PHP 8.4 fixes

- Replace Parsedown with CommonMark
- Remove voku/anti-xss dependency
- Automatic dark theme by default

Author: Alanaktion

.github/workflows/ci.yml

@@ -8,7 +8,7 @@ jobs:
 
     strategy:
       matrix:
-        php: ['8.0', '8.1', '8.2', '8.3', '8.4']
+        php: ['7.4', '8.0', '8.1', '8.2', '8.3', '8.4']
 
     name: PHP ${{ matrix.php }}
 

.phpcs.xml

@@ -10,6 +10,7 @@
     <rule ref="PSR12">
         <!-- Backwards compatibilty exceptions -->
         <exclude name="PSR1.Classes.ClassDeclaration.MissingNamespace"/>
+        <exclude name="PSR2.Classes.PropertyDeclaration.Underscore"/>
         <exclude name="PSR1.Methods.CamelCapsMethodName.NotCamelCaps"/>
         <exclude name="PSR2.Methods.MethodDeclaration.Underscore"/>
     </rule>

app/controller.php

@@ -65,7 +65,7 @@ protected function _requireAdmin($rank = \Model\User::RANK_ADMIN)
      * @param array   $hive
      * @param integer $ttl
      */
-    protected function _render($file, $mime = "text/html", array $hive = null, $ttl = 0)
+    protected function _render($file, $mime = "text/html", ?array $hive = null, $ttl = 0)
     {
         echo \Helper\View::instance()->render($file, $mime, $hive, $ttl);
     }

app/controller/admin.php

@@ -2,6 +2,8 @@
 
 namespace Controller;
 
+use League\CommonMark\GithubFlavoredMarkdownConverter;
+
 class Admin extends \Controller
 {
     protected $_userId;
@@ -99,10 +101,8 @@ public function releaseCheck()
         ];
         if (!empty($release->body)) {
             // Render markdown description as HTML
-            $parsedown = new \Parsedown();
-            $parsedown->setUrlsLinked(false);
-            $parsedown->setMarkupEscaped(true);
-            $return['description_html'] = $parsedown->text($release->body);
+            $md = new GithubFlavoredMarkdownConverter();
+            $return['description_html'] = $md->convert($release->body);
         }
         echo json_encode($return, JSON_THROW_ON_ERROR);
     }
@@ -570,7 +570,7 @@ public function group_ajax(\Base $f3)
                 $this->_printJson(["changed" => 1]);
                 break;
             case "change_api_visibility":
-                $group->api_visible = (int)!!$f3->get("POST.value");
+                $group->api_visible = (int)((bool) $f3->get("POST.value"));
                 $group->save();
                 $this->_printJson(["changed" => 1]);
                 break;

app/controller/api/user.php

@@ -4,7 +4,7 @@
 
 class User extends \Controller\Api
 {
-    protected function user_array(\Model\User $user)
+    protected function user_array(\Model\User $user): array
     {
         $group_id = $user->id;
 
@@ -25,7 +25,7 @@ protected function user_array(\Model\User $user)
             "email" => $user->email,
         ];
 
-        return ($result);
+        return $result;
     }
 
     public function single_get($f3, $params)

app/controller/issues.php

@@ -748,7 +748,7 @@ protected function _saveNew()
             }
         }
 
-        $issue = \Model\Issue::create($data, !!$f3->get("POST.notify"));
+        $issue = \Model\Issue::create($data, (bool) $f3->get("POST.notify"));
         if ($originalAuthor) {
             $issue->author_id = $originalAuthor;
             $issue->save(false);
@@ -829,7 +829,7 @@ public function single($f3, $params)
 
         $watching = new \Model\Issue\Watcher();
         $watching->load(["issue_id = ? AND user_id = ?", $issue->id, $this->_userId]);
-        $f3->set("watching", !!$watching->id);
+        $f3->set("watching", (bool) $watching->id);
 
         $f3->set("issue", $issue);
         $f3->set("ancestors", $issue->getAncestors());
@@ -1135,7 +1135,7 @@ public function comment_save($f3)
             $issue->close();
         }
 
-        $comment = \Model\Issue\Comment::create(["issue_id" => $post["issue_id"], "user_id" => $this->_userId, "text" => trim($post["text"])], !!$f3->get("POST.notify"));
+        $comment = \Model\Issue\Comment::create(["issue_id" => $post["issue_id"], "user_id" => $this->_userId, "text" => trim($post["text"])], (bool) $f3->get("POST.notify"));
 
