Issues in ParserHook.php (master) - Issues in master - JeroenDeDauw/Validator - Measure and Improve Code Quality continuously with Scrutinizer

Issues (10)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/legacy/ParserHook.php (10 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

use ParamProcessor\ParamDefinition;
use ParamProcessor\ProcessingError;
use ParamProcessor\Processor;

/**
 * Class for out of the box parser hook functionality integrated with the validation
 * provided by Validator.
 *
 * @since 0.4
 * @deprecated since 1.0 in favour of the ParserHooks library
 *
 * @licence GNU GPL v2+
 * @author Jeroen De Dauw < [email protected] >
 * @author Daniel Werner
 */
abstract class ParserHook {

	const TYPE_TAG = 0;
	const TYPE_FUNCTION = 1;

	/**
	 * @since 0.4.3
	 *
	 * @var array
	 */
	protected static $registeredHooks = [];

	/**
	 * Returns an array of registered parser hooks (keys) and their handling
	 * ParserHook deriving class names (values).
	 *
	 * @since 0.4.3
	 *
	 * @return array
	 */
	public static function getRegisteredParserHooks() {
		return self::$registeredHooks;
	}

	/**
	 * Returns the name of the ParserHook deriving class that defines a certain parser hook,
	 * or false if there is none.
	 *
	 * @since 0.4.3
	 *
	 * @param string $hookName
	 *
	 * @return mixed string or false
	 */
	public static function getHookClassName( $hookName ) {
		return array_key_exists( $hookName, self::$registeredHooks ) ? self::$registeredHooks[$hookName] : false;
	}

	/**
	 * @since 0.4
	 *
	 * @var Processor
	 */
	protected $validator;

	/**
	 * @since 0.4
	 *
	 * @var Parser
	 */
	protected $parser;

	/**
	 * @since 0.4.4
	 *
	 * @var PPFrame
	 */
	protected $frame;

	/**
	 * @since 0.4.4
	 *
	 * @var ParserHook::TYPE_ enum item
	 */
	protected $currentType;

	/**
	 * @since 0.4
	 *
	 * @var boolean
	 */
	public $forTagExtensions;

	/**
	 * @since 0.4
	 *
	 * @var boolean
	 */
	public $forParserFunctions;

	/**
	 * Bitfifeld of Options influencing the characteristics of the registered
	 * tag/parser function.
	 * 
	 * @since 0.4.13
	 * 
	 * @var int 
	 */
	protected $parserHookOptions;
	
	/**
	 * Gets the name of the parser hook.
	 *
	 * @since 0.4
	 *
	 * @return string or array of string
	 */
	protected abstract function getName();

	/**
	 * Renders and returns the output.
	 *
	 * @since 0.4
	 *
	 * @param array $parameters
	 *
	 * @return string
	 */
	protected abstract function render( array $parameters );

	/**
	 * Flag for constructor, whether the function hook should be one callable without
	 * leading hash, i.e. {{plural:...}} instead of {{#if:...}}
	 * 
	 * @since 0.4.13
	 */
	const FH_NO_HASH = 1;
	
	/* *
	 * @ToDo: implementation of this functionality
	 * 
	 * Flag for constructor, whether the tag hook should be handled as function tag hook
	 * and not as a normal tag hook. See Parser::setFunctionTagHook() for details.
	 */
	#const TH_AS_FUNCTION_TAG = 2;
	
	/**
	 * Constructor.
	 *
	 * @since 0.4
	 *
	 * @param boolean $forTagExtensions
	 * @param boolean $forParserFunctions
	 * @param integer $flag combination of option flags to manipulare the parser hooks
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
	 *        characteristics. The following are available:
	 *        - ParserHook::FH_NO_HASH makes the function callable without leading hash.
	 */
	public function __construct( $forTagExtensions = true, $forParserFunctions = true, $flags = 0 ) {
		$this->forTagExtensions = $forTagExtensions;
		$this->forParserFunctions = $forParserFunctions;
		// store flags:
		$this->parserHookOptions = $flags;
	}

	/**
	 * Function to hook up the coordinate rendering functions to the parser.
	 *
	 * @since 0.4
	 *
	 * @param Parser $parser
	 *
	 * @return true
	 */
	public function init( Parser &$parser ) {
		$className = get_class( $this );
		$first = true;

		foreach ( $this->getNames() as $name ) {
			if ( $first ) {
				self::$registeredHooks[$name] = $className;
				$first = false;
			}
			
