From fe58e4f4220d6685b91bf516374e33936e1075e3 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Sun, 14 Jan 2018 17:47:26 +0100
Subject: database: updated checks for selectOne

---
 includes/pages/admin_active.php    | 20 ++++++++++----------
 includes/pages/admin_arrive.php    | 10 +++++-----
 includes/pages/admin_questions.php |  2 +-
 includes/pages/admin_rooms.php     |  4 ++--
 includes/pages/admin_shifts.php    |  2 +-
 includes/pages/admin_user.php      |  2 +-
 includes/pages/guest_login.php     |  4 ++--
 includes/pages/user_atom.php       |  2 +-
 includes/pages/user_ical.php       |  2 +-
 includes/pages/user_myshifts.php   |  1 -
 includes/pages/user_settings.php   |  2 +-
 includes/pages/user_shifts.php     |  2 +-
 12 files changed, 26 insertions(+), 27 deletions(-)

(limited to 'includes/pages')

diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php
index 2616de6c..33a7e01e 100644
--- a/includes/pages/admin_active.php
+++ b/includes/pages/admin_active.php
@@ -101,7 +101,7 @@ function admin_active()
     if ($request->has('active') && preg_match('/^\d+$/', $request->input('active'))) {
         $user_id = $request->input('active');
         $user_source = User($user_id);
-        if ($user_source != null) {
+        if (!empty($user_source)) {
             DB::update('UPDATE `User` SET `Aktiv`=1 WHERE `UID`=? LIMIT 1', [$user_id]);
             engelsystem_log('User ' . User_Nick_render($user_source) . ' is active now.');
             $msg = success(_('Angel has been marked as active.'), true);
@@ -111,7 +111,7 @@ function admin_active()
     } elseif ($request->has('not_active') && preg_match('/^\d+$/', $request->input('not_active'))) {
         $user_id = $request->input('not_active');
         $user_source = User($user_id);
-        if ($user_source != null) {
+        if (!empty($user_source)) {
             DB::update('UPDATE `User` SET `Aktiv`=0 WHERE `UID`=? LIMIT 1', [$user_id]);
             engelsystem_log('User ' . User_Nick_render($user_source) . ' is NOT active now.');
             $msg = success(_('Angel has been marked as not active.'), true);
@@ -121,7 +121,7 @@ function admin_active()
     } elseif ($request->has('tshirt') && preg_match('/^\d+$/', $request->input('tshirt'))) {
         $user_id = $request->input('tshirt');
         $user_source = User($user_id);
-        if ($user_source != null) {
+        if (!empty($user_source)) {
             DB::update('UPDATE `User` SET `Tshirt`=1 WHERE `UID`=? LIMIT 1', [$user_id]);
             engelsystem_log('User ' . User_Nick_render($user_source) . ' has tshirt now.');
             $msg = success(_('Angel has got a t-shirt.'), true);
@@ -131,7 +131,7 @@ function admin_active()
     } elseif ($request->has('not_tshirt') && preg_match('/^\d+$/', $request->input('not_tshirt'))) {
         $user_id = $request->input('not_tshirt');
         $user_source = User($user_id);
-        if ($user_source != null) {
+        if (!empty($user_source)) {
             DB::update('UPDATE `User` SET `Tshirt`=0 WHERE `UID`=? LIMIT 1', [$user_id]);
             engelsystem_log('User ' . User_Nick_render($user_source) . ' has NO tshirt.');
             $msg = success(_('Angel has got no t-shirt.'), true);
@@ -252,8 +252,8 @@ function admin_active()
             $gc = array_shift($gc);
 
             $shirt_statistics[] = [
-                'size'   => $size,
-                'given'  => (int)$gc
+                'size'  => $size,
+                'given' => (int)$gc
             ];
         }
     }
@@ -261,8 +261,8 @@ function admin_active()
     $shirtCount = User_tshirts_count();
 
