Passed
Push — master ( c0a3a7...3b84a4 )
by Jeroen
58:51
created

engine/lib/actions.php (2 issues)

1
<?php
2
/**
3
 * Elgg Actions
4
 *
5
 * @see http://learn.elgg.org/en/latest/guides/actions.html
6
 *
7
 * @package Elgg.Core
8
 * @subpackage Actions
9
 */
10
11
use Elgg\Http\ResponseBuilder;
12
use Elgg\Database\SiteSecret;
13
14
/**
15
 * Handle a request for an action
16
 *
17
 * @param array $segments URL segments that make up action name
18
 *
19
 * @return ResponseBuilder|null
20
 * @access private
21
 */
22
function _elgg_action_handler(array $segments) {
23 23
	return _elgg_services()->actions->execute(implode('/', $segments));
24
}
25
26
/**
27
 * Perform an action.
28
 *
29
 * This function executes the action with name $action as registered
30
 * by {@link elgg_register_action()}.
31
 *
32
 * The plugin hook 'action', $action_name will be triggered before the action
33
 * is executed.  If a handler returns false, it will prevent the action script
34
 * from being called.
35
 *
36
 * @note If an action isn't registered in the system or is registered
37
 * to an unavailable file the user will be forwarded to the site front
38
 * page and an error will be emitted via {@link register_error()}.
39
 *
40
 * @warning All actions require CSRF tokens.
41
 *
42
 * @param string $action    The requested action
43
 *                          Name of the registered action
44
 * @param string $forwarder The location to forward to
45
 *                          Forwarding to this location will only take place if
46
 *                          action script file is not calling forward()
47
 *                          Defaults to index URL
48
 *                          Use REFERRER to forward to the referring page
49
 * @see elgg_register_action()
50
 *
51
 * @return void
52
 * @access private
53
 */
54
function action($action, $forwarder = "") {
55
	$response = _elgg_services()->actions->execute($action, $forwarder);
56
	if ($response instanceof ResponseBuilder) {
57
		// in case forward() wasn't called in the action
58
		_elgg_services()->responseFactory->respond($response);
59
	}
60
	_elgg_services()->responseFactory->redirect(REFERRER, 'csrf');
61
}
62
63
/**
64
 * Registers an action.
65
 *
66
 * Actions are registered to a script in the system and are executed
67
 * by the URL http://elggsite.org/action/action_name/.
68
 *
69
 * $filename must be the full path of the file to register or a path relative
70
 * to the core actions/ dir.
71
 *
72
 * Actions should be namedspaced for your plugin.  Example:
73
 * <code>
74
 * elgg_register_action('myplugin/save_settings', ...);
75
 * </code>
76
 *
77
 * @tip Put action files under the actions/<plugin_name> directory of your plugin.
78
 *
79
 * @tip You don't need to use Elgg\Application in your action files.
80
 *
81
 * @param string $action   The name of the action (eg "register", "account/settings/save")
82
 * @param string $filename Optionally, the filename where this action is located. If not specified,
83
 *                         will assume the action is in elgg/actions/<action>.php
84
 * @param string $access   Who is allowed to execute this action: public, logged_in, admin.
85
 *                         (default: logged_in)
86
 *
87
 * @return bool
88
 */
89
function elgg_register_action($action, $filename = "", $access = 'logged_in') {
90 31
	return _elgg_services()->actions->register($action, $filename, $access);
91
}
92
93
/**
94
 * Unregisters an action
95
 *
96
 * @param string $action Action name
97
 * @return bool
98
 * @since 1.8.1
99
 */
100
function elgg_unregister_action($action) {
101
	return _elgg_services()->actions->unregister($action);
102
}
103
104
/**
105
 * Get an HMAC token builder/validator object
106
 *
107
 * @param mixed $data HMAC data string or serializable data
108
 * @return \Elgg\Security\Hmac
109
 * @since 1.11
110
 */
111
function elgg_build_hmac($data) {
112 5
	return _elgg_services()->hmac->getHmac($data);
113
}
114
115
/**
116
 * Validate an action token.
117
 *
118
 * Calls to actions will automatically validate tokens. If tokens are not
119
 * present or invalid, the action will be denied and the user will be redirected.
120
 *
121
 * Plugin authors should never have to manually validate action tokens.
122
 *
123
