Последнии сообщения форума
Всего: 330 Коммитов в репозитории | Отфильтровано: 330 Коммиты | Страница: 1 / 33
Сегодня (01.03.2026)
Refactor: modernise 39 frontend modules — formatting and renames
Uniform cleanup pass across all frontend and admin module files
to align with the PHP 8.4 migration already applied to core.
Core changes:
1. Admin modules — function renames (24 files):
• head() → setHead(), foot() → setFoot() across all admin entry points
* account, auto_links, changelog, clients, contact, content, faq
* files, forum, help, jokes, links, media, money, news, order
* pages, rss, shop, sitemap, voting, whois
2. Indentation normalisation (all 39 files):
• Tabs replaced with 4-space indentation (PSR-12 style)
• Trailing blank lines removed from switch/case blocks
3. clients/index.php — additional refactoring:
• systems() renamed to clients(); save_hidden() renamed to hidden()
• All internal call sites updated accordingly
• status column removed from SELECT (was fetched but never used)
• global $conf removed from download() and generator() (unused)
• Mojibake in $output substitution table fixed (© § Ц № Ў etc.)
• Mojibake in Russian comments decoded to proper UTF-8 Cyrillic
4. Minor improvements in individual modules:
• changelog/index.php: $retcode initialised before by-ref use
• faq/index.php: intermediate $ncat variable eliminated
• news/index.php: spacing normalisation in type-hint default value
Benefits:
• Consistent code style across all module files
• Dead globals and unused SELECT columns removed
• Broken substitution table in clients module corrected
Technical notes:
• No behaviour changes in admin modules; rename-only
• clients/index.php mojibake fix corrects runtime substitution values
to align with the PHP 8.4 migration already applied to core.
Core changes:
1. Admin modules — function renames (24 files):
• head() → setHead(), foot() → setFoot() across all admin entry points
* account, auto_links, changelog, clients, contact, content, faq
* files, forum, help, jokes, links, media, money, news, order
* pages, rss, shop, sitemap, voting, whois
2. Indentation normalisation (all 39 files):
• Tabs replaced with 4-space indentation (PSR-12 style)
• Trailing blank lines removed from switch/case blocks
3. clients/index.php — additional refactoring:
• systems() renamed to clients(); save_hidden() renamed to hidden()
• All internal call sites updated accordingly
• status column removed from SELECT (was fetched but never used)
• global $conf removed from download() and generator() (unused)
• Mojibake in $output substitution table fixed (© § Ц № Ў etc.)
• Mojibake in Russian comments decoded to proper UTF-8 Cyrillic
4. Minor improvements in individual modules:
• changelog/index.php: $retcode initialised before by-ref use
• faq/index.php: intermediate $ncat variable eliminated
• news/index.php: spacing normalisation in type-hint default value
Benefits:
• Consistent code style across all module files
• Dead globals and unused SELECT columns removed
• Broken substitution table in clients module corrected
Technical notes:
• No behaviour changes in admin modules; rename-only
• clients/index.php mojibake fix corrects runtime substitution values
Refactor: PHP 8.4 migration — core/system.php (Batch 4)
Largest core file (5 800+ lines) fully migrated to PHP 8.4 standards:
type declarations on all 103+ functions, array-syntax modernisation,
mojibake elimination, and error-suppression removal.
Core changes:
1. Type declarations (103+ functions):
• Return types added across all public functions
* void, never, string, ?string, int, bool, ?bool, array, array|false
* int|string (is_bot, from_bot), mixed for heterogeneous params
• render_blocks(): void → ?string — function returns string in cases 'p'/'o'
• getBlocks(): return render_blocks() split to call + return (void compliance)
• isArray(): ?bool → bool; logic simplified to always return bool
2. Array syntax (65 single-line conversions + 3 manual fixes):
• array() → [] everywhere except string literals
• Multi-line stream_context_create([...]) fixed manually
• Nested array() inside already-converted [...] on engine line fixed
3. Mojibake elimination (runtime + comments):
• 6 em-dash occurrences (triple-encoded U+2014 → —)
• Cyrillic HTML transliteration table (lines 4815-4817) restored: А–Я
• 17 Russian comment lines translated to English
4. Error suppression removal:
• @mkdir → mkdir (result already checked with if)
• @fopen → fopen (result already checked with if)
Benefits:
• Complete type coverage enables reliable static analysis
• Runtime mojibake in transliteration table eliminated
• All error paths now explicit, no silent suppression
Technical notes:
• No behaviour changes; refactor-only
• Dead code mb_strtolower polyfill (PHP 8.4 built-in) left untouched
type declarations on all 103+ functions, array-syntax modernisation,
mojibake elimination, and error-suppression removal.
