From b6139a69918c2425578603341ebc8db3ade7e3ed Mon Sep 17 00:00:00 2001
From: Bernd Bestel <bernd@berrnd.de>
Date: Mon, 28 Dec 2020 22:14:59 +0100
Subject: [PATCH] Optimized `filter_var` checks

---
 controllers/StockApiController.php  | 6 +++---
 controllers/SystemApiController.php | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/controllers/StockApiController.php b/controllers/StockApiController.php
index efb4308e..542631ba 100644
--- a/controllers/StockApiController.php
+++ b/controllers/StockApiController.php
@@ -585,7 +585,7 @@ class StockApiController extends BaseApiController
 	public function ProductStockEntries(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		$allowSubproductSubstitution = false;
-		if (isset($request->getQueryParams()['include_sub_products']) && filter_var($request->getQueryParams()['include_sub_products'], FILTER_VALIDATE_BOOLEAN))
+		if (isset($request->getQueryParams()['include_sub_products']) && filter_var($request->getQueryParams()['include_sub_products'], FILTER_VALIDATE_BOOLEAN) !== false)
 		{
 			$allowSubproductSubstitution = true;
 		}
@@ -596,7 +596,7 @@ class StockApiController extends BaseApiController
 	public function ProductStockLocations(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		$allowSubproductSubstitution = false;
-		if (isset($request->getQueryParams()['include_sub_products']) && filter_var($request->getQueryParams()['include_sub_products'], FILTER_VALIDATE_BOOLEAN))
+		if (isset($request->getQueryParams()['include_sub_products']) && filter_var($request->getQueryParams()['include_sub_products'], FILTER_VALIDATE_BOOLEAN) !== false)
 		{
 			$allowSubproductSubstitution = true;
 		}
@@ -781,7 +781,7 @@ class StockApiController extends BaseApiController
 
 		try
 		{
-			if (!filter_var($args['productIdToKeep'], FILTER_VALIDATE_INT) || !filter_var($args['productIdToRemove'], FILTER_VALIDATE_INT))
+			if (filter_var($args['productIdToKeep'], FILTER_VALIDATE_INT) === false || filter_var($args['productIdToRemove'], FILTER_VALIDATE_INT) === false)
 			{
 				throw new \Exception('Provided {productIdToKeep} or {productIdToRemove} is not a valid integer');
 			}
diff --git a/controllers/SystemApiController.php b/controllers/SystemApiController.php
index bd12d253..5ff7a187 100644
--- a/controllers/SystemApiController.php
+++ b/controllers/SystemApiController.php
@@ -51,7 +51,7 @@ class SystemApiController extends BaseApiController
 			$params = $request->getQueryParams();
 			if (isset($params['offset']))
 			{
-				if (!filter_var($params['offset'], FILTER_VALIDATE_INT))
+				if (filter_var($params['offset'], FILTER_VALIDATE_INT) === false)
 				{
 					throw new \Exception('Query parameter "offset" is not a valid integer');
 				}