This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace SES; |
||
4 | |||
5 | use SpecialPage; |
||
6 | use Exception; |
||
7 | use SiteStatsUpdate; |
||
8 | use Sanitizer; |
||
9 | use Title; |
||
10 | use Article; |
||
11 | use User; |
||
12 | |||
13 | /** |
||
14 | * Special page to replace SpecialUserLogin/signup with an equivalent |
||
15 | * SemanticForms form page and allow for additional (structured) data |
||
16 | * to be collected on signup and used on the new user's userpage. |
||
17 | * |
||
18 | * @license GNU GPL v3+ |
||
19 | * @since 1.0 |
||
20 | * |
||
21 | * @author Serhii Kutnii |
||
22 | * @author Jeroen De Dauw <[email protected]> |
||
23 | */ |
||
24 | class SpecialSemanticSignup extends SpecialPage { |
||
25 | |||
26 | private $mUserDataChecker = null; |
||
27 | private $mUserPageUrl = ''; |
||
28 | |||
29 | /** |
||
30 | * @var FormHandler |
||
31 | */ |
||
32 | private $formHandler; |
||
33 | |||
34 | 1 | public function __construct() { |
|
35 | 1 | parent::__construct( 'SemanticSignup' ); |
|
36 | 1 | $this->mIncludable = false; |
|
37 | |||
38 | 1 | $signupFactory = new SignupFactory(); |
|
39 | |||
40 | 1 | $this->mUserDataChecker = $signupFactory->newUserAccountDataChecker(); |
|
41 | 1 | $this->formHandler = $signupFactory->newFormPrinterHandler(); |
|
42 | 1 | } |
|
43 | |||
44 | private function userSignup() { |
||
45 | |||
46 | //Hook for dynamic signup control |
||
47 | wfRunHooks('SemanticSignupUserSignup'); |
||
48 | |||
49 | // Get user input and check the environment |
||
50 | $this->mUserDataChecker->run(); |
||
51 | |||
52 | // Throw if data getting or environment checks have failed which indicates that account creation is impossible |
||
53 | $checker_error = $this->mUserDataChecker->getError(); |
||
54 | if ( $checker_error ) { |
||
55 | throw new Exception( $checker_error ); |
||
56 | } |
||
57 | |||
58 | $user = $this->mUserDataChecker->mUser; |
||
59 | |||
60 | $user->setEmail( $this->mUserDataChecker->mEmail ); |
||
61 | $user->setRealName( $this->mUserDataChecker->mRealname ); |
||
62 | |||
63 | $abortError = ''; |
||
64 | if ( !wfRunHooks( 'AbortNewAccount', array( $user, &$abortError ) ) ) { |
||
65 | // Hook point to add extra creation throttles and blocks |
||
66 | wfDebug( "LoginForm::addNewAccountInternal: a hook blocked creation\n" ); |
||
67 | throw new Exception( $abortError ); |
||
68 | } |
||
69 | |||
70 | global $wgAccountCreationThrottle; |
||
71 | global $wgUser, $wgRequest; |
||
72 | |||
73 | if ( $wgAccountCreationThrottle && $wgUser->isPingLimitable() ) { |
||
74 | $key = wfMemcKey( 'acctcreate', 'ip', $wgRequest->getIP() ); |
||
75 | $value = $wgMemc->incr( $key ); |
||
0 ignored issues
–
show
|
|||
76 | |||
77 | if ( !$value ) { |
||
78 | $wgMemc->set( $key, 1, 86400 ); |
||
79 | } |
||
80 | |||
81 | if ( $value > $wgAccountCreationThrottle ) { |
||
82 | throw new Exception( wfMessage( 'ses-throttlehit' )->text() ); |
||
83 | } |
||
84 | } |
||
85 | |||
86 | global $wgAuth; |
||
87 | |||
88 | $addedUser = $wgAuth->addUser( |
||
89 | $user, |
||
90 | $this->mUserDataChecker->mPassword, |
||
91 | $this->mUserDataChecker->mEmail, |
||
92 | $this->mUserDataChecker->mRealname |
||
93 | ); |
||
94 | |||
95 | if ( !$addedUser ) { |
||
96 | throw new Exception( 'externaldberror' ); |
||
97 | } |
||
98 | |||
99 | |||
100 | $user->addToDatabase(); |
||
101 | |||
102 | if ( $wgAuth->allowPasswordChange() ) { |
||
103 | $user->setPassword( $this->mUserDataChecker->mPassword ); |
||
104 | } |
||
105 | |||
106 | $user->setToken(); |
||
107 | |||
108 | $wgAuth->initUser( $user, false ); |
||
109 | |||
110 | $user->setOption( 'rememberpassword', $this->mUserDataChecker->mRemember ? 1 : 0 ); |
||
111 | $user->saveSettings(); |
||
112 | |||
113 | # Update user count |
||
114 | $ssUpdate = new SiteStatsUpdate( 0, 0, 0, 0, 1 ); |
||
115 | $ssUpdate->doUpdate(); |
||
116 | |||
117 | global $wgLoginLanguageSelector; |
||
118 | $language = $this->mUserDataChecker->mLanguage; |
||
119 | |||
120 | if ( $wgLoginLanguageSelector && $language ) { |
||
121 | $user->setOption( 'language', $language ); |
||
122 | } |
||
123 | |||
124 | global $wgEmailAuthentication; |
||
125 | |||
126 | if ( $wgEmailAuthentication && Sanitizer::validateEmail( $user->getEmail() ) ) { |
