From 2fcd1054949f748867f69c4e0f24f1efe171fafe Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Sun, 30 Nov 2025 19:13:30 +0000
Subject: [PATCH 1/3] Fix various PHP warnings

This commit fixes several PHP warnings and deprecation notices that were cluttering the nginx error log.

- Fixed "Undefined array key" and "Undefined variable" warnings by using `isset()` checks, the null coalescing operator (`??`), and initializing variables.
- Addressed "Trying to access array offset on value of type null" warnings by adding checks for null values before accessing array offsets.
- Resolved "Deprecated: preg_match(): Passing null to parameter # 2 ($subject) of type string is deprecated" and "Deprecated: pathinfo(): Passing null to parameter # 1 ($path) of type string is deprecated" notices by ensuring the variables are not null.
---
 include/class/PeerRequest.php | 4 ++--
 web/apps/admin/index.php      | 3 ++-
 web/apps/docs/index.php       | 6 ++++++
 web/apps/explorer/txs.php     | 8 ++++----
 web/mine.php                  | 5 ++++-
 5 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/include/class/PeerRequest.php b/include/class/PeerRequest.php
index 8c81e5bf..c27d3eb3 100644
--- a/include/class/PeerRequest.php
+++ b/include/class/PeerRequest.php
@@ -150,7 +150,7 @@ static function peer() {
 		$res = Peer::getSingle($hostname, $ip);
 		if ($res == 1) {
 			_log("$hostname is already in peer db",3);
-			if ($data['repeer'] == 1) {
+			if (isset($data['repeer']) && $data['repeer'] == 1) {
 				$res = peer_post($hostname."/peer.php?q=peer", ["hostname" => $_config['hostname']], 30, $err);
 				if ($res !== false) {
 					api_echo("re-peer-ok");
@@ -169,7 +169,7 @@ static function peer() {
             Peer::updatePeerInfo($ip, $_REQUEST['info']);
         }
 		// re-peer to make sure the peer is valid
-		if ($data['repeer'] == 1) {
+		if (isset($data['repeer']) && $data['repeer'] == 1) {
 			_log("Repeer to $hostname",3);
 			$res = peer_post($hostname . "/peer.php?q=peer", ["hostname" => $_config['hostname']], 30, $err);
 			_log("peer response " . print_r($res,1),4);
diff --git a/web/apps/admin/index.php b/web/apps/admin/index.php
index eaa25363..c97eb2ab 100755
--- a/web/apps/admin/index.php
+++ b/web/apps/admin/index.php
@@ -13,6 +13,7 @@
 
 require_once __DIR__. '/../common/include/top.php';
 
+$msg = [];
 if(isset($_POST['action'])) {
     $action = $_POST['action'];
     if($action == "generate") {
@@ -141,7 +142,7 @@
 }
 
 $setAdminPass = !empty($_config['admin_password']);
-$login = $_SESSION['login'];
+$login = $_SESSION['login'] ?? false;
 
 if(isset($_GET['view'])) {
 	$view = $_GET['view'];
diff --git a/web/apps/docs/index.php b/web/apps/docs/index.php
index a7d476b2..cbbc319f 100644
--- a/web/apps/docs/index.php
+++ b/web/apps/docs/index.php
@@ -8,7 +8,13 @@
 class ParsedownExt extends Parsedown {
     function inlineLink($Excerpt)
     {
+        if (!isset($Excerpt['text'])) {
+            return null;
+        }
         $link = parent::inlineLink($Excerpt);
+        if (!isset($link['element']['attributes']['href'])) {
+            return $link;
+        }
         $link['element']['attributes']['href'] = "/apps/docs/index.php?link=".urlencode($link['element']['attributes']['href']);
         return $link;
     }
diff --git a/web/apps/explorer/txs.php b/web/apps/explorer/txs.php
index fa352d4c..11b2cc2f 100644
--- a/web/apps/explorer/txs.php
+++ b/web/apps/explorer/txs.php
@@ -68,17 +68,17 @@ function TransactiongetAll($dm) {
 <form class="row mb-3" method="get" action="">
     <div class="col-lg-2">
         <input type="text" class="form-control flatpickr-input p-1 datepicker" placeholder="Date from" name="search[date][from]"
-               value="<?php echo $dm['search']['date']['from']?>">
+               value="<?php echo $dm['search']['date']['from'] ?? '' ?>">
     </div>
     <div class="col-lg-2">
         <input type="text" class="form-control flatpickr-input p-1 datepicker" placeholder="Date to" name="search[date][to]"
-               value="<?php echo $dm['search']['date']['to']?>">
+               value="<?php echo $dm['search']['date']['to'] ?? '' ?>">
     </div>
     <div class="col-lg-2">
-        <input type="text" class="form-control p-1" placeholder="Source" value="<?php echo $dm['search']['src']?>" name="search[src]">
+        <input type="text" class="form-control p-1" placeholder="Source" value="<?php echo $dm['search']['src'] ?? '' ?>" name="search[src]">
     </div>
     <div class="col-lg-2">
-        <input type="text" class="form-control p-1" placeholder="Destination" value="<?php echo $dm['search']['dst']?>" name="search[dst]">
+        <input type="text" class="form-control p-1" placeholder="Destination" value="<?php echo $dm['search']['dst'] ?? '' ?>" name="search[dst]">
     </div>
     <div class="col-lg-2">
         <select class="form-control"
diff --git a/web/mine.php b/web/mine.php
index e7d3ac4f..15340b1e 100755
--- a/web/mine.php
+++ b/web/mine.php
@@ -60,6 +60,9 @@ function readGeneratorStat() {
             'reject-reasons'=>[]
         ];
     }
+	if (!isset($generator_stat['miners'])) {
+		$generator_stat['miners'] = [];
+	}
 	return $generator_stat;
 }
 
