initial WIP for php8; bump php version requirement to 7.0

.gitignore

@@ -1,4 +1,5 @@
 Thumbs.db
+/.app_is_ready
 /deploy.exclude
 /deploy.sh
 /messages.mo

backend.php

@@ -3,7 +3,9 @@
 		get_include_path());
 
 	$op = $_REQUEST["op"];
-	@$method = $_REQUEST['subop'] ? $_REQUEST['subop'] : $_REQUEST["method"];
+	$method = !empty($_REQUEST['subop']) ?
+		$_REQUEST['subop'] :
+		$_REQUEST["method"] ?? false;
 
 	if (!$method)
 		$method = 'index';
@@ -19,7 +21,7 @@
 		return;
 	}
 
-	@$csrf_token = $_POST['csrf_token'];
+	$csrf_token = $_POST['csrf_token'] ?? "";
 
 	require_once "autoload.php";
 	require_once "sessions.php";

classes/api.php

@@ -718,8 +718,8 @@ class API extends Handler {
 						$label_cache = json_decode($label_cache, true);
 
 						if ($label_cache) {
-							if ($label_cache["no-labels"] == 1)
-								$labels = array();
+							if (($label_cache["no-labels"] ?? 0) == 1)
+								$labels = [];
 							else
 								$labels = $label_cache;
 						}
@@ -762,7 +762,7 @@ class API extends Handler {
 					}
 
 					// unify label output to ease parsing
-					if ($labels["no-labels"] == 1) $labels = array();
+					if (($labels["no-labels"] ?? 0) == 1) $labels = [];
 
 					$headline_row["labels"] = $labels;
 

classes/article.php

@@ -687,7 +687,7 @@ class Article extends Handler_Protected {
 			if ($label_cache) {
 				$tmp = json_decode($label_cache, true);
 
-				if (!$tmp || $tmp["no-labels"] == 1)
+				if (empty($tmp) || ($tmp["no-labels"] ?? 0) == 1)
 					return $rv;
 				else
 					return $tmp;

classes/db/prefs.php

@@ -8,7 +8,7 @@ class Db_Prefs {
 		$this->pdo = Db::pdo();
 		$this->cache = array();
 
-		if ($_SESSION["uid"]) $this->cache();
+		if (!empty($_SESSION["uid"])) $this->cache();
 	}
 
 	private function __clone() {
@@ -24,7 +24,7 @@ class Db_Prefs {
 
 	function cache() {
 		$user_id = $_SESSION["uid"];
-		@$profile = $_SESSION["profile"];
+		$profile = $_SESSION["profile"] ?? false;
 
 		if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null;
 
@@ -55,12 +55,12 @@ class Db_Prefs {
 
 		if (!$user_id) {
 			$user_id = $_SESSION["uid"];
-			@$profile = $_SESSION["profile"];
+			$profile = $_SESSION["profile"] ?? false;
 		} else {
 			$profile = false;
 		}
 
-		if ($user_id == $_SESSION['uid'] && isset($this->cache[$pref_name])) {
+		if ($user_id == ($_SESSION['uid'] ?? false) && isset($this->cache[$pref_name])) {
 			$tuple = $this->cache[$pref_name];
 			return $this->convert($tuple["value"], $tuple["type"]);
 		}
@@ -83,7 +83,7 @@ class Db_Prefs {
 			$value = $row["value"];
 			$type_name = $row["type_name"];
 
-			if ($user_id == $_SESSION["uid"]) {
+			if ($user_id == ($_SESSION["uid"] ?? false)) {
 				$this->cache[$pref_name]["type"] = $type_name;
 				$this->cache[$pref_name]["value"] = $value;
 			}
@@ -113,7 +113,7 @@ class Db_Prefs {
 
 		if (!$user_id) {
 			$user_id = $_SESSION["uid"];
-			@$profile = $_SESSION["profile"];
+			@$profile = $_SESSION["profile"] ?? false;
 		} else {
 			$profile = null;
 		}

classes/feeds.php

@@ -20,7 +20,7 @@ class Feeds extends Handler_Protected {
 			$feed_id, $is_cat, $search,
 			$error, $feed_last_updated) {
 
-		if ($is_cat) $cat_q = "&is_cat=$is_cat";
+		$cat_q = $is_cat ? "&is_cat=$is_cat" : "";
 
 		if ($search) {
 			$search_q = "&q=$search";
@@ -31,7 +31,7 @@ class Feeds extends Handler_Protected {
 		$reply = "";
 
 		$rss_link = htmlspecialchars(get_self_url_prefix() .
-			"/public.php?op=rss&id=$feed_id$cat_q$search_q");
+			"/public.php?op=rss&id=${feed_id}${cat_q}${search_q}");
 
 		$reply .= "<span class='left'>";
 
@@ -147,8 +147,8 @@ class Feeds extends Handler_Protected {
 			}
 		}
 
-		@$search = $_REQUEST["query"];
-		@$search_language = $_REQUEST["search_language"]; // PGSQL only
+		$search = $_REQUEST["query"] ?? "";
+		$search_language = $_REQUEST["search_language"] ?? ""; // PGSQL only
 
 		if ($search) {
 			$disable_cache = true;
@@ -274,7 +274,7 @@ class Feeds extends Handler_Protected {
 					$label_cache = json_decode($label_cache, true);
 
 					if ($label_cache) {
-						if ($label_cache["no-labels"] == 1)
+						if ($label_cache["no-labels"] ?? false == 1)
 							$labels = array();
 						else
 							$labels = $label_cache;
@@ -295,7 +295,7 @@ class Feeds extends Handler_Protected {
 