			// Parser Tag hooking:
			if ( $this->forTagExtensions ) {
				$parser->setHook(
					$name,
					[ new ParserHookCaller( $className, 'renderTag' ), 'runTagHook' ]
				);
			}

			// Parser Function hooking:
			if ( $this->forParserFunctions ) {
				$flags = 0;
				$function = 'renderFunction';
				$callerFunction = 'runFunctionHook';
				
				// use object arguments if available:
				if ( defined( 'SFH_OBJECT_ARGS' ) ) {
					$flags = $flags | SFH_OBJECT_ARGS;
					$function .= 'Obj';
					$callerFunction .= 'Obj';
				}
				// no leading Hash required?
				if ( $this->parserHookOptions & self::FH_NO_HASH ) {
					$flags = $flags | SFH_NO_HASH;
				}
				
				$parser->setFunctionHook(
					$name,
					[ new ParserHookCaller( $className, $function ), $callerFunction ],
					$flags
				);
			}
		}

		return true;
	}

	/**
	 * Returns an array with the names for the parser hook.
	 *
	 * @since 0.4
	 *
	 * @return array
	 */
	protected function getNames() {
		$names = $this->getName();

		if ( !is_array( $names ) ) {
			$names = [ $names ];
		}

		return $names;
	}

	/**
	 * Function to add the magic word in pre MW 1.16.
	 *
	 * @since 0.4
	 *
	 * @param array $magicWords
	 * @param string $langCode
	 *
	 * @return boolean
	 */
	public function magic( array &$magicWords, $langCode ) {

		foreach ( $this->getNames() as $name ) {
			$magicWords[$name] = [ 0, $name ];
		}

		return true;
	}

	/**
	 * Handler for rendering the tag hook registered by Parser::setHook()
	 *
	 * @since 0.4
	 *
	 * @param mixed $input string or null
	 * @param array $args
	 * @param Parser $parser
	 * @param PPFrame $frame Available from 1.16
	 *
	 * @return string
	 */
	public function renderTag( $input, array $args, Parser $parser, PPFrame $frame = null  ) {
		$this->parser = $parser;
		$this->frame = $frame;

		$defaultParameters = $this->getDefaultParameters( self::TYPE_TAG );
		$defaultParam = array_shift( $defaultParameters );

		// If there is a first default parameter, set the tag contents as its value.
		if ( !is_null( $defaultParam ) && !is_null( $input ) ) {
			$args[$defaultParam] = $input;
		}

		return $this->validateAndRender( $args, self::TYPE_TAG );
	}

	/**
	 * Handler for rendering the function hook registered by Parser::setFunctionHook()
	 *
	 * @since 0.4
	 *
	 * @param Parser &$parser
	 * ... further arguments ...
	 *
	 * @return array
	 */
	public function renderFunction( Parser &$parser /*, n args */ ) {

		$args = func_get_args();
		
		$this->parser = array_shift( $args );
								
		$output = $this->validateAndRender( $args, self::TYPE_FUNCTION );
		$options = $this->getFunctionOptions();

		if ( array_key_exists( 'isHTML', $options ) && $options['isHTML'] ) {
			/** @ToDo: FIXME: Is this really necessary? The same thing is propably going to
			 *                happen in Parser::braceSubstitution() if 'isHTML' is set!
			 *  @ToDo: other options besides 'isHTML' like 'noparse' are ignored here!
			 */
			return $this->parser->insertStripItem( $output, $this->parser->mStripState );
		}

		return array_merge(
			[ $output ],
			$options
		);
	}
	
	/**
	 * Handler for rendering the function hook registered by Parser::setFunctionHook() together
	 * with object style arguments (SFH_OBJECT_ARGS flag).
	 *
	 * @since 0.4.13
	 * 
	 * @param Parser &$parser
	 * @param PPFrame $frame
	 * @param type $args
	 * @return array 
	 */
	public function renderFunctionObj( Parser &$parser, PPFrame $frame, $args ) {		
		$this->frame = $frame;
		
		// create non-object args for old style 'renderFunction()'
		$oldStyleArgs = [ &$parser ];
		
		foreach( $args as $arg ) {
			$oldStyleArgs[] = trim( $frame->expand( $arg ) );
		}
		
		/*
		 * since we can't validate un-expandet arguments, we just go on with old-style function
		 * handling from here. Only advantage is that we have $this->frame set properly.
		 */
		return call_user_func_array( [ $this, 'renderFunction' ], $oldStyleArgs );
	}

