ACL Login set deprecated edit user id too

We need that for some old calls in old projects

.phive/phars.xml

@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <phive xmlns="https://phar.io/phive">
-  <phar name="phpunit" version="^9.6" installed="9.6.21" location="./tools/phpunit" copy="false"/>
+  <phar name="phpunit" version="^10.3.5" installed="10.3.5" location="./tools/phpunit" copy="false"/>
   <phar name="phpcbf" version="^3.7.2" installed="3.10.3" location="./tools/phpcbf" copy="false"/>
-  <phar name="phpcs" version="^3.7.2" installed="3.10.3" location="./tools/phpcs" copy="false"/>
-  <phar name="phpstan" version="^1.10.37" installed="1.12.4" location="./tools/phpstan" copy="false"/>
-  <phar name="phan" version="^5.4.2" installed="5.4.3" location="./tools/phan" copy="false"/>
+  <phar name="phpcs" version="^3.10.3" installed="3.10.3" location="./tools/phpcs" copy="false"/>
+  <phar name="phpstan" version="^2.0" installed="2.0.4" location="./tools/phpstan" copy="false"/>
+  <phar name="phan" version="^5.4.3" installed="5.4.3" location="./tools/phan" copy="false"/>
   <phar name="psalm" version="^5.15.0" installed="5.24.0" location="./tools/psalm" copy="false"/>
   <phar name="phpdox" version="^0.12.0" installed="0.12.0" location="./tools/phpdox" copy="false"/>
   <phar name="phpdocumentor" version="^3.4.2" installed="3.4.3" location="./tools/phpDocumentor" copy="false"/>

4dev/checking/phan.sh

@@ -1,5 +1,5 @@
 base="/storage/var/www/html/developers/clemens/core_data/php_libraries/trunk/";
 # must be run in ${base}
-cd $base;
+cd $base || exit;
 ${base}tools/phan --progress-bar -C --analyze-twice;
-cd ~;
+cd ~ || exit;

4dev/checking/phpstan.sh

@@ -1,5 +1,5 @@
 base="/storage/var/www/html/developers/clemens/core_data/php_libraries/trunk/";
 # must be run in ${base}
-cd $base;
+cd $base || exit;
 ${base}tools/phpstan;
-cd ~;
+cd ~ || exit;

4dev/checking/phpunit.sh

@@ -1,49 +1,96 @@
 #!/bin/env bash
 
-base="/storage/var/www/html/developers/clemens/core_data/php_libraries/trunk/";
+function error() {
+	if [ -t 1 ]; then echo "[MAK] ERROR: $*" >&2; fi; exit 0;
+}
+
+usage() {
+	cat <<EOF
+Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-t] [-v] [-p VERSION]
+
+Runs all the PHP unit tests.
+
+If -p is not set, the default intalled PHP is used.
+
+Available options:
+
+-h, --help        Print this help and exit
+-t, --testdox     Enable testdox output for phpunit
+-v, --verbose     Enable verbose output for PHPunit
+-p, --php VERSION Chose PHP version in the form of "N.N", if not found will exit
+EOF
+	exit
+}
+
+# set base variables
+BASE_PATH="/storage/var/www/html/developers/clemens/core_data/php_libraries/trunk/";
+PHPUNIT_CONFIG="${BASE_PATH}phpunit.xml";
+PHP_BIN_PATH=$(which php);
+if [ -z "${PHP_BIN_PATH}" ]; then
+	echo "Cannot find php binary";
+	exit;
+fi;
+DEFAULT_PHP_VERSION=$(${PHP_BIN_PATH} -r "echo PHP_MAJOR_VERSION.'.'.PHP_MINOR_VERSION;");
+if [ -z "${DEFAULT_PHP_VERSION}" ]; then
+	echo "Cannot set default PHP version";
+	exit;
+fi;
 # -c phpunit.xml
 # --testdox
-# call with "t" to give verbose testdox output
+# call with "-tt" to give verbose testdox output
 # SUPPORTED: https://www.php.net/supported-versions.php
-# call with php version number to force a certain php version
+# call with -p <php version number> to force a certain php version
 
 opt_testdox="";
-if [ "${1}" = "t" ] || [ "${2}" = "t" ]; then
-	opt_testdox="--testdox";
-fi;
-php_bin="";
-if [ -n "${1}" ]; then
+opt_verbose="";
+php_version="";
+no_php_version=0;
+while [ -n "${1-}" ]; do
 	case "${1}" in
-		# "7.3") php_bin="/usr/bin/php7.3 "; ;;
-		# "7.4") php_bin="/usr/bin/php7.4 "; ;;
-		# "8.0") php_bin="/usr/bin/php8.0 "; ;;
-		# "8.1") php_bin="/usr/bin/php8.1 "; ;;
-		"8.2") php_bin="/usr/bin/php8.2 "; ;;
-		"8.3") php_bin="/usr/bin/php8.4 "; ;;
-		*) echo "Not support PHP: ${1}"; exit; ;;
-	esac;
+		-t | --testdox)
+			opt_testdox="--testdox";
+			;;
+		-v | --verbose)
+			opt_verbose="--verbose";
+			;;
+		-p | --php)
+			php_version="${2-}";
+			shift
+			;;
+		-h | --help)
+			usage
+			;;
+		# invalid option
+		-?*)
+			error "[!] Unknown option: '$1'."
+			;;
+	esac
+	shift;
+done;
+
+if [ -z "${php_version}" ]; then
+	php_version="${DEFAULT_PHP_VERSION}";
+	no_php_version=1;
 fi;
-if [ -n "${2}" ] && [ -z "${php_bin}" ]; then
-	case "${2}" in
-		# "7.3") php_bin="/usr/bin/php7.3 "; ;;
-		# "7.4") php_bin="/usr/bin/php7.4 "; ;;
-		# "8.0") php_bin="/usr/bin/php8.0 "; ;;
-		# "8.1") php_bin="/usr/bin/php8.1 "; ;;
-		"8.2") php_bin="/usr/bin/php8.2 "; ;;
-		"8.3") php_bin="/usr/bin/php8.3 "; ;;
-		*) echo "Not support PHP: ${1}"; exit; ;;
-	esac;
+php_bin="${PHP_BIN_PATH}${php_version}";
+echo "Use PHP Version: ${php_version}";
+
+if [ ! -f "${php_bin}" ]; then
+	echo "Set php ${php_bin} does not exist";
+	exit;
 fi;
+php_bin="${php_bin} ";
 
 # Note 4dev/tests/bootstrap.php has to be set as bootstrap file in phpunit.xml
-phpunit_call="${php_bin}${base}vendor/bin/phpunit ${opt_testdox} -c ${base}phpunit.xml ${base}4dev/tests/";
+phpunit_call="${php_bin}${BASE_PATH}vendor/bin/phpunit ${opt_testdox} ${opt_verbose} -c ${PHPUNIT_CONFIG} ${BASE_PATH}4dev/tests/";
 
 ${phpunit_call};
 
-if [ ! -z "${php_bin}" ]; then
-	echo "CALLED WITH PHP: ${php_bin}"$(${php_bin} --version);
+echo -e "\nPHPUnit Config: ${PHPUNIT_CONFIG}";
+if [ "${no_php_version}" -eq 0 ]; then
+	echo "CALLED WITH PHP: ${php_bin}$(${php_bin} --version)";
 else
-	echo "Default PHP used: "$(php --version);
+	echo "Default PHP used: $(php --version)";
 fi;
 
 # __END__

4dev/tests/ACL/CoreLibsACLLoginTest.php

@@ -1531,6 +1531,12 @@ final class CoreLibsACLLoginTest extends TestCase
 				$login_mock->loginGetEditAccessCuidFromUid($mock_settings['edit_access_uid']),
 				'Assert check access uid to cuid valid'
 			);
+			// - loginGetEditAccessCuidFromId
+			$this->assertEquals(
+				$expected['check_access_cuid'],
+				$login_mock->loginGetEditAccessCuidFromUid($mock_settings['edit_access_id']),
+				'Assert check access id to cuid valid'
+			);
 			// Deprecated
 			// - loginCheckEditAccess
 			$this->assertEquals(

4dev/tests/DB/CoreLibsDBIOTest.php

@@ -5196,6 +5196,27 @@ final class CoreLibsDBIOTest extends TestCase
 				SQL,
 				'count' => 1,
 				'convert' => false,
+			],
+			'update with case' => [
+				'query' => <<<SQL
+				UPDATE table_with_primary_key SET
+					row_int = $1::INT,
+					row_varchar = CASE WHEN row_int = 1 THEN $2 ELSE 'bar'::VARCHAR END
+				WHERE
+					row_varchar = $3
+				SQL,
+				'count' => 3,
+				'convert' => false,
+			],
+			'select with case' => [
+				'query' => <<<SQL
+				SELECT row_int
+				FROM table_with_primary_key
+				WHERE
+					row_varchar = CASE WHEN row_int = 1 THEN $1 ELSE $2 END
+				SQL,
+				'count' => 2,
+				'convert' => false,
 			]
 		];
 	}

