Inspection of "Merge pull request #10935 from mrclay/fixes6" - Elgg/Elgg - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( ec2dfb...bb6a7d )

by Steve

created 2017-04-22 20:34 UTC

Status

Indentation +243 added lines, -243 removed lines patch added patch discarded remove patch

@@ -10,276 +10,276 @@
 block discarded – undo
  */
 class ElggCrypto {
 
-	/**
-	 * Character set for temp passwords (no risk of embedded profanity/glyphs that look similar)
-	 */
-	const CHARS_PASSWORD = 'bcdfghjklmnpqrstvwxyz2346789';
+    /**
+     * Character set for temp passwords (no risk of embedded profanity/glyphs that look similar)
+     */
+    const CHARS_PASSWORD = 'bcdfghjklmnpqrstvwxyz2346789';
 
-	/**
-	 * Character set for hexadecimal
-	 */
-	const CHARS_HEX = '0123456789abcdef';
+    /**
+     * Character set for hexadecimal
+     */
+    const CHARS_HEX = '0123456789abcdef';
 
-	/**
-	 * Generate a string of highly randomized bytes (over the full 8-bit range).
-	 *
-	 * @param int $length Number of bytes needed
-	 * @return string Random bytes
-	 *
-	 * @author George Argyros <[email protected]>
-	 * @copyright 2012, George Argyros. All rights reserved.
-	 * @license Modified BSD
-	 * @link https://github.com/GeorgeArgyros/Secure-random-bytes-in-PHP/blob/master/srand.php Original
-	 *
-	 * Redistribution and use in source and binary forms, with or without
-	 * modification, are permitted provided that the following conditions are met:
-	 *    * Redistributions of source code must retain the above copyright
-	 *      notice, this list of conditions and the following disclaimer.
-	 *    * Redistributions in binary form must reproduce the above copyright
-	 *      notice, this list of conditions and the following disclaimer in the
-	 *      documentation and/or other materials provided with the distribution.
-	 *    * Neither the name of the <organization> nor the
-	 *      names of its contributors may be used to endorse or promote products
-	 *      derived from this software without specific prior written permission.
-	 *
-	 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-	 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-	 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-	 * DISCLAIMED. IN NO EVENT SHALL GEORGE ARGYROS BE LIABLE FOR ANY
-	 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-	 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-	 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-	 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-	 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-	 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-	 */
-	public function getRandomBytes($length) {
-		if (is_callable('random_bytes')) {
-			try {
-				return random_bytes($length);
-			} catch (\Exception $e) {
-			}
-		}
+    /**
+     * Generate a string of highly randomized bytes (over the full 8-bit range).
+     *
+     * @param int $length Number of bytes needed
+     * @return string Random bytes
+     *
+     * @author George Argyros <[email protected]>
+     * @copyright 2012, George Argyros. All rights reserved.
+     * @license Modified BSD
+     * @link https://github.com/GeorgeArgyros/Secure-random-bytes-in-PHP/blob/master/srand.php Original
+     *
+     * Redistribution and use in source and binary forms, with or without
+     * modification, are permitted provided that the following conditions are met:
+     *    * Redistributions of source code must retain the above copyright
+     *      notice, this list of conditions and the following disclaimer.
+     *    * Redistributions in binary form must reproduce the above copyright
+     *      notice, this list of conditions and the following disclaimer in the
+     *      documentation and/or other materials provided with the distribution.
+     *    * Neither the name of the <organization> nor the
+     *      names of its contributors may be used to endorse or promote products
+     *      derived from this software without specific prior written permission.
+     *
+     * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+     * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+     * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+     * DISCLAIMED. IN NO EVENT SHALL GEORGE ARGYROS BE LIABLE FOR ANY
+     * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+     * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+     * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+     * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+     * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+     * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+     */
+    public function getRandomBytes($length) {
+        if (is_callable('random_bytes')) {
+            try {
+                return random_bytes($length);
+            } catch (\Exception $e) {
+            }
+        }
 
-		$SSLstr = '4'; // http://xkcd.com/221/
+        $SSLstr = '4'; // http://xkcd.com/221/
 
-		/**
-		 * Our primary choice for a cryptographic strong randomness function is
-		 * openssl_random_pseudo_bytes.
-		 */
-		if (function_exists('openssl_random_pseudo_bytes') && substr(PHP_OS, 0, 3) !== 'WIN') {
-			$SSLstr = openssl_random_pseudo_bytes($length, $strong);
-			if ($strong) {
-				return $SSLstr;
-			}
-		}
+        /**
+         * Our primary choice for a cryptographic strong randomness function is
+         * openssl_random_pseudo_bytes.
+         */
+        if (function_exists('openssl_random_pseudo_bytes') && substr(PHP_OS, 0, 3) !== 'WIN') {
+            $SSLstr = openssl_random_pseudo_bytes($length, $strong);
+            if ($strong) {
+                return $SSLstr;
+            }
+        }
 
-		/**
-		 * If mcrypt extension is available then we use it to gather entropy from
-		 * the operating system's PRNG. This is better than reading /dev/urandom
-		 * directly since it avoids reading larger blocks of data than needed.
-		 */
-		if (function_exists('mcrypt_create_iv') && substr(PHP_OS, 0, 3) !== 'WIN') {
-			$str = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
-			if ($str !== false) {
-				return $str;
-			}
-		}
+        /**
+         * If mcrypt extension is available then we use it to gather entropy from
+         * the operating system's PRNG. This is better than reading /dev/urandom
+         * directly since it avoids reading larger blocks of data than needed.
+         */
+        if (function_exists('mcrypt_create_iv') && substr(PHP_OS, 0, 3) !== 'WIN') {
+            $str = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
+            if ($str !== false) {
+                return $str;
+            }
+        }
 
-		/**
-		 * No build-in crypto randomness function found. We collect any entropy
-		 * available in the PHP core PRNGs along with some filesystem info and memory
-		 * stats. To make this data cryptographically strong we add data either from
-		 * /dev/urandom or if its unavailable, we gather entropy by measuring the
-		 * time needed to compute a number of SHA-1 hashes.
-		 */
-		$str = '';
-		$bits_per_round = 2; // bits of entropy collected in each clock drift round
-		$msec_per_round = 400; // expected running time of each round in microseconds
-		$hash_len = 20; // SHA-1 Hash length
-		$total = $length; // total bytes of entropy to collect
+        /**
+         * No build-in crypto randomness function found. We collect any entropy
+         * available in the PHP core PRNGs along with some filesystem info and memory
+         * stats. To make this data cryptographically strong we add data either from
+         * /dev/urandom or if its unavailable, we gather entropy by measuring the
+         * time needed to compute a number of SHA-1 hashes.
+         */
+        $str = '';
+        $bits_per_round = 2; // bits of entropy collected in each clock drift round
+        $msec_per_round = 400; // expected running time of each round in microseconds
+        $hash_len = 20; // SHA-1 Hash length
+        $total = $length; // total bytes of entropy to collect
 
-		$handle = @fopen('/dev/urandom', 'rb');
-		if ($handle && function_exists('stream_set_read_buffer')) {
-			@stream_set_read_buffer($handle, 0);
-		}
+        $handle = @fopen('/dev/urandom', 'rb');
+        if ($handle && function_exists('stream_set_read_buffer')) {
+            @stream_set_read_buffer($handle, 0);
+        }
 
-		do {
-			$bytes = ($total > $hash_len) ? $hash_len : $total;
-			$total -= $bytes;
+        do {
+            $bytes = ($total > $hash_len) ? $hash_len : $total;
+            $total -= $bytes;
 
-			//collect any entropy available from the PHP system and filesystem
-			$entropy = rand() . uniqid(mt_rand(), true) . $SSLstr;
-			$entropy .= implode('', @fstat(@fopen(__FILE__, 'r')));
-			$entropy .= memory_get_usage() . getmypid();
-			$entropy .= serialize($_ENV) . serialize($_SERVER);
-			if (function_exists('posix_times')) {
-				$entropy .= serialize(posix_times());
-			}
-			if (function_exists('zend_thread_id')) {
-				$entropy .= zend_thread_id();
-			}
+            //collect any entropy available from the PHP system and filesystem
+            $entropy = rand() . uniqid(mt_rand(), true) . $SSLstr;
+            $entropy .= implode('', @fstat(@fopen(__FILE__, 'r')));
+            $entropy .= memory_get_usage() . getmypid();
+            $entropy .= serialize($_ENV) . serialize($_SERVER);
+            if (function_exists('posix_times')) {
+                $entropy .= serialize(posix_times());
+            }
+            if (function_exists('zend_thread_id')) {
+                $entropy .= zend_thread_id();
+            }
 
-			if ($handle) {
-				$entropy .= @fread($handle, $bytes);
-			} else {
-				// In the future we should consider outright refusing to generate bytes without an
-				// official random source, as many consider hacks like this irresponsible.
+            if ($handle) {
+                $entropy .= @fread($handle, $bytes);
+            } else {
+                // In the future we should consider outright refusing to generate bytes without an
+                // official random source, as many consider hacks like this irresponsible.
 
-				// Measure the time that the operations will take on average
-				for ($i = 0; $i < 3; $i++) {
-					$c1 = microtime(true);
-					$var = sha1(mt_rand());
-					for ($j = 0; $j < 50; $j++) {
-						$var = sha1($var);
-					}
-					$c2 = microtime(true);
-					$entropy .= $c1 . $c2;
-				}
+                // Measure the time that the operations will take on average
+                for ($i = 0; $i < 3; $i++) {
+                    $c1 = microtime(true);
+                    $var = sha1(mt_rand());
+                    for ($j = 0; $j < 50; $j++) {
+                        $var = sha1($var);
+                    }
+                    $c2 = microtime(true);
+                    $entropy .= $c1 . $c2;
+                }
 
-				// Based on the above measurement determine the total rounds
-				// in order to bound the total running time.
-				if ($c2 - $c1 == 0) {
-					// This occurs on some Windows systems. On a late 2013 MacBook Pro, 2.6 GHz Intel Core i7
-					// this averaged 400, so we're just going with that. With all the other entropy gathered
-					// this should be sufficient.
-					$rounds = 400;
-				} else {
-					$rounds = (int) ($msec_per_round * 50 / (int) (($c2 - $c1) * 1000000));
-				}
+                // Based on the above measurement determine the total rounds
+                // in order to bound the total running time.
+                if ($c2 - $c1 == 0) {
+                    // This occurs on some Windows systems. On a late 2013 MacBook Pro, 2.6 GHz Intel Core i7
+                    // this averaged 400, so we're just going with that. With all the other entropy gathered
+                    // this should be sufficient.
+                    $rounds = 400;
+                } else {
+                    $rounds = (int) ($msec_per_round * 50 / (int) (($c2 - $c1) * 1000000));
+                }
 
-				// Take the additional measurements. On average we can expect
-				// at least $bits_per_round bits of entropy from each measurement.
-				$iter = $bytes * (int) (ceil(8 / $bits_per_round));
+                // Take the additional measurements. On average we can expect
+                // at least $bits_per_round bits of entropy from each measurement.
+                $iter = $bytes * (int) (ceil(8 / $bits_per_round));
 
-				for ($i = 0; $i < $iter; $i++) {
-					$c1 = microtime();
-					$var = sha1(mt_rand());
-					for ($j = 0; $j < $rounds; $j++) {
-						$var = sha1($var);
-					}
-					$c2 = microtime();
-					$entropy .= $c1 . $c2;
-				}
-			}
+                for ($i = 0; $i < $iter; $i++) {
+                    $c1 = microtime();
+                    $var = sha1(mt_rand());
+                    for ($j = 0; $j < $rounds; $j++) {
+                        $var = sha1($var);
+                    }
+                    $c2 = microtime();
+                    $entropy .= $c1 . $c2;
+                }
+            }
 
-			// We assume sha1 is a deterministic extractor for the $entropy variable.
-			$str .= sha1($entropy, true);
-		} while ($length > strlen($str));
+            // We assume sha1 is a deterministic extractor for the $entropy variable.
+            $str .= sha1($entropy, true);
+        } while ($length > strlen($str));
 
-		if ($handle) {
-			@fclose($handle);
-		}
+        if ($handle) {
+            @fclose($handle);
+        }
 
-		return substr($str, 0, $length);
-	}
+        return substr($str, 0, $length);
+    }
 
-	/**
-	 * Generate a random string of specified length.
-	 *
-	 * Uses supplied character list for generating the new string.
-	 * If no character list provided - uses Base64 URL character set.
-	 *
-	 * @param int         $length Desired length of the string
-	 * @param string|null $chars  Characters to be chosen from randomly. If not given, the Base64 URL
-	 *                            charset will be used.
-	 *
-	 * @return string The random string
-	 *
-	 * @throws InvalidArgumentException
-	 *
-	 * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
-	 * @license   http://framework.zend.com/license/new-bsd New BSD License
-	 *
-	 * @see https://github.com/zendframework/zf2/blob/master/library/Zend/Math/Rand.php#L179
-	 */
-	public function getRandomString($length, $chars = null) {
-		if ($length < 1) {
-			throw new \InvalidArgumentException('Length should be >= 1');
-		}
+    /**
+     * Generate a random string of specified length.
+     *
+     * Uses supplied character list for generating the new string.
+     * If no character list provided - uses Base64 URL character set.
+     *
+     * @param int         $length Desired length of the string
+     * @param string|null $chars  Characters to be chosen from randomly. If not given, the Base64 URL
+     *                            charset will be used.
+     *
+     * @return string The random string
+     *
+     * @throws InvalidArgumentException
+     *
+     * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
+     * @license   http://framework.zend.com/license/new-bsd New BSD License
+     *
+     * @see https://github.com/zendframework/zf2/blob/master/library/Zend/Math/Rand.php#L179
+     */
+    public function getRandomString($length, $chars = null) {
+        if ($length < 1) {
+            throw new \InvalidArgumentException('Length should be >= 1');
+        }
 
-		if (empty($chars)) {
-			$numBytes = ceil($length * 0.75);
-			$bytes    = $this->getRandomBytes($numBytes);
-			$string = substr(rtrim(base64_encode($bytes), '='), 0, $length);
+        if (empty($chars)) {
+            $numBytes = ceil($length * 0.75);
+            $bytes    = $this->getRandomBytes($numBytes);
+            $string = substr(rtrim(base64_encode($bytes), '='), 0, $length);
 
-			// Base64 URL
-			return strtr($string, '+/', '-_');
-		}
+            // Base64 URL
+            return strtr($string, '+/', '-_');
+        }
 
-		if ($chars == self::CHARS_HEX) {
-			// hex is easy
-			$bytes = $this->getRandomBytes(ceil($length / 2));
-			return substr(bin2hex($bytes), 0, $length);
-		}
+        if ($chars == self::CHARS_HEX) {
+            // hex is easy
+            $bytes = $this->getRandomBytes(ceil($length / 2));
+            return substr(bin2hex($bytes), 0, $length);
+        }
 
-		$listLen = strlen($chars);
+        $listLen = strlen($chars);
 
-		if ($listLen == 1) {
-			return str_repeat($chars, $length);
-		}
+        if ($listLen == 1) {
+            return str_repeat($chars, $length);
+        }
 
-		$bytes  = $this->getRandomBytes($length);
-		$pos    = 0;
-		$result = '';
-		for ($i = 0; $i < $length; $i++) {
-			$pos     = ($pos + ord($bytes[$i])) % $listLen;
-			$result .= $chars[$pos];
-		}
+        $bytes  = $this->getRandomBytes($length);
+        $pos    = 0;
+        $result = '';
+        for ($i = 0; $i < $length; $i++) {
+            $pos     = ($pos + ord($bytes[$i])) % $listLen;
+            $result .= $chars[$pos];
+        }
 
-		return $result;
-	}
+        return $result;
+    }
 
-	/**
-	 * Are two strings equal (compared in constant time)?
-	 *
-	 * @param string $str1 First string to compare
-	 * @param string $str2 Second string to compare
-	 *
-	 * @return bool
-	 *
-	 * Based on password_verify in PasswordCompat
-	 * @author Anthony Ferrara <[email protected]>
-	 * @license http://www.opensource.org/licenses/mit-license.html MIT License
-	 * @copyright 2012 The Authors
-	 */
-	public function areEqual($str1, $str2) {
-		$len1 = $this->strlen($str1);
-		$len2 = $this->strlen($str2);
-		if ($len1 !== $len2) {
-			return false;
-		}
+    /**
+     * Are two strings equal (compared in constant time)?
+     *
+     * @param string $str1 First string to compare
+     * @param string $str2 Second string to compare
+     *
+     * @return bool
+     *
+     * Based on password_verify in PasswordCompat
+     * @author Anthony Ferrara <[email protected]>
+     * @license http://www.opensource.org/licenses/mit-license.html MIT License
+     * @copyright 2012 The Authors
+     */
+    public function areEqual($str1, $str2) {
+        $len1 = $this->strlen($str1);
+        $len2 = $this->strlen($str2);
+        if ($len1 !== $len2) {
+            return false;
+        }
 
-		$status = 0;
-		for ($i = 0; $i < $len1; $i++) {
-			$status |= (ord($str1[$i]) ^ ord($str2[$i]));
-		}
+        $status = 0;
+        for ($i = 0; $i < $len1; $i++) {
+            $status |= (ord($str1[$i]) ^ ord($str2[$i]));
+        }
 
-		return $status === 0;
-	}
+        return $status === 0;
+    }
 
-	/**
-	 * Count the number of bytes in a string
-	 *
-	 * We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension.
-	 * In this case, strlen() will count the number of *characters* based on the internal encoding. A
-	 * sequence of bytes might be regarded as a single multibyte character.
-	 *
-	 * Use elgg_strlen() to count UTF-characters instead of bytes.
-	 *
-	 * @param string $binary_string The input string
-	 *
-	 * @return int The number of bytes
-	 *
-	 * From PasswordCompat\binary\_strlen
-	 * @author Anthony Ferrara <[email protected]>
-	 * @license http://www.opensource.org/licenses/mit-license.html MIT License
-	 * @copyright 2012 The Authors
-	 */
-	protected function strlen($binary_string) {
-		if (function_exists('mb_strlen')) {
-			return mb_strlen($binary_string, '8bit');
-		}
-		return strlen($binary_string);
-	}
+    /**
+     * Count the number of bytes in a string
+     *
+     * We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension.
+     * In this case, strlen() will count the number of *characters* based on the internal encoding. A
+     * sequence of bytes might be regarded as a single multibyte character.
+     *
+     * Use elgg_strlen() to count UTF-characters instead of bytes.
+     *
+     * @param string $binary_string The input string
+     *
+     * @return int The number of bytes
+     *
+     * From PasswordCompat\binary\_strlen
+     * @author Anthony Ferrara <[email protected]>
+     * @license http://www.opensource.org/licenses/mit-license.html MIT License
+     * @copyright 2012 The Authors
+     */
+    protected function strlen($binary_string) {
+        if (function_exists('mb_strlen')) {
+            return mb_strlen($binary_string, '8bit');
+        }
+        return strlen($binary_string);
+    }
 }

Please login to merge, or discard this patch.

engine/classes/Elgg/FileService/File.php 1 patch

Indentation +135 added lines, -135 removed lines patch added patch discarded remove patch

@@ -11,139 +11,139 @@
 block discarded – undo
  */
 class File {
 
-	const INLINE = 'inline';
-	const ATTACHMENT = 'attachment';
-
-	/**
-	 * @var \ElggFile
-	 */
-	private $file;
-
-	/**
-	 * @var int
-	 */
-	private $expires;
-
-	/**
-	 * @var string
-	 */
-	private $disposition;
-
-	/**
-	 * @var bool
-	 */
-	private $use_cookie = true;
-
-	/**
-	 * Set file object
-	 *
-	 * @param \ElggFile $file File object
-	 * @return void
-	 */
-	public function setFile(\ElggFile $file) {
-		$this->file = $file;
-	}
-
-	/**
-	 * Returns file object
-	 * @return \ElggFile|null
-	 */
-	public function getFile() {
-		return $this->file;
-	}
-
-	/**
-	 * Sets URL expiration
-	 *
-	 * @param int $expires String suitable for strtotime()
-	 * @return void
-	 */
-	public function setExpires($expires = '+2 hours') {
-		$this->expires = strtotime($expires);
-	}
-
-	/**
-	 * Sets content disposition
-	 *
-	 * @param string $disposition Content disposition ('inline' or 'attachment')
-	 * @return void
-	 */
-	public function setDisposition($disposition = self::ATTACHMENT) {
-		if (!in_array($disposition, [self::ATTACHMENT, self::INLINE])) {
-			throw new \InvalidArgumentException("Disposition $disposition is not supported in " . __CLASS__);
-		}
-		$this->disposition = $disposition;
-	}
-
-	/**
-	 * Bind URL to current user session
-	 *
-	 * @param bool $use_cookie Use cookie
-	 * @return void
-	 */
-	public function bindSession($use_cookie = true) {
-		$this->use_cookie = $use_cookie;
-	}
-
-	/**
-	 * Returns publicly accessible URL
-	 * @return string|false
-	 */
-	public function getURL() {
-
-		if (!$this->file instanceof \ElggFile || !$this->file->exists()) {
-			elgg_log("Unable to resolve resource URL for a file that does not exist on filestore");
-			return false;
-		}
-
-		$relative_path = '';
-		$root_prefix = _elgg_services()->config->getDataPath();
-		$path = $this->file->getFilenameOnFilestore();
-		if (substr($path, 0, strlen($root_prefix)) == $root_prefix) {
-			$relative_path = substr($path, strlen($root_prefix));
-		}
-
-		if (!$relative_path) {
-			elgg_log("Unable to resolve relative path of the file on the filestore");
-			return false;
-		}
-
-		if (preg_match('~[^a-zA-Z0-9_\./ ]~', $relative_path)) {
-			// Filenames may contain special characters that result in malformatted URLs
-			// and/or HMAC mismatches. We want to avoid that by encoding the path.
-			$relative_path = ':' . Base64Url::encode($relative_path);
-		}
-
-		$data = [
-			'expires' => isset($this->expires) ? $this->expires : 0,
-			'last_updated' => filemtime($this->file->getFilenameOnFilestore()),
-			'disposition' => $this->disposition == self::INLINE ? 'i' : 'a',
-			'path' => $relative_path,
-		];
-
-		if ($this->use_cookie) {
-			$data['cookie'] = _elgg_services()->session->getId();
-			if (empty($data['cookie'])) {
-				return false;
-			}
-			$data['use_cookie'] = 1;
-		} else {
-			$data['use_cookie'] = 0;
-		}
-
-		ksort($data);
-		$mac = _elgg_services()->hmac->getHmac($data)->getToken();
-
-		$url_segments = [
-			'serve-file',
-			"e{$data['expires']}",
-			"l{$data['last_updated']}",
-			"d{$data['disposition']}",
-			"c{$data['use_cookie']}",
-			$mac,
-			$relative_path,
-		];
-
-		return elgg_normalize_url(implode('/', $url_segments));
-	}
+    const INLINE = 'inline';
+    const ATTACHMENT = 'attachment';
+
+    /**
+     * @var \ElggFile
+     */
+    private $file;
+
+    /**
+     * @var int
+     */
+    private $expires;
+
+    /**
+     * @var string
+     */
+    private $disposition;
+
+    /**
+     * @var bool
+     */
+    private $use_cookie = true;
+
+    /**
+     * Set file object
+     *
+     * @param \ElggFile $file File object
+     * @return void
+     */
+    public function setFile(\ElggFile $file) {
+        $this->file = $file;
+    }
+
+    /**
+     * Returns file object
+     * @return \ElggFile|null
+     */
+    public function getFile() {
+        return $this->file;
+    }
+
+    /**
+     * Sets URL expiration
+     *
+     * @param int $expires String suitable for strtotime()
+     * @return void
+     */
+    public function setExpires($expires = '+2 hours') {
+        $this->expires = strtotime($expires);
+    }
+
+    /**
+     * Sets content disposition
+     *
+     * @param string $disposition Content disposition ('inline' or 'attachment')
+     * @return void
+     */
+    public function setDisposition($disposition = self::ATTACHMENT) {
+        if (!in_array($disposition, [self::ATTACHMENT, self::INLINE])) {
+            throw new \InvalidArgumentException("Disposition $disposition is not supported in " . __CLASS__);
+        }
+        $this->disposition = $disposition;
+    }
+
+    /**
+     * Bind URL to current user session
+     *
+     * @param bool $use_cookie Use cookie
+     * @return void
+     */
+    public function bindSession($use_cookie = true) {
+        $this->use_cookie = $use_cookie;
+    }
+
+    /**
+     * Returns publicly accessible URL
+     * @return string|false
+     */
+    public function getURL() {
+
+        if (!$this->file instanceof \ElggFile || !$this->file->exists()) {
+            elgg_log("Unable to resolve resource URL for a file that does not exist on filestore");
+            return false;
+        }
+
+        $relative_path = '';
+        $root_prefix = _elgg_services()->config->getDataPath();
+        $path = $this->file->getFilenameOnFilestore();
+        if (substr($path, 0, strlen($root_prefix)) == $root_prefix) {
+            $relative_path = substr($path, strlen($root_prefix));
+        }
+
+        if (!$relative_path) {
+            elgg_log("Unable to resolve relative path of the file on the filestore");
+            return false;
+        }
+
+        if (preg_match('~[^a-zA-Z0-9_\./ ]~', $relative_path)) {
+            // Filenames may contain special characters that result in malformatted URLs
+            // and/or HMAC mismatches. We want to avoid that by encoding the path.
+            $relative_path = ':' . Base64Url::encode($relative_path);
+        }
+
+        $data = [
+            'expires' => isset($this->expires) ? $this->expires : 0,
+            'last_updated' => filemtime($this->file->getFilenameOnFilestore()),
+            'disposition' => $this->disposition == self::INLINE ? 'i' : 'a',
+            'path' => $relative_path,
+        ];
+
+        if ($this->use_cookie) {
+            $data['cookie'] = _elgg_services()->session->getId();
+            if (empty($data['cookie'])) {
+                return false;
+            }
+            $data['use_cookie'] = 1;
+        } else {
+            $data['use_cookie'] = 0;
+        }
+
+        ksort($data);
+        $mac = _elgg_services()->hmac->getHmac($data)->getToken();
+
+        $url_segments = [
+            'serve-file',
+            "e{$data['expires']}",
+            "l{$data['last_updated']}",
+            "d{$data['disposition']}",
+            "c{$data['use_cookie']}",
+            $mac,
+            $relative_path,
+        ];
+
+        return elgg_normalize_url(implode('/', $url_segments));
+    }
 }

