This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | declare( strict_types = 1 ); |
||
4 | |||
5 | namespace Maps\Map\DisplayMap; |
||
6 | |||
7 | use Maps\DataAccess\MediaWikiFileUrlFinder; |
||
8 | use Maps\LegacyModel\Location; |
||
9 | use Maps\Map\MapData; |
||
10 | use Maps\Map\MapOutput; |
||
11 | use Maps\Map\MapOutputBuilder; |
||
12 | use Maps\MappingService; |
||
13 | use Maps\Presentation\ElementJsonSerializer; |
||
14 | use Maps\Presentation\WikitextParser; |
||
15 | use Maps\WikitextParsers\LocationParser; |
||
16 | use Parser; |
||
17 | |||
18 | /** |
||
19 | * Class handling the #display_map rendering. |
||
20 | * |
||
21 | * @licence GNU GPL v2+ |
||
22 | * @author Jeroen De Dauw < [email protected] > |
||
23 | * @author Kim Eik |
||
24 | */ |
||
25 | class DisplayMapRenderer { |
||
26 | |||
27 | public $service; |
||
28 | |||
29 | /** |
||
30 | * @var LocationParser |
||
31 | */ |
||
32 | private $locationParser; |
||
33 | |||
34 | /** |
||
35 | * @var MediaWikiFileUrlFinder |
||
36 | */ |
||
37 | private $fileUrlFinder; |
||
38 | |||
39 | /** |
||
40 | * @var WikitextParser |
||
41 | */ |
||
42 | private $wikitextParser; |
||
43 | /** |
||
44 | * @var ElementJsonSerializer |
||
45 | */ |
||
46 | private $elementSerializer; |
||
47 | |||
48 | 27 | public function __construct( MappingService $service = null ) { |
|
49 | 27 | $this->service = $service; |
|
50 | 27 | } |
|
51 | |||
52 | /** |
||
53 | * Handles the request from the parser hook by doing the work that's common for all |
||
54 | * mapping services, calling the specific methods and finally returning the resulting output. |
||
55 | * |
||
56 | * @param MapData $mapData |
||
57 | * @param Parser $parser |
||
58 | * |
||
59 | * @return MapOutput |
||
60 | */ |
||
61 | 27 | public final function renderMap( MapData $mapData, Parser $parser ): MapOutput { |
|
62 | 27 | $factory = \Maps\MapsFactory::globalInstance(); |
|
63 | |||
64 | 27 | $this->locationParser = $factory->newLocationParser(); |
|
65 | 27 | $this->fileUrlFinder = $factory->getFileUrlFinder(); |
|
66 | |||
67 | 27 | $this->wikitextParser = new WikitextParser( clone $parser ); |
|
68 | 27 | $this->elementSerializer = new ElementJsonSerializer( $this->wikitextParser ); |
|
69 | |||
70 | 27 | $mapData->setParameters( $this->handleMarkerData( $mapData->getParameters() ) ); |
|
71 | |||
72 | // TODO: inject |
||
73 | 27 | $outputBuilder = new MapOutputBuilder(); |
|
74 | |||
75 | 27 | return $outputBuilder->buildOutput( $this->service, $mapData ); |
|
0 ignored issues
–
show
|
|||
76 | } |
||
77 | |||
78 | /** |
||
79 | * Converts the data in the coordinates parameter to JSON-ready objects. |
||
80 | * These get stored in the locations parameter, and the coordinates on gets deleted. |
||
81 | */ |
||
82 | 27 | private function handleMarkerData( array $params ) { |
|
83 | 27 | $params['centre'] = $this->getCenter( $params['centre'] ); |
|
84 | |||
85 | // FIXME: this parameter is google maps service specific |
||
86 | 27 | if ( array_key_exists( 'wmsoverlay', $params ) && is_object( $params['wmsoverlay'] ) ) { |
|
87 | $params['wmsoverlay'] = $params['wmsoverlay']->getJSONObject(); |
