This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||
2 | /** |
||
3 | * Alxarafe. Development of PHP applications in a flash! |
||
4 | * Copyright (C) 2018-2020 Alxarafe <[email protected]> |
||
5 | */ |
||
6 | |||
7 | namespace Alxarafe\Core\Controllers; |
||
8 | |||
9 | use Alxarafe\Core\Base\AuthPageController; |
||
10 | use Alxarafe\Core\Base\CacheCore; |
||
11 | use Alxarafe\Core\Database\Engine; |
||
12 | use Alxarafe\Core\Helpers\SystemCache; |
||
13 | use Alxarafe\Core\Providers\Database; |
||
14 | use Alxarafe\Core\Providers\FlashMessages; |
||
15 | use Alxarafe\Core\Providers\RegionalInfo; |
||
16 | use Alxarafe\Core\Providers\Translator; |
||
17 | use Symfony\Component\HttpFoundation\Response; |
||
18 | |||
19 | /** |
||
20 | * Controller for editing database and skin settings. |
||
21 | * |
||
22 | * @package Alxarafe\Core\Controllers |
||
23 | */ |
||
24 | class EditConfig extends AuthPageController |
||
25 | { |
||
26 | /** |
||
27 | * List of engines available. |
||
28 | * |
||
29 | * @var array |
||
30 | */ |
||
31 | public $dbEngines; |
||
32 | |||
33 | /** |
||
34 | * Engine in use. |
||
35 | * |
||
36 | * @var mixed|string |
||
37 | */ |
||
38 | public $dbEngineName; |
||
39 | |||
40 | /** |
||
41 | * List of skins available. |
||
42 | * |
||
43 | * @var array |
||
44 | */ |
||
45 | public $skins; |
||
46 | |||
47 | /** |
||
48 | * Skin in use. |
||
49 | * |
||
50 | * @var |
||
51 | */ |
||
52 | public $skin; |
||
53 | |||
54 | /** |
||
55 | * List of available languages |
||
56 | * |
||
57 | * @var array |
||
58 | */ |
||
59 | public $languages; |
||
60 | |||
61 | /** |
||
62 | * Selected language |
||
63 | * |
||
64 | * @var string |
||
65 | */ |
||
66 | public $language; |
||
67 | |||
68 | /** |
||
69 | * Database config values. |
||
70 | * |
||
71 | * @var array |
||
72 | */ |
||
73 | public $dbConfig; |
||
74 | |||
75 | /** |
||
76 | * This installation timezone. |
||
77 | * |
||
78 | * @var string |
||
79 | */ |
||
80 | public $timeZone; |
||
81 | |||
82 | /** |
||
83 | * Contains a list of timezones. |
||
84 | * |
||
85 | * @var array |
||
86 | */ |
||
87 | public $timeZones; |
||
88 | |||
89 | /** |
||
90 | * Contains regional information configuration. |
||
91 | * |
||
92 | * @var array |
||
93 | */ |
||
94 | public $regionalConfig; |
||
95 | |||
96 | /** |
||
97 | * Returns the page details. |
||
98 | * |
||
99 | * @return array |
||
100 | */ |
||
101 | public function pageDetails(): array |
||
102 | 2 | { |
|
103 | $details = [ |
||
104 | 'title' => 'edit-configuration', |
||
105 | 2 | 'icon' => '<i class="fas fa-save"></i>', |
|
106 | 'description' => 'edit-configuration-description', |
||
107 | //'menu' => 'admin|edit-config', |
||
108 | 'menu' => 'admin', |
||
109 | ]; |
||
110 | return $details; |
||
111 | 2 | } |
|
112 | |||
113 | /** |
||
114 | * Returns a list of timezones list with GMT offset |
||
115 | * |
||
116 | * @return array |
||
117 | * |
||
118 | * @link http://stackoverflow.com/a/9328760 |
||
119 | */ |
||
120 | public function getTimezoneList(): array |
||
121 | 1 | { |
|
122 | $backup = date_default_timezone_get(); |
||
123 | 1 | $zonesArray = []; |
|
124 | 1 | $timestamp = time(); |
|
125 | 1 | foreach (timezone_identifiers_list() as $key => $zone) { |
|
0 ignored issues
–
show
|
|||
126 | 1 | date_default_timezone_set($zone); |
|
127 | 1 | $zonesArray[$key]['zone'] = $zone; |
|
128 | 1 | $zonesArray[$key]['diff_from_GMT'] = 'UTC/GMT ' . date('P', $timestamp); |
|
129 | } |
||
130 | 1 | date_default_timezone_set($backup); |
|
131 | return $zonesArray; |
||
132 | } |
||
133 | |||
134 | /** |
||
135 | * Default create method for new registers. |
||
136 | * |
||
137 | * @return Response |
||
138 | 1 | */ |
|
139 | public function createMethod(): Response |
||
140 | { |
||
141 | 1 | // Can't add new registers, it's a placeholder |
|
142 | return $this->indexMethod(); |
||
143 | } |
||
144 | |||
145 | /** |
||
