From f5044a400c5b6c3263a922925a85793f7a0ca7c8 Mon Sep 17 00:00:00 2001 From: kodiakhq Date: Wed, 6 Mar 2024 02:50:26 +0000 Subject: [PATCH] deploy: 38bb9866b6ea71f16ace6bc0e0aa08f9fc707f09 --- classes/rex-cronjob-manager-sql.html | 20 +-- classes/rex.html | 149 ++++++++++-------- .../addons/cronjob/lib/manager_sql.php.txt | 5 +- .../redaxo/src/core/lib/rex.php.txt | 10 ++ .../redaxo/src/core/lib/util/i18n.php.txt | 8 +- reports/deprecated.html | 2 +- 6 files changed, 116 insertions(+), 78 deletions(-) diff --git a/classes/rex-cronjob-manager-sql.html b/classes/rex-cronjob-manager-sql.html index a65d1bc85..97666dbe8 100644 --- a/classes/rex-cronjob-manager-sql.html +++ b/classes/rex-cronjob-manager-sql.html @@ -330,9 +330,9 @@

@@ -584,9 +584,9 @@

@@ -753,9 +753,9 @@

@@ -894,9 +894,9 @@

@@ -1007,9 +1007,9 @@

diff --git a/classes/rex.html b/classes/rex.html index f45ef12e9..106b25c73 100644 --- a/classes/rex.html +++ b/classes/rex.html @@ -582,9 +582,9 @@

Returns the title tag and if the property "use_accesskeys" is true, the accesskey tag.

@@ -742,9 +742,9 @@

Returns the console application.

@@ -779,9 +779,9 @@

@@ -840,9 +840,9 @@

Returns the debug flags.

@@ -877,9 +877,9 @@

Returns the dir perm.

@@ -914,9 +914,9 @@

Returns the environment.

@@ -967,9 +967,9 @@

Returns the error email.

@@ -1004,9 +1004,9 @@

Returns the file perm.

@@ -1041,9 +1041,9 @@

Returns the current impersonator user.

@@ -1078,9 +1078,9 @@

@@ -1130,9 +1130,9 @@

@@ -1166,9 +1166,9 @@

Returns a property.

@@ -1285,9 +1285,9 @@

@@ -1321,9 +1321,9 @@

Returns the server URL.

@@ -1368,9 +1368,9 @@

Returns the server name.

@@ -1405,9 +1405,9 @@

Adds the table prefix to the table name.

@@ -1454,9 +1454,9 @@

Returns the table prefix.

@@ -1516,9 +1516,9 @@

Returns the temp prefix.

@@ -1532,6 +1532,31 @@

+

+ Tags + + +
+
+
+ phpstandba-inference-placeholder +
+
+ +

'tmp_'

+
+ +
+
+ psalm-taint-escape +
+
+ +

sql

+
+ +
+
Return values
@@ -1553,9 +1578,9 @@

Returns the current backend theme.

@@ -1590,9 +1615,9 @@

Returns the current user.

@@ -1627,9 +1652,9 @@

Returns the redaxo version.

@@ -1676,9 +1701,9 @@

@@ -1812,9 +1837,9 @@

Returns if a property is set.

@@ -1865,9 +1890,9 @@

Returns if the environment is the backend.

@@ -1902,9 +1927,9 @@

Returns if the debug mode is active.

@@ -1939,9 +1964,9 @@

Returns if the environment is the frontend.

@@ -1976,9 +2001,9 @@

Returns if the live mode is active.

@@ -2013,9 +2038,9 @@

Returns if the safe mode is active.

@@ -2050,9 +2075,9 @@

Returns if the setup is active.

@@ -2154,9 +2179,9 @@

Removes a property.

