Removed verify_id() function (#1187)

2025-08-14 18:48:21 -07:00 · 2023-12-04 21:13:36 +07:00 · 2023-12-04 21:13:36 +07:00 · e49005b1a6
commit e49005b1a6
parent 5f6ade8db9
4 changed files with 9 additions and 14 deletions
--- a/common.php
+++ b/common.php
@ -253,11 +253,6 @@ function mkdir_rec($path, $mode): bool
    return mkdir_rec(dirname($path), $mode) && mkdir($path, $mode);
 }

-function verify_id($id, $length): bool
-{
-    return (is_string($id) && preg_match('#^[a-zA-Z0-9]{' . $length . '}$#', $id));
-}
-
 function clean_filename($fname)
 {
    static $s = ['\\', '/', ':', '*', '?', '"', '<', '>', '|', ' '];
@ -292,10 +287,10 @@ function str_compact($str)
 *
 * Should not be considered sufficient for cryptography, etc.
 *
- * @param int|string $length
+ * @param int $length
 * @return string
 */
-function make_rand_str($length = 10): string
+function make_rand_str(int $length = 10): string
 {
    $pool = str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ');

--- a/search.php
+++ b/search.php
@ -91,7 +91,7 @@ $url = basename(__FILE__);
 $anon_id = GUEST_UID;
 $user_id = $userdata['user_id'];
 $lastvisit = IS_GUEST ? TIMENOW : $userdata['user_lastvisit'];
-$search_id = (isset($_GET['id']) && verify_id($_GET['id'], SEARCH_ID_LENGTH)) ? $_GET['id'] : '';
+$search_id = (isset($_GET['id']) && is_string($_GET['id'])) ? $_GET['id'] : '';
 $session_id = $userdata['session_id'];

 $items_found = $items_display = $previous_settings = null;
--- a/src/Legacy/Common/User.php
+++ b/src/Legacy/Common/User.php
@ -188,7 +188,7 @@ class User

            if ($userdata = get_userdata((int)$user_id, false, true)) {
                if ($userdata['user_id'] != GUEST_UID && $userdata['user_active']) {
-                    if (verify_id($this->sessiondata['uk'], LOGIN_KEY_LENGTH) && $this->verify_autologin_id($userdata, true, false)) {
+                    if (is_string($this->sessiondata['uk']) && $this->verify_autologin_id($userdata, true, false)) {
                        $login = ($userdata['autologin_id'] && $this->sessiondata['uk'] === $userdata['autologin_id']);
                    }
                }
@ -445,10 +445,10 @@ class User
     */
    public function get_sessiondata()
    {
-        $sd_resv = !empty($_COOKIE[COOKIE_DATA]) ? @unserialize($_COOKIE[COOKIE_DATA]) : [];
+        $sd_resv = !empty($_COOKIE[COOKIE_DATA]) ? unserialize($_COOKIE[COOKIE_DATA], ['allowed_classes' => false]) : [];

        // autologin_id
-        if (!empty($sd_resv['uk']) && verify_id($sd_resv['uk'], LOGIN_KEY_LENGTH)) {
+        if (!empty($sd_resv['uk']) && is_string($sd_resv['uk'])) {
            $this->sessiondata['uk'] = $sd_resv['uk'];
        }
        // user_id
@ -456,7 +456,7 @@ class User
            $this->sessiondata['uid'] = (int)$sd_resv['uid'];
        }
        // sid
-        if (!empty($sd_resv['sid']) && verify_id($sd_resv['sid'], SID_LENGTH)) {
+        if (!empty($sd_resv['sid']) && is_string($sd_resv['sid'])) {
            $this->sessiondata['sid'] = $sd_resv['sid'];
        }
    }
@ -528,7 +528,7 @@ class User
            }
        }

-        return verify_id($autologin_id, LOGIN_KEY_LENGTH);
+        return is_string($autologin_id);
    }

    /**
--- a/tracker.php
+++ b/tracker.php
@ -43,7 +43,7 @@ $start = isset($_REQUEST['start']) ? abs((int)$_REQUEST['start']) : 0;
 $set_default = isset($_GET['def']);
 $user_id = $userdata['user_id'];
 $lastvisit = (!IS_GUEST) ? $userdata['user_lastvisit'] : '';
-$search_id = (isset($_GET['search_id']) && verify_id($_GET['search_id'], SEARCH_ID_LENGTH)) ? $_GET['search_id'] : '';
+$search_id = (isset($_GET['search_id']) && is_string($_GET['search_id'])) ? $_GET['search_id'] : '';
 $session_id = $userdata['session_id'];

 $status = $_POST['status'] ?? false;