diff options
| author | Moritz Strohm <strohm@data-quest.de> | 2022-10-26 10:32:43 +0000 |
|---|---|---|
| committer | David Siegfried <david.siegfried@uni-vechta.de> | 2022-10-26 10:32:43 +0000 |
| commit | e1af76a74550bcdd55eb48b9a32f39f468a466cd (patch) | |
| tree | 9b318bcdbe749ae62f3b6fc4476d4d0aa14ea2d3 | |
| parent | 11eefe375e36c8e99cf28019d5d66b2eb8b4d5a9 (diff) | |
fix for BIESt 1283, closes #1283
Closes #1283
Merge request studip/studip!1066
23 files changed, 68 insertions, 43 deletions
diff --git a/app/controllers/admin/install.php b/app/controllers/admin/install.php index 03c9511..e25c8d5 100644 --- a/app/controllers/admin/install.php +++ b/app/controllers/admin/install.php @@ -71,6 +71,8 @@ class Admin_InstallController extends Trails_Controller $this->valid = true; $this->hide_back_button = false; + + return true; } public function index_action() diff --git a/app/controllers/course/members.php b/app/controllers/course/members.php index c0c5075..09ed96c 100644 --- a/app/controllers/course/members.php +++ b/app/controllers/course/members.php @@ -755,7 +755,6 @@ class Course_MembersController extends AuthenticatedController /** * Change the visibilty of an autor - * @return Boolean */ public function change_visibility_action($cmd, $mode) { diff --git a/app/controllers/messages.php b/app/controllers/messages.php index d3d8985..c4fd07b 100644 --- a/app/controllers/messages.php +++ b/app/controllers/messages.php @@ -412,7 +412,7 @@ class MessagesController extends AuthenticatedController { ], 'MessageUser::build'); } - if (!$this->default_message->receivers->count() && is_array($_SESSION['sms_data']['p_rec'])) { + if (!$this->default_message->receivers->count() && !empty($_SESSION['sms_data']['p_rec'])) { $this->default_message->receivers = DBManager::get()->fetchAll("SELECT user_id,'rec' as snd_rec FROM auth_user_md5 WHERE username IN(?) ORDER BY Nachname,Vorname", [$_SESSION['sms_data']['p_rec']], 'MessageUser::build'); unset($_SESSION['sms_data']); } @@ -566,8 +566,8 @@ class MessagesController extends AuthenticatedController { $this->default_message['subject'] = Request::get("default_subject"); } $settings = UserConfig::get($GLOBALS['user']->id)->MESSAGING_SETTINGS; - $this->mailforwarding = Request::get('emailrequest') ? true : $settings['request_mail_forward']; - $this->show_adressees = Request::get('show_adressees') ? true : $settings['show_adressees'];; + $this->mailforwarding = Request::bool('emailrequest', $settings['request_mail_forward'] ?? false); + $this->show_adressees = Request::bool('show_adressees', $settings['show_adressees'] ?? false); if (Request::get('inst_id') || Request::get('course_id') || Request::option('group_id') || !Config::get()->SHOW_ADRESSEES_LIMIT) { $this->show_adressees = null; } diff --git a/app/controllers/oer/addfile.php b/app/controllers/oer/addfile.php index cc0364a..eb17341 100644 --- a/app/controllers/oer/addfile.php +++ b/app/controllers/oer/addfile.php @@ -67,7 +67,7 @@ class Oer_AddfileController extends AuthenticatedController //Load the folder by its ID. - $folder = new Folder($folder_id); + $folder = new Folder(); $folder_type = $folder->folder_type; //Check if the specified folder type is a FolderType implementation. if (is_a($folder_type, 'FolderType', true)) { diff --git a/app/controllers/resources/booking.php b/app/controllers/resources/booking.php index 2889449..47ddd4c 100644 --- a/app/controllers/resources/booking.php +++ b/app/controllers/resources/booking.php @@ -95,8 +95,8 @@ class Resources_BookingController extends AuthenticatedController if ($this->booking->getAssignedUserType() === 'course') { $course = $this->booking->assigned_course_date->course; if ($course instanceof Course) { - $has_perms = $GLOBALS['perm']->have_studip_perm('user', $course->id, $user->id); - $vis_perms = $GLOBALS['perm']->have_perm(Config::get()->SEM_VISIBILITY_PERM, $user->id); + $has_perms = $GLOBALS['perm']->have_studip_perm('user', $course->id, $this->current_user->id); + $vis_perms = $GLOBALS['perm']->have_perm(Config::get()->SEM_VISIBILITY_PERM, $this->current_user->id); if ($has_perms || $vis_perms || $course->visible) { $this->user_may_see_course_data = true; } diff --git a/app/views/admin/install/layout.php b/app/views/admin/install/layout.php index 8a0f993..7f10064 100644 --- a/app/views/admin/install/layout.php +++ b/app/views/admin/install/layout.php @@ -21,7 +21,7 @@ </div> </div> <div class="ui-dialog-content ui-widget-content"> - <?php if ($error): ?> + <?php if (!empty($error)): ?> <?= MessageBox::error($error, (array) @$error_details) ?> <?php endif; ?> <?= $content_for_layout ?> @@ -47,7 +47,7 @@ <?php elseif (!$valid): ?> <?= Studip\Button::create(_('Erneut prüfen'), 'check') ?> <?php elseif ($next_step): ?> - <?= Studip\Button::create($button_label ?: (_('Weiter') . ' >>'), 'continue') ?> + <?= Studip\Button::create($button_label ?? (_('Weiter') . ' >>'), 'continue') ?> <?php else: ?> <?= Studip\Button::create($button_label, 'continue', ['style' => 'visibility: hidden;']) ?> <?php endif; ?> diff --git a/app/views/admin/install/prepare.php b/app/views/admin/install/prepare.php index 95e728d..9cf2694 100644 --- a/app/views/admin/install/prepare.php +++ b/app/views/admin/install/prepare.php @@ -32,7 +32,7 @@ <?= _('Name der Stud.IP-Installation') ?> </label> <input required type="text" id="system-name" name="system_name" - value="<?= htmlReady(Request::get('system_name', $_SESSION['STUDIP_INSTALLATION']['system']['UNI_NAME_CLEAN'])) ?>"> + value="<?= htmlReady(Request::get('system_name', $_SESSION['STUDIP_INSTALLATION']['system']['UNI_NAME_CLEAN'] ?? '')) ?>"> </div> <div class="type-text required"> @@ -40,7 +40,7 @@ <?= _('Id der Stud.IP-Installation') ?> </label> <input required type="text" id="system-id" name="system_id" - value="<?= htmlReady(Request::get('system_id', $_SESSION['STUDIP_INSTALLATION']['system']['STUDIP_INSTALLATION_ID'])) ?>" + value="<?= htmlReady(Request::get('system_id', $_SESSION['STUDIP_INSTALLATION']['system']['STUDIP_INSTALLATION_ID'] ?? '')) ?>" placeholder="<?= _('Eindeutiges, gängiges Kürzel Ihrer Einrichtung') ?>"> </div> @@ -49,7 +49,7 @@ <?= _('E-Mail-Adresse für Kontakt') ?> </label> <input required type="email" id="system-email" name="system_email" - value="<?= htmlReady(Request::get('system_email', $_SESSION['STUDIP_INSTALLATION']['system']['UNI_CONTACT'])) ?>"> + value="<?= htmlReady(Request::get('system_email', $_SESSION['STUDIP_INSTALLATION']['system']['UNI_CONTACT'] ?? '')) ?>"> </div> <div class="type-text required"> @@ -57,7 +57,7 @@ <?= _('URL der Stud.IP-Installation') ?> </label> <input required type="url" id="system-url" name="system_url" - value="<?= htmlReady(Request::get('system_url', $_SESSION['STUDIP_INSTALLATION']['system']['ABSOLUTE_URI_STUDIP'] ?: $defaults['system_url'])) ?