Commit 6f7798b6 authored by Rasmus Lerdorf's avatar Rasmus Lerdorf

Fixing bugs found by static analysis

parent 2c967d60
......@@ -57,7 +57,7 @@
$method = strtolower($_REQUEST["op"]);
$handler = new API(Db::get(), $_REQUEST);
$handler = new API($_REQUEST);
if ($handler->before($method)) {
if ($method && method_exists($handler, $method)) {
......
......@@ -14,12 +14,12 @@ class API extends Handler {
header("Content-Type: text/json");
if (!$_SESSION["uid"] && $method != "login" && $method != "isloggedin") {
print $this->wrap(self::STATUS_ERR, array("error" => 'NOT_LOGGED_IN'));
$this->wrap(self::STATUS_ERR, array("error" => 'NOT_LOGGED_IN'));
return false;
}
if ($_SESSION["uid"] && $method != "logout" && !get_pref('ENABLE_API_ACCESS')) {
print $this->wrap(self::STATUS_ERR, array("error" => 'API_DISABLED'));
$this->wrap(self::STATUS_ERR, array("error" => 'API_DISABLED'));
return false;
}
......@@ -38,12 +38,12 @@ class API extends Handler {
function getVersion() {
$rv = array("version" => VERSION);
print $this->wrap(self::STATUS_OK, $rv);
$this->wrap(self::STATUS_OK, $rv);
}
function getApiLevel() {
$rv = array("level" => self::API_LEVEL);
print $this->wrap(self::STATUS_OK, $rv);
$this->wrap(self::STATUS_OK, $rv);
}
function login() {
......@@ -65,33 +65,33 @@ class API extends Handler {
}
if (!$uid) {
print $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
return;
}
if (get_pref("ENABLE_API_ACCESS", $uid)) {
if (authenticate_user($login, $password)) { // try login with normal password
print $this->wrap(self::STATUS_OK, array("session_id" => session_id(),
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
"api_level" => self::API_LEVEL));
} else if (authenticate_user($login, $password_base64)) { // else try with base64_decoded password
print $this->wrap(self::STATUS_OK, array("session_id" => session_id(),
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
"api_level" => self::API_LEVEL));
} else { // else we are not logged in
print $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
}
} else {
print $this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED"));
$this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED"));
}
}
function logout() {
logout_user();
print $this->wrap(self::STATUS_OK, array("status" => "OK"));
$this->wrap(self::STATUS_OK, array("status" => "OK"));
}
function isLoggedIn() {
print $this->wrap(self::STATUS_OK, array("status" => $_SESSION["uid"] != ''));
$this->wrap(self::STATUS_OK, array("status" => $_SESSION["uid"] != ''));
}
function getUnread() {
......@@ -99,15 +99,15 @@ class API extends Handler {
$is_cat = $this->dbh->escape_string($_REQUEST["is_cat"]);
if ($feed_id) {
print $this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($feed_id, $is_cat)));
$this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($feed_id, $is_cat)));
} else {
print $this->wrap(self::STATUS_OK, array("unread" => getGlobalUnread()));
$this->wrap(self::STATUS_OK, array("unread" => getGlobalUnread()));
}
}
/* Method added for ttrss-reader for Android */
function getCounters() {
print $this->wrap(self::STATUS_OK, getAllCounters());
$this->wrap(self::STATUS_OK, getAllCounters());
}
function getFeeds() {
......@@ -119,7 +119,7 @@ class API extends Handler {
$feeds = $this->api_get_feeds($cat_id, $unread_only, $limit, $offset, $include_nested);
print $this->wrap(self::STATUS_OK, $feeds);
$this->wrap(self::STATUS_OK, $feeds);
}
function getCategories() {
......@@ -176,7 +176,7 @@ class API extends Handler {
}
}
print $this->wrap(self::STATUS_OK, $cats);
$this->wrap(self::STATUS_OK, $cats);
}
function getHeadlines() {
......@@ -219,9 +219,9 @@ class API extends Handler {
$include_attachments, $since_id, $search, $search_mode,
$include_nested, $sanitize_content);
print $this->wrap(self::STATUS_OK, $headlines);
$this->wrap(self::STATUS_OK, $headlines);
} else {
print $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE'));
$this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE'));
}
}