146 | * The start point of the controller. |
||
147 | * |
||
148 | * @return Response |
||
149 | 5 | */ |
|
150 | public function indexMethod(): Response |
||
151 | 5 | { |
|
152 | 5 | $this->setDefaultData(); |
|
153 | 5 | switch ($this->request->request->get('action')) { |
|
154 | case 'clear-cache': |
||
155 | SystemCache::clearCache(); |
||
156 | 5 | break; |
|
157 | case 'regenerate-data': |
||
158 | SystemCache::regenerateData(); |
||
159 | // Previous execution is instanciate a new controller, we need to redirect to this page to avoid false execution. |
||
160 | return $this->redirect(baseUrl('index.php?' . constant('CALL_CONTROLLER') . '=' . $this->shortName)); |
||
161 | 5 | case 'save': |
|
162 | $databaseConfig = Database::getInstance()->getConfig(); |
||
163 | $msg = ($this->save() ? 'changes-stored' : 'changes-not-stored'); |
||
164 | FlashMessages::getInstance()::setSuccess($this->translator->trans($msg)); |
||
165 | $this->setDefaultData(); |
||
166 | if ($databaseConfig !== $this->dbConfig) { |
||
167 | return $this->logout(); |
||
168 | } |
||
169 | break; |
||
170 | 5 | case 'cancel': |
|
171 | return $this->redirect(baseUrl('index.php')); |
||
172 | } |
||
173 | 5 | unset($this->regionalConfig['timezone']); |
|
174 | 5 | return $this->sendResponseTemplate(); |
|
175 | } |
||
176 | |||
177 | /** |
||
178 | * Sets default data values |
||
179 | */ |
||
180 | 5 | private function setDefaultData(): void |
|
181 | { |
||
182 | 5 | $translatorConfig = Translator::getInstance()->getConfig(); |
|
183 | 5 | $templateRenderConfig = $this->renderer->getConfig(); |
|
184 | 5 | $databaseConfig = Database::getInstance()->getConfig(); |
|
185 | 5 | $regionalConfig = RegionalInfo::getInstance()->getConfig(); |
|
186 | |||
187 | 5 | $this->dbEngines = Engine::getEngines(); |
|
188 | 5 | $this->skins = $this->renderer->getSkins(); |
|
189 | 5 | $this->skin = $templateRenderConfig['skin'] ?? $this->skins[0] ?? ''; |
|
190 | 5 | $this->languages = Translator::getInstance()->getAvailableLanguages(); |
|
191 | 5 | $this->language = $translatorConfig['language'] ?? $this->languages[0] ?? Translator::FALLBACK_LANG; |
|
192 | |||
193 | 5 | $this->dbEngineName = $databaseConfig['dbEngineName'] ?? $this->dbEngines[0] ?? ''; |
|
194 | 5 | $this->dbConfig['dbUser'] = $databaseConfig['dbUser'] ?? 'root'; |
|
195 | 5 | $this->dbConfig['dbPass'] = $databaseConfig['dbPass'] ?? ''; |
|
196 | 5 | $this->dbConfig['dbName'] = $databaseConfig['dbName'] ?? 'alxarafe'; |
|
197 | 5 | $this->dbConfig['dbHost'] = $databaseConfig['dbHost'] ?? 'localhost'; |
|
198 | 5 | $this->dbConfig['dbPrefix'] = $databaseConfig['dbPrefix'] ?? ''; |
|
199 | 5 | $this->dbConfig['dbPort'] = $databaseConfig['dbPort'] ?? ''; |
|
200 | |||
201 | 5 | $this->timeZone = date_default_timezone_get(); |
|
202 | 5 | $this->regionalConfig['timezone'] = $regionalConfig['timezone'] ?? $this->timeZone; |
|
203 | 5 | $this->regionalConfig['dateFormat'] = $regionalConfig['dateFormat'] ?? 'Y-m-d'; |
|
204 | 5 | $this->regionalConfig['timeFormat'] = $regionalConfig['timeFormat'] ?? 'H:i:s'; |
|
205 | 5 | $this->regionalConfig['datetimeFormat'] = $regionalConfig['datetimeFormat'] ?? $this->regionalConfig['dateFormat'] . ' ' . $this->regionalConfig['timeFormat']; |
|
206 | 5 | } |
|
207 | |||
208 | /** |
||
209 | * Save the form changes in the configuration file |
||
210 | * |
||
211 | * @return bool |
||
212 | */ |
||
213 | private function save(): bool |
||
214 | { |
||
215 | $result = true; |
||
216 | $translatorConfig = Translator::getInstance()->getConfig(); |
||
217 | $translatorConfig['language'] = $this->request->request->get('language', $translatorConfig['language']); |
||
218 | if (!Translator::getInstance()->setConfig($translatorConfig)) { |
||
219 | FlashMessages::getInstance()::setError($this->translator->trans('language-data-not-changed')); |
||
220 | $result = false; |
||
221 | } |
||
222 | |||
223 | $templateRenderConfig = $this->renderer->getConfig(); |
