diff options
Diffstat (limited to 'p/api/fever.php')
| -rw-r--r-- | p/api/fever.php | 68 |
1 files changed, 33 insertions, 35 deletions
diff --git a/p/api/fever.php b/p/api/fever.php index 7bab2ce5d..92523db06 100644 --- a/p/api/fever.php +++ b/p/api/fever.php @@ -31,7 +31,7 @@ Minz_Session::init('FreshRSS', true); // ================================================================================================ // <Debug> -$ORIGINAL_INPUT = file_get_contents('php://input', false, null, 0, 1_048_576) ?: '';; +$ORIGINAL_INPUT = file_get_contents('php://input', false, null, 0, 1_048_576) ?: ''; function debugInfo(): string { if (function_exists('getallheaders')) { @@ -39,7 +39,7 @@ function debugInfo(): string { } else { //nginx http://php.net/getallheaders#84262 $ALL_HEADERS = []; foreach ($_SERVER as $name => $value) { - if (str_starts_with($name, 'HTTP_')) { + if (is_string($name) && str_starts_with($name, 'HTTP_')) { $ALL_HEADERS[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value; } } @@ -120,6 +120,8 @@ final class FeverDAO extends Minz_ModelPdo $entries = []; foreach ($result as $dao) { + /** @var array{id?:string,id_feed?:int,guid?:string,title?:string,author?:string,content?:string,link?:string,date?:int|string,lastSeen?:int, + * hash?:string,is_read?:bool|int,is_favorite?:bool|int,tags?:string|array<string>,attributes?:?string,thumbnail?:string,timestamp?:string} $dao */ $entries[] = FreshRSS_Entry::fromArray($dao); } @@ -151,7 +153,7 @@ final class FeverAPI private function authenticate(): bool { FreshRSS_Context::clearUserConf(); Minz_User::change(); - $feverKey = empty($_POST['api_key']) ? '' : substr(trim($_POST['api_key']), 0, 128); + $feverKey = empty($_POST['api_key']) || !is_string($_POST['api_key']) ? '' : substr(trim($_POST['api_key']), 0, 128); if (ctype_xdigit($feverKey)) { $feverKey = strtolower($feverKey); $username = @file_get_contents(DATA_PATH . '/fever/.key-' . sha1(FreshRSS_Context::systemConf()->salt) . '-' . $feverKey . '.txt', false); @@ -223,9 +225,9 @@ final class FeverAPI $response_arr['saved_item_ids'] = $this->getSavedItemIds(); } - if (isset($_REQUEST['mark'], $_REQUEST['as'], $_REQUEST['id']) && ctype_digit($_REQUEST['id'])) { - $id = (string)$_REQUEST['id']; - $before = (int)($_REQUEST['before'] ?? '0'); + if (is_string($_REQUEST['mark'] ?? null) && is_string($_REQUEST['as'] ?? null) && is_string($_REQUEST['id'] ?? null) && ctype_digit($_REQUEST['id'])) { + $id = $_REQUEST['id']; + $before = is_numeric($_REQUEST['before'] ?? null) ? (int)$_REQUEST['before'] : 0; switch (strtolower($_REQUEST['mark'])) { case 'item': switch ($_REQUEST['as']) { @@ -306,7 +308,7 @@ final class FeverAPI return $lastUpdate; } - /** @return array<array<string,string|int>> */ + /** @return list<array{id:int,favicon_id:int,title:string,url:string,site_url:string,is_spark:int,last_updated_on_time:int}> */ private function getFeeds(): array { $feeds = []; $myFeeds = $this->feedDAO->listFeeds(); @@ -328,7 +330,7 @@ final class FeverAPI return $feeds; } - /** @return array<array<string,int|string>> */ + /** @return list<array{id:int,title:string}> */ private function getGroups(): array { $groups = []; @@ -345,7 +347,7 @@ final class FeverAPI return $groups; } - /** @return array<array<string,int|string>> */ + /** @return list<array{id:int,data:string}> */ private function getFavicons(): array { if (!FreshRSS_Context::hasSystemConf()) { return []; @@ -378,7 +380,7 @@ final class FeverAPI } /** - * @return array<array<string,int|string>> + * @return list<array<string,int|string>> */ private function getFeedsGroup(): array { $groups = []; @@ -401,7 +403,7 @@ final class FeverAPI /** * AFAIK there is no 'hot links' alternative in FreshRSS - * @return array<string> + * @return list<string> */ private function getLinks(): array { return []; @@ -452,46 +454,42 @@ final class FeverAPI return $this->entryDAO->markFavorite($id, false); } - /** @return array<array<string,string|int>> */ + /** @return list<array<string,string|int>> */ private function getItems(): array { $feed_ids = []; $entry_ids = []; $max_id = ''; $since_id = ''; - if (isset($_REQUEST['feed_ids']) || isset($_REQUEST['group_ids'])) { - if (isset($_REQUEST['feed_ids'])) { - $feed_ids = explode(',', $_REQUEST['feed_ids']); - } - - if (isset($_REQUEST['group_ids'])) { - $categoryDAO = FreshRSS_Factory::createCategoryDao(); - $group_ids = explode(',', $_REQUEST['group_ids']); - $feeds = []; - foreach ($group_ids as $id) { - $category = $categoryDAO->searchById((int)$id); //TODO: Transform to SQL query without loop! Consider FreshRSS_CategoryDAO::listCategories(true) - if ($category == null) { - continue; - } - foreach ($category->feeds() as $feed) { - $feeds[] = $feed->id(); - } + if (is_string($_REQUEST['feed_ids'] ?? null)) { + $feed_ids = explode(',', $_REQUEST['feed_ids']); + } elseif (is_string($_REQUEST['group_ids'] ?? null)) { + $categoryDAO = FreshRSS_Factory::createCategoryDao(); + $group_ids = explode(',', $_REQUEST['group_ids']); + $feeds = []; + foreach ($group_ids as $id) { + $category = $categoryDAO->searchById((int)$id); //TODO: Transform to SQL query without loop! Consider FreshRSS_CategoryDAO::listCategories(true) + if ($category == null) { + continue; + } + foreach ($category->feeds() as $feed) { + $feeds[] = $feed->id(); } - $feed_ids = array_unique($feeds); } + $feed_ids = array_unique($feeds); } - if (isset($_REQUEST['max_id'])) { + if (is_string($_REQUEST['max_id'] ?? null)) { // use the max_id argument to request the previous $item_limit items - $max_id = '' . $_REQUEST['max_id']; + $max_id = $_REQUEST['max_id']; if (!ctype_digit($max_id)) { $max_id = ''; } - } elseif (isset($_REQUEST['with_ids'])) { + } elseif (is_string($_REQUEST['with_ids'] ?? null)) { $entry_ids = explode(',', $_REQUEST['with_ids']); - } elseif (isset($_REQUEST['since_id'])) { + } elseif (is_string($_REQUEST['since_id'] ?? null)) { // use the since_id argument to request the next $item_limit items - $since_id = '' . $_REQUEST['since_id']; + $since_id = $_REQUEST['since_id']; if (!ctype_digit($since_id)) { $since_id = ''; } |