diff --git a/admanage.php b/admanage.php
index d4f526b1..563d3017 100644
--- a/admanage.php
+++ b/admanage.php
@@ -252,7 +252,7 @@ elseif ($action == 'submit')
else
{
if ($_POST['isedit']){
- $id = $_POST['id'] ?? 0;
+ $id = intval($_POST['id'] ?? 0);
if (!$id)
{
stderr($lang_admanage['std_error'], $lang_admanage['std_invalid_id']);
@@ -276,8 +276,8 @@ elseif ($action == 'submit')
$name = $_POST['ad']['name'];
$starttime = $_POST['ad']['starttime'];
$endtime = $_POST['ad']['endtime'];
- $displayorder = $_POST['ad']['displayorder'] ?? 0;
- $enabled = $_POST['ad']['enabled'] ?? 0;
+ $displayorder = intval($_POST['ad']['displayorder'] ?? 0);
+ $enabled = intval($_POST['ad']['enabled'] ?? 0);
$type = $_POST['ad']['type'];
if (!$name || !$type)
{
@@ -317,8 +317,8 @@ elseif ($action == 'submit')
case 'image':
if (!$_POST['ad']['image']['url'] || !$_POST['ad']['image']['link'])
stderr($lang_admanage['std_error'], $lang_admanage['std_missing_form_data']);
- $_POST['ad']['image']['width'] = $_POST['ad']['image']['width'] ?? 0;
- $_POST['ad']['image']['height'] = $_POST['ad']['image']['height'] ?? 0;
+ $_POST['ad']['image']['width'] = intval($_POST['ad']['image']['width'] ?? 0);
+ $_POST['ad']['image']['height'] = intval($_POST['ad']['image']['height'] ?? 0);
$parameters = serialize($_POST['ad']['image']);
$imgadd = "";
if ($_POST['ad']['image']['width'])
@@ -330,8 +330,8 @@ elseif ($action == 'submit')
$code = "![\"ad\"](\"".htmlspecialchars($_POST['ad']['image']['url'])."\"".$imgadd.")
";
break;
case 'flash':
- $_POST['ad']['flash']['width'] = $_POST['ad']['flash']['width'] ?? 0;
- $_POST['ad']['flash']['height'] = $_POST['ad']['flash']['height'] ?? 0;
+ $_POST['ad']['flash']['width'] = intval($_POST['ad']['flash']['width'] ?? 0);
+ $_POST['ad']['flash']['height'] = intval($_POST['ad']['flash']['height'] ?? 0);
if (!$_POST['ad']['flash']['url'] || !$_POST['ad']['flash']['width'] || !$_POST['ad']['flash']['height'])
stderr($lang_admanage['std_error'], $lang_admanage['std_missing_form_data']);
$parameters = serialize($_POST['ad']['flash']);
diff --git a/bookmark.php b/bookmark.php
index 528166f5..e686892f 100644
--- a/bookmark.php
+++ b/bookmark.php
@@ -9,7 +9,7 @@ header("Cache-Control: no-cache, must-revalidate" );
header("Pragma: no-cache" );
header("Content-Type: text/xml; charset=utf-8");
-$torrentid = $_GET['torrentid'] ?? 0;
+$torrentid = intval($_GET['torrentid'] ?? 0);
if(isset($CURUSER))
{
$res_bookmark = sql_query("SELECT * FROM bookmarks WHERE torrentid=" . sqlesc($torrentid) . " AND userid=" . sqlesc($CURUSER[id]));
diff --git a/catmanage.php b/catmanage.php
index 1161ead0..4d620c4c 100644
--- a/catmanage.php
+++ b/catmanage.php
@@ -640,7 +640,7 @@ elseif($action == 'submit')
{
$dbtablename=return_category_db_table_name($type);
if ($_POST['isedit']){
- $id = $_POST['id'] ?? 0;
+ $id = intval($_POST['id'] ?? 0);
if (!$id)
{
stderr($lang_catmanage['std_error'], $lang_catmanage['std_invalid_id']);
@@ -658,22 +658,22 @@ elseif($action == 'submit')
if (!$name)
