From a968b5855cbfbb961a41c503449ff772e71a7a81 Mon Sep 17 00:00:00 2001 From: xiaomlove Date: Wed, 6 Jan 2021 00:56:13 +0800 Subject: [PATCH] recover some $_GET & $POST variable keep be integer --- comment.php | 12 +++++----- confirm_resend.php | 2 +- confirmemail.php | 2 +- details.php | 2 +- download.php | 4 ++-- downloadnotice.php | 2 +- forums.php | 48 +++++++++++++++++++------------------- fun.php | 10 ++++---- getrss.php | 4 ++-- include/functions.php | 11 +++++---- ipsearch.php | 2 +- login.php | 2 +- makepoll.php | 4 ++-- modtask.php | 4 ++-- mybonus.php | 2 +- offers.php | 54 +++++++++++++++++++++---------------------- polloverview.php | 2 +- recover.php | 7 ++---- signup.php | 2 +- takeflush.php | 2 +- takemessage.php | 4 ++-- takereseed.php | 2 +- torrentrss.php | 8 +++---- usercp.php | 14 +++++------ 24 files changed, 102 insertions(+), 104 deletions(-) diff --git a/comment.php b/comment.php index 3f2ae143..321f0a55 100644 --- a/comment.php +++ b/comment.php @@ -34,7 +34,7 @@ if ($action == "add") } } - $parent_id = $_POST["pid"] ?? 0; + $parent_id = intval($_POST["pid"] ?? 0); int_check($parent_id,true); if($type == "torrent") @@ -105,12 +105,12 @@ if ($action == "add") die; } - $parent_id = $_GET["pid"] ?? 0; + $parent_id = intval($_GET["pid"] ?? 0); int_check($parent_id,true); if($sub == "quote") { - $commentid = $_GET["cid"] ?? 0; + $commentid = intval($_GET["cid"] ?? 0); int_check($commentid,true); $res2 = sql_query("SELECT comments.text, users.username FROM comments JOIN users ON comments.user = users.id WHERE comments.id=$commentid") or sqlerr(__FILE__, __LINE__); @@ -151,7 +151,7 @@ if ($action == "add") } elseif ($action == "edit") { - $commentid = $_GET["cid"] ?? 0; + $commentid = intval($_GET["cid"] ?? 0); int_check($commentid,true); if($type == "torrent") @@ -211,7 +211,7 @@ elseif ($action == "delete") if (get_user_class() < $commanage_class) stderr($lang_comment['std_error'], $lang_comment['std_permission_denied']); - $commentid = $_GET["cid"] ?? 0; + $commentid = intval($_GET["cid"] ?? 0); $sure = $_GET["sure"]; int_check($commentid,true); @@ -268,7 +268,7 @@ elseif ($action == "vieworiginal") if (get_user_class() < $commanage_class) stderr($lang_comment['std_error'], $lang_comment['std_permission_denied']); - $commentid = $_GET["cid"] ?? 0; + $commentid = intval($_GET["cid"] ?? 0); int_check($commentid,true); if($type == "torrent") diff --git a/confirm_resend.php b/confirm_resend.php index 82551ab9..05cbe680 100644 --- a/confirm_resend.php +++ b/confirm_resend.php @@ -3,7 +3,7 @@ require "include/bittorrent.php"; dbconn(); failedloginscheck ("Re-send",true); -$langid = $_GET['sitelanguage'] ?? 0; +$langid = intval($_GET['sitelanguage'] ?? 0); if ($langid) { $lang_folder = validlang($langid); diff --git a/confirmemail.php b/confirmemail.php index 838635f2..561746cf 100644 --- a/confirmemail.php +++ b/confirmemail.php @@ -4,7 +4,7 @@ require_once("include/bittorrent.php"); if (!preg_match(':^/(\d{1,10})/([\w]{32})/(.+)$:', $_SERVER["PATH_INFO"], $matches)) httperr(); -$id = $matches[1] ?? 0; +$id = intval($matches[1] ?? 0); $md5 = $matches[2]; $email = urldecode($matches[3]); //print($email); diff --git a/details.php b/details.php index 4cedf783..6250f46b 100644 --- a/details.php +++ b/details.php @@ -7,7 +7,7 @@ if ($showextinfo['imdb'] == 'yes') require_once("imdb/imdb.class.php"); loggedinorreturn(); -$id = $_GET["id"] ?? 0; +$id = intval($_GET["id"] ?? 0); int_check($id); if (!isset($id) || !$id) diff --git a/download.php b/download.php index 992e6c4d..a0fcb817 100644 --- a/download.php +++ b/download.php @@ -20,7 +20,7 @@ else { loggedinorreturn(); parked(); - $letdown = $_GET['letdown'] ?? 0; + $letdown = intval($_GET['letdown'] ?? 0); if (!$letdown && $CURUSER['showdlnotice'] == 1) { header("Location: " . get_protocol_prefix() . "$BASEURL/downloadnotice.php?torrentid=".