Core changes:
1. Type declarations (103+ functions):
• Return types added across all public functions
* void, never, string, ?string, int, bool, ?bool, array, array|false
* int|string (is_bot, from_bot), mixed for heterogeneous params
• render_blocks(): void → ?string — function returns string in cases 'p'/'o'
• getBlocks(): return render_blocks() split to call + return (void compliance)
• isArray(): ?bool → bool; logic simplified to always return bool
2. Array syntax (65 single-line conversions + 3 manual fixes):
• array() → [] everywhere except string literals
• Multi-line stream_context_create([...]) fixed manually
• Nested array() inside already-converted [...] on engine line fixed
3. Mojibake elimination (runtime + comments):
• 6 em-dash occurrences (triple-encoded U+2014 → —)
• Cyrillic HTML transliteration table (lines 4815-4817) restored: А–Я
• 17 Russian comment lines translated to English
4. Error suppression removal:
• @mkdir → mkdir (result already checked with if)
• @fopen → fopen (result already checked with if)
Benefits:
• Complete type coverage enables reliable static analysis
• Runtime mojibake in transliteration table eliminated
• All error paths now explicit, no silent suppression
Technical notes:
• No behaviour changes; refactor-only
• Dead code mb_strtolower polyfill (PHP 8.4 built-in) left untouched
Refactor: PHP 8.4 migration — core/access.php, security.php, user.php
Migrate three core bootstrap files to PHP 8.4 standards:
add return-type declarations to all functions, modernize array syntax,
remove error suppression and update copyright year.
Core changes:
1. Type declarations (access.php, security.php, user.php):
• Add return type hints to all functions
* setUnauthorized(): never, setExit(): never, getIp(): string
* checkSecurity(): void, checkBot(): void, getBotList(): array
* setLang(): void, getLang(): string, getusrinfo(): array|false
* checklogin(): void, getAgent(): string, and more
2. Syntax modernisation (all three files):
• array() constructors → short [] syntax throughout
• Remove @ error-suppression operators where result is already checked
3. Housekeeping:
• Copyright year updated to 2026 (mojibake © → ©)
• Remaining Russian inline comments translated to English
Benefits:
• Static analysis can now verify return types across call sites
• Eliminates silent failures from suppressed errors
• Consistent modern PHP 8.4 syntax
Technical notes:
• No behaviour changes; refactor-only
• setUnauthorized() and setExit() typed never — both call exit
add return-type declarations to all functions, modernize array syntax,
remove error suppression and update copyright year.
Core changes:
1. Type declarations (access.php, security.php, user.php):
• Add return type hints to all functions
* setUnauthorized(): never, setExit(): never, getIp(): string
* checkSecurity(): void, checkBot(): void, getBotList(): array
* setLang(): void, getLang(): string, getusrinfo(): array|false
* checklogin(): void, getAgent(): string, and more
2. Syntax modernisation (all three files):
• array() constructors → short [] syntax throughout
• Remove @ error-suppression operators where result is already checked
3. Housekeeping:
• Copyright year updated to 2026 (mojibake © → ©)
• Remaining Russian inline comments translated to English
Benefits:
• Static analysis can now verify return types across call sites
• Eliminates silent failures from suppressed errors
• Consistent modern PHP 8.4 syntax
Technical notes:
• No behaviour changes; refactor-only
• setUnauthorized() and setExit() typed never — both call exit
Вчера (28.02.2026)
Refactor: migrate $confXX transition aliases to direct $conf['key'] access
Systematically replaces all legacy \$confXX alias references with direct
\$conf['section']['key'] access across admin modules, core, blocks, and
module files as part of the centralized config architecture migration.
