Inspection of "fixed some security issues in sendmail page, see #..." - JuKu/JuKuCMS - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 358905...02a0dd )

by Justin

created 2018-04-24 20:34 UTC

Status

Indentation +80 added lines, -80 removed lines patch added patch discarded remove patch

@@ -27,20 +27,20 @@  discard block
 block discarded – undo
 
 class SendMailPage extends PageType {
 
-	public function getAdditionalHeaderCode(): string {
-		$base_url = DomainUtils::getBaseURL() . "/";
+    public function getAdditionalHeaderCode(): string {
+        $base_url = DomainUtils::getBaseURL() . "/";
 
-		return "<!-- iCheck -->
+        return "<!-- iCheck -->
   				<link rel=\"stylesheet\" href=\"" . $base_url . "styles/admin/plugins/iCheck/flat/blue.css\">
 		
 				<!-- bootstrap wysihtml5 - text editor -->
   				<link rel=\"stylesheet\" href=\"" . $base_url . "styles/admin/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.min.css\">";
-	}
+    }
 
-	public function getFooterScripts(): string {
-		$base_url = DomainUtils::getBaseURL() . "/";
+    public function getFooterScripts(): string {
+        $base_url = DomainUtils::getBaseURL() . "/";
 
-		return "<!-- iCheck -->
+        return "<!-- iCheck -->
 				<script src=\"" . $base_url . "styles/admin/plugins/iCheck/icheck.min.js\"></script>
 				<!-- Bootstrap WYSIHTML5 -->
 				<script src=\"" . $base_url . "styles/admin/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.all.min.js\"></script>
@@ -59,79 +59,79 @@  discard block
 block discarded – undo
 					});
 				  });
 				</script>";
-	}
-
-	public function getContent(): string {
-		$template = new DwooTemplate("pages/sendmail");
-
-		$template->assign("form_action", DomainUtils::generateURL("admin/sendmail"));
-		$template->assign("content", "");
-
-		if (isset($_REQUEST['submit'])) {
-			//first, check csrf token
-			if (!Security::checkCSRFToken()) {
-				$template->assign("error_message", "Wrong CSRF token!");
-
-				if (isset($_POST['content'])) {
-					$template->assign("content", $_POST['content']);
-				}
-			} else {
-				$required_fields = array("to_mail", "subject", "content");
-
-				foreach ($required_fields as $field) {
-					if (!isset($_POST[$field]) || empty($_POST[$field])) {
-						$template->assign("error_message", "Please complete form!");
-
-						if (isset($_POST['content'])) {
-							$template->assign("content", $_POST['content']);
-						}
-
-						return $template->getCode();
-					}
-				}
-
-				//form is complete
-
-				//get values
-				$to_mail = $_POST['to_mail'];
-				$subject = $_POST['subject'];
-				$content = $_POST['content'];
-
-				//check, if mail is valide
-				if (!(new Validator_Mail())->isValide($to_mail)) {
-					$template->assign("error_message", "Mail is not valide!");
-
-					if (isset($_POST['content'])) {
-						$template->assign("content", $_POST['content']);
-					}
-				} else if (!(new Validator_String())->isValide($subject)) {
-					$template->assign("error_message", "Subject is not valide!");
-
-					if (isset($_POST['content'])) {
-						$template->assign("content", $_POST['content']);
-					}
-				} else {
-					//parameters are valide, send mail
-
-					if (MailApi::sendHTMLMail($to_mail, $subject, $content)) {
-						$template->assign("success_message", "Mail sended successfully!");
-					} else {
-						$template->assign("error_message", "Sending of mail failed!");
-
-						if (isset($_POST['content'])) {
-							$template->assign("content", $_POST['content']);
-						}
-					}
-				}
-			}
-		}
-
-		return $template->getCode();
-	}
-
-	public function listRequiredPermissions(): array {
-		return array("can_send_board_mails");
-	}
+    }
+
+    public function getContent(): string {
+        $template = new DwooTemplate("pages/sendmail");
+
+        $template->assign("form_action", DomainUtils::generateURL("admin/sendmail"));
+        $template->assign("content", "");
+
+        if (isset($_REQUEST['submit'])) {
+            //first, check csrf token
+            if (!Security::checkCSRFToken()) {
+                $template->assign("error_message", "Wrong CSRF token!");
+
+                if (isset($_POST['content'])) {
+                    $template->assign("content", $_POST['content']);
+                }
+            } else {
+                $required_fields = array("to_mail", "subject", "content");
+
+                foreach ($required_fields as $field) {
+                    if (!isset($_POST[$field]) || empty($_POST[$field])) {
+                        $template->assign("error_message", "Please complete form!");
+
+                        if (isset($_POST['content'])) {
+                            $template->assign("content", $_POST['content']);
+                        }
+
+                        return $template->getCode();
+                    }
+                }
+
+                //form is complete
+
+                //get values
+                $to_mail = $_POST['to_mail'];
+                $subject = $_POST['subject'];
+                $content = $_POST['content'];
+
+                //check, if mail is valide
+                if (!(new Validator_Mail())->isValide($to_mail)) {
+                    $template->assign("error_message", "Mail is not valide!");
+
+                    if (isset($_POST['content'])) {
+                        $template->assign("content", $_POST['content']);
+                    }
+                } else if (!(new Validator_String())->isValide($subject)) {
+                    $template->assign("error_message", "Subject is not valide!");
+
+                    if (isset($_POST['content'])) {
+                        $template->assign("content", $_POST['content']);
+                    }
+                } else {
+                    //parameters are valide, send mail
+
+                    if (MailApi::sendHTMLMail($to_mail, $subject, $content)) {
+                        $template->assign("success_message", "Mail sended successfully!");
+                    } else {
+                        $template->assign("error_message", "Sending of mail failed!");
+
+                        if (isset($_POST['content'])) {
+                            $template->assign("content", $_POST['content']);
+                        }
+                    }
+                }
+            }
+        }
+
+        return $template->getCode();
+    }
+
+    public function listRequiredPermissions(): array {
+        return array("can_send_board_mails");
+    }
 
