Всего: 230 Коммитов в репозитории |
Отфильтровано: 230 Коммиты |
Страница: 21 / 23
28.11.2025
Modernize: lang.php - getVar() + typed parameters
Modernized all input handling and config save:
1. lang_navi()
- func_get_args() → typed parameters
- Added return type: string
2. lang_file()
- $_GET['mod_dir'] → getVar('get', 'mod_dir', 'var', '')
- $_GET['adm_fl'] → getVar('get', 'adm_fl', 'bool', false)
- $_GET['lng_wh'] → getVar('get', 'lng_wh', 'var', '')
3. lang_save()
- $_POST['mod_dir'] → getVar('post', 'mod_dir', 'var', '')
- $_POST['lwh'] → getVar('post', 'lwh', 'var', '')
- $_POST['lcn'] → getVar('post', 'lcn[]', 'var') (bracket notation)
- $_POST['cnst'] → getVar('post', 'cnst[]', 'var')
- $_POST['lng'] → getVar('post', 'lng', 'var', [])
4. lang_conf_save()
- $_POST → getVar() for all inputs
- save_conf() → setConfigFile() (modern API)
- Compact array-based config structure
- Added void return type
Benefits:
• Consistent input filtering across module
• Type safety with modern PHP 8 patterns
• Bracket notation for arrays
• Secure config file handling
1. lang_navi()
- func_get_args() → typed parameters
- Added return type: string
2. lang_file()
- $_GET['mod_dir'] → getVar('get', 'mod_dir', 'var', '')
- $_GET['adm_fl'] → getVar('get', 'adm_fl', 'bool', false)
- $_GET['lng_wh'] → getVar('get', 'lng_wh', 'var', '')
3. lang_save()
- $_POST['mod_dir'] → getVar('post', 'mod_dir', 'var', '')
- $_POST['lwh'] → getVar('post', 'lwh', 'var', '')
- $_POST['lcn'] → getVar('post', 'lcn[]', 'var') (bracket notation)
- $_POST['cnst'] → getVar('post', 'cnst[]', 'var')
- $_POST['lng'] → getVar('post', 'lng', 'var', [])
4. lang_conf_save()
- $_POST → getVar() for all inputs
- save_conf() → setConfigFile() (modern API)
- Compact array-based config structure
- Added void return type
Benefits:
• Consistent input filtering across module
• Type safety with modern PHP 8 patterns
• Bracket notation for arrays
• Secure config file handling
27.11.2025
Add: Comprehensive modernization rules documentation
Created MODERNISIERUNG_RULES.md with complete guidelines for:
1. getVar() Array Handling
- FILTER_REQUIRE_ARRAY → getVar('post', 'field[]', 'num')
- Bracket notation patterns
2. Compact Config-Save Functions
- Inline getVar() in $cont arrays
- Elvis operator for defaults
- Eliminate intermediate variables
3. Remove Redundant Code
- intval() checks when using getVar('num')
- stripslashes() (PHP 8+)
- array_map('intval') after filtered arrays
4. Modern PHP Patterns
- Typed function parameters
- setConfigFile() 4th parameter
- Inline processing
5. Migration Checklist
- Step-by-step modernization guide
- DO/DON'T rules
- Commit message templates
Purpose: Enable consistent modernization across different
code instances (work/home environments)
1. getVar() Array Handling
- FILTER_REQUIRE_ARRAY → getVar('post', 'field[]', 'num')
- Bracket notation patterns
2. Compact Config-Save Functions
- Inline getVar() in $cont arrays
- Elvis operator for defaults
- Eliminate intermediate variables
3. Remove Redundant Code
- intval() checks when using getVar('num')
- stripslashes() (PHP 8+)
- array_map('intval') after filtered arrays
4. Modern PHP Patterns
- Typed function parameters
- setConfigFile() 4th parameter
- Inline processing
5. Migration Checklist
- Step-by-step modernization guide
- DO/DON'T rules
- Commit message templates
Purpose: Enable consistent modernization across different
code instances (work/home environments)
Modernize: Core functions + Database module improvements
Core improvements:
• core.php: Modernize setArticleNumbers() with typed parameters
* func_get_args() → named parameters with types
* Improved SQL with prepared statements support
* Better category access control logic
• security.php: Fix config path
* config_users.php → users.php (consistent naming)
• config/users.php: Add modern users config file
Admin modules:
• database.php: Add new database() overview function
* SHOW TABLE STATUS with detailed metrics
* Exact row counts via COUNT(*)
* Size calculations (Data + Index + Free)
* Support for optimize/repair operations
• groups.php: Code formatting + setConfigFile() fix
* Multi-line if → one-liner (consistency)
* SQL arrays formatted inline
* setConfigFile() now receives $confu parameter
• core.php: Modernize setArticleNumbers() with typed parameters
* func_get_args() → named parameters with types
* Improved SQL with prepared statements support
* Better category access control logic
• security.php: Fix config path
* config_users.php → users.php (consistent naming)
• config/users.php: Add modern users config file
Admin modules:
• database.php: Add new database() overview function
* SHOW TABLE STATUS with detailed metrics
* Exact row counts via COUNT(*)
* Size calculations (Data + Index + Free)
