From 38dae7c068abfc04b45d9e6cfd17cbfa47aa5d79 Mon Sep 17 00:00:00 2001 From: xiaomlove Date: Wed, 6 Jan 2021 02:19:03 +0800 Subject: [PATCH] keep some default value be integer 2 --- admanage.php | 14 ++++++------- bookmark.php | 2 +- catmanage.php | 38 +++++++++++++++++----------------- checkuser.php | 2 +- delete.php | 4 ++-- downloadsubs.php | 4 ++-- faqactions.php | 14 ++++++------- fastdelete.php | 2 +- getusertorrentlistajax.php | 2 +- include/functions_announce.php | 8 +++---- index.php | 2 +- iphistory.php | 2 +- massmail.php | 2 +- maxlogin.php | 4 ++-- modrules.php | 4 ++-- moforums.php | 2 +- mybar.php | 38 +++++++++++++++++----------------- news.php | 8 +++---- shoutbox.php | 4 ++-- staffbox.php | 10 ++++----- subtitles.php | 10 ++++----- takeconfirm.php | 2 +- takeupload.php | 18 ++++++++-------- torrents.php | 2 +- userdetails.php | 2 +- 25 files changed, 100 insertions(+), 100 deletions(-) diff --git a/admanage.php b/admanage.php index d4f526b1..563d3017 100644 --- a/admanage.php +++ b/admanage.php @@ -252,7 +252,7 @@ elseif ($action == 'submit') else { if ($_POST['isedit']){ - $id = $_POST['id'] ?? 0; + $id = intval($_POST['id'] ?? 0); if (!$id) { stderr($lang_admanage['std_error'], $lang_admanage['std_invalid_id']); @@ -276,8 +276,8 @@ elseif ($action == 'submit') $name = $_POST['ad']['name']; $starttime = $_POST['ad']['starttime']; $endtime = $_POST['ad']['endtime']; - $displayorder = $_POST['ad']['displayorder'] ?? 0; - $enabled = $_POST['ad']['enabled'] ?? 0; + $displayorder = intval($_POST['ad']['displayorder'] ?? 0); + $enabled = intval($_POST['ad']['enabled'] ?? 0); $type = $_POST['ad']['type']; if (!$name || !$type) { @@ -317,8 +317,8 @@ elseif ($action == 'submit') case 'image': if (!$_POST['ad']['image']['url'] || !$_POST['ad']['image']['link']) stderr($lang_admanage['std_error'], $lang_admanage['std_missing_form_data']); - $_POST['ad']['image']['width'] = $_POST['ad']['image']['width'] ?? 0; - $_POST['ad']['image']['height'] = $_POST['ad']['image']['height'] ?? 0; + $_POST['ad']['image']['width'] = intval($_POST['ad']['image']['width'] ?? 0); + $_POST['ad']['image']['height'] = intval($_POST['ad']['image']['height'] ?? 0); $parameters = serialize($_POST['ad']['image']); $imgadd = ""; if ($_POST['ad']['image']['width']) @@ -330,8 +330,8 @@ elseif ($action == 'submit') $code = "\"ad\""; break; case 'flash': - $_POST['ad']['flash']['width'] = $_POST['ad']['flash']['width'] ?? 0; - $_POST['ad']['flash']['height'] = $_POST['ad']['flash']['height'] ?? 0; + $_POST['ad']['flash']['width'] = intval($_POST['ad']['flash']['width'] ?? 0); + $_POST['ad']['flash']['height'] = intval($_POST['ad']['flash']['height'] ?? 0); if (!$_POST['ad']['flash']['url'] || !$_POST['ad']['flash']['width'] || !$_POST['ad']['flash']['height']) stderr($lang_admanage['std_error'], $lang_admanage['std_missing_form_data']); $parameters = serialize($_POST['ad']['flash']); diff --git a/bookmark.php b/bookmark.php index 528166f5..e686892f 100644 --- a/bookmark.php +++ b/bookmark.php @@ -9,7 +9,7 @@ header("Cache-Control: no-cache, must-revalidate" ); header("Pragma: no-cache" ); header("Content-Type: text/xml; charset=utf-8"); -$torrentid = $_GET['torrentid'] ?? 