme->display_history_page($page, $image_id, $this->get_tag_history_from_id($image_id)); } } @@ -119,7 +119,7 @@ class Tag_History extends Extension { private function process_revert_request($revert_id) { global $page; - $revert_id = (int)($revert_id); + $revert_id = int_escape($revert_id); // check for the nothing case if($revert_id < 1) { diff --git a/ext/tag_list/main.php b/ext/tag_list/main.php index 4b21daa8..8f36345f 100644 --- a/ext/tag_list/main.php +++ b/ext/tag_list/main.php @@ -125,7 +125,7 @@ class TagList extends Extension { */ private function get_tags_min() { if(isset($_GET['mincount'])) { - return (int)($_GET['mincount']); + return int_escape($_GET['mincount']); } else { global $config; diff --git a/ext/tagger/theme.php b/ext/tagger/theme.php index 59a111d8..733db116 100644 --- a/ext/tagger/theme.php +++ b/ext/tagger/theme.php @@ -24,7 +24,7 @@ class taggerTheme extends Themelet { } private function html(Image $image) { global $config; - $i_image_id = (int)($image->id); + $i_image_id = int_escape($image->id); $h_source = html_escape($image->source); $h_query = isset($_GET['search'])? $h_query= "search=".url_escape($_GET['search']) : ""; diff --git a/ext/tips/main.php b/ext/tips/main.php index 99f7fcaf..41cc7823 100644 --- a/ext/tips/main.php +++ b/ext/tips/main.php @@ -51,14 +51,14 @@ class Tips extends Extension { break; case "status": // FIXME: HTTP GET CSRF - $tipID = (int)($event->get_arg(1)); + $tipID = int_escape($event->get_arg(1)); $this->setStatus($tipID); $page->set_mode("redirect"); $page->set_redirect(make_link("tips/list")); break; case "delete": // FIXME: HTTP GET CSRF - $tipID = (int)($event->get_arg(1)); + $tipID = int_escape($event->get_arg(1)); $this->deleteTip($tipID); $page->set_mode("redirect"); $page->set_redirect(make_link("tips/list")); diff --git a/ext/upload/main.php b/ext/upload/main.php index c0f958a5..f88db765 100644 --- a/ext/upload/main.php +++ b/ext/upload/main.php @@ -121,7 +121,7 @@ class Upload extends Extension { throw new UploadException("Can not replace Image: disk nearly full"); } // Try to get the image ID - $image_id = (int)($event->get_arg(0)); + $image_id = int_escape($event->get_arg(0)); if(empty($image_id)) { $image_id = isset($_POST['image_id']) ? $_POST['image_id'] : null; } @@ -180,12 +180,12 @@ class Upload extends Extension { $source = isset($_POST['source']) ? $_POST['source'] : null; $ok = true; foreach($_FILES as $name => $file) { - $tags = $this->tags_for_upload_slot((int)(substr($name, 4))); + $tags = $this->tags_for_upload_slot(int_escape(substr($name, 4))); $ok = $ok & $this->try_upload($file, $tags, $source); } foreach($_POST as $name => $value) { if(substr($name, 0, 3) == "url" && strlen($value) > 0) { - $tags = $this->tags_for_upload_slot((int)(substr($name, 3))); + $tags = $this->tags_for_upload_slot(int_escape(substr($name, 3))); $ok = $ok & $this->try_transload($value, $tags, $source); } } @@ -292,8 +292,8 @@ class Upload extends Extension { if($event->image_id == -1) { throw new UploadException("File type not recognised"); } - //header("X-Shimmie-Image-ID: ".(int)($event->image_id)); - $page->add_http_header("X-Shimmie-Image-ID: ".