From 720a43461d67ab229de0aecfc5008f22cc4c1c54 Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Sun, 16 Jan 2022 15:22:35 +0000
Subject: [PATCH] Fixed max value check, improved request value fetching

---
 src/BaseModule.php                            |  4 ++--
 .../Api/Friendica/Notification/Seen.php       |  4 ++--
 .../Api/GNUSocial/Statusnet/Conversation.php  | 13 ++++++-------
 src/Module/Api/Twitter/Lists/Statuses.php     | 15 +++++++--------
 src/Module/Api/Twitter/Search/Tweets.php      |  4 ++--
 src/Module/Api/Twitter/Statuses/Destroy.php   |  3 +--
 .../Api/Twitter/Statuses/HomeTimeline.php     | 15 +++++++--------
 src/Module/Api/Twitter/Statuses/Mentions.php  | 11 +++++------
 .../Statuses/NetworkPublicTimeline.php        | 13 +++++--------
 .../Api/Twitter/Statuses/PublicTimeline.php   | 15 +++++++--------
 src/Module/Api/Twitter/Statuses/Show.php      |  2 +-
 .../Api/Twitter/Statuses/UserTimeline.php     | 19 ++++++++-----------
 12 files changed, 53 insertions(+), 65 deletions(-)

diff --git a/src/BaseModule.php b/src/BaseModule.php
index d85e895a17..c03a77e29e 100644
--- a/src/BaseModule.php
+++ b/src/BaseModule.php
@@ -296,7 +296,7 @@ abstract class BaseModule implements ICanHandleRequests
 				$value = max(filter_var($minimal_value, FILTER_VALIDATE_INT), $value);
 			}
 			if (!is_null($maximum_value)) {
-				$value = min(filter_var($minimal_value, FILTER_VALIDATE_INT), $value);
+				$value = min(filter_var($maximum_value, FILTER_VALIDATE_INT), $value);
 			}
 		} elseif (is_float($default)) {
 			$value = filter_var($input[$parameter] ?? $default, FILTER_VALIDATE_FLOAT);
@@ -304,7 +304,7 @@ abstract class BaseModule implements ICanHandleRequests
 				$value = max(filter_var($minimal_value, FILTER_VALIDATE_FLOAT), $value);
 			}
 			if (!is_null($maximum_value)) {
-				$value = min(filter_var($minimal_value, FILTER_VALIDATE_FLOAT), $value);
+				$value = min(filter_var($maximum_value, FILTER_VALIDATE_FLOAT), $value);
 			}
 		} elseif (is_array($default)) {
 			$value = filter_var($input[$parameter] ?? $default, FILTER_DEFAULT, ['flags' => FILTER_FORCE_ARRAY]);
diff --git a/src/Module/Api/Friendica/Notification/Seen.php b/src/Module/Api/Friendica/Notification/Seen.php
index 7b37b7615f..7a52a124df 100644
--- a/src/Module/Api/Friendica/Notification/Seen.php
+++ b/src/Module/Api/Friendica/Notification/Seen.php
@@ -49,6 +49,8 @@ class Seen extends BaseApi
 
 		$id = intval($request['id'] ?? 0);
 
+		$include_entities = $this->getRequestValue($request, 'include_entities', false);
+
 		try {
 			$Notify = DI::notify()->selectOneById($id);
 			if ($Notify->uid !== $uid) {
@@ -65,8 +67,6 @@ class Seen extends BaseApi
 			if ($Notify->otype === Notification\ObjectType::ITEM) {
 				$item = Post::selectFirstForUser($uid, [], ['id' => $Notify->iid, 'uid' => $uid]);
 				if (DBA::isResult($item)) {
-					$include_entities = filter_var($request['include_entities'] ?? false, FILTER_VALIDATE_BOOLEAN);
-
 					// we found the item, return it to the user
 					$ret  = [DI::twitterStatus()->createFromUriId($item['uri-id'], $item['uid'], $include_entities)->toArray()];
 					$data = ['status' => $ret];
diff --git a/src/Module/Api/GNUSocial/Statusnet/Conversation.php b/src/Module/Api/GNUSocial/Statusnet/Conversation.php
index 5edcc4099d..f21f4c3117 100644
--- a/src/Module/Api/GNUSocial/Statusnet/Conversation.php
+++ b/src/Module/Api/GNUSocial/Statusnet/Conversation.php
@@ -40,11 +40,12 @@ class Conversation extends BaseApi
 		$uid = BaseApi::getCurrentUserID();
 
