Pass PHPStan level 8 (#5946)

* Pass PHPStan level 8
And prepare for PHPStan level 9 https://phpstan.org/user-guide/rule-levels

* Revert wrong replace in comment

* Fix PHPStan level 8

* Update PHPStan and other dev dependencies

* Remove obsolete comment

* noVariableVariables and towards bleedingEdge
https://github.com/phpstan/phpstan-strict-rules
https://phpstan.org/blog/what-is-bleeding-edge

* More bleedingEdge

* A bit more PHPStan level 9

* More PHPStan level 9

* Prepare for booleansInConditions
Ignore int and null

* Revert wrong line

* More fixes

* Fix keep_max_n_unread

* Stricter attribute functions

* Stricter callHooks and more PHPStan level 9

* More typing

* A tiny more

3 files changed, 37 insertions, 40 deletions

diff --git a/p/api/fever.php b/p/api/fever.php
index cc5778e9f..8cf3dfc21 100644
--- a/p/api/fever.php
+++ b/p/api/fever.php
@@ -19,7 +19,7 @@ require(LIB_PATH . '/lib_rss.php');	//Includes class autoloader
 FreshRSS_Context::initSystem();
 
 // check if API is enabled globally
-if (FreshRSS_Context::$system_conf == null || !FreshRSS_Context::$system_conf->api_enabled) {
+if (!FreshRSS_Context::hasSystemConf() || !FreshRSS_Context::systemConf()->api_enabled) {
 	Minz_Log::warning('Fever API: service unavailable!');
 	Minz_Log::debug('Fever API: serviceUnavailable() ' . debugInfo(), API_LOG);
 	header('HTTP/1.1 503 Service Unavailable');
@@ -149,20 +149,17 @@ final class FeverAPI
 	 * your FreshRSS "username:your-api-password" combination
 	 */
 	private function authenticate(): bool {
-		if (FreshRSS_Context::$system_conf === null) {
-			throw new FreshRSS_Context_Exception('System configuration not initialised!');
-		}
-		FreshRSS_Context::$user_conf = null;
+		FreshRSS_Context::clearUserConf();
 		Minz_User::change();
 		$feverKey = empty($_POST['api_key']) ? '' : substr(trim($_POST['api_key']), 0, 128);
 		if (ctype_xdigit($feverKey)) {
 			$feverKey = strtolower($feverKey);
-			$username = @file_get_contents(DATA_PATH . '/fever/.key-' . sha1(FreshRSS_Context::$system_conf->salt) . '-' . $feverKey . '.txt', false);
+			$username = @file_get_contents(DATA_PATH . '/fever/.key-' . sha1(FreshRSS_Context::systemConf()->salt) . '-' . $feverKey . '.txt', false);
 			if ($username != false) {
 				$username = trim($username);
-				FreshRSS_Context::$user_conf = FreshRSS_Context::initUser($username);	// Assignment to help PHPStan
-				if (FreshRSS_Context::$user_conf != null && $feverKey === FreshRSS_Context::$user_conf->feverKey && FreshRSS_Context::$user_conf->enabled) {
-					Minz_Translate::init(FreshRSS_Context::$user_conf->language);
+				FreshRSS_Context::initUser($username);
+				if ($feverKey === FreshRSS_Context::userConf()->feverKey && FreshRSS_Context::userConf()->enabled) {
+					Minz_Translate::init(FreshRSS_Context::userConf()->language);
 					$this->entryDAO = FreshRSS_Factory::createEntryDao();
 					$this->feedDAO = FreshRSS_Factory::createFeedDao();
 					return true;
@@ -180,7 +177,7 @@ final class FeverAPI
 
 	public function isAuthenticatedApiUser(): bool {
 		$this->authenticate();
-		return FreshRSS_Context::$user_conf !== null;
+		return FreshRSS_Context::hasUserConf();
 	}
 
