From d96b05a65816c892030c24ae54643db3b4547b3b Mon Sep 17 00:00:00 2001
From: Sascha Nitsch <sascha.nitsch@spsn.net>
Date: Wed, 17 Jul 2024 21:37:02 +0200
Subject: [PATCH] fixed errors found by phan

---
 .phan/config.php            |  3 +++
 htdocs/api.php              |  2 +-
 php/api.php                 | 16 +++++++++-------
 php/api/v1/dummy.php        |  2 +-
 php/cache/cache.php         |  3 ++-
 php/connector/connector.php |  1 +
 php/language.php            |  9 +++++----
 php/main.php                | 11 +++++++++--
 plugins/dummyconnector.php  |  2 +-
 9 files changed, 32 insertions(+), 17 deletions(-)

diff --git a/.phan/config.php b/.phan/config.php
index 024bcc8..8c7f84a 100644
--- a/.phan/config.php
+++ b/.phan/config.php
@@ -359,6 +359,9 @@ return [
     'directory_list' => [
         'vendor/phan/phan/src/Phan',
         'vendor/smarty/smarty/src',
+        'php/',
+        'plugins',
+        'htdocs',
     ],
 
     // A list of individual files to include in analysis
diff --git a/htdocs/api.php b/htdocs/api.php
index 9e921b7..2a14e74 100644
--- a/htdocs/api.php
+++ b/htdocs/api.php
@@ -11,7 +11,7 @@ if (! array_key_exists('_call', $_REQUEST)) {
     exit();
 }
 date_default_timezone_set("Europe/Berlin");
-spl_autoload_register(function ($className) {
+spl_autoload_register(static function (string $className) {
     // strip Federator from class path
     $className = str_replace('Federator\\', '', $className);
     include '../php/' . str_replace("\\", "/", strtolower($className)) . '.php';
diff --git a/php/api.php b/php/api.php
index d172d09..5eb7c59 100644
--- a/php/api.php
+++ b/php/api.php
@@ -30,7 +30,7 @@ class Api extends Main
     /**
      * current user
      *
-     * @var Data\User $user
+     * @var Data\User|false $user
      * */
     private $user;
 
@@ -56,8 +56,9 @@ class Api extends Main
      *
      * @param string $call
      *          path of called function
+     * @return void
      */
-    public function setPath(string $call) : void
+    public function setPath($call)
     {
         $this->path = $call;
         while ($this->path[0] === '/') {
@@ -71,7 +72,7 @@ class Api extends Main
      */
     public function run() : void
     {
-        $this->setPath($_REQUEST["_call"]);
+        $this->setPath((string)$_REQUEST['_call']);
         $this->openDatabase();
         $this->loadPlugins();
         $retval = "";
@@ -131,6 +132,7 @@ class Api extends Main
             if ($this->redirect !== null) {
                 header("Location: $this->redirect");
             }
+            // @phan-suppress-next-line PhanSuspiciousValueComparison
             if ($this->responseCode != 200) {
                 http_response_code($this->responseCode);
             }
@@ -168,6 +170,9 @@ class Api extends Main
     public function checkPermission($permission, $exception = "\Exceptions\PermissionDenied", $message = null) : void
     {
         // generic check first
+        if ($this->user === false) {
+            throw new Exceptions\PermissionDenied();
+        }
         if ($this->user->id == 0) {
             throw new Exceptions\PermissionDenied();
         }
@@ -228,10 +233,7 @@ class Api extends Main
         if ($int === true) {
             return intval($_POST[$key]);
         }
-        $ret = $this->dbh->escape_string($this->stripHTML($_POST[$key]));
-        if ($ret === false) {
-            return $int ? 0 : "";
-        }
+        $ret = $this->dbh->escape_string($this->stripHTML((string)$_POST[$key]));
         return $ret;
     }
 
