Minor update

core/Api/Swagger.class.php

@@ -105,7 +105,7 @@ class Swagger extends Request {
     foreach (self::getApiEndpoints() as $endpoint => $apiClass) {
       $body = null;
       $requiredProperties = [];
-      $apiObject = $apiClass->newInstance($this->user);
+      $apiObject = $apiClass->newInstance($this->user, false);
       if (!$this->canView($permissions[strtolower($endpoint)] ?? [], $apiObject)) {
         continue;
       }

core/Api/TemplateAPI.class.php

@@ -66,7 +66,7 @@ namespace Api\Template {
         return $this->createError("Error rendering twig template: " . $e->getMessage());
       }
 
-      return $this->success;
+      return true;
     }
 
   }

core/Api/UserAPI.class.php

@@ -6,7 +6,7 @@ namespace Api {
 
   abstract class UserAPI extends Request {
 
-    protected function userExists(?string $username, ?string $email = null): bool {
+    protected function checkUserExists(?string $username, ?string $email = null): bool {
 
       $conditions = array();
       if ($username) {
@@ -184,7 +184,7 @@ namespace Api\User {
         return false;
       }
 
-      if (!$this->userExists($username, $email)) {
+      if (!$this->checkUserExists($username, $email)) {
         return false;
       }
 
@@ -471,7 +471,7 @@ namespace Api\User {
 
       $username = $this->getParam('username');
       $email = $this->getParam('email');
-      if (!$this->userExists($username, $email)) {
+      if (!$this->checkUserExists($username, $email)) {
         return false;
       }
 
@@ -799,7 +799,7 @@ namespace Api\User {
       $email = $this->getParam('email');
       $password = $this->getParam("password");
       $confirmPassword = $this->getParam("confirmPassword");
-      if (!$this->userExists($username, $email)) {
+      if (!$this->checkUserExists($username, $email)) {
         return false;
       }
 
@@ -970,7 +970,7 @@ namespace Api\User {
         $fullNameChanged = !is_null($fullName) && strcasecmp($fullName, $user[0]["fullName"]) !== 0;
         $emailChanged = !is_null($email) && strcasecmp($email, $user[0]["email"]) !== 0;
         if($usernameChanged || $emailChanged) {
-          if (!$this->userExists($usernameChanged ? $username : NULL, $emailChanged ? $email : NULL)) {
+          if (!$this->checkUserExists($usernameChanged ? $username : NULL, $emailChanged ? $email : NULL)) {
             return false;
           }
         }
@@ -1340,7 +1340,7 @@ namespace Api\User {
       $sql = $this->user->getSQL();
       $query = $sql->update("User")->where(new Compare("uid", $this->user->getId()));
       if ($newUsername !== null) {
-        if (!$this->checkUsernameRequirements($newUsername) || $this->userExists($newUsername)) {
+        if (!$this->checkUsernameRequirements($newUsername) || !$this->checkUserExists($newUsername)) {
           return false;
         } else {
           $query->set("name", $newUsername);

core/Driver/SQL/Query/Select.class.php

@@ -18,6 +18,7 @@ class Select extends Query {
   private bool $sortAscending;
   private int $limit;
   private int $offset;
+  private bool $forUpdate;
 
   public function __construct($sql, ...$selectValues) {
     parent::__construct($sql);
@@ -31,6 +32,7 @@ class Select extends Query {
     $this->limit = 0;
     $this->offset = 0;
     $this->sortAscending = true;
+    $this->forUpdate = false;
   }
 
   public function from(...$tables): Select {
@@ -88,6 +90,11 @@ class Select extends Query {
     return $this;
   }
 
+  public function lockForUpdate(): Select {
+    $this->forUpdate = true;
+    return $this;
+  }
+
   public function execute() {
     return $this->sql->executeQuery($this, true);
   }
@@ -174,6 +181,7 @@ class Select extends Query {
 
     $limit = ($this->getLimit() > 0 ? (" LIMIT " . $this->getLimit()) : "");
     $offset = ($this->getOffset() > 0 ? (" OFFSET " . $this->getOffset()) : "");
-    return "SELECT $selectValues FROM $tables$joinStr$where$groupBy$havingClause$orderBy$limit$offset";
+    $forUpdate = ($this->forUpdate ? " FOR UPDATE" : "");
+    return "SELECT $selectValues FROM $tables$joinStr$where$groupBy$havingClause$orderBy$limit$offset$forUpdate";
   }
 }

core/core.php

@@ -5,7 +5,7 @@ if (is_file($autoLoad)) {
   require_once $autoLoad;
 }
 
-define("WEBBASE_VERSION", "1.4.4");
+define("WEBBASE_VERSION", "1.4.5");
 
 spl_autoload_extensions(".php");
 spl_autoload_register(function($class) {
@@ -57,6 +57,8 @@ function generateRandomString($length, $type = "ascii"): string {
       $charset = $hex;
     } else if ($type === "base64") {
       $charset = $ascii . "/+";
+    } else if ($type === "base58") {
+      $charset = preg_replace("/[0Oo1Il]/", "", $ascii);
     } else if ($type === "base32") {
       $charset = $uppercase . substr($digits, 2, 6);
     } else {
@@ -103,6 +105,15 @@ function startsWith($haystack, $needle, bool $ignoreCase = false): bool {
   }
 }
 
+function startsWithAny($haystack, array $needles, bool $ignoreCase = false): bool {
+  foreach ($needles as $needle) {
+    if (startsWith($haystack, $needle, $ignoreCase)) {
+      return true;
+    }
+  }
+  return false;
+}
+
 function endsWith($haystack, $needle, bool $ignoreCase = false): bool {
 
   $length = strlen($needle);
@@ -144,7 +155,7 @@ function contains($haystack, $needle, bool $ignoreCase = false): bool {
   }
 }
 
-function intendCode($code, $escape = true) {
+function intendCode($code, $escape = true): string {
   $newCode = "";
   $first = true;
   $brackets = array();
@@ -166,10 +177,10 @@ function intendCode($code, $escape = true) {
 
     if (endsWith($line, "{")) {
       $intend += 2;
-      array_push($brackets, "}");
+      $brackets[] = "}";
     } else if (endsWith($line, "(")) {
       $intend += 2;
-      array_push($brackets, ")");
+      $brackets[] = ")";
     }
   }
 
@@ -186,7 +197,7 @@ function urlId($str) {
 
 function html_attributes(array $attributes): string {
   return implode(" ", array_map(function ($key) use ($attributes) {
-    $value = $attributes[$key];
+    $value = htmlspecialchars($attributes[$key]);
     return "$key=\"$value\"";
   }, array_keys($attributes)));
 }
@@ -281,7 +292,7 @@ function serveStatic(string $webRoot, string $file): string {
   return "";
 }
 
-function parseClass($class) {
+function parseClass($class): string {
   if (!startsWith($class, "\\")) {
     $class = "\\$class";
   }