0; +$torrentid = intval($_GET['torrentid'] ?? 0); if(isset($CURUSER)) { $res_bookmark = sql_query("SELECT * FROM bookmarks WHERE torrentid=" . sqlesc($torrentid) . " AND userid=" . sqlesc($CURUSER[id])); diff --git a/catmanage.php b/catmanage.php index 1161ead0..4d620c4c 100644 --- a/catmanage.php +++ b/catmanage.php @@ -640,7 +640,7 @@ elseif($action == 'submit') { $dbtablename=return_category_db_table_name($type); if ($_POST['isedit']){ - $id = $_POST['id'] ?? 0; + $id = intval($_POST['id'] ?? 0); if (!$id) { stderr($lang_catmanage['std_error'], $lang_catmanage['std_invalid_id']); @@ -658,22 +658,22 @@ elseif($action == 'submit') if (!$name) stderr($lang_catmanage['std_error'], $lang_catmanage['std_missing_form_data']); $updateset[] = "name=".sqlesc($name); - $sort_index = $_POST['sort_index'] ?? 0; + $sort_index = intval($_POST['sort_index'] ?? 0); $updateset[] = "sort_index=".sqlesc($sort_index); $Cache->delete_value($dbtablename.'_list'); } elseif ($type=='searchbox'){ $name = $_POST['name']; - $catsperrow = $_POST['catsperrow'] ?? 0; - $catpadding = $_POST['catpadding'] ?? 0; + $catsperrow = intval($_POST['catsperrow'] ?? 0); + $catpadding = intval($_POST['catpadding'] ?? 0); if (!$name || !$catsperrow || !$catpadding) stderr($lang_catmanage['std_error'], $lang_catmanage['std_missing_form_data']); - $showsource = $_POST['showsource'] ?? 0; - $showmedium = $_POST['showmedium'] ?? 0; - $showcodec = $_POST['showcodec'] ?? 0; - $showstandard = $_POST['showstandard'] ?? 0; - $showprocessing = $_POST['showprocessing'] ?? 0; - $showteam = $_POST['showteam'] ?? 0; + $showsource = intval($_POST['showsource'] ?? 0); + $showmedium = intval($_POST['showmedium'] ?? 0); + $showcodec = intval($_POST['showcodec'] ?? 0); + $showstandard = intval($_POST['showstandard'] ?? 0); + $showprocessing = intval($_POST['showprocessing'] ?? 0); + $showteam = intval($_POST['showteam'] ?? 0); $showaudiocodec = $_POST['showaudiocodec']; $updateset[] = "catsperrow=".sqlesc($catsperrow); $updateset[] = "catpadding=".sqlesc($catpadding); @@ -720,13 +720,13 @@ elseif($action == 'submit') $name = $_POST['name']; $image = trim($_POST['image']); $class_name = trim($_POST['class_name']); - $source = $_POST['source'] ?? 0; - $medium = $_POST['medium'] ?? 0; - $codec = $_POST['codec'] ?? 0; - $standard = $_POST['standard'] ?? 0; - $processing = $_POST['processing'] ?? 0; - $team = $_POST['team'] ?? 0; - $audiocodec = $_POST['audiocodec'] ?? 0; + $source = intval($_POST['source'] ?? 0); + $medium = intval($_POST['medium'] ?? 0); + $codec = intval($_POST['codec'] ?? 0); + $standard = intval($_POST['standard'] ?? 0); + $processing = intval($_POST['processing'] ?? 0); + $team = intval($_POST['team'] ?? 0; + $audiocodec = intval($_POST['audiocodec'] ?? 0); if (!$name || !$image) stderr($lang_catmanage['std_error'], $lang_catmanage['std_missing_form_data']); if (!valid_file_name($image)) @@ -756,9 +756,9 @@ elseif($action == 'submit') elseif ($type=='category'){ $name = $_POST['name']; $image = trim($_POST['image']); - $mode = $_POST['mode'] ?? 