From 972a7f241e1ba5c155dd925613e9b09e8d02a1db Mon Sep 17 00:00:00 2001 From: Sarjuuk Date: Sun, 2 Dec 2018 14:23:53 +0100 Subject: [PATCH] Misc/Fixes * cast GET-params to lower case * fixed typo in constant name * fixed scope issue when aggregating sql stats --- includes/ajaxHandler/profile.class.php | 22 +++++++++++----------- includes/kernel.php | 2 +- pages/genericPage.class.php | 21 ++++++++++++++------- 3 files changed, 26 insertions(+), 19 deletions(-) diff --git a/includes/ajaxHandler/profile.class.php b/includes/ajaxHandler/profile.class.php index 878acffa..ef01b2b5 100644 --- a/includes/ajaxHandler/profile.class.php +++ b/includes/ajaxHandler/profile.class.php @@ -9,12 +9,12 @@ class AjaxProfile extends AjaxHandler protected $validParams = ['link', 'unlink', 'pin', 'unpin', 'public', 'private', 'avatar', 'resync', 'status', 'save', 'delete', 'purge', 'summary', 'load']; protected $_get = array( - 'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdList'] ], - 'items' => [FILTER_CALLBACK, ['options' => 'AjaxProfile::checkItemList'] ], - 'size' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_LOW_HIGH], - 'guild' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkEmptySet'] ], - 'arena-team' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkEmptySet'] ], - 'user' => [FILTER_CALLBACK, ['options' => 'AjaxProfile::checkUser'] ] + 'id' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkIdList'] ], + 'items' => [FILTER_CALLBACK, ['options' => 'AjaxProfile::checkItemList'] ], + 'size' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH], + 'guild' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkEmptySet'] ], + 'arena-team' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkEmptySet'] ], + 'user' => [FILTER_CALLBACK, ['options' => 'AjaxProfile::checkUser'] ] ); protected $_post = array( @@ -28,11 +28,11 @@ class AjaxProfile extends AjaxHandler 'talenttree2' => [FILTER_SANITIZE_NUMBER_INT, null ], 'talenttree3' => [FILTER_SANITIZE_NUMBER_INT, null ], 'activespec' => [FILTER_SANITIZE_NUMBER_INT, null ], - 'talentbuild1' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_LOW_HIGH ], - 'glyphs1' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_LOW_HIGH ], - 'talentbuild2' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_LOW_HIGH ], - 'glyphs2' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_LOW_HIGH ], - 'icon' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_LOW_HIGH ], + 'talentbuild1' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ], + 'glyphs1' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ], + 'talentbuild2' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ], + 'glyphs2' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ], + 'icon' => [FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH ], 'description' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkFulltext'] ], 'source' => [FILTER_SANITIZE_NUMBER_INT, null ], 'copy' => [FILTER_SANITIZE_NUMBER_INT, null ], diff --git a/includes/kernel.php b/includes/kernel.php index 4c766f06..e39fc291 100644 --- a/includes/kernel.php +++ b/includes/kernel.php @@ -241,7 +241,7 @@ if (!CLI) } // parse page-parameters .. sanitize before use! - $str = explode('&', $_SERVER['QUERY_STRING'], 2)[0]; + $str = explode('&', mb_strtolower($_SERVER['QUERY_STRING']), 2)[0]; $_ = explode('=', $str, 2); $pageCall = $_[0]; $pageParam = isset($_[1]) ? $_[1] : null; diff --git a/pages/genericPage.class.php b/pages/genericPage.class.php index afc5072a..48ab8f53 100644 --- a/pages/genericPage.class.php +++ b/pages/genericPage.class.php @@ -135,16 +135,17 @@ trait TrProfiler { $this->prepareContent(); - $this->notFound = array( + $this->hasComContent = false; + $this->notFound = array( 'title' => sprintf(Lang::profiler('firstUseTitle'), $this->subjectName, $this->realm), 'msg' => '' ); - $this->hasComContent = false; - Util::arraySumByKey($this->mysql, DB::Aowow()->getStatistics(), DB::World()->getStatistics()); if (isset($this->tabId)) $this->pageTemplate['activeTab'] = $this->tabId; + $this->sumSQLStats(); + $this->display('text-page-generic'); exit(); } @@ -399,7 +400,7 @@ class GenericPage } $this->time = microtime(true) - $this->time; - Util::arraySumByKey($this->mysql, DB::Aowow()->getStatistics(), DB::World()->getStatistics()); + $this->sumSQLStats(); } public function addJS($name, $unshift = false) @@ -555,6 +556,11 @@ class GenericPage header('Location: ?account=signin'.$next, true, 302); } + protected function sumSQLStats() + { + Util::arraySumByKey($this->mysql, DB::Aowow()->getStatistics(), DB::World()->getStatistics()); + } + /*******************/ /* Special Display */ /*******************/ @@ -563,16 +569,17 @@ class GenericPage { array_unshift($this->title, Lang::main('nfPageTitle')); + $this->hasComContent = false; $this->notFound = array( 'title' => isset($this->typeId) ? Util::ucFirst($title).' #'.$this->typeId : $title, 'msg' => !$msg && isset($this->typeId) ? sprintf(Lang::main('pageNotFound'), $title) : $msg ); - $this->hasComContent = false; - Util::arraySumByKey($this->mysql, DB::Aowow()->getStatistics(), DB::World()->getStatistics()); if (isset($this->tabId)) $this->pageTemplate['activeTab'] = $this->tabId; + $this->sumSQLStats(); + header('HTTP/1.0 404 Not Found', true, 404); $this->display('list-page-generic'); @@ -590,7 +597,7 @@ class GenericPage $this->addArticle(); - Util::arraySumByKey($this->mysql, DB::Aowow()->getStatistics(), DB::World()->getStatistics()); + $this->sumSQLStats(); header('HTTP/1.0 404 Not Found', true, 404);