stderr($lang_catmanage['std_error'], $lang_catmanage['std_missing_form_data']);
$updateset[] = "name=".sqlesc($name);
- $sort_index = $_POST['sort_index'] ?? 0;
+ $sort_index = intval($_POST['sort_index'] ?? 0);
$updateset[] = "sort_index=".sqlesc($sort_index);
$Cache->delete_value($dbtablename.'_list');
}
elseif ($type=='searchbox'){
$name = $_POST['name'];
- $catsperrow = $_POST['catsperrow'] ?? 0;
- $catpadding = $_POST['catpadding'] ?? 0;
+ $catsperrow = intval($_POST['catsperrow'] ?? 0);
+ $catpadding = intval($_POST['catpadding'] ?? 0);
if (!$name || !$catsperrow || !$catpadding)
stderr($lang_catmanage['std_error'], $lang_catmanage['std_missing_form_data']);
- $showsource = $_POST['showsource'] ?? 0;
- $showmedium = $_POST['showmedium'] ?? 0;
- $showcodec = $_POST['showcodec'] ?? 0;
- $showstandard = $_POST['showstandard'] ?? 0;
- $showprocessing = $_POST['showprocessing'] ?? 0;
- $showteam = $_POST['showteam'] ?? 0;
+ $showsource = intval($_POST['showsource'] ?? 0);
+ $showmedium = intval($_POST['showmedium'] ?? 0);
+ $showcodec = intval($_POST['showcodec'] ?? 0);
+ $showstandard = intval($_POST['showstandard'] ?? 0);
+ $showprocessing = intval($_POST['showprocessing'] ?? 0);
+ $showteam = intval($_POST['showteam'] ?? 0);
$showaudiocodec = $_POST['showaudiocodec'];
$updateset[] = "catsperrow=".sqlesc($catsperrow);
$updateset[] = "catpadding=".sqlesc($catpadding);
@@ -720,13 +720,13 @@ elseif($action == 'submit')
$name = $_POST['name'];
$image = trim($_POST['image']);
$class_name = trim($_POST['class_name']);
- $source = $_POST['source'] ?? 0;
- $medium = $_POST['medium'] ?? 0;
- $codec = $_POST['codec'] ?? 0;
- $standard = $_POST['standard'] ?? 0;
- $processing = $_POST['processing'] ?? 0;
- $team = $_POST['team'] ?? 0;
- $audiocodec = $_POST['audiocodec'] ?? 0;
+ $source = intval($_POST['source'] ?? 0);
+ $medium = intval($_POST['medium'] ?? 0);
+ $codec = intval($_POST['codec'] ?? 0);
+ $standard = intval($_POST['standard'] ?? 0);
+ $processing = intval($_POST['processing'] ?? 0);
+ $team = intval($_POST['team'] ?? 0;
+ $audiocodec = intval($_POST['audiocodec'] ?? 0);
if (!$name || !$image)
stderr($lang_catmanage['std_error'], $lang_catmanage['std_missing_form_data']);
if (!valid_file_name($image))
@@ -756,9 +756,9 @@ elseif($action == 'submit')
elseif ($type=='category'){
$name = $_POST['name'];
$image = trim($_POST['image']);
- $mode = $_POST['mode'] ?? 0;
+ $mode = intval($_POST['mode'] ?? 0);
$class_name = trim($_POST['class_name']);
- $sort_index = $_POST['sort_index'] ?? 0;
+ $sort_index = intval($_POST['sort_index'] ?? 0);
if (!$name || !$image)
stderr($lang_catmanage['std_error'], $lang_catmanage['std_missing_form_data']);
if (!valid_file_name($image))
diff --git a/checkuser.php b/checkuser.php
index 0c79bad7..985c5e5c 100644
--- a/checkuser.php
+++ b/checkuser.php
@@ -4,7 +4,7 @@ dbconn();
require_once(get_langfile_path());
loggedinorreturn();
parked();
-$id = $_GET["id"] ?? 0;
+$id = intval($_GET["id"] ?? 0);
int_check($id,true);
function bark($msg)
{