$id."&type=firsttime"); @@ -85,7 +85,7 @@ require_once "include/benc.php"; if (strlen($CURUSER['passkey']) != 32) { $CURUSER['passkey'] = md5($CURUSER['username'].date("Y-m-d H:i:s").$CURUSER['passhash']); - sql_query("UPDATE users SET passkey=".sqlesc($CURUSER[passkey])." WHERE id=".sqlesc($CURUSER[id])); + sql_query("UPDATE users SET passkey=".sqlesc($CURUSER['passkey'])." WHERE id=".sqlesc($CURUSER['id'])); } $dict = bdec_file($fn, $max_torrent_size); diff --git a/downloadnotice.php b/downloadnotice.php index 25ae721e..22dcc4ca 100644 --- a/downloadnotice.php +++ b/downloadnotice.php @@ -5,7 +5,7 @@ require_once(get_langfile_path()); loggedinorreturn(); if ($_SERVER["REQUEST_METHOD"] == "POST") { - $torrentid = $_POST['id'] ?? 0; + $torrentid = intval($_POST['id'] ?? 0); $type = $_POST['type']; $hidenotice = $_POST['hidenotice']; if (!$torrentid || !in_array($type,array('firsttime', 'client', 'ratio'))) diff --git a/forums.php b/forums.php index 8dc51145..24851afb 100644 --- a/forums.php +++ b/forums.php @@ -258,7 +258,7 @@ $action = htmlspecialchars(trim($_GET["action"] ?? '')); //-------- Action: New topic if ($action == "newtopic") { - $forumid = $_GET["forumid"] ?? 0; + $forumid = intval($_GET["forumid"] ?? 0); check_whether_exist($forumid, 'forum'); stdhead($lang_forums['head_new_topic']); begin_main_frame(); @@ -269,7 +269,7 @@ if ($action == "newtopic") } if ($action == "quotepost") { - $postid = $_GET["postid"] ?? 0; + $postid = intval($_GET["postid"] ?? 0); check_whether_exist($postid, 'post'); stdhead($lang_forums['head_post_reply']); begin_main_frame(); @@ -283,7 +283,7 @@ if ($action == "quotepost") if ($action == "reply") { - $topicid = $_GET["topicid"] ?? 0; + $topicid = intval($_GET["topicid"] ?? 0); check_whether_exist($topicid, 'topic'); stdhead($lang_forums['head_post_reply']); begin_main_frame(); @@ -297,7 +297,7 @@ if ($action == "reply") if ($action == "editpost") { - $postid = $_GET["postid"] ?? 0; + $postid = intval($_GET["postid"] ?? 0); check_whether_exist($postid, 'post'); $res = sql_query("SELECT userid, topicid FROM posts WHERE id=".sqlesc($postid)) or sqlerr(__FILE__, __LINE__); @@ -383,7 +383,7 @@ if ($action == "post") if ($body == "") stderr($lang_forums['std_error'], $lang_forums['std_no_body_text']); - $userid = $CURUSER["id"] ?? 0; + $userid = intval($CURUSER["id"] ?? 0); $date = date("Y-m-d H:i:s"); if ($type != 'new'){ @@ -472,10 +472,10 @@ if ($action == "viewtopic") { $highlight = htmlspecialchars(trim($_GET["highlight"] ?? '')); - $topicid = $_GET["topicid"] ?? 0; + $topicid = intval($_GET["topicid"] ?? 0); int_check($topicid,true); - $page = $_GET["page"] ?? 0; - $authorid = $_GET["authorid"] ?? 0; + $page = intval($_GET["page"] ?? 0); + $authorid = intval($_GET["authorid"] ?? 0); if ($authorid) { $where = "WHERE topicid=".sqlesc($topicid)." AND userid=".sqlesc($authorid); @@ -829,9 +829,9 @@ if ($action == "viewtopic") if ($action == "movetopic") { - $forumid = $_POST["forumid"] ?? 0; + $forumid = intval($_POST["forumid"] ?? 0); - $topicid = $_GET["topicid"] ?? 0; + $topicid = intval($_GET["topicid"] ?? 0); $ismod = is_forum_moderator($topicid,'topic'); if (!is_valid_id($forumid) || !is_valid_id($topicid) || (get_user_class() < $postmanage_class && !$ismod)) permissiondenied(); @@ -885,7 +885,7 @@ if ($action == "movetopic") if ($action == "deletetopic") { - $topicid = $_GET["topicid"] ?? 0; + $topicid = intval($_GET["topicid"] ?? 0); $res1 = sql_query("SELECT forumid, userid FROM topics WHERE id=".sqlesc($topicid)." LIMIT 1") or sqlerr(__FILE__, __LINE__); $row1 = mysql_fetch_array($res1); if (!$row1){ @@ -899,7 +899,7 @@ if ($action == "deletetopic") if (!is_valid_id($topicid) || (get_user_class() < $postmanage_class && !$ismod)) permissiondenied(); - $sure = $_GET["sure"] ?? 0; + $sure = intval($_GET["sure"] ?? 