 				$this->mark_timestamp("   labels");
 
-				if (!$line["feed_title"]) $line["feed_title"] = "";
+				$line["feed_title"] = $line["feed_title"] ?? "";
 
 				$line["buttons_left"] = "";
 				foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_LEFT_BUTTON) as $p) {
@@ -374,7 +374,7 @@ class Feeds extends Handler_Protected {
 				}
 
 			    //setting feed headline background color, needs to change text color based on dark/light
-				$fav_color = $line['favicon_avg_color'];
+				$fav_color = $line['favicon_avg_color'] ?? false;
 
 				$this->mark_timestamp("   pre-color");
 
@@ -483,14 +483,14 @@ class Feeds extends Handler_Protected {
 		$reply = array();
 
 		$feed = $_REQUEST["feed"];
-		$method = $_REQUEST["m"];
+		$method = $_REQUEST["m"] ?? "";
 		$view_mode = $_REQUEST["view_mode"];
 		$limit = 30;
-		@$cat_view = $_REQUEST["cat"] == "true";
-		@$next_unread_feed = $_REQUEST["nuf"];
-		@$offset = $_REQUEST["skip"];
+		$cat_view = $_REQUEST["cat"] == "true";
+		$next_unread_feed = $_REQUEST["nuf"] ?? 0;
+		$offset = $_REQUEST["skip"] ?? 0;
 		$order_by = $_REQUEST["order_by"];
-		$check_first_id = $_REQUEST["fid"];
+		$check_first_id = $_REQUEST["fid"] ?? 0;
 
 		if (is_numeric($feed)) $feed = (int) $feed;
 
@@ -564,7 +564,7 @@ class Feeds extends Handler_Protected {
 		else
 			$reply['headlines']['id'] = $next_unread_feed;
 
-		$reply['headlines']['is_cat'] = (bool) $cat_view;
+		$reply['headlines']['is_cat'] = $cat_view;
 
 		$reply['headlines-info'] = ["count" => (int) $headlines_count,
             						"disable_cache" => (bool) $disable_cache];
@@ -1794,7 +1794,7 @@ class Feeds extends Handler_Protected {
 						$sanity_interval_qpart
 						$first_id_query_strategy_part ORDER BY $order_by LIMIT 1";
 
-				if ($_REQUEST["debug"]) {
+				if (!empty($_REQUEST["debug"])) {
 					print "\n*** FIRST ID QUERY ***\n$query\n";
 				}
 
@@ -1846,7 +1846,7 @@ class Feeds extends Handler_Protected {
 
 			//if ($_REQUEST["debug"]) print $query;
 
-			if ($_REQUEST["debug"]) {
+			if (!empty($_REQUEST["debug"])) {
 				print "\n*** HEADLINES QUERY ***\n$query\n";
 			}
 
@@ -1902,7 +1902,7 @@ class Feeds extends Handler_Protected {
 
 			//if ($_REQUEST["debug"]) print $query;
 
-			if ($_REQUEST["debug"]) {
+			if (!empty($_REQUEST["debug"])) {
 				print "\n*** TAGS QUERY ***\n$query\n";
 			}
 
@@ -2370,10 +2370,9 @@ class Feeds extends Handler_Protected {
 
 	function mark_timestamp($label) {
 
-		if (!$_REQUEST['timestamps'])
+		if (empty($_REQUEST['timestamps']))
 			return;
 
-
 		if (!$this->viewfeed_timestamp) $this->viewfeed_timestamp = hrtime(true);
 		if (!$this->viewfeed_timestamp_last) $this->viewfeed_timestamp_last = hrtime(true);
 

classes/handler/public.php

@@ -731,7 +731,7 @@ class Handler_Public extends Handler {
 
 		if ($_SESSION["uid"]) {
 
-			$feed_url = trim(clean($_REQUEST["feed_url"]));
+			$feed_url = clean($_REQUEST["feed_url"]);
 			$csrf_token = clean($_POST["csrf_token"]);
 
 			header('Content-Type: text/html; charset=utf-8');

classes/logger/sql.php

@@ -10,7 +10,7 @@ class Logger_SQL {
 
 		if ($this->pdo && get_schema_version() > 117) {
 
-			$owner_uid = $_SESSION["uid"] ? $_SESSION["uid"] : null;
+			$owner_uid = $_SESSION["uid"] ?? null;
 
 			// limit context length, DOMDocument dumps entire XML in here sometimes, which may be huge
 			$context = mb_substr($context, 0, 8192);

classes/pluginhost.php

@@ -128,7 +128,7 @@ class PluginHost {
 	}
 
 	function get_plugin($name) {
-		return $this->plugins[strtolower($name)];
+		return $this->plugins[strtolower($name)] ?? null;
 	}
 
 	function run_hooks($type, $method, $args) {
@@ -140,11 +140,11 @@ class PluginHost {
 	function add_hook($type, $sender, $priority = 50) {
 		$priority = (int) $priority;
 