Core changes:
1. Admin modules (admin/modules/*.php — 20 files):
• Replace \$confu, \$confn, \$confst, \$confr, \$confpr, \$conffo etc. with
direct \$conf['users'], \$conf['news'], \$conf['statistic'] etc. access
• Remove now-unused alias variables from global declarations
2. Core files (core/admin.php, core/access.php, core/template.php, core/classes/pdo.php):
• Migrate remaining \$confXX references to \$conf['section'] pattern
• Align with getConfig() unified config architecture
3. Blocks and templates (blocks/*.php, templates/**/*.php):
• \$confu, \$conffav, \$confal, \$confv references replaced with direct access
4. Module admin and frontend (modules/*/admin/index.php, modules/shop/index.php):
• \$confXX aliases replaced; global declarations trimmed accordingly
5. Supporting files (index.php, setup/index.php, phpstan-bootstrap.php):
• Remaining alias usages updated to direct \$conf path
Benefits:
• Single source of truth: all config reads go through \$conf loaded by getConfig()
• Eliminates transition alias block dependencies; aliases can be removed incrementally
• Reduces global variable pollution in functions
Technical notes:
• Transition alias block in security.php retained for remaining consumers;
individual aliases removed as their last usage is migrated
• No behavior change: \$conf['key'] values are identical to former \$confXX aliases
\$conf['section']['key'] access across admin modules, core, blocks, and
module files as part of the centralized config architecture migration.
Core changes:
1. Admin modules (admin/modules/*.php — 20 files):
• Replace \$confu, \$confn, \$confst, \$confr, \$confpr, \$conffo etc. with
direct \$conf['users'], \$conf['news'], \$conf['statistic'] etc. access
• Remove now-unused alias variables from global declarations
2. Core files (core/admin.php, core/access.php, core/template.php, core/classes/pdo.php):
• Migrate remaining \$confXX references to \$conf['section'] pattern
• Align with getConfig() unified config architecture
3. Blocks and templates (blocks/*.php, templates/**/*.php):
• \$confu, \$conffav, \$confal, \$confv references replaced with direct access
4. Module admin and frontend (modules/*/admin/index.php, modules/shop/index.php):
• \$confXX aliases replaced; global declarations trimmed accordingly
5. Supporting files (index.php, setup/index.php, phpstan-bootstrap.php):
• Remaining alias usages updated to direct \$conf path
Benefits:
• Single source of truth: all config reads go through \$conf loaded by getConfig()
• Eliminates transition alias block dependencies; aliases can be removed incrementally
• Reduces global variable pollution in functions
Technical notes:
• Transition alias block in security.php retained for remaining consumers;
individual aliases removed as their last usage is migrated
• No behavior change: \$conf['key'] values are identical to former \$confXX aliases
Refactor: use $conf['sitemap'] directly; fix favorliste undefined \$num bug
Removes redundant config file re-inclusion in sitemap functions and fixes
a variable name regression introduced during the $confXX → $conf migration.
Core changes:
1. Sitemap config access (core/system.php):
• doSitemap(): replace include('config/sitemap.php') + \$confma extraction
with direct \$conf['sitemap']['key'] — config already loaded by getConfig()
• setHead(): same fix — removes duplicate filesystem read on every page load
• All \$confma['...'] references replaced with \$conf['sitemap']['...']
• \$sitemap_data intermediate variable eliminated
2. Bug fix (core/user.php):
• favorliste(): \$a = (\$num) ? ... used undefined \$num after renaming to \$cid
during config migration; fixed to \$a = (\$cid) ? \$offset + 1 : 1
Benefits:
• Eliminates one file_get_contents / include per sitemap check per request
• No stale intermediate variable; config path is uniform across codebase
• Pagination counter in favorliste() now correctly reflects current page
Technical notes:
• \$confma transition alias in security.php is now fully unused; safe to remove
• \$conf['sitemap'] is populated by getConfig() from config/sitemap.php return value
a variable name regression introduced during the $confXX → $conf migration.
