Merge pull request #1934 from hemberger/misc-fixes

Miscellaneous fixes

src/bootstrap.php

@@ -84,14 +84,16 @@ function logException(Throwable $err): void {
 	}
 
 	// Send error message to the in-game auto bugs mailbox
+	// (Truncate the message if necessary to avoid database errors)
+	$boxMessage = substr($message, 0, SQL_MAX_TEXT_LENGTH);
 	if (isset($session) && $session->hasGame()) {
-		$session->getPlayer()->sendMessageToBox(BOX_BUGS_AUTO, $message);
+		$session->getPlayer()->sendMessageToBox(BOX_BUGS_AUTO, $boxMessage);
 	} elseif (isset($session) && $session->hasAccount()) {
 		// Will be logged without a game_id
-		$session->getAccount()->sendMessageToBox(BOX_BUGS_AUTO, $message);
+		$session->getAccount()->sendMessageToBox(BOX_BUGS_AUTO, $boxMessage);
 	} else {
 		// Will be logged without a game_id or sender_id
-		Account::doMessageSendingToBox(0, BOX_BUGS_AUTO, $message, 0);
+		Account::doMessageSendingToBox(0, BOX_BUGS_AUTO, $boxMessage, 0);
 	}
 
 	// Send error message to e-mail so that we have a permanent record

src/config.php

@@ -25,6 +25,13 @@
 const PAGE_PREFIX = ENABLE_DEBUG ? 'DEV: ' : (ENABLE_BETA ? 'BETA: ' : '');
 const PAGE_TITLE = PAGE_PREFIX . 'Space Merchant Realms';
 
+/*
+ * Database constants
+ */
+const SQL_MAX_UNSIGNED_INT = 4_294_967_295; // 2^32-1
+const SQL_MAX_UNSIGNED_TINYINT = 255; // 2^8-1
+const SQL_MAX_TEXT_LENGTH = 65_535; // 2^16-1
+
 /*
  * Special account IDs
  */
@@ -441,10 +448,12 @@
 const MR_FACTOR = 15;
 
 const MIN_EXPERIENCE = 0;
-const MAX_EXPERIENCE = 4294967295; // 2^32-1
+const MAX_EXPERIENCE = SQL_MAX_UNSIGNED_INT;
 const MAX_COUNCIL_MEMBERS = 5;
+const MIN_FONTSIZE_PERCENT = 50;
+const MAX_FONTSIZE_PERCENT = SQL_MAX_UNSIGNED_TINYINT;
 
-const MAX_MONEY = 4294967295; // 2^32-1
+const MAX_MONEY = SQL_MAX_UNSIGNED_INT;
 const SHIP_REFUND_PERCENT = .75;
 const WEAPON_REFUND_PERCENT = .5;
 const CDS_REFUND_PERCENT = .5;

src/lib/Smr/Account.php

@@ -425,7 +425,7 @@ public function updateIP(): void {
 			'account_id' => $this->accountID,
 			'time' => Epoch::time(),
 			'ip' => $curr_ip,
-			'host' => $host,
+			'host' => substr($host, 0, 64), // column is varchar(64)
 		]);
 	}
 

src/lib/Smr/Alliance.php

@@ -40,6 +40,10 @@ class Alliance {
 	public const RECRUIT_CLOSED = 'closed';
 	public const RECRUIT_PASSWORD = 'password';
 
+	// Database constraints
+	public const MAXLENGTH_NAME = 36; // varchar(36)
+	public const MAXLENGTH_DESCRIPTION = 255; // varchar(255)
+
 	public static function clearCache(): void {
 		self::$CACHE_ALLIANCES = [];
 	}

src/lib/Smr/Bounty.php

@@ -6,6 +6,11 @@
 
 class Bounty {
 
+	/**
+	 * Maximum amount of bounty.credits in the database
+	 */
+	private const MAX_CREDITS = SQL_MAX_UNSIGNED_INT;
+
 	/**
 	 * Returns a list of all active (not claimable) bounties for given location $type.
 	 *
@@ -117,7 +122,7 @@ public function setClaimed(): void {
 	}
 