-		if (!is_array($this->hooks[$type])) {
+		if (empty($this->hooks[$type])) {
 			$this->hooks[$type] = [];
 		}
 
-		if (!is_array($this->hooks[$type][$priority])) {
+		if (empty($this->hooks[$type][$priority])) {
 			$this->hooks[$type][$priority] = [];
 		}
 
@@ -277,7 +277,7 @@ class PluginHost {
 	function is_system($plugin) {
 		$about = $plugin->about();
 
-		return @$about[3];
+		return $about[3] ?? false;
 	}
 
 	// only system plugins are allowed to modify routing
@@ -307,7 +307,7 @@ class PluginHost {
 		$handler = str_replace("-", "_", strtolower($handler));
 		$method = strtolower($method);
 
-		if (is_array($this->handlers[$handler])) {
+		if (isset($this->handlers[$handler])) {
 			if (isset($this->handlers[$handler]["*"])) {
 				return $this->handlers[$handler]["*"];
 			} else {
@@ -429,9 +429,7 @@ class PluginHost {
 	function get_all($sender) {
 		$idx = get_class($sender);
 
-		$data = $this->storage[$idx];
-
-		return $data ? $data : [];
+		return $this->storage[$idx] ?? [];
 	}
 
 	function clear_data($sender) {
@@ -461,7 +459,7 @@ class PluginHost {
 	}
 
 	function get_feeds($cat_id) {
-		return $this->feeds[$cat_id];
+		return $this->feeds[$cat_id] ?? [];
 	}
 
 	// convert feed_id (e.g. -129) to pfeed_id first

classes/pref/feeds.php

@@ -42,14 +42,14 @@ class Pref_Feeds extends Handler_Protected {
 
 	private function get_category_items($cat_id) {
 
-		if (clean($_REQUEST['mode']) != 2)
-			$search = $_SESSION["prefs_feed_search"];
+		if (clean($_REQUEST['mode'] ?? 0) != 2)
+			$search = $_SESSION["prefs_feed_search"] ?? "";
 		else
 			$search = "";
 
 		// first one is set by API
-		$show_empty_cats = clean($_REQUEST['force_show_empty']) ||
-			(clean($_REQUEST['mode']) != 2 && !$search);
+		$show_empty_cats = clean($_REQUEST['force_show_empty'] ?? false) ||
+			(clean($_REQUEST['mode'] ?? 0) != 2 && !$search);
 
 		$items = array();
 
@@ -117,8 +117,8 @@ class Pref_Feeds extends Handler_Protected {
 
 	function makefeedtree() {
 
-		if (clean($_REQUEST['mode']) != 2)
-			$search = $_SESSION["prefs_feed_search"];
+		if (clean($_REQUEST['mode'] ?? 0) != 2)
+			$search = $_SESSION["prefs_feed_search"] ?? "";
 		else
 			$search = "";
 
@@ -131,7 +131,7 @@ class Pref_Feeds extends Handler_Protected {
 
 		$enable_cats = get_pref('ENABLE_FEED_CATS');
 
-		if (clean($_REQUEST['mode']) == 2) {
+		if (clean($_REQUEST['mode'] ?? 0) == 2) {
 
 			if ($enable_cats) {
 				$cat = $this->feedlist_init_cat(-1);
@@ -208,8 +208,8 @@ class Pref_Feeds extends Handler_Protected {
 		}
 
 		if ($enable_cats) {
-			$show_empty_cats = clean($_REQUEST['force_show_empty']) ||
-				(clean($_REQUEST['mode']) != 2 && !$search);
+			$show_empty_cats = clean($_REQUEST['force_show_empty'] ?? false) ||
+				(clean($_REQUEST['mode'] ?? 0) != 2 && !$search);
 
 			$sth = $this->pdo->prepare("SELECT id, title FROM ttrss_feed_categories
 				WHERE owner_uid = ? AND parent_cat IS NULL ORDER BY order_id, title");
@@ -320,7 +320,7 @@ class Pref_Feeds extends Handler_Protected {
 		$fl['identifier'] = 'id';
 		$fl['label'] = 'name';
 
-		if (clean($_REQUEST['mode']) != 2) {
+		if (clean($_REQUEST['mode'] ?? 0) != 2) {
 			$fl['items'] = array($root);
 		} else {
 			$fl['items'] = $root['items'];
@@ -551,11 +551,9 @@ class Pref_Feeds extends Handler_Protected {
 				regExp='^(http|https)://.*' style='width : 300px'
 				name='feed_url' value=\"$feed_url\">";
 