0); if (!$sure) { stderr($lang_forums['std_delete_topic'], $lang_forums['std_delete_topic_note'] . @@ -929,8 +929,8 @@ if ($action == "deletetopic") if ($action == "deletepost") { - $postid = $_GET["postid"] ?? 0; - $sure = $_GET["sure"] ?? 0; + $postid = intval($_GET["postid"] ?? 0); + $sure = intval($_GET["sure"] ?? 0); $ismod = is_forum_moderator($postid, 'post'); if ((get_user_class() < $postmanage_class && !$ismod) || !is_valid_id($postid)) @@ -988,7 +988,7 @@ if ($action == "deletepost") if ($action == "setlocked") { - $topicid = $_POST["topicid"] ?? 0; + $topicid = intval($_POST["topicid"] ?? 0); $ismod = is_forum_moderator($topicid,'topic'); if (!$topicid || (get_user_class() < $postmanage_class && !$ismod)) permissiondenied(); @@ -1002,7 +1002,7 @@ if ($action == "setlocked") if ($action == 'hltopic') { - $topicid = $_GET["topicid"] ?? 0; + $topicid = intval($_GET["topicid"] ?? 0); $ismod = is_forum_moderator($topicid,'topic'); if (!$topicid || (get_user_class() < $postmanage_class && !$ismod)) permissiondenied(); @@ -1022,7 +1022,7 @@ if ($action == 'hltopic') if ($action == "setsticky") { - $topicid = $_POST["topicid"] ?? 0; + $topicid = intval($_POST["topicid"] ?? 0); $ismod = is_forum_moderator($topicid,'topic'); if (!$topicid || (get_user_class() < $postmanage_class && !$ismod)) permissiondenied(); @@ -1038,9 +1038,9 @@ if ($action == "setsticky") if ($action == "viewforum") { - $forumid = $_GET["forumid"] ?? 0; + $forumid = intval($_GET["forumid"] ?? 0); int_check($forumid,true); - $userid = $CURUSER["id"] ?? 0; + $userid = intval($CURUSER["id"] ?? 0); //------ Get forum name, moderators $row = get_forum_row($forumid); if (!$row){ @@ -1179,8 +1179,8 @@ if ($action == "viewforum") //---- Get userID and date of last post $arr = get_post_row($topicarr['lastpost']); - $lppostid = $arr["id"] ?? 0; - $lpuserid = $arr["userid"] ?? 0; + $lppostid = intval($arr["id"] ?? 0); + $lpuserid = intval($arr["userid"] ?? 0); $lpusername = get_username($lpuserid); $lpadded = gettime($arr["added"],true,false); $onmouseover = ""; @@ -1196,7 +1196,7 @@ if ($action == "viewforum") } $arr = get_post_row($topicarr['firstpost']); - $fpuserid = $arr["userid"] ?? 0; + $fpuserid = intval($arr["userid"] ?? 0); $fpauthor = get_username($arr["userid"]); $subject = ($sticky ? "\"Sticky\"  " : "") . "" .highlight_topic(highlight($search,htmlspecialchars($topicarr["subject"])), $hlcolor) . "".$topicpages; @@ -1263,7 +1263,7 @@ if ($action == "viewunread") { $userid = $CURUSER['id']; - $beforepostid = $_GET['beforepostid'] ?? 0; + $beforepostid = intval($_GET['beforepostid'] ?? 0); $maxresults = 25; $res = sql_query("SELECT id, forumid, subject, lastpost, hlcolor FROM topics WHERE lastpost > ".$CURUSER['last_catchup'].($beforepostid ? " AND lastpost < ".sqlesc($beforepostid) : "")." ORDER BY lastpost DESC LIMIT 100") or sqlerr(__FILE__, __LINE__); @@ -1332,7 +1332,7 @@ if ($action == "search") $res = sql_query("SELECT COUNT(posts.id) FROM posts LEFT JOIN topics ON posts.topicid = topics.id LEFT JOIN forums ON topics.forumid = forums.id WHERE forums.minclassread <= ".sqlesc(get_user_class())." AND ((topics.subject $extraSql AND posts.id=topics.firstpost) OR posts.body $extraSql)") or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_row($res); - $hits = $arr[0] ?? 0; + $hits = intval($arr[0] ?? 0); if ($hits){ $error = false; $found = "[ ".$lang_forums['text_found'].$hits.$lang_forums['text_num_posts']." ]"; diff --git a/fun.php b/fun.php index 16d80a5d..2b0e8289 100644 --- a/fun.php +++ b/fun.php @@ -12,7 +12,7 @@ if (!$action) } if ($action == 'delete') { - $id = $_GET["id"] ?? 0; + $id = intval($_GET["id"] ?? 0); int_check($id,true); $res = sql_query("SELECT userid FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__); $arr = mysql_fetch_array($res); @@ -20,7 +20,7 @@ if ($action == 'delete') stderr($lang_fun['std_error'], $lang_fun['std_invalid_id']); if (get_user_class() < $funmanage_class) permissiondenied(); - $sure = $_GET["sure"] ?? 