     $shirt_statistics[] = [
-        'size'   => '<b>' . _('Sum') . '</b>',
-        'given'  => '<b>' . $shirtCount . '</b>'
+        'size'  => '<b>' . _('Sum') . '</b>',
+        'given' => '<b>' . $shirtCount . '</b>'
     ];
 
     return page_with_title(admin_active_title(), [
@@ -288,8 +288,8 @@ function admin_active()
         ], $matched_users),
         '<h2>' . _('Shirt statistics') . '</h2>',
         table([
-            'size'   => _('Size'),
-            'given'  => _('Given shirts')
+            'size'  => _('Size'),
+            'given' => _('Given shirts')
         ], $shirt_statistics)
     ]);
 }
diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php
index 48e2c91f..8dada3e2 100644
--- a/includes/pages/admin_arrive.php
+++ b/includes/pages/admin_arrive.php
@@ -26,7 +26,7 @@ function admin_arrive()
     if ($request->has('reset') && preg_match('/^\d+$/', $request->input('reset'))) {
         $user_id = $request->input('reset');
         $user_source = User($user_id);
-        if ($user_source != null) {
+        if (!empty($user_source)) {
             DB::update('
                 UPDATE `User`
                 SET `Gekommen`=0, `arrival_date` = NULL
@@ -42,7 +42,7 @@ function admin_arrive()
     } elseif ($request->has('arrived') && preg_match('/^\d+$/', $request->input('arrived'))) {
         $user_id = $request->input('arrived');
         $user_source = User($user_id);
-        if ($user_source != null) {
+        if (!empty($user_source)) {
             DB::update('
                 UPDATE `User`
                 SET `Gekommen`=1, `arrival_date`=?
@@ -83,7 +83,7 @@ function admin_arrive()
         }
 
         $usr['nick'] = User_Nick_render($usr);
-        if ($usr['planned_departure_date'] != null) {
+        if (!is_null($usr['planned_departure_date'])) {
             $usr['rendered_planned_departure_date'] = date('Y-m-d', $usr['planned_departure_date']);
         } else {
             $usr['rendered_planned_departure_date'] = '-';
@@ -109,7 +109,7 @@ function admin_arrive()
             $arrival_count_at_day[$day]++;
         }
 
-        if ($usr['planned_arrival_date'] != null) {
+        if (!is_null($usr['planned_arrival_date'])) {
             $day = date('Y-m-d', $usr['planned_arrival_date']);
             if (!isset($planned_arrival_count_at_day[$day])) {
                 $planned_arrival_count_at_day[$day] = 0;
@@ -117,7 +117,7 @@ function admin_arrive()
             $planned_arrival_count_at_day[$day]++;
         }
 
-        if ($usr['planned_departure_date'] != null && $usr['Gekommen'] == 1) {
+        if (!is_null($usr['planned_departure_date']) && $usr['Gekommen'] == 1) {
             $day = date('Y-m-d', $usr['planned_departure_date']);
             if (!isset($planned_departure_count_at_day[$day])) {
                 $planned_departure_count_at_day[$day] = 0;
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php
index 0636a1d9..2d058b0d 100644
--- a/includes/pages/admin_questions.php
+++ b/includes/pages/admin_questions.php
@@ -111,7 +111,7 @@ function admin_questions()
                     'SELECT * FROM `Questions` WHERE `QID`=? LIMIT 1',
                     [$question_id]
                 );
-                if (!empty($question) && $question['AID'] == null) {
+                if (!empty($question) && empty($question['AID'])) {
                     $answer = trim(
                         preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui",
                             '',
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php
index 8144b328..bbbc24ae 100644
--- a/includes/pages/admin_rooms.php
+++ b/includes/pages/admin_rooms.php
@@ -55,7 +55,7 @@ function admin_rooms()
 
         if (test_request_int('id')) {
             $room = Room($request->input('id'));
-            if ($room == null) {
+            if (empty($room)) {
                 redirect(page_link_to('admin_rooms'));
             }
 
@@ -127,7 +127,7 @@ function admin_rooms()
                     $needed_angeltype_info = [];
                     foreach ($angeltypes_count as $angeltype_id => $angeltype_count) {
                         $angeltype = AngelType($angeltype_id);
-                        if ($angeltype != null) {
+                        if (!empty($angeltype)) {
                             NeededAngelType_add(null, $angeltype_id, $room_id, $angeltype_count);
                             if ($angeltype_count > 0) {
                                 $needed_angeltype_info[] = $angeltype['name'] . ': ' . $angeltype_count;
diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php
index c80603a1..3fecbcd5 100644
--- a/includes/pages/admin_shifts.php
+++ b/includes/pages/admin_shifts.php
@@ -53,7 +53,7 @@ function admin_shifts()
     if ($request->has('preview') || $request->has('back')) {
         if ($request->has('shifttype_id')) {
             $shifttype = ShiftType($request->input('shifttype_id'));
-            if ($shifttype == null) {
+            if (empty($shifttype)) {
                 $valid = false;
                 error(_('Please select a shift type.'));
             } else {
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index 8da09e81..514e4b1b 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -34,7 +34,7 @@ function admin_user()
     $user_id = $request->input('id');
     if (!$request->has('action')) {
         $user_source = User($user_id);
-        if ($user_source == null) {
+        if (empty($user_source)) {
             error(_('This user does not exist.'));
             redirect(users_link());
         }
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index bed42ee5..47e16915 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -279,7 +279,7 @@ function guest_register()
             }
 
