diff --git a/www/actions/comment_edit.php b/www/actions/comment_edit.php
index f0cd032..4276f03 100644
--- a/www/actions/comment_edit.php
+++ b/www/actions/comment_edit.php
@@ -54,7 +54,7 @@
header('Location: '.changeURL(base64url_decode($_POST['url']), $url_querystring)); // Redirect user back to where he came from
exit;
} else {
- $commentText = escape_text($_POST['text']);
+ $commentText = htmlspecialchars_decode($_POST['text'], ENT_COMPAT | ENT_SUBSTITUTE);
$_POST['text'] = $commentText; // required for passing to Comment::update() later...
}
if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $_POST[text]: OK', __FILE__, __LINE__));
diff --git a/www/actions/comment_new.php b/www/actions/comment_new.php
index 8742943..4f6d4ca 100644
--- a/www/actions/comment_new.php
+++ b/www/actions/comment_new.php
@@ -25,7 +25,7 @@
user_error('keine leeren Posts erlaubt.', E_USER_WARNING);
die();
} else {
- $commentText = escape_text($_POST['text']);
+ $commentText = htmlspecialchars_decode($_POST['text'], ENT_COMPAT | ENT_SUBSTITUTE);
}
if(!is_numeric($_POST['parent_id']) || $_POST['parent_id'] == '')
diff --git a/www/actions/events.php b/www/actions/events.php
index 4ea2ab5..f5811dc 100644
--- a/www/actions/events.php
+++ b/www/actions/events.php
@@ -27,7 +27,7 @@
if ( !empty($_POST['location'])) $eventLocation = sanitize_userinput($_POST['location']);
if ( !empty($_POST['link'])) $eventLink = escape_text((filter_var($_POST['link'], FILTER_VALIDATE_URL)===false?(filter_var(SITE_PROTOCOL.$_POST['link'], FILTER_VALIDATE_URL)!==false?SITE_PROTOCOL.$_POST['link']:$error='Ungültiger Event-Link'):$_POST['link']));
if ( !empty($_POST['review_url'])) $eventReviewlink = escape_text((filter_var($_POST['review_url'], FILTER_VALIDATE_URL)===false?(filter_var(SITE_PROTOCOL.$_POST['review_url'], FILTER_VALIDATE_URL)!==false?SITE_PROTOCOL.$_POST['review_url']:$error='Ungültige Review-URL'):$_POST['review_url']));
-if ( !empty($_POST['description'])) $eventDescription = sanitize_userinput($_POST['description']);
+if ( !empty($_POST['description'])) $eventDescription = htmlspecialchars_decode($_POST['description'], ENT_COMPAT | ENT_SUBSTITUTE);
if ( isset($_POST['gallery_id']) && is_numeric($_POST['gallery_id']) && $_POST['gallery_id'] >= 0) $eventGallery = $_POST['gallery_id'];
if ( isset($_GET['join']) && is_numeric($_GET['join']) && $_GET['join'] >= 0) $eventJoinId = $_GET['join'];
if ( isset($_GET['unjoin']) && is_numeric($_GET['unjoin']) && $_GET['unjoin'] >= 0) $eventUnjoinId = $_GET['unjoin'];
diff --git a/www/includes/activities.inc.php b/www/includes/activities.inc.php
index 4a081ff..6e3559c 100644
--- a/www/includes/activities.inc.php
+++ b/www/includes/activities.inc.php
@@ -52,14 +52,14 @@ class Activities
/**
* Activities Log
*
- * @author IneX
- * @date 13.09.2009
* @version 2.1
- * @since 1.0 `13.09.2009` initial release
- * @since 2.0 `04.09.2018` Added exception handling & boolean return, added support for Activity-Placeholders from strings.array.php
- * @since 2.1 `05.12.2018` fixed wrong usage of t() causing a lot of log errors and broken activity-stream
+ * @since 1.0 `13.09.2009` `IneX` Method added
+ * @since 2.0 `04.09.2018` `IneX` Added exception handling & boolean return, added support for Activity-Placeholders from strings.array.php
+ * @since 2.1 `05.12.2018` `IneX` Fixed wrong usage of t() causing a lot of log errors and broken activity-stream
+ * @since 2.1 `27.12.2023` `IneX` Formatted SQL as prepared statement
*
* @TODO Activity-Area wurde entfernt... ev. doch nötig?
+ * @FIXME SQL-WHERE Clause disabled - readd?
*
* @param integer $owner User ID von welchem die Activities ausgegeben werden sollen (Default = alle)
* @param integer $start Von welchem Datensatz aus die Activites ausgegeben werden sollen
@@ -72,21 +72,16 @@ static public function getActivities ($owner=0, $start=0, $limit=23, $date='')
{
global $db;
- $sql = 'SELECT
- *,
- TIME_TO_SEC(TIMEDIFF(NOW(),date)) AS date_secs,
- UNIX_TIMESTAMP(date) AS datum
- FROM
- activities
- ORDER BY
- datum DESC';
+ $sql = 'SELECT *, TIME_TO_SEC(TIMEDIFF(NOW(),date)) AS date_secs, UNIX_TIMESTAMP(date) AS datum
+ FROM activities
+ ORDER BY datum DESC
+ LIMIT ?,?';
//if ($activity_area <> '') $sql_WHERE = "activity_area = '".$activity_area."'";
- if ($date <> '') {
- $sql_WHERE = ($sql_WHERE <> '' ? ' AND datum = "'.$date.'"' : 'datum = "'.$date.'"');
- } else { $sql_WHERE = null; }
- $sql .= $sql_WHERE . ' LIMIT '.$start.','.$limit;
-
- $result = $db->query($sql, __FILE__, __LINE__, __METHOD__);
+ // if ($date <> '') {
+ // $sql_WHERE = ($sql_WHERE <> '' ? ' AND datum = "'.$date.'"' : 'datum = "'.$date.'"');
+ // } else { $sql_WHERE = null; }
+ // $sql .= $sql_WHERE . ' LIMIT '.$start.','.$limit;
+ $result = $db->query($sql, __FILE__, __LINE__, __METHOD__, [$start, $limit]);
while($rs = $db->fetch($result))
{
@@ -108,14 +103,13 @@ static public function getActivities ($owner=0, $start=0, $limit=23, $date='')
/**
* Activity hinzufügen
*
- * @author IneX
- * @date 13.09.2009
- * @version 4.0
- * @since 1.0 `13.09.2009` initial release
- * @since 2.0 `16.05.2018` added Telegram Notification for new Activities
- * @since 2.1 `16.05.2018` Changed to new Telegram Notification-Method
- * @since 3.0 `02.09.2018` Added exception handling & boolean return, changed Activities to support Placeholders from strings.array.php
- * @since 4.0 `30.10.2018` Enabled self::checkAllowActivities() for User-ID, if "activities_allowed" is set to "ON"
+ * @version 4.1
+ * @since 1.0 `13.09.2009` `IneX` Method added
+ * @since 2.0 `16.05.2018` `IneX` Added Telegram Notification for new Activities
+ * @since 2.1 `16.05.2018` `IneX` Changed to new Telegram Notification-Method
+ * @since 3.0 `02.09.2018` `IneX` Added exception handling & boolean return, changed Activities to support Placeholders from strings.array.php
+ * @since 4.0 `30.10.2018` `IneX` Enabled self::checkAllowActivities() for User-ID, if "activities_allowed" is set to "ON"
+ * @since 4.1 `27.12.2023` `IneX` Formatted SQL as prepared statement, extracted Telegram Notification to notify() method
*
* @uses Activities::checkAllowActivities()
* @uses Telegram::send::message()
@@ -130,36 +124,30 @@ static public function getActivities ($owner=0, $start=0, $limit=23, $date='')
*/
static public function addActivity ($fromUser, $forUser, $activity, $activityArea=NULL, $values=NULL)
{
- global $db, $user, $telegram;
+ global $db;
//$activities = $_ENV['$activities_HZ']; // Globale Activity-Arrays mergen
- if (self::checkAllowActivities($fromUser))
+ if (is_numeric($fromUser) && $fromUser > 0 && self::checkAllowActivities($fromUser))
{
+ $fromUser = intval($fromUser);
+ $forUser = intval($forUser);
+ $activity = (!empty($values) ? vsprintf($activity, $values) : $activity);
+
/** Array to JSON conversion */
if (is_array($values) && !empty($values)) $activityValues = json_encode($values);
- $sql = sprintf('INSERT INTO activities
- (`date`, `activity_area`, `from_user_id`, `owner`, `activity`, `values`)
- VALUES