	/**
	 * Returns the parser function otpions.
	 *
	 * @since 0.4
	 *
	 * @return array
	 */
	protected function getFunctionOptions() {
		return [];
	}

	/**
	 * Takes care of validation and rendering, and returns the output.
	 *
	 * @since 0.4
	 *
	 * @param array $arguments
	 * @param integer $type Item of the ParserHook::TYPE_ enum
	 *
	 * @return string
	 */
	public function validateAndRender( array $arguments, $type ) {
		$names = $this->getNames();
		$this->validator = Processor::newDefault();

		$this->validator->getOptions()->setName( $names[0] );

		if ( $type === self::TYPE_FUNCTION ) {
			$this->validator->setFunctionParams( $arguments, $this->getParameterInfo( $type ), $this->getDefaultParameters( $type ) );
		}
		else {
			$this->validator->setParameters( $arguments, $this->getParameterInfo( $type ) );
		}

		$this->validator->validateParameters();

		$fatalError = $this->validator->hasFatalError();

		if ( $fatalError === false ) {
			$output = $this->render( $this->validator->getParameterValues() );
		}
		else {
			$output = $this->renderFatalError( $fatalError );
		}

		return $output;
	}

	/**
	 * Returns the ProcessingError objects for the errors and warnings that should be displayed.
	 *
	 * @since 0.4
	 *
	 * @return array of array of ProcessingError
	 */
	protected function getErrorsToDisplay() {
		$errors = [];
		$warnings = [];

		foreach ( $this->validator->getErrors() as $error ) {

			// Check if the severity of the error is high enough to display it.
			if ( $error->shouldShow() ) {
				$errors[] = $error;
			}
			elseif ( $error->shouldWarn() ) {
				$warnings[] = $error;
			}
		}

		return [ 'errors' => $errors, 'warnings' => $warnings ];
	}

	/**
	 * Creates and returns the output when a fatal error prevent regular rendering.
	 *
	 * @since 0.4
	 *
	 * @param ProcessingError $error
	 *
	 * @return string
	 */
	protected function renderFatalError( ProcessingError $error ) {
		return '<div><span class="errorbox">' .
			wfMessage( 'validator-fatal-error', $error->getMessage() )->parse() .
			'</span></div><br /><br />';
	}

	// TODO: replace render errors functionality

	/**
	 * Returns an array containing the parameter info.
	 * Override in deriving classes to add parameter info.
	 *
	 * @since 0.4
	 *
	 * @param integer $type Item of the ParserHook::TYPE_ enum
	 *
	 * @return array
	 */
	protected function getParameterInfo( $type ) {

		return [];
	}

	public function getParamDefinitions( $type = self::TYPE_FUNCTION ) {
		return $this->getParameterInfo( $type );
	}

	/**
	 * Returns the list of default parameters. These parameters can be used as
	 * unnamed parameters where it is not necessary to use the name and the '=' as
	 * long as there is no '=' within the value.
	 * It is possible to define that a parameter should not have a named fallback.
	 * Therefore the information has to be returnd as sub-array with the parameter
	 * name as first and Validator::PARAM_UNNAMED as second value. Parameter using
	 * this option must be set first, before any unnamed parameter in the same order
	 * as set here. All parameters defined before the last parameter making use of
	 * Validator::PARAM_UNNAMED will automatically be populated with this option.
	 * 
	 * Override in deriving classes to add default parameters.
	 *
	 * @since 0.4
	 *
	 * @param integer $type Item of the ParserHook::TYPE_ enum
	 *
	 * @return array
	 */
	protected function getDefaultParameters( $type ) {

		return [];
	}

	/**
	 * Returns the data needed to describe the parser hook.
	 * This is mainly needed because some of the individual get methods
	 * that return the needed data are protected, and cannot be made
	 * public without breaking b/c in a rather bad way.
	 *
	 * @since 0.4.3
	 *
	 * @param integer $type Item of the ParserHook::TYPE_ enum
	 *
	 * @return array
	 */
	public function getDescriptionData( $type ) {
		return [
			'names' => $this->getNames(),
			'description' => $this->getDescription(),

			'message' => $this->getMessage(),
			'parameters' => ParamDefinition::getCleanDefinitions( $this->getParameterInfo( $type ) ),

