This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace SES; |
||
4 | |||
5 | use SpecialPage; |
||
6 | use Exception; |
||
7 | use SiteStatsUpdate; |
||
8 | use Sanitizer; |
||
9 | use Title; |
||
10 | use Article; |
||
11 | use User; |
||
12 | |||
13 | /** |
||
14 | * Special page to replace SpecialUserLogin/signup with an equivalent |
||
15 | * SemanticForms form page and allow for additional (structured) data |
||
16 | * to be collected on signup and used on the new user's userpage. |
||
17 | * |
||
18 | * @license GNU GPL v3+ |
||
19 | * @since 1.0 |
||
20 | * |
||
21 | * @author Serhii Kutnii |
||
22 | * @author Jeroen De Dauw <[email protected]> |
||
23 | */ |
||
24 | class SpecialSemanticSignup extends SpecialPage { |
||
25 | |||
26 | private $mUserDataChecker = null; |
||
27 | private $mUserPageUrl = ''; |
||
28 | |||
29 | /** |
||
30 | * @var FormHandler |
||
31 | */ |
||
32 | private $formHandler; |
||
33 | |||
34 | 1 | public function __construct() { |
|
35 | 1 | parent::__construct( 'SemanticSignup' ); |
|
36 | 1 | $this->mIncludable = false; |
|
37 | |||
38 | 1 | $signupFactory = new SignupFactory(); |
|
39 | |||
40 | 1 | $this->mUserDataChecker = $signupFactory->newUserAccountDataChecker(); |
|
41 | 1 | $this->formHandler = $signupFactory->newFormPrinterHandler(); |
|
42 | 1 | } |
|
43 | |||
44 | private function userSignup() { |
||
45 | |||
46 | //Hook for dynamic signup control |
||
47 | wfRunHooks('SemanticSignupUserSignup'); |
||
48 | |||
49 | // Get user input and check the environment |
||
50 | $this->mUserDataChecker->run(); |
||
51 | |||
52 | // Throw if data getting or environment checks have failed which indicates that account creation is impossible |
||
53 | $checker_error = $this->mUserDataChecker->getError(); |
||
54 | if ( $checker_error ) { |
||
55 | throw new Exception( $checker_error ); |
||
56 | } |
||
57 | |||
58 | $user = $this->mUserDataChecker->mUser; |
||
59 | |||
60 | $user->setEmail( $this->mUserDataChecker->mEmail ); |
||
61 | $user->setRealName( $this->mUserDataChecker->mRealname ); |
||
62 | |||
63 | $abortError = ''; |
||
64 | if ( !wfRunHooks( 'AbortNewAccount', array( $user, &$abortError ) ) ) { |
||
65 | // Hook point to add extra creation throttles and blocks |
||
66 | wfDebug( "LoginForm::addNewAccountInternal: a hook blocked creation\n" ); |
||
67 | throw new Exception( $abortError ); |
||
68 | } |
||
69 | |||
70 | global $wgAccountCreationThrottle; |
||
71 | global $wgUser, $wgRequest; |
||
72 | |||
73 | if ( $wgAccountCreationThrottle && $wgUser->isPingLimitable() ) { |
||
74 | $key = wfMemcKey( 'acctcreate', 'ip', $wgRequest->getIP() ); |
||
75 | $value = $wgMemc->incr( $key ); |
||
76 | |||
77 | if ( !$value ) { |
||
78 | $wgMemc->set( $key, 1, 86400 ); |
||
79 | } |
||
80 | |||
81 | if ( $value > $wgAccountCreationThrottle ) { |
||
82 | throw new Exception( wfMessage( 'ses-throttlehit' )->text() ); |
||
83 | } |
||
84 | } |
||
85 | |||
86 | global $wgAuth; |
||
87 | |||
88 | $addedUser = $wgAuth->addUser( |
||
89 | $user, |
||
90 | $this->mUserDataChecker->mPassword, |
||
91 | $this->mUserDataChecker->mEmail, |
||
92 | $this->mUserDataChecker->mRealname |
||
93 | ); |
||
94 | |||
95 | if ( !$addedUser ) { |
||
96 | throw new Exception( 'externaldberror' ); |
||
97 | } |
||
98 | |||
99 | |||
100 | $user->addToDatabase(); |
||
101 | |||
102 | if ( $wgAuth->allowPasswordChange() ) { |
||
103 | $user->setPassword( $this->mUserDataChecker->mPassword ); |
||
104 | } |
||
105 | |||
106 | $user->setToken(); |
||
107 | |||
108 | $wgAuth->initUser( $user, false ); |
||
109 | |||
110 | $user->setOption( 'rememberpassword', $this->mUserDataChecker->mRemember ? 1 : 0 ); |
||
111 | $user->saveSettings(); |
||
112 | |||
113 | # Update user count |
||
114 | $ssUpdate = new SiteStatsUpdate( 0, 0, 0, 0, 1 ); |
||
115 | $ssUpdate->doUpdate(); |
||
116 | |||
117 | global $wgLoginLanguageSelector; |
||
118 | $language = $this->mUserDataChecker->mLanguage; |
||
119 | |||
120 | if ( $wgLoginLanguageSelector && $language ) { |
||
121 | $user->setOption( 'language', $language ); |
||
122 | } |
||
123 | |||
124 | global $wgEmailAuthentication; |
||
125 | |||
126 | if ( $wgEmailAuthentication && Sanitizer::validateEmail( $user->getEmail() ) ) { |
||
127 | $status = $user->sendConfirmationMail(); |
||
128 | |||
129 | if ( !$status->isGood() ) { |
||
130 | throw new Exception( wfMessage( 'ses-emailfailed' )->text() . "\n" . $status->getMessage() ); |