0; + $mode = intval($_POST['mode'] ?? 0); $class_name = trim($_POST['class_name']); - $sort_index = $_POST['sort_index'] ?? 0; + $sort_index = intval($_POST['sort_index'] ?? 0); if (!$name || !$image) stderr($lang_catmanage['std_error'], $lang_catmanage['std_missing_form_data']); if (!valid_file_name($image)) diff --git a/checkuser.php b/checkuser.php index 0c79bad7..985c5e5c 100644 --- a/checkuser.php +++ b/checkuser.php @@ -4,7 +4,7 @@ dbconn(); require_once(get_langfile_path()); loggedinorreturn(); parked(); -$id = $_GET["id"] ?? 0; +$id = intval($_GET["id"] ?? 0); int_check($id,true); function bark($msg) { diff --git a/delete.php b/delete.php index d313ca3b..b7229830 100644 --- a/delete.php +++ b/delete.php @@ -16,7 +16,7 @@ function bark($msg) { if (!mkglobal("id")) bark($lang_delete['std_missing_form_date']); -$id = $id ?? 0; +$id = intval($id ?? 0); if (!$id) die(); @@ -28,7 +28,7 @@ if (!$row) if ($CURUSER["id"] != $row["owner"] && get_user_class() < $torrentmanage_class) bark($lang_delete['std_not_owner']); -$rt = $_POST["reasontype"] ?? 0; +$rt = intval($_POST["reasontype"] ?? 0); if (!is_int($rt) || $rt < 1 || $rt > 5) bark($lang_delete['std_invalid_reason']."$rt."); diff --git a/downloadsubs.php b/downloadsubs.php index d1e75966..4eedd156 100644 --- a/downloadsubs.php +++ b/downloadsubs.php @@ -13,8 +13,8 @@ $dirname = $_GET["torrentid"]; if (!$filename || !$dirname) die("File name missing\n"); -$filename = $filename ?? 0; -$dirname = $dirname ?? 0; +$filename = intval($filename ?? 0); +$dirname = intval($dirname ?? 0); $res = sql_query("SELECT * FROM subs WHERE id=$filename") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_assoc($res); diff --git a/faqactions.php b/faqactions.php index 60f9e551..ad338698 100644 --- a/faqactions.php +++ b/faqactions.php @@ -108,7 +108,7 @@ elseif (isset($_GET['action']) && $_GET['action'] == "editsect" && $_POST['id'] // ACTION: delete - delete a section or item elseif (isset($_GET['action']) && $_GET['action'] == "delete" && isset($_GET['id'])) { if ($_GET[confirm] == "yes") { - sql_query("DELETE FROM `faq` WHERE `id`=".sqlesc($_GET['id'] ?? 0)." LIMIT 1") or sqlerr(); + sql_query("DELETE FROM `faq` WHERE `id`=".sqlesc(intval($_GET['id'] ?? 0))." LIMIT 1") or sqlerr(); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } @@ -132,8 +132,8 @@ elseif (isset($_GET['action']) && $_GET['action'] == "additem" && $_GET['inid'] print("Question:\n"); print("Answer:\n"); print("Status:"); - print(""); - print(""); + print(""); + print(""); print("\n"); print(""); end_main_frame(); @@ -168,15 +168,15 @@ elseif (isset($_GET['action']) && $_GET['action'] == "addsection") { elseif (isset($_GET['action']) && $_GET['action'] == "addnewitem" && $_POST['question'] != NULL && $_POST['answer'] != NULL) { $question = $_POST['question']; $answer = $_POST['answer']; - $categ = $_POST[categ] ?? 0; - $langid = $_POST['langid'] ?? 0; + $categ = intval($_POST[categ] ?? 0); + $langid = intval($_POST['langid'] ?? 