diff --git a/upload/common.php b/upload/common.php index 0062edf4e..68ae49dc5 100644 --- a/upload/common.php +++ b/upload/common.php @@ -2086,9 +2086,17 @@ function log_request ($file = '', $prepend_str = false, $add_post = true) if ($prepend_str !== false) $str[] = $prepend_str; if (!empty($user->data)) $str[] = $user->id ."\t". html_entity_decode($user->name); $str[] = sprintf('%-15s', $_SERVER['REMOTE_ADDR']); - $str[] = @$_SERVER['REQUEST_URI']; - $str[] = @$_SERVER['HTTP_USER_AGENT']; - $str[] = @$_SERVER['HTTP_REFERER']; + + if (isset($_SERVER['REQUEST_URI'])) { + $str[] = $_SERVER['REQUEST_URI']; + } + if (isset($_SERVER['HTTP_USER_AGENT'])) { + $str[] = $_SERVER['HTTP_USER_AGENT']; + } + if (isset($_SERVER['HTTP_REFERER'])) { + $str[] = $_SERVER['HTTP_REFERER']; + } + if (!empty($_POST) && $add_post) $str[] = "post: ". str_compact(urldecode(http_build_query($_POST))); $str = join("\t", $str) . "\n"; bb_log($str, $file); diff --git a/upload/dl.php b/upload/dl.php index 29f72bd3f..52045d945 100644 --- a/upload/dl.php +++ b/upload/dl.php @@ -207,7 +207,7 @@ else { global $template; - $redirect_url = !empty($_POST['redirect_url']) ? $_POST['redirect_url'] : @$_SERVER['HTTP_REFERER']; + $redirect_url = isset($_POST['redirect_url']) ? $_POST['redirect_url'] : (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/' ); $message = '
'; $message .= $lang['CONFIRM_CODE']; $message .= '
'. CAPTCHA()->get_html() .'
'; diff --git a/upload/dl_list.php b/upload/dl_list.php index 574c014a0..d4db8fd9c 100644 --- a/upload/dl_list.php +++ b/upload/dl_list.php @@ -5,9 +5,9 @@ define('BB_SCRIPT', 'dl_list'); define('BB_ROOT', './'); require(BB_ROOT .'common.php'); -$forum_id = (@$_REQUEST[POST_FORUM_URL]) ? (int) $_REQUEST[POST_FORUM_URL] : 0; -$topic_id = (@$_REQUEST[POST_TOPIC_URL]) ? (int) $_REQUEST[POST_TOPIC_URL] : 0; -$mode = (@$_REQUEST['mode']) ? (string) $_REQUEST['mode'] : ''; +$forum_id = isset($_REQUEST[POST_FORUM_URL]) ? (int) $_REQUEST[POST_FORUM_URL] : 0; +$topic_id = isset($_REQUEST[POST_TOPIC_URL]) ? (int) $_REQUEST[POST_TOPIC_URL] : 0; +$mode = isset($_REQUEST['mode']) ? (string) $_REQUEST['mode'] : ''; $confirmed = isset($_POST['confirm']); // Get new DL-status @@ -40,9 +40,9 @@ if ($mode == 'set_dl_status' || $mode == 'set_topics_dl_status') } // Define redirect URL -$full_url = (@$_POST['full_url']) ? str_replace('&', '&', htmlspecialchars($_POST['full_url'])) : ''; +$full_url = isset($_POST['full_url']) ? str_replace('&', '&', htmlspecialchars($_POST['full_url'])) : ''; -if (@$_POST['redirect_type'] == 'search') +if (isset($_POST['redirect_type']) && $_POST['redirect_type'] == 'search') { $redirect_type = "search.php"; $redirect = ($full_url) ? $full_url : "$dl_key=1"; @@ -65,7 +65,7 @@ if (!$userdata['session_logged_in']) } // Check if user did not confirm -if (@$_POST['cancel']) +if (isset($_POST['cancel']) && $_POST['cancel']) { redirect("$redirect_type?$redirect"); } diff --git a/upload/feed.php b/upload/feed.php index 87b981957..454c6dd56 100644 --- a/upload/feed.php +++ b/upload/feed.php @@ -7,9 +7,9 @@ require(BB_ROOT .'common.php'); $user->session_start(array('req_login' => true)); -$mode = (string) @$_REQUEST['mode']; -$type = (string) @$_POST['type']; -$id = (int) @$_POST['id']; +$mode = isset($_REQUEST['mode']) ? $_REQUEST['mode'] : ''; +$type = isset($_POST['type']) ? $_POST['type'] : ''; +$id = isset($_POST['id']) ? $_POST['id'] : 0; $timecheck = TIMENOW - 600; if (!$mode) bb_simple_die($lang['ATOM_NO_MODE']); diff --git a/upload/group.php b/upload/group.php index 07fc133d6..38778d453 100644 --- a/upload/group.php +++ b/upload/group.php @@ -188,7 +188,7 @@ if (!$group_id) else bb_die($lang['NO_GROUPS_EXIST']); } } -else if (@$_POST['joingroup']) +else if (isset($_POST['joingroup']) && $_POST['joingroup']) { if ($group_info['group_type'] != GROUP_OPEN) { @@ -263,7 +263,7 @@ else if (!empty($_POST['add'])) { - if (!