||
224 | $templateRenderConfig['skin'] = $this->request->request->get('skin', $templateRenderConfig['skin']); |
||
225 | if (!$this->renderer->setConfig($templateRenderConfig)) { |
||
226 | FlashMessages::getInstance()::setError($this->translator->trans('templaterender-data-not-changed')); |
||
227 | $result = false; |
||
228 | } |
||
229 | |||
230 | $regionalConfig = RegionalInfo::getInstance()->getConfig(); |
||
231 | $regionalConfig['timezone'] = $this->request->request->get('timezone', $regionalConfig['timezone']); |
||
232 | $regionalConfig['dateFormat'] = $this->request->request->get('dateFormat', $regionalConfig['dateFormat']); |
||
233 | $regionalConfig['timeFormat'] = $this->request->request->get('timeFormat', $regionalConfig['timeFormat']); |
||
234 | $regionalConfig['datetimeFormat'] = $this->request->request->get('datetimeFormat', $regionalConfig['datetimeFormat']); |
||
235 | if (!RegionalInfo::getInstance()->setConfig($regionalConfig)) { |
||
236 | FlashMessages::getInstance()::setError($this->translator->trans('regionalinfo-data-not-changed')); |
||
237 | $result = false; |
||
238 | } |
||
239 | |||
240 | $databaseConfig = Database::getInstance()->getConfig(); |
||
241 | $databaseConfigOrig = $databaseConfig; |
||
242 | $databaseConfig['dbEngineName'] = $this->request->request->get('dbEngineName', $databaseConfig['dbEngineName']); |
||
243 | $databaseConfig['dbUser'] = $this->request->request->get('dbUser', $databaseConfig['dbUser']); |
||
244 | $databaseConfig['dbPass'] = $this->request->request->get('dbPass', $databaseConfig['dbPass']); |
||
245 | $databaseConfig['dbName'] = $this->request->request->get('dbName', $databaseConfig['dbName']); |
||
246 | $databaseConfig['dbHost'] = $this->request->request->get('dbHost', $databaseConfig['dbHost']); |
||
247 | $databaseConfig['dbPrefix'] = $this->request->request->get('dbPrefix', $databaseConfig['dbPrefix']); |
||
248 | $databaseConfig['dbPort'] = $this->request->request->get('dbPort', $databaseConfig['dbPort']); |
||
249 | if (!Database::getInstance()->setConfig($databaseConfig)) { |
||
250 | FlashMessages::getInstance()::setError($this->translator->trans('database-data-not-changed')); |
||
251 | $result = false; |
||
252 | } |
||
253 | |||
254 | if ($result && $databaseConfigOrig !== $databaseConfig) { |
||
255 | // The database details have been changed and need to be regenerate cache. |
||
256 | FlashMessages::getInstance()::setSuccess($this->translator->trans('database-data-updated-successfully')); |
||
257 | CacheCore::getInstance()->getEngine()->clear(); |
||
258 | } |
||
259 | |||
260 | return $result; |
||
261 | } |
||
262 | |||
263 | /** |
||
264 | * Default read method for show an individual register. |
||
265 | * |
||
266 | * @return Response |
||
267 | */ |
||
268 | public function readMethod(): Response |
||
269 | { |
||
270 | // Can't read specific registers, it's a placeholder |
||
271 | return $this->indexMethod(); |
||
272 | } |
||
273 | |||
274 | /** |
||
275 | * Default update method for update an individual register. |
||
276 | * |
||
277 | * @return Response |
||
278 | */ |
||
279 | public function updateMethod(): Response |
||
280 | { |
||
281 | // Can't updated specific registers, it's a placeholder |
||
282 | return $this->indexMethod(); |
||
283 | } |
||
284 | |||
285 | 1 | /** |
|
286 | * Default delete method for delete an individual register. |
||
287 | * |
||
288 | 1 | * @return Response |
|
289 | */ |
||
290 | public function deleteMethod(): Response |
||
291 | { |
||
292 | // Can't delete specific registers, it's a placeholder |
||
293 | return $this->indexMethod(); |
||
294 | } |
||
295 | } |
||
296 |
This check looks for function or method calls that always return null and whose return value is used.
The method
getObject()
can return nothing but null, so it makes no sense to use the return value.The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.