0); $res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='item' AND `categ`=".sqlesc($categ)." AND lang_id=".sqlesc($langid)); while ($arr = mysql_fetch_array($res, MYSQLI_BOTH)) { $order = $arr['maxorder'] + 1; $link_id = $arr['maxlinkid']+1; } - sql_query("INSERT INTO `faq` (`link_id`, `type`, `lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES ('$link_id', 'item', ".sqlesc($langid).", ".sqlesc($question).", ".sqlesc($answer).", " . sqlesc($_POST['flag'] ?? 0) . ", ".sqlesc($categ).", ".sqlesc($order).")") or sqlerr(); + sql_query("INSERT INTO `faq` (`link_id`, `type`, `lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES ('$link_id', 'item', ".sqlesc($langid).", ".sqlesc($question).", ".sqlesc($answer).", " . sqlesc(intval($_POST['flag'] ?? 0)) . ", ".sqlesc($categ).", ".sqlesc($order).")") or sqlerr(); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } @@ -184,7 +184,7 @@ elseif (isset($_GET['action']) && $_GET['action'] == "addnewitem" && $_POST['que // subACTION: addnewsect - add a new section to the db elseif (isset($_GET['action']) && $_GET['action'] == "addnewsect" && $_POST['title'] != NULL && $_POST['flag'] != NULL) { $title = $_POST['title']; - $language = $_POST['language'] ?? 0; + $language = intval($_POST['language'] ?? 0); $res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='categ' AND `lang_id` = ".sqlesc($language)); while ($arr = mysql_fetch_array($res, MYSQLI_BOTH)) {$order = $arr['maxorder'] + 1;$link_id = $arr['maxlinkid']+1;} sql_query("INSERT INTO `faq` (`link_id`,`type`,`lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES (".sqlesc($link_id).",'categ', ".sqlesc($language).", ".sqlesc($title).", '', ".sqlesc($_POST['flag']).", '0', ".sqlesc($order).")") or sqlerr(); diff --git a/fastdelete.php b/fastdelete.php index ab181633..d76bdf76 100644 --- a/fastdelete.php +++ b/fastdelete.php @@ -15,7 +15,7 @@ function bark($msg) { if (!mkglobal("id")) bark($lang_fastdelete['std_missing_form_data']); -$id = $id ?? 0; +$id = intval($id ?? 0); int_check($id); $sure = $_GET["sure"]; diff --git a/getusertorrentlistajax.php b/getusertorrentlistajax.php index b021a0b9..f8e9087b 100644 --- a/getusertorrentlistajax.php +++ b/getusertorrentlistajax.php @@ -161,7 +161,7 @@ function maketable($res, $mode = 'seeding') return $ret; } -$id = $_GET['userid'] ?? 0; +$id = intval($_GET['userid'] ?? 0); $type = $_GET['type']; if (!in_array($type,array('uploaded','seeding','leeching','completed','incomplete'))) die; diff --git a/include/functions_announce.php b/include/functions_announce.php index 6e2d458d..7784850e 100644 --- a/include/functions_announce.php +++ b/include/functions_announce.php @@ -199,8 +199,8 @@ function check_client($peer_id, $agent, &$agent_familyid) { if($row_allowed_ua['peer_id_matchtype'] == 'dec') { - $match_target[$i+1] = $match_target[$i+1] ?? 0; - $match_bench[$i+1] = $match_bench[$i+1] ?? 0; + $match_target[$i+1] = intval($match_target[$i+1] ?? 0); + $match_bench[$i+1] = intval($match_bench[$i+1] ?? 0); } else if($row_allowed_ua['peer_id_matchtype'] == 'hex') { @@ -249,8 +249,8 @@ function check_client($peer_id, $agent, &$agent_familyid) { if($row_allowed_ua['agent_matchtype'] == 'dec') { - $match_target[$i+1] = $match_target[$i+1] ?? 