From 47e242aa77bb8583e8716023c4bcef0462891ebd Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 30 Jan 2022 15:53:17 +0100
Subject: Fix ctype_alnum (#4182)

* Fix ctype_alnum
#fix https://github.com/FreshRSS/FreshRSS/issues/4180
Ensure `ctype_alnum()` gets a string

* Changelog
---
 CHANGELOG.md                       | 2 +-
 app/Controllers/authController.php | 2 +-
 app/Controllers/userController.php | 2 +-
 app/Models/FormAuth.php            | 6 +++---
 lib/Minz/ExtensionManager.php      | 4 ++--
 lib/Minz/Session.php               | 6 +++---
 6 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a309277ec..c6df22074 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,7 +20,7 @@
 	* Improve Czech [#4151](https://github.com/FreshRSS/FreshRSS/pull/4151)
 	* Improve English [#4161](https://github.com/FreshRSS/FreshRSS/pull/4161)
 * Misc.
-	* Increase PHPStan to [level 5](https://phpstan.org/user-guide/rule-levels) for code quality, also fixing several PHP 8.1 warnings [#4110](https://github.com/FreshRSS/FreshRSS/pull/4110), [#4123](https://github.com/FreshRSS/FreshRSS/pull/4123), [#4119](https://github.com/FreshRSS/FreshRSS/pull/4119)
+	* Increase PHPStan to [level 5](https://phpstan.org/user-guide/rule-levels) for code quality, also fixing several PHP 8.1 warnings [#4110](https://github.com/FreshRSS/FreshRSS/pull/4110), [#4123](https://github.com/FreshRSS/FreshRSS/pull/4123), [#4119](https://github.com/FreshRSS/FreshRSS/pull/4119), [#4182](https://github.com/FreshRSS/FreshRSS/pull/4182)
 	* Clean temporary files generated by automated tests [#4177](https://github.com/FreshRSS/FreshRSS/pull/4177)
 	* Add automated spell checking of the code using [typos](https://github.com/crate-ci/typos) [#4138](https://github.com/FreshRSS/FreshRSS/pull/4138), [#4134](https://github.com/FreshRSS/FreshRSS/pull/4134)
 	* Enforce code style *opening brace on same line* in PHPCS [#4122](https://github.com/FreshRSS/FreshRSS/pull/4122)
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index 27a7b4ac8..2bcf4eae7 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -117,7 +117,7 @@ class FreshRSS_auth_Controller extends FreshRSS_ActionController {
 		Minz_Session::_param('POST_to_GET');
 
 		if ($isPOST) {
-			$nonce = Minz_Session::param('nonce');
+			$nonce = Minz_Session::param('nonce', '');
 			$username = Minz_Request::param('username', '');
 			$challenge = Minz_Request::param('challenge', '');
 
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index f5db8b93b..06dbab9fa 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -538,7 +538,7 @@ class FreshRSS_user_Controller extends FreshRSS_ActionController {
 			$ok = true;
 			if ($self_deletion) {
 				// We check the password if it’s a self-destruction
-				$nonce = Minz_Session::param('nonce');
+				$nonce = Minz_Session::param('nonce', '');
 				$challenge = Minz_Request::param('challenge', '');
 
 				$ok &= FreshRSS_FormAuth::checkCredentials(
diff --git a/app/Models/FormAuth.php b/app/Models/FormAuth.php
index d6da637d1..653eba04b 100644
--- a/app/Models/FormAuth.php
+++ b/app/Models/FormAuth.php
@@ -1,7 +1,7 @@
 <?php
 
 class FreshRSS_FormAuth {
-	public static function checkCredentials($username, $hash, $nonce, $challenge) {
+	public static function checkCredentials(string $username, string $hash, string $nonce, string $challenge): bool {
 		if (!FreshRSS_user_Controller::checkUsername($username) ||
 				!ctype_graph($hash) ||
 				!ctype_graph($challenge) ||
@@ -36,7 +36,7 @@ class FreshRSS_FormAuth {
 		return [];
 	}
 
-	private static function renewCookie($token) {
+	private static function renewCookie(string $token) {
 		$token_file = DATA_PATH . '/tokens/' . $token . '.txt';
 		if (touch($token_file)) {
 			$limits = FreshRSS_Context::$system_conf->limits;
@@ -48,7 +48,7 @@ class FreshRSS_FormAuth {
 		return false;
 	}
 
-	public static function makeCookie($username, $password_hash) {
+	public static function makeCookie(string $username, string $password_hash) {
 		do {
 			$token = sha1(FreshRSS_Context::$system_conf->salt . $username . uniqid('' . mt_rand(), true));
 			$token_file = DATA_PATH . '/tokens/' . $token . '.txt';
diff --git a/lib/Minz/ExtensionManager.php b/lib/Minz/ExtensionManager.php
index cad408aed..17977fb0c 100644
--- a/lib/Minz/ExtensionManager.php
+++ b/lib/Minz/ExtensionManager.php
@@ -139,10 +139,10 @@ class Minz_ExtensionManager {
 	 * If the extension class name is `TestExtension`, entry point will be `Test`.
 	 * `entry_point` must be composed of alphanumeric characters.
 	 *
-	 * @param array $meta is an array of values.
+	 * @param array<string> $meta is an array of values.
 	 * @return bool true if the array is valid, false else.
 	 */
-	public static function isValidMetadata($meta) {
+	public static function isValidMetadata($meta): bool {
 		$valid_chars = array('_');
 		return !(empty($meta['name']) || empty($meta['entrypoint']) || !ctype_alnum(str_replace($valid_chars, '', $meta['entrypoint'])));
 	}
diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php
index d735f7949..924e9f5f9 100644
--- a/lib/Minz/Session.php
+++ b/lib/Minz/Session.php
@@ -150,12 +150,12 @@ class Minz_Session {
 		setcookie($name, '', 1, '', '', Minz_Request::isHttps(), true);
 	}
 
-	public static function setLongTermCookie($name, $value, $expire) {
+	public static function setLongTermCookie(string $name, string $value, $expire) {
 		setcookie($name, $value, $expire, '', '', Minz_Request::isHttps(), true);
 	}
 
-	public static function getLongTermCookie($name) {
-		return isset($_COOKIE[$name]) ? $_COOKIE[$name] : null;
+	public static function getLongTermCookie(string $name): string {
+		return isset($_COOKIE[$name]) ? $_COOKIE[$name] : '';
 	}
 
 }
-- 
cgit v1.2.3