			'defaults' => $this->getDefaultParameters( $type ),
		];
	}

	/**
	 * Returns a description for the parser hook, or false when there is none.
	 * Override in deriving classes to add a message.
	 *
	 * @since 0.4.3
	 * @deprecated since 1.0
	 *
	 * @return mixed string or false
	 */
	public function getDescription() {
		$msg = $this->getMessage();
		return $msg === false ? false : wfMessage( $msg )->plain();
	}
	
	/**
	 * Returns a description message for the parser hook, or false when there is none.
	 * Override in deriving classes to add a message.
	 * 
	 * @since 0.4.10
	 * 
	 * @return mixed string or false
	 */
	public function getMessage() {
		return false;
	}

	/**
	 * Returns if the current render request is coming from a tag extension.
	 *
	 * @since 0.4.4
	 *
	 * @return boolean
	 */
	protected function isTag() {
		return $this->currentType == self::TYPE_TAG;
	}

	/**
	 * Returns if the current render request is coming from a parser function.
	 *
	 * @since 0.4.4
	 *
	 * @return boolean
	 */
	protected function isFunction() {
		return $this->currentType == self::TYPE_FUNCTION;
	}

	/**
	 * Utility function to parse wikitext without having to care
	 * about handling a tag extension or parser function.
	 *
	 * @since 0.4.4
	 *
	 * @param string $text The wikitext to be parsed
	 *
	 * @return string the parsed output
	 */
	protected function parseWikitext( $text ) {
		// Parse the wikitext to HTML.
		if ( $this->isFunction() ) {
			return $this->parser->parse(
				$text,
				$this->parser->getTitle(),
				$this->parser->getOptions(),
				true,
				false
			)->getText();
		}
		else {
			return $this->parser->recursiveTagParse(
				$text,
				$this->frame
			);
		}
	}

}

/**
 * Completely evil class to create a new instance of the handling ParserHook when the actual hook gets called.
 *
 * @evillness >9000 - to be replaced when a better solution (LSB?) is possible.
 *
 * @since 0.4
 *
 * @author Jeroen De Dauw
 * @author Daniel Werner
 */
class ParserHookCaller {
	
	protected $class;
	protected $method;
	
	function __construct( $class, $method ) {

		$this->class = $class;
		$this->method = $method;
	}
	
	/*
	 * See Parser::braceSubstitution() and Parser::extensionSubstitution() for details about
	 * how the Parser object and other parameters are being passed. Therefore for function
	 * hooks &$parser fullfills the same purpos as $parser for the tag hook.
	 * functionTagHook (!) calls (if implemented at a later time) are more like function hooks,
	 * meaning, they would require &$parser as well.
	 */
	
	public function runTagHook( $input, array $args, Parser $parser, PPFrame $frame = null  ) {
		$obj = new $this->class();		
		return $obj->{$this->method}( $input, $args, $parser, $frame );
	}
	
	public function runFunctionHook( Parser &$parser /*, n args */ ) {
		$args = func_get_args();
		$args[0] = &$parser; // with '&' becaus call_user_func_array is being used
		return call_user_func_array( [ new $this->class(), $this->method ], $args );
	}
	
	public function runFunctionHookObj( Parser &$parser, PPFrame $frame, array $args ) {
		$obj = new $this->class();		
		return $obj->{$this->method}( $parser, $frame, $args );
	}