4dev/tests/Security/CoreLibsSecurityAsymmetricAnonymousEncryptionTest.php

@@ -0,0 +1,838 @@
+<?php
+
+declare(strict_types=1);
+
+namespace tests;
+
+use PHPUnit\Framework\TestCase;
+use CoreLibs\Security\CreateKey;
+use CoreLibs\Security\AsymmetricAnonymousEncryption;
+
+/**
+ * Test class for Security\AsymmetricAnonymousEncryption and Security\CreateKey
+ * @coversDefaultClass \CoreLibs\Security\AsymmetricAnonymousEncryption
+ * @testdox \CoreLibs\Security\AsymmetricAnonymousEncryption method tests
+ */
+final class CoreLibsSecurityAsymmetricAnonymousEncryptionTest extends TestCase
+{
+	// MARK: key set and compare
+
+	/**
+	 * Undocumented function
+	 *
+	 * @covers ::getKeyPair
+	 * @covers ::compareKeyPair
+	 * @covers ::getPublicKey
+	 * @covers ::comparePublicKey
+	 * @testdox Check if init class set key pair matches to created key pair and public key
+	 *
+	 * @return void
+	 */
+	public function testKeyPairInitGetCompare(): void
+	{
+		$key_pair = CreateKey::createKeyPair();
+		$public_key = CreateKey::getPublicKey($key_pair);
+		$crypt = new AsymmetricAnonymousEncryption($key_pair);
+		$this->assertTrue(
+			$crypt->compareKeyPair($key_pair),
+			'set key pair not equal to original key pair'
+		);
+		$this->assertTrue(
+			$crypt->comparePublicKey($public_key),
+			'automatic set public key not equal to original public key'
+		);
+		$this->assertEquals(
+			$key_pair,
+			$crypt->getKeyPair(),
+			'set key pair returned not equal to original key pair'
+		);
+		$this->assertEquals(
+			$public_key,
+			$crypt->getPublicKey(),
+			'automatic set public key returned not equal to original public key'
+		);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @covers ::getKeyPair
+	 * @covers ::compareKeyPair
+	 * @covers ::getPublicKey
+	 * @covers ::comparePublicKey
+	 * @testdox Check if init class set key pair and public key matches to created key pair and public key
+	 *
+	 * @return void
+	 */
+	public function testKeyPairPublicKeyInitGetCompare(): void
+	{
+		$key_pair = CreateKey::createKeyPair();
+		$public_key = CreateKey::getPublicKey($key_pair);
+		$crypt = new AsymmetricAnonymousEncryption($key_pair, $public_key);
+		$this->assertTrue(
+			$crypt->compareKeyPair($key_pair),
+			'set key pair not equal to original key pair'
+		);
+		$this->assertTrue(
+			$crypt->comparePublicKey($public_key),
+			'set public key not equal to original public key'
+		);
+		$this->assertEquals(
+			$key_pair,
+			$crypt->getKeyPair(),
+			'set key pair returned not equal to original key pair'
+		);
+		$this->assertEquals(
+			$public_key,
+			$crypt->getPublicKey(),
+			'set public key returned not equal to original public key'
+		);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @covers ::getKeyPair
+	 * @covers ::getPublicKey
+	 * @covers ::comparePublicKey
+	 * @testdox Check if init class set public key matches to created public key
+	 *
+	 * @return void
+	 */
+	public function testPublicKeyInitGetCompare(): void
+	{
+		$key_pair = CreateKey::createKeyPair();
+		$public_key = CreateKey::getPublicKey($key_pair);
+		$crypt = new AsymmetricAnonymousEncryption(public_key:$public_key);
+		$this->assertTrue(
+			$crypt->comparePublicKey($public_key),
+			'set public key not equal to original public key'
+		);
+		$this->assertEquals(
+			null,
+			$crypt->getKeyPair(),
+			'unset set key pair returned not equal to original key pair'
+		);
+		$this->assertEquals(
+			$public_key,
+			$crypt->getPublicKey(),
+			'set public key returned not equal to original public key'
+		);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @covers ::setKeyPair
+	 * @covers ::getKeyPair
+	 * @covers ::compareKeyPair
+	 * @covers ::getPublicKey
+	 * @covers ::comparePublicKey
+	 * @testdox Check if set key pair after class init matches to created key pair and public key
+	 *
+	 * @return void
+	 */
+	public function testKeyPairSetGetCompare(): void
+	{
+		$key_pair = CreateKey::createKeyPair();
+		$public_key = CreateKey::getPublicKey($key_pair);
+		$crypt = new AsymmetricAnonymousEncryption();
+		$crypt->setKeyPair($key_pair);
+		$this->assertTrue(
+			$crypt->compareKeyPair($key_pair),
+			'post class init set key pair not equal to original key pair'
+		);
+		$this->assertTrue(
+			$crypt->comparePublicKey($public_key),
+			'post class init automatic set public key not equal to original public key'
+		);
+		$this->assertEquals(
+			$key_pair,
+			$crypt->getKeyPair(),
+			'post class init set key pair returned not equal to original key pair'
+		);
+		$this->assertEquals(
+			$public_key,
+			$crypt->getPublicKey(),
+			'post class init automatic set public key returned not equal to original public key'
+		);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @covers ::setKeyPair
+	 * @covers ::setPublicKey
+	 * @covers ::getKeyPair
+	 * @covers ::compareKeyPair
+	 * @covers ::getPublicKey
+	 * @covers ::comparePublicKey
+	 * @testdox Check if set key pair after class init matches to created key pair and public key
+	 *
+	 * @return void
+	 */
+	public function testKeyPairPublicKeySetGetCompare(): void
+	{
+		$key_pair = CreateKey::createKeyPair();
+		$public_key = CreateKey::getPublicKey($key_pair);
+		$crypt = new AsymmetricAnonymousEncryption();
+		$crypt->setKeyPair($key_pair);
+		$crypt->setPublicKey($public_key);
+		$this->assertTrue(
+			$crypt->compareKeyPair($key_pair),
+			'post class init set key pair not equal to original key pair'
+		);
+		$this->assertTrue(
+			$crypt->comparePublicKey($public_key),
+			'post class init set public key not equal to original public key'
+		);
+		$this->assertEquals(
+			$key_pair,
+			$crypt->getKeyPair(),
+			'post class init set key pair returned not equal to original key pair'
+		);
+		$this->assertEquals(
+			$public_key,
+			$crypt->getPublicKey(),
+			'post class init set public key returned not equal to original public key'
+		);
+	}
+
+		/**
+	 * Undocumented function
+	 *
+	 * @covers ::setPublicKey
+	 * @covers ::getKeyPair
+	 * @covers ::compareKeyPair
+	 * @covers ::getPublicKey
+	 * @covers ::comparePublicKey
+	 * @testdox Check if set key pair after class init matches to created key pair and public key
+	 *
+	 * @return void
+	 */
+	public function testPublicKeySetGetCompare(): void
+	{
+		$key_pair = CreateKey::createKeyPair();
+		$public_key = CreateKey::getPublicKey($key_pair);
+		$crypt = new AsymmetricAnonymousEncryption();
+		$crypt->setPublicKey($public_key);
+		$this->assertTrue(
+			$crypt->comparePublicKey($public_key),
+			'post class init set public key not equal to original public key'
+		);
+		$this->assertEquals(
+			null,
+			$crypt->getKeyPair(),
+			'post class init unset key pair returned not equal to original key pair'
+		);
+		$this->assertEquals(
+			$public_key,
+			$crypt->getPublicKey(),
+			'post class init set public key returned not equal to original public key'
+		);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @testdox Check different key pair and public key set
+	 *
+	 * @return void
+	 */
+	public function testDifferentSetKeyPairPublicKey()
+	{
+		$key_pair = CreateKey::createKeyPair();
+		$public_key = CreateKey::getPublicKey($key_pair);
+		$key_pair_2 = CreateKey::createKeyPair();
+		$public_key_2 = CreateKey::getPublicKey($key_pair_2);
+		$crypt = new AsymmetricAnonymousEncryption($key_pair, $public_key_2);
+		$this->assertTrue(
+			$crypt->compareKeyPair($key_pair),
+			'key pair set matches key pair created'
+		);
+		$this->assertTrue(
+			$crypt->comparePublicKey($public_key_2),
+			'alternate public key set matches alternate public key created'
+		);
+		$this->assertFalse(
+			$crypt->comparePublicKey($public_key),
+			'alternate public key set does not match key pair public key'
+		);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @testdox Check if new set privat key does not overwrite set public key
+	 *
+	 * @return void
+	 */
+	public function testUpdateKeyPairNotUpdatePublicKey(): void
+	{
+		$key_pair = CreateKey::createKeyPair();
+		$public_key = CreateKey::getPublicKey($key_pair);
+		$crypt = new AsymmetricAnonymousEncryption($key_pair);
+		$this->assertTrue(
+			$crypt->compareKeyPair($key_pair),
+			'set key pair not equal to original key pair'
+		);
+		$this->assertTrue(
+			$crypt->comparePublicKey($public_key),
+			'set public key not equal to original public key'
+		);
+		$key_pair_2 = CreateKey::createKeyPair();
+		$public_key_2 = CreateKey::getPublicKey($key_pair_2);
+		$crypt->setKeyPair($key_pair_2);
+		$this->assertTrue(
+			$crypt->compareKeyPair($key_pair_2),
+			'new set key pair not equal to original new key pair'
+		);
+		$this->assertTrue(
+			$crypt->comparePublicKey($public_key),
+			'original set public key not equal to original public key'
+		);
+		$this->assertFalse(
+			$crypt->comparePublicKey($public_key_2),
+			'new public key equal to original public key'
+		);
+	}
+
+	// MARK: empty encrytped string
+
+	/**
+	 * Undocumented function
+	 *
+	 * @covers ::decryptKey
+	 * @covers ::decrypt
+	 * @testdox Test empty encrypted string to decrypt
+	 *
+	 * @return void
+	 */
+	public function testEmptyDecryptionString(): void
+	{
+		$this->expectExceptionMessage('Encrypted string cannot be empty');
+		AsymmetricAnonymousEncryption::decryptKey('', CreateKey::generateRandomKey());
+	}
+
+	// MARK: encrypt/decrypt
+
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function providerEncryptDecryptSuccess(): array
+	{
+		return [
+			'valid string' => [
+				'input' => 'I am a secret',
+				'expected' => 'I am a secret',
+			],
+		];
+	}
+
+	/**
+	 * test encrypt/decrypt produce correct output
+	 *
+	 * @covers ::generateRandomKey
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerEncryptDecryptSuccess
+	 * @testdox encrypt/decrypt $input must be $expected [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $expected
+	 * @return void
+	 */
+	public function testEncryptDecryptSuccess(string $input, string $expected): void
+	{
+		$key_pair = CreateKey::createKeyPair();
+		$public_key = CreateKey::getPublicKey($key_pair);
+		// test class
+		$crypt = new AsymmetricAnonymousEncryption($key_pair);
+		$encrypted = $crypt->encrypt($input);
+		$decrypted = $crypt->decrypt($encrypted);
+		$this->assertEquals(
+			$expected,
+			$decrypted,
+			'Class call',
+		);
+		$crypt = new AsymmetricAnonymousEncryption($key_pair, $public_key);
+		$encrypted = $crypt->encrypt($input);
+		$decrypted = $crypt->decrypt($encrypted);
+		$this->assertEquals(
+			$expected,
+			$decrypted,
+			'Class call botjh set',
+		);
+	}
+
+	/**
+	 * test encrypt/decrypt produce correct output
+	 *
+	 * @covers ::generateRandomKey
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerEncryptDecryptSuccess
+	 * @testdox encrypt/decrypt indirect $input must be $expected [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $expected
+	 * @return void
+	 */
+	public function testEncryptDecryptSuccessIndirect(string $input, string $expected): void
+	{
+		$key_pair = CreateKey::createKeyPair();
+		$public_key = CreateKey::getPublicKey($key_pair);
+		// test indirect
+		$encrypted = AsymmetricAnonymousEncryption::getInstance(public_key:$public_key)->encrypt($input);
+		$decrypted = AsymmetricAnonymousEncryption::getInstance($key_pair)->decrypt($encrypted);
+		$this->assertEquals(
+			$expected,
+			$decrypted,
+			'Class Instance call',
+		);
+	}
+
+	/**
+	 * test encrypt/decrypt produce correct output
+	 *
+	 * @covers ::generateRandomKey
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerEncryptDecryptSuccess
+	 * @testdox encrypt/decrypt indirect with public key $input must be $expected [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $expected
+	 * @return void
+	 */
+	public function testEncryptDecryptSuccessIndirectPublicKey(string $input, string $expected): void
+	{
+		$key_pair = CreateKey::createKeyPair();
+		$public_key = CreateKey::getPublicKey($key_pair);
+		// test indirect
+		$encrypted = AsymmetricAnonymousEncryption::getInstance(public_key:$public_key)->encrypt($input);
