PHPStan Level 7 for Minz_Request, FreshRSS_Feed, Minz_Error (#5400)

* PHPStan Level 7 for Minz_Request * PHPStan Level 7 for FreshRSS_Feed * PHPStan Level 7 for Minz_Error
author: Alexandre Alapetite <alexandre@alapetite.fr> 2023-05-15 19:26:48 +0200
committer: GitHub <noreply@github.com> 2023-05-15 19:26:48 +0200
commit: 2038d50110468d95ff978ba2e8f997175f25ff3b (patch)
tree: a9bc4bc364fe0c9b452702f3324a2091229e5fce /app
parent: c8d2ead7635e58a5c78d95a9b9a1a74e99a1bcef (diff)
5 files changed, 34 insertions, 39 deletions
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index 54935ab1b..0839656a5 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -126,13 +126,13 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController {
 			if (FreshRSS_Context::$user_conf == null) {
 				// Initialise the default user to be able to display the error page
 				FreshRSS_Context::initUser(FreshRSS_Context::$system_conf->default_user);
-				Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
+				Minz_Error::error(403, _t('feedback.auth.login.invalid'), false);
 				return;
 			}
 
 			if (!FreshRSS_Context::$user_conf->enabled || FreshRSS_Context::$user_conf->passwordHash == '') {
 				usleep(random_int(100, 5000));	//Primitive mitigation of timing attacks, in μs
-				Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
+				Minz_Error::error(403, _t('feedback.auth.login.invalid'), false);
 				return;
 			}
 
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index f929fc779..9906ae6bd 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -278,7 +278,6 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController {
 	 *   - r (i.e. a redirection url, optional)
 	 *
 	 * @todo clean up this method. Idea: write a method to init a user with basic information.
-	 * @todo handle r redirection in Minz_Request::forward directly?
 	 */
 	public function createAction(): void {
 		if (!FreshRSS_Auth::hasAccess('admin') && max_registrations_reached()) {
@@ -372,10 +371,7 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController {
 			}
 		}
 
-		$redirect_url = urldecode(Minz_Request::paramString('r', true));
-		if ($redirect_url === '') {
-			$redirect_url = ['c' => 'user', 'a' => 'manage'];
-		}
+		$redirect_url = ['c' => 'user', 'a' => 'manage'];
 		Minz_Request::forward($redirect_url, true);
 	}
 
@@ -534,10 +530,7 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController {
 			Minz_Error::error(403);
 		}
 
-		$redirect_url = urldecode(Minz_Request::paramString('r', true));
-		if ($redirect_url === '') {
-			$redirect_url = ['c' => 'user', 'a' => 'manage'];
-		}
+		$redirect_url = ['c' => 'user', 'a' => 'manage'];
 
 		if (Minz_Request::isPost()) {
 			$ok = true;
diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index 12390b626..6e39fe97e 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -28,7 +28,7 @@ class FreshRSS extends Minz_FrontController {
 		FreshRSS_Context::initSystem();
 		if (FreshRSS_Context::$system_conf == null) {
 			$message = 'Error during context system init!';
-			Minz_Error::error(500, [$message], false);
+			Minz_Error::error(500, $message, false);
 			die($message);
 		}
 
@@ -51,7 +51,7 @@ class FreshRSS extends Minz_FrontController {
 		}
 		if (FreshRSS_Context::$user_conf == null) {
 			$message = 'Error during context user init!';
-			Minz_Error::error(500, [$message], false);
+			Minz_Error::error(500, $message, false);
 			die($message);
 		}
 
@@ -84,10 +84,7 @@ class FreshRSS extends Minz_FrontController {
 				)) {
 				// Token-based protection against XSRF attacks, except for the login or self-create user forms
 				self::initI18n();
-				Minz_Error::error(403, array('error' => array(
-						_t('feedback.access.denied'),
-						' [CSRF]'
-					)));
+				Minz_Error::error(403, ['error' => [_t('feedback.access.denied'), ' [CSRF]']]);
 			}
 		}
 	}
diff --git a/app/Models/Entry.php b/app/Models/Entry.php
index 2b0216bbe..3c95570a1 100644
--- a/app/Models/Entry.php
+++ b/app/Models/Entry.php
@@ -42,9 +42,10 @@ class FreshRSS_Entry extends Minz_Model {
 	 * @param int|string $pubdate
 	 * @param bool|int|null $is_read
 	 * @param bool|int|null $is_favorite
+	 * @param string|array<string> $tags
 	 */
 	public function __construct(int $feedId = 0, string $guid = '', string $title = '', string $authors = '', string $content = '',
-			string $link = '', $pubdate = 0, $is_read = false, $is_favorite = false, string $tags = '') {
+			string $link = '', $pubdate = 0, $is_read = false, $is_favorite = false, $tags = '') {
 		$this->_title($title);
 		$this->_authors($authors);
 		$this->_content($content);
@@ -58,7 +59,7 @@ class FreshRSS_Entry extends Minz_Model {
 	}
 
