use safe functions

shish · Oct 10, 2024 · 9526bd2 · 9526bd2
1 parent 431077f
commit 9526bd2
Show file tree

Hide file tree

Showing 31 changed files with 60 additions and 57 deletions.
diff --git a/core/cli_app.php b/core/cli_app.php
@@ -54,7 +54,7 @@ public function run(?InputInterface $input = null, ?OutputInterface $output = nu
             }
         }
         if (!defined("CLI_LOG_LEVEL")) {
-            define("CLI_LOG_LEVEL", $log_level);
+            \Safe\define("CLI_LOG_LEVEL", $log_level);
         }
 
         return parent::run($input, $output);

diff --git a/core/database.php b/core/database.php
@@ -82,7 +82,7 @@ private function get_db(): PDO
 
     private function connect_engine(): void
     {
-        if (preg_match("/^([^:]*)/", $this->dsn, $matches)) {
+        if (\Safe\preg_match("/^([^:]*)/", $this->dsn, $matches)) {
             $db_proto = $matches[1];
         } else {
             throw new ServerError("Can't figure out database engine");

diff --git a/core/dbengine.php b/core/dbengine.php
@@ -196,7 +196,7 @@ public function create_table_sql(string $name, string $data): string
         $extras = "";
         foreach (explode(",", $data) as $bit) {
             $matches = [];
-            if (preg_match("/(UNIQUE)? ?INDEX\s*\((.*)\)/", $bit, $matches)) {
+            if (\Safe\preg_match("/(UNIQUE)? ?INDEX\s*\((.*)\)/", $bit, $matches)) {
                 $uni = $matches[1];
                 $col = $matches[2];
                 $extras .= "CREATE $uni INDEX {$name}_{$col} ON {$name}({$col});";

diff --git a/core/imageboard/event.php b/core/imageboard/event.php
@@ -61,8 +61,7 @@ public function __construct(
     ) {
         parent::__construct();
         $this->old_hash = $image->hash;
-        $hash = md5_file($tmp_filename);
-        assert($hash !== false, "Failed to hash file $tmp_filename");
+        $hash = \Safe\md5_file($tmp_filename);
         $this->new_hash = $hash;
     }
 }

diff --git a/core/imageboard/search.php b/core/imageboard/search.php
@@ -225,7 +225,7 @@ public static function count_images(array $tags = []): int
         if ($speed_hax && $tag_count === 0) {
             // total number of images in the DB
             $total = self::count_total_images();
-        } elseif ($speed_hax && $tag_count === 1 && !preg_match("/[:=><\*\?]/", $tags[0])) {
+        } elseif ($speed_hax && $tag_count === 1 && !\Safe\preg_match("/[:=><\*\?]/", $tags[0])) {
             if (!str_starts_with($tags[0], "-")) {
                 // one positive tag - we can look that up directly
                 $total = self::count_tag($tags[0]);

diff --git a/core/page.php b/core/page.php
@@ -770,7 +770,7 @@ public static function is_active(array $pages_matched, ?string $url = null): boo
         $re1 = '.*?';
         $re2 = '((?:[a-z][a-z_]+))';
 
-        if (preg_match_all("/".$re1.$re2."/is", $url, $matches)) {
+        if (\Safe\preg_match_all("/".$re1.$re2."/is", $url, $matches)) {
             $url = $matches[1][0];
         }
 

diff --git a/core/polyfills.php b/core/polyfills.php
@@ -4,6 +4,8 @@
 
 namespace Shimmie2;
 
+use function Safe\preg_match;
+
 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *\
 * Things which should be in the core API                                    *
 \* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */

diff --git a/core/util.php b/core/util.php
@@ -385,7 +385,7 @@ function path_to_tags(string $path): array
 {
     $matches = [];
     $tags = [];
-    if (preg_match("/\d+ - (.+)\.([a-zA-Z0-9]+)/", basename($path), $matches)) {
+    if (\Safe\preg_match("/\d+ - (.+)\.([a-zA-Z0-9]+)/", basename($path), $matches)) {
         $tags = explode(" ", $matches[1]);
     }
 
