psalm fixes

6 years ago · 318ac048d5
parent c44e82cc2d
commit 318ac048d5
1 changed files with 52 additions and 44 deletions
--- a/functions.inc.php
+++ b/functions.inc.php
@ -210,7 +210,7 @@ function language_selector() {
 /**
 * Checks if a domain is valid
 * @param string $domain
- * @return empty string if the domain is valid, otherwise string with the errormessage
+ * @return string empty if the domain is valid, otherwise string with the errormessage
 *
 * TODO: make check_domain able to handle as example .local domains
 * TODO: skip DNS check if the domain exists in PostfixAdmin?
@ -257,8 +257,8 @@ function check_domain($domain) {
 /**
 * check_email
 * Checks if an email is valid - if it is, return true, else false.
- * @param String $email - a string that may be an email address.
- * @return empty string if it's a valid email address, otherwise string with the errormessage
+ * @param string $email - a string that may be an email address.
+ * @return string empty if it's a valid email address, otherwise string with the errormessage
 * TODO: make check_email able to handle already added domains
 */
 function check_email($email) {
@ -498,8 +498,8 @@ function get_domain_properties($domain) {
 * Call: $pagebrowser = create_page_browser('table.field', 'query', 50)   # replaces $param = $_GET['param']
 *
 *  @param String idxfield - database field name to use as title
- *  @param String query - core part of the query (starting at "FROM")
- *  @return String
+ *  @param string query - core part of the query (starting at "FROM")
+ *  @return array
 */
 function create_page_browser($idxfield, $querypart) {
    global $CONF;
@ -530,7 +530,7 @@ function create_page_browser($idxfield, $querypart) {
        $initcount = "CREATE TEMPORARY SEQUENCE rowcount MINVALUE 0";
    }
    if (!db_sqlite()) {
-        $result = db_query($initcount);
+        db_query($initcount);
    }

    # get labels for relevant rows (first and last of each page)
@ -557,8 +557,6 @@ function create_page_browser($idxfield, $querypart) {
                WHERE (row % $page_size) IN (0,$page_size_zerobase) OR row = $count_results";
    }

-    # TODO: $query is MySQL-specific
-
    # PostgreSQL:
    # http://www.postgresql.org/docs/8.1/static/sql-createsequence.html
    # http://www.postgresonline.com/journal/archives/79-Simulating-Row-Number-in-PostgreSQL-Pre-8.4.html
@ -587,15 +585,11 @@ function create_page_browser($idxfield, $querypart) {
 }


-
-
-
-
-//
-// divide_quota
-// Action: Recalculates the quota from MBs to bytes (divide, /)
-// Call: divide_quota (string $quota)
-//
+/**
+ * Recalculates the quota from MBs to bytes (divide, /)
+ * @param int $quota
+ * @return float
+ */
 function divide_quota($quota) {
    if ($quota == -1) {
        return $quota;
@ -605,12 +599,12 @@ function divide_quota($quota) {
 }


-
-//
-// check_owner
-// Action: Checks if the admin is the owner of the domain (or global-admin)
-// Call: check_owner (string admin, string domain)
-//
+/**
+ * Checks if the admin is the owner of the domain (or global-admin)
+ * @param string $username
+ * @param string $domain
+ * @return bool
+ */
 function check_owner($username, $domain) {
    $table_domain_admins = table_by_key('domain_admins');
    $E_username = escape_string($username);
@ -669,12 +663,11 @@ function list_domains_for_admin($username) {
 }


-
-//
-// list_domains
-// Action: List all available domains.
-// Call: list_domains ()
-//
+/**
+ * List all available domains.
+ *
+ * @return array
+ */
 function list_domains() {
    $list = array();

@ -831,12 +824,11 @@ function encode_header($string, $default_charset = "utf-8") {
 }


-
-/**/ if (!function_exists('random_int')) { # random_int() is available since PHP 7, compat wrapper for PHP 5.x
-    function random_int($min, $max) {
-        return mt_rand($min, $max);
+if (!function_exists('random_int')) { // PHP version < 7.0
+    function random_int() { // someone might not be using php_crypt or ask for password generation, in which case random_int() won't be called
+        die(__FILE__ . " Postfixadmin security: Please install https://github.com/paragonie/random_compat OR enable the 'Phar' extension.");
    }
-/**/ }
+}

 /**
 * Generate a random password of $length characters.
@ -980,7 +972,7 @@ function _pacrypt_dovecot($pw, $pw_db) {
    if (strtoupper($method) == 'SCRAM-SHA-1') {
        die("Sorry, \$CONF['encrypt'] = 'dovecot:scram-sha-1' is not supported by PostfixAdmin.");
    }
-    # TODO: add -u option for those hashes, or for everything that is salted (-u was available before dovecot 2.1 -> no problem with backward compability)
+    # TODO: add -u option for those hashes, or for everything that is salted (-u was available before dovecot 2.1 -> no problem with backward compatibility )

    $dovecotpw = "doveadm pw";
    if (!empty($CONF['dovecotpw'])) {
@ -1087,6 +1079,7 @@ function _pacrypt_php_crypt($pw, $pw_db) {

