Issues in ViewController.php (master) - Issues in master - FloKnapp/faulancer - Measure and Improve Code Quality continuously with Scrutinizer

Issues (56)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/View/ViewController.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Faulancer\View;

use Faulancer\Event\Observer;
use Faulancer\Event\Type\OnPostRender;
use Faulancer\Event\Type\OnRender;
use Faulancer\Exception\Exception;
use Faulancer\Exception\FileNotFoundException;
use Faulancer\Exception\ServiceNotFoundException;
use Faulancer\Exception\TemplateException;
use Faulancer\Exception\ViewHelperException;
use Faulancer\Service\Config;
use Faulancer\ServiceLocator\ServiceLocator;

/**
 * Class ViewController | ViewController.php
 *
 * @package Faulancer\View
 * @author Florian Knapp <[email protected]>
 */
class ViewController
{

    /**
     * @var Config
     */
    private $config;

    /**
     * Holds the view variables
     * @var array
     */
    private $variable = [];

    /**
     * Holds the view template
     * @var string
     */
    private $template = '';

    /**The template path without filename
     * @var string
     */
    private $templatePath = '';

    /**
     * Holds the registered view helpers
     * @var array
     */
    //private $viewHelpers = [];

    /**
     * Holds the parent template
     * @var ViewController
     */
    private $parentTemplate = null;

    /**
     * ViewController constructor.
     */
    public function __construct()
    {
        $this->config = ServiceLocator::instance()->get(Config::class);

    }

    /**
     * Set template for this view
     *
     * @param string $template
     * @return self
     *
     * @throws FileNotFoundException
     */
    public function setTemplate(string $template = '')
    {
        if (empty($this->templatePath) && strpos($template, $this->config->get('viewsRoot')) === false) {
            $template = $this->config->get('viewsRoot') . $template;
        } else {
            $template = $this->templatePath . $template;
        }

        if (empty($template) || !file_exists($template) || is_dir($template)) {
            throw new FileNotFoundException('Template "' . $template . '" not found');
        }

        $this->template = $template;

        return $this;
    }

    /**
     * Set the template path
     *
     * @param string $path
     * @return self
     */
    public function setTemplatePath(string $path = '')
    {
        $this->templatePath = $path;
        return $this;
    }

    /**
     * Get the template path
     *
     * @return string
     */
    public function getTemplatePath()
    {
        return $this->templatePath;
    }

    /**
     * Add javascript from outside
     *
     * @param string $file
     * @return self
     */
    public function addScript(string $file)
    {
        $this->variable['assetsJs'][] = $file;
        return $this;
    }

    /**
     * Add stylesheet from outside
     *
     * @param string $file
     * @return self
     */
    public function addStylesheet(string $file)
    {
        $this->variable['assetsCss'][] = $file;
        return $this;
    }

    /**
     * Return current template
     *
     * @return string
     */
    public function getTemplate() :string
    {
        return (string)$this->template;
    }

    /**
     * Set a single variable
     *
     * @param string $key
     * @param string|array $value
     */
    public function setVariable(string $key = '', $value = '')
    {
        $this->variable[$key] = $value;
    }

    /**
     * Get a single variable
     *
     * @param string $key
     * @return string|array
     */
    public function getVariable(string $key)
    {
        if(isset($this->variable[$key])) {
            return $this->variable[$key];
        }

        return '';
    }

    /**
     * Check if variable exists
     *
     * @param string $key
     * @return bool
     */
    public function hasVariable(string $key) :bool
    {
        if(isset($this->variable[$key])) {
            return true;
        }

        return false;
    }

    /**
     * Set many variables at once
     *
     * @param array $variables
     * @return self
     */
    public function setVariables(array $variables = [])
    {
        foreach($variables AS $key=>$value) {
            $this->setVariable($key, $value);
        }

        return $this;
    }

    /**
     * Get all variables
     *
     * @return array
     */
    public function getVariables() :array
    {
        return $this->variable;
    }