+		$decrypted = AsymmetricAnonymousEncryption::getInstance($key_pair)->decrypt($encrypted);
+		$this->assertEquals(
+			$expected,
+			$decrypted,
+			'Class Instance call public key',
+		);
+	}
+
+	/**
+	 * test encrypt/decrypt produce correct output
+	 *
+	 * @covers ::generateRandomKey
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerEncryptDecryptSuccess
+	 * @testdox encrypt/decrypt static $input must be $expected [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $expected
+	 * @return void
+	 */
+	public function testEncryptDecryptSuccessStatic(string $input, string $expected): void
+	{
+		$key_pair = CreateKey::createKeyPair();
+		$public_key = CreateKey::getPublicKey($key_pair);
+		// test static
+		$encrypted = AsymmetricAnonymousEncryption::encryptKey($input, $public_key);
+		$decrypted = AsymmetricAnonymousEncryption::decryptKey($encrypted, $key_pair);
+
+		$this->assertEquals(
+			$expected,
+			$decrypted,
+			'Static call',
+		);
+	}
+
+	// MARK: invalid decrypt key
+
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function providerEncryptFailed(): array
+	{
+		return [
+			'wrong decryption key' => [
+				'input' => 'I am a secret',
+				'excpetion_message' => 'Invalid key pair'
+			],
+		];
+	}
+
+	/**
+	 * Test decryption with wrong key
+	 *
+	 * @covers ::generateRandomKey
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerEncryptFailed
+	 * @testdox decrypt with wrong key $input throws $exception_message [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testEncryptFailed(string $input, string $exception_message): void
+	{
+		$key_pair = CreateKey::createKeyPair();
+		$public_key = CreateKey::getPublicKey($key_pair);
+		$wrong_key_pair = CreateKey::createKeyPair();
+
+		// wrong key in class call
+		$crypt = new AsymmetricAnonymousEncryption(public_key:$public_key);
+		$encrypted = $crypt->encrypt($input);
+		$this->expectExceptionMessage($exception_message);
+		$crypt->setKeyPair($wrong_key_pair);
+		$crypt->decrypt($encrypted);
+	}
+
+	/**
+	 * Test decryption with wrong key
+	 *
+	 * @covers ::generateRandomKey
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerEncryptFailed
+	 * @testdox decrypt indirect with wrong key $input throws $exception_message [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testEncryptFailedIndirect(string $input, string $exception_message): void
+	{
+		$key_pair = CreateKey::createKeyPair();
+		$public_key = CreateKey::getPublicKey($key_pair);
+		$wrong_key_pair = CreateKey::createKeyPair();
+
+		// class instance
+		$encrypted = AsymmetricAnonymousEncryption::getInstance(public_key:$public_key)->encrypt($input);
+		$this->expectExceptionMessage($exception_message);
+		AsymmetricAnonymousEncryption::getInstance($wrong_key_pair)->decrypt($encrypted);
+	}
+
+	/**
+	 * Test decryption with wrong key
+	 *
+	 * @covers ::generateRandomKey
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerEncryptFailed
+	 * @testdox decrypt static with wrong key $input throws $exception_message [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testEncryptFailedStatic(string $input, string $exception_message): void
+	{
+		$key_pair = CreateKey::createKeyPair();
+		$public_key = CreateKey::getPublicKey($key_pair);
+		$wrong_key_pair = CreateKey::createKeyPair();
+
+		// class static
+		$encrypted = AsymmetricAnonymousEncryption::encryptKey($input, $public_key);
+		$this->expectExceptionMessage($exception_message);
+		AsymmetricAnonymousEncryption::decryptKey($encrypted, $wrong_key_pair);
+	}
+
+	// MARK: invalid key pair
+
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function providerWrongKeyPair(): array
+	{
+		return [
+			'not hex key pair' => [
+				'key_pair' => 'not_a_hex_key_pair',
+				'exception_message' => 'Invalid hex key pair'
+			],
+			'too short hex key pair' => [
+				'key_pair' => '1cabd5cba9e042f12522f4ff2de5c31d233b',
+				'excpetion_message' => 'Key pair is not the correct size (must be '
+			],
+			'empty key pair' => [
+				'key_pair' => '',
+				'excpetion_message' => 'Key pair cannot be empty'
+			]
+		];
+	}
+
+	/**
+	 * test invalid key provided to decrypt or encrypt
+	 *
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerWrongKeyPair
+	 * @testdox wrong key pair $key_pair throws $exception_message [$_dataName]
+	 *
+	 * @param  string $key_pair
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testWrongKeyPair(string $key_pair, string $exception_message): void
+	{
+		$enc_key_pair = CreateKey::createKeyPair();
+
+		// class
+		$this->expectExceptionMessage($exception_message);
+		$crypt = new AsymmetricAnonymousEncryption($key_pair);
+		$this->expectExceptionMessage($exception_message);
+		$crypt->encrypt('test');
+		$crypt->setKeyPair($enc_key_pair);
+		$encrypted = $crypt->encrypt('test');
+		$this->expectExceptionMessage($exception_message);
+		$crypt->setKeyPair($key_pair);
+		$crypt->decrypt($encrypted);
+	}
+
+	/**
+	 * test invalid key provided to decrypt or encrypt
+	 *
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerWrongKeyPair
+	 * @testdox wrong key pair indirect $key_pair throws $exception_message [$_dataName]
+	 *
+	 * @param  string $key_pair
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testWrongKeyPairIndirect(string $key_pair, string $exception_message): void
+	{
+		$enc_key_pair = CreateKey::createKeyPair();
+
+		// set valid encryption
+		$encrypted = AsymmetricAnonymousEncryption::getInstance($enc_key_pair)->encrypt('test');
+		$this->expectExceptionMessage($exception_message);
+		AsymmetricAnonymousEncryption::getInstance($key_pair)->decrypt($encrypted);
+	}
+
+	/**
+	 * test invalid key provided to decrypt or encrypt
+	 *
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerWrongKeyPair
+	 * @testdox wrong key pair static $key_pair throws $exception_message [$_dataName]
+	 *
+	 * @param  string $key_pair
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testWrongKeyPairStatic(string $key_pair, string $exception_message): void
+	{
+		$enc_key_pair = CreateKey::createKeyPair();
+
+		// set valid encryption
+		$encrypted = AsymmetricAnonymousEncryption::encryptKey('test', CreateKey::getPublicKey($enc_key_pair));
+		$this->expectExceptionMessage($exception_message);
+		AsymmetricAnonymousEncryption::decryptKey($encrypted, $key_pair);
+	}
+
+	// MARK: invalid public key
+
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function providerWrongPublicKey(): array
+	{
+		return [
+			'not hex public key' => [
+				'public_key' => 'not_a_hex_public_key',
+				'exception_message' => 'Invalid hex public key'
+			],
+			'too short hex public key' => [
+				'public_key' => '1cabd5cba9e042f12522f4ff2de5c31d233b',
+				'excpetion_message' => 'Public key is not the correct size (must be '
+			],
+			'empty public key' => [
+				'public_key' => '',
+				'excpetion_message' => 'Public key cannot be empty'
+			]
+		];
+	}
+
+	/**
+	 * test invalid key provided to decrypt or encrypt
+	 *
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerWrongPublicKey
+	 * @testdox wrong public key $public_key throws $exception_message [$_dataName]
+	 *
+	 * @param  string $public_key
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testWrongPublicKey(string $public_key, string $exception_message): void
+	{
+		$enc_key_pair = CreateKey::createKeyPair();
+		// $enc_public_key = CreateKey::getPublicKey($enc_key_pair);
+
+		// class
+		$this->expectExceptionMessage($exception_message);
+		$crypt = new AsymmetricAnonymousEncryption(public_key:$public_key);
+		$this->expectExceptionMessage($exception_message);
+		$crypt->decrypt('test');
+		$crypt->setKeyPair($enc_key_pair);
+		$encrypted = $crypt->encrypt('test');
+		$this->expectExceptionMessage($exception_message);
+		$crypt->setPublicKey($public_key);
+		$crypt->decrypt($encrypted);
+	}
+
+	/**
+	 * test invalid key provided to decrypt or encrypt
+	 *
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerWrongPublicKey
+	 * @testdox wrong public key indirect $key throws $exception_message [$_dataName]
+	 *
+	 * @param  string $key
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testWrongPublicKeyIndirect(string $key, string $exception_message): void
+	{
+		$enc_key = CreateKey::createKeyPair();
+
+		// class instance
+		$this->expectExceptionMessage($exception_message);
+		AsymmetricAnonymousEncryption::getInstance(public_key:$key)->encrypt('test');
+		// we must encrypt valid thing first so we can fail with the wrong key
+		$encrypted = AsymmetricAnonymousEncryption::getInstance($enc_key)->encrypt('test');
+		// $this->expectExceptionMessage($exception_message);
+		AsymmetricAnonymousEncryption::getInstance($key)->decrypt($encrypted);
+	}
+
+	/**
+	 * test invalid key provided to decrypt or encrypt
+	 *
+	 * @covers ::encrypt
+	 * @covers ::decrypt
+	 * @dataProvider providerWrongPublicKey
+	 * @testdox wrong public key static $key throws $exception_message [$_dataName]
+	 *
+	 * @param  string $key
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testWrongPublicKeyStatic(string $key, string $exception_message): void
+	{
+		$enc_key = CreateKey::createKeyPair();
+
+		// class static
+		$this->expectExceptionMessage($exception_message);
+		AsymmetricAnonymousEncryption::encryptKey('test', $key);
+		// we must encrypt valid thing first so we can fail with the wrong key
+		$encrypted = AsymmetricAnonymousEncryption::encryptKey('test', $enc_key);
+		$this->expectExceptionMessage($exception_message);
+		AsymmetricAnonymousEncryption::decryptKey($encrypted, $key);
+	}
+
+	// MARK: wrong cipher text
+
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function providerWrongCiphertext(): array
+	{
+		return [
+			'invalid cipher text' => [
+				'input' => 'short',
+				'exception_message' => 'base642bin failed: '
+			],
+			'cannot decrypt' => [
+				// phpcs:disable Generic.Files.LineLength
+				'input' => 'Um8tBGiVfFAOg2YoUgA5fTqK1wXPB1S7uxhPNE1lqDxgntkEhYJDOmjXa0DMpBlYHjab6sC4mgzwZSzGCUnXDAgsHckwYwfAzs/r',
+				// phpcs:enable Generic.Files.LineLength
+				'exception_message' => 'Invalid key pair'
+			],
+			'invalid text' => [
+				'input' => 'U29tZSB0ZXh0IGhlcmU=',
+				'exception_message' => 'Invalid key pair'
+			]
+		];
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @covers ::decrypt
+	 * @dataProvider providerWrongCiphertext
+	 * @testdox too short ciphertext $input throws $exception_message [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testWrongCiphertext(string $input, string $exception_message): void
+	{
+		$key = CreateKey::createKeyPair();
+		// class
+		$crypt = new AsymmetricAnonymousEncryption($key);
+		$this->expectExceptionMessage($exception_message);
+		$crypt->decrypt($input);
+	}
+
+	/**
+	 * Undocumented function
+	 *
+	 * @covers ::decryptKey
+	 * @dataProvider providerWrongCiphertext
+	 * @testdox too short ciphertext indirect $input throws $exception_message [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testWrongCiphertextIndirect(string $input, string $exception_message): void
+	{
+		$key = CreateKey::createKeyPair();
+
+		// class instance
+		$this->expectExceptionMessage($exception_message);
+		AsymmetricAnonymousEncryption::getInstance($key)->decrypt($input);
+
+		// class static
+		$this->expectExceptionMessage($exception_message);
+		AsymmetricAnonymousEncryption::decryptKey($input, $key);
+	}
+
+		/**
+	 * Undocumented function
+	 *
+	 * @covers ::decryptKey
+	 * @dataProvider providerWrongCiphertext
+	 * @testdox too short ciphertext static $input throws $exception_message [$_dataName]
+	 *
+	 * @param  string $input
+	 * @param  string $exception_message
+	 * @return void
+	 */
+	public function testWrongCiphertextStatic(string $input, string $exception_message): void
+	{
+		$key = CreateKey::createKeyPair();
+		// class static
+		$this->expectExceptionMessage($exception_message);
+		AsymmetricAnonymousEncryption::decryptKey($input, $key);
+	}
+}
+
+// __END__