0; - $match_bench[$i+1] = $match_bench[$i+1] ?? 0; + $match_target[$i+1] = intval($match_target[$i+1] ?? 0); + $match_bench[$i+1] = intval($match_bench[$i+1] ?? 0); } else if($row_allowed_ua['agent_matchtype'] == 'hex') { diff --git a/index.php b/index.php index 5f643f30..9aa6518c 100644 --- a/index.php +++ b/index.php @@ -270,7 +270,7 @@ if ($CURUSER && $showpolls_main == "yes") print(""); if ($pollexists) { - $pollid = $arr["id"] ?? 0; + $pollid = intval($arr["id"] ?? 0); $question = $arr["question"]; $o = array($arr["option0"], $arr["option1"], $arr["option2"], $arr["option3"], $arr["option4"], diff --git a/iphistory.php b/iphistory.php index 18d96c2b..0513f34d 100644 --- a/iphistory.php +++ b/iphistory.php @@ -7,7 +7,7 @@ loggedinorreturn(); if (get_user_class() < $userprofile_class) permissiondenied(); -$userid = $_GET["id"] ?? 0; +$userid = intval($_GET["id"] ?? 0); if (!is_valid_id($userid)) stderr($lang_iphistory['std_error'], $lang_iphistory['std_invalid_id']); diff --git a/massmail.php b/massmail.php index 07c07b0a..82338eab 100644 --- a/massmail.php +++ b/massmail.php @@ -4,7 +4,7 @@ dbconn(); loggedinorreturn(); if (get_user_class() < UC_SYSOP) stderr("Error", "Permission denied."); -$class = $_POST["class"] ?? 0; +$class = intval($_POST["class"] ?? 0); if ($class) int_check($class,true); $or = $_POST["or"]; diff --git a/maxlogin.php b/maxlogin.php index a1e01953..b8ff5fb4 100644 --- a/maxlogin.php +++ b/maxlogin.php @@ -33,7 +33,7 @@ function searchform () { here if you are sure.",false); diff --git a/moforums.php b/moforums.php index 508fd2f0..c6ba6ed5 100644 --- a/moforums.php +++ b/moforums.php @@ -151,7 +151,7 @@ $nr = mysql_num_rows($res); =0 && $_GET['namered']<=255) - $namered = $_GET['namered'] ?? 0; + $namered = intval($_GET['namered'] ?? 0); else $namered=255; if (isset($_GET['namegreen']) && $_GET['namegreen']>=0 && $_GET['namegreen']<=255) - $namegreen = $_GET['namegreen'] ?? 0; + $namegreen = intval($_GET['namegreen'] ?? 0); else $namegreen=255; if (isset($_GET['nameblue']) && $_GET['nameblue']>=0 && $_GET['nameblue']<=255) - $nameblue = $_GET['nameblue'] ?? 0; + $nameblue = intval($_GET['nameblue'] ?? 0); else $nameblue=255; if (isset($_GET['namesize']) && $_GET['namesize']>=1 && $_GET['namesize']<=5) - $namesize = $_GET['namesize'] ?? 0; + $namesize = intval($_GET['namesize'] ?? 0); else $namesize=3; if (isset($_GET['namex']) && $_GET['namex']>=0 && $_GET['namex']<=350) - $namex = $_GET['namex'] ?? 0; + $namex = intval($_GET['namex'] ?? 0); else $namex=10; if (isset($_GET['namey']) && $_GET['namey']>=0 && $_GET['namey']<=19) - $namey = $_GET['namey'] ?? 0; + $namey = intval($_GET['namey'] ?? 0); else $namey=3; $name_colour = imagecolorallocate($my_img, $namered, $namegreen, $nameblue); imagestring($my_img, $namesize, $namex, $namey, $username, $name_colour); @@ -51,22 +51,22 @@ if (!$_GET['noname']) if (!$_GET['noup']) { if (isset($_GET['upred']) && $_GET['upred']>=0 && $_GET['upred']<=255) - $upred = $_GET['upred'] ?? 0; + $upred = intval($_GET['upred'] ?? 