......@@ -293,11 +293,11 @@ class API extends Handler {
}
}
print $this->wrap(self::STATUS_OK, array("status" => "OK",
$this->wrap(self::STATUS_OK, array("status" => "OK",
"updated" => $num_updated));
} else {
print $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE'));
$this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE'));
}
}
......@@ -352,7 +352,7 @@ class API extends Handler {
}
}
print $this->wrap(self::STATUS_OK, $articles);
$this->wrap(self::STATUS_OK, $articles);
}
......@@ -370,7 +370,7 @@ class API extends Handler {
$config["num_feeds"] = (int)$num_feeds;
print $this->wrap(self::STATUS_OK, $config);
$this->wrap(self::STATUS_OK, $config);
}
function updateFeed() {
......@@ -380,7 +380,7 @@ class API extends Handler {
update_rss_feed($feed_id, true);
print $this->wrap(self::STATUS_OK, array("status" => "OK"));
$this->wrap(self::STATUS_OK, array("status" => "OK"));
}
function catchupFeed() {
......@@ -389,13 +389,13 @@ class API extends Handler {
catchup_feed($feed_id, $is_cat);
print $this->wrap(self::STATUS_OK, array("status" => "OK"));
$this->wrap(self::STATUS_OK, array("status" => "OK"));
}
function getPref() {
$pref_name = $this->dbh->escape_string($_REQUEST["pref_name"]);
print $this->wrap(self::STATUS_OK, array("value" => get_pref($pref_name)));
$this->wrap(self::STATUS_OK, array("value" => get_pref($pref_name)));
}
function getLabels() {
......@@ -432,7 +432,7 @@ class API extends Handler {
"checked" => $checked));
}
print $this->wrap(self::STATUS_OK, $rv);
$this->wrap(self::STATUS_OK, $rv);
}
function setArticleLabel() {
......@@ -460,7 +460,7 @@ class API extends Handler {
}
}
print $this->wrap(self::STATUS_OK, array("status" => "OK",
$this->wrap(self::STATUS_OK, array("status" => "OK",
"updated" => $num_updated));
}
......@@ -471,10 +471,10 @@ class API extends Handler {
if ($plugin && method_exists($plugin, $method)) {
$reply = $plugin->$method();
print $this->wrap($reply[0], $reply[1]);
$this->wrap($reply[0], $reply[1]);
} else {
print $this->wrap(self::STATUS_ERR, array("error" => 'UNKNOWN_METHOD', "method" => $method));
$this->wrap(self::STATUS_ERR, array("error" => 'UNKNOWN_METHOD', "method" => $method));
}
}
......@@ -484,9 +484,9 @@ class API extends Handler {
$content = $this->dbh->escape_string(strip_tags($_REQUEST["content"]));
if (Article::create_published_article($title, $url, $content, "", $_SESSION["uid"])) {
print $this->wrap(self::STATUS_OK, array("status" => 'OK'));
$this->wrap(self::STATUS_OK, array("status" => 'OK'));
} else {
print $this->wrap(self::STATUS_ERR, array("error" => 'Publishing failed'));
$this->wrap(self::STATUS_ERR, array("error" => 'Publishing failed'));
}
}
......@@ -714,9 +714,9 @@ class API extends Handler {
if ($this->dbh->num_rows($result) != 0) {
Pref_Feeds::remove_feed($feed_id, $_SESSION["uid"]);
print $this->wrap(self::STATUS_OK, array("status" => "OK"));
$this->wrap(self::STATUS_OK, array("status" => "OK"));
} else {
print $this->wrap(self::STATUS_ERR, array("error" => "FEED_NOT_FOUND"));
$this->wrap(self::STATUS_ERR, array("error" => "FEED_NOT_FOUND"));
}
}
......@@ -727,12 +727,11 @@ class API extends Handler {
$password = $this->dbh->escape_string($_REQUEST["password"]);
if ($feed_url) {
$rc = subscribe_to_feed($feed_url, $category_id,
$login, $password, false);
$rc = subscribe_to_feed($feed_url, $category_id, $login, $password);
print $this->wrap(self::STATUS_OK, array("status" => $rc));
$this->wrap(self::STATUS_OK, array("status" => $rc));
} else {
print $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE'));
$this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE'));
}
}
......@@ -746,9 +745,9 @@ class API extends Handler {
if ($pf){
$data = $pf->makefeedtree();
print $this->wrap(self::STATUS_OK, array("categories" => $data));
$this->wrap(self::STATUS_OK, array("categories" => $data));
} else {
print $this->wrap(self::STATUS_ERR, array("error" =>
$this->wrap(self::STATUS_ERR, array("error" =>
'UNABLE_TO_INSTANTIATE_OBJECT'));
}
......
