From e49005b1a67ec05274d96bb46cbac99b1e0419c4 Mon Sep 17 00:00:00 2001 From: Roman Kelesidis Date: Mon, 4 Dec 2023 21:13:36 +0700 Subject: [PATCH] Removed verify_id() function (#1187) --- common.php | 9 ++------- search.php | 2 +- src/Legacy/Common/User.php | 10 +++++----- tracker.php | 2 +- 4 files changed, 9 insertions(+), 14 deletions(-) diff --git a/common.php b/common.php index 1f56b603a..a6b6b98d8 100644 --- a/common.php +++ b/common.php @@ -253,11 +253,6 @@ function mkdir_rec($path, $mode): bool return mkdir_rec(dirname($path), $mode) && mkdir($path, $mode); } -function verify_id($id, $length): bool -{ - return (is_string($id) && preg_match('#^[a-zA-Z0-9]{' . $length . '}$#', $id)); -} - function clean_filename($fname) { static $s = ['\\', '/', ':', '*', '?', '"', '<', '>', '|', ' ']; @@ -292,10 +287,10 @@ function str_compact($str) * * Should not be considered sufficient for cryptography, etc. * - * @param int|string $length + * @param int $length * @return string */ -function make_rand_str($length = 10): string +function make_rand_str(int $length = 10): string { $pool = str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'); diff --git a/search.php b/search.php index 602ab7e09..88023e9c4 100644 --- a/search.php +++ b/search.php @@ -91,7 +91,7 @@ $url = basename(__FILE__); $anon_id = GUEST_UID; $user_id = $userdata['user_id']; $lastvisit = IS_GUEST ? TIMENOW : $userdata['user_lastvisit']; -$search_id = (isset($_GET['id']) && verify_id($_GET['id'], SEARCH_ID_LENGTH)) ? $_GET['id'] : ''; +$search_id = (isset($_GET['id']) && is_string($_GET['id'])) ? $_GET['id'] : ''; $session_id = $userdata['session_id']; $items_found = $items_display = $previous_settings = null; diff --git a/src/Legacy/Common/User.php b/src/Legacy/Common/User.php index 9412a91dd..ce6366f7d 100644 --- a/src/Legacy/Common/User.php +++ b/src/Legacy/Common/User.php @@ -188,7 +188,7 @@ class User if ($userdata = get_userdata((int)$user_id, false, true)) { if ($userdata['user_id'] != GUEST_UID && $userdata['user_active']) { - if (verify_id($this->sessiondata['uk'], LOGIN_KEY_LENGTH) && $this->verify_autologin_id($userdata, true, false)) { + if (is_string($this->sessiondata['uk']) && $this->verify_autologin_id($userdata, true, false)) { $login = ($userdata['autologin_id'] && $this->sessiondata['uk'] === $userdata['autologin_id']); } } @@ -445,10 +445,10 @@ class User */ public function get_sessiondata() { - $sd_resv = !empty($_COOKIE[COOKIE_DATA]) ? @unserialize($_COOKIE[COOKIE_DATA]) : []; + $sd_resv = !empty($_COOKIE[COOKIE_DATA]) ? unserialize($_COOKIE[COOKIE_DATA], ['allowed_classes' => false]) : []; // autologin_id - if (!empty($sd_resv['uk']) && verify_id($sd_resv['uk'], LOGIN_KEY_LENGTH)) { + if (!empty($sd_resv['uk']) && is_string($sd_resv['uk'])) { $this->sessiondata['uk'] = $sd_resv['uk']; } // user_id @@ -456,7 +456,7 @@ class User $this->sessiondata['uid'] = (int)$sd_resv['uid']; } // sid - if (!empty($sd_resv['sid']) && verify_id($sd_resv['sid'], SID_LENGTH)) { + if (!empty($sd_resv['sid']) && is_string($sd_resv['sid'])) { $this->sessiondata['sid'] = $sd_resv['sid']; } } @@ -528,7 +528,7 @@ class User } } - return verify_id($autologin_id, LOGIN_KEY_LENGTH); + return is_string($autologin_id); } /** diff --git a/tracker.php b/tracker.php index d6210362a..8341aa0ed 100644 --- a/tracker.php +++ b/tracker.php @@ -43,7 +43,7 @@ $start = isset($_REQUEST['start']) ? abs((int)$_REQUEST['start']) : 0; $set_default = isset($_GET['def']); $user_id = $userdata['user_id']; $lastvisit = (!IS_GUEST) ? $userdata['user_lastvisit'] : ''; -$search_id = (isset($_GET['search_id']) && verify_id($_GET['search_id'], SEARCH_ID_LENGTH)) ? $_GET['search_id'] : ''; +$search_id = (isset($_GET['search_id']) && is_string($_GET['search_id'])) ? $_GET['search_id'] : ''; $session_id = $userdata['session_id']; $status = $_POST['status'] ?? false;