UnityHPC · simonLeary42 · Dec 17, 2025 · Dec 17, 2025 · Dec 17, 2025 · Dec 17, 2025
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -103,7 +103,11 @@ repos:
         entry: bash ./test/assert-utils-used.bash
         language: system
         files: \.php$
-        exclude: ^resources/lib/utils\.php$
+        exclude: |
+          (?x)^(
+              ^resources/lib/utils\.php$|
+              ^test/.*\.php$|
+          )$
       - id: assert-exceptions-used
         name: Assert exceptions are used
         entry: bash ./test/assert-exceptions-used.bash

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -20,6 +20,8 @@
   This will throw an exception rather than returning `false`.
 - No code should call `mb_detect_encoding()`, instead `\mbDetectEncoding()`.
   This will enable strict mode and throw an exception rather than returning `false`.
+- No code should call `intval()`, instead `\str2int()`.
+  This will enable strict mode and throw an exception rather than issuing a warning.
 - `UnityHTTPD`'s user-facing error functionality (ex: `badRequest`) should only be called from `webroot/**/*.php`.
   `resources/**/*.php` should throw exceptions instead.
 - all pages under `webroot/admin/` must check for `$USER->isAdmin()` and call `UnityHTTPD::forbidden()` if not admin.

diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php
@@ -160,7 +160,7 @@ private function getCustomIDMappings(): array
         }
         $output_map = [];
         foreach ($output as [$uid, $uidNumber_str]) {
-            $output_map[$uid] = intval($uidNumber_str);
+            $output_map[$uid] = str2int($uidNumber_str);
         }
         return $output_map;
     }

diff --git a/resources/lib/utils.php b/resources/lib/utils.php
@@ -1,6 +1,5 @@
 <?php
 
-use UnityWebPortal\lib\exceptions\ArrayKeyException;
 use UnityWebPortal\lib\exceptions\EnsureException;
 use UnityWebPortal\lib\exceptions\EncodingUnknownException;
 use UnityWebPortal\lib\exceptions\EncodingConversionException;
@@ -83,3 +82,16 @@ function getHyperlink($text, ...$url_components)
     $url = getURL(...$url_components);
     return "<a href='$url'>$text</a>";
 }
+
+/**
+ * extra args (ex: base) are passed along to intval()
+ * @throws ValueError
+ */
+function str2int(string $x, ...$args): int
+{
+    if (is_numeric($x)) {
+        return intval($x, ...$args);
+    } else {
+        throw new ValueError("not numeric: $x");
+    }
+}
diff --git a/test/assert-utils-used.bash b/test/assert-utils-used.bash
@@ -10,6 +10,7 @@ declare -A utils=(
     ["json_encode"]="jsonEncode"
     ["mb_detect_encoding"]="mbDetectEncoding"
     ["mb_convert_encoding"]="mbConvertEncoding"
+    ["intval"]="str2int"
 )
 
 rc=0

diff --git a/webroot/api/content/index.php b/webroot/api/content/index.php
@@ -6,6 +6,6 @@
 
 require_once __DIR__ . "/../../../resources/autoload.php";
 
-$CHAR_WRAP = UnityHTTPD::getQueryParameter("line_wrap", false) ?? 80;
+$CHAR_WRAP = str2int(UnityHTTPD::getQueryParameter("line_wrap", false) ?? "80");
 $content_name = UnityHTTPD::getQueryParameter("content_name");
 echo $SQL->getPage($content_name)["content"];
diff --git a/webroot/panel/account.php b/webroot/panel/account.php
@@ -52,11 +52,7 @@
             break;
         case "delKey":
             $keys = $USER->getSSHKeys();
-            $indexStr = $_POST["delIndex"];
-            if (!preg_match("/^[0-9]+$/", $indexStr)) {
-                break;
-            }
-            $index = intval($indexStr);
+            $index = str2int(UnityHTTPD::getPostData("delIndex"));
             if ($index >= count($keys)) {
                 break;
             }