6 files changed, 50 insertions, 52 deletions
diff --git a/include/colors.php b/include/colors.php
index 2ad958e94..408f5aa9d 100644
--- a/include/colors.php
+++ b/include/colors.php
@@ -216,6 +216,7 @@ function _color_unpack($hex, $normalize = false) {
 
 ### Convert an RGB triplet to a hex color.
 function _color_pack($rgb, $normalize = false) {
+	$out = 0;
   foreach ($rgb as $k => $v) {
     $out |= (($v * ($normalize ? 255 : 1)) << (16 - $k * 8));
   }return '#'. str_pad(dechex($out), 6, 0, STR_PAD_LEFT);
diff --git a/include/errorhandler.php b/include/errorhandler.php
index 188c8c5ce..3643db98a 100644
--- a/include/errorhandler.php
+++ b/include/errorhandler.php
@@ -10,10 +10,12 @@ function format_backtrace($trace) {
 
 				if (is_array($e["args"])) {
 					foreach ($e["args"] as $a) {
-						if (!is_object($a)) {
-							array_push($fmt_args, $a);
+						if (is_object($a)) {
+							array_push($fmt_args, "{" . get_class($a) . "}");
+						} else if (is_array($a)) {
+							array_push($fmt_args, "[" . truncate_string(json_encode($a), 256, "...")) . "]";
 						} else {
-							array_push($fmt_args, "[" . get_class($a) . "]");
+							array_push($fmt_args, truncate_string($a, 256, "..."));
 						}
 					}
 				}
@@ -21,7 +23,11 @@ function format_backtrace($trace) {
 				$filename = str_replace(dirname(__DIR__) . "/", "", $e["file"]);
 
 				$rv .= sprintf("%d. %s(%s): %s(%s)\n",
-					$idx, $filename, $e["line"], $e["function"], implode(", ", $fmt_args));
+					$idx,
+					$filename,
+					$e["line"],
+					$e["function"],
+					implode(", ", $fmt_args));
 
 				$idx++;
 			}
diff --git a/include/functions.php b/include/functions.php
index 41d6e5853..f870f3382 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -138,13 +138,17 @@
 	function startup_gettext() {
 
 		# Get locale from Accept-Language header
-		$lang = al2gt(array_keys(get_translations()), "text/html");
+		if (version_compare(PHP_VERSION, '8.0.0', '<')) {
+			$lang = al2gt(array_keys(get_translations()), "text/html");
+		} else {
+			$lang = ""; // FIXME: do something with accept-to-gettext.php
+		}
 
 		if (defined('_TRANSLATION_OVERRIDE_DEFAULT')) {
 			$lang = _TRANSLATION_OVERRIDE_DEFAULT;
 		}
 
-		if ($_SESSION["uid"] && get_schema_version() >= 120) {
+		if (!empty($_SESSION["uid"]) && get_schema_version() >= 120) {
 			$pref_lang = get_pref("USER_LANGUAGE", $_SESSION["uid"]);
 
 			if ($pref_lang && $pref_lang != 'auto') {
@@ -222,13 +226,13 @@
 	/* end compat shims */
 
 	function get_ssl_certificate_id() {
-		if ($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]) {
+		if ($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] ?? false) {
 			return sha1($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] .
 				$_SERVER["REDIRECT_SSL_CLIENT_V_START"] .
 				$_SERVER["REDIRECT_SSL_CLIENT_V_END"] .
 				$_SERVER["REDIRECT_SSL_CLIENT_S_DN"]);
 		}
-		if ($_SERVER["SSL_CLIENT_M_SERIAL"]) {
+		if ($_SERVER["SSL_CLIENT_M_SERIAL"] ?? false) {
 			return sha1($_SERVER["SSL_CLIENT_M_SERIAL"] .
 				$_SERVER["SSL_CLIENT_V_START"] .
 				$_SERVER["SSL_CLIENT_V_END"] .
@@ -240,11 +244,11 @@
 	// this is used for user http parameters unless HTML code is actually needed
 	function clean($param) {
 		if (is_array($param)) {
-			return array_map("strip_tags", $param);
+			return array_map("trim", array_map("strip_tags", $param));
 		} else if (is_string($param)) {
-			return strip_tags($param);
+			return trim(strip_tags($param));
 		} else {
-			return $param;
+			return trim($param);
 		}
 	}
 