 	private function setCredits(int $credits): void {
-		if ($this->credits === $credits) {
+		if ($this->credits === $credits || $credits > self::MAX_CREDITS) {
 			return;
 		}
 		$this->credits = $credits;

src/pages/Account/PreferencesProcessor.php

@@ -143,8 +143,8 @@ public function build(Account $account): never {
 
 		} elseif ($action === 'Change Size') {
 			$fontsize = Request::getInt('fontsize');
-			if ($fontsize < 50) {
-				create_error('Minimum font size is 50%');
+			if ($fontsize < MIN_FONTSIZE_PERCENT) {
+				create_error('Minimum font size is ' . MIN_FONTSIZE_PERCENT . '%');
 			}
 			$account->setFontSize($fontsize);
 			$message = '<span class="green">SUCCESS: </span>You have changed your font size.';

src/pages/Player/AllianceMessageBoardView.php

@@ -39,7 +39,7 @@ public function build(AbstractPlayer $player, Template $template): void {
 		$thread_index = $this->threadIndex;
 		$thread_id = $this->threadIDs[$thread_index];
 
-		$template->assign('PageTopic', $this->threadTopics[$thread_index]);
+		$template->assign('PageTopic', htmlentities($this->threadTopics[$thread_index]));
 		Menu::alliance($alliance->getAllianceID());
 
 		$db = Database::getInstance();

src/templates/Default/engine/Default/alliance_create.php

@@ -11,11 +11,11 @@
 	<table class="standard">
 		<tr>
 			<td class="top">Name:</td>
-			<td><input required type="text" name="name" size="30"></td>
+			<td><input required type="text" name="name" maxlength="<?php echo Alliance::MAXLENGTH_NAME; ?>" size="30"></td>
 		</tr>
 		<tr>
 			<td class="top">Description:</td>
-			<td><textarea spellcheck="true" name="description"></textarea></td>
+			<td><textarea spellcheck="true" name="description" maxlength="<?php echo Alliance::MAXLENGTH_DESCRIPTION; ?>"></textarea></td>
 		</tr>
 		<tr>
 			<td class="top">Members start with:&nbsp;&nbsp;&nbsp;</td>

src/templates/Default/engine/Default/alliance_message.php

@@ -23,7 +23,7 @@
 						if ($Thread['Unread']) {
 							?><b><?php
 						}
-						?><a href="<?php echo $Thread['ViewHref']; ?>"><?php echo $Thread['Topic']; ?></a><?php
+						?><a href="<?php echo $Thread['ViewHref']; ?>"><?php echo htmlentities($Thread['Topic']); ?></a><?php
 						if ($Thread['Unread']) {
 							?></b><?php
 						} ?>

src/templates/Default/engine/Default/alliance_message_view.php

@@ -12,14 +12,14 @@
 		if (isset($PrevThread)) { ?>
 			<td>
 				<a href="<?php echo $PrevThread['Href']; ?>"><img src="images/album/rew.jpg" alt="Previous" title="Previous"></a>
-				&nbsp;&nbsp;<?php echo $PrevThread['Topic']; ?>
+				&nbsp;&nbsp;<?php echo htmlentities($PrevThread['Topic']); ?>
 			</td><?php
 		} else {
 			?><td>&nbsp;</td><?php
 		}
 		if (isset($NextThread)) { ?>
 			<td class="right">
-			<?php echo $NextThread['Topic']; ?>&nbsp;&nbsp;
+			<?php echo htmlentities($NextThread['Topic']); ?>&nbsp;&nbsp;
 			<a href="<?php echo $NextThread['Href']; ?>"><img src="images/album/fwd.jpg" alt="Next" title="Next"></a>
 			</td><?php
 		} else {

src/templates/Default/engine/Default/alliance_stat.php

@@ -36,7 +36,7 @@
 
 if ($CanChangeDescription) { ?>
 	<tr>
-		<td class="top">Description:&nbsp;</td><td><textarea spellcheck="true" name="description"><?php echo $Alliance->getDescription(); ?></textarea></td>
+		<td class="top">Description:&nbsp;</td><td><textarea spellcheck="true" name="description" maxlength="<?php echo Alliance::MAXLENGTH_DESCRIPTION; ?>"><?php echo $Alliance->getDescription(); ?></textarea></td>
 	</tr><?php
 }
 

