From 4dce65f1d6127dd67bbda533fa14425bf0b2ec5a Mon Sep 17 00:00:00 2001
From: Sam Reed <sam@reedyboy.net>
Date: Sat, 21 Sep 2024 01:29:10 +0100
Subject: [PATCH] More minor tweaks and updates

---
 openflights.js       | 2 +-
 php/alsearch.php     | 4 ++--
 php/autocomplete.php | 4 +++-
 php/git.php          | 2 +-
 php/import.php       | 6 +++---
 php/map.php          | 2 +-
 php/settings.php     | 2 +-
 php/trip.php         | 4 ++--
 8 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/openflights.js b/openflights.js
index 8cb77bb9..af6cbf3d 100644
--- a/openflights.js
+++ b/openflights.js
@@ -1282,7 +1282,7 @@ function xmlhttpPost(strURL, id, param) {
                     gt.gettext(
                       "'%1' not found in %2 database. Do you want to add it as a new %2 company?"
                     ),
-                    [airline, modeoperators[mode], modeoperators[mode]]
+                    [airline, modeoperators[mode]]
                   )
                 )
               ) {
diff --git a/php/alsearch.php b/php/alsearch.php
index df043e57..de627e70 100644
--- a/php/alsearch.php
+++ b/php/alsearch.php
@@ -100,7 +100,7 @@
         }
         $row = $sth->fetch();
         if ($row) {
-            printf('0;' . sprintf(_('An airline using the IATA code %s exists already.'), $iata));
+            printf('0;' . sprintf(_('An airline using the IATA code %s exists already.'), htmlspecialchars($iata)));
             exit;
         }
     }
@@ -122,7 +122,7 @@
         }
         $row = $sth->fetch();
         if ($row) {
-            printf('0;' . sprintf(_('An airline using the ICAO code %s exists already.'), $icao));
+            printf('0;' . sprintf(_('An airline using the ICAO code %s exists already.'), htmlspecialchars($icao)));
             exit;
         }
     }
diff --git a/php/autocomplete.php b/php/autocomplete.php
index 1a80cb9b..140374ef 100644
--- a/php/autocomplete.php
+++ b/php/autocomplete.php
@@ -3,9 +3,11 @@
 include_once 'helper.php';
 include_once 'db_pdo.php';
 
-// TODO: Why do we do this?
 /**
  * Trim anything after a period or left paren
+ *
+ * TODO: Why do we do this?
+ *
  * @param $query
  * @return string
  */
diff --git a/php/git.php b/php/git.php
index ace772ee..17a82878 100644
--- a/php/git.php
+++ b/php/git.php
@@ -14,6 +14,6 @@ public static function getCurrentCommitID() {
             $head = trim(file_get_contents(".git/{$matches[1]}"));
         }
 
-        return $head ? $head : null;
+        return $head ?: null;
     }
 }
diff --git a/php/import.php b/php/import.php
index 7d18a380..0017cea6 100644
--- a/php/import.php
+++ b/php/import.php
@@ -43,7 +43,7 @@ function nth_text($element, $n) {
         return nbsp_trim($item->textContent);
     }
 
-    // Shouldn't be needed in most cases, as we should be checking for the number of pieces we text,
+    // Shouldn't be necessary in most cases, as we should be checking for the number of pieces we text,
     // as some are optional.
     // If the item ($n) we were looking for isn't there, just return an empty string.
     return '';
@@ -370,7 +370,7 @@ function die_nicely($msg) {
 
         if ($html['title']->text() != "FlightMemory - FlightData") {
             die_nicely(
-                sprintf(_("Sorry, the file %s does not appear to contain FlightMemory FlightData."), $uploadFile)
+                sprintf(_("Sorry, the file %s does not appear to contain FlightMemory FlightData."), htmlspecialchars($uploadFile))
             );
         }
 
@@ -393,7 +393,7 @@ function die_nicely($msg) {
         break;
 
     default:
-        die_nicely(sprintf(_("Unknown file type %s"), $fileType));
+        die_nicely(sprintf(_("Unknown file type %s"), htmlspecialchars($fileType)));
 }
 
 if ($action == _("Upload")) {
diff --git a/php/map.php b/php/map.php
index 064425eb..a394781e 100644
--- a/php/map.php
+++ b/php/map.php
@@ -5,7 +5,7 @@
 include_once 'helper.php';
 include_once 'filter.php';
 
-// This applies only when viewing another users flights
+// This applies only when viewing another user's flights
 $user = $_POST["user"] ?? ($_GET["user"] ?? null);
 $trid = $_POST["trid"] ?? ($_GET["trid"] ?? null);
 
diff --git a/php/settings.php b/php/settings.php
index f88a965b..e8eab784 100644
--- a/php/settings.php
+++ b/php/settings.php
@@ -88,7 +88,7 @@
     $success = $sth->execute($params);
 }
 if (!$success) {
-    die("0;" . sprintf(_("Operation on user %s failed."), $name));
+    die("0;" . sprintf(_("Operation on user %s failed."), htmlspecialchars($name)));
 }
 
 // In all cases, change locale and units to user selection
diff --git a/php/trip.php b/php/trip.php
index 0d043bb2..7816c611 100644
--- a/php/trip.php
+++ b/php/trip.php
@@ -7,7 +7,7 @@
 $trid = $_POST["trid"] ?? null;
 
 if ($type != "NEW" && (!$trid || $trid == 0)) {
-    die('0;Trip ID ' . $trid . ' invalid');
+    die("0;" . sprintf(_("Trip ID %s invalid."), htmlspecialchars($trid)));
 }
 
 $uid = $_SESSION["uid"];
@@ -21,7 +21,7 @@
  */
 function failIfFalse($res, $name) {
     if (!$res) {
-        die('0;Operation on trip ' . $name . ' failed.');
+        die("0;" . sprintf(_("Operation on trip %s failed."), htmlspecialchars($name)));
     }
 }