@@ -347,7 +350,7 @@ function checkStats($ip) {
 			_log("Accepted block from miner $ip address=$address block_height=$height elapsed=$elapsed block_id=" . $block->id);
 			_logf(" ACCEPTED", 0);
 			$generator_stat['accepted']++;
-			$generator_stat['miners'][$address]++;
+			$generator_stat['miners'][$address] = ($generator_stat['miners'][$address] ?? 0) + 1;
 			saveGeneratorStat($generator_stat);
 			api_echo("accepted");
 		} else {

From 5abe6a4c2336d56550fd4159aa73bccfd32096d8 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Sun, 30 Nov 2025 19:17:47 +0000
Subject: [PATCH 2/3] Fix: Handle additional PHP warnings

This commit addresses two new warnings in `CommonSessionHandler.php`:

- Initializes the `$out` variable to prevent an "Undefined variable" warning.
- Adds a directory existence check before calling `mkdir()` to avoid a "File exists" warning.
---
 include/class/CommonSessionHandler.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/class/CommonSessionHandler.php b/include/class/CommonSessionHandler.php
index abd16b3c..232597db 100644
--- a/include/class/CommonSessionHandler.php
+++ b/include/class/CommonSessionHandler.php
@@ -46,6 +46,7 @@ public function open($path, $name)
     #[\ReturnTypeWillChange]
     public function read($id)
     {
+        $out = "";
         $sess_file = $this->path."/sess_$id";
         if(file_exists($sess_file)) $out=@file_get_contents($sess_file);
         return (string) $out;
@@ -63,7 +64,9 @@ static function setup($session_id = null) {
         $handler = new CommonSessionHandler();
         session_set_save_handler($handler, true);
         $sessions_dir = ROOT."/tmp/sessions";
-        @mkdir($sessions_dir);
+        if (!is_dir($sessions_dir)) {
+            @mkdir($sessions_dir, 0755, true);
+        }
         session_save_path($sessions_dir);
         if(!empty($session_id)) {
             session_id($session_id);

From 3300c208ad004de85e20abb6cee6f500681bcb05 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Sun, 30 Nov 2025 19:46:01 +0000
Subject: [PATCH 3/3] Fix various PHP warnings and harden code

This commit addresses a number of PHP warnings and deprecation notices, and proactively hardens the codebase against similar issues.

Fixes include:
- Resolved "Undefined array key" warnings by using the null coalescing operator (`??`) for `$_GET`, `$_POST`, and other array access.
- Corrected "Undefined variable" warnings by initializing variables before use.
- Prevented "mkdir(): File exists" warnings by adding checks with `is_dir()` before creating directories.
- Addressed "Trying to access array offset on value of type null" warnings.
- Fixed deprecation notices related to passing null to string functions.