0); else $upred=0; if (isset($_GET['upgreen']) && $_GET['upgreen']>=0 && $_GET['upgreen']<=255) - $upgreen = $_GET['upgreen'] ?? 0; + $upgreen = intval($_GET['upgreen'] ?? 0); else $upgreen=255; if (isset($_GET['upblue']) && $_GET['upblue']>=0 && $_GET['upblue']<=255) - $upblue = $_GET['upblue'] ?? 0; + $upblue = intval($_GET['upblue'] ?? 0); else $upblue=0; if (isset($_GET['upsize']) && $_GET['upsize']>=1 && $_GET['upsize']<=5) - $upsize = $_GET['upsize'] ?? 0; + $upsize = intval($_GET['upsize'] ?? 0); else $upsize=3; if (isset($_GET['upx']) && $_GET['upx']>=0 && $_GET['upx']<=350) - $upx = $_GET['upx'] ?? 0; + $upx = intval($_GET['upx'] ?? 0); else $upx=100; if (isset($_GET['upy']) && $_GET['upy']>=0 && $_GET['upy']<=19) - $upy = $_GET['upy'] ?? 0; + $upy = intval($_GET['upy'] ?? 0); else $upy=3; $up_colour = imagecolorallocate($my_img, $upred, $upgreen, $upblue); imagestring($my_img, $upsize, $upx, $upy, $uploaded, $up_colour); @@ -75,19 +75,19 @@ if (!$_GET['noup']) if (!$_GET['nodown']) { if (isset($_GET['downred']) && $_GET['downred']>=0 && $_GET['downred']<=255) - $downred = $_GET['downred'] ?? 0; + $downred = intval($_GET['downred'] ?? 0); else $downred=255; if (isset($_GET['downgreen']) && $_GET['downgreen']>=0 && $_GET['downgreen']<=255) - $downgreen = $_GET['downgreen'] ?? 0; + $downgreen = intval($_GET['downgreen'] ?? 0); else $downgreen=0; if (isset($_GET['downblue']) && $_GET['downblue']>=0 && $_GET['downblue']<=255) - $downblue = $_GET['downblue'] ?? 0; + $downblue = intval($_GET['downblue'] ?? 0); else $downblue=0; if (isset($_GET['downsize']) && $_GET['downsize']>=1 && $_GET['downsize']<=5) - $downsize = $_GET['downsize'] ?? 0; + $downsize = intval($_GET['downsize'] ?? 0); else $downsize=3; if (isset($_GET['downx']) && $_GET['downx']>=0 && $_GET['downx']<=350) - $downx = $_GET['downx'] ?? 0; + $downx = intval($_GET['downx'] ?? 0); else $downx=180; if (isset($_GET['downy']) && $_GET['downy']>=0 && $_GET['downy']<=19) $downy = $_GET['downy']; diff --git a/news.php b/news.php index 7ea7fce5..5762c364 100644 --- a/news.php +++ b/news.php @@ -12,12 +12,12 @@ $action = htmlspecialchars($_GET["action"] ?? ''); if ($action == 'delete') { - $newsid = $_GET["newsid"] ?? 0; + $newsid = intval($_GET["newsid"] ?? 0); int_check($newsid,true); $returnto = !empty($_GET["returnto"]) ? htmlspecialchars($_GET["returnto"]) : htmlspecialchars($_SERVER["HTTP_REFERER"]); - $sure = $_GET["sure"] ?? 0; + $sure = intval($_GET["sure"] ?? 0); if (!$sure) stderr($lang_news['std_delete_news_item'], $lang_news['std_are_you_sure'] . "".$lang_news['std_here']."".$lang_news['std_if_sure'],false); @@ -41,7 +41,7 @@ if ($action == 'add') if (!$title) stderr($lang_news['std_error'], $lang_news['std_news_title_empty']); - $added = $_POST["added"] ?? 0; + $added = intval($_POST["added"] ?? 0); if (!$added) $added = sqlesc(date("Y-m-d H:i:s")); $notify = $_POST['notify'] ?? ''; @@ -59,7 +59,7 @@ if ($action == 'add') if ($action == 'edit') { - $newsid = $_GET["newsid"] ?? 0; + $newsid = intval($_GET["newsid"] ?? 