- (NOW(), "%s", %d, %d, "%s", "%s")',
- $activityArea, $fromUser, $forUser, (strpos($activity,' ')!==false ? escape_text($activity) : $activity), $values
- );
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> INSERT INTO activities: %s', __METHOD__, __LINE__, $sql));
- $result = $db->query($sql, __FILE__, __LINE__, __METHOD__);
+ $sql = 'INSERT INTO activities
+ (`date`, `activity_area`, `from_user_id`, `owner`, `activity`, `values`)
+ VALUES
+ (?, ?, ?, ?, ?, ?)';
+ $result = $db->query($sql, __FILE__, __LINE__, __METHOD__, [
+ timestamp(true), $activityArea, $fromUser, $forUser, $activity, $values
+ ]);
if ($result !== false)
- {
+ {
/** Telegram Notification auslösen */
- if ($activityArea === 'p')
- {
- /** For Polls */
- // Do nothing because already done in poll_edit.php
- }
- else {
- /** For all other Activites */
- $telegram->send->message('group', t('telegram-notification', 'activity', [ $user->id2user($fromUser, TRUE), $activity ]), ['disable_notification' => 'true']);
- }
-
- return true;
+ return self::notify($fromUser, $activity, $activityArea);
} else {
+ zorgDebugger::me()->debug('SQL INSERT result: %s', [strval($result)]);
return false;
}
} else {
@@ -171,11 +159,10 @@ static public function addActivity ($fromUser, $forUser, $activity, $activityAre
/**
* Activity aktualisieren
*
- * @author IneX
- * @date 16.05.2018
- * @version 2.0
- * @since 1.0 `16.05.2018` initial release
- * @since 2.0 `04.09.2018` enhanced method to work with updating new values
+ * @version 2.1
+ * @since 1.0 `16.05.2018` `IneX` initial release
+ * @since 2.0 `04.09.2018` `IneX` Enhanced method to work with updating new values
+ * @since 2.1 `27.12.2023` `IneX` Formatted SQL as prepared statement
*
* @param integer $activity_id ID der Activity, welche aktualisiert werden soll
* @param array $newValues Array containing new Values to be written to the defined Activity
@@ -192,12 +179,9 @@ static public function update ($activity_id, $newValues)
/** Array to JSON conversion */
if (is_array($newValues) && !empty($newValues)) $activityValues = json_encode($newValues);
- $sql = sprintf('UPDATE activities SET
- values = "%s"
- WHERE
- id = %d',
- $activityValues, $activity_id);
- return ( $db->query($sql, __FILE__, __LINE__, __METHOD__) ? true : false );
+ $sql = 'UPDATE activities SET values=? WHERE id=?';
+ $result = $db->query($sql, __FILE__, __LINE__, __METHOD__, [$activityValues, $activity_id]);
+ return (false !== $result ? true : false );
/** When User is not allowed to edit the specified $activity_id, then exit */
} else {
@@ -209,11 +193,10 @@ static public function update ($activity_id, $newValues)
/**
* Activity entfernen
*
- * @author IneX
- * @date 24.07.2018
- * @version 2.0
- * @since 1.0 `13.09.2009` initial release
- * @since 2.0 `24.07.2018` minor update to work with AJAX-Request
+ * @version 2.1
+ * @since 1.0 `13.09.2009` `IneX` Method added
+ * @since 2.0 `24.07.2018` `IneX` minor update to work with AJAX-Request
+ * @since 2.1 `27.12.2023` `IneX` Formatted SQL as prepared statement
*
* @see Activities::getActivityOwner()
* @link https://github.com/zorgch/zorg-code/blob/master/www/js/ajax/activities/delete-activity.php AJAX-Action in delete-activity
@@ -228,13 +211,9 @@ static public function remove ($activity_id)
if($user->id === self::getActivityOwner($activity_id))
{
- $sql = 'DELETE FROM
- activities
- WHERE
- id = '.$activity_id.' AND
- owner = '.$user->id
- ;
- return ( $db->query($sql, __FILE__, __LINE__, __METHOD__) ? true : false );
+ $sql = 'DELETE FROM activities WHERE id=? AND owner=?';
+ $result = $db->query($sql, __FILE__, __LINE__, __METHOD__, [$activity_id, $user->id]);
+ return ( false !== $result ? true : false );
} else {
return false;
}
@@ -244,10 +223,8 @@ static public function remove ($activity_id)
/**
* Activity bewerten
*
- * @author IneX
- * @date 13.09.2009
* @version 1.0
- * @since 1.0 initial release
+ * @since 1.0 `13.09.2009` `IneX` Method added
*
* @FIXME Modifier addslahes() für $rating könnte zu Problemen führen wegen der 20 Zeichen Begrenzung!
* @FIXME Eventuell muss noch ein header("Location: URL") hinzugefügt werden, weil man sonst im Leeren landet?
@@ -262,7 +239,7 @@ static public function rate ($activity_id, $rating)
{
global $db, $user;
- if ($user->is_loggedin() && !hasRated($activity_id, $user->id))
+ if ($user->is_loggedin() && !self::hasRated($activity_id, $user->id))
{
if($activity_id > 0 && $rating != '')
{
@@ -288,10 +265,8 @@ static public function rate ($activity_id, $rating)
/**
* Activity Bewertung entfernen
*
- * @author IneX
- * @date 13.09.2009
* @version 1.0
- * @since 1.0 initial release
+ * @since 1.0 `13.09.2009` `IneX` Method added
*
* @TODO Eventuell muss noch ein header("Location: URL") hinzugefügt werden, weil man sonst im Leeren landet?
*
@@ -303,7 +278,7 @@ static public function unrate ($activity_id)
{
global $db, $user;
- if ($activity_id > 0 && hasRated($activity_id, $user->id))
+ if ($activity_id > 0 && self::hasRated($activity_id, $user->id))
{
$sql = 'DELETE FROM activities_votes WHERE
activity_id = '.$activity_id.'
@@ -318,10 +293,8 @@ static public function unrate ($activity_id)
/**
* Activity durch User bereits bewertet
*
- * @author IneX
- * @date 13.09.2009
* @version 1.0
- * @since 1.0 initial release
+ * @since 1.0 `13.09.2009` `IneX` Method added
*
* @param integer $activity_id ID der Activity, welche überprüft werden soll
* @param integer $user_id Benutzer ID welcher eine Bewertung abgeben möchte
@@ -341,10 +314,9 @@ static public function hasRated ($activity_id, $user_id)
* Activity Owner
* (Gibt die User ID des Activity Owners zurück)
*
- * @author IneX
- * @date 13.09.2009
- * @version 1.0
- * @since 1.0 initial release
+ * @version 1.1
+ * @since 1.0 `13.09.2009` `IneX` Method added
+ * @since 1.1 `27.12.2023` `IneX` Formatted SQL as prepared statement
*
* @param integer $activity_id ID der Activity deren Owner ermittelt werden soll
* @global object $db Globales Class-Object mit allen MySQL-Methoden
@@ -354,8 +326,8 @@ static public function getActivityOwner ($activity_id)
{
global $db;
- $sql = 'SELECT owner FROM activities WHERE id = '.$activity_id;
- $rs = $db->fetch($db->query($sql, __FILE__, __LINE__, __METHOD__));
+ $sql = 'SELECT owner FROM activities WHERE id=?';
+ $rs = $db->fetch($db->query($sql, __FILE__, __LINE__, __METHOD__, [$activity_id]));
return $rs['owner'];
}
@@ -363,10 +335,8 @@ static public function getActivityOwner ($activity_id)
/**
* Activities zählen
*
- * @author IneX
- * @date 13.09.2009
* @version 1.0
- * @since 1.0 initial release
+ * @since 1.0 `13.09.2009` `IneX` Method added
*
* @param integer $user_id Wenn angegeben, werden nur die Activities diesesn Benutzers gezählt
* @global object $db Globales Class-Object mit allen MySQL-Methoden
@@ -389,11 +359,10 @@ static public function countActivities ($user_id=0)
* Wichtig: prüft auf passable $user_id, weil Activities nicht immer per se für
* den aktiven / auslösenden User sind! Deshalb nicht $user->id verwendet.