4dev/tests/Security/CoreLibsSecurityPasswordTest.php

@@ -13,6 +13,11 @@ use PHPUnit\Framework\TestCase;
  */
 final class CoreLibsSecurityPasswordTest extends TestCase
 {
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
 	public function passwordProvider(): array
 	{
 		return [
@@ -21,6 +26,11 @@ final class CoreLibsSecurityPasswordTest extends TestCase
 		];
 	}
 
+	/**
+	 * Note: we need different hash types for PHP versions
+	 *
+	 * @return array
+	 */
 	public function passwordRehashProvider(): array
 	{
 		return [
@@ -63,6 +73,10 @@ final class CoreLibsSecurityPasswordTest extends TestCase
 	 */
 	public function testPasswordRehashCheck(string $input, bool $expected): void
 	{
+		// in PHP 8.4 the length is $12
+		if (PHP_VERSION_ID > 80400) {
+			$input = str_replace('$2y$10$', '$2y$12$', $input);
+		}
 		$this->assertEquals(
 			$expected,
 			\CoreLibs\Security\Password::passwordRehashCheck($input)

4dev/tests/Security/CoreLibsSecuritySymmetricEncryptionTest.php

@@ -159,8 +159,8 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase
 	 * test encrypt/decrypt produce correct output
 	 *
 	 * @covers ::generateRandomKey
-	 * @covers ::encrypt
-	 * @covers ::decrypt
+	 * @covers ::encryptKey
+	 * @covers ::decryptKey
 	 * @dataProvider providerEncryptDecryptSuccess
 	 * @testdox encrypt/decrypt static $input must be $expected [$_dataName]
 	 *
@@ -253,8 +253,8 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase
 	 * Test decryption with wrong key
 	 *
 	 * @covers ::generateRandomKey
-	 * @covers ::encrypt
-	 * @covers ::decrypt
+	 * @covers ::encryptKey
+	 * @covers ::decryptKey
 	 * @dataProvider providerEncryptFailed
 	 * @testdox decrypt static with wrong key $input throws $exception_message [$_dataName]
 	 *
@@ -354,8 +354,8 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase
 		/**
 	 * test invalid key provided to decrypt or encrypt
 	 *
-	 * @covers ::encrypt
-	 * @covers ::decrypt
+	 * @covers ::encryptKey
+	 * @covers ::decryptKey
 	 * @dataProvider providerWrongKey
 	 * @testdox wrong key static $key throws $exception_message [$_dataName]
 	 *
@@ -424,7 +424,7 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase
 	/**
 	 * Undocumented function
 	 *
-	 * @covers ::decrypt
+	 * @covers ::decryptKey
 	 * @dataProvider providerWrongCiphertext
 	 * @testdox too short ciphertext indirect $input throws $exception_message [$_dataName]
 	 *
@@ -448,7 +448,7 @@ final class CoreLibsSecuritySymmetricEncryptionTest extends TestCase
 		/**
 	 * Undocumented function
 	 *
-	 * @covers ::decrypt
+	 * @covers ::decryptKey
 	 * @dataProvider providerWrongCiphertext
 	 * @testdox too short ciphertext static $input throws $exception_message [$_dataName]
 	 *