             // If a welcome message is present, display registration success page.
-            if ($event_config != null && $event_config['event_welcome_msg'] != null) {
+            if (!empty($event_config) && !empty($event_config['event_welcome_msg'])) {
                 return User_registration_success_view($event_config['event_welcome_msg']);
             }
 
@@ -289,7 +289,7 @@ function guest_register()
 
     $buildup_start_date = time();
     $teardown_end_date = null;
-    if ($event_config != null) {
+    if (!empty($event_config)) {
         if (isset($event_config['buildup_start_date'])) {
             $buildup_start_date = $event_config['buildup_start_date'];
         }
diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php
index c36e1dfd..9934fb92 100644
--- a/includes/pages/user_atom.php
+++ b/includes/pages/user_atom.php
@@ -16,7 +16,7 @@ function user_atom()
     $key = $request->input('key');
 
     $user = User_by_api_key($key);
-    if ($user == null) {
+    if (empty($user)) {
         engelsystem_error('Key invalid.');
     }
     if (!in_array('atom', privileges_for_user($user['UID']))) {
diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php
index 69a260a2..3430c3b3 100644
--- a/includes/pages/user_ical.php
+++ b/includes/pages/user_ical.php
@@ -14,7 +14,7 @@ function user_ical()
     $key = $request->input('key');
 
     $user = User_by_api_key($key);
-    if ($user == null) {
+    if (empty($user)) {
         engelsystem_error('Key invalid.');
     }
 
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index f605792f..5819f5c6 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -32,7 +32,6 @@ function user_myshifts()
     }
 
     $shifts_user = DB::selectOne('SELECT * FROM `User` WHERE `UID`=? LIMIT 1', [$shift_entry_id]);
-
     if ($request->has('reset')) {
         if ($request->input('reset') == 'ack') {
             User_reset_api_key($user);
diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php
index bdc8b70d..b3a5bdf5 100644
--- a/includes/pages/user_settings.php
+++ b/includes/pages/user_settings.php
@@ -215,7 +215,7 @@ function user_settings()
     $buildup_start_date = null;
     $teardown_end_date = null;
     $event_config = EventConfig();
-    if ($event_config != null) {
+    if (!empty($event_config)) {
         if (isset($event_config['buildup_start_date'])) {
             $buildup_start_date = $event_config['buildup_start_date'];
         }
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index 81b405b1..c158ee4a 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -47,7 +47,7 @@ function user_shifts()
 function update_ShiftsFilter_timerange(ShiftsFilter $shiftsFilter, $days)
 {
     $start_time = $shiftsFilter->getStartTime();
-    if ($start_time == null) {
+    if (is_null($start_time)) {
         $start_time = time();
     }
 
-- 
cgit v1.2.3-54-g00ecf


From d93ace2eaef8d7077fe93f27a1528f936ffe1172 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Tue, 7 Aug 2018 02:38:41 +0200
Subject: Prevent object serialization in session

---
 includes/model/ShiftsFilter.php | 30 +++++++++++++++++++++++++++++-
 includes/pages/user_shifts.php  |  9 +++++----
 2 files changed, 34 insertions(+), 5 deletions(-)

(limited to 'includes/pages')

diff --git a/includes/model/ShiftsFilter.php b/includes/model/ShiftsFilter.php
index 5ad7a9b3..fe3bfa56 100644
--- a/includes/model/ShiftsFilter.php
+++ b/includes/model/ShiftsFilter.php
@@ -48,7 +48,7 @@ class ShiftsFilter
      * @param int[] $rooms
      * @param int[] $types
      */
-    public function __construct($user_shifts_admin, $rooms, $types)
+    public function __construct($user_shifts_admin = false, $rooms = [], $types = [])
     {
         $this->rooms = $rooms;
         $this->types = $types;
@@ -62,6 +62,34 @@ class ShiftsFilter
         }
     }
 