(int)($event->image_id)); + //header("X-Shimmie-Image-ID: ".int_escape($event->image_id)); + $page->add_http_header("X-Shimmie-Image-ID: ".int_escape($event->image_id)); } catch(UploadException $ex) { $this->theme->display_upload_error($page, "Error with ".html_escape($file['name']), diff --git a/ext/user/main.php b/ext/user/main.php index ee818a04..e92a8f6e 100644 --- a/ext/user/main.php +++ b/ext/user/main.php @@ -294,7 +294,7 @@ class UserPage extends Extension { $event->add_querylet(new Querylet("images.owner_id = $user_id")); } else if(preg_match("/^(poster|user)_id=([0-9]+)$/i", $event->term, $matches)) { - $user_id = (int)($matches[2]); + $user_id = int_escape($matches[2]); $event->add_querylet(new Querylet("images.owner_id = $user_id")); } else if($user->can("view_ip") && preg_match("/^(poster|user)_ip=([0-9\.]+)$/i", $event->term, $matches)) { diff --git a/ext/user/theme.php b/ext/user/theme.php index e0560c44..f129d284 100644 --- a/ext/user/theme.php +++ b/ext/user/theme.php @@ -187,7 +187,7 @@ class UserPageTheme extends Themelet { "; - $i_user_id = (int)($duser->id); + $i_user_id = int_escape($duser->id); if($user->can("edit_user_class")) { global $_user_classes; diff --git a/ext/view/main.php b/ext/view/main.php index 6941d134..2a1911c9 100644 --- a/ext/view/main.php +++ b/ext/view/main.php @@ -75,7 +75,7 @@ class ViewImage extends Extension { $event->page_matches("post/next") ) { - $image_id = (int)($event->get_arg(0)); + $image_id = int_escape($event->get_arg(0)); if(isset($_GET['search'])) { $search_terms = explode(' ', $_GET['search']); @@ -109,7 +109,7 @@ class ViewImage extends Extension { } if($event->page_matches("post/view")) { - $image_id = (int)($event->get_arg(0)); + $image_id = int_escape($event->get_arg(0)); $image = Image::by_id($image_id); @@ -128,7 +128,7 @@ class ViewImage extends Extension { if($event->page_matches("post/set")) { if(!isset($_POST['image_id'])) return; - $image_id = (int)($_POST['image_id']); + $image_id = int_escape($_POST['image_id']); send_event(new ImageInfoSetEvent(Image::by_id($image_id))); diff --git a/ext/wiki/main.php b/ext/wiki/main.php index 256a738f..bb2f4837 100644 --- a/ext/wiki/main.php +++ b/ext/wiki/main.php @@ -99,7 +99,7 @@ class Wiki extends Extension { } else if($event->page_matches("wiki_admin/save")) { $title = $_POST['title']; - $rev = (int)($_POST['revision']); + $rev = int_escape($_POST['revision']); $body = $_POST['body']; $lock = $user->is_admin() && isset($_POST['lock']) && ($_POST['lock'] == "on"); diff --git a/ext/wiki/theme.php b/ext/wiki/theme.php index 659f9183..45b7bee4 100644 --- a/ext/wiki/theme.php +++ b/ext/wiki/theme.php @@ -40,7 +40,7 @@ class WikiTheme extends Themelet { protected function create_edit_html(WikiPage $page) { $h_title = html_escape($page->title); $u_title = url_escape($page->title); - $i_revision = (int)($page->revision) + 1; + $i_revision = int_escape($page->revision) + 1; global $user; if($user->is_admin()) { @@ -73,7 +73,7 @@ class WikiTheme extends Themelet { " ".make_form(make_link("wiki_admin/edit"))." - + " : @@ -82,7 +82,7 @@ class WikiTheme extends Themelet { $edit .