 		// params
-		$id       = $this->parameters['id'] ?? 0;
-		$since_id = $this->getRequestValue($request, 'since_id', 0, 0);
-		$max_id   = $this->getRequestValue($request, 'max_id', 0, 0);
-		$count    = $this->getRequestValue($request, 'count', 20, 1, 100);
-		$page     = $this->getRequestValue($request, 'page', 1, 1);
+		$id               = $this->parameters['id'] ?? 0;
+		$since_id         = $this->getRequestValue($request, 'since_id', 0, 0);
+		$max_id           = $this->getRequestValue($request, 'max_id', 0, 0);
+		$count            = $this->getRequestValue($request, 'count', 20, 1, 100);
+		$page             = $this->getRequestValue($request, 'page', 1, 1);
+		$include_entities = $this->getRequestValue($request, 'include_entities', false);
 
 		$start = max(0, ($page - 1) * $count);
 
@@ -82,8 +83,6 @@ class Conversation extends BaseApi
 			throw new BadRequestException("There is no status with id $id.");
 		}
 
-		$include_entities = filter_var($request['include_entities'] ?? false, FILTER_VALIDATE_BOOLEAN);
-
 		$ret = [];
 		while ($status = DBA::fetch($statuses)) {
 			$ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray();
diff --git a/src/Module/Api/Twitter/Lists/Statuses.php b/src/Module/Api/Twitter/Lists/Statuses.php
index 87cb1b4ebd..2bf27697b4 100644
--- a/src/Module/Api/Twitter/Lists/Statuses.php
+++ b/src/Module/Api/Twitter/Lists/Statuses.php
@@ -65,12 +65,13 @@ class Statuses extends BaseApi
 		}
 
 		// params
-		$count           = $this->getRequestValue($request, 'count', 20, 1, 100);
-		$page            = $this->getRequestValue($request, 'page', 1, 1);
-		$since_id        = $this->getRequestValue($request, 'since_id', 0, 0);
-		$max_id          = $this->getRequestValue($request, 'max_id', 0, 0);
-		$exclude_replies = $this->getRequestValue($request, 'exclude_replies', false);
-		$conversation_id = $this->getRequestValue($request, 'conversation_id', 0, 0);
+		$count            = $this->getRequestValue($request, 'count', 20, 1, 100);
+		$page             = $this->getRequestValue($request, 'page', 1, 1);
+		$since_id         = $this->getRequestValue($request, 'since_id', 0, 0);
+		$max_id           = $this->getRequestValue($request, 'max_id', 0, 0);
+		$exclude_replies  = $this->getRequestValue($request, 'exclude_replies', false);
+		$conversation_id  = $this->getRequestValue($request, 'conversation_id', 0, 0);
+		$include_entities = $this->getRequestValue($request, 'include_entities', false);
 
 		$start = max(0, ($page - 1) * $count);
 
@@ -95,8 +96,6 @@ class Statuses extends BaseApi
 		$params   = ['order' => ['id' => true], 'limit' => [$start, $count]];
 		$statuses = Post::selectForUser($uid, [], $condition, $params);
 
-		$include_entities = filter_var($request['include_entities'] ?? false, FILTER_VALIDATE_BOOLEAN);
-
 		$items = [];
 		while ($status = $this->dba->fetch($statuses)) {
 			$items[] = $this->twitterStatus->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray();
diff --git a/src/Module/Api/Twitter/Search/Tweets.php b/src/Module/Api/Twitter/Search/Tweets.php
index c8ebd21db4..0d6b5c2308 100644
--- a/src/Module/Api/Twitter/Search/Tweets.php
+++ b/src/Module/Api/Twitter/Search/Tweets.php
@@ -62,6 +62,8 @@ class Tweets extends BaseApi
 		$max_id   = $_REQUEST['max_id']   ?? 0;
 		$page     = $_REQUEST['page']     ?? 1;
 