phpstan.neon

@@ -9,7 +9,7 @@ parameters:
 	#friendly:
 	#	lineBefore: 3
 	#	lineAfter: 3
-	level: 8 # max is now 9
+	level: 8 # max is now 10
 	# strictRules:
 	# 	allRules: false
 	checkMissingCallableSignature: true

phpunit.xml

@@ -1,7 +1,7 @@
 <phpunit
 	cacheResultFile="/tmp/phpunit-corelibs.result.cache"
 	colors="true"
-	verbose="true"
+	verbose="false"
 	convertDeprecationsToExceptions="true"
 	bootstrap="4dev/tests/bootstrap.php"
 >

www/admin/class_test.db.php

@@ -273,8 +273,8 @@ $query_insert = <<<SQL
 INSERT INTO
 	test_foo
 (
-	test, some_bool, string_a, number_a, number_a_numeric,
-	some_time, some_timestamp, json_string
+	test, some_bool, string_a, number_a, numeric_a,
+	some_internval, some_timestamp, json_string
 ) VALUES (
 	$1, $2, $3, $4, $5,
 	$6, $7, $8
@@ -283,8 +283,8 @@ RETURNING test
 SQL;
 $query_select = <<<SQL
 SELECT
-	test, some_bool, string_a, number_a, number_a_numeric,
-	some_time, some_time, some_timestamp, json_string
+	test, some_bool, string_a, number_a, numeric_a,
+	some_time, some_internval, some_timestamp, json_string
 FROM
 	test_foo
 WHERE
@@ -554,7 +554,7 @@ print "<b>PREPARE QUERIES</b><br>";
 // READ PREPARE
 $q_prep = <<<SQL
 SELECT test_foo_id, test, some_bool, string_a, number_a,
-number_a_numeric, some_time
+numeric_a, some_time
 FROM test_foo
 WHERE test = $1
 ORDER BY test_foo_id DESC LIMIT 5
@@ -582,7 +582,7 @@ if ($db->dbPrepare('sel_test_foo', $q_prep) === false) {
 
 // sel test with ANY () type
 $q_prep = "SELECT test_foo_id, test, some_bool, string_a, number_a, "
-	. "number_a_numeric, some_time "
+	. "numeric_a, some_time "
 	. "FROM test_foo "
 	. "WHERE test = ANY($1) "
 	. "ORDER BY test_foo_id DESC LIMIT 5";
@@ -618,7 +618,7 @@ $test_bar = $db->dbEscapeLiteral('SOMETHING DIFFERENT');
 $q = <<<SQL
 SELECT test_foo_id, test, some_bool, string_a, number_a,
 -- comment
-number_a_numeric, some_time
+numeric_a, some_time
 FROM test_foo
 WHERE test = $test_bar
 ORDER BY test_foo_id DESC LIMIT 5
@@ -631,7 +631,7 @@ print "DB RETURN PARAMS<br>";
 $q = <<<SQL
 SELECT test_foo_id, test, some_bool, string_a, number_a,
 -- comment
-number_a_numeric, some_time
+numeric_a, some_time
 FROM test_foo
 WHERE test = $1
 ORDER BY test_foo_id DESC LIMIT 5
@@ -646,7 +646,7 @@ echo "<hr>";
 print "DB RETURN PARAMS LIKE<br>";
 $q = <<<SQL
 SELECT
-	test_foo_id, test, some_bool, string_a, number_a, number_a_numeric
+	test_foo_id, test, some_bool, string_a, number_a, numeric_a
 FROM test_foo
 WHERE string_a LIKE $1;
 SQL;
@@ -660,7 +660,7 @@ echo "<hr>";
 print "DB RETURN PARAMS ANY<br>";
 $q = <<<SQL
 SELECT
-	test_foo_id, test, some_bool, string_a, number_a, number_a_numeric
+	test_foo_id, test, some_bool, string_a, number_a, numeric_a
 FROM test_foo
 WHERE string_a = ANY($1);
 SQL;

www/admin/class_test.db.query-placeholder.php

@@ -174,6 +174,26 @@ while (is_array($res = $db->dbReturnParams($query, [$query_value]))) {
 
 echo "<hr>";
 
+echo "<b>CASE part</b><br>";
+$query = <<<SQL
+UPDATE
+test_foo
+SET
+some_timestamp = NOW(),
+	-- if not 1 set, else keep at one
+	smallint_a = (CASE
+			WHEN smallint_a <> 1 THEN $1
+			ELSE 1::INT
+	END)::INT
+WHERE
+	string_a = $2
+SQL;
+echo "QUERY: <pre>" . $query . "</pre>";
+$res = $db->dbExecParams($query, [1, 'foobar']);
+print "ERROR: " . $db->dbGetLastError(true) . "<br>";
+
+echo "<hr>";
+
 // test connectors: = , <> () for query detection
 
 // convert placeholder tests
@@ -237,7 +257,7 @@ SQL,
 		SQL,
 		'params' => [1, 2, 3, 4, 5, 6],
 		'direction' => 'pg'
-	]
+	],
 ];
 
 $db->dbSetConvertPlaceholder(true);

www/admin/class_test.db.types.php

@@ -57,6 +57,43 @@ if (($dbh = $db->dbGetDbh()) instanceof \PgSql\Connection) {
 print "<b>TRUNCATE test_foo</b><br>";
 $db->dbExec("TRUNCATE test_foo");
 
+/*
+BELOW IS THE FULL TABLE WITH ALL PostgreSQL Types
+=> \d test_foo
+												Table "public.test_foo"
+Column            |            Type             | Nullable |                     Default
+------------------+-----------------------------+----------+-----------------------------------------------
+test              | character varying           |          |
+some_bool         | boolean                     |          |
+string_a          | character varying           |          |
+number_a          | integer                     |          |
+numeric_a         | numeric                     |          |
+some_internval    | interval                    |          |
+test_foo_id       | integer                     | not null | generated always as identity
+json_string       | jsonb                       |          |
+some_timestamp    | timestamp without time zone |          |
+some_binary       | bytea                       |          |
+null_var          | character varying           |          |
+smallint_a        | smallint                    |          |
+number_real       | real                        |          |
+number_double     | double precision            |          |
+number_serial     | integer                     | not null | nextval('test_foo_number_serial_seq'::regclass)
+array_char_1      | character varying[]         |          |
+array_char_2      | character varying[]         |          |
+array_int_1       | integer[]                   |          |
+array_int_2       | integer[]                   |          |
+composite_item    | inventory_item              |          |
+array_composite   | inventory_item[]            |          |
+numeric_3         | numeric(3,0)                |          |
+identity_always   | bigint                      | not null | generated always as identity
+identitiy_default | bigint                      | not null | generated by default as identity
+uuid_var          | uuid                        |          | gen_random_uuid()
+some_date         | date                        |          |
+some_time         | time without time zone      |          |
+bigint_a          | bigint                      |          |
+default_uuid      | uuid                        |          | gen_random_uuid()
+*/
+
 /* $q = <<<SQL
 INSERT INTO test_foo (test, array_composite) VALUES ('C', '{"(a,1,1.5)","(b,2,2.5)"}')
 SQL;
@@ -90,7 +127,7 @@ $query_params = [
 
 $query_insert = <<<SQL
 INSERT INTO test_foo (
-	test, some_bool, string_a, number_a, number_a_numeric, smallint_a,
+	test, some_bool, string_a, number_a, numeric_a, smallint_a,
 	some_time, some_timestamp, json_string, null_var,
 	array_char_1, array_int_1,
 	array_composite,
@@ -106,7 +143,7 @@ INSERT INTO test_foo (
 )
 RETURNING
 	test_foo_id,
-	test, some_bool, string_a, number_a, number_a_numeric, smallint_a,
+	test, some_bool, string_a, number_a, numeric_a, smallint_a,
 	some_time, some_timestamp, json_string, null_var,
 	array_char_1, array_int_1,
 	array_composite,
@@ -127,8 +164,8 @@ echo "<hr>";
 $query_select = <<<SQL
 SELECT
 	test_foo_id,
-	test, some_bool, string_a, number_a, number_a_numeric, smallint_a,
-	number_real, number_double, number_numeric_3, number_serial,
+	test, some_bool, string_a, number_a, numeric_a, smallint_a,
+	number_real, number_double, numeric_3, number_serial,
 	some_time, some_timestamp, json_string, null_var,
 	array_char_1, array_char_2, array_int_1, array_int_2, array_composite,
 	composite_item, (composite_item).*,

www/admin/class_test.encryption.php

@@ -18,6 +18,7 @@ require 'config.php';
 $LOG_FILE_ID = 'classTest-encryption';
 ob_end_flush();
 
+use CoreLibs\Security\AsymmetricAnonymousEncryption;
 use CoreLibs\Security\SymmetricEncryption;
 use CoreLibs\Security\CreateKey;
 