......@@ -215,7 +215,7 @@ class Article extends Handler_Protected {
$this->dbh->query("UPDATE ttrss_user_entries SET
score = '$score' WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
print json_encode(array("id" => $id,
print json_encode(array("id" => $ids,
"score_pic" => get_score_pic($score)));
}
......
......@@ -16,7 +16,7 @@ class Auth_Base {
// Auto-creates specified user if allowed by system configuration
// Can be used instead of find_user_by_login() by external auth modules
function auto_create_user($login) {
function auto_create_user($login, $password) {
if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) {
$user_id = $this->find_user_by_login($login);
......
......@@ -79,7 +79,7 @@ class Db_PDO implements IDb {
}
function last_error() {
return join(" ", $pdo->errorInfo());
return join(" ", $this->pdo->errorInfo());
}
function init() {
......
......@@ -382,9 +382,9 @@ class Handler_Public extends Handler {
header('Content-Type: text/html; charset=utf-8');
print "<html><head><title>Tiny Tiny RSS</title>";
print stylesheet_tag("utility.css");
print javascript_tag("lib/prototype.js");
print javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls");
stylesheet_tag("utility.css");
javascript_tag("lib/prototype.js");
javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls");
print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
</head><body id='sharepopup'>";
......@@ -643,6 +643,7 @@ class Handler_Public extends Handler {
$feed_url = $this->dbh->escape_string(trim($_REQUEST["feed_url"]));
$cat_id = $this->dbh->escape_string($_REQUEST["cat_id"]);
$from = $this->dbh->escape_string($_REQUEST["from"]);
$feed_urls = array();
/* only read authentication information from POST */
......@@ -666,8 +667,10 @@ class Handler_Public extends Handler {
break;
case 4:
print_notice(__("Multiple feed URLs found."));
$feed_urls = get_feeds_from_html($feed_url);
$contents = @fetch_file_contents($url, false, $auth_login, $auth_pass);
if (is_html($contents)) {
$feed_urls = get_feeds_from_html($url, $contents);
}
break;
case 5:
print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
......@@ -732,8 +735,8 @@ class Handler_Public extends Handler {
header('Content-Type: text/html; charset=utf-8');
print "<html><head><title>Tiny Tiny RSS</title>";
print stylesheet_tag("utility.css");
print javascript_tag("lib/prototype.js");
stylesheet_tag("utility.css");
javascript_tag("lib/prototype.js");
print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
</head><body id='forgotpass'>";
......
......@@ -186,7 +186,7 @@ class PluginHost {
}
}
function del_handler($handler, $method) {
function del_handler($handler, $method, $sender) {
$handler = str_replace("-", "_", strtolower($handler));
$method = strtolower($method);
......@@ -252,8 +252,6 @@ class PluginHost {
function load_data($force = false) {
if ($this->owner_uid) {
$plugin = $this->dbh->escape_string($plugin);
$result = $this->dbh->query("SELECT name, content FROM ttrss_plugin_storage
WHERE owner_uid = '".$this->owner_uid."'");
......
......@@ -83,8 +83,6 @@ class Pref_Filters extends Handler_Protected {
}
}
$feed_title = getFeedTitle($feed);
$qfh_ret = queryFeedHeadlines(-4, 30, "", false, false, false,
"date_entered DESC", 0, $_SESSION["uid"], $filter);
......
......@@ -747,7 +747,7 @@ class Pref_Prefs extends Handler_Protected {
$system_enabled = array_map("trim", explode(",", PLUGINS));
$user_enabled = array_map("trim", explode(",", get_pref("_ENABLED_PLUGINS")));
$tmppluginhost = new PluginHost(Db::get());
$tmppluginhost = new PluginHost();
$tmppluginhost->load_all($tmppluginhost::KIND_ALL, $_SESSION["uid"]);
$tmppluginhost->load_data(true);
......
......@@ -291,7 +291,7 @@ class RPC extends Handler_Protected {
$reply = array();
if ($seq) $reply['seq'] = $seq;
if (!empty($_REQUEST['seq'])) $reply['seq'] = (int) $_REQUEST['seq'];
if ($last_article_id != getLastArticleId()) {
$reply['counters'] = getAllCounters();
......@@ -464,7 +464,7 @@ class RPC extends Handler_Protected {
$id = 0;
}
print_feed_cat_select("cat_id", $id);
print_feed_cat_select("cat_id", $id, '');
}
// Silent
......