*
- * @author IneX
- * @date 13.09.2009
- * @version 2.0
- * @since 1.0 `13.09.2009` initial release
- * @since 2.0 `30.10.2018` method updated
+ * @version 2.1
+ * @since 1.0 `13.09.2009` `IneX` Method added
+ * @since 2.0 `30.10.2018` method updated
+ * @since 2.1 `27.12.2023` `IneX` Formatted SQL as prepared statement
*
* @param integer $user_id Benutzer ID für welchen die Einstellung überprüft werden muss
* @global object $db Globales Class-Object mit allen MySQL-Methoden
@@ -406,8 +375,8 @@ static public function checkAllowActivities ($user_id)
/** Validte $user_id - valid integer & not empty/null */
if (empty($user_id) || $user_id === NULL || $user_id <= 0) return false;
- $sql = 'SELECT activities_allow FROM user WHERE id = '.$user_id.' LIMIT 0,1';
- $result = $db->fetch($db->query($sql, __FILE__, __LINE__, __METHOD__));
+ $sql = 'SELECT activities_allow FROM user WHERE id=? LIMIT 1';
+ $result = $db->fetch($db->query($sql, __FILE__, __LINE__, __METHOD__, [$user_id]));
if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $user_id %d => activities_allow: %s (%s)', __METHOD__, __LINE__, $user_id, $result['activities_allow'], ($result['activities_allow'] === '1' ? 'true' : 'false')));
return ( $result ? ($result['activities_allow'] === '1' ? true : false) : false );
}
@@ -418,7 +387,6 @@ static public function checkAllowActivities ($user_id)
*
* Kann mit RSS Readern abonniert werden
*
- * @author IneX
* @version 1.1
* @since 1.0 `18.08.2012` `IneX` initial release
* @since 1.1 `01.12.2020` `IneX` fixed PHP 7 Uncaught Error: [] operator not supported for strings
@@ -485,10 +453,8 @@ static public function getActivitiesRSS ($num=5)
* Daily Activities Summary
* Gibt alle Activities eines Tages zusammengefasst aus
*
- * @author IneX
- * @date 26.05.2018
* @version 1.0
- * @since 1.0 initial release
+ * @since 1.0 `26.05.2018` `IneX` Method added
*
* @FIXME Not yet implemented, finish method
*
@@ -507,31 +473,43 @@ static public function getActivitiesDaily ($date, $num=5, $format='html')
/**
- * Activity notifications
- * Triggers Telegram-Messenger updates for an Activity
+ * Activity notifications.
+ * Triggers Telegram-Messenger updates for an Activity.
*
- * @author IneX
- * @date 18.09.2018
* @version 1.0
- * @since 1.0 `13.09.2009` method added
+ * @since 1.0 `13.09.2009` `IneX` Method added
+ * @since 2.0 `27.12.2023` `IneX` Refactored method to be used Class-wide to Notify
+ *
+ * TODO add support for $forUser (currently always notifies 'group'!)
*
- * @see checkAllowActivities()
+ * @uses usersystem::id2user(), Telegram()
* @param integer $fromUser Benutzer ID der die Activity ausgelöst hat
- * @param integer $forUser Benutzer ID dem die Nachricht zugeordner werden soll (Owner)
- * @param string $activity Activity-Nachricht, welche ausgelöst wurde
- * @param string $activityArea Activity-Area, Bereich zu dessen die Activity ausgelöst wurde
+ * @param string $activityText Activity-Nachricht, welche ausgelöst wurde
+ * @param string $activityArea (Optional) Activity-Area, Bereich zu dessen die Activity ausgelöst wurde
* @global object $user Globales Class-Object mit den User-Methoden & Variablen
* @global object $telegram Globales Class-Object mit den Telegram-Methoden
* @return boolean Returns true/false depending on a the successful execution or not
*/
- static public function notify ($fromUser, $forUser, $activity, $activityArea=NULL, $values=NULL)
+ static public function notify ($fromUser, $activityText, $activityArea=NULL)
{
global $user, $telegram;
- /** Telegram Notification auslösen */
- $telegram->send->message('group', t('telegram-notification', 'activity', [ $user->id2user($fromUser, TRUE), $activity ]), ['disable_notification' => 'true']);
+ // TODO $sendTo = (is_numeric($forUser) && $forUser > 0 ? : 'group');
- return true;
+ /** For Polls */
+ if ($activityArea === 'p')
+ {
+ /** Do nothing because already done in poll_edit.php */
+ return true;
+ }
+ /** For all other Activites */
+ else {
+ zorgDebugger::me()->debug('Attempting to send Telegram Notification');
+ $success = $telegram->send->message('group', t('telegram-notification', 'activity', [ $user->id2user($fromUser, TRUE), $activityText ]), ['disable_notification' => 'true']);
+ zorgDebugger::me()->debug('Telegram Notification %s', [($success !== false ? 'SENT!' : 'NOT SENT')], ($success !== false ? 'DEBUG' : 'ERROR'));
+ return $success;
+ }
+ return false;
}
}
diff --git a/www/includes/config.inc.php b/www/includes/config.inc.php
index f2b075d..9f58535 100644
--- a/www/includes/config.inc.php
+++ b/www/includes/config.inc.php
@@ -354,8 +354,11 @@
if (!defined('ERRORLOG_FILETYPE')) define('ERRORLOG_FILETYPE', (isset($_ENV['ERRORLOG_FILETYPE']) ? $_ENV['ERRORLOG_FILETYPE'] : '.log'));
if (!defined('ERRORLOG_DIR')) define('ERRORLOG_DIR', (isset($_ENV['ERRORLOG_DIR']) ? $_ENV['ERRORLOG_DIR'] : null));
if (!defined('ERRORLOG_FILE')) define('ERRORLOG_FILE', ERRORLOG_DIR.date('Y-m-d').ERRORLOG_FILETYPE);
-if (!defined('ERRORLOG_LEVELS')) define('ERRORLOG_LEVELS', (isset($_ENV['ERROR_REPORTING_LEVELS']) ? $_ENV['ERROR_REPORTING_LEVELS'] : null));
-if (!defined('ERRORLOG_DEBUG_SCOPE')) define('ERRORLOG_DEBUG_SCOPE', (isset($_ENV['DEBUG_SCOPE']) ? $_ENV['DEBUG_SCOPE'] : null));
+if (!defined('ERRORLOG_LEVELS')) define('ERRORLOG_LEVELS', (isset($_ENV['ERROR_REPORTING_LEVELS']) ? $_ENV['ERROR_REPORTING_LEVELS'] : E_ERROR));
+if (!defined('ERRORLOG_DEBUG_SCOPE')) {
+ define('ERRORLOG_DEBUG_SCOPE', isset($_ENV['DEBUG_SCOPE']) ? explode(',', $_ENV['DEBUG_SCOPE']) : []);
+}
+error_reporting(ERRORLOG_LEVELS);
require_once INCLUDES_DIR.'errlog.inc.php';
//set_error_handler('zorgErrorHandler');
diff --git a/www/includes/errlog.inc.php b/www/includes/errlog.inc.php
index 0984a1e..1b6f9e9 100644
--- a/www/includes/errlog.inc.php
+++ b/www/includes/errlog.inc.php
@@ -20,7 +20,6 @@
if (!defined('ERROR')) define('ERROR', E_USER_WARNING);
if (!defined('WARNING')) define('WARNING', E_USER_NOTICE);
-error_reporting(ERRORLOG_LEVELS);
//error_reporting(FATAL | ERROR | WARNING);
//set_error_handler('zorgErrorHandler');
@@ -94,6 +93,8 @@ class zorgDebugger
public function __construct()
{
$this->isDevelopmentEnvironment = defined('DEVELOPMENT') && DEVELOPMENT;
+ $this->debug('%s', [$this->isDevelopmentEnvironment ? 'Development Environment' : 'Non-Dev Environment']);
+ $this->debug('SITE_HOSTNAME: %s', [SITE_HOSTNAME]);
}
/**
@@ -129,8 +130,8 @@ public function debug($message, $params = [], $customLoglevel='DEBUG')
$origin = $this->getOrigin();
if (is_null(ERRORLOG_DEBUG_SCOPE) ||