@@ -407,7 +411,8 @@
 	}
 
 	function is_server_https() {
-		return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';
+		return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) ||
+			(!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https');
 	}
 
 	function is_prefix_https() {
@@ -577,7 +582,7 @@
 		if (is_array($ttrss_version) && isset($ttrss_version['version'])) {
 			$git_commit = $ttrss_version['commit'];
 			$git_timestamp = $ttrss_version['timestamp'];
-			$last_error = $ttrss_version['last_error'];
+			$last_error = $ttrss_version['last_error'] ?? "";
 
 			return $ttrss_version['version'];
 		} else {
diff --git a/include/login_form.php b/include/login_form.php
index 586d6fe78..0e8f8389e 100755
--- a/include/login_form.php
+++ b/include/login_form.php
@@ -99,7 +99,7 @@
 
 			<?php print_hidden("op", "login"); ?>
 
-			<?php if ($_SESSION["login_error_msg"]) { ?>
+			<?php if (!empty($_SESSION["login_error_msg"])) { ?>
 				<?php echo format_error($_SESSION["login_error_msg"]) ?>
 				<?php $_SESSION["login_error_msg"] = ""; ?>
 			<?php } ?>
@@ -110,7 +110,7 @@
 					   onchange="UtilityApp.fetchProfiles()"
 					   onfocus="UtilityApp.fetchProfiles()"
 					   onblur="UtilityApp.fetchProfiles()"
-					   required="1" value="<?php echo $_SESSION["fake_login"] ?>" />
+					   required="1" value="<?php echo $_SESSION["fake_login"] ?? "" ?>" />
 			</fieldset>
 
 			<fieldset>
@@ -122,7 +122,7 @@
 					   onchange="UtilityApp.fetchProfiles()"
 					   onfocus="UtilityApp.fetchProfiles()"
 					   onblur="UtilityApp.fetchProfiles()"
-					   value="<?php echo $_SESSION["fake_password"] ?>"/>
+					   value="<?php echo $_SESSION["fake_password"] ?? "" ?>"/>
 			</fieldset>
 			<?php if (strpos(PLUGINS, "auth_internal") !== false) { ?>
 				<fieldset class="align-right">
diff --git a/include/sanity_check.php b/include/sanity_check.php
index e6c0e5d4b..a7660795b 100755
--- a/include/sanity_check.php
+++ b/include/sanity_check.php
@@ -1,18 +1,5 @@
 <?php
-	/* WARNING!
-	 *
-	 * If you modify this file, you are ON YOUR OWN!
-	 *
-	 * Believe it or not, all of the checks below are required to succeed for
-	 * tt-rss to actually function properly.
-	 *
-	 * If you think you have a better idea about what is or isn't required, feel
-	 * free to modify the file, note though that you are therefore automatically
-	 * disqualified from any further support by official channels, e.g. tt-rss.org
-	 * issue tracker or the forums.
-	 *
-	 * If you come crying when stuff inevitably breaks, you will be mocked and told
-	 * to get out. */
+	/* WARNING! If you modify this file, you are ON YOUR OWN! */
 
 	function make_self_url() {
 		$proto = is_server_https() ? 'https' : 'http';
@@ -45,9 +32,6 @@
 		return $bad_tables;
 	}
 
-/**
-	 * @SuppressWarnings(PHPMD.UnusedLocalVariable)
-	 */
 	function initial_sanity_check() {
 
 		$errors = array();
@@ -70,8 +54,8 @@
 				array_push($errors, "Please don't run this script as root.");
 			}
 
-			if (version_compare(PHP_VERSION, '5.6.0', '<')) {
-				array_push($errors, "PHP version 5.6.0 or newer required. You're using " . PHP_VERSION . ".");
+			if (version_compare(PHP_VERSION, '7.0.0', '<')) {
+				array_push($errors, "PHP version 7.0.0 or newer required. You're using " . PHP_VERSION . ".");
 			}
 
 			if (!class_exists("UConverter")) {
@@ -116,23 +100,25 @@
 				}
 			}
 
-			$ref_self_url_path = make_self_url_path();
+			if (php_sapi_name() != "cli") {
+				$ref_self_url_path = make_self_url_path();
 
-			if ($ref_self_url_path) {
-				$ref_self_url_path = preg_replace("/\w+\.php$/", "", $ref_self_url_path);
-			}
+				if ($ref_self_url_path) {
+					$ref_self_url_path = preg_replace("/\w+\.php$/", "", $ref_self_url_path);
+				}
 
-			if (SELF_URL_PATH == "http://example.org/tt-rss/") {
-				$hint = $ref_self_url_path ? "(possible value: <b>$ref_self_url_path</b>)" : "";
-				array_push($errors,
-						"Please set SELF_URL_PATH to the correct value for your server $hint");
-			}
+				if (SELF_URL_PATH == "http://example.org/tt-rss/") {
+					$hint = $ref_self_url_path ? "(possible value: <b>$ref_self_url_path</b>)" : "";
+					array_push($errors,
+							"Please set SELF_URL_PATH to the correct value for your server: $hint");
+				}
 
-			if ($ref_self_url_path &&
-				(!defined('_SKIP_SELF_URL_PATH_CHECKS') || !_SKIP_SELF_URL_PATH_CHECKS) &&
-				SELF_URL_PATH != $ref_self_url_path && SELF_URL_PATH != mb_substr($ref_self_url_path, 0, mb_strlen($ref_self_url_path)-1)) {
-				array_push($errors,
-					"Please set SELF_URL_PATH to the correct value detected for your server: <b>$ref_self_url_path</b>");
+				if ($ref_self_url_path &&
+					(!defined('_SKIP_SELF_URL_PATH_CHECKS') || !_SKIP_SELF_URL_PATH_CHECKS) &&
+					SELF_URL_PATH != $ref_self_url_path && SELF_URL_PATH != mb_substr($ref_self_url_path, 0, mb_strlen($ref_self_url_path)-1)) {
+					array_push($errors,
+						"Please set SELF_URL_PATH to the correct value detected for your server: <b>$ref_self_url_path</b> (you're using: <b>" . SELF_URL_PATH . "</b>)");
+				}
 			}
 
 			if (!is_writable(ICONS_DIR)) {
@@ -207,7 +193,7 @@
 			}
 		}
 
-		if (count($errors) > 0 && $_SERVER['REQUEST_URI']) { ?>
+		if (count($errors) > 0 && php_sapi_name() != "cli") { ?>
 			<!DOCTYPE html>
 			<html>
 			<head>
@@ -240,7 +226,7 @@
 			echo "Please fix errors indicated by the following messages:\n\n";
 
 			foreach ($errors as $error) {
-				echo " * $error\n";
+				echo " * " . strip_tags($error)."\n";
 			}
 
 			echo "\nYou might want to check tt-rss wiki or the forums for more information.\n";
diff --git a/include/sessions.php b/include/sessions.php
index 75d4671e8..15725c1f9 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -46,7 +46,7 @@
 		}
 		  $pdo = Db::pdo();
 
-		if ($_SESSION["uid"]) {
+		if (!empty($_SESSION["uid"])) {
 
 			if (!defined('_SESSION_SKIP_UA_CHECKS') && $_SESSION["user_agent"] != sha1($_SERVER['HTTP_USER_AGENT'])) {
 				$_SESSION["login_error_msg"] = __("Session failed to validate (UA changed).");