>" + value="<?= htmlReady(Request::get('system_url', $_SESSION['STUDIP_INSTALLATION']['system']['ABSOLUTE_URI_STUDIP'] ?? $defaults['system_url'])) ?>" placeholder="https://"> </div> @@ -66,7 +66,7 @@ <?= _('URL der betreibenden Einrichtung') ?> </label> <input type="url" id="system-host-url" name="system_host_url" - value="<?= htmlReady(Request::get('system_host_url', $_SESSION['STUDIP_INSTALLATION']['system']['UNI_URL'])) ?>" + value="<?= htmlReady(Request::get('system_host_url', $_SESSION['STUDIP_INSTALLATION']['system']['UNI_URL'] ?? '')) ?>" placeholder="https://"> </div> diff --git a/app/views/admin/install/root.php b/app/views/admin/install/root.php index 46cffe4..332590b 100644 --- a/app/views/admin/install/root.php +++ b/app/views/admin/install/root.php @@ -8,7 +8,7 @@ <div class="type-text required"> <label for="username" class="vertical"><?= _('Nutzername') ?></label> <input required type="text" id="username" name="username" minlength="4" - value="<?= htmlReady(Request::get('username', $_SESSION['STUDIP_INSTALLATION']['root']['username'])) ?>"> + value="<?= htmlReady(Request::get('username', $_SESSION['STUDIP_INSTALLATION']['root']['username'] ?? '')) ?>"> </div> <div class="type-text required"> @@ -24,18 +24,18 @@ <div class="type-text required"> <label for="first_name" class="vertical"><?= _('Vorname') ?></label> <input required type="text" id="first_name" name="first_name" - value="<?= htmlReady(Request::get('first_name', $_SESSION['STUDIP_INSTALLATION']['root']['first_name'])) ?>"> + value="<?= htmlReady(Request::get('first_name', $_SESSION['STUDIP_INSTALLATION']['root']['first_name'] ?? '')) ?>"> </div> <div class="type-text required"> <label for="last_name" class="vertical"><?= _('Nachname') ?></label> <input required type="text" id="last_name" name="last_name" - value="<?= htmlReady(Request::get('last_name', $_SESSION['STUDIP_INSTALLATION']['root']['last_name'])) ?>"> + value="<?= htmlReady(Request::get('last_name', $_SESSION['STUDIP_INSTALLATION']['root']['last_name'] ?? '')) ?>"> </div> <div class="type-text required"> <label for="email" class="vertical"><?= _('E-Mail-Adresse') ?></label> - <input required type="email" id="email" name="email" value="<?= htmlReady(Request::get('user', $_SESSION['STUDIP_INSTALLATION']['root']['email'])) ?>"> + <input required type="email" id="email" name="email" value="<?= htmlReady(Request::get('user', $_SESSION['STUDIP_INSTALLATION']['root']['email'] ?? '')) ?>"> </div> <p style="margin-top: 1em;"> diff --git a/app/views/messages/overview.php b/app/views/messages/overview.php index cbbb922..6ece394 100644 --- a/app/views/messages/overview.php +++ b/app/views/messages/overview.php @@ -40,14 +40,14 @@ <tbody aria-relevant="additions" aria-live="polite" data-shiftcheck> <? if (count($messages) > 0) : ?> - <? if ($more || (Request::int("offset") > 0)) : ?> + <? if (!empty($more) || (Request::int("offset") > 0)) : ?> <noscript> <tr> <td colspan="8"> <? if (Request::int("offset") > 0) : ?> <a title="<?= _("zurück") ?>" href="<?= URLHelper::getLink("?", ['offset' => Request::int("offset") - $messageBufferCount > 0 ? Request::int("offset") - $messageBufferCount : null]) ?>"><?= Icon::create('arr_1left', 'clickable')->asImg(["class" => "text-bottom"]) ?></a> <? endif ?> - <? if ($more) : ?> + <? if (!empty($more)) : ?> <div style="float:right"> <a title="<?= _("weiter") ?>" href="<?