Please login to merge, or discard this patch.

engine/classes/Elgg/ActionsService.php 1 patch

Indentation +460 added lines, -460 removed lines patch added patch discarded remove patch

@@ -18,482 +18,482 @@
 block discarded – undo
  */
 class ActionsService {
 
-	use \Elgg\TimeUsing;
+    use \Elgg\TimeUsing;
 	
-	/**
-	 * @var Config
-	 */
-	private $config;
-
-	/**
-	 * @var ElggSession
-	 */
-	private $session;
-
-	/**
-	 * @var ElggCrypto
-	 */
-	private $crypto;
-
-	/**
-	 * Registered actions storage
-	 *
-	 * Each element has keys:
-	 *   "file" => filename
-	 *   "access" => access level
-	 *
-	 * @var array
-	 */
-	private $actions = [];
-
-	/**
-	 * The current action being processed
-	 * @var string
-	 */
-	private $currentAction = null;
-
-	/**
-	 * @var string[]
-	 */
-	private static $access_levels = ['public', 'logged_in', 'admin'];
-
-	/**
-	 * Constructor
-	 *
-	 * @param Config      $config  Config
-	 * @param ElggSession $session Session
-	 * @param ElggCrypto  $crypto  Crypto service
-	 */
-	public function __construct(Config $config, ElggSession $session, ElggCrypto $crypto) {
-		$this->config = $config;
-		$this->session = $session;
-		$this->crypto = $crypto;
-	}
-
-	/**
-	 * Executes an action
-	 * If called from action() redirect will be issued by the response factory
-	 * If called as /action page handler response will be handled by \Elgg\Router
-	 *
-	 * @param string $action    Action name
-	 * @param string $forwarder URL to forward to after completion
-	 * @return ResponseBuilder|null
-	 * @see action
-	 * @access private
-	 */
-	public function execute($action, $forwarder = "") {
-		$action = rtrim($action, '/');
-		$this->currentAction = $action;
+    /**
+     * @var Config
+     */
+    private $config;
+
+    /**
+     * @var ElggSession
+     */
+    private $session;
+
+    /**
+     * @var ElggCrypto
+     */
+    private $crypto;
+
+    /**
+     * Registered actions storage
+     *
+     * Each element has keys:
+     *   "file" => filename
+     *   "access" => access level
+     *
+     * @var array
+     */
+    private $actions = [];
+
+    /**
+     * The current action being processed
+     * @var string
+     */
+    private $currentAction = null;
+
+    /**
+     * @var string[]
+     */
+    private static $access_levels = ['public', 'logged_in', 'admin'];
+
+    /**
+     * Constructor
+     *
+     * @param Config      $config  Config
+     * @param ElggSession $session Session
+     * @param ElggCrypto  $crypto  Crypto service
+     */
+    public function __construct(Config $config, ElggSession $session, ElggCrypto $crypto) {
+        $this->config = $config;
+        $this->session = $session;
+        $this->crypto = $crypto;
+    }
+
+    /**
+     * Executes an action
+     * If called from action() redirect will be issued by the response factory
+     * If called as /action page handler response will be handled by \Elgg\Router
+     *
+     * @param string $action    Action name
+     * @param string $forwarder URL to forward to after completion
+     * @return ResponseBuilder|null
+     * @see action
+     * @access private
+     */
+    public function execute($action, $forwarder = "") {
+        $action = rtrim($action, '/');
+        $this->currentAction = $action;
 		
-		// @todo REMOVE THESE ONCE #1509 IS IN PLACE.
-		// Allow users to disable plugins without a token in order to
-		// remove plugins that are incompatible.
-		// Login and logout are for convenience.
-		// file/download (see #2010)
-		$exceptions = [
-			'admin/plugins/disable',
-			'logout',
-			'file/download',
-		];
+        // @todo REMOVE THESE ONCE #1509 IS IN PLACE.
+        // Allow users to disable plugins without a token in order to
+        // remove plugins that are incompatible.
+        // Login and logout are for convenience.
+        // file/download (see #2010)
+        $exceptions = [
+            'admin/plugins/disable',
+            'logout',
+            'file/download',
+        ];
 	
-		if (!in_array($action, $exceptions)) {
-			// All actions require a token.
-			$pass = $this->gatekeeper($action);
-			if (!$pass) {
-				return;
-			}
-		}
+        if (!in_array($action, $exceptions)) {
+            // All actions require a token.
+            $pass = $this->gatekeeper($action);
+            if (!$pass) {
+                return;
+            }
+        }
 	
-		$forwarder = str_replace($this->config->getSiteUrl(), "", $forwarder);
-		$forwarder = str_replace("http://", "", $forwarder);
-		$forwarder = str_replace("@", "", $forwarder);
-		if (substr($forwarder, 0, 1) == "/") {
-			$forwarder = substr($forwarder, 1);
-		}
-
-		$ob_started = false;
-
-		/**
-		 * Prepare action response
-		 *
-		 * @param string $error_key   Error message key
-		 * @param int    $status_code HTTP status code
-		 * @return ResponseBuilder
-		 */
-		$forward = function ($error_key = '', $status_code = ELGG_HTTP_OK) use ($action, $forwarder, &$ob_started) {
-			if ($error_key) {
-				if ($ob_started) {
-					ob_end_clean();
-				}
-				$msg = _elgg_services()->translator->translate($error_key, [$action]);
-				_elgg_services()->systemMessages->addErrorMessage($msg);
-				$response = new \Elgg\Http\ErrorResponse($msg, $status_code);
-			} else {
-				$content = ob_get_clean();
-				$response = new \Elgg\Http\OkResponse($content, $status_code);
-			}
+        $forwarder = str_replace($this->config->getSiteUrl(), "", $forwarder);
+        $forwarder = str_replace("http://", "", $forwarder);
+        $forwarder = str_replace("@", "", $forwarder);
+        if (substr($forwarder, 0, 1) == "/") {
+            $forwarder = substr($forwarder, 1);
+        }
+
+        $ob_started = false;
+
+        /**
+         * Prepare action response
+         *
+         * @param string $error_key   Error message key
+         * @param int    $status_code HTTP status code
+         * @return ResponseBuilder
+         */
+        $forward = function ($error_key = '', $status_code = ELGG_HTTP_OK) use ($action, $forwarder, &$ob_started) {
+            if ($error_key) {
+                if ($ob_started) {
+                    ob_end_clean();
+                }
+                $msg = _elgg_services()->translator->translate($error_key, [$action]);
+                _elgg_services()->systemMessages->addErrorMessage($msg);
+                $response = new \Elgg\Http\ErrorResponse($msg, $status_code);
+            } else {
+                $content = ob_get_clean();
+                $response = new \Elgg\Http\OkResponse($content, $status_code);
+            }
 			
-			$forwarder = empty($forwarder) ? REFERER : $forwarder;
-			$response->setForwardURL($forwarder);
-			return $response;
-		};
-
-		if (!isset($this->actions[$action])) {
-			return $forward('actionundefined', ELGG_HTTP_NOT_IMPLEMENTED);
-		}
-
-		$user = $this->session->getLoggedInUser();
-
-		// access checks
-		switch ($this->actions[$action]['access']) {
-			case 'public':
-				break;
-			case 'logged_in':
-				if (!$user) {
-					return $forward('actionloggedout', ELGG_HTTP_FORBIDDEN);
-				}
-				break;
-			default:
-				// admin or misspelling
-				if (!$user || !$user->isAdmin()) {
-					return $forward('actionunauthorized', ELGG_HTTP_FORBIDDEN);
-				}
-		}
-
-		ob_start();
+            $forwarder = empty($forwarder) ? REFERER : $forwarder;
+            $response->setForwardURL($forwarder);
+            return $response;
+        };
+
+        if (!isset($this->actions[$action])) {
+            return $forward('actionundefined', ELGG_HTTP_NOT_IMPLEMENTED);
+        }
+
+        $user = $this->session->getLoggedInUser();
+
+        // access checks
+        switch ($this->actions[$action]['access']) {
+            case 'public':
+                break;
+            case 'logged_in':
+                if (!$user) {
+                    return $forward('actionloggedout', ELGG_HTTP_FORBIDDEN);
+                }
+                break;
+            default:
+                // admin or misspelling
+                if (!$user || !$user->isAdmin()) {
+                    return $forward('actionunauthorized', ELGG_HTTP_FORBIDDEN);
+                }
+        }
+
+        ob_start();
 		
-		// To quietly cancel the file, return a falsey value in the "action" hook.
-		if (!_elgg_services()->hooks->trigger('action', $action, null, true)) {
-			return $forward('', ELGG_HTTP_OK);
-		}
-
-		$file = $this->actions[$action]['file'];
-
-		if (!is_file($file) || !is_readable($file)) {
-			return $forward('actionnotfound', ELGG_HTTP_NOT_IMPLEMENTED);
-		}
-
-		// set the maximum execution time for actions
-		$action_timeout = $this->config->get('action_time_limit');
-		if (isset($action_timeout)) {
-			set_time_limit($action_timeout);
-		}
-
-		$result = Includer::includeFile($file);
-		if ($result instanceof ResponseBuilder) {
-			ob_end_clean();
-			return $result;
-		}
-
-		return $forward('', ELGG_HTTP_OK);
-	}
+        // To quietly cancel the file, return a falsey value in the "action" hook.
+        if (!_elgg_services()->hooks->trigger('action', $action, null, true)) {
+            return $forward('', ELGG_HTTP_OK);
+        }
+
+        $file = $this->actions[$action]['file'];
+
+        if (!is_file($file) || !is_readable($file)) {
+            return $forward('actionnotfound', ELGG_HTTP_NOT_IMPLEMENTED);
+        }
+
+        // set the maximum execution time for actions
+        $action_timeout = $this->config->get('action_time_limit');
+        if (isset($action_timeout)) {
+            set_time_limit($action_timeout);
+        }
+
+        $result = Includer::includeFile($file);
+        if ($result instanceof ResponseBuilder) {
+            ob_end_clean();
+            return $result;
+        }
+
+        return $forward('', ELGG_HTTP_OK);
+    }
 	
-	/**
-	 * @see elgg_register_action
-	 * @access private
-	 */
-	public function register($action, $filename = "", $access = 'logged_in') {
-		// plugins are encouraged to call actions with a trailing / to prevent 301
-		// redirects but we store the actions without it
-		$action = rtrim($action, '/');
+    /**
+     * @see elgg_register_action
+     * @access private
+     */
+    public function register($action, $filename = "", $access = 'logged_in') {
+        // plugins are encouraged to call actions with a trailing / to prevent 301
+        // redirects but we store the actions without it
+        $action = rtrim($action, '/');
 	
-		if (empty($filename)) {
-			$path = __DIR__ . '/../../../actions';
-			$filename = realpath("$path/$action.php");
-		}
-
-		if (!in_array($access, self::$access_levels)) {
-			_elgg_services()->logger->error("Unrecognized value '$access' for \$access in " . __METHOD__);
-			$access = 'admin';
-		}
+        if (empty($filename)) {
+            $path = __DIR__ . '/../../../actions';
+            $filename = realpath("$path/$action.php");
+        }
+
+        if (!in_array($access, self::$access_levels)) {
+            _elgg_services()->logger->error("Unrecognized value '$access' for \$access in " . __METHOD__);
+            $access = 'admin';
+        }
 	
-		$this->actions[$action] = [
-			'file' => $filename,
-			'access' => $access,
-		];
-		return true;
-	}
+        $this->actions[$action] = [
+            'file' => $filename,
+            'access' => $access,
+        ];
+        return true;
+    }
 	
-	/**
-	 * @see elgg_unregister_action
-	 * @access private
-	 */
-	public function unregister($action) {
-		if (isset($this->actions[$action])) {
-			unset($this->actions[$action]);
-			return true;
-		} else {
-			return false;
-		}
-	}
-
-	/**
-	 * @see validate_action_token
-	 * @access private
-	 */
-	public function validateActionToken($visible_errors = true, $token = null, $ts = null) {
-		if (!$token) {
-			$token = get_input('__elgg_token');
-		}
+    /**
+     * @see elgg_unregister_action
+     * @access private
+     */
+    public function unregister($action) {
+        if (isset($this->actions[$action])) {
+            unset($this->actions[$action]);
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    /**
+     * @see validate_action_token
+     * @access private
+     */
+    public function validateActionToken($visible_errors = true, $token = null, $ts = null) {
+        if (!$token) {
+            $token = get_input('__elgg_token');
+        }
 	
-		if (!$ts) {
-			$ts = get_input('__elgg_ts');
-		}
-
-		$session_id = $this->session->getId();
-
-		if (($token) && ($ts) && ($session_id)) {
-			if ($this->validateTokenOwnership($token, $ts)) {
-				if ($this->validateTokenTimestamp($ts)) {
-					// We have already got this far, so unless anything
-					// else says something to the contrary we assume we're ok
-					$returnval = _elgg_services()->hooks->trigger('action_gatekeeper:permissions:check', 'all', [
-						'token' => $token,
-						'time' => $ts
-					], true);
-
-					if ($returnval) {
-						return true;
-					} else if ($visible_errors) {
-						register_error(_elgg_services()->translator->translate('actiongatekeeper:pluginprevents'));
-					}
-				} else if ($visible_errors) {
-					// this is necessary because of #5133
-					if (elgg_is_xhr()) {
-						register_error(_elgg_services()->translator->translate(
-							'js:security:token_refresh_failed',
-							[$this->config->getSiteUrl()]
-						));
-					} else {
-						register_error(_elgg_services()->translator->translate('actiongatekeeper:timeerror'));
-					}
-				}
-			} else if ($visible_errors) {
-				// this is necessary because of #5133
-				if (elgg_is_xhr()) {
-					register_error(_elgg_services()->translator->translate('js:security:token_refresh_failed', [$this->config->getSiteUrl()]));
-				} else {
-					register_error(_elgg_services()->translator->translate('actiongatekeeper:tokeninvalid'));
-				}
-			}
-		} else {
-			$req = _elgg_services()->request;
-			$length = $req->server->get('CONTENT_LENGTH');
-			$post_count = count($req->request);
-			if ($length && $post_count < 1) {
-				// The size of $_POST or uploaded file has exceed the size limit
-				$error_msg = _elgg_services()->hooks->trigger('action_gatekeeper:upload_exceeded_msg', 'all', [
-					'post_size' => $length,
-					'visible_errors' => $visible_errors,
-				], _elgg_services()->translator->translate('actiongatekeeper:uploadexceeded'));
-			} else {
-				$error_msg = _elgg_services()->translator->translate('actiongatekeeper:missingfields');
-			}
-			if ($visible_errors) {
-				register_error($error_msg);
-			}
-		}
-
-		return false;
-	}
-
-	/**
-	 * Is the token timestamp within acceptable range?
-	 *
-	 * @param int $ts timestamp from the CSRF token
-	 *
-	 * @return bool
-	 */
-	protected function validateTokenTimestamp($ts) {
-		$timeout = $this->getActionTokenTimeout();
-		$now = $this->getCurrentTime()->getTimestamp();
-		return ($timeout == 0 || ($ts > $now - $timeout) && ($ts < $now + $timeout));
-	}
-
-	/**
-	 * @see ActionsService::validateActionToken
-	 * @access private
-	 * @since 1.9.0
-	 * @return int number of seconds that action token is valid
-	 */
-	public function getActionTokenTimeout() {
-		if (($timeout = $this->config->get('action_token_timeout')) === null) {
-			// default to 2 hours
-			$timeout = 2;
-		}
-		$hour = 60 * 60;
-		return (int) ((float) $timeout * $hour);
-	}
-
-	/**
-	 * @return bool
-	 * @see action_gatekeeper
-	 * @access private
-	 */
-	public function gatekeeper($action) {
-		if ($action === 'login') {
-			if ($this->validateActionToken(false)) {
-				return true;
-			}
-
-			$token = get_input('__elgg_token');
-			$ts = (int) get_input('__elgg_ts');
-			if ($token && $this->validateTokenTimestamp($ts)) {
-				// The tokens are present and the time looks valid: this is probably a mismatch due to the
-				// login form being on a different domain.
-				register_error(_elgg_services()->translator->translate('actiongatekeeper:crosssitelogin'));
-				_elgg_services()->responseFactory->redirect('login', 'csrf');
-				return false;
-			}
-		}
+        if (!$ts) {
+            $ts = get_input('__elgg_ts');
+        }
+
+        $session_id = $this->session->getId();
+
+        if (($token) && ($ts) && ($session_id)) {
+            if ($this->validateTokenOwnership($token, $ts)) {
+                if ($this->validateTokenTimestamp($ts)) {
+                    // We have already got this far, so unless anything
+                    // else says something to the contrary we assume we're ok
+                    $returnval = _elgg_services()->hooks->trigger('action_gatekeeper:permissions:check', 'all', [
+                        'token' => $token,
+                        'time' => $ts
+                    ], true);
+
+                    if ($returnval) {
+                        return true;
+                    } else if ($visible_errors) {
+                        register_error(_elgg_services()->translator->translate('actiongatekeeper:pluginprevents'));
+                    }
+                } else if ($visible_errors) {
+                    // this is necessary because of #5133
+                    if (elgg_is_xhr()) {
+                        register_error(_elgg_services()->translator->translate(
+                            'js:security:token_refresh_failed',
+                            [$this->config->getSiteUrl()]
+                        ));
+                    } else {
+                        register_error(_elgg_services()->translator->translate('actiongatekeeper:timeerror'));
+                    }
+                }
+            } else if ($visible_errors) {
+                // this is necessary because of #5133
+                if (elgg_is_xhr()) {
+                    register_error(_elgg_services()->translator->translate('js:security:token_refresh_failed', [$this->config->getSiteUrl()]));
+                } else {
+                    register_error(_elgg_services()->translator->translate('actiongatekeeper:tokeninvalid'));
+                }
+            }
+        } else {
+            $req = _elgg_services()->request;
+            $length = $req->server->get('CONTENT_LENGTH');
+            $post_count = count($req->request);
+            if ($length && $post_count < 1) {
+                // The size of $_POST or uploaded file has exceed the size limit
+                $error_msg = _elgg_services()->hooks->trigger('action_gatekeeper:upload_exceeded_msg', 'all', [
+                    'post_size' => $length,
+                    'visible_errors' => $visible_errors,
+                ], _elgg_services()->translator->translate('actiongatekeeper:uploadexceeded'));
+            } else {
+                $error_msg = _elgg_services()->translator->translate('actiongatekeeper:missingfields');
+            }
+            if ($visible_errors) {
+                register_error($error_msg);
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Is the token timestamp within acceptable range?
+     *
+     * @param int $ts timestamp from the CSRF token
+     *
+     * @return bool
+     */
+    protected function validateTokenTimestamp($ts) {
+        $timeout = $this->getActionTokenTimeout();
+        $now = $this->getCurrentTime()->getTimestamp();
+        return ($timeout == 0 || ($ts > $now - $timeout) && ($ts < $now + $timeout));
+    }
+
+    /**
+     * @see ActionsService::validateActionToken
+     * @access private
+     * @since 1.9.0
+     * @return int number of seconds that action token is valid
+     */
+    public function getActionTokenTimeout() {
+        if (($timeout = $this->config->get('action_token_timeout')) === null) {
+            // default to 2 hours
+            $timeout = 2;
+        }
+        $hour = 60 * 60;
+        return (int) ((float) $timeout * $hour);
+    }
+
+    /**
+     * @return bool
+     * @see action_gatekeeper
+     * @access private
+     */
+    public function gatekeeper($action) {
+        if ($action === 'login') {
+            if ($this->validateActionToken(false)) {
+                return true;
+            }
+
+            $token = get_input('__elgg_token');
+            $ts = (int) get_input('__elgg_ts');
+            if ($token && $this->validateTokenTimestamp($ts)) {
+                // The tokens are present and the time looks valid: this is probably a mismatch due to the
+                // login form being on a different domain.
+                register_error(_elgg_services()->translator->translate('actiongatekeeper:crosssitelogin'));
+                _elgg_services()->responseFactory->redirect('login', 'csrf');
+                return false;
+            }
+        }
 		
-		if ($this->validateActionToken()) {
-			return true;
-		}
+        if ($this->validateActionToken()) {
+            return true;
+        }
 			
-		_elgg_services()->responseFactory->redirect(REFERER, 'csrf');
-		return false;
-	}
-
-	/**
-	 * Was the given token generated for the session defined by session_token?
-	 *
-	 * @param string $token         CSRF token
-	 * @param int    $timestamp     Unix time
-	 * @param string $session_token Session-specific token
-	 *
-	 * @return bool
-	 * @access private
-	 */
-	public function validateTokenOwnership($token, $timestamp, $session_token = '') {
-		$required_token = $this->generateActionToken($timestamp, $session_token);
-
-		return _elgg_services()->crypto->areEqual($token, $required_token);
-	}
+        _elgg_services()->responseFactory->redirect(REFERER, 'csrf');
+        return false;
+    }
+
+    /**
+     * Was the given token generated for the session defined by session_token?
+     *
+     * @param string $token         CSRF token
+     * @param int    $timestamp     Unix time
+     * @param string $session_token Session-specific token
+     *
+     * @return bool
+     * @access private
+     */
+    public function validateTokenOwnership($token, $timestamp, $session_token = '') {
+        $required_token = $this->generateActionToken($timestamp, $session_token);
+
+        return _elgg_services()->crypto->areEqual($token, $required_token);
+    }
 	
-	/**
-	 * Generate a token from a session token (specifying the user), the timestamp, and the site key.
-	 *
-	 * @see generate_action_token
-	 *
-	 * @param int    $timestamp     Unix timestamp
-	 * @param string $session_token Session-specific token
-	 *
-	 * @return string
-	 * @access private
-	 */
-	public function generateActionToken($timestamp, $session_token = '') {
-		if (!$session_token) {
-			$session_token = elgg_get_session()->get('__elgg_session');
-			if (!$session_token) {
-				return false;
-			}
-		}
-
-		return _elgg_services()->hmac->getHmac([(int) $timestamp, $session_token], 'md5')
-			->getToken();
-	}
+    /**
+     * Generate a token from a session token (specifying the user), the timestamp, and the site key.
+     *
+     * @see generate_action_token
+     *
+     * @param int    $timestamp     Unix timestamp
+     * @param string $session_token Session-specific token
+     *
+     * @return string
+     * @access private
+     */
+    public function generateActionToken($timestamp, $session_token = '') {
+        if (!$session_token) {
+            $session_token = elgg_get_session()->get('__elgg_session');
+            if (!$session_token) {
+                return false;
+            }
+        }
+
+        return _elgg_services()->hmac->getHmac([(int) $timestamp, $session_token], 'md5')
+            ->getToken();
+    }
 	
-	/**
-	 * @see elgg_action_exists
-	 * @access private
-	 */
-	public function exists($action) {
-		return (isset($this->actions[$action]) && file_exists($this->actions[$action]['file']));
-	}
+    /**
+     * @see elgg_action_exists
+     * @access private
+     */
+    public function exists($action) {
+        return (isset($this->actions[$action]) && file_exists($this->actions[$action]['file']));
+    }
 	
-	/**
-	 * @see ajax_forward_hook
-	 * @access private
-	 * @deprecated 2.3
-	 */
-	public function ajaxForwardHook($hook, $reason, $forward_url, $params) {
-		if (!elgg_is_xhr()) {
-			return;
-		}
-
-		// grab any data echo'd in the action
-		$output = ob_get_clean();
-
-		if ($reason == 'walled_garden' || $reason == 'csrf') {
-			$reason = '403';
-		}
-
-		$status_code = (int) $reason;
-		if ($status_code < 100 || ($status_code > 299 && $status_code < 400) || $status_code > 599) {
-			// We only want to preserve OK and error codes
-			// Redirect responses should be converted to OK responses as this is an XHR request
-			$status_code = ELGG_HTTP_OK;
-		}
-
-		$response = elgg_ok_response($output, '', $forward_url, $status_code);
-
-		$headers = $response->getHeaders();
-		$headers['Content-Type'] = 'application/json; charset=UTF-8';
-		$response->setHeaders($headers);
-
-		_elgg_services()->responseFactory->respond($response);
-		exit;
-	}
+    /**
+     * @see ajax_forward_hook
+     * @access private
+     * @deprecated 2.3
+     */
+    public function ajaxForwardHook($hook, $reason, $forward_url, $params) {
+        if (!elgg_is_xhr()) {
+            return;
+        }
+
+        // grab any data echo'd in the action
+        $output = ob_get_clean();
+
+        if ($reason == 'walled_garden' || $reason == 'csrf') {
+            $reason = '403';
+        }
+
+        $status_code = (int) $reason;
+        if ($status_code < 100 || ($status_code > 299 && $status_code < 400) || $status_code > 599) {
+            // We only want to preserve OK and error codes
+            // Redirect responses should be converted to OK responses as this is an XHR request
+            $status_code = ELGG_HTTP_OK;
+        }
+
+        $response = elgg_ok_response($output, '', $forward_url, $status_code);
+
+        $headers = $response->getHeaders();
+        $headers['Content-Type'] = 'application/json; charset=UTF-8';
+        $response->setHeaders($headers);
+
+        _elgg_services()->responseFactory->respond($response);
+        exit;
+    }
 	
-	/**
-	 * @see ajax_action_hook
-	 * @access private
-	 * @deprecated 2.3
-	 */
-	public function ajaxActionHook() {
-		if (elgg_is_xhr()) {
-			ob_start();
-		}
-	}
-
-	/**
-	 * Get all actions
-	 *
-	 * @return array
-	 */
-	public function getAllActions() {
-		return $this->actions;
-	}
-
-	/**
-	 * Send an updated CSRF token, provided the page's current tokens were not fake.
-	 *
-	 * @return ResponseBuilder
-	 * @access private
-	 */
-	public function handleTokenRefreshRequest() {
-		if (!elgg_is_xhr()) {
-			return false;
-		}
-
-		// the page's session_token might have expired (not matching __elgg_session in the session), but
-		// we still allow it to be given to validate the tokens in the page.
-		$session_token = get_input('session_token', null, false);
-		$pairs = (array) get_input('pairs', [], false);
-		$valid_tokens = (object) [];
-		foreach ($pairs as $pair) {
-			list($ts, $token) = explode(',', $pair, 2);
-			if ($this->validateTokenOwnership($token, $ts, $session_token)) {
-				$valid_tokens->{$token} = true;
-			}
-		}
-
-		$ts = $this->getCurrentTime()->getTimestamp();
-		$token = $this->generateActionToken($ts);
-		$data = [
-			'token' => [
-				'__elgg_ts' => $ts,
-				'__elgg_token' => $token,
-				'logged_in' => $this->session->isLoggedIn(),
-			],
-			'valid_tokens' => $valid_tokens,
-			'session_token' => $this->session->get('__elgg_session'),
-			'user_guid' => $this->session->getLoggedInUserGuid(),
-		];
-
-		elgg_set_http_header("Content-Type: application/json;charset=utf-8");
-		return elgg_ok_response($data);
-	}
+    /**
+     * @see ajax_action_hook
+     * @access private
+     * @deprecated 2.3
+     */
+    public function ajaxActionHook() {
+        if (elgg_is_xhr()) {
+            ob_start();
+        }
+    }
+
+    /**
+     * Get all actions
+     *
+     * @return array
+     */
+    public function getAllActions() {
+        return $this->actions;
+    }
+
+    /**
+     * Send an updated CSRF token, provided the page's current tokens were not fake.
+     *
+     * @return ResponseBuilder
+     * @access private
+     */
+    public function handleTokenRefreshRequest() {
+        if (!elgg_is_xhr()) {
+            return false;
+        }
+
+        // the page's session_token might have expired (not matching __elgg_session in the session), but
+        // we still allow it to be given to validate the tokens in the page.
+        $session_token = get_input('session_token', null, false);
+        $pairs = (array) get_input('pairs', [], false);
+        $valid_tokens = (object) [];
+        foreach ($pairs as $pair) {
+            list($ts, $token) = explode(',', $pair, 2);
+            if ($this->validateTokenOwnership($token, $ts, $session_token)) {
+                $valid_tokens->{$token} = true;
+            }
+        }
+
+        $ts = $this->getCurrentTime()->getTimestamp();
+        $token = $this->generateActionToken($ts);
+        $data = [
+            'token' => [
+                '__elgg_ts' => $ts,
+                '__elgg_token' => $token,
+                'logged_in' => $this->session->isLoggedIn(),
+            ],
+            'valid_tokens' => $valid_tokens,
+            'session_token' => $this->session->get('__elgg_session'),
+            'user_guid' => $this->session->getLoggedInUserGuid(),
+        ];
+
+        elgg_set_http_header("Content-Type: application/json;charset=utf-8");
+        return elgg_ok_response($data);
+    }
 }
 

Please login to merge, or discard this patch.

engine/classes/Elgg/Database/UsersTable.php 2 patches

Indentation +516 added lines, -516 removed lines patch added patch discarded remove patch

@@ -21,518 +21,518 @@  discard block
 block discarded – undo
  */
 class UsersTable {
 
-	use \Elgg\TimeUsing;
-
-	/**
-	 * @var Conf
-	 */
-	protected $config;
-
-	/**
-	 * @var Database
-	 */
-	protected $db;
-
-	/**
-	 * @var EntityTable
-	 */
-	protected $entities;
-
-	/**
-	 * @var EntityCache
-	 */
-	protected $entity_cache;
-
-	/**
-	 * @var EventsService
-	 */
-	protected $events;
-
-	/**
-	 * @var string
-	 */
-	protected $table;
-
-	/**
-	 * Constructor
-	 *
-	 * @param Conf          $config   Config
-	 * @param Database      $db       Database
-	 * @param EntityTable   $entities Entity table
-	 * @param EntityCache   $cache    Entity cache
-	 * @param EventsService $events   Event service
-	 */
-	public function __construct(
-	Conf $config, Database $db, EntityTable $entities, EntityCache $cache, EventsService $events
-	) {
-		$this->config = $config;
-		$this->db = $db;
-		$this->table = $this->db->prefix . "users_entity";
-		$this->entities = $entities;
-		$this->entity_cache = $cache;
-		$this->events = $events;
-	}
-
-	/**
-	 * Return the user specific details of a user by a row.
-	 *
-	 * @param int $guid The \ElggUser guid
-	 *
-	 * @return mixed
-	 * @access private
-	 */
-	public function getRow($guid) {
-		$sql = "
+    use \Elgg\TimeUsing;
+
+    /**
+     * @var Conf
+     */
+    protected $config;
+
+    /**
+     * @var Database
+     */
+    protected $db;
+
+    /**
+     * @var EntityTable
+     */
+    protected $entities;
+
+    /**
+     * @var EntityCache
+     */
+    protected $entity_cache;
+
+    /**
+     * @var EventsService
+     */
+    protected $events;
+
+    /**
+     * @var string
+     */
+    protected $table;
+
+    /**
+     * Constructor
+     *
+     * @param Conf          $config   Config
+     * @param Database      $db       Database
+     * @param EntityTable   $entities Entity table
+     * @param EntityCache   $cache    Entity cache
+     * @param EventsService $events   Event service
+     */
+    public function __construct(
+    Conf $config, Database $db, EntityTable $entities, EntityCache $cache, EventsService $events
+    ) {
+        $this->config = $config;
+        $this->db = $db;
+        $this->table = $this->db->prefix . "users_entity";
+        $this->entities = $entities;
+        $this->entity_cache = $cache;
+        $this->events = $events;
+    }
+
+    /**
+     * Return the user specific details of a user by a row.
+     *
+     * @param int $guid The \ElggUser guid
+     *
+     * @return mixed
+     * @access private
+     */
+    public function getRow($guid) {
+        $sql = "
 			SELECT * FROM {$this->table}
 			WHERE guid = :guid
 		";
-		$params = [
-			':guid' => $guid,
-		];
-		return $this->db->getDataRow($sql, null, $params);
-	}
-
-	/**
-	 * Disables all of a user's entities
-	 *
-	 * @param int $owner_guid The owner GUID
-	 * @return bool Depending on success
-	 * @deprecated 2.3
-	 */
-	public function disableEntities($owner_guid) {
-		return $this->entities->disableEntities($owner_guid);
-	}
-
-	/**
-	 * Ban a user (calls events, stores the reason)
-	 *
-	 * @param int    $user_guid The user guid
-	 * @param string $reason    A reason
-	 * @return bool
-	 */
-	public function ban($user_guid, $reason = "") {
-
-		$user = get_entity($user_guid);
-
-		if (!$user instanceof ElggUser || !$user->canEdit()) {
-			return false;
-		}
-
-		if (!$this->events->trigger('ban', 'user', $user)) {
-			return false;
-		}
-
-		$user->ban_reason = $reason;
-
-		_elgg_invalidate_cache_for_entity($user_guid);
-		_elgg_invalidate_memcache_for_entity($user_guid);
-
-		if ($this->markBanned($user_guid, true)) {
-			return true;
-		}
-
-		return false;
-	}
-
-	/**
-	 * Mark a user entity banned or unbanned.
-	 *
-	 * @note Use ban() or unban()
-	 *
-	 * @param int  $guid   User GUID
-	 * @param bool $banned Mark the user banned?
-	 * @return int Num rows affected
-	 */
-	public function markBanned($guid, $banned) {
-
-		$query = "
+        $params = [
+            ':guid' => $guid,
+        ];
+        return $this->db->getDataRow($sql, null, $params);
+    }
+
+    /**
+     * Disables all of a user's entities
+     *
+     * @param int $owner_guid The owner GUID
+     * @return bool Depending on success
+     * @deprecated 2.3
+     */
+    public function disableEntities($owner_guid) {
+        return $this->entities->disableEntities($owner_guid);
+    }
+
+    /**
+     * Ban a user (calls events, stores the reason)
+     *
+     * @param int    $user_guid The user guid
+     * @param string $reason    A reason
+     * @return bool
+     */
+    public function ban($user_guid, $reason = "") {
+
+        $user = get_entity($user_guid);
+
+        if (!$user instanceof ElggUser || !$user->canEdit()) {
+            return false;
+        }
+
+        if (!$this->events->trigger('ban', 'user', $user)) {
+            return false;
+        }
+
+        $user->ban_reason = $reason;
+
+        _elgg_invalidate_cache_for_entity($user_guid);
+        _elgg_invalidate_memcache_for_entity($user_guid);
+
+        if ($this->markBanned($user_guid, true)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Mark a user entity banned or unbanned.
+     *
+     * @note Use ban() or unban()
+     *
+     * @param int  $guid   User GUID
+     * @param bool $banned Mark the user banned?
+     * @return int Num rows affected
+     */
+    public function markBanned($guid, $banned) {
+
+        $query = "
 			UPDATE {$this->table}
 			SET banned = :banned
 			WHERE guid = :guid
 		";
 
-		$params = [
-			':banned' => $banned ? 'yes' : 'no',
-			':guid' => (int) $guid,
-		];
+        $params = [
+            ':banned' => $banned ? 'yes' : 'no',
+            ':guid' => (int) $guid,
+        ];
 
-		return $this->db->updateData($query, true, $params);
-	}
+        return $this->db->updateData($query, true, $params);
+    }
 
-	/**
-	 * Unban a user (calls events, removes the reason)
-	 *
-	 * @param int $user_guid Unban a user
-	 * @return bool
-	 */
-	public function unban($user_guid) {
+    /**
+     * Unban a user (calls events, removes the reason)
+     *
+     * @param int $user_guid Unban a user
+     * @return bool
+     */
+    public function unban($user_guid) {
 
-		$user = get_entity($user_guid);
+        $user = get_entity($user_guid);
 
-		if (!$user instanceof ElggUser || !$user->canEdit()) {
-			return false;
-		}
+        if (!$user instanceof ElggUser || !$user->canEdit()) {
+            return false;
+        }
 
-		if (!$this->events->trigger('unban', 'user', $user)) {
-			return false;
-		}
+        if (!$this->events->trigger('unban', 'user', $user)) {
+            return false;
+        }
 
-		$user->deleteMetadata('ban_reason');
+        $user->deleteMetadata('ban_reason');
 
-		_elgg_invalidate_cache_for_entity($user_guid);
-		_elgg_invalidate_memcache_for_entity($user_guid);
+        _elgg_invalidate_cache_for_entity($user_guid);
+        _elgg_invalidate_memcache_for_entity($user_guid);
 
-		return $this->markBanned($user_guid, false);
-	}
+        return $this->markBanned($user_guid, false);
+    }
 
-	/**
-	 * Makes user $guid an admin.
-	 *
-	 * @param int $user_guid User guid
-	 * @return bool
-	 */
-	public function makeAdmin($user_guid) {
-		$user = get_entity($user_guid);
+    /**
+     * Makes user $guid an admin.
+     *
+     * @param int $user_guid User guid
+     * @return bool
+     */
+    public function makeAdmin($user_guid) {
+        $user = get_entity($user_guid);
 
-		if (!$user instanceof ElggUser || !$user->canEdit()) {
-			return false;
-		}
+        if (!$user instanceof ElggUser || !$user->canEdit()) {
+            return false;
+        }
 
-		if (!$this->events->trigger('make_admin', 'user', $user)) {
-			return false;
-		}
+        if (!$this->events->trigger('make_admin', 'user', $user)) {
+            return false;
+        }
 
-		$query = "
+        $query = "
 			UPDATE {$this->table}
 			SET admin = 'yes'
 			WHERE guid = :guid
 		";
 
-		$params = [
-			':guid' => (int) $user_guid,
-		];
+        $params = [
+            ':guid' => (int) $user_guid,
+        ];
 
-		_elgg_invalidate_cache_for_entity($user_guid);
-		_elgg_invalidate_memcache_for_entity($user_guid);
+        _elgg_invalidate_cache_for_entity($user_guid);
+        _elgg_invalidate_memcache_for_entity($user_guid);
 
-		if ($this->db->updateData($query, true, $params)) {
-			return true;
-		}
+        if ($this->db->updateData($query, true, $params)) {
+            return true;
+        }
 
-		return false;
-	}
+        return false;
+    }
 
-	/**
-	 * Removes user $guid's admin flag.
-	 *
-	 * @param int $user_guid User GUID
-	 * @return bool
-	 */
-	public function removeAdmin($user_guid) {
+    /**
+     * Removes user $guid's admin flag.
+     *
+     * @param int $user_guid User GUID
+     * @return bool
+     */
+    public function removeAdmin($user_guid) {
 
-		$user = get_entity($user_guid);
+        $user = get_entity($user_guid);
 
-		if (!$user instanceof ElggUser || !$user->canEdit()) {
-			return false;
-		}
+        if (!$user instanceof ElggUser || !$user->canEdit()) {
+            return false;
+        }
 
-		if (!$this->events->trigger('remove_admin', 'user', $user)) {
-			return false;
-		}
+        if (!$this->events->trigger('remove_admin', 'user', $user)) {
+            return false;
+        }
 
-		$query = "
+        $query = "
 			UPDATE {$this->table}
 			SET admin = 'no'
 			WHERE guid = :guid
 		";
 
-		$params = [
-			':guid' => (int) $user_guid,
-		];
-
-		_elgg_invalidate_cache_for_entity($user_guid);
-		_elgg_invalidate_memcache_for_entity($user_guid);
-
-		if ($this->db->updateData($query, true, $params)) {
-			return true;
-		}
-
-		return false;
-	}
-
-	/**
-	 * Get user by username
-	 *
-	 * @param string $username The user's username
-	 *
-	 * @return ElggUser|false Depending on success
-	 */
-	public function getByUsername($username) {
-
-		// Fixes #6052. Username is frequently sniffed from the path info, which,
-		// unlike $_GET, is not URL decoded. If the username was not URL encoded,
-		// this is harmless.
-		$username = rawurldecode($username);
-
-		if (!$username) {
-			return false;
-		}
-
-		$entity = $this->entity_cache->getByUsername($username);
-		if ($entity) {
-			return $entity;
-		}
-
-		$users = $this->entities->getEntitiesFromAttributes([
-			'types' => 'user',
-			'attribute_name_value_pairs' => [
-				'name' => 'username',
-				'value' => $username,
-			],
-			'limit' => 1,
-		]);
-		return $users ? $users[0] : false;
-	}
-
-	/**
-	 * Get an array of users from an email address
-	 *
-	 * @param string $email Email address
-	 * @return array
-	 */
-	public function getByEmail($email) {
-		if (!$email) {
-			return [];
-		}
-
-		$users = $this->entities->getEntitiesFromAttributes([
-			'types' => 'user',
-			'attribute_name_value_pairs' => [
-				'name' => 'email',
-				'value' => $email,
-			],
-			'limit' => 1,
-		]);
-
-		return $users ? : [];
-	}
-
-	/**
-	 * Return users (or the number of them) who have been active within a recent period.
-	 *
-	 * @param array $options Array of options with keys:
-	 *
-	 *   seconds (int)  => Length of period (default 600 = 10min)
-	 *   limit   (int)  => Limit (default 10)
-	 *   offset  (int)  => Offset (default 0)
-	 *   count   (bool) => Return a count instead of users? (default false)
-	 *
-	 * @return \ElggUser[]|int
-	 */
-	public function findActive(array $options = []) {
+        $params = [
+            ':guid' => (int) $user_guid,
+        ];
+
+        _elgg_invalidate_cache_for_entity($user_guid);
+        _elgg_invalidate_memcache_for_entity($user_guid);
+
+        if ($this->db->updateData($query, true, $params)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Get user by username
+     *
+     * @param string $username The user's username
+     *
+     * @return ElggUser|false Depending on success
+     */
+    public function getByUsername($username) {
+
+        // Fixes #6052. Username is frequently sniffed from the path info, which,
+        // unlike $_GET, is not URL decoded. If the username was not URL encoded,
+        // this is harmless.
+        $username = rawurldecode($username);
+
+        if (!$username) {
+            return false;
+        }
+
+        $entity = $this->entity_cache->getByUsername($username);
+        if ($entity) {
+            return $entity;
+        }
+
+        $users = $this->entities->getEntitiesFromAttributes([
+            'types' => 'user',
+            'attribute_name_value_pairs' => [
+                'name' => 'username',
+                'value' => $username,
+            ],
+            'limit' => 1,
+        ]);
+        return $users ? $users[0] : false;
+    }
+
+    /**
+     * Get an array of users from an email address
+     *
+     * @param string $email Email address
+     * @return array
+     */
+    public function getByEmail($email) {
+        if (!$email) {
+            return [];
+        }
+
+        $users = $this->entities->getEntitiesFromAttributes([
+            'types' => 'user',
+            'attribute_name_value_pairs' => [
+                'name' => 'email',
+                'value' => $email,
+            ],
+            'limit' => 1,
+        ]);
+
+        return $users ? : [];
+    }
+
+    /**
+     * Return users (or the number of them) who have been active within a recent period.
+     *
+     * @param array $options Array of options with keys:
+     *
+     *   seconds (int)  => Length of period (default 600 = 10min)
+     *   limit   (int)  => Limit (default 10)
+     *   offset  (int)  => Offset (default 0)
+     *   count   (bool) => Return a count instead of users? (default false)
+     *
+     * @return \ElggUser[]|int
+     */
+    public function findActive(array $options = []) {
 	