 	/**
@@ -350,11 +347,11 @@ final class FeverAPI
 
 	/** @return array<array<string,int|string>> */
 	private function getFavicons(): array {
-		if (FreshRSS_Context::$system_conf == null) {
+		if (!FreshRSS_Context::hasSystemConf()) {
 			return [];
 		}
 		$favicons = array();
-		$salt = FreshRSS_Context::$system_conf->salt;
+		$salt = FreshRSS_Context::systemConf()->salt;
 		$myFeeds = $this->feedDAO->listFeeds();
 
 		foreach ($myFeeds as $feed) {
diff --git a/p/api/greader.php b/p/api/greader.php
index 91a7b5d13..5f351195c 100644
--- a/p/api/greader.php
+++ b/p/api/greader.php
@@ -179,15 +179,15 @@ final class GReaderAPI {
 				$user = $headerAuthX[0];
 				if (FreshRSS_user_Controller::checkUsername($user)) {
 					FreshRSS_Context::initUser($user);
-					if (FreshRSS_Context::$user_conf == null || FreshRSS_Context::$system_conf == null) {
+					if (!FreshRSS_Context::hasUserConf() || !FreshRSS_Context::hasSystemConf()) {
 						Minz_Log::warning('Invalid API user ' . $user . ': configuration cannot be found.');
 						self::unauthorized();
 					}
-					if (!FreshRSS_Context::$user_conf->enabled) {
+					if (!FreshRSS_Context::userConf()->enabled) {
 						Minz_Log::warning('Invalid API user ' . $user . ': configuration cannot be found.');
 						self::unauthorized();
 					}
-					if ($headerAuthX[1] === sha1(FreshRSS_Context::$system_conf->salt . $user . FreshRSS_Context::$user_conf->apiPasswordHash)) {
+					if ($headerAuthX[1] === sha1(FreshRSS_Context::systemConf()->salt . $user . FreshRSS_Context::userConf()->apiPasswordHash)) {
 						return $user;
 					} else {
 						Minz_Log::warning('Invalid API authorisation for user ' . $user);
@@ -206,14 +206,14 @@ final class GReaderAPI {
 		//https://web.archive.org/web/20130604091042/http://undoc.in/clientLogin.html
 		if (FreshRSS_user_Controller::checkUsername($email)) {
 			FreshRSS_Context::initUser($email);
-			if (FreshRSS_Context::$user_conf == null || FreshRSS_Context::$system_conf == null) {
+			if (!FreshRSS_Context::hasUserConf() || !FreshRSS_Context::hasSystemConf()) {
 				Minz_Log::warning('Invalid API user ' . $email . ': configuration cannot be found.');
 				self::unauthorized();
 			}
 
-			if (FreshRSS_Context::$user_conf->apiPasswordHash != '' && password_verify($pass, FreshRSS_Context::$user_conf->apiPasswordHash)) {
+			if (FreshRSS_Context::userConf()->apiPasswordHash != '' && password_verify($pass, FreshRSS_Context::userConf()->apiPasswordHash)) {
 				header('Content-Type: text/plain; charset=UTF-8');
-				$auth = $email . '/' . sha1(FreshRSS_Context::$system_conf->salt . $email . FreshRSS_Context::$user_conf->apiPasswordHash);
+				$auth = $email . '/' . sha1(FreshRSS_Context::systemConf()->salt . $email . FreshRSS_Context::userConf()->apiPasswordHash);
 				echo 'SID=', $auth, "\n",
 					'LSID=null', "\n",	//Vienna RSS
 					'Auth=', $auth, "\n";
@@ -234,11 +234,11 @@ final class GReaderAPI {
 		//http://blog.martindoms.com/2009/08/15/using-the-google-reader-api-part-1/
 		//https://github.com/ericmann/gReader-Library/blob/master/greader.class.php
 		$user = Minz_User::name();
-		if ($user === null || $conf === null || FreshRSS_Context::$system_conf === null) {
+		if ($user === null || $conf === null || !FreshRSS_Context::hasSystemConf()) {
 			self::unauthorized();
 		}
 		//Minz_Log::debug('token('. $user . ')', API_LOG);	//TODO: Implement real token that expires
-		$token = str_pad(sha1(FreshRSS_Context::$system_conf->salt . $user . $conf->apiPasswordHash), 57, 'Z');	//Must have 57 characters
+		$token = str_pad(sha1(FreshRSS_Context::systemConf()->salt . $user . $conf->apiPasswordHash), 57, 'Z');	//Must have 57 characters
 		echo $token, "\n";
 		exit();
 	}
@@ -246,7 +246,7 @@ final class GReaderAPI {
 	private static function checkToken(?FreshRSS_UserConfiguration $conf, string $token): bool {
 		//http://code.google.com/p/google-reader-api/wiki/ActionToken
 		$user = Minz_User::name();
-		if ($user === null || $conf === null || FreshRSS_Context::$system_conf === null) {
+		if ($user === null || $conf === null || !FreshRSS_Context::hasSystemConf()) {
 			self::unauthorized();
 		}
 		if ($user !== Minz_User::INTERNAL_USER && (	//TODO: Check security consequences
@@ -254,7 +254,7 @@ final class GReaderAPI {
 			$token === 'x')) { //Reeder
 			return true;
 		}
-		if ($token === str_pad(sha1(FreshRSS_Context::$system_conf->salt . $user . $conf->apiPasswordHash), 57, 'Z')) {
+		if ($token === str_pad(sha1(FreshRSS_Context::systemConf()->salt . $user . $conf->apiPasswordHash), 57, 'Z')) {
 			return true;
 		}
 		Minz_Log::warning('Invalid POST token: ' . $token, API_LOG);
@@ -264,7 +264,7 @@ final class GReaderAPI {
 	/** @return never */
 	private static function userInfo() {
 		//https://github.com/theoldreader/api#user-info
-		if (FreshRSS_Context::$user_conf == null) {
+		if (!FreshRSS_Context::hasUserConf()) {
 			self::unauthorized();
 		}
 		$user = Minz_User::name();
@@ -272,7 +272,7 @@ final class GReaderAPI {
 				'userId' => $user,
 				'userName' => $user,
 				'userProfileId' => $user,
-				'userEmail' => FreshRSS_Context::$user_conf->mail_login,
+				'userEmail' => FreshRSS_Context::userConf()->mail_login,
 			), JSON_OPTIONS));
 	}
 
