Skip to content

refactor: safe PHP 7.4 modernization #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
somethingwithproof wants to merge 5 commits into
base: develop
Choose a base branch
from
Draft

refactor: safe PHP 7.4 modernization #54

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
16b2a62
refactor: add strict typing
somethingwithproof Apr 9, 2026
5eb305d
fix: validate parameters in audit_process_page_data
somethingwithproof Apr 9, 2026
52c7097
refactor: enforce strict typing and clean up standalone infra
somethingwithproof Apr 9, 2026
894deb6
refactor: safe PHP 7.4 modernization (arrays, null coalescing)
somethingwithproof Apr 9, 2026
139f88d
fix: restore is_array/in_array calls and remove .omc artifacts
somethingwithproof Apr 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,4 @@


locales/po/*.mo
.omc/
34 changes: 18 additions & 16 deletions audit.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
<?php

declare(strict_types=1);
/*
+-------------------------------------------------------------------------+
| Copyright (C) 2004-2026 The Cacti Group |
Expand Down Expand Up @@ -61,8 +63,8 @@
} elseif (cacti_sizeof($data)) {
$attribs = json_decode($data['post']);

$nattribs = array();
foreach($attribs as $field => $content) {
$nattribs = [];
foreach(($attribs ?? []) as $field => $content) {
$nattribs[$field] = $content;
}
ksort($nattribs);
Expand Down Expand Up @@ -107,12 +109,12 @@
}

if ($i % $columns > 0) {
$output . '<td></td><td></td></tr>';
$output .= '<td></td><td></td></tr>';
}
}

// Display the Record Data under selected_items if it is not empty
$recordData = json_decode($data['object_data']);
$recordData = json_decode($data['object_data'] ?? '');
if (!empty($recordData)) {
$output .= '</table>';
$output .= '<tr><td colspan="' . ($columns * 2) . '"><hr></td></tr>';
Expand Down Expand Up @@ -181,7 +183,7 @@ function audit_export_rows() {
foreach($events as $event) {
$post = json_decode($event['post']);
$poster = '';
foreach($post as $var => $value) {
foreach(($post ?? []) as $var => $value) {
if (is_array($value)) {
$poster .= ($poster != '' ? '|':'') . $var . ':' . implode('%', $value);
} else {
Expand Down Expand Up @@ -211,40 +213,40 @@ function audit_csv_escape($string) {
function process_request_vars() {
/* ================= input validation and session storage ================= */
$filters = array(
'rows' => array(
'rows' => [
'filter' => FILTER_VALIDATE_INT,
'pageset' => true,
'default' => '-1'
),
'page' => array(
],
'page' => [
'filter' => FILTER_VALIDATE_INT,
'default' => '1'
),
'filter' => array(
],
'filter' => [
'filter' => FILTER_DEFAULT,
'pageset' => true,
'default' => ''
),
],
'sort_column' => array(
'filter' => FILTER_CALLBACK,
'default' => 'event_time',
'options' => array('options' => 'sanitize_search_string')
'options' => ['options' => 'sanitize_search_string']
),
'sort_direction' => array(
'filter' => FILTER_CALLBACK,
'default' => 'DESC',
'options' => array('options' => 'sanitize_search_string')
'options' => ['options' => 'sanitize_search_string']
),
'user_id' => array(
'user_id' => [
'filter' => FILTER_VALIDATE_INT,
'pageset' => true,
'default' => '-1'
),
],
'event_page' => array(
'filter' => FILTER_CALLBACK,
'pageset' => true,
'default' => '-1',
'options' => array('options' => 'sanitize_search_string')
'options' => ['options' => 'sanitize_search_string']
)
);