0); int_check($newsid,true); $res = sql_query("SELECT * FROM news WHERE id=".sqlesc($newsid)) or sqlerr(__FILE__, __LINE__); diff --git a/shoutbox.php b/shoutbox.php index 68da91ba..da373efe 100644 --- a/shoutbox.php +++ b/shoutbox.php @@ -62,7 +62,7 @@ countdown(time); if(isset($_GET["sent"]) && $_GET["sent"]=="yes"){ if(!isset($_GET["shbox_text"]) || !$_GET['shbox_text']) { - $userid=$CURUSER["id"] ?? 0; + $userid=intval($CURUSER["id"] ?? 0); } else { @@ -77,7 +77,7 @@ else } elseif ($_GET["type"] == 'shoutbox') { - $userid=$CURUSER["id"] ?? 0; + $userid=intval($CURUSER["id"] ?? 0); if (!$userid){ write_log("Someone is hacking shoutbox. - IP : ".getip(),'mod'); die($lang_shoutbox['text_no_permission_to_shoutbox']); diff --git a/staffbox.php b/staffbox.php index af1c32c5..3d4b558c 100644 --- a/staffbox.php +++ b/staffbox.php @@ -68,7 +68,7 @@ if ($action == "viewpm") if (get_user_class() < $staffmem_class) permissiondenied(); -$pmid = $_GET["pmid"] ?? 0; +$pmid = intval($_GET["pmid"] ?? 0); $ress4 = sql_query("SELECT * FROM staffmessages WHERE id=".sqlesc($pmid)); $arr4 = mysql_fetch_assoc($ress4); @@ -126,7 +126,7 @@ if ($action == "answermessage") { permissiondenied(); $answeringto = $_GET["answeringto"]; - $receiver = $_GET["receiver"] ?? 0; + $receiver = intval($_GET["receiver"] ?? 0); int_check($receiver,true); @@ -166,7 +166,7 @@ if ($action == "takeanswer") { if (get_user_class() < $staffmem_class) permissiondenied(); - $receiver = $_POST["receiver"] ?? 0; + $receiver = intval($_POST["receiver"] ?? 0); $answeringto = $_POST["answeringto"]; int_check($receiver,true); @@ -195,7 +195,7 @@ $Cache->delete_value('staff_new_message_count'); if ($action == "deletestaffmessage") { - $id = $_GET["id"] ?? 0; + $id = intval($_GET["id"] ?? 0); if (!is_numeric($id) || $id < 1 || floor($id) != $id) die; @@ -218,7 +218,7 @@ if ($action == "setanswered") { if (get_user_class() < $staffmem_class) permissiondenied(); -$id = $_GET["id"] ?? 0; +$id = intval($_GET["id"] ?? 0); sql_query ("UPDATE staffmessages SET answered=1, answeredby = $CURUSER[id] WHERE id = $id") or sqlerr(); $Cache->delete_value('staff_new_message_count'); diff --git a/subtitles.php b/subtitles.php index 1e33aad5..88b0c2d2 100644 --- a/subtitles.php +++ b/subtitles.php @@ -11,7 +11,7 @@ if (!isset($CURUSER)) stdhead($lang_subtitles['head_subtitles']); $in_detail = $_POST['in_detail'] ?? ''; -$detail_torrent_id = $_POST['detail_torrent_id'] ?? 0; +$detail_torrent_id = intval($_POST['detail_torrent_id'] ?? 0); $torrent_name = $_POST['torrent_name'] ?? ''; function isInteger($n) @@ -23,7 +23,7 @@ function isInteger($n) return true; } -$act = $_GET["act"] ?? 0; +$act = intval($_GET["act"] ?? 0); $search = trim($_GET['search'] ?? ''); $letter = trim($_GET["letter"] ?? ''); if (strlen($letter) > 1) @@ -31,7 +31,7 @@ if (strlen($letter) > 1) if ($letter == "" || strpos("abcdefghijklmnopqrstuvwxyz", $letter) === false) $letter = ""; -$lang_id = $_GET['lang_id'] ?? 0; +$lang_id = intval($_GET['lang_id'] ?? 0); if (!is_valid_id($lang_id)) $lang_id = ''; @@ -197,7 +197,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["action"]) && $_POST["a if (get_user_class() >= $delownsub_class) { - $delete = $_GET["delete"] ?? 