    /**
     * Define parent template
     *
     * @param ViewController $view
     */
    public function setParentTemplate(ViewController $view)
    {
        $this->parentTemplate = $view;
    }

    /**
     * Get parent template
     *
     * @return ViewController
     */
    public function getParentTemplate()
    {
        return $this->parentTemplate;
    }

    /**
     * Strip spaces and tabs from output
     *
     * @param $output
     * @return string
     */
    private function _cleanOutput($output) :string
    {
        if (getenv('APPLICATION_ENV') === 'prod') {
            return preg_replace('/(\s{2,}|\t|\r|\n)/', ' ', trim($output));
        } else {
            return str_replace(["\t", "\r", "\n\n\n"], ' ', trim($output));
        }
    }

    /**
     * Render the current view
     *
     * @return string
     * @throws ServiceNotFoundException
     * @throws Exception
     * @throws TemplateException
     */
    public function render()
    {
        Observer::instance()->trigger(new OnRender($this));

        extract($this->variable);

        try {

            ob_start();

            include $this->getTemplate();
            $content = ob_get_contents();

        } catch (\Exception $e) {
            ob_end_clean();
            throw new TemplateException($e->getMessage(), $e->getCode(), $e->getFile(), $e->getLine(), $e->getPrevious());
        }

        if (ob_get_length() >= 0) {
            ob_end_clean();
        }

        Observer::instance()->trigger(new OnPostRender($this));

        if ($this->getParentTemplate() instanceof ViewController) {
            return $this->_cleanOutput($this->getParentTemplate()->setVariables($this->getVariables())->render());
        } else {
            return $this->_cleanOutput($content);
        }
    }

    /**
     * Magic method for providing a view helpers
     *
     * @param  string $name      The class name
     * @param  array  $arguments Arguments if given
     *
     * @return AbstractViewHelper
     *
     * @throws ViewHelperException
     */
    public function __call($name, $arguments)
    {
        $coreViewHelper   = __NAMESPACE__ . '\Helper\\' . ucfirst($name);

        /** @var Config $config */
        $config           = ServiceLocator::instance()->get(Config::class);
        $namespace        = '\\' . $config->get('namespacePrefix');
        $customViewHelper = $namespace . '\\View\\Helper\\' . ucfirst($name);

        // Search in custom view helpers

        if (class_exists($customViewHelper)) {


            /** @var AbstractViewHelper $class */
            $class = new $customViewHelper;
            $class->setView($this);

            return $this->_callUserFuncArray($class, $arguments);

        }

        // No custom view helper found, search in core view helpers

        if (class_exists($coreViewHelper)) {


            /** @var AbstractViewHelper $class */
            $class = new $coreViewHelper;
            $class->setView($this);

            return $this->_callUserFuncArray($class, $arguments);

        }

        throw new ViewHelperException('No view helper for "' . $name . '" found.');
    }

    /**
     * Abstraction of call_user_func_array
     *
     * @param $class
     * @param $arguments
     *
     * @return mixed
     */
    private function _callUserFuncArray($class, $arguments)
    {
        return call_user_func_array($class, $arguments);
    }

    /**
     * Destructor
     */
    public function __destruct()
    {
        unset( $this->variable );
        unset( $this->template );
    }