-		$options = array_merge([
-			'seconds' => 600,
-			'limit' => $this->config->get('default_limit'),
-		], $options);
-
-		// cast options we're sending to hook
-		foreach (['seconds', 'limit', 'offset'] as $key) {
-			$options[$key] = (int) $options[$key];
-		}
-		$options['count'] = (bool) $options['count'];
-
-		// allow plugins to override
-		$params = [
-			'seconds' => $options['seconds'],
-			'limit' => $options['limit'],
-			'offset' => $options['offset'],
-			'count' => $options['count'],
-			'options' => $options,
-		];
-		$data = _elgg_services()->hooks->trigger('find_active_users', 'system', $params, null);
-		// check null because the handler could legitimately return falsey values.
-		if ($data !== null) {
-			return $data;
-		}
-
-		$dbprefix = $this->config->get('dbprefix');
-		$time = $this->getCurrentTime()->getTimestamp() - $options['seconds'];
-		return elgg_get_entities([
-			'type' => 'user',
-			'limit' => $options['limit'],
-			'offset' => $options['offset'],
-			'count' => $options['count'],
-			'joins' => ["join {$dbprefix}users_entity u on e.guid = u.guid"],
-			'wheres' => ["u.last_action >= {$time}"],
-			'order_by' => "u.last_action desc",
-		]);
-	}
-
-	/**
-	 * Registers a user, returning false if the username already exists
-	 *
-	 * @param string $username              The username of the new user
-	 * @param string $password              The password
-	 * @param string $name                  The user's display name
-	 * @param string $email                 The user's email address
-	 * @param bool   $allow_multiple_emails Allow the same email address to be
-	 *                                      registered multiple times?
-	 *
-	 * @return int|false The new user's GUID; false on failure
-	 * @throws RegistrationException
-	 */
-	public function register($username, $password, $name, $email, $allow_multiple_emails = false) {
-
-		// no need to trim password
-		$username = trim($username);
-		$name = trim(strip_tags($name));
-		$email = trim($email);
-
-		// A little sanity checking
-		if (empty($username) || empty($password) || empty($name) || empty($email)) {
-			return false;
-		}
-
-		// Make sure a user with conflicting details hasn't registered and been disabled
-		$access_status = access_get_show_hidden_status();
-		access_show_hidden_entities(true);
-
-		if (!validate_email_address($email)) {
-			throw new RegistrationException(_elgg_services()->translator->translate('registration:emailnotvalid'));
-		}
-
-		if (!validate_password($password)) {
-			throw new RegistrationException(_elgg_services()->translator->translate('registration:passwordnotvalid'));
-		}
-
-		if (!validate_username($username)) {
-			throw new RegistrationException(_elgg_services()->translator->translate('registration:usernamenotvalid'));
-		}
-
-		if ($user = get_user_by_username($username)) {
-			throw new RegistrationException(_elgg_services()->translator->translate('registration:userexists'));
-		}
-
-		if ((!$allow_multiple_emails) && (get_user_by_email($email))) {
-			throw new RegistrationException(_elgg_services()->translator->translate('registration:dupeemail'));
-		}
-
-		access_show_hidden_entities($access_status);
-
-		// Create user
-		$user = new ElggUser();
-		$user->username = $username;
-		$user->email = $email;
-		$user->name = $name;
-		$user->access_id = ACCESS_PUBLIC;
-		$user->setPassword($password);
-		$user->owner_guid = 0; // Users aren't owned by anyone, even if they are admin created.
-		$user->container_guid = 0; // Users aren't contained by anyone, even if they are admin created.
-		$user->language = _elgg_services()->translator->getCurrentLanguage();
-		if ($user->save() === false) {
-			return false;
-		}
-
-		// Turn on email notifications by default
-		$user->setNotificationSetting('email', true);
+        $options = array_merge([
+            'seconds' => 600,
+            'limit' => $this->config->get('default_limit'),
+        ], $options);
+
+        // cast options we're sending to hook
+        foreach (['seconds', 'limit', 'offset'] as $key) {
+            $options[$key] = (int) $options[$key];
+        }
+        $options['count'] = (bool) $options['count'];
+
+        // allow plugins to override
+        $params = [
+            'seconds' => $options['seconds'],
+            'limit' => $options['limit'],
+            'offset' => $options['offset'],
+            'count' => $options['count'],
+            'options' => $options,
+        ];
+        $data = _elgg_services()->hooks->trigger('find_active_users', 'system', $params, null);
+        // check null because the handler could legitimately return falsey values.
+        if ($data !== null) {
+            return $data;
+        }
+
+        $dbprefix = $this->config->get('dbprefix');
+        $time = $this->getCurrentTime()->getTimestamp() - $options['seconds'];
+        return elgg_get_entities([
+            'type' => 'user',
+            'limit' => $options['limit'],
+            'offset' => $options['offset'],
+            'count' => $options['count'],
+            'joins' => ["join {$dbprefix}users_entity u on e.guid = u.guid"],
+            'wheres' => ["u.last_action >= {$time}"],
+            'order_by' => "u.last_action desc",
+        ]);
+    }
+
+    /**
+     * Registers a user, returning false if the username already exists
+     *
+     * @param string $username              The username of the new user
+     * @param string $password              The password
+     * @param string $name                  The user's display name
+     * @param string $email                 The user's email address
+     * @param bool   $allow_multiple_emails Allow the same email address to be
+     *                                      registered multiple times?
+     *
+     * @return int|false The new user's GUID; false on failure
+     * @throws RegistrationException
+     */
+    public function register($username, $password, $name, $email, $allow_multiple_emails = false) {
+
+        // no need to trim password
+        $username = trim($username);
+        $name = trim(strip_tags($name));
+        $email = trim($email);
+
+        // A little sanity checking
+        if (empty($username) || empty($password) || empty($name) || empty($email)) {
+            return false;
+        }
+
+        // Make sure a user with conflicting details hasn't registered and been disabled
+        $access_status = access_get_show_hidden_status();
+        access_show_hidden_entities(true);
+
+        if (!validate_email_address($email)) {
+            throw new RegistrationException(_elgg_services()->translator->translate('registration:emailnotvalid'));
+        }
+
+        if (!validate_password($password)) {
+            throw new RegistrationException(_elgg_services()->translator->translate('registration:passwordnotvalid'));
+        }
+
+        if (!validate_username($username)) {
+            throw new RegistrationException(_elgg_services()->translator->translate('registration:usernamenotvalid'));
+        }
+
+        if ($user = get_user_by_username($username)) {
+            throw new RegistrationException(_elgg_services()->translator->translate('registration:userexists'));
+        }
+
+        if ((!$allow_multiple_emails) && (get_user_by_email($email))) {
+            throw new RegistrationException(_elgg_services()->translator->translate('registration:dupeemail'));
+        }
+
+        access_show_hidden_entities($access_status);
+
+        // Create user
+        $user = new ElggUser();
+        $user->username = $username;
+        $user->email = $email;
+        $user->name = $name;
+        $user->access_id = ACCESS_PUBLIC;
+        $user->setPassword($password);
+        $user->owner_guid = 0; // Users aren't owned by anyone, even if they are admin created.
+        $user->container_guid = 0; // Users aren't contained by anyone, even if they are admin created.
+        $user->language = _elgg_services()->translator->getCurrentLanguage();
+        if ($user->save() === false) {
+            return false;
+        }
+
+        // Turn on email notifications by default
+        $user->setNotificationSetting('email', true);
 	
-		return $user->getGUID();
-	}
-
-	/**
-	 * Generates a unique invite code for a user
-	 *
-	 * @param string $username The username of the user sending the invitation
-	 *
-	 * @return string Invite code
-	 * @see validateInviteCode
-	 */
-	public function generateInviteCode($username) {
-		$time = $this->getCurrentTime()->getTimestamp();
-		return "$time." . _elgg_services()->hmac->getHmac([(int) $time, $username])->getToken();
-	}
-
-	/**
-	 * Validate a user's invite code
-	 *
-	 * @param string $username The username
-	 * @param string $code     The invite code
-	 *
-	 * @return bool
-	 * @see generateInviteCode
-	 */
-	public function validateInviteCode($username, $code) {
-		// validate the format of the token created by ->generateInviteCode()
-		if (!preg_match('~^(\d+)\.([a-zA-Z0-9\-_]+)$~', $code, $m)) {
-			return false;
-		}
-		$time = $m[1];
-		$mac = $m[2];
-
-		return _elgg_services()->hmac->getHmac([(int) $time, $username])->matchesToken($mac);
-	}
-
-	/**
-	 * Set the validation status for a user.
-	 *
-	 * @param int    $user_guid The user's GUID
-	 * @param bool   $status    Validated (true) or unvalidated (false)
-	 * @param string $method    Optional method to say how a user was validated
-	 * @return bool
-	 */
-	public function setValidationStatus($user_guid, $status, $method = '') {
-		$user = get_user($user_guid);
-		if (!$user) {
-			return false;
-		}
-
-		$result1 = create_metadata($user->guid, 'validated', (int) $status);
-		$result2 = create_metadata($user->guid, 'validated_method', $method);
-		if ($result1 && $result2) {
-			if ((bool) $status) {
-				elgg_trigger_after_event('validate', 'user', $user);
-			} else {
-				elgg_trigger_after_event('invalidate', 'user', $user);
-			}
-			return true;
-		} else {
-			return false;
-		}
-	}
-
-	/**
-	 * Gets the validation status of a user.
-	 *
-	 * @param int $user_guid The user's GUID
-	 * @return bool|null Null means status was not set for this user.
-	 */
-	public function getValidationStatus($user_guid) {
-		$user = get_entity($user_guid);
-		if (!$user || !isset($user->validated)) {
-			return null;
-		}
-		return (bool) $user->validated;
-	}
-
-	/**
-	 * Sets the last action time of the given user to right now.
-	 *
-	 * @see _elgg_session_boot The session boot calls this at the beginning of every request
-	 *
-	 * @param ElggUser $user User entity
-	 * @return void
-	 */
-	public function setLastAction(ElggUser $user) {
-
-		$time = $this->getCurrentTime()->getTimestamp();
-
-		if ($user->last_action == $time) {
-			// no change required
-			return;
-		}
-
-		$query = "
+        return $user->getGUID();
+    }
+
+    /**
+     * Generates a unique invite code for a user
+     *
+     * @param string $username The username of the user sending the invitation
+     *
+     * @return string Invite code
+     * @see validateInviteCode
+     */
+    public function generateInviteCode($username) {
+        $time = $this->getCurrentTime()->getTimestamp();
+        return "$time." . _elgg_services()->hmac->getHmac([(int) $time, $username])->getToken();
+    }
+
+    /**
+     * Validate a user's invite code
+     *
+     * @param string $username The username
+     * @param string $code     The invite code
+     *
+     * @return bool
+     * @see generateInviteCode
+     */
+    public function validateInviteCode($username, $code) {
+        // validate the format of the token created by ->generateInviteCode()
+        if (!preg_match('~^(\d+)\.([a-zA-Z0-9\-_]+)$~', $code, $m)) {
+            return false;
+        }
+        $time = $m[1];
+        $mac = $m[2];
+
+        return _elgg_services()->hmac->getHmac([(int) $time, $username])->matchesToken($mac);
+    }
+
+    /**
+     * Set the validation status for a user.
+     *
+     * @param int    $user_guid The user's GUID
+     * @param bool   $status    Validated (true) or unvalidated (false)
+     * @param string $method    Optional method to say how a user was validated
+     * @return bool
+     */
+    public function setValidationStatus($user_guid, $status, $method = '') {
+        $user = get_user($user_guid);
+        if (!$user) {
+            return false;
+        }
+
+        $result1 = create_metadata($user->guid, 'validated', (int) $status);
+        $result2 = create_metadata($user->guid, 'validated_method', $method);
+        if ($result1 && $result2) {
+            if ((bool) $status) {
+                elgg_trigger_after_event('validate', 'user', $user);
+            } else {
+                elgg_trigger_after_event('invalidate', 'user', $user);
+            }
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    /**
+     * Gets the validation status of a user.
+     *
+     * @param int $user_guid The user's GUID
+     * @return bool|null Null means status was not set for this user.
+     */
+    public function getValidationStatus($user_guid) {
+        $user = get_entity($user_guid);
+        if (!$user || !isset($user->validated)) {
+            return null;
+        }
+        return (bool) $user->validated;
+    }
+
+    /**
+     * Sets the last action time of the given user to right now.
+     *
+     * @see _elgg_session_boot The session boot calls this at the beginning of every request
+     *
+     * @param ElggUser $user User entity
+     * @return void
+     */
+    public function setLastAction(ElggUser $user) {
+
+        $time = $this->getCurrentTime()->getTimestamp();
+
+        if ($user->last_action == $time) {
+            // no change required
+            return;
+        }
+
+        $query = "
 			UPDATE {$this->table}
 			SET
 				prev_last_action = last_action,
@@ -540,43 +540,43 @@  discard block
 block discarded – undo
 			WHERE guid = :guid
 		";
 
-		$params = [
-			':last_action' => $time,
-			':guid' => (int) $user->guid,
-		];
+        $params = [
+            ':last_action' => $time,
+            ':guid' => (int) $user->guid,
+        ];
 
-		$user->prev_last_action = $user->last_action;
-		$user->last_action = $time;
+        $user->prev_last_action = $user->last_action;
+        $user->last_action = $time;
 
-		execute_delayed_write_query($query, null, $params);
+        execute_delayed_write_query($query, null, $params);
 
-		$this->entity_cache->set($user);
+        $this->entity_cache->set($user);
 
-		// If we save the user to memcache during this request, then we'll end up with the
-		// old (incorrect) attributes cached (notice the above query is delayed). So it's
-		// simplest to just resave the user after all plugin code runs.
-		register_shutdown_function(function () use ($user, $time) {
-			$this->entities->updateLastAction($user, $time); // keep entity table in sync
-			$user->storeInPersistedCache(_elgg_get_memcache('new_entity_cache'), $time);
-		});
-	}
+        // If we save the user to memcache during this request, then we'll end up with the
+        // old (incorrect) attributes cached (notice the above query is delayed). So it's
+        // simplest to just resave the user after all plugin code runs.
+        register_shutdown_function(function () use ($user, $time) {
+            $this->entities->updateLastAction($user, $time); // keep entity table in sync
+            $user->storeInPersistedCache(_elgg_get_memcache('new_entity_cache'), $time);
+        });
+    }
 
-	/**
-	 * Sets the last logon time of the given user to right now.
-	 *
-	 * @param ElggUser $user User entity
-	 * @return void
-	 */
-	public function setLastLogin(ElggUser $user) {
+    /**
+     * Sets the last logon time of the given user to right now.
+     *
+     * @param ElggUser $user User entity
+     * @return void
+     */
+    public function setLastLogin(ElggUser $user) {
 
-		$time = $this->getCurrentTime()->getTimestamp();
+        $time = $this->getCurrentTime()->getTimestamp();
 
-		if ($user->last_login == $time) {
-			// no change required
-			return;
-		}
+        if ($user->last_login == $time) {
+            // no change required
+            return;
+        }
 
-		$query = "
+        $query = "
 			UPDATE {$this->table}
 			SET
 				prev_last_login = last_login,
@@ -584,23 +584,23 @@  discard block
 block discarded – undo
 			WHERE guid = :guid
 		";
 
-		$params = [
-			':last_login' => $time,
-			':guid' => (int) $user->guid,
-		];
+        $params = [
+            ':last_login' => $time,
+            ':guid' => (int) $user->guid,
+        ];
 
-		$user->prev_last_login = $user->last_login;
-		$user->last_login = $time;
+        $user->prev_last_login = $user->last_login;
+        $user->last_login = $time;
 
-		execute_delayed_write_query($query, null, $params);
+        execute_delayed_write_query($query, null, $params);
 
-		$this->entity_cache->set($user);
+        $this->entity_cache->set($user);
 
-		// If we save the user to memcache during this request, then we'll end up with the
-		// old (incorrect) attributes cached. Hence we want to invalidate as late as possible.
-		// the user object gets saved
-		register_shutdown_function(function () use ($user) {
-			$user->storeInPersistedCache(_elgg_get_memcache('new_entity_cache'));
-		});
-	}
+        // If we save the user to memcache during this request, then we'll end up with the
+        // old (incorrect) attributes cached. Hence we want to invalidate as late as possible.
+        // the user object gets saved
+        register_shutdown_function(function () use ($user) {
+            $user->storeInPersistedCache(_elgg_get_memcache('new_entity_cache'));
+        });
+    }
 }

Please login to merge, or discard this patch.

Spacing +5 added lines, -5 removed lines patch added patch discarded remove patch

@@ -67,7 +67,7 @@  discard block
 block discarded – undo
 	) {
 		$this->config = $config;
 		$this->db = $db;
-		$this->table = $this->db->prefix . "users_entity";
+		$this->table = $this->db->prefix."users_entity";
 		$this->entities = $entities;
 		$this->entity_cache = $cache;
 		$this->events = $events;
@@ -314,7 +314,7 @@  discard block
 block discarded – undo
 			'limit' => 1,
 		]);
 
-		return $users ? : [];
+		return $users ?: [];
 	}
 
 	/**
@@ -450,7 +450,7 @@  discard block
 block discarded – undo
 	 */
 	public function generateInviteCode($username) {
 		$time = $this->getCurrentTime()->getTimestamp();
-		return "$time." . _elgg_services()->hmac->getHmac([(int) $time, $username])->getToken();
+		return "$time."._elgg_services()->hmac->getHmac([(int) $time, $username])->getToken();
 	}
 
 	/**
@@ -555,7 +555,7 @@  discard block
 block discarded – undo
 		// If we save the user to memcache during this request, then we'll end up with the
 		// old (incorrect) attributes cached (notice the above query is delayed). So it's
 		// simplest to just resave the user after all plugin code runs.
-		register_shutdown_function(function () use ($user, $time) {
+		register_shutdown_function(function() use ($user, $time) {
 			$this->entities->updateLastAction($user, $time); // keep entity table in sync
 			$user->storeInPersistedCache(_elgg_get_memcache('new_entity_cache'), $time);
 		});
@@ -599,7 +599,7 @@  discard block
 block discarded – undo
 		// If we save the user to memcache during this request, then we'll end up with the
 		// old (incorrect) attributes cached. Hence we want to invalidate as late as possible.
 		// the user object gets saved
-		register_shutdown_function(function () use ($user) {
+		register_shutdown_function(function() use ($user) {
 			$user->storeInPersistedCache(_elgg_get_memcache('new_entity_cache'));
 		});
 	}

Please login to merge, or discard this patch.

engine/lib/actions.php 1 patch

Indentation +27 added lines, -27 removed lines patch added patch discarded remove patch

@@ -19,7 +19,7 @@  discard block
 block discarded – undo
  * @access private
  */
 function _elgg_action_handler(array $segments) {
-	return _elgg_services()->actions->execute(implode('/', $segments));
+    return _elgg_services()->actions->execute(implode('/', $segments));
 }
 
 /**
@@ -51,12 +51,12 @@  discard block
 block discarded – undo
  * @access private
  */
 function action($action, $forwarder = "") {
-	$response = _elgg_services()->actions->execute($action, $forwarder);
-	if ($response instanceof ResponseBuilder) {
-		// in case forward() wasn't called in the action
-		_elgg_services()->responseFactory->respond($response);
-	}
-	_elgg_services()->responseFactory->redirect(REFERRER, 'csrf');
+    $response = _elgg_services()->actions->execute($action, $forwarder);
+    if ($response instanceof ResponseBuilder) {
+        // in case forward() wasn't called in the action
+        _elgg_services()->responseFactory->respond($response);
+    }
+    _elgg_services()->responseFactory->redirect(REFERRER, 'csrf');
 }
 
 /**
@@ -94,7 +94,7 @@  discard block
 block discarded – undo
  * @return bool
  */
 function elgg_register_action($action, $filename = "", $access = 'logged_in') {
-	return _elgg_services()->actions->register($action, $filename, $access);
+    return _elgg_services()->actions->register($action, $filename, $access);
 }
 
 /**
@@ -105,7 +105,7 @@  discard block
 block discarded – undo
  * @since 1.8.1
  */
 function elgg_unregister_action($action) {
-	return _elgg_services()->actions->unregister($action);
+    return _elgg_services()->actions->unregister($action);
 }
 
 /**
@@ -116,7 +116,7 @@  discard block
 block discarded – undo
  * @since 1.11
  */
 function elgg_build_hmac($data) {
-	return _elgg_services()->hmac->getHmac($data);
+    return _elgg_services()->hmac->getHmac($data);
 }
 
 /**
@@ -136,7 +136,7 @@  discard block
 block discarded – undo
  * @access private
  */
 function validate_action_token($visible_errors = true, $token = null, $ts = null) {
-	return _elgg_services()->actions->validateActionToken($visible_errors, $token, $ts);
+    return _elgg_services()->actions->validateActionToken($visible_errors, $token, $ts);
 }
 
 /**
@@ -154,7 +154,7 @@  discard block
 block discarded – undo
  * @access private
  */
 function action_gatekeeper($action) {
-	return _elgg_services()->actions->gatekeeper($action);
+    return _elgg_services()->actions->gatekeeper($action);
 }
 
 /**
@@ -175,7 +175,7 @@  discard block
 block discarded – undo
  * @return string|false
  */
 function generate_action_token($timestamp) {
-	return _elgg_services()->actions->generateActionToken($timestamp);
+    return _elgg_services()->actions->generateActionToken($timestamp);
 }
 
 /**
@@ -190,7 +190,7 @@  discard block
 block discarded – undo
  * @todo Move to better file.
  */
 function init_site_secret() {
-	return _elgg_services()->siteSecret->init();
+    return _elgg_services()->siteSecret->init();
 }
 
 /**
@@ -203,7 +203,7 @@  discard block
 block discarded – undo
  * @todo Move to better file.
  */
 function get_site_secret() {
-	return _elgg_services()->siteSecret->get();
+    return _elgg_services()->siteSecret->get();
 }
 
 /**
@@ -213,7 +213,7 @@  discard block
 block discarded – undo
  * @access private
  */
 function _elgg_get_site_secret_strength() {
-	return _elgg_services()->siteSecret->getStrength();
+    return _elgg_services()->siteSecret->getStrength();
 }
 
 /**
@@ -225,7 +225,7 @@  discard block
 block discarded – undo
  * @since 1.8.0
  */
 function elgg_action_exists($action) {
-	return _elgg_services()->actions->exists($action);
+    return _elgg_services()->actions->exists($action);
 }
 
 /**
@@ -235,7 +235,7 @@  discard block
 block discarded – undo
  * @since 1.8.0
  */
 function elgg_is_xhr() {
-	return _elgg_services()->request->isXmlHttpRequest();
+    return _elgg_services()->request->isXmlHttpRequest();
 }
 
 /**
@@ -266,8 +266,8 @@  discard block
 block discarded – undo
  * @deprecated 2.3
  */
 function ajax_forward_hook($hook, $type, $reason, $params) {
-	elgg_deprecated_notice(__FUNCTION__ . ' is deprecated and is no longer used as a plugin hook handler', '2.3');
-	_elgg_services()->actions->ajaxForwardHook($hook, $type, $reason, $params);
+    elgg_deprecated_notice(__FUNCTION__ . ' is deprecated and is no longer used as a plugin hook handler', '2.3');
+    _elgg_services()->actions->ajaxForwardHook($hook, $type, $reason, $params);
 }
 
 /**
@@ -277,8 +277,8 @@  discard block
 block discarded – undo
  * @deprecated 2.3
  */
 function ajax_action_hook() {
-	elgg_deprecated_notice(__FUNCTION__ . ' is deprecated and is no longer used as a plugin hook handler', '2.3');
-	_elgg_services()->actions->ajaxActionHook();
+    elgg_deprecated_notice(__FUNCTION__ . ' is deprecated and is no longer used as a plugin hook handler', '2.3');
+    _elgg_services()->actions->ajaxActionHook();
 }
 
 /**
@@ -288,7 +288,7 @@  discard block
 block discarded – undo
  * @access private
  */
 function _elgg_csrf_token_refresh() {
-	return _elgg_services()->actions->handleTokenRefreshRequest();
+    return _elgg_services()->actions->handleTokenRefreshRequest();
 }
 
 /**
@@ -296,12 +296,12 @@  discard block
 block discarded – undo
  * @access private
  */
 function actions_init() {
-	elgg_register_page_handler('action', '_elgg_action_handler');
-	elgg_register_page_handler('refresh_token', '_elgg_csrf_token_refresh');
+    elgg_register_page_handler('action', '_elgg_action_handler');
+    elgg_register_page_handler('refresh_token', '_elgg_csrf_token_refresh');
 
-	elgg_register_simplecache_view('languages/en.js');
+    elgg_register_simplecache_view('languages/en.js');
 }
 
 return function(\Elgg\EventsService $events, \Elgg\HooksRegistrationService $hooks) {
-	$events->registerHandler('init', 'system', 'actions_init');
+    $events->registerHandler('init', 'system', 'actions_init');
 };

Please login to merge, or discard this patch.

engine/classes/Elgg/Di/ServiceProvider.php 1 patch

Indentation +379 added lines, -379 removed lines patch added patch discarded remove patch

@@ -90,383 +90,383 @@
 block discarded – undo
  */
 class ServiceProvider extends \Elgg\Di\DiContainer {
 
-	/**
-	 * Constructor
-	 *
-	 * @param \Elgg\Config $config Elgg Config service
-	 */
-	public function __construct(\Elgg\Config $config) {
-
-		$this->setFactory('autoloadManager', function(ServiceProvider $c) {
-			$manager = new \Elgg\AutoloadManager($c->classLoader);
-			if (!$c->config->get('AutoloaderManager_skip_storage')) {
-				$manager->setStorage($c->fileCache);
-				$manager->loadCache();
-			}
-			return $manager;
-		});
-
-		$this->setFactory('accessCache', function(ServiceProvider $c) {
-			return new \ElggStaticVariableCache('access');
-		});
-
-		$this->setFactory('accessCollections', function(ServiceProvider $c) {
-			return new \Elgg\Database\AccessCollections(
-					$c->config, $c->db, $c->entityTable, $c->accessCache, $c->hooks, $c->session, $c->translator);
-		});
-
-		$this->setFactory('actions', function(ServiceProvider $c) {
-			return new \Elgg\ActionsService($c->config, $c->session, $c->crypto);
-		});
-
-		$this->setClassName('adminNotices', \Elgg\Database\AdminNotices::class);
-
-		$this->setFactory('ajax', function(ServiceProvider $c) {
-			return new \Elgg\Ajax\Service($c->hooks, $c->systemMessages, $c->input, $c->amdConfig);
-		});
-
-		$this->setFactory('amdConfig', function(ServiceProvider $c) {
-			$obj = new \Elgg\Amd\Config($c->hooks);
-			$obj->setBaseUrl($c->simpleCache->getRoot());
-			return $obj;
-		});
-
-		$this->setFactory('annotations', function(ServiceProvider $c) {
-			return new \Elgg\Database\Annotations($c->db, $c->session, $c->events);
-		});
-
-		$this->setClassName('autoP', \ElggAutoP::class);
-
-		$this->setFactory('boot', function(ServiceProvider $c) {
-			$boot = new \Elgg\BootService();
-			if ($c->config->getVolatile('enable_profiling')) {
-				$boot->setTimer($c->timer);
-			}
-			return $boot;
-		});
-
-		$this->setFactory('batchUpgrader', function(ServiceProvider $c) {
-			return new \Elgg\BatchUpgrader($c->config);
-		});
-
-		$this->setFactory('classLoader', function(ServiceProvider $c) {
-			$loader = new \Elgg\ClassLoader(new \Elgg\ClassMap());
-			$loader->register();
-			return $loader;
-		});
-
-		$this->setValue('config', $config);
-
-		$this->setFactory('configTable', function(ServiceProvider $c) {
-			return new \Elgg\Database\ConfigTable($c->db, $c->boot, $c->logger);
-		});
-
-		$this->setFactory('context', function(ServiceProvider $c) {
-			$context = new \Elgg\Context();
-			$context->initialize($c->request);
-			return $context;
-		});
-
-		$this->setClassName('crypto', \ElggCrypto::class);
-
-		$this->setFactory('db', function(ServiceProvider $c) {
-			// gonna need dbprefix from settings
-			$c->config->loadSettingsFile();
-			$db_config = new \Elgg\Database\Config($c->config->getStorageObject());
-
-			// we inject the logger in _elgg_engine_boot()
-			$db = new \Elgg\Database($db_config);
-
-			if ($c->config->getVolatile('profiling_sql')) {
-				$db->setTimer($c->timer);
-			}
-
-			return $db;
-		});
-
-		$this->setFactory('deprecation', function(ServiceProvider $c) {
-			return new \Elgg\DeprecationService($c->logger);
-		});
-
-		$this->setFactory('entityCache', function(ServiceProvider $c) {
-			return new \Elgg\Cache\EntityCache($c->session, $c->metadataCache);
-		});
-
-		$this->setFactory('entityPreloader', function(ServiceProvider $c) {
-			return new \Elgg\EntityPreloader($c->entityCache, $c->entityTable);
-		});
-
-		$this->setFactory('entityTable', function(ServiceProvider $c) {
-			return new \Elgg\Database\EntityTable(
-				$c->config,
-				$c->db,
-				$c->entityCache,
-				$c->metadataCache,
-				$c->subtypeTable,
-				$c->events,
-				$c->session,
-				$c->translator,
-				$c->logger
-			);
-		});
-
-		$this->setFactory('events', function (ServiceProvider $c) {
-			$events = new \Elgg\EventsService();
-			if ($c->config->getVolatile('enable_profiling')) {
-				$events->setTimer($c->timer);
-			}
-			return $events;
-		});
-
-		$this->setFactory('externalFiles', function(ServiceProvider $c) {
-			return new \Elgg\Assets\ExternalFiles($c->config->getStorageObject());
-		});
-
-		$this->setFactory('fileCache', function(ServiceProvider $c) {
-			return new \ElggFileCache($c->config->getCachePath() . 'system_cache/');
-		});
-
-		$this->setFactory('filestore', function(ServiceProvider $c) {
-			return new \ElggDiskFilestore($c->config->getDataPath());
-		});
-
-		$this->setFactory('forms', function(ServiceProvider $c) {
-			return new \Elgg\FormsService($c->views, $c->logger);
-		});
-
-		$this->setClassName('handlers', \Elgg\HandlersService::class);
-
-		$this->setFactory('hmac', function(ServiceProvider $c) {
-			return new \Elgg\Security\HmacFactory($c->siteSecret, $c->crypto);
-		});
-
-		$this->setClassName('hooks', \Elgg\PluginHooksService::class);
-
-		$this->setFactory('iconService', function(ServiceProvider $c) {
-			return new \Elgg\EntityIconService($c->config, $c->hooks, $c->request, $c->logger, $c->entityTable);
-		});
-
-		$this->setClassName('input', \Elgg\Http\Input::class);
-
-		$this->setFactory('imageService', function(ServiceProvider $c) {
-			$imagine = new \Imagine\Gd\Imagine();
-			return new \Elgg\ImageService($imagine, $c->config);
-		});
-
-		$this->setFactory('logger', function (ServiceProvider $c) {
-			return new \Elgg\Logger($c->hooks, $c->config, $c->context);
-		});
-
-		// TODO(evan): Support configurable transports...
-		$this->setClassName('mailer', 'Zend\Mail\Transport\Sendmail');
-
-		$this->setFactory('menus', function(ServiceProvider $c) {
-			return new \Elgg\Menu\Service($c->hooks, $c->config);
-		});
-
-		$this->setFactory('metadataCache', function (ServiceProvider $c) {
-			return new \Elgg\Cache\MetadataCache($c->session);
-		});
-
-		$this->setFactory('memcacheStashPool', function(ServiceProvider $c) {
-			if (!$c->config->getVolatile('memcache')) {
-				return null;
-			}
-
-			$servers = $c->config->getVolatile('memcache_servers');
-			if (!$servers) {
-				return null;
-			}
-			$driver = new \Stash\Driver\Memcache([
-				'servers' => $servers,
-			]);
-			return new \Stash\Pool($driver);
-		});
-
-		$this->setFactory('metadataTable', function(ServiceProvider $c) {
-			// TODO(ewinslow): Use Pool instead of MetadataCache for caching
-			return new \Elgg\Database\MetadataTable(
-				$c->metadataCache, $c->db, $c->entityTable, $c->events, $c->session);
-		});
-
-		$this->setFactory('mutex', function(ServiceProvider $c) {
-			return new \Elgg\Database\Mutex(
-				$c->db,
-				$c->logger
-			);
-		});
-
-		$this->setFactory('notifications', function(ServiceProvider $c) {
-			// @todo move queue in service provider
-			$queue_name = \Elgg\Notifications\NotificationsService::QUEUE_NAME;
-			$queue = new \Elgg\Queue\DatabaseQueue($queue_name, $c->db);
-			$sub = new \Elgg\Notifications\SubscriptionsService($c->db);
-			return new \Elgg\Notifications\NotificationsService($sub, $queue, $c->hooks, $c->session, $c->translator, $c->entityTable, $c->logger);
-		});
-
-		$this->setClassName('nullCache', \Elgg\Cache\NullCache::class);
-
-		$this->setFactory('persistentLogin', function(ServiceProvider $c) {
-			$global_cookies_config = $c->config->getCookieConfig();
-			$cookie_config = $global_cookies_config['remember_me'];
-			$cookie_name = $cookie_config['name'];
-			$cookie_token = $c->request->cookies->get($cookie_name, '');
-			return new \Elgg\PersistentLoginService(
-				$c->db, $c->session, $c->crypto, $cookie_config, $cookie_token);
-		});
-
-		$this->setClassName('passwords', \Elgg\PasswordService::class);
-
-		$this->setFactory('plugins', function(ServiceProvider $c) {
-			$pool = new Pool\InMemory();
-			$plugins = new \Elgg\Database\Plugins($pool, $c->pluginSettingsCache);
-			if ($c->config->getVolatile('enable_profiling')) {
-				$plugins->setTimer($c->timer);
-			}
-			return $plugins;
-		});
-
-		$this->setClassName('pluginSettingsCache', \Elgg\Cache\PluginSettingsCache::class);
-
-		$this->setFactory('privateSettings', function(ServiceProvider $c) {
-			return new \Elgg\Database\PrivateSettingsTable($c->db, $c->entityTable, $c->pluginSettingsCache);
-		});
-
-		$this->setFactory('publicDb', function(ServiceProvider $c) {
-			return new \Elgg\Application\Database($c->db);
-		});
-
-		$this->setFactory('queryCounter', function(ServiceProvider $c) {
-			return new \Elgg\Database\QueryCounter($c->db);
-		}, false);
-
-		$this->setFactory('relationshipsTable', function(ServiceProvider $c) {
-			return new \Elgg\Database\RelationshipsTable($c->db, $c->entityTable, $c->metadataTable, $c->events);
-		});
-
-		$this->setFactory('request', [\Elgg\Http\Request::class, 'createFromGlobals']);
-
-		$this->setFactory('responseFactory', function(ServiceProvider $c) {
-			if (PHP_SAPI === 'cli') {
-				$transport = new \Elgg\Http\OutputBufferTransport();
-			} else {
-				$transport = new \Elgg\Http\HttpProtocolTransport();
-			}
-			return new \Elgg\Http\ResponseFactory($c->request, $c->hooks, $c->ajax, $transport);
-		});
-
-		$this->setFactory('router', function(ServiceProvider $c) {
-			// TODO(evan): Init routes from plugins or cache
-			$router = new \Elgg\Router($c->hooks);
-			if ($c->config->getVolatile('enable_profiling')) {
-				$router->setTimer($c->timer);
-			}
-			return $router;
-		});
-
-		$this->setFactory('serveFileHandler', function(ServiceProvider $c) {
-			return new \Elgg\Application\ServeFileHandler($c->hmac, $c->config);
-		});
-
-		$this->setFactory('session', function(ServiceProvider $c) {
-			$params = $c->config->getCookieConfig()['session'];
-			$options = [
-				// session.cache_limiter is unfortunately set to "" by the NativeSessionStorage
-				// constructor, so we must capture and inject it directly.
-				'cache_limiter' => session_cache_limiter(),
-
-				'name' => $params['name'],
-				'cookie_path' => $params['path'],
-				'cookie_domain' => $params['domain'],
-				'cookie_secure' => $params['secure'],
-				'cookie_httponly' => $params['httponly'],
-				'cookie_lifetime' => $params['lifetime'],
-			];
-
-			$handler = new \Elgg\Http\DatabaseSessionHandler($c->db);
-			$storage = new NativeSessionStorage($options, $handler);
-			$session = new SymfonySession($storage);
-			return new \ElggSession($session);
-		});
-
-		$this->setClassName('urlSigner', \Elgg\Security\UrlSigner::class);
-
-		$this->setFactory('simpleCache', function(ServiceProvider $c) {
-			return new \Elgg\Cache\SimpleCache($c->config, $c->views);
-		});
-
-		$this->setFactory('siteSecret', function(ServiceProvider $c) {
-			$c->config->setConfigTable($c->configTable);
-			return new \Elgg\Database\SiteSecret($c->config);
-		});
-
-		$this->setClassName('stickyForms', \Elgg\Forms\StickyForms::class);
-
-		$this->setFactory('subtypeTable', function(ServiceProvider $c) {
-			return new \Elgg\Database\SubtypeTable($c->db);
-		});
-
-		$this->setFactory('systemCache', function (ServiceProvider $c) {
-			$cache = new \Elgg\Cache\SystemCache($c->fileCache, $c->config);
-			if ($c->config->getVolatile('enable_profiling')) {
-				$cache->setTimer($c->timer);
-			}
-			return $cache;
-		});
-
-		$this->setFactory('systemMessages', function(ServiceProvider $c) {
-			return new \Elgg\SystemMessagesService($c->session);
-		});
-
-		$this->setClassName('table_columns', \Elgg\Views\TableColumn\ColumnFactory::class);
-
-		$this->setClassName('timer', \Elgg\Timer::class);
-
-		$this->setFactory('translator', function(ServiceProvider $c) {
-			return new \Elgg\I18n\Translator($c->config);
-		});
-
-		$this->setFactory('uploads', function(ServiceProvider $c) {
-			return new \Elgg\UploadService($c->request);
-		});
-
-		$this->setFactory('upgrades', function(ServiceProvider $c) {
-			return new \Elgg\UpgradeService(
-				$c->translator,
-				$c->events,
-				$c->hooks,
-				$c->config,
-				$c->logger,
-				$c->mutex
-			);
-		});
-
-		$this->setFactory('userCapabilities', function(ServiceProvider $c) {
-			return new \Elgg\UserCapabilities($c->hooks, $c->entityTable, $c->session);
-		});
-
-		$this->setFactory('usersTable', function(ServiceProvider $c) {
-			return new \Elgg\Database\UsersTable(
-				$c->config,
-				$c->db,
-				$c->entityTable,
-				$c->entityCache,
-				$c->events
-			);
-		});
-
-		$this->setFactory('upgradeLocator', function(ServiceProvider $c) {
-			return new \Elgg\Upgrade\Locator(
-				$c->plugins,
-				$c->logger,
-				$c->privateSettings
-			);
-		});
-
-		$this->setFactory('views', function(ServiceProvider $c) {
-			return new \Elgg\ViewsService($c->hooks, $c->logger);
-		});
-
-		$this->setClassName('widgets', \Elgg\WidgetsService::class);
-	}
+    /**
+     * Constructor
+     *
+     * @param \Elgg\Config $config Elgg Config service
+     */
+    public function __construct(\Elgg\Config $config) {
+
+        $this->setFactory('autoloadManager', function(ServiceProvider $c) {
+            $manager = new \Elgg\AutoloadManager($c->classLoader);
+            if (!$c->config->get('AutoloaderManager_skip_storage')) {
+                $manager->setStorage($c->fileCache);
+                $manager->loadCache();
+            }
+            return $manager;
+        });
+
+        $this->setFactory('accessCache', function(ServiceProvider $c) {
+            return new \ElggStaticVariableCache('access');
+        });
+
+        $this->setFactory('accessCollections', function(ServiceProvider $c) {
+            return new \Elgg\Database\AccessCollections(
+                    $c->config, $c->db, $c->entityTable, $c->accessCache, $c->hooks, $c->session, $c->translator);
+        });
+
+        $this->setFactory('actions', function(ServiceProvider $c) {
+            return new \Elgg\ActionsService($c->config, $c->session, $c->crypto);
+        });
+
+        $this->setClassName('adminNotices', \Elgg\Database\AdminNotices::class);
+
+        $this->setFactory('ajax', function(ServiceProvider $c) {
+            return new \Elgg\Ajax\Service($c->hooks, $c->systemMessages, $c->input, $c->amdConfig);
+        });
+
+        $this->setFactory('amdConfig', function(ServiceProvider $c) {
+            $obj = new \Elgg\Amd\Config($c->hooks);
+            $obj->setBaseUrl($c->simpleCache->getRoot());
+            return $obj;
+        });
+
+        $this->setFactory('annotations', function(ServiceProvider $c) {
+            return new \Elgg\Database\Annotations($c->db, $c->session, $c->events);
+        });
+
+        $this->setClassName('autoP', \ElggAutoP::class);
+
+        $this->setFactory('boot', function(ServiceProvider $c) {
+            $boot = new \Elgg\BootService();
+            if ($c->config->getVolatile('enable_profiling')) {
+                $boot->setTimer($c->timer);
+            }
+            return $boot;
+        });
+
+        $this->setFactory('batchUpgrader', function(ServiceProvider $c) {
+            return new \Elgg\BatchUpgrader($c->config);
+        });
+
+        $this->setFactory('classLoader', function(ServiceProvider $c) {
+            $loader = new \Elgg\ClassLoader(new \Elgg\ClassMap());
+            $loader->register();
+            return $loader;
+        });
+
+        $this->setValue('config', $config);
+
+        $this->setFactory('configTable', function(ServiceProvider $c) {
+            return new \Elgg\Database\ConfigTable($c->db, $c->boot, $c->logger);
+        });
+
+        $this->setFactory('context', function(ServiceProvider $c) {
+            $context = new \Elgg\Context();
+            $context->initialize($c->request);
+            return $context;
+        });
+
+        $this->setClassName('crypto', \ElggCrypto::class);
+
+        $this->setFactory('db', function(ServiceProvider $c) {
+            // gonna need dbprefix from settings
+            $c->config->loadSettingsFile();
+            $db_config = new \Elgg\Database\Config($c->config->getStorageObject());
+
+            // we inject the logger in _elgg_engine_boot()
+            $db = new \Elgg\Database($db_config);
+
+            if ($c->config->getVolatile('profiling_sql')) {
+                $db->setTimer($c->timer);
+            }
+
+            return $db;
+        });
+
+        $this->setFactory('deprecation', function(ServiceProvider $c) {
+            return new \Elgg\DeprecationService($c->logger);
+        });
+
+        $this->setFactory('entityCache', function(ServiceProvider $c) {
+            return new \Elgg\Cache\EntityCache($c->session, $c->metadataCache);
+        });
+
+        $this->setFactory('entityPreloader', function(ServiceProvider $c) {
+            return new \Elgg\EntityPreloader($c->entityCache, $c->entityTable);
+        });
+
+        $this->setFactory('entityTable', function(ServiceProvider $c) {
+            return new \Elgg\Database\EntityTable(
+                $c->config,
+                $c->db,
+                $c->entityCache,
+                $c->metadataCache,
+                $c->subtypeTable,
+                $c->events,
+                $c->session,
+                $c->translator,
+                $c->logger
+            );
+        });
+
+        $this->setFactory('events', function (ServiceProvider $c) {
+            $events = new \Elgg\EventsService();
+            if ($c->config->getVolatile('enable_profiling')) {
+                $events->setTimer($c->timer);
+            }
+            return $events;
+        });
+
+        $this->setFactory('externalFiles', function(ServiceProvider $c) {
+            return new \Elgg\Assets\ExternalFiles($c->config->getStorageObject());
+        });
+
+        $this->setFactory('fileCache', function(ServiceProvider $c) {
+            return new \ElggFileCache($c->config->getCachePath() . 'system_cache/');
+        });
+
+        $this->setFactory('filestore', function(ServiceProvider $c) {
+            return new \ElggDiskFilestore($c->config->getDataPath());
+        });
+
+        $this->setFactory('forms', function(ServiceProvider $c) {
+            return new \Elgg\FormsService($c->views, $c->logger);
+        });
+
+        $this->setClassName('handlers', \Elgg\HandlersService::class);
+
+        $this->setFactory('hmac', function(ServiceProvider $c) {
+            return new \Elgg\Security\HmacFactory($c->siteSecret, $c->crypto);
+        });
+
+        $this->setClassName('hooks', \Elgg\PluginHooksService::class);
+
+        $this->setFactory('iconService', function(ServiceProvider $c) {
+            return new \Elgg\EntityIconService($c->config, $c->hooks, $c->request, $c->logger, $c->entityTable);
+        });
+
+        $this->setClassName('input', \Elgg\Http\Input::class);
+
+        $this->setFactory('imageService', function(ServiceProvider $c) {
+            $imagine = new \Imagine\Gd\Imagine();
+            return new \Elgg\ImageService($imagine, $c->config);
+        });
+
+        $this->setFactory('logger', function (ServiceProvider $c) {
+            return new \Elgg\Logger($c->hooks, $c->config, $c->context);
+        });
+
+        // TODO(evan): Support configurable transports...
+        $this->setClassName('mailer', 'Zend\Mail\Transport\Sendmail');
+
+        $this->setFactory('menus', function(ServiceProvider $c) {
+            return new \Elgg\Menu\Service($c->hooks, $c->config);
+        });
+
+        $this->setFactory('metadataCache', function (ServiceProvider $c) {
+            return new \Elgg\Cache\MetadataCache($c->session);
+        });
+
+        $this->setFactory('memcacheStashPool', function(ServiceProvider $c) {
+            if (!$c->config->getVolatile('memcache')) {
+                return null;
+            }
+
+            $servers = $c->config->getVolatile('memcache_servers');
+            if (!$servers) {
+                return null;
+            }
+            $driver = new \Stash\Driver\Memcache([
+                'servers' => $servers,
+            ]);
+            return new \Stash\Pool($driver);
+        });
+
+        $this->setFactory('metadataTable', function(ServiceProvider $c) {
+            // TODO(ewinslow): Use Pool instead of MetadataCache for caching
+            return new \Elgg\Database\MetadataTable(
+                $c->metadataCache, $c->db, $c->entityTable, $c->events, $c->session);
+        });
+
+        $this->setFactory('mutex', function(ServiceProvider $c) {
+            return new \Elgg\Database\Mutex(
+                $c->db,
+                $c->logger
+            );
+        });
+
+        $this->setFactory('notifications', function(ServiceProvider $c) {
+            // @todo move queue in service provider
+            $queue_name = \Elgg\Notifications\NotificationsService::QUEUE_NAME;
+            $queue = new \Elgg\Queue\DatabaseQueue($queue_name, $c->db);
+            $sub = new \Elgg\Notifications\SubscriptionsService($c->db);
+            return new \Elgg\Notifications\NotificationsService($sub, $queue, $c->hooks, $c->session, $c->translator, $c->entityTable, $c->logger);
+        });
+
+        $this->setClassName('nullCache', \Elgg\Cache\NullCache::class);
+
+        $this->setFactory('persistentLogin', function(ServiceProvider $c) {
+            $global_cookies_config = $c->config->getCookieConfig();
+            $cookie_config = $global_cookies_config['remember_me'];
+            $cookie_name = $cookie_config['name'];
+            $cookie_token = $c->request->cookies->get($cookie_name, '');
+            return new \Elgg\PersistentLoginService(
+                $c->db, $c->session, $c->crypto, $cookie_config, $cookie_token);
+        });
+
+        $this->setClassName('passwords', \Elgg\PasswordService::class);
+
+        $this->setFactory('plugins', function(ServiceProvider $c) {
+            $pool = new Pool\InMemory();
+            $plugins = new \Elgg\Database\Plugins($pool, $c->pluginSettingsCache);
+            if ($c->config->getVolatile('enable_profiling')) {
+                $plugins->setTimer($c->timer);
+            }
+            return $plugins;
+        });
+
+        $this->setClassName('pluginSettingsCache', \Elgg\Cache\PluginSettingsCache::class);
+
+        $this->setFactory('privateSettings', function(ServiceProvider $c) {
+            return new \Elgg\Database\PrivateSettingsTable($c->db, $c->entityTable, $c->pluginSettingsCache);
+        });
+
+        $this->setFactory('publicDb', function(ServiceProvider $c) {
+            return new \Elgg\Application\Database($c->db);
+        });
+
+        $this->setFactory('queryCounter', function(ServiceProvider $c) {
+            return new \Elgg\Database\QueryCounter($c->db);
+        }, false);
+
+        $this->setFactory('relationshipsTable', function(ServiceProvider $c) {
+            return new \Elgg\Database\RelationshipsTable($c->db, $c->entityTable, $c->metadataTable, $c->events);
+        });
+
+        $this->setFactory('request', [\Elgg\Http\Request::class, 'createFromGlobals']);
+
+        $this->setFactory('responseFactory', function(ServiceProvider $c) {
+            if (PHP_SAPI === 'cli') {
+                $transport = new \Elgg\Http\OutputBufferTransport();
+            } else {
+                $transport = new \Elgg\Http\HttpProtocolTransport();
+            }
+            return new \Elgg\Http\ResponseFactory($c->request, $c->hooks, $c->ajax, $transport);
+        });
+
+        $this->setFactory('router', function(ServiceProvider $c) {
+            // TODO(evan): Init routes from plugins or cache
+            $router = new \Elgg\Router($c->hooks);
+            if ($c->config->getVolatile('enable_profiling')) {
+                $router->setTimer($c->timer);
+            }
+            return $router;
+        });
+
+        $this->setFactory('serveFileHandler', function(ServiceProvider $c) {
+            return new \Elgg\Application\ServeFileHandler($c->hmac, $c->config);
+        });
+
+        $this->setFactory('session', function(ServiceProvider $c) {
+            $params = $c->config->getCookieConfig()['session'];
+            $options = [
+                // session.cache_limiter is unfortunately set to "" by the NativeSessionStorage
+                // constructor, so we must capture and inject it directly.
+                'cache_limiter' => session_cache_limiter(),
+
+                'name' => $params['name'],
+                'cookie_path' => $params['path'],
+                'cookie_domain' => $params['domain'],
+                'cookie_secure' => $params['secure'],
+                'cookie_httponly' => $params['httponly'],
+                'cookie_lifetime' => $params['lifetime'],
+            ];
+
+            $handler = new \Elgg\Http\DatabaseSessionHandler($c->db);
+            $storage = new NativeSessionStorage($options, $handler);
+            $session = new SymfonySession($storage);
+            return new \ElggSession($session);
+        });
+
+        $this->setClassName('urlSigner', \Elgg\Security\UrlSigner::class);
+
+        $this->setFactory('simpleCache', function(ServiceProvider $c) {
+            return new \Elgg\Cache\SimpleCache($c->config, $c->views);
+        });
+
+        $this->setFactory('siteSecret', function(ServiceProvider $c) {
+            $c->config->setConfigTable($c->configTable);
+            return new \Elgg\Database\SiteSecret($c->config);
+        });
+
+        $this->setClassName('stickyForms', \Elgg\Forms\StickyForms::class);
+
+        $this->setFactory('subtypeTable', function(ServiceProvider $c) {
+            return new \Elgg\Database\SubtypeTable($c->db);
+        });
+
+        $this->setFactory('systemCache', function (ServiceProvider $c) {
+            $cache = new \Elgg\Cache\SystemCache($c->fileCache, $c->config);
+            if ($c->config->getVolatile('enable_profiling')) {
+                $cache->setTimer($c->timer);
+            }
+            return $cache;
+        });
+
+        $this->setFactory('systemMessages', function(ServiceProvider $c) {
+            return new \Elgg\SystemMessagesService($c->session);
+        });
+
+        $this->setClassName('table_columns', \Elgg\Views\TableColumn\ColumnFactory::class);
+
+        $this->setClassName('timer', \Elgg\Timer::class);
+
+        $this->setFactory('translator', function(ServiceProvider $c) {
+            return new \Elgg\I18n\Translator($c->config);
+        });
+
+        $this->setFactory('uploads', function(ServiceProvider $c) {
+            return new \Elgg\UploadService($c->request);
+        });
+
+        $this->setFactory('upgrades', function(ServiceProvider $c) {
+            return new \Elgg\UpgradeService(
+                $c->translator,
+                $c->events,
+                $c->hooks,
+                $c->config,
+                $c->logger,
+                $c->mutex
+            );
+        });
+
+        $this->setFactory('userCapabilities', function(ServiceProvider $c) {
+            return new \Elgg\UserCapabilities($c->hooks, $c->entityTable, $c->session);
+        });
+
+        $this->setFactory('usersTable', function(ServiceProvider $c) {
+            return new \Elgg\Database\UsersTable(
+                $c->config,
+                $c->db,
+                $c->entityTable,
+                $c->entityCache,
+                $c->events
+            );
+        });
+
+        $this->setFactory('upgradeLocator', function(ServiceProvider $c) {
+            return new \Elgg\Upgrade\Locator(
+                $c->plugins,
+                $c->logger,
+                $c->privateSettings
+            );
+        });
+
+        $this->setFactory('views', function(ServiceProvider $c) {
+            return new \Elgg\ViewsService($c->hooks, $c->logger);
+        });
+
+        $this->setClassName('widgets', \Elgg\WidgetsService::class);
+    }
 }

