This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace SEQL\ByHttpRequest; |
||
4 | |||
5 | use SEQL\DataValueDeserializer; |
||
6 | use SMW\DIProperty; |
||
7 | use SMW\DIWikiPage; |
||
8 | |||
9 | /** |
||
10 | * @license GNU GPL v2+ |
||
11 | * @since 1.0 |
||
12 | * |
||
13 | * @author mwjames |
||
14 | */ |
||
15 | class JsonResponseParser { |
||
16 | |||
17 | /** |
||
18 | * @var DataValueDeserializer |
||
19 | */ |
||
20 | private $dataValueDeserializer; |
||
21 | |||
22 | /** |
||
23 | * @var ResponsePropertyList |
||
24 | */ |
||
25 | private $responsePropertyList; |
||
26 | |||
27 | /** |
||
28 | * @var array |
||
29 | */ |
||
30 | private $subjectList = array(); |
||
31 | |||
32 | /** |
||
33 | * @var boolean |
||
34 | */ |
||
35 | private $furtherResults = false; |
||
36 | |||
37 | /** |
||
38 | * @var array |
||
39 | */ |
||
40 | private $printouts = array(); |
||
41 | |||
42 | /** |
||
43 | * @var string |
||
44 | */ |
||
45 | private $rawResponseResult = array(); |
||
46 | |||
47 | /** |
||
48 | * @since 1.0 |
||
49 | * |
||
50 | * @param DataValueDeserializer $dataValueDeserializer |
||
51 | */ |
||
52 | 14 | public function __construct( DataValueDeserializer $dataValueDeserializer ) { |
|
53 | 14 | $this->dataValueDeserializer = $dataValueDeserializer; |
|
54 | 14 | $this->responsePropertyList = new ResponsePropertyList( $dataValueDeserializer->getQuerySource() ); |
|
55 | 14 | } |
|
56 | |||
57 | /** |
||
58 | * @since 1.0 |
||
59 | * |
||
60 | * @param DIProperty $property |
||
61 | * |
||
62 | * @return DIProperty |
||
63 | */ |
||
64 | 3 | public function findPropertyFromInMemoryExternalRepositoryCache( DIProperty $property ) { |
|
65 | |||
66 | 3 | $key = $property->getKey(); |
|
67 | |||
68 | 3 | if ( $this->responsePropertyList->hasProperty( $key ) ) { |
|
69 | 2 | return $this->responsePropertyList->getProperty( $key ); |
|
70 | } |
||
71 | |||
72 | 1 | return $property; |
|
73 | } |
||
74 | |||
75 | /** |
||
76 | * @since 1.0 |
||
77 | * |
||
78 | * @param DIWikiPage[] |
||
79 | */ |
||
80 | 8 | public function getResultSubjectList() { |
|
81 | 8 | return $this->subjectList; |
|
82 | } |
||
83 | |||
84 | /** |
||
85 | * @since 1.0 |
||
86 | * |
||
87 | * @param [] |
||
88 | */ |
||
89 | public function getPrintouts() { |
||
90 | return $this->printouts; |
||
91 | } |
||
92 | |||
93 | /** |
||
94 | * @since 1.0 |
||
95 | * |
||
96 | * @param [] |
||
97 | */ |
||
98 | 8 | public function getPrintRequestPropertyList() { |
|
99 | 8 | return $this->responsePropertyList->getPropertyList(); |
|
100 | } |
||
101 | |||
102 | /** |
||
103 | * @since 1.0 |
||
104 | * |
||
105 | * @return boolean |
||
106 | */ |
||
107 | 12 | public function hasFurtherResults() { |
|
108 | 12 | return $this->furtherResults; |
|
109 | } |
||
110 | |||
111 | /** |
||
112 | * @since 1.0 |
||
113 | * |
||
114 | * @return array |
||
115 | */ |
||
116 | 5 | public function getRawResponseResult() { |
|
117 | 5 | return $this->rawResponseResult; |
|
118 | } |
||
119 | |||
120 | /** |
||
121 | * @since 1.0 |
||
122 | * |
||
123 | * @param DIWikiPage $subject |
||
124 | * @param DIProperty $property |
||
125 | * |
||
126 | * @return array |
||
127 | */ |
||
128 | public function getPropertyValuesFor( DIWikiPage $subject, DIProperty $property ) { |