......@@ -28,7 +28,7 @@ class ttrssMailer extends PHPMailer {
$this->Host = $pair[0];
$this->Port = $pair[1];
if (!$Port) $Port = 25;
if (!$this->Port) $this->Port = 25;
} else {
$this->Host = '';
$this->Port = '';
......
......@@ -237,16 +237,16 @@ function rgb2hsl($arr) {
} else {
$s = $del_Max / $var_Max;
$del_R = ((($max - $var_R ) / 6 ) + ($del_Max / 2 ) ) / $del_Max;
$del_G = ((($max - $var_G ) / 6 ) + ($del_Max / 2 ) ) / $del_Max;
$del_B = ((($max - $var_B ) / 6 ) + ($del_Max / 2 ) ) / $del_Max;
$del_R = ((($var_Max - $var_R ) / 6 ) + ($del_Max / 2 ) ) / $del_Max;
$del_G = ((($var_Max - $var_G ) / 6 ) + ($del_Max / 2 ) ) / $del_Max;
$del_B = ((($var_Max - $var_B ) / 6 ) + ($del_Max / 2 ) ) / $del_Max;
if ($var_R == $var_Max) $h = $del_B - $del_G;
else if ($var_G == $var_Max) $h = (1 / 3 ) + $del_R - $del_B;
else if ($var_B == $var_Max) $h = (2 / 3 ) + $del_G - $del_R;
if ($H < 0) $h++;
if ($H > 1) $h--;
if ($h < 0) $h++;
if ($h > 1) $h--;
}
return array($h, $s, $v);
......
......@@ -1162,7 +1162,7 @@
$data = array_merge($data, getVirtCounters());
$data = array_merge($data, getLabelCounters());
$data = array_merge($data, getFeedCounters($active_feed));
$data = array_merge($data, getFeedCounters());
$data = array_merge($data, getCategoryCounters());
return $data;
......@@ -1286,7 +1286,7 @@
return $unread;
} else if ($cat == -1) {
return getFeedUnread(-1) + getFeedUnread($link, -2) + getFeedUnread($link, -3) + getFeedUnread($link, 0);
return getFeedUnread(-1) + getFeedUnread(-2) + getFeedUnread(-3) + getFeedUnread(0);
} else if ($cat == -2) {
$result = db_query("
......@@ -1726,7 +1726,8 @@
}
if (!$root_id) {
$is_selected = ($default_id == "CAT:0") ? "selected=\"1\"" : "";
$default_is_cat = ($default_id == "CAT:0");
$is_selected = $default_is_cat ? "selected=\"1\"" : "";
printf("<option $is_selected value='CAT:0'>%s</option>",
__("Uncategorized"));
......@@ -4099,7 +4100,7 @@
preg_match("/(Location:|URI:)[^(\n)]*/", $header, $matches);
$url = trim(str_replace($matches[1],"",$matches[0]));
$url_parsed = parse_url($url);
return (isset($url_parsed))? geturl($url, $referer):'';
return (isset($url_parsed))? geturl($url):'';
}
$oline='';
foreach($status as $key=>$eline){$oline.='['.$key.']'.$eline.' ';}
......
......@@ -334,7 +334,7 @@
}
$pluginhost = new PluginHost();
$pluginhost->set_debug($debug_enabled, $debug_enabled);
$pluginhost->set_debug($debug_enabled);
$user_plugins = get_pref("_ENABLED_PLUGINS", $owner_uid);
$pluginhost->load(PLUGINS, PluginHost::KIND_ALL);
......@@ -411,7 +411,7 @@
_debug("checking favicon...", $debug_enabled);
check_feed_favicon($site_url, $feed, $link);
check_feed_favicon($site_url, $feed);
$favicon_modified_new = @filemtime($favicon_file);
if ($favicon_modified_new > $favicon_modified)
......
......@@ -56,14 +56,14 @@
<head>
<title>Tiny Tiny RSS</title>
<?php echo stylesheet_tag("lib/dijit/themes/claro/claro.css"); ?>
<?php echo stylesheet_tag("tt-rss.css"); ?>
<?php echo stylesheet_tag("cdm.css"); ?>
<?php stylesheet_tag("lib/dijit/themes/claro/claro.css"); ?>
<?php stylesheet_tag("tt-rss.css"); ?>
<?php stylesheet_tag("cdm.css"); ?>
<?php if ($_SESSION["uid"]) {
$theme = get_pref( "USER_CSS_THEME", $_SESSION["uid"], false);
if ($theme) {
echo stylesheet_tag("themes/$theme");
stylesheet_tag("themes/$theme");
}
}
?>
......@@ -91,7 +91,7 @@
"lib/dojo/tt-rss-layer.js",
"errors.php?mode=js") as $jsfile) {
echo javascript_tag($jsfile);
javascript_tag($jsfile);
} ?>
......