@@ -340,11 +340,11 @@ final class GReaderAPI {
 
 	/** @return never */
 	private static function subscriptionList() {
-		if (FreshRSS_Context::$system_conf == null) {
+		if (!FreshRSS_Context::hasSystemConf()) {
 			self::internalServerError();
 		}
 		header('Content-Type: application/json; charset=UTF-8');
-		$salt = FreshRSS_Context::$system_conf->salt;
+		$salt = FreshRSS_Context::systemConf()->salt;
 		$faviconsUrl = Minz_Url::display('/f.php?', '', true);
 		$faviconsUrl = str_replace('/api/greader.php/reader/api/0/subscription', '', $faviconsUrl);	//Security if base_url is not set properly
 		$subscriptions = array();
@@ -1003,7 +1003,7 @@ final class GReaderAPI {
 		//Minz_Log::debug('----------------------------------------------------------------', API_LOG);
 		//Minz_Log::debug(debugInfo(), API_LOG);
 
-		if (FreshRSS_Context::$system_conf == null || !FreshRSS_Context::$system_conf->api_enabled) {
+		if (!FreshRSS_Context::hasSystemConf() || !FreshRSS_Context::systemConf()->api_enabled) {
 			self::serviceUnavailable();
 		} elseif ($pathInfos[1] === 'check' && $pathInfos[2] === 'compatibility') {
 			self::checkCompatibility();
@@ -1014,10 +1014,10 @@ final class GReaderAPI {
 		if ($pathInfos[1] !== 'accounts') {
 			self::authorizationToUser();
 		}
-		if (FreshRSS_Context::$user_conf != null) {
-			Minz_Translate::init(FreshRSS_Context::$user_conf->language);
+		if (FreshRSS_Context::hasUserConf()) {
+			Minz_Translate::init(FreshRSS_Context::userConf()->language);
 			Minz_ExtensionManager::init();
-			Minz_ExtensionManager::enableByList(FreshRSS_Context::$user_conf->extensions_enabled, 'user');
+			Minz_ExtensionManager::enableByList(FreshRSS_Context::userConf()->extensions_enabled, 'user');
 		} else {
 			Minz_Translate::init();
 		}
@@ -1163,7 +1163,7 @@ final class GReaderAPI {
 					// Always exits
 				case 'edit-tag':	//http://blog.martindoms.com/2010/01/20/using-the-google-reader-api-part-3/
 					$token = isset($_POST['T']) ? trim($_POST['T']) : '';
-					self::checkToken(FreshRSS_Context::$user_conf, $token);
+					self::checkToken(FreshRSS_Context::userConf(), $token);
 					$a = $_POST['a'] ?? '';	//Add:	user/-/state/com.google/read	user/-/state/com.google/starred
 					$r = $_POST['r'] ?? '';	//Remove:	user/-/state/com.google/read	user/-/state/com.google/starred
 					$e_ids = multiplePosts('i');	//item IDs
@@ -1171,14 +1171,14 @@ final class GReaderAPI {
 					// Always exits
 				case 'rename-tag':	//https://github.com/theoldreader/api
 					$token = isset($_POST['T']) ? trim($_POST['T']) : '';
-					self::checkToken(FreshRSS_Context::$user_conf, $token);
+					self::checkToken(FreshRSS_Context::userConf(), $token);
 					$s = $_POST['s'] ?? '';	//user/-/label/Folder
 					$dest = $_POST['dest'] ?? '';	//user/-/label/NewFolder
 					self::renameTag($s, $dest);
 					// Always exits
 				case 'disable-tag':	//https://github.com/theoldreader/api
 					$token = isset($_POST['T']) ? trim($_POST['T']) : '';
-					self::checkToken(FreshRSS_Context::$user_conf, $token);
+					self::checkToken(FreshRSS_Context::userConf(), $token);
 					$s_s = multiplePosts('s');
 					foreach ($s_s as $s) {
 						self::disableTag($s);	//user/-/label/Folder
@@ -1186,7 +1186,7 @@ final class GReaderAPI {
 					// Always exits
 				case 'mark-all-as-read':
 					$token = isset($_POST['T']) ? trim($_POST['T']) : '';
-					self::checkToken(FreshRSS_Context::$user_conf, $token);
+					self::checkToken(FreshRSS_Context::userConf(), $token);
 					$streamId = trim($_POST['s'] ?? '');
 					$ts = trim($_POST['ts'] ?? '0');	//Older than timestamp in nanoseconds
 					if (!ctype_digit($ts)) {
@@ -1195,7 +1195,7 @@ final class GReaderAPI {
 					self::markAllAsRead($streamId, $ts);
 					// Always exits
 				case 'token':
-					self::token(FreshRSS_Context::$user_conf);
+					self::token(FreshRSS_Context::userConf());
 					// Always exits
 				case 'user-info':
 					self::userInfo();
diff --git a/p/api/pshb.php b/p/api/pshb.php
index d48ece0aa..b4d553430 100644
--- a/p/api/pshb.php
+++ b/p/api/pshb.php
@@ -11,11 +11,11 @@ header('X-Content-Type-Options: nosniff');
 $ORIGINAL_INPUT = file_get_contents('php://input', false, null, 0, MAX_PAYLOAD) ?: '';
 
 FreshRSS_Context::initSystem();
-if (FreshRSS_Context::$system_conf == null) {
+if (!FreshRSS_Context::hasSystemConf()) {
 	header('HTTP/1.1 500 Internal Server Error');
 	die('Invalid system init!');
 }
-FreshRSS_Context::$system_conf->auth_type = 'none';	// avoid necessity to be logged in (not saved!)
+FreshRSS_Context::systemConf()->auth_type = 'none';	// avoid necessity to be logged in (not saved!)
 
 //Minz_Log::debug(print_r(array('_SERVER' => $_SERVER, '_GET' => $_GET, '_POST' => $_POST, 'INPUT' => $ORIGINAL_INPUT), true), PSHB_LOG);
 
@@ -126,12 +126,12 @@ foreach ($users as $userFilename) {
 
 	try {
 		FreshRSS_Context::initUser($username);
-		if (FreshRSS_Context::$user_conf == null || !FreshRSS_Context::$user_conf->enabled) {
+		if (!FreshRSS_Context::hasUserConf() || !FreshRSS_Context::userConf()->enabled) {
 			Minz_Log::warning('FreshRSS skip disabled user ' . $username);
 			continue;
 		}
-		Minz_ExtensionManager::enableByList(FreshRSS_Context::$user_conf->extensions_enabled, 'user');
-		Minz_Translate::reset(FreshRSS_Context::$user_conf->language);
+		Minz_ExtensionManager::enableByList(FreshRSS_Context::userConf()->extensions_enabled, 'user');
+		Minz_Translate::reset(FreshRSS_Context::userConf()->language);
 
 		[$updated_feeds, , $nb_new_articles] = FreshRSS_feed_Controller::actualizeFeeds(null, $self, null, $simplePie);
 		if ($nb_new_articles > 0) {