0; + $sure = intval($_GET["sure"] ?? 0); $returnto = $_GET["returnto"] ? htmlspecialchars($_GET["returnto"]) : htmlspecialchars($_SERVER["HTTP_REFERER"]); if (!$sure) stderr($lang_fun['std_delete_fun'],$lang_fun['text_please_click'] ."".$lang_fun['text_here_if_sure'],false); @@ -123,7 +123,7 @@ if ($row){ print(""); } if ($action == 'edit'){ - $id = $_GET["id"] ?? 0; + $id = intval($_GET["id"] ?? 0); int_check($id,true); $res = sql_query("SELECT * FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__); $arr = mysql_fetch_array($res); @@ -165,7 +165,7 @@ if ($action == 'ban') { if (get_user_class() < $funmanage_class) permissiondenied(); - $id = $_GET["id"] ?? 0; + $id = intval($_GET["id"] ?? 0); int_check($id,true); $res = sql_query("SELECT * FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__); $arr = mysql_fetch_array($res); @@ -210,7 +210,7 @@ function funreward($funvote, $totalvote, $title, $posterid, $bonus) if ($action == 'vote') { - $id = $_GET["id"] ?? 0; + $id = intval($_GET["id"] ?? 0); int_check($id,true); $res = sql_query("SELECT * FROM fun WHERE id=$id") or sqlerr(__FILE__,__LINE__); $arr = mysql_fetch_array($res); diff --git a/getrss.php b/getrss.php index 51a20fa8..2e3a816a 100644 --- a/getrss.php +++ b/getrss.php @@ -147,7 +147,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { { $query[] = "search=".rawurlencode($searchstr); if ($_POST["search_mode"]){ - $search_mode = $_POST["search_mode"] ?? 0; + $search_mode = intval($_POST["search_mode"] ?? 0); if (!in_array($search_mode,array(0,1,2))) { $search_mode = 0; @@ -155,7 +155,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { $query[] = "search_mode=".$search_mode; } } - $inclbookmarked=$_POST['inclbookmarked'] ?? 0; + $inclbookmarked=intval($_POST['inclbookmarked'] ?? 0); if($inclbookmarked) { if (!in_array($inclbookmarked,array(0,1))) diff --git a/include/functions.php b/include/functions.php index e5557e6c..9ef61961 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1037,7 +1037,7 @@ function insert_suggest($keyword, $userid, $pre_escaped = true) { if(mb_strlen($keyword,"UTF-8") >= 2) { - $userid = $userid ?? 0; + $userid = intval($userid ?? 0); if($userid) sql_query("INSERT INTO suggest(keywords, userid, adddate) VALUES (" . ($pre_escaped == true ? "'" . $keyword . "'" : sqlesc($keyword)) . "," . sqlesc($userid) . ", NOW())") or sqlerr(__FILE__,__LINE__); } @@ -1053,7 +1053,7 @@ function get_external_tr($imdb_url = "") function get_torrent_extinfo_identifier($torrentid) { - $torrentid = $torrentid ?? 0; + $torrentid = intval($torrentid ?? 0); $result = array('imdb_id'); unset($result); @@ -1358,6 +1358,7 @@ function sent_mail($to,$fromname,$fromemail,$subject,$body,$type = "confirmation elseif ($smtptype == 'advanced') { $mid = md5(getip() . $fromname); $name = $_SERVER["SERVER_NAME"]; + $headers = ''; $headers .= "From: $fromname <$fromemail>".$eol; $headers .= "Reply-To: $fromname <$fromemail>".$eol; $headers .= "Return-Path: $fromname <$fromemail>".$eol; @@ -1796,7 +1797,7 @@ function userlogin() { //return; } $b_id = base64($_COOKIE["c_secure_uid"],false); - $id = $b_id ?? 0; + $id = intval($b_id ?? 0); if (!$id || !is_valid_id($id) || strlen($_COOKIE["c_secure_pass"]) != 32) return; @@ -2036,7 +2037,7 @@ function validemail($email) { function validlang($langid) { global $deflang; - $langid = $langid ?? 0; + $langid = intval($langid ?? 0); $res = sql_query("SELECT * FROM language WHERE site_lang = 1 AND id = " . sqlesc($langid)) or sqlerr(__FILE__, __LINE__); if(mysql_num_rows($res) == 1) { @@ -2731,7 +2732,7 @@ function pager($rpp, $count, $href, $opts = array(), $pagename = "page") { } if (isset($_GET[$pagename])) { - $page = $_GET[$pagename] ?? 