+		$include_entities = $this->getRequestValue($request, 'include_entities', false);
+
 		$start = max(0, ($page - 1) * $count);
 
 		$params = ['order' => ['id' => true], 'limit' => [$start, $count]];
@@ -115,8 +117,6 @@ class Tweets extends BaseApi
 
 		$statuses = $statuses ?: Post::selectForUser($uid, [], $condition, $params);
 
-		$include_entities = filter_var($request['include_entities'] ?? false, FILTER_VALIDATE_BOOLEAN);
-
 		$ret = [];
 		while ($status = DBA::fetch($statuses)) {
 			$ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray();
diff --git a/src/Module/Api/Twitter/Statuses/Destroy.php b/src/Module/Api/Twitter/Statuses/Destroy.php
index aabf6f98db..7f4a6c6dc7 100644
--- a/src/Module/Api/Twitter/Statuses/Destroy.php
+++ b/src/Module/Api/Twitter/Statuses/Destroy.php
@@ -21,7 +21,6 @@
 
 namespace Friendica\Module\Api\Twitter\Statuses;
 
-use Friendica\Core\Logger;
 use Friendica\Module\BaseApi;
 use Friendica\DI;
 use Friendica\Model\Contact;
@@ -50,7 +49,7 @@ class Destroy extends BaseApi
 
 		$this->logger->notice('API: api_statuses_destroy: ' . $id);
 
-		$include_entities = filter_var($request['include_entities'] ?? false, FILTER_VALIDATE_BOOLEAN);
+		$include_entities = $this->getRequestValue($request, 'include_entities', false);
 
 		$ret = DI::twitterStatus()->createFromItemId($id, $uid, $include_entities)->toArray();
 
diff --git a/src/Module/Api/Twitter/Statuses/HomeTimeline.php b/src/Module/Api/Twitter/Statuses/HomeTimeline.php
index 41ce9b37e1..41314bb1b7 100644
--- a/src/Module/Api/Twitter/Statuses/HomeTimeline.php
+++ b/src/Module/Api/Twitter/Statuses/HomeTimeline.php
@@ -43,12 +43,13 @@ class HomeTimeline extends BaseApi
 		// get last network messages
 
 		// params
-		$count           = $this->getRequestValue($request, 'count', 20, 1, 100);
-		$page            = $this->getRequestValue($request, 'page', 1, 1);
-		$since_id        = $this->getRequestValue($request, 'since_id', 0, 0);
-		$max_id          = $this->getRequestValue($request, 'max_id', 0, 0);
-		$exclude_replies = $this->getRequestValue($request, 'exclude_replies', false);
-		$conversation_id = $this->getRequestValue($request, 'conversation_id', 0, 0);
+		$count            = $this->getRequestValue($request, 'count', 20, 1, 100);
+		$page             = $this->getRequestValue($request, 'page', 1, 1);
+		$since_id         = $this->getRequestValue($request, 'since_id', 0, 0);
+		$max_id           = $this->getRequestValue($request, 'max_id', 0, 0);
+		$exclude_replies  = $this->getRequestValue($request, 'exclude_replies', false);
+		$include_entities = $this->getRequestValue($request, 'include_entities', false);
+		$conversation_id  = $this->getRequestValue($request, 'conversation_id', 0, 0);
 
 		$start = max(0, ($page - 1) * $count);
 
@@ -71,8 +72,6 @@ class HomeTimeline extends BaseApi
 		$params   = ['order' => ['id' => true], 'limit' => [$start, $count]];
 		$statuses = Post::selectForUser($uid, [], $condition, $params);
 
-		$include_entities = filter_var($request['include_entities'] ?? false, FILTER_VALIDATE_BOOLEAN);
-
 		$ret     = [];
 		$idarray = [];
 		while ($status = DBA::fetch($statuses)) {
diff --git a/src/Module/Api/Twitter/Statuses/Mentions.php b/src/Module/Api/Twitter/Statuses/Mentions.php
index 0ddabd9a4a..e9bbb93bdf 100644
--- a/src/Module/Api/Twitter/Statuses/Mentions.php
+++ b/src/Module/Api/Twitter/Statuses/Mentions.php
@@ -42,10 +42,11 @@ class Mentions extends BaseApi
 		// get last network messages
 