* Support for optimize/repair operations
• groups.php: Code formatting + setConfigFile() fix
* Multi-line if → one-liner (consistency)
* SQL arrays formatted inline
* setConfigFile() now receives $confu parameter
Modernize: Replace FILTER_REQUIRE_ARRAY with getVar() bracket notation
• admins.php: 2 occurrences (admins_add, admins_save)
• comments.php: 1 occurrence (comm_del)
• blocks.php: 2 occurrences (blocks_add_save, blocks_change)
Changed pattern:
filter_input(INPUT_POST, 'field', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY) ?? []
→ getVar('post', 'field[]', 'num') ?: []
Simplified array processing:
is_array($arr) ? implode(',', array_map('intval', $arr)) : ''
→ $arr ? implode(',', $arr) : ''
(getVar with 'num' type already returns filtered integers)
Consistent with modern getVar() API across entire admin module
• comments.php: 1 occurrence (comm_del)
• blocks.php: 2 occurrences (blocks_add_save, blocks_change)
Changed pattern:
filter_input(INPUT_POST, 'field', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY) ?? []
→ getVar('post', 'field[]', 'num') ?: []
Simplified array processing:
is_array($arr) ? implode(',', array_map('intval', $arr)) : ''
→ $arr ? implode(',', $arr) : ''
(getVar with 'num' type already returns filtered integers)
Consistent with modern getVar() API across entire admin module
Modernize: sitemap_save() & users_save() - Compact inline pattern
• sitemap_save(): filter_input() → getVar('post', 'mod[]', 'num')
• users_save(): Restructured to compact inline style
* Eliminated 25 intermediate variables
* Removed redundant validation block
* getVar() calls directly in $cont array
* Elvis operator for defaults
* Inline processing (strtolower, strtr)
Reduces users_save() from 60+ lines to 33 lines
Consistent with modern getVar() bracket notation pattern
• users_save(): Restructured to compact inline style
* Eliminated 25 intermediate variables
* Removed redundant validation block
* getVar() calls directly in $cont array
* Elvis operator for defaults
* Inline processing (strtolower, strtr)
Reduces users_save() from 60+ lines to 33 lines
Consistent with modern getVar() bracket notation pattern
Optimize: users_save() Validation - Redundancies removed
Validationsblock simplified (Lines 586-601):
• Redundant intval() checks removed (getVar 'num' already returns int)
• Elvis-Operator (?:) instead of ternary operator with !intval()
• stripslashes() removed (PHP 8 compatible - Magic Quotes deprecated)
• Logical code grouping: String-Defaults, Numeric-Defaults, processed strings
• String-Interpolation instead of concatenation in Heredoc
Advantages:
✓ Reduced code complexity without behavior change
✓ Moderne PHP-Syntax (Elvis-Operator, String-Interpolation)
✓ Better readability with clear structure
✓ PHP 8+ compatible
• Redundant intval() checks removed (getVar 'num' already returns int)
• Elvis-Operator (?:) instead of ternary operator with !intval()
• stripslashes() removed (PHP 8 compatible - Magic Quotes deprecated)
• Logical code grouping: String-Defaults, Numeric-Defaults, processed strings
• String-Interpolation instead of concatenation in Heredoc
Advantages:
✓ Reduced code complexity without behavior change
✓ Moderne PHP-Syntax (Elvis-Operator, String-Interpolation)
✓ Better readability with clear structure
✓ PHP 8+ compatible
Security: Complete modernization users.php - CRITICAL SQL injection fixed
SICHERHEIT (KRITISCH!):
• ALLE SQL-Injection-Schwachstellen behoben
• All SQL queries → PDO Prepared Statements mit Parameter-Binding
• users_show(): Parametrisierte LIKE-Suche (:search, :group, :points)
• users_add(): PDO mit :id, :extra
• users_add_save(): Alle UPDATE/INSERT mit PDO (24 Parameter!)
• users_new(), users_null_save(): PDO mit :offset, :limit, :zero, :empty
• users_new_del(), users_del(): Neue separate Funktionen mit PDO
• $_POST → getVar() with security filters
MODERNIZATIONS:
• Copyright 2017 → 2026
• PHP 8 Type Hints for all functions (int, string, void)
• array() → [] (Short Array Syntax)
• tpl_eval()/tpl_warn() → setTemplateBasic()/setTemplateWarning()
• navi_gen() + func_get_args() → getAdminTabs() mit Parametern
• include() → require_once CONFIG_DIR
• save_conf() → setConfigFile()
• checkConfigFile() statt end_chmod()
CODE-STRUKTUR:
• Switch-Case bereinigt: Inline-Queries extrahiert
• users_null_save() als eigene Funktion (Line 329)
• users_new_del() als eigene Funktion (Line 441)
• users_del() als eigene Funktion (Line 450)
• Alle DELETE-Operationen jetzt mit PDO-Schutz
ZEILEN: 440 → 512 (+72)
• ALLE SQL-Injection-Schwachstellen behoben
• All SQL queries → PDO Prepared Statements mit Parameter-Binding
• users_show(): Parametrisierte LIKE-Suche (:search, :group, :points)
• users_add(): PDO mit :id, :extra
• users_add_save(): Alle UPDATE/INSERT mit PDO (24 Parameter!)
