Issues in AbstractPersistence.php - All Issues - Inspection of "Merge branch 'js-unit-testing'" - PrivateBin/PrivateBin - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 4f070d...a1881f )

by El

created 2017-05-22 20:41 UTC

lib/Persistence/AbstractPersistence.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * PrivateBin
 *
 * a zero-knowledge paste bin
 *
 * @link      https://github.com/PrivateBin/PrivateBin
 * @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
 * @license   https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
 * @version   1.1
 */

namespace PrivateBin\Persistence;

use Exception;

/**
 * AbstractPersistence
 *
 * persists data in PHP files
 */
abstract class AbstractPersistence
{
    /**
     * path in which to persist something
     *
     * @access private
     * @static
     * @var    string
     */
    private static $_path = 'data';

    /**
     * set the path
     *
     * @access public
     * @static
     * @param  string $path
     */
    public static function setPath($path)
    {
        self::$_path = $path;
    }

    /**
     * get the path
     *
     * @access public
     * @static
     * @param  string $filename
     * @return string
     */
    public static function getPath($filename = null)
    {
        if (strlen($filename)) {
            return self::$_path . DIRECTORY_SEPARATOR . $filename;
        } else {
            return self::$_path;
        }
    }

    /**
     * checks if the file exists
     *
     * @access protected
     * @static
     * @param  string $filename
     * @return bool
     */
    protected static function _exists($filename)
    {
        self::_initialize();
        return is_file(self::$_path . DIRECTORY_SEPARATOR . $filename);
    }

    /**
     * prepares path for storage
     *
     * @access protected
     * @static
     * @throws Exception
     */
    protected static function _initialize()
    {
        // Create storage directory if it does not exist.
        if (!is_dir(self::$_path)) {
            if (!@mkdir(self::$_path, 0700)) {
                throw new Exception('unable to create directory ' . self::$_path, 10);
            }
        }
        $file = self::$_path . DIRECTORY_SEPARATOR . '.htaccess';
        if (!is_file($file)) {
            $writtenBytes = @file_put_contents(
                $file,
                'Require all denied' . PHP_EOL,
                LOCK_EX
            );
            if ($writtenBytes === false || $writtenBytes < 19) {
                throw new Exception('unable to write to file ' . $file, 11);
            }
        }
    }

    /**
     * store the data
     *
     * @access protected
     * @static
     * @param  string $filename
     * @param  string $data
     * @throws Exception
     * @return string
     */
    protected static function _store($filename, $data)
    {
        self::_initialize();
        $file         = self::$_path . DIRECTORY_SEPARATOR . $filename;
        $writtenBytes = @file_put_contents($file, $data, LOCK_EX);
        if ($writtenBytes === false || $writtenBytes < strlen($data)) {
            throw new Exception('unable to write to file ' . $file, 13);
        }
        @chmod($file, 0640); // protect file access
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
        return $file;
    }
}


1		<?php
2		/**
3		* PrivateBin
4		*
5		* a zero-knowledge paste bin
6		*
7		* @link https://github.com/PrivateBin/PrivateBin
8		* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
9		* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
10		* @version 1.1
11		*/
12
13		namespace PrivateBin\Persistence;
14
15		use Exception;
16
17		/**
18		* AbstractPersistence
19		*
20		* persists data in PHP files
21		*/
22		abstract class AbstractPersistence
23		{
24		/**
25		* path in which to persist something
26		*
27		* @access private
28		* @static
29		* @var string
30		*/
31		private static $_path = 'data';
32
33		/**
34		* set the path
35		*
36		* @access public
37		* @static
38		* @param string $path
39		*/
40	128	public static function setPath($path)
41		{
42	128	self::$_path = $path;
43	128	}
44
45		/**
46		* get the path
47		*
48		* @access public
49		* @static
50		* @param string $filename
51		* @return string
52		*/
53	77	public static function getPath($filename = null)
54		{
55	77	if (strlen($filename)) {
56	77	return self::$_path . DIRECTORY_SEPARATOR . $filename;
57		} else {
58	46	return self::$_path;
59		}
60		}
61
62		/**
63		* checks if the file exists
64		*
65		* @access protected
66		* @static
67		* @param string $filename
68		* @return bool
69		*/
70	50	protected static function _exists($filename)
71		{
72	50	self::_initialize();
73	48	return is_file(self::$_path . DIRECTORY_SEPARATOR . $filename);
74		}
75
76		/**
77		* prepares path for storage
78		*
79		* @access protected
80		* @static
81		* @throws Exception
82		*/
83	76	protected static function _initialize()
84		{
85		// Create storage directory if it does not exist.
86	76	if (!is_dir(self::$_path)) {
87	17	if (!@mkdir(self::$_path, 0700)) {
88	1	throw new Exception('unable to create directory ' . self::$_path, 10);
89		}
90		}
91	75	$file = self::$_path . DIRECTORY_SEPARATOR . '.htaccess';
92	75	if (!is_file($file)) {
93	74	$writtenBytes = @file_put_contents(
94		$file,
95	74	'Require all denied' . PHP_EOL,
96	74	LOCK_EX
97		);
98	74	if ($writtenBytes === false \|\| $writtenBytes < 19) {
99	1	throw new Exception('unable to write to file ' . $file, 11);
100		}
101		}
102	74	}
103
104		/**
105		* store the data
106		*
107		* @access protected
108		* @static
109		* @param string $filename
110		* @param string $data
111		* @throws Exception
112		* @return string
113		*/
114	73	protected static function _store($filename, $data)
115		{
116	73	self::_initialize();
117	73	$file = self::$_path . DIRECTORY_SEPARATOR . $filename;
118	73	$writtenBytes = @file_put_contents($file, $data, LOCK_EX);
119	73	if ($writtenBytes === false \|\| $writtenBytes < strlen($data)) {
120	1	throw new Exception('unable to write to file ' . $file, 13);
121		}
122	72	@chmod($file, 0640); // protect file access
		0 ignored issues – show Security Best Practice introduced 2016-07-09 10:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
123	72	return $file;
124		}
125		}
126

PrivateBin / PrivateBin

Push — master ( 4f070d...a1881f )

lib/Persistence/AbstractPersistence.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like