Expand Down
45 changes: 26 additions & 19 deletions audit_functions.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,14 @@
<?php

declare(strict_types=1);

function audit_process_page_data($page, $drop_action, $selected_items) {
$objects = array();
$objects = [];

if (!is_string($page) || $page === '' || !is_array($selected_items)) {
return json_encode($objects);
}

if ($drop_action !== false) {
switch ($page) {
case 'host.php':
Expand All @@ -10,23 +17,23 @@ function audit_process_page_data($page, $drop_action, $selected_items) {
$objects[] = db_fetch_assoc_prepared('SELECT id AS host_id,site_id,description,hostname,status,status_fail_date AS last_failed_date,status_rec_date AS last_recovered_date
FROM host
WHERE id IN (?)',
array($item));
[$item]);
}
break;
case 'host_templates.php':
foreach ($selected_items as $item) {
$objects[] = db_fetch_assoc_prepared('SELECT name
FROM host_template
WHERE id IN (?)',
array($item));
[$item]);
}
break;

case 'templates_export.php':
foreach ($selected_items as $item) {
$objects[] = db_fetch_assoc_prepared('SELECT name FROM graph_templates
WHERE id IN (?)',
array($item));
[$item]);
}
break;

Expand All @@ -36,7 +43,7 @@ function audit_process_page_data($page, $drop_action, $selected_items) {
$result = db_fetch_assoc_prepared('SELECT id, network_id,hostname,ip,sysName,syslocation,snmp,up
FROM automation_devices
WHERE id IN (?)',
array($item));
[$item]);

foreach ($result as &$row) {
$row['snmp'] = ($row['snmp'] == 1) ? 'UP' : 'Down';
Expand All @@ -53,7 +60,7 @@ function audit_process_page_data($page, $drop_action, $selected_items) {
$objects[] = db_fetch_assoc_prepared('SELECT name
FROM graph_templates
WHERE id IN (?)',
array($item));
[$item]);
}
break;

Expand All @@ -62,14 +69,14 @@ function audit_process_page_data($page, $drop_action, $selected_items) {
$objects[] = db_fetch_assoc_prepared('SELECT id,name_cache AS THOLD_NAME,data_source_name AS Data_Source
FROM thold_data
WHERE id IN (?)',
array($item));
[$item]);
}
break;
case 'data_sources.php':
foreach ($selected_items as $item) {
$objects[] = db_fetch_assoc_prepared('select name_cache AS Data_Source_Name,active from data_template_data
WHERE local_data_id IN (?)',
array($item));
[$item]);
}
break;

Expand All @@ -78,7 +85,7 @@ function audit_process_page_data($page, $drop_action, $selected_items) {
$objects[] = db_fetch_assoc_prepared('SELECT name
FROM data_template
WHERE id IN (?)',
array($item));
[$item]);
}
break;

Expand All @@ -87,7 +94,7 @@ function audit_process_page_data($page, $drop_action, $selected_items) {
$objects[] = db_fetch_assoc_prepared('SELECT name
FROM aggregate_graph_template
WHERE id IN (?)',
array($item));
[$item]);
}
break;

Expand All @@ -96,23 +103,23 @@ function audit_process_page_data($page, $drop_action, $selected_items) {
$objects[] = db_fetch_assoc_prepared('SELECT name
FROM thold_template
WHERE id IN (?)',
array($item));
[$item]);
}
break;
case 'user_admin.php':
foreach ($selected_items as $item) {
$objects[] = db_fetch_assoc_prepared('SELECT username
FROM user_auth
WHERE id IN (?)',
array($item));
[$item]);
}
break;
case 'user_group_admin.php':
foreach ($selected_items as $item) {
$objects[] = db_fetch_assoc_prepared('SELECT name
FROM user_auth_group
WHERE id IN (?)',
array($item));
[$item]);
}
break;
}
Expand Down Expand Up @@ -148,10 +155,10 @@ function audit_config_insert() {

/* sanitize and serialize selected items */
if (isset($post['selected_items'])) {
$selected_items = unserialize(stripslashes($post['selected_items']), array('allowed_classes' => false));
$selected_items = unserialize(stripslashes($post['selected_items']), ['allowed_classes' => false]);
$drop_action = $post['drp_action'];
} else {
$selected_items = array();
$selected_items = [];
$drop_action = false;
}