||
127 | $status = $user->sendConfirmationMail(); |
||
128 | |||
129 | if ( !$status->isGood() ) { |
||
130 | throw new Exception( wfMessage( 'ses-emailfailed' )->text() . "\n" . $status->getMessage() ); |
||
131 | } |
||
132 | } |
||
133 | |||
134 | $user->saveSettings(); |
||
135 | wfRunHooks( 'AddNewAccount', array( $user ) ); |
||
136 | } |
||
137 | |||
138 | private function userLogin() { |
||
139 | $user = $this->mUserDataChecker->mUser; |
||
140 | $user->saveSettings(); |
||
141 | $user->invalidateCache(); |
||
142 | $user->setCookies(); |
||
143 | } |
||
144 | |||
145 | private function createUserPage() { |
||
146 | |||
147 | $page_title = Title::newFromText( $this->mUserDataChecker->mUser->getName(), NS_USER ); |
||
148 | $this->mUserPageUrl = htmlspecialchars( $page_title->getFullURL() ); |
||
149 | |||
150 | // FIXME |
||
151 | if ( !$this->formHandler->canUseForm() ) { |
||
152 | # code... |
||
153 | } |
||
154 | |||
155 | $this->formHandler->setSubmitState( true ); |
||
156 | $data_text = $this->formHandler->getTemplateText(); |
||
157 | |||
158 | $user_page = new Article( $page_title ); |
||
159 | |||
160 | global $wgUser; |
||
161 | $wgUser = $this->mUserDataChecker->mUser; |
||
162 | // TODO: doEdit removed; use internal API call |
||
163 | $user_page->doEdit( $data_text, '', EDIT_FORCE_BOT ); |
||
164 | } |
||
165 | |||
166 | private function printForm() { |
||
167 | global $wgUser, $wgOut; |
||
168 | |||
169 | /* |
||
170 | * SemanticForms disable the form automatically if current user hasn't got edit rights |
||
171 | * so we have to use a bot account for the form request. Current user is being saved in |
||
172 | * the $old_user variable to be restored afterwards |
||
173 | */ |
||
174 | $old_user = null; |
||
175 | |||
176 | if ( $wgUser->isAnon() ) { |
||
177 | $old_user = $wgUser; |
||
178 | $wgUser = User::newFromName( Settings::get( 'botName' ) ); |
||
179 | } |
||
180 | |||
181 | if ( !$wgUser instanceOf User || !$wgUser->isAllowedToCreateAccount() || $wgUser->idForName() == 0 ) { |
||
182 | $wgOut->addHTML( '<div class="error errorbox">' . wfMessage( 'ses-nobotname' )->text() . '</div>' ); |
||
183 | return true; |
||
184 | } |
||
185 | |||
186 | if ( !$this->formHandler->canUseForm() ) { |
||
187 | $wgOut->addHTML( '<div class="error errorbox">' . wfMessage( 'ses-noformname' )->text() . '</div>' ); |
||
188 | return true; |
||
189 | } |
||
190 | |||
191 | $this->formHandler->setSubmitState( false ); |
||
192 | $form_text = $this->formHandler->getFormText(); |
||
193 | |||
194 | /* Run hook allow externals to modify output of form */ |
||
195 | // wfRunHooks('SemanticSignupPrintForm', array( &$form_text, &$javascript_text, &$data_text, &$form_page_title, &$generated_page_name ) ); |
||
196 | |||
197 | $text = <<<END |
||
198 | <form name="createbox" id="sfForm" onsubmit="return validate_all()" action="" method="post" class="createbox"> |
||
199 | END; |
||
200 | $text .= $form_text . '</form>'; |
||
201 | |||
202 | $wgOut->addMeta( 'robots', 'noindex,nofollow' ); |
||
203 | $wgOut->addHTML( $text ); |
||
204 | |||
205 | // Restore the current user. |
||
206 | if ( $old_user ) { |
||
207 | $wgUser = $old_user; |
||
208 | } |
||
209 | } |
||
210 | |||
211 | private function executeOnSubmit() { |
||
212 | global $wgOut; |
||
213 | |||
214 | try { |
||
215 | $this->userSignup(); |
||
216 | $this->createUserPage(); |
||
217 | $this->userLogin(); |
||
218 | $wgOut->redirect( $this->mUserPageUrl ); |
||
219 | } |
||
220 | catch ( Exception $e ) { |
||
221 | $wgOut->addHTML( '<div class="error">' . $e->getMessage() . '</div>' ); |
||
222 | $this->printForm(); |
||
223 | } |
||
224 | |||
225 | return true; |
||
226 | } |
||
227 | |||
228 | public function execute( $par ) { |
||
229 | global $wgRequest, $wgOut; |
||
230 | |||
231 | $this->setHeaders(); |
||
232 | |||
233 | //Hook for dynamic control page access |
||
234 | if(!wfRunHooks('SemanticSignupUserSignupSpecial')) return true; |
||
235 | |||
236 | if ( $wgRequest->getCheck( 'wpSave' ) ) { |
||
237 | return $this->executeOnSubmit(); |
||
238 | } else { |
||
239 | $this->printForm(); |
||
240 | return true; |
||
241 | } |
||
242 | } |
||
243 | |||
244 | } |
||
245 |
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.