diff --git a/delete.php b/delete.php
index d313ca3b..b7229830 100644
--- a/delete.php
+++ b/delete.php
@@ -16,7 +16,7 @@ function bark($msg) {
if (!mkglobal("id"))
bark($lang_delete['std_missing_form_date']);
-$id = $id ?? 0;
+$id = intval($id ?? 0);
if (!$id)
die();
@@ -28,7 +28,7 @@ if (!$row)
if ($CURUSER["id"] != $row["owner"] && get_user_class() < $torrentmanage_class)
bark($lang_delete['std_not_owner']);
-$rt = $_POST["reasontype"] ?? 0;
+$rt = intval($_POST["reasontype"] ?? 0);
if (!is_int($rt) || $rt < 1 || $rt > 5)
bark($lang_delete['std_invalid_reason']."$rt.");
diff --git a/downloadsubs.php b/downloadsubs.php
index d1e75966..4eedd156 100644
--- a/downloadsubs.php
+++ b/downloadsubs.php
@@ -13,8 +13,8 @@ $dirname = $_GET["torrentid"];
if (!$filename || !$dirname)
die("File name missing\n");
-$filename = $filename ?? 0;
-$dirname = $dirname ?? 0;
+$filename = intval($filename ?? 0);
+$dirname = intval($dirname ?? 0);
$res = sql_query("SELECT * FROM subs WHERE id=$filename") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
diff --git a/faqactions.php b/faqactions.php
index 60f9e551..ad338698 100644
--- a/faqactions.php
+++ b/faqactions.php
@@ -108,7 +108,7 @@ elseif (isset($_GET['action']) && $_GET['action'] == "editsect" && $_POST['id']
// ACTION: delete - delete a section or item
elseif (isset($_GET['action']) && $_GET['action'] == "delete" && isset($_GET['id'])) {
if ($_GET[confirm] == "yes") {
- sql_query("DELETE FROM `faq` WHERE `id`=".sqlesc($_GET['id'] ?? 0)." LIMIT 1") or sqlerr();
+ sql_query("DELETE FROM `faq` WHERE `id`=".sqlesc(intval($_GET['id'] ?? 0))." LIMIT 1") or sqlerr();
header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php");
die;
}
@@ -132,8 +132,8 @@ elseif (isset($_GET['action']) && $_GET['action'] == "additem" && $_GET['inid']
print("| Question: | |
\n");
print("| Answer: | |
\n");
print("| Status: | |
");
- print("");
- print("");
+ print("");
+ print("");
print(" |
\n");
print("");
end_main_frame();
@@ -168,15 +168,15 @@ elseif (isset($_GET['action']) && $_GET['action'] == "addsection") {
elseif (isset($_GET['action']) && $_GET['action'] == "addnewitem" && $_POST['question'] != NULL && $_POST['answer'] != NULL) {
$question = $_POST['question'];
$answer = $_POST['answer'];
- $categ = $_POST[categ] ?? 0;
- $langid = $_POST['langid'] ?? 0;
+ $categ = intval($_POST[categ] ?? 0);
+ $langid = intval($_POST['langid'] ?? 0);
$res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='item' AND `categ`=".sqlesc($categ)." AND lang_id=".sqlesc($langid));
while ($arr = mysql_fetch_array($res, MYSQLI_BOTH))
{
$order = $arr['maxorder'] + 1;
$link_id = $arr['maxlinkid']+1;
}
- sql_query("INSERT INTO `faq` (`link_id`, `type`, `lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES ('$link_id', 'item', ".sqlesc($langid).", ".sqlesc($question).", ".sqlesc($answer).", " . sqlesc($_POST['flag'] ?? 0) . ", ".sqlesc($categ).", ".sqlesc($order).")") or sqlerr();