@@ -811,7 +811,7 @@ function shm_tempnam(string $prefix = ""): string
 function load_balance_url(string $tmpl, string $hash, int $n = 0): string
 {
     $matches = [];
-    if (preg_match("/(.*){(.*)}(.*)/", $tmpl, $matches)) {
+    if (\Safe\preg_match("/(.*){(.*)}(.*)/", $tmpl, $matches)) {
         $pre = $matches[1];
         $opts = $matches[2];
         $post = $matches[3];

diff --git a/ext/approval/main.php b/ext/approval/main.php
@@ -159,7 +159,7 @@ public function onHelpPageBuilding(HelpPageBuildingEvent $event): void
     private function no_approval_query(array $context): bool
     {
         foreach ($context as $term) {
-            if (preg_match(self::SEARCH_REGEXP, $term)) {
+            if (\Safe\preg_match(self::SEARCH_REGEXP, $term)) {
                 return false;
             }
         }

diff --git a/ext/ban_words/main.php b/ext/ban_words/main.php
@@ -65,7 +65,9 @@ public function onSetupBuilding(SetupBuildingEvent $event): void
         $failed = [];
         foreach ($this->get_words() as $word) {
             if ($word[0] == '/') {
-                if (preg_match($word, "") === false) {
+                try {
+                    \Safe\preg_match($word, "");
+                } catch (\Exception $e) {
                     $failed[] = $word;
                 }
             }
@@ -85,7 +87,7 @@ private function test_text(string $comment, SCoreException $ex): void
         foreach ($this->get_words() as $word) {
             if ($word[0] == '/') {
                 // lines that start with slash are regex
-                if (preg_match($word, $comment) === 1) {
+                if (\Safe\preg_match($word, $comment) === 1) {
                     throw $ex;
                 }
             } else {

diff --git a/ext/bbcode/main.php b/ext/bbcode/main.php
@@ -36,13 +36,13 @@ public function _format(string $text): string
         $text = str_replace("\n", "\n<br>", $text);
         $text = preg_replace_ex("/\[quote\](.*?)\[\/quote\]/s", "<blockquote><small>\\1</small></blockquote>", $text);
         $text = preg_replace_ex("/\[quote=(.*?)\](.*?)\[\/quote\]/s", "<blockquote><em>\\1 said:</em><br><small>\\2</small></blockquote>", $text);
-        while (preg_match("/\[list\](.*?)\[\/list\]/s", $text)) {
+        while (\Safe\preg_match("/\[list\](.*?)\[\/list\]/s", $text)) {
             $text = preg_replace_ex("/\[list\](.*?)\[\/list\]/s", "<ul>\\1</ul>", $text);
         }
-        while (preg_match("/\[ul\](.*?)\[\/ul\]/s", $text)) {
+        while (\Safe\preg_match("/\[ul\](.*?)\[\/ul\]/s", $text)) {
             $text = preg_replace_ex("/\[ul\](.*?)\[\/ul\]/s", "<ul>\\1</ul>", $text);
         }
-        while (preg_match("/\[ol\](.*?)\[\/ol\]/s", $text)) {
+        while (\Safe\preg_match("/\[ol\](.*?)\[\/ol\]/s", $text)) {
             $text = preg_replace_ex("/\[ol\](.*?)\[\/ol\]/s", "<ol>\\1</ol>", $text);
         }
         $text = preg_replace_ex("/\[li\](.*?)\[\/li\]/s", "<li>\\1</li>", $text);

diff --git a/ext/graphql/main.php b/ext/graphql/main.php
@@ -88,7 +88,7 @@ private function cors(): void
         $pat = $config->get_string("graphql_cors_pattern");
 
         if ($pat && isset($_SERVER['HTTP_ORIGIN'])) {
-            if (preg_match("#$pat#", $_SERVER['HTTP_ORIGIN'])) {
+            if (\Safe\preg_match("#$pat#", $_SERVER['HTTP_ORIGIN'])) {
                 header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
                 header('Access-Control-Allow-Credentials: true');
                 header('Access-Control-Max-Age: 86400');

diff --git a/ext/index/main.php b/ext/index/main.php
@@ -222,7 +222,7 @@ public function onSearchTermParse(SearchTermParseEvent $event): void
             $event->add_querylet(new Querylet("images.posted $cmp :posted{$event->id}", ["posted{$event->id}" => $val]));
         } elseif ($matches = $event->matches("/^order[=|:](id|width|height|length|filesize|filename)[_]?(desc|asc)?$/i")) {
             $ord = strtolower($matches[1]);
-            $default_order_for_column = preg_match("/^(id|filename)$/", $matches[1]) ? "ASC" : "DESC";
+            $default_order_for_column = \Safe\preg_match("/^(id|filename)$/", $matches[1]) ? "ASC" : "DESC";
             $sort = isset($matches[2]) ? strtoupper($matches[2]) : $default_order_for_column;
             $event->order = "images.$ord $sort";
         } elseif ($matches = $event->matches("/^order[=|:]random[_]([0-9]{1,4})$/i")) {

diff --git a/ext/link_image/test.php b/ext/link_image/test.php
@@ -13,7 +13,7 @@ public function testLinkImage(): void
         $this->get_page("post/view/$image_id");
 