-			$last_error = $row["last_error"];
-
-			if ($last_error) {
+			if (!empty($row["last_error"])) {
 				print "&nbsp;<i class=\"material-icons\"
-					title=\"".htmlspecialchars($last_error)."\">error</i>";
+					title=\"".htmlspecialchars($row["last_error"])."\">error</i>";
 			}
 
 			print "</fieldset>";
@@ -996,16 +994,16 @@ class Pref_Feeds extends Handler_Protected {
 
 	function editsaveops($batch) {
 
-		$feed_title = trim(clean($_POST["title"]));
-		$feed_url = trim(clean($_POST["feed_url"]));
-		$site_url = trim(clean($_POST["site_url"]));
+		$feed_title = clean($_POST["title"]);
+		$feed_url = clean($_POST["feed_url"]);
+		$site_url = clean($_POST["site_url"]);
 		$upd_intl = (int) clean($_POST["update_interval"]);
 		$purge_intl = (int) clean($_POST["purge_interval"]);
 		$feed_id = (int) clean($_POST["id"]); /* editSave */
 		$feed_ids = explode(",", clean($_POST["ids"])); /* batchEditSave */
 		$cat_id = (int) clean($_POST["cat_id"]);
-		$auth_login = trim(clean($_POST["auth_login"]));
-		$auth_pass = trim(clean($_POST["auth_pass"]));
+		$auth_login = clean($_POST["auth_login"]);
+		$auth_pass = clean($_POST["auth_pass"]);
 		$private = checkbox_to_sql_bool(clean($_POST["private"]));
 		$include_in_digest = checkbox_to_sql_bool(
 			clean($_POST["include_in_digest"]));
@@ -1019,7 +1017,7 @@ class Pref_Feeds extends Handler_Protected {
 		$mark_unread_on_update = checkbox_to_sql_bool(
 			clean($_POST["mark_unread_on_update"]));
 
-		$feed_language = trim(clean($_POST["feed_language"]));
+		$feed_language = clean($_POST["feed_language"]);
 
 		if (!$batch) {
 			if (clean($_POST["need_auth"]) !== 'on') {
@@ -1193,7 +1191,7 @@ class Pref_Feeds extends Handler_Protected {
 	}
 
 	function addCat() {
-		$feed_cat = trim(clean($_REQUEST["cat"]));
+		$feed_cat = clean($_REQUEST["cat"]);
 
 		Feeds::add_feed_category($feed_cat);
 	}
@@ -1228,12 +1226,12 @@ class Pref_Feeds extends Handler_Protected {
 				onclick=\"dijit.byId('feedTree').showInactiveFeeds()\">" .
 				__("Inactive feeds") . "</button>";
 
-		$feed_search = clean($_REQUEST["search"]);
+		$feed_search = clean($_REQUEST["search"] ?? "");
 
 		if (array_key_exists("search", $_REQUEST)) {
 			$_SESSION["prefs_feed_search"] = $feed_search;
 		} else {
-			$feed_search = $_SESSION["prefs_feed_search"];
+			$feed_search = $_SESSION["prefs_feed_search"] ?? "";
 		}
 
 		print '<div dojoType="dijit.layout.BorderContainer" gutters="false">';
@@ -1689,7 +1687,7 @@ class Pref_Feeds extends Handler_Protected {
 		$cat_id = clean($_REQUEST['cat']);
 		$feeds = explode("\n", clean($_REQUEST['feeds']));
 		$login = clean($_REQUEST['login']);
-		$pass = trim(clean($_REQUEST['pass']));
+		$pass = clean($_REQUEST['pass']);
 
 		$csth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
 						WHERE feed_url = ? AND owner_uid = ?");
@@ -1756,8 +1754,8 @@ class Pref_Feeds extends Handler_Protected {
 	private function calculate_children_count($cat) {
 		$c = 0;
 
-		foreach ($cat['items'] as $child) {
-			if ($child['type'] == 'category') {
+		foreach ($cat['items'] ?? [] as $child) {
+			if ($child['type'] ?? '' == 'category') {
 				$c += $this->calculate_children_count($child);
 			} else {
 				$c += 1;

classes/pref/filters.php

@@ -599,9 +599,9 @@ class Pref_Filters extends Handler_Protected {
 
 	function editSave() {
 		$filter_id = clean($_REQUEST["id"]);
-		$enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"]));
+		$enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"] ?? false));
 		$match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
-		$inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
+		$inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"] ?? false));
 		$title = clean($_REQUEST["title"]);
 
 		$this->pdo->beginTransaction();
@@ -638,8 +638,8 @@ class Pref_Filters extends Handler_Protected {
 		$sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_actions WHERE filter_id = ?");
 		$sth->execute([$filter_id]);
 
-		if (!is_array(clean($_REQUEST["rule"]))) $_REQUEST["rule"] = [];
-		if (!is_array(clean($_REQUEST["action"]))) $_REQUEST["action"] = [];
+		if (!is_array(clean($_REQUEST["rule"] ?? ""))) $_REQUEST["rule"] = [];
+		if (!is_array(clean($_REQUEST["action"] ?? ""))) $_REQUEST["action"] = [];
 
 		if ($filter_id) {
 			/* create rules */

classes/pref/labels.php

@@ -166,7 +166,7 @@ class Pref_Labels extends Handler_Protected {
 	function save() {
 
 		$id = clean($_REQUEST["id"]);
-		$caption = trim(clean($_REQUEST["caption"]));
+		$caption = clean($_REQUEST["caption"]);
 
 		$this->pdo->beginTransaction();
 

classes/pref/prefs.php

@@ -321,7 +321,7 @@ class Pref_Prefs extends Handler_Protected {
 		print "<input dojoType='dijit.form.ValidationTextBox' name='email' required='1' value='$email'>";
 		print "</fieldset>";
 
-		if (!SINGLE_USER_MODE && !$_SESSION["hide_hello"]) {
+		if (!SINGLE_USER_MODE && !empty($_SESSION["hide_hello"])) {
 
 			$access_level = $row["access_level"];
 			print "<fieldset>";
@@ -595,7 +595,7 @@ class Pref_Prefs extends Handler_Protected {
 
 		print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">';
 
-		$profile = $_SESSION["profile"];
+		$profile = $_SESSION["profile"] ?? null;
 
 		if ($profile) {
 			print_notice(__("Some preferences are only available in default profile."));
@@ -916,7 +916,7 @@ class Pref_Prefs extends Handler_Protected {
 		foreach ($tmppluginhost->get_plugins() as $name => $plugin) {
 			$about = $plugin->about();
 
-			if ($about[3]) {
+			if ($about[3] ?? false) {
 				if (in_array($name, $system_enabled)) {
 					$checked = "checked='1'";
 				} else {
@@ -930,7 +930,7 @@ class Pref_Prefs extends Handler_Protected {
 							dojoType='dijit.form.CheckBox' $checked type='checkbox'>
 						".htmlspecialchars($about[1]). "</label>";
 
-					if (@$about[4]) {
+					if ($about[4] ?? false) {
 						print "<button dojoType='dijit.form.Button' class='alt-info'
 							onclick='window.open(\"".htmlspecialchars($about[4])."\")'>
 								<i class='material-icons'>open_in_new</i> ".__("More info...")."</button>";
@@ -950,7 +950,7 @@ class Pref_Prefs extends Handler_Protected {
 		foreach ($tmppluginhost->get_plugins() as $name => $plugin) {
 			$about = $plugin->about();
 
-			if (!$about[3]) {
+			if ($about[3] ?? false) {
 
 				$checked = "";
 				$disabled = "";
@@ -976,7 +976,7 @@ class Pref_Prefs extends Handler_Protected {
 					}
 				}
 
-				if (@$about[4]) {
+				if ($about[4] ?? false) {
 					print " <button dojoType='dijit.form.Button' class='alt-info'
 							onclick='window.open(\"".htmlspecialchars($about[4])."\")'>
 								<i class='material-icons'>open_in_new</i> ".__("More info...")."</button>";

classes/pref/users.php

@@ -191,10 +191,10 @@ class Pref_Users extends Handler_Protected {
 		}
 
 		function editSave() {
-			$login = trim(clean($_REQUEST["login"]));
+			$login = clean($_REQUEST["login"]);
 			$uid = clean($_REQUEST["id"]);
 			$access_level = (int) clean($_REQUEST["access_level"]);
-			$email = trim(clean($_REQUEST["email"]));
+			$email = clean($_REQUEST["email"]);
 			$password = clean($_REQUEST["password"]);
 
 			if ($password) {
@@ -230,7 +230,7 @@ class Pref_Users extends Handler_Protected {
 		}
 
 		function add() {
-			$login = trim(clean($_REQUEST["login"]));
+			$login = clean($_REQUEST["login"]);
 			$tmp_user_pwd = make_password();
 			$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 			$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
@@ -315,7 +315,7 @@ class Pref_Users extends Handler_Protected {
 			print "<div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='top'>";
 			print "<div dojoType='fox.Toolbar'>";
 
-			$user_search = trim(clean($_REQUEST["search"]));
+			$user_search = clean($_REQUEST["search"] ?? "");
 
 			if (array_key_exists("search", $_REQUEST)) {
 				$_SESSION["prefs_user_search"] = $user_search;
@@ -330,7 +330,7 @@ class Pref_Users extends Handler_Protected {
 					__('Search')."</button>
 				</div>";
 
-			$sort = clean($_REQUEST["sort"]);
+			$sort = clean($_REQUEST["sort"] ?? "");
 
 			if (!$sort || $sort == "undefined") {
 				$sort = "login";

classes/rpc.php

@@ -15,7 +15,7 @@ class RPC extends Handler_Protected {
 	}
 
 	function remprofiles() {
-		$ids = explode(",", trim(clean($_REQUEST["ids"])));
+		$ids = explode(",", clean($_REQUEST["ids"]));
 
 		foreach ($ids as $id) {
 			if ($_SESSION["profile"] != $id) {
@@ -28,7 +28,7 @@ class RPC extends Handler_Protected {
 
 	// Silent
 	function addprofile() {
-		$title = trim(clean($_REQUEST["title"]));
+		$title = clean($_REQUEST["title"]);
 
 		if ($title) {
 			$this->pdo->beginTransaction();
@@ -63,7 +63,7 @@ class RPC extends Handler_Protected {
 
 	function saveprofile() {
 		$id = clean($_REQUEST["id"]);
-		$title = trim(clean($_REQUEST["value"]));
+		$title = clean($_REQUEST["value"]);
 
 		if ($id == 0) {
 			print __("Default profile");
@@ -85,7 +85,7 @@ class RPC extends Handler_Protected {
 		$cat = clean($_REQUEST['cat']);
 		$need_auth = isset($_REQUEST['need_auth']);
 		$login = $need_auth ? clean($_REQUEST['login']) : '';
-		$pass = $need_auth ? trim(clean($_REQUEST['pass'])) : '';
+		$pass = $need_auth ? clean($_REQUEST['pass']) : '';
 