- ERRORLOG_DEBUG_SCOPE === $origin['function'] ||
- ERRORLOG_DEBUG_SCOPE === basename($origin['file']))
+ in_array($origin['function'], ERRORLOG_DEBUG_SCOPE) ||
+ in_array(basename($origin['file']), ERRORLOG_DEBUG_SCOPE))
{
$this->log($customLoglevel, $message, $params, $origin);
}
diff --git a/www/includes/forum.inc.php b/www/includes/forum.inc.php
index 7bd2341..1a29215 100644
--- a/www/includes/forum.inc.php
+++ b/www/includes/forum.inc.php
@@ -699,7 +699,8 @@ static function post($parent_id, $board, $user_id, $text, $msg_users=NULL)
if (Thread::hasRights($board, $thread_id, $user_id))
{
/** Böse Sachen aus dem Text entfernen */
- $text = sanitize_userinput($text);
+ //$text = sanitize_userinput($text);
+ $text = htmlspecialchars_decode($text, ENT_COMPAT | ENT_SUBSTITUTE);
/** Comment in die DB abspeichern */
$comment_error = (isset($comment_error) ? $comment_error : '');
diff --git a/www/includes/geo2ip.inc.php b/www/includes/geo2ip.inc.php
index b028859..63de351 100644
--- a/www/includes/geo2ip.inc.php
+++ b/www/includes/geo2ip.inc.php
@@ -79,8 +79,8 @@ public function __construct()
*/
$this->storeUserIPToSession($this->UserIPaddress);
$this->setMaxmindIPDetails();
- } elseif (DEVELOPMENT === true) {
- error_log(sprintf('[DEBUG] <%s:%d> getDataFromSession(%s): SESSION CACHE HIT!', __METHOD__, __LINE__, $this->UserIPaddress));
+ } else {
+ \zorgDebugger::me()->debug('getDataFromSession(%s): SESSION CACHE HIT!', [$this->UserIPaddress]);
}
}
@@ -120,7 +120,7 @@ private function getRealIPaddress()
foreach(explode(',', $_SERVER[$ServerVar]) as $ip_address)
{
/** Validate IP-Address from $_SERVER var */
- if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> %s => %s', __METHOD__, __LINE__, $ServerVar, $ip_address));
+ \zorgDebugger::me()->debug('%s => %s', [$ServerVar, $ip_address]);
$checked_IPaddress = $this->validateIPaddress((string)$ip_address);
if (!empty($checked_IPaddress) && false !== $checked_IPaddress)
@@ -129,7 +129,7 @@ private function getRealIPaddress()
return $checked_IPaddress;
}
}
- if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> %s => %s', __METHOD__, __LINE__, $ip_address, (empty($checked_IPaddress) ? 'empty' : ($checked_IPaddress === false ? 'false' : $checked_IPaddress))));
+ \zorgDebugger::me()->debug('%s => %s', [$ip_address, (empty($checked_IPaddress) ? 'empty' : ($checked_IPaddress === false ? 'false' : $checked_IPaddress))]);
}
}
diff --git a/www/includes/mysql.inc.php b/www/includes/mysql.inc.php
index d9d9712..be0b43a 100644
--- a/www/includes/mysql.inc.php
+++ b/www/includes/mysql.inc.php
@@ -111,7 +111,7 @@ function query($sql, $file='', $line=0, $funktion='', $params=[]) {
if (empty($params)) {
$result = mysqli_query($this->conn, $sql);
/* Log SQL-Queries not upgraded to Prepared Statements */
- if (DEVELOPMENT) error_log(sprintf('[DEPRECATED] <%s> Required SQL-Query update for mysqli_prepare(): %s:%d', $funktion, $file, $line));
+ zorgDebugger::me()->debug('<%s> is no SQL prepared statement, in %s:%d', [$funktion, $file, $line]);
} else {
$stmt = mysqli_prepare($this->conn, $sql);
if ($stmt === false) throw new mysqli_sql_exception(mysqli_error($this->conn));
@@ -187,7 +187,7 @@ function query($sql, $file='', $line=0, $funktion='', $params=[]) {
}
}
} catch (mysqli_sql_exception $e) {
- if (DEVELOPMENT === true) var_dump([$file, $funktion, $line, $sql, $params]);
+ zorgDebugger::me()->debug('%s', [$e->getMessage()]);
die($e->getMessage());
}
}
@@ -310,7 +310,7 @@ function numfields($result) {
* @return array
*/
function tables() {
- $query = "SHOW TABLES FROM " . $_ENV['MYSQL_DATABASE'];
+ $query = 'SHOW TABLES FROM '.$_ENV['MYSQL_DATABASE'];
$result = mysqli_query($this->conn, $query);
$tables = array();
while ($row = mysqli_fetch_row($result)) {
@@ -348,7 +348,7 @@ function insert($table, $values, $file='', $line=0, $funktion=null)
$insertKeys = '(`'.implode('`,`', array_keys($values)).'`)';
$insertValues = implode(',', array_fill(0, count($values), '?'));
$sql = sprintf('INSERT INTO `%s` %s VALUES (%s)', $table, $insertKeys, $insertValues);
- if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> $db->insert() query: %s%s', __METHOD__, __LINE__, $sql, print_r($values,true)));
+ zorgDebugger::me()->debug('$db->insert() SQL: %s%s', [$sql, print_r($values,true)]);
foreach ($values as $key => $val) {
if (strtolower($val) === 'now()') {
$values[$key] = timestamp(true); // Fix "NOW()" => NOW() without quotes
@@ -429,7 +429,6 @@ function update($table, $id, $values, $file='', $line='', $funktion='')
$conditions[$id[$i]] = $id[$i+1]; // map $id[0] => $id[1], $id[2] => $id[3],... to $conditions-Array
$i++;
}
- //if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> $db->update() $conditions[ %s ]', __METHOD__, __LINE__, print_r($conditions,true)));
foreach ($conditions as $field => $value) {
$sql .= $field.'=?';//.(is_numeric($value) ? $value : '"'.$value.'"');
$params[] = $value;
@@ -437,7 +436,7 @@ function update($table, $id, $values, $file='', $line='', $funktion='')
if ($field !== key($conditions)) $sql .= ' OR '; // Add Separator if not last Array-Iteration
}
}
- if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> $db->update() $sql: %s', __METHOD__, __LINE__, $sql));
+ zorgDebugger::me()->debug('$db->update() SQL: %s', [$sql]);
return $this->query($sql, $file, $line, $funktion, $params);
//return mysql_affected_rows();
}
diff --git a/www/includes/smarty.fnc.php b/www/includes/smarty.fnc.php
index a327b07..0f0de1e 100644
--- a/www/includes/smarty.fnc.php
+++ b/www/includes/smarty.fnc.php
@@ -1181,7 +1181,7 @@ function smarty_menuname_exec ($name)
}*/
foreach ($nameArray as $it)
{
- if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> smarty_menuname_exec: "%s" on tpl_id %d', __FUNCTION__, __LINE__, $it, $tpl_id));
+ zorgDebugger::me()->debug('«%s» on tpl_id %s', [$it, strval($tpl_id)]);
if (!empty($it)) {
/** Check if menu with same name already exists... */
$menuExists = $db->fetch($db->query('SELECT * FROM menus WHERE name=?',
@@ -1189,13 +1189,13 @@ function smarty_menuname_exec ($name)
//if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> $menuExists Query: %s', __FUNCTION__, __LINE__, print_r($menuExists,true)));
if ($menuExists !== false && $menuExists['tpl_id'] === $tpl_id)
{
- if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> $menuExists: TRUE (tpl_id: %d)', __FUNCTION__, __LINE__, $tpl_id));
+ zorgDebugger::me()->debug('$menuExists: TRUE (tpl_id: %d)', [strval($tpl_id)]);
//return sprintf('Menuname "%s" existiert schon mit der id#%d und wurde deshalb nicht gespeichert!