= " ".make_form(make_link("wiki_admin/delete_revision"))." - + ".make_form(make_link("wiki_admin/delete_all"))." diff --git a/themes/danbooru/comment.theme.php b/themes/danbooru/comment.theme.php index b671cd89..fea07ba4 100644 --- a/themes/danbooru/comment.theme.php +++ b/themes/danbooru/comment.theme.php @@ -93,12 +93,12 @@ class CustomCommentListTheme extends CommentListTheme { $tfe = new TextFormattingEvent($comment->comment); send_event($tfe); - $i_uid = (int)($comment->owner_id); + $i_uid = int_escape($comment->owner_id); $h_name = html_escape($comment->owner_name); $h_poster_ip = html_escape($comment->poster_ip); $h_comment = ($trim ? substr($tfe->stripped, 0, 50)."..." : $tfe->formatted); - $i_comment_id = (int)($comment->comment_id); - $i_image_id = (int)($comment->image_id); + $i_comment_id = int_escape($comment->comment_id); + $i_image_id = int_escape($comment->image_id); $h_posted = autodate($comment->posted); $stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50)); diff --git a/themes/futaba/comment.theme.php b/themes/futaba/comment.theme.php index 17c92646..ee6672c2 100644 --- a/themes/futaba/comment.theme.php +++ b/themes/futaba/comment.theme.php @@ -59,12 +59,12 @@ class CustomCommentListTheme extends CommentListTheme { $tfe = new TextFormattingEvent($comment->comment); send_event($tfe); - $i_uid = (int)($comment->owner_id); + $i_uid = int_escape($comment->owner_id); $h_name = html_escape($comment->owner_name); $h_poster_ip = html_escape($comment->poster_ip); $h_comment = ($trim ? substr($tfe->stripped, 0, 50)."..." : $tfe->formatted); - $i_comment_id = (int)($comment->comment_id); - $i_image_id = (int)($comment->image_id); + $i_comment_id = int_escape($comment->comment_id); + $i_image_id = int_escape($comment->image_id); $stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50)); $stripped_nonl = str_replace("\r", "\\r", $stripped_nonl); From caec1ac824d767a9a03137bc67b6ee35b1b2b0fe Mon Sep 17 00:00:00 2001 From: "green-ponies (jgen)" Date: Wed, 18 Apr 2012 00:55:39 -0400 Subject: [PATCH 11/24] Support multiple databases as well. --- core/database.class.php | 24 +++++++++++++++++++++++- install.php | 2 +- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/core/database.class.php b/core/database.class.php index ecd617fd..9b254f31 100644 --- a/core/database.class.php +++ b/core/database.class.php @@ -412,12 +412,34 @@ class Database { } } - /** * Create a table from pseudo-SQL */ public function create_table($name, $data) { $this->execute($this->engine->create_table_sql($name, $data)); } + + /** + * Returns the number of tables present in the current database. + */ + public function count_tables() { + if($this->engine->name === "mysql") { + return count( + $this->get_all("SHOW TABLES") + ); + } else if ($this->engine->name === "pgsql") { + return count( + $this->get_all("SELECT table_name FROM information_schema.tables WHERE table_schema = 'public'") + ); + } else if ($this->engine->name === "sqlite") { + return count( + $this->get_all(".tables") + ); + } else { + // Hard to find a universal way to do this... + return NULL; + } + } + } ?> diff --git a/install.php b/install.php index 104a5776..b177fd5d 100644 --- a/install.php +++ b/install.php @@ -300,7 +300,7 @@ function create_tables() { // {{{ try { $db = new Database(); - if ( count($db->get_all("SHOW TABLES")) > 0 ) { + if ( $db->count_tables() > 0 ) { echo "

Warning: The Database schema is not empty!

Please ensure that the database you are installing Shimmie with is empty before continuing.

