[core] more types

core/Util/Network.php

@@ -22,6 +22,7 @@ public static function is_trusted_proxy(): bool
 
     public static function is_bot(): bool
     {
+        /** @var string $ua */
         $ua = $_SERVER["HTTP_USER_AGENT"] ?? "No UA";
         return (
             str_contains($ua, "Googlebot")
@@ -82,7 +83,7 @@ public static function get_session_ip(Config $config): string
 
     /**
      * @param non-empty-string $url
-     * @return array<string, string|string[]>
+     * @return header-array
      */
     public static function fetch_url(string $url, Path $mfile): array
     {
@@ -176,7 +177,7 @@ public static function ip_in_range(string $IP, string $CIDR): bool
     }
 
     /**
-     * @return array<string, string|string[]>
+     * @return header-array
      */
     public static function http_parse_headers(string $raw_headers): array
     {
@@ -204,9 +205,10 @@ public static function http_parse_headers(string $raw_headers): array
      * HTTP Headers can sometimes be lowercase which will cause issues.
      * In cases like these, we need to make sure to check for them if the camelcase version does not exist.
      *
-     * @param array<string, mixed> $headers
+     * @param header-array $headers
+     * @return string|array<string>|null
      */
-    public static function find_header(array $headers, string $name): ?string
+    public static function find_header(array $headers, string $name): mixed
     {
         $header = null;
 

core/Util/Url.php

@@ -92,6 +92,7 @@ public static function base(?array $server_settings = null): Url
         if (!is_null(SysConfig::getBaseHref())) {
             $dir = SysConfig::getBaseHref();
         } else {
+            /** @var array<string, string> $server_settings */
             $server_settings = $server_settings ?? $_SERVER;
             if (str_ends_with($server_settings['PHP_SELF'], 'index.php')) {
                 $self = $server_settings['PHP_SELF'];

core/Util/util.php

@@ -227,7 +227,7 @@ function get_debug_info(): string
 /**
  * Collects some debug information (execution time, memory usage, queries, etc)
  *
- * @return array<string, mixed>
+ * @return array{time:float,dbtime:float,mem_mb:float,files:int,query_count:int,event_count:int,cache_hits:int,cache_misses:int,version:string}
  */
 function get_debug_info_arr(): array
 {
@@ -376,8 +376,10 @@ function _get_user(): User
 {
     global $config, $page;
     $my_user = null;
-    if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
-        $parts = explode(" ", $_SERVER['HTTP_AUTHORIZATION'], 2);
+    /** @var ?string $auth */
+    $auth = $_SERVER['HTTP_AUTHORIZATION'] ?? null;
+    if (!is_null($auth)) {
+        $parts = explode(" ", $auth, 2);
         if (count($parts) === 2 && $parts[0] === "Bearer") {
             $parts = explode(":", $parts[1], 2);
             if (count($parts) === 2) {
@@ -519,7 +521,9 @@ function make_link(?string $page = null, ?array $query = null, ?string $fragment
  */
 function _get_query(?string $uri = null): string
 {
-    $parsed_url = parse_url($uri ?? $_SERVER['REQUEST_URI'] ?? "");
+    /** @var ?string $request_uri */
+    $request_uri = $_SERVER['REQUEST_URI'] ?? null;
+    $parsed_url = parse_url($uri ?? $request_uri ?? "");
 
     // if we're looking at http://site.com/.../index.php,
     // then get the query from the "q" parameter

ext/upload/main.php

@@ -348,6 +348,7 @@ private function try_transload(string $url, int $slot, array $metadata): array
 
             // Parse metadata
             $s_filename = Network::find_header($headers, 'Content-Disposition');
+            assert(is_string($s_filename));
             $h_filename = ($s_filename ? \Safe\preg_replace('/^.*filename="([^ ]+)"/i', '$1', $s_filename) : null);
             $filename = $h_filename ?: basename($url);
 

phpstan.neon.dist

@@ -10,6 +10,7 @@ parameters:
     tag-string: non-empty-string
     hash-string: non-empty-string&internal-hash-string
     query-array: "array<string,string|string[]>"
+    header-array: "array<string,string|string[]>"
   ignoreErrors:
     -
       message: '#Function .* is unsafe to use.*$#'