         $matches = [];
-        preg_match("#value='https?://.*/(post/view/[0-9]+)'#", $this->page_to_text(), $matches);
+        \Safe\preg_match("#value='https?://.*/(post/view/[0-9]+)'#", $this->page_to_text(), $matches);
         $this->assertNotEmpty($matches);
         $page = $this->get_page($matches[1]);
         $this->assertEquals("Post $image_id: pie", $page->title);

diff --git a/ext/link_scan/main.php b/ext/link_scan/main.php
@@ -18,7 +18,7 @@ public function onPageRequest(PageRequestEvent $event): void
         $search = $event->get_GET('search') ?? $event->get_POST('search') ?? "";
         if ($event->page_matches("post/list") && !empty($search)) {
             $trigger = $config->get_string("link_scan_trigger", "https?://");
-            if (preg_match("#.*{$trigger}.*#", $search)) {
+            if (\Safe\preg_match("#.*{$trigger}.*#", $search)) {
                 $ids = $this->scan($search);
                 $page->set_mode(PageMode::REDIRECT);
                 $page->set_redirect(search_link(["id=".implode(",", $ids)]));
@@ -34,14 +34,14 @@ private function scan(string $text): array
     {
         $ids = [];
         $matches = [];
-        preg_match_all("/post\/view\/(\d+)/", $text, $matches);
+        \Safe\preg_match_all("/post\/view\/(\d+)/", $text, $matches);
         foreach ($matches[1] as $match) {
             $img = Image::by_id((int)$match);
             if ($img) {
                 $ids[] = $img->id;
             }
         }
-        preg_match_all("/\b([0-9a-fA-F]{32})\b/", $text, $matches);
+        \Safe\preg_match_all("/\b([0-9a-fA-F]{32})\b/", $text, $matches);
         foreach ($matches[1] as $match) {
             $img = Image::by_hash($match);
             if ($img) {

diff --git a/ext/media/main.php b/ext/media/main.php
@@ -860,8 +860,8 @@ public static function video_size(string $filename): array
         // error_log("Getting size with `$cmd`");
 
         $regex_sizes = "/Video: .* ([0-9]{1,4})x([0-9]{1,4})/";
-        if (preg_match($regex_sizes, $output, $regs)) {
-            if (preg_match("/displaymatrix: rotation of (90|270).00 degrees/", $output)) {
+        if (\Safe\preg_match($regex_sizes, $output, $regs)) {
+            if (\Safe\preg_match("/displaymatrix: rotation of (90|270).00 degrees/", $output)) {
                 $size = [(int)$regs[2], (int)$regs[1]];
             } else {
                 $size = [(int)$regs[1], (int)$regs[2]];

diff --git a/ext/mime/mime_type.php b/ext/mime/mime_type.php
@@ -80,7 +80,7 @@ class MimeType
 
     public static function is_mime(string $value): bool
     {
-        return preg_match(self::REGEX_MIME_TYPE, $value) === 1;
+        return \Safe\preg_match(self::REGEX_MIME_TYPE, $value) === 1;
     }
 
     public static function add_parameters(string $mime, string ...$parameters): string
@@ -144,7 +144,7 @@ public static function is_animated_gif(string $image_filename): bool
 
                 while (!feof($fh) && $is_anim_gif < 2) {
                     $chunk =  ($chunk ? substr($chunk, -20) : "") . fread($fh, 1024 * 100); //read 100kb at a time
-                    $is_anim_gif += preg_match_all('#\x00\x21\xF9\x04.{4}\x00(\x2C|\x21)#s', $chunk, $matches);
+                    $is_anim_gif += \Safe\preg_match_all('#\x00\x21\xF9\x04.{4}\x00(\x2C|\x21)#s', $chunk, $matches);
                 }
             } finally {
                 @fclose($fh);

diff --git a/ext/notes/main.php b/ext/notes/main.php
@@ -250,7 +250,7 @@ private function add_new_note(): int
     {
         global $database, $user;
 
-        $note = json_decode(\Safe\file_get_contents('php://input'), true);
+        $note = \Safe\json_decode(\Safe\file_get_contents('php://input'), true);
 
         $database->execute(
             "
@@ -311,7 +311,7 @@ private function update_note(): void
     {
         global $database;
 
-        $note = json_decode(\Safe\file_get_contents('php://input'), true);
+        $note = \Safe\json_decode(\Safe\file_get_contents('php://input'), true);
 