 		$rc = Feeds::subscribe_to_feed($feed, $cat, $login, $pass);
 
@@ -546,7 +546,7 @@ class RPC extends Handler_Protected {
 
 			$data['daemon_is_running'] = (int) file_is_locked("update_daemon.lock");
 
-			if (time() - $_SESSION["daemon_stamp_check"] > 30) {
+			if (time() - ($_SESSION["daemon_stamp_check"] ?? 0) > 30) {
 
 				$stamp = (int) @file_get_contents(LOCK_DIRECTORY . "/update_daemon.stamp");
 

classes/rssutils.php

@@ -10,7 +10,8 @@ class RSSUtils {
 				continue;
 
 			if ($k != "feed" && isset($v)) {
-				$x = strip_tags(is_array($v) ? implode(",", $v) : $v);
+				$x = strip_tags(
+					is_array($v) ? implode(",", array_keys($v)) : $v);
 
 				$tmp .= sha1("$k:" . sha1($x));
 			}

classes/urlhelper.php

@@ -22,7 +22,7 @@ class UrlHelper {
 
 		$rel_parts = parse_url($rel_url);
 
-		if ($rel_parts['host'] && $rel_parts['scheme']) {
+		if (!empty($rel_parts['host']) && !empty($rel_parts['scheme'])) {
 			return self::validate($rel_url);
 		} else if (strpos($rel_url, "//") === 0) {
 			# protocol-relative URL (rare but they exist)
@@ -61,7 +61,7 @@ class UrlHelper {
 
 		// this isn't really necessary because filter_var(... FILTER_VALIDATE_URL) requires host and scheme
 		// as per https://php.watch/versions/7.3/filter-var-flag-deprecation but it might save time
-		if (!$tokens['host'])
+		if (empty($tokens['host']))
 			return false;
 
 		if (!in_array(strtolower($tokens['scheme']), ['http', 'https']))
@@ -82,7 +82,7 @@ class UrlHelper {
 		// (used for validation only, we actually request the original URL, in case of urlencode breaking it)
 		$tokens_filter_var = $tokens;
 
-		if ($tokens['path']) {
+		if ($tokens['path'] ?? false) {
 			$tokens_filter_var['path'] = implode("/",
 										array_map("rawurlencode",
 											array_map("rawurldecode",
@@ -96,7 +96,7 @@ class UrlHelper {
 			return false;
 
 		if ($extended_filtering) {
-			if (!in_array($tokens['port'], [80, 443, '']))
+			if (!in_array($tokens['port'] ?? '', [80, 443, '']))
 				return false;
 
 			if (strtolower($tokens['host']) == 'localhost' || $tokens['host'] == '::1' || strpos($tokens['host'], '127.') === 0)
@@ -166,7 +166,6 @@ class UrlHelper {
 		global $fetch_effective_url;
 		global $fetch_effective_ip_addr;
 		global $fetch_curl_used;
-		global $fetch_domain_hits;
 
 		$fetch_last_error = false;
 		$fetch_last_error_code = -1;
@@ -177,9 +176,6 @@ class UrlHelper {
 		$fetch_effective_url = "";
 		$fetch_effective_ip_addr = "";
 
-		if (!is_array($fetch_domain_hits))
-			$fetch_domain_hits = [];
-
 		if (!is_array($options)) {
 
 			// falling back on compatibility shim
@@ -235,13 +231,6 @@ class UrlHelper {
 			return false;
 		}
 
-		$fetch_domain_hits[$url_host] += 1;
-
-		/*if ($fetch_domain_hits[$url_host] > MAX_FETCH_REQUESTS_PER_HOST) {
-			user_error("Exceeded fetch request quota for $url_host: " . $fetch_domain_hits[$url_host], E_USER_WARNING);
-			#return false;
-		}*/
-
 		if (!defined('NO_CURL') && function_exists('curl_init') && !ini_get("open_basedir")) {
 
 			$fetch_curl_used = true;

classes/userhelper.php

@@ -75,7 +75,7 @@ class UserHelper {
 
 		if (!$pluginhost) $pluginhost = PluginHost::getInstance();
 
-		if ($owner_uid && SCHEMA_VERSION >= 100 && !$_SESSION["safe_mode"]) {
+		if ($owner_uid && SCHEMA_VERSION >= 100 && empty($_SESSION["safe_mode"])) {
 			$plugins = get_pref("_ENABLED_PLUGINS", $owner_uid);
 