0; + $page = intval($_GET[$pagename] ?? 0); if ($page < 0) $page = $pagedefault; } diff --git a/ipsearch.php b/ipsearch.php index aa99be4a..1702f933 100644 --- a/ipsearch.php +++ b/ipsearch.php @@ -82,7 +82,7 @@ GROUP BY u.id } $order = $_GET['order'] ?? ''; - $page = $_GET["page"] ?? 0; + $page = intval($_GET["page"] ?? 0); $perpage = 20; list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "$_SERVER[PHP_SELF]?ip=$ip&mask=$mask&order=$order&"); diff --git a/login.php b/login.php index 4bf20ca8..fe253562 100644 --- a/login.php +++ b/login.php @@ -2,7 +2,7 @@ require_once("include/bittorrent.php"); dbconn(); -$langid = $_GET['sitelanguage'] ?? 0; +$langid = intval($_GET['sitelanguage'] ?? 0); if ($langid) { $lang_folder = validlang($langid); diff --git a/makepoll.php b/makepoll.php index a780a410..354bd676 100644 --- a/makepoll.php +++ b/makepoll.php @@ -7,7 +7,7 @@ if (get_user_class() < $pollmanage_class) permissiondenied(); $action = $_GET["action"] ?? ''; -$pollid = $_GET["pollid"] ?? 0; +$pollid = intval($_GET["pollid"] ?? 0); $poll = []; if ($action == "edit") @@ -21,7 +21,7 @@ if ($action == "edit") if ($_SERVER["REQUEST_METHOD"] == "POST") { - $pollid = $_POST["pollid"] ?? 0; + $pollid = intval($_POST["pollid"] ?? 0); $question = htmlspecialchars($_POST["question"]); $option0 = htmlspecialchars($_POST["option0"]); $option1 = htmlspecialchars($_POST["option1"]); diff --git a/modtask.php b/modtask.php index dde81221..f47f605a 100644 --- a/modtask.php +++ b/modtask.php @@ -26,12 +26,12 @@ if ($action == "confirmuser") if ($action == "edituser") { $userid = $_POST["userid"]; - $class = $_POST["class"] ?? 0; + $class = intval($_POST["class"] ?? 0); $vip_added = ($_POST["vip_added"] == 'yes' ? 'yes' : 'no'); $vip_until = ($_POST["vip_until"] ? $_POST["vip_until"] : '0000-00-00 00:00:00'); $warned = $_POST["warned"]; - $warnlength = $_POST["warnlength"] ?? 0; + $warnlength = intval($_POST["warnlength"] ?? 0); $warnpm = $_POST["warnpm"]; $title = $_POST["title"]; $avatar = $_POST["avatar"]; diff --git a/mybonus.php b/mybonus.php index 14f8cad6..8c28eac6 100644 --- a/mybonus.php +++ b/mybonus.php @@ -384,7 +384,7 @@ if ($action == "exchange") { } elseif($art == 'gift_2') // charity giving { - $points = $_POST["bonuscharity"] ?? 0; + $points = intval($_POST["bonuscharity"] ?? 0); if ($points < 1000 || $points > 50000){ stdmsg($lang_mybonus['text_error'], $lang_mybonus['bonus_amount_not_allowed_two'], 0); stdfoot(); diff --git a/offers.php b/offers.php index f1a03ef1..6c72ae5d 100644 --- a/offers.php +++ b/offers.php @@ -22,7 +22,7 @@ if (isset($_GET['category']) && $_GET["category"]){ } if (isset($_GET['id']) && $_GET["id"]){ - $id = htmlspecialchars($_GET["id"] ?? 0); + $id = htmlspecialchars(intval($_GET["id"] ?? 0)); if (preg_match('/^[0-9]+$/', !$id)) stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); } @@ -31,7 +31,7 @@ if (isset($_GET['id']) && $_GET["id"]){ if (isset($_GET['add_offer']) && $_GET["add_offer"]){ if (get_user_class() < $addoffer_class) permissiondenied(); - $add_offer = $_GET["add_offer"] ?? 0; + $add_offer = intval($_GET["add_offer"] ?? 0); if($add_offer != '1') stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); @@ -63,11 +63,11 @@ if (isset($_GET['add_offer']) && $_GET["add_offer"]){ if (isset($_GET['new_offer']) && $_GET["new_offer"]){ if (get_user_class() < $addoffer_class) permissiondenied(); - $new_offer = $_GET["new_offer"] ?? 0; + $new_offer = intval($_GET["new_offer"] ?? 0); if($new_offer != '1') stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); - $userid = $CURUSER["id"] ?? 0; + $userid = intval($CURUSER["id"] ?? 0); if (preg_match("/^[0-9]+$/", !$userid)) stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); @@ -75,7 +75,7 @@ if (isset($_GET['new_offer']) && $_GET["new_offer"]){ if ($name == "") bark($lang_offers['std_must_enter_name']); - $cat = ($_POST["type"] ?? 