0; + $delete = intval($_GET["delete"] ?? 0); if (is_valid_id($delete)) { $r = sql_query("SELECT id,torrent_id,ext,lang_id,title,filename,uppedby,anonymous FROM subs WHERE id=".sqlesc($delete)) or sqlerr(__FILE__, __LINE__); @@ -206,7 +206,7 @@ if (get_user_class() >= $delownsub_class) $a = mysql_fetch_assoc($r); if (get_user_class() >= $submanage_class || $a["uppedby"] == $CURUSER["id"]) { - $sure = $_GET["sure"] ?? 0; + $sure = intval($_GET["sure"] ?? 0); if ($sure == 1) { $reason = $_POST["reason"]; diff --git a/takeconfirm.php b/takeconfirm.php index 996d7a97..142da677 100644 --- a/takeconfirm.php +++ b/takeconfirm.php @@ -2,7 +2,7 @@ require_once("include/bittorrent.php"); dbconn(); require_once(get_langfile_path()); -$id = isset($_POST['id']) ? $_POST['id'] : (isset($_GET['id']) ? $_GET['id'] : die()); +$id = isset($_POST['id']) ? intval($_POST['id']) : (isset($_GET['id']) ? intval($_GET['id']) : die()); int_check($id,true); $email = unesc(htmlspecialchars(trim($_POST["email"]))); if(isset($_POST[conusr])) diff --git a/takeupload.php b/takeupload.php index 79d2e83e..11ee2602 100644 --- a/takeupload.php +++ b/takeupload.php @@ -67,14 +67,14 @@ $descr = unesc($_POST["descr"]); if (!$descr) bark($lang_takeupload['std_blank_description']); -$catid = ($_POST["type"] ?? 0); -$sourceid = ($_POST["source_sel"] ?? 0); -$mediumid = ($_POST["medium_sel"] ?? 0); -$codecid = ($_POST["codec_sel"] ?? 0); -$standardid = ($_POST["standard_sel"] ?? 0); -$processingid = ($_POST["processing_sel"] ?? 0); -$teamid = ($_POST["team_sel"] ?? 0); -$audiocodecid = ($_POST["audiocodec_sel"] ?? 0); +$catid = intval($_POST["type"] ?? 0); +$sourceid = intval($_POST["source_sel"] ?? 0); +$mediumid = intval($_POST["medium_sel"] ?? 0); +$codecid = intval($_POST["codec_sel"] ?? 0); +$standardid = intval($_POST["standard_sel"] ?? 0); +$processingid = intval($_POST["processing_sel"] ?? 0); +$teamid = intval($_POST["team_sel"] ?? 0); +$audiocodecid = intval($_POST["audiocodec_sel"] ?? 0); if (!is_valid_id($catid)) bark($lang_takeupload['std_category_unselected']); @@ -214,7 +214,7 @@ $allowtorrents = user_can_upload("torrents"); $allowspecial = user_can_upload("music"); $catmod = get_single_value("categories","mode","WHERE id=".sqlesc($catid)); -$offerid = $_POST['offer'] ?? 0; +$offerid = intval($_POST['offer'] ?? 0); $is_offer=false; if ($browsecatmode != $specialcatmode && $catmod == $specialcatmode){//upload to special section if (!$allowspecial) diff --git a/torrents.php b/torrents.php index dd442601..945ea8e9 100644 --- a/torrents.php +++ b/torrents.php @@ -92,7 +92,7 @@ if ($showsubcat){ } //----------------- start whether show torrents from all sections---------------------// if ($_GET) - $allsec = $_GET["allsec"] ?? 0; + $allsec = intval($_GET["allsec"] ?? 0); else $allsec = 0; if ($allsec == 1) //show torrents from all sections { diff --git a/userdetails.php b/userdetails.php index 1f42ebc8..3b35cddb 100644 --- a/userdetails.php +++ b/userdetails.php @@ -14,7 +14,7 @@ function bark($msg) exit; } -$id = $_GET["id"] ?? 0; +$id = intval($_GET["id"] ?? 0); int_check($id,true); if ($id != $CURUSER['id']){