         // validate parameters
         if (empty($note['note'])) {
@@ -330,7 +330,7 @@ private function delete_note(): void
     {
         global $user, $database;
 
-        $note = json_decode(\Safe\file_get_contents('php://input'), true);
+        $note = \Safe\json_decode(\Safe\file_get_contents('php://input'), true);
         $database->execute("
 			UPDATE notes SET enable = :enable
 			WHERE image_id = :image_id AND id = :id

diff --git a/ext/numeric_score/main.php b/ext/numeric_score/main.php
@@ -352,7 +352,7 @@ public function onSearchTermParse(SearchTermParseEvent $event): void
 
     public function onTagTermCheck(TagTermCheckEvent $event): void
     {
-        if (preg_match("/^vote[=|:](up|down|remove)$/i", $event->term)) {
+        if ($event->matches("/^vote[=|:](up|down|remove)$/i")) {
             $event->metatag = true;
         }
     }

diff --git a/ext/ouroboros_api/main.php b/ext/ouroboros_api/main.php
@@ -244,7 +244,7 @@ public function onPageRequest(PageRequestEvent $event): void
     {
         global $page, $user;
 
-        if (preg_match("%\.(xml|json)$%", implode('/', $event->args), $matches) === 1) {
+        if (\Safe\preg_match("%\.(xml|json)$%", implode('/', $event->args), $matches) === 1) {
             $this->type = $matches[1];
             if ($this->type == 'json') {
                 $page->set_mime('application/json; charset=utf-8');
@@ -620,6 +620,6 @@ private function tryAuth(): void
      */
     private function match(PageRequestEvent $event, string $page): bool
     {
-        return (preg_match("%{$page}\.(xml|json)$%", implode('/', $event->args), $matches) === 1);
+        return (\Safe\preg_match("%{$page}\.(xml|json)$%", implode('/', $event->args), $matches) === 1);
     }
 }
diff --git a/ext/pools/main.php b/ext/pools/main.php
@@ -494,7 +494,7 @@ public function onSearchTermParse(SearchTermParseEvent $event): void
         if ($matches = $event->matches("/^pool[=|:]([0-9]+|any|none)$/i")) {
             $poolID = $matches[1];
 
-            if (preg_match("/^(any|none)$/", $poolID)) {
+            if (\Safe\preg_match("/^(any|none)$/", $poolID)) {
                 $not = ($poolID == "none" ? "NOT" : "");
                 $event->add_querylet(new Querylet("images.id $not IN (SELECT DISTINCT image_id FROM pool_images)"));
             } else {
@@ -518,7 +518,7 @@ public function onSearchTermParse(SearchTermParseEvent $event): void
 
     public function onTagTermCheck(TagTermCheckEvent $event): void
     {
-        if (preg_match("/^pool[=|:]([^:]*|lastcreated):?([0-9]*)$/i", $event->term)) {
+        if ($event->matches("/^pool[=|:]([^:]*|lastcreated):?([0-9]*)$/i")) {
             $event->metatag = true;
         }
     }

diff --git a/ext/post_source/main.php b/ext/post_source/main.php
@@ -40,7 +40,7 @@ public function onImageInfoSet(ImageInfoSetEvent $event): void
             $source = $event->get_param('url');
         }
         if ($user->can(Permissions::EDIT_IMAGE_SOURCE) && !is_null($source)) {
-            if (isset($event->params['tags']) ? !preg_match('/source[=|:]/', $event->params["tags"]) : true) {
+            if (isset($event->params['tags']) ? !\Safe\preg_match('/source[=|:]/', $event->params["tags"]) : true) {
                 send_event(new SourceSetEvent($event->image, $source));
             }
         }
@@ -81,7 +81,7 @@ public function onSearchTermParse(SearchTermParseEvent $event): void
 
     public function onTagTermCheck(TagTermCheckEvent $event): void
     {
-        if (preg_match("/^source[=|:](.*)$/i", $event->term)) {
+        if ($event->matches("/^source[=|:](.*)$/i")) {
             $event->metatag = true;
         }
     }

diff --git a/ext/post_tags/main.php b/ext/post_tags/main.php
@@ -177,7 +177,7 @@ public function onSearchTermParse(SearchTermParseEvent $event): void
         if ($matches = $event->matches("/^(source)[=|:](.*)$/i")) {
             $source = strtolower($matches[2]);
 