||
129 | |||
130 | $hash = $subject->getHash(); |
||
131 | $key = $this->responsePropertyList->findPropertyKey( $property->getKey() ); |
||
132 | |||
133 | return isset( $this->printouts[$hash][$key] ) ? $this->printouts[$hash][$key] : array(); |
||
134 | } |
||
135 | |||
136 | /** |
||
137 | * @since 1.0 |
||
138 | * |
||
139 | * @param array $result |
||
140 | */ |
||
141 | 13 | public function doParse( array $result ) { |
|
142 | |||
143 | 13 | if ( isset( $result['query'] ) ) { |
|
144 | 13 | $this->rawResponseResult = $result['query'] ; |
|
145 | 13 | } |
|
146 | |||
147 | 13 | foreach ( $result as $key => $item ) { |
|
148 | |||
149 | 13 | if ( $key === 'query-continue-offset' ) { |
|
150 | 4 | $this->furtherResults = true; |
|
151 | 4 | continue; |
|
152 | } |
||
153 | |||
154 | 13 | if ( !isset( $item['printrequests'] ) || !isset( $item['results'] ) ) { |
|
155 | 3 | continue; |
|
156 | } |
||
157 | |||
158 | 10 | foreach ( $item['printrequests'] as $k => $value ) { |
|
159 | 10 | $this->responsePropertyList->addToPropertyList( $value ); |
|
160 | 10 | } |
|
161 | |||
162 | 10 | foreach ( $item['results'] as $k => $value ) { |
|
163 | 8 | $this->addResultsToPrintoutList( $k, $value ); |
|
164 | 10 | } |
|
165 | 13 | } |
|
166 | 13 | } |
|
167 | |||
168 | 8 | private function addResultsToPrintoutList( $k, $value ) { |
|
169 | |||
170 | // Most likely caused by `mainlabel=-` therefore mark it as special and |
||
171 | // restore row integrity |
||
172 | 8 | if ( !isset( $value['namespace'] ) || !isset( $value['fulltext'] ) ) { |
|
173 | 1 | $value['namespace'] = 0; |
|
174 | 1 | $value['fulltext'] = $k; |
|
175 | 1 | } |
|
176 | |||
177 | 8 | $subject = $this->dataValueDeserializer->newDiWikiPage( $value ); |
|
178 | |||
179 | 8 | if ( !$subject ) { |
|
180 | return; |
||
181 | } |
||
182 | |||
183 | 8 | $hash = $subject->getHash(); |
|
184 | 8 | $this->subjectList[] = $subject; |
|
185 | |||
186 | 8 | if ( !isset( $value['printouts'] ) ) { |
|
187 | return; |
||
188 | } |
||
189 | |||
190 | 8 | foreach ( $value['printouts'] as $pk => $pvalues ) { |
|
191 | 8 | $this->addPropertyValues( $hash, $pk, $pvalues ); |
|
192 | 8 | } |
|
193 | 8 | } |
|
194 | |||
195 | 8 | private function addPropertyValues( $hash, $pk, $pvalues ) { |
|
196 | |||
197 | 8 | $property = DIProperty::newFromUserLabel( $pk ); |
|
198 | 8 | $pk = $property->getKey(); |
|
199 | |||
200 | 8 | if ( !$this->responsePropertyList->hasProperty( $pk ) ) { |
|
201 | return; |
||
202 | } |
||
203 | |||
204 | 8 | $property = $this->responsePropertyList->getProperty( $pk ); |
|
205 | 8 | $pk = $property->getKey(); |
|
206 | |||
207 | 8 | foreach ( $pvalues as $pvalue ) { |
|
208 | |||
209 | 8 | if ( !isset( $this->printouts[$hash][$pk] ) ) { |
|
210 | 8 | $this->printouts[$hash][$pk] = array(); |
|
211 | 8 | } |
|
212 | |||
213 | // Unique row value display |
||
214 | 8 | $vhash = md5( json_encode( $pvalue ) ); |
|
215 | |||
216 | 8 | if ( !isset( $this->printouts[$hash][$pk][$vhash] ) ) { |
|
217 | 8 | $this->printouts[$hash][$pk][$vhash] = $this->dataValueDeserializer->newDataValueFrom( $property, $pvalue ); |
|
0 ignored issues
–
show
|
|||
218 | 8 | } |
|
219 | 8 | } |
|
220 | 8 | } |
|
221 | |||
222 | } |
||
223 |
Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: