A lot of code cleanup and code sanitation done.

This commit is contained in:
2026-06-20 00:31:32 +02:00
parent be392b8149
commit d781078c0d
100 changed files with 733 additions and 2097 deletions

View File

@@ -6,8 +6,8 @@ use JetBrains\PhpStorm\NoReturn;
class API
{
public $conn;
public $pdo;
public mixed $conn;
public mixed $pdo;
# The user uuid that requested the API
protected $user_uuid;
@@ -21,7 +21,7 @@ class API
protected $content_type;
# The original posted data to the API, this data is NOT sanitized and validated, never use this data for queries!
public $postedData;
public mixed $postedData;
# The validated and sanitized data can be uses for the API actions
public $data;
@@ -32,7 +32,7 @@ class API
# The return url that the frontend request will forward to after the api call is done. if set to false it will only output
# the json response with an http code. API calls always respond with json. $return_url can be set to supply the form with an input
# with the name _return and value of the url to return to.
public $return_url;
public mixed $return_url;
# Used for the query builder base
public $baseQuery = false;
@@ -46,8 +46,8 @@ class API
public function __construct()
{
require_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/db_connect.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/Functions/globalFunctions.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/bin/php/db_connect.php";
require_once "{$_SERVER['DOCUMENT_ROOT']}/bin/php/Functions/globalFunctions.php";
# Setup Database connection
$this->conn = $GLOBALS['conn'];
@@ -100,7 +100,7 @@ class API
}
private function InitUserTypeFrontend()
private function InitUserTypeFrontend(): void
{
$this->user_uuid = $_SESSION['user']['user_uuid'];
$this->user_type = 'frontend';
@@ -265,8 +265,11 @@ class API
{
switch ($rules['type']) {
case 'string':
case 'password':
case 'html':
if (!is_string($value)) return false;
return $this->isValidLength($value, $rules);
case 'slugify':
if (!is_string($value) || !preg_match('/^[a-z0-9]+(-[a-z0-9]+)*$/', $value)) return false;
return $this->isValidLength($value, $rules);
@@ -290,14 +293,6 @@ class API
if (!filter_var($value, FILTER_VALIDATE_EMAIL)) return false;
return $this->isValidLength($value, $rules);
case 'password':
if (!is_string($value)) return false;
return $this->isValidLength($value, $rules);
case 'html':
if (!is_string($value)) return false;
return $this->isValidLength($value, $rules);
case 'int':
if (!is_int($value) && !ctype_digit($value)) return false;
$value = (int)$value;