         if ($f3->get("AJAX")) {
             $this->_printJson([
@@ -1209,7 +1209,7 @@ public function file_undelete($f3)
      * @param  string $q User query string
      * @return array  [string, keyword, ...]
      */
-    protected function _buildSearchWhere($q)
+    protected function _buildSearchWhere($q): array
     {
         if (!$q) {
             return ["deleted_date IS NULL"];
@@ -1373,11 +1373,11 @@ function ($file) use ($f3, $orig_name, $user_id, $issue) {
             $comment->created_date = $this->now();
             $comment->file_id = $f3->get('file_id');
             $comment->save();
-            if (!!$f3->get("POST.notify")) {
+            if ((bool) $f3->get("POST.notify")) {
                 $notification = \Helper\Notification::instance();
                 $notification->issue_comment($issue->id, $comment->id);
             }
-        } elseif ($f3->get('file_id') && !!$f3->get("POST.notify")) {
+        } elseif ($f3->get('file_id') && (bool) $f3->get("POST.notify")) {
             $notification = \Helper\Notification::instance();
             $notification->issue_file($issue->id, $f3->get("file_id"));
         }

app/controller/issues/project.php

@@ -70,10 +70,8 @@ public function overview($f3, $params)
                     "issue_type" => $f3->get("issue_type")
                 ];
                 echo \Helper\View::instance()->render("issues/project/tree-item.html", "text/html", $hive);
-                if ($children) {
-                    foreach ($children as $item) {
-                        $renderTree($item, $level + 1);
-                    }
+                foreach ($children as $item) {
+                    $renderTree($item, $level + 1);
                 }
             }
         };

app/controller/user.php

@@ -114,7 +114,7 @@ public function dashboardPost($f3)
      * Get array of theme names
      * @return array
      */
-    private function _loadThemes()
+    private function _loadThemes(): array
     {
         $themes = ["bootstrap.min"];
         foreach (glob("css/bootstrap-*.css") as $file) {
@@ -354,7 +354,7 @@ public function single($f3, $params)
      * @param  array $array Flat array of issues, including all parents needed
      * @return array Tree array where each issue contains its child issues
      */
-    protected function _buildTree($array)
+    protected function _buildTree($array): array
     {
         $tree = [];
 

app/helper/dashboard.php

@@ -84,7 +84,7 @@ public function projects()
         return $this->_projects;
     }
 
-    public function subprojects()
+    public function subprojects(): array
     {
         if ($this->_projects === null) {
             $this->projects();
@@ -217,7 +217,7 @@ public function open_comments()
      * Get data for Issue Tree widget
      * @return array
      */
-    public function issue_tree()
+    public function issue_tree(): array
     {
         $f3 = \Base::instance();
         $userId = $f3->get("this_user") ? $f3->get("this_user")->id : $f3->get("user.id");
@@ -284,7 +284,7 @@ public function issue_tree()
      * @param  array $array Flat array of issues, including all parents needed
      * @return array Tree array where each issue contains its child issues
      */
-    protected function _buildTree($array)
+    protected function _buildTree($array): array
     {
         $tree = [];
 

app/helper/matrix.php

@@ -10,7 +10,7 @@ class Matrix extends \Matrix
      * @param  array $arrays  Array of sorted arrays to merge
      * @return array
      */
-    public function mergeSorted(array $arrays)
+    public function mergeSorted(array $arrays): array
     {
         $lengths = [];
         foreach ($arrays as $k => $v) {

app/helper/notification.php

@@ -418,11 +418,11 @@ protected function _issue_watchers($issue_id)
      * Render a view and return the result
      * @param  string  $file
      * @param  string  $mime
-     * @param  array   $hive
+     * @param  array|null $hive
      * @param  integer $ttl
      * @return string
      */
-    protected function _render($file, $mime = "text/html", array $hive = null, $ttl = 0)
+    protected function _render($file, $mime = "text/html", ?array $hive = null, $ttl = 0)
     {
         return \Helper\View::instance()->render($file, $mime, $hive, $ttl);
     }

app/helper/plugin.php

@@ -84,7 +84,7 @@ public function addJsFile($file, $match = null)
      * @param  string $location
      * @return array
      */
-    public function getNav($path = null, $location = "root")
+    public function getNav($path = null, $location = "root"): array
     {
         $all = $this->_nav;
         $return = [];
@@ -116,7 +116,7 @@ public function getAllNavs($path = null)
      * @param  string $path
      * @return array
      */
-    public function getJsFiles($path = null)
+    public function getJsFiles($path = null): array
     {
         $return = [];
         foreach ($this->_jsFiles as $item) {
@@ -135,7 +135,7 @@ public function getJsFiles($path = null)
      * @param  string $path
      * @return array
      */
-    public function getJsCode($path = null)
+    public function getJsCode($path = null): array
     {
         $return = [];
         foreach ($this->_jsCode as $item) {

app/helper/security.php

@@ -2,6 +2,8 @@
 
 namespace Helper;
 
+use Helper\Security\AntiXSS;
+
 class Security extends \Prefab
 {
     /**
@@ -156,4 +158,12 @@ public function hashEquals($str1, $str2)
     {
         return hash_equals($str1, $str2);
     }
+
+    /**
+     * Clean a string to remove potential XSS attacks
+     */
+    public function cleanXss(string $str): string
+    {
+        return (new AntiXSS())->xss_clean($str);
+    }
 }