-            if (preg_match("/^(any|none)$/i", $source)) {
+            if (\Safe\preg_match("/^(any|none)$/i", $source)) {
                 $not = ($source == "any" ? "NOT" : "");
                 $event->add_querylet(new Querylet("images.source IS $not NULL"));
             } else {

diff --git a/ext/private_image/main.php b/ext/private_image/main.php
@@ -158,7 +158,7 @@ public function onHelpPageBuilding(HelpPageBuildingEvent $event): void
     private function no_private_query(array $context): bool
     {
         foreach ($context as $term) {
-            if (preg_match(self::SEARCH_REGEXP, $term)) {
+            if (\Safe\preg_match(self::SEARCH_REGEXP, $term)) {
                 return false;
             }
         }

diff --git a/ext/rating/main.php b/ext/rating/main.php
@@ -289,7 +289,7 @@ public function onSearchTermParse(SearchTermParseEvent $event): void
 
     public function onTagTermCheck(TagTermCheckEvent $event): void
     {
-        if (preg_match($this->search_regexp, $event->term)) {
+        if ($event->matches($this->search_regexp)) {
             $event->metatag = true;
         }
     }
@@ -298,10 +298,10 @@ public function onTagTermParse(TagTermParseEvent $event): void
     {
         global $user;
 
-        if (preg_match($this->search_regexp, strtolower($event->term), $matches)) {
-            $ratings = $matches[1] ? $matches[1] : $matches[2][0];
+        if ($matches = $event->matches($this->search_regexp)) {
+            $ratings = strtolower($matches[1] ? $matches[1] : $matches[2][0]);
 
-            if (count($matches) > 2 && in_array($matches[2], self::UNRATED_KEYWORDS)) {
+            if (count($matches) > 2 && in_array(strtolower($matches[2]), self::UNRATED_KEYWORDS)) {
                 $ratings = "?";
             }
 
@@ -512,7 +512,7 @@ public static function rating_is_valid(string $rating): bool
     private function no_rating_query(array $context): bool
     {
         foreach ($context as $term) {
-            if (preg_match("/^rating[=|:]/", $term)) {
+            if (\Safe\preg_match("/^rating[=|:]/", $term)) {
                 return false;
             }
         }

diff --git a/ext/relationships/main.php b/ext/relationships/main.php
@@ -58,7 +58,7 @@ public function onImageInfoSet(ImageInfoSetEvent $event): void
     {
         global $user;
         if ($user->can(Permissions::EDIT_IMAGE_RELATIONSHIPS)) {
-            if (isset($event->params['tags']) ? !preg_match('/parent[=|:]/', $event->params["tags"]) : true) { //Ignore parent if tags contain parent metatag
+            if (isset($event->params['tags']) ? !\Safe\preg_match('/parent[=|:]/', $event->params["tags"]) : true) { //Ignore parent if tags contain parent metatag
                 if (isset($event->params["parent"]) ? ctype_digit($event->params["parent"]) : false) {
                     send_event(new ImageRelationshipSetEvent($event->image->id, (int) $event->params["parent"]));
                 } else {
@@ -78,7 +78,7 @@ public function onSearchTermParse(SearchTermParseEvent $event): void
         if ($matches = $event->matches("/^parent[=|:]([0-9]+|any|none)$/")) {
             $parentID = $matches[1];
 
-            if (preg_match("/^(any|none)$/", $parentID)) {
+            if (\Safe\preg_match("/^(any|none)$/", $parentID)) {
                 $not = ($parentID == "any" ? "NOT" : "");
                 $event->add_querylet(new Querylet("images.parent_id IS $not NULL"));
             } else {

diff --git a/ext/resize/main.php b/ext/resize/main.php
@@ -116,7 +116,7 @@ public function onDataUpload(DataUploadEvent $event): void
                 //check if gif is animated (via https://www.php.net/manual/en/function.imagecreatefromgif.php#104473)
                 while (!feof($fh) && $isanigif < 2) {
                     $chunk = \Safe\fread($fh, 1024 * 100);
-                    $isanigif += preg_match_all('#\x00\x21\xF9\x04.{4}\x00[\x2C\x21]#s', $chunk, $matches);
+                    $isanigif += \Safe\preg_match_all('#\x00\x21\xF9\x04.{4}\x00[\x2C\x21]#s', $chunk, $matches);
                 }
             }
             if ($isanigif == 0) {

diff --git a/ext/trash/main.php b/ext/trash/main.php
@@ -127,7 +127,7 @@ public function onHelpPageBuilding(HelpPageBuildingEvent $event): void
     private function no_trash_query(array $context): bool
     {
         foreach ($context as $term) {
-            if (preg_match(self::SEARCH_REGEXP, $term)) {
+            if (\Safe\preg_match(self::SEARCH_REGEXP, $term)) {
                 return false;
             }
         }