 /**
 * @param string $hash_type must be one of: MD5, DES, BLOWFISH, SHA256 or SHA512  (default)
+ * @param int hash difficulty
 * @return string
 */
 function _php_crypt_generate_crypt_salt($hash_type='SHA512', $hash_difficulty=null) {
@ -1386,19 +1379,19 @@ function smtp_mail($to, $from, $data, $body = "") {
        error_log("fsockopen failed - errno: $errno - errstr: $errstr");
        return false;
    } else {
-        $res = smtp_get_response($fh);
+        smtp_get_response($fh);
        fputs($fh, "EHLO $smtp_server\r\n");
-        $res = smtp_get_response($fh);
+        smtp_get_response($fh);
        fputs($fh, "MAIL FROM:<$from>\r\n");
-        $res = smtp_get_response($fh);
+        smtp_get_response($fh);
        fputs($fh, "RCPT TO:<$to>\r\n");
-        $res = smtp_get_response($fh);
+        smtp_get_response($fh);
        fputs($fh, "DATA\r\n");
-        $res = smtp_get_response($fh);
+        smtp_get_response($fh);
        fputs($fh, "$maildata\r\n.\r\n");
-        $res = smtp_get_response($fh);
+        smtp_get_response($fh);
        fputs($fh, "QUIT\r\n");
-        $res = smtp_get_response($fh);
+        smtp_get_response($fh);
        fclose($fh);
    }
    return true;
@ -1458,6 +1451,7 @@ $DEBUG_TEXT = "\n
 * b) with $ignore_errors == TRUE
 *    array($link, $error_text);
 *
+ * @param bool $ignore_errors
 * @return resource connection to db (normally)
 */
 function db_connect($ignore_errors = false) {
@ -1673,18 +1667,22 @@ function db_query($query, $ignore_errors = 0) {
    }

    if ($CONF['database_type'] == "mysql") {
+        /* @var resource $link */
        $result = @mysql_query($query, $link)
        or $error_text = "Invalid query: " . mysql_error($link);
    }
    if ($CONF['database_type'] == "mysqli") {
+        /* @var resource $link */
        $result = @mysqli_query($link, $query)
        or $error_text = "Invalid query: " . mysqli_error($link);
    }
    if (db_sqlite()) {
+        /* @var SQLite3 $link */
        $result = @$link->query($query)
        or $error_text = "Invalid query: " . $link->lastErrorMsg();
    }
    if (db_pgsql()) {
+        /* @var resource $link */
        $result = @pg_query($link, $query)
            or $error_text = "Invalid query: " . pg_last_error();
    }
@ -1696,6 +1694,7 @@ function db_query($query, $ignore_errors = 0) {

    if ($error_text == "") {
        if (db_sqlite()) {
+            /* @var SQLite3Result $result */
            if ($result->numColumns()) {
                // Query returned something
                $num_rows = 0;
@ -1709,6 +1708,7 @@ function db_query($query, $ignore_errors = 0) {
                $number_rows = $link->changes();
            }
        } elseif (preg_match("/^SELECT/i", trim($query))) {
+            /* @var resource $result */
            // if $query was a SELECT statement check the number of rows with [database_type]_num_rows ().
            if ($CONF['database_type'] == "mysql") {
                $number_rows = mysql_num_rows($result);
@ -1720,6 +1720,7 @@ function db_query($query, $ignore_errors = 0) {
                $number_rows = pg_num_rows($result);
            }
        } else {
+            /* @var resource $result */
            // if $query was something else, UPDATE, DELETE or INSERT check the number of rows with
            // [database_type]_affected_rows ().
            if ($CONF['database_type'] == "mysql") {
@ -1758,9 +1759,11 @@ function db_row($result) {
        $row = mysqli_fetch_row($result);
    }
    if (db_sqlite()) {
+        /* @var SQLite3Result $result */
        $row = $result->fetchArray(SQLITE3_NUM);
    }
    if (db_pgsql()) {
+        /* @var resource $result */
        $row = pg_fetch_row($result);
    }
    return $row;
@ -1782,9 +1785,11 @@ function db_array($result) {
        $row = mysqli_fetch_array($result);
    }
    if (db_sqlite()) {
+        /* @var SQLite3Result $result */
        $row = $result->fetchArray();
    }
    if (db_pgsql()) {
+        /* @var resource $result */
        $row = pg_fetch_array($result);
    }
    return $row;
@ -1794,19 +1799,22 @@ function db_array($result) {
 /**
 * Get an associative array from a DB query resource.
 *
- * @param resource $result
+ * @param mixed $result - either resource or SQLite3Result depending on DB type chosen.
 * @return array|null|string
 */
 function db_assoc($result) {
    global $CONF;
    $row = "";
    if ($CONF['database_type'] == "mysql") {
+        /* @var resource $result */
        $row = mysql_fetch_assoc($result);
    }
    if ($CONF['database_type'] == "mysqli") {
+        /* @var resource $result */
        $row = mysqli_fetch_assoc($result);
    }
    if (db_sqlite()) {
+        /* @var SQLite3Result $result */
        $row = $result->fetchArray(SQLITE3_ASSOC);
    }
    if (db_pgsql()) {
@ -2088,7 +2096,7 @@ function check_db_version($error_out = true) {
        $dbversion = $row['value'];
    } else {
        $dbversion = 0;
-        db_query("INSERT INTO $table (name, value) VALUES ('version', '0')", 0, '');
+        db_query("INSERT INTO $table (name, value) VALUES ('version', '0')", 0);
    }

    if (($dbversion < $min_db_version) && $error_out == true) {