......@@ -89,7 +89,7 @@
<span><img src=\"../images/sign_info.svg\"></span><span>$msg</span></div>";
}
function db_connect($host, $user, $pass, $db, $type, $port) {
function db_connect($host, $user, $pass, $db, $type, $port = false) {
if ($type == "pgsql") {
$string = "dbname=$db user=$user";
......
......@@ -336,7 +336,7 @@ function processBeginBlockCmd ($parms, $cmdTPosBegin, $cmdTPosEnd) {
$this->openBlocksTab[$this->currentNestingLevel] = $blockNo;
$this->currentNestingLevel += 1;
if ($this->currentNestingLevel > $this->maxNestingLevel) {
$trhis->triggerError ("Block nesting overflow in template at offset $cmdTPosBegin.");
$this->triggerError ("Block nesting overflow in template at offset $cmdTPosBegin.");
return false; }
return true; }
......@@ -844,7 +844,7 @@ function readFileIntoString ($fileName, &$s) {
$fh = fopen($fileName,"rb");
if ($fh === false) return false;
$fileSize = filesize($fileName);
if ($fileSize === false) {close ($fh); return false; }
if ($fileSize === false) {fclose ($fh); return false; }
$s = fread($fh,$fileSize);
fclose ($fh);
if (strlen($s) != $fileSize) return false;
......
......@@ -1101,7 +1101,7 @@ if (!class_exists('QRcode', false)) {
protected function makeMaskNo($maskNo, $width, $s, &$d, $maskGenOnly=false) {
$b = 0;
$bitMask = array();
$bitMask = $this->generateMaskNo($maskNo, $width, $s, $d);
$bitMask = $this->generateMaskNo($maskNo, $width, $s);
if ($maskGenOnly) {
return;
}
......@@ -1399,7 +1399,7 @@ if (!class_exists('QRcode', false)) {
$p += 2;
}
$this->items = $this->appendNewInputItem($this->items, QR_MODE_KJ, $p, str_split($this->dataStr));
return $run;
return $p;
}
/**
......@@ -1470,7 +1470,7 @@ if (!class_exists('QRcode', false)) {
break;
}
case QR_MODE_KJ: {
if ($hint == QR_MODE_KJ) {
if ($this->hint == QR_MODE_KJ) {
$length = $this->eatKanji();
} else {
$length = $this->eat8();
......@@ -1499,7 +1499,7 @@ if (!class_exists('QRcode', false)) {
$stringLen = strlen($this->dataStr);
$p = 0;
while ($p < $stringLen) {
$mode = $this->identifyMode(substr($this->dataStr, $p), $this->hint);
$mode = $this->identifyMode(substr($this->dataStr, $p));
if ($mode == QR_MODE_KJ) {
$p += 2;
} else {
......
......@@ -2195,7 +2195,7 @@
case QR_MODE_NUM: $length = $this->eatNum(); break;
case QR_MODE_AN: $length = $this->eatAn(); break;
case QR_MODE_KANJI:
if ($hint == QR_MODE_KANJI)
if ($this->modeHint == QR_MODE_KANJI)
$length = $this->eatKanji();
else $length = $this->eat8();
break;
......@@ -2217,7 +2217,7 @@
$p = 0;
while ($p<$stringLen) {
$mode = self::identifyMode(substr($this->dataStr, $p), $this->modeHint);
$mode = self::identifyMode(substr($this->dataStr, $p));
if($mode == QR_MODE_KANJI) {
$p += 2;
} else {
......@@ -2621,13 +2621,13 @@
if (file_exists($fileName)) {
$bitMask = self::unserial(file_get_contents($fileName));
} else {
$bitMask = $this->generateMaskNo($maskNo, $width, $s, $d);
$bitMask = $this->generateMaskNo($maskNo, $width, $s);
if (!file_exists(QR_CACHE_DIR.'mask_'.$maskNo))
mkdir(QR_CACHE_DIR.'mask_'.$maskNo);
file_put_contents($fileName, self::serial($bitMask));
}
} else {
$bitMask = $this->generateMaskNo($maskNo, $width, $s, $d);
$bitMask = $this->generateMaskNo($maskNo, $width, $s);
}
if ($maskGenOnly)
......@@ -2937,7 +2937,7 @@
//----------------------------------------------------------------------
public function getCode()
{
$ret;