From 1615f79be44e565ee48bd852c8e5cf184c4a1ee9 Mon Sep 17 00:00:00 2001 From: "green-ponies (jgen)" Date: Wed, 18 Apr 2012 00:56:11 -0400 Subject: [PATCH 12/24] Examine integers separately. Also, don't break search. >_< --- core/util.inc.php | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/core/util.inc.php b/core/util.inc.php index 2cad2224..233bf43a 100644 --- a/core/util.inc.php +++ b/core/util.inc.php @@ -34,6 +34,14 @@ function int_escape($input) { * @retval string */ function url_escape($input) { + /* + Shish: I have a feeling that these three lines are important, possibly for searching for tags with slashes in them like fate/stay_night + green-ponies: indeed~ + */ + $input = str_replace('^', '^^', $input); + $input = str_replace('/', '^s', $input); + $input = str_replace('\\', '^b', $input); + /* The function idn_to_ascii is used to support Unicode domains / URLs as well. See here for more: http://php.net/manual/en/function.filter-var.php However, it is only supported by PHP version 5.3 and up @@ -79,20 +87,21 @@ function bool_escape($input) { */ if (is_bool($input)) { return $input; + } else if (is_numeric($input)) { + return ($input === 1); } else { $value = filter_var($input, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE); if (!is_null($value)) { return $value; } else { - $input = strtolower($input); + $input = strtolower( trim($input) ); return ( $input === "y" || $input === "yes" || $input === "t" || $input === "true" || $input === "on" || - $input === 1 || - $input === true + $input === "1" || ); } } From 2fcc271f3da501dcf0cbcd338cf721c262fb9e1f Mon Sep 17 00:00:00 2001 From: "green-ponies (jgen)" Date: Wed, 18 Apr 2012 01:17:44 -0400 Subject: [PATCH 13/24] Small typo. --- core/util.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/util.inc.php b/core/util.inc.php index 233bf43a..2051a5bd 100644 --- a/core/util.inc.php +++ b/core/util.inc.php @@ -101,7 +101,7 @@ function bool_escape($input) { $input === "t" || $input === "true" || $input === "on" || - $input === "1" || + $input === "1" ); } } From 3902036477bbc0ce473b48708cd88be06f23d07c Mon Sep 17 00:00:00 2001 From: "green-ponies (jgen)" Date: Wed, 18 Apr 2012 02:20:42 -0400 Subject: [PATCH 14/24] Avoid breaking things. --- core/util.inc.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/core/util.inc.php b/core/util.inc.php index 2051a5bd..0505a228 100644 --- a/core/util.inc.php +++ b/core/util.inc.php @@ -37,7 +37,7 @@ function url_escape($input) { /* Shish: I have a feeling that these three lines are important, possibly for searching for tags with slashes in them like fate/stay_night green-ponies: indeed~ - */ + $input = str_replace('^', '^^', $input); $input = str_replace('/', '^s', $input); $input = str_replace('\\', '^b', $input); @@ -45,21 +45,21 @@ function url_escape($input) { /* The function idn_to_ascii is used to support Unicode domains / URLs as well. See here for more: http://php.net/manual/en/function.filter-var.php However, it is only supported by PHP version 5.3 and up - */ + if (function_exists('idn_to_ascii')) { return filter_var(idn_to_ascii($input), FILTER_SANITIZE_URL); } else { return filter_var($input, FILTER_SANITIZE_URL); } - - /*if(is_null($input)) { + */ + if(is_null($input)) { return ""; } $input = str_replace('^', '^^', $input); $input = str_replace('/', '^s', $input); $input = str_replace('\\', '^b', $input); $input = rawurlencode($input); - return $input;*/ + return $input; } /** From 1c7bb653de398a8d3c5ce59f38f110aeaf848744 Mon Sep 17 00:00:00 2001 From: Shish Date: Sat, 28 Apr 2012 11:02:12 +0100 Subject: [PATCH 15/24] example of a moderator class --- README.txt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.txt b/README.txt index bf92b52e..fc59aca1 100644 --- a/README.txt +++ b/README.txt @@ -87,6 +87,14 @@ new UserClass("anonymous", "base", array( "create_image_report" => True, )); +For a moderator class, being a regular user who can delete images and +comments: + +new UserClass("moderator", "user", array( + "delete_image" => True, + "delete_comment" => True, +)); + For a list of permissions, see core/userclass.class.php From d6de529ca54ee185cd9c9fe090eb01985ae2e830 Mon Sep 17 00:00:00 2001 From: Daku Date: Sat, 31 Mar 2012 05:51:30 +0100 Subject: [PATCH 16/24] should work properly with lite theme now.. --- ext/index/script.js | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/ext/index/script.js b/ext/index/script.js index cc6d38e5..db85b05f 100644 --- a/ext/index/script.js +++ b/ext/index/script.js @@ -5,9 +5,11 @@ $(function() { for(i=0; i Date: Wed, 2 May 2012 21:13:37 +0100 Subject: [PATCH 17/24] forgot to removing testing :x --- ext/index/script.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/index/script.js b/ext/index/script.js index db85b05f..6c3078c0 100644 --- a/ext/index/script.js +++ b/ext/index/script.js @@ -1,6 +1,6 @@ $(function() { var blocked_tags = ($.cookie("ui-blocked-tags") || $.cookie("blocked-tags") || "").split(" "); - var themecheck = $(".thumb[data-tags~='tagme']").parent().attr('class'); + var themecheck = $(".thumb[data-tags]").parent().attr('class'); var needs_refresh = false; for(i=0; i Date: Thu, 3 May 2012 14:55:13 +0100 Subject: [PATCH 18/24] example of anon with comments --- README.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/README.txt b/README.txt index fc59aca1..b0b5e521 100644 --- a/README.txt +++ b/README.txt @@ -82,6 +82,7 @@ User classes can be added to or altered by placing them in default anonymous "allow nothing" permissions like so: new UserClass("anonymous", "base", array( + "create_comment" => True, "edit_image_tag" => True, "edit_image_source" => True, "create_image_report" => True, From 216d1370644b343b2a8c98f9684eb1294dd1932a Mon Sep 17 00:00:00 2001 From: Shish Date: Tue, 8 May 2012 18:32:55 +0100 Subject: [PATCH 19/24] when uploading an archive, say the file was handled --- ext/handle_archive/main.php | 1 + 1 file changed, 1 insertion(+) diff --git a/ext/handle_archive/main.php b/ext/handle_archive/main.php index 2fb2498b..5f0ea3fa 100644 --- a/ext/handle_archive/main.php +++ b/ext/handle_archive/main.php @@ -35,6 +35,7 @@ class ArchiveFileHandler extends Extension { exec($cmd); $this->add_dir($tmpdir); deltree($tmpdir); + $event->image_id = -2; // default -1 = upload wasn't handled } } From 854a5d983335140d7ab229168845beea4108dbd4 Mon Sep 17 00:00:00 2001 From: Shish Date: Sat, 12 May 2012 09:50:55 +0100 Subject: [PATCH 20/24] ratings is not necessarily installed... --- themes/danbooru/view.theme.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/themes/danbooru/view.theme.php b/themes/danbooru/view.theme.php index 718e95cd..c5823dbd 100644 --- a/themes/danbooru/view.theme.php +++ b/themes/danbooru/view.theme.php @@ -42,8 +42,10 @@ class CustomViewImageTheme extends ViewImageTheme { if($image->rating == null || $image->rating == "u"){ $image->rating = "u"; } + if(class_exists("Ratings")) { $h_rating = Ratings::rating_to_human($image->rating); $html .= "
