refactoring

lam/lib/config.inc

@@ -1004,7 +1004,7 @@ class LAMConfig {
 	/** hide password prompt for expired passwords */
 	private $hidePasswordPromptForExpiredPasswords = 'false';
 
-	/** Array of string: users with admin rights */
+	/** list of users with admin rights, separated by semicolon */
 	private $Admins;
 
 	/** Password to edit preferences */
@@ -1473,9 +1473,9 @@ class LAMConfig {
 	/**
 	* Returns an array of string with all admin names
 	*
-	* @return array the admin names
+	* @return string[] the admin names
 	*/
-	public function get_Admins() {
+	public function get_Admins(): array {
 		return explode(";", $this->Admins);
 	}
 

lam/lib/types.inc

@@ -3,7 +3,7 @@ namespace LAM\TYPES;
 /*
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2005 - 2023  Roland Gruber
+  Copyright (C) 2005 - 2024  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -21,6 +21,8 @@ namespace LAM\TYPES;
 
 */
 
+use baseType;
+
 /**
 * This file is the interface to the different account types.
 *
@@ -99,9 +101,9 @@ function getScopeFromTypeId($typeId) {
  */
 class ConfiguredType {
 
-	private $scope;
+	private string $scope;
 
-	private $id;
+	private string $id;
 
 	private $suffix;
 
@@ -115,16 +117,16 @@ class ConfiguredType {
 
 	private $baseType;
 
-	private $typeManager;
+	private ?TypeManager $typeManager;
 
 	/**
 	 * Constructor
 	 *
-	 * @param TypeManager $typeManager type manager
+	 * @param TypeManager|null $typeManager type manager
 	 * @param string $scope account type
 	 * @param string $id unique ID for this configuration
 	 */
-	public function __construct(&$typeManager, $scope, $id) {
+	public function __construct(?TypeManager &$typeManager, string $scope, string $id) {
 		$this->typeManager = &$typeManager;
 		$this->scope = $scope;
 		$this->id = $id;
@@ -135,7 +137,7 @@ class ConfiguredType {
 	 *
 	 * @return TypeManager type manager
 	 */
-	public function getTypeManager() {
+	public function getTypeManager(): TypeManager {
 		return $this->typeManager;
 	}
 
@@ -144,7 +146,7 @@ class ConfiguredType {
 	 *
 	 * @return string account type
 	 */
-	public function getScope() {
+	public function getScope(): string {
 		return $this->scope;
 	}
 
@@ -153,7 +155,7 @@ class ConfiguredType {
 	 *
 	 * @return string unique id
 	 */
-	public function getId() {
+	public function getId(): string {
 		return $this->id;
 	}
 
@@ -162,7 +164,7 @@ class ConfiguredType {
 	 *
 	 * @return string LDAP suffix
 	 */
-	public function getSuffix() {
+	public function getSuffix(): string {
 		if ($this->suffix !== null) {
 			return $this->suffix;
 		}
@@ -175,7 +177,7 @@ class ConfiguredType {
 	 *
 	 * @return ListAttribute[] list of ListAttribute
 	 */
-	public function getAttributes() {
+	public function getAttributes(): array {
 		if ($this->attributes !== null) {
 			return $this->attributes;
 		}
@@ -194,7 +196,7 @@ class ConfiguredType {
 	 *
 	 * @return string alias name
 	 */
-	public function getAlias() {
+	public function getAlias(): string {
 		if ($this->alias !== null) {
 			return $this->alias;
 		}
@@ -210,21 +212,21 @@ class ConfiguredType {
 	 *
 	 * @return string LDAP filter
 	 */
-	public function getAdditionalLdapFilter() {
+	public function getAdditionalLdapFilter(): string {
 		if ($this->additionalLdapFilter !== null) {
 			return $this->additionalLdapFilter;
 		}
 		$typeSettings = $this->typeManager->getConfig()->get_typeSettings();
-		$this->additionalLdapFilter = isset($typeSettings['filter_' . $this->id]) ? $typeSettings['filter_' . $this->id] : '';
+		$this->additionalLdapFilter = $typeSettings['filter_' . $this->id] ?? '';
 		return $this->additionalLdapFilter;
 	}
 