+ sql_query("INSERT INTO `faq` (`link_id`, `type`, `lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES ('$link_id', 'item', ".sqlesc($langid).", ".sqlesc($question).", ".sqlesc($answer).", " . sqlesc(intval($_POST['flag'] ?? 0)) . ", ".sqlesc($categ).", ".sqlesc($order).")") or sqlerr();
header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php");
die;
}
@@ -184,7 +184,7 @@ elseif (isset($_GET['action']) && $_GET['action'] == "addnewitem" && $_POST['que
// subACTION: addnewsect - add a new section to the db
elseif (isset($_GET['action']) && $_GET['action'] == "addnewsect" && $_POST['title'] != NULL && $_POST['flag'] != NULL) {
$title = $_POST['title'];
- $language = $_POST['language'] ?? 0;
+ $language = intval($_POST['language'] ?? 0);
$res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='categ' AND `lang_id` = ".sqlesc($language));
while ($arr = mysql_fetch_array($res, MYSQLI_BOTH)) {$order = $arr['maxorder'] + 1;$link_id = $arr['maxlinkid']+1;}
sql_query("INSERT INTO `faq` (`link_id`,`type`,`lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES (".sqlesc($link_id).",'categ', ".sqlesc($language).", ".sqlesc($title).", '', ".sqlesc($_POST['flag']).", '0', ".sqlesc($order).")") or sqlerr();
diff --git a/fastdelete.php b/fastdelete.php
index ab181633..d76bdf76 100644
--- a/fastdelete.php
+++ b/fastdelete.php
@@ -15,7 +15,7 @@ function bark($msg) {
if (!mkglobal("id"))
bark($lang_fastdelete['std_missing_form_data']);
-$id = $id ?? 0;
+$id = intval($id ?? 0);
int_check($id);
$sure = $_GET["sure"];
diff --git a/getusertorrentlistajax.php b/getusertorrentlistajax.php
index b021a0b9..f8e9087b 100644
--- a/getusertorrentlistajax.php
+++ b/getusertorrentlistajax.php
@@ -161,7 +161,7 @@ function maketable($res, $mode = 'seeding')
return $ret;
}
-$id = $_GET['userid'] ?? 0;
+$id = intval($_GET['userid'] ?? 0);
$type = $_GET['type'];
if (!in_array($type,array('uploaded','seeding','leeching','completed','incomplete')))
die;
diff --git a/include/functions_announce.php b/include/functions_announce.php
index 6e2d458d..7784850e 100644
--- a/include/functions_announce.php
+++ b/include/functions_announce.php
@@ -199,8 +199,8 @@ function check_client($peer_id, $agent, &$agent_familyid)
{
if($row_allowed_ua['peer_id_matchtype'] == 'dec')
{
- $match_target[$i+1] = $match_target[$i+1] ?? 0;
- $match_bench[$i+1] = $match_bench[$i+1] ?? 0;
+ $match_target[$i+1] = intval($match_target[$i+1] ?? 0);
+ $match_bench[$i+1] = intval($match_bench[$i+1] ?? 0);
}
else if($row_allowed_ua['peer_id_matchtype'] == 'hex')
{
@@ -249,8 +249,8 @@ function check_client($peer_id, $agent, &$agent_familyid)
{
if($row_allowed_ua['agent_matchtype'] == 'dec')
{
- $match_target[$i+1] = $match_target[$i+1] ?? 0;
- $match_bench[$i+1] = $match_bench[$i+1] ?? 0;
+ $match_target[$i+1] = intval($match_target[$i+1] ?? 0);
+ $match_bench[$i+1] = intval($match_bench[$i+1] ?? 0);
}
else if($row_allowed_ua['agent_matchtype'] == 'hex')
{
diff --git a/index.php b/index.php
index 5f643f30..9aa6518c 100644
--- a/index.php
+++ b/index.php
@@ -270,7 +270,7 @@ if ($CURUSER && $showpolls_main == "yes")