@@ -36,6 +37,8 @@ print "<body>";
 print '<div><a href="class_test.php">Class Test Master</a></div>';
 print '<div><h1>' . $PAGE_NAME . '</h1></div>';
 
+print "<h2>Symmetric Encryption</h2>";
+
 $key = CreateKey::generateRandomKey();
 print "Secret Key: " . $key . "<br>";
 
@@ -105,6 +108,49 @@ try {
 // $encrypted = $se->encrypt($string);
 // $decrypted = $se->decrypt($encrypted);
 
+echo "<hr>";
+print "<h2>Asymmetric Encryption</h2>";
+
+$key_pair = CreateKey::createKeyPair();
+$public_key = CreateKey::getPublicKey($key_pair);
+
+$string = "I am some asymmetric secret";
+print "Message: " . $string . "<br>";
+$encrypted = sodium_crypto_box_seal($string, CreateKey::hex2bin($public_key));
+$message = sodium_bin2base64($encrypted, SODIUM_BASE64_VARIANT_ORIGINAL);
+print "Encrypted PL: " . $message . "<br>";
+$result = sodium_base642bin($message, SODIUM_BASE64_VARIANT_ORIGINAL);
+$decrypted = sodium_crypto_box_seal_open($result, CreateKey::hex2bin($key_pair));
+print "Decrypted PL: " . $decrypted . "<br>";
+
+$encrypted = AsymmetricAnonymousEncryption::encryptKey($string, $public_key);
+print "Encrypted ST: " . $encrypted . "<br>";
+$decrypted = AsymmetricAnonymousEncryption::decryptKey($encrypted, $key_pair);
+print "Decrypted ST: " . $decrypted . "<br>";
+
+$aa_crypt = new AsymmetricAnonymousEncryption($key_pair, $public_key);
+$encrypted = $aa_crypt->encrypt($string);
+print "Encrypted: " . $encrypted . "<br>";
+$decrypted = $aa_crypt->decrypt($encrypted);
+print "Decrypted: " . $decrypted . "<br>";
+
+print "Base64 encode: " . base64_encode('Some text here') . "<Br>";
+
+/// this has to fail
+$crypt = new AsymmetricAnonymousEncryption();
+$crypt->setPublicKey(CreateKey::getPublicKey(CreateKey::createKeyPair()));
+print "Public Key: " . $crypt->getPublicKey() . "<br>";
+try {
+	$crypt->setPublicKey(CreateKey::createKeyPair());
+} catch (RangeException $e) {
+	print "Invalid range: <pre>$e</pre>";
+}
+try {
+	$crypt->setKeyPair(CreateKey::getPublicKey(CreateKey::createKeyPair()));
+} catch (RangeException $e) {
+	print "Invalid range: <pre>$e</pre>";
+}
+
 print "</body></html>";
 
 // __END__

www/admin/class_test.output.form.php

@@ -29,15 +29,17 @@ $table_arrays = [];
 $table_arrays[\CoreLibs\Get\System::getPageName(1)] = [
 	// form fields mtaching up with db fields
 	'table_array' => [
+		'foo',
+		'bar'
 	],
 	// laod query
-	'load_query' => '',
+	'load_query' => 'SELECT uuid_nr, foo, bar FROM test',
 	// database table to load from
-	'table_name' => '',
+	'table_name' => 'test',
 	// for load dro pdown, format output
 	'show_fields' => [
 		[
-			'name' => 'name'
+			'name' => 'foo'
 		],
 		[
 			'name' => 'enabled',

www/admin/class_test.password.php

@@ -37,6 +37,8 @@ print "<body>";
 print '<div><a href="class_test.php">Class Test Master</a></div>';
 print '<div><h1>' . $PAGE_NAME . '</h1></div>';
 
+print "PHP Version: " . PHP_VERSION . "<br>";
+
 $password = 'something1234';
 $enc_password = $_password->passwordSet($password);
 print "PASSWORD: $password: " . $enc_password . "<br>";
@@ -51,6 +53,20 @@ print "PASSWORD REHASH: " . (string)$password_class::passwordRehashCheck($enc_pa
 // direct static
 print "S::PASSWORD VERFIY: " . (string)PwdChk::passwordVerify($password, $enc_password) . "<br>";
 
+if (PHP_VERSION_ID < 80400) {
+	$rehash_test = '$2y$10$EgWJ2WE73DWi.hIyFRCdpejLXTvHbmTK3LEOclO1tAvXAXUNuUS4W';
+	$rehash_test_throw = '$2y$12$EgWJ2WE73DWi.hIyFRCdpejLXTvHbmTK3LEOclO1tAvXAXUNuUS4W';
+} else {
+	$rehash_test = '$2y$12$EgWJ2WE73DWi.hIyFRCdpejLXTvHbmTK3LEOclO1tAvXAXUNuUS4W';
+	$rehash_test_throw = '$2y$10$EgWJ2WE73DWi.hIyFRCdpejLXTvHbmTK3LEOclO1tAvXAXUNuUS4W';
+}
+if (PwdChk::passwordRehashCheck($rehash_test)) {
+	print "Bad password [BAD]<br>";
+}
+if (PwdChk::passwordRehashCheck($rehash_test_throw)) {
+	print "Bad password [OK]<br>";
+}
+
 print "</body></html>";
 
 // __END__

www/admin/class_test.smarty.php

@@ -4,6 +4,8 @@
  * @phan-file-suppress PhanTypeSuspiciousStringExpression
  */
 
+// FIXME: Smarty Class must be updated for PHP 8.4
+
 declare(strict_types=1);
 
 error_reporting(E_ALL | E_ERROR | E_WARNING | E_PARSE | E_COMPILE_ERROR);
@@ -33,6 +35,7 @@ $l10n = new \CoreLibs\Language\L10n(
 );
 $smarty = new CoreLibs\Template\SmartyExtend(
 	$l10n,
+	$log,
 	CACHE_ID,
 	COMPILE_ID,
 );
@@ -45,6 +48,7 @@ $adm = new CoreLibs\Admin\Backend(
 );
 $adm->DATA['adm_set'] = 'SET from admin class';
 
+
 $PAGE_NAME = 'TEST CLASS: SMARTY';
 print "<!DOCTYPE html>";
 print "<html><head><title>" . $PAGE_NAME . "</title></head>";

www/composer.json

@@ -21,7 +21,7 @@
         }
     },
     "require": {
-        "egrajp/smarty-extended": "^4.3",
+        "egrajp/smarty-extended": "^5.4",
         "php": ">=8.1",
         "gullevek/dotenv": "^2.0",
         "psr/log": "^2.0 || ^3.0"

www/includes/admin_header.php

@@ -91,7 +91,7 @@ $l10n = new \CoreLibs\Language\L10n(
 );
 
 // create smarty object
-$smarty = new \CoreLibs\Template\SmartyExtend($l10n, CACHE_ID, COMPILE_ID);
+$smarty = new \CoreLibs\Template\SmartyExtend($l10n, $log, CACHE_ID, COMPILE_ID);
 // create new Backend class with db and loger attached
 $cms = new \CoreLibs\Admin\Backend($db, $log, $session, $l10n, DEFAULT_ACL_LEVEL);
 // the menu show flag (what menu to show)
@@ -116,7 +116,7 @@ $data = [
 // log action
 // no log if login
 if (!$login->loginActionRun()) {
-	$login->writeLog('Submit', $data, $cms->adbGetActionSet(), 'BINARY');
+	$login->writeLog('Submit', $data, action_set:$cms->adbGetActionSet(), write_type:'BINARY');
 }
 //------------------------------ logging end
 

www/lib/CoreLibs/ACL/Login.php

@@ -1418,6 +1418,7 @@ class Login
 				'additional_acl' => Json::jsonConvertToArray($res['additional_acl']),
 				'data' => $ea_data
 			];
+			// LEGACY LOOKUP
 			$unit_access_eaid[$res['edit_access_id']] = [
 				'cuid' => $res['cuid'],
 			];
@@ -1477,6 +1478,8 @@ class Login
 		// username (login), group name
 		$this->acl['user_name'] = $_SESSION['LOGIN_USER_NAME'];
 		$this->acl['group_name'] = $_SESSION['LOGIN_GROUP_NAME'];
+		// DEPRECATED
+		$this->acl['euid'] = $_SESSION['LOGIN_EUID'];
 		// edit user cuid
 		$this->acl['eucuid'] = $_SESSION['LOGIN_EUCUID'];
 		$this->acl['eucuuid'] = $_SESSION['LOGIN_EUCUUID'];
@@ -1552,8 +1555,10 @@ class Login
 			$this->acl['unit_legacy'][$unit['id']] = $this->acl['unit'][$ea_cuid];
 			// detail name/level set
 			$this->acl['unit_detail'][$ea_cuid] = [
+				'id' =>  $unit['id'],
 				'name' => $unit['name'],
 				'uid' => $unit['uid'],
+				'cuuid' => $unit['cuuid'],
 				'level' => $this->default_acl_list[$this->acl['unit'][$ea_cuid]]['name'] ?? -1,
 				'default' => $unit['default'],
 				'data' => $unit['data'],
@@ -3277,6 +3282,20 @@ HTML;
 		return (int)$_SESSION['LOGIN_UNIT_CUID'][$uid];
 	}
 