 * @param bool  $visible_errors Emit {@link register_error()} errors on failure?
124
 * @param mixed $token          The token to test against. Default: $_REQUEST['__elgg_token']
125
 * @param mixed $ts             The time stamp to test against. Default: $_REQUEST['__elgg_ts']
126
 *
127
 * @return bool
128
 * @see generate_action_token()
129
 * @access private
130
 */
131
function validate_action_token($visible_errors = true, $token = null, $ts = null) {
132
	return _elgg_services()->actions->validateActionToken($visible_errors, $token, $ts);
133
}
134
135
/**
136
 * Validates the presence of action tokens.
137
 *
138
 * This function is called for all actions.  If action tokens are missing,
139
 * the user will be forwarded to the site front page and an error emitted.
140
 *
141
 * This function verifies form input for security features (like a generated token),
142
 * and forwards if they are invalid.
143
 *
144
 * @param string $action The action being performed
145
 *
146
 * @return mixed True if valid or redirects.
147
 * @access private
148
 */
149
function action_gatekeeper($action) {
150
	return _elgg_services()->actions->gatekeeper($action);
151
}
152
153
/**
154
 * Generate an action token.
155
 *
156
 * Action tokens are based on timestamps as returned by {@link time()}.
157
 * They are valid for one hour.
158
 *
159
 * Action tokens should be passed to all actions name __elgg_ts and __elgg_token.
160
 *
161
 * @warning Action tokens are required for all actions.
162
 *
163
 * @param int $timestamp Unix timestamp
164
 *
165
 * @see @elgg_view input/securitytoken
166
 * @see @elgg_view input/form
167
 *
168
 * @return string|false
169
 */
170
function generate_action_token($timestamp) {
171 1
	return _elgg_services()->actions->generateActionToken($timestamp);
172
}
173
174
/**
175
 * Regenerate a new site key (32 bytes: "z" to indicate format + 186-bit key in Base64 URL).
176
 *
177
 * @return mixed The site secret hash
178
 * @access private
179
 */
180
function init_site_secret() {
181 2
	$secret = SiteSecret::regenerate(_elgg_services()->crypto, _elgg_services()->configTable);
182 2
	_elgg_services()->setValue('siteSecret', $secret);
183 2
	return $secret->get();
184
}
185
186
/**
187
 * Get the strength of the site secret
188
 *
189
 * @return string "strong", "moderate", or "weak"
190
 * @access private
191
 */
192
function _elgg_get_site_secret_strength() {
193
	return _elgg_services()->siteSecret->getStrength();
194
}
195
196
/**
197
 * Check if an action is registered and its script exists.
198
 *
199
 * @param string $action Action name
200
 *
201
 * @return bool
202
 * @since 1.8.0
203
 */
204
function elgg_action_exists($action) {
205
	return _elgg_services()->actions->exists($action);
206
}
207
208
/**
209
 * Checks whether the request was requested via ajax
210
 *
211
 * @return bool whether page was requested via ajax
212
 * @since 1.8.0
213
 */
214
function elgg_is_xhr() {
215 23
	return _elgg_services()->request->isXmlHttpRequest();
216
}
217
218
/**
219
 * Send an updated CSRF token, provided the page's current tokens were not fake.
220
 *
221
 * @return ResponseBuilder
222
 * @access private
223
 */
224
function _elgg_csrf_token_refresh() {
225
	return _elgg_services()->actions->handleTokenRefreshRequest();
226
}
227
228
/**
229
 * @see \Elgg\Application::loadCore Do not do work here. Just register for events.
230
 */
231
return function(\Elgg\EventsService $events, \Elgg\HooksRegistrationService $hooks) {
1 ignored issue
show
The parameter $events is not used and could be removed. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-unused  annotation

231
return function(/** @scrutinizer ignore-unused */ \Elgg\EventsService $events, \Elgg\HooksRegistrationService $hooks) {

This check looks for parameters that have been defined for a function or method, but which are not used in the method body.

Loading history...
The parameter $hooks is not used and could be removed. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-unused  annotation

231
return function(\Elgg\EventsService $events, /** @scrutinizer ignore-unused */ \Elgg\HooksRegistrationService $hooks) {

This check looks for parameters that have been defined for a function or method, but which are not used in the method body.

Loading history...
232
233
};
234