$row = get_userdata(@$_POST['username'], true)) + if (isset($_POST['username']) && !($row = get_userdata($_POST['username'], true))) { bb_die($lang['COULD_NOT_ADD_USER']); } diff --git a/upload/library/includes/functions.php b/upload/library/includes/functions.php index bac63225a..f10969194 100644 --- a/upload/library/includes/functions.php +++ b/upload/library/includes/functions.php @@ -1868,7 +1868,7 @@ function bb_realpath ($path) function login_redirect ($url = '') { - redirect(LOGIN_URL . '?redirect='. (($url) ? $url : (isset($_SERVER['REQUEST_URI']) ?: '/'))); + redirect(LOGIN_URL . '?redirect='. (($url) ? $url : (isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/'))); } function meta_refresh ($url, $time = 5) diff --git a/upload/login.php b/upload/login.php index e959e2eb5..0a4ab9c1f 100644 --- a/upload/login.php +++ b/upload/login.php @@ -57,8 +57,8 @@ if (isset($_REQUEST['admin']) && !IS_AM) bb_die($lang['NOT_ADMIN']); $mod_admin_login = (IS_AM && !$user->data['session_admin']); // login username & password -$login_username = ($mod_admin_login) ? $userdata['username'] : (string) @$_POST['login_username']; -$login_password = (string) @$_POST['login_password']; +$login_username = ($mod_admin_login) ? $userdata['username'] : (isset($_POST['login_username']) ? $_POST['login_username'] : ''); +$login_password = isset($_POST['login_password']) ? $_POST['login_password'] : ''; // Проверка на неверную комбинацию логин/пароль $need_captcha = false; diff --git a/upload/memberlist.php b/upload/memberlist.php index fc0ff96bd..7a55374d0 100644 --- a/upload/memberlist.php +++ b/upload/memberlist.php @@ -108,7 +108,7 @@ $letters_range .= '-'; $letters_range .= iconv('windows-1251', 'UTF-8', chr(255)); $select_letter = $letter_sql = ''; -$by_letter_req = (@$_REQUEST['letter']) ? strtolower(trim($_REQUEST['letter'])) : false; +$by_letter_req = isset($_REQUEST['letter']) ? strtolower(trim($_REQUEST['letter'])) : false; if ($by_letter_req) { diff --git a/upload/modcp.php b/upload/modcp.php index 0da5cffad..831e2a9fe 100644 --- a/upload/modcp.php +++ b/upload/modcp.php @@ -58,10 +58,22 @@ function validate_topics ($forum_id, &$req_topics, &$topic_titles) $topic_titles = $valid_titles; } +/** + * @param $request_index + * @param $mod_action + * @return bool + */ +function validate_mode_condition($request_index, $mod_action='') { + if (!$mod_action) { + $mod_action = $request_index; + } + return (isset($_REQUEST[$request_index]) || (isset($_POST['mod_action']) && $_POST['mod_action'] === $mod_action)); +} + // Obtain initial vars -$forum_id = (int) @$_REQUEST['f']; -$topic_id = (int) @$_REQUEST['t']; -$post_id = (int) @$_REQUEST['p']; +$forum_id = isset($_REQUEST['f']) ? $_REQUEST['f'] : 0; +$topic_id = isset($_REQUEST['t']) ? $_REQUEST['t'] : 0; +$post_id = isset($_REQUEST['p']) ? $_REQUEST['p'] : 0; $start = isset($_REQUEST['start']) ? abs(intval($_REQUEST['start'])) : 0; $confirmed = isset($_POST['confirm']); @@ -74,27 +86,27 @@ if (isset($_REQUEST['mode'])) } else { - if (isset($_REQUEST['delete']) || @$_POST['mod_action'] === 'topic_delete') + if (validate_mode_condition('delete', 'topic_delete')) { $mode = 'delete'; } - elseif (isset($_REQUEST['move']) || @$_POST['mod_action'] === 'topic_move') + elseif (validate_mode_condition('move', 'topic_move')) { $mode = 'move'; } - elseif (isset($_REQUEST['lock']) || @$_POST['mod_action'] === 'topic_lock') + elseif (validate_mode_condition('lock', 'topic_lock')) { $mode = 'lock'; } - elseif (isset($_REQUEST['unlock']) || @$_POST['mod_action'] === 'topic_unlock') + elseif (validate_mode_condition('unlock', 'topic_unlock')) { $mode = 'unlock'; } - elseif (isset($_REQUEST['post_pin']) || @$_POST['mod_action'] === 'post_pin') + elseif (validate_mode_condition('post_pin')) { $mode = 'post_pin'; } - elseif (isset($_REQUEST['post_unpin']) || @$_POST['mod_action'] === 'post_unpin') + elseif (validate_mode_condition('post_unpin')) { $mode = 'post_unpin'; }