diff --git a/php/api/v1/dummy.php b/php/api/v1/dummy.php
index a1f046c..e92ab13 100644
--- a/php/api/v1/dummy.php
+++ b/php/api/v1/dummy.php
@@ -30,7 +30,7 @@ class Dummy implements \Federator\Api\V1
     /**
      * constructor
      *
-     * @param \Main $main main instance
+     * @param \Federator\Main $main main instance
      */
     public function __construct(\Federator\Main $main)
     {
diff --git a/php/cache/cache.php b/php/cache/cache.php
index e8dd21b..0cd9c2b 100644
--- a/php/cache/cache.php
+++ b/php/cache/cache.php
@@ -15,9 +15,10 @@ interface Cache extends \Federator\Connector\Connector
 {
     /**
      * save remote user by given session
+     *
      * @param string $_session session id
      * @param string $_user user/profile name
-     * @aramm \Federator\Data\User $user user data
+     * @param \Federator\Data\User $user user data
      * @return void
      */
     public function saveRemoteUserBySession($_session, $_user, $user);
diff --git a/php/connector/connector.php b/php/connector/connector.php
index b3bef02..0b7dbd3 100644
--- a/php/connector/connector.php
+++ b/php/connector/connector.php
@@ -15,6 +15,7 @@ interface Connector
 {
     /**
      * get remote user by given session
+     *
      * @param string $_session session id
      * @param string $_user user/profile name
      * @return \Federator\Data\User | false
diff --git a/php/language.php b/php/language.php
index 55f0ee5..247eb29 100644
--- a/php/language.php
+++ b/php/language.php
@@ -54,7 +54,7 @@ class Language
             }
         }
         if ($uselang === null && array_key_exists('_lang', $_REQUEST)) {
-            $language = $_REQUEST['_lang'];
+            $language = (string)$_REQUEST['_lang'];
             if (array_key_exists($language, $this->validLanguages)) {
                 $uselang = $language;
             }
@@ -126,7 +126,7 @@ class Language
      *
      * @param string $group
      *          group name to fetch keys
-     * @return array<string> list of keys
+     * @return list<string> list of keys
      */
     public function getKeys(string $group)
     {
@@ -135,6 +135,7 @@ class Language
             require_once($_SERVER['DOCUMENT_ROOT'] . '/../lang/' . $this->uselang . "/$group.inc");
             $this->lang[$group] = $l;
         }
+        // @phan-suppress-next-line PhanPartialTypeMismatchReturn
         return array_keys($this->lang[$group]);
     }
 
@@ -263,11 +264,11 @@ function smarty_function_printlang($params, $template) : string
 {
     $lang = $template->getTemplateVars("language");
     <<<'PHAN'
-      @phan-var \Language $lang
+      @phan-var \Federator\Language $lang
       PHAN;
     $forcelang = array_key_exists('lang', $params) ? $params['lang'] : null;
     if ($forcelang !== null) {
-        $lang = new Language($forcelang);
+        $lang = new \Federator\Language($forcelang);
     }
     if (isset($params['var'])) {
         return $lang->printlang($params['group'], $params['key'], $params['var']);
diff --git a/php/main.php b/php/main.php
index 7b996e5..e55d980 100644
--- a/php/main.php
+++ b/php/main.php
@@ -53,7 +53,7 @@ class Main
     /**
      * languange instance
      *
-     * @var \Language $lang
+     * @var Language $lang
      */
     protected $lang = null;
     /**
@@ -80,7 +80,11 @@ class Main
      */
     public function __construct()
     {
-        $this->config = parse_ini_file('../config.ini', true);
+        $this->responseCode = 200;
+        $config = parse_ini_file('../config.ini', true);
+        if ($config !== false) {
+            $this->config = $config;
+        }
     }
 
     /**
@@ -92,6 +96,9 @@ class Main
     public static function getFromRemote(string $remoteURL, $headers)
     {
         $ch = curl_init();
+        if ($ch === false) {
+            return ['', null];
+        }
         curl_setopt($ch, CURLOPT_URL, $remoteURL);
         curl_setopt($ch, CURLOPT_HEADER, 0);
         curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
diff --git a/plugins/dummyconnector.php b/plugins/dummyconnector.php
index 00e8d12..9155d7a 100644
--- a/plugins/dummyconnector.php
+++ b/plugins/dummyconnector.php
@@ -23,7 +23,7 @@ class DummyConnector implements Connector
      * get remote user by given session
      * @param string $_session session id
      * @param string $_user user or profile name
-     * @return Data\User | false
+     * @return \Federator\Data\User | false
      */
     public function getRemoteUserBySession(string $_session, string $_user)
     {