Expand Down Expand Up @@ -209,7 +216,7 @@ function audit_config_insert() {

db_execute_prepared('INSERT INTO audit_log (page, user_id, action, ip_address, user_agent, event_time, post, object_data)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)',
array($page, $user_id, $action, $ip_address, $user_agent, $event_time, $post, $object_data));
[$page, $user_id, $action, $ip_address, $user_agent, $event_time, $post, $object_data]);

if ($audit_log == '') {
set_config_option('audit_log_external_path', $base . '/log/audit.log');
Expand All @@ -226,7 +233,7 @@ function audit_config_insert() {
}

if (read_config_option('audit_log_external') == 'on' && $audit_log != '' && file_exists($audit_log)) {
$log_data = array(
$log_data = [
'page' => $page,
'user_id' => $user_id,
'action' => $action,
Expand All @@ -235,7 +242,7 @@ function audit_config_insert() {
'event_time' => $event_time,
'post' => $post,
'object_data' => $object_data
);
];

$log_msg = json_encode($log_data) . "\n";
$file = fopen($audit_log, 'a');
Expand Down Expand Up @@ -263,7 +270,7 @@ function audit_config_insert() {

db_execute_prepared('INSERT INTO audit_log (page, user_id, action, ip_address, user_agent, event_time, post)
VALUES (?, ?, ?, ?, ?, ?, ?)',
array($page, $user_id, $action, $ip_address, $user_agent, $event_time, $post));
[$page, $user_id, $action, $ip_address, $user_agent, $event_time, $post]);
}
}
}
2 changes: 2 additions & 0 deletions index.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
<?php

declare(strict_types=1);
/*
+-------------------------------------------------------------------------+
| Copyright (C) 2004-2026 The Cacti Group |
Expand Down
2 changes: 2 additions & 0 deletions locales/LC_MESSAGES/index.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
<?php

declare(strict_types=1);
/*
+-------------------------------------------------------------------------+
| Copyright (C) 2004-2026 The Cacti Group |
Expand Down
2 changes: 2 additions & 0 deletions locales/index.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
<?php

declare(strict_types=1);
/*
+-------------------------------------------------------------------------+
| Copyright (C) 2004-2026 The Cacti Group |
Expand Down
8 changes: 5 additions & 3 deletions setup.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
<?php

declare(strict_types=1);
/*
+-------------------------------------------------------------------------+
| Copyright (C) 2004-2026 The Cacti Group |
Expand Down Expand Up @@ -67,7 +69,7 @@ function audit_check_upgrade() {
include_once($config['library_path'] . '/database.php');
include_once($config['library_path'] . '/functions.php');

$files = array('plugins.php', 'audit.php');
$files = ['plugins.php', 'audit.php'];
if (isset($_SERVER['PHP_SELF']) && !in_array(basename($_SERVER['PHP_SELF']), $files)) {
return;
}
Expand Down Expand Up @@ -250,7 +252,7 @@ function audit_config_arrays() {
global $menu, $messages, $audit_retentions, $utilities;

if (isset($_SESSION['audit_message']) && $_SESSION['audit_message'] != '') {
$messages['audit_message'] = array('message' => $_SESSION['audit_message'], 'type' => 'info');
$messages['audit_message'] = ['message' => $_SESSION['audit_message'], 'type' => 'info'];
}

$audit_retentions = array(
Expand All @@ -269,7 +271,7 @@ function audit_config_arrays() {
$menu[__('Utilities')]['plugins/audit/audit.php'] = __('Audit Log', 'audit');

if (function_exists('auth_augment_roles')) {
auth_augment_roles(__('System Administration'), array('audit.php'));
auth_augment_roles(__('System Administration'), ['audit.php']);
}

audit_check_upgrade();
Expand Down
Loading