From e482f97955eaaa3452464124f8fd21bd034742fe Mon Sep 17 00:00:00 2001
From: Shish <shish@shishnet.org>
Date: Sat, 26 Sep 2015 19:53:15 +0100
Subject: [PATCH] more clamping

---
 core/util.inc.php    | 17 +++++++++++++++++
 ext/comment/main.php | 39 ++++++++-------------------------------
 ext/pools/main.php   | 27 +++++++++++----------------
 3 files changed, 36 insertions(+), 47 deletions(-)

diff --git a/core/util.inc.php b/core/util.inc.php
index c9936341..ad66c60b 100644
--- a/core/util.inc.php
+++ b/core/util.inc.php
@@ -124,6 +124,23 @@ function no_escape($input) {
 	return $input;
 }
 
+/**
+ * @param int $val
+ * @param int|null $min
+ * @param int|null $max
+ * @return int
+ */
+function clamp($val, $min, $max) {
+	if(!is_numeric($val) || (!is_null($min) && $val < $min)) {
+		$val = $min;
+	}
+	if(!is_null($max) && $val > $max) {
+		$val = $max;
+	}
+	assert('$val <= $min && $val >= $max', "$min <= $val <= $max");
+	return $val;
+}
+
 /**
  * @param string $name
  * @param array $attrs
diff --git a/ext/comment/main.php b/ext/comment/main.php
index b0959a1c..b21e701e 100644
--- a/ext/comment/main.php
+++ b/ext/comment/main.php
@@ -155,20 +155,12 @@ class CommentList extends Extension {
 
 	public function onPageRequest(PageRequestEvent $event) {
 		if($event->page_matches("comment")) {
-			if($event->get_arg(0) === "add") {
-				$this->onPageRequest_add();
-			}
-			else if($event->get_arg(0) === "delete") {
-				$this->onPageRequest_delete($event);
-			}
-			else if($event->get_arg(0) === "bulk_delete") {
-				$this->onPageRequest_bulk_delete();
-			}
-			else if($event->get_arg(0) === "list") {
-				$this->onPageRequest_list($event);
-			}
-			else if($event->get_arg(0) === "beta-search") {
-				$this->onPageRequest_beta_search($event);
+			switch($event->get_arg(0)) {
+				case "add": $this->onPageRequest_add(); break;
+				case "delete": $this->onPageRequest_delete($event); break;
+				case "bulk_delete": $this->onPageRequest_bulk_delete(); break;
+				case "list": $this->onPageRequest_list($event); break;
+				case "beta-search": $this->onPageRequest_beta_search($event); break;
 			}
 		}
 	}
@@ -243,7 +235,7 @@ class CommentList extends Extension {
 		$i_comment_count = Comment::count_comments_by_user($duser);
 		$com_per_page = 50;
 		$total_pages = ceil($i_comment_count / $com_per_page);
-		$page_num = $this->sanity_check_pagenumber($page_num, $total_pages);
+		$page_num = clamp($page_num, 1, $total_pages);
 		$comments = $this->get_user_comments($duser->id, $com_per_page, ($page_num - 1) * $com_per_page);
 		$this->theme->display_all_user_comments($comments, $page_num, $total_pages, $duser);
 	}
@@ -361,7 +353,7 @@ class CommentList extends Extension {
 			$database->cache->set("comment_pages", $total_pages, 600);
 		}
 		
-		$current_page = $this->sanity_check_pagenumber($current_page, $total_pages);
+		$current_page = clamp($current_page, 1, $total_pages);
 		
 		$threads_per_page = 10;
 		$start = $threads_per_page * ($current_page - 1);
@@ -568,21 +560,6 @@ class CommentList extends Extension {
 	}
 // do some checks
 
-	/**
-	 * @param int $pagenum
-	 * @param int $maxpage
-	 * @return int
-	 */
-	private function sanity_check_pagenumber(/*int*/ $pagenum, /*int*/ $maxpage) {
-		if(!is_numeric($pagenum) || $pagenum <= 0) {
-			$pagenum = 1;
-		}
-		if($pagenum > $maxpage) {
-			$pagenum = $maxpage;
-		}
-		return $pagenum;
-	}
-
 	/**
 	 * @param int $image_id
 	 * @param User $user
diff --git a/ext/pools/main.php b/ext/pools/main.php
index aeb01996..a47e441f 100644
--- a/ext/pools/main.php
+++ b/ext/pools/main.php
@@ -252,6 +252,8 @@ class Pools extends Extension {
 	 * When displaying an image, optionally list all the pools that the
 	 * image is currently a member of on a side panel, as well as a link
 	 * to the Next image in the pool.
+	 *
+	 * @var DisplayingImageEvent $event
 	 */
 	public function onDisplayingImage(DisplayingImageEvent $event) {
 		global $config;
@@ -374,16 +376,10 @@ class Pools extends Extension {
 	private function list_pools(Page $page, /*int*/ $pageNumber) {
 		global $config, $database;
 
-		if(is_null($pageNumber) || !is_numeric($pageNumber))
-			$pageNumber = 0;
-		else if ($pageNumber <= 0)
-			$pageNumber = 0;
-		else
-			$pageNumber--;
+		$pageNumber = clamp($pageNumber, 1, null) - 1;
 
 		$poolsPerPage = $config->get_int("poolsListsPerPage");
 
-
 		$order_by = "";
 		$order = $page->get_cookie("ui-order-pool");
 		if($order == "created" || is_null($order)){
@@ -397,15 +393,14 @@ class Pools extends Extension {
 		}
 
 		$pools = $database->get_all("
-				SELECT p.id, p.user_id, p.public, p.title, p.description,
-				       p.posts, u.name as user_name
-				FROM pools AS p
-				INNER JOIN users AS u
-				ON p.user_id = u.id
-				$order_by
-				LIMIT :l OFFSET :o
-				", array("l"=>$poolsPerPage, "o"=>$pageNumber * $poolsPerPage)
-				);
+			SELECT p.id, p.user_id, p.public, p.title, p.description,
+			       p.posts, u.name as user_name
+			FROM pools AS p
+			INNER JOIN users AS u
+			ON p.user_id = u.id
+			$order_by
+			LIMIT :l OFFSET :o
+		", array("l"=>$poolsPerPage, "o"=>$pageNumber * $poolsPerPage));
 
 		$totalPages = ceil($database->get_one("SELECT COUNT(*) FROM pools") / $poolsPerPage);