@@ -2224,9 +2249,9 @@

Returns the current user.

diff --git a/files/redaxo-main/redaxo/src/addons/cronjob/lib/manager_sql.php.txt b/files/redaxo-main/redaxo/src/addons/cronjob/lib/manager_sql.php.txt index 8dd3c7ef8..9b183eeae 100644 --- a/files/redaxo-main/redaxo/src/addons/cronjob/lib/manager_sql.php.txt +++ b/files/redaxo-main/redaxo/src/addons/cronjob/lib/manager_sql.php.txt @@ -198,8 +198,11 @@ class rex_cronjob_manager_sql continue; } + /** @psalm-taint-escape callable */ // It is intended that the class name is coming from database + $type = $job['type']; + $manager = $this->getManager(); - $manager->setCronjob(rex_cronjob::factory($job['type'])); + $manager->setCronjob(rex_cronjob::factory($type)); $manager->log(false, 0 != connection_status() ? 'Timeout' : 'Unknown error'); $this->setNextTime($job['id'], $job['interval'], true); } diff --git a/files/redaxo-main/redaxo/src/core/lib/rex.php.txt b/files/redaxo-main/redaxo/src/core/lib/rex.php.txt index 62d96a52b..4eb619a29 100644 --- a/files/redaxo-main/redaxo/src/core/lib/rex.php.txt +++ b/files/redaxo-main/redaxo/src/core/lib/rex.php.txt @@ -122,6 +122,12 @@ class rex if (null !== $value && !$value instanceof rex_console_application) { throw new InvalidArgumentException(sprintf('"%s" property: expecting $value to be an instance of rex_console_application, "%s" found!', $key, get_debug_type($value))); } + break; + case 'version': + if (!is_string($value) || !preg_match('/^\d+(?:\.\d+)*(?:-\w+)?$/', $value)) { + throw new InvalidArgumentException('"' . $key . '" property: expecting $value to be a valid version string'); + } + break; } $exists = isset(self::$properties[$key]); self::$properties[$key] = $value; @@ -345,6 +351,9 @@ class rex * Returns the temp prefix. * * @return non-empty-string + * + * @phpstandba-inference-placeholder 'tmp_' + * @psalm-taint-escape sql */ public static function getTempPrefix() { @@ -473,6 +482,7 @@ class rex */ public static function getVersion($format = null) { + /** @psalm-taint-escape file */ $version = self::getProperty('version'); if ($format) { diff --git a/files/redaxo-main/redaxo/src/core/lib/util/i18n.php.txt b/files/redaxo-main/redaxo/src/core/lib/util/i18n.php.txt index b9531d0de..87cf3a477 100644 --- a/files/redaxo-main/redaxo/src/core/lib/util/i18n.php.txt +++ b/files/redaxo-main/redaxo/src/core/lib/util/i18n.php.txt @@ -29,7 +29,7 @@ class rex_i18n public static function setLocale($locale, $phpSetLocale = true) { $saveLocale = self::getLocale(); - self::$locale = $locale; + self::$locale = self::validateLocale($locale); if (empty(self::$loaded[$locale])) { self::loadAll($locale); @@ -66,7 +66,7 @@ class rex_i18n public static function getLocale() { if (!self::$locale) { - self::$locale = rex::getProperty('lang'); + self::$locale = self::validateLocale(rex::getProperty('lang')); } return self::$locale; @@ -453,13 +453,13 @@ class rex_i18n /** * @param string $locale Locale * - * @return string the validated locale + * @return non-empty-string the validated locale * * @psalm-taint-escape file */ private static function validateLocale(string $locale): string { - if (!preg_match('/^[a-z]{2}_[a-z]{2}$/', $locale)) { + if (!$locale || !preg_match('/^[a-z]{2}_[a-z]{2}$/', $locale)) { throw new rex_exception('Invalid locale "' . $locale . '"'); } return $locale; diff --git a/reports/deprecated.html b/reports/deprecated.html index 8ffec5838..b3a59f375 100644 --- a/reports/deprecated.html +++ b/reports/deprecated.html @@ -532,7 +532,7 @@

rex.php

Reason - 489 + 499 rex::getVersionHash()

since 5.10, use rex_version::gitHash instead