Fix manage_workflows bind_param by-reference errors and duplicate session_start

- Extract expression args to local variables before bind_param (PHP 8 requirement) - Guard session_start with session_status check in manage_workflows - Remove redundant session_start from bulk_operation (RateLimitMiddleware starts it) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 17:27:02 -04:00
parent 1761f41943
commit 4433bad2ce
2 changed files with 13 additions and 17 deletions
@@ -17,7 +17,7 @@ try {
    require_once dirname(__DIR__) . '/models/AuditLogModel.php';

    // Check authentication
-    session_start();
+    if (session_status() === PHP_SESSION_NONE) session_start();
    if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
        http_response_code(401);
        echo json_encode(['success' => false, 'error' => 'Authentication required']);
@@ -81,13 +81,12 @@ try {

            $stmt = $conn->prepare("INSERT INTO status_transitions (from_status, to_status, requires_comment, requires_admin, is_active)
                                    VALUES (?, ?, ?, ?, ?)");
-            $stmt->bind_param('ssiii',
-                $data['from_status'],
-                $data['to_status'],
-                $data['requires_comment'] ?? 0,
-                $data['requires_admin'] ?? 0,
-                $data['is_active'] ?? 1
-            );
+            $wf_from    = $data['from_status'];
+            $wf_to      = $data['to_status'];
+            $wf_comment = (int)($data['requires_comment'] ?? 0);
+            $wf_admin   = (int)($data['requires_admin'] ?? 0);
+            $wf_active  = (int)($data['is_active'] ?? 1);
+            $stmt->bind_param('ssiii', $wf_from, $wf_to, $wf_comment, $wf_admin, $wf_active);

            if ($stmt->execute()) {
                $transitionId = $conn->insert_id;
@@ -120,14 +119,12 @@ try {
            $stmt = $conn->prepare("UPDATE status_transitions SET
                                    from_status = ?, to_status = ?, requires_comment = ?, requires_admin = ?, is_active = ?
                                    WHERE transition_id = ?");
-            $stmt->bind_param('ssiiii',
-                $data['from_status'],
-                $data['to_status'],
-                $data['requires_comment'] ?? 0,
-                $data['requires_admin'] ?? 0,
-                $data['is_active'] ?? 1,
-                $id
-            );
+            $wf_from    = $data['from_status'];
+            $wf_to      = $data['to_status'];
+            $wf_comment = (int)($data['requires_comment'] ?? 0);
+            $wf_admin   = (int)($data['requires_admin'] ?? 0);
+            $wf_active  = (int)($data['is_active'] ?? 1);
+            $stmt->bind_param('ssiiii', $wf_from, $wf_to, $wf_comment, $wf_admin, $wf_active, $id);

            $success = $stmt->execute();
            if ($success) {