}


1			<?php
2
3			use ParamProcessor\ParamDefinition;
4			use ParamProcessor\ProcessingError;
5			use ParamProcessor\Processor;
6
7			/**
8			* Class for out of the box parser hook functionality integrated with the validation
9			* provided by Validator.
10			*
11			* @since 0.4
12			* @deprecated since 1.0 in favour of the ParserHooks library
13			*
14			* @licence GNU GPL v2+
15			* @author Jeroen De Dauw < [email protected] >
16			* @author Daniel Werner
17			*/
18			abstract class ParserHook {
19
20			const TYPE_TAG = 0;
21			const TYPE_FUNCTION = 1;
22
23			/**
24			* @since 0.4.3
25			*
26			* @var array
27			*/
28			protected static $registeredHooks = [];
29
30			/**
31			* Returns an array of registered parser hooks (keys) and their handling
32			* ParserHook deriving class names (values).
33			*
34			* @since 0.4.3
35			*
36			* @return array
37			*/
38			public static function getRegisteredParserHooks() {
39			return self::$registeredHooks;
40			}
41
42			/**
43			* Returns the name of the ParserHook deriving class that defines a certain parser hook,
44			* or false if there is none.
45			*
46			* @since 0.4.3
47			*
48			* @param string $hookName
49			*
50			* @return mixed string or false
51			*/
52			public static function getHookClassName( $hookName ) {
53			return array_key_exists( $hookName, self::$registeredHooks ) ? self::$registeredHooks[$hookName] : false;
54			}
55
56			/**
57			* @since 0.4
58			*
59			* @var Processor
60			*/
61			protected $validator;
62
63			/**
64			* @since 0.4
65			*
66			* @var Parser
67			*/
68			protected $parser;
69
70			/**
71			* @since 0.4.4
72			*
73			* @var PPFrame
74			*/
75			protected $frame;
76
77			/**
78			* @since 0.4.4
79			*
80			* @var ParserHook::TYPE_ enum item
81			*/
82			protected $currentType;
83
84			/**
85			* @since 0.4
86			*
87			* @var boolean
88			*/
89			public $forTagExtensions;
90
91			/**
92			* @since 0.4
93			*
94			* @var boolean
95			*/
96			public $forParserFunctions;
97
98			/**
99			* Bitfifeld of Options influencing the characteristics of the registered
100			* tag/parser function.
101			*
102			* @since 0.4.13
103			*
104			* @var int
105			*/
106			protected $parserHookOptions;
107
108			/**
109			* Gets the name of the parser hook.
110			*
111			* @since 0.4
112			*
113			* @return string or array of string
114			*/
115			protected abstract function getName();
116
117			/**
118			* Renders and returns the output.
119			*
120			* @since 0.4
121			*
122			* @param array $parameters
123			*
124			* @return string
125			*/
126			protected abstract function render( array $parameters );
127
128			/**
129			* Flag for constructor, whether the function hook should be one callable without
130			* leading hash, i.e. {{plural:...}} instead of {{#if:...}}
131			*
132			* @since 0.4.13
133			*/
134			const FH_NO_HASH = 1;
135
136			/* *
137			* @ToDo: implementation of this functionality
138			*
139			* Flag for constructor, whether the tag hook should be handled as function tag hook
140			* and not as a normal tag hook. See Parser::setFunctionTagHook() for details.
141			*/
142			#const TH_AS_FUNCTION_TAG = 2;
143
144			/**
145			* Constructor.
146			*
147			* @since 0.4
148			*
149			* @param boolean $forTagExtensions
150			* @param boolean $forParserFunctions
151			* @param integer $flag combination of option flags to manipulare the parser hooks
			0 ignored issues – show Bug introduced 2016-02-17 22:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$flag`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
152			* characteristics. The following are available:
153			* - ParserHook::FH_NO_HASH makes the function callable without leading hash.
154			*/
155			public function __construct( $forTagExtensions = true, $forParserFunctions = true, $flags = 0 ) {
156			$this->forTagExtensions = $forTagExtensions;
157			$this->forParserFunctions = $forParserFunctions;
158			// store flags:
159			$this->parserHookOptions = $flags;
160			}
161
162			/**
163			* Function to hook up the coordinate rendering functions to the parser.
164			*
165			* @since 0.4
166			*
167			* @param Parser $parser
168			*
169			* @return true
170			*/
171			public function init( Parser &$parser ) {
172			$className = get_class( $this );
173			$first = true;
174
175			foreach ( $this->getNames() as $name ) {
176			if ( $first ) {
177			self::$registeredHooks[$name] = $className;
178			$first = false;
179			}
180
181			// Parser Tag hooking:
182			if ( $this->forTagExtensions ) {
183			$parser->setHook(
184			$name,
185			[ new ParserHookCaller( $className, 'renderTag' ), 'runTagHook' ]
186			);
187			}
188
189			// Parser Function hooking:
190			if ( $this->forParserFunctions ) {
191			$flags = 0;
192			$function = 'renderFunction';
193			$callerFunction = 'runFunctionHook';
194
195			// use object arguments if available:
196			if ( defined( 'SFH_OBJECT_ARGS' ) ) {