print("");
if ($pollexists)
{
- $pollid = $arr["id"] ?? 0;
+ $pollid = intval($arr["id"] ?? 0);
$question = $arr["question"];
$o = array($arr["option0"], $arr["option1"], $arr["option2"], $arr["option3"], $arr["option4"],
diff --git a/iphistory.php b/iphistory.php
index 18d96c2b..0513f34d 100644
--- a/iphistory.php
+++ b/iphistory.php
@@ -7,7 +7,7 @@ loggedinorreturn();
if (get_user_class() < $userprofile_class)
permissiondenied();
-$userid = $_GET["id"] ?? 0;
+$userid = intval($_GET["id"] ?? 0);
if (!is_valid_id($userid))
stderr($lang_iphistory['std_error'], $lang_iphistory['std_invalid_id']);
diff --git a/massmail.php b/massmail.php
index 07c07b0a..82338eab 100644
--- a/massmail.php
+++ b/massmail.php
@@ -4,7 +4,7 @@ dbconn();
loggedinorreturn();
if (get_user_class() < UC_SYSOP)
stderr("Error", "Permission denied.");
-$class = $_POST["class"] ?? 0;
+$class = intval($_POST["class"] ?? 0);
if ($class)
int_check($class,true);
$or = $_POST["or"];
diff --git a/maxlogin.php b/maxlogin.php
index a1e01953..b8ff5fb4 100644
--- a/maxlogin.php
+++ b/maxlogin.php
@@ -33,7 +33,7 @@ function searchform () {
here if you are sure.",false);
diff --git a/moforums.php b/moforums.php
index 508fd2f0..c6ba6ed5 100644
--- a/moforums.php
+++ b/moforums.php
@@ -151,7 +151,7 @@ $nr = mysql_num_rows($res);
=0 && $_GET['namered']<=255)
- $namered = $_GET['namered'] ?? 0;
+ $namered = intval($_GET['namered'] ?? 0);
else $namered=255;
if (isset($_GET['namegreen']) && $_GET['namegreen']>=0 && $_GET['namegreen']<=255)
- $namegreen = $_GET['namegreen'] ?? 0;
+ $namegreen = intval($_GET['namegreen'] ?? 0);
else $namegreen=255;
if (isset($_GET['nameblue']) && $_GET['nameblue']>=0 && $_GET['nameblue']<=255)
- $nameblue = $_GET['nameblue'] ?? 0;
+ $nameblue = intval($_GET['nameblue'] ?? 0);
else $nameblue=255;
if (isset($_GET['namesize']) && $_GET['namesize']>=1 && $_GET['namesize']<=5)
- $namesize = $_GET['namesize'] ?? 0;
+ $namesize = intval($_GET['namesize'] ?? 0);
else $namesize=3;
if (isset($_GET['namex']) && $_GET['namex']>=0 && $_GET['namex']<=350)
- $namex = $_GET['namex'] ?? 0;
+ $namex = intval($_GET['namex'] ?? 0);
else $namex=10;
if (isset($_GET['namey']) && $_GET['namey']>=0 && $_GET['namey']<=19)
- $namey = $_GET['namey'] ?? 0;
+ $namey = intval($_GET['namey'] ?? 0);
else $namey=3;
$name_colour = imagecolorallocate($my_img, $namered, $namegreen, $nameblue);
imagestring($my_img, $namesize, $namex, $namey, $username, $name_colour);
@@ -51,22 +51,22 @@ if (!$_GET['noname'])
if (!$_GET['noup'])
{
if (isset($_GET['upred']) && $_GET['upred']>=0 && $_GET['upred']<=255)
- $upred = $_GET['upred'] ?? 0;
+ $upred = intval($_GET['upred'] ?? 0);
else $upred=0;
if (isset($_GET['upgreen']) && $_GET['upgreen']>=0 && $_GET['upgreen']<=255)
- $upgreen = $_GET['upgreen'] ?? 0;
+ $upgreen = intval($_GET['upgreen'] ?? 0);
else $upgreen=255;
if (isset($_GET['upblue']) && $_GET['upblue']>=0 && $_GET['upblue']<=255)
- $upblue = $_GET['upblue'] ?? 0;
+ $upblue = intval($_GET['upblue'] ?? 0);