 		// params
-		$count    = $this->getRequestValue($request, 'count', 20, 1, 100);
-		$page     = $this->getRequestValue($request, 'page', 1, 1);
-		$since_id = $this->getRequestValue($request, 'since_id', 0, 0);
-		$max_id   = $this->getRequestValue($request, 'max_id', 0, 0);
+		$count            = $this->getRequestValue($request, 'count', 20, 1, 100);
+		$page             = $this->getRequestValue($request, 'page', 1, 1);
+		$since_id         = $this->getRequestValue($request, 'since_id', 0, 0);
+		$max_id           = $this->getRequestValue($request, 'max_id', 0, 0);
+		$include_entities = $this->getRequestValue($request, 'include_entities', false);
 
 		$start = max(0, ($page - 1) * $count);
 
@@ -72,8 +73,6 @@ class Mentions extends BaseApi
 		$params   = ['order' => ['id' => true], 'limit' => [$start, $count]];
 		$statuses = Post::selectForUser($uid, [], $condition, $params);
 
-		$include_entities = filter_var($request['include_entities'] ?? false, FILTER_VALIDATE_BOOLEAN);
-
 		$ret = [];
 		while ($status = DBA::fetch($statuses)) {
 			$ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray();
diff --git a/src/Module/Api/Twitter/Statuses/NetworkPublicTimeline.php b/src/Module/Api/Twitter/Statuses/NetworkPublicTimeline.php
index d7612d193a..af0436b4a2 100644
--- a/src/Module/Api/Twitter/Statuses/NetworkPublicTimeline.php
+++ b/src/Module/Api/Twitter/Statuses/NetworkPublicTimeline.php
@@ -38,12 +38,11 @@ class NetworkPublicTimeline extends BaseApi
 		BaseApi::checkAllowedScope(BaseApi::SCOPE_READ);
 		$uid = BaseApi::getCurrentUserID();
 
-		$since_id = $_REQUEST['since_id'] ?? 0;
-		$max_id   = $_REQUEST['max_id']   ?? 0;
-
-		// pagination
-		$count = $_REQUEST['count'] ?? 20;
-		$page  = $_REQUEST['page']  ?? 1;
+		$count            = $this->getRequestValue($request, 'count', 20, 1, 100);
+		$page             = $this->getRequestValue($request, 'page', 1, 1);
+		$since_id         = $this->getRequestValue($request, 'since_id', 0, 0);
+		$max_id           = $this->getRequestValue($request, 'max_id', 0, 0);
+		$include_entities = $this->getRequestValue($request, 'include_entities', false);
 
 		$start = max(0, ($page - 1) * $count);
 
@@ -58,8 +57,6 @@ class NetworkPublicTimeline extends BaseApi
 		$params   = ['order' => ['id' => true], 'limit' => [$start, $count]];
 		$statuses = Post::selectForUser($uid, Item::DISPLAY_FIELDLIST, $condition, $params);
 
-		$include_entities = filter_var($request['include_entities'] ?? false, FILTER_VALIDATE_BOOLEAN);
-
 		$ret = [];
 		while ($status = DBA::fetch($statuses)) {
 			$ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray();
diff --git a/src/Module/Api/Twitter/Statuses/PublicTimeline.php b/src/Module/Api/Twitter/Statuses/PublicTimeline.php
index 2a71bfe965..aba330a658 100644
--- a/src/Module/Api/Twitter/Statuses/PublicTimeline.php
+++ b/src/Module/Api/Twitter/Statuses/PublicTimeline.php
@@ -41,12 +41,13 @@ class PublicTimeline extends BaseApi
 		// get last network messages
 