197			$flags = $flags \| SFH_OBJECT_ARGS;
198			$function .= 'Obj';
199			$callerFunction .= 'Obj';
200			}
201			// no leading Hash required?
202			if ( $this->parserHookOptions & self::FH_NO_HASH ) {
203			$flags = $flags \| SFH_NO_HASH;
204			}
205
206			$parser->setFunctionHook(
207			$name,
208			[ new ParserHookCaller( $className, $function ), $callerFunction ],
209			$flags
210			);
211			}
212			}
213
214			return true;
215			}
216
217			/**
218			* Returns an array with the names for the parser hook.
219			*
220			* @since 0.4
221			*
222			* @return array
223			*/
224			protected function getNames() {
225			$names = $this->getName();
226
227			if ( !is_array( $names ) ) {
228			$names = [ $names ];
229			}
230
231			return $names;
232			}
233
234			/**
235			* Function to add the magic word in pre MW 1.16.
236			*
237			* @since 0.4
238			*
239			* @param array $magicWords
240			* @param string $langCode
241			*
242			* @return boolean
243			*/
244			public function magic( array &$magicWords, $langCode ) {
			0 ignored issues – show Unused Code introduced 2017-08-07 05:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$langCode` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
245			foreach ( $this->getNames() as $name ) {
246			$magicWords[$name] = [ 0, $name ];
247			}
248
249			return true;
250			}
251
252			/**
253			* Handler for rendering the tag hook registered by Parser::setHook()
254			*
255			* @since 0.4
256			*
257			* @param mixed $input string or null
258			* @param array $args
259			* @param Parser $parser
260			* @param PPFrame $frame Available from 1.16
261			*
262			* @return string
263			*/
264			public function renderTag( $input, array $args, Parser $parser, PPFrame $frame = null ) {
265			$this->parser = $parser;
266			$this->frame = $frame;
267
268			$defaultParameters = $this->getDefaultParameters( self::TYPE_TAG );
269			$defaultParam = array_shift( $defaultParameters );
270
271			// If there is a first default parameter, set the tag contents as its value.
272			if ( !is_null( $defaultParam ) && !is_null( $input ) ) {
273			$args[$defaultParam] = $input;
274			}
275
276			return $this->validateAndRender( $args, self::TYPE_TAG );
277			}
278
279			/**
280			* Handler for rendering the function hook registered by Parser::setFunctionHook()
281			*
282			* @since 0.4
283			*
284			* @param Parser &$parser
285			* ... further arguments ...
286			*
287			* @return array
288			*/
289			public function renderFunction( Parser &$parser /, n args / ) {
			0 ignored issues – show Unused Code introduced 2017-08-07 05:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$parser` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
290			$args = func_get_args();
291
292			$this->parser = array_shift( $args );
293
294			$output = $this->validateAndRender( $args, self::TYPE_FUNCTION );
295			$options = $this->getFunctionOptions();
296
297			if ( array_key_exists( 'isHTML', $options ) && $options['isHTML'] ) {
298			/** @ToDo: FIXME: Is this really necessary? The same thing is propably going to
299			* happen in Parser::braceSubstitution() if 'isHTML' is set!
300			* @ToDo: other options besides 'isHTML' like 'noparse' are ignored here!
301			*/
302			return $this->parser->insertStripItem( $output, $this->parser->mStripState );
303			}
304
305			return array_merge(
306			[ $output ],
307			$options
308			);
309			}
310
311			/**
312			* Handler for rendering the function hook registered by Parser::setFunctionHook() together
313			* with object style arguments (SFH_OBJECT_ARGS flag).
314			*
315			* @since 0.4.13
316			*
317			* @param Parser &$parser
318			* @param PPFrame $frame
319			* @param type $args
320			* @return array
321			*/
322			public function renderFunctionObj( Parser &$parser, PPFrame $frame, $args ) {
323			$this->frame = $frame;
324
325			// create non-object args for old style 'renderFunction()'
326			$oldStyleArgs = [ &$parser ];
327
328			foreach( $args as $arg ) {
329			$oldStyleArgs[] = trim( $frame->expand( $arg ) );
330			}
331
332			/*
333			* since we can't validate un-expandet arguments, we just go on with old-style function
334			* handling from here. Only advantage is that we have $this->frame set properly.
335			*/
336			return call_user_func_array( [ $this, 'renderFunction' ], $oldStyleArgs );
337			}
338
339			/**
340			* Returns the parser function otpions.
341			*
342			* @since 0.4
343			*
344			* @return array
345			*/
346			protected function getFunctionOptions() {
347			return [];
348			}
349
350			/**
351			* Takes care of validation and rendering, and returns the output.
352			*
353			* @since 0.4
354			*
355			* @param array $arguments
356			* @param integer $type Item of the ParserHook::TYPE_ enum
357			*
358			* @return string
359			*/
360			public function validateAndRender( array $arguments, $type ) {