Core changes:
1. Sitemap config access (core/system.php):
• doSitemap(): replace include('config/sitemap.php') + \$confma extraction
with direct \$conf['sitemap']['key'] — config already loaded by getConfig()
• setHead(): same fix — removes duplicate filesystem read on every page load
• All \$confma['...'] references replaced with \$conf['sitemap']['...']
• \$sitemap_data intermediate variable eliminated
2. Bug fix (core/user.php):
• favorliste(): \$a = (\$num) ? ... used undefined \$num after renaming to \$cid
during config migration; fixed to \$a = (\$cid) ? \$offset + 1 : 1
Benefits:
• Eliminates one file_get_contents / include per sitemap check per request
• No stale intermediate variable; config path is uniform across codebase
• Pagination counter in favorliste() now correctly reflects current page
Technical notes:
• \$confma transition alias in security.php is now fully unused; safe to remove
• \$conf['sitemap'] is populated by getConfig() from config/sitemap.php return value
Fix: remove BOM, move ob_start before bootstrap, drop register_globals dead code
Fixes an intermittent session_start() failure caused by three independent
issues in core/security.php that together prevented reliable output buffering.
Core changes:
1. Bootstrap output buffering (core/security.php):
• Remove UTF-8 BOM that was emitting 3 bytes before <?php on every cold
request, committing HTTP headers before session_start() could set its cookie
• Move ob_start() to line 10 — before getConfig(), setLang(), and DB
connection — so any PHP notices/warnings from bootstrap are also buffered
• Remove duplicate ob_start() block that was placed after all bootstrap ops
2. Legacy cleanup (core/security.php):
• Remove '# Murder variables' unset() block — dead code from register_globals
era (PHP 4.x); register_globals was removed in PHP 5.4 (2012); all listed
variables are either function-scoped or assigned immediately after
Benefits:
• session_start() no longer fails with 'headers already sent'
• Bootstrap is clean and deterministic regardless of OPcache state
• Dead code removed: 3 lines of unset() with zero security value in PHP 8.4
Technical notes:
• output_buffering = 0 in OSPanel php.ini confirmed — ob_start() in security
is the only buffer; must be first executable line after FUNC_FILE check
• BOM removal applied via binary file_put_contents; no content change
issues in core/security.php that together prevented reliable output buffering.
Core changes:
1. Bootstrap output buffering (core/security.php):
• Remove UTF-8 BOM that was emitting 3 bytes before <?php on every cold
request, committing HTTP headers before session_start() could set its cookie
• Move ob_start() to line 10 — before getConfig(), setLang(), and DB
connection — so any PHP notices/warnings from bootstrap are also buffered
• Remove duplicate ob_start() block that was placed after all bootstrap ops
2. Legacy cleanup (core/security.php):
• Remove '# Murder variables' unset() block — dead code from register_globals
era (PHP 4.x); register_globals was removed in PHP 5.4 (2012); all listed
variables are either function-scoped or assigned immediately after
Benefits:
• session_start() no longer fails with 'headers already sent'
• Bootstrap is clean and deterministic regardless of OPcache state
• Dead code removed: 3 lines of unset() with zero security value in PHP 8.4
Technical notes:
• output_buffering = 0 in OSPanel php.ini confirmed — ob_start() in security
is the only buffer; must be first executable line after FUNC_FILE check
• BOM removal applied via binary file_put_contents; no content change
Chore: remove \$locale from admin globals; drop no-op getLang() calls in user.php
After setLang() was introduced as the sole bootstrap initializer for \$locale,
two categories of dead code emerged and are now removed.
