'str(i)str(...)' could be replaced with 'str(i)pos(...)'.

Author: Exileum

Diff for: admin/admin_user_search.php

@@ -271,7 +271,7 @@
 
             $username = preg_replace('/\*/', '%', trim(strip_tags(strtolower($username))));
 
-            if (strstr($username, '%')) {
+            if (false !== strpos($username, '%')) {
                 $op = 'LIKE';
             } else {
                 $op = '=';
@@ -292,7 +292,7 @@
 
             $email = preg_replace('/\*/', '%', trim(strip_tags(strtolower($email))));
 
-            if (strstr($email, '%')) {
+            if (false !== strpos($email, '%')) {
                 $op = 'LIKE';
             } else {
                 $op = '=';
@@ -577,7 +577,7 @@
                     break;
                 case 'equals':
                     // looking for a -
-                    if (strstr($postcount_value, '-')) {
+                    if (false !== strpos($postcount_value, '-')) {
                         $range = preg_split('/[-\s]+/', $postcount_value);
 
                         $range_begin = (int)$range[0];
@@ -624,7 +624,7 @@
 
             $userfield_value = preg_replace('/\*/', '%', trim(strip_tags(strtolower($userfield_value))));
 
-            if (strstr($userfield_value, '%')) {
+            if (false !== strpos($userfield_value, '%')) {
                 $op = 'LIKE';
             } else {
                 $op = '=';

Diff for: dl.php

@@ -54,7 +54,7 @@ function send_file_to_browser($attachment, $upload_dir)
 
     // Correct the mime type - we force application/octet-stream for all files, except images
     // Please do not change this, it is a security precaution
-    if (!strstr($attachment['mimetype'], 'image')) {
+    if (false === strpos($attachment['mimetype'], 'image')) {
         $attachment['mimetype'] = 'application/octet-stream';
     }
 

Diff for: library/attach_mod/includes/functions_attach.php

@@ -410,7 +410,7 @@ function attachment_sync_topic($topics)
  */
 function get_extension($filename)
 {
-    if (!stristr($filename, '.')) {
+    if (false === stripos($filename, '.')) {
         return '';
     }
     $extension = strrchr(strtolower($filename), '.');

Diff for: library/attach_mod/includes/functions_delete.php

@@ -41,7 +41,7 @@ function delete_attachment($post_id_array = 0, $attach_id_array = 0, $page = 0,
         $post_id_array = array();
 
         if (!is_array($attach_id_array)) {
-            if (strstr($attach_id_array, ', ')) {
+            if (false !== strpos($attach_id_array, ', ')) {
                 $attach_id_array = explode(', ', $attach_id_array);
             } elseif (strstr($attach_id_array, ',')) {
                 $attach_id_array = explode(',', $attach_id_array);
@@ -82,7 +82,7 @@ function delete_attachment($post_id_array = 0, $attach_id_array = 0, $page = 0,
             return;
         }
 
-        if (strstr($post_id_array, ', ')) {
+        if (false !== strpos($post_id_array, ', ')) {
             $post_id_array = explode(', ', $post_id_array);
         } elseif (strstr($post_id_array, ',')) {
             $post_id_array = explode(',', $post_id_array);
@@ -127,7 +127,7 @@ function delete_attachment($post_id_array = 0, $attach_id_array = 0, $page = 0,
     }
 
     if (!is_array($attach_id_array)) {
-        if (strstr($attach_id_array, ', ')) {
+        if (false !== strpos($attach_id_array, ', ')) {
             $attach_id_array = explode(', ', $attach_id_array);
         } elseif (strstr($attach_id_array, ',')) {
             $attach_id_array = explode(',', $attach_id_array);

Diff for: library/includes/functions.php

@@ -1741,7 +1741,7 @@ function redirect($url)
         trigger_error("Headers already sent in $filename($linenum)", E_USER_ERROR);
     }
 
-    if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r") || strstr(urldecode($url), ';url')) {
+    if (false !== strpos(urldecode($url), "\n") || false !== strpos(urldecode($url), "\r") || false !== strpos(urldecode($url), ';url')) {
         bb_die('Tried to redirect to potentially insecure url');
     }
 

Diff for: library/includes/init_bb.php

@@ -378,7 +378,7 @@ function bb_setcookie($name, $val, $lifetime = COOKIE_PERSIST, $httponly = false
 
 if (!empty($banned_user_agents)) {
     foreach ($banned_user_agents as $agent) {
-        if (strstr(USER_AGENT, $agent)) {
+        if (false !== strpos(USER_AGENT, $agent)) {
             $filename = 'Download files by using browser';
             $output = '@';
             header('Content-Type: text/plain');

Diff for: library/includes/template.php

@@ -393,7 +393,7 @@ public function assign_var_from_handle($varname, $handle): bool
      */
     public function assign_block_vars($blockname, $vararray): bool
     {
-        if (strstr($blockname, '.')) {
+        if (false !== strpos($blockname, '.')) {
             // Nested block.
             $blocks = explode('.', $blockname);
             $blockcount = count($blocks) - 1;

Diff for: login.php

@@ -48,7 +48,7 @@
 if (preg_match('/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si', $_SERVER['QUERY_STRING'], $matches)) {
     $redirect_url = $matches[1];
 
-    if (!strstr($redirect_url, '?') && $first_amp = strpos($redirect_url, '&')) {
+    if (false === strpos($redirect_url, '?') && $first_amp = strpos($redirect_url, '&')) {
         $redirect_url[$first_amp] = '?';
     }
 } elseif (!empty($_POST['redirect'])) {
@@ -60,7 +60,7 @@
 $redirect_url = str_replace('&admin=1', '', $redirect_url);
 $redirect_url = str_replace('?admin=1', '', $redirect_url);
 
-if (!$redirect_url || strstr(urldecode($redirect_url), "\n") || strstr(urldecode($redirect_url), "\r") || strstr(urldecode($redirect_url), ';url')) {
+if (!$redirect_url || false !== strpos(urldecode($redirect_url), "\n") || false !== strpos(urldecode($redirect_url), "\r") || false !== strpos(urldecode($redirect_url), ';url')) {
     $redirect_url = "index.php";
 }