361			$names = $this->getNames();
362			$this->validator = Processor::newDefault();
			0 ignored issues – show Documentation Bug introduced 2018-12-10 07:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `\ParamProcessor\Processor::newDefault()` of type `object<self>` is incompatible with the declared type `object<ParamProcessor\Processor>` of property `$validator`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
363			$this->validator->getOptions()->setName( $names[0] );
364
365			if ( $type === self::TYPE_FUNCTION ) {
366			$this->validator->setFunctionParams( $arguments, $this->getParameterInfo( $type ), $this->getDefaultParameters( $type ) );
367			}
368			else {
369			$this->validator->setParameters( $arguments, $this->getParameterInfo( $type ) );
370			}
371
372			$this->validator->validateParameters();
373
374			$fatalError = $this->validator->hasFatalError();
375
376			if ( $fatalError === false ) {
377			$output = $this->render( $this->validator->getParameterValues() );
378			}
379			else {
380			$output = $this->renderFatalError( $fatalError );
381			}
382
383			return $output;
384			}
385
386			/**
387			* Returns the ProcessingError objects for the errors and warnings that should be displayed.
388			*
389			* @since 0.4
390			*
391			* @return array of array of ProcessingError
392			*/
393			protected function getErrorsToDisplay() {
394			$errors = [];
395			$warnings = [];
396
397			foreach ( $this->validator->getErrors() as $error ) {
			0 ignored issues – show Deprecated Code introduced 2019-11-07 15:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `ParamProcessor\Processor::getErrors()` has been deprecated with message: since 1.7 - use processParameters() return value This method has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead. Loading history...
398			// Check if the severity of the error is high enough to display it.
399			if ( $error->shouldShow() ) {
400			$errors[] = $error;
401			}
402			elseif ( $error->shouldWarn() ) {
403			$warnings[] = $error;
404			}
405			}
406
407			return [ 'errors' => $errors, 'warnings' => $warnings ];
408			}
409
410			/**
411			* Creates and returns the output when a fatal error prevent regular rendering.
412			*
413			* @since 0.4
414			*
415			* @param ProcessingError $error
416			*
417			* @return string
418			*/
419			protected function renderFatalError( ProcessingError $error ) {
420			return '<div><span class="errorbox">' .
421			wfMessage( 'validator-fatal-error', $error->getMessage() )->parse() .
422			'</span></div><br /><br />';
423			}
424
425			// TODO: replace render errors functionality
426
427			/**
428			* Returns an array containing the parameter info.
429			* Override in deriving classes to add parameter info.
430			*
431			* @since 0.4
432			*
433			* @param integer $type Item of the ParserHook::TYPE_ enum
434			*
435			* @return array
436			*/
437			protected function getParameterInfo( $type ) {
			0 ignored issues – show Unused Code introduced 2017-08-07 05:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$type` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
438			return [];
439			}
440
441			public function getParamDefinitions( $type = self::TYPE_FUNCTION ) {
442			return $this->getParameterInfo( $type );
443			}
444
445			/**
446			* Returns the list of default parameters. These parameters can be used as
447			* unnamed parameters where it is not necessary to use the name and the '=' as
448			* long as there is no '=' within the value.
449			* It is possible to define that a parameter should not have a named fallback.
450			* Therefore the information has to be returnd as sub-array with the parameter
451			* name as first and Validator::PARAM_UNNAMED as second value. Parameter using
452			* this option must be set first, before any unnamed parameter in the same order
453			* as set here. All parameters defined before the last parameter making use of
454			* Validator::PARAM_UNNAMED will automatically be populated with this option.
455			*
456			* Override in deriving classes to add default parameters.
457			*
458			* @since 0.4
459			*
460			* @param integer $type Item of the ParserHook::TYPE_ enum
461			*
462			* @return array
463			*/
464			protected function getDefaultParameters( $type ) {
			0 ignored issues – show Unused Code introduced 2017-08-07 05:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$type` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
465			return [];
466			}
467
468			/**
469			* Returns the data needed to describe the parser hook.
470			* This is mainly needed because some of the individual get methods
471			* that return the needed data are protected, and cannot be made
472			* public without breaking b/c in a rather bad way.
473			*
474			* @since 0.4.3
475			*
476			* @param integer $type Item of the ParserHook::TYPE_ enum
477			*
478			* @return array
479			*/
