AbstractController::getSecurity() - Code Metrics - EC-CUBE/ec-cube - Measure and Improve Code Quality continuously with Scrutinizer

AbstractController::getSecurity() A
last analyzed 2017-02-27 17:14 UTC

↳ Parent: AbstractController

Complexity

Conditions	1
Paths	1

Size

Total Lines	4
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	2
CRAP Score	1

Importance

Changes

Metric	Value
c	0
b	0
f	0
dl	0
loc	4
ccs	2
cts	2
cp	1
rs	10
cc	1
eloc	2
nc	1
nop	1
crap	1

<?php
/*
 * This file is part of EC-CUBE
 *
 * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved.
 *
 * http://www.lockon.co.jp/
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */


namespace Eccube\Controller;

use Eccube\Application;
use Eccube\Common\Constant;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\Security\Csrf\CsrfToken;

class AbstractController

{
    public function __construct()

    {
    }

    /**
     * getBoundForm
     * 
     * @deprecated 
     */
    protected function getBoundForm(Application $app, $type)
    {
        @trigger_error('The '.__METHOD__.' method is deprecated.', E_USER_DEPRECATED);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

        $form = $app['form.factory']
            ->createBuilder($app['eccube.form.type.' . $type], $app['eccube.entity.' . $type])

            ->getForm();
        $form->handleRequest($app['request']);

        return $form;
    }

    protected function getSecurity($app)
    {
        return $app['security.token_storage'];
    }

    protected function isTokenValid($app)
    {
        $csrf = $app['form.csrf_provider'];
        $name = Constant::TOKEN_NAME;

        if (!$csrf->isTokenValid(new CsrfToken($name, $app['request']->request->get($name)))) {
            throw new AccessDeniedHttpException('CSRF token is invalid.');
        }

        return true;
    }

}


1		<?php
2		/*
3		* This file is part of EC-CUBE
4		*
5		* Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved.
6		*
7		* http://www.lockon.co.jp/
8		*
9		* This program is free software; you can redistribute it and/or
10		* modify it under the terms of the GNU General Public License
11		* as published by the Free Software Foundation; either version 2
12		* of the License, or (at your option) any later version.
13		*
14		* This program is distributed in the hope that it will be useful,
15		* but WITHOUT ANY WARRANTY; without even the implied warranty of
16		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17		* GNU General Public License for more details.
18		*
19		* You should have received a copy of the GNU General Public License
20		* along with this program; if not, write to the Free Software
21		* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22		*/
23
24
25		namespace Eccube\Controller;
26
27		use Eccube\Application;
28		use Eccube\Common\Constant;
29		use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
30		use Symfony\Component\Security\Csrf\CsrfToken;
31
32		class AbstractController
		0 ignored issues – show introduced 2015-11-21 02:41 UTC by Report Bug Copy Issue Report Missing class doc comment Loading history...
33		{
34		public function __construct()
		0 ignored issues – show introduced 2015-11-21 02:41 UTC by Report Bug Copy Issue Report Missing function doc comment Loading history...
35		{
36		}
37
38		/**
39		* getBoundForm
40		*
41		* @deprecated
42		*/
43		protected function getBoundForm(Application $app, $type)
44		{
45		@trigger_error('The '.__METHOD__.' method is deprecated.', E_USER_DEPRECATED);
		0 ignored issues – show Security Best Practice introduced 2015-12-17 09:28 UTC by Report Bug Copy Issue Report It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
46
47		$form = $app['form.factory']
48		->createBuilder($app['eccube.form.type.' . $type], $app['eccube.entity.' . $type])
		0 ignored issues – show Coding Style introduced 2015-11-21 02:41 UTC by Report Bug Copy Issue Report Concat operator must not be surrounded by spaces Loading history...
49		->getForm();
50		$form->handleRequest($app['request']);
51
52		return $form;
53		}
54
55	5	protected function getSecurity($app)
56		{
57	5	return $app['security.token_storage'];
58		}
59
60	88	protected function isTokenValid($app)
61		{
62	88	$csrf = $app['form.csrf_provider'];
63	88	$name = Constant::TOKEN_NAME;
64
65	88	if (!$csrf->isTokenValid(new CsrfToken($name, $app['request']->request->get($name)))) {
66		throw new AccessDeniedHttpException('CSRF token is invalid.');
67		}
68
69	88	return true;
70		}
71
72		}
73

EC-CUBE / ec-cube

AbstractController::getSecurity() A last analyzed 2017-02-27 17:14 UTC

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like

AbstractController::getSecurity() A
last analyzed 2017-02-27 17:14 UTC