||
131 | } |
||
132 | } |
||
133 | |||
134 | $user->saveSettings(); |
||
135 | wfRunHooks( 'AddNewAccount', array( $user ) ); |
||
136 | } |
||
137 | |||
138 | private function userLogin() { |
||
139 | $user = $this->mUserDataChecker->mUser; |
||
140 | $user->saveSettings(); |
||
141 | $user->invalidateCache(); |
||
142 | $user->setCookies(); |
||
143 | } |
||
144 | |||
145 | private function createUserPage() { |
||
146 | |||
147 | $page_title = Title::newFromText( $this->mUserDataChecker->mUser->getName(), NS_USER ); |
||
148 | $this->mUserPageUrl = htmlspecialchars( $page_title->getFullURL() ); |
||
149 | |||
150 | // FIXME |
||
151 | if ( !$this->formHandler->canUseForm() ) { |
||
0 ignored issues
–
show
|
|||
152 | # code... |
||
153 | } |
||
154 | |||
155 | $this->formHandler->setSubmitState( true ); |
||
156 | $data_text = $this->formHandler->getTemplateText(); |
||
157 | |||
158 | $user_page = new Article( $page_title ); |
||
159 | |||
160 | global $wgUser; |
||
161 | $wgUser = $this->mUserDataChecker->mUser; |
||
162 | // TODO: doEdit removed; use internal API call |
||
163 | $user_page->doEdit( $data_text, '', EDIT_FORCE_BOT ); |
||
164 | } |
||
165 | |||
166 | private function printForm() { |
||
167 | global $wgUser, $wgOut; |
||
168 | |||
169 | /* |
||
170 | * SemanticForms disable the form automatically if current user hasn't got edit rights |
||
171 | * so we have to use a bot account for the form request. Current user is being saved in |
||
172 | * the $old_user variable to be restored afterwards |
||
173 | */ |
||
174 | $old_user = null; |
||
175 | |||
176 | if ( $wgUser->isAnon() ) { |
||
177 | $old_user = $wgUser; |
||
178 | $wgUser = User::newFromName( Settings::get( 'botName' ) ); |
||
179 | } |
||
180 | |||
181 | if ( !$wgUser instanceOf User || !$wgUser->isAllowedToCreateAccount() || $wgUser->idForName() == 0 ) { |
||
182 | $wgOut->addHTML( '<div class="error errorbox">' . wfMessage( 'ses-nobotname' )->text() . '</div>' ); |
||
183 | return true; |
||
184 | } |
||
185 | |||
186 | if ( !$this->formHandler->canUseForm() ) { |
||
187 | $wgOut->addHTML( '<div class="error errorbox">' . wfMessage( 'ses-noformname' )->text() . '</div>' ); |
||
188 | return true; |
||
189 | } |
||
190 | |||
191 | $this->formHandler->setSubmitState( false ); |
||
192 | $form_text = $this->formHandler->getFormText(); |
||
193 | |||
194 | /* Run hook allow externals to modify output of form */ |
||
195 | // wfRunHooks('SemanticSignupPrintForm', array( &$form_text, &$javascript_text, &$data_text, &$form_page_title, &$generated_page_name ) ); |
||
196 | |||
197 | $text = <<<END |
||
198 | <form name="createbox" id="sfForm" onsubmit="return validate_all()" action="" method="post" class="createbox"> |
||
199 | END; |
||
200 | $text .= $form_text . '</form>'; |
||
201 | |||
202 | $wgOut->addMeta( 'robots', 'noindex,nofollow' ); |
||
203 | $wgOut->addHTML( $text ); |
||
204 | |||
205 | // Restore the current user. |
||
206 | if ( $old_user ) { |
||
207 | $wgUser = $old_user; |
||
208 | } |
||
209 | } |
||
210 | |||
211 | private function executeOnSubmit() { |
||
212 | global $wgOut; |
||
213 | |||
214 | try { |
||
215 | $this->userSignup(); |
||
216 | $this->createUserPage(); |
||
217 | $this->userLogin(); |
||
218 | $wgOut->redirect( $this->mUserPageUrl ); |
||
219 | } |
||
220 | catch ( Exception $e ) { |
||
221 | $wgOut->addHTML( '<div class="error">' . $e->getMessage() . '</div>' ); |
||
222 | $this->printForm(); |
||
223 | } |
||
224 | |||
225 | return true; |
||
226 | } |
||
227 | |||
228 | public function execute( $par ) { |
||
229 | global $wgRequest, $wgOut; |
||
230 | |||
231 | $this->setHeaders(); |
||
232 | |||
233 | //Hook for dynamic control page access |
||
234 | if(!wfRunHooks('SemanticSignupUserSignupSpecial')) return true; |
||
235 | |||
236 | if ( $wgRequest->getCheck( 'wpSave' ) ) { |
||
237 | return $this->executeOnSubmit(); |
||
238 | } else { |
||
239 | $this->printForm(); |
||
240 | return true; |
||
241 | } |
||
242 | } |
||
243 | |||
244 | } |
||
245 |
This check looks for the bodies of
if
statements that have no statements or where all statements have been commented out. This may be the result of changes for debugging or the code may simply be obsolete.These
if
bodies can be removed. If you have an empty if but statements in theelse
branch, consider inverting the condition.could be turned into
This is much more concise to read.