Bitte anderen Namen verwenden.', $it, $tpl_id);
}
/** Menu mit $name gibt es noch nicht, deshlab erstellen wir es neu */
else {
- if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> $menuExists: FALSE (adding new)', __FUNCTION__, __LINE__));
+ zorgDebugger::me()->debug('$menuExists: FALSE (adding new)');
$db->query('INSERT INTO menus (tpl_id, name) VALUES (?, ?)',
__FILE__, __LINE__, __FUNCTION__, [$tpl_id, $it]);
//$smarty->assign('error', ['type' => 'success', 'dismissable' => 'true', 'title' => sprintf('Neues Menu "%s" erfolgreich gespeichert', $it), 'message' => 'Du kannst es jetzt im Template-Editor einer Page auswählen.']);
diff --git a/www/includes/smarty.inc.php b/www/includes/smarty.inc.php
index 837238f..ac9436c 100644
--- a/www/includes/smarty.inc.php
+++ b/www/includes/smarty.inc.php
@@ -337,7 +337,7 @@ function load_packages($tpl_id, &$smarty)
$packagesQuery = 'SELECT pkg.name as name FROM packages pkg INNER JOIN tpl_packages tplp ON pkg.id = tplp.package_id WHERE tplp.tpl_id=?';
$packagesFound = $db->query($packagesQuery, __FILE__, __LINE__, __FUNCTION__, [$tpl]);
$numPackagesFound = (int)$db->num($packagesFound);
- if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> Found %d packages for template #%d', __FUNCTION__, __LINE__, $numPackagesFound, $tpl));
+ zorgDebugger::me()->debug('Found %d packages for template «%s»', [$numPackagesFound, strval($tpl)]);
/** 1 or more Packages found */
if ($numPackagesFound > 0)
@@ -347,7 +347,7 @@ function load_packages($tpl_id, &$smarty)
/** Check if $package matches a PHP-File (Package) */
$package_file = basename($packages['name']); // Remove any directory traversal characters
$package_filepath = SMARTY_PACKAGES_DIR.$package_file.SMARTY_PACKAGES_EXTENSION;
- if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> Loading package "%s" from %s', __FUNCTION__, __LINE__, $package_file, $package_filepath));
+ zorgDebugger::me()->debug('Loading package «%s» from %s', [$package_file, $package_filepath]);
if (is_file($package_filepath) !== false)
{
require_once $package_filepath;
@@ -364,7 +364,7 @@ function load_packages($tpl_id, &$smarty)
/** 0 Packages found (but this is no error) */
elseif ($numPackagesFound === 0)
{
- if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> Template #%d has no packages associated', __FUNCTION__, __LINE__, $tpl));
+ zorgDebugger::me()->debug('Template «%s» has no packages associated', [strval($tpl)]);
return true;
}
} else {
diff --git a/www/includes/spaceweather.inc.php b/www/includes/spaceweather.inc.php
index dbc2353..e3f0904 100644
--- a/www/includes/spaceweather.inc.php
+++ b/www/includes/spaceweather.inc.php
@@ -232,7 +232,7 @@ function spaceweather_ticker() {
}
if(isset($add[$rs['name']]) && !empty($add[$rs['name']][0]))
{
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $rs[name] exists: %s | value: %s', __FUNCTION__, __LINE__, $add[$rs['name']][0], (isset($add[$rs['name']][1]) ? $add[$rs['name']][1] : 'null')));
+ zorgDebugger::me()->debug('$rs[name]=%s exists, value: %s', [$add[$rs['name']][0], (isset($add[$rs['name']][1]) ? $add[$rs['name']][1] : 'null')]);
$sw[] = [ 'type' => $add[$rs['name']][0], 'value' => $rs['wert'].(isset($add[$rs['name']][1]) ? " ".$add[$rs['name']][1] : '') ];
}
}
diff --git a/www/includes/telegrambot.inc.php b/www/includes/telegrambot.inc.php
index e5b5dbb..5886bc8 100644
--- a/www/includes/telegrambot.inc.php
+++ b/www/includes/telegrambot.inc.php
@@ -78,8 +78,8 @@ public function send($userScope, $messageType, $content)
global $user;
/** Parse $_ENV vars into $botconfigs */
- if (null !== $_ENV['TELEGRAM_BOT_API_KEY'] || null !== $_ENV['TELEGRAM_BOT']) {
- error_log(sprintf('[WARN] <%s:%d> Missing Telegram Bot Configs!', __METHOD__, __LINE__));
+ if (empty($_ENV['TELEGRAM_BOT_API_KEY']) || empty($_ENV['TELEGRAM_BOT'])) {
+ zorgDebugger::me()->warn('Missing Telegram Bot Configs! TELEGRAM_BOT_API_KEY=%s | TELEGRAM_BOT=%s', [$_ENV['TELEGRAM_BOT_API_KEY'],$_ENV['TELEGRAM_BOT']]);
return false;
} else {
$botconfigs = [ 'api_key' => $_ENV['TELEGRAM_BOT_API_KEY']
@@ -104,13 +104,13 @@ public function send($userScope, $messageType, $content)
{
/** USER: If $userScope = User-ID: get the Telegram Chat-ID */
case is_numeric($userScope) && $userScope > 0:
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> Checking for User Telegram Chat-ID...', __METHOD__, __LINE__));
+ zorgDebugger::me()->debug('Checking for User Telegram Chat-ID...');
$telegramChatId = $user->userHasTelegram($userScope);
break;
/** GROUP: If $userScope = 'group': get the Telegram Groupchat-ID */
case 'group':
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> Checking for Group Telegram Chat-ID...', __METHOD__, __LINE__));
+ zorgDebugger::me()->debug('Checking for Group Telegram Chat-ID...');
$telegramChatId = $botconfigs['TELEGRAM_GROUPCHAT_ID'];
break;
@@ -128,7 +128,7 @@ public function send($userScope, $messageType, $content)
/** Build API Call */
$parameters = array_merge( $content, [ 'chat_id' => $telegramChatId ] );
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> Telegram Message $parameters Array:'."\n\r%s", __METHOD__, __LINE__, print_r($parameters, true)));
+ zorgDebugger::me()->debug('Telegram Message $parameters Array: %s', [print_r($parameters, true)]);
if (is_array($parameters) && !empty($parameters))
{
/** Validate & compose the Parameter-Query for the API Call */
@@ -139,8 +139,8 @@ public function send($userScope, $messageType, $content)
/**
* Sending the Telegram message
*/
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> using "%s" to Chat "%s"', __METHOD__, __LINE__, $messageType, $telegramChatId));
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> API call: %s', __METHOD__, __LINE__, $telegramAPIcall));
+ zorgDebugger::me()->debug('Using "%s" to Chat "%s"', [$messageType, strval($telegramChatId)]);
+ zorgDebugger::me()->debug('API call: %s', [$telegramAPIcall]);
if (!empty($messageType))
{
/** Create a stream_context for the file_get_contents HTTP request */
@@ -156,11 +156,11 @@ public function send($userScope, $messageType, $content)
*/
if (is_array($http_response_header))
{
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> file_get_contents() $http_response_header:'."\n\r%s\n\r".'$httpResponseBody:'."\n\r%s", __METHOD__, __LINE__, print_r($http_response_header, true), $httpResponseBody));
+ zorgDebugger::me()->debug('file_get_contents() $http_response_header: %s | $httpResponseBody: %s', [print_r($http_response_header, true), $httpResponseBody]);
preg_match('{HTTP\/\S*\s(\d{3})}', $http_response_header[0], $match);
if ($match[1] !== '200')
{
- error_log(sprintf('[ERROR] <%s:%d> Telegram %s failed with HTTP status code %s and response:'."\n\r%s", __METHOD__, __LINE__, $messageType, $match[0], $httpResponseBody));
+ zorgDebugger::me()->error('Telegram %s failed with HTTP status code %s and response: %s', [$messageType, $match[0], $httpResponseBody]);