Please login to merge, or discard this patch.

engine/classes/Elgg/Security/HmacFactory.php 1 patch

Indentation +33 added lines, -33 removed lines patch added patch discarded remove patch

@@ -9,40 +9,40 @@
 block discarded – undo
  */
 class HmacFactory {
 
-	/**
-	 * @var SiteSecret
-	 */
-	private $site_secret;
+    /**
+     * @var SiteSecret
+     */
+    private $site_secret;
 
-	/**
-	 * @var ElggCrypto
-	 */
-	private $crypto;
+    /**
+     * @var ElggCrypto
+     */
+    private $crypto;
 
-	/**
-	 * Constructor
-	 *
-	 * @param SiteSecret $secret Site secret
-	 * @param ElggCrypto $crypto Elgg crypto service
-	 */
-	public function __construct(SiteSecret $secret, ElggCrypto $crypto) {
-		$this->site_secret = $secret;
-		$this->crypto = $crypto;
-	}
+    /**
+     * Constructor
+     *
+     * @param SiteSecret $secret Site secret
+     * @param ElggCrypto $crypto Elgg crypto service
+     */
+    public function __construct(SiteSecret $secret, ElggCrypto $crypto) {
+        $this->site_secret = $secret;
+        $this->crypto = $crypto;
+    }
 
-	/**
-	 * Get an HMAC token builder/validator object
-	 *
-	 * @param mixed  $data HMAC data or serializable data
-	 * @param string $algo Hash algorithm
-	 * @param string $key  Optional key (default uses site secret)
-	 *
-	 * @return Hmac
-	 */
-	public function getHmac($data, $algo = 'sha256', $key = '') {
-		if (!$key) {
-			$key = $this->site_secret->get(true);
-		}
-		return new Hmac($key, [$this->crypto, 'areEqual'], $data, $algo);
-	}
+    /**
+     * Get an HMAC token builder/validator object
+     *
+     * @param mixed  $data HMAC data or serializable data
+     * @param string $algo Hash algorithm
+     * @param string $key  Optional key (default uses site secret)
+     *
+     * @return Hmac
+     */
+    public function getHmac($data, $algo = 'sha256', $key = '') {
+        if (!$key) {
+            $key = $this->site_secret->get(true);
+        }
+        return new Hmac($key, [$this->crypto, 'areEqual'], $data, $algo);
+    }
 }

Please login to merge, or discard this patch.

engine/classes/Elgg/Application/ServeFileHandler.php 1 patch

Indentation +126 added lines, -126 removed lines patch added patch discarded remove patch

@@ -21,134 +21,134 @@
 block discarded – undo
  */
 class ServeFileHandler {
 
-	/**
-	 * @var HmacFactory
-	 */
-	private $hmac;
-
-	/**
-	 * @var Config
-	 */
-	private $config;
-
-	/**
-	 * Constructor
-	 *
-	 * @param HmacFactory $hmac   HMAC service
-	 * @param Config      $config Config service
-	 */
-	public function __construct(HmacFactory $hmac, Config $config) {
-		$this->hmac = $hmac;
-		$this->config = $config;
-	}
-
-	/**
-	 * Handle a request for a file
-	 *
-	 * @param Request $request HTTP request
-	 * @return Response
-	 */
-	public function getResponse(Request $request) {
-
-		$response = new Response();
-		$response->prepare($request);
-
-		$path = implode('/', $request->getUrlSegments(true));
-		if (!preg_match('~serve-file/e(\d+)/l(\d+)/d([ia])/c([01])/([a-zA-Z0-9\-_]+)/(.*)$~', $path, $m)) {
-			return $response->setStatusCode(400)->setContent('Malformatted request URL');
-		}
-
-		list(, $expires, $last_updated, $disposition, $use_cookie, $mac, $path_from_dataroot) = $m;
-
-		if ($expires && $expires < time()) {
-			return $response->setStatusCode(403)->setContent('URL has expired');
-		}
-
-		$hmac_data = [
-			'expires' => (int) $expires,
-			'last_updated' => (int) $last_updated,
-			'disposition' => $disposition,
-			'path' => $path_from_dataroot,
-			'use_cookie' => (int) $use_cookie,
-		];
-		if ((bool) $use_cookie) {
-			$hmac_data['cookie'] = $this->getCookieValue($request);
-		}
-		ksort($hmac_data);
-
-		$hmac = $this->hmac->getHmac($hmac_data);
-		if (!$hmac->matchesToken($mac)) {
-			return $response->setStatusCode(403)->setContent('HMAC mistmatch');
-		}
-
-		// Path may have been encoded to avoid problems with special chars in URLs
-		if (0 === strpos($path_from_dataroot, ':')) {
-			$path_from_dataroot = Base64Url::decode(substr($path_from_dataroot, 1));
-		}
-
-		$dataroot = $this->config->getDataPath();
-		$filenameonfilestore = "{$dataroot}{$path_from_dataroot}";
-
-		if (!is_readable($filenameonfilestore)) {
-			return $response->setStatusCode(404)->setContent('File not found');
-		}
-
-		$actual_last_updated = filemtime($filenameonfilestore);
-		if ($actual_last_updated != $last_updated) {
-			return $response->setStatusCode(403)->setContent('URL has expired');
-		}
-
-		$if_none_match = $request->headers->get('if_none_match');
-		if (!empty($if_none_match)) {
-			// strip mod_deflate suffixes
-			$request->headers->set('if_none_match', str_replace('-gzip', '', $if_none_match));
-		}
-
-		$etag = '"' . $actual_last_updated . '"';
-		$response->setPublic()->setEtag($etag);
-		if ($response->isNotModified($request)) {
-			return $response;
-		}
-
-		$public = $use_cookie ? false : true;
-		$content_disposition = $disposition == 'i' ? 'inline' : 'attachment';
-
-		$headers = [
-			'Content-Type' => (new MimeTypeDetector())->getType($filenameonfilestore),
-		];
-		$response = new BinaryFileResponse($filenameonfilestore, 200, $headers, $public, $content_disposition);
+    /**
+     * @var HmacFactory
+     */
+    private $hmac;
+
+    /**
+     * @var Config
+     */
+    private $config;
+
+    /**
+     * Constructor
+     *
+     * @param HmacFactory $hmac   HMAC service
+     * @param Config      $config Config service
+     */
+    public function __construct(HmacFactory $hmac, Config $config) {
+        $this->hmac = $hmac;
+        $this->config = $config;
+    }
+
+    /**
+     * Handle a request for a file
+     *
+     * @param Request $request HTTP request
+     * @return Response
+     */
+    public function getResponse(Request $request) {
+
+        $response = new Response();
+        $response->prepare($request);
+
+        $path = implode('/', $request->getUrlSegments(true));
+        if (!preg_match('~serve-file/e(\d+)/l(\d+)/d([ia])/c([01])/([a-zA-Z0-9\-_]+)/(.*)$~', $path, $m)) {
+            return $response->setStatusCode(400)->setContent('Malformatted request URL');
+        }
+
+        list(, $expires, $last_updated, $disposition, $use_cookie, $mac, $path_from_dataroot) = $m;
+
+        if ($expires && $expires < time()) {
+            return $response->setStatusCode(403)->setContent('URL has expired');
+        }
+
+        $hmac_data = [
+            'expires' => (int) $expires,
+            'last_updated' => (int) $last_updated,
+            'disposition' => $disposition,
+            'path' => $path_from_dataroot,
+            'use_cookie' => (int) $use_cookie,
+        ];
+        if ((bool) $use_cookie) {
+            $hmac_data['cookie'] = $this->getCookieValue($request);
+        }
+        ksort($hmac_data);
+
+        $hmac = $this->hmac->getHmac($hmac_data);
+        if (!$hmac->matchesToken($mac)) {
+            return $response->setStatusCode(403)->setContent('HMAC mistmatch');
+        }
+
+        // Path may have been encoded to avoid problems with special chars in URLs
+        if (0 === strpos($path_from_dataroot, ':')) {
+            $path_from_dataroot = Base64Url::decode(substr($path_from_dataroot, 1));
+        }
+
+        $dataroot = $this->config->getDataPath();
+        $filenameonfilestore = "{$dataroot}{$path_from_dataroot}";
+
+        if (!is_readable($filenameonfilestore)) {
+            return $response->setStatusCode(404)->setContent('File not found');
+        }
+
+        $actual_last_updated = filemtime($filenameonfilestore);
+        if ($actual_last_updated != $last_updated) {
+            return $response->setStatusCode(403)->setContent('URL has expired');
+        }
+
+        $if_none_match = $request->headers->get('if_none_match');
+        if (!empty($if_none_match)) {
+            // strip mod_deflate suffixes
+            $request->headers->set('if_none_match', str_replace('-gzip', '', $if_none_match));
+        }
+
+        $etag = '"' . $actual_last_updated . '"';
+        $response->setPublic()->setEtag($etag);
+        if ($response->isNotModified($request)) {
+            return $response;
+        }
+
+        $public = $use_cookie ? false : true;
+        $content_disposition = $disposition == 'i' ? 'inline' : 'attachment';
+
+        $headers = [
+            'Content-Type' => (new MimeTypeDetector())->getType($filenameonfilestore),
+        ];
+        $response = new BinaryFileResponse($filenameonfilestore, 200, $headers, $public, $content_disposition);
 		
-		$sendfile_type = $this->config->getVolatile('X-Sendfile-Type');
-		if ($sendfile_type) {
-			$request->headers->set('X-Sendfile-Type', $sendfile_type);
+        $sendfile_type = $this->config->getVolatile('X-Sendfile-Type');
+        if ($sendfile_type) {
+            $request->headers->set('X-Sendfile-Type', $sendfile_type);
 
-			$mapping = (string) $this->config->getVolatile('X-Accel-Mapping');
-			$request->headers->set('X-Accel-Mapping', $mapping);
+            $mapping = (string) $this->config->getVolatile('X-Accel-Mapping');
+            $request->headers->set('X-Accel-Mapping', $mapping);
 
-			$response->trustXSendfileTypeHeader();
-		}
+            $response->trustXSendfileTypeHeader();
+        }
 		
-		$response->prepare($request);
-
-		if (empty($expires)) {
-			$expires = strtotime('+1 year');
-		}
-		$expires_dt = (new DateTime())->setTimestamp($expires);
-		$response->setExpires($expires_dt);
-
-		$response->setEtag($etag);
-		return $response;
-	}
-
-	/**
-	 * Get the session ID from the cookie
-	 *
-	 * @param Request $request Elgg request
-	 * @return string
-	 */
-	private function getCookieValue(Request $request) {
-		$config = $this->config->getCookieConfig();
-		$session_name = $config['session']['name'];
-		return $request->cookies->get($session_name, '');
-	}
+        $response->prepare($request);
+
+        if (empty($expires)) {
+            $expires = strtotime('+1 year');
+        }
+        $expires_dt = (new DateTime())->setTimestamp($expires);
+        $response->setExpires($expires_dt);
+
+        $response->setEtag($etag);
+        return $response;
+    }
+
+    /**
+     * Get the session ID from the cookie
+     *
+     * @param Request $request Elgg request
+     * @return string
+     */
+    private function getCookieValue(Request $request) {
+        $config = $this->config->getCookieConfig();
+        $session_name = $config['session']['name'];
+        return $request->cookies->get($session_name, '');
+    }
 }

Please login to merge, or discard this patch.