else $upblue=0;
if (isset($_GET['upsize']) && $_GET['upsize']>=1 && $_GET['upsize']<=5)
- $upsize = $_GET['upsize'] ?? 0;
+ $upsize = intval($_GET['upsize'] ?? 0);
else $upsize=3;
if (isset($_GET['upx']) && $_GET['upx']>=0 && $_GET['upx']<=350)
- $upx = $_GET['upx'] ?? 0;
+ $upx = intval($_GET['upx'] ?? 0);
else $upx=100;
if (isset($_GET['upy']) && $_GET['upy']>=0 && $_GET['upy']<=19)
- $upy = $_GET['upy'] ?? 0;
+ $upy = intval($_GET['upy'] ?? 0);
else $upy=3;
$up_colour = imagecolorallocate($my_img, $upred, $upgreen, $upblue);
imagestring($my_img, $upsize, $upx, $upy, $uploaded, $up_colour);
@@ -75,19 +75,19 @@ if (!$_GET['noup'])
if (!$_GET['nodown'])
{
if (isset($_GET['downred']) && $_GET['downred']>=0 && $_GET['downred']<=255)
- $downred = $_GET['downred'] ?? 0;
+ $downred = intval($_GET['downred'] ?? 0);
else $downred=255;
if (isset($_GET['downgreen']) && $_GET['downgreen']>=0 && $_GET['downgreen']<=255)
- $downgreen = $_GET['downgreen'] ?? 0;
+ $downgreen = intval($_GET['downgreen'] ?? 0);
else $downgreen=0;
if (isset($_GET['downblue']) && $_GET['downblue']>=0 && $_GET['downblue']<=255)
- $downblue = $_GET['downblue'] ?? 0;
+ $downblue = intval($_GET['downblue'] ?? 0);
else $downblue=0;
if (isset($_GET['downsize']) && $_GET['downsize']>=1 && $_GET['downsize']<=5)
- $downsize = $_GET['downsize'] ?? 0;
+ $downsize = intval($_GET['downsize'] ?? 0);
else $downsize=3;
if (isset($_GET['downx']) && $_GET['downx']>=0 && $_GET['downx']<=350)
- $downx = $_GET['downx'] ?? 0;
+ $downx = intval($_GET['downx'] ?? 0);
else $downx=180;
if (isset($_GET['downy']) && $_GET['downy']>=0 && $_GET['downy']<=19)
$downy = $_GET['downy'];
diff --git a/news.php b/news.php
index 7ea7fce5..5762c364 100644
--- a/news.php
+++ b/news.php
@@ -12,12 +12,12 @@ $action = htmlspecialchars($_GET["action"] ?? '');
if ($action == 'delete')
{
- $newsid = $_GET["newsid"] ?? 0;
+ $newsid = intval($_GET["newsid"] ?? 0);
int_check($newsid,true);
$returnto = !empty($_GET["returnto"]) ? htmlspecialchars($_GET["returnto"]) : htmlspecialchars($_SERVER["HTTP_REFERER"]);
- $sure = $_GET["sure"] ?? 0;
+ $sure = intval($_GET["sure"] ?? 0);
if (!$sure)
stderr($lang_news['std_delete_news_item'], $lang_news['std_are_you_sure'] . "".$lang_news['std_here']."".$lang_news['std_if_sure'],false);
@@ -41,7 +41,7 @@ if ($action == 'add')
if (!$title)
stderr($lang_news['std_error'], $lang_news['std_news_title_empty']);
- $added = $_POST["added"] ?? 0;
+ $added = intval($_POST["added"] ?? 0);
if (!$added)
$added = sqlesc(date("Y-m-d H:i:s"));
$notify = $_POST['notify'] ?? '';
@@ -59,7 +59,7 @@ if ($action == 'add')
if ($action == 'edit')
{
- $newsid = $_GET["newsid"] ?? 0;
+ $newsid = intval($_GET["newsid"] ?? 0);
int_check($newsid,true);
$res = sql_query("SELECT * FROM news WHERE id=".sqlesc($newsid)) or sqlerr(__FILE__, __LINE__);
diff --git a/shoutbox.php b/shoutbox.php
index 68da91ba..da373efe 100644
--- a/shoutbox.php
+++ b/shoutbox.php
@@ -62,7 +62,7 @@ countdown(time);
if(isset($_GET["sent"]) && $_GET["sent"]=="yes"){