return false;
} else {
return true;
@@ -170,12 +170,12 @@ public function send($userScope, $messageType, $content)
}
}
} else {
- error_log(sprintf('[WARN] <%s:%d> "%s" did not pass validation!', __METHOD__, __LINE__, $messageType));
+ zorgDebugger::me()->warn('«%s» did not pass validation!', [$messageType]);
return false;
}
}
} else {
- error_log( t('invalid-telegram-chatid', 'messagesystem') );
+ zorgDebugger::me()->warn(t('invalid-telegram-chatid', 'messagesystem'));
return false;
}
}
@@ -219,13 +219,13 @@ public function mentionUser($userid)
LIMIT 1';
$telegramUserIds = $db->fetch($db->query($sql, __FILE__, __LINE__, __METHOD__));
$telegramUserId = $telegramUserIds['tui'];
- if (DEVELOPMENT) error_log("[DEBUG] <" . __METHOD__ . "> found Telegram User ID $telegramUserId");
+ zorgDebugger::me()->debug('Found Telegram User ID «%d»', [$telegramUserId]);
if (!empty($telegramUserId))
{
$username = $user->id2user($telegramUserId);
$link = sprintf('%s', $telegramUserId, $username);
- if (DEVELOPMENT) error_log("[DEBUG] <" . __METHOD__ . "> returns HTML-link: $link");
+ zorgDebugger::me()->debug('Returns HTML-link:', [$link]);
return $telegramUserIds['tui'];
} else {
return false;
@@ -256,7 +256,7 @@ public function mentionUser($userid)
*/
public function formatText($notificationText)
{
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> passed raw string: %s', __METHOD__, __LINE__, $notificationText));
+ zorgDebugger::me()->debug('Passed raw string: %s', [$notificationText]);
/**
* Strip away all HTML-tags & unix line breaks
@@ -302,8 +302,8 @@ public function formatText($notificationText)
* Decode HTML-Entities
*/
$notificationText = html_entity_decode($notificationText);
+ zorgDebugger::me()->debug('Processed string: %s', [$notificationText]);
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> processed string for return: %s', __METHOD__, __LINE__, $notificationText));
return ( !empty($notificationText) ? $notificationText : false );
}
@@ -412,7 +412,7 @@ private function validateData($messageType, array $parameters)
}
/** Check if $messageType matches any available $_telegramMessageModels */
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> checking array_key_exists in $_telegramMessageModels for "%s"', __METHOD__, __LINE__, $messageType));
+ zorgDebugger::me()->debug('Checking array_key_exists in $_telegramMessageModels for "%s"', [$messageType]);
if (isset($_telegramMessageModels[$messageType]))
{
if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> SUCCESS: $messageType "%s" found and is OK', __METHOD__, __LINE__, $messageType));
@@ -425,13 +425,14 @@ private function validateData($messageType, array $parameters)
* if ( !array_key_exists($parameters, $value) ) error_log(sprintf('[WARN] '.__METHOD__.': Value %s is required but was not passed!', $key+1));
* }
*/
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> Checking $parameters for presence of required parameter "%s"', __METHOD__, __LINE__, $_telegramMessageModels[$messageType]['required'][0]));
+ zorgDebugger::me()->debug('Checking $parameters for presence of required parameter "%s"', [$_telegramMessageModels[$messageType]['required'][0]]);
if ( !isset($parameters[$_telegramMessageModels[$messageType]['required'][0]]) )
{
error_log(sprintf('[WARN] <%s:%d> Value %s is required but was not passed!', __METHOD__, __LINE__, $_telegramMessageModels[$messageType]['required'][0]));
return false;
} else {
if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> SUCCESS: required parameter "%s" found and is OK', __METHOD__, __LINE__, $_telegramMessageModels[$messageType]['required'][0]));
+ zorgDebugger::me()->debug('SUCCESS: required parameter "%s" found and is OK', [$_telegramMessageModels[$messageType]['required'][0]]);
/**
* Build the Data-Array with key:value pairs assigned
@@ -443,8 +444,9 @@ private function validateData($messageType, array $parameters)
* 'text' => $notificationText,
* ];
*/
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> Building $data Array for Function return', __METHOD__, __LINE__));
$data = [];
+ zorgDebugger::me()->debug('Building $data Array for Function return');
+
/** Assign key=>value pairs for Global Parameters */
if (!empty($parameters['chat_id']))
@@ -463,7 +465,7 @@ private function validateData($messageType, array $parameters)
/** Assign key=>value pairs for $messageType Required Parameters */
foreach ((array) $_telegramMessageModels[$messageType]['required'] as $requiredParameter)
{
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> array_push to $data Array for key=>value pair "%s"', __METHOD__, __LINE__, $requiredParameter));
+ zorgDebugger::me()->debug('array_push to $data Array for key=>value pair "%s"', [$requiredParameter]);
$data[$requiredParameter] = $this->formatText($parameters[$requiredParameter]);
}
@@ -472,18 +474,18 @@ private function validateData($messageType, array $parameters)
{
foreach ((array) $_telegramMessageModels[$messageType]['optional'] as $optionalParameter)
{
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> array_push to $data Array for key=>value pair "%s"', __METHOD__, __LINE__, $optionalParameter));
+ zorgDebugger::me()->debug('array_push to $data Array for key=>value pair "%s"', [$optionalParameter]);
if (!empty($parameters[$optionalParameter])) $data[$optionalParameter] = $parameters[$optionalParameter];
}
}
/** Return Data-Array with key:value pairs assigned */
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> Complete $data Array:'."\n\r%s", __METHOD__, __LINE__, print_r($data, true)));
+ zorgDebugger::me()->debug('Complete $data Array: %s', [print_r($data, true)]);
return $data;
}
} else {
- error_log(sprintf('[WARN] <%s:%d> Telegram Message Type "%s" is invalid!', __METHOD__, __LINE__, $messageType));
+ zorgDebugger::me()->warn('Telegram Message Type "%s" is invalid!', [$messageType]);
return false;
}
}
@@ -504,7 +506,7 @@ class send extends Telegram
* Send as regular Chat-Message
*/
public function message($scope, $text, $parameters=[]) {
- $this->send( $scope, 'sendMessage', array_merge(['text' => $text], $parameters) );
+ return $this->send( $scope, 'sendMessage', array_merge(['text' => $text], $parameters) );
}
/**
@@ -513,7 +515,7 @@ public function message($scope, $text, $parameters=[]) {
* Send as Photo
*/
public function photo($scope, $photo, $caption=NULL, $parameters=[]) {
- $this->send( $scope, 'sendPhoto', array_merge(['photo' => $photo], ['caption' => $caption], $parameters) );
+ return $this->send( $scope, 'sendPhoto', array_merge(['photo' => $photo], ['caption' => $caption], $parameters) );
}
/**
@@ -523,7 +525,7 @@ public function photo($scope, $photo, $caption=NULL, $parameters=[]) {
* @link https://core.telegram.org/bots/api/#inputmedia
*/
public function gallery($scope, array $inputMedia, $parameters=[]) {
- $this->send( $scope, 'sendMediaGroup', array_merge($inputMedia, $parameters) );