0); + $cat = intval($_POST["type"] ?? 0); if (!is_valid_id($cat)) bark($lang_offers['std_must_select_category']); @@ -101,7 +101,7 @@ if (isset($_GET['new_offer']) && $_GET["new_offer"]){ //===end $ret = sql_query("INSERT INTO offers (userid, name, descr, category, added) VALUES (" . - implode(",", array_map("sqlesc", array($CURUSER["id"], $name, $descr, $_POST["type"] ?? 0))) . + implode(",", array_map("sqlesc", array($CURUSER["id"], $name, $descr, intval($_POST["type"] ?? 0)))) . ", '" . date("Y-m-d H:i:s") . "')"); if (!$ret) { if (mysql_errno() == 1062) @@ -127,11 +127,11 @@ if (isset($_GET['new_offer']) && $_GET["new_offer"]){ //=== offer details if (isset($_GET['off_details']) && $_GET["off_details"]){ - $off_details = $_GET["off_details"] ?? 0; + $off_details = intval($_GET["off_details"] ?? 0); if($off_details != '1') stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); - $id = $_GET["id"] ?? 0; + $id = intval($_GET["id"] ?? 0); if(!$id) die(); //stderr("Error", "I smell a rat!"); @@ -238,13 +238,13 @@ if (isset($_GET["allow_offer"]) && $_GET["allow_offer"]) { if (get_user_class() < $offermanage_class) stderr($lang_offers['std_access_denied'], $lang_offers['std_mans_job']); - $allow_offer = $_GET["allow_offer"] ?? 0; + $allow_offer = intval($_GET["allow_offer"] ?? 0); if($allow_offer != '1') stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); //=== to allow the offer credit to S4NE for this next bit :) //if ($_POST["offerid"]){ - $offid = $_POST["offerid"] ?? 0; + $offid = intval($_POST["offerid"] ?? 0); if(!is_valid_id($offid)) stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); @@ -273,11 +273,11 @@ if (isset($_GET["finish_offer"]) && $_GET["finish_offer"]) { if (get_user_class() < $offermanage_class) stderr($lang_offers['std_access_denied'], $lang_offers['std_have_no_permission']); - $finish_offer = $_GET["finish_offer"] ?? 0; + $finish_offer = intval($_GET["finish_offer"] ?? 0); if($finish_offer != '1') stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); - $offid = $_POST["finish"] ?? 0; + $offid = intval($_POST["finish"] ?? 0); if(!is_valid_id($offid)) stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); @@ -323,11 +323,11 @@ if (isset($_GET["finish_offer"]) && $_GET["finish_offer"]) { if (isset($_GET["edit_offer"]) && $_GET["edit_offer"]) { - $edit_offer = $_GET["edit_offer"] ?? 0; + $edit_offer = intval($_GET["edit_offer"] ?? 0); if($edit_offer != '1') stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); - $id = $_GET["id"] ?? 0; + $id = intval($_GET["id"] ?? 0); $res = sql_query("SELECT * FROM offers WHERE id = $id") or sqlerr(__FILE__, __LINE__); $num = mysql_fetch_array($res); @@ -369,11 +369,11 @@ if (isset($_GET["edit_offer"]) && $_GET["edit_offer"]) { //==== take offer edit if (isset($_GET["take_off_edit"]) && $_GET["take_off_edit"]){ - $take_off_edit = $_GET["take_off_edit"] ?? 0; + $take_off_edit = intval($_GET["take_off_edit"] ?? 0); if($take_off_edit != '1') stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); - $id = $_GET["id"] ?? 0; + $id = intval($_GET["id"] ?? 0); $res = sql_query("SELECT userid FROM offers WHERE id = $id") or sqlerr(__FILE__, __LINE__); $num = mysql_fetch_array($res); @@ -395,7 +395,7 @@ if (isset($_GET["take_off_edit"]) && $_GET["take_off_edit"]){ bark($lang_offers['std_must_enter_name']); if (!$descr) bark($lang_offers['std_must_enter_description']); - $cat = ($_POST["category"] ?? 0); + $cat = intval($_POST["category"] ?? 0); if (!is_valid_id($cat)) bark($lang_offers['std_must_select_category']); @@ -412,11 +412,11 @@ if (isset($_GET["take_off_edit"]) && $_GET["take_off_edit"]){ //=== offer votes list if (isset($_GET["offer_vote"]) && $_GET["offer_vote"]){ - $offer_vote = $_GET["offer_vote"] ?? 0; + $offer_vote = intval($_GET["offer_vote"] ?? 