||
88 | } |
||
89 | |||
90 | 27 | $params['locations'] = $this->getLocationJson( $params ); |
|
91 | |||
92 | 27 | unset( $params['coordinates'] ); |
|
93 | |||
94 | 27 | $this->handleShapeData( $params ); |
|
95 | |||
96 | 27 | return $params; |
|
97 | } |
||
98 | |||
99 | 27 | private function getCenter( $coordinatesOrAddress ) { |
|
100 | 27 | if ( $coordinatesOrAddress === false ) { |
|
101 | 27 | return false; |
|
102 | } |
||
103 | |||
104 | try { |
||
105 | // FIXME: a Location makes no sense here, since the non-coordinate data is not used |
||
106 | $location = $this->locationParser->parse( $coordinatesOrAddress ); |
||
107 | } |
||
108 | catch ( \Exception $ex ) { |
||
109 | // TODO: somehow report this to the user |
||
110 | return false; |
||
111 | } |
||
112 | |||
113 | return $location->getJSONObject(); |
||
114 | } |
||
115 | |||
116 | 27 | private function getLocationJson( array $params ) { |
|
117 | 27 | $iconUrl = $this->fileUrlFinder->getUrlForFileName( $params['icon'] ); |
|
118 | 27 | $visitedIconUrl = $this->fileUrlFinder->getUrlForFileName( $params['visitedicon'] ?? '' ); |
|
119 | |||
120 | 27 | $locationJsonObjects = []; |
|
121 | |||
122 | 27 | foreach ( $params['coordinates'] as $coordinatesOrAddress ) { |
|
123 | try { |
||
124 | 16 | $location = $this->locationParser->parse( $coordinatesOrAddress ); |
|
125 | } |
||
126 | 1 | catch ( \Exception $ex ) { |
|
127 | // TODO: somehow report this to the user |
||
128 | 1 | continue; |
|
129 | } |
||
130 | |||
131 | 15 | $locationJsonObjects[] = $this->getLocationJsonObject( |
|
132 | 15 | $location, |
|
133 | $params, |
||
134 | $iconUrl, |
||
135 | $visitedIconUrl |
||
136 | ); |
||
137 | } |
||
138 | |||
139 | 27 | return $locationJsonObjects; |
|
140 | } |
||
141 | |||
142 | 15 | private function getLocationJsonObject( Location $location, array $params, $iconUrl, $visitedIconUrl ) { |
|
143 | 15 | $jsonObj = $location->getJSONObject( $params['title'], $params['label'], $iconUrl, '', '', $visitedIconUrl ); |
|
144 | |||
145 | 15 | $this->elementSerializer->titleAndText( $jsonObj ); |
|
146 | |||
147 | 15 | if ( isset( $jsonObj['inlineLabel'] ) ) { |
|
148 | 1 | $jsonObj['inlineLabel'] = strip_tags( |
|
149 | 1 | $this->wikitextParser->wikitextToHtml( $jsonObj['inlineLabel'] ), |
|
150 | 1 | '<a><img>' |
|
151 | ); |
||
152 | } |
||
153 | |||
154 | 15 | return $jsonObj; |
|
155 | } |
||
156 | |||
157 | 27 | private function handleShapeData( array &$params ) { |
|
158 | $textContainers = [ |
||
159 | 27 | &$params['lines'], |
|
160 | 27 | &$params['polygons'], |
|
161 | 27 | &$params['circles'], |
|
162 | 27 | &$params['rectangles'], |
|
163 | 27 | &$params['imageoverlays'], // FIXME: this is Google Maps specific!! |
|
164 | ]; |
||
165 | |||
166 | 27 | foreach ( $textContainers as &$textContainer ) { |
|
167 | 27 | if ( is_array( $textContainer ) ) { |
|
168 | 27 | foreach ( $textContainer as &$obj ) { |
|
169 | 5 | $obj = $this->elementSerializer->elementToJson( $obj ); |
|
170 | } |
||
171 | } |
||
172 | } |
||
173 | 27 | } |
|
174 | |||
175 | } |
||
176 |
Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: