6 files changed, 32 insertions, 21 deletions

diff --git a/app/Controllers/apiController.php b/app/Controllers/apiController.php
index 2d9fad535..7c20b630b 100644
--- a/app/Controllers/apiController.php
+++ b/app/Controllers/apiController.php
@@ -21,7 +21,7 @@ class FreshRSS_api_Controller extends FreshRSS_ActionController {
 		FreshRSS_Context::userConf()->apiPasswordHash = $apiPasswordHash;
 
 		$feverKey = FreshRSS_fever_Util::updateKey($username, $apiPasswordPlain);
-		if (!$feverKey) {
+		if ($feverKey == false) {
 			return _t('feedback.api.password.failed');
 		}
 
@@ -56,7 +56,7 @@ class FreshRSS_api_Controller extends FreshRSS_ActionController {
 		}
 
 		$error = self::updatePassword($apiPasswordPlain);
-		if ($error) {
+		if (is_string($error)) {
 			Minz_Request::bad($error, $return_url);
 		} else {
 			Minz_Request::good(_t('feedback.api.password.updated'), $return_url);
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index 7b0462888..3fc7036fa 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -191,7 +191,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController {
 			$password = Minz_Request::paramString('p');
 			Minz_Request::_param('p');
 
-			if (!$username) {
+			if ($username === '') {
 				return;
 			}
 
diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php
index f28369477..343623d75 100644
--- a/app/Controllers/configureController.php
+++ b/app/Controllers/configureController.php
@@ -204,6 +204,7 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController {
 				$default = Minz_Configuration::load(FRESHRSS_PATH . '/config-user.default.php');
 				$shortcuts = $default['shortcuts'];
 			}
+			/** @var array<string,string> $shortcuts */
 			FreshRSS_Context::userConf()->shortcuts = array_map('trim', $shortcuts);
 			FreshRSS_Context::userConf()->save();
 			invalidateHttpCache();
@@ -384,27 +385,27 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController {
 				$queryParams['search'] = htmlspecialchars_decode($params['search'], ENT_QUOTES);
 			}
 			if (!empty($params['state']) && is_array($params['state'])) {
-				$queryParams['state'] = (int)(array_sum($params['state']));
+				$queryParams['state'] = (int)array_sum($params['state']);
 			}
 			if (empty($params['token']) || !is_string($params['token'])) {
 				$queryParams['token'] = FreshRSS_UserQuery::generateToken($name);
 			} else {
 				$queryParams['token'] = $params['token'];
 			}
-			if (!empty($params['shareRss']) && ctype_digit($params['shareRss'])) {
-				$queryParams['shareRss'] = (bool)$params['shareRss'];
-			}
-			if (!empty($params['shareOpml']) && ctype_digit($params['shareOpml'])) {
-				$queryParams['shareOpml'] = (bool)$params['shareOpml'];
-			}
+			$queryParams['url'] = Minz_Url::display(['params' => $queryParams]);
+			$queryParams['name'] = $name;
 			if (!empty($params['description']) && is_string($params['description'])) {
 				$queryParams['description'] = htmlspecialchars_decode($params['description'], ENT_QUOTES);
 			}
 			if (!empty($params['imageUrl']) && is_string($params['imageUrl'])) {
 				$queryParams['imageUrl'] = $params['imageUrl'];
 			}
-			$queryParams['url'] = Minz_Url::display(['params' => $queryParams]);
-			$queryParams['name'] = $name;
+			if (!empty($params['shareOpml']) && ctype_digit($params['shareOpml'])) {
+				$queryParams['shareOpml'] = (bool)$params['shareOpml'];
+			}
+			if (!empty($params['shareRss']) && ctype_digit($params['shareRss'])) {
+				$queryParams['shareRss'] = (bool)$params['shareRss'];
+			}
 
 			$queries = FreshRSS_Context::userConf()->queries;
 			$queries[$id] = (new FreshRSS_UserQuery($queryParams, FreshRSS_Context::categories(), FreshRSS_Context::labels()))->toArray();
diff --git a/app/Controllers/entryController.php b/app/Controllers/entryController.php
index 38dbf8317..9104cefc4 100644
--- a/app/Controllers/entryController.php
+++ b/app/Controllers/entryController.php
@@ -44,10 +44,12 @@ class FreshRSS_entry_Controller extends FreshRSS_ActionController {
 	 *   - is_read (default: true)
 	 */
 	public function readAction(): void {
-		$id = Minz_Request::param('id');
 		$get = Minz_Request::paramString('get');
 		$next_get = Minz_Request::paramString('nextGet') ?: $get;
 		$id_max = Minz_Request::paramString('idMax') ?: '0';
+		if (!ctype_digit($id_max)) {
+			$id_max = '0';
+		}
 		$is_read = Minz_Request::paramTernary('is_read') ?? true;
 		FreshRSS_Context::$search = new FreshRSS_BooleanSearch(Minz_Request::paramString('search'));
 
@@ -64,14 +66,14 @@ class FreshRSS_entry_Controller extends FreshRSS_ActionController {
 		$this->view->tagsForEntries = [];
 
 		$entryDAO = FreshRSS_Factory::createEntryDao();
-		if ($id == false) {
-			// id is false? It MUST be a POST request!
+		if (!Minz_Request::hasParam('id')) {
+			// No id, then it MUST be a POST request
 			if (!Minz_Request::isPost()) {
 				Minz_Request::bad(_t('feedback.access.not_found'), ['c' => 'index', 'a' => 'index']);
 				return;
 			}
 
-			if (!$get) {
+			if ($get === '') {
 				// No get? Mark all entries as read (from $id_max)
 				$entryDAO->markReadEntries($id_max, false, FreshRSS_Feed::PRIORITY_MAIN_STREAM, FreshRSS_Feed::PRIORITY_IMPORTANT, null, 0, $is_read);
 			} else {
@@ -111,7 +113,16 @@ class FreshRSS_entry_Controller extends FreshRSS_ActionController {
 				}
 			}
 		} else {
-			$ids = is_array($id) ? $id : [$id];
+			/** @var array<numeric-string> $idArray */
+			$idArray = Minz_Request::paramArray('id');
+			$idString = Minz_Request::paramString('id');
+			if (count($idArray) > 0) {
+				$ids = $idArray;
+			} elseif (ctype_digit($idString)) {
+				$ids = [$idString];
+			} else {
+				$ids = [];
+			}
 			$entryDAO->markRead($ids, $is_read);
 			$tagDAO = FreshRSS_Factory::createTagDao();
 			$tagsForEntries = $tagDAO->getTagsForEntries($ids) ?: [];
@@ -145,7 +156,7 @@ class FreshRSS_entry_Controller extends FreshRSS_ActionController {
 	public function bookmarkAction(): void {
 		$id = Minz_Request::paramString('id');
 		$is_favourite = Minz_Request::paramTernary('is_favorite') ?? true;
-		if ($id != '') {
+		if ($id != '' && ctype_digit($id)) {
 			$entryDAO = FreshRSS_Factory::createEntryDao();
 			$entryDAO->markFavorite($id, $is_favourite);
 		}
diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php
index 131d58d5e..2ecf6c374 100644
--- a/app/Controllers/feedController.php
+++ b/app/Controllers/feedController.php
@@ -439,9 +439,8 @@ class FreshRSS_feed_Controller extends FreshRSS_ActionController {
 		$nb_new_articles = 0;
 
 		foreach ($feeds as $feed) {
-			/** @var FreshRSS_Feed|null $feed */
 			$feed = Minz_ExtensionManager::callHook('feed_before_actualize', $feed);
-			if (null === $feed) {
+			if (!($feed instanceof FreshRSS_Feed)) {
 				continue;
 			}
 
diff --git a/app/Controllers/importExportController.php b/app/Controllers/importExportController.php
index b4be5dd73..52c70ffe0 100644
--- a/app/Controllers/importExportController.php
+++ b/app/Controllers/importExportController.php
@@ -563,7 +563,7 @@ class FreshRSS_importExport_Controller extends FreshRSS_ActionController {
 
 			// Call the extension hook
 			$feed = Minz_ExtensionManager::callHook('feed_before_insert', $feed);
-			if ($feed != null) {
+			if ($feed instanceof FreshRSS_Feed) {
 				// addFeedObject checks if feed is already in DB so nothing else to
 				// check here.
 				$id = $this->feedDAO->addFeedObject($feed);