 }
 

Please login to merge, or discard this patch.

		@@ -27,20 +27,20 @@ discard block
		block discarded – undo
27	27
28	28	class SendMailPage extends PageType {
29	29
30		- public function getAdditionalHeaderCode(): string {
31		- $base_url = DomainUtils::getBaseURL() . "/";
	30	+ public function getAdditionalHeaderCode(): string {
	31	+ $base_url = DomainUtils::getBaseURL() . "/";
32	32
33		- return "<!-- iCheck -->
	33	+ return "<!-- iCheck -->
34	34	<link rel=\"stylesheet\" href=\"" . $base_url . "styles/admin/plugins/iCheck/flat/blue.css\">
35	35
36	36	<!-- bootstrap wysihtml5 - text editor -->
37	37	<link rel=\"stylesheet\" href=\"" . $base_url . "styles/admin/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.min.css\">";
38		- }
	38	+ }
39	39
40		- public function getFooterScripts(): string {
41		- $base_url = DomainUtils::getBaseURL() . "/";
	40	+ public function getFooterScripts(): string {
	41	+ $base_url = DomainUtils::getBaseURL() . "/";
42	42
43		- return "<!-- iCheck -->
	43	+ return "<!-- iCheck -->
44	44	<script src=\"" . $base_url . "styles/admin/plugins/iCheck/icheck.min.js\"></script>
45	45	<!-- Bootstrap WYSIHTML5 -->
46	46	<script src=\"" . $base_url . "styles/admin/plugins/bootstrap-wysihtml5/bootstrap3-wysihtml5.all.min.js\"></script>
		@@ -59,79 +59,79 @@ discard block
		block discarded – undo
59	59	});
60	60	});
61	61	</script>";
62		- }
63		-
64		- public function getContent(): string {
65		- $template = new DwooTemplate("pages/sendmail");
66		-
67		- $template->assign("form_action", DomainUtils::generateURL("admin/sendmail"));
68		- $template->assign("content", "");
69		-
70		- if (isset($_REQUEST['submit'])) {
71		- //first, check csrf token
72		- if (!Security::checkCSRFToken()) {
73		- $template->assign("error_message", "Wrong CSRF token!");
74		-
75		- if (isset($_POST['content'])) {
76		- $template->assign("content", $_POST['content']);
77		- }
78		- } else {
79		- $required_fields = array("to_mail", "subject", "content");
80		-
81		- foreach ($required_fields as $field) {
82		- if (!isset($_POST[$field]) \|\| empty($_POST[$field])) {
83		- $template->assign("error_message", "Please complete form!");
84		-
85		- if (isset($_POST['content'])) {
86		- $template->assign("content", $_POST['content']);
87		- }
88		-
89		- return $template->getCode();
90		- }
91		- }
92		-
93		- //form is complete
94		-
95		- //get values
96		- $to_mail = $_POST['to_mail'];
97		- $subject = $_POST['subject'];
98		- $content = $_POST['content'];
99		-
100		- //check, if mail is valide
101		- if (!(new Validator_Mail())->isValide($to_mail)) {
102		- $template->assign("error_message", "Mail is not valide!");
103		-
104		- if (isset($_POST['content'])) {
105		- $template->assign("content", $_POST['content']);
106		- }
107		- } else if (!(new Validator_String())->isValide($subject)) {
108		- $template->assign("error_message", "Subject is not valide!");
109		-
110		- if (isset($_POST['content'])) {
111		- $template->assign("content", $_POST['content']);
112		- }
113		- } else {
114		- //parameters are valide, send mail
115		-
116		- if (MailApi::sendHTMLMail($to_mail, $subject, $content)) {
117		- $template->assign("success_message", "Mail sended successfully!");
118		- } else {
119		- $template->assign("error_message", "Sending of mail failed!");
120		-
121		- if (isset($_POST['content'])) {
122		- $template->assign("content", $_POST['content']);
123		- }
124		- }
125		- }
126		- }
127		- }
128		-
129		- return $template->getCode();
130		- }
131		-
132		- public function listRequiredPermissions(): array {
133		- return array("can_send_board_mails");
134		- }
	62	+ }
	63	+
	64	+ public function getContent(): string {
	65	+ $template = new DwooTemplate("pages/sendmail");
	66	+
	67	+ $template->assign("form_action", DomainUtils::generateURL("admin/sendmail"));
	68	+ $template->assign("content", "");
	69	+
	70	+ if (isset($_REQUEST['submit'])) {
	71	+ //first, check csrf token
	72	+ if (!Security::checkCSRFToken()) {
	73	+ $template->assign("error_message", "Wrong CSRF token!");
	74	+
	75	+ if (isset($_POST['content'])) {
	76	+ $template->assign("content", $_POST['content']);
	77	+ }
	78	+ } else {
	79	+ $required_fields = array("to_mail", "subject", "content");
	80	+
	81	+ foreach ($required_fields as $field) {
	82	+ if (!isset($_POST[$field]) \|\| empty($_POST[$field])) {
	83	+ $template->assign("error_message", "Please complete form!");
	84	+
	85	+ if (isset($_POST['content'])) {
	86	+ $template->assign("content", $_POST['content']);
	87	+ }
	88	+
	89	+ return $template->getCode();
	90	+ }
	91	+ }
	92	+
	93	+ //form is complete
	94	+
	95	+ //get values
	96	+ $to_mail = $_POST['to_mail'];
	97	+ $subject = $_POST['subject'];
	98	+ $content = $_POST['content'];
	99	+
	100	+ //check, if mail is valide
	101	+ if (!(new Validator_Mail())->isValide($to_mail)) {
	102	+ $template->assign("error_message", "Mail is not valide!");
	103	+
	104	+ if (isset($_POST['content'])) {
	105	+ $template->assign("content", $_POST['content']);
	106	+ }
	107	+ } else if (!(new Validator_String())->isValide($subject)) {
	108	+ $template->assign("error_message", "Subject is not valide!");
	109	+
	110	+ if (isset($_POST['content'])) {
	111	+ $template->assign("content", $_POST['content']);
	112	+ }
	113	+ } else {
	114	+ //parameters are valide, send mail
	115	+
	116	+ if (MailApi::sendHTMLMail($to_mail, $subject, $content)) {
	117	+ $template->assign("success_message", "Mail sended successfully!");
	118	+ } else {
	119	+ $template->assign("error_message", "Sending of mail failed!");
	120	+
	121	+ if (isset($_POST['content'])) {
	122	+ $template->assign("content", $_POST['content']);
	123	+ }
	124	+ }
	125	+ }
	126	+ }
	127	+ }
	128	+
	129	+ return $template->getCode();
	130	+ }
	131	+
	132	+ public function listRequiredPermissions(): array {
	133	+ return array("can_send_board_mails");
	134	+ }
135	135
136	136	}
137	137

JuKu / JuKuCMS

Push — master ( 358905...02a0dd )

Status

Category

Indentation +80 added lines, -80 removed lines patch added patch discarded remove patch