}

1		<?php
2
3		namespace Faulancer\View;
4
5		use Faulancer\Event\Observer;
6		use Faulancer\Event\Type\OnPostRender;
7		use Faulancer\Event\Type\OnRender;
8		use Faulancer\Exception\Exception;
9		use Faulancer\Exception\FileNotFoundException;
10		use Faulancer\Exception\ServiceNotFoundException;
11		use Faulancer\Exception\TemplateException;
12		use Faulancer\Exception\ViewHelperException;
13		use Faulancer\Service\Config;
14		use Faulancer\ServiceLocator\ServiceLocator;
15
16		/**
17		* Class ViewController \| ViewController.php
18		*
19		* @package Faulancer\View
20		* @author Florian Knapp <[email protected]>
21		*/
22		class ViewController
23		{
24
25		/**
26		* @var Config
27		*/
28		private $config;
29
30		/**
31		* Holds the view variables
32		* @var array
33		*/
34		private $variable = [];
35
36		/**
37		* Holds the view template
38		* @var string
39		*/
40		private $template = '';
41
42		/**The template path without filename
43		* @var string
44		*/
45		private $templatePath = '';
46
47		/**
48		* Holds the registered view helpers
49		* @var array
50		*/
51		//private $viewHelpers = [];
52
53		/**
54		* Holds the parent template
55		* @var ViewController
56		*/
57		private $parentTemplate = null;
58
59		/**
60		* ViewController constructor.
61		*/
62		public function __construct()
63		{
64		$this->config = ServiceLocator::instance()->get(Config::class);
		0 ignored issues – show Documentation Bug introduced 2017-08-22 16:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `\Faulancer\ServiceLocato...\Service\Config::class)` of type `object<Faulancer\ServiceLocator\ServiceInterface>` or `object<Faulancer\ServiceLocator\FactoryInterface>` is incompatible with the declared type `object<Faulancer\Service\Config>` of property `$config`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
65		}
66
67		/**
68		* Set template for this view
69		*
70		* @param string $template
71		* @return self
72		*
73		* @throws FileNotFoundException
74		*/
75		public function setTemplate(string $template = '')
76		{
77		if (empty($this->templatePath) && strpos($template, $this->config->get('viewsRoot')) === false) {
78		$template = $this->config->get('viewsRoot') . $template;
79		} else {
80		$template = $this->templatePath . $template;
81		}
82
83		if (empty($template) \|\| !file_exists($template) \|\| is_dir($template)) {
84		throw new FileNotFoundException('Template "' . $template . '" not found');
85		}
86
87		$this->template = $template;
88
89		return $this;
90		}
91
92		/**
93		* Set the template path
94		*
95		* @param string $path
96		* @return self
97		*/
98		public function setTemplatePath(string $path = '')
99		{
100		$this->templatePath = $path;
101		return $this;
102		}
103
104		/**
105		* Get the template path
106		*
107		* @return string
108		*/
109		public function getTemplatePath()
110		{
111		return $this->templatePath;
112		}
113
114		/**
115		* Add javascript from outside
116		*
117		* @param string $file
118		* @return self
119		*/
120		public function addScript(string $file)
121		{
122		$this->variable['assetsJs'][] = $file;
123		return $this;
124		}
125
126		/**
127		* Add stylesheet from outside
128		*
129		* @param string $file
130		* @return self
131		*/
132		public function addStylesheet(string $file)
133		{
134		$this->variable['assetsCss'][] = $file;
135		return $this;
136		}
137
138		/**
139		* Return current template
140		*
141		* @return string
142		*/
143		public function getTemplate() :string
144		{
145		return (string)$this->template;
146		}
147
148		/**
149		* Set a single variable
150		*
151		* @param string $key
152		* @param string\|array $value
153		*/
154		public function setVariable(string $key = '', $value = '')
155		{
156		$this->variable[$key] = $value;
157		}
158
159		/**
160		* Get a single variable
161		*
162		* @param string $key
163		* @return string\|array
164		*/
165		public function getVariable(string $key)
166		{
167		if(isset($this->variable[$key])) {
168		return $this->variable[$key];
169		}
170
171		return '';
172		}
173
174		/**
175		* Check if variable exists
176		*
177		* @param string $key
178		* @return bool
179		*/
180		public function hasVariable(string $key) :bool
181		{
182		if(isset($this->variable[$key])) {
183		return true;
184		}
185
186		return false;
187		}
188
189		/**