Rating: $h_rating"; + } } return $html; From 23fe15e8cd4b2b5f7921e8ef9c508d8223957249 Mon Sep 17 00:00:00 2001 From: Shish Date: Sat, 12 May 2012 10:04:17 +0100 Subject: [PATCH 21/24] clear CSS cache on theme changes --- ext/setup/main.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ext/setup/main.php b/ext/setup/main.php index 195c0904..83f7c235 100644 --- a/ext/setup/main.php +++ b/ext/setup/main.php @@ -291,6 +291,10 @@ class Setup extends Extension { } } log_warning("setup", "Configuration updated"); + foreach(glob("data/cache/*.css") as $css_cache) { + unlink($css_cache); + } + log_warning("setup", "Cache cleared"); } public function onUserBlockBuilding(UserBlockBuildingEvent $event) { From e07bf2500bfb9aa50c7a7e235045a424d2a7f949 Mon Sep 17 00:00:00 2001 From: Shish Date: Sat, 12 May 2012 10:10:58 +0100 Subject: [PATCH 22/24] warm setup theme --- themes/warm/setup.theme.php | 10 ---------- themes/warm/style.css | 4 ++-- 2 files changed, 2 insertions(+), 12 deletions(-) delete mode 100644 themes/warm/setup.theme.php diff --git a/themes/warm/setup.theme.php b/themes/warm/setup.theme.php deleted file mode 100644 index 3932ab6a..00000000 --- a/themes/warm/setup.theme.php +++ /dev/null @@ -1,10 +0,0 @@ -box(parent::sb_to_html($block)); - } -} -?> diff --git a/themes/warm/style.css b/themes/warm/style.css index 9a6b6be9..3bb5d01a 100644 --- a/themes/warm/style.css +++ b/themes/warm/style.css @@ -83,8 +83,8 @@ UL { text-align: left; } -SECTION>H3, SECTION>.blockbody, .comment {margin: 8px; padding: 8px; border: 1px solid #B89F7C;} -SECTION>.blockbody, .comment {background: #FCD9A9;} +SECTION>H3, SECTION>.blockbody, .comment, .setupblock {margin: 8px; padding: 8px; border: 1px solid #B89F7C;} +SECTION>.blockbody, .comment, .setupblock {background: #FCD9A9;} SECTION>H3 {background: #DABC92;} From f7e25daeb50d076235109fbd3115891580812275 Mon Sep 17 00:00:00 2001 From: Shish Date: Mon, 14 May 2012 06:43:23 +0100 Subject: [PATCH 23/24] move getMimeType to utils --- core/imageboard.pack.php | 56 +--------------------------------------- core/util.inc.php | 53 +++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 55 deletions(-) diff --git a/core/imageboard.pack.php b/core/imageboard.pack.php index 4e2b8cda..4b2134b1 100644 --- a/core/imageboard.pack.php +++ b/core/imageboard.pack.php @@ -388,63 +388,9 @@ class Image { * @retval string */ public function get_mime_type() { - return __getMimeType( get_image_filename() ); + return getMimeType(get_image_filename()); } - /** - * Get MIME type for file - * - * The contents of this function are taken from the __getMimeType() function - * from the "Amazon S3 PHP class" which is Copyright (c) 2008, Donovan Schönknecht - * and released under the 'Simplified BSD License'. - * - * @internal Used to get mime types - * @param string &$file File path - * @return string - */ - public static function __getMimeType(&$file) - { - $type = false; - // Fileinfo documentation says fileinfo_open() will use the - // MAGIC env var for the magic file - if (extension_loaded('fileinfo') && isset($_ENV['MAGIC']) && - ($finfo = finfo_open(FILEINFO_MIME, $_ENV['MAGIC'])) !== false) - { - if (($type = finfo_file($finfo, $file)) !== false) - { - // Remove the charset and grab the last content-type - $type = explode(' ', str_replace('; charset=', ';charset=', $type)); - $type = array_pop($type); - $type = explode(';', $type); - $type = trim(array_shift($type)); - } - finfo_close($finfo); - - // If anyone is still using mime_content_type() - } elseif (function_exists('mime_content_type')) - $type = trim(mime_content_type($file)); - - if ($type !