A proactive review of the codebase was conducted to identify and fix other similar potential warnings, making the code more robust and resilient to unexpected input.
---
 include/class/PeerRequest.php  | 14 ++++++++------
 web/apps/admin/tabs/server.php |  6 +++---
 web/apps/admin/tabs/utils.php  |  9 ++++++---
 web/apps/explorer/accounts.php |  2 +-
 web/apps/wallet/login.php      |  6 +++---
 web/mine.php                   | 20 ++++++++++----------
 web/peer.php                   |  4 ++--
 7 files changed, 33 insertions(+), 28 deletions(-)

diff --git a/include/class/PeerRequest.php b/include/class/PeerRequest.php
index c27d3eb3..463f1268 100644
--- a/include/class/PeerRequest.php
+++ b/include/class/PeerRequest.php
@@ -22,7 +22,7 @@ static function processRequest() {
 			$data = json_decode(trim($_POST['data']), true);
 		}
 		global $_config;
-		if ($_POST['coin'] != COIN) {
+		if (!isset($_POST['coin']) || $_POST['coin'] != COIN) {
 			_logf("Invalid coin request=".json_encode($_REQUEST)." server=".json_encode($_SERVER));
 			api_err("Invalid coin ".json_encode($_REQUEST), 3);
 		}
@@ -40,7 +40,7 @@ static function processRequest() {
 		}
 		$ip = Nodeutil::getRemoteAddr();
 
-		if(version_compare($_POST['version'], MIN_VERSION) < 0) {
+		if(!isset($_POST['version']) || version_compare($_POST['version'], MIN_VERSION) < 0) {
 			$peer = Peer::findByIp($ip);
 			if($peer) {
 				Peer::blacklist($peer['id'], "Invalid version ".$_POST['version']);
@@ -49,12 +49,14 @@ static function processRequest() {
 			_logf("Invalid version ".$_POST['version']);
 			api_err("Invalid version ".$_POST['version']);
 		}
-		$requestId = $_POST['requestId'];
-		_log("Peer request from IP = $ip requestId=$requestId q=".$_GET['q']." chainId=".$_POST['chain_id'] ,4);
+		$requestId = $_POST['requestId'] ?? null;
+		$q = $_GET['q'] ?? null;
+		$chain_id = $_POST['chain_id'] ?? null;
+		_log("Peer request from IP = $ip requestId=$requestId q=".$q." chainId=".$chain_id ,4);
 
-		_logp("q=".$_GET['q']);
+		_logp("q=".$q);
 
-		$info = $_POST['info'];
+		$info = $_POST['info'] ?? null;
 
 		$ip = Peer::validateIp($ip);
 		_log("Filtered IP = $ip",4);
diff --git a/web/apps/admin/tabs/server.php b/web/apps/admin/tabs/server.php
index b1aec959..ac7f4ad0 100644
--- a/web/apps/admin/tabs/server.php
+++ b/web/apps/admin/tabs/server.php
@@ -7,21 +7,21 @@
 global $action, $db;
 
 if($action == "task_enable") {
-	$task = $_GET['task'];
+	$task = $_GET['task'] ?? null;
     $task::enable();
 	header("location: ".APP_URL."/?view=server");
 	exit;
 }
 
 if($action == "task_disable") {
-    $task = $_GET['task'];
+    $task = $_GET['task'] ?? null;
     $task::disable();
 	header("location: ".APP_URL."/?view=server");
 	exit;
 }
 
 if($action == "task_stop") {
-    $task = $_GET['task'];
+    $task = $_GET['task'] ?? null;
     $name = $task::$name;
 	$cmd = "php ".ROOT."/cli/$name.php --stop";
 	$res = shell_exec($cmd);
diff --git a/web/apps/admin/tabs/utils.php b/web/apps/admin/tabs/utils.php
index 33ae76ad..ee762f9f 100644
--- a/web/apps/admin/tabs/utils.php
+++ b/web/apps/admin/tabs/utils.php
@@ -21,8 +21,9 @@
     exit;
 }
 
+$checkBlocksResponse = false;
 if($action == "check_blocks") {
-    $peer = $_POST['peer'];
+    $peer = $_POST['peer'] ?? null;
     $invalid_block = Nodeutil::checkBlocksWithPeer($peer);
     $checkBlocksResponse = true;
 }
@@ -32,14 +33,16 @@
 }
 
 if($action == 'clear_blocks') {
-    $height = $_POST['height'];
+    $height = $_POST['height'] ?? null;
     Nodeutil::deleteFromHeight($height);
     header("location: ".APP_URL."/?view=utils");
     exit;
 }
 
+$accountsHash = false;
+$blocksHash = false;
 if($action == "blocks-hash") {
-    $height = $_POST['height'];
+    $height = $_POST['height'] ?? null;
     $blocksHash = Nodeutil::calculateBlocksHash($height);
 }
 
diff --git a/web/apps/explorer/accounts.php b/web/apps/explorer/accounts.php
index 77fbcade..32081f77 100755
--- a/web/apps/explorer/accounts.php
+++ b/web/apps/explorer/accounts.php
@@ -19,7 +19,7 @@
 