src/templates/Default/engine/Default/bar_talk_bartender.php

@@ -13,7 +13,7 @@
 <br />
 
 <form method="POST" action="<?php echo $ProcessingHREF; ?>">
-	<input type="text" name="gossip_tell" size="30" />
+	<input type="text" name="gossip_tell" maxlength="255" size="30" />
 	<button type="submit" name="action" value="tell">Spread gossip</button>
 </form>
 	<br /><br />

src/templates/Default/engine/Default/donation.php

@@ -5,6 +5,7 @@
 /**
  * @var Smr\Account $ThisAccount
  * @var int $TotalDonation
+ * @var string $ContactFormLink
  */
 
 ?>
@@ -13,6 +14,11 @@
 making a donation! Your donation will translate into SMR credits that you can
 use in-game for name changes, message notifications, painting your ship, and
 more!</p>
+<p style="width:60%; text-align:justify;">
+Please allow a few days for processing. If you would like to receive your
+SMR credits faster, you can send a message to the SMR Support Team using our
+<a href="<?php echo $ContactFormLink; ?>">Contact Form</a>.
+</p>
 Current donation rate is: $<?php echo number_format($TotalDonation / 3, 2); ?> per month (within last 3 months).
 
 <br /><br />

src/templates/Default/engine/Default/planet_ownership.php

@@ -35,13 +35,13 @@
 	} else { ?>
 		<p>You own this planet!</p>
 		<form method="POST" action="<?php echo $ProcessingHREF; ?>">
-			<input type="text" name="password" value="<?php echo htmlspecialchars($Planet->getPassword()); ?>" />&nbsp;&nbsp;&nbsp;
+			<input type="text" name="password" maxlength="32" value="<?php echo htmlspecialchars($Planet->getPassword()); ?>" />&nbsp;&nbsp;&nbsp;
 			<input type="submit" name="action" value="Set Password" />
 		</form>
 		<br />
 
 		<form method="POST" action="<?php echo $ProcessingHREF; ?>">
-			<input required type="text" name="name" value="<?php echo $Planet->getDisplayName(); ?>" />&nbsp;&nbsp;&nbsp;
+			<input required type="text" name="name" maxlength="32" value="<?php echo $Planet->getDisplayName(); ?>" />&nbsp;&nbsp;&nbsp;
 			<input type="submit" name="action" value="Rename" />
 		</form><?php
 	}

src/templates/Default/engine/Default/preferences.php

@@ -334,7 +334,7 @@
 
 		<tr>
 			<td>Font size:</td>
-			<td><input type="number" size="4" name="fontsize" value="<?php echo $ThisAccount->getFontSize(); ?>" /> Minimum font size is 50%</td>
+			<td><input type="number" size="4" name="fontsize" min="<?php echo MIN_FONTSIZE_PERCENT; ?>" max="<?php echo MAX_FONTSIZE_PERCENT; ?>" value="<?php echo $ThisAccount->getFontSize(); ?>" /> Minimum font size is <?php echo MIN_FONTSIZE_PERCENT; ?>%</td>
 		</tr>
 
 		<tr>

test/SmrTest/lib/BountyTest.php

@@ -20,6 +20,25 @@ protected function tablesToTruncate(): array {
 		return ['bounty'];
 	}
 
+	public function test_max_credits(): void {
+		$bounty = new Bounty(
+			targetID: 1,
+			bountyID: 1,
+			gameID: 1,
+			type: BountyType::UG,
+			time: 0,
+			claimerID: 0,
+			credits: 0,
+			smrCredits: 0,
+		);
+		// increase bounty credits to the maximum amount
+		$bounty->increaseCredits(SQL_MAX_UNSIGNED_INT);
+		self::assertEquals($bounty->getCredits(), SQL_MAX_UNSIGNED_INT);
+		// further increases don't change the value
+		$bounty->increaseCredits(1);
+		self::assertEquals($bounty->getCredits(), SQL_MAX_UNSIGNED_INT);
+	}
+
 	public function test_update(): void {
 		// Calling update on a new bounty will add it to the database
 		$bounty = new Bounty(