diff --git a/app/Console/Commands/VerifiesAccessToken.php b/app/Console/Commands/VerifiesAccessToken.php index 147dd83476..67aee2cfc1 100644 --- a/app/Console/Commands/VerifiesAccessToken.php +++ b/app/Console/Commands/VerifiesAccessToken.php @@ -86,7 +86,7 @@ trait VerifiesAccessToken return false; } - if ($accessToken->data !== $token) { + if (!hash_equals($accessToken->data, $token)) { Log::error(sprintf('Invalid access token for user #%d.', $userId)); Log::error(sprintf('Token given is "%s", expected something else.', $token)); diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php index 7c7823c3fd..beae651c93 100644 --- a/app/Http/Controllers/ProfileController.php +++ b/app/Http/Controllers/ProfileController.php @@ -142,7 +142,7 @@ final class ProfileController extends Controller /** @var Preference $preference */ foreach ($set as $preference) { - if ($preference->data === $token) { + if (hash_equals($preference->data, $token)) { $user = $preference->user; } } @@ -404,7 +404,7 @@ final class ProfileController extends Controller /** @var Preference $preference */ foreach ($set as $preference) { - if ($preference->data === $token) { + if (hash_equals($preference->data, $token)) { $user = $preference->user; } } diff --git a/app/Repositories/PeriodStatistic/PeriodStatisticRepository.php b/app/Repositories/PeriodStatistic/PeriodStatisticRepository.php index 1487d1a86e..61b5f419d3 100644 --- a/app/Repositories/PeriodStatistic/PeriodStatisticRepository.php +++ b/app/Repositories/PeriodStatistic/PeriodStatisticRepository.php @@ -25,10 +25,7 @@ declare(strict_types=1); namespace FireflyIII\Repositories\PeriodStatistic; use Carbon\Carbon; -use FireflyIII\Models\Account; use FireflyIII\Models\PeriodStatistic; -use FireflyIII\Models\Tag; -use FireflyIII\Models\Transaction; use FireflyIII\Support\Repositories\UserGroup\UserGroupInterface; use FireflyIII\Support\Repositories\UserGroup\UserGroupTrait; use Illuminate\Database\Eloquent\Builder; @@ -57,8 +54,7 @@ class PeriodStatisticRepository implements PeriodStatisticRepositoryInterface, U ->where('type', 'LIKE', sprintf('%s%%', $prefix)) ->where('start', '>=', $start) ->where('end', '<=', $end) - ->get() - ; + ->get(); } #[Override] @@ -113,8 +109,7 @@ class PeriodStatisticRepository implements PeriodStatisticRepositoryInterface, U } }) ->where('type', 'LIKE', sprintf('%s%%', $prefix)) - ->delete() - ; + ->delete(); Log::debug(sprintf('Deleted %d entries for prefix "%s"', $count, $prefix)); } @@ -126,16 +121,15 @@ class PeriodStatisticRepository implements PeriodStatisticRepositoryInterface, U return; } $count = PeriodStatistic::where('primary_statable_type', $class) - ->whereIn('primary_statable_id', $objects->pluck('id')->toArray()) - ->where(function (Builder $q) use ($dates): void { - foreach ($dates as $date) { - $q->where(function (Builder $q1) use ($date): void { - $q1->where('start', '<=', $date)->where('end', '>=', $date); - }); - } - }) - ->delete() - ; + ->whereIn('primary_statable_id', $objects->pluck('id')->toArray()) + ->where(function (Builder $q) use ($dates): void { + foreach ($dates as $date) { + $q->where(function (Builder $q1) use ($date): void { + $q1->where('start', '<=', $date)->where('end', '>=', $date); + }); + } + }) + ->delete(); Log::debug(sprintf('Delete %d statistics for %dx %s', $count, $objects->count(), $class)); } @@ -152,13 +146,14 @@ class PeriodStatisticRepository implements PeriodStatisticRepositoryInterface, U #[Override] public function savePrefixedStatistic( string $prefix, - int $currencyId, + int $currencyId, Carbon $start, Carbon $end, string $type, - int $count, + int $count, string $amount - ): PeriodStatistic { + ): PeriodStatistic + { Log::debug(sprintf('Store as type "%s"', sprintf('%s_%s', $prefix, $type))); $stat = new PeriodStatistic(); $stat->transaction_currency_id = $currencyId; @@ -173,22 +168,22 @@ class PeriodStatisticRepository implements PeriodStatisticRepositoryInterface, U $stat->save(); Log::debug(sprintf( - 'Saved #%d [currency #%d, type "%s", %s to %s, %d, %s] as new statistic.', - $stat->id, - $stat->transaction_currency_id, - $stat->type, - $stat->start->toW3cString(), - $stat->end->toW3cString(), - $count, - $amount - )); + 'Saved #%d [currency #%d, type "%s", %s to %s, %d, %s] as new statistic.', + $stat->id, + $stat->transaction_currency_id, + $stat->type, + $stat->start->toW3cString(), + $stat->end->toW3cString(), + $count, + $amount + )); return $stat; } public function saveStatistic(Model $model, int $currencyId, Carbon $start, Carbon $end, string $type, int $count, string $amount): PeriodStatistic { - $stat = new PeriodStatistic(); + $stat = new PeriodStatistic(); $stat->primaryStatable()->associate($model); $stat->transaction_currency_id = $currencyId; $stat->user_group_id = $this->getUserGroup()->id; @@ -202,16 +197,16 @@ class PeriodStatisticRepository implements PeriodStatisticRepositoryInterface, U $stat->save(); Log::debug(sprintf( - 'Saved #%d [currency #%d, Model %s #%d, %s to %s, %d, %s] as new statistic.', - $stat->id, - $model::class, - $model->id, - $stat->transaction_currency_id, - $stat->start->toW3cString(), - $stat->end->toW3cString(), - $count, - $amount - )); + 'Saved #%d [currency #%d, Model %s #%d, %s to %s, %d, %s] as new statistic.', + $stat->id, + $model::class, + $model->id, + $stat->transaction_currency_id, + $stat->start->toW3cString(), + $stat->end->toW3cString(), + $count, + $amount + )); return $stat; } diff --git a/app/Support/Search/QueryParser/QueryParser.php b/app/Support/Search/QueryParser/QueryParser.php index 5604e649fb..2ad2809611 100644 --- a/app/Support/Search/QueryParser/QueryParser.php +++ b/app/Support/Search/QueryParser/QueryParser.php @@ -24,7 +24,7 @@ declare(strict_types=1); namespace FireflyIII\Support\Search\QueryParser; -use Illuminate\Support\Facades\Log; + use SensitiveParameter; /** diff --git a/database/migrations/2026_01_28_201901_migrations_01_2026.php b/database/migrations/2026_01_28_201901_migrations_01_2026.php index 80bf33321a..afd7e61b11 100644 --- a/database/migrations/2026_01_28_201901_migrations_01_2026.php +++ b/database/migrations/2026_01_28_201901_migrations_01_2026.php @@ -17,7 +17,6 @@ return new class extends Migration { */ public function down(): void { - // } public function up(): void diff --git a/mago.toml b/mago.toml index d7e3d42815..019e7c3648 100644 --- a/mago.toml +++ b/mago.toml @@ -46,12 +46,9 @@ tagged-fixme = { enabled = false } no-empty-catch-clause = { enabled = false } excessive-parameter-list = { enabled = false } no-sprintf-concat = { enabled = false } -no-redundant-use ={ enabled = false } no-redundant-math={ enabled = false } prefer-first-class-callable={ enabled = false } no-redundant-method-override={ enabled = false } -no-empty-comment={ enabled = false } -no-insecure-comparison={ enabled = false } prefer-arrow-function = { enabled = false }