0); if($offer_vote != '1') stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); - $offerid = htmlspecialchars($_GET['id'] ?? 0); + $offerid = htmlspecialchars(intval($_GET['id'] ?? 0)); $res2 = sql_query("SELECT COUNT(*) FROM offervotes WHERE offerid = ".sqlesc($offerid)) or sqlerr(__FILE__, __LINE__); $row = mysql_fetch_array($res2); @@ -459,13 +459,13 @@ if (isset($_GET["offer_vote"]) && $_GET["offer_vote"]){ //=== offer votes if (isset($_GET["vote"]) && $_GET["vote"]){ - $offerid = htmlspecialchars($_GET["id"] ?? 0); + $offerid = htmlspecialchars(intval($_GET["id"] ?? 0)); $vote = htmlspecialchars($_GET["vote"]); if ($vote == 'against' && get_user_class() < $againstoffer_class) stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); if ($vote =='yeah' || $vote =='against') { - $userid = $CURUSER["id"] ?? 0; + $userid = intval($CURUSER["id"] ?? 0); $res = sql_query("SELECT * FROM offervotes WHERE offerid=".sqlesc($offerid)." AND userid=".sqlesc($userid)) or sqlerr(__FILE__,__LINE__); $arr = mysql_fetch_assoc($res); $voted = $arr; @@ -532,13 +532,13 @@ if (isset($_GET["vote"]) && $_GET["vote"]){ //=== delete offer if (isset($_GET["del_offer"]) && $_GET["del_offer"]){ - $del_offer = $_GET["del_offer"] ?? 0; + $del_offer = intval($_GET["del_offer"] ?? 0); if($del_offer != '1') stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); - $offer = $_GET["id"] ?? 0; + $offer = intval($_GET["id"] ?? 0); - $userid = $CURUSER["id"] ?? 0; + $userid = intval($CURUSER["id"] ?? 0); if (!is_valid_id($userid)) stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); @@ -554,7 +554,7 @@ if (isset($_GET["del_offer"]) && $_GET["del_offer"]){ { $sure = $_GET["sure"]; if($sure == '0' || $sure == '1') - $sure = $_GET["sure"] ?? 0; + $sure = intval($_GET["sure"] ?? 0); else stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); } @@ -601,10 +601,10 @@ if (isset($_GET["sort"]) && $_GET["sort"]) } //=== end of prolly not needed, but what the hell :P -$categ = $_GET["category"] ?? 0; +$categ = intval($_GET["category"] ?? 0); $offerorid = 0; if (isset($_GET["offerorid"]) && $_GET["offerorid"]){ - $offerorid = htmlspecialchars($_GET["offerorid"] ?? 0); + $offerorid = htmlspecialchars(intval($_GET["offerorid"] ?? 0)); if (preg_match("/^[0-9]+$/", !$offerorid)) stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']); } diff --git a/polloverview.php b/polloverview.php index 4996ae02..b765034a 100644 --- a/polloverview.php +++ b/polloverview.php @@ -7,7 +7,7 @@ loggedinorreturn(); if (get_user_class() < $pollmanage_class) permissiondenied(); -$pollid = $_GET['id'] ?? 0; +$pollid = intval($_GET['id'] ?? 0); if ($pollid) { diff --git a/recover.php b/recover.php index a53943e3..6d6f3aa3 100644 --- a/recover.php +++ b/recover.php @@ -2,9 +2,8 @@ require "include/bittorrent.php"; dbconn(); failedloginscheck ("Recover",true); - $take_recover = !isset($_GET['sitelanguage']); -$langid = $_GET['sitelanguage'] ?? 0; +$langid = intval($_GET['sitelanguage'] ?? 0); if ($langid) { $lang_folder = validlang($langid); @@ -60,9 +59,8 @@ EOD; } elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"]) && isset($_GET["secret"])) { - $id = $_GET["id"] ?? 0; + $id = intval($_GET["id"] ?? 0); $md5 = $_GET["secret"]; - if (!$id) httperr(); @@ -70,7 +68,6 @@ elseif($_SERVER["REQUEST_METHOD"] == "GET" && $take_recover && isset($_GET["id"] $arr = mysql_fetch_array($res) or httperr(); $email = $arr["email"]; - $sec = hash_pad($arr["editsecret"]); if (preg_match('/^ *$/s', $sec)) httperr(); diff --git a/signup.php b/signup.php index c4eb1259..b3c71f6c 100644 --- a/signup.php +++ b/signup.php @@ -2,7 +2,7 @@ require_once("include/bittorrent.php"); dbconn(); -$langid = $_GET['sitelanguage'] ?? 0; +$langid = intval($_GET['sitelanguage'] ?? 