 			$pluginhost->load($plugins, PluginHost::KIND_USER, $owner_uid);

errors.php

@@ -44,7 +44,7 @@
 		return $ERRORS;
 	}
 
-	if ($_REQUEST['mode'] == 'js') {
+	if ($_REQUEST['mode'] ?? "" == 'js') {
 		header("Content-Type: text/javascript; charset=UTF-8");
 
 		print "var ERRORS = [];\n";

include/errorhandler.php

@@ -10,10 +10,12 @@ function format_backtrace($trace) {
 
 				if (is_array($e["args"])) {
 					foreach ($e["args"] as $a) {
-						if (!is_object($a)) {
-							array_push($fmt_args, $a);
-						} else {
+						if (is_object($a)) {
 							array_push($fmt_args, "[" . get_class($a) . "]");
+						} else if (is_array($a)) {
+							array_push($fmt_args, "[" . truncate_string(json_encode($a), 128, "...")) . "]";
+						} else {
+							array_push($fmt_args, $a);
 						}
 					}
 				}
@@ -21,7 +23,11 @@ function format_backtrace($trace) {
 				$filename = str_replace(dirname(__DIR__) . "/", "", $e["file"]);
 
 				$rv .= sprintf("%d. %s(%s): %s(%s)\n",
-					$idx, $filename, $e["line"], $e["function"], implode(", ", $fmt_args));
+					$idx,
+					$filename,
+					$e["line"],
+					$e["function"],
+					implode(", ", $fmt_args));
 
 				$idx++;
 			}

include/functions.php

@@ -138,7 +138,11 @@
 	function startup_gettext() {
 
 		# Get locale from Accept-Language header
-		$lang = al2gt(array_keys(get_translations()), "text/html");
+		if (version_compare(PHP_VERSION, '8.0.0', '<')) {
+			$lang = al2gt(array_keys(get_translations()), "text/html");
+		} else {
+			$lang = ""; // FIXME: do something with accept-to-gettext.php
+		}
 
 		if (defined('_TRANSLATION_OVERRIDE_DEFAULT')) {
 			$lang = _TRANSLATION_OVERRIDE_DEFAULT;
@@ -222,13 +226,13 @@
 	/* end compat shims */
 
 	function get_ssl_certificate_id() {
-		if ($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]) {
+		if ($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] ?? false) {
 			return sha1($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] .
 				$_SERVER["REDIRECT_SSL_CLIENT_V_START"] .
 				$_SERVER["REDIRECT_SSL_CLIENT_V_END"] .
 				$_SERVER["REDIRECT_SSL_CLIENT_S_DN"]);
 		}
-		if ($_SERVER["SSL_CLIENT_M_SERIAL"]) {
+		if ($_SERVER["SSL_CLIENT_M_SERIAL"] ?? false) {
 			return sha1($_SERVER["SSL_CLIENT_M_SERIAL"] .
 				$_SERVER["SSL_CLIENT_V_START"] .
 				$_SERVER["SSL_CLIENT_V_END"] .
@@ -240,11 +244,11 @@
 	// this is used for user http parameters unless HTML code is actually needed
 	function clean($param) {
 		if (is_array($param)) {
-			return array_map("strip_tags", $param);
+			return trim(array_map("strip_tags", $param));
 		} else if (is_string($param)) {
-			return strip_tags($param);
+			return trim(strip_tags($param));
 		} else {
-			return $param;
+			return trim($param);
 		}
 	}
 
@@ -407,7 +411,8 @@
 	}
 
 	function is_server_https() {
-		return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';
+		return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) ||
+			(!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https');
 	}
 
 	function is_prefix_https() {
@@ -577,7 +582,7 @@
 		if (is_array($ttrss_version) && isset($ttrss_version['version'])) {
 			$git_commit = $ttrss_version['commit'];
 			$git_timestamp = $ttrss_version['timestamp'];
-			$last_error = $ttrss_version['last_error'];
+			$last_error = $ttrss_version['last_error'] ?? "";
 
 			return $ttrss_version['version'];
 		} else {

include/sanity_check.php

@@ -70,8 +70,8 @@
 				array_push($errors, "Please don't run this script as root.");
 			}
 
-			if (version_compare(PHP_VERSION, '5.6.0', '<')) {
-				array_push($errors, "PHP version 5.6.0 or newer required. You're using " . PHP_VERSION . ".");
+			if (version_compare(PHP_VERSION, '7.0.0', '<')) {
+				array_push($errors, "PHP version 7.0.0 or newer required. You're using " . PHP_VERSION . ".");
 			}
 
 			if (!class_exists("UConverter")) {
@@ -125,14 +125,14 @@
 			if (SELF_URL_PATH == "http://example.org/tt-rss/") {
 				$hint = $ref_self_url_path ? "(possible value: <b>$ref_self_url_path</b>)" : "";
 				array_push($errors,
-						"Please set SELF_URL_PATH to the correct value for your server $hint");
+						"Please set SELF_URL_PATH to the correct value for your server: $hint");
 			}
 
 			if ($ref_self_url_path &&
 				(!defined('_SKIP_SELF_URL_PATH_CHECKS') || !_SKIP_SELF_URL_PATH_CHECKS) &&
 				SELF_URL_PATH != $ref_self_url_path && SELF_URL_PATH != mb_substr($ref_self_url_path, 0, mb_strlen($ref_self_url_path)-1)) {
 				array_push($errors,
-					"Please set SELF_URL_PATH to the correct value detected for your server: <b>$ref_self_url_path</b>");
+					"Please set SELF_URL_PATH to the correct value detected for your server: <b>$ref_self_url_path</b> (you're using: <b>" . SELF_URL_PATH . "</b>)");
 			}
 
 			if (!is_writable(ICONS_DIR)) {

index.php

@@ -11,8 +11,8 @@
 
 	// we need a separate check here because functions.php might get parsed
 	// incorrectly before 5.3 because of :: syntax.
-	if (version_compare(PHP_VERSION, '5.6.0', '<')) {
-		print "<b>Fatal Error</b>: PHP version 5.6.0 or newer required. You're using " . PHP_VERSION . ".\n";
+	if (version_compare(PHP_VERSION, '7.0.0', '<')) {
+		print "<b>Fatal Error</b>: PHP version 7.0.0 or newer required. You're using " . PHP_VERSION . ".\n";
 		exit;
 	}
 