+	/**
+	 * Legacy lookup for edit access id to cuid
+	 *
+	 * @param  int          $id edit access id PK
+	 * @return string|false     edit access cuid or false if not found
+	 */
+	public function loginGetEditAccessCuidFromId(int $id): string|false
+	{
+		if (!isset($_SESSION['LOGIN_UNIT_ACL_LEVEL'][$id])) {
+			return false;
+		}
+		return (string)$_SESSION['LOGIN_UNIT_ACL_LEVEL'][$id]['cuid'];
+	}
+
 	/**
 	 * Check if admin flag is set
 	 *

www/lib/CoreLibs/Admin/Backend.php

@@ -289,7 +289,7 @@ class Backend
 	 *                                                        JSON, STRING/SERIEAL, BINARY/BZIP or ZLIB
 	 * @param  string|null         $db_schema [default=null]  override target schema
 	 * @return void
-	 * @deprecated Use $login->writeLog() and set action_set from ->adbGetActionSet()
+	 * @deprecated Use $login->writeLog($event, $data, action_set:$cms->adbGetActionSet(), write_type:$write_type)
 	 */
 	public function adbEditLog(
 		string $event = '',

www/lib/CoreLibs/Admin/EditBase.php

@@ -14,9 +14,6 @@ declare(strict_types=1);
 
 namespace CoreLibs\Admin;
 
-use Exception;
-use SmartyException;
-
 class EditBase
 {
 	/** @var array<mixed> */
@@ -63,6 +60,7 @@ class EditBase
 		// smarty template engine (extended Translation version)
 		$this->smarty = new \CoreLibs\Template\SmartyExtend(
 			$l10n,
+			$log,
 			$options['cache_id'] ?? '',
 			$options['compile_id'] ?? '',
 		);
@@ -538,8 +536,7 @@ class EditBase
 	 * builds the smarty content and runs smarty display output
 	 *
 	 * @return void
-	 * @throws Exception
-	 * @throws SmartyException
+	 * @throws \Smarty\Exception
 	 */
 	public function editBaseRun(
 		?string $template_dir = null,

www/lib/CoreLibs/Create/Session.php

@@ -363,11 +363,12 @@ class Session
 	 * set the auto write close flag
 	 *
 	 * @param  bool $flag
-	 * @return void
+	 * @return Session
 	 */
-	public function setAutoWriteClose(bool $flag): void
+	public function setAutoWriteClose(bool $flag): Session
 	{
 		$this->auto_write_close = $flag;
+		return $this;
 	}
 
 	/**
@@ -513,14 +514,15 @@ class Session
 	 *
 	 * @param  string $name  array name in _SESSION
 	 * @param  mixed  $value value to set (can be anything)
-	 * @return void
+	 * @return Session
 	 */
-	public function set(string $name, mixed $value): void
+	public function set(string $name, mixed $value): Session
 	{
 		$this->checkValidSessionEntryKey($name);
 		$this->restartSession();
 		$_SESSION[$name] = $value;
 		$this->closeSessionCall();
+		return $this;
 	}
 
 	/**
@@ -577,16 +579,17 @@ class Session
 	 * unset one _SESSION entry 'name' if exists
 	 *
 	 * @param  string $name _SESSION key name to remove
-	 * @return void
+	 * @return Session
 	 */
-	public function unset(string $name): void
+	public function unset(string $name): Session
 	{
 		if (!isset($_SESSION[$name])) {
-			return;
+			return $this;
 		}
 		$this->restartSession();
 		unset($_SESSION[$name]);
 		$this->closeSessionCall();
+		return $this;
 	}
 
 	/**

www/lib/CoreLibs/DB/Support/ConvertPlaceholder.php

@@ -26,7 +26,9 @@ class ConvertPlaceholder
 		. '&&|' // array overlap
 		. '\-\|\-|' // range overlap for array
 		. '[^-]-{1}|' // single -, used in JSON too
-		. '->|->>|#>|#>>|@>|<@|@@|@\?|\?{1}|\?\||\?&|#-'; //JSON searches, Array searchs, etc
+		. '->|->>|#>|#>>|@>|<@|@@|@\?|\?{1}|\?\||\?&|#-|' // JSON searches, Array searchs, etc
+		. 'THEN|ELSE' // command parts (CASE)
+	;
 	/** @var string the main regex including  the pattern query split */
 	private const PATTERN_ELEMENT = '(?:\'.*?\')?\s*(?:' . self::PATTERN_QUERY_SPLIT . ')\s*';
 	/** @var string comment regex

www/lib/CoreLibs/Security/AsymmetricAnonymousEncryption.php

@@ -70,7 +70,8 @@ class AsymmetricAnonymousEncryption
 		// new if no instsance or key is different
 		if (
 			empty(self::$instance) ||
-			self::$instance->key_pair != $key_pair
+			self::$instance->key_pair != $key_pair ||
+			self::$instance->public_key != $public_key
 		) {
 			self::$instance = new self($key_pair, $public_key);
 		}
@@ -100,7 +101,7 @@ class AsymmetricAnonymousEncryption
 			$zero ^ $this->key_pair
 		);
 		unset($zero);
-		unset($this->key_pair);
+		unset($this->key_pair); /** @phan-suppress-current-line PhanTypeObjectUnsetDeclaredProperty */
 	}
 
 	/* ************************************************************************
@@ -112,6 +113,9 @@ class AsymmetricAnonymousEncryption
 	 *
 	 * @param  ?string $key_pair
 	 * @return string
+	 * @throws \UnexpectedValueException key pair empty
+	 * @throws \UnexpectedValueException invalid hex key pair
+	 * @throws \RangeException key pair not correct size
 	 */
 	private function createKeyPair(
 		#[\SensitiveParameter]
@@ -141,6 +145,9 @@ class AsymmetricAnonymousEncryption
 	 *
 	 * @param  ?string $public_key
 	 * @return string
+	 * @throws \UnexpectedValueException public key empty
+	 * @throws \UnexpectedValueException invalid hex key
+	 * @throws \RangeException invalid key length
 	 */
 	private function createPublicKey(?string $public_key): string
 	{
@@ -169,6 +176,8 @@ class AsymmetricAnonymousEncryption
 	 * @param  string  $message
 	 * @param  ?string $public_key
 	 * @return string
+	 * @throws \UnexpectedValueException create encryption failed
+	 * @throws \UnexpectedValueException convert to base64 failed
 	 */
 	private function asymmetricEncryption(
 		#[\SensitiveParameter]
@@ -199,6 +208,10 @@ class AsymmetricAnonymousEncryption
 	 * @param  string  $message
 	 * @param  ?string $key_pair
 	 * @return string
+	 * @throws \UnexpectedValueException message string empty
+	 * @throws \UnexpectedValueException base64 decoding failed
+	 * @throws \UnexpectedValueException decryption failed
+	 * @throws \UnexpectedValueException could not decrypt message
 	 */
 	private function asymmetricDecryption(
 		#[\SensitiveParameter]
@@ -207,7 +220,7 @@ class AsymmetricAnonymousEncryption
 		?string $key_pair
 	): string {
 		if (empty($message)) {
-			throw new \UnexpectedValueException('Message string cannot be empty');
+			throw new \UnexpectedValueException('Encrypted string cannot be empty');
 		}
 		$key_pair = $this->createKeyPair($key_pair);
 		try {
@@ -224,14 +237,14 @@ class AsymmetricAnonymousEncryption
 		} catch (SodiumException $e) {
 			sodium_memzero($message);
 			sodium_memzero($key_pair);
+			sodium_memzero($result);
 			throw new \UnexpectedValueException("Decrypting message failed: " . $e->getMessage());
 		}
-		if (!is_string($plaintext)) {
-			sodium_memzero($key_pair);
-			throw new \UnexpectedValueException('Could not decrypt message');
-		}
-		sodium_memzero($result);
 		sodium_memzero($key_pair);
+		sodium_memzero($result);
+		if (!is_string($plaintext)) {
+			throw new \UnexpectedValueException('Invalid key pair');
+		}
 		return $plaintext;
 	}
 
@@ -243,17 +256,28 @@ class AsymmetricAnonymousEncryption
 	 * sets the private key for encryption
 	 *
 	 * @param  string $key_pair Key pair in hex
-	 * @return void
+	 * @return AsymmetricAnonymousEncryption
+	 * @throws \UnexpectedValueException key pair empty
 	 */
 	public function setKeyPair(
 		#[\SensitiveParameter]
 		string $key_pair
-	) {
+	): AsymmetricAnonymousEncryption {
 		if (empty($key_pair)) {
 			throw new \UnexpectedValueException('Key pair cannot be empty');
 		}
+		// check if valid;
+		$this->createKeyPair($key_pair);
+		// set new key pair
 		$this->key_pair = $key_pair;
 		sodium_memzero($key_pair);
+		// set public key if not set
+		if (empty($this->public_key)) {
+			$this->public_key = CreateKey::getPublicKey($this->key_pair);
+			// check if valid
+			$this->createPublicKey($this->public_key);
+		}
+		return $this;
 	}
 