 <form class="app-search d-block pt-0" method="get" action="">
     <div class="position-relative">
-        <input type="text" class="form-control" placeholder="Search: Address" name="search" value="<?php echo $_GET['search'] ?>">
+        <input type="text" class="form-control" placeholder="Search: Address" name="search" value="<?php echo $_GET['search'] ?? '' ?>">
         <button class="btn btn-primary" type="submit"><i class="bx bx-search-alt align-middle"></i></button>
     </div>
 </form>
diff --git a/web/apps/wallet/login.php b/web/apps/wallet/login.php
index 6bead7cc..fbaf536d 100644
--- a/web/apps/wallet/login.php
+++ b/web/apps/wallet/login.php
@@ -2,9 +2,9 @@
 require_once dirname(__DIR__)."/apps.inc.php";
 
 if(isset($_GET['action']) && $_GET['action']=="login-link") {
-	$login_code = $_GET['login_code'];
-	$public_key = $_GET['public_key'];
-	$login_key = $_GET['login_key'];
+	$login_code = $_GET['login_code'] ?? null;
+	$public_key = $_GET['public_key'] ?? null;
+	$login_key = $_GET['login_key'] ?? null;
 
 	if(empty($login_code) || empty($public_key) || empty($login_key)) {
 		$_SESSION['msg']=[['icon'=>'warning', 'text'=>'Invalid data received']];
diff --git a/web/mine.php b/web/mine.php
index 15340b1e..3e4c6121 100755
--- a/web/mine.php
+++ b/web/mine.php
@@ -26,7 +26,7 @@
 */
 require_once dirname(__DIR__).'/include/init.inc.php';
 set_time_limit(360);
-$q = $_GET['q'];
+$q = $_GET['q'] ?? null;
 
 if(!Nodeutil::miningEnabled()) {
 	api_err("mining-not-enabled");
@@ -72,8 +72,8 @@ function saveGeneratorStat($generator_stat) {
 }
 
 function checkVersion() {
-    $version = $_POST['version'];
-    $minerInfo = $_POST['minerInfo'];
+    $version = $_POST['version'] ?? null;
+    $minerInfo = $_POST['minerInfo'] ?? null;
     $version_ok = version_compare($version, MIN_MINER_VERSION)>=0;
     _log("checkVersion q=".$_GET['q']. " version=".$version. " MIN_VERSION=".MIN_MINER_VERSION. " minerInfo=$minerInfo version_ok=$version_ok");
     return $version_ok;
@@ -198,8 +198,8 @@ function checkStats($ip) {
 		api_err("no-live-peers");
 	}
 
-	$address = san($_POST['address']);
-	$height = san($_POST['height']);
+	$address = san($_POST['address'] ?? null);
+	$height = san($_POST['height'] ?? null);
 
 	if(empty($height) || empty($address)) {
 		_logf("rejected: missing-parameters height=$height address=$address", 0);
@@ -216,12 +216,12 @@ function checkStats($ip) {
 
 	_logp(" minerInfo=$minerInfo ");
 
-	$nonce = san($_POST['nonce']);
+	$nonce = san($_POST['nonce'] ?? null);
 	$version = Block::versionCode($height);
-	$address = san($_POST['address']);
-	$elapsed = intval($_POST['elapsed']);
-	$difficulty = san($_POST['difficulty']);
-	$argon = $_POST['argon'];
+	$address = san($_POST['address'] ?? null);
+	$elapsed = intval($_POST['elapsed'] ?? 0);
+	$difficulty = san($_POST['difficulty'] ?? null);
+	$argon = $_POST['argon'] ?? null;
 
 	_logp(" height=$height address=$address elapsed=$elapsed argon=$argon");
 
diff --git a/web/peer.php b/web/peer.php
index 84df7502..97d044ee 100755
--- a/web/peer.php
+++ b/web/peer.php
@@ -27,12 +27,12 @@
 require_once dirname(__DIR__).'/include/init.inc.php';
 header('Content-Type: application/json');
 
-$q = $_GET['q'];
+$q = $_GET['q'] ?? null;
 
 $t1=microtime(true);
 
 $info = "";
-$data = json_decode(trim($_POST['data']), true);
+$data = json_decode(trim($_POST['data'] ?? ''), true);
 
 $lock_name = false;
 $lock_filename = false;