== false && strlen($type) > 0) return $type; - - // Otherwise do it the old fashioned way - static $exts = array( - 'jpg' => 'image/jpeg', 'gif' => 'image/gif', 'png' => 'image/png', - 'tif' => 'image/tiff', 'tiff' => 'image/tiff', 'ico' => 'image/x-icon', - 'swf' => 'application/x-shockwave-flash', 'pdf' => 'application/pdf', - 'zip' => 'application/zip', 'gz' => 'application/x-gzip', - 'tar' => 'application/x-tar', 'bz' => 'application/x-bzip', - 'bz2' => 'application/x-bzip2', 'txt' => 'text/plain', - 'asc' => 'text/plain', 'htm' => 'text/html', 'html' => 'text/html', - 'css' => 'text/css', 'js' => 'text/javascript', - 'xml' => 'text/xml', 'xsl' => 'application/xsl+xml', - 'ogg' => 'application/ogg', 'mp3' => 'audio/mpeg', 'wav' => 'audio/x-wav', - 'avi' => 'video/x-msvideo', 'mpg' => 'video/mpeg', 'mpeg' => 'video/mpeg', - 'mov' => 'video/quicktime', 'flv' => 'video/x-flv', 'php' => 'text/x-php' - ); - $ext = strtolower(pathInfo($file, PATHINFO_EXTENSION)); - return isset($exts[$ext]) ? $exts[$ext] : 'application/octet-stream'; - } - /** * Get the image's filename extension * diff --git a/core/util.inc.php b/core/util.inc.php index 0505a228..b7b0baec 100644 --- a/core/util.inc.php +++ b/core/util.inc.php @@ -457,6 +457,59 @@ function captcha_check() { * Misc * \* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ +/** +* Get MIME type for file +* +* The contents of this function are taken from the __getMimeType() function +* from the "Amazon S3 PHP class" which is Copyright (c) 2008, Donovan Schönknecht +* and released under the 'Simplified BSD License'. +* +* @internal Used to get mime types +* @param string &$file File path +* @return string +*/ +function getMimeType($file) { + $type = false; + // Fileinfo documentation says fileinfo_open() will use the + // MAGIC env var for the magic file + if (extension_loaded('fileinfo') && isset($_ENV['MAGIC']) && + ($finfo = finfo_open(FILEINFO_MIME, $_ENV['MAGIC'])) !== false) + { + if (($type = finfo_file($finfo, $file)) !== false) + { + // Remove the charset and grab the last content-type + $type = explode(' ', str_replace('; charset=', ';charset=', $type)); + $type = array_pop($type); + $type = explode(';', $type); + $type = trim(array_shift($type)); + } + finfo_close($finfo); + + // If anyone is still using mime_content_type() + } elseif (function_exists('mime_content_type')) + $type = trim(mime_content_type($file)); + + if ($type !== false && strlen($type) > 0) return $type; + + // Otherwise do it the old fashioned way + static $exts = array( + 'jpg' => 'image/jpeg', 'gif' => 'image/gif', 'png' => 'image/png', + 'tif' => 'image/tiff', 'tiff' => 'image/tiff', 'ico' => 'image/x-icon', + 'swf' => 'application/x-shockwave-flash', 'pdf' => 'application/pdf', + 'zip' => 'application/zip', 'gz' => 'application/x-gzip', + 'tar' => 'application/x-tar', 'bz' => 'application/x-bzip', + 'bz2' => 'application/x-bzip2', 'txt' => 'text/plain', + 'asc' => 'text/plain', 'htm' => 'text/html', 'html' => 'text/html', + 'css' => 'text/css', 'js' => 'text/javascript', + 'xml' => 'text/xml', 'xsl' => 'application/xsl+xml', + 'ogg' => 'application/ogg', 'mp3' => 'audio/mpeg', 'wav' => 'audio/x-wav', + 'avi' => 'video/x-msvideo', 'mpg' => 'video/mpeg', 'mpeg' => 'video/mpeg', + 'mov' => 'video/quicktime', 'flv' => 'video/x-flv', 'php' => 'text/x-php' + ); + $ext = strtolower(pathInfo($file, PATHINFO_EXTENSION)); + return isset($exts[$ext]) ? $exts[$ext] : 'application/octet-stream'; +} + /** * @private */ From 2347b1fab88ff5551608e6608d57e18166f545f9 Mon Sep 17 00:00:00 2001 From: Shish Date: Mon, 14 May 2012 11:12:50 +0100 Subject: [PATCH 24/24] fff. --- core/imageboard.pack.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/imageboard.pack.php b/core/imageboard.pack.php index 4b2134b1..2067d0c5 100644 --- a/core/imageboard.pack.php +++ b/core/imageboard.pack.php @@ -388,7 +388,7 @@ class Image { * @retval string */ public function get_mime_type() { - return getMimeType(get_image_filename()); + return getMimeType($this->get_image_filename()); } /**