= URLHelper::getLink("?", ['offset' => Request::int("offset") + $messageBufferCount]) ?>"><?= Icon::create('arr_1right', 'clickable')->asImg(["class" => "text-bottom"]) ?></a> </div> @@ -57,16 +57,16 @@ </noscript> <? endif ?> <? foreach ($messages as $message) : ?> - <?= $this->render_partial("messages/_message_row.php", compact("message", "received")) ?> + <?= $this->render_partial('messages/_message_row.php', ['message' => $message, 'received' => $received, 'settings' => $settings]) ?> <? endforeach ?> - <? if ($more || (Request::int("offset") > 0)) : ?> + <? if (!empty($more) || (Request::int("offset") > 0)) : ?> <noscript> <tr> <td colspan="7"> <? if (Request::int("offset") > 0) : ?> <a title="<?= _("zurück") ?>" href="<?= URLHelper::getLink("?", ['offset' => Request::int("offset") - $messageBufferCount > 0 ? Request::int("offset") - $messageBufferCount : null]) ?>"><?= Icon::create('arr_1left', 'clickable')->asImg(["class" => "text-bottom"]) ?></a> <? endif ?> - <? if ($more) : ?> + <? if (!empty($more)) : ?> <div style="float:right"> <a title="<?= _("weiter") ?>" href="<?= URLHelper::getLink("?", ['offset' => Request::int("offset") + $messageBufferCount]) ?>"><?= Icon::create('arr_1right', 'clickable')->asImg(["class" => "text-bottom"]) ?></a> </div> diff --git a/app/views/messages/write.php b/app/views/messages/write.php index af3fe25..bf841a2 100644 --- a/app/views/messages/write.php +++ b/app/views/messages/write.php @@ -145,7 +145,7 @@ name="message_tags" style="width: 100%" placeholder="<?= _("z.B. klausur termin statistik etc.") ?>" - value="<?= htmlReady($default_tags) ?>"> + value="<?= htmlReady($default_tags ?? '') ?>"> </label> </div> <div id="settings" style="display: none;"> diff --git a/lib/classes/AutoInsert.class.php b/lib/classes/AutoInsert.class.php index 2ee009f..d9b1558 100644 --- a/lib/classes/AutoInsert.class.php +++ b/lib/classes/AutoInsert.class.php @@ -240,7 +240,7 @@ class AutoInsert * @param string $status Status for autoinsertion * @param bool $remove Whether the record should be added or removed */ - public static function updateSeminar($seminar_id, $domain = '', $status, $remove = false) + public static function updateSeminar($seminar_id, $domain, $status, $remove = false) { $query = $remove ? "DELETE FROM auto_insert_sem WHERE seminar_id = ? AND status= ? AND domain_id = ?" : "INSERT IGNORE INTO auto_insert_sem (seminar_id, status,domain_id) VALUES (?, ?, ?)"; $statement = DBManager::get()->prepare($query); diff --git a/lib/classes/LinkButton.class.php b/lib/classes/LinkButton.class.php index f203841..848d2e6 100644 --- a/lib/classes/LinkButton.class.php +++ b/lib/classes/LinkButton.class.php @@ -36,7 +36,7 @@ class LinkButton extends Interactable public function __toString() { // add "button" to attribute @class - if (!isset($this->attributes['class'])) { + if (empty($this->attributes['class'])) { $this->attributes['class'] = ''; } $this->attributes['class'] .