@@ -262,7 +262,7 @@
                             }
                         ?>
 
-                        <?php if (!$_SESSION["hide_logout"]) { ?>
+                        <?php if (empty($_SESSION["hide_logout"])) { ?>
                             <div dojoType="dijit.MenuItem" onclick="App.onActionSelected('qmcLogout')"><?php echo __('Logout') ?></div>
                         <?php } ?>
                     </div>

install/index.php

@@ -84,8 +84,8 @@
 	function sanity_check($db_type) {
 		$errors = array();
 
-		if (version_compare(PHP_VERSION, '5.6.0', '<')) {
-			array_push($errors, "PHP version 5.6.0 or newer required. You're using " . PHP_VERSION . ".");
+		if (version_compare(PHP_VERSION, '7.0.0', '<')) {
+			array_push($errors, "PHP version 7.0.0 or newer required. You're using " . PHP_VERSION . ".");
 		}
 
 		if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) {

plugins/af_proxy_http/init.php

@@ -29,7 +29,7 @@ class Af_Proxy_Http extends Plugin {
 
 		$host->add_hook($host::HOOK_PREFS_TAB, $this);
 
-		if (!$_SESSION['af_proxy_http_token'])
+		if (empty($_SESSION['af_proxy_http_token']))
 			$_SESSION['af_proxy_http_token'] = bin2hex(get_random_bytes(16));
 	}
 

plugins/af_redditimgur/init.php

@@ -101,7 +101,7 @@ class Af_RedditImgur extends Plugin {
 	private function process_post_media($data, $doc, $xpath, $anchor) {
 		$found = 0;
 
-		if (is_array($data["media_metadata"])) {
+		if (isset($data["media_metadata"])) {
 			foreach ($data["media_metadata"] as $media) {
 				$media_url = htmlspecialchars_decode($media["s"]["u"]);
 
@@ -134,7 +134,9 @@ class Af_RedditImgur extends Plugin {
 			}
 		} */
 
-		if (!$found && $data["post_hint"] == "hosted:video") {
+		$post_hint = $data["post_hint"] ?? false;
+
+		if (!$found && $post_hint == "hosted:video") {
 			$media_url = $data["url"];
 
 			if (isset($data["preview"]["images"][0]["source"]))
@@ -154,7 +156,7 @@ class Af_RedditImgur extends Plugin {
 			}
 		}
 
-		if (!$found && $data["post_hint"] == "video") {
+		if (!$found && $post_hint == "video") {
 			$media_url = $data["url"];
 
 			if (isset($data["preview"]["images"][0]["source"]))
@@ -168,7 +170,7 @@ class Af_RedditImgur extends Plugin {
 			$found = 1;
 		}
 
-		if (!$found && $data["post_hint"] == "image") {
+		if (!$found && $post_hint == "image") {
 			$media_url = $data["url"];
 
 			Debug::log("found image url: $media_url", Debug::$LOG_VERBOSE);
@@ -177,14 +179,14 @@ class Af_RedditImgur extends Plugin {
 			$found = 1;
 		}
 
-		if (!$found && is_array($data["preview"]["images"])) {
+		if (!$found && isset($data["preview"]["images"])) {
 			foreach ($data["preview"]["images"] as $img) {
 				if (isset($img["source"]["url"])) {
 					$media_url = htmlspecialchars_decode($img["source"]["url"]);
 					$target_url = $data["url"];
 
 					if ($media_url) {
-						if ($data["post_hint"] == "self") {
+						if ($post_hint == "self") {
 							Debug::log("found preview image url: $media_url (link: $target_url)", Debug::$LOG_VERBOSE);
 							$this->handle_as_image($doc, $anchor, $media_url, $target_url);
 
@@ -229,7 +231,7 @@ class Af_RedditImgur extends Plugin {
 
 							$data = $child["data"];
 
-							if (is_array($data["crosspost_parent_list"])) {
+							if (isset($data["crosspost_parent_list"])) {
 								Debug::log("JSON: processing child crosspost_parent_list", Debug::$LOG_EXTENDED);
 
 								foreach ($data["crosspost_parent_list"] as $parent) {

update.php

@@ -284,7 +284,7 @@
 		if (!isset($options["pidlock"]) || $options["task"] == 0)
 			RSSUtils::housekeeping_common();
 
-		PluginHost::getInstance()->run_hooks(PluginHost::HOOK_UPDATE_TASK, "hook_update_task", $op);
+		PluginHost::getInstance()->run_hooks(PluginHost::HOOK_UPDATE_TASK, "hook_update_task", $options);
 	}
 
 	if (isset($options["cleanup-tags"])) {