github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-20 13:24:01 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Removed verify_id() function (#1187)

Browse source
This commit is contained in:
Roman Kelesidis 2023-12-04 21:13:36 +07:00 committed by GitHub
commit e49005b1a6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 9 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

9
common.php
View file

@ -253,11 +253,6 @@ function mkdir_rec($path, $mode): bool
return mkdir_rec(dirname($path), $mode) && mkdir($path, $mode); return mkdir_rec(dirname($path), $mode) && mkdir($path, $mode);
} }
function verify_id($id, $length): bool
{
return (is_string($id) && preg_match('#^[a-zA-Z0-9]{' . $length . '}$#', $id));
}
function clean_filename($fname) function clean_filename($fname)
{ {
static $s = ['\\', '/', ':', '*', '?', '"', '<', '>', '|', ' ']; static $s = ['\\', '/', ':', '*', '?', '"', '<', '>', '|', ' '];
@ -292,10 +287,10 @@ function str_compact($str)
* *
* Should not be considered sufficient for cryptography, etc. * Should not be considered sufficient for cryptography, etc.
* *
* @param int|string $length * @param int $length
* @return string * @return string
*/ */
function make_rand_str($length = 10): string function make_rand_str(int $length = 10): string
{ {
$pool = str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'); $pool = str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ');

2
search.php
View file

@ -91,7 +91,7 @@ $url = basename(__FILE__);
$anon_id = GUEST_UID; $anon_id = GUEST_UID;
$user_id = $userdata['user_id']; $user_id = $userdata['user_id'];
$lastvisit = IS_GUEST ? TIMENOW : $userdata['user_lastvisit']; $lastvisit = IS_GUEST ? TIMENOW : $userdata['user_lastvisit'];
$search_id = (isset($_GET['id']) && verify_id($_GET['id'], SEARCH_ID_LENGTH)) ? $_GET['id'] : ''; $search_id = (isset($_GET['id']) && is_string($_GET['id'])) ? $_GET['id'] : '';
$session_id = $userdata['session_id']; $session_id = $userdata['session_id'];
$items_found = $items_display = $previous_settings = null; $items_found = $items_display = $previous_settings = null;

10
src/Legacy/Common/User.php
View file

@ -188,7 +188,7 @@ class User
if ($userdata = get_userdata((int)$user_id, false, true)) { if ($userdata = get_userdata((int)$user_id, false, true)) {
if ($userdata['user_id'] != GUEST_UID && $userdata['user_active']) { if ($userdata['user_id'] != GUEST_UID && $userdata['user_active']) {
if (verify_id($this->sessiondata['uk'], LOGIN_KEY_LENGTH) && $this->verify_autologin_id($userdata, true, false)) { if (is_string($this->sessiondata['uk']) && $this->verify_autologin_id($userdata, true, false)) {
$login = ($userdata['autologin_id'] && $this->sessiondata['uk'] === $userdata['autologin_id']); $login = ($userdata['autologin_id'] && $this->sessiondata['uk'] === $userdata['autologin_id']);
} }
} }
@ -445,10 +445,10 @@ class User
*/ */
public function get_sessiondata() public function get_sessiondata()
{ {
$sd_resv = !empty($_COOKIE[COOKIE_DATA]) ? @unserialize($_COOKIE[COOKIE_DATA]) : []; $sd_resv = !empty($_COOKIE[COOKIE_DATA]) ? unserialize($_COOKIE[COOKIE_DATA], ['allowed_classes' => false]) : [];
// autologin_id // autologin_id
if (!empty($sd_resv['uk']) && verify_id($sd_resv['uk'], LOGIN_KEY_LENGTH)) { if (!empty($sd_resv['uk']) && is_string($sd_resv['uk'])) {
$this->sessiondata['uk'] = $sd_resv['uk']; $this->sessiondata['uk'] = $sd_resv['uk'];
} }
// user_id // user_id
@ -456,7 +456,7 @@ class User
$this->sessiondata['uid'] = (int)$sd_resv['uid']; $this->sessiondata['uid'] = (int)$sd_resv['uid'];
} }
// sid // sid
if (!empty($sd_resv['sid']) && verify_id($sd_resv['sid'], SID_LENGTH)) { if (!empty($sd_resv['sid']) && is_string($sd_resv['sid'])) {
$this->sessiondata['sid'] = $sd_resv['sid']; $this->sessiondata['sid'] = $sd_resv['sid'];
} }
} }
@ -528,7 +528,7 @@ class User
} }
} }
return verify_id($autologin_id, LOGIN_KEY_LENGTH); return is_string($autologin_id);
} }
/** /**

2
tracker.php
View file

@ -43,7 +43,7 @@ $start = isset($_REQUEST['start']) ? abs((int)$_REQUEST['start']) : 0;
$set_default = isset($_GET['def']); $set_default = isset($_GET['def']);
$user_id = $userdata['user_id']; $user_id = $userdata['user_id'];
$lastvisit = (!IS_GUEST) ? $userdata['user_lastvisit'] : ''; $lastvisit = (!IS_GUEST) ? $userdata['user_lastvisit'] : '';
$search_id = (isset($_GET['search_id']) && verify_id($_GET['search_id'], SEARCH_ID_LENGTH)) ? $_GET['search_id'] : ''; $search_id = (isset($_GET['search_id']) && is_string($_GET['search_id'])) ? $_GET['search_id'] : '';
$session_id = $userdata['session_id']; $session_id = $userdata['session_id'];
$status = $_POST['status'] ?? false; $status = $_POST['status'] ?? false;