 	/** @param array{'id'?:string,'id_feed'?:int,'guid'?:string,'title'?:string,'author'?:string,'content'?:string,'link'?:string,'date'?:int|string,
-	 *		'is_read'?:bool|int,'is_favorite'?:bool|int,'tags'?:string,'attributes'?:string,'thumbnail'?:string,'timestamp'?:string,'categories'?:string} $dao */
+	 *		'is_read'?:bool|int,'is_favorite'?:bool|int,'tags'?:string|array<string>,'attributes'?:string,'thumbnail'?:string,'timestamp'?:string} $dao */
 	public static function fromArray(array $dao): FreshRSS_Entry {
 		if (empty($dao['content'])) {
 			$dao['content'] = '';
@@ -92,9 +93,6 @@ class FreshRSS_Entry extends Minz_Model {
 		if (!empty($dao['timestamp'])) {
 			$entry->_date(strtotime($dao['timestamp']) ?: 0);
 		}
-		if (!empty($dao['categories'])) {
-			$entry->_tags($dao['categories']);
-		}
 		if (!empty($dao['attributes'])) {
 			$entry->_attributes('', $dao['attributes']);
 		}
diff --git a/app/Models/Feed.php b/app/Models/Feed.php
index b418d2641..09f0ef068 100644
--- a/app/Models/Feed.php
+++ b/app/Models/Feed.php
@@ -175,8 +175,13 @@ class FreshRSS_Feed extends Minz_Model {
 			return $this->httpAuth;
 		} else {
 			$pos_colon = strpos($this->httpAuth, ':');
-			$user = substr($this->httpAuth, 0, $pos_colon);
-			$pass = substr($this->httpAuth, $pos_colon + 1);
+			if ($pos_colon !== false) {
+				$user = substr($this->httpAuth, 0, $pos_colon);
+				$pass = substr($this->httpAuth, $pos_colon + 1);
+			} else {
+				$user = '';
+				$pass = '';
+			}
 
 			return array(
 				'username' => $user,
@@ -234,6 +239,7 @@ class FreshRSS_Feed extends Minz_Model {
 
 		return $this->nbNotRead + ($includePending ? $this->nbPendingNotRead : 0);
 	}
+
 	public function faviconPrepare(): void {
 		require_once(LIB_PATH . '/favicons.php');
 		$url = $this->website;
@@ -252,10 +258,13 @@ class FreshRSS_Feed extends Minz_Model {
 				($ico_mtime == false || $ico_mtime < $txt_mtime || ($ico_mtime < time() - (14 * 86400)))) {
 				// no ico file or we should download a new one.
 				$url = file_get_contents($txt);
-				download_favicon($url, $ico) || touch($ico);
+				if ($url == false || !download_favicon($url, $ico)) {
+					touch($ico);
+				}
 			}
 		}
 	}
+
 	public static function faviconDelete(string $hash): void {
 		$path = DATA_PATH . '/favicons/' . $hash;
 		@unlink($path . '.ico');
@@ -392,21 +401,16 @@ class FreshRSS_Feed extends Minz_Model {
 				if ((!$mtime) || $simplePie->error()) {
 					$errorMessage = $simplePie->error();
 					throw new FreshRSS_Feed_Exception(
-						($errorMessage == '' ? 'Unknown error for feed' : $errorMessage) . ' [' . $this->url . ']',
+						($errorMessage == '' ? 'Unknown error for feed' : json_encode($errorMessage, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_LINE_TERMINATORS)) .
+							' [' . $this->url . ']',
 						$simplePie->status_code()
 					);
 				}
 