 	/**
 	 * Returns if this configuration is hidden.
 	 *
-	 * @return boolean hidden
+	 * @return bool hidden
 	 */
-	public function isHidden() {
+	public function isHidden(): bool {
 		if ($this->hidden !== null) {
 			return $this->hidden;
 		}
@@ -235,9 +237,9 @@ class ConfiguredType {
 	/**
 	 * Returns the base type of this configured type.
 	 *
-	 * @return \baseType base type
+	 * @return baseType base type
 	 */
-	public function getBaseType() {
+	public function getBaseType(): baseType {
 		if ($this->baseType != null) {
 			return $this->baseType;
 		}
@@ -251,7 +253,7 @@ class ConfiguredType {
 	 *
 	 * @return array sorted list of possible suffixes for this type.
 	 */
-	public function getSuffixList() {
+	public function getSuffixList(): array {
 		$connection = $_SESSION["ldap"]->server();
 		$ret = [];
 		$filter = $this->getBaseType()->getSuffixFilter();
@@ -291,7 +293,7 @@ class ConfiguredType {
 	 *
 	 * @return string[] module names
 	 */
-	public function getModules() {
+	public function getModules(): array {
 		$typeSettings = $this->typeManager->getConfig()->get_typeSettings();
 		if (empty($typeSettings['modules_' . $this->getId()])) {
 			return [];
@@ -328,15 +330,15 @@ class ListAttribute {
 	 *
 	 * @param string $attributeSpec spec of attribute (e.g. '#uid' or 'uid:User')
 	 */
-	public function __construct($attributeSpec) {
+	public function __construct(string $attributeSpec) {
 		$this->attributeSpec = $attributeSpec;
 	}
 	/**
 	 * Returns the name of the LDAP attribute.
 	 *
 	 * @return string $attributeName name
 	 */
-	public function getAttributeName() {
+	public function getAttributeName(): string {
 		if ($this->isPredefined()) {
 			return substr($this->attributeSpec, 1);
 		}
@@ -365,9 +367,9 @@ class ListAttribute {
 	/**
 	 * Returns if this is a predefined attribute name.
 	 *
-	 * @return boolean is predefined
+	 * @return bool is predefined
 	 */
-	private function isPredefined() {
+	private function isPredefined(): bool {
 		return strpos($this->attributeSpec, '#') === 0;
 	}
 

lam/templates/help.php

@@ -135,7 +135,7 @@ function displayHelp(array $helpEntry): void {
     }
     $helpEntry = getHelp($moduleName, $_GET['HelpNumber'], $scope);
 	if (!$helpEntry) {
-		$variables = [htmlspecialchars($_GET['HelpNumber']), htmlspecialchars($moduleName)];
+		$variables = [htmlspecialchars((string) $_GET['HelpNumber']), htmlspecialchars((string) $moduleName)];
 		$errorMessage = _("Sorry, the help id '%s' is not available for the module '%s'.");
 		echoHTMLHead();
 		statusMessage("ERROR", "", $errorMessage, $variables);
@@ -147,7 +147,7 @@ function displayHelp(array $helpEntry): void {
 else {
 	/* If submitted help number is not in help/help.inc print error message */
 	if (!array_key_exists($_GET['HelpNumber'], $helpArray)) {
-		$variables = [htmlspecialchars($_GET['HelpNumber'])];
+		$variables = [htmlspecialchars((string) $_GET['HelpNumber'])];
 		$errorMessage = _("Sorry, the help number %s is not available.");
 		echoHTMLHead();
 		statusMessage("ERROR", "", $errorMessage, $variables);

lam/templates/lists/deletelink.php

@@ -2,7 +2,7 @@
 /*
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2007 - 2023  Roland Gruber
+  Copyright (C) 2007 - 2024  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -43,14 +43,14 @@
 setlanguage();
 