480			public function getDescriptionData( $type ) {
481			return [
482			'names' => $this->getNames(),
483			'description' => $this->getDescription(),
			0 ignored issues – show Deprecated Code introduced 2016-02-17 22:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `ParserHook::getDescription()` has been deprecated with message: since 1.0 This method has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead. Loading history...
484			'message' => $this->getMessage(),
485			'parameters' => ParamDefinition::getCleanDefinitions( $this->getParameterInfo( $type ) ),
			0 ignored issues – show Deprecated Code introduced 2019-11-07 15:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `ParamProcessor\ParamDefi...::getCleanDefinitions()` has been deprecated with message: since 1.7 - use ParamDefinitionFactory This method has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead. Loading history...
486			'defaults' => $this->getDefaultParameters( $type ),
487			];
488			}
489
490			/**
491			* Returns a description for the parser hook, or false when there is none.
492			* Override in deriving classes to add a message.
493			*
494			* @since 0.4.3
495			* @deprecated since 1.0
496			*
497			* @return mixed string or false
498			*/
499			public function getDescription() {
500			$msg = $this->getMessage();
501			return $msg === false ? false : wfMessage( $msg )->plain();
502			}
503
504			/**
505			* Returns a description message for the parser hook, or false when there is none.
506			* Override in deriving classes to add a message.
507			*
508			* @since 0.4.10
509			*
510			* @return mixed string or false
511			*/
512			public function getMessage() {
513			return false;
514			}
515
516			/**
517			* Returns if the current render request is coming from a tag extension.
518			*
519			* @since 0.4.4
520			*
521			* @return boolean
522			*/
523			protected function isTag() {
524			return $this->currentType == self::TYPE_TAG;
525			}
526
527			/**
528			* Returns if the current render request is coming from a parser function.
529			*
530			* @since 0.4.4
531			*
532			* @return boolean
533			*/
534			protected function isFunction() {
535			return $this->currentType == self::TYPE_FUNCTION;
536			}
537
538			/**
539			* Utility function to parse wikitext without having to care
540			* about handling a tag extension or parser function.
541			*
542			* @since 0.4.4
543			*
544			* @param string $text The wikitext to be parsed
545			*
546			* @return string the parsed output
547			*/
548			protected function parseWikitext( $text ) {
549			// Parse the wikitext to HTML.
550			if ( $this->isFunction() ) {
551			return $this->parser->parse(
552			$text,
553			$this->parser->getTitle(),
554			$this->parser->getOptions(),
555			true,
556			false
557			)->getText();
558			}
559			else {
560			return $this->parser->recursiveTagParse(
561			$text,
562			$this->frame
563			);
564			}
565			}
566
567			}
568
569			/**
570			* Completely evil class to create a new instance of the handling ParserHook when the actual hook gets called.
571			*
572			* @evillness >9000 - to be replaced when a better solution (LSB?) is possible.
573			*
574			* @since 0.4
575			*
576			* @author Jeroen De Dauw
577			* @author Daniel Werner
578			*/
579			class ParserHookCaller {
580
581			protected $class;
582			protected $method;
583
584			function __construct( $class, $method ) {
			0 ignored issues – show Best Practice introduced 2016-02-17 22:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
585			$this->class = $class;
586			$this->method = $method;
587			}
588
589			/*
590			* See Parser::braceSubstitution() and Parser::extensionSubstitution() for details about
591			* how the Parser object and other parameters are being passed. Therefore for function
592			* hooks &$parser fullfills the same purpos as $parser for the tag hook.
593			* functionTagHook (!) calls (if implemented at a later time) are more like function hooks,
594			* meaning, they would require &$parser as well.
595			*/
596
597			public function runTagHook( $input, array $args, Parser $parser, PPFrame $frame = null ) {
598			$obj = new $this->class();
599			return $obj->{$this->method}( $input, $args, $parser, $frame );
600			}
601
602			public function runFunctionHook( Parser &$parser /, n args / ) {
603			$args = func_get_args();
604			$args[0] = &$parser; // with '&' becaus call_user_func_array is being used
605			return call_user_func_array( [ new $this->class(), $this->method ], $args );
606			}
607
608			public function runFunctionHookObj( Parser &$parser, PPFrame $frame, array $args ) {
609			$obj = new $this->class();
610			return $obj->{$this->method}( $parser, $frame, $args );
611			}
612
613			}
614

JeroenDeDauw / Validator

Issues (10)

Security Analysis no request data

src/legacy/ParserHook.php (10 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like