		@@ -10,276 +10,276 @@
		block discarded – undo
10	10	*/
11	11	class ElggCrypto {
12	12
13		- /**
14		- * Character set for temp passwords (no risk of embedded profanity/glyphs that look similar)
15		- */
16		- const CHARS_PASSWORD = 'bcdfghjklmnpqrstvwxyz2346789';
	13	+ /**
	14	+ * Character set for temp passwords (no risk of embedded profanity/glyphs that look similar)
	15	+ */
	16	+ const CHARS_PASSWORD = 'bcdfghjklmnpqrstvwxyz2346789';
17	17
18		- /**
19		- * Character set for hexadecimal
20		- */
21		- const CHARS_HEX = '0123456789abcdef';
	18	+ /**
	19	+ * Character set for hexadecimal
	20	+ */
	21	+ const CHARS_HEX = '0123456789abcdef';
22	22
23		- /**
24		- * Generate a string of highly randomized bytes (over the full 8-bit range).
25		- *
26		- * @param int $length Number of bytes needed
27		- * @return string Random bytes
28		- *
29		- * @author George Argyros <[email protected]>
30		- * @copyright 2012, George Argyros. All rights reserved.
31		- * @license Modified BSD
32		- * @link https://github.com/GeorgeArgyros/Secure-random-bytes-in-PHP/blob/master/srand.php Original
33		- *
34		- * Redistribution and use in source and binary forms, with or without
35		- * modification, are permitted provided that the following conditions are met:
36		- * * Redistributions of source code must retain the above copyright
37		- * notice, this list of conditions and the following disclaimer.
38		- * * Redistributions in binary form must reproduce the above copyright
39		- * notice, this list of conditions and the following disclaimer in the
40		- * documentation and/or other materials provided with the distribution.
41		- * * Neither the name of the <organization> nor the
42		- * names of its contributors may be used to endorse or promote products
43		- * derived from this software without specific prior written permission.
44		- *
45		- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
46		- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
47		- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
48		- * DISCLAIMED. IN NO EVENT SHALL GEORGE ARGYROS BE LIABLE FOR ANY
49		- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
50		- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
51		- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
52		- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
53		- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
54		- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
55		- */
56		- public function getRandomBytes($length) {
57		- if (is_callable('random_bytes')) {
58		- try {
59		- return random_bytes($length);
60		- } catch (\Exception $e) {
61		- }
62		- }
	23	+ /**
	24	+ * Generate a string of highly randomized bytes (over the full 8-bit range).
	25	+ *
	26	+ * @param int $length Number of bytes needed
	27	+ * @return string Random bytes
	28	+ *
	29	+ * @author George Argyros <[email protected]>
	30	+ * @copyright 2012, George Argyros. All rights reserved.
	31	+ * @license Modified BSD
	32	+ * @link https://github.com/GeorgeArgyros/Secure-random-bytes-in-PHP/blob/master/srand.php Original
	33	+ *
	34	+ * Redistribution and use in source and binary forms, with or without
	35	+ * modification, are permitted provided that the following conditions are met:
	36	+ * * Redistributions of source code must retain the above copyright
	37	+ * notice, this list of conditions and the following disclaimer.
	38	+ * * Redistributions in binary form must reproduce the above copyright
	39	+ * notice, this list of conditions and the following disclaimer in the
	40	+ * documentation and/or other materials provided with the distribution.
	41	+ * * Neither the name of the <organization> nor the
	42	+ * names of its contributors may be used to endorse or promote products
	43	+ * derived from this software without specific prior written permission.
	44	+ *
	45	+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	46	+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	47	+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	48	+ * DISCLAIMED. IN NO EVENT SHALL GEORGE ARGYROS BE LIABLE FOR ANY
	49	+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
	50	+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	51	+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
	52	+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	53	+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
	54	+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	55	+ */
	56	+ public function getRandomBytes($length) {
	57	+ if (is_callable('random_bytes')) {
	58	+ try {
	59	+ return random_bytes($length);
	60	+ } catch (\Exception $e) {
	61	+ }
	62	+ }
63	63
64		- $SSLstr = '4'; // http://xkcd.com/221/
	64	+ $SSLstr = '4'; // http://xkcd.com/221/
65	65
66		- /**
67		- * Our primary choice for a cryptographic strong randomness function is
68		- * openssl_random_pseudo_bytes.
69		- */
70		- if (function_exists('openssl_random_pseudo_bytes') && substr(PHP_OS, 0, 3) !== 'WIN') {
71		- $SSLstr = openssl_random_pseudo_bytes($length, $strong);
72		- if ($strong) {
73		- return $SSLstr;
74		- }
75		- }
	66	+ /**
	67	+ * Our primary choice for a cryptographic strong randomness function is
	68	+ * openssl_random_pseudo_bytes.
	69	+ */
	70	+ if (function_exists('openssl_random_pseudo_bytes') && substr(PHP_OS, 0, 3) !== 'WIN') {
	71	+ $SSLstr = openssl_random_pseudo_bytes($length, $strong);
	72	+ if ($strong) {
	73	+ return $SSLstr;
	74	+ }
	75	+ }
76	76
77		- /**
78		- * If mcrypt extension is available then we use it to gather entropy from
79		- * the operating system's PRNG. This is better than reading /dev/urandom
80		- * directly since it avoids reading larger blocks of data than needed.
81		- */
82		- if (function_exists('mcrypt_create_iv') && substr(PHP_OS, 0, 3) !== 'WIN') {
83		- $str = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
84		- if ($str !== false) {
85		- return $str;
86		- }
87		- }
	77	+ /**
	78	+ * If mcrypt extension is available then we use it to gather entropy from
	79	+ * the operating system's PRNG. This is better than reading /dev/urandom
	80	+ * directly since it avoids reading larger blocks of data than needed.
	81	+ */
	82	+ if (function_exists('mcrypt_create_iv') && substr(PHP_OS, 0, 3) !== 'WIN') {
	83	+ $str = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
	84	+ if ($str !== false) {
	85	+ return $str;
	86	+ }
	87	+ }
88	88
89		- /**
90		- * No build-in crypto randomness function found. We collect any entropy
91		- * available in the PHP core PRNGs along with some filesystem info and memory
92		- * stats. To make this data cryptographically strong we add data either from
93		- * /dev/urandom or if its unavailable, we gather entropy by measuring the
94		- * time needed to compute a number of SHA-1 hashes.
95		- */
96		- $str = '';
97		- $bits_per_round = 2; // bits of entropy collected in each clock drift round
98		- $msec_per_round = 400; // expected running time of each round in microseconds
99		- $hash_len = 20; // SHA-1 Hash length
100		- $total = $length; // total bytes of entropy to collect
	89	+ /**
	90	+ * No build-in crypto randomness function found. We collect any entropy
	91	+ * available in the PHP core PRNGs along with some filesystem info and memory
	92	+ * stats. To make this data cryptographically strong we add data either from
	93	+ * /dev/urandom or if its unavailable, we gather entropy by measuring the
	94	+ * time needed to compute a number of SHA-1 hashes.
	95	+ */
	96	+ $str = '';
	97	+ $bits_per_round = 2; // bits of entropy collected in each clock drift round
	98	+ $msec_per_round = 400; // expected running time of each round in microseconds
	99	+ $hash_len = 20; // SHA-1 Hash length
	100	+ $total = $length; // total bytes of entropy to collect
101	101
102		- $handle = @fopen('/dev/urandom', 'rb');
103		- if ($handle && function_exists('stream_set_read_buffer')) {
104		- @stream_set_read_buffer($handle, 0);
105		- }
	102	+ $handle = @fopen('/dev/urandom', 'rb');
	103	+ if ($handle && function_exists('stream_set_read_buffer')) {
	104	+ @stream_set_read_buffer($handle, 0);
	105	+ }
106	106
107		- do {
108		- $bytes = ($total > $hash_len) ? $hash_len : $total;
109		- $total -= $bytes;
	107	+ do {
	108	+ $bytes = ($total > $hash_len) ? $hash_len : $total;
	109	+ $total -= $bytes;
110	110
111		- //collect any entropy available from the PHP system and filesystem
112		- $entropy = rand() . uniqid(mt_rand(), true) . $SSLstr;
113		- $entropy .= implode('', @fstat(@fopen(__FILE__, 'r')));
114		- $entropy .= memory_get_usage() . getmypid();
115		- $entropy .= serialize($_ENV) . serialize($_SERVER);
116		- if (function_exists('posix_times')) {
117		- $entropy .= serialize(posix_times());
118		- }
119		- if (function_exists('zend_thread_id')) {
120		- $entropy .= zend_thread_id();
121		- }
	111	+ //collect any entropy available from the PHP system and filesystem
	112	+ $entropy = rand() . uniqid(mt_rand(), true) . $SSLstr;
	113	+ $entropy .= implode('', @fstat(@fopen(__FILE__, 'r')));
	114	+ $entropy .= memory_get_usage() . getmypid();
	115	+ $entropy .= serialize($_ENV) . serialize($_SERVER);
	116	+ if (function_exists('posix_times')) {
	117	+ $entropy .= serialize(posix_times());
	118	+ }
	119	+ if (function_exists('zend_thread_id')) {
	120	+ $entropy .= zend_thread_id();
	121	+ }
122	122
123		- if ($handle) {
124		- $entropy .= @fread($handle, $bytes);
125		- } else {
126		- // In the future we should consider outright refusing to generate bytes without an
127		- // official random source, as many consider hacks like this irresponsible.
	123	+ if ($handle) {
	124	+ $entropy .= @fread($handle, $bytes);
	125	+ } else {
	126	+ // In the future we should consider outright refusing to generate bytes without an
	127	+ // official random source, as many consider hacks like this irresponsible.
128	128
129		- // Measure the time that the operations will take on average
130		- for ($i = 0; $i < 3; $i++) {
131		- $c1 = microtime(true);
132		- $var = sha1(mt_rand());
133		- for ($j = 0; $j < 50; $j++) {
134		- $var = sha1($var);
135		- }
136		- $c2 = microtime(true);
137		- $entropy .= $c1 . $c2;
138		- }
	129	+ // Measure the time that the operations will take on average
	130	+ for ($i = 0; $i < 3; $i++) {
	131	+ $c1 = microtime(true);
	132	+ $var = sha1(mt_rand());
	133	+ for ($j = 0; $j < 50; $j++) {
	134	+ $var = sha1($var);
	135	+ }
	136	+ $c2 = microtime(true);
	137	+ $entropy .= $c1 . $c2;
	138	+ }
139	139
140		- // Based on the above measurement determine the total rounds
141		- // in order to bound the total running time.
142		- if ($c2 - $c1 == 0) {
143		- // This occurs on some Windows systems. On a late 2013 MacBook Pro, 2.6 GHz Intel Core i7
144		- // this averaged 400, so we're just going with that. With all the other entropy gathered
145		- // this should be sufficient.
146		- $rounds = 400;
147		- } else {
148		- $rounds = (int) ($msec_per_round * 50 / (int) (($c2 - $c1) * 1000000));
149		- }
	140	+ // Based on the above measurement determine the total rounds
	141	+ // in order to bound the total running time.
	142	+ if ($c2 - $c1 == 0) {
	143	+ // This occurs on some Windows systems. On a late 2013 MacBook Pro, 2.6 GHz Intel Core i7
	144	+ // this averaged 400, so we're just going with that. With all the other entropy gathered
	145	+ // this should be sufficient.
	146	+ $rounds = 400;
	147	+ } else {
	148	+ $rounds = (int) ($msec_per_round * 50 / (int) (($c2 - $c1) * 1000000));
	149	+ }
150	150
151		- // Take the additional measurements. On average we can expect
152		- // at least $bits_per_round bits of entropy from each measurement.
153		- $iter = $bytes * (int) (ceil(8 / $bits_per_round));
	151	+ // Take the additional measurements. On average we can expect
	152	+ // at least $bits_per_round bits of entropy from each measurement.
	153	+ $iter = $bytes * (int) (ceil(8 / $bits_per_round));
154	154
155		- for ($i = 0; $i < $iter; $i++) {
156		- $c1 = microtime();
157		- $var = sha1(mt_rand());
158		- for ($j = 0; $j < $rounds; $j++) {
159		- $var = sha1($var);
160		- }
161		- $c2 = microtime();
162		- $entropy .= $c1 . $c2;
163		- }
164		- }
	155	+ for ($i = 0; $i < $iter; $i++) {
	156	+ $c1 = microtime();
	157	+ $var = sha1(mt_rand());
	158	+ for ($j = 0; $j < $rounds; $j++) {
	159	+ $var = sha1($var);
	160	+ }
	161	+ $c2 = microtime();
	162	+ $entropy .= $c1 . $c2;
	163	+ }
	164	+ }
165	165
166		- // We assume sha1 is a deterministic extractor for the $entropy variable.
167		- $str .= sha1($entropy, true);
168		- } while ($length > strlen($str));
	166	+ // We assume sha1 is a deterministic extractor for the $entropy variable.
	167	+ $str .= sha1($entropy, true);
	168	+ } while ($length > strlen($str));
169	169
170		- if ($handle) {
171		- @fclose($handle);
172		- }
	170	+ if ($handle) {
	171	+ @fclose($handle);
	172	+ }
173	173
174		- return substr($str, 0, $length);
175		- }
	174	+ return substr($str, 0, $length);
	175	+ }
176	176
177		- /**
178		- * Generate a random string of specified length.
179		- *
180		- * Uses supplied character list for generating the new string.
181		- * If no character list provided - uses Base64 URL character set.
182		- *
183		- * @param int $length Desired length of the string
184		- * @param string\|null $chars Characters to be chosen from randomly. If not given, the Base64 URL
185		- * charset will be used.
186		- *
187		- * @return string The random string
188		- *
189		- * @throws InvalidArgumentException
190		- *
191		- * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
192		- * @license http://framework.zend.com/license/new-bsd New BSD License
193		- *
194		- * @see https://github.com/zendframework/zf2/blob/master/library/Zend/Math/Rand.php#L179
195		- */
196		- public function getRandomString($length, $chars = null) {
197		- if ($length < 1) {
198		- throw new \InvalidArgumentException('Length should be >= 1');
199		- }
	177	+ /**
	178	+ * Generate a random string of specified length.
	179	+ *
	180	+ * Uses supplied character list for generating the new string.
	181	+ * If no character list provided - uses Base64 URL character set.
	182	+ *
	183	+ * @param int $length Desired length of the string
	184	+ * @param string\|null $chars Characters to be chosen from randomly. If not given, the Base64 URL
	185	+ * charset will be used.
	186	+ *
	187	+ * @return string The random string
	188	+ *
	189	+ * @throws InvalidArgumentException
	190	+ *
	191	+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
	192	+ * @license http://framework.zend.com/license/new-bsd New BSD License
	193	+ *
	194	+ * @see https://github.com/zendframework/zf2/blob/master/library/Zend/Math/Rand.php#L179
	195	+ */
	196	+ public function getRandomString($length, $chars = null) {
	197	+ if ($length < 1) {
	198	+ throw new \InvalidArgumentException('Length should be >= 1');
	199	+ }
200	200
201		- if (empty($chars)) {
202		- $numBytes = ceil($length * 0.75);
203		- $bytes = $this->getRandomBytes($numBytes);
204		- $string = substr(rtrim(base64_encode($bytes), '='), 0, $length);
	201	+ if (empty($chars)) {
	202	+ $numBytes = ceil($length * 0.75);
	203	+ $bytes = $this->getRandomBytes($numBytes);
	204	+ $string = substr(rtrim(base64_encode($bytes), '='), 0, $length);
205	205
206		- // Base64 URL
207		- return strtr($string, '+/', '-_');
208		- }
	206	+ // Base64 URL
	207	+ return strtr($string, '+/', '-_');
	208	+ }
209	209
210		- if ($chars == self::CHARS_HEX) {
211		- // hex is easy
212		- $bytes = $this->getRandomBytes(ceil($length / 2));
213		- return substr(bin2hex($bytes), 0, $length);
214		- }
	210	+ if ($chars == self::CHARS_HEX) {
	211	+ // hex is easy
	212	+ $bytes = $this->getRandomBytes(ceil($length / 2));
	213	+ return substr(bin2hex($bytes), 0, $length);
	214	+ }
215	215
216		- $listLen = strlen($chars);
	216	+ $listLen = strlen($chars);
217	217
218		- if ($listLen == 1) {
219		- return str_repeat($chars, $length);
220		- }
	218	+ if ($listLen == 1) {
	219	+ return str_repeat($chars, $length);
	220	+ }
221	221
222		- $bytes = $this->getRandomBytes($length);
223		- $pos = 0;
224		- $result = '';
225		- for ($i = 0; $i < $length; $i++) {
226		- $pos = ($pos + ord($bytes[$i])) % $listLen;
227		- $result .= $chars[$pos];
228		- }
	222	+ $bytes = $this->getRandomBytes($length);
	223	+ $pos = 0;
	224	+ $result = '';
	225	+ for ($i = 0; $i < $length; $i++) {
	226	+ $pos = ($pos + ord($bytes[$i])) % $listLen;
	227	+ $result .= $chars[$pos];
	228	+ }
229	229
230		- return $result;
231		- }
	230	+ return $result;
	231	+ }
232	232
233		- /**
234		- * Are two strings equal (compared in constant time)?
235		- *
236		- * @param string $str1 First string to compare
237		- * @param string $str2 Second string to compare
238		- *
239		- * @return bool
240		- *
241		- * Based on password_verify in PasswordCompat
242		- * @author Anthony Ferrara <[email protected]>
243		- * @license http://www.opensource.org/licenses/mit-license.html MIT License
244		- * @copyright 2012 The Authors
245		- */
246		- public function areEqual($str1, $str2) {
247		- $len1 = $this->strlen($str1);
248		- $len2 = $this->strlen($str2);
249		- if ($len1 !== $len2) {
250		- return false;
251		- }
	233	+ /**
	234	+ * Are two strings equal (compared in constant time)?
	235	+ *
	236	+ * @param string $str1 First string to compare
	237	+ * @param string $str2 Second string to compare
	238	+ *
	239	+ * @return bool
	240	+ *
	241	+ * Based on password_verify in PasswordCompat
	242	+ * @author Anthony Ferrara <[email protected]>
	243	+ * @license http://www.opensource.org/licenses/mit-license.html MIT License
	244	+ * @copyright 2012 The Authors
	245	+ */
	246	+ public function areEqual($str1, $str2) {
	247	+ $len1 = $this->strlen($str1);
	248	+ $len2 = $this->strlen($str2);
	249	+ if ($len1 !== $len2) {
	250	+ return false;
	251	+ }
252	252
253		- $status = 0;
254		- for ($i = 0; $i < $len1; $i++) {
255		- $status \|= (ord($str1[$i]) ^ ord($str2[$i]));
256		- }
	253	+ $status = 0;
	254	+ for ($i = 0; $i < $len1; $i++) {
	255	+ $status \|= (ord($str1[$i]) ^ ord($str2[$i]));
	256	+ }
257	257
258		- return $status === 0;
259		- }
	258	+ return $status === 0;
	259	+ }
260	260
261		- /**
262		- * Count the number of bytes in a string
263		- *
264		- * We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension.
265		- * In this case, strlen() will count the number of characters based on the internal encoding. A
266		- * sequence of bytes might be regarded as a single multibyte character.
267		- *
268		- * Use elgg_strlen() to count UTF-characters instead of bytes.
269		- *
270		- * @param string $binary_string The input string
271		- *
272		- * @return int The number of bytes
273		- *
274		- * From PasswordCompat\binary\_strlen
275		- * @author Anthony Ferrara <[email protected]>
276		- * @license http://www.opensource.org/licenses/mit-license.html MIT License
277		- * @copyright 2012 The Authors
278		- */
279		- protected function strlen($binary_string) {
280		- if (function_exists('mb_strlen')) {
281		- return mb_strlen($binary_string, '8bit');
282		- }
283		- return strlen($binary_string);
284		- }
	261	+ /**
	262	+ * Count the number of bytes in a string
	263	+ *
	264	+ * We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension.
	265	+ * In this case, strlen() will count the number of characters based on the internal encoding. A
	266	+ * sequence of bytes might be regarded as a single multibyte character.
	267	+ *
	268	+ * Use elgg_strlen() to count UTF-characters instead of bytes.
	269	+ *
	270	+ * @param string $binary_string The input string
	271	+ *
	272	+ * @return int The number of bytes
	273	+ *
	274	+ * From PasswordCompat\binary\_strlen
	275	+ * @author Anthony Ferrara <[email protected]>
	276	+ * @license http://www.opensource.org/licenses/mit-license.html MIT License
	277	+ * @copyright 2012 The Authors
	278	+ */
	279	+ protected function strlen($binary_string) {
	280	+ if (function_exists('mb_strlen')) {
	281	+ return mb_strlen($binary_string, '8bit');
	282	+ }
	283	+ return strlen($binary_string);
	284	+ }
285	285	}

		@@ -11,139 +11,139 @@
		block discarded – undo
11	11	*/
12	12	class File {
13	13
14		- const INLINE = 'inline';
15		- const ATTACHMENT = 'attachment';
16		-
17		- /**
18		- * @var \ElggFile
19		- */
20		- private $file;
21		-
22		- /**
23		- * @var int
24		- */
25		- private $expires;
26		-
27		- /**
28		- * @var string
29		- */
30		- private $disposition;
31		-
32		- /**
33		- * @var bool
34		- */
35		- private $use_cookie = true;
36		-
37		- /**
38		- * Set file object
39		- *
40		- * @param \ElggFile $file File object
41		- * @return void
42		- */
43		- public function setFile(\ElggFile $file) {
44		- $this->file = $file;
45		- }
46		-
47		- /**
48		- * Returns file object
49		- * @return \ElggFile\|null
50		- */
51		- public function getFile() {
52		- return $this->file;
53		- }
54		-
55		- /**
56		- * Sets URL expiration
57		- *
58		- * @param int $expires String suitable for strtotime()
59		- * @return void
60		- */
61		- public function setExpires($expires = '+2 hours') {
62		- $this->expires = strtotime($expires);
63		- }
64		-
65		- /**
66		- * Sets content disposition
67		- *
68		- * @param string $disposition Content disposition ('inline' or 'attachment')
69		- * @return void
70		- */
71		- public function setDisposition($disposition = self::ATTACHMENT) {
72		- if (!in_array($disposition, [self::ATTACHMENT, self::INLINE])) {
73		- throw new \InvalidArgumentException("Disposition $disposition is not supported in " . __CLASS__);
74		- }
75		- $this->disposition = $disposition;
76		- }
77		-
78		- /**
79		- * Bind URL to current user session
80		- *
81		- * @param bool $use_cookie Use cookie
82		- * @return void
83		- */
84		- public function bindSession($use_cookie = true) {
85		- $this->use_cookie = $use_cookie;
86		- }
87		-
88		- /**
89		- * Returns publicly accessible URL
90		- * @return string\|false
91		- */
92		- public function getURL() {
93		-
94		- if (!$this->file instanceof \ElggFile \|\| !$this->file->exists()) {
95		- elgg_log("Unable to resolve resource URL for a file that does not exist on filestore");
96		- return false;
97		- }
98		-
99		- $relative_path = '';
100		- $root_prefix = _elgg_services()->config->getDataPath();
101		- $path = $this->file->getFilenameOnFilestore();
102		- if (substr($path, 0, strlen($root_prefix)) == $root_prefix) {
103		- $relative_path = substr($path, strlen($root_prefix));
104		- }
105		-
106		- if (!$relative_path) {
107		- elgg_log("Unable to resolve relative path of the file on the filestore");
108		- return false;
109		- }
110		-
111		- if (preg_match('~[^a-zA-Z0-9_\./ ]~', $relative_path)) {
112		- // Filenames may contain special characters that result in malformatted URLs
113		- // and/or HMAC mismatches. We want to avoid that by encoding the path.
114		- $relative_path = ':' . Base64Url::encode($relative_path);
115		- }
116		-
117		- $data = [
118		- 'expires' => isset($this->expires) ? $this->expires : 0,
119		- 'last_updated' => filemtime($this->file->getFilenameOnFilestore()),
120		- 'disposition' => $this->disposition == self::INLINE ? 'i' : 'a',
121		- 'path' => $relative_path,
122		- ];
123		-
124		- if ($this->use_cookie) {
125		- $data['cookie'] = _elgg_services()->session->getId();
126		- if (empty($data['cookie'])) {
127		- return false;
128		- }
129		- $data['use_cookie'] = 1;
130		- } else {
131		- $data['use_cookie'] = 0;
132		- }
133		-
134		- ksort($data);
135		- $mac = _elgg_services()->hmac->getHmac($data)->getToken();
136		-
137		- $url_segments = [
138		- 'serve-file',
139		- "e{$data['expires']}",
140		- "l{$data['last_updated']}",
141		- "d{$data['disposition']}",
142		- "c{$data['use_cookie']}",
143		- $mac,
144		- $relative_path,
145		- ];
146		-
147		- return elgg_normalize_url(implode('/', $url_segments));
148		- }
	14	+ const INLINE = 'inline';
	15	+ const ATTACHMENT = 'attachment';
	16	+
	17	+ /**
	18	+ * @var \ElggFile
	19	+ */
	20	+ private $file;
	21	+
	22	+ /**
	23	+ * @var int
	24	+ */
	25	+ private $expires;
	26	+
	27	+ /**
	28	+ * @var string
	29	+ */
	30	+ private $disposition;
	31	+
	32	+ /**
	33	+ * @var bool
	34	+ */
	35	+ private $use_cookie = true;
	36	+
	37	+ /**
	38	+ * Set file object
	39	+ *
	40	+ * @param \ElggFile $file File object
	41	+ * @return void
	42	+ */
	43	+ public function setFile(\ElggFile $file) {
	44	+ $this->file = $file;
	45	+ }
	46	+
	47	+ /**
	48	+ * Returns file object
	49	+ * @return \ElggFile\|null
	50	+ */
	51	+ public function getFile() {
	52	+ return $this->file;
	53	+ }
	54	+
	55	+ /**
	56	+ * Sets URL expiration
	57	+ *
	58	+ * @param int $expires String suitable for strtotime()
	59	+ * @return void
	60	+ */
	61	+ public function setExpires($expires = '+2 hours') {
	62	+ $this->expires = strtotime($expires);
	63	+ }
	64	+
	65	+ /**
	66	+ * Sets content disposition
	67	+ *
	68	+ * @param string $disposition Content disposition ('inline' or 'attachment')
	69	+ * @return void
	70	+ */
	71	+ public function setDisposition($disposition = self::ATTACHMENT) {
	72	+ if (!in_array($disposition, [self::ATTACHMENT, self::INLINE])) {
	73	+ throw new \InvalidArgumentException("Disposition $disposition is not supported in " . __CLASS__);
	74	+ }
	75	+ $this->disposition = $disposition;
	76	+ }
	77	+
	78	+ /**
	79	+ * Bind URL to current user session
	80	+ *
	81	+ * @param bool $use_cookie Use cookie
	82	+ * @return void
	83	+ */
	84	+ public function bindSession($use_cookie = true) {
	85	+ $this->use_cookie = $use_cookie;
	86	+ }
	87	+
	88	+ /**
	89	+ * Returns publicly accessible URL
	90	+ * @return string\|false
	91	+ */
	92	+ public function getURL() {
	93	+
	94	+ if (!$this->file instanceof \ElggFile \|\| !$this->file->exists()) {
	95	+ elgg_log("Unable to resolve resource URL for a file that does not exist on filestore");
	96	+ return false;
	97	+ }
	98	+
	99	+ $relative_path = '';
	100	+ $root_prefix = _elgg_services()->config->getDataPath();
	101	+ $path = $this->file->getFilenameOnFilestore();
	102	+ if (substr($path, 0, strlen($root_prefix)) == $root_prefix) {
	103	+ $relative_path = substr($path, strlen($root_prefix));
	104	+ }
	105	+
	106	+ if (!$relative_path) {
	107	+ elgg_log("Unable to resolve relative path of the file on the filestore");
	108	+ return false;
	109	+ }
	110	+
	111	+ if (preg_match('~[^a-zA-Z0-9_\./ ]~', $relative_path)) {
	112	+ // Filenames may contain special characters that result in malformatted URLs
	113	+ // and/or HMAC mismatches. We want to avoid that by encoding the path.
	114	+ $relative_path = ':' . Base64Url::encode($relative_path);
	115	+ }
	116	+
	117	+ $data = [
	118	+ 'expires' => isset($this->expires) ? $this->expires : 0,
	119	+ 'last_updated' => filemtime($this->file->getFilenameOnFilestore()),
	120	+ 'disposition' => $this->disposition == self::INLINE ? 'i' : 'a',
	121	+ 'path' => $relative_path,
	122	+ ];
	123	+
	124	+ if ($this->use_cookie) {
	125	+ $data['cookie'] = _elgg_services()->session->getId();
	126	+ if (empty($data['cookie'])) {
	127	+ return false;
	128	+ }
	129	+ $data['use_cookie'] = 1;
	130	+ } else {
	131	+ $data['use_cookie'] = 0;
	132	+ }
	133	+
	134	+ ksort($data);
	135	+ $mac = _elgg_services()->hmac->getHmac($data)->getToken();
	136	+
	137	+ $url_segments = [
	138	+ 'serve-file',
	139	+ "e{$data['expires']}",
	140	+ "l{$data['last_updated']}",
	141	+ "d{$data['disposition']}",
	142	+ "c{$data['use_cookie']}",
	143	+ $mac,
	144	+ $relative_path,
	145	+ ];
	146	+
	147	+ return elgg_normalize_url(implode('/', $url_segments));
	148	+ }
149	149	}