= ' button'; diff --git a/lib/classes/OAuth2/Exceptions/InvalidAuthTokenException.php b/lib/classes/OAuth2/Exceptions/InvalidAuthTokenException.php index 69949b1..95a6ecb 100644 --- a/lib/classes/OAuth2/Exceptions/InvalidAuthTokenException.php +++ b/lib/classes/OAuth2/Exceptions/InvalidAuthTokenException.php @@ -7,10 +7,10 @@ class InvalidAuthTokenException extends \AccessDeniedException /** * Create a new InvalidAuthTokenException for different auth tokens. * - * @return static + * @return InvalidAuthTokenException */ public static function different() { - return new static('The provided auth token for the request is different from the session auth token.'); + return new InvalidAuthTokenException('The provided auth token for the request is different from the session auth token.'); } } diff --git a/lib/classes/SystemChecker.php b/lib/classes/SystemChecker.php index 5c43adb..919114a 100644 --- a/lib/classes/SystemChecker.php +++ b/lib/classes/SystemChecker.php @@ -170,7 +170,7 @@ final class SystemChecker $required['value'] = $this->parseSize($required['value']); } - $cmp = $required['cmp']; + $cmp = $required['cmp'] ?? ''; if (is_bool($required['value'])) { $valid = $present == $required['value']; diff --git a/lib/classes/restapi/RouteMap.php b/lib/classes/restapi/RouteMap.php index e418ecd..de5ebd7 100644 --- a/lib/classes/restapi/RouteMap.php +++ b/lib/classes/restapi/RouteMap.php @@ -384,7 +384,7 @@ abstract class RouteMap foreach ($input as $part) { $part = ltrim($part, "\r\n"); - list($head, $body) = explode("\r\n\r\n", $part, 2); + [$head, $body] = explode("\r\n\r\n", $part, 2); $tmpheaders = $headers = []; foreach (explode("\r\n", $head) as $headline) { @@ -621,7 +621,7 @@ abstract class RouteMap $this->response['ETag'] = $value; if ($this->response->isSuccess() || $this->response->status === 304) { - if ($this->etagMatches($_SERVER['HTTP_IF_NONE_MATCH'], $new_resource)) { + if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && $this->etagMatches($_SERVER['HTTP_IF_NONE_MATCH'], $new_resource)) { $this->halt($this->isRequestSafe() ? 304 : 412); } if (isset($_SERVER['HTTP_IF_MATCH']) @@ -1036,7 +1036,7 @@ abstract class RouteMap protected function extractConditions($docblock, $conditions = []) { foreach ($docblock->getTags('condition') as $condition) { - list($var, $pattern) = explode(' ', $condition->getDescription(), 2); + [$var, $pattern] = explode(' ', $condition->getDescription(), 2); $conditions[$var] = $pattern; } diff --git a/lib/elearning/Ilias4ContentModule.class.php b/lib/elearning/Ilias4ContentModule.class.php index 1d5392e..f8552c3 100644 --- a/lib/elearning/Ilias4ContentModule.class.php +++ b/lib/elearning/Ilias4ContentModule.class.php @@ -28,7 +28,7 @@ class Ilias4ContentModule extends Ilias3ContentModule * @param string $module_type module-type * @param string $cms_type system-type */ - function __construct($module_id = "", $module_type, $cms_type) + function __construct($module_id, $module_type, $cms_type) { parent::__construct($module_id, $module_type, $cms_type); } @@ -103,4 +103,4 @@ class Ilias4ContentModule extends Ilias3ContentModule } return false; } -}
\ No newline at end of file +} diff --git a/lib/models/CourseDate.class.php b/lib/models/CourseDate.class.php index 5550f93..7acbb15 100644 --- a/lib/models/CourseDate.class.php +++ b/lib/models/CourseDate.class.php @@ -224,7 +224,7 @@ class CourseDate extends SimpleORMap implements PrivacyObject */ public function getRoomName() { - if (Config::get()->RESOURCES_ENABLE && $this->room_booking->resource) { + if (Config::get()->RESOURCES_ENABLE && !empty($this->room_booking->resource)) { return $this->room_booking->resource->name; } return $this['raum']; @@ -237,7 +237,7 @@ class CourseDate extends SimpleORMap implements PrivacyObject */ public function getRoom() { - if (Config::get()->RESOURCES_ENABLE && $this->room_booking->resource) { + if (Config::get()->RESOURCES_ENABLE && !empty($this->room_booking->resource)) { return $this->room_booking->resource->getDerivedClassInstance(); } return null; diff --git a/lib/models/Courseware/StructuralElement.php b/lib/models/Courseware/StructuralElement.php index 91615c0..7206199 100644 --- a/lib/models/Courseware/StructuralElement.php +++ b/lib/models/Courseware/StructuralElement.php @@ -444,6 +444,8 @@ class StructuralElement extends \SimpleORMap return true; } } + //User not found. + return false; } private function hasWriteApproval($user): bool diff --git a/lib/models/DatafieldEntryModel.class.php b/lib/models/DatafieldEntryModel.class.php index cea65ef..fa7a878 100644 --- a/lib/models/DatafieldEntryModel.class.php +++ b/lib/models/DatafieldEntryModel.class.php @@ -111,6 +111,7 @@ class DatafieldEntryModel extends SimpleORMap implements PrivacyObject if (!$object_type) { throw new InvalidArgumentException('Wrong type of model: ' . get_class($model)); } + $one_datafield = ''; if ($datafield_id !== null) { $one_datafield = ' AND a.datafield_id = ' . DBManager::get()->quote($datafield_id); } else { diff --git a/lib/raumzeit/MetaDate.class.php b/lib/raumzeit/MetaDate.class.php index c13bb34..38a3a3d 100644 --- a/lib/raumzeit/MetaDate.class.php +++ b/lib/raumzeit/MetaDate.class.php @@ -165,7 +165,7 @@ class MetaDate * @param CycleData $cycle * @return boolean */ - function setCycleData($data = [], $cycle) + function setCycleData($data, $cycle) { $cycle->seminar_id = $this->getSeminarId(); $cycles = array_keys($this->cycles); diff --git a/lib/visual.inc.php b/lib/visual.inc.php index 4d63df4..79157c1 100644 --- a/lib/visual.inc.php +++ b/lib/visual.inc.php @@ -544,7 +544,7 @@ function printhead($breite, $left, $link, $open, $new, $icon, $titel, $zusatz, } //Ausgabe des Contents einer aufgeklappten Kopfzeile -function printcontent ($breite, $write = FALSE, $inhalt, $edit, $printout = TRUE, $addon="", $noTdTag = false) { +function printcontent ($breite, $write, $inhalt, $edit, $printout = true, $addon = '', $noTdTag = false) { $print = ""; if ($noTdTag == false) diff --git a/phpstan-php8.neon.dist b/phpstan-php8.neon.dist new file mode 100644 index 0000000..ed3baef --- /dev/null +++ b/phpstan-php8.neon.dist @@ -0,0 +1,26 @@ +parameters: + level: 0 + phpVersion: 80000 # PHP 8.0 + paths: + - app/controllers + - app/routes + - lib + - tests/functional + - tests/jsonapi + - tests/unit + scanFiles: + - composer/phpxmlrpc/phpxmlrpc/lib/xmlrpc.inc + scanDirectories: + - app/controllers + - lib + - vendor + excludePaths: + - lib/classes/ZipArchiveLegacyTrait.php + - lib/elearning/studip_referrer.php + - lib/soap/StudipSoapClient_PHP5.class.php + tmpDir: .caches + earlyTerminatingMethodCalls: + RESTAPI\RouteMap: + - error + - halt + - notFound diff --git a/tests/unit/lib/classes/RequestTest.php b/tests/unit/lib/classes/RequestTest.php index eb4e813..f3afd7c 100644 --- a/tests/unit/lib/classes/RequestTest.php +++ b/tests/unit/lib/classes/RequestTest.php @@ -29,11 +29,6 @@ class RequestTest extends \Codeception\Test\Unit $_GET['v3'] = ['root@studip', 'hotte.testfreund', 42, '!"$%&/()']; $_POST['v4'] = ['0', '1', '', 'foo']; - if (get_magic_quotes_gpc()) { - $_GET = Request::addslashes($_GET); - $_POST = Request::addslashes($_POST); - } - $testconfig = new Config([ 'USERNAME_REGULAR_EXPRESSION' => '/^([a-zA-Z0-9_@.-]{4,})$/', ]); |