if(!isset($_GET["shbox_text"]) || !$_GET['shbox_text'])
{
- $userid=$CURUSER["id"] ?? 0;
+ $userid=intval($CURUSER["id"] ?? 0);
}
else
{
@@ -77,7 +77,7 @@ else
}
elseif ($_GET["type"] == 'shoutbox')
{
- $userid=$CURUSER["id"] ?? 0;
+ $userid=intval($CURUSER["id"] ?? 0);
if (!$userid){
write_log("Someone is hacking shoutbox. - IP : ".getip(),'mod');
die($lang_shoutbox['text_no_permission_to_shoutbox']);
diff --git a/staffbox.php b/staffbox.php
index af1c32c5..3d4b558c 100644
--- a/staffbox.php
+++ b/staffbox.php
@@ -68,7 +68,7 @@ if ($action == "viewpm")
if (get_user_class() < $staffmem_class)
permissiondenied();
-$pmid = $_GET["pmid"] ?? 0;
+$pmid = intval($_GET["pmid"] ?? 0);
$ress4 = sql_query("SELECT * FROM staffmessages WHERE id=".sqlesc($pmid));
$arr4 = mysql_fetch_assoc($ress4);
@@ -126,7 +126,7 @@ if ($action == "answermessage") {
permissiondenied();
$answeringto = $_GET["answeringto"];
- $receiver = $_GET["receiver"] ?? 0;
+ $receiver = intval($_GET["receiver"] ?? 0);
int_check($receiver,true);
@@ -166,7 +166,7 @@ if ($action == "takeanswer") {
if (get_user_class() < $staffmem_class)
permissiondenied();
- $receiver = $_POST["receiver"] ?? 0;
+ $receiver = intval($_POST["receiver"] ?? 0);
$answeringto = $_POST["answeringto"];
int_check($receiver,true);
@@ -195,7 +195,7 @@ $Cache->delete_value('staff_new_message_count');
if ($action == "deletestaffmessage") {
- $id = $_GET["id"] ?? 0;
+ $id = intval($_GET["id"] ?? 0);
if (!is_numeric($id) || $id < 1 || floor($id) != $id)
die;
@@ -218,7 +218,7 @@ if ($action == "setanswered") {
if (get_user_class() < $staffmem_class)
permissiondenied();
-$id = $_GET["id"] ?? 0;
+$id = intval($_GET["id"] ?? 0);
sql_query ("UPDATE staffmessages SET answered=1, answeredby = $CURUSER[id] WHERE id = $id") or sqlerr();
$Cache->delete_value('staff_new_message_count');
diff --git a/subtitles.php b/subtitles.php
index 1e33aad5..88b0c2d2 100644
--- a/subtitles.php
+++ b/subtitles.php
@@ -11,7 +11,7 @@ if (!isset($CURUSER))
stdhead($lang_subtitles['head_subtitles']);
$in_detail = $_POST['in_detail'] ?? '';
-$detail_torrent_id = $_POST['detail_torrent_id'] ?? 0;
+$detail_torrent_id = intval($_POST['detail_torrent_id'] ?? 0);
$torrent_name = $_POST['torrent_name'] ?? '';
function isInteger($n)
@@ -23,7 +23,7 @@ function isInteger($n)
return true;
}
-$act = $_GET["act"] ?? 0;
+$act = intval($_GET["act"] ?? 0);
$search = trim($_GET['search'] ?? '');
$letter = trim($_GET["letter"] ?? '');
if (strlen($letter) > 1)
@@ -31,7 +31,7 @@ if (strlen($letter) > 1)
if ($letter == "" || strpos("abcdefghijklmnopqrstuvwxyz", $letter) === false)
$letter = "";
-$lang_id = $_GET['lang_id'] ?? 0;
+$lang_id = intval($_GET['lang_id'] ?? 0);
if (!is_valid_id($lang_id))
$lang_id = '';
@@ -197,7 +197,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["action"]) && $_POST["a
if (get_user_class() >= $delownsub_class)
{
- $delete = $_GET["delete"] ?? 0;
+ $delete = intval($_GET["delete"] ?? 0);
if (is_valid_id($delete))
{