Core changes:
1. admin/index.php — two global declarations:
• getAdminPanelBlocks(): remove \$locale from global list
* Was needed for require_once \$path.'/language/'.\$locale.'.php'
* Now replaced by getLang(\$name, true) which reads \$locale internally
• getAdminPanel(): remove \$locale from global list
* Same reason as above
2. core/user.php — two no-op calls removed:
• rss_channel(): remove getLang()
* setLang() in bootstrap already loaded language/{\$locale}.php
* _CHARSET constant is available before rss_channel() is ever called
• open_search(): remove getLang()
* Same reason — \$locale and all main constants set at bootstrap
Benefits:
• global declarations reflect actual dependencies (no phantom imports)
• No dead function calls in the hot path of rss and opensearch endpoints
two categories of dead code emerged and are now removed.
Core changes:
1. admin/index.php — two global declarations:
• getAdminPanelBlocks(): remove \$locale from global list
* Was needed for require_once \$path.'/language/'.\$locale.'.php'
* Now replaced by getLang(\$name, true) which reads \$locale internally
• getAdminPanel(): remove \$locale from global list
* Same reason as above
2. core/user.php — two no-op calls removed:
• rss_channel(): remove getLang()
* setLang() in bootstrap already loaded language/{\$locale}.php
* _CHARSET constant is available before rss_channel() is ever called
• open_search(): remove getLang()
* Same reason — \$locale and all main constants set at bootstrap
Benefits:
• global declarations reflect actual dependencies (no phantom imports)
• No dead function calls in the hot path of rss and opensearch endpoints
Refactor: split getLang() into setLang() + getLang() — separate concerns
Extracts locale determination and main file loading into a dedicated
setLang(): void called once per request from bootstrap. getLang() now
only loads module language files and returns \$locale — locale detection
code no longer runs on every module getLang() call.
Core changes:
1. setLang() (new, core/security.php):
• Determines active \$locale from config, \$_REQUEST, cookie
• Loads main language/\{locale\}.php with fallback to \$mlang
• Sets language cookie when locale changes
• void return — init function, called once in bootstrap
2. getLang() (simplified, core/security.php):
• Removes locale detection block (moved to setLang)
• Removes static \$mload flag — no longer needed
• Guards: if (\$module === '') return \$locale; — no-op for bare calls
• Only responsibility: load module language file + return locale
3. Bootstrap (core/security.php:26):
• getLang() → setLang()
Benefits:
• Locale detection runs exactly once per request (was N times)
• getCookies() / getVar() called once instead of per getLang() call
• getLang() responsibility is now single: load module file
• set/get verb split matches coding-standards §3: set=side-effect init,
get=return value — previously get was doing set work (cookie, locale)
• \$mload static removed — setLang() handles main file, require_once deduplicates
Technical notes:
• All existing getLang(\$name) / getLang(\$name, true) call sites unchanged
• getLang() bare calls in user.php (rss_channel, open_search) return \$locale — no-op, harmless
• \$locale global is set by setLang() before any module code executes
setLang(): void called once per request from bootstrap. getLang() now
only loads module language files and returns \$locale — locale detection
code no longer runs on every module getLang() call.
Core changes:
1. setLang() (new, core/security.php):
• Determines active \$locale from config, \$_REQUEST, cookie
• Loads main language/\{locale\}.php with fallback to \$mlang
• Sets language cookie when locale changes
• void return — init function, called once in bootstrap
2. getLang() (simplified, core/security.php):
• Removes locale detection block (moved to setLang)
• Removes static \$mload flag — no longer needed
• Guards: if (\$module === '') return \$locale; — no-op for bare calls
• Only responsibility: load module language file + return locale
3. Bootstrap (core/security.php:26):
• getLang() → setLang()
Benefits:
• Locale detection runs exactly once per request (was N times)
• getCookies() / getVar() called once instead of per getLang() call
• getLang() responsibility is now single: load module file
• set/get verb split matches coding-standards §3: set=side-effect init,
get=return value — previously get was doing set work (cookie, locale)
• \$mload static removed — setLang() handles main file, require_once deduplicates
Technical notes:
• All existing getLang(\$name) / getLang(\$name, true) call sites unchanged
• getLang() bare calls in user.php (rss_channel, open_search) return \$locale — no-op, harmless
• \$locale global is set by setLang() before any module code executes
Fix: misc admin module corrections (changelog, rss, voting, auto_links)
Leftover uncommitted fixes from previous refactoring session.