+ return $this->send( $scope, 'sendMediaGroup', array_merge($inputMedia, $parameters) );
}
/**
@@ -532,7 +534,7 @@ public function gallery($scope, array $inputMedia, $parameters=[]) {
* Send as File
*/
public function document($scope, $document, $caption=NULL, $parameters=[]) {
- $this->send( $scope, 'sendDocument', array_merge(['document' => $document], ['caption' => $caption], $parameters) );
+ return $this->send( $scope, 'sendDocument', array_merge(['document' => $document], ['caption' => $caption], $parameters) );
}
/**
@@ -541,7 +543,7 @@ public function document($scope, $document, $caption=NULL, $parameters=[]) {
* Send a Location Ping for a temporary amount of time
*/
public function location($scope, float $latitude, float $longitude, $live_period=NULL, $parameters=[]) {
- $this->send( $scope, 'sendLocation', array_merge(['latitude' => $latitude], ['longitude' => $longitude], ['live_period' => $live_period], $parameters) );
+ return $this->send( $scope, 'sendLocation', array_merge(['latitude' => $latitude], ['longitude' => $longitude], ['live_period' => $live_period], $parameters) );
}
/**
@@ -550,7 +552,7 @@ public function location($scope, float $latitude, float $longitude, $live_period
* Send a static Location info for a certain Place
*/
public function event($scope, float $latitude, float $longitude, $title, $address, $foursquare_id=NULL, $parameters=[]) {
- $this->send( $scope, 'sendVenue', array_merge(['latitude' => $latitude], ['longitude' => $longitude], ['title' => $title], ['address' => $address], ['foursquare_id' => $foursquare_id], $parameters) );
+ return $this->send( $scope, 'sendVenue', array_merge(['latitude' => $latitude], ['longitude' => $longitude], ['title' => $title], ['address' => $address], ['foursquare_id' => $foursquare_id], $parameters) );
}
/**
@@ -561,7 +563,7 @@ public function event($scope, float $latitude, float $longitude, $title, $addres
* @TODO Stop Poll on close via chat_id using https://core.telegram.org/bots/api#stoppoll
*/
public function poll($scope, $question, $options, $is_anonymous=true, $type='regular', $allows_multiple_answers=false, $correct_option_id=null, $parameters=[]) {
- $this->send( $scope, 'sendPoll', array_merge(
+ return $this->send( $scope, 'sendPoll', array_merge(
['question' => $question] // 1-300 characters
,['options' => $options] // JSON-serialized list of answer options, 2-10 strings 1-100 characters each
,['is_anonymous' => ($is_anonymous ? 'true' : 'false')] // (Optional) True, if the poll needs to be anonymous, defaults to True
@@ -577,5 +579,5 @@ public function poll($scope, $question, $options, $is_anonymous=true, $type='reg
* Instantiating new Telegram Class-Object
* @TODO Fix this "dirty hack" with instantiated "$telegram->send"-object...
*/
-$telegram = new Telegram();
+//$telegram = new Telegram();
$telegram->send = new send();
diff --git a/www/includes/usersystem.inc.php b/www/includes/usersystem.inc.php
index da9a83c..2c4cd61 100644
--- a/www/includes/usersystem.inc.php
+++ b/www/includes/usersystem.inc.php
@@ -205,16 +205,16 @@ function __construct()
{
/** Session init'en */
session_start();
- if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> Existing Session restarted', __METHOD__, __LINE__));
+ zorgDebugger::me()->debug('Existing Session restarted');
/** $_SESSION[user_id] not yet available -> if not on forced Login / Logout try to Autologin */
if (!isset($_SESSION['user_id']) && !isset($_POST['username']) && !isset($_POST['logout']))
{
/** We got Cookies --> Autologin! */
- if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> $_SESSION[user_id] missing & no login/logout...', __METHOD__, __LINE__));
+ zorgDebugger::me()->debug('$_SESSION[user_id] missing & no login/logout...');
if (!empty($_COOKIE[ZORG_COOKIE_USERID]) && !empty($_COOKIE[ZORG_COOKIE_USERPW]))
{
- if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> Autologin-Cookies existieren -> Login-Passthrough', __METHOD__, __LINE__));
+ zorgDebugger::me()->debug('Autologin-Cookies existieren -> Login-Passthrough');
$this->login($_COOKIE[ZORG_COOKIE_USERID]); // Do NOT send $_COOKIE[ZORG_COOKIE_USERPW] here - because it only contains the PW-Hash!
}
}
@@ -229,13 +229,13 @@ function __construct()
isset($_SESSION['user_id']) && !empty($_SESSION['user_id']) && $_SESSION['user_id'] > 0)
{
/** Query User Infos in der DB */
- if (DEVELOPMENT === true) error_log(sprintf('[DEBUG] <%s:%d> Session re-started inkl. $_SESSION[user_id]!', __METHOD__, __LINE__));
- $sql = 'SELECT *'.
- ',UNIX_TIMESTAMP('.$this->field_activity.') as '.$this->field_activity.
- ',UNIX_TIMESTAMP('.$this->field_lastlogin.') as '.$this->field_lastlogin.
- ',UNIX_TIMESTAMP('.$this->field_currentlogin.') as '.$this->field_currentlogin.
- ' FROM '.$this->table_name.' WHERE id = '.$_SESSION['user_id'];
- $result = $db->query($sql, __FILE__, __LINE__);
+ zorgDebugger::me()->debug('Session re-started inkl. $_SESSION[user_id]');
+ $sql = 'SELECT *,
+ UNIX_TIMESTAMP('.$this->field_activity.') as '.$this->field_activity.',
+ UNIX_TIMESTAMP('.$this->field_lastlogin.') as '.$this->field_lastlogin.',
+ UNIX_TIMESTAMP('.$this->field_currentlogin.') as '.$this->field_currentlogin.'
+ FROM '.$this->table_name.' WHERE id=?';
+ $result = $db->query($sql, __FILE__, __LINE__, __METHOD__, [$_SESSION['user_id']]);
$rs = $db->fetch($result);
if (!empty($rs) && $rs !== false)
@@ -272,9 +272,7 @@ function __construct()
$this->irc = $rs[$this->field_irc];
$this->activity = $rs[$this->field_activity];
$this->lastlogin = $rs[$this->field_lastlogin];
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $user->lastlogin: %s', __METHOD__, __LINE__, $this->lastlogin));
$this->currentlogin = $rs[$this->field_currentlogin];
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> $user->currentlogin: %s', __METHOD__, __LINE__, $this->currentlogin));
$this->ausgesperrt_bis = $rs[$this->field_ausgesperrt_bis];
if ($this->ausgesperrt_bis > time()) $_geaechtet[] = $this->id;
//$this->last_ip = $rs[$this->field_last_ip]; // @DEPRECATED
@@ -304,7 +302,10 @@ function __construct()
*/
$userMobileClientAgent = isMobileClient($_SERVER['HTTP_USER_AGENT']);
$this->from_mobile = (!empty($userMobileClientAgent) ? reset($userMobileClientAgent) : false );
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> isMobileClient(): %s => %s', __METHOD__, __LINE__, $_SERVER['HTTP_USER_AGENT'], ( $this->from_mobile ? $this->from_mobile : 'false')));
+
+ zorgDebugger::me()->debug('$user->lastlogin: %s', [strval($this->lastlogin)]);
+ zorgDebugger::me()->debug('$user->currentlogin: %s', [strval($this->currentlogin)]);
+ zorgDebugger::me()->debug('$user->from_mobile: %s => %s', [$_SERVER['HTTP_USER_AGENT'], ($this->from_mobile ? $this->from_mobile : 'false')]);
/**
* Update last user activity
@@ -1194,17 +1195,17 @@ function checkimage($userid)
/** Check for cached Gravater */
if (is_file($user_imgpath_gravatar) !== false) // TODO use fileExists() method from util.inc.php?