$r = sql_query("SELECT id,torrent_id,ext,lang_id,title,filename,uppedby,anonymous FROM subs WHERE id=".sqlesc($delete)) or sqlerr(__FILE__, __LINE__);
@@ -206,7 +206,7 @@ if (get_user_class() >= $delownsub_class)
$a = mysql_fetch_assoc($r);
if (get_user_class() >= $submanage_class || $a["uppedby"] == $CURUSER["id"])
{
- $sure = $_GET["sure"] ?? 0;
+ $sure = intval($_GET["sure"] ?? 0);
if ($sure == 1)
{
$reason = $_POST["reason"];
diff --git a/takeconfirm.php b/takeconfirm.php
index 996d7a97..142da677 100644
--- a/takeconfirm.php
+++ b/takeconfirm.php
@@ -2,7 +2,7 @@
require_once("include/bittorrent.php");
dbconn();
require_once(get_langfile_path());
-$id = isset($_POST['id']) ? $_POST['id'] : (isset($_GET['id']) ? $_GET['id'] : die());
+$id = isset($_POST['id']) ? intval($_POST['id']) : (isset($_GET['id']) ? intval($_GET['id']) : die());
int_check($id,true);
$email = unesc(htmlspecialchars(trim($_POST["email"])));
if(isset($_POST[conusr]))
diff --git a/takeupload.php b/takeupload.php
index 79d2e83e..11ee2602 100644
--- a/takeupload.php
+++ b/takeupload.php
@@ -67,14 +67,14 @@ $descr = unesc($_POST["descr"]);
if (!$descr)
bark($lang_takeupload['std_blank_description']);
-$catid = ($_POST["type"] ?? 0);
-$sourceid = ($_POST["source_sel"] ?? 0);
-$mediumid = ($_POST["medium_sel"] ?? 0);
-$codecid = ($_POST["codec_sel"] ?? 0);
-$standardid = ($_POST["standard_sel"] ?? 0);
-$processingid = ($_POST["processing_sel"] ?? 0);
-$teamid = ($_POST["team_sel"] ?? 0);
-$audiocodecid = ($_POST["audiocodec_sel"] ?? 0);
+$catid = intval($_POST["type"] ?? 0);
+$sourceid = intval($_POST["source_sel"] ?? 0);
+$mediumid = intval($_POST["medium_sel"] ?? 0);
+$codecid = intval($_POST["codec_sel"] ?? 0);
+$standardid = intval($_POST["standard_sel"] ?? 0);
+$processingid = intval($_POST["processing_sel"] ?? 0);
+$teamid = intval($_POST["team_sel"] ?? 0);
+$audiocodecid = intval($_POST["audiocodec_sel"] ?? 0);
if (!is_valid_id($catid))
bark($lang_takeupload['std_category_unselected']);
@@ -214,7 +214,7 @@ $allowtorrents = user_can_upload("torrents");
$allowspecial = user_can_upload("music");
$catmod = get_single_value("categories","mode","WHERE id=".sqlesc($catid));
-$offerid = $_POST['offer'] ?? 0;
+$offerid = intval($_POST['offer'] ?? 0);
$is_offer=false;
if ($browsecatmode != $specialcatmode && $catmod == $specialcatmode){//upload to special section
if (!$allowspecial)
diff --git a/torrents.php b/torrents.php
index dd442601..945ea8e9 100644
--- a/torrents.php
+++ b/torrents.php
@@ -92,7 +92,7 @@ if ($showsubcat){
}
//----------------- start whether show torrents from all sections---------------------//
if ($_GET)
- $allsec = $_GET["allsec"] ?? 0;
+ $allsec = intval($_GET["allsec"] ?? 0);
else $allsec = 0;
if ($allsec == 1) //show torrents from all sections
{
diff --git a/userdetails.php b/userdetails.php
index 1f42ebc8..3b35cddb 100644
--- a/userdetails.php
+++ b/userdetails.php
@@ -14,7 +14,7 @@ function bark($msg)
exit;
}
-$id = $_GET["id"] ?? 0;
+$id = intval($_GET["id"] ?? 0);
int_check($id,true);
if ($id != $CURUSER['id']){