Issues in Input.php - All Issues - Inspection of "Merge pull request #11567 from mrclay/11563_routes" - Elgg/Elgg - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( c0a3a7...3b84a4 )

by Jeroen

created 2018-01-08 10:08 UTC

engine/classes/Elgg/Http/Input.php (1 issue)

Labels

Best Practice 1

Severity

Minor 1

Evan Winslow 1

<?php
namespace Elgg\Http;

/**
 * WARNING: API IN FLUX. DO NOT USE DIRECTLY.
 *
 * Provides unified access to the $_GET and $_POST inputs.
 *
 * @package    Elgg.Core
 * @subpackage Http
 * @since      1.10.0
 * @access private
 */
class Input {

	/**
	 * Data set from set_input() or from the request
	 *
	 * @var array
	 */
	private $data = [];

	/**
	 * Sets an input value that may later be retrieved by get_input
	 *
	 * Note: this function does not handle nested arrays (ex: form input of param[m][n])
	 *
	 * @param string          $variable The name of the variable
	 * @param string|string[] $value    The value of the variable
	 *
	 * @return void
	 */
	public function set($variable, $value) {
		if (is_array($value)) {
			array_walk_recursive($value, function(&$v, $k) {
				$v = trim($v);
			});
			$this->data[trim($variable)] = $value;
		} else {
			$this->data[trim($variable)] = trim($value);
		}
	}

	/**
	 * Get some input from variables passed submitted through GET or POST.
	 *
	 * If using any data obtained from get_input() in a web page, please be aware that
	 * it is a possible vector for a reflected XSS attack. If you are expecting an
	 * integer, cast it to an int. If it is a string, escape quotes.
	 *
	 * Note: this function does not handle nested arrays (ex: form input of param[m][n])
	 * because of the filtering done in htmlawed from the filter_tags call.
	 * @todo Is this ^ still true?
	 *
	 * @param string $variable      The variable name we want.
	 * @param mixed  $default       A default value for the variable if it is not found.
	 * @param bool   $filter_result If true, then the result is filtered for bad tags.
	 *
	 * @return mixed
	 */
	function get($variable, $default = null, $filter_result = true) {

		$result = $default;
	
		_elgg_services()->context->push('input');

		if (isset($this->data[$variable])) {
			// a plugin has already set this variable
			$result = $this->data[$variable];
			if ($filter_result) {
				$result = filter_tags($result);
			}
		} else {
			$request = _elgg_services()->request;
			$value = $request->get($variable);
			if ($value !== null) {
				$result = $value;
				if (is_string($result)) {
					// @todo why trim
					$result = trim($result);
				}
	
				if ($filter_result) {
					$result = filter_tags($result);
				}
			}
		}

		elgg_pop_context();
	
		return $result;
	}
}


1		<?php
2		namespace Elgg\Http;
3
4		/**
5		* WARNING: API IN FLUX. DO NOT USE DIRECTLY.
6		*
7		* Provides unified access to the $_GET and $_POST inputs.
8		*
9		* @package Elgg.Core
10		* @subpackage Http
11		* @since 1.10.0
12		* @access private
13		*/
14		class Input {
15
16		/**
17		* Data set from set_input() or from the request
18		*
19		* @var array
20		*/
21		private $data = [];
22
23		/**
24		* Sets an input value that may later be retrieved by get_input
25		*
26		* Note: this function does not handle nested arrays (ex: form input of param[m][n])
27		*
28		* @param string $variable The name of the variable
29		* @param string\|string[] $value The value of the variable
30		*
31		* @return void
32		*/
33	38	public function set($variable, $value) {
34	38	if (is_array($value)) {
35	13	array_walk_recursive($value, function(&$v, $k) {
36	13	$v = trim($v);
37	13	});
38	13	$this->data[trim($variable)] = $value;
39		} else {
40	38	$this->data[trim($variable)] = trim($value);
41		}
42	38	}
43
44		/**
45		* Get some input from variables passed submitted through GET or POST.
46		*
47		* If using any data obtained from get_input() in a web page, please be aware that
48		* it is a possible vector for a reflected XSS attack. If you are expecting an
49		* integer, cast it to an int. If it is a string, escape quotes.
50		*
51		* Note: this function does not handle nested arrays (ex: form input of param[m][n])
52		* because of the filtering done in htmlawed from the filter_tags call.
53		* @todo Is this ^ still true?
54		*
55		* @param string $variable The variable name we want.
56		* @param mixed $default A default value for the variable if it is not found.
57		* @param bool $filter_result If true, then the result is filtered for bad tags.
58		*
59		* @return mixed
60		*/
61	4492	function get($variable, $default = null, $filter_result = true) {
		0 ignored issues – show Best Practice introduced 2017-10-16 06:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
62	4492	$result = $default;
63
64	4492	_elgg_services()->context->push('input');
65
66	4492	if (isset($this->data[$variable])) {
67		// a plugin has already set this variable
68	37	$result = $this->data[$variable];
69	37	if ($filter_result) {
70	37	$result = filter_tags($result);
71		}
72		} else {
73	4488	$request = _elgg_services()->request;
74	4488	$value = $request->get($variable);
75	4488	if ($value !== null) {
76	78	$result = $value;
77	78	if (is_string($result)) {
78		// @todo why trim
79	78	$result = trim($result);
80		}
81
82	78	if ($filter_result) {
83	75	$result = filter_tags($result);
84		}
85		}
86		}
87
88	4492	elgg_pop_context();
89
90	4492	return $result;
91		}
92		}
93

Elgg / Elgg

Push — master ( c0a3a7...3b84a4 )

engine/classes/Elgg/Http/Input.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like