This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | declare(strict_types=1); |
||
3 | |||
4 | /** |
||
5 | * This file is part of TwigView. |
||
6 | * |
||
7 | ** (c) 2014 Cees-Jan Kiewiet |
||
8 | * |
||
9 | * For the full copyright and license information, please view the LICENSE |
||
10 | * file that was distributed with this source code. |
||
11 | */ |
||
12 | |||
13 | namespace WyriHaximus\TwigView\Lib\Twig; |
||
14 | |||
15 | use Cake\Core\App; |
||
16 | use Cake\Core\Plugin; |
||
17 | use Twig\Error\LoaderError; |
||
18 | use Twig\Loader\LoaderInterface; |
||
19 | use Twig\Source; |
||
20 | use WyriHaximus\TwigView\View\TwigView; |
||
21 | |||
22 | /** |
||
23 | * Class Loader. |
||
24 | * @package WyriHaximus\TwigView\Lib\Twig |
||
25 | */ |
||
26 | final class Loader implements LoaderInterface |
||
27 | { |
||
28 | /** |
||
29 | * Get the file contents of a template. |
||
30 | * |
||
31 | * @param string $name Template. |
||
32 | * |
||
33 | * @return string |
||
34 | */ |
||
35 | 4 | public function getSource($name): string |
|
36 | { |
||
37 | 4 | $name = $this->resolveFileName($name); |
|
38 | |||
39 | 3 | return file_get_contents($name); |
|
40 | } |
||
41 | |||
42 | /** |
||
43 | * Returns the source context for a given template logical name. |
||
44 | * |
||
45 | * @param string $name The template logical name. |
||
46 | * |
||
47 | * @throws \WyriHaximus\TwigView\Lib\Twig\Twig\Error\Loader When $name is not found |
||
48 | * @return \WyriHaximus\TwigView\Lib\Twig\Twig\Source |
||
49 | * |
||
50 | */ |
||
51 | 2 | public function getSourceContext($name): Source |
|
52 | { |
||
53 | 2 | $code = $this->getSource($name); |
|
54 | 2 | $path = $this->getFilename($name); |
|
55 | |||
56 | 2 | return new Source($code, $name, $path); |
|
0 ignored issues
–
show
|
|||
57 | } |
||
58 | |||
59 | /** |
||
60 | * Get cache key for template. |
||
61 | * |
||
62 | * @param string $name Template. |
||
63 | * |
||
64 | * @return string |
||
65 | */ |
||
66 | 5 | public function getCacheKey($name): string |
|
67 | { |
||
68 | 5 | return $this->resolveFileName($name); |
|
69 | } |
||
70 | |||
71 | /** |
||
72 | * Check if template is still fresh. |
||
73 | * |
||
74 | * @param string $name Template. |
||
75 | * @param int $time Timestamp. |
||
76 | * |
||
77 | * @return bool |
||
78 | */ |
||
79 | 2 | public function isFresh($name, $time): bool |
|
80 | { |
||
81 | 2 | $name = $this->resolveFileName($name); |
|
82 | |||
83 | 1 | return filemtime($name) < $time; |
|
84 | } |
||
85 | |||
86 | /** |
||
87 | * Check if we have the source code of a template, given its name. |
||
88 | * |
||
89 | * @param string $name The name of the template to check if we can load. |
||
90 | * |
||
91 | * @return bool If the template source code is handled by this loader or not. |
||
92 | */ |
||
93 | public function exists($name): bool |
||
94 | { |
||
95 | $filename = $this->getFilename($name); |
||
96 | if ($filename === false) { |
||
97 | return false; |
||
98 | } |
||
99 | |||
100 | return true; |
||
101 | } |
||
102 | |||
103 | /** |
||
104 | * Resolve template name to filename. |
||
105 | * |
||
106 | * @param string $name Template. |
||
107 | * |
||
108 | * @throws \Twig\Error\LoaderError Thrown when template file isn't found. |
||
109 | * @return string |
||
110 | * |
||
111 | */ |
||
112 | 9 | private function resolveFileName($name): string |
|
113 | { |
||
114 | 9 | $filename = $this->getFilename($name); |
|
115 | 9 | if ($filename === false) { |
|
116 | 3 | throw new LoaderError(sprintf('Template "%s" is not defined.', $name)); |
|
117 | } |
||
118 | |||
119 | 6 | return $filename; |
|
120 | } |
||
121 | |||
122 | /** |
||
123 | * Get template filename. |
||
124 | * |
||
125 | * @param string $name Template. |
||
126 | * |
||
127 | * @return string|false |
||
128 | * |
||
129 | */ |
||
130 | 9 | private function getFilename($name) |
|
131 | { |
||
132 | 9 | if (file_exists($name)) { |
|
133 | 3 | return $name; |
|
134 | } |
||
135 | |||
136 | 6 | [$plugin, $file] = pluginSplit($name); |
|
0 ignored issues
–
show
|
|||
137 | 6 | foreach ([null, $plugin] as $scope) { |
|
138 | 6 | $paths = $this->getPaths($scope); |
|
139 | 6 | foreach ($paths as $path) { |
|
140 | 6 | $filePath = $path . $file; |
|
141 | 6 | if (is_file($filePath)) { |
|
142 | 2 | return $filePath; |
|
143 | } |
||
144 | |||
145 | 6 | $filePath = $path . $file . TwigView::EXT; |
|
146 | 6 | if (is_file($filePath)) { |
|
147 | 3 | return $filePath; |
|
148 | } |
||
149 | } |
||
150 | } |
||
151 | |||
152 | 3 | return false; |
|
153 | } |
||
154 | |||
155 | /** |
||
156 | * Check if $plugin is active and return it's template paths or return the aps template paths. |
||
157 | * |
||
158 | * @param string|null $plugin The plugin in question. |
||
159 | * |
||
160 | * @return array |
||
161 | */ |
||
162 | 6 | private function getPaths($plugin): array |
|
163 | { |
||
164 | 6 | if ($plugin === null || !Plugin::loaded($plugin)) { |
|
0 ignored issues
–
show
The call to
Plugin::loaded() has too many arguments starting with $plugin .
This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the ![]() |
|||
165 | 6 | return App::path('templates'); |
|
166 | } |
||
167 | |||
168 | 4 | return [Plugin::templatePath($plugin)]; |
|
169 | } |
||
170 | } |
||
171 |
This check looks for type mismatches where the missing type is
false
. This is usually indicative of an error condtion.Consider the follow example
This function either returns a new
DateTime
object or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returnedfalse
before passing on the value to another function or method that may not be able to handle afalse
.