 // get account name and type
-$dn = $_GET['DN'];
-$type = $_GET['type'];
+$dn = (string) $_GET['DN'];
+$type = (string) $_GET['type'];
 if (!preg_match('/^[a-z0-9_]+$/i', $type)) {
 	logNewMessage(LOG_ERR, 'Invalid type: ' . $type);
 	die();
 }
 
-if (isset($dn) && isset($type)) {
+if (!empty($dn) && !empty($type)) {
 	if (str_starts_with($dn, "'")) {
 		$dn = substr($dn, 1);
 	}
@@ -68,5 +68,3 @@
 	StatusMessage("ERROR", "No account or type given.");
 	include __DIR__ . '/../../lib/adminFooter.inc';
 }
-
-?>

lam/templates/login.php

@@ -24,7 +24,7 @@
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
   Copyright (C) 2003 - 2006  Michael Duergner
-                2005 - 2023  Roland Gruber
+                2005 - 2024  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -93,7 +93,7 @@
 	if (in_array($_GET['useProfile'], $profiles)) {
 		$cookieOptions = lamDefaultCookieOptions();
 		$cookieOptions['expires'] = time() + (60 * 60 * 24 * 365);
-		setcookie("lam_default_profile", $_GET['useProfile'], $cookieOptions);
+		setcookie("lam_default_profile", (string) $_GET['useProfile'], $cookieOptions);
 	}
 	else {
 		unset($_GET['useProfile']);
@@ -104,7 +104,7 @@
 if (isset($_POST['language'])) {
 	$cookieOptions = lamDefaultCookieOptions();
 	$cookieOptions['expires'] = time() + (60 * 60 * 24 * 365);
-	setcookie('lam_last_language', htmlspecialchars($_POST['language']), $cookieOptions);
+	setcookie('lam_last_language', htmlspecialchars((string) $_POST['language']), $cookieOptions);
 }
 
 // init some session variables
@@ -146,7 +146,7 @@
 $encoding = 'UTF-8';
 if (isset($_COOKIE['lam_last_language'])) {
 	foreach ($possibleLanguages as $lang) {
-		if (str_starts_with($_COOKIE['lam_last_language'], $lang->code)) {
+		if (str_starts_with((string) $_COOKIE['lam_last_language'], $lang->code)) {
 			$_SESSION['language'] = $lang->code;
 			$encoding = $lang->encoding;
 			break;
@@ -156,7 +156,7 @@
 elseif (!empty($_SESSION["config"])) {
 	$defaultLang = $_SESSION["config"]->get_defaultLanguage();
 	foreach ($possibleLanguages as $lang) {
-		if (str_starts_with($defaultLang, $lang->code)) {
+		if (str_starts_with((string) $defaultLang, $lang->code)) {
 			$_SESSION['language'] = $lang->code;
 			$encoding = $lang->encoding;
 			break;
@@ -168,7 +168,7 @@
 }
 if (isset($_POST['language'])) {
 	foreach ($possibleLanguages as $lang) {
-		if (str_starts_with($_POST['language'], $lang->code)) {
+		if (str_starts_with((string) $_POST['language'], $lang->code)) {
 			$_SESSION['language'] = $lang->code;
 			$encoding = $lang->encoding;
 			break;
@@ -275,7 +275,7 @@ function display_LoginPage(?LAMLicenseValidator $licenseValidator, ?string $erro
 								$admins = $config_object->get_Admins();
 								$adminList = [];
 								foreach ($admins as $admin) {
-									$text = explode(",", $admin);
+									$text = explode(",", (string) $admin);
 									$text = explode("=", $text[0]);
 									if (isset($text[1])) {
 										$adminList[$text[1]] = $admin;
@@ -337,7 +337,7 @@ function display_LoginPage(?LAMLicenseValidator $licenseValidator, ?string $erro
 							$defaultLanguage = [];
 							foreach ($possibleLanguages as $lang) {
 								$languageList[$lang->description] = $lang->code;
-								if (str_starts_with(trim($_SESSION["language"]), $lang->code)) {
+								if (str_starts_with(trim((string) $_SESSION["language"]), $lang->code)) {
 									$defaultLanguage[] = $lang->code;
 								}
 							}
@@ -509,7 +509,7 @@ function displayLoginHeader() : void {
 		$cookieOptions = lamDefaultCookieOptions();
 		$cookieOptions['expires'] = time() + (60 * 60 * 24 * 365);
 		if (isset($_POST['rememberLogin']) && ($_POST['rememberLogin'] == 'on')) {
-			setcookie('lam_login_name', $_POST['username'], $cookieOptions);
+			setcookie('lam_login_name', (string) $_POST['username'], $cookieOptions);
 		}
 		else if (isset($_COOKIE['lam_login_name']) && ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH)) {
 			setcookie('lam_login_name', '', $cookieOptions);