		@@ -67,7 +67,7 @@ discard block
		block discarded – undo
67	67	) {
68	68	$this->config = $config;
69	69	$this->db = $db;
70		- $this->table = $this->db->prefix . "users_entity";
	70	+ $this->table = $this->db->prefix."users_entity";
71	71	$this->entities = $entities;
72	72	$this->entity_cache = $cache;
73	73	$this->events = $events;
		@@ -314,7 +314,7 @@ discard block
		block discarded – undo
314	314	'limit' => 1,
315	315	]);
316	316
317		- return $users ? : [];
	317	+ return $users ?: [];
318	318	}
319	319
320	320	/**
		@@ -450,7 +450,7 @@ discard block
		block discarded – undo
450	450	*/
451	451	public function generateInviteCode($username) {
452	452	$time = $this->getCurrentTime()->getTimestamp();
453		- return "$time." . _elgg_services()->hmac->getHmac([(int) $time, $username])->getToken();
	453	+ return "$time."._elgg_services()->hmac->getHmac([(int) $time, $username])->getToken();
454	454	}
455	455
456	456	/**
		@@ -555,7 +555,7 @@ discard block
		block discarded – undo
555	555	// If we save the user to memcache during this request, then we'll end up with the
556	556	// old (incorrect) attributes cached (notice the above query is delayed). So it's
557	557	// simplest to just resave the user after all plugin code runs.
558		- register_shutdown_function(function () use ($user, $time) {
	558	+ register_shutdown_function(function() use ($user, $time) {
559	559	$this->entities->updateLastAction($user, $time); // keep entity table in sync
560	560	$user->storeInPersistedCache(_elgg_get_memcache('new_entity_cache'), $time);
561	561	});
		@@ -599,7 +599,7 @@ discard block
		block discarded – undo
599	599	// If we save the user to memcache during this request, then we'll end up with the
600	600	// old (incorrect) attributes cached. Hence we want to invalidate as late as possible.
601	601	// the user object gets saved
602		- register_shutdown_function(function () use ($user) {
	602	+ register_shutdown_function(function() use ($user) {
603	603	$user->storeInPersistedCache(_elgg_get_memcache('new_entity_cache'));
604	604	});
605	605	}

		@@ -19,7 +19,7 @@ discard block
		block discarded – undo
19	19	* @access private
20	20	*/
21	21	function _elgg_action_handler(array $segments) {
22		- return _elgg_services()->actions->execute(implode('/', $segments));
	22	+ return _elgg_services()->actions->execute(implode('/', $segments));
23	23	}
24	24
25	25	/**
		@@ -51,12 +51,12 @@ discard block
		block discarded – undo
51	51	* @access private
52	52	*/
53	53	function action($action, $forwarder = "") {
54		- $response = _elgg_services()->actions->execute($action, $forwarder);
55		- if ($response instanceof ResponseBuilder) {
56		- // in case forward() wasn't called in the action
57		- _elgg_services()->responseFactory->respond($response);
58		- }
59		- _elgg_services()->responseFactory->redirect(REFERRER, 'csrf');
	54	+ $response = _elgg_services()->actions->execute($action, $forwarder);
	55	+ if ($response instanceof ResponseBuilder) {
	56	+ // in case forward() wasn't called in the action
	57	+ _elgg_services()->responseFactory->respond($response);
	58	+ }
	59	+ _elgg_services()->responseFactory->redirect(REFERRER, 'csrf');
60	60	}
61	61
62	62	/**
		@@ -94,7 +94,7 @@ discard block
		block discarded – undo
94	94	* @return bool
95	95	*/
96	96	function elgg_register_action($action, $filename = "", $access = 'logged_in') {
97		- return _elgg_services()->actions->register($action, $filename, $access);
	97	+ return _elgg_services()->actions->register($action, $filename, $access);
98	98	}
99	99
100	100	/**
		@@ -105,7 +105,7 @@ discard block
		block discarded – undo
105	105	* @since 1.8.1
106	106	*/
107	107	function elgg_unregister_action($action) {
108		- return _elgg_services()->actions->unregister($action);
	108	+ return _elgg_services()->actions->unregister($action);
109	109	}
110	110
111	111	/**
		@@ -116,7 +116,7 @@ discard block
		block discarded – undo
116	116	* @since 1.11
117	117	*/
118	118	function elgg_build_hmac($data) {
119		- return _elgg_services()->hmac->getHmac($data);
	119	+ return _elgg_services()->hmac->getHmac($data);
120	120	}
121	121
122	122	/**
		@@ -136,7 +136,7 @@ discard block
		block discarded – undo
136	136	* @access private
137	137	*/
138	138	function validate_action_token($visible_errors = true, $token = null, $ts = null) {
139		- return _elgg_services()->actions->validateActionToken($visible_errors, $token, $ts);
	139	+ return _elgg_services()->actions->validateActionToken($visible_errors, $token, $ts);
140	140	}
141	141
142	142	/**
		@@ -154,7 +154,7 @@ discard block
		block discarded – undo
154	154	* @access private
155	155	*/
156	156	function action_gatekeeper($action) {
157		- return _elgg_services()->actions->gatekeeper($action);
	157	+ return _elgg_services()->actions->gatekeeper($action);
158	158	}
159	159
160	160	/**
		@@ -175,7 +175,7 @@ discard block
		block discarded – undo
175	175	* @return string\|false
176	176	*/
177	177	function generate_action_token($timestamp) {
178		- return _elgg_services()->actions->generateActionToken($timestamp);
	178	+ return _elgg_services()->actions->generateActionToken($timestamp);
179	179	}
180	180
181	181	/**
		@@ -190,7 +190,7 @@ discard block
		block discarded – undo
190	190	* @todo Move to better file.
191	191	*/
192	192	function init_site_secret() {
193		- return _elgg_services()->siteSecret->init();
	193	+ return _elgg_services()->siteSecret->init();
194	194	}
195	195
196	196	/**
		@@ -203,7 +203,7 @@ discard block
		block discarded – undo
203	203	* @todo Move to better file.
204	204	*/
205	205	function get_site_secret() {
206		- return _elgg_services()->siteSecret->get();
	206	+ return _elgg_services()->siteSecret->get();
207	207	}
208	208
209	209	/**
		@@ -213,7 +213,7 @@ discard block
		block discarded – undo
213	213	* @access private
214	214	*/
215	215	function _elgg_get_site_secret_strength() {
216		- return _elgg_services()->siteSecret->getStrength();
	216	+ return _elgg_services()->siteSecret->getStrength();
217	217	}
218	218
219	219	/**
		@@ -225,7 +225,7 @@ discard block
		block discarded – undo
225	225	* @since 1.8.0
226	226	*/
227	227	function elgg_action_exists($action) {
228		- return _elgg_services()->actions->exists($action);
	228	+ return _elgg_services()->actions->exists($action);
229	229	}
230	230
231	231	/**
		@@ -235,7 +235,7 @@ discard block
		block discarded – undo
235	235	* @since 1.8.0
236	236	*/
237	237	function elgg_is_xhr() {
238		- return _elgg_services()->request->isXmlHttpRequest();
	238	+ return _elgg_services()->request->isXmlHttpRequest();
239	239	}
240	240
241	241	/**
		@@ -266,8 +266,8 @@ discard block
		block discarded – undo
266	266	* @deprecated 2.3
267	267	*/
268	268	function ajax_forward_hook($hook, $type, $reason, $params) {
269		- elgg_deprecated_notice(__FUNCTION__ . ' is deprecated and is no longer used as a plugin hook handler', '2.3');
270		- _elgg_services()->actions->ajaxForwardHook($hook, $type, $reason, $params);
	269	+ elgg_deprecated_notice(__FUNCTION__ . ' is deprecated and is no longer used as a plugin hook handler', '2.3');
	270	+ _elgg_services()->actions->ajaxForwardHook($hook, $type, $reason, $params);
271	271	}
272	272
273	273	/**
		@@ -277,8 +277,8 @@ discard block
		block discarded – undo
277	277	* @deprecated 2.3
278	278	*/
279	279	function ajax_action_hook() {
280		- elgg_deprecated_notice(__FUNCTION__ . ' is deprecated and is no longer used as a plugin hook handler', '2.3');
281		- _elgg_services()->actions->ajaxActionHook();
	280	+ elgg_deprecated_notice(__FUNCTION__ . ' is deprecated and is no longer used as a plugin hook handler', '2.3');
	281	+ _elgg_services()->actions->ajaxActionHook();
282	282	}
283	283
284	284	/**
		@@ -288,7 +288,7 @@ discard block
		block discarded – undo
288	288	* @access private
289	289	*/
290	290	function _elgg_csrf_token_refresh() {
291		- return _elgg_services()->actions->handleTokenRefreshRequest();
	291	+ return _elgg_services()->actions->handleTokenRefreshRequest();
292	292	}
293	293
294	294	/**
		@@ -296,12 +296,12 @@ discard block
		block discarded – undo
296	296	* @access private
297	297	*/
298	298	function actions_init() {
299		- elgg_register_page_handler('action', '_elgg_action_handler');
300		- elgg_register_page_handler('refresh_token', '_elgg_csrf_token_refresh');
	299	+ elgg_register_page_handler('action', '_elgg_action_handler');
	300	+ elgg_register_page_handler('refresh_token', '_elgg_csrf_token_refresh');
301	301
302		- elgg_register_simplecache_view('languages/en.js');
	302	+ elgg_register_simplecache_view('languages/en.js');
303	303	}
304	304
305	305	return function(\Elgg\EventsService $events, \Elgg\HooksRegistrationService $hooks) {
306		- $events->registerHandler('init', 'system', 'actions_init');
	306	+ $events->registerHandler('init', 'system', 'actions_init');
307	307	};

		@@ -9,40 +9,40 @@
		block discarded – undo
9	9	*/
10	10	class HmacFactory {
11	11
12		- /**
13		- * @var SiteSecret
14		- */
15		- private $site_secret;
	12	+ /**
	13	+ * @var SiteSecret
	14	+ */
	15	+ private $site_secret;
16	16
17		- /**
18		- * @var ElggCrypto
19		- */
20		- private $crypto;
	17	+ /**
	18	+ * @var ElggCrypto
	19	+ */
	20	+ private $crypto;
21	21
22		- /**
23		- * Constructor
24		- *
25		- * @param SiteSecret $secret Site secret
26		- * @param ElggCrypto $crypto Elgg crypto service
27		- */
28		- public function __construct(SiteSecret $secret, ElggCrypto $crypto) {
29		- $this->site_secret = $secret;
30		- $this->crypto = $crypto;
31		- }
	22	+ /**
	23	+ * Constructor
	24	+ *
	25	+ * @param SiteSecret $secret Site secret
	26	+ * @param ElggCrypto $crypto Elgg crypto service
	27	+ */
	28	+ public function __construct(SiteSecret $secret, ElggCrypto $crypto) {
	29	+ $this->site_secret = $secret;
	30	+ $this->crypto = $crypto;
	31	+ }
32	32
33		- /**
34		- * Get an HMAC token builder/validator object
35		- *
36		- * @param mixed $data HMAC data or serializable data
37		- * @param string $algo Hash algorithm
38		- * @param string $key Optional key (default uses site secret)
39		- *
40		- * @return Hmac
41		- */
42		- public function getHmac($data, $algo = 'sha256', $key = '') {
43		- if (!$key) {
44		- $key = $this->site_secret->get(true);
45		- }
46		- return new Hmac($key, [$this->crypto, 'areEqual'], $data, $algo);
47		- }
	33	+ /**
	34	+ * Get an HMAC token builder/validator object
	35	+ *
	36	+ * @param mixed $data HMAC data or serializable data
	37	+ * @param string $algo Hash algorithm
	38	+ * @param string $key Optional key (default uses site secret)
	39	+ *
	40	+ * @return Hmac
	41	+ */
	42	+ public function getHmac($data, $algo = 'sha256', $key = '') {
	43	+ if (!$key) {
	44	+ $key = $this->site_secret->get(true);
	45	+ }
	46	+ return new Hmac($key, [$this->crypto, 'areEqual'], $data, $algo);
	47	+ }
48	48	}

		@@ -21,134 +21,134 @@
		block discarded – undo
21	21	*/
22	22	class ServeFileHandler {
23	23
24		- /**
25		- * @var HmacFactory
26		- */
27		- private $hmac;
28		-
29		- /**
30		- * @var Config
31		- */
32		- private $config;
33		-
34		- /**
35		- * Constructor
36		- *
37		- * @param HmacFactory $hmac HMAC service
38		- * @param Config $config Config service
39		- */
40		- public function __construct(HmacFactory $hmac, Config $config) {
41		- $this->hmac = $hmac;
42		- $this->config = $config;
43		- }
44		-
45		- /**
46		- * Handle a request for a file
47		- *
48		- * @param Request $request HTTP request
49		- * @return Response
50		- */
51		- public function getResponse(Request $request) {
52		-
53		- $response = new Response();
54		- $response->prepare($request);
55		-
56		- $path = implode('/', $request->getUrlSegments(true));
57		- if (!preg_match('~serve-file/e(\d+)/l(\d+)/d([ia])/c([01])/([a-zA-Z0-9\-_]+)/(.*)$~', $path, $m)) {
58		- return $response->setStatusCode(400)->setContent('Malformatted request URL');
59		- }
60		-
61		- list(, $expires, $last_updated, $disposition, $use_cookie, $mac, $path_from_dataroot) = $m;
62		-
63		- if ($expires && $expires < time()) {
64		- return $response->setStatusCode(403)->setContent('URL has expired');
65		- }
66		-
67		- $hmac_data = [
68		- 'expires' => (int) $expires,
69		- 'last_updated' => (int) $last_updated,
70		- 'disposition' => $disposition,
71		- 'path' => $path_from_dataroot,
72		- 'use_cookie' => (int) $use_cookie,
73		- ];
74		- if ((bool) $use_cookie) {
75		- $hmac_data['cookie'] = $this->getCookieValue($request);
76		- }
77		- ksort($hmac_data);
78		-
79		- $hmac = $this->hmac->getHmac($hmac_data);
80		- if (!$hmac->matchesToken($mac)) {
81		- return $response->setStatusCode(403)->setContent('HMAC mistmatch');
82		- }
83		-
84		- // Path may have been encoded to avoid problems with special chars in URLs
85		- if (0 === strpos($path_from_dataroot, ':')) {
86		- $path_from_dataroot = Base64Url::decode(substr($path_from_dataroot, 1));
87		- }
88		-
89		- $dataroot = $this->config->getDataPath();
90		- $filenameonfilestore = "{$dataroot}{$path_from_dataroot}";
91		-
92		- if (!is_readable($filenameonfilestore)) {
93		- return $response->setStatusCode(404)->setContent('File not found');
94		- }
95		-
96		- $actual_last_updated = filemtime($filenameonfilestore);
97		- if ($actual_last_updated != $last_updated) {
98		- return $response->setStatusCode(403)->setContent('URL has expired');
99		- }
100		-
101		- $if_none_match = $request->headers->get('if_none_match');
102		- if (!empty($if_none_match)) {
103		- // strip mod_deflate suffixes
104		- $request->headers->set('if_none_match', str_replace('-gzip', '', $if_none_match));
105		- }
106		-
107		- $etag = '"' . $actual_last_updated . '"';
108		- $response->setPublic()->setEtag($etag);
109		- if ($response->isNotModified($request)) {
110		- return $response;
111		- }
112		-
113		- $public = $use_cookie ? false : true;
114		- $content_disposition = $disposition == 'i' ? 'inline' : 'attachment';
115		-
116		- $headers = [
117		- 'Content-Type' => (new MimeTypeDetector())->getType($filenameonfilestore),
118		- ];
119		- $response = new BinaryFileResponse($filenameonfilestore, 200, $headers, $public, $content_disposition);
	24	+ /**
	25	+ * @var HmacFactory
	26	+ */
	27	+ private $hmac;
	28	+
	29	+ /**
	30	+ * @var Config
	31	+ */
	32	+ private $config;
	33	+
	34	+ /**
	35	+ * Constructor
	36	+ *
	37	+ * @param HmacFactory $hmac HMAC service
	38	+ * @param Config $config Config service
	39	+ */
	40	+ public function __construct(HmacFactory $hmac, Config $config) {
	41	+ $this->hmac = $hmac;
	42	+ $this->config = $config;
	43	+ }
	44	+
	45	+ /**
	46	+ * Handle a request for a file
	47	+ *
	48	+ * @param Request $request HTTP request
	49	+ * @return Response
	50	+ */
	51	+ public function getResponse(Request $request) {
	52	+
	53	+ $response = new Response();
	54	+ $response->prepare($request);
	55	+
	56	+ $path = implode('/', $request->getUrlSegments(true));
	57	+ if (!preg_match('~serve-file/e(\d+)/l(\d+)/d([ia])/c([01])/([a-zA-Z0-9\-_]+)/(.*)$~', $path, $m)) {
	58	+ return $response->setStatusCode(400)->setContent('Malformatted request URL');
	59	+ }
	60	+
	61	+ list(, $expires, $last_updated, $disposition, $use_cookie, $mac, $path_from_dataroot) = $m;
	62	+
	63	+ if ($expires && $expires < time()) {
	64	+ return $response->setStatusCode(403)->setContent('URL has expired');
	65	+ }
	66	+
	67	+ $hmac_data = [
	68	+ 'expires' => (int) $expires,
	69	+ 'last_updated' => (int) $last_updated,
	70	+ 'disposition' => $disposition,
	71	+ 'path' => $path_from_dataroot,
	72	+ 'use_cookie' => (int) $use_cookie,
	73	+ ];
	74	+ if ((bool) $use_cookie) {
	75	+ $hmac_data['cookie'] = $this->getCookieValue($request);
	76	+ }
	77	+ ksort($hmac_data);
	78	+
	79	+ $hmac = $this->hmac->getHmac($hmac_data);
	80	+ if (!$hmac->matchesToken($mac)) {
	81	+ return $response->setStatusCode(403)->setContent('HMAC mistmatch');
	82	+ }
	83	+
	84	+ // Path may have been encoded to avoid problems with special chars in URLs
	85	+ if (0 === strpos($path_from_dataroot, ':')) {
	86	+ $path_from_dataroot = Base64Url::decode(substr($path_from_dataroot, 1));
	87	+ }
	88	+
	89	+ $dataroot = $this->config->getDataPath();
	90	+ $filenameonfilestore = "{$dataroot}{$path_from_dataroot}";
	91	+
	92	+ if (!is_readable($filenameonfilestore)) {
	93	+ return $response->setStatusCode(404)->setContent('File not found');
	94	+ }
	95	+
	96	+ $actual_last_updated = filemtime($filenameonfilestore);
	97	+ if ($actual_last_updated != $last_updated) {
	98	+ return $response->setStatusCode(403)->setContent('URL has expired');
	99	+ }
	100	+
	101	+ $if_none_match = $request->headers->get('if_none_match');
	102	+ if (!empty($if_none_match)) {
	103	+ // strip mod_deflate suffixes
	104	+ $request->headers->set('if_none_match', str_replace('-gzip', '', $if_none_match));
	105	+ }
	106	+
	107	+ $etag = '"' . $actual_last_updated . '"';
	108	+ $response->setPublic()->setEtag($etag);
	109	+ if ($response->isNotModified($request)) {
	110	+ return $response;
	111	+ }
	112	+
	113	+ $public = $use_cookie ? false : true;
	114	+ $content_disposition = $disposition == 'i' ? 'inline' : 'attachment';
	115	+
	116	+ $headers = [
	117	+ 'Content-Type' => (new MimeTypeDetector())->getType($filenameonfilestore),
	118	+ ];
	119	+ $response = new BinaryFileResponse($filenameonfilestore, 200, $headers, $public, $content_disposition);
120	120
121		- $sendfile_type = $this->config->getVolatile('X-Sendfile-Type');
122		- if ($sendfile_type) {
123		- $request->headers->set('X-Sendfile-Type', $sendfile_type);
	121	+ $sendfile_type = $this->config->getVolatile('X-Sendfile-Type');
	122	+ if ($sendfile_type) {
	123	+ $request->headers->set('X-Sendfile-Type', $sendfile_type);
124	124
125		- $mapping = (string) $this->config->getVolatile('X-Accel-Mapping');
126		- $request->headers->set('X-Accel-Mapping', $mapping);
	125	+ $mapping = (string) $this->config->getVolatile('X-Accel-Mapping');
	126	+ $request->headers->set('X-Accel-Mapping', $mapping);
127	127
128		- $response->trustXSendfileTypeHeader();
129		- }
	128	+ $response->trustXSendfileTypeHeader();
	129	+ }
130	130
131		- $response->prepare($request);
132		-
133		- if (empty($expires)) {
134		- $expires = strtotime('+1 year');
135		- }
136		- $expires_dt = (new DateTime())->setTimestamp($expires);
137		- $response->setExpires($expires_dt);
138		-
139		- $response->setEtag($etag);
140		- return $response;
141		- }
142		-
143		- /**
144		- * Get the session ID from the cookie
145		- *
146		- * @param Request $request Elgg request
147		- * @return string
148		- */
149		- private function getCookieValue(Request $request) {
150		- $config = $this->config->getCookieConfig();
151		- $session_name = $config['session']['name'];
152		- return $request->cookies->get($session_name, '');
153		- }
	131	+ $response->prepare($request);
	132	+
	133	+ if (empty($expires)) {
	134	+ $expires = strtotime('+1 year');
	135	+ }
	136	+ $expires_dt = (new DateTime())->setTimestamp($expires);
	137	+ $response->setExpires($expires_dt);
	138	+
	139	+ $response->setEtag($etag);
	140	+ return $response;
	141	+ }
	142	+
	143	+ /**
	144	+ * Get the session ID from the cookie
	145	+ *
	146	+ * @param Request $request Elgg request
	147	+ * @return string
	148	+ */
	149	+ private function getCookieValue(Request $request) {
	150	+ $config = $this->config->getCookieConfig();
	151	+ $session_name = $config['session']['name'];
	152	+ return $request->cookies->get($session_name, '');
	153	+ }
154	154	}

Elgg / Elgg

Push — master ( ec2dfb...bb6a7d )

Status

Category

Indentation +243 added lines, -243 removed lines patch added patch discarded remove patch

Indentation +135 added lines, -135 removed lines patch added patch discarded remove patch

Indentation +460 added lines, -460 removed lines patch added patch discarded remove patch

Indentation +516 added lines, -516 removed lines patch added patch discarded remove patch

Spacing +5 added lines, -5 removed lines patch added patch discarded remove patch

Indentation +27 added lines, -27 removed lines patch added patch discarded remove patch

Indentation +379 added lines, -379 removed lines patch added patch discarded remove patch

Indentation +33 added lines, -33 removed lines patch added patch discarded remove patch

Indentation +126 added lines, -126 removed lines patch added patch discarded remove patch