 				$links = $simplePie->get_links('self');
-				$this->selfUrl = empty($links[0]) ? '' : checkUrl($links[0]);
-				if ($this->selfUrl == false) {
-					$this->selfUrl = '';
-				}
+				$this->selfUrl = empty($links[0]) ? '' : (checkUrl($links[0]) ?: '');
 				$links = $simplePie->get_links('hub');
-				$this->hubUrl = empty($links[0]) ? '' : checkUrl($links[0]);
-				if ($this->hubUrl == false) {
-					$this->hubUrl = '';
-				}
+				$this->hubUrl = empty($links[0]) ? '' : (checkUrl($links[0]) ?: '');
 
 				if ($loadDetails) {
 					// si on a utilisé l’auto-discover, notre url va avoir changé
@@ -494,7 +498,7 @@ class FreshRSS_Feed extends Minz_Model {
 			$title = html_only_entity_decode(strip_tags($item->get_title() ?? ''));
 			$authors = $item->get_authors();
 			$link = $item->get_permalink();
-			$date = @strtotime($item->get_date() ?? '');
+			$date = @strtotime((string)($item->get_date() ?? '')) ?: 0;
 
 			//Tag processing (tag == category)
 			$categories = $item->get_categories();
@@ -696,9 +700,11 @@ class FreshRSS_Feed extends Minz_Model {
 				$item['thumbnail'] = $xPathItemThumbnail == '' ? '' : @$xpath->evaluate('normalize-space(' . $xPathItemThumbnail . ')', $node);
 				if ($xPathItemCategories != '') {
 					$itemCategories = @$xpath->query($xPathItemCategories, $node);
-					if ($itemCategories) {
+					if ($itemCategories !== false) {
+						$item['tags'] = [];
+						/** @var DOMNode $itemCategory */
 						foreach ($itemCategories as $itemCategory) {
-							$item['categories'][] = $itemCategory->textContent;
+							$item['tags'][] = $itemCategory->textContent;
 						}
 					}
 				}
@@ -711,7 +717,7 @@ class FreshRSS_Feed extends Minz_Model {
 
 				if ($item['title'] != '' || $item['content'] != '' || $item['link'] != '') {
 					// HTML-encoding/escaping of the relevant fields (all except 'content')
-					foreach (['author', 'categories', 'guid', 'link', 'thumbnail', 'timestamp', 'title'] as $key) {
+					foreach (['author', 'guid', 'link', 'thumbnail', 'timestamp', 'tags', 'title'] as $key) {
 						if (!empty($item[$key]) && is_string($item[$key])) {
 							$item[$key] = Minz_Helper::htmlspecialchars_utf8($item[$key]);
 						}
@@ -748,6 +754,7 @@ class FreshRSS_Feed extends Minz_Model {
 		if ($keepMaxUnread === null) {
 			$keepMaxUnread = FreshRSS_Context::$user_conf->mark_when['max_n_unread'];
 		}
+		$keepMaxUnread = (int)$keepMaxUnread;
 		if ($keepMaxUnread > 0 && $this->nbNotRead(false) + $this->nbPendingNotRead > $keepMaxUnread) {
 			$feedDAO = FreshRSS_Factory::createFeedDao();
 			return $feedDAO->keepMaxUnread($this->id(), max(0, $keepMaxUnread - $this->nbPendingNotRead));
@@ -821,7 +828,7 @@ class FreshRSS_Feed extends Minz_Model {
 
 	public function lock(): bool {
 		$this->lockPath = TMP_PATH . '/' . $this->hash() . '.freshrss.lock';
-		if (file_exists($this->lockPath) && ((time() - @filemtime($this->lockPath)) > 3600)) {
+		if (file_exists($this->lockPath) && ((time() - (@filemtime($this->lockPath) ?: 0)) > 3600)) {
 			@unlink($this->lockPath);
 		}
 		if (($handle = @fopen($this->lockPath, 'x')) === false) {
author	Alexandre Alapetite <alexandre@alapetite.fr>	2023-05-15 19:26:48 +0200
committer	GitHub <noreply@github.com>	2023-05-15 19:26:48 +0200
commit	2038d50110468d95ff978ba2e8f997175f25ff3b (patch)
tree	a9bc4bc364fe0c9b452702f3324a2091229e5fce /app
parent	c8d2ead7635e58a5c78d95a9b9a1a74e99a1bcef (diff)