lam/templates/misc/ajax.php

@@ -88,7 +88,7 @@ public function handleRequest(): void {
 		if (isset($_GET['module']) && isset($_GET['scope']) && in_array($_GET['module'], getAvailableModules($_GET['scope']))) {
 			enforceUserIsLoggedIn();
 			if (isset($_GET['useContainer']) && ($_GET['useContainer'] == '1')) {
-				$sessionKey  = htmlspecialchars($_GET['editKey']);
+				$sessionKey  = htmlspecialchars((string) $_GET['editKey']);
 				if (!isset($_SESSION[$sessionKey])) {
 					logNewMessage(LOG_ERR, 'Unable to find account container');
 					die();
@@ -108,7 +108,7 @@ public function handleRequest(): void {
 		$function = $_GET['function'];
 
 		if (($function === 'passwordStrengthCheck') && isset($_POST['jsonInput'])) {
-			$this->checkPasswordStrength(json_decode($_POST['jsonInput'], true, 512, JSON_THROW_ON_ERROR));
+			$this->checkPasswordStrength(json_decode((string) $_POST['jsonInput'], true, 512, JSON_THROW_ON_ERROR));
 			die();
 		}
 		if ($function === 'webauthn') {
@@ -128,7 +128,7 @@ public function handleRequest(): void {
 		}
 		enforceUserIsLoggedIn();
 		if (($function === 'passwordChange') && isset($_POST['jsonInput'])) {
-			self::managePasswordChange(json_decode($_POST['jsonInput'], true, 512, JSON_THROW_ON_ERROR));
+			self::managePasswordChange(json_decode((string) $_POST['jsonInput'], true, 512, JSON_THROW_ON_ERROR));
 		}
 		elseif ($function === 'import') {
 			include_once('../../lib/import.inc');
@@ -200,7 +200,7 @@ public static function setHeader(): void {
 	 * @param array<mixed> $input input parameters
 	 */
 	private static function managePasswordChange(array $input): void {
-		$sessionKey  = htmlspecialchars($_GET['editKey']);
+		$sessionKey  = htmlspecialchars((string) $_GET['editKey']);
 		$return = $_SESSION[$sessionKey]->setNewPassword($input);
 		echo json_encode($return, JSON_THROW_ON_ERROR);
 	}
@@ -407,7 +407,7 @@ private function manageWebauthnOwnDevices(): void {
 	 * @return string JSON output
 	 */
 	private function dnSelection(): string {
-		$dn = trim($_POST['dn']);
+		$dn = trim((string) $_POST['dn']);
 		if (empty($dn) || !get_preg($dn, 'dn')) {
 			$dnList = $this->getDefaultDns();
 		}
@@ -449,7 +449,7 @@ private function getDefaultDns() {
 	 * @return string HTML code
 	 */
 	private function buildDnSelectionHtml($dnList, $currentDn): string {
-		$fieldId = trim($_POST['fieldId']);
+		$fieldId = trim((string) $_POST['fieldId']);
 		$mainRow = new htmlResponsiveRow();
 		$onclickUp = 'window.lam.html.updateDnSelection(this, \''
 				. htmlspecialchars($fieldId) . '\', \'' . getSecurityTokenName() . '\', \''