+    /**
+     * @return array
+     */
+    public function sessionExport()
+    {
+        return [
+            'userShiftsAdmin' => $this->userShiftsAdmin,
+            'filled'          => $this->filled,
+            'rooms'           => $this->rooms,
+            'types'           => $this->types,
+            'startTime'       => $this->startTime,
+            'endTime'         => $this->endTime,
+        ];
+    }
+
+    /**
+     * @param array $data
+     */
+    public function sessionImport($data)
+    {
+        $this->userShiftsAdmin = $data['userShiftsAdmin'];
+        $this->filled = $data['filled'];
+        $this->rooms = $data['rooms'];
+        $this->types = $data['types'];
+        $this->startTime = $data['startTime'];
+        $this->endTime = $data['endTime'];
+    }
+
     /**
      * @return int unix timestamp
      */
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index 8f81f542..186301db 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -177,18 +177,19 @@ function view_user_shifts()
     $rooms = load_rooms();
     $types = load_types();
 
-    if (!$session->has('ShiftsFilter')) {
+    if (!$session->has('shifts-filter')) {
         $room_ids = [
             $rooms[0]['id']
         ];
         $type_ids = array_map('get_ids_from_array', $types);
         $shiftsFilter = new ShiftsFilter(in_array('user_shifts_admin', $privileges), $room_ids, $type_ids);
-        $session->set('ShiftsFilter', $shiftsFilter);
+        $session->set('shifts-filter', $shiftsFilter->sessionExport());
     }
 
-    /** @var ShiftsFilter $shiftsFilter */
-    $shiftsFilter = $session->get('ShiftsFilter');
+    $shiftsFilter = new ShiftsFilter();
+    $shiftsFilter->sessionImport($session->get('shifts-filter'));
     update_ShiftsFilter($shiftsFilter, in_array('user_shifts_admin', $privileges), $days);
+    $session->set('shifts-filter', $shiftsFilter->sessionExport());
 
     $shiftCalendarRenderer = shiftCalendarRendererByShiftFilter($shiftsFilter);
 
-- 
cgit v1.2.3-54-g00ecf


From 175c335810817ff3e989f368889274d3f09c08b1 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Wed, 29 Aug 2018 18:08:45 +0200
Subject: Db::selectOne() should return null if result is empty

---
 includes/model/Shifts_model.php  | 2 +-
 includes/pages/user_myshifts.php | 2 +-
 src/Database/Db.php              | 9 +++++++--
 3 files changed, 9 insertions(+), 4 deletions(-)

(limited to 'includes/pages')

diff --git a/includes/model/Shifts_model.php b/includes/model/Shifts_model.php
index 94513ff3..b5e3a205 100644
--- a/includes/model/Shifts_model.php
+++ b/includes/model/Shifts_model.php
@@ -182,7 +182,7 @@ function NeededAngeltypes_by_ShiftsFilter(ShiftsFilter $shiftsFilter)
 /**
  * @param array $shift
  * @param array $angeltype
- * @return array
+ * @return array|null
  */
 function NeededAngeltype_by_Shift_and_Angeltype($shift, $angeltype)
 {
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index 5819f5c6..b61fc1e4 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -71,7 +71,7 @@ function user_myshifts()
                 $shifts_user['UID'],
             ]
         );
-        if (count($shift) > 0) {
+        if (!empty($shift)) {
             $freeloaded = $shift['freeloaded'];
             $freeload_comment = $shift['freeload_comment'];
 
diff --git a/src/Database/Db.php b/src/Database/Db.php
index f34d1564..c0871e68 100644
--- a/src/Database/Db.php
+++ b/src/Database/Db.php
@@ -45,14 +45,19 @@ class Db
      *
      * @param string $query
      * @param array  $bindings
-     * @return array
+     * @return array|null
      */
     public static function selectOne($query, array $bindings = [])
     {
         $result = self::connection()->selectOne($query, $bindings);
 
         // @TODO: remove typecast
-        return (array)$result;
+        $result = (array)$result;
+        if (empty($result)) {
+            return null;
+        }
+
+        return $result;
     }
 
     /**
-- 
cgit v1.2.3-54-g00ecf