• users_new(), users_null_save(): PDO mit :offset, :limit, :zero, :empty
• users_new_del(), users_del(): Neue separate Funktionen mit PDO
• $_POST → getVar() with security filters
MODERNIZATIONS:
• Copyright 2017 → 2026
• PHP 8 Type Hints for all functions (int, string, void)
• array() → [] (Short Array Syntax)
• tpl_eval()/tpl_warn() → setTemplateBasic()/setTemplateWarning()
• navi_gen() + func_get_args() → getAdminTabs() mit Parametern
• include() → require_once CONFIG_DIR
• save_conf() → setConfigFile()
• checkConfigFile() statt end_chmod()
CODE-STRUKTUR:
• Switch-Case bereinigt: Inline-Queries extrahiert
• users_null_save() als eigene Funktion (Line 329)
• users_new_del() als eigene Funktion (Line 441)
• users_del() als eigene Funktion (Line 450)
• Alle DELETE-Operationen jetzt mit PDO-Schutz
ZEILEN: 440 → 512 (+72)
Refactor: Complete modernization groups.php
MODERNIZATIONS:
• Copyright 2018 → 2026
• PHP 8 Type Hints for all functions (int, string, void)
• array() → [] (Short Array Syntax)
• $_POST/$_GET/$_REQUEST → getVar() with security filters
• tpl_eval()/tpl_warn() → setTemplateBasic()/setTemplateWarning()
• navi_gen() → getAdminTabs()
• func_get_args() → named parameters
• Manual file operations → setConfigFile()
SQL SECURITY:
• All SQL queries → PDO Prepared Statements
• Parameter binding with :param placeholders
• SQL injection protection
FUNCTIONAL CHANGES:
• groups_del() extracted as separate function
• Error handling in groups_save() corrected
• Code formatting standardized
• Copyright 2018 → 2026
• PHP 8 Type Hints for all functions (int, string, void)
• array() → [] (Short Array Syntax)
• $_POST/$_GET/$_REQUEST → getVar() with security filters
• tpl_eval()/tpl_warn() → setTemplateBasic()/setTemplateWarning()
• navi_gen() → getAdminTabs()
• func_get_args() → named parameters
• Manual file operations → setConfigFile()
SQL SECURITY:
• All SQL queries → PDO Prepared Statements
• Parameter binding with :param placeholders
• SQL injection protection
FUNCTIONAL CHANGES:
• groups_del() extracted as separate function
• Error handling in groups_save() corrected
• Code formatting standardized
Refactor: Code-Bereinigung und Modernisierung
Core-Änderungen (core/core.php):
• fields_in() und fields_out(): include → require_once
• Hardcoded Pfad → CONFIG_DIR Konstante
• config_fields.php → fields.php (korrekte Datei)
Changelog-Modul (admin/modules/changelog.php):
• Removed unnecessary default case in switch statement
• fields_in() und fields_out(): include → require_once
• Hardcoded Pfad → CONFIG_DIR Konstante
• config_fields.php → fields.php (korrekte Datei)
Changelog-Modul (admin/modules/changelog.php):
• Removed unnecessary default case in switch statement
Optimize: getVar() mit Bracket-Notation und Code-Optimierung
Core-Änderungen (core/security.php):
• Bracket-Notation implementiert: field[0] für Index, field[] für ganzes Array
• Parameters reduced from 5 to 4 (index parameter removed)
• Code duplication removed: $filters Array only defined once
• Variablen auf snake_case umgestellt: $array_index, $is_array_all
• Array-Element-Filterung added für bessere Sicherheit
Module aktualisiert:
• admin/modules/fields.php: Verwendet Bracket-Notation field1X[i]
• admin/modules/comments.php: Verwendet Bracket-Notation id[] mit num-Filter
Advantages:
• Sauberere API without zusätzlichen Index-Parameter
• ~26 Zeilen weniger Code durch Entfernung von Duplikaten
• Konsistente Namenskonvention (snake_case)
• Sicherer durch Element-Filterung bei Arrays
• Bracket-Notation implementiert: field[0] für Index, field[] für ganzes Array
• Parameters reduced from 5 to 4 (index parameter removed)
• Code duplication removed: $filters Array only defined once
• Variablen auf snake_case umgestellt: $array_index, $is_array_all
• Array-Element-Filterung added für bessere Sicherheit
Module aktualisiert:
• admin/modules/fields.php: Verwendet Bracket-Notation field1X[i]
• admin/modules/comments.php: Verwendet Bracket-Notation id[] mit num-Filter
Advantages:
• Sauberere API without zusätzlichen Index-Parameter
• ~26 Zeilen weniger Code durch Entfernung von Duplikaten
• Konsistente Namenskonvention (snake_case)
• Sicherer durch Element-Filterung bei Arrays