{
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> userImage GRAVATAR exists/cached: %s', __METHOD__, __LINE__, $user_imgpath_gravatar));
+ zorgDebugger::me()->debug('userImage GRAVATAR exists/cached: %s', [strval($user_imgpath_gravatar)]);
return $user_imgpath_gravatar;
/** Check for custom Userpic */
} elseif (is_file($user_imgpath_custom) !== false) {
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> userImage ZORG exists/cached: %s', __METHOD__, __LINE__, $user_imgpath_custom));
+ zorgDebugger::me()->debug('userImage ZORG exists/cached: %s', [strval($user_imgpath_custom)]);
return $user_imgpath_custom;
/** Return false if no userpic cached */
} else {
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> userImage not cached: querying Gravatar', __METHOD__, __LINE__));
+ zorgDebugger::me()->debug('userImage NOT CACHED: querying Gravatar');
return false;
}
}
@@ -1240,7 +1241,7 @@ function userImage($userid, $large=false)
/** If no userpic-file exists, query Gravatar with USER_IMGPATH_DEFAULT as fallback image */
} else {
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> userImage not cached for $userid %d', __METHOD__, __LINE__, $userid));
+ zorgDebugger::me()->debug('userImage not cached for $userid: %s', [strval($userid)]);
return $this->get_gravatar(
$this->id2useremail($userid)
,($large ? USER_IMGSIZE_LARGE : USER_IMGSIZE_SMALL)
@@ -2241,11 +2242,11 @@ function exec_aussperren($user_id, $date_array)
if (isset($_POST['logout']))
{
/** exec the User logout */
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> exec User logout', '$_POST[logout]', __LINE__));
+ zorgDebugger::me()->debug('exec User logout');
usersystem::logout();
} else {
/** Instantiate a new usersystem Class */
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> Instantiate a new usersystem Class', 'false === $_POST[logout]', __LINE__));
+ zorgDebugger::me()->debug('Instantiate new usersystem Class');
$user = new usersystem();
}
@@ -2254,7 +2255,7 @@ function exec_aussperren($user_id, $date_array)
*/
if (isset($_POST['do']) && $_POST['do'] === 'login')
{
- if (DEVELOPMENT) error_log(sprintf('[DEBUG] <%s:%d> exec User login (Form): %s', 'LOGIN mit Login-Formular', __LINE__, print_r($_POST, true)));
+ zorgDebugger::me()->debug('exec User login (Form): %s', [print_r($_POST, true)]);
if (!empty($_POST['username']) && !empty($_POST['password']))
{
$login_username = (string)$_POST['username'];
diff --git a/www/js/ajax/post-telegrammessage.php b/www/js/ajax/post-telegrammessage.php
index df0920d..0efe2cb 100644
--- a/www/js/ajax/post-telegrammessage.php
+++ b/www/js/ajax/post-telegrammessage.php
@@ -21,7 +21,7 @@
*/
if (isset($_POST['message']) && !empty($_POST['message']))
{
- $messageText = sanitize_userinput($_POST['message']);
+ $messageText = $_POST['message'];
if (is_array($messageText) || is_numeric($messageText))
{
http_response_code(400); // Set response code 400 (bad request) and exit.
@@ -34,12 +34,12 @@
}
} else {
http_response_code(400); // Set response code 400 (bad request) and exit.
- die(json_encode('Missing POST-Parameter'));
+ die(json_encode('Missing POST-Parameter'));
}
if (isset($_POST['contact']) && !empty($_POST['contact']))
{
$contactName = sanitize_userinput($_POST['contact']);
- if (is_array($contactName) || is_numeric($contactName))
+ if (!is_numeric($contactName))
{
http_response_code(400); // Set response code 400 (bad request) and exit.
die(json_encode('Invalid POST-Parameter'));
@@ -51,7 +51,7 @@
}
} else {
http_response_code(400); // Set response code 400 (bad request) and exit.
- die(json_encode('Missing POST-Parameter'));
+ die(json_encode('Missing POST-Parameter'));
}
/**
diff --git a/www/js/ajax/verein_mailer/set-mailsend.php b/www/js/ajax/verein_mailer/set-mailsend.php
index 549ecd2..905bdec 100644
--- a/www/js/ajax/verein_mailer/set-mailsend.php
+++ b/www/js/ajax/verein_mailer/set-mailsend.php
@@ -72,13 +72,13 @@
communication_type,
subject_text,
preview_text,
- "'.sanitize_userinput($compiledMailTpl).'" as message_text,
+ ? as message_text,
template_id,
sender_id,
- '.$recipient_id.' as recipient_id
+ ? as recipient_id
FROM verein_correspondence
WHERE template_id=? AND recipient_id=?';
- $messageId = $db->query($insertMailQuery, __FILE__, __LINE__, 'AJAX.POST(set-mailsend)', [$_POST['template_id'], VORSTAND_USER]);
+ $messageId = $db->query($insertMailQuery, __FILE__, __LINE__, 'AJAX.POST(set-mailsend)', [$compiledMailTpl, $recipient_id, $_POST['template_id'], VORSTAND_USER]);
if ( isset($messageId) && $messageId > 0 )
{
diff --git a/www/pimp.php b/www/pimp.php
index 9dba68d..e1f60ad 100644
--- a/www/pimp.php
+++ b/www/pimp.php
@@ -24,6 +24,7 @@
function PostToHost($host, $path, $referer, $data_to_send) {
+ $res = '';
$fp = fsockopen($host,80);
fputs($fp, "POST $path HTTP/1.1\n");
fputs($fp, "Host: $host\n");
@@ -87,14 +88,14 @@ function rnd_id($total) {
return rand (1,$total);
}
-$first = (string)$_POST['first'];
-$last = (string)$_POST['last'];
+$first = (string)htmlspecialchars_decode($_POST['first'], ENT_COMPAT | ENT_SUBSTITUTE);
+$last = (string)htmlspecialchars_decode($_POST['last'], ENT_COMPAT | ENT_SUBSTITUTE);
$doAction = (string)$_POST['do'];
// pimpern von playerappreciate.com
-if($_POST['do'] == "pimpme"){
+if($doAction === "pimpme"){
- $data = 'First='.sanitize_userinput($first).'&Last='.sanitize_userinput($last).'&Pimpify=Pimpify!';
+ $data = 'First='.$first.'&Last='.$last.'&Pimpify=Pimpify!';
$x = PostToHost(
"www.playerappreciate.com",
@@ -116,16 +117,16 @@ function rnd_id($total) {
$total = $rs['anzahl'];
$id = rnd_id($total);
- $sql = 'SELECT * FROM pimp WHERE id = '.$id;
- $result = $db->query($sql);
+ $sql = 'SELECT * FROM pimp WHERE id=?';
+ $result = $db->query($sql, __FILE__, __LINE__, 'SELECT FROM pimp', [$id]);
$rs = $db->fetch($result);
$prefix = $rs['prefix'];
$id = rnd_id($total);
- $sql = 'SELECT * FROM pimp WHERE id = '.$id;
- $result = $db->query($sql);
+ $sql = 'SELECT * FROM pimp WHERE id=?';
+ $result = $db->query($sql, __FILE__, __LINE__, 'SELECT FROM pimp', [$id]);
$rs = $db->fetch($result);
$suffix = $rs['suffix'];
diff --git a/www/scripts/tplsearch.php b/www/scripts/tplsearch.php
index 92ad00c..ea18609 100644
--- a/www/scripts/tplsearch.php
+++ b/www/scripts/tplsearch.php
@@ -1,7 +1,7 @@
query('SELECT id, title FROM templates WHERE MATCH (title, tpl) AGAINST (?)', __FILE__, __LINE__, 'SELECT FROM templates', [$search]);
+ $e = $db->query('SELECT id, title FROM templates WHERE MATCH (title, tpl) AGAINST (?)',
+ __FILE__, __LINE__, 'SELECT FROM templates', [$search]);
while ($d = $db->fetch($e))
{
$d['title'] = stripslashes($d['title']);