 	/**
@@ -285,15 +309,19 @@ class AsymmetricAnonymousEncryption
 	 * extract the public key from the key pair
 	 *
 	 * @param  string $public_key Public Key in hex
-	 * @return void
+	 * @return AsymmetricAnonymousEncryption
+	 * @throws \UnexpectedValueException public key empty
 	 */
-	public function setPublicKey(string $public_key)
+	public function setPublicKey(string $public_key): AsymmetricAnonymousEncryption
 	{
 		if (empty($public_key)) {
 			throw new \UnexpectedValueException('Public key cannot be empty');
 		}
+		// check if valid
+		$this->createPublicKey($public_key);
 		$this->public_key = $public_key;
 		sodium_memzero($public_key);
+		return $this;
 	}
 
 	/**

www/lib/CoreLibs/Security/SymmetricEncryption.php

@@ -85,7 +85,7 @@ class SymmetricEncryption
 			$zero ^ $this->key
 		);
 		unset($zero);
-		unset($this->key);
+		unset($this->key); /** @phan-suppress-current-line PhanTypeObjectUnsetDeclaredProperty */
 	}
 
 	/* ************************************************************************
@@ -209,13 +209,13 @@ class SymmetricEncryption
 	 * set a new key for encryption
 	 *
 	 * @param  string $key
-	 * @return void
+	 * @return SymmetricEncryption
 	 * @throws \UnexpectedValueException key cannot be empty
 	 */
 	public function setKey(
 		#[\SensitiveParameter]
 		string $key
-	) {
+	): SymmetricEncryption {
 		if (empty($key)) {
 			throw new \UnexpectedValueException('Key cannot be empty');
 		}
@@ -224,6 +224,7 @@ class SymmetricEncryption
 		// set key
 		$this->key = $key;
 		sodium_memzero($key);
+		return $this;
 	}
 
 	/**

www/lib/CoreLibs/Template/SmartyExtend.php

@@ -19,12 +19,13 @@ declare(strict_types=1);
 
 namespace CoreLibs\Template;
 
-// leading slash if this is in lib\Smarty
-class SmartyExtend extends \Smarty
+class SmartyExtend extends \Smarty\Smarty
 {
 	// internal translation engine
-	/** @var \CoreLibs\Language\L10n */
+	/** @var \CoreLibs\Language\L10n language class */
 	public \CoreLibs\Language\L10n $l10n;
+	/** @var \CoreLibs\Logging\Logging $log logging class */
+	public \CoreLibs\Logging\Logging $log;
 
 	// lang & encoding
 	/** @var string */
@@ -157,14 +158,18 @@ class SmartyExtend extends \Smarty
 	 * calls L10 for pass on internaly in smarty
 	 * also registers the getvar caller plugin
 	 *
-	 * @param \CoreLibs\Language\L10n $l10n l10n language class
-	 * @param string|null             $cache_id
-	 * @param string|null             $compile_id
+	 * @param \CoreLibs\Language\L10n   $l10n l10n language class
+	 * @param \CoreLibs\Logging\Logging $log Logger class
+	 * @param string|null               $cache_id [default=null]
+	 * @param string|null               $compile_id [default=null]
+	 * @param array<string,mixed>       $options [default=[]]
 	 */
 	public function __construct(
 		\CoreLibs\Language\L10n $l10n,
+		\CoreLibs\Logging\Logging $log,
 		?string $cache_id = null,
-		?string $compile_id = null
+		?string $compile_id = null,
+		array $options = []
 	) {
 		// trigger deprecation
 		if (
@@ -177,14 +182,33 @@ class SmartyExtend extends \Smarty
 				E_USER_DEPRECATED
 			);
 		}
-		// set variables (to be deprecated)
-		$cache_id = $cache_id ??
-			(defined('CACHE_ID') ? CACHE_ID : '');
-		$compile_id = $compile_id ??
-			(defined('COMPILE_ID') ? COMPILE_ID : '');
+		// set variables from global constants (deprecated)
+		if ($cache_id === null && defined('CACHE_ID')) {
+			trigger_error(
+				'SmartyExtended: No cache_id set and CACHE_ID constant set, this is deprecated',
+				E_USER_DEPRECATED
+			);
+			$cache_id = CACHE_ID;
+		}
+		if ($compile_id === null && defined('COMPILE_ID')) {
+			trigger_error(
+				'SmartyExtended: No compile_id set and COMPILE_ID constant set, this is deprecated',
+				E_USER_DEPRECATED
+			);
+			$compile_id = COMPILE_ID;
+		}
+		if (empty($cache_id)) {
+			throw new \BadMethodCallException('cache_id parameter is not set');
+		}
+		if (empty($compile_id)) {
+			throw new \BadMethodCallException('compile_id parameter is not set');
+		}
+
 		// call basic smarty
-		// or Smarty::__construct();
 		parent::__construct();
+
+		$this->log = $log;
+
 		// init lang
 		$this->l10n = $l10n;
 		// parse and read, legacy stuff
@@ -194,7 +218,6 @@ class SmartyExtend extends \Smarty
 		$this->lang_short = $locale['lang_short'];
 		$this->domain = $locale['domain'];
 		$this->lang_dir = $locale['path'];
-
 		// opt load functions so we can use legacy init for smarty run perhaps
 		\CoreLibs\Language\L10n::loadFunctions();
 		_setlocale(LC_MESSAGES, $locale['locale']);
@@ -203,7 +226,6 @@ class SmartyExtend extends \Smarty
 		_bind_textdomain_codeset($this->domain, $this->encoding);
 
 		// register smarty variable
-		// $this->registerPlugin(\Smarty\Smarty::PLUGIN_MODIFIER, 'getvar', [&$this, 'getTemplateVars']);
 		$this->registerPlugin(self::PLUGIN_MODIFIER, 'getvar', [&$this, 'getTemplateVars']);
 
 		$this->page_name = \CoreLibs\Get\System::getPageName();
@@ -211,6 +233,77 @@ class SmartyExtend extends \Smarty
 		// set internal settings
 		$this->CACHE_ID = $cache_id;
 		$this->COMPILE_ID = $compile_id;
+		// set options
+		$this->setOptions($options);
+	}
+
+	/**
+	 * set options
+	 *
+	 * @param  array<string,mixed> $options
+	 * @return void
+	 */
+	private function setOptions(array $options): void
+	{
+		// set escape html if option is set
+		if (!empty($options['escape_html'])) {
+			$this->setEscapeHtml(true);
+		}
+		// load plugins
+		// plugin array:
+		// 'file': string, path to plugin content to load
+		// 'type': a valid smarty type see Smarty PLUGIN_ constants for correct names
+		// 'tag': the smarty tag
+		// 'callback': the function to call in 'file'
+		if (!empty($options['plugins'])) {
+			foreach ($options['plugins'] as $plugin) {
+				// file is readable
+				if (
+					empty($plugin['file']) ||
+					!is_file($plugin['file']) ||
+					!is_readable($plugin['file'])
+				) {
+					$this->log->warning('SmartyExtended plugin load failed, file not accessable', [
+						'plugin' => $plugin,
+					]);
+					continue;
+				}
+				// tag is alphanumeric
+				if (!preg_match("/^\w+$/", $plugin['tag'] ?? '')) {
+					$this->log->warning('SmartyExtended plugin load failed, invalid tag', [
+						'plugin' => $plugin,
+					]);
+					continue;
+				}
+				// callback is alphanumeric
+				if (!preg_match("/^\w+$/", $plugin['callback'] ?? '')) {
+					$this->log->warning('SmartyExtended plugin load failed, invalid callback', [
+						'plugin' => $plugin,
+					]);
+					continue;
+				}
+				try {
+					/** @phan-suppress-next-line PhanNoopNew */
+					new \ReflectionClassConstant($this, $plugin['type']);
+				} catch (\ReflectionException $e) {
+					$this->log->error('SmartyExtended plugin load failed, type is not valid', [
+						'message' => $e->getMessage(),
+						'plugin' => $plugin,
+					]);
+					continue;
+				}
+				try {
+					require $plugin['file'];
+					$this->registerPlugin($plugin['type'], $plugin['tag'], $plugin['callback']);
+				} catch (\Smarty\Exception $e) {
+					$this->log->error('SmartyExtended plugin load failed with exception', [
+						'message' => $e->getMessage(),
+						'plugin' => $plugin,
+					]);
+					continue;
+				}
+			}
+		}
 	}
 
 	/**

www/lib/FileUpload/Core/qqUploadedFileXhr.php

@@ -46,19 +46,19 @@ class qqUploadedFileXhr implements qqUploadedFile // phpcs:ignore Squiz.Classes.
 	 */
 	public function getName(): string
 	{
-		return $_GET['qqfile'] ?? '';
+		return !empty($_GET['qqfile']) && is_string($_GET['qqfile']) ? $_GET['qqfile'] : '';
 	}
 
 	/**
 	 * Get file size from _SERVERa array, throws an error if not possible
 	 *
-	 * @return int
+	 * @return int size of the file
 	 *
 	 * @throws \Exception
 	 */
 	public function getSize(): int
 	{
-		if (isset($_SERVER['CONTENT_LENGTH'])) {
+		if (isset($_SERVER['CONTENT_LENGTH']) && is_numeric($_SERVER['CONTENT_LENGTH'])) {
 			return (int)$_SERVER['CONTENT_LENGTH'];
 		} else {
 			throw new \Exception('Getting content length is not supported.');