 		// params
-		$count           = $this->getRequestValue($request, 'count', 20, 1, 100);
-		$page            = $this->getRequestValue($request, 'page', 1, 1);
-		$since_id        = $this->getRequestValue($request, 'since_id', 0, 0);
-		$max_id          = $this->getRequestValue($request, 'max_id', 0, 0);
-		$exclude_replies = $this->getRequestValue($request, 'exclude_replies', false);
-		$conversation_id = $this->getRequestValue($request, 'conversation_id', 0, 0);
+		$count            = $this->getRequestValue($request, 'count', 20, 1, 100);
+		$page             = $this->getRequestValue($request, 'page', 1, 1);
+		$since_id         = $this->getRequestValue($request, 'since_id', 0, 0);
+		$max_id           = $this->getRequestValue($request, 'max_id', 0, 0);
+		$exclude_replies  = $this->getRequestValue($request, 'exclude_replies', false);
+		$conversation_id  = $this->getRequestValue($request, 'conversation_id', 0, 0);
+		$include_entities = $this->getRequestValue($request, 'include_entities', false);
 
 		$start = max(0, ($page - 1) * $count);
 
@@ -78,8 +79,6 @@ class PublicTimeline extends BaseApi
 			$statuses = Post::selectForUser($uid, [], $condition, $params);
 		}
 
-		$include_entities = filter_var($request['include_entities'] ?? false, FILTER_VALIDATE_BOOLEAN);
-
 		$ret = [];
 		while ($status = DBA::fetch($statuses)) {
 			$ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray();
diff --git a/src/Module/Api/Twitter/Statuses/Show.php b/src/Module/Api/Twitter/Statuses/Show.php
index f698997094..a854837905 100644
--- a/src/Module/Api/Twitter/Statuses/Show.php
+++ b/src/Module/Api/Twitter/Statuses/Show.php
@@ -79,7 +79,7 @@ class Show extends BaseApi
 			throw new BadRequestException(sprintf("There is no status or conversation with the id %d.", $id));
 		}
 
-		$include_entities = filter_var($request['include_entities'] ?? false, FILTER_VALIDATE_BOOLEAN);
+		$include_entities = $this->getRequestValue($request, 'include_entities', false);
 
 		$ret = [];
 		while ($status = DBA::fetch($statuses)) {
diff --git a/src/Module/Api/Twitter/Statuses/UserTimeline.php b/src/Module/Api/Twitter/Statuses/UserTimeline.php
index 2255287c77..b6dcd86c91 100644
--- a/src/Module/Api/Twitter/Statuses/UserTimeline.php
+++ b/src/Module/Api/Twitter/Statuses/UserTimeline.php
@@ -42,15 +42,14 @@ class UserTimeline extends BaseApi
 
 		Logger::info('api_statuses_user_timeline', ['api_user' => $uid, '_REQUEST' => $request]);
 
-		$cid             = BaseApi::getContactIDForSearchterm($request['screen_name'] ?? '', $request['profileurl'] ?? '', $request['user_id'] ?? 0, $uid);
-		$since_id        = $request['since_id'] ?? 0;
-		$max_id          = $request['max_id']   ?? 0;
-		$exclude_replies = !empty($request['exclude_replies']);
-		$conversation_id = $request['conversation_id'] ?? 0;
-
-		// pagination
-		$count = $request['count'] ?? 20;
-		$page  = $request['page']  ?? 1;
+		$cid              = BaseApi::getContactIDForSearchterm($request['screen_name'] ?? '', $request['profileurl'] ?? '', $request['user_id'] ?? 0, $uid);
+		$count            = $this->getRequestValue($request, 'count', 20, 1, 100);
+		$page             = $this->getRequestValue($request, 'page', 1, 1);
+		$since_id         = $this->getRequestValue($request, 'since_id', 0, 0);
+		$max_id           = $this->getRequestValue($request, 'max_id', 0, 0);
+		$exclude_replies  = $this->getRequestValue($request, 'exclude_replies', false);
+		$conversation_id  = $this->getRequestValue($request, 'conversation_id', 0, 0);
+		$include_entities = $this->getRequestValue($request, 'include_entities', false);
 
 		$start = max(0, ($page - 1) * $count);
 
@@ -74,8 +73,6 @@ class UserTimeline extends BaseApi
 		$params   = ['order' => ['id' => true], 'limit' => [$start, $count]];
 		$statuses = Post::selectForUser($uid, [], $condition, $params);
 
-		$include_entities = filter_var($request['include_entities'] ?? false, FILTER_VALIDATE_BOOLEAN);
-
 		$ret = [];
 		while ($status = DBA::fetch($statuses)) {
 			$ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray();