refactor(php74): use null coalescing (??) and ??= operators

Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>

Author: somethingwithproof

hmib.php

@@ -3203,18 +3203,15 @@ function hmib_view_graphs() {
 
 	html_graph_validate_preview_request_vars();
 
-	if (!isset($_SESSION['sess_hmib_gt'])) {
-		$_SESSION['sess_hmib_gt'] = implode(',', array_rekey(db_fetch_assoc('SELECT DISTINCT gl.graph_template_id
+	$_SESSION['sess_hmib_gt'] ??= implode(',', array_rekey(db_fetch_assoc('SELECT DISTINCT gl.graph_template_id
 			FROM graph_local AS gl
 			WHERE gl.host_id IN(
 				SELECT host_id
 				FROM plugin_hmib_hrSystem
 			)'), 'graph_template_id', 'graph_template_id'));
-	}
 	$gt = $_SESSION['sess_hmib_gt'];
 
-	if (!isset($_SESSION['sess_hmib_hosts'])) {
-		$_SESSION['sess_hmib_hosts'] = implode(',', array_rekey(db_fetch_assoc('SELECT h.id
+	$_SESSION['sess_hmib_hosts'] ??= implode(',', array_rekey(db_fetch_assoc('SELECT h.id
 			FROM host AS h
 			WHERE h.id IN (
 				SELECT host_id
@@ -3226,7 +3223,6 @@ function hmib_view_graphs() {
 			INNER JOIN host_template AS ht
 			ON h.host_template_id=ht.id
 			WHERE hash="7c13344910097cc599f0d0485305361d" ORDER BY id DESC'), 'id', 'id'));
-	}
 	$hosts = $_SESSION['sess_hmib_hosts'];
 
 	/* include graph view filter selector */

hmib_types.php

@@ -801,7 +801,7 @@ function hmib_host_type_edit() {
 	draw_edit_form(
 		array(
 			'config' => array('form_name' => 'chk'),
-			'fields' => inject_form_variables($fields_host_type_edit, (isset($host_type) ? $host_type : array()))
+			'fields' => inject_form_variables($fields_host_type_edit, ($host_type ?? array()))
 		)
 	);
 

poller_graphs.php

@@ -306,8 +306,8 @@ function hmib_gt_graph($host_id, $graph_template_id) {
 function add_summary_graphs($host_id, $host_template) {
 	global $config;
 
-	$php_bin = read_config_option('path_php_binary');
-	$base    = $config['base_path'];
+	$php_bin = cacti_escapeshellcmd(read_config_option('path_php_binary'));
+	$base    = cacti_escapeshellarg($config['base_path']);
 
 	$return_code = 0;
 	if (empty($host_id)) {

poller_hmib.php

@@ -678,7 +678,7 @@ function hmib_dateParse($value) {
 		$value[1] = substr($value[1], 0, strpos($value[1], '.'));
 	}
 
-	$date1 = trim($value[0] . ' ' . (isset($value[1]) ? $value[1]:''));
+	$date1 = trim($value[0] . ' ' . ($value[1] ?? ''));
 	if (strtotime($date1) === false) {
 		$value = date('Y-m-d H:i:s');
 	} else {

snmp.php

@@ -27,12 +27,10 @@
 define('SNMP_METHOD_PHP', 1);
 define('SNMP_METHOD_BINARY', 2);
 
-if (!isset($banned_snmp_strings)) {
-	$banned_snmp_strings = array(
+$banned_snmp_strings ??= array(
 		'End of MIB',
 		'No Such'
 	);
-}
 
 /* we must use an apostrophe to escape community names under Unix in case the user uses
 characters that the shell might interpret. */
@@ -131,6 +129,11 @@ function cacti_snmp_get($hostname, $community, $oid, $version, $username, $passw
 		/* no valid snmp version has been set, get out */
 		if (empty($snmp_auth)) { return; }
 
+		/* cast numeric args to int — prevents shell injection if the host record is tampered */
+		$version = (int) $version;
+		$timeout = (int) $timeout;
+		$retries = (int) $retries;
+
 		exec(cacti_escapeshellcmd(read_config_option('path_snmpget')) . ' -O fntevU ' . $snmp_auth . " -v $version -t $timeout -r $retries " . cacti_escapeshellarg($hostname) . ":$port " . cacti_escapeshellarg($oid), $snmp_value);
 
 		/* fix for multi-line snmp output */