190		* Set many variables at once
191		*
192		* @param array $variables
193		* @return self
194		*/
195		public function setVariables(array $variables = [])
196		{
197		foreach($variables AS $key=>$value) {
198		$this->setVariable($key, $value);
199		}
200
201		return $this;
202		}
203
204		/**
205		* Get all variables
206		*
207		* @return array
208		*/
209		public function getVariables() :array
210		{
211		return $this->variable;
212		}
213
214		/**
215		* Define parent template
216		*
217		* @param ViewController $view
218		*/
219		public function setParentTemplate(ViewController $view)
220		{
221		$this->parentTemplate = $view;
222		}
223
224		/**
225		* Get parent template
226		*
227		* @return ViewController
228		*/
229		public function getParentTemplate()
230		{
231		return $this->parentTemplate;
232		}
233
234		/**
235		* Strip spaces and tabs from output
236		*
237		* @param $output
238		* @return string
239		*/
240		private function _cleanOutput($output) :string
241		{
242		if (getenv('APPLICATION_ENV') === 'prod') {
243		return preg_replace('/(\s{2,}\|\t\|\r\|\n)/', ' ', trim($output));
244		} else {
245		return str_replace(["\t", "\r", "\n\n\n"], ' ', trim($output));
246		}
247		}
248
249		/**
250		* Render the current view
251		*
252		* @return string
253		* @throws ServiceNotFoundException
254		* @throws Exception
255		* @throws TemplateException
256		*/
257		public function render()
258		{
259		Observer::instance()->trigger(new OnRender($this));
260
261		extract($this->variable);
262
263		try {
264
265		ob_start();
266
267		include $this->getTemplate();
268		$content = ob_get_contents();
269
270		} catch (\Exception $e) {
271		ob_end_clean();
272		throw new TemplateException($e->getMessage(), $e->getCode(), $e->getFile(), $e->getLine(), $e->getPrevious());
273		}
274
275		if (ob_get_length() >= 0) {
276		ob_end_clean();
277		}
278
279		Observer::instance()->trigger(new OnPostRender($this));
280
281		if ($this->getParentTemplate() instanceof ViewController) {
282		return $this->_cleanOutput($this->getParentTemplate()->setVariables($this->getVariables())->render());
283		} else {
284		return $this->_cleanOutput($content);
285		}
286		}
287
288		/**
289		* Magic method for providing a view helpers
290		*
291		* @param string $name The class name
292		* @param array $arguments Arguments if given
293		*
294		* @return AbstractViewHelper
295		*
296		* @throws ViewHelperException
297		*/
298		public function __call($name, $arguments)
299		{
300		$coreViewHelper = __NAMESPACE__ . '\Helper\\' . ucfirst($name);
301
302		/** @var Config $config */
303		$config = ServiceLocator::instance()->get(Config::class);
304		$namespace = '\\' . $config->get('namespacePrefix');
305		$customViewHelper = $namespace . '\\View\\Helper\\' . ucfirst($name);
306
307		// Search in custom view helpers
308
309	View Code Duplication	if (class_exists($customViewHelper)) {
		0 ignored issues – show Duplication introduced 2017-01-22 16:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
310
311		/** @var AbstractViewHelper $class */
312		$class = new $customViewHelper;
313		$class->setView($this);
314
315		return $this->_callUserFuncArray($class, $arguments);
316
317		}
318
319		// No custom view helper found, search in core view helpers
320
321	View Code Duplication	if (class_exists($coreViewHelper)) {
		0 ignored issues – show Duplication introduced 2017-01-22 16:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
322
323		/** @var AbstractViewHelper $class */
324		$class = new $coreViewHelper;
325		$class->setView($this);
326
327		return $this->_callUserFuncArray($class, $arguments);
328
329		}
330
331		throw new ViewHelperException('No view helper for "' . $name . '" found.');
332		}
333
334		/**
335		* Abstraction of call_user_func_array
336		*
337		* @param $class
338		* @param $arguments
339		*
340		* @return mixed
341		*/
342		private function _callUserFuncArray($class, $arguments)
343		{
344		return call_user_func_array($class, $arguments);
345		}
346
347		/**
348		* Destructor
349		*/
350		public function __destruct()
351		{
352		unset( $this->variable );
353		unset( $this->template );
354		}
355
356		}

FloKnapp / faulancer

Issues (56)

Security Analysis not enabled

src/View/ViewController.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like