0); if ($langid) { $lang_folder = validlang($langid); diff --git a/takeflush.php b/takeflush.php index fe96b9a3..4d073c64 100644 --- a/takeflush.php +++ b/takeflush.php @@ -11,7 +11,7 @@ function bark($msg) exit; } -$id = $_GET['id'] ?? 0; +$id = intval($_GET['id'] ?? 0); int_check($id,true); if (get_user_class() >= UC_MODERATOR || $CURUSER[id] == "$id") diff --git a/takemessage.php b/takemessage.php index 95a6507e..7cb221dc 100644 --- a/takemessage.php +++ b/takemessage.php @@ -8,7 +8,7 @@ loggedinorreturn(); if ($_SERVER["REQUEST_METHOD"] != "POST") stderr($lang_takemessage['std_error'], $lang_takemessage['std_permission_denied']); - $origmsg = $_POST["origmsg"] ?? 0; + $origmsg = intval($_POST["origmsg"] ?? 0); $msg = trim($_POST["body"]); if ($_POST['forward'] == 1) //this is forwarding { @@ -35,7 +35,7 @@ if ($_SERVER["REQUEST_METHOD"] != "POST") } else { - $receiver = $_POST["receiver"] ?? 0; + $receiver = intval($_POST["receiver"] ?? 0); if (!is_valid_id($receiver) || ($origmsg && !is_valid_id($origmsg))) stderr($lang_takemessage['std_error'],$lang_takemessage['std_invalid_id']); $bodyadd = ""; diff --git a/takereseed.php b/takereseed.php index c13eb791..a13625b8 100644 --- a/takereseed.php +++ b/takereseed.php @@ -7,7 +7,7 @@ loggedinorreturn(); if (get_user_class() < $askreseed_class) permissiondenied(); -$reseedid = $_GET["reseedid"] ?? 0; +$reseedid = intval($_GET["reseedid"] ?? 0); $res = sql_query("SELECT seeders, last_reseed FROM torrents WHERE id=".sqlesc($reseedid)." LIMIT 1") or sqlerr(__FILE__, __LINE__); $row = mysql_fetch_array($res); if ($row['seeders'] > 0) diff --git a/torrentrss.php b/torrentrss.php index d9bd64ea..6e8fd938 100644 --- a/torrentrss.php +++ b/torrentrss.php @@ -16,7 +16,7 @@ if ($passkey){ die("account disabed or parked"); elseif ($_GET['linktype'] == 'dl') $dllink = true; - $inclbookmarked=$_GET['inclbookmarked'] ?? 0; + $inclbookmarked=intval($_GET['inclbookmarked'] ?? 0); if($inclbookmarked == 1) { $bookmarkarray = return_torrent_bookmark_array($user['id']); @@ -30,7 +30,7 @@ $searchstr = mysql_real_escape_string(trim($_GET["search"] ?? '')); if (empty($searchstr)) unset($searchstr); if (isset($searchstr)){ - $search_mode = $_GET["search_mode"] ?? 0; + $search_mode = intval($_GET["search_mode"] ?? 0); if (!in_array($search_mode,array(0,1,2))) { $search_mode = 0; @@ -66,10 +66,10 @@ if (isset($searchstr)){ } $limit = ""; -$startindex = $_GET['startindex'] ?? 0; +$startindex = intval($_GET['startindex'] ?? 0); if ($startindex) $limit .= $startindex.", "; -$showrows = $_GET['rows'] ?? 0; +$showrows = intval($_GET['rows'] ?? 0); if($showrows < 1 || $showrows > 50) $showrows = 10; $limit .= $showrows; diff --git a/usercp.php b/usercp.php index 1e26d39a..ef7fb81f 100644 --- a/usercp.php +++ b/usercp.php @@ -280,7 +280,7 @@ tr($lang_usercp['row_school'], "", 1); $updateset[] = "lang = " . sqlesc($sitelanguage); } - $updateset[] = "torrentsperpage = " . min(100, $_POST["torrentsperpage"] ?? 0); + $updateset[] = "torrentsperpage = " . min(100, intval($_POST["torrentsperpage"] ?? 0)); if ($showmovies['hot'] == "yes"){ $showhot = $_POST["show_hot"]; $updateset[] = "showhot = " . sqlesc($showhot); @@ -323,9 +323,9 @@ tr($lang_usercp['row_school'], "", 1); $updateset[] = "pmnum = " . $pmnum; if ($showfunbox_main == 'yes'){$showfb = ($_POST["showfb"] == 'yes' ? "yes" : "no"); $updateset[] = "showfb = " . sqlesc($showfb);} - $sbnum = ($_POST["sbnum"] ? max(10, min(500, $_POST["sbnum"] ?? 0)) : 70); + $sbnum = ($_POST["sbnum"] ? max(10, min(500, intval($_POST["sbnum"] ?? 0))) : 70); $updateset[] = "sbnum = " . $sbnum; - $sbrefresh = ($_POST["sbrefresh"] ? max(10, min(3600, $_POST["sbrefresh"] ?? 0)) : 120); + $sbrefresh = ($_POST["sbrefresh"] ? max(10, min(3600, intval($_POST["sbrefresh"] ?? 0))) : 120); $updateset[] = "sbrefresh = " . $sbrefresh; if ($_POST["hidehb"] == 'yes') @@ -616,8 +616,8 @@ tr_small($lang_usercp['row_funbox'],"