Core changes:
1. changelog/admin/index.php:
• Extract exec() call into gitexec() wrapper with safety guards
* Validates function exists, rejects control chars, checks 'git log' presence
• Change rencom(array, array) to rencom(array) — \$conf accessed via global
• Fix config key refs: \$conf['showstat'] → \$conf['changelog']['showstat'],
\$conf['showfile'] → \$conf['changelog']['showfile']
• Add missing \$conf to global declarations in changelog() and conf()
2. rss/admin/index.php:
• Add \$conf to global declarations in rss() and save()
3. voting/admin/index.php:
• Add \$conf to global declaration in conf()
4. auto_links/admin/index.php:
• Remove redundant inline comment on safe SQL concatenation
Benefits:
• exec() now wrapped in a safety-checked helper — reduces attack surface
• Config access uses correct \$conf['changelog'] sub-key path
Core changes:
1. changelog/admin/index.php:
• Extract exec() call into gitexec() wrapper with safety guards
* Validates function exists, rejects control chars, checks 'git log' presence
• Change rencom(array, array) to rencom(array) — \$conf accessed via global
• Fix config key refs: \$conf['showstat'] → \$conf['changelog']['showstat'],
\$conf['showfile'] → \$conf['changelog']['showfile']
• Add missing \$conf to global declarations in changelog() and conf()
2. rss/admin/index.php:
• Add \$conf to global declarations in rss() and save()
3. voting/admin/index.php:
• Add \$conf to global declaration in conf()
4. auto_links/admin/index.php:
• Remove redundant inline comment on safe SQL concatenation
Benefits:
• exec() now wrapped in a safety-checked helper — reduces attack surface
• Config access uses correct \$conf['changelog'] sub-key path
Refactor: migrate getLang() calls in core/user.php; remove backward-compat shim
All call sites migrated to getLang(). The temporary get_lang() shim
added during staged rollout is removed from core/security.php. All
occurrences of the old function name are now gone from the codebase
(exception: 'get_lang' string literal in filemanager plugin switch-case,
which is unrelated to the language loader).
Core changes:
1. core/user.php — 6 call sites:
• navi() line 74: get_lang('account') → getLang('account')
• navi() line 88: get_lang('clients') → getLang('clients')
• navi() line 95: get_lang('shop') → getLang('shop')
• navi() line 109: get_lang('help') → getLang('help')
• rss_channel() line 713: get_lang() → getLang()
• open_search() line 824: get_lang() → getLang()
2. core/security.php:
• Remove get_lang() backward-compat shim (3 lines)
Benefits:
• Codebase fully migrated to getLang() — single consistent API
• Dead shim code eliminated
• Refactoring CSV entry: get_lang,getLang,get,Lang,string,rename+extend
Technical notes:
• plugins/filemanager/ajax_calls.php uses 'get_lang' as a string
constant in a switch-case — not a function call, not modified
added during staged rollout is removed from core/security.php. All
occurrences of the old function name are now gone from the codebase
(exception: 'get_lang' string literal in filemanager plugin switch-case,
which is unrelated to the language loader).
Core changes:
1. core/user.php — 6 call sites:
• navi() line 74: get_lang('account') → getLang('account')
• navi() line 88: get_lang('clients') → getLang('clients')
• navi() line 95: get_lang('shop') → getLang('shop')
• navi() line 109: get_lang('help') → getLang('help')
• rss_channel() line 713: get_lang() → getLang()
• open_search() line 824: get_lang() → getLang()
2. core/security.php:
• Remove get_lang() backward-compat shim (3 lines)
Benefits:
• Codebase fully migrated to getLang() — single consistent API
• Dead shim code eliminated
• Refactoring CSV entry: get_lang,getLang,get,Lang,string,rename+extend
Technical notes:
• plugins/filemanager/ajax_calls.php uses 'get_lang' as a string
constant in a switch-case — not a function call, not modified
